From 2449f5ce1b84bbd7e75c95f181392549e22232f7 Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Wed, 16 Jan 2019 15:21:27 +0900 Subject: [PATCH] strongswan: fix up path for modprobe strongswan uses `modprobe` to load IPSec-related kernel modules. The full path needs to be specified to `modprobe` for it to be able to be found. (cherry picked from commit 7143062172f6bad877a87c8e239f2421e0a48e2d) --- pkgs/tools/networking/strongswan/default.nix | 7 ++- .../networking/strongswan/modprobe-path.patch | 56 +++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 pkgs/tools/networking/strongswan/modprobe-path.patch diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index c0ec4eb9b95d..9ee5a0cf8497 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -1,9 +1,10 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, substituteAll , pkgconfig, autoreconfHook , gmp, python, iptables, ldns, unbound, openssl, pcsclite , openresolv , systemd, pam , curl +, kmod , enableTNC ? false, trousers, sqlite, libxml2 , enableNetworkManager ? false, networkmanager , libpcap @@ -40,6 +41,10 @@ stdenv.mkDerivation rec { ./ext_auth-path.patch ./firewall_defaults.patch ./updown-path.patch + (substituteAll { + src = ./modprobe-path.patch; + inherit kmod; + }) ]; postPatch = '' diff --git a/pkgs/tools/networking/strongswan/modprobe-path.patch b/pkgs/tools/networking/strongswan/modprobe-path.patch new file mode 100644 index 000000000000..4c0cb59c13a1 --- /dev/null +++ b/pkgs/tools/networking/strongswan/modprobe-path.patch @@ -0,0 +1,56 @@ +diff --git a/src/starter/klips.c b/src/starter/klips.c +index 2216546..d626677 100644 +--- a/src/starter/klips.c ++++ b/src/starter/klips.c +@@ -30,7 +30,7 @@ bool starter_klips_init(void) + /* ipsec module makes the pf_key proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { +- ignore_result(system("modprobe -qv ipsec")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ipsec")); + } + + /* now test again */ +@@ -42,9 +42,9 @@ bool starter_klips_init(void) + } + + /* load crypto algorithm modules */ +- ignore_result(system("modprobe -qv ipsec_aes")); +- ignore_result(system("modprobe -qv ipsec_blowfish")); +- ignore_result(system("modprobe -qv ipsec_sha2")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_aes")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_blowfish")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_sha2")); + + DBG2(DBG_APP, "found KLIPS IPsec stack"); + return TRUE; +diff --git a/src/starter/netkey.c b/src/starter/netkey.c +index b150d3e..0a7c2ff 100644 +--- a/src/starter/netkey.c ++++ b/src/starter/netkey.c +@@ -30,7 +30,7 @@ bool starter_netkey_init(void) + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { +- ignore_result(system("modprobe -qv af_key")); ++ ignore_result(system("@kmod@/bin/modprobe -qv af_key")); + } + + /* now test again */ +@@ -44,11 +44,11 @@ bool starter_netkey_init(void) + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { +- ignore_result(system("modprobe -qv ah4")); +- ignore_result(system("modprobe -qv esp4")); +- ignore_result(system("modprobe -qv ipcomp")); +- ignore_result(system("modprobe -qv xfrm4_tunnel")); +- ignore_result(system("modprobe -qv xfrm_user")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ah4")); ++ ignore_result(system("@kmod@/bin/modprobe -qv esp4")); ++ ignore_result(system("@kmod@/bin/modprobe -qv ipcomp")); ++ ignore_result(system("@kmod@/bin/modprobe -qv xfrm4_tunnel")); ++ ignore_result(system("@kmod@/bin/modprobe -qv xfrm_user")); + } + + DBG2(DBG_APP, "found netkey IPsec stack");