vpnc: don't produce non-free binaries by default

As explained in vpnc's Makefile, a vpnc with OpenSSL support is non-redistributable. The option to enable OpenSSL support, which is disabled by default, is even called OPENSSL_GPL_VIOLATION — something that was conveniently hidden by the strange way the option was set in the previous version of this package.
3 years ago · 8388c525c3
parent 451c27fb70
commit 8388c525c3
3 changed files with 21 additions and 10 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -686,6 +686,12 @@
          wrapper for <literal>assert</literal> conditions.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          The <literal>vpnc</literal> package has been changed to use
+          GnuTLS instead of OpenSSL by default for licensing reasons.
+        </para>
+      </listitem>
      <listitem>
        <para>
          <literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -215,6 +215,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.

+- The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons.
+
 - `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
  (formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).

--- a/pkgs/tools/networking/vpnc/default.nix
+++ b/pkgs/tools/networking/vpnc/default.nix
@ -1,4 +1,8 @@
-{ lib, stdenv, fetchsvn, nettools, libgcrypt, openssl, openresolv, perl, gawk, makeWrapper }:
+{ lib, stdenv, fetchsvn
+, makeWrapper, pkg-config
+, gawk, gnutls, libgcrypt, nettools, openresolv, perl
+, opensslSupport ? false, openssl # Distributing this is a GPL violation.
+}:

 stdenv.mkDerivation {
  pname = "vpnc";
@ -20,22 +24,22 @@ stdenv.mkDerivation {
  # `ifconfig' as found in net-tools (not GNU Inetutils).
  propagatedBuildInputs = [ nettools ];

-  nativeBuildInputs = [ makeWrapper ];
-  buildInputs = [libgcrypt perl openssl ];
+  nativeBuildInputs = [ makeWrapper ]
+    ++ lib.optional (!opensslSupport) pkg-config;
+  buildInputs = [ libgcrypt perl ]
+    ++ (if opensslSupport then [ openssl ] else [ gnutls ]);

  makeFlags = [
    "PREFIX=$(out)"
    "ETCDIR=$(out)/etc/vpnc"
    "SCRIPT_PATH=$(out)/etc/vpnc/vpnc-script"
-  ];
+  ] ++ lib.optional opensslSupport "OPENSSL_GPL_VIOLATION=yes";

  postPatch = ''
    patchShebangs makeman.pl
  '';

  preConfigure = ''
-    sed -i 's|^#OPENSSL|OPENSSL|g' Makefile
-
    substituteInPlace "vpnc-script" \
      --replace "which" "type -P" \
      --replace "awk" "${gawk}/bin/awk" \
@ -56,11 +60,10 @@ stdenv.mkDerivation {
    cp README nortel.txt ChangeLog $out/share/doc/vpnc/
  '';

-  meta = {
+  meta = with lib; {
    homepage = "https://www.unix-ag.uni-kl.de/~massar/vpnc/";
    description = "Virtual private network (VPN) client for Cisco's VPN concentrators";
-    license = lib.licenses.gpl2Plus;
-
-    platforms = lib.platforms.linux;
+    license = if opensslSupport then licenses.unfree else licenses.gpl2Plus;
+    platforms = platforms.linux;
  };
 }