From 25df40c90a691979f5ffa685360e73ffdf58fa0a Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Sun, 3 Sep 2006 17:43:25 +0000 Subject: [PATCH] Add isakmpd, OpenBSD's IKE daemon SVN-Revision: 4741 --- openwrt/package/isakmpd/Makefile | 50 ++++++ .../isakmpd/patches/01-standardize.patch | 132 +++++++++++++++ .../isakmpd/patches/02-openssl_hashes.patch | 154 ++++++++++++++++++ 3 files changed, 336 insertions(+) create mode 100644 openwrt/package/isakmpd/Makefile create mode 100644 openwrt/package/isakmpd/patches/01-standardize.patch create mode 100644 openwrt/package/isakmpd/patches/02-openssl_hashes.patch diff --git a/openwrt/package/isakmpd/Makefile b/openwrt/package/isakmpd/Makefile new file mode 100644 index 00000000000..d0ae6f6c977 --- /dev/null +++ b/openwrt/package/isakmpd/Makefile @@ -0,0 +1,50 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id: Makefile 4619 2006-08-22 09:50:02Z florian $ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=isakmpd +PKG_VERSION:=20040115cvs +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=@SF/isakmpd +PKG_MD5SUM:=9f59b10d57cfed5e95743255f1c1620d +PKG_CAT:=bzcat + +PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/kernel.mk + +define Package/isakmpd +SECTION:=base +CATEGORY:=Network +DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp +TITLE:=IPsec management tools +DESCRIPTION:=IPsec management tools +URL:=http://isakmpd.sourceforge.net/ +endef + +define Build/Compile + $(call Build/Compile/Default,LINUX_DIR="$(LINUX_DIR)" \ + STAGING_DIR="$(STAGING_DIR)" \ + DESTDIR="$(PKG_INSTALL_DIR)") + $(MAKE) -C $(PKG_BUILD_DIR) \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + INSTALL="install -c" \ + install-bin +endef + +define Package/isakmpd/install + install -d -m0755 $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/* $(1)/ +endef + +$(eval $(call BuildPackage,isakmpd)) diff --git a/openwrt/package/isakmpd/patches/01-standardize.patch b/openwrt/package/isakmpd/patches/01-standardize.patch new file mode 100644 index 00000000000..74ffac2d50c --- /dev/null +++ b/openwrt/package/isakmpd/patches/01-standardize.patch @@ -0,0 +1,132 @@ +diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile +--- isakmpd/GNUmakefile 2004-01-16 13:36:32.000000000 +0100 ++++ isakmpd.new/GNUmakefile 2006-09-03 17:33:03.000000000 +0200 +@@ -40,12 +40,12 @@ + # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec. + # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5 + # and later with native IPSec support. +-OS= openbsd ++#OS= openbsd + #OS= netbsd + #OS= freebsd + #OS= freeswan + #OS= darwin +-#OS= linux ++OS= linux + + .CURDIR:= $(shell pwd) + VPATH= ${.CURDIR}/sysdep/${OS} +@@ -53,11 +53,11 @@ + PROG= isakmpd + + ifndef BINDIR +-BINDIR= /sbin +-endif +-ifndef LDSTATIC +-LDSTATIC= -static ++BINDIR= /usr/sbin + endif ++#ifndef LDSTATIC ++#LDSTATIC= -static ++#endif + + SRCS= app.c attribute.c cert.c connection.c \ + constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \ +@@ -154,7 +154,7 @@ + + ifdef USE_KEYNOTE + USE_LIBCRYPTO= yes +-LDADD+= -lkeynote -lm ++LDADD+= -L${LIBKEYNOTEDIR} -lkeynote -lm + DPADD+= ${LIBKEYNOTE} ${LIBM} + POLICY= policy.c + CFLAGS+= -DUSE_KEYNOTE +@@ -238,3 +238,16 @@ + + realcleandepend: + rm -f .depend tags ++ ++# Install rules ++install: install-bin install-man ++ ++install-bin: isakmpd ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR) ++ ++install-man: ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(MANDIR)/man5 ++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5 +diff -urN isakmpd/samples/Makefile isakmpd.new/samples/Makefile +--- isakmpd/samples/Makefile 2003-06-03 16:39:50.000000000 +0200 ++++ isakmpd.new/samples/Makefile 2006-09-03 17:07:24.000000000 +0200 +@@ -26,7 +26,7 @@ + # + + FILES= VPN-* policy singlehost-* +-TARGETDIR= /usr/share/ipsec/isakmpd ++TARGETDIR= /usr/share/isakmpd/samples + + # The mkdir below is for installation on OpenBSD pre 2.7 + install: +diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep +--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2004-01-16 13:36:42.000000000 +0100 ++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-03 17:16:48.000000000 +0200 +@@ -25,18 +25,20 @@ + # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + # + +-LIBGMP:= /usr/lib/libgmp.a +-LIBCRYPTO:= /usr/lib/libcrypto.a ++LIBGMP:= -lgmp ++LIBCRYPTO:= -lcrypto + LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep + LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a + +-LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} ++LIBKEYNOTEDIR:= $(STAGING_DIR)/usr/include ++ ++LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} -L$(STAGING_DIR)/usr/lib + DPADD+= ${LIBGMP} ${LIBSYSDEP} + + CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ + -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \ +- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \ +- -I/usr/include/openssl ++ -I$(LINUX_DIR)/include -I${.CURDIR}/sysdep/common \ ++ -I$(STAGING_DIR)/usr/include/openssl -I${LIBKEYNOTEDIR} + + FEATURES= debug tripledes blowfish cast ec aggressive x509 policy + +@@ -50,7 +52,7 @@ + # hack libsysdep.a dependenc + ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: + cd ${LIBSYSDEPDIR} && \ +- ${MAKE} --no-print-directory ${MAKEFLAGS} \ ++ ${MAKE} --no-print-directory \ + CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS} + + ifeq ($(findstring clean,$(MAKECMDGOALS)),clean) +diff -urN isakmpd/x509.c isakmpd.new/x509.c +--- isakmpd/x509.c 2004-01-06 01:09:19.000000000 +0100 ++++ isakmpd.new/x509.c 2006-09-03 17:07:24.000000000 +0200 +@@ -969,14 +969,14 @@ + * trust. + */ + X509_STORE_CTX_init (&csc, x509_cas, cert, NULL); +-#if OPENSSL_VERSION_NUMBER >= 0x00907000L +- /* XXX See comment in x509_read_crls_from_dir. */ +- if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) ++//#if OPENSSL_VERSION_NUMBER >= 0x00907000L ++ /* XXX See comment in x509_read_crls_from_dir. */ ++ /*if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) + { + X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK); + X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK_ALL); + } +-#endif ++#endif */ + res = X509_verify_cert (&csc); + err = csc.error; + X509_STORE_CTX_cleanup (&csc); diff --git a/openwrt/package/isakmpd/patches/02-openssl_hashes.patch b/openwrt/package/isakmpd/patches/02-openssl_hashes.patch new file mode 100644 index 00000000000..680db86a31d --- /dev/null +++ b/openwrt/package/isakmpd/patches/02-openssl_hashes.patch @@ -0,0 +1,154 @@ +diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile +--- isakmpd/GNUmakefile 2006-09-01 19:29:05.000000000 +0200 ++++ isakmpd.new/GNUmakefile 2006-09-01 19:29:28.000000000 +0200 +@@ -75,13 +75,14 @@ + isakmp_fld.c isakmp_fld.h + MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 + +-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \ ++CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \ + -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \ + + # Different debugging & profiling suggestions + + # Include symbolic debugging info + DEBUG= -g ++CFLAGS+= -g + + # Do execution time profiles + #CFLAGS+= -pg +@@ -172,6 +173,14 @@ + CFLAGS+= -DUSE_RAWKEY + endif + ++ifdef USE_OPENSSL_MD5 ++CFLAGS+= -DUSE_OPENSSL_MD5 ++endif ++ ++ifdef USE_OPENSSL_SHA1 ++CFLAGS+= -DUSE_OPENSSL_SHA1 ++endif ++ + SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ + $(ISAKMP_CFG) + CFLAGS+= ${IPSEC_CFLAGS} +diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile +--- isakmpd/sysdep/common/libsysdep/GNUmakefile 2003-06-03 16:52:06.000000000 +0200 ++++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile 2006-09-01 19:29:28.000000000 +0200 +@@ -31,10 +31,18 @@ + .CURDIR:= $(shell pwd) + + LIB= sysdep +-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c ++SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c + NOMAN= + CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine + ++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS))) ++SRCS+=md5.c ++endif ++ ++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS))) ++SRCS+=sha1.c ++endif ++ + lib${LIB}.a: ${SRCS:%.c=%.o} + ar cq $@ ${SRCS:%.c=%.o} + +diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c +--- isakmpd/sysdep/common/libsysdep/md5.c 2002-06-14 23:34:58.000000000 +0200 ++++ isakmpd.new/sysdep/common/libsysdep/md5.c 2006-09-01 19:29:28.000000000 +0200 +@@ -5,6 +5,8 @@ + * changes to accommodate it in the kernel by ji. + */ + ++#ifndef USE_OPENSSL_MD5 ++ + /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +@@ -390,3 +392,4 @@ + #endif + #endif + ++#endif /* USE_OPENSSL_MD5 */ +diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c +--- isakmpd/sysdep/common/libsysdep/sha1.c 2001-01-28 23:38:48.000000000 +0100 ++++ isakmpd.new/sysdep/common/libsysdep/sha1.c 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,7 @@ + /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */ + ++#ifndef USE_OPENSSL_SHA1 ++ + /* + SHA-1 in C + By Steve Reid +@@ -171,3 +173,5 @@ + SHA1Transform(context->state, context->buffer); + #endif + } ++ ++#endif /* USE_OPENSSL_SHA1 */ +diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h +--- isakmpd/sysdep/common/md5.h 2001-01-28 23:38:47.000000000 +0100 ++++ isakmpd.new/sysdep/common/md5.h 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,15 @@ + /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_MD5 ++ ++#include ++ ++#define MD5Init MD5_Init ++#define MD5Update MD5_Update ++#define MD5Final MD5_Final ++ ++#else /* USE_OPENSSL_MD5 */ ++ + /* GLOBAL.H - RSAREF types and constants + */ + +@@ -71,3 +81,5 @@ + void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); + + #define _MD5_H_ ++ ++#endif /* USE_OPENSSL_MD5 */ +diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h +--- isakmpd/sysdep/common/sha1.h 2001-01-28 23:38:47.000000000 +0100 ++++ isakmpd.new/sysdep/common/sha1.h 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,16 @@ + /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_SHA1 ++ ++#include ++ ++typedef SHA_CTX SHA1_CTX; ++#define SHA1Init SHA1_Init ++#define SHA1Update SHA1_Update ++#define SHA1Final SHA1_Final ++ ++#else /* USE_OPENSSL_SHA1 */ ++ + /* + SHA-1 in C + By Steve Reid +@@ -16,3 +27,5 @@ + void SHA1Init(SHA1_CTX* context); + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len); + void SHA1Final(unsigned char digest[20], SHA1_CTX* context); ++ ++#endif /* USE_OPENSSL_SHA1 */ +diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep +--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:05.000000000 +0200 ++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:29.000000000 +0200 +@@ -48,6 +48,8 @@ + USE_LIBCRYPO= defined + HAVE_DLOPEN= defined + USE_KEYNOTE= defined ++USE_OPENSSL_MD5= defined ++USE_OPENSSL_SHA1= defined + + # hack libsysdep.a dependenc + ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: -- 2.30.2