From: Tobias Brunner Date: Mon, 5 Jan 2026 15:32:02 +0000 (+0100) Subject: swanctl: Use a custom default plugin list X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fe1d712041d7ab0feff137cf51603577543cab8;p=thirdparty%2Fstrongswan.git swanctl: Use a custom default plugin list Loading all libstrongswan plugins isn't necessary as the tool only uses the plugins to parse/decrypt credentials. So it's similar to pki, but it doesn't do (online) certificate validation, access tokens, or need access to databases. While it's usually not an issue to load unnecessary plugins, one thing that came up recently are the new capabilities required by the agent plugin. Since Debian's AppArmor policy for swanctl doesn't grant them, this produces an error message that might confuse users. --- diff --git a/configure.ac b/configure.ac index 0ae769a77e..87b7636bbc 100644 --- a/configure.ac +++ b/configure.ac @@ -1519,6 +1519,7 @@ CFLAGS="$WARN_CFLAGS $CFLAGS" # plugin lists for all components charon_plugins= +swanctl_plugins= pool_plugins= attest_plugins= pki_plugins= @@ -1537,61 +1538,61 @@ s_plugins= t_plugins= p_plugins= -ADD_PLUGIN([test-vectors], [s charon pki]) +ADD_PLUGIN([test-vectors], [s charon swanctl pki]) ADD_PLUGIN([unbound], [s charon scripts]) ADD_PLUGIN([ldap], [s charon pki scripts nm cmd]) ADD_PLUGIN([pkcs11], [s charon pki nm cmd]) ADD_PLUGIN([tpm], [p charon pki nm cmd]) -ADD_PLUGIN([aesni], [s charon pki scripts medsrv attest nm cmd aikgen]) -ADD_PLUGIN([aes], [s charon pki scripts nm cmd]) -ADD_PLUGIN([des], [s charon pki scripts nm cmd]) -ADD_PLUGIN([blowfish], [s charon pki scripts nm cmd]) -ADD_PLUGIN([rc2], [s charon pki scripts nm cmd]) -ADD_PLUGIN([sha2], [s charon pki scripts medsrv attest nm cmd aikgen fuzz]) -ADD_PLUGIN([sha3], [s charon pki scripts medsrv attest nm cmd aikgen fuzz]) -ADD_PLUGIN([sha1], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz]) -ADD_PLUGIN([md4], [s charon pki nm cmd]) -ADD_PLUGIN([md5], [s charon pki scripts attest nm cmd aikgen]) -ADD_PLUGIN([mgf1], [s charon pki scripts medsrv attest nm cmd aikgen]) -ADD_PLUGIN([rdrand], [s charon pki scripts medsrv attest nm cmd aikgen]) -ADD_PLUGIN([random], [s charon pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([aesni], [s charon swanctl pki scripts medsrv attest nm cmd aikgen]) +ADD_PLUGIN([aes], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([des], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([blowfish], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([rc2], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([sha2], [s charon swanctl pki scripts medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([sha3], [s charon swanctl pki scripts medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([sha1], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([md4], [s charon swanctl pki nm cmd]) +ADD_PLUGIN([md5], [s charon swanctl pki scripts attest nm cmd aikgen]) +ADD_PLUGIN([mgf1], [s charon swanctl pki scripts medsrv attest nm cmd aikgen]) +ADD_PLUGIN([rdrand], [s charon swanctl pki scripts medsrv attest nm cmd aikgen]) +ADD_PLUGIN([random], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([nonce], [s charon nm cmd aikgen]) -ADD_PLUGIN([x509], [s charon pki scripts attest nm cmd aikgen fuzz]) +ADD_PLUGIN([x509], [s charon swanctl pki scripts attest nm cmd aikgen fuzz]) ADD_PLUGIN([revocation], [s charon pki nm cmd]) ADD_PLUGIN([constraints], [s charon pki nm cmd]) ADD_PLUGIN([acert], [s charon]) -ADD_PLUGIN([pubkey], [s charon pki cmd aikgen]) -ADD_PLUGIN([pkcs1], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz]) -ADD_PLUGIN([pkcs7], [s charon pki scripts nm cmd]) -ADD_PLUGIN([pkcs12], [s charon pki scripts cmd]) +ADD_PLUGIN([pubkey], [s charon swanctl pki cmd aikgen]) +ADD_PLUGIN([pkcs1], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([pkcs7], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([pkcs12], [s charon swanctl pki scripts cmd]) ADD_PLUGIN([pgp], [s charon]) -ADD_PLUGIN([dnskey], [s charon pki]) -ADD_PLUGIN([sshkey], [s charon pki nm cmd]) +ADD_PLUGIN([dnskey], [s charon swanctl pki]) +ADD_PLUGIN([sshkey], [s charon swanctl pki nm cmd]) ADD_PLUGIN([dnscert], [c charon]) ADD_PLUGIN([ipseckey], [c charon]) -ADD_PLUGIN([pem], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([pem], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen fuzz]) ADD_PLUGIN([padlock], [s charon]) -ADD_PLUGIN([openssl], [s charon pki scripts manager medsrv attest nm cmd aikgen]) -ADD_PLUGIN([wolfssl], [s charon pki scripts manager medsrv attest nm cmd aikgen]) -ADD_PLUGIN([gcrypt], [s charon pki scripts manager medsrv attest nm cmd aikgen]) -ADD_PLUGIN([botan], [s charon pki scripts manager medsrv attest nm cmd aikgen]) -ADD_PLUGIN([pkcs8], [s charon pki scripts manager medsrv attest nm cmd]) -ADD_PLUGIN([af-alg], [s charon pki scripts medsrv attest nm cmd aikgen]) +ADD_PLUGIN([openssl], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([wolfssl], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([gcrypt], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([botan], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([pkcs8], [s charon swanctl pki scripts manager medsrv attest nm cmd]) +ADD_PLUGIN([af-alg], [s charon swanctl pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([fips-prf], [s charon nm cmd]) -ADD_PLUGIN([gmp], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz]) -ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd]) +ADD_PLUGIN([gmp], [s charon swanctl pki scripts manager medsrv attest nm cmd aikgen fuzz]) +ADD_PLUGIN([curve25519], [s charon swanctl pki scripts nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd]) ADD_PLUGIN([keychain], [s charon cmd]) ADD_PLUGIN([chapoly], [s charon scripts nm cmd]) ADD_PLUGIN([xcbc], [s charon nm cmd]) ADD_PLUGIN([cmac], [s charon nm cmd]) -ADD_PLUGIN([hmac], [s charon pki scripts nm cmd]) -ADD_PLUGIN([kdf], [s charon pki scripts nm cmd]) +ADD_PLUGIN([hmac], [s charon swanctl pki scripts nm cmd]) +ADD_PLUGIN([kdf], [s charon swanctl pki scripts nm cmd]) ADD_PLUGIN([ctr], [s charon scripts nm cmd]) ADD_PLUGIN([ccm], [s charon scripts nm cmd]) ADD_PLUGIN([gcm], [s charon scripts nm cmd]) ADD_PLUGIN([ml], [s charon scripts nm cmd]) -ADD_PLUGIN([drbg], [s charon pki scripts nm cmd]) +ADD_PLUGIN([drbg], [s charon swanctl pki scripts nm cmd]) ADD_PLUGIN([curl], [s charon pki scripts nm cmd]) ADD_PLUGIN([files], [s charon pki scripts nm cmd]) ADD_PLUGIN([winhttp], [s charon pki scripts]) @@ -1677,6 +1678,7 @@ ADD_PLUGIN([unity], [c charon]) ADD_PLUGIN([counters], [c charon]) AC_SUBST(charon_plugins) +AC_SUBST(swanctl_plugins) AC_SUBST(pool_plugins) AC_SUBST(attest_plugins) AC_SUBST(pki_plugins) diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 1bd743883d..496e521f9d 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -38,7 +38,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libcharon/plugins/vici \ -DSWANCTLDIR=\""${swanctldir}\"" \ - -DPLUGINS=\""${s_plugins}\"" + -DPLUGINS=\""${swanctl_plugins}\"" man_MANS = \ swanctl.8 \