GNU bug report logs -
#48626
[PATCH] strongswan: enable more sensible defaults.
Previous Next
Reported by: Domagoj Stolfa <ds815 <at> gmx.com>
Date: Mon, 24 May 2021 15:45:01 UTC
Severity: normal
Tags: patch
Done: Tobias Geerinckx-Rice <me <at> tobias.gr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 48626 in the body.
You can then email your comments to 48626 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#48626; Package
guix-patches.
(Mon, 24 May 2021 15:45:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Domagoj Stolfa <ds815 <at> gmx.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 24 May 2021 15:45:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Presently, the strongswan defaults are too minimal to be used with most
common VPN setups. This commit enables support for a number of things
that should make strongswan much more usable in Guix. It also explicitly
disables AESNI in order to not rely on an Intel implementation.
---
gnu/packages/networking.scm | 52 +++++++++++++++++++++++++++++++++++--
1 file changed, 50 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8bcaa98fbb..1ce7adfde9 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2863,14 +2863,62 @@ displays the results in real time.")
(list
;; Disable bsd-4 licensed plugins.
"--disable-des"
- "--disable-blowfish")))
+ "--disable-blowfish"
+ ;; Disable AESNI
+ "--disable-aesni"
+ ;; Disable systemd
+ "--disable-systemd"
+ ;; Don't use mysql or OpenLDAP
+ "--disable-mysql"
+ "--disable-ldap"
+ ;; Enable the rest needed for a sensible configuration
+ "--enable-attr-sql"
+ "--enable-chapoly"
+ "--enable-curl"
+ "--enable-dhcp"
+ "--enable-farp"
+ "--enable-md4"
+ "--enable-eap-aka"
+ "--enable-eap-aka-3gpp"
+ "--enable-eap-dynamic"
+ "--enable-eap-identity"
+ "--enable-eap-md5"
+ "--enable-eap-mschapv2"
+ "--enable-eap-peap"
+ "--enable-eap-radius"
+ "--enable-eap-sim"
+ "--enable-eap-sim-file"
+ "--enable-eap-simaka-pseudonym"
+ "--enable-eap-simaka-reauth"
+ "--enable-eap-simaka-sql"
+ "--enable-eap-tls"
+ "--enable-eap-tnc"
+ "--enable-eap-ttls"
+ "--enable-xauth-eap"
+ "--enable-ext-auth"
+ "--enable-led"
+ "--enable-ha"
+ "--enable-mediation"
+ "--enable-soup"
+ "--enable-sql"
+ "--enable-sqlite"
+ "--enable-openssl"
+ "--enable-xauth-eap"
+ "--enable-xauth-noauth"
+ "--enable-xauth-pam"
+ ;; Use libcap by default
+ "--with-capabilities=libcap")))
(inputs
`(("curl" ,curl)
("gmp" ,gmp)
("libgcrypt" ,libgcrypt)
- ("openssl" ,openssl)))
+ ("openssl" ,openssl)
+ ("libsoup" ,libsoup)
+ ("libcap" ,libcap)
+ ("linux-pam" ,linux-pam)))
(native-inputs
`(("coreutils" ,coreutils)
+ ("pkg-config" ,pkg-config)
("tzdata" ,tzdata-for-tests)))
(synopsis "IKEv1/v2 keying daemon")
(description "StrongSwan is an IPsec implementation originally based upon
--
2.31.1
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#48626; Package
guix-patches.
(Mon, 24 May 2021 20:18:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 48626 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Presently, the strongswan defaults are too minimal to be used with most
common VPN setups. This commit enables support for a number of things
that should make strongswan much more usable in Guix.
---
gnu/packages/networking.scm | 47 +++++++++++++++++++++++++++++++++++--
1 file changed, 45 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8bcaa98fbb..bfaf8a8535 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2861,16 +2861,59 @@ displays the results in real time.")
#t)))
#:configure-flags
(list
- ;; Disable bsd-4 licensed plugins.
+ ;; Disable bsd-4 licensed plugins (Blowfish, DES).
+ "--disable-blowfish"
"--disable-des"
- "--disable-blowfish")))
+ "--disable-ldap"
+ "--disable-mysql"
+ "--disable-systemd"
+ "--enable-aesni"
+ "--enable-attr-sql"
+ "--enable-chapoly"
+ "--enable-curl"
+ "--enable-dhcp"
+ "--enable-eap-aka"
+ "--enable-eap-aka-3gpp"
+ "--enable-eap-dynamic"
+ "--enable-eap-identity"
+ "--enable-eap-md5"
+ "--enable-eap-mschapv2"
+ "--enable-eap-peap"
+ "--enable-eap-radius"
+ "--enable-eap-sim"
+ "--enable-eap-sim-file"
+ "--enable-eap-simaka-pseudonym"
+ "--enable-eap-simaka-reauth"
+ "--enable-eap-simaka-sql"
+ "--enable-eap-tls"
+ "--enable-eap-tnc"
+ "--enable-eap-ttls"
+ "--enable-ext-auth"
+ "--enable-farp"
+ "--enable-ha"
+ "--enable-led"
+ "--enable-md4"
+ "--enable-mediation"
+ "--enable-openssl"
+ "--enable-soup"
+ "--enable-sql"
+ "--enable-sqlite"
+ "--enable-xauth-eap"
+ "--enable-xauth-noauth"
+ "--enable-xauth-pam"
+ ;; Use libcap by default
+ "--with-capabilities=libcap")))
(inputs
`(("curl" ,curl)
("gmp" ,gmp)
+ ("libcap" ,libcap)
("libgcrypt" ,libgcrypt)
+ ("libsoup" ,libsoup)
+ ("linux-pam" ,linux-pam)
("openssl" ,openssl)))
(native-inputs
`(("coreutils" ,coreutils)
+ ("pkg-config" ,pkg-config)
("tzdata" ,tzdata-for-tests)))
(synopsis "IKEv1/v2 keying daemon")
(description "StrongSwan is an IPsec implementation originally based upon
--
2.31.1
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
You have taken responsibility.
(Sun, 06 Jun 2021 13:45:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Domagoj Stolfa <ds815 <at> gmx.com>:
bug acknowledged by developer.
(Sun, 06 Jun 2021 13:45:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 48626-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Domagoj,
Domagoj Stolfa 写道:
> Presently, the strongswan defaults are too minimal to be used
> with most
> common VPN setups. This commit enables support for a number of
> things
> that should make strongswan much more usable in Guix.
Thanks! I moved this to a comment, added a commit message
following our conventions[0], and pushed it as
77056478a2de22db6613d24ed37f7496afba42db.
Kind regards,
T G-R
[0]: Of course this one's bonkers because of all the options,
which probably don't need to be explicitly listed, but what else
are computers for than to automate such things.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 05 Jul 2021 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 288 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.