···
30
-
enableNetworkManager ? false,
28
+
enableNetworkManager ? false,
34
+
nm = enableNetworkManager;
38
+
systemd = stdenv.hostPlatform.isLinux;
35
-
# Note on curl support: If curl is built with gnutls as its backend, the
36
-
# strongswan curl plugin may break.
37
-
# See https://wiki.strongswan.org/projects/strongswan/wiki/Curl for more info.
42
+
farp = stdenv.hostPlatform.isLinux;
43
+
dhcp = stdenv.hostPlatform.isLinux;
44
+
af-alg = stdenv.hostPlatform.isLinux;
45
+
resolve = stdenv.hostPlatform.isLinux;
46
+
scripts = stdenv.hostPlatform.isLinux;
47
+
connmark = stdenv.hostPlatform.isLinux;
48
+
forecast = stdenv.hostPlatform.isLinux;
49
+
kernel-netlink = stdenv.hostPlatform.isLinux;
51
+
aesni = stdenv.hostPlatform.isx86_64;
52
+
rdrand = stdenv.hostPlatform.isx86_64;
53
+
padlock = stdenv.hostPlatform.system == "i686-linux";
55
+
kernel-pfkey = stdenv.hostPlatform.isDarwin || stdenv.hostPlatform.isFreeBSD;
56
+
kernel-pfroute = stdenv.hostPlatform.isDarwin || stdenv.hostPlatform.isFreeBSD;
57
+
kernel-libipsec = stdenv.hostPlatform.isDarwin || stdenv.hostPlatform.isFreeBSD;
59
+
keychain = false; # breaks build
60
+
osx-attr = stdenv.hostPlatform.isDarwin;
63
+
# Note on curl support: If curl is built with gnutls as its backend, the
64
+
# strongswan curl plugin may break.
65
+
# See https://wiki.strongswan.org/projects/strongswan/wiki/Curl for more info.
73
+
socket-dynamic = stdenv.hostPlatform.isLinux;
76
+
eap-sim-file = true;
77
+
eap-sim-pcsc = true;
78
+
eap-simaka-pseudonym = true;
79
+
eap-simaka-reauth = true;
80
+
eap-identity = true;
84
+
eap-aka-3gpp = true;
85
+
eap-aka-3gpp2 = true;
86
+
eap-mschapv2 = true;
92
+
xauth-pam = stdenv.hostPlatform.isLinux;
93
+
xauth-noauth = true;
95
+
gmp = eap-aka-3gpp2;
97
+
// lib.optionalAttrs enableTNC {
100
+
eap-dynamic = true;
110
+
imc-attestation = true;
111
+
imv-attestation = true;
114
+
tss-trousers = true;
118
+
// lib.optionalAttrs enableTPM2 {
stdenv.mkDerivation rec {
41
-
version = "5.9.14"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
125
+
version = "6.0.2"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
47
-
hash = "sha256-qFM7ErfqiDlUsZdGXJQVW3nJoh+I6tEdKRwzrKteRVY=";
131
+
hash = "sha256-wjz41gt+Xu4XJkEXRRVl3b3ryEoEtijeqmfVFoRjnA4=";
50
-
dontPatchELF = true;
135
+
./ext_auth-path.patch
136
+
./firewall_defaults.patch
137
+
./updown-path.patch
69
-
++ lib.optionals enableTNC [
74
-
++ lib.optional enableTPM2 tpm2-tss
75
-
++ lib.optionals stdenv.hostPlatform.isLinux [
80
-
++ lib.optionals enableNetworkManager [
86
-
./ext_auth-path.patch
87
-
./firewall_defaults.patch
89
-
# Fixes for gettext 0.25
91
-
url = "https://github.com/strongswan/strongswan/commit/7ec0101250bf2ac3da7a576cbb4204fceb2ef10c.patch?full_index=1";
92
-
excludes = [ "scripts/test.sh" ];
93
-
hash = "sha256-ATd/oj6/1vrtZdwMs45rA2MGtH2viumyucVj0LZ8Nnc=";
96
-
url = "https://github.com/strongswan/strongswan/commit/e8e5e2d4419a686c5a2c064648618ec281089b2e.patch?full_index=1";
97
-
hash = "sha256-p98LSX8jjsDK/GZTovj/salmQ8T+txEV3vKD+wTUvsM=";
100
-
url = "https://github.com/strongswan/strongswan/commit/2b3a5172d89c513ed28d21bb406c1b4ef0ac787a.patch?full_index=1";
101
-
hash = "sha256-xqp2Lq4pp3Uu0nVC/fl4E5mpJqCNgyZXP2g/Y2wShhI=";
105
-
postPatch = lib.optionalString stdenv.hostPlatform.isLinux ''
106
-
# glibc-2.26 reorganized internal includes
107
-
sed '1i#include <stdint.h>' -i src/libstrongswan/utils/utils/memory.h
109
-
substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c --replace "/sbin/resolvconf" "${openresolv}/sbin/resolvconf"
150
+
lib.optional (features.gmp or false) gmp
151
+
++ lib.optional (features.eap-sim-pcsc or false) pcsclite
152
+
++ lib.optional (features.openssl or false) openssl
153
+
++ lib.optional (features.curl or false) curl
154
+
++ lib.optional (features.systemd or false) systemd
155
+
++ lib.optional (features.tnc-ifmap or false) libxml2
156
+
++ lib.optional (features.xauth-pam or false) pam
157
+
++ lib.optional (features.forecast or false || features.connmark or false) iptables
158
+
++ lib.optional (features.tss-trousers or false) trousers
159
+
++ lib.optional (features.tss-tss2 or false) tpm2-tss
160
+
++ lib.optional (features.sqlite or false) sqlite
161
+
++ lib.optionals (features.unbound or false) [
165
+
++ lib.optionals (features.nm or false) [
170
+
configureFlags = (lib.mapAttrsToList (lib.flip lib.enableFeature)) features ++ [
118
-
"--enable-eap-sim-file"
119
-
"--enable-eap-simaka-pseudonym"
120
-
"--enable-eap-simaka-reauth"
121
-
"--enable-eap-identity"
125
-
"--enable-eap-aka-3gpp2"
126
-
"--enable-eap-mschapv2"
127
-
"--enable-eap-radius"
128
-
"--enable-xauth-eap"
129
-
"--enable-ext-auth"
132
-
"--enable-eap-sim-pcsc"
138
-
++ lib.optionals stdenv.hostPlatform.isLinux [
142
-
"--with-systemdsystemunitdir=${placeholder "out"}/etc/systemd/system"
143
-
"--enable-xauth-pam"
144
-
"--enable-forecast"
145
-
"--enable-connmark"
148
-
++ lib.optionals stdenv.hostPlatform.isx86_64 [
152
-
++ lib.optional (stdenv.hostPlatform.system == "i686-linux") "--enable-padlock"
153
-
++ lib.optionals enableTNC [
159
-
"--disable-fips-prf"
161
-
"--enable-eap-ttls"
162
-
"--enable-eap-dynamic"
163
-
"--enable-tnccs-20"
166
-
"--enable-imc-attestation"
168
-
"--enable-imv-attestation"
169
-
"--enable-tnc-ifmap"
172
-
"--with-tss=trousers"
176
-
++ lib.optionals enableTPM2 [
178
-
"--enable-tss-tss2"
180
-
++ lib.optionals enableNetworkManager [
182
-
"--with-nm-ca-dir=/etc/ssl/certs"
184
-
# Taken from: https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
185
-
++ lib.optionals stdenv.hostPlatform.isDarwin [
186
-
"--disable-systemd"
187
-
"--disable-xauth-pam"
188
-
"--disable-kernel-netlink"
189
-
"--enable-kernel-pfkey"
190
-
"--enable-kernel-pfroute"
191
-
"--enable-kernel-libipsec"
192
-
"--enable-osx-attr"
193
-
"--disable-scripts"
172
+
(lib.withFeatureAs (features.nm or false) "nm-ca-dir" "/etc/ssl/certs")
173
+
(lib.withFeatureAs (features.systemd or false
174
+
) "systemdsystemunitdir" "${placeholder "out"}/etc/systemd/system")
"sysconfdir=${placeholder "out"}/etc"
200
-
NIX_LDFLAGS = lib.optionalString stdenv.cc.isGNU "-lgcc_s";
181
+
enableParallelBuilding = true;
183
+
dontPatchELF = true;
passthru.tests = { inherit (nixosTests) strongswan-swanctl; };
205
-
description = "OpenSource IPsec-based VPN Solution";
206
-
homepage = "https://www.strongswan.org";
207
-
license = licenses.gpl2Plus;
208
-
platforms = platforms.all;
187
+
postPatch = lib.optionalString features.resolve ''
188
+
substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c \
189
+
--replace-fail "/sbin/resolvconf" "${openresolv}/sbin/resolvconf"
193
+
description = "OpenSource IPsec-based VPN solution";
194
+
homepage = "https://www.strongswan.org/";
195
+
changelog = "https://github.com/strongswan/strongswan/blob/${src.rev}/ChangeLog";
196
+
license = lib.licenses.gpl2Plus;
197
+
maintainers = with lib.maintainers; [ nickcao ];
198
+
mainProgram = "swanctl";
199
+
platforms = lib.platforms.unix;
pyrox.dev