From: Christoph Fritz <chf.fritz@googlemail.com>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v4] strongswan: add package
Date: Tue, 26 Mar 2013 12:21:13 +0100 [thread overview]
Message-ID: <1364296873.3864.14.camel@mars> (raw)
In-Reply-To: <20130320134936.GI30288@pengutronix.de>
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
rules/strongswan.in | 45 +++++++++
rules/strongswan.make | 257 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 302 insertions(+)
create mode 100644 rules/strongswan.in
create mode 100644 rules/strongswan.make
diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..a609a3f
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,45 @@
+## SECTION=networking
+
+menuconfig STRONGSWAN
+ bool
+ prompt "strongswan "
+ select LIBGMP
+ select LIBCURL if STRONGSWAN_LIBCURL
+ help
+ strongSwan is a complete IPsec implementation.
+ Please keep in mind to configure the kernel accordingly to fulfill
+ strongSwan's needs. See 'Required Kernel Modules' here:
+ http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
+
+if STRONGSWAN
+ config STRONGSWAN_LIBCURL
+ bool
+ default y
+ prompt "CURL fetcher plugin to fetch files"
+ help
+ If you intend to dynamically fetch Certificate Revocation Lists
+ (CRLs) from an HTTP server or as an alternative want to use
+ the Online Certificate Status Protocol (OCSP) say yes.
+
+ config STRONGSWAN_AFALG
+ bool
+ default y
+ prompt "AF_ALG crypto interface to Linux Crypto API"
+ help
+ Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
+ crypto algorithms of the kernel available in userland.
+ If your strongswan configuration depends on this, be sure to
+ enable the appropriate crypto algorithm in your kernel.
+ For test configurations see af-alg-* categories here:
+ http://www.strongswan.org/uml/testresults4/index.html
+ For a list of cipher suite keywords see:
+ http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
+ http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
+
+ config STRONGSWAN_SYSTEMD_UNIT
+ bool
+ default y
+ depends on SYSTEMD
+ prompt "install systemd service file"
+
+endif
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..a6bfe4c
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,257 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION := 5.0.2
+STRONGSWAN_MD5 := 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN := strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX := tar.bz2
+STRONGSWAN_URL := http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE := GPL
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_CONF_TOOL := autoconf
+STRONGSWAN_CONF_OPT := \
+ $(CROSS_AUTOCONF_USR) \
+ --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
+ --disable-soup \
+ --disable-ldap \
+ --enable-aes \
+ --enable-des \
+ --disable-blowfish \
+ --disable-md4 \
+ --enable-md5 \
+ --enable-sha1 \
+ --enable-sha2 \
+ --enable-fips-prf \
+ --enable-gmp \
+ --disable-rdrand \
+ --enable-random \
+ --enable-nonce \
+ --enable-x509 \
+ --enable-revocation \
+ --enable-constraints \
+ --enable-pubkey \
+ --enable-pkcs1 \
+ --enable-pkcs7 \
+ --enable-pkcs8 \
+ --enable-pgp \
+ --enable-dnskey \
+ --enable-pem \
+ --enable-hmac \
+ --enable-cmac \
+ --enable-xcbc \
+ --$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
+ --disable-test-vectors \
+ --disable-mysql \
+ --disable-sqlite \
+ --enable-stroke \
+ --disable-medsrv \
+ --disable-medcli \
+ --disable-smp \
+ --disable-sql \
+ --disable-leak-detective \
+ --disable-lock-profiler \
+ --disable-unit-tester \
+ --disable-load-tester \
+ --disable-eap-sim \
+ --disable-eap-sim-file \
+ --disable-eap-sim-pcsc \
+ --disable-eap-aka \
+ --disable-eap-aka-3gpp2 \
+ --disable-eap-simaka-sql \
+ --disable-eap-simaka-pseudonym \
+ --disable-eap-simaka-reauth \
+ --disable-eap-identity \
+ --disable-eap-md5 \
+ --disable-eap-gtc \
+ --disable-eap-mschapv2 \
+ --disable-eap-tls \
+ --disable-eap-ttls \
+ --disable-eap-peap \
+ --disable-eap-tnc \
+ --disable-eap-dynamic \
+ --disable-eap-radius \
+ --enable-xauth-generic \
+ --disable-xauth-eap \
+ --disable-xauth-pam \
+ --disable-tnc-ifmap \
+ --disable-tnc-pdp \
+ --disable-tnc-imc \
+ --disable-tnc-imv \
+ --disable-tnccs-11 \
+ --disable-tnccs-20 \
+ --disable-tnccs-dynamic \
+ --disable-imc-test \
+ --disable-imv-test \
+ --disable-imc-scanner \
+ --disable-imv-scanner \
+ --disable-imc-os \
+ --disable-imv-os \
+ --disable-imc-attestation \
+ --disable-imv-attestation \
+ --enable-kernel-netlink \
+ --disable-kernel-pfkey \
+ --disable-kernel-pfroute \
+ --disable-kernel-klips \
+ --disable-libipsec \
+ --enable-socket-default \
+ --disable-socket-dynamic \
+ --disable-farp \
+ --disable-dumm \
+ --disable-fast \
+ --disable-manager \
+ --disable-mediation \
+ --disable-integrity-test \
+ --enable-load-warning \
+ --enable-ikev1 \
+ --enable-ikev2 \
+ --enable-charon \
+ --enable-tools \
+ --enable-scripts \
+ --disable-conftest \
+ --enable-updown \
+ --enable-attr \
+ --disable-attr-sql \
+ --disable-dhcp \
+ --enable-resolve \
+ --disable-padlock \
+ --disable-openssl \
+ --disable-gcrypt \
+ --disable-agent \
+ --disable-pkcs11 \
+ --disable-ctr \
+ --disable-ccm \
+ --disable-gcm \
+ --disable-addrblock \
+ --disable-unity \
+ --disable-uci \
+ --disable-android \
+ --disable-android-log \
+ --disable-maemo \
+ --disable-nm \
+ --disable-ha \
+ --disable-whitelist \
+ --disable-lookip \
+ --disable-error-notify \
+ --disable-certexpire \
+ --disable-led \
+ --disable-duplicheck \
+ --disable-coupling \
+ --disable-radattr \
+ --disable-vstr \
+ --disable-monolithic \
+ --disable-bfd-backtraces \
+ --enable-dependency-tracking \
+ --enable-shared \
+ --disable-static \
+ --enable-fast-install \
+ --enable-libtool-lock \
+ --with-ipseclibdir=/usr/lib
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_PLUGINS := \
+ libstrongswan-aes.so \
+ libstrongswan-attr.so \
+ libstrongswan-cmac.so \
+ libstrongswan-constraints.so \
+ libstrongswan-des.so \
+ libstrongswan-dnskey.so \
+ libstrongswan-fips-prf.so \
+ libstrongswan-gmp.so \
+ libstrongswan-hmac.so \
+ libstrongswan-kernel-netlink.so \
+ libstrongswan-md5.so \
+ libstrongswan-nonce.so \
+ libstrongswan-pem.so \
+ libstrongswan-pgp.so \
+ libstrongswan-pkcs1.so \
+ libstrongswan-pkcs7.so \
+ libstrongswan-pkcs8.so \
+ libstrongswan-pubkey.so \
+ libstrongswan-random.so \
+ libstrongswan-resolve.so \
+ libstrongswan-revocation.so \
+ libstrongswan-sha1.so \
+ libstrongswan-sha2.so \
+ libstrongswan-socket-default.so \
+ libstrongswan-stroke.so \
+ libstrongswan-updown.so \
+ libstrongswan-x509.so \
+ libstrongswan-xauth-generic.so \
+ libstrongswan-xcbc.so
+
+ifdef PTXCONF_STRONGSWAN_LIBCUR
+ STRONGSWAN_PLUGINS += libstrongswan-curl.so
+endif
+ifdef PTXCONF_STRONGSWAN_AFALG
+ STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
+endif
+
+$(STATEDIR)/strongswan.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, strongswan)
+ @$(call install_fixup, strongswan,PRIORITY,optional)
+ @$(call install_fixup, strongswan,SECTION,base)
+ @$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+ @$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+ @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
+
+ @$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
+
+ @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+
+ @$(call install_lib, strongswan, 0, 0, 0644, libcharon)
+ @$(call install_lib, strongswan, 0, 0, 0644, libhydra)
+ @$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
+
+ @$(foreach plugin, $(STRONGSWAN_PLUGINS), \
+ $(call install_copy, strongswan, 0, 0, 0644, -, \
+ /usr/lib/plugins/$(plugin));)
+
+ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
+ @$(call install_alternative, strongswan, 0, 0, 0644, \
+ /lib/systemd/system/strongswan.service)
+ @$(call install_link, strongswan, ../strongswan.service, \
+ /lib/systemd/system/multi-user.target.wants/strongswan.service)
+endif
+
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
+ @$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
+ @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
+
+ @$(call install_finish, strongswan)
+
+ @$(call touch)
+
+# vim: syntax=make
--
1.7.10.4
--
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2013-03-26 11:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-20 21:22 [ptxdist] [PATCH] " Christoph Fritz
2013-03-04 17:04 ` Michael Olbrich
2013-03-05 19:37 ` [ptxdist] [PATCH v2] " Christoph Fritz
2013-03-06 8:21 ` Michael Olbrich
2013-03-06 10:10 ` Christoph Fritz
2013-03-06 12:50 ` Robert Schwebel
2013-03-06 22:54 ` [ptxdist] [PATCH v3] " Christoph Fritz
2013-03-20 11:44 ` Christoph Fritz
2013-03-20 13:49 ` Michael Olbrich
2013-03-26 11:21 ` Christoph Fritz [this message]
2013-03-27 18:10 ` [ptxdist] [PATCH v4] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1364296873.3864.14.camel@mars \
--to=chf.fritz@googlemail.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox