diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/miniupnpd/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/networking/miniupnpd/default.nix | 61 |
1 files changed, 51 insertions, 10 deletions
diff --git a/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix b/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix index 8264b54d28c0..74c5bdc2ec6e 100644 --- a/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix +++ b/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix @@ -1,10 +1,30 @@ { stdenv, lib, fetchurl, iptables-legacy, libuuid, openssl, pkg-config -, which, iproute2, gnused, coreutils, gawk, makeWrapper +, which, iproute2, gnused, coreutils, gnugrep, gawk, makeWrapper , nixosTests +, firewall ? "iptables", nftables, libmnl, libnftnl }: let - scriptBinEnv = lib.makeBinPath [ which iproute2 iptables-legacy gnused coreutils gawk ]; + scriptBinEnv = lib.makeBinPath { + iptables = [ + # needed for dirname in ip{,6}tables_*.sh + coreutils + # used in miniupnpd_functions.sh: + which + iproute2 + iptables-legacy + gnused + gnugrep + gawk + ]; + nftables = [ + # needed for dirname in nft_*.sh & cat in nft_init.sh + coreutils + # used in miniupnpd_functions.sh: + which + nftables + ]; + }.${firewall}; in stdenv.mkDerivation rec { pname = "miniupnpd"; @@ -15,22 +35,42 @@ stdenv.mkDerivation rec { sha256 = "sha256-b9cBn5Nv+IxB58gi9G8QtRvXLWZZePZYZIPedbMMNr8="; }; - buildInputs = [ iptables-legacy libuuid openssl ]; + buildInputs = [ iptables-legacy libuuid openssl ] + ++ lib.optionals (firewall == "nftables") [ libmnl libnftnl ]; nativeBuildInputs= [ pkg-config makeWrapper ]; - # ./configure is not a standard configure file, errors with: # Option not recognized : --prefix= dontAddPrefix = true; + configureFlags = [ + "--firewall=${firewall}" + # allow using various config options + "--ipv6" + "--leasefile" + "--regex" + "--vendorcfg" + # hardening + "--portinuse" + ]; installFlags = [ "PREFIX=$(out)" "INSTALLPREFIX=$(out)" ]; - postFixup = '' - for script in $out/etc/miniupnpd/ip{,6}tables_{init,removeall}.sh - do - wrapProgram $script --set PATH '${scriptBinEnv}:$PATH' - done - ''; + postFixup = { + # Ideally we'd prefer using system's config.firewall.package here for iptables, + # however for some reason switching --prefix to --suffix breaks the script + iptables = '' + for script in $out/etc/miniupnpd/ip{,6}tables_{init,removeall}.sh + do + wrapProgram $script --prefix PATH : '${scriptBinEnv}:$PATH' + done + ''; + nftables = '' + for script in $out/etc/miniupnpd/nft_{delete_chain,flush,init,removeall}.sh + do + wrapProgram $script --suffix PATH : '${scriptBinEnv}:$PATH' + done + ''; + }.${firewall}; passthru.tests = { bittorrent-integration = nixosTests.bittorrent; @@ -42,5 +82,6 @@ stdenv.mkDerivation rec { description = "A daemon that implements the UPnP Internet Gateway Device (IGD) specification"; platforms = platforms.linux; license = licenses.bsd3; + mainProgram = "miniupnpd"; }; } |