Merge pull request #308241 from rnhmjoj/pr-libreswan
libreswan: 4.15 -> 5.0
This commit is contained in:
commit
6a2c2e1a98
2 changed files with 14 additions and 50 deletions
|
@ -119,11 +119,11 @@ in
|
|||
with subtest("Libreswan is ready"):
|
||||
alice.wait_for_unit("ipsec")
|
||||
bob.wait_for_unit("ipsec")
|
||||
alice.succeed("ipsec verify 1>&2")
|
||||
alice.succeed("ipsec checkconfig")
|
||||
|
||||
with subtest("Alice and Bob can start the tunnel"):
|
||||
alice.execute("ipsec auto --start tunnel >&2 &")
|
||||
bob.succeed("ipsec auto --start tunnel")
|
||||
alice.execute("ipsec start tunnel >&2 &")
|
||||
bob.succeed("ipsec start tunnel")
|
||||
# apparently this is needed to "wake" the tunnel
|
||||
bob.execute("ping -c1 alice")
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
, libselinux
|
||||
, ldns
|
||||
, xmlto
|
||||
, docbook_xml_dtd_412
|
||||
, docbook_xml_dtd_45
|
||||
, docbook_xsl
|
||||
, findXMLCatalogs
|
||||
, dns-root-data
|
||||
|
@ -45,11 +45,11 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libreswan";
|
||||
version = "4.15";
|
||||
version = "5.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
|
||||
hash = "sha256-/mDX2zmMjuIlBV2zZeyWiiSuvLxcNQYRMfz/2tG+BK8=";
|
||||
hash = "sha256-ELwK3JC56YGjDf77p9r/IAhB7LmRD51nHxN//BQUKGo=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
|
|||
flex
|
||||
pkg-config
|
||||
xmlto
|
||||
docbook_xml_dtd_412
|
||||
docbook_xml_dtd_45
|
||||
docbook_xsl
|
||||
findXMLCatalogs
|
||||
];
|
||||
|
@ -73,51 +73,15 @@ stdenv.mkDerivation rec {
|
|||
] ++ lib.optional stdenv.isLinux libselinux;
|
||||
|
||||
prePatch = ''
|
||||
# Correct iproute2 and iptables path
|
||||
sed -e 's|/sbin/ip|${iproute2}/bin/ip|g' \
|
||||
-e 's|/sbin/\(ip6\?tables\)|${iptables}/bin/\1|' \
|
||||
-e 's|/bin/bash|${runtimeShell}|g' \
|
||||
-i initsystems/systemd/ipsec.service.in \
|
||||
programs/barf/barf.in \
|
||||
programs/verify.linux/verify.in
|
||||
sed -e 's|\([[:blank:]]\)\(ip6\?tables\(-save\)\? -\)|\1${iptables}/bin/\2|' \
|
||||
-i programs/verify.linux/verify.in
|
||||
|
||||
# Prevent the makefile from trying to
|
||||
# reload the systemd daemon or create tmpfiles
|
||||
sed -e 's|systemctl|true|g' \
|
||||
-e 's|systemd-tmpfiles|true|g' \
|
||||
-i initsystems/systemd/Makefile
|
||||
|
||||
# Fix systemd detection on NixOS
|
||||
sed -e 's|\(-a ! -x /bin/journalctl\)|\1 -a ! -x /run/current-system/sw/bin/journalctl|g' \
|
||||
-e 's|\(-o ! -x /bin/journalctl\)|\1 -o ! -x /run/current-system/sw/bin/journalctl|g' \
|
||||
-i programs/barf/barf.in
|
||||
|
||||
# Fix the ipsec program from crushing the PATH
|
||||
sed -e 's|\(PATH=".*"\):.*$|\1:$PATH|' -i programs/ipsec/ipsec.in
|
||||
|
||||
# Fix python script to use the correct python
|
||||
sed -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' \
|
||||
-i programs/verify.linux/verify.in
|
||||
|
||||
# Replace wget with curl to save a dependency
|
||||
curlArgs='-s --remote-name-all --output-dir'
|
||||
sed -e "s|wget -q -P|${curl}/bin/curl $curlArgs|g" \
|
||||
-i programs/letsencrypt/letsencrypt.in
|
||||
|
||||
# Patch the Makefile:
|
||||
# 1. correct the pam.d directory install path
|
||||
# 2. do not create the /var/lib/ directory
|
||||
sed -e 's|$(DESTDIR)/etc/pam.d|$(out)/etc/pam.d|' \
|
||||
-e '/test ! -d $(NSSDIR)/,+3d' \
|
||||
-i configs/Makefile
|
||||
substituteInPlace programs/letsencrypt/letsencrypt.in \
|
||||
--replace-fail 'wget -q -P' '${curl}/bin/curl -s --remote-name-all --output-dir'
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"PREFIX=$(out)"
|
||||
"INITSYSTEM=systemd"
|
||||
"UNITDIR=$(out)/etc/systemd/system/"
|
||||
"SYSTEMUNITDIR=$(out)/etc/systemd/system/"
|
||||
"TMPFILESDIR=$(out)/lib/tmpfiles.d/"
|
||||
"LINUX_VARIANT=nixos"
|
||||
"DEFAULT_DNSSEC_ROOTKEY_FILE=${dns-root-data}/root.key"
|
||||
|
@ -125,13 +89,13 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# Hack to make install work
|
||||
installFlags = [
|
||||
"FINALVARDIR=\${out}/var"
|
||||
"FINALSYSCONFDIR=\${out}/etc"
|
||||
"VARDIR=\${out}/var"
|
||||
"SYSCONFDIR=\${out}/etc"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
# Install examples directory (needed for letsencrypt)
|
||||
cp -r docs/examples $out/share/doc/libreswan/examples
|
||||
# Install letsencrypt config files
|
||||
install -m644 -Dt "$out/share/doc/libreswan/letsencrypt" docs/examples/*
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
|
|
Loading…
Reference in a new issue