pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6
Author: Shea Levy <shea@shealevy.com>
Date:   Tue Sep 30 15:14:47 2014 -0400

    Allow specifying the ipsec.conf location in strongswan.conf

diff --git a/conf/options/starter.opt b/conf/options/starter.opt
index 4e6574d..6d7162a 100644
--- a/conf/options/starter.opt
+++ b/conf/options/starter.opt
@@ -3,3 +3,6 @@ starter.load =
 
 starter.load_warning = yes
 	Disable charon plugin load option warning.
+
+starter.config_file = ${sysconfdir}/ipsec.conf
+	Location of the ipsec.conf conf file
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 5c84593..1f365cc 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -488,7 +488,8 @@ int main (int argc, char **argv)
 	}
 	if (!config_file)
 	{
-		config_file = CONFIG_FILE;
+		config_file = lib->settings->get_str(lib->settings, "starter.config_file",
+			CONFIG_FILE);
 	}
 
 	init_log("ipsec_starter");

commit 8b839cec684e26ed96f3d891b3ae3565558b2cff
Author: Shea Levy <shea@shealevy.com>
Date:   Tue Sep 30 15:11:03 2014 -0400

    Allow specifying the ipsec.secrets location in strongswan.conf

diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
index 2cfc2c6..b3ca2b7 100644
--- a/conf/plugins/stroke.opt
+++ b/conf/plugins/stroke.opt
@@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no
 charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
 	Socket provided by the stroke plugin.
 
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
+	Location of the ipsec.secrets conf file
+
 charon.plugins.stroke.timeout = 0
 	Timeout in ms for any stroke command. Use 0 to disable the timeout.
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index f908219..673e492 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -67,6 +67,7 @@ struct private_stroke_cred_t {
 	/**
 	 * credentials
 	 */
+	char *secrets_file;
 	mem_cred_t *creds;
 
 	/**
@@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void,
 	if (msg->reread.flags & REREAD_SECRETS)
 	{
 		DBG1(DBG_CFG, "rereading secrets");
-		load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
+		load_secrets(this, NULL, this->secrets_file, 0, prompt);
 	}
 	if (msg->reread.flags & REREAD_CACERTS)
 	{
@@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create()
 			.cachecrl = _cachecrl,
 			.destroy = _destroy,
 		},
+		.secrets_file = lib->settings->get_str(lib->settings,
+			"%s.plugins.stroke.secrets_file", SECRETS_FILE,
+			lib->ns),
 		.creds = mem_cred_create(),
 	);
 
@@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create()
 						FALSE, lib->ns);
 
 	load_certs(this);
-	load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
+	load_secrets(this, NULL, this->secrets_file, 0, NULL);
 
 	return &this->public;
 }
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 71f33ae..5c84593 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -263,8 +263,11 @@ static void generate_selfcert()
 {
 	struct stat stb;
 
+	const char *secrets_file = lib->settings->get_str(lib->settings,
+		"charon.plugins.stroke.secrets_file", SECRETS_FILE);
+
 	/* if ipsec.secrets file is missing then generate RSA default key pair */
-	if (stat(SECRETS_FILE, &stb) != 0)
+	if (stat(secrets_file, &stb) != 0)
 	{
 		mode_t oldmask;
 		FILE *f;
@@ -302,7 +305,7 @@ static void generate_selfcert()
 		/* ipsec.secrets is root readable only */
 		oldmask = umask(0066);
 
-		f = fopen(SECRETS_FILE, "w");
+		f = fopen(secrets_file, "w");
 		if (f)
 		{
 			fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
@@ -310,7 +313,7 @@ static void generate_selfcert()
 			fprintf(f, ": RSA myKey.der\n");
 			fclose(f);
 		}
-		ignore_result(chown(SECRETS_FILE, uid, gid));
+		ignore_result(chown(secrets_file, uid, gid));
 		umask(oldmask);
 	}
 }

commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e
Author: Shea Levy <shea@shealevy.com>
Date:   Tue Sep 30 14:31:50 2014 -0400

    Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var

diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c
--- a/src/libstrongswan/library.c	2014-06-05 03:50:30.000000000 -0400
+++ b/src/libstrongswan/library.c	2014-09-30 15:25:27.927757711 -0400
@@ -307,7 +307,7 @@
 #ifdef STRONGSWAN_CONF
 	if (!settings)
 	{
-		settings = STRONGSWAN_CONF;
+		settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF;
 	}
 #endif
 	this->public.settings = settings_create(settings);