From 3248b43c8bec39c3b2759125b4c776070e467939 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 2 Jun 2011 14:24:20 +0000 Subject: [PATCH] [package] update strongswan4 to 4.5.2 Update version of strongswan4 package from 4.5.1 to 4.5.2. Add new strongswan4 plugins: coupling, duplicheck, whitelist. Add strongswan4-libfast package and make build dependencies on clearsilver and fcgi conditional. Previously libfast was being built, but not packaged. Now libfast will only be built when the it's package is selected. Remove ipsec.conf and strongswan.conf and use configuration files from upstream instead. The previously provided strongswan.conf was not functional. Omit strongswan4-mod-kernel-klips from strongswan4-full meta package in favor of strongswan4-mod-kernel-netlink. Only one of these two kernel interfaces should be installed. Omit strongswan4-mod-socket-default from strongswan4-full meta package in favor of strongswan4-mod-socket-raw. Only the raw socket allows charon to run while pluto is also running. Make all build dependencies on libraries required by strongswan4 plugins conditional. Signed-off-by: Lars Hjersted SVN-Revision: 27092 --- net/strongswan4/Makefile | 105 ++++++++++++++------------ net/strongswan4/files/ipsec.conf | 19 ----- net/strongswan4/files/strongswan.conf | 18 ----- 3 files changed, 57 insertions(+), 85 deletions(-) delete mode 100644 net/strongswan4/files/ipsec.conf delete mode 100644 net/strongswan4/files/strongswan.conf diff --git a/net/strongswan4/Makefile b/net/strongswan4/Makefile index 01d1a51fef..999c237acb 100644 --- a/net/strongswan4/Makefile +++ b/net/strongswan4/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan -PKG_VERSION:=4.5.1 +PKG_VERSION:=4.5.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://download.strongswan.org/ -PKG_MD5SUM:=81a4a699c4a1a49b74061dfa47b5a033 +PKG_MD5SUM:=ac33b8f849a274127f84df0838cae953 PKG_MOD_AVAILABLE:= \ aes \ @@ -22,10 +22,12 @@ PKG_MOD_AVAILABLE:= \ attr-sql \ blowfish \ constraints \ + coupling \ curl \ des \ dhcp \ dnskey \ + duplicheck \ eap-md5 \ eap-mschapv2 \ eap-radius \ @@ -62,13 +64,14 @@ PKG_MOD_AVAILABLE:= \ stroke \ uci \ updown \ + whitelist \ x509 \ xauth \ xcbc \ PKG_BUILD_DEPENDS:= \ - clearsilver \ - fcgi \ + PACKAGE_strongswan4-libfast:clearsilver \ + PACKAGE_strongswan4-libfast:fcgi \ PKG_CONFIG_DEPENDS:= \ CONFIG_STRONGSWAN4_ENABLE_CISCO_QUIRKS \ @@ -128,16 +131,19 @@ $(call Package/strongswan4/Default) DEPENDS:= strongswan4 \ +strongswan4-app-charon \ +strongswan4-app-pluto \ + +strongswan4-libfast \ +strongswan4-mod-aes \ +strongswan4-mod-agent \ +strongswan4-mod-attr \ +strongswan4-mod-attr-sql \ +strongswan4-mod-blowfish \ +strongswan4-mod-constraints \ + +strongswan4-mod-coupling \ +strongswan4-mod-curl \ +strongswan4-mod-des \ +strongswan4-mod-dhcp \ +strongswan4-mod-dnskey \ + +strongswan4-mod-duplicheck \ +strongswan4-mod-eap-md5 \ +strongswan4-mod-eap-mschapv2 \ +strongswan4-mod-eap-radius \ @@ -146,7 +152,6 @@ $(call Package/strongswan4/Default) +strongswan4-mod-gcrypt \ +strongswan4-mod-gmp \ +strongswan4-mod-hmac \ - +strongswan4-mod-kernel-klips \ +strongswan4-mod-kernel-netlink \ +strongswan4-mod-kernel-pfkey \ +strongswan4-mod-ldap \ @@ -167,13 +172,13 @@ $(call Package/strongswan4/Default) +strongswan4-mod-sha1 \ +strongswan4-mod-sha2 \ +strongswan4-mod-smp \ - +strongswan4-mod-socket-default \ +strongswan4-mod-socket-raw \ +strongswan4-mod-sql \ +strongswan4-mod-sqlite \ +strongswan4-mod-stroke \ +strongswan4-mod-uci \ +strongswan4-mod-updown \ + +strongswan4-mod-whitelist \ +strongswan4-mod-x509 \ +strongswan4-mod-xauth \ +strongswan4-mod-xcbc \ @@ -183,7 +188,9 @@ endef define Package/strongswan4-full/description $(call Package/strongswan4/description/Default) . - This meta-package contains only dependencies for a complete setup. + This meta-package contains dependencies for all of the strongswan4 + plugins except kernel-klips and socket-default which are ommitted in + favor of the kernel-netlink and socket-raw plugins. endef @@ -281,6 +288,20 @@ $(call Package/strongswan4/description/Default) endef +define Package/strongswan4-libfast +$(call Package/strongswan4/Default) + TITLE+= libfast + DEPENDS:= strongswan4 +endef + +define Package/strongswan4-libfast/description +$(call Package/strongswan4/description/Default) + . + This package contains libfast, a lightweight framework to build native + web applications using ClearSilver and FastCGI. +endef + + define Package/strongswan4-utils $(call Package/strongswan4/Default) TITLE+= utilities @@ -323,6 +344,7 @@ CONFIGURE_ARGS+= \ $(if $(CONFIG_STRONGSWAN4_ENABLE_XAUTH_VID),--enable-xauth-vid,--disable-xauth-vid) \ --disable-scripts \ --disable-static \ + $(if $(CONFIG_PACKAGE_strongswan4-libfast),--enable-fast,--disable-fast) \ $(if $(CONFIG_PACKAGE_strongswan4-utils),--enable-tools,--disable-tools) \ --with-random-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_RANDOM))" \ --with-urandom-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_URANDOM))" \ @@ -332,7 +354,9 @@ CONFIGURE_ARGS+= \ $(if $(CONFIG_PACKAGE_strongswan4-mod-$(m)),--enable-$(m),--disable-$(m)) \ ) \ -EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver +ifneq ($(CONFIG_PACKAGE_strongswan4-libfast),) + EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver +endif EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib @@ -346,23 +370,14 @@ endef define Package/strongswan4/install $(INSTALL_DIR) $(1)/etc $(CP) -R $(PKG_INSTALL_DIR)/etc/ipsec.d $(1)/etc/ + $(CP) $(PKG_INSTALL_DIR)/etc/{ipsec.conf,strongswan.conf} $(1)/etc/ $(INSTALL_DIR) $(1)/usr/lib - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/libstrongswan.so.* \ - $(PKG_INSTALL_DIR)/usr/lib/libhydra.so.* \ - $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_copyright \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/starter \ - $(1)/usr/lib/ipsec/ - $(INSTALL_CONF) \ - ./files/ipsec.conf \ - ./files/ipsec.secrets \ - ./files/strongswan.conf \ - $(1)/etc/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_copyright,starter} $(1)/usr/lib/ipsec/ + $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ endef @@ -385,46 +400,36 @@ define Package/strongswan4-app-charon/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcharon.so.* $(1)/usr/lib/ $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/stroke \ - $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{charon,stroke} $(1)/usr/lib/ipsec/ endef define Package/strongswan4-app-pluto/install $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pluto \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_pluto_adns \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/whack \ - $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{pluto,_pluto_adns,whack} $(1)/usr/lib/ipsec/ +endef + + +define Package/strongswan4-libfast/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfast.so.* $(1)/usr/lib/ endef define Package/strongswan4-utils/install $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/openac \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pki \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient \ - $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/ endef define Plugin/attr-sql/install $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool \ - $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/ endef define Plugin/updown/install $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown \ - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown_espmark \ - $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ endef @@ -434,6 +439,7 @@ $(eval $(call BuildPackage,strongswan4-full)) $(eval $(call BuildPackage,strongswan4-minimal)) $(eval $(call BuildPackage,strongswan4-app-charon)) $(eval $(call BuildPackage,strongswan4-app-pluto)) +$(eval $(call BuildPackage,strongswan4-libfast)) $(eval $(call BuildPackage,strongswan4-utils)) $(eval $(call BuildPlugin,aes,AES crypto,)) @@ -442,22 +448,24 @@ $(eval $(call BuildPlugin,attr,File-based config attr,)) $(eval $(call BuildPlugin,attr-sql,SQL-based config attrib,+strongswan4-mod-sql)) $(eval $(call BuildPlugin,blowfish,Blowfish crypto,)) $(eval $(call BuildPlugin,constraints,X.509 constraint checking,)) -$(eval $(call BuildPlugin,curl,cURL,+libcurl)) +$(eval $(call BuildPlugin,coupling,Peer certificate coupling,)) +$(eval $(call BuildPlugin,curl,cURL,+PACKAGE_strongswan4-mod-curl:libcurl)) $(eval $(call BuildPlugin,des,DES crypto,)) $(eval $(call BuildPlugin,dhcp,DHCP-based IP and DNS,)) $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,)) +$(eval $(call BuildPlugin,duplicheck,Duplicate checking,)) $(eval $(call BuildPlugin,eap-md5,MD5 EAP (CHAP) auth,)) $(eval $(call BuildPlugin,eap-mschapv2,MS-CHAPv2 EAP auth,)) $(eval $(call BuildPlugin,eap-radius,RADIUS proxy auth,)) $(eval $(call BuildPlugin,farp,Fake arp respsonses,)) $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,)) -$(eval $(call BuildPlugin,gcrypt,libgcrypt,+libgcrypt)) -$(eval $(call BuildPlugin,gmp,libgmp,+libgmp)) +$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan4-mod-gcrypt:libgcrypt)) +$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan4-mod-gmp:libgmp)) $(eval $(call BuildPlugin,hmac,HMAC crypto,)) $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,)) $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,)) -$(eval $(call BuildPlugin,ldap,LDAP,+libopenldap)) +$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan4-mod-ldap:libopenldap)) $(eval $(call BuildPlugin,led,LED blink on IKE activity,)) $(eval $(call BuildPlugin,load-tester,load testing,)) $(eval $(call BuildPlugin,md5,MD5 crypto,)) @@ -480,8 +488,9 @@ $(eval $(call BuildPlugin,socket-raw,RAW socket for IKEv1 and IKEv2,)) $(eval $(call BuildPlugin,sql,SQL database interface,)) $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan4-mod-sql +PACKAGE_strongswan4-mod-sqlite:libsqlite3)) $(eval $(call BuildPlugin,stroke,Stroke,)) -$(eval $(call BuildPlugin,uci,UCI config interface,+libuci)) +$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan4-mod-uci:libuci)) $(eval $(call BuildPlugin,updown,updown firewall,)) +$(eval $(call BuildPlugin,whitelist,Peer identity whitelisting,)) $(eval $(call BuildPlugin,x509,x509 certificate,)) $(eval $(call BuildPlugin,xauth,XAUTH authentication,)) $(eval $(call BuildPlugin,xcbc,xcbc crypto,)) diff --git a/net/strongswan4/files/ipsec.conf b/net/strongswan4/files/ipsec.conf deleted file mode 100644 index 8c16d9dfd6..0000000000 --- a/net/strongswan4/files/ipsec.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutostart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - authby=secret - -conn example - left=%defaultroute - leftsubnet=192.168.1.0/24 - leftfirewall=yes - right=%any - auto=add diff --git a/net/strongswan4/files/strongswan.conf b/net/strongswan4/files/strongswan.conf deleted file mode 100644 index c9493ffd4e..0000000000 --- a/net/strongswan4/files/strongswan.conf +++ /dev/null @@ -1,18 +0,0 @@ -# strongswan.conf - strongSwan configuration file - -charon { - - # number of worker threads in charon - threads = 4 - - # plugins to load in charon - load = aes gmp hmac pubkey random sha1 x509 xcbc stroke - -} - -libstrongswan { - - # set to no, the DH exponent size is optimized - # dh_exponent_ansi_x9_42 = no - -} -- 2.30.2