[NixOS] Patch nm/strongswan to allow psk < 20

2019-06-17 00:59:34 -07:00 · 2019-06-17 00:59:34 -07:00 · bd5e72734c
commit bd5e72734c
parent d86f75a37d
3 changed files with 49 additions and 1 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -44,7 +44,11 @@ in

  # Security and networking
  security.sudo.wheelNeedsPassword = false;
-  networking.networkmanager.enable = true;
+  networking.networkmanager = {
+    enable = true;
+    enableStrongSwan = true;
+    packages = [ pkgs.networkmanager-l2tp ];
+  };
  networking.firewall.enable = false;

  # Audio
--- a/nixos/overlays.nix
+++ b/nixos/overlays.nix
@ -65,4 +65,15 @@ self: super:
      --replace run_keybase $out/bin/keybase-gui
  '';
  });
+  networkmanager_strongswan = super.networkmanager_strongswan.overrideAttrs (oldAttrs: rec {
+    src = super.fetchFromGitHub {
+      owner = "IvanMalison";
+      repo = "NetworkManager-strongswan";
+      sha256 = "0vcg58xrjacdswz2fxahgi7shgf2v14mfpscnwza6wns8qx37yzb";
+      rev = "2849b1817926b7973a5dc530bed7250c95c733bf";
+    };
+  });
+  strongswanNM = super.strongswanNM.overrideAttrs (oldAttrs: rec {
+    patches = oldAttrs.patches ++ [ ./patch-strongswan.patch ];
+  });
 }
--- a/nixos/patch-strongswan.patch
+++ b/nixos/patch-strongswan.patch
@ -0,0 +1,33 @@
+From 71c28adfc1da51bb112ba1c83909d4292f2353cf Mon Sep 17 00:00:00 2001
+From: Ivan Malison <IvanMalison@gmail.com>
+Date: Fri, 14 Jun 2019 16:03:58 -0700
+Subject: [PATCH] Remove dumbass restriction on length of used PSK
+
+---
+ src/charon-nm/nm/nm_service.c | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
+index fb9044d29..ccad2f635 100644
+--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
+@@ -409,16 +409,6 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
+ 		{
+ 			user = identification_create_from_string((char*)str);
+ 			str = nm_setting_vpn_get_secret(vpn, "password");
+-			if (auth_class == AUTH_CLASS_PSK &&
+-				strlen(str) < 20)
+-			{
+-				g_set_error(err, NM_VPN_PLUGIN_ERROR,
+-							NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+-							"pre-shared key is too short.");
+-				gateway->destroy(gateway);
+-				user->destroy(user);
+-				return FALSE;
+-			}
+ 			priv->creds->set_username_password(priv->creds, user, (char*)str);
+ 		}
+ 	}
+-- 
+2.21.0
+