From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id AP5dITgKrGDYlgAAgWs5BA (envelope-from ) for ; Mon, 24 May 2021 22:19:04 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id KMEIHTgKrGDELwAAB5/wlQ (envelope-from ) for ; Mon, 24 May 2021 20:19:04 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 238EB24E5F for ; Mon, 24 May 2021 22:19:04 +0200 (CEST) Received: from localhost ([::1]:54410 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1llH2V-0008B4-4h for larch@yhetil.org; Mon, 24 May 2021 16:19:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34760) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llH1X-0007mv-9G for guix-patches@gnu.org; Mon, 24 May 2021 16:18:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60675) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1llH1W-000734-S0 for guix-patches@gnu.org; Mon, 24 May 2021 16:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1llH1W-0007eX-EQ for guix-patches@gnu.org; Mon, 24 May 2021 16:18:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48626] [PATCH] strongswan: enable more sensible defaults. References: In-Reply-To: Resent-From: Domagoj Stolfa Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 24 May 2021 20:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 48626 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 48626@debbugs.gnu.org Received: via spool by 48626-submit@debbugs.gnu.org id=B48626.162188745429324 (code B ref 48626); Mon, 24 May 2021 20:18:02 +0000 Received: (at 48626) by debbugs.gnu.org; 24 May 2021 20:17:34 +0000 Received: from localhost ([127.0.0.1]:43988 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llH12-0007cm-0Y for submit@debbugs.gnu.org; Mon, 24 May 2021 16:17:33 -0400 Received: from mout.gmx.net ([212.227.17.20]:60905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llGvb-0007RO-Uh for 48626@debbugs.gnu.org; Mon, 24 May 2021 16:11:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1621887109; bh=R9414ZeXPlfGO2V9206b5Ax5Hxxs2RcTHCRzSRq6PBg=; h=X-UI-Sender-Class:Date:From:To:Subject; b=EWw16ZO7PSyK1VGGTcl7ohfwzlHNz2Z/nowB4ZSt/OvdqzTZsRXyJkf8Lcd5mXodx bZ/OvnTkbCM04Wu7HAB1RDA6oEN4mtemZJi8amlfSta0x1/jIk+VdCQF5uN5xs80Mm s6gslrxcKLMvw7jckVkuVsRi/Et+PaMaJCMaf/Tw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from pepehands ([131.111.128.28]) by mail.gmx.net (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MIdif-1lg6XR3AH7-00EflR for <48626@debbugs.gnu.org>; Mon, 24 May 2021 22:11:48 +0200 Date: Mon, 24 May 2021 21:11:55 +0100 From: Domagoj Stolfa Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cbbKXPfYwm4X64yH" Content-Disposition: inline X-Provags-ID: V03:K1:ryl1JXwaqX86fpxVwlg3jse6fCcMAH5PV4OUZgTqd2hdB+5TOGC zjkox1tTd4VuG1VBoNwmfKCNFV49qzdlddTUk0j7IIaZPPh+Lcfps0ERsySy8o1xzCCTbEC yrjvYLvMk67zMGn9ep6ZYiznTAwI3CBKK3UVF76ftraDBinr+NQ26211V5CzKIkLcTASO5D JDF+Gnn84krtS0/YdSF8A== X-UI-Out-Filterresults: notjunk:1;V03:K0:iHud+vTLbz0=:ScHX14xydO8WJvlZtitSMD PugcVCywwX/EZfxXhU3lTQFLCfhs3oYEZcWaD6/p9VJ0Yadgpvefj0xgLbQfI2wgLANryDTOq hKVG/j3g3KeAxqhjtzMUkJmroAavYna8d96zjUhqi2lvCH3icwXjUjJcTTjXdcs94UFFwYjIo TeWU6pQHedmwByHIVIz8C/WtgLXdDDBzxb9a9+fhw9oCbuDmMnJOI28T5de4qN71qlYX2y5Wk ae98/yhgBxQQcx0ImxruyrMGZM1wJFruga5QfW02PAOe5Z9tdfawlK1RbtotpwSlKVi3WkAeH dOqCfVEmiByd8yYFWyWmB4MY1MjQ8XRepbsLpODMnrl8+Moa7Mhd7c9allleW1cvhqSxiSyA1 U+zE6IlzdjGt3RvPT72YX8P3vSbg8m9tR3ENEDBDNYu26o4/DX9BQLSXmdnqO2IfiD8sWRhtG qTFOHzC6e/5qP676ii/Tdk21RdcA1oAbVTEsC9lQn/f1RIO2LTRfqFEjKYlqAwPtt82sTwTwk UUaMdkZLzrlR7hWp5zlQ3DT4715mGjXuXVwMW9vJPu0MpGUKOW8/b+lrV7NonGHwYse3TJPtg CPymtLZkdCChCk3Jgb+RcK9d8XyyADy9Uy36BRs2vlg9iIEjF0joNURBtGMYTZEmOrWY9exI3 tNiB+Gm2MkjMzbZ5y+Bb5navMWq1OtD5J3OPEVxwWrfajXwsVe6cO0/mhTDDKh2dXVKLMQhAA xGH4gjyAKQIbDEJO71f7+JxLL6+b7cyZuWQIXq3wW9N2RFyLIrDVBsKRvk4QMCylaT1GB96xO y5R50G64nnTAaLCKDHZsGYBRqq9mVZJcvrgodYu0LQsLN6zs9GBJ5vOpay8KijvSMmlpLl9Kr tU+YcqaQMz9HdpgPzRpOcS8jpgECgMqn/+FV/qC0W7bryCr9F7Qeqn3gRQUX/9v753w+7iTPk RKsAmf4lJq9euwSGVfRlJ5Jz+ox7u0kzBcmId+UJhlS1ujONKcNtnB8pxgOBINOV08Z+ji2PD 8VT+0PCI7cImrzB73p+dypRXUL3TJpqpa6RUo7p8o9tTf0LfxEDX2hAz2hgZYxQx+h05g2NhQ UAJwW80UjiSb2tVv9QrmL9j/1S0Zuwar+Js X-Mailman-Approved-At: Mon, 24 May 2021 16:17:31 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Mon, 24 May 2021 16:19:00 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1621887544; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=A58K2kXaevyq58+WxaTLXjKMW60ZswyhqetBT82SFYE=; b=iXGUG4UNiCjCI+pTk+JIdR4y/xASBHsY/IU3dkT1xmtoYqEV3Z/STl+6DviZSTt2TCWFVp wBUcZknDH14y+ULPoIMpnkwYXQiSOCan7th+KT42vZbEDCO+1tVNdriMihKKlwNXtS/YjU jDfQIXcBfOJfwQ/Uo4PduYMs66pDELNKXHADZn1623FT3y2EQaBewh3hjaoPNfQ92Iup42 ZRIBsKoLzGB3m931cEeLdabyEkHnMPoiW0q6kOKx7UTUS2eATlXi56gru1dqQx6dTmy3TZ XuSunsd0LE8VpNg/Qcvanz5nI1IBolAxZzyrZtECnyoMu1DU0vXCrkhEzitlPg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1621887544; a=rsa-sha256; cv=none; b=dyLm8jzTLU9RK8n3wuXOntCmIkQJBCMZL7qrcuRpNFcwGv+emeA0VmwWUN6Fx91kXlHPzT b5Ljj+8czo9YMJZNWkfORZK4V2B87WFE/Txc+7mbB6JpzgpfDTuIJJV0zOsH22Gz7Sy3RX eqksbO+EM4L8ASyCRpgefC9dyaETgF40y9knSafhpon8zk3uv6Bfyyf7bFt49k1RwJHCA/ IPpF6azniff5L25p3Jbc6z8bpIC2+fHjIZTCKZcdWUXW3EsAs/YVswgZ4/TWn/VTxGYUn4 XGPLuq33sfaE0vlhJ9fDpA/z6NoTujSnpzUdFsrBdND0F8kM5RSAchGnb+fkVA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=EWw16ZO7; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmx.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.93 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=EWw16ZO7; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmx.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 238EB24E5F X-Spam-Score: -2.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: p9V31GQ70Tti --cbbKXPfYwm4X64yH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Presently, the strongswan defaults are too minimal to be used with most common VPN setups. This commit enables support for a number of things that should make strongswan much more usable in Guix. --- gnu/packages/networking.scm | 47 +++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8bcaa98fbb..bfaf8a8535 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2861,16 +2861,59 @@ displays the results in real time.") #t))) #:configure-flags (list - ;; Disable bsd-4 licensed plugins. + ;; Disable bsd-4 licensed plugins (Blowfish, DES). + "--disable-blowfish" "--disable-des" - "--disable-blowfish"))) + "--disable-ldap" + "--disable-mysql" + "--disable-systemd" + "--enable-aesni" + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-ext-auth" + "--enable-farp" + "--enable-ha" + "--enable-led" + "--enable-md4" + "--enable-mediation" + "--enable-openssl" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + ;; Use libcap by default + "--with-capabilities=3Dlibcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) + ("libcap" ,libcap) ("libgcrypt" ,libgcrypt) + ("libsoup" ,libsoup) + ("linux-pam" ,linux-pam) ("openssl" ,openssl))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based u= pon --=20 2.31.1 --cbbKXPfYwm4X64yH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7JyU1wrLyiw5G92zcc2InUujXj0FAmCsCIsACgkQcc2InUuj Xj0aqQ/+OZhWBkudCq17VRI3JEm5OSB8St6IO5GQkpC7bcueteSeN6cNHLTLm8sA GZNgSqGgSa3se+NOKdeakTyooewP9Rf1RkjeVLoT4MMukI35FK9qU8S/MT7TTtXk bzDLzSEMEmw78L3VaiU8mHP4Squct9jdUxtMOmCkBORmhEuiW+KQv1bsf1rgHZPf vLR+PzANbBs9A5nui/Qmu+O+J+Ipiq6WdLbEKSJ/QZX2cbHVnJgqYVpGiZ7LcelG Vmn6Fn0ekuy4nM4TODMgU6oO9TI7AqDOHdlkT6UefO++6MLMGK8UPOuihtPiHcCl 6BnRGZl1Ynz1x3fsxBPm76xKDU0wv4NLX0KVyF3DwY7lDFv5A7wQUnhv6P3tZ4uM sORHk6lLvSimF/wqikpvR91AoKdprVrYgFhqTAnn89HRTNg4HmnD1aPfoMs6cZ/F B3O9uQTGR+N7xJ6N6Rt4aRs3nlFCGpGoiXiLTYnIIJmkApH4XIIoiWKEDe8Sikk7 082xxM6oPPRlMoSolYMFBbf7xW2YeKxKEqPYO1y6wDpmoXSzclUYYjvIkhLMIvcu eTVkrNVEsv9Tu9MGtGImi14O8pf7DX8NcBGcPbDdtbDo8mOVIMspJyihhD2wrUG4 /vo62t/PhtmrISUrei6prGl8k+9OYt87y1dhBdp4nsM2i3CnXnQ= =4sX4 -----END PGP SIGNATURE----- --cbbKXPfYwm4X64yH--