Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

strongswan module: use strings for secrets. #59044

Merged
merged 1 commit into from Apr 11, 2019
Merged

strongswan module: use strings for secrets. #59044

merged 1 commit into from Apr 11, 2019

Conversation

teto
Copy link
Member

@teto teto commented Apr 6, 2019
edited

The nixos module artifically enforces paths while the ipsec configuration files
accept regex or relative paths.
Enforcing absolute paths already caused problems with l2tp vpn (we want to include a l2tp secret that doesn't exist yet when the module is generated):
nm-l2tp/NetworkManager-l2tp#108

Solution: Let's remove this artificial constraint

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@teto teto requested a review from infinisil as a code owner April 6, 2019 01:50
@infinisil
Copy link
Member

Can you change the commit message to start with the conventional "nixos/strongswan:" prefix?

@teto
nixos/strongswan: use strings for secrets.
08b8c6c 
The nixos module artifically enforces type.path whereas the ipsec secret configuration files
accept pattern or relative paths.
Enforcing absolute paths already caused problems with l2tp vpn:
nm-l2tp/NetworkManager-l2tp#108
@teto
Copy link
Member Author

teto commented Apr 11, 2019

made the update. The error seems unrelated and the patch is minimal.

@infinisil infinisil merged commit 2d1fa68 into NixOS:master Apr 11, 2019
@teto teto deleted the strongswan_path branch April 12, 2019 03:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@teto @infinisil @GrahamcOfBorg