pyrox.dev
1{ stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, kerberos, pam }:
2
3# TODO: These tools are supposed to work under NetBSD and FreeBSD as
4# well, so I guess it's not appropriate to place this expression in
5# "os-specific/linux/ipsec-tools". Since I cannot verify that the
6# expression actually builds on those platforms, I'll leave it here for
7# the time being.
8
9stdenv.mkDerivation rec {
10 name = "ipsec-tools-0.8.2";
11
12 src = fetchurl {
13 url = "mirror://sourceforge/ipsec-tools/${name}.tar.bz2";
14 sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf";
15 };
16
17 buildInputs = [ readline openssl flex kerberos pam ];
18
19 patches = [
20 ./dont-create-localstatedir-during-install.patch
21 ./CVE-2015-4047.patch
22 (fetchpatch {
23 url = "https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b";
24 sha256 = "1kf7j2pf1blni52z7q41n0yisqb7gvk01lvldr319zaxxg7rm84a";
25 })
26 ];
27
28 # fix build with newer gcc versions
29 preConfigure = ''substituteInPlace configure --replace "-Werror" "" '';
30
31 configureFlags = [
32 "--sysconfdir=/etc --localstatedir=/var"
33 "--with-kernel-headers=${linuxHeaders}/include"
34 "--disable-security-context"
35 "--enable-adminport"
36 "--enable-dpd"
37 "--enable-frag"
38 "--enable-gssapi"
39 "--enable-hybrid"
40 "--enable-natt"
41 "--enable-shared"
42 "--enable-stats"
43 ];
44
45 meta = with stdenv.lib; {
46 homepage = http://ipsec-tools.sourceforge.net/;
47 description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation";
48 license = licenses.bsd3;
49 platforms = platforms.linux;
50 };
51}