nixpkgs-suyu/pkgs/tools/networking/libreswan/default.nix

102 lines
3.2 KiB
Nix
Raw Normal View History

{ lib, stdenv, fetchurl, makeWrapper,
2021-01-17 04:51:22 +01:00
pkg-config, systemd, gmp, unbound, bison, flex, pam, libevent, libcap_ng, curl, nspr,
2021-03-14 17:05:16 +01:00
bash, iproute2, iptables, procps, coreutils, gnused, gawk, nss, which, python3,
docs ? false, xmlto, libselinux, ldns
}:
let
2021-01-15 10:19:50 +01:00
binPath = lib.makeBinPath [
2021-03-14 17:05:16 +01:00
bash iproute2 iptables procps coreutils gnused gawk nss.tools which python3
];
in
assert docs -> xmlto != null;
assert stdenv.isLinux -> libselinux != null;
stdenv.mkDerivation rec {
pname = "libreswan";
version = "3.32";
src = fetchurl {
url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
sha256 = "0bj3g6qwd3ir3gk6hdl9npy3k44shf56vcgjahn30qpmx3z5fsr3";
};
2021-03-26 09:13:11 +01:00
strictDeps = true;
# These flags were added to compile v3.18. Try to lift them when updating.
2019-10-30 12:34:47 +01:00
NIX_CFLAGS_COMPILE = toString [ "-Wno-error=redundant-decls" "-Wno-error=format-nonliteral"
2018-03-08 20:44:43 +01:00
# these flags were added to build with gcc7
"-Wno-error=implicit-fallthrough"
"-Wno-error=format-truncation"
"-Wno-error=pointer-compare"
2019-11-03 13:32:09 +01:00
"-Wno-error=stringop-truncation"
# The following flag allows libreswan v3.32 to work with NSS 3.22, see
# https://github.com/libreswan/libreswan/issues/334.
# This flag should not be needed for libreswan v3.33 (which is not yet released).
"-DNSS_PKCS11_2_0_COMPAT=1"
2018-03-08 20:44:43 +01:00
];
2021-03-26 09:13:11 +01:00
nativeBuildInputs = [
bison
flex
makeWrapper
pkg-config
];
2021-03-14 17:05:16 +01:00
buildInputs = [ bash iproute2 iptables systemd coreutils gnused gawk gmp unbound pam libevent
2021-03-26 09:13:11 +01:00
libcap_ng curl nspr nss python3 ldns ]
2021-01-15 10:19:50 +01:00
++ lib.optional docs xmlto
++ lib.optional stdenv.isLinux libselinux;
prePatch = ''
# Correct bash path
sed -i -e 's|/bin/bash|/usr/bin/env bash|' mk/config.mk
# Fix systemd unit directory, and prevent the makefile from trying to reload the
# systemd daemon or create tmpfiles
sed -i -e 's|UNITDIR=.*$|UNITDIR=$\{out}/etc/systemd/system/|g' \
-e 's|TMPFILESDIR=.*$|TMPFILESDIR=$\{out}/tmpfiles.d/|g' \
-e 's|systemctl|true|g' \
-e 's|systemd-tmpfiles|true|g' \
initsystems/systemd/Makefile
# Fix the ipsec program from crushing the PATH
sed -i -e 's|\(PATH=".*"\):.*$|\1:$PATH|' programs/ipsec/ipsec.in
# Fix python script to use the correct python
sed -i -e 's|#!/usr/bin/python|#!/usr/bin/env python|' -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' programs/verify/verify.in
'';
# Set appropriate paths for build
preBuild = "export INC_USRLOCAL=\${out}";
makeFlags = [
"INITSYSTEM=systemd"
(if docs then "all" else "base")
];
installTargets = [ (if docs then "install" else "install-base") ];
# Hack to make install work
installFlags = [
"FINALVARDIR=\${out}/var"
"FINALSYSCONFDIR=\${out}/etc"
];
postInstall = ''
for i in $out/bin/* $out/libexec/ipsec/*; do
wrapProgram "$i" --prefix PATH ':' "$out/bin:${binPath}"
done
'';
enableParallelBuilding = true;
meta = with lib; {
2020-03-06 20:37:20 +01:00
homepage = "https://libreswan.org";
description = "A free software implementation of the VPN protocol based on IPSec and the Internet Key Exchange";
platforms = platforms.linux ++ platforms.freebsd;
2018-09-10 21:28:59 +02:00
license = licenses.gpl2;
maintainers = [ maintainers.afranchuk ];
};
}