From: Christoph Fritz <chf.fritz@googlemail.com>
To: ptxdist@pengutronix.de, Michael Olbrich <m.olbrich@pengutronix.de>
Cc: Robert Schwebel <r.schwebel@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v3] strongswan: add package
Date: Wed, 20 Mar 2013 12:44:33 +0100 [thread overview]
Message-ID: <1363779873.3831.36.camel@mars> (raw)
In-Reply-To: <1362610442.3919.62.camel@mars>
On Wed, 2013-03-06 at 23:54 +0100, Christoph Fritz wrote:
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
> ---
> rules/strongswan.in | 46 +++++++++++
> rules/strongswan.make | 217 +++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 263 insertions(+)
> create mode 100644 rules/strongswan.in
> create mode 100644 rules/strongswan.make
*ping*
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..85c8215
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,46 @@
> +## SECTION=networking
> +
> +menuconfig STRONGSWAN
> + bool
> + prompt "strongswan "
> + select LIBGMP
> + select LIBCURL if STRONGSWAN_LIBCURL
> + help
> + strongSwan is a complete IPsec implementation.
> + Please keep in mind to configure the kernel accordingly to fulfill
> + strongSwan's needs. See 'Required Kernel Modules' here:
> + http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> +
> +if STRONGSWAN
> + config STRONGSWAN_STATIC
> + bool
> + default n
> + prompt "build static libraries"
> + help
> + Libraries will also be built statically.
> +
> + config STRONGSWAN_LIBCURL
> + bool
> + default y
> + prompt "CURL fetcher plugin to fetch files"
> + help
> + If you intend to dynamically fetch Certificate Revocation Lists
> + (CRLs) from an HTTP server or as an alternative want to use
> + the Online Certificate Status Protocol (OCSP) say yes.
> +
> + config STRONGSWAN_AFALG
> + bool
> + default y
> + prompt "AF_ALG crypto interface to Linux Crypto API"
> + help
> + Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
> + crypto algorithms of the kernel available in userland.
> + If your strongswan configuration depends on this, be sure to
> + enable the appropriate crypto algorithm in your kernel.
> + For test configurations see af-alg-* categories here:
> + http://www.strongswan.org/uml/testresults4/index.html
> + For a list of cipher suite keywords see:
> + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
> +endif
> +
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..4c78fa7
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,217 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION := 5.0.2
> +STRONGSWAN_MD5 := 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN := strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX := tar.bz2
> +STRONGSWAN_URL := http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE := GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL := autoconf
> +STRONGSWAN_CONF_OPT := \
> + $(CROSS_AUTOCONF_USR) \
> + --enable-aes \
> + --enable-des \
> + --disable-blowfish \
> + --enable-md5 \
> + --enable-sha1 \
> + --enable-sha2 \
> + --enable-gmp \
> + --disable-soup \
> + --disable-ldap \
> + --disable-md4 \
> + --enable-fips-prf \
> + --disable-rdrand \
> + --enable-random \
> + --enable-nonce \
> + --enable-x509 \
> + --enable-revocation \
> + --enable-constraints \
> + --enable-pubkey \
> + --enable-pkcs1 \
> + --enable-pkcs7 \
> + --enable-pkcs8 \
> + --enable-pgp \
> + --enable-dnskey \
> + --enable-pem \
> + --enable-hmac \
> + --enable-cmac \
> + --enable-xcbc \
> + --disable-test-vectors \
> + --disable-mysql \
> + --disable-sqlite \
> + --enable-stroke \
> + --disable-medsrv \
> + --disable-medcli \
> + --disable-smp \
> + --disable-sql \
> + --disable-leak-detective \
> + --disable-lock-profiler \
> + --disable-unit-tester \
> + --disable-load-tester \
> + --disable-eap-sim \
> + --disable-eap-sim-file \
> + --disable-eap-sim-pcsc \
> + --disable-eap-simaka-sql \
> + --disable-eap-simaka-pseudonym \
> + --disable-eap-simaka-reauth \
> + --disable-eap-identity \
> + --disable-eap-md5 \
> + --disable-eap-gtc \
> + --disable-eap-mschapv2 \
> + --disable-eap-tls \
> + --disable-eap-ttls \
> + --disable-eap-peap \
> + --disable-eap-tnc \
> + --disable-eap-dynamic \
> + --disable-eap-radius \
> + --enable-xauth-generic \
> + --disable-xauth-eap \
> + --disable-xauth-pam \
> + --disable-tnc-ifmap \
> + --disable-tnc-pdp \
> + --disable-tnc-imc \
> + --disable-tnc-imv \
> + --disable-tnccs-11 \
> + --disable-tnccs-20 \
> + --disable-tnccs-dynamic \
> + --disable-imc-test \
> + --disable-imv-test \
> + --disable-imc-scanner \
> + --disable-imv-scanner \
> + --disable-imc-os \
> + --disable-imv-os \
> + --disable-imc-attestation \
> + --disable-imv-attestation \
> + --enable-kernel-netlink \
> + --disable-kernel-pfkey \
> + --disable-kernel-pfroute \
> + --disable-kernel-klips \
> + --disable-libipsec \
> + --enable-socket-default \
> + --disable-socket-dynamic \
> + --disable-farp \
> + --disable-dumm \
> + --disable-fast \
> + --disable-manager \
> + --disable-mediation \
> + --disable-integrity-test \
> + --enable-load-warning \
> + --enable-ikev1 \
> + --enable-ikev2 \
> + --enable-charon \
> + --enable-tools \
> + --enable-scripts \
> + --disable-conftest \
> + --enable-updown \
> + --enable-attr \
> + --disable-attr-sql \
> + --disable-dhcp \
> + --enable-resolve \
> + --disable-padlock \
> + --disable-openssl \
> + --disable-gcrypt \
> + --disable-agent \
> + --disable-pkcs11 \
> + --disable-ctr \
> + --disable-ccm \
> + --disable-gcm \
> + --disable-addrblock \
> + --disable-unity \
> + --disable-uci \
> + --disable-android \
> + --disable-android-log \
> + --disable-maemo \
> + --disable-nm \
> + --disable-ha \
> + --disable-whitelist \
> + --disable-lookip \
> + --disable-error-notify \
> + --disable-certexpire \
> + --disable-led \
> + --disable-duplicheck \
> + --disable-coupling \
> + --disable-radattr \
> + --disable-vstr \
> + --disable-monolithic \
> + --disable-bfd-backtraces \
> + --enable-dependency-tracking \
> + --enable-shared \
> + --enable-fast-install \
> + --enable-libtool-lock \
> + --with-user=root \
> + --with-group=root
> +
> +ifdef PTXCONF_STRONGSWAN_STATIC
> +STRONGSWAN_CONF_OPT += --enable-static
> +else
> +STRONGSWAN_CONF_OPT += --disable-static
> +endif
> +
> +ifdef PTXCONF_STRONGSWAN_LIBCURL
> +STRONGSWAN_CONF_OPT += --enable-curl
> +else
> +STRONGSWAN_CONF_OPT += --disable-curl
> +endif
> +
> +ifdef PTXCONF_STRONGSWAN_AFALG
> +STRONGSWAN_CONF_OPT += --enable-af-alg
> +else
> +STRONGSWAN_CONF_OPT += --disable-af-alg
> +endif
> +
> +STRONGSWAN_CONF_OPT += --with-ipseclibdir=/usr/lib
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/strongswan.targetinstall:
> + @$(call targetinfo)
> +
> + @$(call install_init, strongswan)
> + @$(call install_fixup, strongswan,PRIORITY,optional)
> + @$(call install_fixup, strongswan,SECTION,base)
> + @$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> + @$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)
> + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)
> + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
> + @$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
> +
> + @$(call install_finish, strongswan)
> +
> + @$(call touch)
> +
> +# vim: syntax=make
--
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2013-03-20 11:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-20 21:22 [ptxdist] [PATCH] " Christoph Fritz
2013-03-04 17:04 ` Michael Olbrich
2013-03-05 19:37 ` [ptxdist] [PATCH v2] " Christoph Fritz
2013-03-06 8:21 ` Michael Olbrich
2013-03-06 10:10 ` Christoph Fritz
2013-03-06 12:50 ` Robert Schwebel
2013-03-06 22:54 ` [ptxdist] [PATCH v3] " Christoph Fritz
2013-03-20 11:44 ` Christoph Fritz [this message]
2013-03-20 13:49 ` Michael Olbrich
2013-03-26 11:21 ` [ptxdist] [PATCH v4] " Christoph Fritz
2013-03-27 18:10 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1363779873.3831.36.camel@mars \
--to=chf.fritz@googlemail.com \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
--cc=r.schwebel@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox