pyrox.dev
1{ lib, stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, libkrb5, pam }:
2
3# TODO: These tools are supposed to work under NetBSD and FreeBSD as
4# well, so I guess it's not appropriate to place this expression in
5# "os-specific/linux/ipsec-tools". Since I cannot verify that the
6# expression actually builds on those platforms, I'll leave it here for
7# the time being.
8
9stdenv.mkDerivation rec {
10 pname = "ipsec-tools";
11 version = "0.8.2";
12
13 src = fetchurl {
14 url = "mirror://sourceforge/ipsec-tools/ipsec-tools-${version}.tar.bz2";
15 sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf";
16 };
17
18 buildInputs = [ readline openssl flex libkrb5 pam ];
19
20 patches = [
21 ./dont-create-localstatedir-during-install.patch
22 ./CVE-2015-4047.patch
23 ./CVE-2016-10396.patch
24 ];
25
26 # fix build with newer gcc versions
27 preConfigure = ''substituteInPlace configure --replace "-Werror" "" '';
28
29 configureFlags = [
30 "--sysconfdir=/etc --localstatedir=/var"
31 "--with-kernel-headers=${linuxHeaders}/include"
32 "--disable-security-context"
33 "--enable-adminport"
34 "--enable-dpd"
35 "--enable-frag"
36 "--enable-gssapi"
37 "--enable-hybrid"
38 "--enable-natt"
39 "--enable-shared"
40 "--enable-stats"
41 ];
42
43 meta = with lib; {
44 homepage = "http://ipsec-tools.sourceforge.net/";
45 description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation";
46 license = licenses.bsd3;
47 platforms = platforms.linux;
48 };
49}