From 77056478a2de22db6613d24ed37f7496afba42db Mon Sep 17 00:00:00 2001
From: Domagoj Stolfa <ds815@gmx.com>
Date: Mon, 24 May 2021 21:11:55 +0100
Subject: gnu: strongswan: Configure more sensible defaults.

* gnu/packages/networking.scm (strongswan)[arguments]<#:configure-flags>:
Enable aesni, attr-sql, chapoly, curl, dhcp, eap-aka, eap-aka-3gpp,
eap-dynamic, eap-identity, eap-md5, eap-mschapv2, eap-peap, eap-radius,
eap-sim, eap-sim-file, eap-simaka-pseudonym, eap-simaka-reauth,
eap-simaka-sql, eap-tls, eap-tnc, eap-ttls, ext-auth, farp, ha, led, md4,
mediation, openssl, soup, sql, sqlite, xauth-eap, xauth-noauth, and
xauth-pam support.
Disable ldap, mysql, and systemd support.
Use libcap by default.
[inputs]: Add libcap, libsoup, and linux-pam.
[native-inputs]: Add pkg-config.

Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
---
 gnu/packages/networking.scm | 53 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 51 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index d0bf86c0b8..82c7a0161a 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2881,16 +2881,65 @@ displays the results in real time.")
              #t)))
        #:configure-flags
        (list
-        ;; Disable bsd-4 licensed plugins.
+        "--disable-ldap"
+        "--disable-mysql"
+        "--disable-systemd"
+
+        ;; Disable BSD-4 licensed plugins.
+        "--disable-blowfish"
         "--disable-des"
-        "--disable-blowfish")))
+
+        ;; Make it usable.  The default configuration is far too minimal to be
+        ;; used with most common VPN set-ups.
+        ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>.
+        "--enable-aesni"
+        "--enable-attr-sql"
+        "--enable-chapoly"
+        "--enable-curl"
+        "--enable-dhcp"
+        "--enable-eap-aka"
+        "--enable-eap-aka-3gpp"
+        "--enable-eap-dynamic"
+        "--enable-eap-identity"
+        "--enable-eap-md5"
+        "--enable-eap-mschapv2"
+        "--enable-eap-peap"
+        "--enable-eap-radius"
+        "--enable-eap-sim"
+        "--enable-eap-sim-file"
+        "--enable-eap-simaka-pseudonym"
+        "--enable-eap-simaka-reauth"
+        "--enable-eap-simaka-sql"
+        "--enable-eap-tls"
+        "--enable-eap-tnc"
+        "--enable-eap-ttls"
+        "--enable-ext-auth"
+        "--enable-farp"
+        "--enable-ha"
+        "--enable-led"
+        "--enable-md4"
+        "--enable-mediation"
+        "--enable-openssl"
+        "--enable-soup"
+        "--enable-sql"
+        "--enable-sqlite"
+        "--enable-xauth-eap"
+        "--enable-xauth-noauth"
+        "--enable-xauth-pam"
+
+        ;; Use libcap by default.
+        "--with-capabilities=libcap")))
     (inputs
      `(("curl" ,curl)
        ("gmp" ,gmp)
+       ("libcap" ,libcap)
        ("libgcrypt" ,libgcrypt)
+       ("libsoup" ,libsoup)
+       ("linux-pam" ,linux-pam)
        ("openssl" ,openssl)))
     (native-inputs
      `(("coreutils" ,coreutils)
+       ("pkg-config" ,pkg-config)
        ("tzdata" ,tzdata-for-tests)))
     (synopsis "IKEv1/v2 keying daemon")
     (description "StrongSwan is an IPsec implementation originally based upon
-- 
cgit v1.2.3