From patchwork Mon May 24 20:11:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Domagoj Stolfa X-Patchwork-Id: 29573 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DBF7A27BC78; Mon, 24 May 2021 21:19:07 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B7CF827BC81 for ; Mon, 24 May 2021 21:19:05 +0100 (BST) Received: from localhost ([::1]:54410 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1llH2W-0008B4-Ve for patchwork@mira.cbaines.net; Mon, 24 May 2021 16:19:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34760) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llH1X-0007mv-9G for guix-patches@gnu.org; Mon, 24 May 2021 16:18:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60675) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1llH1W-000734-S0 for guix-patches@gnu.org; Mon, 24 May 2021 16:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1llH1W-0007eX-EQ for guix-patches@gnu.org; Mon, 24 May 2021 16:18:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48626] [PATCH] strongswan: enable more sensible defaults. References: In-Reply-To: Resent-From: Domagoj Stolfa Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 24 May 2021 20:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 48626 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 48626@debbugs.gnu.org Received: via spool by 48626-submit@debbugs.gnu.org id=B48626.162188745429324 (code B ref 48626); Mon, 24 May 2021 20:18:02 +0000 Received: (at 48626) by debbugs.gnu.org; 24 May 2021 20:17:34 +0000 Received: from localhost ([127.0.0.1]:43988 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llH12-0007cm-0Y for submit@debbugs.gnu.org; Mon, 24 May 2021 16:17:33 -0400 Received: from mout.gmx.net ([212.227.17.20]:60905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llGvb-0007RO-Uh for 48626@debbugs.gnu.org; Mon, 24 May 2021 16:11:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1621887109; bh=R9414ZeXPlfGO2V9206b5Ax5Hxxs2RcTHCRzSRq6PBg=; h=X-UI-Sender-Class:Date:From:To:Subject; b=EWw16ZO7PSyK1VGGTcl7ohfwzlHNz2Z/nowB4ZSt/OvdqzTZsRXyJkf8Lcd5mXodx bZ/OvnTkbCM04Wu7HAB1RDA6oEN4mtemZJi8amlfSta0x1/jIk+VdCQF5uN5xs80Mm s6gslrxcKLMvw7jckVkuVsRi/Et+PaMaJCMaf/Tw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from pepehands ([131.111.128.28]) by mail.gmx.net (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MIdif-1lg6XR3AH7-00EflR for <48626@debbugs.gnu.org>; Mon, 24 May 2021 22:11:48 +0200 Date: Mon, 24 May 2021 21:11:55 +0100 From: Domagoj Stolfa Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Provags-ID: V03:K1:ryl1JXwaqX86fpxVwlg3jse6fCcMAH5PV4OUZgTqd2hdB+5TOGC zjkox1tTd4VuG1VBoNwmfKCNFV49qzdlddTUk0j7IIaZPPh+Lcfps0ERsySy8o1xzCCTbEC yrjvYLvMk67zMGn9ep6ZYiznTAwI3CBKK3UVF76ftraDBinr+NQ26211V5CzKIkLcTASO5D JDF+Gnn84krtS0/YdSF8A== X-UI-Out-Filterresults: notjunk:1;V03:K0:iHud+vTLbz0=:ScHX14xydO8WJvlZtitSMD PugcVCywwX/EZfxXhU3lTQFLCfhs3oYEZcWaD6/p9VJ0Yadgpvefj0xgLbQfI2wgLANryDTOq hKVG/j3g3KeAxqhjtzMUkJmroAavYna8d96zjUhqi2lvCH3icwXjUjJcTTjXdcs94UFFwYjIo TeWU6pQHedmwByHIVIz8C/WtgLXdDDBzxb9a9+fhw9oCbuDmMnJOI28T5de4qN71qlYX2y5Wk ae98/yhgBxQQcx0ImxruyrMGZM1wJFruga5QfW02PAOe5Z9tdfawlK1RbtotpwSlKVi3WkAeH dOqCfVEmiByd8yYFWyWmB4MY1MjQ8XRepbsLpODMnrl8+Moa7Mhd7c9allleW1cvhqSxiSyA1 U+zE6IlzdjGt3RvPT72YX8P3vSbg8m9tR3ENEDBDNYu26o4/DX9BQLSXmdnqO2IfiD8sWRhtG qTFOHzC6e/5qP676ii/Tdk21RdcA1oAbVTEsC9lQn/f1RIO2LTRfqFEjKYlqAwPtt82sTwTwk UUaMdkZLzrlR7hWp5zlQ3DT4715mGjXuXVwMW9vJPu0MpGUKOW8/b+lrV7NonGHwYse3TJPtg CPymtLZkdCChCk3Jgb+RcK9d8XyyADy9Uy36BRs2vlg9iIEjF0joNURBtGMYTZEmOrWY9exI3 tNiB+Gm2MkjMzbZ5y+Bb5navMWq1OtD5J3OPEVxwWrfajXwsVe6cO0/mhTDDKh2dXVKLMQhAA xGH4gjyAKQIbDEJO71f7+JxLL6+b7cyZuWQIXq3wW9N2RFyLIrDVBsKRvk4QMCylaT1GB96xO y5R50G64nnTAaLCKDHZsGYBRqq9mVZJcvrgodYu0LQsLN6zs9GBJ5vOpay8KijvSMmlpLl9Kr tU+YcqaQMz9HdpgPzRpOcS8jpgECgMqn/+FV/qC0W7bryCr9F7Qeqn3gRQUX/9v753w+7iTPk RKsAmf4lJq9euwSGVfRlJ5Jz+ox7u0kzBcmId+UJhlS1ujONKcNtnB8pxgOBINOV08Z+ji2PD 8VT+0PCI7cImrzB73p+dypRXUL3TJpqpa6RUo7p8o9tTf0LfxEDX2hAz2hgZYxQx+h05g2NhQ UAJwW80UjiSb2tVv9QrmL9j/1S0Zuwar+Js X-Mailman-Approved-At: Mon, 24 May 2021 16:17:31 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Mon, 24 May 2021 16:19:00 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Presently, the strongswan defaults are too minimal to be used with most common VPN setups. This commit enables support for a number of things that should make strongswan much more usable in Guix. --- gnu/packages/networking.scm | 47 +++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8bcaa98fbb..bfaf8a8535 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2861,16 +2861,59 @@ displays the results in real time.") #t))) #:configure-flags (list - ;; Disable bsd-4 licensed plugins. + ;; Disable bsd-4 licensed plugins (Blowfish, DES). + "--disable-blowfish" "--disable-des" - "--disable-blowfish"))) + "--disable-ldap" + "--disable-mysql" + "--disable-systemd" + "--enable-aesni" + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-ext-auth" + "--enable-farp" + "--enable-ha" + "--enable-led" + "--enable-md4" + "--enable-mediation" + "--enable-openssl" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + ;; Use libcap by default + "--with-capabilities=libcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) + ("libcap" ,libcap) ("libgcrypt" ,libgcrypt) + ("libsoup" ,libsoup) + ("linux-pam" ,linux-pam) ("openssl" ,openssl))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based upon