[bug#48626] [PATCH] strongswan: enable more sensible defaults.

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

* [bug#48626] [PATCH] strongswan: enable more sensible defaults.
@ 2021-05-24 15:35 Domagoj Stolfa
  2021-05-24 20:11 ` Domagoj Stolfa
  0 siblings, 1 reply; 3+ messages in thread
From: Domagoj Stolfa @ 2021-05-24 15:35 UTC (permalink / raw)
  To: 48626

[-- Attachment #1: Type: text/plain, Size: 2706 bytes --]

Presently, the strongswan defaults are too minimal to be used with most
common VPN setups. This commit enables support for a number of things
that should make strongswan much more usable in Guix. It also explicitly
disables AESNI in order to not rely on an Intel implementation.
---
 gnu/packages/networking.scm | 52 +++++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8bcaa98fbb..1ce7adfde9 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2863,14 +2863,62 @@ displays the results in real time.")
        (list
         ;; Disable bsd-4 licensed plugins.
         "--disable-des"
-        "--disable-blowfish")))
+        "--disable-blowfish"
+        ;; Disable AESNI
+        "--disable-aesni"
+        ;; Disable systemd
+        "--disable-systemd"
+        ;; Don't use mysql or OpenLDAP
+        "--disable-mysql"
+        "--disable-ldap"
+        ;; Enable the rest needed for a sensible configuration
+        "--enable-attr-sql"
+        "--enable-chapoly"
+        "--enable-curl"
+        "--enable-dhcp"
+        "--enable-farp"
+        "--enable-md4"
+        "--enable-eap-aka"
+        "--enable-eap-aka-3gpp"
+        "--enable-eap-dynamic"
+        "--enable-eap-identity"
+        "--enable-eap-md5"
+        "--enable-eap-mschapv2"
+        "--enable-eap-peap"
+        "--enable-eap-radius"
+        "--enable-eap-sim"
+        "--enable-eap-sim-file"
+        "--enable-eap-simaka-pseudonym"
+        "--enable-eap-simaka-reauth"
+        "--enable-eap-simaka-sql"
+        "--enable-eap-tls"
+        "--enable-eap-tnc"
+        "--enable-eap-ttls"
+        "--enable-xauth-eap"
+        "--enable-ext-auth"
+        "--enable-led"
+        "--enable-ha"
+        "--enable-mediation"
+        "--enable-soup"
+        "--enable-sql"
+        "--enable-sqlite"
+        "--enable-openssl"
+        "--enable-xauth-eap"
+        "--enable-xauth-noauth"
+        "--enable-xauth-pam"
+        ;; Use libcap by default
+        "--with-capabilities=libcap")))
     (inputs
      `(("curl" ,curl)
        ("gmp" ,gmp)
        ("libgcrypt" ,libgcrypt)
-       ("openssl" ,openssl)))
+       ("openssl" ,openssl)
+       ("libsoup" ,libsoup)
+       ("libcap" ,libcap)
+       ("linux-pam" ,linux-pam)))
     (native-inputs
      `(("coreutils" ,coreutils)
+       ("pkg-config" ,pkg-config)
        ("tzdata" ,tzdata-for-tests)))
     (synopsis "IKEv1/v2 keying daemon")
     (description "StrongSwan is an IPsec implementation originally based upon
-- 
2.31.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#48626] [PATCH] strongswan: enable more sensible defaults.
  2021-05-24 15:35 [bug#48626] [PATCH] strongswan: enable more sensible defaults Domagoj Stolfa
@ 2021-05-24 20:11 ` Domagoj Stolfa
  2021-06-06 13:44   ` bug#48626: " Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 1 reply; 3+ messages in thread
From: Domagoj Stolfa @ 2021-05-24 20:11 UTC (permalink / raw)
  To: 48626

[-- Attachment #1: Type: text/plain, Size: 2505 bytes --]

Presently, the strongswan defaults are too minimal to be used with most
common VPN setups. This commit enables support for a number of things
that should make strongswan much more usable in Guix.
---
 gnu/packages/networking.scm | 47 +++++++++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8bcaa98fbb..bfaf8a8535 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2861,16 +2861,59 @@ displays the results in real time.")
              #t)))
        #:configure-flags
        (list
-        ;; Disable bsd-4 licensed plugins.
+        ;; Disable bsd-4 licensed plugins (Blowfish, DES).
+        "--disable-blowfish"
         "--disable-des"
-        "--disable-blowfish")))
+        "--disable-ldap"
+        "--disable-mysql"
+        "--disable-systemd"
+        "--enable-aesni"
+        "--enable-attr-sql"
+        "--enable-chapoly"
+        "--enable-curl"
+        "--enable-dhcp"
+        "--enable-eap-aka"
+        "--enable-eap-aka-3gpp"
+        "--enable-eap-dynamic"
+        "--enable-eap-identity"
+        "--enable-eap-md5"
+        "--enable-eap-mschapv2"
+        "--enable-eap-peap"
+        "--enable-eap-radius"
+        "--enable-eap-sim"
+        "--enable-eap-sim-file"
+        "--enable-eap-simaka-pseudonym"
+        "--enable-eap-simaka-reauth"
+        "--enable-eap-simaka-sql"
+        "--enable-eap-tls"
+        "--enable-eap-tnc"
+        "--enable-eap-ttls"
+        "--enable-ext-auth"
+        "--enable-farp"
+        "--enable-ha"
+        "--enable-led"
+        "--enable-md4"
+        "--enable-mediation"
+        "--enable-openssl"
+        "--enable-soup"
+        "--enable-sql"
+        "--enable-sqlite"
+        "--enable-xauth-eap"
+        "--enable-xauth-noauth"
+        "--enable-xauth-pam"
+        ;; Use libcap by default
+        "--with-capabilities=libcap")))
     (inputs
      `(("curl" ,curl)
        ("gmp" ,gmp)
+       ("libcap" ,libcap)
        ("libgcrypt" ,libgcrypt)
+       ("libsoup" ,libsoup)
+       ("linux-pam" ,linux-pam)
        ("openssl" ,openssl)))
     (native-inputs
      `(("coreutils" ,coreutils)
+       ("pkg-config" ,pkg-config)
        ("tzdata" ,tzdata-for-tests)))
     (synopsis "IKEv1/v2 keying daemon")
     (description "StrongSwan is an IPsec implementation originally based upon
-- 
2.31.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* bug#48626: [PATCH] strongswan: enable more sensible defaults.
  2021-05-24 20:11 ` Domagoj Stolfa
@ 2021-06-06 13:44   ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 0 replies; 3+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-06-06 13:44 UTC (permalink / raw)
  To: Domagoj Stolfa; +Cc: 48626-done

[-- Attachment #1: Type: text/plain, Size: 614 bytes --]

Domagoj,

Domagoj Stolfa 写道：
> Presently, the strongswan defaults are too minimal to be used 
> with most
> common VPN setups. This commit enables support for a number of 
> things
> that should make strongswan much more usable in Guix.

Thanks!  I moved this to a comment, added a commit message 
following our conventions[0], and pushed it as 
77056478a2de22db6613d24ed37f7496afba42db.

Kind regards,

T G-R

[0]: Of course this one's bonkers because of all the options, 
which probably don't need to be explicitly listed, but what else 
are computers for than to automate such things.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-06-06 13:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-24 15:35 [bug#48626] [PATCH] strongswan: enable more sensible defaults Domagoj Stolfa
2021-05-24 20:11 ` Domagoj Stolfa
2021-06-06 13:44   ` bug#48626: " Tobias Geerinckx-Rice via Guix-patches via

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.