diff options
Diffstat (limited to 'gnu/packages/vpn.scm')
| -rw-r--r-- | gnu/packages/vpn.scm | 245 |
1 files changed, 106 insertions, 139 deletions
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 330a3271b4..4ad555ef1b 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2016, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> ;;; Copyright © 2016, 2017, 2019, 2021 Efraim Flashner <efraim@flashner.co.il> @@ -240,7 +240,7 @@ (add-after 'python-wrap 'qt-wrap (assoc-ref qt:%standard-phases 'qt-wrap))))) (native-inputs - `(("pkg-config" ,pkg-config))) + (list pkg-config)) (inputs `(("iproute" ,iproute) ("iptables" ,iptables) @@ -254,19 +254,13 @@ ("qtquickcontrols" ,qtquickcontrols) ("qtquickcontrols2" ,qtquickcontrols2))) (propagated-inputs - `(("go-0xacab-org-leap-shapeshifter" - ,go-0xacab-org-leap-shapeshifter) - ("go-github-com-apparentlymart-go-openvpn-mgmt" - ,go-github-com-apparentlymart-go-openvpn-mgmt) - ("go-github-com-emersion-go-autostart" - ,go-github-com-emersion-go-autostart) - ("go-github-com-keybase-go-ps" - ,go-github-com-keybase-go-ps) - ("go-github-com-rakyll-statik" - ,go-github-com-rakyll-statik) - ("go-github-com-sevlyar-go-daemon" - ,go-github-com-sevlyar-go-daemon) - ("go-golang-org-x-sys" ,go-golang-org-x-sys))) + (list go-0xacab-org-leap-shapeshifter + go-github-com-apparentlymart-go-openvpn-mgmt + go-github-com-emersion-go-autostart + go-github-com-keybase-go-ps + go-github-com-rakyll-statik + go-github-com-sevlyar-go-daemon + go-golang-org-x-sys)) (synopsis "Generic VPN client by LEAP") (description "Bitmask, by @acronym{LEAP, LEAP Encryption Access Project}, is an application to provide easy and secure encrypted communication with a @@ -289,9 +283,8 @@ Networks and The Calyx Institute, where the former is default.") "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi")))) (build-system gnu-build-system) (home-page "http://software.schmorp.de/pkg/gvpe.html") - (native-inputs `(("pkg-config" ,pkg-config))) - (inputs `(("openssl" ,openssl) - ("zlib" ,zlib))) + (native-inputs (list pkg-config)) + (inputs (list openssl zlib)) (synopsis "Secure VPN among multiple nodes over an untrusted network") (description "The GNU Virtual Private Ethernet creates a virtual network @@ -303,14 +296,14 @@ endpoints.") (define-public strongswan (package (name "strongswan") - (version "5.9.3") + (version "5.9.4") (source (origin (method url-fetch) (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2")) (sha256 - (base32 "1xy6c9c7bq5a5jmm04r9f9iqn39yrr1dkq81jhvpxsd4l1ban9ck")))) + (base32 "063mi0kdlpd7r7s3py35yf80hvrv3nrdfvxpyn7ns25gqajg3za5")))) (build-system gnu-build-system) (arguments `(#:phases @@ -323,18 +316,16 @@ endpoints.") "/bin/" command))) (substitute* "src/libstrongswan/utils/process.c" (("/bin/sh") - (string-append (assoc-ref inputs "bash") "/bin/sh"))) + (search-input-file inputs "/bin/sh"))) (substitute* "src/libstrongswan/tests/suites/test_process.c" (("/bin/sh") (which "sh")) (("/bin/echo") (which "echo")) - (("cat") (which "cat"))) - #t)) + (("cat") (which "cat"))))) (add-before 'check 'set-up-test-environment (lambda* (#:key inputs #:allow-other-keys) - (setenv "TZDIR" (string-append (assoc-ref inputs "tzdata") - "/share/zoneinfo")) - #t))) + (setenv "TZDIR" + (search-input-directory inputs "share/zoneinfo"))))) #:configure-flags (list "--disable-ldap" @@ -386,18 +377,16 @@ endpoints.") ;; Use libcap by default. "--with-capabilities=libcap"))) (inputs - `(("coreutils" ,coreutils) - ("curl" ,curl) - ("gmp" ,gmp) - ("libcap" ,libcap) - ("libgcrypt" ,libgcrypt) - ("libsoup" ,libsoup) - ("linux-pam" ,linux-pam) - ("openssl" ,openssl))) + (list coreutils + curl + gmp + libcap + libgcrypt + libsoup + linux-pam + openssl)) (native-inputs - `(("coreutils" ,coreutils) - ("pkg-config" ,pkg-config) - ("tzdata" ,tzdata-for-tests))) + (list coreutils pkg-config tzdata-for-tests)) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based upon the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6, @@ -418,7 +407,7 @@ NAT-T and more.") ;; src/libstrongswan/plugins/pkcs11/pkcs11.h (license:non-copyleft "file://src/libstrongswan/plugins/pkcs11/pkcs11.h" - "pkcs11 contains a unknown permissive license. View the specific + "pkcs11 contains an unknown permissive license. View the specific file for more details.") ;; These files are not included in the ;; build, they are disabled through @@ -443,9 +432,7 @@ file for more details.") (sha256 (base32 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) (build-system gnu-build-system) - (inputs `(("libgcrypt" ,libgcrypt) - ("perl" ,perl) - ("vpnc-scripts" ,vpnc-scripts))) + (inputs (list libgcrypt perl vpnc-scripts)) (arguments `(#:tests? #f ; there is no check target #:phases @@ -490,13 +477,13 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") (base32 "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx")))) (build-system gnu-build-system) - (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts - ("coreutils" ,coreutils) - ("grep" ,grep) - ("iproute2" ,iproute) ; for ‘ip’ - ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ - ("sed" ,sed) - ("which" ,which))) + (inputs (list guile-3.0 ; for the wrapper scripts + coreutils + grep + iproute ; for ‘ip’ + net-tools ; for ‘ifconfig’, ‘route’ + sed + which)) (arguments `(#:phases (modify-phases %standard-phases @@ -531,10 +518,12 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") ;; Wrap scripts with paths to their common hard dependencies. ;; Optional dependencies will need to be installed by the user. (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) + (let ((out (assoc-ref outputs "out")) + (guile (search-input-file inputs "bin/guile"))) (for-each (lambda (script) (wrap-script (string-append out "/etc/vpnc/" script) + #:guile guile `("PATH" ":" prefix ,(map (lambda (name) (let ((input (assoc-ref inputs name))) @@ -581,10 +570,9 @@ the entire VPN in a network namespace accessible only through SSH.") "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx")))) (build-system gnu-build-system) (native-inputs - `(("autoconf" ,autoconf) - ("automake" ,automake))) + (list autoconf automake)) (inputs - `(("libevent" ,libevent))) + (list libevent)) (home-page "https://github.com/cernekee/ocproxy") (synopsis "OpenConnect proxy") (description @@ -606,12 +594,9 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih")))) (build-system gnu-build-system) (propagated-inputs - `(("libxml2" ,libxml2) - ("gnutls" ,gnutls) - ("zlib" ,zlib))) + (list libxml2 gnutls zlib)) (inputs - `(("lz4" ,lz4) - ("vpnc-scripts" ,vpnc-scripts))) + (list lz4 vpnc-scripts)) (native-inputs `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) @@ -663,26 +648,26 @@ and probably others.") (assoc-ref inputs "qtwebengine") "/lib/qt5/libexec/QtWebEngineProcess"))) (wrap-program bin + #:sh (search-input-file inputs "bin/bash") `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path))) #t)))))) (inputs - `(("openconnect" ,openconnect) - ("python-attrs" ,python-attrs) - ("python-colorama" ,python-colorama) - ("python-keyring" ,python-keyring) - ("python-lxml" ,python-lxml) - ("python-prompt-toolkit" ,python-prompt-toolkit) - ("python-requests" ,python-requests) - ("python-pyqt" ,python-pyqt) - ("python-pyqtwebengine" ,python-pyqtwebengine) - ("python-pysocks" ,python-pysocks) - ("python-pyxdg" ,python-pyxdg) - ("python-structlog" ,python-structlog) - ("python-toml" ,python-toml) - ("qtwebengine" ,qtwebengine))) + (list openconnect + python-attrs + python-colorama + python-keyring + python-lxml + python-prompt-toolkit + python-requests + python-pyqt + python-pyqtwebengine + python-pysocks + python-pyxdg + python-structlog + python-toml + qtwebengine)) (native-inputs - `(("python-pytest" ,python-pytest) - ("python-setuptools-scm" ,python-setuptools-scm))) + (list python-pytest python-setuptools-scm)) (home-page "https://github.com/vlaci/openconnect-sso") (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)") (description @@ -705,12 +690,9 @@ and probably others.") "1qsfgpxg553s8rc9cyrc4k96z0pislxsdxb9wyhp8fdprkak2mw2")))) (build-system gnu-build-system) (native-inputs - `(("autoconf" ,autoconf) - ("autotools" ,automake) - ("pkg-config" ,pkg-config))) + (list autoconf automake pkg-config)) (inputs - `(("openssl" ,openssl) - ("ppp" ,ppp))) + (list openssl ppp)) (home-page "https://github.com/adrienverge/openfortivpn") (synopsis "Client for PPP+SSL VPN tunnel services") (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It @@ -721,7 +703,7 @@ this process. It is compatible with Fortinet VPNs.") (define-public openvpn (package (name "openvpn") - (version "2.5.3") + (version "2.5.5") (source (origin (method url-fetch) (uri (string-append @@ -729,17 +711,14 @@ this process. It is compatible with Fortinet VPNs.") version ".tar.xz")) (sha256 (base32 - "0zlski66mw10klmwvg445z051mld7xjng4iyl4f9b883qr1rjspv")))) + "0fq0nvgpbyvdxc8vwka51whgm3kkvjb3c9xarpv3h211l2gxd6qi")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-iproute2=yes"))) (native-inputs - `(("iproute2" ,iproute))) + (list iproute)) (inputs - `(("lz4" ,lz4) - ("lzo" ,lzo) - ("openssl" ,openssl) - ("linux-pam" ,linux-pam))) + (list lz4 lzo openssl linux-pam)) (home-page "https://openvpn.net/") (synopsis "Virtual private network daemon") (description @@ -776,6 +755,7 @@ traversing network address translators (@dfn{NAT}s) and firewalls.") (let ((entrypoint (string-append (assoc-ref outputs "out") "/bin/.protonvpn-real"))) (wrap-program entrypoint + #:sh (search-input-file inputs "bin/bash") `("PATH" ":" prefix ,(map (lambda (name) (let ((input (assoc-ref inputs name))) @@ -790,18 +770,18 @@ traversing network address translators (@dfn{NAT}s) and firewalls.") "which"))))) #t))))) (native-inputs - `(("python-docopt" ,python-docopt))) + (list python-docopt)) (inputs - `(("dialog" ,dialog) - ("iproute2" ,iproute) - ("iptables" ,iptables) - ("ncurses" ,ncurses) - ("openvpn" ,openvpn) - ("procps" ,procps) - ("python-jinja2" ,python-jinja2) - ("python-pythondialog" ,python-pythondialog) - ("python-requests" ,python-requests) - ("which" ,which))) + (list dialog + iproute + iptables + ncurses + openvpn + procps + python-jinja2 + python-pythondialog + python-requests + which)) (synopsis "Command-line client for ProtonVPN") (description "This is the official command-line interface for ProtonVPN, a secure @@ -827,9 +807,7 @@ VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.") '(#:configure-flags '("--sysconfdir=/etc" "--localstatedir=/var"))) - (inputs `(("zlib" ,zlib) - ("lzo" ,lzo) - ("openssl" ,openssl))) + (inputs (list zlib lzo openssl)) (home-page "https://tinc-vpn.org") (synopsis "Virtual Private Network (VPN) daemon") (description @@ -860,12 +838,12 @@ private network between hosts on the internet.") (("/bin/sh") "sh")) #t))))) (native-inputs - `(("python-setuptools-scm" ,python-setuptools-scm) - ;; For tests only. - ("python-flake8" ,python-flake8) - ("python-mock" ,python-mock) - ("python-pytest-cov" ,python-pytest-cov) - ("python-pytest-runner" ,python-pytest-runner))) + (list python-setuptools-scm + ;; For tests only. + python-flake8 + python-mock + python-pytest-cov + python-pytest-runner)) (home-page "https://github.com/sshuttle/sshuttle") (synopsis "VPN that transparently forwards connections over SSH") (description "sshuttle creates an encrypted virtual private network (VPN) @@ -899,14 +877,10 @@ DNS domain name queries.") (("/bin/sh") (which "sh"))) #t))))) (inputs - `(("python-argcomplete" ,python-argcomplete) - ("python-prettytable" ,python-prettytable) - ("python-pyyaml" ,python-pyyaml))) + (list python-argcomplete python-prettytable python-pyyaml)) ;; For tests only. (native-inputs - `(("python-fixtures" ,python-fixtures) - ("python-pbr" ,python-pbr) - ("python-testtools" ,python-testtools))) + (list python-fixtures python-pbr python-testtools)) (home-page "https://github.com/albertodonato/sshoot") (synopsis "sshuttle VPN session manager") (description "sshoot provides a command-line interface to manage multiple @@ -931,11 +905,9 @@ with configuration options for most of @command{sshuttle}’s features.") (arguments '(#:tests? #f)) ; no tests (inputs - `(("nspr" ,nspr) - ("nss" ,nss) - ("openssl" ,openssl))) + (list nspr nss openssl)) (native-inputs - `(("pkg-config" ,pkg-config))) + (list pkg-config)) (home-page "https://github.com/ambrop72/badvpn") (synopsis "Peer-to-peer virtual private network (VPN)") (description "@code{BadVPN} is a collection of virtual private @@ -1016,7 +988,7 @@ WireGuard was added to Linux 5.6.") (define-public wireguard-tools (package (name "wireguard-tools") - (version "1.0.20210424") + (version "1.0.20210914") (source (origin (method git-fetch) @@ -1025,7 +997,7 @@ WireGuard was added to Linux 5.6.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "12v0ykaz7phv1gqin35wf6ndgb9819vai17ynjxssq00xwcbsq43")))) + (base32 "1nafrb2naif0z7z3vijnlyp81z89ywzlagc64k4sqa3ayzn95sm0")))) (build-system gnu-build-system) (arguments `(#:make-flags @@ -1043,27 +1015,28 @@ WireGuard was added to Linux 5.6.") #:tests? #f #:phases (modify-phases %standard-phases - ;; No configure script - (delete 'configure) + (delete 'configure) ; no configure script (add-after 'install 'install-contrib-docs (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (copy-recursively "contrib/" - (string-append out "/share/doc/wireguard-tools")) - #t))) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/wireguard-tools"))) + (copy-recursively "contrib/" doc)))) (add-after 'install 'wrap-wg-quick (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (inputs-sbin (map (lambda (input) - (string-append (assoc-ref inputs input) "/sbin")) - (list "resolvconf" "iproute" "procps" - "iptables"))) - (coreutils (string-append (assoc-ref inputs "coreutils") - "/bin"))) + (string-append (assoc-ref inputs input) + "/sbin")) + (list "iproute" + "iptables" + "procps" + "resolvconf"))) + (coreutils (string-append (assoc-ref inputs "coreutils") + "/bin"))) (wrap-program (string-append out "/bin/wg-quick") + #:sh (search-input-file inputs "bin/bash") `("PATH" ":" prefix ,(append inputs-sbin - (list coreutils)))) - #t)))))) + (list coreutils)))))))))) (inputs `(("resolvconf" ,openresolv) ("coreutils" ,coreutils) @@ -1085,9 +1058,6 @@ public keys and can roam across IP addresses.") (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library license:gpl2)))) ; everything else -(define-public wireguard - (deprecated-package "wireguard" wireguard-tools)) - (define-public xl2tpd (package (name "xl2tpd") @@ -1111,15 +1081,12 @@ public keys and can roam across IP addresses.") (lambda* (#:key inputs #:allow-other-keys) (substitute* "l2tp.h" (("/usr/sbin/pppd") - (string-append (assoc-ref inputs "ppp") - "/sbin/pppd"))) + (search-input-file inputs "/sbin/pppd"))) (setenv "KERNELSRC" - (assoc-ref inputs "linux-libre-headers")) + (assoc-ref inputs "kernel-headers")) #t))) #:tests? #f)) ; no tests provided - (inputs `(("libpcap" ,libpcap) - ("linux-libre-headers" ,linux-libre-headers) - ("ppp" ,ppp))) + (inputs (list libpcap ppp)) (home-page "https://www.xelerance.com/software/xl2tpd/") (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)") (description |