Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strongswan #93713

Closed
wants to merge 4 commits into from
Closed

Strongswan #93713

wants to merge 4 commits into from

Conversation

corngood
Copy link
Contributor

Motivation for this change

A few fixes for strongswan. In order for it to set a DNS server properly with systemd-resolved, it needs to use the system resolvconf.

I also needed to be able to set extra config in strongswan.conf:

    extraConfig = ''
      charon {
        plugins {
          resolve {
            resolvconf {
              iface_prefix = enp4s0.inet.ipsec.
            }
          }
        }
      }
    '';

to deal with https://unix.stackexchange.com/questions/511507/fedora-strongswan-resolvconf-interface-cant-be-the-loopback-interface

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@corngood corngood requested a review from knl December 30, 2020 16:21
@knl knl requested a review from basvandijk December 30, 2020 22:44
@stale
Copy link

stale bot commented Jun 28, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 28, 2021
@knl knl removed their request for review June 29, 2021 06:08
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 29, 2021
corngood
corngood commented Aug 11, 2021
View reviewed changes
pkgs/tools/networking/strongswan/default.nix Outdated
@@ -50,7 +51,7 @@ stdenv.mkDerivation rec {
# glibc-2.26 reorganized internal includes
sed '1i#include <stdint.h>' -i src/libstrongswan/utils/utils/memory.h

substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c --replace "/sbin/resolvconf" "${openresolv}/sbin/resolvconf"
substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c --replace "/sbin/resolvconf" "/run/current-system/sw/bin/resolvconf"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having a NixOS specific path is probably a bad idea here. It needs to be a path to a file, because strongswan will stat it before execing it, so just resolvconf doesn't work.

It might be better to make it a shell script that execs resolvconf from PATH?

SuperSandro2000
SuperSandro2000 reviewed Nov 11, 2021
View reviewed changes
pkgs/tools/networking/strongswan/default.nix
@@ -17,15 +17,16 @@ with lib;

stdenv.mkDerivation rec {
pname = "strongswan";
version = "5.8.1"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
version = "master"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the unstable-XXXX-XX-XX format.

@corngood
Copy link
Contributor Author

Sorry, I forgot I had an open PR on this branch. I'm going to close this and try to get something in upstream which will allow the resolvconf path to be specified at runtime.

@corngood corngood closed this Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@basvandijk basvandijk Awaiting requested review from basvandijk

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@corngood @SuperSandro2000 @risicle