diff options
| author | Domen Kožar <domen@dev.si> | 2014-12-10 10:23:11 +0100 |
|---|---|---|
| committer | Domen Kožar <domen@dev.si> | 2014-12-10 10:23:46 +0100 |
| commit | 0ec12d53e653718eda3668e586a9747b0a3d04c7 (patch) | |
| tree | c78fa324843147a6e2e80b617fa2cfa47a80f47e | |
| parent | ddcb9db54f8ef0a543fd95f8b71f185e3cf28ef5 (diff) | |
| download | nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar.gz nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar.bz2 nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar.lz nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar.xz nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.tar.zst nixlib-0ec12d53e653718eda3668e586a9747b0a3d04c7.zip | |
tcpcrypt: 2011.07.22 -> 0.3rc1, fix nixos service
3 files changed, 10 insertions, 36 deletions
diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix index 1359006aef4e..fbd581cc4b4c 100644 --- a/nixos/modules/services/networking/tcpcrypt.nix +++ b/nixos/modules/services/networking/tcpcrypt.nix @@ -44,6 +44,8 @@ in path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ]; preStart = '' + mkdir -p /var/run/tcpcryptd + chown tcpcryptd /var/run/tcpcryptd sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state sysctl -w net.ipv4.tcp_ecn=0 diff --git a/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch b/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch deleted file mode 100644 index addf00796a8a..000000000000 --- a/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 4ef50d76a2da61be60fea448690e24f35bc37299 Mon Sep 17 00:00:00 2001 -From: Peter Simons <simons@cryp.to> -Date: Wed, 11 Sep 2013 17:19:29 +0200 -Subject: [PATCH] Run tcpcryptd under uid 93 instead of 666. - ---- - user/src/linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/user/src/linux.c b/user/src/linux.c -index b51e6b2..8199193 100644 ---- a/user/src/linux.c -+++ b/user/src/linux.c -@@ -198,7 +198,7 @@ void linux_drop_privs(void) - - cap_free(caps); - -- if (setuid(666) == -1) -+ if (setuid(93) == -1) - err(1, "setuid()"); - - caps = cap_init(); --- -1.8.3.4 - diff --git a/pkgs/tools/security/tcpcrypt/default.nix b/pkgs/tools/security/tcpcrypt/default.nix index 17c6993826d8..be21f92cd760 100644 --- a/pkgs/tools/security/tcpcrypt/default.nix +++ b/pkgs/tools/security/tcpcrypt/default.nix @@ -1,26 +1,23 @@ -{ fetchurl, stdenv, autoconf, automake, libtool +{ fetchurl, stdenv, autoconf, automake, libtool, autoreconfHook , openssl, libcap, libnfnetlink, libnetfilter_queue }: -let - rev = "0e07772316061ad67b8770e7d98d5dd099c9c7c7"; -in stdenv.mkDerivation rec { - name = "tcpcrypt-2011.07.22"; + name = "tcpcrypt-0.3-rc1"; src = fetchurl { - url = "https://github.com/sorbo/tcpcrypt/archive/${rev}.tar.gz"; - sha256 = "1f1f1iawlvipnccwh31fxnb8yam1fgh36m0qcbc29qk1ggwrfnkk"; + url = "https://github.com/scslab/tcpcrypt/archive/v0.3-rc1.tar.gz"; + sha256 = "1k79xfip95kyy91b6rnmsgl66g52zrnm92ln4jms133nm2k9s4sa"; name = "${name}.tar.gz"; }; dontStrip = true; - buildInputs = [ autoconf automake libtool openssl libcap libnfnetlink libnetfilter_queue ]; + buildInputs = [ autoreconfHook autoconf automake libtool openssl libcap libnfnetlink libnetfilter_queue ]; - patches = [ ./0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch ]; - - preConfigure = "cd user; autoreconf -i"; + postUnpack = '' + mkdir $sourceRoot/m4 + ''; meta = { homepage = "http://tcpcrypt.org/"; |