commit
4bb1e611a2
@ -118,7 +118,7 @@ in
|
||||
systemd.services.strongswan = {
|
||||
description = "strongSwan IPSec Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = with pkgs; [ kmod ]; # XXX Linux
|
||||
path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
|
||||
wants = [ "keys.target" ];
|
||||
after = [ "network.target" "keys.target" ];
|
||||
environment = {
|
||||
|
@ -1,11 +1,11 @@
|
||||
preConfigurePhases+=" autoreconfPhase"
|
||||
|
||||
for i in @autoconf@ @automake@ @libtool@; do
|
||||
for i in @autoconf@ @automake@ @libtool@ @gettext@; do
|
||||
findInputs $i nativePkgs propagated-native-build-inputs
|
||||
done
|
||||
|
||||
autoreconfPhase() {
|
||||
runHook preAutoreconf
|
||||
autoreconf ${autoreconfFlags:---install --force}
|
||||
autoreconf ${autoreconfFlags:---install --force --verbose}
|
||||
runHook postAutoreconf
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, gmp, pkgconfig, python }:
|
||||
{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "strongswan-5.2.1";
|
||||
@ -10,7 +10,13 @@ stdenv.mkDerivation rec {
|
||||
|
||||
dontPatchELF = true;
|
||||
|
||||
buildInputs = [ gmp pkgconfig python ];
|
||||
buildInputs = [ gmp pkgconfig python autoreconfHook ];
|
||||
|
||||
patches = [
|
||||
./ext_auth-path.patch
|
||||
./firewall_defaults.patch
|
||||
./updown-path.patch
|
||||
];
|
||||
|
||||
configureFlags = [ "--enable-swanctl" "--enable-cmd" ];
|
||||
|
||||
|
13
pkgs/tools/networking/strongswan/ext_auth-path.patch
Normal file
13
pkgs/tools/networking/strongswan/ext_auth-path.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c
|
||||
===================================================================
|
||||
--- strongswan-5.2.1.orig/src/libcharon/plugins/ext_auth/ext_auth_listener.c
|
||||
+++ strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c
|
||||
@@ -101,6 +101,8 @@ METHOD(listener_t, authorize, bool,
|
||||
|
||||
*success = FALSE;
|
||||
|
||||
+ push_env(envp, countof(envp), "PATH=%s", getenv("PATH"));
|
||||
+
|
||||
push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u",
|
||||
ike_sa->get_unique_id(ike_sa));
|
||||
push_env(envp, countof(envp), "IKE_NAME=%s",
|
32
pkgs/tools/networking/strongswan/firewall_defaults.patch
Normal file
32
pkgs/tools/networking/strongswan/firewall_defaults.patch
Normal file
@ -0,0 +1,32 @@
|
||||
Index: strongswan-5.2.1/src/starter/confread.c
|
||||
===================================================================
|
||||
--- strongswan-5.2.1.orig/src/starter/confread.c
|
||||
+++ strongswan-5.2.1/src/starter/confread.c
|
||||
@@ -43,7 +43,7 @@
|
||||
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
|
||||
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
|
||||
|
||||
-static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
|
||||
+static const char firewall_defaults[] = IPSEC_SBINDIR "/" IPSEC_SCRIPT " _updown iptables";
|
||||
|
||||
/**
|
||||
* Provided by GPERF
|
||||
Index: strongswan-5.2.1/src/starter/Makefile.am
|
||||
===================================================================
|
||||
--- strongswan-5.2.1.orig/src/starter/Makefile.am
|
||||
+++ strongswan-5.2.1/src/starter/Makefile.am
|
||||
@@ -18,10 +18,12 @@ AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/libhydra \
|
||||
-I$(top_srcdir)/src/starter \
|
||||
-I$(top_srcdir)/src/stroke \
|
||||
- -DIPSEC_DIR=\"${ipsecdir}\" \
|
||||
+ -DIPSEC_BINDIR=\"${bindir}\" \
|
||||
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
|
||||
- -DIPSEC_PIDDIR=\"${piddir}\" \
|
||||
+ -DIPSEC_DIR=\"${ipsecdir}\" \
|
||||
-DIPSEC_EAPDIR=\"${eapdir}\" \
|
||||
+ -DIPSEC_PIDDIR=\"${piddir}\" \
|
||||
+ -DIPSEC_SBINDIR=\"${sbindir}\" \
|
||||
-DIPSEC_SCRIPT=\"${ipsec_script}\" \
|
||||
-DDEV_RANDOM=\"${random_device}\" \
|
||||
-DDEV_URANDOM=\"${urandom_device}\" \
|
26
pkgs/tools/networking/strongswan/updown-path.patch
Normal file
26
pkgs/tools/networking/strongswan/updown-path.patch
Normal file
@ -0,0 +1,26 @@
|
||||
Index: strongswan-5.2.1/src/_updown/_updown.in
|
||||
===================================================================
|
||||
--- strongswan-5.2.1.orig/src/_updown/_updown.in
|
||||
+++ strongswan-5.2.1/src/_updown/_updown.in
|
||||
@@ -125,7 +125,7 @@
|
||||
#
|
||||
|
||||
# define a minimum PATH environment in case it is not set
|
||||
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@"
|
||||
+PATH="${PATH:-/sbin:/bin:/usr/sbin:/usr/bin}"
|
||||
export PATH
|
||||
|
||||
# uncomment to log VPN connections
|
||||
Index: strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c
|
||||
===================================================================
|
||||
--- strongswan-5.2.1.orig/src/libcharon/plugins/updown/updown_listener.c
|
||||
+++ strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c
|
||||
@@ -240,6 +240,8 @@ static void invoke_once(private_updown_l
|
||||
process_t *process;
|
||||
char *envp[128] = {};
|
||||
|
||||
+ push_env(envp, countof(envp), "PATH=%s", getenv("PATH"));
|
||||
+
|
||||
me = ike_sa->get_my_host(ike_sa);
|
||||
other = ike_sa->get_other_host(ike_sa);
|
||||
|
@ -252,7 +252,7 @@ let
|
||||
};
|
||||
|
||||
autoreconfHook = makeSetupHook
|
||||
{ substitutions = { inherit autoconf automake libtool; }; }
|
||||
{ substitutions = { inherit autoconf automake libtool gettext; }; }
|
||||
../build-support/setup-hooks/autoreconf.sh;
|
||||
|
||||
buildEnv = import ../build-support/buildenv {
|
||||
|
Loading…
Reference in New Issue
Block a user