From f288df00cb9c3cee955196e176aa788bf061d981 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Wed, 5 Oct 2022 23:31:45 +0200
Subject: [PATCH] libreswan: 4.7 -> 4.8

Note: this also fixes DNSSEC support, which was enabled but not working
due to the (most likely) missing DNS root file.
---
 pkgs/tools/networking/libreswan/default.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix
index 7c500d509258..25ad29b1cfe7 100644
--- a/pkgs/tools/networking/libreswan/default.nix
+++ b/pkgs/tools/networking/libreswan/default.nix
@@ -30,6 +30,7 @@
 , docbook_xml_dtd_412
 , docbook_xsl
 , findXMLCatalogs
+, dns-root-data
 }:
 
 let
@@ -43,11 +44,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "libreswan";
-  version = "4.7";
+  version = "4.8";
 
   src = fetchurl {
     url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
-    sha256 = "0i7wyfgkaq6kcfhh1yshb1v7q42n3zvdkhq10f3ks1h075xk7mnx";
+    sha256 = "sha256-gEy5EX1/tBGYE7FVrJF+NFZY41ehOBim9t/Oikch4gs=";
   };
 
   strictDeps = true;
@@ -77,9 +78,9 @@ stdenv.mkDerivation rec {
         -e 's|/bin/bash|${runtimeShell}|g' \
         -i initsystems/systemd/ipsec.service.in \
            programs/barf/barf.in \
-           programs/verify/verify.in
+           programs/verify.linux/verify.in
     sed -e 's|\([[:blank:]]\)\(ip6\?tables\(-save\)\? -\)|\1${iptables}/bin/\2|' \
-        -i programs/verify/verify.in
+        -i programs/verify.linux/verify.in
 
     # Prevent the makefile from trying to
     # reload the systemd daemon or create tmpfiles
@@ -92,7 +93,7 @@ stdenv.mkDerivation rec {
 
     # Fix python script to use the correct python
     sed -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' \
-        -i programs/verify/verify.in
+        -i programs/verify.linux/verify.in
 
     # Replace wget with curl to save a dependency
     curlArgs='-s --remote-name-all --output-dir'
@@ -113,6 +114,7 @@ stdenv.mkDerivation rec {
     "UNITDIR=$(out)/etc/systemd/system/"
     "TMPFILESDIR=$(out)/lib/tmpfiles.d/"
     "LINUX_VARIANT=nixos"
+    "DEFAULT_DNSSEC_ROOTKEY_FILE=${dns-root-data}/root.key"
   ];
 
   # Hack to make install work