From c85ed0e758d7fa230c08dba6b95c65ceac098d50 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sat, 19 Jun 2021 12:24:04 +0200
Subject: gnu: Move strongswan to (gnu packages vpn).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See <https://logs.guix.gnu.org/guix/2021-06-19.log#015517>.

* gnu/packages/networking.scm (strongswan): Move from here…
* gnu/packages/vpn.scm (strongswan): …to here.
---
 gnu/packages/vpn.scm | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 128 insertions(+)

(limited to 'gnu/packages/vpn.scm')

diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index a952e3f0db..ca185347ca 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
 ;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
 ;;; Copyright © 2020 David Dashyan <mail@davie.li>
+;;; Copyright © 2021 Domagoj Stolfa <ds815@gmx.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -93,6 +94,133 @@ by creating encrypted host-to-host tunnels between multiple
 endpoints.")
     (license license:gpl3+)))
 
+(define-public strongswan
+  (package
+    (name "strongswan")
+    (version "5.9.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.strongswan.org/strongswan-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32 "0qxhbash2nyh5k2h9zcysgwv61512w1wxk5plyai4b6v3rs2ziv1"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-command-file-names
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "src/libstrongswan/utils/process.c"
+               (("/bin/sh")
+                (string-append (assoc-ref inputs "bash") "/bin/sh")))
+
+             (substitute* "src/libstrongswan/tests/suites/test_process.c"
+               (("/bin/sh") (which "sh"))
+               (("/bin/echo") (which "echo"))
+               (("cat") (which "cat")))
+             #t))
+         (add-before 'check 'set-up-test-environment
+           (lambda* (#:key inputs #:allow-other-keys)
+             (setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
+                                            "/share/zoneinfo"))
+             #t)))
+       #:configure-flags
+       (list
+        "--disable-ldap"
+        "--disable-mysql"
+        "--disable-systemd"
+
+        ;; Disable BSD-4 licensed plugins.
+        "--disable-blowfish"
+        "--disable-des"
+
+        ;; Make it usable.  The default configuration is far too minimal to be
+        ;; used with most common VPN set-ups.
+        ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>.
+        "--enable-aesni"
+        "--enable-attr-sql"
+        "--enable-chapoly"
+        "--enable-curl"
+        "--enable-dhcp"
+        "--enable-eap-aka"
+        "--enable-eap-aka-3gpp"
+        "--enable-eap-dynamic"
+        "--enable-eap-identity"
+        "--enable-eap-md5"
+        "--enable-eap-mschapv2"
+        "--enable-eap-peap"
+        "--enable-eap-radius"
+        "--enable-eap-sim"
+        "--enable-eap-sim-file"
+        "--enable-eap-simaka-pseudonym"
+        "--enable-eap-simaka-reauth"
+        "--enable-eap-simaka-sql"
+        "--enable-eap-tls"
+        "--enable-eap-tnc"
+        "--enable-eap-ttls"
+        "--enable-ext-auth"
+        "--enable-farp"
+        "--enable-ha"
+        "--enable-led"
+        "--enable-md4"
+        "--enable-mediation"
+        "--enable-openssl"
+        "--enable-soup"
+        "--enable-sql"
+        "--enable-sqlite"
+        "--enable-xauth-eap"
+        "--enable-xauth-noauth"
+        "--enable-xauth-pam"
+
+        ;; Use libcap by default.
+        "--with-capabilities=libcap")))
+    (inputs
+     `(("curl" ,curl)
+       ("gmp" ,gmp)
+       ("libcap" ,libcap)
+       ("libgcrypt" ,libgcrypt)
+       ("libsoup" ,libsoup)
+       ("linux-pam" ,linux-pam)
+       ("openssl" ,openssl)))
+    (native-inputs
+     `(("coreutils" ,coreutils)
+       ("pkg-config" ,pkg-config)
+       ("tzdata" ,tzdata-for-tests)))
+    (synopsis "IKEv1/v2 keying daemon")
+    (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project.  It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+    (home-page "https://strongswan.org/")
+    (license
+     (list license:gpl2+
+           ;; src/aikgen/*
+           ;; src/libcharon/plugins/dnscert/*
+           ;; src/libcharon/plugins/ext_auth/*
+           ;; src/libcharon/plugins/vici/ruby/*
+           ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+           license:expat
+           ;; src/inclue/sys/*
+           license:bsd-3
+           ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+           license:public-domain
+           ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
+           (license:non-copyleft
+            "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
+            "pkcs11 contains a unknown permissive license. View the specific
+file for more details.")
+           ;; These files are not included in the
+           ;; build, they are disabled through
+           ;; options to ./configure
+           ;;
+           ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+           ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+           ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+           ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+           ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+           ;; src/libstrongswan/plugins/des/des_crypter.c
+           license:bsd-4))))
+
 (define-public vpnc
   (package
    (name "vpnc")
-- 
cgit v1.2.3