Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'

git-subtree-dir: nixpkgs
git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a
git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199

2 files changed, 122 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/tools/networking/libreswan/default.nix b/nixpkgs/pkgs/tools/networking/libreswan/default.nix
new file mode 100644
index 000000000000..9a0b8c9ebf54
--- /dev/null
+++ b/nixpkgs/pkgs/tools/networking/libreswan/default.nix
@@ -0,0 +1,86 @@
+{ stdenv, fetchurl, makeWrapper,
+  pkgconfig, systemd, gmp, unbound, bison, flex, pam, libevent, libcap_ng, curl, nspr,
+  bash, iproute, iptables, procps, coreutils, gnused, gawk, nss, which, python,
+  docs ? false, xmlto
+  }:
+
+let
+  optional = stdenv.lib.optional;
+  version = "3.18";
+  name = "libreswan-${version}";
+  binPath = stdenv.lib.makeBinPath [
+    bash iproute iptables procps coreutils gnused gawk nss.tools which python
+  ];
+in
+
+assert docs -> xmlto != null;
+
+stdenv.mkDerivation {
+  inherit name;
+  inherit version;
+
+  src = fetchurl {
+    url = "https://download.libreswan.org/${name}.tar.gz";
+    sha256 = "0zginnakxw7m79zrdvfdvliaiyg78zgqfqkks9z5d1rjj5w13xig";
+  };
+
+  # These flags were added to compile v3.18. Try to lift them when updating.
+  NIX_CFLAGS_COMPILE = [ "-Wno-error=redundant-decls" "-Wno-error=format-nonliteral"
+    # these flags were added to build with gcc7
+    "-Wno-error=implicit-fallthrough"
+    "-Wno-error=format-truncation"
+    "-Wno-error=pointer-compare"
+  ];
+
+  nativeBuildInputs = [ makeWrapper pkgconfig ];
+  buildInputs = [ bash iproute iptables systemd coreutils gnused gawk gmp unbound bison flex pam libevent
+                  libcap_ng curl nspr nss python ]
+                ++ optional docs xmlto;
+
+  prePatch = ''
+    # Correct bash path
+    sed -i -e 's|/bin/bash|/usr/bin/env bash|' mk/config.mk
+
+    # Fix systemd unit directory, and prevent the makefile from trying to reload the systemd daemon
+    sed -i -e 's|UNITDIR=.*$|UNITDIR=$\{out}/etc/systemd/system/|' -e 's|systemctl --system daemon-reload|true|' initsystems/systemd/Makefile
+
+    # Fix the ipsec program from crushing the PATH
+    sed -i -e 's|\(PATH=".*"\):.*$|\1:$PATH|' programs/ipsec/ipsec.in
+
+    # Fix python script to use the correct python
+    sed -i -e 's|#!/usr/bin/python|#!/usr/bin/env python|' -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' programs/verify/verify.in
+  '';
+
+  patches = [ ./libreswan-3.18-glibc-2.26.patch ];
+
+  # Set appropriate paths for build
+  preBuild = "export INC_USRLOCAL=\${out}";
+
+  makeFlags = [
+    "INITSYSTEM=systemd"
+    (if docs then "all" else "base")
+  ];
+
+  installTargets = [ (if docs then "install" else "install-base") ];
+  # Hack to make install work
+  installFlags = [
+    "FINALVARDIR=\${out}/var"
+    "FINALSYSCONFDIR=\${out}/etc"
+  ];
+
+  postInstall = ''
+    for i in $out/bin/* $out/libexec/ipsec/*; do
+      wrapProgram "$i" --prefix PATH ':' "$out/bin:${binPath}"
+    done
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = with stdenv.lib; {
+    homepage = https://libreswan.org;
+    description = "A free software implementation of the VPN protocol based on IPSec and the Internet Key Exchange";
+    platforms = platforms.linux ++ platforms.darwin ++ platforms.freebsd;
+    license = licenses.gpl2;
+    maintainers = [ maintainers.afranchuk ];
+  };
+}
diff --git a/nixpkgs/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch b/nixpkgs/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch
new file mode 100644
index 000000000000..33c44f617a0a
--- /dev/null
+++ b/nixpkgs/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch
@@ -0,0 +1,36 @@
+diff --git a/lib/libswan/id.c b/lib/libswan/id.c
+index 8f06275..efb0394 100644
+--- a/lib/libswan/id.c
++++ b/lib/libswan/id.c
+@@ -22,6 +22,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <limits.h>
+ #include <unistd.h>
+ #ifndef HOST_NAME_MAX	/* POSIX 1003.1-2001 says <unistd.h> defines this */
+ #define HOST_NAME_MAX 255	/* upper bound, according to SUSv2 */
+diff --git a/linux/include/libreswan.h b/linux/include/libreswan.h
+index c5efc6a..b0af4d7 100644
+--- a/linux/include/libreswan.h
++++ b/linux/include/libreswan.h
+@@ -211,6 +211,7 @@ static inline deltatime_t monotimediff(monotime_t a, monotime_t b) {
+ #include <assert.h>
+ #define user_assert(foo) assert(foo)
+ #include <stdio.h>
++#include <stdint.h>
+ 
+ #  define uint8_t u_int8_t
+ #  define uint16_t u_int16_t
+diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
+index 588c66c..4fc6289 100644
+--- a/programs/pluto/rcv_whack.c
++++ b/programs/pluto/rcv_whack.c
+@@ -24,6 +24,7 @@
+ #include <stddef.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ #include <unistd.h>
+ #ifndef HOST_NAME_MAX           /* POSIX 1003.1-2001 says <unistd.h> defines this */
+ # define HOST_NAME_MAX  255     /* upper bound, according to SUSv2 */