From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id oOTjMqH6q2BgewAAgWs5BA (envelope-from ) for ; Mon, 24 May 2021 21:12:33 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id EOmWLqH6q2CffgAAB5/wlQ (envelope-from ) for ; Mon, 24 May 2021 19:12:33 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 64DE923CF1 for ; Mon, 24 May 2021 21:12:33 +0200 (CEST) Received: from localhost ([::1]:51580 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1llG08-0005LA-GG for larch@yhetil.org; Mon, 24 May 2021 15:12:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60312) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llClK-0004xZ-Dy for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60400) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1llClK-0000DX-6W for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1llClK-0006sV-4h for guix-patches@gnu.org; Mon, 24 May 2021 11:45:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48626] [PATCH] strongswan: enable more sensible defaults. Resent-From: Domagoj Stolfa Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 24 May 2021 15:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 48626 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 48626@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.162187104926331 (code B ref -1); Mon, 24 May 2021 15:45:01 +0000 Received: (at submit) by debbugs.gnu.org; 24 May 2021 15:44:09 +0000 Received: from localhost ([127.0.0.1]:43704 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llCkE-0006pW-TF for submit@debbugs.gnu.org; Mon, 24 May 2021 11:44:09 -0400 Received: from lists.gnu.org ([209.51.188.17]:54264) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llCbd-0006bf-7E for submit@debbugs.gnu.org; Mon, 24 May 2021 11:35:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58092) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llCbc-0006q0-T6 for guix-patches@gnu.org; Mon, 24 May 2021 11:35:01 -0400 Received: from mout.gmx.net ([212.227.17.21]:48921) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llCba-0004P8-T3 for guix-patches@gnu.org; Mon, 24 May 2021 11:35:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1621870495; bh=XXqj6pjU45gvCP1LM1JAAL36U7OeFG+/TPDX9jPaeiE=; h=X-UI-Sender-Class:Date:From:To:Subject; b=Lz+kXS8VGbFgauhxoybTTpDZjPo/4zfBBOv0ocPWvBPPXbgGnX+V0YP7aQocedVr8 ke7cyV28G1laCH4V2Y5Fz6MVfysJPFBPX7wKxBN/htrEPDgophOStDmRivOszoe5fz xga6wizPLloV8JG/a/50MHsF5MK7nn1K2eL35GCc= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from pepehands ([131.111.128.28]) by mail.gmx.net (mrgmx105 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MFsUp-1levk81Mzf-00HMuC for ; Mon, 24 May 2021 17:34:55 +0200 Date: Mon, 24 May 2021 16:35:02 +0100 From: Domagoj Stolfa Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3Wc+/PsSP9sDN2T5" Content-Disposition: inline X-Provags-ID: V03:K1:mr104wrPkZF6hh5+/4YWzwmLeKBhSw83tZzlEa3MpzJJdB7yHSX ApA9jGD3gbVpKBMq1G6/NCFkhC00XRczH6flLu1EnIrn5YPjf6BYD44Ah3AXjxEaEOPYRxg BlJN01Wmy5AdbVZ9vlrSmnXOD94BZR4zirbgDwxj+Jjiw9VkuXX+QAdoTTlFAC2R8nsB45U Q+ewpPCzBXmKRzsU54PoA== X-UI-Out-Filterresults: notjunk:1;V03:K0:uecCcwIkmNU=:iqukONr4yxc6NlRjagcRFQ fTD3YV3YeJWeEm5byUCQT7nSBgiIPOEkgCdlg3Fl9oudzCTRtHhDF+LND/VBPGs+8PrShL/ze 2vwZOGgDLcAH2hJxcOjoTCe7BtrgFFB2Y12nm/4tEiT8wxKN1IIWvOZUKPQcHuQ5ka6A85dS0 gF8y9O6IbEL9/a9UFhYuVhQgytQpeWmgCIIm5jpALvg4v58OzvPc0TxGILjgOWfYVM0hyxUfm CmdrwJ27jxMrmrrr3qwJg0G2VqLwx5lWI1WAmbI+HvK3bB1lg32eGGcl7nROnLhp16/4jg3Ij hjGiL/QI0xc6vpw/fQgKrNKXJhkS4Sd19IB+tykRqHxdWFlU018FIFUhAXn0JKita02zBy0A0 SCoLIajClD188oQbymTraEGdXeyo+B+YyJyb+R9PYc25w1PObAuJnmCgAGaFwsuXbri70IPZp 6DaYTwwkm/h/h9ls5VjehiIwVdoI2z2qQ24m3Z/OO+IviBWkMmqfccgWJb9Q5IbLA75X6MjD/ 4p91TL0HNrEYFMhCNNIymPQf3P4VJWVwH49L8bhiqqWNhJattV5OWe/eqCHYp9cDXJbEoXIsJ zRowWYBvyT0iXMBG7UDhK8xjTRHi0PgGgw/7BluJSkXeXsyq28ee24B00+EmuUUdKY/IcnLQi jdt5wuyHJWDJG9hXwTlRhAyPBW2TQQ49cdue5wqKxT/+zPxFkMDc+Wlw017mJpXfrdqUAn9AY gqPKwYtRBrUHBbSkLJnHb0TjEq58nnSPAoXj+/eCpOBI+AKXvPtXYR9F9x2A7furM4De2O6rU 1+YsYIB6pOF/fUhpvDtpWuEPAMFVIC1+uxZqD7KwoAd5GtCOP1ht+lRr5D+eYrBbMPvr8Gsmn RMP6D8KQDFzu74XHs5yrrQndwuprvhhBcr/G1XhpXYUOoOcpqo+EB1AZxm1mRaFO1f8VbubS3 tfIREHSyajLYmVh6ivXEDgFsKDca4shgKEQ325z8GP4h+qIilHB4gIBtY2dlbFlKeoXpxFIiE WnJ3Apn1gcfKnPOH6VjRxa/jLqLomASitCw+BCb5LY2Hw7ZUXAVO01wH9zH9sQuJkJKNHqkmS H+P/P7x++ZvZdUkKHI4NgXKJK3r5fc7qxmWOsG7QPyxNdNghRoi7P6vHwV40krdAhXAQetjt5 10JpMHPLArbOcRHJjOdWXO9Cfby+UJStL7N92n0+nTvnXnZtloWIqTtNzwfJNeQNLMpOQ= Received-SPF: pass client-ip=212.227.17.21; envelope-from=ds815@gmx.com; helo=mout.gmx.net X-Spam_score_int: -22 X-Spam_score: -2.3 X-Spam_bar: -- X-Spam_report: (-2.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Mon, 24 May 2021 11:43:54 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Mon, 24 May 2021 15:12:25 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1621883553; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=6dIpYN1BkE9hEP23CGpx/ptAIyRSQezmtr4vh2EsV7k=; b=d+1QKrlFhTt+dkC2i3tAzbAUo7JIwXY4KlXvxe8znKYUJz5n5tBOYBfnrIcp/BvXWe6U3c KmXcX7Fq6cnC03xuyO/MfNHEV33eu9cLFHdBVBP6M1/I5GnDF6Lo7JDDTUcOX8Ra2WVQdn Z0gNIAJhVov5XxqBo4xiyAJKwlCNxrjYKzFdGuVC0RoF4A55NiUt4okjXjzbT6+Sf+29QH qsFMdMW2u8OZHClpf/UE5QVw/uO8zjHnv+i5/Td30gfVWG8H5XCseG/ZRES+IhEXiq9RD7 OTJ6nnAQLP62o2kTXH7yvayMobaFbGxLnKrhEnIM6uQRyeJrUK7O+062u25c7g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1621883553; a=rsa-sha256; cv=none; b=ouyOMz1RvCtjTQ17dAZxsPRBvct2w7Ef6BhFaMrRtMDGDO50UprxQNoSD1A4B5n+20ji4O wQWuKQR06y0l4wqDW9lGSCVjqUTlvBblaE14HPpkV6HyxfzdVfFCg7/+Vo+oTWAPXHxvbu 11gEeeZJ2Wiu05vI1RXihZNBvqbkQmzvg6S4vX5jg/xSNwLwBFKxiWRTVvXM9Q3+e/yQAX Ssh41xFbBBZwRT5W1XsKToJ6CAS84zYlqEi+XBukiLKY6zj6bo7yPKUw/F20GrnfLXuhOU p4pbaRDfJ7w5ly6l34356QnEVQXdtW/sSLvpJ2q1ZuGdI6Pe5tzdp5mKxa2pyw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=Lz+kXS8V; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmx.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.93 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=Lz+kXS8V; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmx.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 64DE923CF1 X-Spam-Score: -2.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: g672fpmjdh0h --3Wc+/PsSP9sDN2T5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Presently, the strongswan defaults are too minimal to be used with most common VPN setups. This commit enables support for a number of things that should make strongswan much more usable in Guix. It also explicitly disables AESNI in order to not rely on an Intel implementation. --- gnu/packages/networking.scm | 52 +++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8bcaa98fbb..1ce7adfde9 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2863,14 +2863,62 @@ displays the results in real time.") (list ;; Disable bsd-4 licensed plugins. "--disable-des" - "--disable-blowfish"))) + "--disable-blowfish" + ;; Disable AESNI + "--disable-aesni" + ;; Disable systemd + "--disable-systemd" + ;; Don't use mysql or OpenLDAP + "--disable-mysql" + "--disable-ldap" + ;; Enable the rest needed for a sensible configuration + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-farp" + "--enable-md4" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-xauth-eap" + "--enable-ext-auth" + "--enable-led" + "--enable-ha" + "--enable-mediation" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-openssl" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + ;; Use libcap by default + "--with-capabilities=3Dlibcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) ("libgcrypt" ,libgcrypt) - ("openssl" ,openssl))) + ("openssl" ,openssl) + ("libsoup" ,libsoup) + ("libcap" ,libcap) + ("linux-pam" ,linux-pam))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based u= pon --=20 2.31.1 --3Wc+/PsSP9sDN2T5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7JyU1wrLyiw5G92zcc2InUujXj0FAmCrx6UACgkQcc2InUuj Xj0wQg/8DMHZ1SI1YNqEZYDZ4P3Sp8mhUt6XIM4Q3cT0DiXeLKojzDhtpRWf/QdK Xua06YeRteWg+mkaMU7RoTLpBxNHNHvIQXedpy4DE5GxMX92mTbdPvqVd6mzd+Z7 /hz3qGvo111qnAAdy/YvqaIltLkB8h9gIDYUWTJJAFhnwaYwXlY5xDZcmPDDm+7b LOB/3gPsYS2DvArW4Vf7sPUVP+v2CxevxnwzqxflPgYkYoKtSoV0rw2M8wGH6ojR FgsmWA3ppCbSNc4urU47NjbTwHk/l+8dHOW18KYdF4dvchC0IheEYz3cMeqFKfMp k1NtqQuSEnaB6exQsICJ3ZoE8L5DRTuoJrscbuxkjXcqt1S84b5FSYlNaqyucM37 snDpiZx8q8IQi4rkdgwWl8c3XkJhWRFmixjSie+VQ3xfoK5eMDl5eN8luoVZAQMO d2QbahRMP19BZOjwCGk/sJ/ikpNTnKr1weg7WHMflpAl2cLLGO4YfmMk5ntyzVbU 6aBICifCNVYvyYRdsdR6g5RrKpTL6+e+TduyOtoYcs49EUWadgqsUN4SMDc9vNMv umkBgEK5gGXQtXq0ljdDinU1yuVwdc+N6E6Xi1z7uKdDJiMPMptt62LewZD7VxHl OHFs1/sdCSH4lrGE6abAIPq9fvZ1QWcP6NKSHgkqxcWbkeo/dsE= =Nzae -----END PGP SIGNATURE----- --3Wc+/PsSP9sDN2T5--