Package: guix-patches;
Reported by: Apoorv Singh <apoorvs569 <at> gmail.com>
Date: Wed, 25 Sep 2024 05:47:02 UTC
Severity: normal
Tags: patch
Message #14 received at 73465 <at> debbugs.gnu.org (full text, mbox):
From: Apoorv Singh <apoorvs569 <at> gmail.com> To: 73465 <at> debbugs.gnu.org Subject: Wireguard: Rename field private-key to private-key-file Date: Mon, 30 Sep 2024 12:34:58 +0530
I made some changes, here is the output of `git diff`,
```
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index eee7e78c6d..ebac4ad943 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -67,7 +67,8 @@ (define-module (gnu services vpn)
wireguard-peer-endpoint
wireguard-peer-allowed-ips
wireguard-peer-public-key
- wireguard-peer-preshared-key
+ wireguard-peer-preshared-key ; deprecated
+ wireguard-peer-preshared-key-file
wireguard-peer-keep-alive
wireguard-configuration
@@ -79,7 +80,8 @@ (define-module (gnu services vpn)
wireguard-configuration-dns
wireguard-configuration-monitor-ips?
wireguard-configuration-monitor-ips-interval
- wireguard-configuration-private-key
+ wireguard-configuration-private-key ; deprecated
+ wireguard-configuration-private-key-file
wireguard-configuration-peers
wireguard-configuration-pre-up
wireguard-configuration-post-up
@@ -721,15 +723,17 @@ (define strongswan-service-type
(define-record-type* <wireguard-peer>
wireguard-peer make-wireguard-peer
wireguard-peer?
- (name wireguard-peer-name)
- (endpoint wireguard-peer-endpoint
- (default #f)) ;string
- (public-key wireguard-peer-public-key) ;string
- (preshared-key wireguard-peer-preshared-key
- (default #f)) ;string
- (allowed-ips wireguard-peer-allowed-ips) ;list of strings
- (keep-alive wireguard-peer-keep-alive
- (default #f))) ;integer
+ (name wireguard-peer-name)
+ (endpoint wireguard-peer-endpoint
+ (default #f)) ;string
+ (public-key wireguard-peer-public-key) ;string
+ (preshared-key wireguard-peer-preshared-key ;deprecated
+ (default #f)) ;string
+ (preshared-key-file wireguard-peer-preshared-key-file
+ (default #f)) ;string
+ (allowed-ips wireguard-peer-allowed-ips) ;list of
strings
+ (keep-alive wireguard-peer-keep-alive
+ (default #f))) ;integer
(define-record-type* <wireguard-configuration>
wireguard-configuration make-wireguard-configuration
@@ -742,6 +746,8 @@ (define-record-type* <wireguard-configuration>
(default '("10.0.0.1/32")))
(port wireguard-configuration-port ;integer
(default 51820))
+ (private-key wireguard-configuration-private-key ;string
;deprecated
+ (default "/etc/wireguard/private.key"))
(private-key-file wireguard-configuration-private-key-file
;string
(default "/etc/wireguard/private.key"))
(peers wireguard-configuration-peers ;list of
<wiregard-peer>
@@ -778,18 +784,29 @@ (define (peer->config peer)
(string-join (remove string-null? lines) "\n"))))
(define (peers->preshared-keys peer keys)
- (let ((public-key (wireguard-peer-public-key peer))
- (preshared-key (wireguard-peer-preshared-key peer)))
- (if preshared-key
- (cons* public-key preshared-key keys)
+ (let* ((public-key (wireguard-peer-public-key peer))
+ (preshared-key (wireguard-peer-preshared-key peer))
+ (preshared-key-file (wireguard-peer-preshared-key-file
peer))
+ (final-preshared-key (or preshared-key
preshared-key-file)))
+ ;; XXX Warn about deprecated preshared-key field with newer
replacement
+ (when preshared-key
+ (warn-about-deprecation 'preshared-key #f #:replacement
'preshared-key-file))
+ (if final-preshared-key
+ (cons* public-key final-preshared-key keys)
keys)))
(match-record config <wireguard-configuration>
- (wireguard interface addresses port private-key-file peers
dns
+ (wireguard interface addresses port private-key-file
private-key peers dns
pre-up post-up pre-down post-down table)
+
+ ;; XXX Warn about deprecated private-key field with newer
replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement
'private-key-file))
+
(let* ((config-file (string-append interface ".conf"))
(peer-keys (fold peers->preshared-keys (list) peers))
(peers (map peer->config peers))
+ (final-private-key (or private-key private-key-file))
(config
(computed-file
"wireguard-config"
@@ -810,7 +827,7 @@ (define lines
(list (format #f "~{PreUp = ~a~%~}"
pre-up)))
(format #f "PostUp = ~a set %i private-key
~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard
"/bin/wg")
-#$private-key-file '#$peer-keys)
+#$final-private-key '#$peer-keys)
#$@(if (null? post-up)
'()
(list (format #f "~{PostUp = ~a~%~}"
post-up)))
@@ -836,23 +853,29 @@ (define lines
(define (wireguard-activation config)
(match-record config <wireguard-configuration>
- (private-key-file wireguard)
- #~(begin
- (use-modules (guix build utils)
- (ice-9 popen)
- (ice-9 rdelim))
- (mkdir-p (dirname #$private-key-file))
- (unless (file-exists? #$private-key-file)
- (let* ((pipe
- (open-input-pipe (string-append
- #$(file-append wireguard
"/bin/wg")
- " genkey")))
- (key (read-line pipe)))
- (call-with-output-file #$private-key-file
- (lambda (port)
- (display key port)))
- (chmod #$private-key-file #o400)
- (close-pipe pipe))))))
+ (private-key private-key-file wireguard)
+
+ ;; XXX Warn about deprecated private-key field with newer
replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement
'private-key-file))
+
+ (let ((final-private-key (or private-key private-key-file)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 popen)
+ (ice-9 rdelim))
+ (mkdir-p (dirname #$final-private-key))
+ (unless (file-exists? #$final-private-key)
+ (let* ((pipe
+ (open-input-pipe (string-append
+ #$(file-append wireguard
"/bin/wg")
+ " genkey")))
+ (key (read-line pipe)))
+ (call-with-output-file #$final-private-key
+ (lambda (port)
+ (display key port)))
+ (chmod #$final-private-key #o400)
+ (close-pipe pipe)))))))
;;; XXX: Copied from (guix scripts pack), changing define to
define*.
(define-syntax-rule (define-with-source (variable args ...) body
body* ...)
```
If this is desired way of doing this, I will share the formatted
patch as an attachment.
--
- Apoorv Singh
- Sent from Emacs.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.