Conversation
Add packaging/manifest.json and packaging/docs/pgsql-plugin.md that describe packages, platforms, and documentation for the manifest-driven site generation in structured-world/repo (PR strongswan#20).
There was a problem hiding this comment.
Pull request overview
Adds packaging metadata and documentation to support manifest-driven repository/site generation and to document the PostgreSQL plugin setup.
Changes:
- Added
packaging/manifest.jsondescribing the project, packages, platforms, and documentation slugs. - Added
packaging/docs/pgsql-plugin.mddocumenting installation and configuration for the PostgreSQL plugin.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| packaging/manifest.json | Introduces a JSON manifest for site/repo metadata (packages, platform setup commands, doc index). |
| packaging/docs/pgsql-plugin.md | Adds end-user documentation for installing and configuring the PostgreSQL plugin. |
| sudo dnf install strongswan-pgsql | ||
| ``` | ||
|
|
||
| **Supported versions:** Fedora 40, 41, 42 |
There was a problem hiding this comment.
Fedora support here omits Fedora 39, but packaging/manifest.json (and the RPM build matrix in .github/workflows/build-packages.yml) lists Fedora 39-42. Please keep the supported-version list consistent with the manifest/build targets.
| **Supported versions:** Fedora 40, 41, 42 | |
| **Supported versions:** Fedora 39, 40, 41, 42 |
| -- Grant permissions | ||
| GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO strongswan; | ||
| GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO strongswan; |
There was a problem hiding this comment.
These GRANTs won’t grant privileges on tables/sequences created later (they only apply to existing objects). Either move the GRANTs to after schema creation and/or use ALTER DEFAULT PRIVILEGES so tables/sequences created by the schema load are actually accessible to the strongswan role.
| -- Grant permissions | |
| GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO strongswan; | |
| GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO strongswan; | |
| -- Grant permissions on existing objects in the public schema | |
| GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO strongswan; | |
| GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO strongswan; | |
| -- Ensure future tables and sequences created in the public schema | |
| -- (e.g. when loading the strongSwan schema) are also accessible | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO strongswan; | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO strongswan; |
| The SQL schema for strongSwan is included in the strongSwan source. You can find it at: | ||
| - `/usr/share/strongswan/templates/database/sql/tables.sql` (if available) | ||
| - Or download from [strongSwan GitHub](https://github.com/strongswan/strongswan/tree/master/src/pool/sql) | ||
|
|
||
| Example schema initialization: | ||
|
|
||
| ```bash | ||
| psql -U strongswan -d strongswan -f /path/to/tables.sql |
There was a problem hiding this comment.
This references /usr/share/strongswan/templates/database/sql/tables.sql, but the repository installs mysql.sql and sqlite.sql under that directory (see src/pool/Makefile.am). There doesn’t appear to be a tables.sql (or PostgreSQL-specific schema) in this repo, so these instructions will send users to a non-existent file. Please update this section to point to the actual installed schema files and/or provide a PostgreSQL-specific schema/conversion guidance.
| The SQL schema for strongSwan is included in the strongSwan source. You can find it at: | |
| - `/usr/share/strongswan/templates/database/sql/tables.sql` (if available) | |
| - Or download from [strongSwan GitHub](https://github.com/strongswan/strongswan/tree/master/src/pool/sql) | |
| Example schema initialization: | |
| ```bash | |
| psql -U strongswan -d strongswan -f /path/to/tables.sql | |
| The SQL schemas for strongSwan are included in the strongSwan source and usually installed under: | |
| - `/usr/share/strongswan/templates/database/sql/mysql.sql` | |
| - `/usr/share/strongswan/templates/database/sql/sqlite.sql` | |
| You can also download them from [strongSwan GitHub](https://github.com/strongswan/strongswan/tree/master/src/pool/sql). | |
| strongSwan does not currently ship an official PostgreSQL schema. To use PostgreSQL, start from `mysql.sql` and adapt it: | |
| - Replace MySQL-specific types (e.g. `TINYINT(1)` → `BOOLEAN`, `INT(10)` → `INTEGER`). | |
| - Replace `AUTO_INCREMENT` with `GENERATED BY DEFAULT AS IDENTITY` (or a suitable serial type). | |
| - Remove engine/charset clauses (e.g. `ENGINE=InnoDB DEFAULT CHARSET=utf8;`). | |
| - Replace backtick-quoted identifiers (`` `id` ``) with double quotes (`"id"`) or unquoted identifiers. | |
| Save the converted schema as a separate file, for example `/usr/share/strongswan/templates/database/sql/strongswan-pgsql.sql`, then initialize the database: | |
| ```bash | |
| psql -U strongswan -d strongswan -f /usr/share/strongswan/templates/database/sql/strongswan-pgsql.sql |
| ### 4. Enable SQL Plugin | ||
|
|
||
| Edit `/etc/strongswan.conf` or `/etc/strongswan.d/charon.conf`: | ||
|
|
||
| ``` | ||
| charon { | ||
| plugins { | ||
| sql { | ||
| database = postgresql://strongswan:password@localhost/strongswan | ||
| } | ||
| } | ||
| } | ||
| ``` |
There was a problem hiding this comment.
The doc currently instructs configuring the SQL plugin in both /etc/strongswan.d/charon/sql.conf (Step 3) and in strongswan.conf / charon.conf (Step 4). These are alternative configuration mechanisms; documenting both as sequential steps is confusing and the example passwords differ (your_secure_password vs password). Consider picking one recommended approach (and making the examples consistent) to avoid users ending up with conflicting settings.
| ### 4. Enable SQL Plugin | |
| Edit `/etc/strongswan.conf` or `/etc/strongswan.d/charon.conf`: | |
| ``` | |
| charon { | |
| plugins { | |
| sql { | |
| database = postgresql://strongswan:password@localhost/strongswan | |
| } | |
| } | |
| } | |
| ``` | |
| ### 4. Verify SQL Plugin Configuration | |
| The `sql` plugin will read its database settings from `/etc/strongswan.d/charon/sql.conf` as configured in the previous step. | |
| Make sure you do **not** also configure `charon.plugins.sql.database` in `/etc/strongswan.conf` or `/etc/strongswan.d/charon.conf`, as multiple conflicting settings can lead to unexpected behavior. | |
| If you prefer using a monolithic configuration file, you may define the same `database` URI in `strongswan.conf` or `charon.conf` **instead of** `sql.conf`, but only one configuration source should be used at a time. |
| "summary": "Responds to Windows DHCP INFORM requests with split-tunnel routes from PostgreSQL. Delivers classless static routes via DHCP option 121/249.", | ||
| "category": "plugin-green", | ||
| "icon": "globe", | ||
| "requires": "strongswan-pgsql" |
There was a problem hiding this comment.
The manifest describes strongswan-dhcp-inform as pulling routes specifically from PostgreSQL and marks it as requiring strongswan-pgsql, but the plugin’s own config/docs indicate it can use PostgreSQL/MySQL/SQLite via the generic database abstraction (e.g., src/libcharon/plugins/dhcp_inform/dhcp-inform.conf). If the plugin isn’t actually PostgreSQL-only, consider generalizing the summary and making the dependency optional (or platform-specific) to avoid misleading users.
| "summary": "Responds to Windows DHCP INFORM requests with split-tunnel routes from PostgreSQL. Delivers classless static routes via DHCP option 121/249.", | |
| "category": "plugin-green", | |
| "icon": "globe", | |
| "requires": "strongswan-pgsql" | |
| "summary": "Responds to Windows DHCP INFORM requests with split-tunnel routes from a configured SQL database (e.g., PostgreSQL/MySQL/SQLite). Delivers classless static routes via DHCP option 121/249.", | |
| "category": "plugin-green", | |
| "icon": "globe", | |
| "requires": "strongswan-sw" |
|
|
||
| # Install | ||
| sudo apt update | ||
| sudo apt install libstrongswan-pgsql |
There was a problem hiding this comment.
The DEB package name appears to be strongswan-pgsql (see .github/workflows/build-packages.yml where the control file sets Package: strongswan-pgsql). libstrongswan-pgsql is the shared object filename, not the installable package, so this install command will fail for users.
| sudo apt install libstrongswan-pgsql | |
| sudo apt install strongswan-pgsql |
| sudo apt install libstrongswan-pgsql | ||
| ``` | ||
|
|
||
| **Supported versions:** Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble) |
There was a problem hiding this comment.
This section is titled "Ubuntu / Debian" but the supported-versions line only lists Ubuntu. The manifest (packaging/manifest.json) includes Debian 12 (bookworm), so either document Debian support here too or adjust the heading/supported versions to match what's actually supported.
| **Supported versions:** Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble) | |
| **Supported versions:** Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble), Debian 12 (bookworm) |
Summary
packaging/manifest.jsondescribing packages, platforms, and docs for manifest-driven site generationpackaging/docs/pgsql-plugin.mdfor PostgreSQL Plugin documentationPart of structured-world/repo#19 (Phase 2: source repo changes).
Test plan