From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47042) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dRtkL-0002IK-UM for guix-patches@gnu.org; Mon, 03 Jul 2017 01:18:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dRtkI-0007D5-Jj for guix-patches@gnu.org; Mon, 03 Jul 2017 01:18:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46657) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dRtkI-0007CZ-7Y for guix-patches@gnu.org; Mon, 03 Jul 2017 01:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dRtkH-0004mX-Ni for guix-patches@gnu.org; Mon, 03 Jul 2017 01:18:01 -0400 Subject: [bug#27549] [PATCH] gnu: vpnc: Update to 0.5.3, revision-550. Resent-Message-ID: References: <87y3s8kybp.fsf@gmail.com> <01350273-2593-618d-a461-b99c1f310265@tobias.gr> From: Tobias Geerinckx-Rice Message-ID: <3702cc9a-9066-4e6c-c9be-050e5e6c1ffe@tobias.gr> Date: Mon, 3 Jul 2017 07:18:48 +0200 MIME-Version: 1.0 In-Reply-To: <01350273-2593-618d-a461-b99c1f310265@tobias.gr> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="900HRR5x7A30mU8WIMAWvms4D2muvb7Pd" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: jlicht@fsfe.org, 27549@debbugs.gnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --900HRR5x7A30mU8WIMAWvms4D2muvb7Pd Content-Type: multipart/mixed; boundary="RnIwT3MIQFB0IPHbNkOuAN2CGOgHN8TLJ"; protected-headers="v1" From: Tobias Geerinckx-Rice To: jlicht@fsfe.org, 27549@debbugs.gnu.org Message-ID: <3702cc9a-9066-4e6c-c9be-050e5e6c1ffe@tobias.gr> Subject: Re: [bug#27549] [PATCH] gnu: vpnc: Update to 0.5.3, revision-550. References: <87y3s8kybp.fsf@gmail.com> <01350273-2593-618d-a461-b99c1f310265@tobias.gr> In-Reply-To: <01350273-2593-618d-a461-b99c1f310265@tobias.gr> --RnIwT3MIQFB0IPHbNkOuAN2CGOgHN8TLJ Content-Type: multipart/mixed; boundary="------------CBC399970E456BCB93E2F9C6" This is a multi-part message in MIME format. --------------CBC399970E456BCB93E2F9C6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Jelle, On 01/07/17 19:18, Tobias Geerinckx-Rice wrote: > I'd started on packaging those updated vpnc-scripts, [...] > I'll dig them up and see how far I got. Found 'em! If you have some spare time, could you give the attached patches a try? They look finished[0], but I don't have a VPN to test. I hope we can avoid relying on the copy of vpnc-scripts bundled with vpnc= : - the bundled copy still lags behind upstream[1], even in trunk - unbundling allows using a stable release of the vpnc client instead of a subversion checkout, while still easily updating the scripts - and shaves ~50MiB from our openconnect package. Of course, it has to actually work for you first :-) Kind regards, T G-R [0]: I don't like the look of 'wrap-keys, but I don't know a better way. [1]: http://git.infradead.org/users/dwmw2/vpnc-scripts.git --------------CBC399970E456BCB93E2F9C6 Content-Type: text/x-patch; name="0002-gnu-vpnc-Use-newer-vpnc-scripts.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0002-gnu-vpnc-Use-newer-vpnc-scripts.patch" =46rom 935a3896c8bb0c356bb04865dc7af3daa09cdb44 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 7 May 2017 01:56:41 +0200 Subject: [PATCH 2/3] gnu: vpnc: Use newer vpnc-scripts. MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/vpn.scm (vpnc)[source]: Remove patch. [inputs]: Remove net-tools and iproute2. Add vpnc-scripts. [arguments]: Delete =E2=80=98configure=E2=80=99 and =E2=80=98wrap-vpnc-sc= ript=E2=80=99 #:phases. Add =E2=80=98use-store-paths=E2=80=99 phase. * gnu/packages/patches/vpnc-script.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/vpnc-script.patch | 15 ------------ gnu/packages/vpn.scm | 42 ++++++++++++----------------= ------ 3 files changed, 15 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/vpnc-script.patch diff --git a/gnu/local.mk b/gnu/local.mk index 83b019605..55b4071e9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1047,7 +1047,6 @@ dist_patch_DATA =3D \ %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \= %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \ - %D%/packages/patches/vpnc-script.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ %D%/packages/patches/weechat-python.patch \ diff --git a/gnu/packages/patches/vpnc-script.patch b/gnu/packages/patche= s/vpnc-script.patch deleted file mode 100644 index a0d948195..000000000 --- a/gnu/packages/patches/vpnc-script.patch +++ /dev/null @@ -1,15 +0,0 @@ -This patch adapts the vpnc script to newer kernel versions, see - https://lkml.org/lkml/2011/3/24/645 - -diff -u a/vpnc-script.in b/vpnc-script.in ---- a/vpnc-script.in 2013-03-03 13:55:16.000000000 +0100 -+++ b/vpnc-script.in 2013-03-03 13:56:11.000000000 +0100 -@@ -116,7 +116,7 @@ -=20 - if [ -n "$IPROUTE" ]; then - fix_ip_get_output () { -- sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g' -+ sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g;s/= ipid 0x....//g' - } -=20 - set_vpngateway_route() { diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 4b47a76b3..aa79a7cfb 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -73,41 +73,29 @@ endpoints.") (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/v= pnc/vpnc-" version ".tar.gz")) (sha256 (base32 - "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7k= j6")) - (patches (search-patches "vpnc-script.patch")))) + "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7k= j6")))) (build-system gnu-build-system) (inputs `(("libgcrypt" ,libgcrypt) ("perl" ,perl) - - ;; The following packages provide commands that 'vpnc-scrip= t' - ;; expects. - ("net-tools" ,net-tools) ;ifconfig, route - ("iproute2" ,iproute))) ;ip + ("vpnc-scripts" ,vpnc-scripts))) (arguments `(#:tests? #f ; there is no check target #:phases (modify-phases %standard-phases - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (substitute* "Makefile" - (("PREFIX=3D/usr/local") (string-append "PREFIX=3D" out)= )) - (substitute* "Makefile" - (("ETCDIR=3D/etc/vpnc") (string-append "ETCDIR=3D" out - "/etc/vpnc")))))) - (add-after 'install 'wrap-vpnc-script + (add-after 'unpack 'use-store-paths (lambda* (#:key inputs outputs #:allow-other-keys) - ;; Wrap 'etc/vpnc/vpnc-script' so that it finds the commands= it - ;; needs. Assume coreutils/grep/sed are in $PATH. - (let ((out (assoc-ref outputs "out"))) - (wrap-program (string-append out "/etc/vpnc/vpnc-script") - `("PATH" ":" prefix - (,(string-append (assoc-ref inputs "net-tools") - "/sbin") - ,(string-append (assoc-ref inputs "net-tools") - "/bin") - ,(string-append (assoc-ref inputs "iproute2") - "/sbin")))))))))) + (let ((out (assoc-ref outputs "out")) + (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) + (substitute* "config.c" + (("/etc/vpnc/vpnc-script") + (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) + (substitute* "Makefile" + (("ETCDIR=3D.*") + (string-append "ETCDIR=3D" out "/etc/vpnc\n")) + (("PREFIX=3D.*") + (string-append "PREFIX=3D" out "\n"))) + #t))) + (delete 'configure)))) ; no configure script (synopsis "Client for Cisco VPN concentrators") (description "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. --=20 2.13.1 --------------CBC399970E456BCB93E2F9C6 Content-Type: text/x-patch; name="0001-gnu-Add-vpnc-scripts.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-gnu-Add-vpnc-scripts.patch" =46rom 43e557609bff42cafcaaefa757ed794af5441efa Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 7 May 2017 01:19:12 +0200 Subject: [PATCH 1/3] gnu: Add vpnc-scripts. * gnu/packages/vpn.scm (vpnc-scripts): New variable. --- gnu/packages/vpn.scm | 91 ++++++++++++++++++++++++++++++++++++++++++++++= +++++- 1 file changed, 90 insertions(+), 1 deletion(-) diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 87fea4a47..4b47a76b3 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -4,7 +4,7 @@ ;;; Copyright =C2=A9 2014 Eric Bavier ;;; Copyright =C2=A9 2015 Jeff Mickey ;;; Copyright =C2=A9 2016, 2017 Efraim Flashner -;;; Copyright =C2=A9 2016 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2016, 2017 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2017 Julien Lepiller ;;; ;;; This file is part of GNU Guix. @@ -26,9 +26,11 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix build-system gnu) #:use-module (guix build-system python) #:use-module (gnu packages) + #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) @@ -116,6 +118,93 @@ Only \"Universal TUN/TAP device driver support\" is = needed in the kernel.") (license license:gpl2+) ; some file are bsd-2, see COPYING (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/"))) =20 +(define-public vpnc-scripts + (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3")) + (package + (name "vpnc-scripts") + (version (string-append "20161214." (string-take commit 7))) + (source (origin + (method git-fetch) + (uri + (git-reference + (url "git://git.infradead.org/users/dwmw2/vpnc-scripts= =2Egit") + (commit commit))) + (sha256 + (base32 + "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"= )))) + (build-system gnu-build-system) + (inputs `(("coreutils" ,coreutils) + ("grep" ,grep) + ("iproute2" ,iproute) ; for =E2=80=98ip=E2=80=99 + ("net-tools" ,net-tools) ; for =E2=80=98ifconfig=E2=80=99= , =E2=80=98route=E2=80=99 + ("sed" ,sed) + ("which" ,which))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'use-relative-paths + ;; Patch the scripts to work with and use relative paths. + (lambda* _ + (for-each (lambda (script) + (substitute* script + (("^PATH=3D.*") "") + (("(/usr|)/s?bin/") "") + (("\\[ +-x +([^]]+) +\\]" _ command) + (string-append "command -v >/dev/null 2>&1= " + command)))) + (find-files "." "^vpnc-script")) + #t)) + (delete 'configure) ; no configure script + (replace 'build + (lambda _ + (zero? (system* "gcc" "-o" "netunshare" "netunshare.c")))= ) + (replace 'install + ;; There is no Makefile; manually install the relevant file= s. + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (etc (string-append out "/etc/vpnc"))) + (for-each (lambda (file) + (install-file file etc)) + (append (find-files "." "^vpnc-script") + (list "netunshare" + "xinetd.netns.conf"))) + #t))) + (add-after 'install 'wrap-scripts + ;; Wrap scripts with paths to their common hard dependencie= s. + ;; Optional dependencies will need to be installed by the u= ser. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (for-each + (lambda (script) + (wrap-program script + `("PATH" ":" prefix + ,(map (lambda (name) + (let ((input (assoc-ref inputs name))) + (string-append input "/bin:" + input "/sbin"))) + (list "coreutils" + "grep" + "iproute2" + "net-tools" + "sed" + "which"))))) + (find-files (string-append out "/etc/vpnc/vpnc-script"= ) + "^vpnc-script")))))) + #:tests? #f)) ; no tests + (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git"= ) + (synopsis "Network configuration scripts for Cisco VPN clients") + (description + "This set of scripts configures routing and name services when in= voked +by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) cli= ents. + +The default @command{vpnc-script} automatically configures most common +connections, and provides hooks for performing custom actions at various= stages +of the connection or disconnection process. + +Alternative scripts are provided for more complicated set-ups, or to ser= ve as an +example for writing your own. For example, @command{vpnc-script-sshd} c= ontains +the entire VPN in a network namespace accessible only through SSH.") + (license license:gpl2+)))) =20 (define-public openconnect (package --=20 2.13.1 --------------CBC399970E456BCB93E2F9C6-- --RnIwT3MIQFB0IPHbNkOuAN2CGOgHN8TLJ-- --900HRR5x7A30mU8WIMAWvms4D2muvb7Pd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQFBBAEBCgArFiEEeqzfDJ8DWw5d4xcqkczbm0hUG5kFAllZ07gNHG1lQHRvYmlh cy5ncgAKCRCRzNubSFQbmRMYCACUKV6j71YdJy0aq3D3xDbA0zHs+qxNechnKDMQ 3yPfN8Rx24wD1kECLGVlIkZmzmINmYlqC58z2b4pz4IdiJLEhTvMu8NFygXGGX5S TPnVw/yeDueNwnBl/ls7satIYQeaXbMQY3OvSY+y0QQ8GlxRb27VW9upy1cb+BhN Fyk3NJR1CDEHz9UFpIHXCPsVnkcM+ogiMDnK5eAj4T8c/4iqsNq+oQNLFvkhBc7h swK4ie8V8VDATzIQ33WmED3IsnUProbfhc5pQdthq2xqB1uk9ANpbwG8U1sdy1Nv jfLv2xgN3HkbKps+WMq3aFC+Gupf72O2IqFaGZDCImvP8PYb =oZii -----END PGP SIGNATURE----- --900HRR5x7A30mU8WIMAWvms4D2muvb7Pd--