mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-16 23:03:40 +01:00
Remove hard-coded /etc from strongswan
This commit is contained in:
parent
1c0d37a038
commit
961d444762
2 changed files with 147 additions and 2 deletions
|
@ -8,11 +8,11 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1ki6v9c54ykppqnj3prgh62na97yajnvnm2zr1gjxzv05syk035h";
|
||||
};
|
||||
|
||||
patches = [ ./respect-path.patch ./no-sysconfdir-write.patch ];
|
||||
patches = [ ./respect-path.patch ./no-hardcoded-sysconfdir.patch ];
|
||||
|
||||
buildInputs = [ gmp autoreconfHook gettext pkgconfig ];
|
||||
|
||||
configureFlags = [ "--enable-swanctl" "--sysconfdir=/etc" ];
|
||||
configureFlags = [ "--enable-swanctl" ];
|
||||
|
||||
meta = {
|
||||
maintainers = [ stdenv.lib.maintainers.shlevy ];
|
||||
|
|
145
pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch
Normal file
145
pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch
Normal file
|
@ -0,0 +1,145 @@
|
|||
commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 15:14:47 2014 -0400
|
||||
|
||||
Allow specifying the ipsec.conf location in strongswan.conf
|
||||
|
||||
diff --git a/conf/options/starter.opt b/conf/options/starter.opt
|
||||
index 4e6574d..6d7162a 100644
|
||||
--- a/conf/options/starter.opt
|
||||
+++ b/conf/options/starter.opt
|
||||
@@ -3,3 +3,6 @@ starter.load =
|
||||
|
||||
starter.load_warning = yes
|
||||
Disable charon plugin load option warning.
|
||||
+
|
||||
+starter.config_file = ${sysconfdir}/ipsec.conf
|
||||
+ Location of the ipsec.conf conf file
|
||||
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||||
index 5c84593..1f365cc 100644
|
||||
--- a/src/starter/starter.c
|
||||
+++ b/src/starter/starter.c
|
||||
@@ -488,7 +488,8 @@ int main (int argc, char **argv)
|
||||
}
|
||||
if (!config_file)
|
||||
{
|
||||
- config_file = CONFIG_FILE;
|
||||
+ config_file = lib->settings->get_str(lib->settings, "starter.config_file",
|
||||
+ CONFIG_FILE);
|
||||
}
|
||||
|
||||
init_log("ipsec_starter");
|
||||
|
||||
commit 8b839cec684e26ed96f3d891b3ae3565558b2cff
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 15:11:03 2014 -0400
|
||||
|
||||
Allow specifying the ipsec.secrets location in strongswan.conf
|
||||
|
||||
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
|
||||
index 2cfc2c6..b3ca2b7 100644
|
||||
--- a/conf/plugins/stroke.opt
|
||||
+++ b/conf/plugins/stroke.opt
|
||||
@@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no
|
||||
charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
|
||||
Socket provided by the stroke plugin.
|
||||
|
||||
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
|
||||
+ Location of the ipsec.secrets conf file
|
||||
+
|
||||
charon.plugins.stroke.timeout = 0
|
||||
Timeout in ms for any stroke command. Use 0 to disable the timeout.
|
||||
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
index f908219..673e492 100644
|
||||
--- a/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
@@ -67,6 +67,7 @@ struct private_stroke_cred_t {
|
||||
/**
|
||||
* credentials
|
||||
*/
|
||||
+ char *secrets_file;
|
||||
mem_cred_t *creds;
|
||||
|
||||
/**
|
||||
@@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void,
|
||||
if (msg->reread.flags & REREAD_SECRETS)
|
||||
{
|
||||
DBG1(DBG_CFG, "rereading secrets");
|
||||
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
|
||||
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
|
||||
}
|
||||
if (msg->reread.flags & REREAD_CACERTS)
|
||||
{
|
||||
@@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create()
|
||||
.cachecrl = _cachecrl,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
+ .secrets_file = lib->settings->get_str(lib->settings,
|
||||
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
|
||||
+ lib->ns),
|
||||
.creds = mem_cred_create(),
|
||||
);
|
||||
|
||||
@@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create()
|
||||
FALSE, lib->ns);
|
||||
|
||||
load_certs(this);
|
||||
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
|
||||
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||||
index 71f33ae..5c84593 100644
|
||||
--- a/src/starter/starter.c
|
||||
+++ b/src/starter/starter.c
|
||||
@@ -263,8 +263,11 @@ static void generate_selfcert()
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
+ const char *secrets_file = lib->settings->get_str(lib->settings,
|
||||
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
|
||||
+
|
||||
/* if ipsec.secrets file is missing then generate RSA default key pair */
|
||||
- if (stat(SECRETS_FILE, &stb) != 0)
|
||||
+ if (stat(secrets_file, &stb) != 0)
|
||||
{
|
||||
mode_t oldmask;
|
||||
FILE *f;
|
||||
@@ -302,7 +305,7 @@ static void generate_selfcert()
|
||||
/* ipsec.secrets is root readable only */
|
||||
oldmask = umask(0066);
|
||||
|
||||
- f = fopen(SECRETS_FILE, "w");
|
||||
+ f = fopen(secrets_file, "w");
|
||||
if (f)
|
||||
{
|
||||
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
|
||||
@@ -310,7 +313,7 @@ static void generate_selfcert()
|
||||
fprintf(f, ": RSA myKey.der\n");
|
||||
fclose(f);
|
||||
}
|
||||
- ignore_result(chown(SECRETS_FILE, uid, gid));
|
||||
+ ignore_result(chown(secrets_file, uid, gid));
|
||||
umask(oldmask);
|
||||
}
|
||||
}
|
||||
|
||||
commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 14:31:50 2014 -0400
|
||||
|
||||
Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var
|
||||
|
||||
diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c
|
||||
--- a/src/libstrongswan/library.c 2014-06-05 03:50:30.000000000 -0400
|
||||
+++ b/src/libstrongswan/library.c 2014-09-30 15:25:27.927757711 -0400
|
||||
@@ -307,7 +307,7 @@
|
||||
#ifdef STRONGSWAN_CONF
|
||||
if (!settings)
|
||||
{
|
||||
- settings = STRONGSWAN_CONF;
|
||||
+ settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF;
|
||||
}
|
||||
#endif
|
||||
this->public.settings = settings_create(settings);
|
Loading…
Reference in a new issue