mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH] ipsec-tools: add new package
Date: Mon, 28 May 2012 14:42:55 +0200	[thread overview]
Message-ID: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com> (raw)

From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>

Add ipsec-tools package, it contains a port of the
KAME's libipsec, setkey, and racoon tools for Linux.

Signed-off-by: Bart vdr. Meulen <bartvdrmeulen@gmail.com>
---
 rules/ipsec-tools.in   |  113 ++++++++++++++++++++++++++++++++++++++
 rules/ipsec-tools.make |  140 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 253 insertions(+)
 create mode 100644 rules/ipsec-tools.in
 create mode 100644 rules/ipsec-tools.make

diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in
new file mode 100644
index 0000000..31ebf5a
--- /dev/null
+++ b/rules/ipsec-tools.in
@@ -0,0 +1,113 @@
+## SECTION=networking
+
+menuconfig IPSEC_TOOLS
+	tristate
+	prompt "ipsec-tools"
+	select KERNEL_HEADER
+	select OPENSSL
+	select FLEX
+	select HOST_FLEX
+	select READLINE if IPSEC_TOOLS_READLINE
+	help
+	  User-space IPsec tools for various IPsec implementations.
+	  A port of KAME's libipsec, setkey, and racoon to the Linux OS.
+
+if IPSEC_TOOLS
+
+config IPSEC_TOOLS_SETKEY
+	bool
+	default y
+	prompt "Install setkey"
+	help
+	  Install setkey, for manually manipulating the IPsec SA/SP database
+
+config IPSEC_TOOLS_SETKEY_CONF
+	bool
+	depends on IPSEC_TOOLS_SETKEY
+	prompt "Install setkey.conf"
+
+config IPSEC_TOOLS_RACOON
+	bool
+	default y
+	prompt "Install racoon"
+	help
+	  Install racoon, the IKE (ISAKMP/Oakley) key management daemon
+
+config IPSEC_TOOLS_RACOON_CONF
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	prompt "Install racoon.conf"
+
+config IPSEC_TOOLS_RACOON_PSK_FILE
+	string
+	default "/etc/racoon.psk"
+	depends on IPSEC_TOOLS_RACOON_CONF
+	prompt "Install this racoon PSK file"
+
+config IPSEC_TOOLS_PLAINRSA_GEN
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	prompt "Install plainrsa-gen"
+	help
+	  Install plainrsa-gen, a generator for Plain RSA keys
+
+config IPSEC_TOOLS_ADMINPORT
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	default y
+	prompt "Enable racoonctl support"
+	help
+	  This lets racoon to listen to racoon admin port, and will install
+	  racoonctl which will use the port to control racoon
+
+config IPSEC_TOOLS_NATT
+	bool
+	prompt "Enable NAT-Traversal"
+	help
+	  This needs kernel support, which is available on Linux.
+	  If you live in a country where software patents are legal, using
+	  NAT-Traversal might infringe a patent.
+
+config IPSEC_TOOLS_FRAG
+	bool
+	prompt "Enable IKE fragmentation."
+	help
+	  Enable IKE fragmentation, which is a workaround for
+	  broken routers that drop fragmented packets
+
+config IPSEC_TOOLS_STATS
+	bool
+	default y
+	prompt "Enable statistics logging function."
+
+config IPSEC_TOOLS_IPV6_SUPPORT
+	bool
+	default y
+	prompt "Enable IPv6 Support"
+
+config IPSEC_TOOLS_READLINE
+	bool
+	default y
+	prompt "Enable readline input support"
+
+choice
+	prompt "Security context"
+	default IPSEC_SECCTX_DISABLE
+	help
+	  Selects whether or not to enable security context support.
+
+config IPSEC_SECCTX_DISABLE
+	bool
+	prompt "Disable security context support"
+
+config IPSEC_SECCTX_ENABLE
+	bool
+	prompt "Enable SELinux security context support"
+
+config IPSEC_SECCTX_KERNEL
+	bool
+	prompt "Enable kernel security context"
+
+endchoice
+
+endif
diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make
new file mode 100644
index 0000000..00d9e4f
--- /dev/null
+++ b/rules/ipsec-tools.make
@@ -0,0 +1,140 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2011 by Bart vdr. Meulen <bartvdrmeulen@gmail.com>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools
+
+#
+# Paths and names
+#
+IPSEC_TOOLS_VERSION	:= 0.8.0
+IPSEC_TOOLS_MD5		:= b79aae3055a51f8de5c0f1b8ca6cf619
+IPSEC_TOOLS		:= ipsec-tools-$(IPSEC_TOOLS_VERSION)
+IPSEC_TOOLS_SUFFIX	:= tar.bz2
+IPSEC_TOOLS_URL		:= $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
+IPSEC_TOOLS_SOURCE	:= $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
+IPSEC_TOOLS_DIR		:= $(BUILDDIR)/$(IPSEC_TOOLS)
+IPSEC_TOOLS_LICENSE	:= BSD
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+IPSEC_TOOLS_CONF_TOOL	:= autoconf
+IPSEC_TOOLS_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	  --disable-hybrid \
+	  --without-libpam \
+	  --disable-gssapi \
+	  --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR)
+
+ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
+IPSEC_TOOLS_CONF_OPT	+= --enable-adminport
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-adminport
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_NATT
+IPSEC_TOOLS_CONF_OPT	+= --enable-natt
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-natt
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_FRAG
+IPSEC_TOOLS_CONF_OPT	+= --enable-frag
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-frag
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_STATS
+IPSEC_TOOLS_CONF_OPT	+= --enable-stats
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-stats
+endif
+
+ifdef PTXCONF_IPSEC_IPV6_SUPPORT
+IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
+else
+IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
+endif
+
+ifndef PTXCONF_IPSEC_TOOLS_READLINE
+IPSEC_TOOLS_CONF_OPT+= --without-readline
+endif
+
+ifdef PTXCONF_IPSEC_SECCTX_DISABLE
+IPSEC_TOOLS_CONF_OPT	+= --enable-security-context=no
+endif
+ifdef PTXCONF_IPSEC_SECCTX_ENABLE
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
+endif
+ifdef PTXCONF_IPSEC_SECCTX_KERNEL
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
+endif
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/ipsec-tools.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, ipsec-tools)
+	@$(call install_fixup, ipsec-tools,PRIORITY,optional)
+	@$(call install_fixup, ipsec-tools,SECTION,base)
+	@$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen <bartvdrmeulen@gmail.com>")
+	@$(call install_fixup, ipsec-tools,DESCRIPTION,missing)
+
+ifdef PTXCONF_IPSEC_TOOLS_SETKEY
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey)
+ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF
+	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf)
+endif
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_RACOON
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon)
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon)
+
+ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF
+	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf)
+endif
+
+ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "")
+	@$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE))
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl)
+endif
+
+ifdef IPSEC_TOOLS_PLAINRSA_GEN
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen)
+endif
+
+endif
+	@$(call install_finish, ipsec-tools)
+
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Clean
+# ----------------------------------------------------------------------------
+
+#$(STATEDIR)/ipsec-tools.clean:
+#	@$(call targetinfo)
+#	@$(call clean_pkg, IPSEC_TOOLS)
+
+# vim: syntax=make
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de

             reply	other threads:[~2012-05-28 13:07 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-28 12:42 Bart vdr. Meulen [this message]
2012-05-31 15:25 ` Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com \
    --to=bartvdrmeulen@gmail.com \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox