movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge pull request #142522 from risicle/ris-strongswan-5.9.4

Browse source 
strongswan: 5.8.1 -> 5.9.4
This commit is contained in:
Robert Scott 2021-11-15 21:08:20 +00:00 committed by GitHub
commit 5e15d5da4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix
View file

@ -569,6 +569,16 @@ in {
these sections offer more flexibility. these sections offer more flexibility.
''; '';
ca_id = mkOptionalStrParam ''
Identity in CA certificate to accept for authentication. The specified
identity must be contained in one (intermediate) CA of the remote peer
trustchain, either as subject or as subjectAltName. This has the same
effect as specifying <literal>cacerts</literal> to force clients under
a CA to specific connections; it does not require the CA certificate
to be available locally, and can be received from the peer during the
IKE exchange.
'';
cacerts = mkCommaSepListParam [] '' cacerts = mkCommaSepListParam [] ''
List of CA certificates to accept for List of CA certificates to accept for
authentication. The certificates may use a relative path from the authentication. The certificates may use a relative path from the

19
pkgs/tools/networking/strongswan/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchpatch, fetchFromGitHub { lib, stdenv, fetchFromGitHub
, pkg-config, autoreconfHook, perl, gperf, bison, flex , pkg-config, autoreconfHook, perl, gperf, bison, flex
, gmp, python3, iptables, ldns, unbound, openssl, pcsclite, glib , gmp, python3, iptables, ldns, unbound, openssl, pcsclite, glib
, openresolv , openresolv
@ -17,13 +17,13 @@ with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "strongswan"; pname = "strongswan";
version = "5.8.1"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading! version = "5.9.4"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "strongswan"; owner = "strongswan";
repo = "strongswan"; repo = "strongswan";
rev = version; rev = version;
sha256 = "1a1hw2jsbwvkdhhxjmq87hz13ivbgvqwks1q3adz14mqgbc64snd"; sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
}; };
dontPatchELF = true; dontPatchELF = true;
@ -40,19 +40,6 @@ stdenv.mkDerivation rec {
./ext_auth-path.patch ./ext_auth-path.patch
./firewall_defaults.patch ./firewall_defaults.patch
./updown-path.patch ./updown-path.patch
# Don't use etc/dbus-1/system.d
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/strongswan/strongswan/pull/150.patch";
sha256 = "1irfxb99blb8v3hs0kmlhzkkwbmds1p0gq319z8lmacz36cgyj2c";
})
# fix build with -fno-common tollchain
(fetchpatch {
name = "fno-common.patch";
url = "https://git.strongswan.org/?p=strongswan.git;a=patch;h=91c6387e69c09beaa9b9ca1e28471751a834fc24";
sha256 = "0jp9walxwffp5cl7q0hb80h3s2gdj1nn3n8bvnbmwgh2s6pi148f";
})
]; ];
postPatch = optionalString stdenv.isLinux '' postPatch = optionalString stdenv.isLinux ''