-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openconnect: Add darwin support #71318
Conversation
The old build was failing on darwin because yubikey needs the PCSC framework dependency. I also upgraded to the latest vpnc-script as recommended on the openconnect homepage (see: https://www.infradead.org/openconnect/platforms.html). Lastly, I moved all dependencies which are not used at runtime from propagatedBuildInputs to buildInputs (Please correct me if that is wrong).
Builds for me, macos 10.13. |
Anyone on linux using openconnect who can test this? |
@tricktron @trobert could you review each others changes? |
I successfully managed to build this derivation on linux as well. |
I successfully tested these changes combined with those in #68780 on linux. However I am not sure about the Last, did you also test |
Me neither. My understanding is that every build time dependency should go into
Exactly. Maybe @FRidh knows more?
Yes I tested it and it builds successfully. Openssl does not require libp11. Only pkcs11 requires libp11 support if using openssl. So without libp11 -> no pkcs11 support using openssl. With libp11 -> pkcs11 support using openssl. |
after a second look, I think the vpnc script need also to be patched to use /nix/store paths for its dependencies ( |
|
||
assert (openssl != null) == (gnutls == null); | ||
|
||
stdenv.mkDerivation rec { | ||
let vpnc = fetchgit { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this different from the vpnc package? If possible it would be better to use vpnc.src
instead so it gets updated consistently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
openconnect recommend this version over the script in the original vpnc package:
this updated version [...] has support for IPv6, and for running on Solaris and on newer Linux kernels amongst other bug fixes.
(ref openconnect website)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Motivation for this change
So far the derivation had no Darwin support. The build was failing on darwin because yubikey needs the PCSC framework dependency so I added it. I also upgraded to the latest
vpnc-script
as recommended on the openconnect homepage (see: https://www.infradead.org/openconnect/platforms.html) because with the oldvpnc-script
openconnect did not work properly. Lastly, I moved all dependencies which are not used at runtime from propagatedBuildInputs to buildInputs (Please correct me if that is wrong).Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Things to do
Would be nice if someone could test it on NixOS and linux (Maybe @trobert in combination with your pkcs11 support).
Notify maintainers
cc @pradeepchhetri