From d57927748a9298780370a66ccb649992cb162646 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 22 Dec 2014 18:17:53 +0100 Subject: [PATCH 1/4] autoreconf may need gettext E. g. for AC_LIB_PREFIX --- pkgs/build-support/setup-hooks/autoreconf.sh | 4 ++-- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/setup-hooks/autoreconf.sh b/pkgs/build-support/setup-hooks/autoreconf.sh index f70a10870843..441d6b43baa2 100644 --- a/pkgs/build-support/setup-hooks/autoreconf.sh +++ b/pkgs/build-support/setup-hooks/autoreconf.sh @@ -1,11 +1,11 @@ preConfigurePhases+=" autoreconfPhase" -for i in @autoconf@ @automake@ @libtool@; do +for i in @autoconf@ @automake@ @libtool@ @gettext@; do findInputs $i nativePkgs propagated-native-build-inputs done autoreconfPhase() { runHook preAutoreconf - autoreconf ${autoreconfFlags:---install --force} + autoreconf ${autoreconfFlags:---install --force --verbose} runHook postAutoreconf } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d8d193994ee3..ad6002f37b55 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -252,7 +252,7 @@ let }; autoreconfHook = makeSetupHook - { substitutions = { inherit autoconf automake libtool; }; } + { substitutions = { inherit autoconf automake libtool gettext; }; } ../build-support/setup-hooks/autoreconf.sh; buildEnv = import ../build-support/buildenv { From 9bbe674927a307f02d32834c9a39f49c8be476e7 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 22 Dec 2014 18:24:19 +0100 Subject: [PATCH 2/4] Strongswan: use full path to ipsec This fixes issue: ... charon[6135]: 11[CHD] updown: /bin/sh: ipsec: command not found --- pkgs/tools/networking/strongswan/default.nix | 8 +++-- .../strongswan/firewall_defaults.patch | 32 +++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 pkgs/tools/networking/strongswan/firewall_defaults.patch diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index a41bc5e5b8f0..c8cdac76f419 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, gmp, pkgconfig, python }: +{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook }: stdenv.mkDerivation rec { name = "strongswan-5.2.1"; @@ -10,7 +10,11 @@ stdenv.mkDerivation rec { dontPatchELF = true; - buildInputs = [ gmp pkgconfig python ]; + buildInputs = [ gmp pkgconfig python autoreconfHook ]; + + patches = [ + ./firewall_defaults.patch + ]; configureFlags = [ "--enable-swanctl" "--enable-cmd" ]; diff --git a/pkgs/tools/networking/strongswan/firewall_defaults.patch b/pkgs/tools/networking/strongswan/firewall_defaults.patch new file mode 100644 index 000000000000..12c446c8c9aa --- /dev/null +++ b/pkgs/tools/networking/strongswan/firewall_defaults.patch @@ -0,0 +1,32 @@ +Index: strongswan-5.2.1/src/starter/confread.c +=================================================================== +--- strongswan-5.2.1.orig/src/starter/confread.c ++++ strongswan-5.2.1/src/starter/confread.c +@@ -43,7 +43,7 @@ + static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; + static const char esp_defaults[] = "aes128-sha1,3des-sha1"; + +-static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables"; ++static const char firewall_defaults[] = IPSEC_SBINDIR "/" IPSEC_SCRIPT " _updown iptables"; + + /** + * Provided by GPERF +Index: strongswan-5.2.1/src/starter/Makefile.am +=================================================================== +--- strongswan-5.2.1.orig/src/starter/Makefile.am ++++ strongswan-5.2.1/src/starter/Makefile.am +@@ -18,10 +18,12 @@ AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/starter \ + -I$(top_srcdir)/src/stroke \ +- -DIPSEC_DIR=\"${ipsecdir}\" \ ++ -DIPSEC_BINDIR=\"${bindir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ +- -DIPSEC_PIDDIR=\"${piddir}\" \ ++ -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_EAPDIR=\"${eapdir}\" \ ++ -DIPSEC_PIDDIR=\"${piddir}\" \ ++ -DIPSEC_SBINDIR=\"${sbindir}\" \ + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DDEV_RANDOM=\"${random_device}\" \ + -DDEV_URANDOM=\"${urandom_device}\" \ From 2b91b9b5941d9ef31ab4e0772ffa03c023abd2cc Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 22 Dec 2014 20:32:56 +0100 Subject: [PATCH 3/4] Strongswan: updown script uses ip and iptables utilities --- nixos/modules/services/networking/strongswan.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index 19ad635d07e7..8778b0364f9a 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -118,7 +118,7 @@ in systemd.services.strongswan = { description = "strongSwan IPSec Service"; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ kmod ]; # XXX Linux + path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux wants = [ "keys.target" ]; after = [ "network.target" "keys.target" ]; environment = { From 17d8029150b246d9cd67174120900ea6bdbedda4 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 22 Dec 2014 19:55:01 +0000 Subject: [PATCH 4/4] Strongswan: preserve PATH --- pkgs/tools/networking/strongswan/default.nix | 2 ++ .../networking/strongswan/ext_auth-path.patch | 13 ++++++++++ .../networking/strongswan/updown-path.patch | 26 +++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 pkgs/tools/networking/strongswan/ext_auth-path.patch create mode 100644 pkgs/tools/networking/strongswan/updown-path.patch diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index c8cdac76f419..871cd3e8f473 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -13,7 +13,9 @@ stdenv.mkDerivation rec { buildInputs = [ gmp pkgconfig python autoreconfHook ]; patches = [ + ./ext_auth-path.patch ./firewall_defaults.patch + ./updown-path.patch ]; configureFlags = [ "--enable-swanctl" "--enable-cmd" ]; diff --git a/pkgs/tools/networking/strongswan/ext_auth-path.patch b/pkgs/tools/networking/strongswan/ext_auth-path.patch new file mode 100644 index 000000000000..397537ad8d84 --- /dev/null +++ b/pkgs/tools/networking/strongswan/ext_auth-path.patch @@ -0,0 +1,13 @@ +Index: strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c +=================================================================== +--- strongswan-5.2.1.orig/src/libcharon/plugins/ext_auth/ext_auth_listener.c ++++ strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c +@@ -101,6 +101,8 @@ METHOD(listener_t, authorize, bool, + + *success = FALSE; + ++ push_env(envp, countof(envp), "PATH=%s", getenv("PATH")); ++ + push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u", + ike_sa->get_unique_id(ike_sa)); + push_env(envp, countof(envp), "IKE_NAME=%s", diff --git a/pkgs/tools/networking/strongswan/updown-path.patch b/pkgs/tools/networking/strongswan/updown-path.patch new file mode 100644 index 000000000000..f01da7d7bce6 --- /dev/null +++ b/pkgs/tools/networking/strongswan/updown-path.patch @@ -0,0 +1,26 @@ +Index: strongswan-5.2.1/src/_updown/_updown.in +=================================================================== +--- strongswan-5.2.1.orig/src/_updown/_updown.in ++++ strongswan-5.2.1/src/_updown/_updown.in +@@ -125,7 +125,7 @@ + # + + # define a minimum PATH environment in case it is not set +-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@" ++PATH="${PATH:-/sbin:/bin:/usr/sbin:/usr/bin}" + export PATH + + # uncomment to log VPN connections +Index: strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c +=================================================================== +--- strongswan-5.2.1.orig/src/libcharon/plugins/updown/updown_listener.c ++++ strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c +@@ -240,6 +240,8 @@ static void invoke_once(private_updown_l + process_t *process; + char *envp[128] = {}; + ++ push_env(envp, countof(envp), "PATH=%s", getenv("PATH")); ++ + me = ike_sa->get_my_host(ike_sa); + other = ike_sa->get_other_host(ike_sa); +