Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ocserv: init at 0.12.1 #42871

Merged
merged 1 commit into from Aug 1, 2018
Merged

ocserv: init at 0.12.1 #42871

merged 1 commit into from Aug 1, 2018

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented Jul 2, 2018
edited

Motivation for this change

ocserv is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).

This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:

  • plain (mostly username/password)
  • pam

The third method (radius) is currently not supported since nixpkgs
misses a packaged client.

The module can be used like this:

{
  services.ocserv = {
    enable = true;
    config = ''
      ...
    '';
  };
}

The option services.ocserv.config is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.

The docs recommend to simply use nobody as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:

run-as-user = nobody
run-as-group = nogroup

/cc @tenten8401
Fixes #42594

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@Ma27
Copy link
Member Author

Ma27 commented Jul 2, 2018

@tenten8401 before somebody merges this, is this patch sufficient for your use-case?

@Ma27
Copy link
Member Author

Ma27 commented Jul 2, 2018

the CI fails since foundationdb fails to evaluate. I already rebased onto the latest master, but the issue persists...

@srhb
Copy link
Contributor

srhb commented Jul 2, 2018

@GrahamcOfBorg eval

@tenten8401
Copy link

I'll have a look at it, although I do feel that the service should be renamed from "ocserv-server" just to "ocserv", since serv is in the name already.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin/ocpasswd
shrinking /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin/ocserv
gzipping man pages under /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/share/man/
strip is /nix/store/4qvrxzxa535y8304mk195x50b6p9607d-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/lib  /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin  /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1
/nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/8zkg9ac4s4alzyf4a8kfrig1j73z66dw-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1...
moving /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin/* to /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin
/nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/bin/ocpasswd
shrinking /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/bin/occtl
gzipping man pages under /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/share/man/
strip is /nix/store/0pjsgkxz0rp5baycq5sp2s72lrr5q9sg-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/lib  /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/bin  /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1
/nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/p0vy17dp9jk2mvqsxsqnb14s3797lay7-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1...
moving /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/sbin/* to /nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1/bin
/nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

/nix/store/45777bbjzn41ww7s7v27q14p8l39wi26-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin/occtl
shrinking /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin/ocserv
gzipping man pages under /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/share/man/
strip is /nix/store/4qvrxzxa535y8304mk195x50b6p9607d-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/lib  /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin  /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1
/nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/8zkg9ac4s4alzyf4a8kfrig1j73z66dw-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1...
moving /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/sbin/* to /nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1/bin
/nix/store/s56f1b250nk8jq1149yqyfk6y850p9vx-ocserv-0.12.1

@tenten8401
Copy link

Haven't forgotten about this, just haven't had time to test it. Still working on it.

@tenten8401
Copy link

tenten8401 commented Jul 7, 2018
edited

Alright, so I tested this and I've found 2 problems so far.

  1. It doesn't seem to automatically start the systemd service, resulting in me having to enable it manually, even after setting enable = true;
  2. There's no support for PAM or RADIUS authentication, I could only get "plain" to work. It may be missing dependencies when building.

Looks like it may be missing the freeradius client, possibly oath-toolkit for one-time passwords, and I'm not sure what for PAM.

Found this on the ocserv website for Gentoo, but figured it might help in this situation:
image

@Ma27
Copy link
Member Author

Ma27 commented Jul 7, 2018

thanks a lot for your feedback! I'll have a look at it again in the next days to hopefully fix this :)

@Ma27
Copy link
Member Author

Ma27 commented Jul 12, 2018

@tenten8401 I slightly changed the patch, the service now starts by default and pam can be used. As stated in the commit message, radius is currently not possible since nixpkgs doesn't provide a client for this.
Could you retest this please? :)

@tenten8401
Copy link

Sure thing.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin/occtl
shrinking /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin/ocserv
gzipping man pages under /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/share/man/
strip is /nix/store/4qvrxzxa535y8304mk195x50b6p9607d-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin  /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin 
patching script interpreter paths in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1
/nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/8zkg9ac4s4alzyf4a8kfrig1j73z66dw-bash-4.4-p23/bin/sh"
checking for references to /tmp/nix-build-ocserv-0.12.1.drv-0 in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1...
moving /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin/* to /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin
/nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/ocpasswd
shrinking /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/occtl
gzipping man pages under /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/share/man/
strip is /nix/store/0pjsgkxz0rp5baycq5sp2s72lrr5q9sg-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin  /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1
/nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/p0vy17dp9jk2mvqsxsqnb14s3797lay7-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1...
moving /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/sbin/* to /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin
/nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1

@tenten8401
Copy link

tenten8401 commented Jul 13, 2018
edited

3 things I've noticed so far:

  1. I need to define a PAM service for ocserv to actually work with PAM authentication.
    security.pam.services.ocserv = {};

  2. It seems that you've missed a space between --pid-file and /var/run/ocserv.pid in the systemd unit file.

  3. I can't seem to get an internet connection out of it at all, even after a sucessful connection to the server. I'm not sure if my firewall rules are bad or if it's the package, as it seems to work just fine under a Ubuntu system with an identical ocserv config.
    Scratch that, it seems that those firewall rules were valid, but for some reason I needed a reboot for them to actually start working... which is odd.

@Ma27
ocserv: init at 0.12.1
e144b27 
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).

This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:

* `plain` (mostly username/password)
* `pam`

The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.

The module can be used like this:

``` nix
{
  services.ocserv = {
    enable = true;
    config = ''
      ...
    '';
  };
}
```

The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.

The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:

```
run-as-user = nobody
run-as-group = nogroup
```

/cc @tenten8401
Fixes NixOS#42594
@Ma27
Copy link
Member Author

Ma27 commented Jul 13, 2018

I need to define a PAM service for ocserv to actually work with PAM authentication.
security.pam.services.ocserv = {};

good catch! I had this in my VM config and forgot to put it into the actual module :)

It seems that you've missed a space between --pid-file and /var/run/ocserv.pid in the systemd unit file.

dammit, sorry :/
I guess that I didn't notice as the value was set in my config file as well.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin/occtl
shrinking /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin/ocserv
gzipping man pages under /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/share/man/
strip is /nix/store/4qvrxzxa535y8304mk195x50b6p9607d-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin  /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1
/nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/8zkg9ac4s4alzyf4a8kfrig1j73z66dw-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1...
moving /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/sbin/* to /nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1/bin
/nix/store/aczjjqxmvz6r7b9ba51xld20v9llz304-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/ocpasswd
shrinking /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/occtl
gzipping man pages under /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/share/man/
strip is /nix/store/0pjsgkxz0rp5baycq5sp2s72lrr5q9sg-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin  /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1
/nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/p0vy17dp9jk2mvqsxsqnb14s3797lay7-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1...
moving /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/sbin/* to /nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1/bin
/nix/store/1sdnq4gxwmcjgn3vkcyax76ywfr3bdk9-ocserv-0.12.1

@tenten8401
Copy link

dammit, sorry :/
I guess that I didn't notice as the value was set in my config file as well.

Don't worry about it, I could easily see myself making the same mistakes.

I'll test your new commit once more and get back to you on how well it works.

@tenten8401
Copy link

Seems like it works as expected, with me typing this to you connected to ocserv.
This is what my final config looked like, for anyone that needs it:

        # ocserv users
        users.extraUsers.my-name.hashedPassword = "insert legit sha-512 password here";
        
        # ocserv ACME
        services.nginx = {
            enable = true;
            virtualHosts."my-server" = {
                enableACME = true;
            };
        };
        
        # ocserv Firewall
        networking.firewall = {
            allowedTCPPorts = [ 8443 ];
            allowedUDPPorts = [ 8443 ];
        };
        networking.nat = {
            enable = true;
            externalInterface = "enp2s0";
            internalIPs = [ "192.168.1.0/24" ];
        };
        
        # IP forwarding and congestion control
        boot.kernel.sysctl = {
            "net.ipv4.ip_forward" = true;
            "net.ipv6.conf.all.forwarding" = true;
            "net.core.default_qdisc" = "fq";
            "net.ipv4.tcp_congestion_control" = "bbr";
        };
        
        # OpenConnect Server
        services.ocserv = {
            enable = true;
            config = ''
                auth = "pam[gid-min=1000]"
                tcp-port = 8443
                udp-port = 8443
                run-as-user = nobody
                run-as-group = nogroup
                socket-file = /var/run/ocserv-socket
                server-cert = ${config.security.acme.directory}/my-server/fullchain.pem
                server-key = ${config.security.acme.directory}/my-server/key.pem
                isolate-workers = true
                keepalive = 32400
                dpd = 90
                mobile-dpd = 1800
                switch-to-tcp-timeout = 25
                try-mtu-discovery = true
                cert-user-oid = 0.9.2342.19200300.100.1.1
                tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
                auth-timeout = 240
                min-reauth-time = 5
                max-ban-score = 80
                ban-reset-time = 1200
                cookie-timeout = 300
                deny-roaming = false
                rekey-time = 172800
                rekey-method = ssl
                use-utmp = true
                use-occtl = true
                pid-file = /var/run/ocserv.pid
                device = vpns
                predictable-ips = true
                default-domain = my-server
                ipv4-network = 192.168.1.0/24
                ipv4-netmask = 255.255.255.0
                ipv6-network = fda9:4efe:7e3b:03ea::/48
                ipv6-subnet-prefix = 64
                tunnel-all-dns = true
                dns = 1.1.1.1
                compression = true
                ping-leases = false
            '';
        };

@tenten8401
Copy link

Just thought I'd let anyone know this is basically ready to be looked at and merged I'm pretty sure.

@xeji
Copy link
Contributor

xeji commented Aug 1, 2018

@GrahamcOfBorg build ocserv

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/bin/occtl
shrinking /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/sbin/ocserv
gzipping man pages under /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/share/man/
strip is /nix/store/1hi76hr87bd1y1q1qjk0lv8nmcjip1c8-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/bin  /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/sbin 
patching script interpreter paths in /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1
/nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/dkh7l9a4sx7zqh8riqbj3z21sz25p8xy-bash-4.4-p23/bin/sh"
checking for references to /tmp/nix-build-ocserv-0.12.1.drv-0 in /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1...
moving /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/sbin/* to /nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1/bin
/nix/store/vhc53a86qlvvrw9vyj090v1s7lmw8lgi-ocserv-0.12.1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ocserv

Partial log (click to expand)

shrinking /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/bin/ocpasswd
shrinking /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/bin/occtl
gzipping man pages under /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/share/man/
strip is /nix/store/zrs21zqcchgyabjf4xfimncdq16njizc-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/bin  /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/sbin
patching script interpreter paths in /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1
/nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/bin/ocserv-fw: interpreter directive changed from "/bin/sh" to "/nix/store/6vqgi9d49smsbr2qxra52yhipg0yxf9f-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1...
moving /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/sbin/* to /nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1/bin
/nix/store/aaa6vjnrmz4h5579cx406pxpgyjks6pr-ocserv-0.12.1

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: ocserv

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@xeji xeji merged commit cd5e01e into NixOS:master Aug 1, 2018
@Ma27 Ma27 deleted the package-ocserv branch August 19, 2018 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Ma27 @srhb @tenten8401 @GrahamcOfBorg @xeji