Merge pull request #308241 from rnhmjoj/pr-libreswan

libreswan: 4.15 -> 5.0
This commit is contained in:
Michele Guerini Rocco 2024-05-01 23:20:19 +02:00 committed by GitHub
commit 6a2c2e1a98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 14 additions and 50 deletions

View file

@ -119,11 +119,11 @@ in
with subtest("Libreswan is ready"):
alice.wait_for_unit("ipsec")
bob.wait_for_unit("ipsec")
alice.succeed("ipsec verify 1>&2")
alice.succeed("ipsec checkconfig")
with subtest("Alice and Bob can start the tunnel"):
alice.execute("ipsec auto --start tunnel >&2 &")
bob.succeed("ipsec auto --start tunnel")
alice.execute("ipsec start tunnel >&2 &")
bob.succeed("ipsec start tunnel")
# apparently this is needed to "wake" the tunnel
bob.execute("ping -c1 alice")

View file

@ -28,7 +28,7 @@
, libselinux
, ldns
, xmlto
, docbook_xml_dtd_412
, docbook_xml_dtd_45
, docbook_xsl
, findXMLCatalogs
, dns-root-data
@ -45,11 +45,11 @@ in
stdenv.mkDerivation rec {
pname = "libreswan";
version = "4.15";
version = "5.0";
src = fetchurl {
url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
hash = "sha256-/mDX2zmMjuIlBV2zZeyWiiSuvLxcNQYRMfz/2tG+BK8=";
hash = "sha256-ELwK3JC56YGjDf77p9r/IAhB7LmRD51nHxN//BQUKGo=";
};
strictDeps = true;
@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
flex
pkg-config
xmlto
docbook_xml_dtd_412
docbook_xml_dtd_45
docbook_xsl
findXMLCatalogs
];
@ -73,51 +73,15 @@ stdenv.mkDerivation rec {
] ++ lib.optional stdenv.isLinux libselinux;
prePatch = ''
# Correct iproute2 and iptables path
sed -e 's|/sbin/ip|${iproute2}/bin/ip|g' \
-e 's|/sbin/\(ip6\?tables\)|${iptables}/bin/\1|' \
-e 's|/bin/bash|${runtimeShell}|g' \
-i initsystems/systemd/ipsec.service.in \
programs/barf/barf.in \
programs/verify.linux/verify.in
sed -e 's|\([[:blank:]]\)\(ip6\?tables\(-save\)\? -\)|\1${iptables}/bin/\2|' \
-i programs/verify.linux/verify.in
# Prevent the makefile from trying to
# reload the systemd daemon or create tmpfiles
sed -e 's|systemctl|true|g' \
-e 's|systemd-tmpfiles|true|g' \
-i initsystems/systemd/Makefile
# Fix systemd detection on NixOS
sed -e 's|\(-a ! -x /bin/journalctl\)|\1 -a ! -x /run/current-system/sw/bin/journalctl|g' \
-e 's|\(-o ! -x /bin/journalctl\)|\1 -o ! -x /run/current-system/sw/bin/journalctl|g' \
-i programs/barf/barf.in
# Fix the ipsec program from crushing the PATH
sed -e 's|\(PATH=".*"\):.*$|\1:$PATH|' -i programs/ipsec/ipsec.in
# Fix python script to use the correct python
sed -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' \
-i programs/verify.linux/verify.in
# Replace wget with curl to save a dependency
curlArgs='-s --remote-name-all --output-dir'
sed -e "s|wget -q -P|${curl}/bin/curl $curlArgs|g" \
-i programs/letsencrypt/letsencrypt.in
# Patch the Makefile:
# 1. correct the pam.d directory install path
# 2. do not create the /var/lib/ directory
sed -e 's|$(DESTDIR)/etc/pam.d|$(out)/etc/pam.d|' \
-e '/test ! -d $(NSSDIR)/,+3d' \
-i configs/Makefile
substituteInPlace programs/letsencrypt/letsencrypt.in \
--replace-fail 'wget -q -P' '${curl}/bin/curl -s --remote-name-all --output-dir'
'';
makeFlags = [
"PREFIX=$(out)"
"INITSYSTEM=systemd"
"UNITDIR=$(out)/etc/systemd/system/"
"SYSTEMUNITDIR=$(out)/etc/systemd/system/"
"TMPFILESDIR=$(out)/lib/tmpfiles.d/"
"LINUX_VARIANT=nixos"
"DEFAULT_DNSSEC_ROOTKEY_FILE=${dns-root-data}/root.key"
@ -125,13 +89,13 @@ stdenv.mkDerivation rec {
# Hack to make install work
installFlags = [
"FINALVARDIR=\${out}/var"
"FINALSYSCONFDIR=\${out}/etc"
"VARDIR=\${out}/var"
"SYSCONFDIR=\${out}/etc"
];
postInstall = ''
# Install examples directory (needed for letsencrypt)
cp -r docs/examples $out/share/doc/libreswan/examples
# Install letsencrypt config files
install -m644 -Dt "$out/share/doc/libreswan/letsencrypt" docs/examples/*
'';
postFixup = ''