From 9bbe674927a307f02d32834c9a39f49c8be476e7 Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Mon, 22 Dec 2014 18:24:19 +0100
Subject: [PATCH] Strongswan: use full path to ipsec

This fixes issue:

... charon[6135]: 11[CHD] updown: /bin/sh: ipsec: command not found
---
 pkgs/tools/networking/strongswan/default.nix  |  8 +++--
 .../strongswan/firewall_defaults.patch        | 32 +++++++++++++++++++
 2 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/tools/networking/strongswan/firewall_defaults.patch

diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index a41bc5e5b8f0..c8cdac76f419 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, gmp, pkgconfig, python }:
+{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook }:
 
 stdenv.mkDerivation rec {
   name = "strongswan-5.2.1";
@@ -10,7 +10,11 @@ stdenv.mkDerivation rec {
 
   dontPatchELF = true;
 
-  buildInputs = [ gmp pkgconfig python ];
+  buildInputs = [ gmp pkgconfig python autoreconfHook ];
+
+  patches = [
+    ./firewall_defaults.patch
+  ];
 
   configureFlags = [ "--enable-swanctl" "--enable-cmd" ];
 
diff --git a/pkgs/tools/networking/strongswan/firewall_defaults.patch b/pkgs/tools/networking/strongswan/firewall_defaults.patch
new file mode 100644
index 000000000000..12c446c8c9aa
--- /dev/null
+++ b/pkgs/tools/networking/strongswan/firewall_defaults.patch
@@ -0,0 +1,32 @@
+Index: strongswan-5.2.1/src/starter/confread.c
+===================================================================
+--- strongswan-5.2.1.orig/src/starter/confread.c
++++ strongswan-5.2.1/src/starter/confread.c
+@@ -43,7 +43,7 @@
+ static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
+ static const char esp_defaults[] = "aes128-sha1,3des-sha1";
+ 
+-static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
++static const char firewall_defaults[] = IPSEC_SBINDIR "/" IPSEC_SCRIPT " _updown iptables";
+ 
+ /**
+  * Provided by GPERF
+Index: strongswan-5.2.1/src/starter/Makefile.am
+===================================================================
+--- strongswan-5.2.1.orig/src/starter/Makefile.am
++++ strongswan-5.2.1/src/starter/Makefile.am
+@@ -18,10 +18,12 @@ AM_CPPFLAGS = \
+ 	-I$(top_srcdir)/src/libhydra \
+ 	-I$(top_srcdir)/src/starter \
+ 	-I$(top_srcdir)/src/stroke \
+-	-DIPSEC_DIR=\"${ipsecdir}\" \
++	-DIPSEC_BINDIR=\"${bindir}\" \
+ 	-DIPSEC_CONFDIR=\"${sysconfdir}\" \
+-	-DIPSEC_PIDDIR=\"${piddir}\" \
++	-DIPSEC_DIR=\"${ipsecdir}\" \
+ 	-DIPSEC_EAPDIR=\"${eapdir}\" \
++	-DIPSEC_PIDDIR=\"${piddir}\" \
++	-DIPSEC_SBINDIR=\"${sbindir}\" \
+ 	-DIPSEC_SCRIPT=\"${ipsec_script}\" \
+ 	-DDEV_RANDOM=\"${random_device}\" \
+ 	-DDEV_URANDOM=\"${urandom_device}\" \