GNU bug report logs - #28973
[PATCH 1/1] gnu: Add strongswan.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 28973 in the body.
You can then email your comments to 28973 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: guix-patches <at> gnu.org
Subject: [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 24 Oct 2017 14:58:52 -0400

Their website is not very precise about the licensing.  It just says
GPL2, but all the files I checked were GPL2+, except one which says
"MIT" but is really the text of the Expat license as listen on the FSF
directory.

I believe the licensing info is correct now but I didn't do an
exhaustive search of all files.

---
 gnu/packages/networking.scm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 633b8ca43..6d639f716 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -78,6 +78,8 @@
   #:use-module (gnu packages valgrind)
   #:use-module (gnu packages wm)
   #:use-module (gnu packages xml)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages gnuzilla)
   #:use-module (ice-9 match))
 
 (define-public macchanger
@@ -1494,3 +1496,34 @@ interface and a programmable text output for scripting.")
     ;; Update the license field when upstream responds.
     (license (list license:bsd-2
                    license:expat))))
+
+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+       (sha256
+        (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
+       (patches
+        (search-patches "strongswan-test_process-disable-all.patch"
+                        "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("gmp" ,gmp)
+       ("openssl" ,openssl)
+       ("libgcrypt" ,libgcrypt)
+       ("curl" ,curl)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "strongswan is an open source IPSec implementation")
+    (home-page "https://strongswan.org/")
+    (license
+     ;; Everything seems to be gpl2+ except
+     ;; src/libcharon/plugins/vici/libvici.h which is MIT/expat.  The actual
+     ;; source file "libvici.h" claims it's MIT, but the actual text of the
+     ;; license is identical to expat as listed here:
+     ;; https://directory.fsf.org/wiki/License:Expat
+     (list license:gpl2+
+           license:expat))))
-- 
2.14.2

Message #8 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: 28973 <at> debbugs.gnu.org
Subject: [PATCH] Add the patches necessary to build strongswan
Date: Tue, 24 Oct 2017 16:05:08 -0400

Forgot to include the patches, basically just disabling a few testcases
that fail in the build environment.

---
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c	2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ 	s = suite_create("process");
+
+-	tc = tcase_create("return values");
+-	tcase_add_test(tc, test_retval_true);
+-	tcase_add_test(tc, test_retval_false);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("return values"); */
++	/* tcase_add_test(tc, test_retval_true); */
++	/* tcase_add_test(tc, test_retval_false); */
++	/* suite_add_tcase(s, tc); */
+
+ 	tc = tcase_create("not found");
+ 	tcase_add_test(tc, test_not_found);
+ 	suite_add_tcase(s, tc);
+
+-	tc = tcase_create("echo");
+-	tcase_add_test(tc, test_echo);
+-	tcase_add_test(tc, test_echo_err);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("env");
+-	tcase_add_test(tc, test_env);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("shell");
+-	tcase_add_test(tc, test_shell);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("echo"); */
++	/* tcase_add_test(tc, test_echo); */
++	/* tcase_add_test(tc, test_echo_err); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("env"); */
++	/* tcase_add_test(tc, test_env); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("shell"); */
++	/* tcase_add_test(tc, test_shell); */
++	/* suite_add_tcase(s, tc); */
+
+ 	return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ 	{UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ 	{UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+-	{1, FALSE, "Jan 01 01:00:01 1970"},
++	{1, FALSE, "Jan 01 00:00:01 1970"},
+ 	{1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+-	{1341150196, FALSE, "Jul 01 15:43:16 2012"},
++	{1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ 	{1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };
-- 
2.14.2

Message #11 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: adam <at> vany.ca, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 24 Oct 2017 22:11:11 +0200

Adam,

Adam Van Ymeren wrote on 24/10/17 at 20:58:
> Their website is not very precise about the licensing.  It just says
> GPL2, but all the files I checked were GPL2+, except one which says
> "MIT" but is really the text of the Expat license as listen on the FSF
> directory.

That's because what some call ‘MIT’ is almost always what the FSF (and
others) call ‘Expat’. The name ‘MIT’ is ambiguous and best avoided.

So you've made the right call :-)

> I believe the licensing info is correct now but I didn't do an
> exhaustive search of all files.

Unfortunately, that's the only way to be sure.

Most files are indeed GPL2+, or what I presume to be dual-licenced
GPL2+/Expat (e.g. src/swanctl/commands/list_sas.c).

A cursory inspection reveals additional BSD-4 headers in
src/libstrongswan/plugins/{blowfish,des}, BSD-3 in
src/include/sys/queue.h and src/libtncif/tncif*, and something vague in
src/libstrongswan/plugins/curve25519/ref10.

More eyeballs welcome.

> ---
>  gnu/packages/networking.scm | 33 +++++++++++++++++++++++++++++++++
>  1 file changed, 33 insertions(+)
> 
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 633b8ca43..6d639f716 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -78,6 +78,8 @@
>    #:use-module (gnu packages valgrind)
>    #:use-module (gnu packages wm)
>    #:use-module (gnu packages xml)
> +  #:use-module (gnu packages multiprecision)
> +  #:use-module (gnu packages gnuzilla)
>    #:use-module (ice-9 match))

Please try to keep these alphabetical. Aesthetic nit-picking aside, it
makes it harder to miss duplication, which does happen.

>  (define-public macchanger
> @@ -1494,3 +1496,34 @@ interface and a programmable text output for scripting.")
>      ;; Update the license field when upstream responds.
>      (license (list license:bsd-2
>                     license:expat))))
> +
> +(define-public strongswan
> +  (package
> +    (name "strongswan")
> +    (version "5.6.0")
> +    (source
> +     (origin
> +       (method url-fetch)
> +       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
> +       (sha256
> +        (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
> +       (patches
> +        (search-patches "strongswan-test_process-disable-all.patch"
> +                        "strongswan-test_time_printf_hook-pass-in-utc.patch"))))

These patches are missing from the series, so I can't build the package.

> +    (build-system gnu-build-system)
> +    (inputs
> +     `(("gmp" ,gmp)
> +       ("openssl" ,openssl)
> +       ("libgcrypt" ,libgcrypt)
> +       ("curl" ,curl)))

Please keep these alphabetically as well (or add explicit header
comments if the ordering is significant).

> +    (synopsis "IKEv1/v2 keying daemon")
> +    (description "strongswan is an open source IPSec implementation")

Newspeak aside[0], all software in Guix is Free. Removing ‘open source’
leaves us with a very short description indeed...

Is there a README, web, or man page who's opening paragraphs we could
shamelessly plunder?

> +    (home-page "https://strongswan.org/")
> +    (license
> +     ;; Everything seems to be gpl2+ except
> +     ;; src/libcharon/plugins/vici/libvici.h which is MIT/expat.  The actual
> +     ;; source file "libvici.h" claims it's MIT, but the actual text of the
> +     ;; license is identical to expat as listed here:
> +     ;; https://directory.fsf.org/wiki/License:Expat

The MIT/expat confusion is unfortunate but not unique to this package,
and doesn't need to be explained here.

> +     (list license:gpl2+
> +           license:expat))))

When possible, I prefer the more compact style of

  (list license:foo       ; src/frob.[ch], doc/frob.texi
        license:bar))))   ; everything else

but that's partly a matter of taste and line length.

Oh, and: thanks for packaging StrongSwan!

Kind regards,

T G-R

[0]: https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

Message #14 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: adam <at> vany.ca, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 24 Oct 2017 22:13:15 +0200

I missed one:

Adam Van Ymeren wrote on 24/10/17 at 20:58:
> +       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))

should be split over 2 lines to silence the linter.

Kind regards,

T G-R

Message #17 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 24 Oct 2017 19:08:27 -0400

Thanks for the repsonse and feedback!  I've appended a new patch at the
bottom of this message as well as replied to some of your comment inline.


Tobias Geerinckx-Rice <me <at> tobias.gr> writes:

>> I believe the licensing info is correct now but I didn't do an
>> exhaustive search of all files.
>
> Unfortunately, that's the only way to be sure.

Yeah, I was hoping somebody had a tool to make this faster :)  I wrote a
little script in guile and started working through it but its slow work.

I'm going on vacation next week so I might not be able to finish this
before then.

However it looks like Debian has a much more exhaustive listing of the
licenses here:
http://metadata.ftp-master.debian.org/changelogs/main/s/strongswan/strongswan_5.5.1-4+deb9u1_copyright

The 4 clause BSD licenses are troubling.  Apparently Debian doesn't
compile those files in their build.  Will have to investiate further.

For reference here's my shoddy guile script.

(use-modules (ice-9 ftw)
             (ice-9 textual-ports))

(define GPL " * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
")

(define GPL2 "--  This program is free software; you can redistribute it and/or modify it
--  under the terms of the GNU General Public License as published by the
--  Free Software Foundation; either version 2 of the License, or (at your
--  option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
")

(define (check-licenses preamble)
  (and (string? preamble)
       (not (string-contains preamble GPL))
       (not (string-contains preamble GPL2))))

(ftw
 "strongswan-5.6.0"
 (lambda (filename stat flag)
   (when (and
          (eq? flag 'regular)
          (not (member (substring (basename filename) (or (string-rindex (basename filename) #\.) 0))
                       '(".opt" ".conf" ".pem" ".in" ".am" ".mk" ".sql" "hostname" ".der" ".old" ".xml"))))
     (call-with-input-file filename
       (lambda (port)
         (let ((preamble (get-string-n port 5000)))
           (when (check-licenses preamble)
             (format #t "~A~%" filename))))))
   #t))


>> +    (synopsis "IKEv1/v2 keying daemon")
>> +    (description "strongswan is an open source IPSec implementation")
>
> Newspeak aside[0], all software in Guix is Free. Removing ‘open source’
> leaves us with a very short description indeed...
>
> Is there a README, web, or man page who's opening paragraphs we could
> shamelessly plunder?

I agree I don't like the usage of "open source" but that's how they
brand themselves, not sure if it's right for me to change it to read
Free Software.  I took this sentence from their README file.

How about this?  I wrote this based upon the top features they list on
their homepage.

"StrongSwan is an IPsec implementation originally based upon
the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
NAT-T and more."


> Oh, and: thanks for packaging StrongSwan!

NP :).

Updated patch below.

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 633b8ca43..552690556 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -64,6 +64,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
@@ -1494,3 +1495,35 @@ interface and a programmable text output for scripting.")
     ;; Update the license field when upstream responds.
     (license (list license:bsd-2
                    license:expat))))
+
+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+       (sha256
+        (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
+       (patches
+        (search-patches "strongswan-test_process-disable-all.patch"
+                        "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("curl" ,curl)
+       ("gmp" ,gmp)
+       ("libgcrypt" ,libgcrypt)
+       ("openssl" ,openssl)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+    (home-page "https://strongswan.org/")
+    (license
+     (list license:expat
+           license:bsd-3
+           license:bsd-4
+           license:gpl2+
+           license:public-domain ;src/libstrongswan/plugins/sha3/sha3_keccak.c
+           ))))
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c	2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ 	s = suite_create("process");
+
+-	tc = tcase_create("return values");
+-	tcase_add_test(tc, test_retval_true);
+-	tcase_add_test(tc, test_retval_false);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("return values"); */
++	/* tcase_add_test(tc, test_retval_true); */
++	/* tcase_add_test(tc, test_retval_false); */
++	/* suite_add_tcase(s, tc); */
+
+ 	tc = tcase_create("not found");
+ 	tcase_add_test(tc, test_not_found);
+ 	suite_add_tcase(s, tc);
+
+-	tc = tcase_create("echo");
+-	tcase_add_test(tc, test_echo);
+-	tcase_add_test(tc, test_echo_err);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("env");
+-	tcase_add_test(tc, test_env);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("shell");
+-	tcase_add_test(tc, test_shell);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("echo"); */
++	/* tcase_add_test(tc, test_echo); */
++	/* tcase_add_test(tc, test_echo_err); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("env"); */
++	/* tcase_add_test(tc, test_env); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("shell"); */
++	/* tcase_add_test(tc, test_shell); */
++	/* suite_add_tcase(s, tc); */
+
+ 	return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ 	{UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ 	{UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+-	{1, FALSE, "Jan 01 01:00:01 1970"},
++	{1, FALSE, "Jan 01 00:00:01 1970"},
+ 	{1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+-	{1341150196, FALSE, "Jul 01 15:43:16 2012"},
++	{1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ 	{1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };

Message #20 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Adam Van Ymeren <adam <at> vany.ca>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Sun, 19 Nov 2017 23:43:49 +0100

Hello!

Adam Van Ymeren <adam <at> vany.ca> skribis:

> Updated patch below.

Tobias, should we go ahead and applied this updated patch?  Feel free to
do so if it looks good to you.  :-)

Thanks,
Ludo’.

Message #23 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: ludo <at> gnu.org
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Sun, 19 Nov 2017 18:20:13 -0500

On November 19, 2017 5:43:49 PM EST, ludo <at> gnu.org wrote:
>Hello!
>
>Adam Van Ymeren <adam <at> vany.ca> skribis:
>
>> Updated patch below.
>
>Tobias, should we go ahead and applied this updated patch?  Feel free
>to
>do so if it looks good to you.  :-)
>
>Thanks,
>Ludo’.

Hey Ludo,

I'm still not sure we've gotten all the licensing info correct.  I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.

I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.

Message #26 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Adam Van Ymeren <adam <at> vany.ca>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Thu, 11 Jan 2018 22:48:51 +0100

Hi Adam,

Adam Van Ymeren <adam <at> vany.ca> skribis:

> I'm still not sure we've gotten all the licensing info correct.  I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>
> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.

Any update on this?

  https://bugs.gnu.org/28973

TIA,
Ludo’.

Message #29 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Fri, 12 Jan 2018 12:15:13 -0500

ludo <at> gnu.org (Ludovic Courtès) writes:

> Hi Adam,

Hey Ludo,

>
> Adam Van Ymeren <adam <at> vany.ca> skribis:
>
>> I'm still not sure we've gotten all the licensing info correct.  I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>>
>> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.
>
> Any update on this?


Some progress but not ready yet sorry.  Been busy :).

The debian package appears to have an exhaustive list of licensing
information for all files in this package here[1].

There are a few files under the 4-clause BSD which appear to only be
related to DES encryption.  Debian's solution to this is to just disable
DES to avoid compiling and including the binaries from those 4-clause
BSD files.

Would that be an acceptable solution for Guix as well?  I can write a
tool to convert the information from debian/copyright into a format
suitable for the Guix package.

[1] - https://anonscm.debian.org/cgit/pkg-swan/strongswan.git/tree/debian/copyright

Message #32 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Adam Van Ymeren <adam <at> vany.ca>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Sat, 13 Jan 2018 14:52:54 +0100

Hello,

Adam Van Ymeren <adam <at> vany.ca> skribis:

>> Adam Van Ymeren <adam <at> vany.ca> skribis:
>>
>>> I'm still not sure we've gotten all the licensing info correct.  I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>>>
>>> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.
>>
>> Any update on this?
>
>
> Some progress but not ready yet sorry.  Been busy :).
>
> The debian package appears to have an exhaustive list of licensing
> information for all files in this package here[1].
>
> There are a few files under the 4-clause BSD which appear to only be
> related to DES encryption.  Debian's solution to this is to just disable
> DES to avoid compiling and including the binaries from those 4-clause
> BSD files.
>
> Would that be an acceptable solution for Guix as well?

I think so.

> I can write a tool to convert the information from debian/copyright
> into a format suitable for the Guix package.

That would be handy, though debian/copyright is much more detailed than
a ‘license’ field (I didn’t know it’s become machine-readable, nice!).

Thanks,
Ludo’.

Message #35 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: adam <at> vany.ca, ludo <at> gnu.org
Cc: 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Sat, 13 Jan 2018 15:00:51 +0100

Adam,

I was writing basically a copy of Ludo's message when that arrived...
All good!

Kind regards,

T G-R

Message #38 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: 28973 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Mon, 15 Jan 2018 15:36:05 -0500

Okay updated patch below.  I pulled all the copyright information from
the debian package.  Added configure arguments to avoid compiling source
files which are 4-clause BSD licensed.

There is one file who's license I am not sure what to name.

src/libstrongswan/plugins/pkcs11.h

The text of the license is:

"This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved."

Debian listed this as "MIT" but I don't believe that is correct.  I
can't find text of any "MIT" license like this, and it doesn't match the
expat license either.

So, not really sure what to do there.

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..c0f66cfcc 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -66,6 +66,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
@@ -1498,6 +1499,60 @@ interface and a programmable text output for scripting.")
     (license (list license:bsd-2
                    license:expat))))

+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+       (sha256
+        (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+       (patches
+        (search-patches "strongswan-test_process-disable-all.patch"
+                        "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list
+        ;; Disable bsd-4 licensed plugins
+        "--disable-des"
+        "--disable-blowfish")))
+    (inputs
+     `(("curl" ,curl)
+       ("gmp" ,gmp)
+       ("libgcrypt" ,libgcrypt)
+       ("openssl" ,openssl)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+    (home-page "https://strongswan.org/")
+    (license
+     (list license:gpl2+
+           ;; src/aikgen/*
+           ;; src/libcharon/plugins/dnscert/*
+           ;; src/libcharon/plugins/ext_auth/*
+           ;; src/libcharon/plugins/vici/ruby/*
+           ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+           license:expat
+           ;; src/inclue/sys/*
+           license:bsd-3
+           ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+           license:public-domain
+           ;; These files are not included in the
+           ;; build, they are disabled through
+           ;; options to ./configure
+           ;;
+           ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+           ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+           ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+           ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+           ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+           ;; src/libstrongswan/plugins/des/des_crypter.c
+           license:bsd-4))))
+
 (define-public libnet
   (package
     (name "libnet")
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c	2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ 	s = suite_create("process");
+
+-	tc = tcase_create("return values");
+-	tcase_add_test(tc, test_retval_true);
+-	tcase_add_test(tc, test_retval_false);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("return values"); */
++	/* tcase_add_test(tc, test_retval_true); */
++	/* tcase_add_test(tc, test_retval_false); */
++	/* suite_add_tcase(s, tc); */
+
+ 	tc = tcase_create("not found");
+ 	tcase_add_test(tc, test_not_found);
+ 	suite_add_tcase(s, tc);
+
+-	tc = tcase_create("echo");
+-	tcase_add_test(tc, test_echo);
+-	tcase_add_test(tc, test_echo_err);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("env");
+-	tcase_add_test(tc, test_env);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("shell");
+-	tcase_add_test(tc, test_shell);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("echo"); */
++	/* tcase_add_test(tc, test_echo); */
++	/* tcase_add_test(tc, test_echo_err); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("env"); */
++	/* tcase_add_test(tc, test_env); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("shell"); */
++	/* tcase_add_test(tc, test_shell); */
++	/* suite_add_tcase(s, tc); */
+
+ 	return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ 	{UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ 	{UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+-	{1, FALSE, "Jan 01 01:00:01 1970"},
++	{1, FALSE, "Jan 01 00:00:01 1970"},
+ 	{1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+-	{1341150196, FALSE, "Jul 01 15:43:16 2012"},
++	{1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ 	{1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };

Message #41 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: adam <at> vany.ca, 28973 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Mon, 15 Jan 2018 22:50:08 +0100

Adam Van Ymeren wrote on 15/01/18 at 21:36:
> There is one file who's license I am not sure what to name.
> 
> src/libstrongswan/plugins/pkcs11.h
> 
> The text of the license is:
> 
> "This file is free software; as a special exception the author gives
> unlimited permission to copy and/or distribute it, with or without
> modifications, as long as this notice is preserved."
> 
> Debian listed this as "MIT" but I don't believe that is correct.  I
> can't find text of any "MIT" license like this, and it doesn't match the
> expat license either.

There's always the non-copyleft procedure for uncommon (but free)
licences that don't have their own entry.

Is that the entire licence text? It sounds strange to me (exception to
what?). I'm obviously not clever enough to be a lawyer.

Yay,

T G-R

Message #44 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>,28973 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Mon, 15 Jan 2018 17:32:45 -0500

On January 15, 2018 4:50:08 PM EST, Tobias Geerinckx-Rice <me <at> tobias.gr> wrote:
>There's always the non-copyleft procedure for uncommon (but free)
>licences that don't have their own entry.

Didn't know about that.  That's probably the right thing to use here?

>
>Is that the entire licence text? It sounds strange to me (exception to
>what?). I'm obviously not clever enough to be a lawyer.

Yeah thats the entire licence text, it is strange.  It's similar to what appears in the top of '"configure" scripts as generated by autoconf.

>
>Yay,
>
>T G-R

Message #47 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: 28973 <at> debbugs.gnu.org
Subject: Updated: [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 23 Jan 2018 15:43:26 -0500

I think this is good to commit now.  I've put in all the licensing info,
disabled compilation of BSD-4 licensed files, and documented one file
with a unknown but permissive license.

---

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..343708c1e 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -66,6 +66,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
@@ -1498,6 +1499,65 @@ interface and a programmable text output for scripting.")
     (license (list license:bsd-2
                    license:expat))))

+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+       (sha256
+        (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+       (patches
+        (search-patches "strongswan-test_process-disable-all.patch"
+                        "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list
+        ;; Disable bsd-4 licensed plugins
+        "--disable-des"
+        "--disable-blowfish")))
+    (inputs
+     `(("curl" ,curl)
+       ("gmp" ,gmp)
+       ("libgcrypt" ,libgcrypt)
+       ("openssl" ,openssl)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+    (home-page "https://strongswan.org/")
+    (license
+     (list license:gpl2+
+           ;; src/aikgen/*
+           ;; src/libcharon/plugins/dnscert/*
+           ;; src/libcharon/plugins/ext_auth/*
+           ;; src/libcharon/plugins/vici/ruby/*
+           ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+           license:expat
+           ;; src/inclue/sys/*
+           license:bsd-3
+           ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+           license:public-domain
+           ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
+           (license:non-copyleft
+            "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
+            "pkcs11 contains a unknown permissive license. View the specific
+file for more details.")
+           ;; These files are not included in the
+           ;; build, they are disabled through
+           ;; options to ./configure
+           ;;
+           ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+           ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+           ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+           ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+           ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+           ;; src/libstrongswan/plugins/des/des_crypter.c
+           license:bsd-4))))
+
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c	2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ 	s = suite_create("process");
+
+-	tc = tcase_create("return values");
+-	tcase_add_test(tc, test_retval_true);
+-	tcase_add_test(tc, test_retval_false);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("return values"); */
++	/* tcase_add_test(tc, test_retval_true); */
++	/* tcase_add_test(tc, test_retval_false); */
++	/* suite_add_tcase(s, tc); */
+
+ 	tc = tcase_create("not found");
+ 	tcase_add_test(tc, test_not_found);
+ 	suite_add_tcase(s, tc);
+
+-	tc = tcase_create("echo");
+-	tcase_add_test(tc, test_echo);
+-	tcase_add_test(tc, test_echo_err);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("env");
+-	tcase_add_test(tc, test_env);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("shell");
+-	tcase_add_test(tc, test_shell);
+-	suite_add_tcase(s, tc);
++	/* tc = tcase_create("echo"); */
++	/* tcase_add_test(tc, test_echo); */
++	/* tcase_add_test(tc, test_echo_err); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("env"); */
++	/* tcase_add_test(tc, test_env); */
++	/* suite_add_tcase(s, tc); */
++
++	/* tc = tcase_create("shell"); */
++	/* tcase_add_test(tc, test_shell); */
++	/* suite_add_tcase(s, tc); */
+
+ 	return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c	2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ 	{UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ 	{UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+-	{1, FALSE, "Jan 01 01:00:01 1970"},
++	{1, FALSE, "Jan 01 00:00:01 1970"},
+ 	{1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+-	{1341150196, FALSE, "Jul 01 15:43:16 2012"},
++	{1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ 	{1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };

Message #50 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Adam Van Ymeren <adam <at> vany.ca>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Tue, 30 Jan 2018 22:22:57 +0100

Hi,

Adam Van Ymeren <adam <at> vany.ca> skribis:

> Okay updated patch below.  I pulled all the copyright information from
> the debian package.  Added configure arguments to avoid compiling source
> files which are 4-clause BSD licensed.
>
> There is one file who's license I am not sure what to name.
>
> src/libstrongswan/plugins/pkcs11.h
>
> The text of the license is:
>
> "This file is free software; as a special exception the author gives
> unlimited permission to copy and/or distribute it, with or without
> modifications, as long as this notice is preserved."
>
> Debian listed this as "MIT" but I don't believe that is correct.  I
> can't find text of any "MIT" license like this, and it doesn't match the
> expat license either.

Like you wrote it’s like what short GNU helper files have, so you could
use ‘non-copyleft’ like Tobias mentions.

To me the only remaining issue is:

> --- /dev/null
> +++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
> @@ -0,0 +1,48 @@
> +

For both patches please add two or three lines explaining what the patch
does and why.

The first one can probably be called ‘strongswan-skip-tests.patch’.

> +diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
> +--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
> ++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c	2017-10-23 15:10:12.753837342 -0400
> +@@ -201,27 +201,27 @@
> +
> + 	s = suite_create("process");
> +
> +-	tc = tcase_create("return values");
> +-	tcase_add_test(tc, test_retval_true);
> +-	tcase_add_test(tc, test_retval_false);
> +-	suite_add_tcase(s, tc);
> ++	/* tc = tcase_create("return values"); */
> ++	/* tcase_add_test(tc, test_retval_true); */
> ++	/* tcase_add_test(tc, test_retval_false); */
> ++	/* suite_add_tcase(s, tc); */

As a bonus, it’s better if you remove the lines instead of commenting
them out: it makes the patch shorter and easier to read.

Could you send an updated patch?  We’re pretty much done.  :-)

Thank you!

Ludo’.

Message #53 received at 28973 <at> debbugs.gnu.org (full text, mbox):

From: Adam Van Ymeren <adam <at> vany.ca>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973 <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Wed, 31 Jan 2018 14:46:02 -0500

Okay I think I've done all your comments.  I figured out how to get some
of the tests that were failing to pass so I dropped one of the patches
and cleaned up the other one.

I also added non-copyleft license for that one file.

I spent some time trying to debug the remaining failing tests.  They
make some assumptions about paths which are not true in the build
container, I managed to get some to pass when I run manually in a
container from guix environment -C, but they still fail when $ guix
build runs, so I've left in the patch to disable them.  They're really
not essential tests.

Updated patch below.

---
 gnu/packages/networking.scm                      | 71 ++++++++++++++++++++++++
 gnu/packages/patches/strongswan-skip-tests.patch | 33 +++++++++++
 2 files changed, 104 insertions(+)
 create mode 100644 gnu/packages/patches/strongswan-skip-tests.patch

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..0138e59e3 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -49,6 +49,7 @@
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
   #:use-module (gnu packages code)
@@ -66,6 +67,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
@@ -1567,3 +1569,72 @@ routers (or @dfn{hops}) between the local host and a user-specified destination.
 It then continually measures the response time and packet loss at each hop, and
 displays the results in real time.")
     (license license:gpl2+)))
+
+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+       (sha256
+        (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+       (patches
+        (search-patches "strongswan-skip-tests.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; This is needed for tests
+         (add-after 'unpack 'set-TZDIR
+           (lambda* (#:key inputs #:allow-other-keys)
+             (setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
+                                            "/share/zoneinfo"))
+             #t)))
+       #:configure-flags
+       (list
+        ;; Disable bsd-4 licensed plugins
+        "--disable-des"
+        "--disable-blowfish")))
+    (inputs
+     `(("curl" ,curl)
+       ("gmp" ,gmp)
+       ("libgcrypt" ,libgcrypt)
+       ("openssl" ,openssl)))
+    (native-inputs
+     `(("coreutils" ,coreutils)
+       ("tzdata" ,tzdata-2017a)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+    (home-page "https://strongswan.org/")
+    (license
+     (list license:gpl2+
+           ;; src/aikgen/*
+           ;; src/libcharon/plugins/dnscert/*
+           ;; src/libcharon/plugins/ext_auth/*
+           ;; src/libcharon/plugins/vici/ruby/*
+           ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+           license:expat
+           ;; src/inclue/sys/*
+           license:bsd-3
+           ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+           license:public-domain
+           ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
+           (license:non-copyleft
+            "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
+            "pkcs11 contains a unknown permissive license. View the specific
+file for more details.")
+           ;; These files are not included in the
+           ;; build, they are disabled through
+           ;; options to ./configure
+           ;;
+           ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+           ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+           ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+           ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+           ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+           ;; src/libstrongswan/plugins/des/des_crypter.c
+           license:bsd-4))))
diff --git a/gnu/packages/patches/strongswan-skip-tests.patch b/gnu/packages/patches/strongswan-skip-tests.patch
new file mode 100644
index 000000000..b2a93ea99
--- /dev/null
+++ b/gnu/packages/patches/strongswan-skip-tests.patch
@@ -0,0 +1,33 @@
+Delete some tests that fail to run in the build container.
+
+diff -ur strongswan-5.6.1-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.1/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.1-original/src/libstrongswan/tests/suites/test_process.c	2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.1/src/libstrongswan/tests/suites/test_process.c	2018-01-31 14:31:39.644634648 -0500
+@@ -201,27 +201,9 @@
+
+ 	s = suite_create("process");
+
+-	tc = tcase_create("return values");
+-	tcase_add_test(tc, test_retval_true);
+-	tcase_add_test(tc, test_retval_false);
+-	suite_add_tcase(s, tc);
+-
+ 	tc = tcase_create("not found");
+ 	tcase_add_test(tc, test_not_found);
+ 	suite_add_tcase(s, tc);
+
+-	tc = tcase_create("echo");
+-	tcase_add_test(tc, test_echo);
+-	tcase_add_test(tc, test_echo_err);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("env");
+-	tcase_add_test(tc, test_env);
+-	suite_add_tcase(s, tc);
+-
+-	tc = tcase_create("shell");
+-	tcase_add_test(tc, test_shell);
+-	suite_add_tcase(s, tc);
+-
+ 	return s;
+ }
-- 
2.15.1

Message #58 received at 28973-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Adam Van Ymeren <adam <at> vany.ca>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 28973-done <at> debbugs.gnu.org
Subject: Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
Date: Wed, 31 Jan 2018 23:33:54 +0100

Adam Van Ymeren <adam <at> vany.ca> skribis:

> Okay I think I've done all your comments.  I figured out how to get some
> of the tests that were failing to pass so I dropped one of the patches
> and cleaned up the other one.
>
> I also added non-copyleft license for that one file.
>
> I spent some time trying to debug the remaining failing tests.  They
> make some assumptions about paths which are not true in the build
> container, I managed to get some to pass when I run manually in a
> container from guix environment -C, but they still fail when $ guix
> build runs, so I've left in the patch to disable them.  They're really
> not essential tests.

I’ve adjusted said file names in test_process.c and in the library,
removed the patch (tests pass!), adjusted the commit log, and pushed as
5f645557a475696c17d936024018103811e1a525.

Thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.