[ptxdist] [PATCH] openswan: Add new package

[ptxdist] [PATCH] openswan: Add new package

[Bart vdr. Meulen]

From: Harro Haan <hrhaan@gmail.com>

Openswan is an IPsec implementation for Linux.
Openswan supports the Openswan KLIPS IPsec stack and the Linux NETKEY
IPsec stack (kernel configuration with CONFIG_NET_KEY required).
For more info about choosing the Kernel IPsec stack see:
www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack

Signed-off-by: Harro Haan <hrhaan@gmail.com>
---
 rules/openswan.in   |   35 ++++++++++++
 rules/openswan.make |  156 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 191 insertions(+)
 create mode 100755 rules/openswan.in
 create mode 100755 rules/openswan.make

diff --git a/rules/openswan.in b/rules/openswan.in
new file mode 100755
index 0000000..363d4c3
--- /dev/null
+++ b/rules/openswan.in
@@ -0,0 +1,35 @@
+## SECTION=networking
+
+config OPENSWAN
+	tristate
+	prompt "openswan"
+	select LIBGMP
+	select BUSYBOX_AWK
+	select IPROUTE2
+	select IPTABLES
+	select BUSYBOX_LOGGER
+	select CROSS_DUMMY_STRIP
+	select KERNEL if OPENSWAN_KLIPS_MODULE
+	select OPENSSL if OPENSWAN_HAVE_OCF
+	help
+	  Openswan is an IPsec implementation for Linux. Openswan supports the
+	  Openswan KLIPS IPsec stack and the Linux NETKEY IPsec stack (kernel
+	  configuration with CONFIG_NET_KEY required). For more info about
+	  choosing the Kernel IPsec stack see:
+	  www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
+
+config OPENSWAN_KLIPS_MODULE
+	bool "KLIPS kernel module"
+	default n
+	depends on OPENSWAN
+	help
+	  Compile and install Openswan KLIPS kernel module.
+
+config OPENSWAN_HAVE_OCF
+	bool "use OCF-Linux"
+	default n
+	depends on OPENSWAN
+	help
+	  Use OCF-Linux to make use of asynchronous HW/SW crypto acceleration.
+	  Patched Linux kernel required. For more info see:
+	  http://ocf-linux.sourceforge.net/
diff --git a/rules/openswan.make b/rules/openswan.make
new file mode 100755
index 0000000..99b8395
--- /dev/null
+++ b/rules/openswan.make
@@ -0,0 +1,156 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2010 by Harro Haan <hrhaan@gmail.com>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_OPENSWAN) += openswan
+
+#
+# Paths and names
+#
+OPENSWAN_VERSION	:= 2.6.35
+OPENSWAN_MD5		:= 7909a251fbbb807914545b7f42437013
+OPENSWAN		:= openswan-$(OPENSWAN_VERSION)
+OPENSWAN_SUFFIX	:= tar.gz
+OPENSWAN_URL		:= http://www.openswan.org/download/$(OPENSWAN).$(OPENSWAN_SUFFIX)
+OPENSWAN_SOURCE	:= $(SRCDIR)/$(OPENSWAN).$(OPENSWAN_SUFFIX)
+OPENSWAN_DIR		:= $(BUILDDIR)/$(OPENSWAN)
+OPENSWAN_LICENSE	:= GPLv2,BSD,RSADSI
+
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+$(STATEDIR)/kernel.targetinstall.post: $(STATEDIR)/openswan.targetinstall
+endif
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.prepare:
+	@$(call targetinfo)
+ifdef PTXCONF_OPENSWAN_HAVE_OCF
+	@( \
+		echo "#ifndef CONFIG_KLIPS_OCF"; \
+		echo "#define CONFIG_KLIPS_OCF 1"; \
+		echo "#endif"; \
+	) >> $(OPENSWAN_DIR)/packaging/linus/config-all.h
+endif
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Compile
+# ----------------------------------------------------------------------------
+
+ifdef PTXCONF_OPENSWAN_HAVE_OCF
+OPENSWAN_OCF := HAVE_OCF=true HAVE_OPENSSL=true CONFIG_KLIPS_OCF=y
+else
+OPENSWAN_OCF :=
+endif
+
+OPENSWAN_MAKE_ENV = $(CROSS_ENV) \
+		    CFLAGS="$(CROSS_CPPFLAGS)"
+
+# settings are based on openswan-2.6.35/CROSSCOMPILE.sh
+OPENSWAN_CROSS := \
+	KERNELSRC=$(KERNEL_DIR) \
+	DESTDIR=$(OPENSWAN_PKGDIR) \
+	INC_USRLOCAL=/usr \
+	INC_RCDEFAULT=/etc/init.d \
+	ARCH=$(PTXCONF_KERNEL_ARCH_STRING) \
+	USERCOMPILE=\"-O2 -g -DGCC_LINT -Dlinux -D__linux__\" \
+	WERROR=' ' \
+	$(OPENSWAN_OCF)
+
+$(STATEDIR)/openswan.compile:
+	@$(call targetinfo)
+	$(call compile, OPENSWAN, programs $(OPENSWAN_CROSS))
+
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+	@$(call compile, OPENSWAN, module $(OPENSWAN_CROSS))
+
+	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
+		-C $(KERNEL_DIR) \
+		M=$(OPENSWAN_DIR)/modobj26 \
+		OPENSWANSRCDIR=$(OPENSWAN_DIR) $(OPENSWAN_OCF) \
+		modules
+endif
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.install:
+	@$(call targetinfo)
+	@$(call compile, OPENSWAN, install $(OPENSWAN_CROSS))
+
+	@# remove *.old files, but do not strip here by using dummy-strip.sh
+	@$(call compile, OPENSWAN, ipkg_strip $(OPENSWAN_CROSS) \
+		STRIP=$(PTXCONF_SYSROOT_CROSS)/bin/strip)
+
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.targetinstall:
+	@$(call targetinfo)
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
+		-C $(KERNEL_DIR) \
+		M=$(OPENSWAN_DIR)/modobj26 \
+		modules_install
+endif
+
+	@$(call install_init, openswan)
+	@$(call install_fixup, openswan,PRIORITY,optional)
+	@$(call install_fixup, openswan,SECTION,base)
+	@$(call install_fixup, openswan,AUTHOR,"Harro Haan <hrhaan@gmail.com>")
+	@$(call install_fixup, openswan,DESCRIPTION,missing)
+
+	# install the startup script
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/init.d/ipsec)
+
+	# install the default policies
+	$(call install_copy, openswan, 0, 0, 0775, /etc/ipsec.d/policies)
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/ipsec.d/policies/block)
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/ipsec.d/policies/clear)
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/ipsec.d/policies/clear-or-private)
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/ipsec.d/policies/private)
+	$(call install_alternative, openswan, 0, 0, 0755, \
+		/etc/ipsec.d/policies/private-or-clear)
+
+	# install the default configuration
+	$(call install_alternative, openswan, 0, 0, 0644, \
+		/etc/ipsec.conf)
+
+	# install the runtime libraries
+	$(call install_tree, openswan, 0, 0, \
+		$(OPENSWAN_PKGDIR)/usr/lib/ipsec/, \
+		/usr/lib/ipsec/)
+	$(call install_tree, openswan, 0, 0, \
+		$(OPENSWAN_PKGDIR)/usr/libexec/ipsec, \
+		/usr/libexec/ipsec)
+
+	# install the actual tool
+	$(call install_copy, openswan, 0, 0, 0755, -, \
+		/usr/sbin/ipsec)
+
+	@$(call install_finish, openswan)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] openswan: Add new package

[Michael Olbrich]

On Mon, May 28, 2012 at 02:42:34PM +0200, Bart vdr. Meulen wrote:
> From: Harro Haan <hrhaan@gmail.com>
> 
> Openswan is an IPsec implementation for Linux.
> Openswan supports the Openswan KLIPS IPsec stack and the Linux NETKEY
> IPsec stack (kernel configuration with CONFIG_NET_KEY required).
> For more info about choosing the Kernel IPsec stack see:
> www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
> 
> Signed-off-by: Harro Haan <hrhaan@gmail.com>
> ---
>  rules/openswan.in   |   35 ++++++++++++
>  rules/openswan.make |  156 +++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 191 insertions(+)
>  create mode 100755 rules/openswan.in
>  create mode 100755 rules/openswan.make
> 
> diff --git a/rules/openswan.in b/rules/openswan.in
> new file mode 100755
> index 0000000..363d4c3
> --- /dev/null
> +++ b/rules/openswan.in
> @@ -0,0 +1,35 @@
> +## SECTION=networking
> +
> +config OPENSWAN
> +	tristate
> +	prompt "openswan"
> +	select LIBGMP
> +	select BUSYBOX_AWK
> +	select IPROUTE2
> +	select IPTABLES
> +	select BUSYBOX_LOGGER
> +	select CROSS_DUMMY_STRIP
> +	select KERNEL if OPENSWAN_KLIPS_MODULE
> +	select OPENSSL if OPENSWAN_HAVE_OCF
> +	help
> +	  Openswan is an IPsec implementation for Linux. Openswan supports the
> +	  Openswan KLIPS IPsec stack and the Linux NETKEY IPsec stack (kernel
> +	  configuration with CONFIG_NET_KEY required). For more info about
> +	  choosing the Kernel IPsec stack see:
> +	  www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
> +

if OPENSWAN

> +config OPENSWAN_KLIPS_MODULE
> +	bool "KLIPS kernel module"

> +	default n
> +	depends on OPENSWAN

remove


> +	help
> +	  Compile and install Openswan KLIPS kernel module.



> +config OPENSWAN_HAVE_OCF
> +	bool "use OCF-Linux"
> +	default n
> +	depends on OPENSWAN

dito

> +	help
> +	  Use OCF-Linux to make use of asynchronous HW/SW crypto acceleration.
> +	  Patched Linux kernel required. For more info see:
> +	  http://ocf-linux.sourceforge.net/

endif

> diff --git a/rules/openswan.make b/rules/openswan.make
> new file mode 100755
> index 0000000..99b8395
> --- /dev/null
> +++ b/rules/openswan.make
> @@ -0,0 +1,156 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2010 by Harro Haan <hrhaan@gmail.com>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_OPENSWAN) += openswan
> +
> +#
> +# Paths and names
> +#
> +OPENSWAN_VERSION	:= 2.6.35
> +OPENSWAN_MD5		:= 7909a251fbbb807914545b7f42437013
> +OPENSWAN		:= openswan-$(OPENSWAN_VERSION)
> +OPENSWAN_SUFFIX	:= tar.gz
> +OPENSWAN_URL		:= http://www.openswan.org/download/$(OPENSWAN).$(OPENSWAN_SUFFIX)
> +OPENSWAN_SOURCE	:= $(SRCDIR)/$(OPENSWAN).$(OPENSWAN_SUFFIX)
> +OPENSWAN_DIR		:= $(BUILDDIR)/$(OPENSWAN)
> +OPENSWAN_LICENSE	:= GPLv2,BSD,RSADSI
> +
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +$(STATEDIR)/kernel.targetinstall.post: $(STATEDIR)/openswan.targetinstall
> +endif

Make the kernel module a separate package. It can use the source. You just
need to set a differen <PKG>_DIR (see e.g. gdbserver for an example).


> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/openswan.prepare:
> +	@$(call targetinfo)
> +ifdef PTXCONF_OPENSWAN_HAVE_OCF
> +	@( \
> +		echo "#ifndef CONFIG_KLIPS_OCF"; \
> +		echo "#define CONFIG_KLIPS_OCF 1"; \
> +		echo "#endif"; \
> +	) >> $(OPENSWAN_DIR)/packaging/linus/config-all.h
> +endif
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Compile
> +# ----------------------------------------------------------------------------
> +
> +ifdef PTXCONF_OPENSWAN_HAVE_OCF
> +OPENSWAN_OCF := HAVE_OCF=true HAVE_OPENSSL=true CONFIG_KLIPS_OCF=y
> +else
> +OPENSWAN_OCF :=
> +endif
> +
> +OPENSWAN_MAKE_ENV = $(CROSS_ENV) \
> +		    CFLAGS="$(CROSS_CPPFLAGS)"
> +
> +# settings are based on openswan-2.6.35/CROSSCOMPILE.sh
> +OPENSWAN_CROSS := \
> +	KERNELSRC=$(KERNEL_DIR) \
> +	DESTDIR=$(OPENSWAN_PKGDIR) \
> +	INC_USRLOCAL=/usr \
> +	INC_RCDEFAULT=/etc/init.d \
> +	ARCH=$(PTXCONF_KERNEL_ARCH_STRING) \
> +	USERCOMPILE=\"-O2 -g -DGCC_LINT -Dlinux -D__linux__\" \
> +	WERROR=' ' \
> +	$(OPENSWAN_OCF)
> +

OPENSWAN_MAKE_OPT := programs $(OPENSWAN_CROSS)

then you should be able to use the default stage

> +$(STATEDIR)/openswan.compile:
> +	@$(call targetinfo)
> +	$(call compile, OPENSWAN, programs $(OPENSWAN_CROSS))
> +
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +	@$(call compile, OPENSWAN, module $(OPENSWAN_CROSS))
> +
> +	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
> +		-C $(KERNEL_DIR) \
> +		M=$(OPENSWAN_DIR)/modobj26 \
> +		OPENSWANSRCDIR=$(OPENSWAN_DIR) $(OPENSWAN_OCF) \
> +		modules
> +endif
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Install
> +# ----------------------------------------------------------------------------
> +

OPENSWAN_INSTALL_OPT := install $(OPENSWAN_CROSS)

> +$(STATEDIR)/openswan.install:
> +	@$(call targetinfo)
> +	@$(call compile, OPENSWAN, install $(OPENSWAN_CROSS))
> +
> +	@# remove *.old files, but do not strip here by using dummy-strip.sh
> +	@$(call compile, OPENSWAN, ipkg_strip $(OPENSWAN_CROSS) \
> +		STRIP=$(PTXCONF_SYSROOT_CROSS)/bin/strip)

why is this necessay?

> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/openswan.targetinstall:
> +	@$(call targetinfo)
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
> +		-C $(KERNEL_DIR) \
> +		M=$(OPENSWAN_DIR)/modobj26 \
> +		modules_install
> +endif
> +
> +	@$(call install_init, openswan)
> +	@$(call install_fixup, openswan,PRIORITY,optional)
> +	@$(call install_fixup, openswan,SECTION,base)
> +	@$(call install_fixup, openswan,AUTHOR,"Harro Haan <hrhaan@gmail.com>")
> +	@$(call install_fixup, openswan,DESCRIPTION,missing)
> +
> +	# install the startup script

there should be an '@' at the beginning of every line here.

> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/init.d/ipsec)
> +
> +	# install the default policies
> +	$(call install_copy, openswan, 0, 0, 0775, /etc/ipsec.d/policies)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/block)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/clear)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/clear-or-private)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/private)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/private-or-clear)
> +
> +	# install the default configuration
> +	$(call install_alternative, openswan, 0, 0, 0644, \
> +		/etc/ipsec.conf)
> +
> +	# install the runtime libraries
> +	$(call install_tree, openswan, 0, 0, \
> +		$(OPENSWAN_PKGDIR)/usr/lib/ipsec/, \
> +		/usr/lib/ipsec/)

	@$(call install_tree, openswan, 0, 0, -, /usr/lib/ipsec/)

should work.

> +	$(call install_tree, openswan, 0, 0, \
> +		$(OPENSWAN_PKGDIR)/usr/libexec/ipsec, \
> +		/usr/libexec/ipsec)

same here.

Michael

> +
> +	# install the actual tool
> +	$(call install_copy, openswan, 0, 0, 0755, -, \
> +		/usr/sbin/ipsec)
> +
> +	@$(call install_finish, openswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de