diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-01-20 12:31:50 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-01-20 12:32:25 +0100 |
commit | b7baf40e099b4215181fe7b0c63083b12ef2c7fb (patch) | |
tree | a6efabd31d05b6d0a36624729e80377bbbfb0149 /nixpkgs/pkgs/tools/networking/miniupnpd/default.nix | |
parent | 710028664e26e85cb831a869b3da9f6993902255 (diff) | |
parent | 0799f514b1cd74878174939df79ac60ca5036673 (diff) | |
download | nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.gz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.bz2 nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.lz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.xz nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.zst nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/miniupnpd/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/networking/miniupnpd/default.nix | 61 |
1 files changed, 51 insertions, 10 deletions
diff --git a/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix b/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix index 8264b54d28c0..74c5bdc2ec6e 100644 --- a/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix +++ b/nixpkgs/pkgs/tools/networking/miniupnpd/default.nix @@ -1,10 +1,30 @@ { stdenv, lib, fetchurl, iptables-legacy, libuuid, openssl, pkg-config -, which, iproute2, gnused, coreutils, gawk, makeWrapper +, which, iproute2, gnused, coreutils, gnugrep, gawk, makeWrapper , nixosTests +, firewall ? "iptables", nftables, libmnl, libnftnl }: let - scriptBinEnv = lib.makeBinPath [ which iproute2 iptables-legacy gnused coreutils gawk ]; + scriptBinEnv = lib.makeBinPath { + iptables = [ + # needed for dirname in ip{,6}tables_*.sh + coreutils + # used in miniupnpd_functions.sh: + which + iproute2 + iptables-legacy + gnused + gnugrep + gawk + ]; + nftables = [ + # needed for dirname in nft_*.sh & cat in nft_init.sh + coreutils + # used in miniupnpd_functions.sh: + which + nftables + ]; + }.${firewall}; in stdenv.mkDerivation rec { pname = "miniupnpd"; @@ -15,22 +35,42 @@ stdenv.mkDerivation rec { sha256 = "sha256-b9cBn5Nv+IxB58gi9G8QtRvXLWZZePZYZIPedbMMNr8="; }; - buildInputs = [ iptables-legacy libuuid openssl ]; + buildInputs = [ iptables-legacy libuuid openssl ] + ++ lib.optionals (firewall == "nftables") [ libmnl libnftnl ]; nativeBuildInputs= [ pkg-config makeWrapper ]; - # ./configure is not a standard configure file, errors with: # Option not recognized : --prefix= dontAddPrefix = true; + configureFlags = [ + "--firewall=${firewall}" + # allow using various config options + "--ipv6" + "--leasefile" + "--regex" + "--vendorcfg" + # hardening + "--portinuse" + ]; installFlags = [ "PREFIX=$(out)" "INSTALLPREFIX=$(out)" ]; - postFixup = '' - for script in $out/etc/miniupnpd/ip{,6}tables_{init,removeall}.sh - do - wrapProgram $script --set PATH '${scriptBinEnv}:$PATH' - done - ''; + postFixup = { + # Ideally we'd prefer using system's config.firewall.package here for iptables, + # however for some reason switching --prefix to --suffix breaks the script + iptables = '' + for script in $out/etc/miniupnpd/ip{,6}tables_{init,removeall}.sh + do + wrapProgram $script --prefix PATH : '${scriptBinEnv}:$PATH' + done + ''; + nftables = '' + for script in $out/etc/miniupnpd/nft_{delete_chain,flush,init,removeall}.sh + do + wrapProgram $script --suffix PATH : '${scriptBinEnv}:$PATH' + done + ''; + }.${firewall}; passthru.tests = { bittorrent-integration = nixosTests.bittorrent; @@ -42,5 +82,6 @@ stdenv.mkDerivation rec { description = "A daemon that implements the UPnP Internet Gateway Device (IGD) specification"; platforms = platforms.linux; license = licenses.bsd3; + mainProgram = "miniupnpd"; }; } |