Dev news

Commit 0d10fa6dda for strongswan.org

commit 0d10fa6dda5bc105029280187687b94fd0835267
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Tue Mar 10 17:43:08 2026 +0100

    conf: Generate and install config snippets also for charon-cmd and charon-nm

    This allows easier customization for distributions (e.g. disable some
    plugins by default).

diff --git a/conf/Makefile.am b/conf/Makefile.am
index 5b90e00dec..feb1687760 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -2,6 +2,8 @@
 strongswanconfdir = `dirname $(strongswan_conf)`
 strongswanddir = $(strongswanconfdir)/strongswan.d
 charonconfdir = $(strongswanddir)/charon
+cmdconfdir = $(strongswanddir)/charon-cmd
+nmconfdir = $(strongswanddir)/charon-nm
 # copy these files also to /usr/share
 templatesdir = $(pkgdatadir)/templates/config
 optionstemplatedir = $(templatesdir)/strongswan.d
@@ -11,6 +13,7 @@ options = \
 	options/aikgen.opt \
 	options/attest.opt \
 	options/charon.opt \
+	options/charon-cmd.opt \
 	options/charon-logging.opt \
 	options/charon-nm.opt \
 	options/charon-systemd.opt \
@@ -110,9 +113,20 @@ alloptions = $(options) $(plugins)

 confsnippets = $(alloptions:opt=conf)

-# we only install snippets for enabled plugins
-plugins_install_tmp = $(charon_plugins:%=plugins/%.tmp)
-plugins_install_src = $(charon_plugins:%=plugins/%.conf)
+# we only install snippets for enabled plugins (see configure script)
+plugins_install_tmp = $(config_plugins:%=plugins/%.tmp)
+plugins_install_src = $(config_plugins:%=plugins/%.conf)
+
+if USE_CHARON
+charon_install_src = $(charon_plugins:%=plugins/%.conf)
+endif
+if USE_CMD
+cmd_install_src = $(cmd_plugins:%=plugins/%.conf)
+endif
+if USE_NM
+nm_install_src = $(nm_plugins:%=plugins/%.conf)
+endif
+
 # only install snippets for enabled components
 # has to be defined via autoconf as we can't do it with automake conditionals
 options_install_src = $(strongswan_options:%=options/%.conf)
@@ -174,14 +188,26 @@ maintainer-clean-local:
 install-data-local: $(plugins_install_src)
 	test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true
 	test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true
-	test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
+	test -e "$(DESTDIR)${charonconfdir}" || test -z "${charon_install_src}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
+	test -e "$(DESTDIR)${cmdconfdir}" || test -z "${cmd_install_src}" || $(INSTALL) -d "$(DESTDIR)$(cmdconfdir)" || true
+	test -e "$(DESTDIR)${nmconfdir}" || test -z "${nm_install_src}" || $(INSTALL) -d "$(DESTDIR)$(nmconfdir)" || true
 	test -e "$(DESTDIR)$(strongswan_conf)" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswan_conf) || true
 	for f in $(options_install_src); do \
 		name=`basename $$f`; \
 		test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 "$(srcdir)/$$f" "$(DESTDIR)$(strongswanddir)/$$name" || true; \
 	done
-	for f in $(plugins_install_src); do \
+	for f in $(charon_install_src); do \
 		name=`basename $$f`; \
 		if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \
 		test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(charonconfdir)/$$name" || true; \
 	done
+	for f in $(cmd_install_src); do \
+		name=`basename $$f`; \
+		if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \
+		test -f "$(DESTDIR)$(cmdconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(cmdconfdir)/$$name" || true; \
+	done
+	for f in $(nm_install_src); do \
+		name=`basename $$f`; \
+		if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \
+		test -f "$(DESTDIR)$(nmconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(nmconfdir)/$$name" || true; \
+	done
diff --git a/conf/options/charon-cmd.opt b/conf/options/charon-cmd.opt
new file mode 100644
index 0000000000..38f2e77805
--- /dev/null
+++ b/conf/options/charon-cmd.opt
@@ -0,0 +1,10 @@
+charon-cmd {}
+	Section with settings specific to the CLI client `charon-cmd`.
+	Settings from the `charon` section are not inherited, but many can be used
+	here as well.
+
+charon-cmd.load_modular := yes
+	Load only explicitly enabled plugins
+
+charon-cmd.plugins.include charon-cmd/*.conf
+	Plugin config snippets used by charon-cmd
diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt
index 1ee878ccb6..68d8bc73e9 100644
--- a/conf/options/charon-nm.opt
+++ b/conf/options/charon-nm.opt
@@ -12,6 +12,9 @@ charon-nm.install_virtual_ip_on = lo
 	Interface on which virtual IP addresses are installed. Note that NM
 	also installs the virtual IPs on the XFRM interface.

+charon-nm.load_modular := yes
+	Load only explicitly enabled plugins
+
 charon-nm.mtu = 1400
 	MTU for XFRM interfaces created by the NM plugin.

@@ -43,6 +46,9 @@ charon-nm.routing_table_prio = 210
 	Priority of the routing table. Higher than the default priority used for the
 	regular IKE daemon.

+charon-nm.plugins.include charon-nm/*.conf
+	Plugin config snippets used by charon-nm
+
 charon-nm.plugins.kernel-netlink.fwmark = !210
 	Make packets with this mark ignore the routing table. Must be the same mark
 	set in charon-nm.plugins.socket-default.fwmark.
diff --git a/configure.ac b/configure.ac
index d4d597cbe6..391e15b869 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1950,9 +1950,17 @@ if test "x$plugins_packaged_seperately" != xno; then
 fi


-# ====================================================
-#  options for enabled modules (see conf/Makefile.am)
-# ====================================================
+# ===============================================================
+#  plugins and options for enabled modules (see conf/Makefile.am)
+# ===============================================================
+
+config_plugins=
+
+AM_COND_IF([USE_CHARON], [config_plugins=${config_plugins}" ${charon_plugins}"])
+AM_COND_IF([USE_CMD], [config_plugins=${config_plugins}" ${cmd_plugins}"])
+AM_COND_IF([USE_NM], [config_plugins=${config_plugins}" ${nm_plugins}"])
+
+AC_SUBST(config_plugins, [`echo -n "${config_plugins}" | tr ' ' '\n' | sort | uniq | tr '\n' ' '`])

 strongswan_options=

@@ -1967,6 +1975,7 @@ AM_COND_IF([USE_IMV_SWIMA], [strongswan_options=${strongswan_options}" sec-updat
 AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
 AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
 AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
+AM_COND_IF([USE_CMD], [strongswan_options=${strongswan_options}" charon-cmd"])
 AM_COND_IF([USE_NM], [strongswan_options=${strongswan_options}" charon-nm"])
 AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"])
 AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"])