[PATCH 1/1] gnu: Add strongswan.

  • Done
  • quality assurance status badge
Details
3 participants
  • Adam Van Ymeren
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Adam Van Ymeren
Severity
normal
A
A
Adam Van Ymeren wrote on 24 Oct 2017 20:58
(address . guix-patches@gnu.org)
87r2tsbcer.fsf@vany.ca
Their website is not very precise about the licensing. It just says
GPL2, but all the files I checked were GPL2+, except one which says
"MIT" but is really the text of the Expat license as listen on the FSF
directory.

I believe the licensing info is correct now but I didn't do an
exhaustive search of all files.

---
gnu/packages/networking.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (50 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 633b8ca43..6d639f716 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -78,6 +78,8 @@
#:use-module (gnu packages valgrind)
#:use-module (gnu packages wm)
#:use-module (gnu packages xml)
+ #:use-module (gnu packages multiprecision)
+ #:use-module (gnu packages gnuzilla)
#:use-module (ice-9 match))
(define-public macchanger
@@ -1494,3 +1496,34 @@ interface and a programmable text output for scripting.")
;; Update the license field when upstream responds.
(license (list license:bsd-2
license:expat))))
+
+(define-public strongswan
+ (package
+ (name "strongswan")
+ (version "5.6.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+ (sha256
+ (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
+ (patches
+ (search-patches "strongswan-test_process-disable-all.patch"
+ "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("gmp" ,gmp)
+ ("openssl" ,openssl)
+ ("libgcrypt" ,libgcrypt)
+ ("curl" ,curl)))
+ (synopsis "IKEv1/v2 keying daemon")
+ (description "strongswan is an open source IPSec implementation")
+ (home-page "https://strongswan.org/")
+ (license
+ ;; Everything seems to be gpl2+ except
+ ;; src/libcharon/plugins/vici/libvici.h which is MIT/expat. The actual
+ ;; source file "libvici.h" claims it's MIT, but the actual text of the
+ ;; license is identical to expat as listed here:
+ ;; https://directory.fsf.org/wiki/License:Expat
+ (list license:gpl2+
+ license:expat))))
--
2.14.2
A
A
Adam Van Ymeren wrote on 24 Oct 2017 22:05
[PATCH] Add the patches necessary to build strongswan
(address . 28973@debbugs.gnu.org)
87inf4b9cb.fsf@vany.ca
Forgot to include the patches, basically just disabling a few testcases
that fail in the build environment.

---
Toggle diff (76 lines)
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c 2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ s = suite_create("process");
+
+- tc = tcase_create("return values");
+- tcase_add_test(tc, test_retval_true);
+- tcase_add_test(tc, test_retval_false);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("return values"); */
++ /* tcase_add_test(tc, test_retval_true); */
++ /* tcase_add_test(tc, test_retval_false); */
++ /* suite_add_tcase(s, tc); */
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+- tc = tcase_create("echo");
+- tcase_add_test(tc, test_echo);
+- tcase_add_test(tc, test_echo_err);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("env");
+- tcase_add_test(tc, test_env);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("shell");
+- tcase_add_test(tc, test_shell);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("echo"); */
++ /* tcase_add_test(tc, test_echo); */
++ /* tcase_add_test(tc, test_echo_err); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("env"); */
++ /* tcase_add_test(tc, test_env); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("shell"); */
++ /* tcase_add_test(tc, test_shell); */
++ /* suite_add_tcase(s, tc); */
+
+ return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+- {1, FALSE, "Jan 01 01:00:01 1970"},
++ {1, FALSE, "Jan 01 00:00:01 1970"},
+ {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+- {1341150196, FALSE, "Jul 01 15:43:16 2012"},
++ {1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };
--
2.14.2
T
T
Tobias Geerinckx-Rice wrote on 24 Oct 2017 22:11
Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
555ac710-dd1f-4c74-036a-ad14683e1e5e@tobias.gr
Adam,

Adam Van Ymeren wrote on 24/10/17 at 20:58:
Toggle quote (5 lines)
> Their website is not very precise about the licensing. It just says
> GPL2, but all the files I checked were GPL2+, except one which says
> "MIT" but is really the text of the Expat license as listen on the FSF
> directory.

That's because what some call ‘MIT’ is almost always what the FSF (and
others) call ‘Expat’. The name ‘MIT’ is ambiguous and best avoided.

So you've made the right call :-)

Toggle quote (3 lines)
> I believe the licensing info is correct now but I didn't do an
> exhaustive search of all files.

Unfortunately, that's the only way to be sure.

Most files are indeed GPL2+, or what I presume to be dual-licenced
GPL2+/Expat (e.g. src/swanctl/commands/list_sas.c).

A cursory inspection reveals additional BSD-4 headers in
src/libstrongswan/plugins/{blowfish,des}, BSD-3 in
src/include/sys/queue.h and src/libtncif/tncif*, and something vague in
src/libstrongswan/plugins/curve25519/ref10.

More eyeballs welcome.

Toggle quote (16 lines)
> ---
> gnu/packages/networking.scm | 33 +++++++++++++++++++++++++++++++++
> 1 file changed, 33 insertions(+)
>
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 633b8ca43..6d639f716 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -78,6 +78,8 @@
> #:use-module (gnu packages valgrind)
> #:use-module (gnu packages wm)
> #:use-module (gnu packages xml)
> + #:use-module (gnu packages multiprecision)
> + #:use-module (gnu packages gnuzilla)
> #:use-module (ice-9 match))

Please try to keep these alphabetical. Aesthetic nit-picking aside, it
makes it harder to miss duplication, which does happen.

Toggle quote (20 lines)
> (define-public macchanger
> @@ -1494,3 +1496,34 @@ interface and a programmable text output for scripting.")
> ;; Update the license field when upstream responds.
> (license (list license:bsd-2
> license:expat))))
> +
> +(define-public strongswan
> + (package
> + (name "strongswan")
> + (version "5.6.0")
> + (source
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
> + (sha256
> + (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
> + (patches
> + (search-patches "strongswan-test_process-disable-all.patch"
> + "strongswan-test_time_printf_hook-pass-in-utc.patch"))))

These patches are missing from the series, so I can't build the package.

Toggle quote (7 lines)
> + (build-system gnu-build-system)
> + (inputs
> + `(("gmp" ,gmp)
> + ("openssl" ,openssl)
> + ("libgcrypt" ,libgcrypt)
> + ("curl" ,curl)))

Please keep these alphabetically as well (or add explicit header
comments if the ordering is significant).

Toggle quote (3 lines)
> + (synopsis "IKEv1/v2 keying daemon")
> + (description "strongswan is an open source IPSec implementation")

Newspeak aside[0], all software in Guix is Free. Removing ‘open source’
leaves us with a very short description indeed...

Is there a README, web, or man page who's opening paragraphs we could
shamelessly plunder?

Toggle quote (8 lines)
> + (license
> + ;; Everything seems to be gpl2+ except
> + ;; src/libcharon/plugins/vici/libvici.h which is MIT/expat. The actual
> + ;; source file "libvici.h" claims it's MIT, but the actual text of the
> + ;; license is identical to expat as listed here:
> + ;; https://directory.fsf.org/wiki/License:Expat

The MIT/expat confusion is unfortunate but not unique to this package,
and doesn't need to be explained here.

Toggle quote (3 lines)
> + (list license:gpl2+
> + license:expat))))

When possible, I prefer the more compact style of

(list license:foo ; src/frob.[ch], doc/frob.texi
license:bar)))) ; everything else

but that's partly a matter of taste and line length.

Oh, and: thanks for packaging StrongSwan!

Kind regards,

T G-R

T
T
Tobias Geerinckx-Rice wrote on 24 Oct 2017 22:13
d1b604a8-02c9-ac75-05f5-405fd3e1b87f@tobias.gr
I missed one:

Adam Van Ymeren wrote on 24/10/17 at 20:58:
Toggle quote (2 lines)
> + (uri (string-append "https://download.strongswan.org/strongswan-"version ".tar.bz2"))

should be split over 2 lines to silence the linter.

Kind regards,

T G-R
A
A
Adam Van Ymeren wrote on 25 Oct 2017 01:08
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 28973@debbugs.gnu.org)
87a80gb0us.fsf@vany.ca
Thanks for the repsonse and feedback! I've appended a new patch at the
bottom of this message as well as replied to some of your comment inline.


Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (5 lines)
>> I believe the licensing info is correct now but I didn't do an
>> exhaustive search of all files.
>
> Unfortunately, that's the only way to be sure.

Yeah, I was hoping somebody had a tool to make this faster :) I wrote a
little script in guile and started working through it but its slow work.

I'm going on vacation next week so I might not be able to finish this
before then.

However it looks like Debian has a much more exhaustive listing of the
licenses here:

The 4 clause BSD licenses are troubling. Apparently Debian doesn't
compile those files in their build. Will have to investiate further.

For reference here's my shoddy guile script.

(use-modules (ice-9 ftw)
(ice-9 textual-ports))

(define GPL " * This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See http://www.fsf.org/copyleft/gpl.txt.
")

(define GPL2 "-- This program is free software; you can redistribute it and/or modify it
-- under the terms of the GNU General Public License as published by the
-- Free Software Foundation; either version 2 of the License, or (at your
-- option) any later version. See http://www.fsf.org/copyleft/gpl.txt.
")

(define (check-licenses preamble)
(and (string? preamble)
(not (string-contains preamble GPL))
(not (string-contains preamble GPL2))))

(ftw
"strongswan-5.6.0"
(lambda (filename stat flag)
(when (and
(eq? flag 'regular)
(not (member (substring (basename filename) (or (string-rindex (basename filename) #\.) 0))
'(".opt" ".conf" ".pem" ".in" ".am" ".mk" ".sql" "hostname" ".der" ".old" ".xml"))))
(call-with-input-file filename
(lambda (port)
(let ((preamble (get-string-n port 5000)))
(when (check-licenses preamble)
(format #t "~A~%" filename))))))
#t))


Toggle quote (9 lines)
>> + (synopsis "IKEv1/v2 keying daemon")
>> + (description "strongswan is an open source IPSec implementation")
>
> Newspeak aside[0], all software in Guix is Free. Removing ‘open source’
> leaves us with a very short description indeed...
>
> Is there a README, web, or man page who's opening paragraphs we could
> shamelessly plunder?

I agree I don't like the usage of "open source" but that's how they
brand themselves, not sure if it's right for me to change it to read
Free Software. I took this sentence from their README file.

How about this? I wrote this based upon the top features they list on
their homepage.

"StrongSwan is an IPsec implementation originally based upon
the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
NAT-T and more."


Toggle quote (2 lines)
> Oh, and: thanks for packaging StrongSwan!

NP :).

Updated patch below.

Toggle diff (122 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 633b8ca43..552690556 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -64,6 +64,7 @@
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
+ #:use-module (gnu packages multiprecision)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
@@ -1494,3 +1495,35 @@ interface and a programmable text output for scripting.")
;; Update the license field when upstream responds.
(license (list license:bsd-2
license:expat))))
+
+(define-public strongswan
+ (package
+ (name "strongswan")
+ (version "5.6.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+ (sha256
+ (base32 "04vvha2zgsg1cq05cnn6sf7a4hq9ndnsfxpw1drm5v9l4vcw0kd1"))
+ (patches
+ (search-patches "strongswan-test_process-disable-all.patch"
+ "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("curl" ,curl)
+ ("gmp" ,gmp)
+ ("libgcrypt" ,libgcrypt)
+ ("openssl" ,openssl)))
+ (synopsis "IKEv1/v2 keying daemon")
+ (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+ (home-page "https://strongswan.org/")
+ (license
+ (list license:expat
+ license:bsd-3
+ license:bsd-4
+ license:gpl2+
+ license:public-domain ;src/libstrongswan/plugins/sha3/sha3_keccak.c
+ ))))
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c 2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ s = suite_create("process");
+
+- tc = tcase_create("return values");
+- tcase_add_test(tc, test_retval_true);
+- tcase_add_test(tc, test_retval_false);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("return values"); */
++ /* tcase_add_test(tc, test_retval_true); */
++ /* tcase_add_test(tc, test_retval_false); */
++ /* suite_add_tcase(s, tc); */
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+- tc = tcase_create("echo");
+- tcase_add_test(tc, test_echo);
+- tcase_add_test(tc, test_echo_err);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("env");
+- tcase_add_test(tc, test_env);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("shell");
+- tcase_add_test(tc, test_shell);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("echo"); */
++ /* tcase_add_test(tc, test_echo); */
++ /* tcase_add_test(tc, test_echo_err); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("env"); */
++ /* tcase_add_test(tc, test_env); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("shell"); */
++ /* tcase_add_test(tc, test_shell); */
++ /* suite_add_tcase(s, tc); */
+
+ return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+- {1, FALSE, "Jan 01 01:00:01 1970"},
++ {1, FALSE, "Jan 01 00:00:01 1970"},
+ {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+- {1341150196, FALSE, "Jul 01 15:43:16 2012"},
++ {1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };
L
L
Ludovic Courtès wrote on 19 Nov 2017 23:43
(name . Adam Van Ymeren)(address . adam@vany.ca)
87k1ylzy6y.fsf@gnu.org
Hello!

Adam Van Ymeren <adam@vany.ca> skribis:

Toggle quote (2 lines)
> Updated patch below.

Tobias, should we go ahead and applied this updated patch? Feel free to
do so if it looks good to you. :-)

Thanks,
Ludo’.
A
A
Adam Van Ymeren wrote on 20 Nov 2017 00:20
(address . ludo@gnu.org)
DC27A8B2-DCDC-461B-96C5-8C60F23B9460@vany.ca
On November 19, 2017 5:43:49 PM EST, ludo@gnu.org wrote:
Toggle quote (13 lines)
>Hello!
>
>Adam Van Ymeren <adam@vany.ca> skribis:
>
>> Updated patch below.
>
>Tobias, should we go ahead and applied this updated patch? Feel free
>to
>do so if it looks good to you. :-)
>
>Thanks,
>Ludo’.

Hey Ludo,

I'm still not sure we've gotten all the licensing info correct. I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.

I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.
L
L
Ludovic Courtès wrote on 11 Jan 2018 22:48
(name . Adam Van Ymeren)(address . adam@vany.ca)
87fu7cm5h8.fsf@gnu.org
Hi Adam,

Adam Van Ymeren <adam@vany.ca> skribis:

Toggle quote (4 lines)
> I'm still not sure we've gotten all the licensing info correct. I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>
> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.

Any update on this?


TIA,
Ludo’.
A
A
Adam Van Ymeren wrote on 12 Jan 2018 18:15
(name . Ludovic Courtès)(address . ludo@gnu.org)
87wp0nf17i.fsf@vany.ca
ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (2 lines)
> Hi Adam,

Hey Ludo,

Toggle quote (10 lines)
>
> Adam Van Ymeren <adam@vany.ca> skribis:
>
>> I'm still not sure we've gotten all the licensing info correct. I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>>
>> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.
>
> Any update on this?


Some progress but not ready yet sorry. Been busy :).

The debian package appears to have an exhaustive list of licensing
information for all files in this package here[1].

There are a few files under the 4-clause BSD which appear to only be
related to DES encryption. Debian's solution to this is to just disable
DES to avoid compiling and including the binaries from those 4-clause
BSD files.

Would that be an acceptable solution for Guix as well? I can write a
tool to convert the information from debian/copyright into a format
suitable for the Guix package.

L
L
Ludovic Courtès wrote on 13 Jan 2018 14:52
(name . Adam Van Ymeren)(address . adam@vany.ca)
87mv1hq30p.fsf@gnu.org
Hello,

Adam Van Ymeren <adam@vany.ca> skribis:

Toggle quote (21 lines)
>> Adam Van Ymeren <adam@vany.ca> skribis:
>>
>>> I'm still not sure we've gotten all the licensing info correct. I particular if I recall correctly there is some 4 clause BSD code in the source package that the debian package apparently avoids compiling.
>>>
>>> I've been hoping to make a detailed pass of this package so I can say with confidence that the code licenses are correct, but I've been short on time.
>>
>> Any update on this?
>
>
> Some progress but not ready yet sorry. Been busy :).
>
> The debian package appears to have an exhaustive list of licensing
> information for all files in this package here[1].
>
> There are a few files under the 4-clause BSD which appear to only be
> related to DES encryption. Debian's solution to this is to just disable
> DES to avoid compiling and including the binaries from those 4-clause
> BSD files.
>
> Would that be an acceptable solution for Guix as well?

I think so.

Toggle quote (3 lines)
> I can write a tool to convert the information from debian/copyright
> into a format suitable for the Guix package.

That would be handy, though debian/copyright is much more detailed than
a ‘license’ field (I didn’t know it’s become machine-readable, nice!).

Thanks,
Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 13 Jan 2018 15:00
(address . 28973@debbugs.gnu.org)
2cee2d58-f645-487f-eda6-9714eaad5e9f@tobias.gr
Adam,

I was writing basically a copy of Ludo's message when that arrived...
All good!

Kind regards,

T G-R
A
A
Adam Van Ymeren wrote on 15 Jan 2018 21:36
(address . 28973@debbugs.gnu.org)
87mv1eeu6i.fsf@vany.ca
Okay updated patch below. I pulled all the copyright information from
the debian package. Added configure arguments to avoid compiling source
files which are 4-clause BSD licensed.

There is one file who's license I am not sure what to name.

src/libstrongswan/plugins/pkcs11.h

The text of the license is:

"This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved."

Debian listed this as "MIT" but I don't believe that is correct. I
can't find text of any "MIT" license like this, and it doesn't match the
expat license either.

So, not really sure what to do there.

Toggle diff (147 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..c0f66cfcc 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -66,6 +66,7 @@
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
+ #:use-module (gnu packages multiprecision)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
@@ -1498,6 +1499,60 @@ interface and a programmable text output for scripting.")
(license (list license:bsd-2
license:expat))))

+(define-public strongswan
+ (package
+ (name "strongswan")
+ (version "5.6.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+ (sha256
+ (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+ (patches
+ (search-patches "strongswan-test_process-disable-all.patch"
+ "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list
+ ;; Disable bsd-4 licensed plugins
+ "--disable-des"
+ "--disable-blowfish")))
+ (inputs
+ `(("curl" ,curl)
+ ("gmp" ,gmp)
+ ("libgcrypt" ,libgcrypt)
+ ("openssl" ,openssl)))
+ (synopsis "IKEv1/v2 keying daemon")
+ (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+ (home-page "https://strongswan.org/")
+ (license
+ (list license:gpl2+
+ ;; src/aikgen/*
+ ;; src/libcharon/plugins/dnscert/*
+ ;; src/libcharon/plugins/ext_auth/*
+ ;; src/libcharon/plugins/vici/ruby/*
+ ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+ license:expat
+ ;; src/inclue/sys/*
+ license:bsd-3
+ ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+ license:public-domain
+ ;; These files are not included in the
+ ;; build, they are disabled through
+ ;; options to ./configure
+ ;;
+ ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+ ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+ ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+ ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+ ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+ ;; src/libstrongswan/plugins/des/des_crypter.c
+ license:bsd-4))))
+
(define-public libnet
(package
(name "libnet")
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c 2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ s = suite_create("process");
+
+- tc = tcase_create("return values");
+- tcase_add_test(tc, test_retval_true);
+- tcase_add_test(tc, test_retval_false);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("return values"); */
++ /* tcase_add_test(tc, test_retval_true); */
++ /* tcase_add_test(tc, test_retval_false); */
++ /* suite_add_tcase(s, tc); */
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+- tc = tcase_create("echo");
+- tcase_add_test(tc, test_echo);
+- tcase_add_test(tc, test_echo_err);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("env");
+- tcase_add_test(tc, test_env);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("shell");
+- tcase_add_test(tc, test_shell);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("echo"); */
++ /* tcase_add_test(tc, test_echo); */
++ /* tcase_add_test(tc, test_echo_err); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("env"); */
++ /* tcase_add_test(tc, test_env); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("shell"); */
++ /* tcase_add_test(tc, test_shell); */
++ /* suite_add_tcase(s, tc); */
+
+ return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+- {1, FALSE, "Jan 01 01:00:01 1970"},
++ {1, FALSE, "Jan 01 00:00:01 1970"},
+ {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+- {1341150196, FALSE, "Jul 01 15:43:16 2012"},
++ {1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };
T
T
Tobias Geerinckx-Rice wrote on 15 Jan 2018 22:50
(address . ludo@gnu.org)
9b85d987-e691-a89e-f4ee-1ce663b5c928@tobias.gr
Adam Van Ymeren wrote on 15/01/18 at 21:36:
Toggle quote (14 lines)
> There is one file who's license I am not sure what to name.
>
> src/libstrongswan/plugins/pkcs11.h
>
> The text of the license is:
>
> "This file is free software; as a special exception the author gives
> unlimited permission to copy and/or distribute it, with or without
> modifications, as long as this notice is preserved."
>
> Debian listed this as "MIT" but I don't believe that is correct. I
> can't find text of any "MIT" license like this, and it doesn't match the
> expat license either.

There's always the non-copyleft procedure for uncommon (but free)
licences that don't have their own entry.

Is that the entire licence text? It sounds strange to me (exception to
what?). I'm obviously not clever enough to be a lawyer.

Yay,

T G-R
A
A
Adam Van Ymeren wrote on 15 Jan 2018 23:32
(address . ludo@gnu.org)
9A48E196-BC5C-425B-8EB0-D944D464BD3D@vany.ca
On January 15, 2018 4:50:08 PM EST, Tobias Geerinckx-Rice <me@tobias.gr> wrote:
Toggle quote (3 lines)
>There's always the non-copyleft procedure for uncommon (but free)
>licences that don't have their own entry.

Didn't know about that. That's probably the right thing to use here?

Toggle quote (4 lines)
>
>Is that the entire licence text? It sounds strange to me (exception to
>what?). I'm obviously not clever enough to be a lawyer.

Yeah thats the entire licence text, it is strange. It's similar to what appears in the top of '"configure" scripts as generated by autoconf.

Toggle quote (4 lines)
>
>Yay,
>
>T G-R
A
A
Adam Van Ymeren wrote on 23 Jan 2018 21:43
Updated: [PATCH 1/1] gnu: Add strongswan.
(address . 28973@debbugs.gnu.org)
87mv141f2p.fsf@vany.ca
I think this is good to commit now. I've put in all the licensing info,
disabled compilation of BSD-4 licensed files, and documented one file
with a unknown but permissive license.

---

Toggle diff (149 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..343708c1e 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -66,6 +66,7 @@
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
+ #:use-module (gnu packages multiprecision)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
@@ -1498,6 +1499,65 @@ interface and a programmable text output for scripting.")
(license (list license:bsd-2
license:expat))))

+(define-public strongswan
+ (package
+ (name "strongswan")
+ (version "5.6.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+ (sha256
+ (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+ (patches
+ (search-patches "strongswan-test_process-disable-all.patch"
+ "strongswan-test_time_printf_hook-pass-in-utc.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list
+ ;; Disable bsd-4 licensed plugins
+ "--disable-des"
+ "--disable-blowfish")))
+ (inputs
+ `(("curl" ,curl)
+ ("gmp" ,gmp)
+ ("libgcrypt" ,libgcrypt)
+ ("openssl" ,openssl)))
+ (synopsis "IKEv1/v2 keying daemon")
+ (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+ (home-page "https://strongswan.org/")
+ (license
+ (list license:gpl2+
+ ;; src/aikgen/*
+ ;; src/libcharon/plugins/dnscert/*
+ ;; src/libcharon/plugins/ext_auth/*
+ ;; src/libcharon/plugins/vici/ruby/*
+ ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+ license:expat
+ ;; src/inclue/sys/*
+ license:bsd-3
+ ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+ license:public-domain
+ ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
+ (license:non-copyleft
+ "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
+ "pkcs11 contains a unknown permissive license. View the specific
+file for more details.")
+ ;; These files are not included in the
+ ;; build, they are disabled through
+ ;; options to ./configure
+ ;;
+ ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+ ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+ ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+ ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+ ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+ ;; src/libstrongswan/plugins/des/des_crypter.c
+ license:bsd-4))))
+
diff --git a/gnu/packages/patches/strongswan-test_process-disable-all.patch b/gnu/packages/patches/strongswan-test_process-disable-all.patch
new file mode 100644
index 000000000..df3d1f3be
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
@@ -0,0 +1,48 @@
+
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c 2017-10-23 15:10:12.753837342 -0400
+@@ -201,27 +201,27 @@
+
+ s = suite_create("process");
+
+- tc = tcase_create("return values");
+- tcase_add_test(tc, test_retval_true);
+- tcase_add_test(tc, test_retval_false);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("return values"); */
++ /* tcase_add_test(tc, test_retval_true); */
++ /* tcase_add_test(tc, test_retval_false); */
++ /* suite_add_tcase(s, tc); */
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+- tc = tcase_create("echo");
+- tcase_add_test(tc, test_echo);
+- tcase_add_test(tc, test_echo_err);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("env");
+- tcase_add_test(tc, test_env);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("shell");
+- tcase_add_test(tc, test_shell);
+- suite_add_tcase(s, tc);
++ /* tc = tcase_create("echo"); */
++ /* tcase_add_test(tc, test_echo); */
++ /* tcase_add_test(tc, test_echo_err); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("env"); */
++ /* tcase_add_test(tc, test_env); */
++ /* suite_add_tcase(s, tc); */
++
++ /* tc = tcase_create("shell"); */
++ /* tcase_add_test(tc, test_shell); */
++ /* suite_add_tcase(s, tc); */
+
+ return s;
+ }
diff --git a/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
new file mode 100644
index 000000000..a1d80cb3a
--- /dev/null
+++ b/gnu/packages/patches/strongswan-test_time_printf_hook-pass-in-utc.patch
@@ -0,0 +1,14 @@
+diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c
+--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:50:49.744343308 -0400
++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_utils.c 2017-10-23 14:51:07.911880335 -0400
+@@ -750,9 +750,9 @@
+ } time_data[] = {
+ {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+- {1, FALSE, "Jan 01 01:00:01 1970"},
++ {1, FALSE, "Jan 01 00:00:01 1970"},
+ {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+- {1341150196, FALSE, "Jul 01 15:43:16 2012"},
++ {1341150196, FALSE, "Jul 01 13:43:16 2012"},
+ {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+ };
L
L
Ludovic Courtès wrote on 30 Jan 2018 22:22
Re: [bug#28973] [PATCH 1/1] gnu: Add strongswan.
(name . Adam Van Ymeren)(address . adam@vany.ca)
871si7vy6m.fsf@gnu.org
Hi,

Adam Van Ymeren <adam@vany.ca> skribis:

Toggle quote (18 lines)
> Okay updated patch below. I pulled all the copyright information from
> the debian package. Added configure arguments to avoid compiling source
> files which are 4-clause BSD licensed.
>
> There is one file who's license I am not sure what to name.
>
> src/libstrongswan/plugins/pkcs11.h
>
> The text of the license is:
>
> "This file is free software; as a special exception the author gives
> unlimited permission to copy and/or distribute it, with or without
> modifications, as long as this notice is preserved."
>
> Debian listed this as "MIT" but I don't believe that is correct. I
> can't find text of any "MIT" license like this, and it doesn't match the
> expat license either.

Like you wrote it’s like what short GNU helper files have, so you could
use ‘non-copyleft’ like Tobias mentions.

To me the only remaining issue is:

Toggle quote (5 lines)
> --- /dev/null
> +++ b/gnu/packages/patches/strongswan-test_process-disable-all.patch
> @@ -0,0 +1,48 @@
> +

For both patches please add two or three lines explaining what the patch
does and why.

The first one can probably be called ‘strongswan-skip-tests.patch’.

Toggle quote (16 lines)
> +diff -Naur strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c
> +--- strongswan-5.6.0-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
> ++++ strongswan-5.6.0/src/libstrongswan/tests/suites/test_process.c 2017-10-23 15:10:12.753837342 -0400
> +@@ -201,27 +201,27 @@
> +
> + s = suite_create("process");
> +
> +- tc = tcase_create("return values");
> +- tcase_add_test(tc, test_retval_true);
> +- tcase_add_test(tc, test_retval_false);
> +- suite_add_tcase(s, tc);
> ++ /* tc = tcase_create("return values"); */
> ++ /* tcase_add_test(tc, test_retval_true); */
> ++ /* tcase_add_test(tc, test_retval_false); */
> ++ /* suite_add_tcase(s, tc); */

As a bonus, it’s better if you remove the lines instead of commenting
them out: it makes the patch shorter and easier to read.

Could you send an updated patch? We’re pretty much done. :-)

Thank you!

Ludo’.
A
A
Adam Van Ymeren wrote on 31 Jan 2018 20:46
(name . Ludovic Courtès)(address . ludo@gnu.org)
87tvv1dd6t.fsf@vany.ca
Okay I think I've done all your comments. I figured out how to get some
of the tests that were failing to pass so I dropped one of the patches
and cleaned up the other one.

I also added non-copyleft license for that one file.

I spent some time trying to debug the remaining failing tests. They
make some assumptions about paths which are not true in the build
container, I managed to get some to pass when I run manually in a
container from guix environment -C, but they still fail when $ guix
build runs, so I've left in the patch to disable them. They're really
not essential tests.

Updated patch below.

---
gnu/packages/networking.scm | 71 ++++++++++++++++++++++++
gnu/packages/patches/strongswan-skip-tests.patch | 33 +++++++++++
2 files changed, 104 insertions(+)
create mode 100644 gnu/packages/patches/strongswan-skip-tests.patch

Toggle diff (134 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2c55d6793..0138e59e3 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -49,6 +49,7 @@
#:use-module (gnu packages algebra)
#:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
#:use-module (gnu packages bison)
#:use-module (gnu packages check)
#:use-module (gnu packages code)
@@ -66,6 +67,7 @@
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
+ #:use-module (gnu packages multiprecision)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
@@ -1567,3 +1569,72 @@ routers (or @dfn{hops}) between the local host and a user-specified destination.
It then continually measures the response time and packet loss at each hop, and
displays the results in real time.")
(license license:gpl2+)))
+
+(define-public strongswan
+ (package
+ (name "strongswan")
+ (version "5.6.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.strongswan.org/strongswan-" version ".tar.bz2"))
+ (sha256
+ (base32 "0lxbyiary8iapx3ysw40czrmxf983fhfzs5mvz2hk1j1mpc85hp0"))
+ (patches
+ (search-patches "strongswan-skip-tests.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; This is needed for tests
+ (add-after 'unpack 'set-TZDIR
+ (lambda* (#:key inputs #:allow-other-keys)
+ (setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
+ "/share/zoneinfo"))
+ #t)))
+ #:configure-flags
+ (list
+ ;; Disable bsd-4 licensed plugins
+ "--disable-des"
+ "--disable-blowfish")))
+ (inputs
+ `(("curl" ,curl)
+ ("gmp" ,gmp)
+ ("libgcrypt" ,libgcrypt)
+ ("openssl" ,openssl)))
+ (native-inputs
+ `(("coreutils" ,coreutils)
+ ("tzdata" ,tzdata-2017a)))
+ (synopsis "IKEv1/v2 keying daemon")
+ (description "StrongSwan is an IPsec implementation originally based upon
+the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
+NAT-T and more.")
+ (home-page "https://strongswan.org/")
+ (license
+ (list license:gpl2+
+ ;; src/aikgen/*
+ ;; src/libcharon/plugins/dnscert/*
+ ;; src/libcharon/plugins/ext_auth/*
+ ;; src/libcharon/plugins/vici/ruby/*
+ ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
+ license:expat
+ ;; src/inclue/sys/*
+ license:bsd-3
+ ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
+ license:public-domain
+ ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
+ (license:non-copyleft
+ "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
+ "pkcs11 contains a unknown permissive license. View the specific
+file for more details.")
+ ;; These files are not included in the
+ ;; build, they are disabled through
+ ;; options to ./configure
+ ;;
+ ;; src/libstrongswan/plugins/blowfish/bf_enc.c
+ ;; src/libstrongswan/plugins/blowfish/bf_locl.h
+ ;; src/libstrongswan/plugins/blowfish/bf_pi.h
+ ;; src/libstrongswan/plugins/blowfish/bf_skey.c
+ ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+ ;; src/libstrongswan/plugins/des/des_crypter.c
+ license:bsd-4))))
diff --git a/gnu/packages/patches/strongswan-skip-tests.patch b/gnu/packages/patches/strongswan-skip-tests.patch
new file mode 100644
index 000000000..b2a93ea99
--- /dev/null
+++ b/gnu/packages/patches/strongswan-skip-tests.patch
@@ -0,0 +1,33 @@
+Delete some tests that fail to run in the build container.
+
+diff -ur strongswan-5.6.1-original/src/libstrongswan/tests/suites/test_process.c strongswan-5.6.1/src/libstrongswan/tests/suites/test_process.c
+--- strongswan-5.6.1-original/src/libstrongswan/tests/suites/test_process.c 2016-04-22 16:01:35.000000000 -0400
++++ strongswan-5.6.1/src/libstrongswan/tests/suites/test_process.c 2018-01-31 14:31:39.644634648 -0500
+@@ -201,27 +201,9 @@
+
+ s = suite_create("process");
+
+- tc = tcase_create("return values");
+- tcase_add_test(tc, test_retval_true);
+- tcase_add_test(tc, test_retval_false);
+- suite_add_tcase(s, tc);
+-
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+- tc = tcase_create("echo");
+- tcase_add_test(tc, test_echo);
+- tcase_add_test(tc, test_echo_err);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("env");
+- tcase_add_test(tc, test_env);
+- suite_add_tcase(s, tc);
+-
+- tc = tcase_create("shell");
+- tcase_add_test(tc, test_shell);
+- suite_add_tcase(s, tc);
+-
+ return s;
+ }
--
2.15.1
L
L
Ludovic Courtès wrote on 31 Jan 2018 23:33
(name . Adam Van Ymeren)(address . adam@vany.ca)
87vafhr73h.fsf@gnu.org
Adam Van Ymeren <adam@vany.ca> skribis:

Toggle quote (13 lines)
> Okay I think I've done all your comments. I figured out how to get some
> of the tests that were failing to pass so I dropped one of the patches
> and cleaned up the other one.
>
> I also added non-copyleft license for that one file.
>
> I spent some time trying to debug the remaining failing tests. They
> make some assumptions about paths which are not true in the build
> container, I managed to get some to pass when I run manually in a
> container from guix environment -C, but they still fail when $ guix
> build runs, so I've left in the patch to disable them. They're really
> not essential tests.

I’ve adjusted said file names in test_process.c and in the library,
removed the patch (tests pass!), adjusted the commit log, and pushed as
5f645557a475696c17d936024018103811e1a525.

Thanks!

Ludo’.
Closed
?