From 77056478a2de22db6613d24ed37f7496afba42db Mon Sep 17 00:00:00 2001 From: Domagoj Stolfa Date: Mon, 24 May 2021 21:11:55 +0100 Subject: gnu: strongswan: Configure more sensible defaults. * gnu/packages/networking.scm (strongswan)[arguments]<#:configure-flags>: Enable aesni, attr-sql, chapoly, curl, dhcp, eap-aka, eap-aka-3gpp, eap-dynamic, eap-identity, eap-md5, eap-mschapv2, eap-peap, eap-radius, eap-sim, eap-sim-file, eap-simaka-pseudonym, eap-simaka-reauth, eap-simaka-sql, eap-tls, eap-tnc, eap-ttls, ext-auth, farp, ha, led, md4, mediation, openssl, soup, sql, sqlite, xauth-eap, xauth-noauth, and xauth-pam support. Disable ldap, mysql, and systemd support. Use libcap by default. [inputs]: Add libcap, libsoup, and linux-pam. [native-inputs]: Add pkg-config. Signed-off-by: Tobias Geerinckx-Rice --- gnu/packages/networking.scm | 53 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index d0bf86c0b8..82c7a0161a 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2881,16 +2881,65 @@ displays the results in real time.") #t))) #:configure-flags (list - ;; Disable bsd-4 licensed plugins. + "--disable-ldap" + "--disable-mysql" + "--disable-systemd" + + ;; Disable BSD-4 licensed plugins. + "--disable-blowfish" "--disable-des" - "--disable-blowfish"))) + + ;; Make it usable. The default configuration is far too minimal to be + ;; used with most common VPN set-ups. + ;; See . + "--enable-aesni" + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-ext-auth" + "--enable-farp" + "--enable-ha" + "--enable-led" + "--enable-md4" + "--enable-mediation" + "--enable-openssl" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + + ;; Use libcap by default. + "--with-capabilities=libcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) + ("libcap" ,libcap) ("libgcrypt" ,libgcrypt) + ("libsoup" ,libsoup) + ("linux-pam" ,linux-pam) ("openssl" ,openssl))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based upon -- cgit 1.4.1