libreswan: fix build with glibc 2.26

It is not trivial to update libreswan to 3.22 because it has added a dependency
on ldns which currently depends on openssl 1.1.0, while the rest of libreswan
depends on openssl 1.0.2.  It compiles, but may behave unpredictably at run time.

Tracking issue: #31696

2 files changed, 44 insertions, 3 deletions

diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix
index 59e33e81870..b2024f55c4e 100644
--- a/pkgs/tools/networking/libreswan/default.nix
+++ b/pkgs/tools/networking/libreswan/default.nix
@@ -24,6 +24,9 @@ stdenv.mkDerivation {
     sha256 = "0zginnakxw7m79zrdvfdvliaiyg78zgqfqkks9z5d1rjj5w13xig";
   };
 
+  # These flags were added to compile v3.18. Try to lift them when updating.
+  NIX_CFLAGS_COMPILE = [ "-Wno-error=redundant-decls" "-Wno-error=format-nonliteral" ];
+
   nativeBuildInputs = [ makeWrapper pkgconfig ];
   buildInputs = [ bash iproute iptables systemd coreutils gnused gawk gmp unbound bison flex pam libevent
                   libcap_ng curl nspr nss python ]
@@ -42,11 +45,13 @@ stdenv.mkDerivation {
     # Fix python script to use the correct python
     sed -i -e 's|#!/usr/bin/python|#!/usr/bin/env python|' -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' programs/verify/verify.in
   '';
-  
+
+  patches = [ ./libreswan-3.18-glibc-2.26.patch ];
+
   # Set appropriate paths for build
   preBuild = "export INC_USRLOCAL=\${out}";
 
-  makeFlags = [ 
+  makeFlags = [
     "INITSYSTEM=systemd"
     (if docs then "all" else "base")
   ];
@@ -64,7 +69,7 @@ stdenv.mkDerivation {
     done
   '';
 
-  enableParallelBuilding = false;
+  enableParallelBuilding = true;
 
   meta = {
     homepage = https://libreswan.org;
diff --git a/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch b/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch
new file mode 100644
index 00000000000..33c44f617a0
--- /dev/null
+++ b/pkgs/tools/networking/libreswan/libreswan-3.18-glibc-2.26.patch
@@ -0,0 +1,36 @@
+diff --git a/lib/libswan/id.c b/lib/libswan/id.c
+index 8f06275..efb0394 100644
+--- a/lib/libswan/id.c
++++ b/lib/libswan/id.c
+@@ -22,6 +22,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <limits.h>
+ #include <unistd.h>
+ #ifndef HOST_NAME_MAX	/* POSIX 1003.1-2001 says <unistd.h> defines this */
+ #define HOST_NAME_MAX 255	/* upper bound, according to SUSv2 */
+diff --git a/linux/include/libreswan.h b/linux/include/libreswan.h
+index c5efc6a..b0af4d7 100644
+--- a/linux/include/libreswan.h
++++ b/linux/include/libreswan.h
+@@ -211,6 +211,7 @@ static inline deltatime_t monotimediff(monotime_t a, monotime_t b) {
+ #include <assert.h>
+ #define user_assert(foo) assert(foo)
+ #include <stdio.h>
++#include <stdint.h>
+ 
+ #  define uint8_t u_int8_t
+ #  define uint16_t u_int16_t
+diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
+index 588c66c..4fc6289 100644
+--- a/programs/pluto/rcv_whack.c
++++ b/programs/pluto/rcv_whack.c
+@@ -24,6 +24,7 @@
+ #include <stddef.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ #include <unistd.h>
+ #ifndef HOST_NAME_MAX           /* POSIX 1003.1-2001 says <unistd.h> defines this */
+ # define HOST_NAME_MAX  255     /* upper bound, according to SUSv2 */