pyrox.dev
1{ stdenv, fetchurl, linuxHeaders, readline, openssl, flex, kerberos, pam }:
2
3# TODO: These tools are supposed to work under NetBSD and FreeBSD as
4# well, so I guess it's not appropriate to place this expression in
5# "os-specific/linux/ipsec-tools". Since I cannot verify that the
6# expression actually builds on those platforms, I'll leave it here for
7# the time being.
8
9stdenv.mkDerivation rec {
10 name = "ipsec-tools-0.8.2";
11
12 src = fetchurl {
13 url = "mirror://sourceforge/ipsec-tools/${name}.tar.bz2";
14 sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf";
15 };
16
17 buildInputs = [ readline openssl flex kerberos pam ];
18
19 patches = [ ./dont-create-localstatedir-during-install.patch
20 ./CVE-2015-4047.patch ];
21
22 # fix build with newer gcc versions
23 preConfigure = ''substituteInPlace configure --replace "-Werror" "" '';
24
25 configureFlags = ''
26 --sysconfdir=/etc --localstatedir=/var
27 --with-kernel-headers=${linuxHeaders}/include
28 --disable-security-context
29 --enable-adminport
30 --enable-dpd
31 --enable-frag
32 --enable-gssapi
33 --enable-hybrid
34 --enable-natt
35 --enable-shared
36 --enable-stats
37 '';
38
39 meta = {
40 homepage = "http://ipsec-tools.sourceforge.net/";
41 description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation";
42 platforms = stdenv.lib.platforms.linux;
43 };
44}