From patchwork Mon May 24 15:35:02 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Domagoj Stolfa <ds815@gmx.com>
X-Patchwork-Id: 29563
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id EF7A427BC81; Mon, 24 May 2021 20:12:32 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS,T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 8423127BC78
	for <patchwork@mira.cbaines.net>; Mon, 24 May 2021 20:12:32 +0100 (BST)
Received: from localhost ([::1]:51580 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1llG07-0005LA-Ml
	for patchwork@mira.cbaines.net; Mon, 24 May 2021 15:12:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60312)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1llClK-0004xZ-Dy
 for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:60400)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1llClK-0000DX-6W
 for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1llClK-0006sV-4h
 for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#48626] [PATCH] strongswan: enable more sensible defaults.
Resent-From: Domagoj Stolfa <ds815@gmx.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 24 May 2021 15:45:01 +0000
Resent-Message-ID: <handler.48626.B.162187104926331@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 48626
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 48626@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.162187104926331
 (code B ref -1); Mon, 24 May 2021 15:45:01 +0000
Received: (at submit) by debbugs.gnu.org; 24 May 2021 15:44:09 +0000
Received: from localhost ([127.0.0.1]:43704 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1llCkE-0006pW-TF
 for submit@debbugs.gnu.org; Mon, 24 May 2021 11:44:09 -0400
Received: from lists.gnu.org ([209.51.188.17]:54264)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ds815@gmx.com>) id 1llCbd-0006bf-7E
 for submit@debbugs.gnu.org; Mon, 24 May 2021 11:35:02 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58092)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ds815@gmx.com>) id 1llCbc-0006q0-T6
 for guix-patches@gnu.org; Mon, 24 May 2021 11:35:01 -0400
Received: from mout.gmx.net ([212.227.17.21]:48921)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ds815@gmx.com>) id 1llCba-0004P8-T3
 for guix-patches@gnu.org; Mon, 24 May 2021 11:35:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1621870495;
 bh=XXqj6pjU45gvCP1LM1JAAL36U7OeFG+/TPDX9jPaeiE=;
 h=X-UI-Sender-Class:Date:From:To:Subject;
 b=Lz+kXS8VGbFgauhxoybTTpDZjPo/4zfBBOv0ocPWvBPPXbgGnX+V0YP7aQocedVr8
 ke7cyV28G1laCH4V2Y5Fz6MVfysJPFBPX7wKxBN/htrEPDgophOStDmRivOszoe5fz
 xga6wizPLloV8JG/a/50MHsF5MK7nn1K2eL35GCc=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from pepehands ([131.111.128.28]) by mail.gmx.net (mrgmx105
 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MFsUp-1levk81Mzf-00HMuC for
 <guix-patches@gnu.org>; Mon, 24 May 2021 17:34:55 +0200
Date: Mon, 24 May 2021 16:35:02 +0100
From: Domagoj Stolfa <ds815@gmx.com>
Message-ID: <YKvHpny1wBT6pjja@pepehands>
MIME-Version: 1.0
Content-Disposition: inline
X-Provags-ID: V03:K1:mr104wrPkZF6hh5+/4YWzwmLeKBhSw83tZzlEa3MpzJJdB7yHSX
 ApA9jGD3gbVpKBMq1G6/NCFkhC00XRczH6flLu1EnIrn5YPjf6BYD44Ah3AXjxEaEOPYRxg
 BlJN01Wmy5AdbVZ9vlrSmnXOD94BZR4zirbgDwxj+Jjiw9VkuXX+QAdoTTlFAC2R8nsB45U
 Q+ewpPCzBXmKRzsU54PoA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:uecCcwIkmNU=:iqukONr4yxc6NlRjagcRFQ
 fTD3YV3YeJWeEm5byUCQT7nSBgiIPOEkgCdlg3Fl9oudzCTRtHhDF+LND/VBPGs+8PrShL/ze
 2vwZOGgDLcAH2hJxcOjoTCe7BtrgFFB2Y12nm/4tEiT8wxKN1IIWvOZUKPQcHuQ5ka6A85dS0
 gF8y9O6IbEL9/a9UFhYuVhQgytQpeWmgCIIm5jpALvg4v58OzvPc0TxGILjgOWfYVM0hyxUfm
 CmdrwJ27jxMrmrrr3qwJg0G2VqLwx5lWI1WAmbI+HvK3bB1lg32eGGcl7nROnLhp16/4jg3Ij
 hjGiL/QI0xc6vpw/fQgKrNKXJhkS4Sd19IB+tykRqHxdWFlU018FIFUhAXn0JKita02zBy0A0
 SCoLIajClD188oQbymTraEGdXeyo+B+YyJyb+R9PYc25w1PObAuJnmCgAGaFwsuXbri70IPZp
 6DaYTwwkm/h/h9ls5VjehiIwVdoI2z2qQ24m3Z/OO+IviBWkMmqfccgWJb9Q5IbLA75X6MjD/
 4p91TL0HNrEYFMhCNNIymPQf3P4VJWVwH49L8bhiqqWNhJattV5OWe/eqCHYp9cDXJbEoXIsJ
 zRowWYBvyT0iXMBG7UDhK8xjTRHi0PgGgw/7BluJSkXeXsyq28ee24B00+EmuUUdKY/IcnLQi
 jdt5wuyHJWDJG9hXwTlRhAyPBW2TQQ49cdue5wqKxT/+zPxFkMDc+Wlw017mJpXfrdqUAn9AY
 gqPKwYtRBrUHBbSkLJnHb0TjEq58nnSPAoXj+/eCpOBI+AKXvPtXYR9F9x2A7furM4De2O6rU
 1+YsYIB6pOF/fUhpvDtpWuEPAMFVIC1+uxZqD7KwoAd5GtCOP1ht+lRr5D+eYrBbMPvr8Gsmn
 RMP6D8KQDFzu74XHs5yrrQndwuprvhhBcr/G1XhpXYUOoOcpqo+EB1AZxm1mRaFO1f8VbubS3
 tfIREHSyajLYmVh6ivXEDgFsKDca4shgKEQ325z8GP4h+qIilHB4gIBtY2dlbFlKeoXpxFIiE
 WnJ3Apn1gcfKnPOH6VjRxa/jLqLomASitCw+BCb5LY2Hw7ZUXAVO01wH9zH9sQuJkJKNHqkmS
 H+P/P7x++ZvZdUkKHI4NgXKJK3r5fc7qxmWOsG7QPyxNdNghRoi7P6vHwV40krdAhXAQetjt5
 10JpMHPLArbOcRHJjOdWXO9Cfby+UJStL7N92n0+nTvnXnZtloWIqTtNzwfJNeQNLMpOQ=
Received-SPF: pass client-ip=212.227.17.21; envelope-from=ds815@gmx.com;
 helo=mout.gmx.net
X-Spam_score_int: -22
X-Spam_score: -2.3
X-Spam_bar: --
X-Spam_report: (-2.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Mon, 24 May 2021 11:43:54 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Mailman-Approved-At: Mon, 24 May 2021 15:12:25 -0400
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

Presently, the strongswan defaults are too minimal to be used with most
common VPN setups. This commit enables support for a number of things
that should make strongswan much more usable in Guix. It also explicitly
disables AESNI in order to not rely on an Intel implementation.
---
 gnu/packages/networking.scm | 52 +++++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8bcaa98fbb..1ce7adfde9 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2863,14 +2863,62 @@ displays the results in real time.")
        (list
         ;; Disable bsd-4 licensed plugins.
         "--disable-des"
-        "--disable-blowfish")))
+        "--disable-blowfish"
+        ;; Disable AESNI
+        "--disable-aesni"
+        ;; Disable systemd
+        "--disable-systemd"
+        ;; Don't use mysql or OpenLDAP
+        "--disable-mysql"
+        "--disable-ldap"
+        ;; Enable the rest needed for a sensible configuration
+        "--enable-attr-sql"
+        "--enable-chapoly"
+        "--enable-curl"
+        "--enable-dhcp"
+        "--enable-farp"
+        "--enable-md4"
+        "--enable-eap-aka"
+        "--enable-eap-aka-3gpp"
+        "--enable-eap-dynamic"
+        "--enable-eap-identity"
+        "--enable-eap-md5"
+        "--enable-eap-mschapv2"
+        "--enable-eap-peap"
+        "--enable-eap-radius"
+        "--enable-eap-sim"
+        "--enable-eap-sim-file"
+        "--enable-eap-simaka-pseudonym"
+        "--enable-eap-simaka-reauth"
+        "--enable-eap-simaka-sql"
+        "--enable-eap-tls"
+        "--enable-eap-tnc"
+        "--enable-eap-ttls"
+        "--enable-xauth-eap"
+        "--enable-ext-auth"
+        "--enable-led"
+        "--enable-ha"
+        "--enable-mediation"
+        "--enable-soup"
+        "--enable-sql"
+        "--enable-sqlite"
+        "--enable-openssl"
+        "--enable-xauth-eap"
+        "--enable-xauth-noauth"
+        "--enable-xauth-pam"
+        ;; Use libcap by default
+        "--with-capabilities=libcap")))
     (inputs
      `(("curl" ,curl)
        ("gmp" ,gmp)
        ("libgcrypt" ,libgcrypt)
-       ("openssl" ,openssl)))
+       ("openssl" ,openssl)
+       ("libsoup" ,libsoup)
+       ("libcap" ,libcap)
+       ("linux-pam" ,linux-pam)))
     (native-inputs
      `(("coreutils" ,coreutils)
+       ("pkg-config" ,pkg-config)
        ("tzdata" ,tzdata-for-tests)))
     (synopsis "IKEv1/v2 keying daemon")
     (description "StrongSwan is an IPsec implementation originally based upon