Merge pull request #142522 from risicle/ris-strongswan-5.9.4

strongswan: 5.8.1 -> 5.9.4
This commit is contained in:
Robert Scott 2021-11-15 21:08:20 +00:00 committed by GitHub
commit 5e15d5da4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 16 deletions

View file

@ -569,6 +569,16 @@ in {
these sections offer more flexibility.
'';
ca_id = mkOptionalStrParam ''
Identity in CA certificate to accept for authentication. The specified
identity must be contained in one (intermediate) CA of the remote peer
trustchain, either as subject or as subjectAltName. This has the same
effect as specifying <literal>cacerts</literal> to force clients under
a CA to specific connections; it does not require the CA certificate
to be available locally, and can be received from the peer during the
IKE exchange.
'';
cacerts = mkCommaSepListParam [] ''
List of CA certificates to accept for
authentication. The certificates may use a relative path from the

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchpatch, fetchFromGitHub
{ lib, stdenv, fetchFromGitHub
, pkg-config, autoreconfHook, perl, gperf, bison, flex
, gmp, python3, iptables, ldns, unbound, openssl, pcsclite, glib
, openresolv
@ -17,13 +17,13 @@ with lib;
stdenv.mkDerivation rec {
pname = "strongswan";
version = "5.8.1"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
version = "5.9.4"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
src = fetchFromGitHub {
owner = "strongswan";
repo = "strongswan";
rev = version;
sha256 = "1a1hw2jsbwvkdhhxjmq87hz13ivbgvqwks1q3adz14mqgbc64snd";
sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
};
dontPatchELF = true;
@ -40,19 +40,6 @@ stdenv.mkDerivation rec {
./ext_auth-path.patch
./firewall_defaults.patch
./updown-path.patch
# Don't use etc/dbus-1/system.d
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/strongswan/strongswan/pull/150.patch";
sha256 = "1irfxb99blb8v3hs0kmlhzkkwbmds1p0gq319z8lmacz36cgyj2c";
})
# fix build with -fno-common tollchain
(fetchpatch {
name = "fno-common.patch";
url = "https://git.strongswan.org/?p=strongswan.git;a=patch;h=91c6387e69c09beaa9b9ca1e28471751a834fc24";
sha256 = "0jp9walxwffp5cl7q0hb80h3s2gdj1nn3n8bvnbmwgh2s6pi148f";
})
];
postPatch = optionalString stdenv.isLinux ''