Our gobject-introspection patches make the shared library paths absolute
in the GIR files. When building docs, the library is not yet installed,
though, so we need to replace the absolute path with a local one during build.
Previously we used LD_PRELOAD to load libredirect and rewrite the installed paths
to ones in the build directory. That was unnecessary complicated and many people
spent whole night trying to figure out why it breaks some programs.
Using a symlink from the installed location to the build directory fixes
the issue as well, while having much less moving parts, thus being easier to grasp.
The symlink will be overridden during installation.
All hail Meson!
One serious issue is that building docs does not work.
We patch gobject-introspection to use absolute paths for shared libraries
in GIR files. Building the NetworkManager docs relies on the produced
introspection data but since the library is not yet installed
at the time the docs are generated, the build will fail.
It works in Autotools for some reason; they probably use
the pregenerated GIRs from the tarball.
Disabling the docs completely is not possible at the moment either,
since nmc [depends on them][1].
I have decided to fix this by pointing the installed location to the one
in the build directory using libredirect. Unfortunately, we cannot just set
the environment variables directly, since the build system runs
the documentation generator in a clean environment.
I have also added man, doc and devdoc outputs so the generated files have
somewhere to go.
Secondly, since Nix store is immutable, we also cannot use the package prefix
for configuration and mutable state data. At the same time, we cannot write
to the appropriate global directories during build. Autotools allowed to change
this in installFlags but Meson lacks similar mechanism so we need to patch
the build files.
Finally, I also removed the at_console patch since the permission has been
removed in 0.9.10.
[1]: https://bugzilla.gnome.org/show_bug.cgi?id=796755
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes#51375, where the NetworkManager-wait-online.service
broke as a result of this.
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 1.4.3 with grep in /nix/store/y2jkp10za0xpb7slalbfp3qyh9sgls70-NetworkManager-strongswan-1.4.3
- directory tree listing: https://gist.github.com/3d79a64230389ed5f84ff788ad4c56f1
Currently broken on NixOS due to hardcoded modprobe binary path (see
bug #30756 from Oct 2017), no activity on a proposed fix for months.
As the protocol is terribly broken anyways, let's better remove it
completely, and not talk about anymore ;-)
Closes#30756.
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
the new version brings a new panel in IPsec settings which allows to
reenable old algorithms for IPsec phases 1/2 (dropped in recent libreswan/strongswan etc).
Also updates the homepage with the new one.
Added the boolean option:
networking.networkmanager.enableStrongSwan
which enables the networkmanager_strongswan plugin and adds
strongswanNM to the dbus packages.
This was contributed by @wucke13, @eqyiel and @globin.
Fixes: #29873
Will Dietz
Jan Tojnar
worldofpeace
Bob van der Linden
Tor Hedin Brønner
John Ericson
volth
Florian Klink
Jörg Thalheim
Will Dietz
Matthew Bauer
R. RyanTM
Frederik Rietdijk
Frederik Rietdijk
Amine Chikhaoui
Will Fancher
Symphorien Gibol
Andreas Rammhold
Robert Schütz
Jan Malakhovski
obadz
Ryan Mulligan
Jörg Thalheim
Matthieu Coudron
adisbladis
Joachim F
Renaud
Bas van Dijk