b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

strongswan: fix up path for modprobe

Browse source 
strongswan uses `modprobe` to load IPSec-related kernel modules.  The
full path needs to be specified to `modprobe` for it to be able to be
found.

(cherry picked from commit 7143062172f6bad877a87c8e239f2421e0a48e2d)
This commit is contained in:
(cdep)illabout 2019-01-16 15:21:27 +09:00
parent d5d5453684
commit 2449f5ce1b
No known key found for this signature in database
GPG key ID: 462E0C03D11422F4
2 changed files with 62 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pkgs/tools/networking/strongswan/default.nix
View file

@ -1,9 +1,10 @@
{ stdenv, fetchurl
{ stdenv, fetchurl, substituteAll
, pkgconfig, autoreconfHook
, gmp, python, iptables, ldns, unbound, openssl, pcsclite
, openresolv
, systemd, pam
, curl
, kmod
, enableTNC ? false, trousers, sqlite, libxml2
, enableNetworkManager ? false, networkmanager
, libpcap
@ -40,6 +41,10 @@ stdenv.mkDerivation rec {
./ext_auth-path.patch
./firewall_defaults.patch
./updown-path.patch
(substituteAll {
src = ./modprobe-path.patch;
inherit kmod;
})
];
postPatch = ''

56
pkgs/tools/networking/strongswan/modprobe-path.patch Normal file
View file

@ -0,0 +1,56 @@
diff --git a/src/starter/klips.c b/src/starter/klips.c
index 2216546..d626677 100644
--- a/src/starter/klips.c
+++ b/src/starter/klips.c
@@ -30,7 +30,7 @@ bool starter_klips_init(void)
/* ipsec module makes the pf_key proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
- ignore_result(system("modprobe -qv ipsec"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ipsec"));
}
/* now test again */
@@ -42,9 +42,9 @@ bool starter_klips_init(void)
}
/* load crypto algorithm modules */
- ignore_result(system("modprobe -qv ipsec_aes"));
- ignore_result(system("modprobe -qv ipsec_blowfish"));
- ignore_result(system("modprobe -qv ipsec_sha2"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_aes"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_blowfish"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ipsec_sha2"));
DBG2(DBG_APP, "found KLIPS IPsec stack");
return TRUE;
diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index b150d3e..0a7c2ff 100644
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -30,7 +30,7 @@ bool starter_netkey_init(void)
/* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
- ignore_result(system("modprobe -qv af_key"));
+ ignore_result(system("@kmod@/bin/modprobe -qv af_key"));
}
/* now test again */
@@ -44,11 +44,11 @@ bool starter_netkey_init(void)
/* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- ignore_result(system("modprobe -qv ah4"));
- ignore_result(system("modprobe -qv esp4"));
- ignore_result(system("modprobe -qv ipcomp"));
- ignore_result(system("modprobe -qv xfrm4_tunnel"));
- ignore_result(system("modprobe -qv xfrm_user"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ah4"));
+ ignore_result(system("@kmod@/bin/modprobe -qv esp4"));
+ ignore_result(system("@kmod@/bin/modprobe -qv ipcomp"));
+ ignore_result(system("@kmod@/bin/modprobe -qv xfrm4_tunnel"));
+ ignore_result(system("@kmod@/bin/modprobe -qv xfrm_user"));
}
DBG2(DBG_APP, "found netkey IPsec stack");