| blob | 24b7176e82b50dd1957ff447ed868f1c4197dac8 |
1 { lib
2 , stdenv
3 , fetchurl
4 , fetchpatch
5 , nixosTests
6 , pkg-config
7 , systemd
8 , gmp
9 , unbound
10 , bison
11 , flex
12 , pam
13 , libevent
14 , libcap_ng
15 , curl
16 , nspr
17 , bash
18 , iproute2
19 , iptables
20 , procps
21 , coreutils
22 , gnused
23 , gawk
24 , nss
25 , which
26 , python3
27 , libselinux
28 , ldns
29 , xmlto
30 , docbook_xml_dtd_412
31 , docbook_xsl
32 , findXMLCatalogs
33 }:
35 let
36 # Tools needed by ipsec scripts
37 binPath = lib.makeBinPath [
38 iproute2 iptables procps
39 coreutils gnused gawk
40 nss.tools which
41 ];
42 in
44 stdenv.mkDerivation rec {
45 pname = "libreswan";
46 version = "4.4";
48 src = fetchurl {
49 url = "https://download.libreswan.org/${pname}-${version}.tar.gz";
50 sha256 = "0xj974yc0y1r7235zl4jhvxqz3bpb8js2fy9ic820zq9swh0lgsz";
51 };
53 strictDeps = true;
55 nativeBuildInputs = [
56 bison
57 flex
58 pkg-config
59 xmlto
60 docbook_xml_dtd_412
61 docbook_xsl
62 findXMLCatalogs
63 ];
65 buildInputs = [
66 systemd coreutils
67 gnused gawk gmp unbound pam libevent
68 libcap_ng curl nspr nss ldns
69 # needed to patch shebangs
70 python3 bash
71 ] ++ lib.optional stdenv.isLinux libselinux;
73 patches = [
74 # Fix compilation on aarch64, remove on next update
75 (fetchpatch {
76 url = "https://github.com/libreswan/libreswan/commit/ea50d36d2886e44317ba5ba841de1d1bf91aee6c.patch";
77 sha256 = "1jp89rm9jp55zmiyimyhg7yadj0fwwxaw7i5gyclrs38w3y1aacj";
78 })
79 ];
81 prePatch = ''
82 # Correct iproute2 path
83 sed -e 's|"/sbin/ip"|"${iproute2}/bin/ip"|' \
84 -e 's|"/sbin/iptables"|"${iptables}/bin/iptables"|' \
85 -i initsystems/systemd/ipsec.service.in \
86 programs/verify/verify.in
88 # Prevent the makefile from trying to
89 # reload the systemd daemon or create tmpfiles
90 sed -e 's|systemctl|true|g' \
91 -e 's|systemd-tmpfiles|true|g' \
92 -i initsystems/systemd/Makefile
94 # Fix the ipsec program from crushing the PATH
95 sed -e 's|\(PATH=".*"\):.*$|\1:$PATH|' -i programs/ipsec/ipsec.in
97 # Fix python script to use the correct python
98 sed -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' \
99 -i programs/verify/verify.in
101 # Replace wget with curl to save a dependency
102 curlArgs='-s --remote-name-all --output-dir'
103 sed -e "s|wget -q -P|${curl}/bin/curl $curlArgs|g" \
104 -i programs/letsencrypt/letsencrypt.in
106 # Patch the Makefile:
107 # 1. correct the pam.d directory install path
108 # 2. do not create the /var/lib/ directory
109 sed -e 's|$(DESTDIR)/etc/pam.d|$(out)/etc/pam.d|' \
110 -e '/test ! -d $(NSSDIR)/,+3d' \
111 -i configs/Makefile
112 '';
114 # Set appropriate paths for build
115 preBuild = "export INC_USRLOCAL=\${out}";
117 makeFlags = [
118 "INITSYSTEM=systemd"
119 "UNITDIR=$(out)/etc/systemd/system/"
120 "TMPFILESDIR=$(out)/lib/tmpfiles.d/"
121 ];
123 # Hack to make install work
124 installFlags = [
125 "FINALVARDIR=\${out}/var"
126 "FINALSYSCONFDIR=\${out}/etc"
127 ];
129 postInstall = ''
130 # Install examples directory (needed for letsencrypt)
131 cp -r docs/examples $out/share/doc/libreswan/examples
132 '';
134 postFixup = ''
135 # Add a PATH to the main "ipsec" script
136 sed -e '0,/^$/{s||export PATH=${binPath}:$PATH|}' \
137 -i $out/bin/ipsec
138 '';
140 passthru.tests.libreswan = nixosTests.libreswan;
142 meta = with lib; {
143 homepage = "https://libreswan.org";
144 description = "A free software implementation of the VPN protocol based on IPSec and the Internet Key Exchange";
145 platforms = platforms.linux ++ platforms.freebsd;
146 license = with licenses; [ gpl2Plus mpl20 ] ;
147 maintainers = with maintainers; [ afranchuk rnhmjoj ];
148 };
149 }