| blob | ad33172801690c48aa99e1992dbeba96704bf849 |
1 { lib
2 , stdenv
3 , openvpn
4 , fetchpatch
5 , fetchurl
6 , iproute2
7 , libnl
8 , autoreconfHook
9 , pkg-config
10 }:
12 openvpn.overrideAttrs (oldAttrs:
13 let
14 inherit (lib) optional;
15 fetchMullvadPatch = { commit, sha256 }: fetchpatch {
16 url = "https://github.com/mullvad/openvpn/commit/${commit}.patch";
17 inherit sha256;
18 };
19 in
20 rec {
21 pname = "openvpn-mullvad";
22 version = "2.6.0";
24 src = fetchurl {
25 url = "https://swupdate.openvpn.net/community/releases/openvpn-${version}.tar.gz";
26 sha256 = "sha256-6+yTMmPJhQ72984SXi8iIUvmCxy7jM/xiJJkP+CDro8=";
27 };
29 nativeBuildInputs = oldAttrs.nativeBuildInputs or [ ] ++ [
30 autoreconfHook
31 pkg-config
32 ];
34 buildInputs = oldAttrs.buildInputs or [ ]
35 ++ optional stdenv.isLinux [ libnl.dev ];
37 configureFlags = [
38 # Assignement instead of appending to make sure to use exactly the flags required by mullvad
40 # Flags are based on https://github.com/mullvad/mullvadvpn-app-binaries/blob/main/Makefile#L17
41 "--enable-static"
42 "--disable-shared"
43 "--disable-debug"
44 "--disable-plugin-down-root"
45 "--disable-management"
46 "--disable-port-share"
47 "--disable-systemd"
48 "--disable-dependency-tracking"
49 "--disable-pkcs11"
50 "--disable-plugin-auth-pam"
51 "--enable-plugins"
52 "--disable-lzo"
53 "--disable-lz4"
54 "--enable-comp-stub"
55 ]
56 ++ optional stdenv.isLinux [
57 # Flags are based on https://github.com/mullvad/mullvadvpn-app-binaries/blob/main/Makefile#L35
58 "--enable-dco" # requires libnl
59 "--disable-iproute2"
60 ];
62 patches = oldAttrs.patches or [ ] ++ [
63 # look at compare to find the relevant commits
64 # https://github.com/OpenVPN/openvpn/compare/release/2.6...mullvad:mullvad-patches
65 # used openvpn version is the latest tag ending with -mullvad
66 # https://github.com/mullvad/openvpn/tags
67 (fetchMullvadPatch {
68 # "Reduce PUSH_REQUEST_INTERVAL to one second"
69 commit = "4084b49de84e64c56584a378e85faf37973b6d6d";
70 sha256 = "sha256-MmYeFSw6c/QJh0LqLgkx+UxrbtTVv6zEFcnYEqznR1c=";
71 })
72 (fetchMullvadPatch {
73 # "Send an event to any plugins when authentication fails"
74 commit = "f24de7922d70c6e1ae06acf18bce1f62d9fa6b07";
75 sha256 = "sha256-RvlQbR6/s4NorYeA6FL7tE6geg6MIoZJtHeYxkVbdwA=";
76 })
77 (fetchMullvadPatch {
78 # "Shutdown when STDIN is closed"
79 commit = "81ae84271c044359b67991b15ebfb0cf9a32b3ad";
80 sha256 = "sha256-ilKMyU97ha2m0p1FD64aNQncnKo4Tyi/nATuD5yPmVw=";
81 })
82 (fetchMullvadPatch {
83 # "Undo dependency on Python docutils"
84 commit = "a5064b4b6c598b68d8cabc3f4006e5addef1ec1e";
85 sha256 = "sha256-+B6jxL0M+W5LzeukXkir26hn1OaYnycVNBwMYFq6gsE=";
86 })
87 (fetchMullvadPatch {
88 # "Prevent signal when stdin is closed from being cleared (#10)"
89 commit = "abe529e6d7f71228a036007c6c02624ec98ad6c1";
90 sha256 = "sha256-qJQeEtZO/+8kenXTKv4Bx6NltUYe8AwzXQtJcyhrjfc=";
91 })
92 (fetchMullvadPatch {
93 # "Disable libcap-ng"
94 commit = "598014de7c063fa4e8ba1fffa01434229faafd04";
95 sha256 = "sha256-+cFX5gmMuG6XFkTs6IV7utiKRF9E47F5Pgo93c+zBXo=";
96 })
97 (fetchMullvadPatch {
98 # "Remove libnsl dep"
99 commit = "845727e01ab3ec9bd58fcedb31b3cf2ebe2d5226";
100 sha256 = "sha256-Via62wKVfMWHTmO7xIXXO7b5k0KYHs1D0JVg3qnXkeM=";
101 })
102 ];
103 postPatch = oldAttrs.postPatch or "" + ''
104 rm ./configure
105 '';
107 meta = oldAttrs.meta or { } // {
108 description = "OpenVPN with Mullvad-specific patches applied";
109 homepage = "https://github.com/mullvad/openvpn";
110 maintainers = with lib; [ maintainers.cole-h ];
111 };
112 })