[ptxdist] [PATCH] strongswan: add package

[ptxdist] [PATCH] strongswan: add package

[Christoph Fritz]

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
 rules/strongswan.in   |    9 ++++
 rules/strongswan.make |  123 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)
 create mode 100644 rules/strongswan.in
 create mode 100644 rules/strongswan.make

diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..34ad948
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,9 @@
+## SECTION=networking
+
+config STRONGSWAN
+	bool
+	prompt "strongswan"
+	select LIBGMP
+	select LIBCURL
+	help
+	  strongSwan is a complete IPsec implementation.
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..9127ea9
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,123 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+# preliminary testing version for strongswan
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION	:= 5.0.2
+STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX	:= tar.bz2
+STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE	:= GPL
+
+# ----------------------------------------------------------------------------
+# Get
+# ----------------------------------------------------------------------------
+
+#$(STRONGSWAN_SOURCE):
+#	@$(call targetinfo)
+#	@$(call get, STRONGSWAN)
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#STRONGSWAN_CONF_ENV	:= $(CROSS_ENV)
+
+#
+# autoconf
+#
+STRONGSWAN_CONF_TOOL	:= autoconf
+STRONGSWAN_CONF_OPT	:= $(CROSS_AUTOCONF_USR) \
+		--enable-monolithic \
+		--enable-curl \
+		--enable-blowfish \
+		--enable-xauth-eap \
+		--enable-mediation \
+		--enable-ccm \
+		--enable-gcm \
+		--enable-addrblock \
+		--enable-unity \
+		--enable-whitelist \
+		--enable-error-notify \
+		--enable-certexpire \
+		--enable-coupling \
+		--enable-md4 \
+		--enable-eap-md5 \
+		--enable-eap-mschapv2 \
+		--enable-eap-identity \
+		--enable-eap-dynamic \
+		--enable-eap-gtc
+
+#$(STATEDIR)/strongswan.prepare:
+#	@$(call targetinfo)
+#	@$(call clean, $(STRONGSWAN_DIR)/config.cache)
+#	cd $(STRONGSWAN_DIR) && \
+#		$(STRONGSWAN_PATH) $(STRONGSWAN_ENV) \
+#		./configure $(STRONGSWAN_CONF_OPT)
+#	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Compile
+# ----------------------------------------------------------------------------
+
+#$(STATEDIR)/strongswan.compile:
+#	@$(call targetinfo)
+#	@$(call world/compile, STRONGSWAN)
+#	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Install
+# ----------------------------------------------------------------------------
+
+#$(STATEDIR)/strongswan.install:
+#	@$(call targetinfo)
+#	@$(call world/install, STRONGSWAN)
+#	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/strongswan.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, strongswan)
+	@$(call install_fixup, strongswan,PRIORITY,optional)
+	@$(call install_fixup, strongswan,SECTION,base)
+	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+	@$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/, /)
+
+	@$(call install_finish, strongswan)
+
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Clean
+# ----------------------------------------------------------------------------
+
+#$(STATEDIR)/strongswan.clean:
+#	@$(call targetinfo)
+#	@$(call clean_pkg, STRONGSWAN)
+
+# vim: syntax=make
-- 
1.7.10.4




-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] strongswan: add package

[Michael Olbrich]

On Wed, Feb 20, 2013 at 10:22:27PM +0100, Christoph Fritz wrote:
> 
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
> ---
>  rules/strongswan.in   |    9 ++++
>  rules/strongswan.make |  123 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 132 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..34ad948
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,9 @@
> +## SECTION=networking
> +
> +config STRONGSWAN
> +	bool
> +	prompt "strongswan"
> +	select LIBGMP
> +	select LIBCURL
> +	help
> +	  strongSwan is a complete IPsec implementation.
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..9127ea9
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,123 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +# preliminary testing version for strongswan
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Get
> +# ----------------------------------------------------------------------------
> +
> +#$(STRONGSWAN_SOURCE):
> +#	@$(call targetinfo)
> +#	@$(call get, STRONGSWAN)

remove the whole section.

> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#STRONGSWAN_CONF_ENV	:= $(CROSS_ENV)

remove.

> +
> +#
> +# autoconf
> +#
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
	$(CROSS_AUTOCONF_USR) \

break.

> +		--enable-monolithic \
> +		--enable-curl \
> +		--enable-blowfish \
> +		--enable-xauth-eap \
> +		--enable-mediation \
> +		--enable-ccm \
> +		--enable-gcm \
> +		--enable-addrblock \
> +		--enable-unity \
> +		--enable-whitelist \
> +		--enable-error-notify \
> +		--enable-certexpire \
> +		--enable-coupling \
> +		--enable-md4 \
> +		--enable-eap-md5 \
> +		--enable-eap-mschapv2 \
> +		--enable-eap-identity \
> +		--enable-eap-dynamic \
> +		--enable-eap-gtc
> +

remove from here ...

> +#$(STATEDIR)/strongswan.prepare:
> +#	@$(call targetinfo)
> +#	@$(call clean, $(STRONGSWAN_DIR)/config.cache)
> +#	cd $(STRONGSWAN_DIR) && \
> +#		$(STRONGSWAN_PATH) $(STRONGSWAN_ENV) \
> +#		./configure $(STRONGSWAN_CONF_OPT)
> +#	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Compile
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/strongswan.compile:
> +#	@$(call targetinfo)
> +#	@$(call world/compile, STRONGSWAN)
> +#	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Install
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/strongswan.install:
> +#	@$(call targetinfo)
> +#	@$(call world/install, STRONGSWAN)
> +#	@$(call touch)
> +

... to here

> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/, /)

I havn't tested this yet, but I very much doubt, that you need all files.
So please install the individual programs, libs, etc. with
install_copy/install_lib/etc.

> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Clean
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/strongswan.clean:
> +#	@$(call targetinfo)
> +#	@$(call clean_pkg, STRONGSWAN)

remove.

Michael

> +
> +# vim: syntax=make
> -- 
> 1.7.10.4
> 
> 
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2] strongswan: add package

[Christoph Fritz]

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
 rules/strongswan.in   |   10 ++++++++
 rules/strongswan.make |   62 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 rules/strongswan.in
 create mode 100644 rules/strongswan.make

diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..1e93801
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,10 @@
+## SECTION=networking
+
+config STRONGSWAN
+	bool
+	prompt "strongswan"
+	help
+	  strongSwan is a complete IPsec implementation. 
+	  Please keep in mind to configure the kernel accordingly to fulfill
+	  strongSwan's needs. See 'Required Kernel Modules' here:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..9c82672
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,62 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION	:= 5.0.2
+STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX	:= tar.bz2
+STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE	:= GPL
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_CONF_TOOL	:= autoconf
+STRONGSWAN_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	--with-ipseclibdir=/usr/lib
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/strongswan.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, strongswan)
+	@$(call install_fixup, strongswan,PRIORITY,optional)
+	@$(call install_fixup, strongswan,SECTION,base)
+	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+	@$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)
+	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
+
+	@$(call install_finish, strongswan)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.10.4




-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2] strongswan: add package

[Michael Olbrich]

On Tue, Mar 05, 2013 at 08:37:02PM +0100, Christoph Fritz wrote:
> 
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
> ---
>  rules/strongswan.in   |   10 ++++++++
>  rules/strongswan.make |   62 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 72 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..1e93801
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,10 @@
> +## SECTION=networking
> +
> +config STRONGSWAN
> +	bool
> +	prompt "strongswan"
> +	help
> +	  strongSwan is a complete IPsec implementation. 
> +	  Please keep in mind to configure the kernel accordingly to fulfill
> +	  strongSwan's needs. See 'Required Kernel Modules' here:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..9c82672
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,62 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--with-ipseclibdir=/usr/lib

I'm not sure if you misunderstood something, but I didn't mean that you
should remove the configure options.
You should explicitly specify all the options from the "Optional Features"
section from "./configure --help".
A good starting point  usually is to add a kconfig options for all features
that have external dependencies (don't forget the 'select' in
strongswan.in) and choose a reasonable default for all others.

It's also a good idea to run "readelf -d <binary>" to check if you missed
any dependencies.

Michael

> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)
> +	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.10.4
> 
> 
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2] strongswan: add package

[Christoph Fritz]

On Wed, 2013-03-06 at 09:21 +0100, Michael Olbrich wrote:
> On Tue, Mar 05, 2013 at 08:37:02PM +0100, Christoph Fritz wrote:
> > +# ----------------------------------------------------------------------------
> > +# Prepare
> > +# ----------------------------------------------------------------------------
> > +
> > +STRONGSWAN_CONF_TOOL	:= autoconf
> > +STRONGSWAN_CONF_OPT	:= \
> > +	$(CROSS_AUTOCONF_USR) \
> > +	--with-ipseclibdir=/usr/lib
> 
> I'm not sure if you misunderstood something, but I didn't mean that you
> should remove the configure options.

Thanks for the notice. I got you right. But v2 of this patch is no
"preliminary testing version" any more and the configure script is doing
a fine job with a good handful of plugins to connect to enough peer
configurations.
It's a bit versatile you may think, but this fits my needs best.

> You should explicitly specify all the options from the "Optional Features"
> section from "./configure --help".

And then comment out the ones which will never be used, either by
kconfig opt-in nor opt-out?

> A good starting point  usually is to add a kconfig options for all features
> that have external dependencies (don't forget the 'select' in
> strongswan.in) and choose a reasonable default for all others.

Let me reroll this.

> 
> It's also a good idea to run "readelf -d <binary>" to check if you missed
> any dependencies.

I already did this by using ldd.

Thanks
 -- Christoph



-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2] strongswan: add package

[Robert Schwebel]

Hi Christoph,

On Wed, Mar 06, 2013 at 11:10:30AM +0100, Christoph Fritz wrote:
> > I'm not sure if you misunderstood something, but I didn't mean that you
> > should remove the configure options.
>
> Thanks for the notice. I got you right.

No :-)

> > You should explicitly specify all the options from the "Optional
> > Features" section from "./configure --help".
>
> And then comment out the ones which will never be used, either by
> kconfig opt-in nor opt-out?

No, but instead set them to the variant you have tested. The issue is
that, with a lot of configure options, not setting them explicitly means
that configure autodetects them. That may lead to different results,
i.e. based on the build order or other host influences. So you should
always specify all options - either according to the configuration, or
with a fixed value.

rsc
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v3] strongswan: add package

[Christoph Fritz]

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
 rules/strongswan.in   |   46 +++++++++++
 rules/strongswan.make |  217 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 263 insertions(+)
 create mode 100644 rules/strongswan.in
 create mode 100644 rules/strongswan.make

diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..85c8215
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,46 @@
+## SECTION=networking
+
+menuconfig STRONGSWAN
+	bool
+	prompt "strongswan                    "
+	select LIBGMP
+	select LIBCURL if STRONGSWAN_LIBCURL
+	help
+	  strongSwan is a complete IPsec implementation.
+	  Please keep in mind to configure the kernel accordingly to fulfill
+	  strongSwan's needs. See 'Required Kernel Modules' here:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
+
+if STRONGSWAN
+	config STRONGSWAN_STATIC
+	bool
+	default n
+	prompt "build static libraries"
+	help
+	  Libraries will also be built statically.
+
+	config STRONGSWAN_LIBCURL
+	bool
+	default y
+	prompt "CURL fetcher plugin to fetch files"
+	help
+	  If you intend to dynamically fetch Certificate Revocation Lists
+	  (CRLs) from an HTTP server or as an alternative want to use
+	  the Online Certificate Status Protocol (OCSP) say yes.
+
+	config STRONGSWAN_AFALG
+	bool
+	default y
+	prompt "AF_ALG crypto interface to Linux Crypto API"
+	help
+	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
+	  crypto algorithms of the kernel available in userland.
+	  If your strongswan configuration depends on this, be sure to
+	  enable the appropriate crypto algorithm in your kernel.
+	  For test configurations see af-alg-* categories here:
+	  http://www.strongswan.org/uml/testresults4/index.html
+	  For a list of cipher suite keywords see:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
+endif
+
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..4c78fa7
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,217 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION	:= 5.0.2
+STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX	:= tar.bz2
+STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE	:= GPL
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_CONF_TOOL	:= autoconf
+STRONGSWAN_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	--enable-aes \
+	--enable-des \
+	--disable-blowfish \
+	--enable-md5 \
+	--enable-sha1 \
+	--enable-sha2 \
+	--enable-gmp \
+	--disable-soup \
+	--disable-ldap \
+	--disable-md4 \
+	--enable-fips-prf \
+	--disable-rdrand \
+	--enable-random \
+	--enable-nonce \
+	--enable-x509 \
+	--enable-revocation \
+	--enable-constraints \
+	--enable-pubkey \
+	--enable-pkcs1 \
+	--enable-pkcs7 \
+	--enable-pkcs8 \
+	--enable-pgp \
+	--enable-dnskey \
+	--enable-pem \
+	--enable-hmac \
+	--enable-cmac \
+	--enable-xcbc \
+	--disable-test-vectors \
+	--disable-mysql \
+	--disable-sqlite \
+	--enable-stroke \
+	--disable-medsrv \
+	--disable-medcli \
+	--disable-smp \
+	--disable-sql \
+	--disable-leak-detective \
+	--disable-lock-profiler \
+	--disable-unit-tester \
+	--disable-load-tester \
+	--disable-eap-sim \
+	--disable-eap-sim-file \
+	--disable-eap-sim-pcsc \
+	--disable-eap-simaka-sql \
+	--disable-eap-simaka-pseudonym \
+	--disable-eap-simaka-reauth \
+	--disable-eap-identity \
+	--disable-eap-md5 \
+	--disable-eap-gtc \
+	--disable-eap-mschapv2 \
+	--disable-eap-tls \
+	--disable-eap-ttls \
+	--disable-eap-peap \
+	--disable-eap-tnc \
+	--disable-eap-dynamic \
+	--disable-eap-radius \
+	--enable-xauth-generic \
+	--disable-xauth-eap \
+	--disable-xauth-pam \
+	--disable-tnc-ifmap \
+	--disable-tnc-pdp \
+	--disable-tnc-imc \
+	--disable-tnc-imv \
+	--disable-tnccs-11 \
+	--disable-tnccs-20 \
+	--disable-tnccs-dynamic \
+	--disable-imc-test \
+	--disable-imv-test \
+	--disable-imc-scanner \
+	--disable-imv-scanner \
+	--disable-imc-os \
+	--disable-imv-os \
+	--disable-imc-attestation \
+	--disable-imv-attestation \
+	--enable-kernel-netlink \
+	--disable-kernel-pfkey \
+	--disable-kernel-pfroute \
+	--disable-kernel-klips \
+	--disable-libipsec \
+	--enable-socket-default \
+	--disable-socket-dynamic \
+	--disable-farp \
+	--disable-dumm \
+	--disable-fast \
+	--disable-manager \
+	--disable-mediation \
+	--disable-integrity-test \
+	--enable-load-warning \
+	--enable-ikev1 \
+	--enable-ikev2 \
+	--enable-charon \
+	--enable-tools \
+	--enable-scripts \
+	--disable-conftest \
+	--enable-updown \
+	--enable-attr \
+	--disable-attr-sql \
+	--disable-dhcp \
+	--enable-resolve \
+	--disable-padlock \
+	--disable-openssl \
+	--disable-gcrypt \
+	--disable-agent \
+	--disable-pkcs11 \
+	--disable-ctr \
+	--disable-ccm \
+	--disable-gcm \
+	--disable-addrblock \
+	--disable-unity \
+	--disable-uci \
+	--disable-android \
+	--disable-android-log \
+	--disable-maemo \
+	--disable-nm \
+	--disable-ha \
+	--disable-whitelist \
+	--disable-lookip \
+	--disable-error-notify \
+	--disable-certexpire \
+	--disable-led \
+	--disable-duplicheck \
+	--disable-coupling \
+	--disable-radattr \
+	--disable-vstr \
+	--disable-monolithic \
+	--disable-bfd-backtraces \
+	--enable-dependency-tracking \
+	--enable-shared \
+	--enable-fast-install \
+	--enable-libtool-lock \
+	--with-user=root \
+	--with-group=root
+
+ifdef PTXCONF_STRONGSWAN_STATIC
+STRONGSWAN_CONF_OPT	+= --enable-static
+else
+STRONGSWAN_CONF_OPT	+= --disable-static
+endif
+
+ifdef PTXCONF_STRONGSWAN_LIBCURL
+STRONGSWAN_CONF_OPT	+= --enable-curl
+else
+STRONGSWAN_CONF_OPT	+= --disable-curl
+endif
+
+ifdef PTXCONF_STRONGSWAN_AFALG
+STRONGSWAN_CONF_OPT	+= --enable-af-alg
+else
+STRONGSWAN_CONF_OPT	+= --disable-af-alg
+endif
+
+STRONGSWAN_CONF_OPT	+= --with-ipseclibdir=/usr/lib
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/strongswan.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, strongswan)
+	@$(call install_fixup, strongswan,PRIORITY,optional)
+	@$(call install_fixup, strongswan,SECTION,base)
+	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+	@$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)
+	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
+	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
+
+	@$(call install_finish, strongswan)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.10.4




-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: add package

[Christoph Fritz]

On Wed, 2013-03-06 at 23:54 +0100, Christoph Fritz wrote:
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
> ---
>  rules/strongswan.in   |   46 +++++++++++
>  rules/strongswan.make |  217 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 263 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make

*ping*


> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..85c8215
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,46 @@
> +## SECTION=networking
> +
> +menuconfig STRONGSWAN
> +	bool
> +	prompt "strongswan                    "
> +	select LIBGMP
> +	select LIBCURL if STRONGSWAN_LIBCURL
> +	help
> +	  strongSwan is a complete IPsec implementation.
> +	  Please keep in mind to configure the kernel accordingly to fulfill
> +	  strongSwan's needs. See 'Required Kernel Modules' here:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> +
> +if STRONGSWAN
> +	config STRONGSWAN_STATIC
> +	bool
> +	default n
> +	prompt "build static libraries"
> +	help
> +	  Libraries will also be built statically.
> +
> +	config STRONGSWAN_LIBCURL
> +	bool
> +	default y
> +	prompt "CURL fetcher plugin to fetch files"
> +	help
> +	  If you intend to dynamically fetch Certificate Revocation Lists
> +	  (CRLs) from an HTTP server or as an alternative want to use
> +	  the Online Certificate Status Protocol (OCSP) say yes.
> +
> +	config STRONGSWAN_AFALG
> +	bool
> +	default y
> +	prompt "AF_ALG crypto interface to Linux Crypto API"
> +	help
> +	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
> +	  crypto algorithms of the kernel available in userland.
> +	  If your strongswan configuration depends on this, be sure to
> +	  enable the appropriate crypto algorithm in your kernel.
> +	  For test configurations see af-alg-* categories here:
> +	  http://www.strongswan.org/uml/testresults4/index.html
> +	  For a list of cipher suite keywords see:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
> +endif
> +
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..4c78fa7
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,217 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--enable-aes \
> +	--enable-des \
> +	--disable-blowfish \
> +	--enable-md5 \
> +	--enable-sha1 \
> +	--enable-sha2 \
> +	--enable-gmp \
> +	--disable-soup \
> +	--disable-ldap \
> +	--disable-md4 \
> +	--enable-fips-prf \
> +	--disable-rdrand \
> +	--enable-random \
> +	--enable-nonce \
> +	--enable-x509 \
> +	--enable-revocation \
> +	--enable-constraints \
> +	--enable-pubkey \
> +	--enable-pkcs1 \
> +	--enable-pkcs7 \
> +	--enable-pkcs8 \
> +	--enable-pgp \
> +	--enable-dnskey \
> +	--enable-pem \
> +	--enable-hmac \
> +	--enable-cmac \
> +	--enable-xcbc \
> +	--disable-test-vectors \
> +	--disable-mysql \
> +	--disable-sqlite \
> +	--enable-stroke \
> +	--disable-medsrv \
> +	--disable-medcli \
> +	--disable-smp \
> +	--disable-sql \
> +	--disable-leak-detective \
> +	--disable-lock-profiler \
> +	--disable-unit-tester \
> +	--disable-load-tester \
> +	--disable-eap-sim \
> +	--disable-eap-sim-file \
> +	--disable-eap-sim-pcsc \
> +	--disable-eap-simaka-sql \
> +	--disable-eap-simaka-pseudonym \
> +	--disable-eap-simaka-reauth \
> +	--disable-eap-identity \
> +	--disable-eap-md5 \
> +	--disable-eap-gtc \
> +	--disable-eap-mschapv2 \
> +	--disable-eap-tls \
> +	--disable-eap-ttls \
> +	--disable-eap-peap \
> +	--disable-eap-tnc \
> +	--disable-eap-dynamic \
> +	--disable-eap-radius \
> +	--enable-xauth-generic \
> +	--disable-xauth-eap \
> +	--disable-xauth-pam \
> +	--disable-tnc-ifmap \
> +	--disable-tnc-pdp \
> +	--disable-tnc-imc \
> +	--disable-tnc-imv \
> +	--disable-tnccs-11 \
> +	--disable-tnccs-20 \
> +	--disable-tnccs-dynamic \
> +	--disable-imc-test \
> +	--disable-imv-test \
> +	--disable-imc-scanner \
> +	--disable-imv-scanner \
> +	--disable-imc-os \
> +	--disable-imv-os \
> +	--disable-imc-attestation \
> +	--disable-imv-attestation \
> +	--enable-kernel-netlink \
> +	--disable-kernel-pfkey \
> +	--disable-kernel-pfroute \
> +	--disable-kernel-klips \
> +	--disable-libipsec \
> +	--enable-socket-default \
> +	--disable-socket-dynamic \
> +	--disable-farp \
> +	--disable-dumm \
> +	--disable-fast \
> +	--disable-manager \
> +	--disable-mediation \
> +	--disable-integrity-test \
> +	--enable-load-warning \
> +	--enable-ikev1 \
> +	--enable-ikev2 \
> +	--enable-charon \
> +	--enable-tools \
> +	--enable-scripts \
> +	--disable-conftest \
> +	--enable-updown \
> +	--enable-attr \
> +	--disable-attr-sql \
> +	--disable-dhcp \
> +	--enable-resolve \
> +	--disable-padlock \
> +	--disable-openssl \
> +	--disable-gcrypt \
> +	--disable-agent \
> +	--disable-pkcs11 \
> +	--disable-ctr \
> +	--disable-ccm \
> +	--disable-gcm \
> +	--disable-addrblock \
> +	--disable-unity \
> +	--disable-uci \
> +	--disable-android \
> +	--disable-android-log \
> +	--disable-maemo \
> +	--disable-nm \
> +	--disable-ha \
> +	--disable-whitelist \
> +	--disable-lookip \
> +	--disable-error-notify \
> +	--disable-certexpire \
> +	--disable-led \
> +	--disable-duplicheck \
> +	--disable-coupling \
> +	--disable-radattr \
> +	--disable-vstr \
> +	--disable-monolithic \
> +	--disable-bfd-backtraces \
> +	--enable-dependency-tracking \
> +	--enable-shared \
> +	--enable-fast-install \
> +	--enable-libtool-lock \
> +	--with-user=root \
> +	--with-group=root
> +
> +ifdef PTXCONF_STRONGSWAN_STATIC
> +STRONGSWAN_CONF_OPT	+= --enable-static
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-static
> +endif
> +
> +ifdef PTXCONF_STRONGSWAN_LIBCURL
> +STRONGSWAN_CONF_OPT	+= --enable-curl
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-curl
> +endif
> +
> +ifdef PTXCONF_STRONGSWAN_AFALG
> +STRONGSWAN_CONF_OPT	+= --enable-af-alg
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-af-alg
> +endif
> +
> +STRONGSWAN_CONF_OPT	+= --with-ipseclibdir=/usr/lib
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)
> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
> +	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make




-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: add package

[Michael Olbrich]

On Wed, Mar 06, 2013 at 11:54:02PM +0100, Christoph Fritz wrote:
> 
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
> ---
>  rules/strongswan.in   |   46 +++++++++++
>  rules/strongswan.make |  217 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 263 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..85c8215
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,46 @@
> +## SECTION=networking
> +
> +menuconfig STRONGSWAN
> +	bool
> +	prompt "strongswan                    "
> +	select LIBGMP
> +	select LIBCURL if STRONGSWAN_LIBCURL
> +	help
> +	  strongSwan is a complete IPsec implementation.
> +	  Please keep in mind to configure the kernel accordingly to fulfill
> +	  strongSwan's needs. See 'Required Kernel Modules' here:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> +
> +if STRONGSWAN
> +	config STRONGSWAN_STATIC
> +	bool
> +	default n
> +	prompt "build static libraries"
> +	help
> +	  Libraries will also be built statically.


No option for this, unless there is a special need for static libraries.
Just use --disable-static

> +
> +	config STRONGSWAN_LIBCURL
> +	bool
> +	default y
> +	prompt "CURL fetcher plugin to fetch files"
> +	help
> +	  If you intend to dynamically fetch Certificate Revocation Lists
> +	  (CRLs) from an HTTP server or as an alternative want to use
> +	  the Online Certificate Status Protocol (OCSP) say yes.
> +
> +	config STRONGSWAN_AFALG
> +	bool
> +	default y
> +	prompt "AF_ALG crypto interface to Linux Crypto API"
> +	help
> +	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
> +	  crypto algorithms of the kernel available in userland.
> +	  If your strongswan configuration depends on this, be sure to
> +	  enable the appropriate crypto algorithm in your kernel.
> +	  For test configurations see af-alg-* categories here:
> +	  http://www.strongswan.org/uml/testresults4/index.html
> +	  For a list of cipher suite keywords see:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
> +endif
> +
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..4c78fa7
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,217 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \

Please sort _exactly_ like in ./configure --help

> +	--enable-aes \
> +	--enable-des \
> +	--disable-blowfish \
> +	--enable-md5 \
> +	--enable-sha1 \
> +	--enable-sha2 \
> +	--enable-gmp \
> +	--disable-soup \
> +	--disable-ldap \
> +	--disable-md4 \
> +	--enable-fips-prf \
> +	--disable-rdrand \
> +	--enable-random \
> +	--enable-nonce \
> +	--enable-x509 \
> +	--enable-revocation \
> +	--enable-constraints \
> +	--enable-pubkey \
> +	--enable-pkcs1 \
> +	--enable-pkcs7 \
> +	--enable-pkcs8 \
> +	--enable-pgp \
> +	--enable-dnskey \
> +	--enable-pem \
> +	--enable-hmac \
> +	--enable-cmac \
> +	--enable-xcbc \
> +	--disable-test-vectors \
> +	--disable-mysql \
> +	--disable-sqlite \
> +	--enable-stroke \
> +	--disable-medsrv \
> +	--disable-medcli \
> +	--disable-smp \
> +	--disable-sql \
> +	--disable-leak-detective \
> +	--disable-lock-profiler \
> +	--disable-unit-tester \
> +	--disable-load-tester \
> +	--disable-eap-sim \
> +	--disable-eap-sim-file \
> +	--disable-eap-sim-pcsc \
> +	--disable-eap-simaka-sql \
> +	--disable-eap-simaka-pseudonym \
> +	--disable-eap-simaka-reauth \
> +	--disable-eap-identity \
> +	--disable-eap-md5 \
> +	--disable-eap-gtc \
> +	--disable-eap-mschapv2 \
> +	--disable-eap-tls \
> +	--disable-eap-ttls \
> +	--disable-eap-peap \
> +	--disable-eap-tnc \
> +	--disable-eap-dynamic \
> +	--disable-eap-radius \
> +	--enable-xauth-generic \
> +	--disable-xauth-eap \
> +	--disable-xauth-pam \
> +	--disable-tnc-ifmap \
> +	--disable-tnc-pdp \
> +	--disable-tnc-imc \
> +	--disable-tnc-imv \
> +	--disable-tnccs-11 \
> +	--disable-tnccs-20 \
> +	--disable-tnccs-dynamic \
> +	--disable-imc-test \
> +	--disable-imv-test \
> +	--disable-imc-scanner \
> +	--disable-imv-scanner \
> +	--disable-imc-os \
> +	--disable-imv-os \
> +	--disable-imc-attestation \
> +	--disable-imv-attestation \
> +	--enable-kernel-netlink \
> +	--disable-kernel-pfkey \
> +	--disable-kernel-pfroute \
> +	--disable-kernel-klips \
> +	--disable-libipsec \
> +	--enable-socket-default \
> +	--disable-socket-dynamic \
> +	--disable-farp \
> +	--disable-dumm \
> +	--disable-fast \
> +	--disable-manager \
> +	--disable-mediation \
> +	--disable-integrity-test \
> +	--enable-load-warning \
> +	--enable-ikev1 \
> +	--enable-ikev2 \
> +	--enable-charon \
> +	--enable-tools \
> +	--enable-scripts \
> +	--disable-conftest \
> +	--enable-updown \
> +	--enable-attr \
> +	--disable-attr-sql \
> +	--disable-dhcp \
> +	--enable-resolve \
> +	--disable-padlock \
> +	--disable-openssl \
> +	--disable-gcrypt \
> +	--disable-agent \
> +	--disable-pkcs11 \
> +	--disable-ctr \
> +	--disable-ccm \
> +	--disable-gcm \
> +	--disable-addrblock \
> +	--disable-unity \
> +	--disable-uci \
> +	--disable-android \
> +	--disable-android-log \
> +	--disable-maemo \
> +	--disable-nm \
> +	--disable-ha \
> +	--disable-whitelist \
> +	--disable-lookip \
> +	--disable-error-notify \
> +	--disable-certexpire \
> +	--disable-led \
> +	--disable-duplicheck \
> +	--disable-coupling \
> +	--disable-radattr \
> +	--disable-vstr \
> +	--disable-monolithic \
> +	--disable-bfd-backtraces \
> +	--enable-dependency-tracking \
> +	--enable-shared \

> +	--enable-fast-install \
> +	--enable-libtool-lock \

remove these 2.

> +	--with-user=root \
> +	--with-group=root
> +
> +ifdef PTXCONF_STRONGSWAN_STATIC
> +STRONGSWAN_CONF_OPT	+= --enable-static
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-static
> +endif
> +
> +ifdef PTXCONF_STRONGSWAN_LIBCURL
> +STRONGSWAN_CONF_OPT	+= --enable-curl
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-curl
> +endif
> +

	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \

> +ifdef PTXCONF_STRONGSWAN_AFALG
> +STRONGSWAN_CONF_OPT	+= --enable-af-alg
> +else
> +STRONGSWAN_CONF_OPT	+= --disable-af-alg
> +endif

	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \


use these at the correct place in the list.

> +
> +STRONGSWAN_CONF_OPT	+= --with-ipseclibdir=/usr/lib

keep this in the list.

> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)

What about the configs in /etc?
If you do it like this, then you can provide a custom config in the BSP and
it will fall back to the file installed with the package:

	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)

Also, make an option and install the systemd unit. See e.g. the urshd
package for an example.

> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin)

No, this is just one file anyways. Use install copy. Also, you can use '-'
for the source if its just $(STRONGSWAN_PKGDIR)/<destination>.

> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec)

	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)

> +	@$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib)

No, this also installs .la files.

use install_lib for the normal libs in /usr/lib/. For the plugins make a
list and use forech. See e.g. rules/perl.make for an example.

Michael

> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
> +	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.10.4
> 
> 
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v4] strongswan: add package

[Christoph Fritz]

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
 rules/strongswan.in   |   45 +++++++++
 rules/strongswan.make |  257 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 302 insertions(+)
 create mode 100644 rules/strongswan.in
 create mode 100644 rules/strongswan.make

diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..a609a3f
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,45 @@
+## SECTION=networking
+
+menuconfig STRONGSWAN
+	bool
+	prompt "strongswan                    "
+	select LIBGMP
+	select LIBCURL if STRONGSWAN_LIBCURL
+	help
+	  strongSwan is a complete IPsec implementation.
+	  Please keep in mind to configure the kernel accordingly to fulfill
+	  strongSwan's needs. See 'Required Kernel Modules' here:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
+
+if STRONGSWAN
+	config STRONGSWAN_LIBCURL
+	bool
+	default y
+	prompt "CURL fetcher plugin to fetch files"
+	help
+	  If you intend to dynamically fetch Certificate Revocation Lists
+	  (CRLs) from an HTTP server or as an alternative want to use
+	  the Online Certificate Status Protocol (OCSP) say yes.
+
+	config STRONGSWAN_AFALG
+	bool
+	default y
+	prompt "AF_ALG crypto interface to Linux Crypto API"
+	help
+	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
+	  crypto algorithms of the kernel available in userland.
+	  If your strongswan configuration depends on this, be sure to
+	  enable the appropriate crypto algorithm in your kernel.
+	  For test configurations see af-alg-* categories here:
+	  http://www.strongswan.org/uml/testresults4/index.html
+	  For a list of cipher suite keywords see:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
+
+	config STRONGSWAN_SYSTEMD_UNIT
+	bool
+	default y
+	depends on SYSTEMD
+	prompt "install systemd service file"
+
+endif
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..a6bfe4c
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,257 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION	:= 5.0.2
+STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX	:= tar.bz2
+STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE	:= GPL
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_CONF_TOOL	:= autoconf
+STRONGSWAN_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
+	--disable-soup \
+	--disable-ldap \
+	--enable-aes \
+	--enable-des \
+	--disable-blowfish \
+	--disable-md4 \
+	--enable-md5 \
+	--enable-sha1 \
+	--enable-sha2 \
+	--enable-fips-prf \
+	--enable-gmp \
+	--disable-rdrand \
+	--enable-random \
+	--enable-nonce \
+	--enable-x509 \
+	--enable-revocation \
+	--enable-constraints \
+	--enable-pubkey \
+	--enable-pkcs1 \
+	--enable-pkcs7 \
+	--enable-pkcs8 \
+	--enable-pgp \
+	--enable-dnskey \
+	--enable-pem \
+	--enable-hmac \
+	--enable-cmac \
+	--enable-xcbc \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
+	--disable-test-vectors \
+	--disable-mysql \
+	--disable-sqlite \
+	--enable-stroke \
+	--disable-medsrv \
+	--disable-medcli \
+	--disable-smp \
+	--disable-sql \
+	--disable-leak-detective \
+	--disable-lock-profiler \
+	--disable-unit-tester \
+	--disable-load-tester \
+	--disable-eap-sim \
+	--disable-eap-sim-file \
+	--disable-eap-sim-pcsc \
+	--disable-eap-aka \
+	--disable-eap-aka-3gpp2 \
+	--disable-eap-simaka-sql \
+	--disable-eap-simaka-pseudonym \
+	--disable-eap-simaka-reauth \
+	--disable-eap-identity \
+	--disable-eap-md5 \
+	--disable-eap-gtc \
+	--disable-eap-mschapv2 \
+	--disable-eap-tls \
+	--disable-eap-ttls \
+	--disable-eap-peap \
+	--disable-eap-tnc \
+	--disable-eap-dynamic \
+	--disable-eap-radius \
+	--enable-xauth-generic \
+	--disable-xauth-eap \
+	--disable-xauth-pam \
+	--disable-tnc-ifmap \
+	--disable-tnc-pdp \
+	--disable-tnc-imc \
+	--disable-tnc-imv \
+	--disable-tnccs-11 \
+	--disable-tnccs-20 \
+	--disable-tnccs-dynamic \
+	--disable-imc-test \
+	--disable-imv-test \
+	--disable-imc-scanner \
+	--disable-imv-scanner \
+	--disable-imc-os \
+	--disable-imv-os \
+	--disable-imc-attestation \
+	--disable-imv-attestation \
+	--enable-kernel-netlink \
+	--disable-kernel-pfkey \
+	--disable-kernel-pfroute \
+	--disable-kernel-klips \
+	--disable-libipsec \
+	--enable-socket-default \
+	--disable-socket-dynamic \
+	--disable-farp \
+	--disable-dumm \
+	--disable-fast \
+	--disable-manager \
+	--disable-mediation \
+	--disable-integrity-test \
+	--enable-load-warning \
+	--enable-ikev1 \
+	--enable-ikev2 \
+	--enable-charon \
+	--enable-tools \
+	--enable-scripts \
+	--disable-conftest \
+	--enable-updown \
+	--enable-attr \
+	--disable-attr-sql \
+	--disable-dhcp \
+	--enable-resolve \
+	--disable-padlock \
+	--disable-openssl \
+	--disable-gcrypt \
+	--disable-agent \
+	--disable-pkcs11 \
+	--disable-ctr \
+	--disable-ccm \
+	--disable-gcm \
+	--disable-addrblock \
+	--disable-unity \
+	--disable-uci \
+	--disable-android \
+	--disable-android-log \
+	--disable-maemo \
+	--disable-nm \
+	--disable-ha \
+	--disable-whitelist \
+	--disable-lookip \
+	--disable-error-notify \
+	--disable-certexpire \
+	--disable-led \
+	--disable-duplicheck \
+	--disable-coupling \
+	--disable-radattr \
+	--disable-vstr \
+	--disable-monolithic \
+	--disable-bfd-backtraces \
+	--enable-dependency-tracking \
+	--enable-shared \
+	--disable-static \
+	--enable-fast-install \
+	--enable-libtool-lock \
+	--with-ipseclibdir=/usr/lib
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_PLUGINS := \
+	libstrongswan-aes.so \
+	libstrongswan-attr.so \
+	libstrongswan-cmac.so \
+	libstrongswan-constraints.so \
+	libstrongswan-des.so \
+	libstrongswan-dnskey.so \
+	libstrongswan-fips-prf.so \
+	libstrongswan-gmp.so \
+	libstrongswan-hmac.so \
+	libstrongswan-kernel-netlink.so \
+	libstrongswan-md5.so \
+	libstrongswan-nonce.so \
+	libstrongswan-pem.so \
+	libstrongswan-pgp.so \
+	libstrongswan-pkcs1.so \
+	libstrongswan-pkcs7.so \
+	libstrongswan-pkcs8.so \
+	libstrongswan-pubkey.so \
+	libstrongswan-random.so \
+	libstrongswan-resolve.so \
+	libstrongswan-revocation.so \
+	libstrongswan-sha1.so \
+	libstrongswan-sha2.so \
+	libstrongswan-socket-default.so \
+	libstrongswan-stroke.so \
+	libstrongswan-updown.so \
+	libstrongswan-x509.so \
+	libstrongswan-xauth-generic.so \
+	libstrongswan-xcbc.so
+
+ifdef PTXCONF_STRONGSWAN_LIBCUR
+	STRONGSWAN_PLUGINS += libstrongswan-curl.so
+endif
+ifdef PTXCONF_STRONGSWAN_AFALG
+	STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
+endif
+
+$(STATEDIR)/strongswan.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, strongswan)
+	@$(call install_fixup, strongswan,PRIORITY,optional)
+	@$(call install_fixup, strongswan,SECTION,base)
+	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+	@$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
+
+	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
+
+	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+
+	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
+	@$(call install_lib, strongswan, 0, 0, 0644, libhydra)
+	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
+
+	@$(foreach plugin, $(STRONGSWAN_PLUGINS), \
+		$(call install_copy, strongswan, 0, 0, 0644, -, \
+			/usr/lib/plugins/$(plugin));)
+
+ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
+	@$(call install_alternative, strongswan, 0, 0, 0644, \
+		/lib/systemd/system/strongswan.service)
+	@$(call install_link, strongswan, ../strongswan.service, \
+		/lib/systemd/system/multi-user.target.wants/strongswan.service)
+endif
+
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
+	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
+
+	@$(call install_finish, strongswan)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.10.4




-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v4] strongswan: add package

[Michael Olbrich]

On Tue, Mar 26, 2013 at 12:21:13PM +0100, Christoph Fritz wrote:
> 
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>

Thanks, applied with small changes.

Michael

> ---
>  rules/strongswan.in   |   45 +++++++++
>  rules/strongswan.make |  257 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 302 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..a609a3f
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,45 @@
> +## SECTION=networking
> +
> +menuconfig STRONGSWAN
> +	bool
> +	prompt "strongswan                    "
> +	select LIBGMP
> +	select LIBCURL if STRONGSWAN_LIBCURL
> +	help
> +	  strongSwan is a complete IPsec implementation.
> +	  Please keep in mind to configure the kernel accordingly to fulfill
> +	  strongSwan's needs. See 'Required Kernel Modules' here:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> +
> +if STRONGSWAN
> +	config STRONGSWAN_LIBCURL
> +	bool
> +	default y
> +	prompt "CURL fetcher plugin to fetch files"
> +	help
> +	  If you intend to dynamically fetch Certificate Revocation Lists
> +	  (CRLs) from an HTTP server or as an alternative want to use
> +	  the Online Certificate Status Protocol (OCSP) say yes.
> +
> +	config STRONGSWAN_AFALG
> +	bool
> +	default y
> +	prompt "AF_ALG crypto interface to Linux Crypto API"
> +	help
> +	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
> +	  crypto algorithms of the kernel available in userland.
> +	  If your strongswan configuration depends on this, be sure to
> +	  enable the appropriate crypto algorithm in your kernel.
> +	  For test configurations see af-alg-* categories here:
> +	  http://www.strongswan.org/uml/testresults4/index.html
> +	  For a list of cipher suite keywords see:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
> +
> +	config STRONGSWAN_SYSTEMD_UNIT
> +	bool
> +	default y
> +	depends on SYSTEMD
> +	prompt "install systemd service file"
> +
> +endif
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..a6bfe4c
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,257 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
> +	--disable-soup \
> +	--disable-ldap \
> +	--enable-aes \
> +	--enable-des \
> +	--disable-blowfish \
> +	--disable-md4 \
> +	--enable-md5 \
> +	--enable-sha1 \
> +	--enable-sha2 \
> +	--enable-fips-prf \
> +	--enable-gmp \
> +	--disable-rdrand \
> +	--enable-random \
> +	--enable-nonce \
> +	--enable-x509 \
> +	--enable-revocation \
> +	--enable-constraints \
> +	--enable-pubkey \
> +	--enable-pkcs1 \
> +	--enable-pkcs7 \
> +	--enable-pkcs8 \
> +	--enable-pgp \
> +	--enable-dnskey \
> +	--enable-pem \
> +	--enable-hmac \
> +	--enable-cmac \
> +	--enable-xcbc \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
> +	--disable-test-vectors \
> +	--disable-mysql \
> +	--disable-sqlite \
> +	--enable-stroke \
> +	--disable-medsrv \
> +	--disable-medcli \
> +	--disable-smp \
> +	--disable-sql \
> +	--disable-leak-detective \
> +	--disable-lock-profiler \
> +	--disable-unit-tester \
> +	--disable-load-tester \
> +	--disable-eap-sim \
> +	--disable-eap-sim-file \
> +	--disable-eap-sim-pcsc \
> +	--disable-eap-aka \
> +	--disable-eap-aka-3gpp2 \
> +	--disable-eap-simaka-sql \
> +	--disable-eap-simaka-pseudonym \
> +	--disable-eap-simaka-reauth \
> +	--disable-eap-identity \
> +	--disable-eap-md5 \
> +	--disable-eap-gtc \
> +	--disable-eap-mschapv2 \
> +	--disable-eap-tls \
> +	--disable-eap-ttls \
> +	--disable-eap-peap \
> +	--disable-eap-tnc \
> +	--disable-eap-dynamic \
> +	--disable-eap-radius \
> +	--enable-xauth-generic \
> +	--disable-xauth-eap \
> +	--disable-xauth-pam \
> +	--disable-tnc-ifmap \
> +	--disable-tnc-pdp \
> +	--disable-tnc-imc \
> +	--disable-tnc-imv \
> +	--disable-tnccs-11 \
> +	--disable-tnccs-20 \
> +	--disable-tnccs-dynamic \
> +	--disable-imc-test \
> +	--disable-imv-test \
> +	--disable-imc-scanner \
> +	--disable-imv-scanner \
> +	--disable-imc-os \
> +	--disable-imv-os \
> +	--disable-imc-attestation \
> +	--disable-imv-attestation \
> +	--enable-kernel-netlink \
> +	--disable-kernel-pfkey \
> +	--disable-kernel-pfroute \
> +	--disable-kernel-klips \
> +	--disable-libipsec \
> +	--enable-socket-default \
> +	--disable-socket-dynamic \
> +	--disable-farp \
> +	--disable-dumm \
> +	--disable-fast \
> +	--disable-manager \
> +	--disable-mediation \
> +	--disable-integrity-test \
> +	--enable-load-warning \
> +	--enable-ikev1 \
> +	--enable-ikev2 \
> +	--enable-charon \
> +	--enable-tools \
> +	--enable-scripts \
> +	--disable-conftest \
> +	--enable-updown \
> +	--enable-attr \
> +	--disable-attr-sql \
> +	--disable-dhcp \
> +	--enable-resolve \
> +	--disable-padlock \
> +	--disable-openssl \
> +	--disable-gcrypt \
> +	--disable-agent \
> +	--disable-pkcs11 \
> +	--disable-ctr \
> +	--disable-ccm \
> +	--disable-gcm \
> +	--disable-addrblock \
> +	--disable-unity \
> +	--disable-uci \
> +	--disable-android \
> +	--disable-android-log \
> +	--disable-maemo \
> +	--disable-nm \
> +	--disable-ha \
> +	--disable-whitelist \
> +	--disable-lookip \
> +	--disable-error-notify \
> +	--disable-certexpire \
> +	--disable-led \
> +	--disable-duplicheck \
> +	--disable-coupling \
> +	--disable-radattr \
> +	--disable-vstr \
> +	--disable-monolithic \
> +	--disable-bfd-backtraces \
> +	--enable-dependency-tracking \
> +	--enable-shared \
> +	--disable-static \
> +	--enable-fast-install \
> +	--enable-libtool-lock \
> +	--with-ipseclibdir=/usr/lib
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_PLUGINS := \
> +	libstrongswan-aes.so \
> +	libstrongswan-attr.so \
> +	libstrongswan-cmac.so \
> +	libstrongswan-constraints.so \
> +	libstrongswan-des.so \
> +	libstrongswan-dnskey.so \
> +	libstrongswan-fips-prf.so \
> +	libstrongswan-gmp.so \
> +	libstrongswan-hmac.so \
> +	libstrongswan-kernel-netlink.so \
> +	libstrongswan-md5.so \
> +	libstrongswan-nonce.so \
> +	libstrongswan-pem.so \
> +	libstrongswan-pgp.so \
> +	libstrongswan-pkcs1.so \
> +	libstrongswan-pkcs7.so \
> +	libstrongswan-pkcs8.so \
> +	libstrongswan-pubkey.so \
> +	libstrongswan-random.so \
> +	libstrongswan-resolve.so \
> +	libstrongswan-revocation.so \
> +	libstrongswan-sha1.so \
> +	libstrongswan-sha2.so \
> +	libstrongswan-socket-default.so \
> +	libstrongswan-stroke.so \
> +	libstrongswan-updown.so \
> +	libstrongswan-x509.so \
> +	libstrongswan-xauth-generic.so \
> +	libstrongswan-xcbc.so
> +
> +ifdef PTXCONF_STRONGSWAN_LIBCUR
> +	STRONGSWAN_PLUGINS += libstrongswan-curl.so
> +endif
> +ifdef PTXCONF_STRONGSWAN_AFALG
> +	STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
> +endif
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> +	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
> +
> +	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
> +
> +	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
> +
> +	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
> +	@$(call install_lib, strongswan, 0, 0, 0644, libhydra)
> +	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
> +
> +	@$(foreach plugin, $(STRONGSWAN_PLUGINS), \
> +		$(call install_copy, strongswan, 0, 0, 0644, -, \
> +			/usr/lib/plugins/$(plugin));)
> +
> +ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
> +	@$(call install_alternative, strongswan, 0, 0, 0644, \
> +		/lib/systemd/system/strongswan.service)
> +	@$(call install_link, strongswan, ../strongswan.service, \
> +		/lib/systemd/system/multi-user.target.wants/strongswan.service)
> +endif
> +
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
> +	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.10.4
> 
> 
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de