From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from cl-420.ede-01.nl.sixxs.net ([2001:7b8:2ff:1a3::2] helo=fischmarkt.penguin.de ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1SYzfF-0002vc-Vj for ptxdist@pengutronix.de; Mon, 28 May 2012 15:07:16 +0200 Received: from mail-we0-f172.google.com ([74.125.82.172]) by fischmarkt.penguin.de with esmtp (Exim 4.72) (envelope-from ) id 1SYzIM-000107-OU for ptxdist@pengutronix.de; Mon, 28 May 2012 14:44:11 +0200 Received: by werb13 with SMTP id b13so2404538wer.31 for ; Mon, 28 May 2012 05:43:29 -0700 (PDT) From: "Bart vdr. Meulen" Date: Mon, 28 May 2012 14:42:55 +0200 Message-Id: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com> Subject: [ptxdist] [PATCH] ipsec-tools: add new package Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de From: "Bart vdr. Meulen" Add ipsec-tools package, it contains a port of the KAME's libipsec, setkey, and racoon tools for Linux. Signed-off-by: Bart vdr. Meulen --- rules/ipsec-tools.in | 113 ++++++++++++++++++++++++++++++++++++++ rules/ipsec-tools.make | 140 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 253 insertions(+) create mode 100644 rules/ipsec-tools.in create mode 100644 rules/ipsec-tools.make diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in new file mode 100644 index 0000000..31ebf5a --- /dev/null +++ b/rules/ipsec-tools.in @@ -0,0 +1,113 @@ +## SECTION=networking + +menuconfig IPSEC_TOOLS + tristate + prompt "ipsec-tools" + select KERNEL_HEADER + select OPENSSL + select FLEX + select HOST_FLEX + select READLINE if IPSEC_TOOLS_READLINE + help + User-space IPsec tools for various IPsec implementations. + A port of KAME's libipsec, setkey, and racoon to the Linux OS. + +if IPSEC_TOOLS + +config IPSEC_TOOLS_SETKEY + bool + default y + prompt "Install setkey" + help + Install setkey, for manually manipulating the IPsec SA/SP database + +config IPSEC_TOOLS_SETKEY_CONF + bool + depends on IPSEC_TOOLS_SETKEY + prompt "Install setkey.conf" + +config IPSEC_TOOLS_RACOON + bool + default y + prompt "Install racoon" + help + Install racoon, the IKE (ISAKMP/Oakley) key management daemon + +config IPSEC_TOOLS_RACOON_CONF + bool + depends on IPSEC_TOOLS_RACOON + prompt "Install racoon.conf" + +config IPSEC_TOOLS_RACOON_PSK_FILE + string + default "/etc/racoon.psk" + depends on IPSEC_TOOLS_RACOON_CONF + prompt "Install this racoon PSK file" + +config IPSEC_TOOLS_PLAINRSA_GEN + bool + depends on IPSEC_TOOLS_RACOON + prompt "Install plainrsa-gen" + help + Install plainrsa-gen, a generator for Plain RSA keys + +config IPSEC_TOOLS_ADMINPORT + bool + depends on IPSEC_TOOLS_RACOON + default y + prompt "Enable racoonctl support" + help + This lets racoon to listen to racoon admin port, and will install + racoonctl which will use the port to control racoon + +config IPSEC_TOOLS_NATT + bool + prompt "Enable NAT-Traversal" + help + This needs kernel support, which is available on Linux. + If you live in a country where software patents are legal, using + NAT-Traversal might infringe a patent. + +config IPSEC_TOOLS_FRAG + bool + prompt "Enable IKE fragmentation." + help + Enable IKE fragmentation, which is a workaround for + broken routers that drop fragmented packets + +config IPSEC_TOOLS_STATS + bool + default y + prompt "Enable statistics logging function." + +config IPSEC_TOOLS_IPV6_SUPPORT + bool + default y + prompt "Enable IPv6 Support" + +config IPSEC_TOOLS_READLINE + bool + default y + prompt "Enable readline input support" + +choice + prompt "Security context" + default IPSEC_SECCTX_DISABLE + help + Selects whether or not to enable security context support. + +config IPSEC_SECCTX_DISABLE + bool + prompt "Disable security context support" + +config IPSEC_SECCTX_ENABLE + bool + prompt "Enable SELinux security context support" + +config IPSEC_SECCTX_KERNEL + bool + prompt "Enable kernel security context" + +endchoice + +endif diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make new file mode 100644 index 0000000..00d9e4f --- /dev/null +++ b/rules/ipsec-tools.make @@ -0,0 +1,140 @@ +# -*-makefile-*- +# +# Copyright (C) 2011 by Bart vdr. Meulen +# +# See CREDITS for details about who has contributed to this project. +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools + +# +# Paths and names +# +IPSEC_TOOLS_VERSION := 0.8.0 +IPSEC_TOOLS_MD5 := b79aae3055a51f8de5c0f1b8ca6cf619 +IPSEC_TOOLS := ipsec-tools-$(IPSEC_TOOLS_VERSION) +IPSEC_TOOLS_SUFFIX := tar.bz2 +IPSEC_TOOLS_URL := $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX) +IPSEC_TOOLS_SOURCE := $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX) +IPSEC_TOOLS_DIR := $(BUILDDIR)/$(IPSEC_TOOLS) +IPSEC_TOOLS_LICENSE := BSD + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +# +# autoconf +# +IPSEC_TOOLS_CONF_TOOL := autoconf +IPSEC_TOOLS_CONF_OPT := \ + $(CROSS_AUTOCONF_USR) \ + --disable-hybrid \ + --without-libpam \ + --disable-gssapi \ + --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR) + +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT +IPSEC_TOOLS_CONF_OPT += --enable-adminport +else +IPSEC_TOOLS_CONF_OPT += --disable-adminport +endif + +ifdef PTXCONF_IPSEC_TOOLS_NATT +IPSEC_TOOLS_CONF_OPT += --enable-natt +else +IPSEC_TOOLS_CONF_OPT += --disable-natt +endif + +ifdef PTXCONF_IPSEC_TOOLS_FRAG +IPSEC_TOOLS_CONF_OPT += --enable-frag +else +IPSEC_TOOLS_CONF_OPT += --disable-frag +endif + +ifdef PTXCONF_IPSEC_TOOLS_STATS +IPSEC_TOOLS_CONF_OPT += --enable-stats +else +IPSEC_TOOLS_CONF_OPT += --disable-stats +endif + +ifdef PTXCONF_IPSEC_IPV6_SUPPORT +IPSEC_TOOLS_CONF_OPT+= --enable-ipv6 +else +IPSEC_TOOLS_CONF_OPT+= --disable-ipv6 +endif + +ifndef PTXCONF_IPSEC_TOOLS_READLINE +IPSEC_TOOLS_CONF_OPT+= --without-readline +endif + +ifdef PTXCONF_IPSEC_SECCTX_DISABLE +IPSEC_TOOLS_CONF_OPT += --enable-security-context=no +endif +ifdef PTXCONF_IPSEC_SECCTX_ENABLE +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes +endif +ifdef PTXCONF_IPSEC_SECCTX_KERNEL +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel +endif + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/ipsec-tools.targetinstall: + @$(call targetinfo) + + @$(call install_init, ipsec-tools) + @$(call install_fixup, ipsec-tools,PRIORITY,optional) + @$(call install_fixup, ipsec-tools,SECTION,base) + @$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen ") + @$(call install_fixup, ipsec-tools,DESCRIPTION,missing) + +ifdef PTXCONF_IPSEC_TOOLS_SETKEY + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey) +ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf) +endif +endif + +ifdef PTXCONF_IPSEC_TOOLS_RACOON + @$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon) + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon) + +ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf) +endif + +ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "") + @$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE)) +endif + +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl) +endif + +ifdef IPSEC_TOOLS_PLAINRSA_GEN + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen) +endif + +endif + @$(call install_finish, ipsec-tools) + + @$(call touch) + +# ---------------------------------------------------------------------------- +# Clean +# ---------------------------------------------------------------------------- + +#$(STATEDIR)/ipsec-tools.clean: +# @$(call targetinfo) +# @$(call clean_pkg, IPSEC_TOOLS) + +# vim: syntax=make -- 1.7.9.5 -- ptxdist mailing list ptxdist@pengutronix.de