| blob | b62ce2d5edeeda2560ffc9f6e7eb0bc3731caf72 |
1 {
2 lib,
3 stdenv,
4 openvpn,
5 fetchpatch,
6 fetchurl,
7 libnl,
8 autoreconfHook,
9 pkg-config,
10 }:
12 openvpn.overrideAttrs (
13 oldAttrs:
14 let
15 inherit (lib) optional;
16 fetchMullvadPatch =
17 { commit, sha256 }:
18 fetchpatch {
19 url = "https://github.com/mullvad/openvpn/commit/${commit}.patch";
20 inherit sha256;
21 };
22 in
23 rec {
24 pname = "openvpn-mullvad";
25 version = "2.6.0";
27 src = fetchurl {
28 url = "https://swupdate.openvpn.net/community/releases/openvpn-${version}.tar.gz";
29 sha256 = "sha256-6+yTMmPJhQ72984SXi8iIUvmCxy7jM/xiJJkP+CDro8=";
30 };
32 nativeBuildInputs = oldAttrs.nativeBuildInputs or [ ] ++ [
33 autoreconfHook
34 pkg-config
35 ];
37 buildInputs = oldAttrs.buildInputs or [ ] ++ optional stdenv.hostPlatform.isLinux [ libnl.dev ];
39 configureFlags =
40 [
41 # Assignement instead of appending to make sure to use exactly the flags required by mullvad
43 # Flags are based on https://github.com/mullvad/mullvadvpn-app-binaries/blob/main/Makefile#L17
44 "--enable-static"
45 "--disable-shared"
46 "--disable-debug"
47 "--disable-plugin-down-root"
48 "--disable-management"
49 "--disable-port-share"
50 "--disable-systemd"
51 "--disable-dependency-tracking"
52 "--disable-pkcs11"
53 "--disable-plugin-auth-pam"
54 "--enable-plugins"
55 "--disable-lzo"
56 "--disable-lz4"
57 "--enable-comp-stub"
58 ]
59 ++ optional stdenv.hostPlatform.isLinux [
60 # Flags are based on https://github.com/mullvad/mullvadvpn-app-binaries/blob/main/Makefile#L35
61 "--enable-dco" # requires libnl
62 "--disable-iproute2"
63 ];
65 patches = oldAttrs.patches or [ ] ++ [
66 # look at compare to find the relevant commits
67 # https://github.com/OpenVPN/openvpn/compare/release/2.6...mullvad:mullvad-patches
68 # used openvpn version is the latest tag ending with -mullvad
69 # https://github.com/mullvad/openvpn/tags
70 (fetchMullvadPatch {
71 # "Reduce PUSH_REQUEST_INTERVAL to one second"
72 commit = "4084b49de84e64c56584a378e85faf37973b6d6d";
73 sha256 = "sha256-MmYeFSw6c/QJh0LqLgkx+UxrbtTVv6zEFcnYEqznR1c=";
74 })
75 (fetchMullvadPatch {
76 # "Send an event to any plugins when authentication fails"
77 commit = "f24de7922d70c6e1ae06acf18bce1f62d9fa6b07";
78 sha256 = "sha256-RvlQbR6/s4NorYeA6FL7tE6geg6MIoZJtHeYxkVbdwA=";
79 })
80 (fetchMullvadPatch {
81 # "Shutdown when STDIN is closed"
82 commit = "81ae84271c044359b67991b15ebfb0cf9a32b3ad";
83 sha256 = "sha256-ilKMyU97ha2m0p1FD64aNQncnKo4Tyi/nATuD5yPmVw=";
84 })
85 (fetchMullvadPatch {
86 # "Undo dependency on Python docutils"
87 commit = "a5064b4b6c598b68d8cabc3f4006e5addef1ec1e";
88 sha256 = "sha256-+B6jxL0M+W5LzeukXkir26hn1OaYnycVNBwMYFq6gsE=";
89 })
90 (fetchMullvadPatch {
91 # "Prevent signal when stdin is closed from being cleared (#10)"
92 commit = "abe529e6d7f71228a036007c6c02624ec98ad6c1";
93 sha256 = "sha256-qJQeEtZO/+8kenXTKv4Bx6NltUYe8AwzXQtJcyhrjfc=";
94 })
95 (fetchMullvadPatch {
96 # "Disable libcap-ng"
97 commit = "598014de7c063fa4e8ba1fffa01434229faafd04";
98 sha256 = "sha256-+cFX5gmMuG6XFkTs6IV7utiKRF9E47F5Pgo93c+zBXo=";
99 })
100 (fetchMullvadPatch {
101 # "Remove libnsl dep"
102 commit = "845727e01ab3ec9bd58fcedb31b3cf2ebe2d5226";
103 sha256 = "sha256-Via62wKVfMWHTmO7xIXXO7b5k0KYHs1D0JVg3qnXkeM=";
104 })
105 ];
106 postPatch =
107 oldAttrs.postPatch or ""
108 + ''
109 rm ./configure
110 '';
112 meta = oldAttrs.meta or { } // {
113 description = "OpenVPN with Mullvad-specific patches applied";
114 homepage = "https://github.com/mullvad/openvpn";
115 maintainers = with lib; [ maintainers.cole-h ];
116 };
117 }
118 )