From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail-bk0-x231.google.com ([2a00:1450:4008:c01::231])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <chf.fritz@googlemail.com>) id 1UKRwQ-0002rD-V7
	for ptxdist@pengutronix.de; Tue, 26 Mar 2013 12:21:25 +0100
Received: by mail-bk0-f49.google.com with SMTP id w12so156554bku.8
	for <ptxdist@pengutronix.de>; Tue, 26 Mar 2013 04:21:17 -0700 (PDT)
From: Christoph Fritz <chf.fritz@googlemail.com>
In-Reply-To: <20130320134936.GI30288@pengutronix.de>
References: <1361395347.22777.1.camel@mars>
	<20130304170456.GY5360@pengutronix.de> <1362512222.4075.334.camel@mars>
	<20130306082132.GH7949@pengutronix.de> <1362564630.3919.30.camel@mars>
	<20130306125031.GW28383@pengutronix.de> <1362610442.3919.62.camel@mars>
	<20130320134936.GI30288@pengutronix.de>
Date: Tue, 26 Mar 2013 12:21:13 +0100
Message-ID: <1364296873.3864.14.camel@mars>
Mime-Version: 1.0
Subject: [ptxdist] [PATCH v4] strongswan: add package
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de


Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
---
 rules/strongswan.in   |   45 +++++++++
 rules/strongswan.make |  257 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 302 insertions(+)
 create mode 100644 rules/strongswan.in
 create mode 100644 rules/strongswan.make

diff --git a/rules/strongswan.in b/rules/strongswan.in
new file mode 100644
index 0000000..a609a3f
--- /dev/null
+++ b/rules/strongswan.in
@@ -0,0 +1,45 @@
+## SECTION=networking
+
+menuconfig STRONGSWAN
+	bool
+	prompt "strongswan                    "
+	select LIBGMP
+	select LIBCURL if STRONGSWAN_LIBCURL
+	help
+	  strongSwan is a complete IPsec implementation.
+	  Please keep in mind to configure the kernel accordingly to fulfill
+	  strongSwan's needs. See 'Required Kernel Modules' here:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
+
+if STRONGSWAN
+	config STRONGSWAN_LIBCURL
+	bool
+	default y
+	prompt "CURL fetcher plugin to fetch files"
+	help
+	  If you intend to dynamically fetch Certificate Revocation Lists
+	  (CRLs) from an HTTP server or as an alternative want to use
+	  the Online Certificate Status Protocol (OCSP) say yes.
+
+	config STRONGSWAN_AFALG
+	bool
+	default y
+	prompt "AF_ALG crypto interface to Linux Crypto API"
+	help
+	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
+	  crypto algorithms of the kernel available in userland.
+	  If your strongswan configuration depends on this, be sure to
+	  enable the appropriate crypto algorithm in your kernel.
+	  For test configurations see af-alg-* categories here:
+	  http://www.strongswan.org/uml/testresults4/index.html
+	  For a list of cipher suite keywords see:
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
+	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
+
+	config STRONGSWAN_SYSTEMD_UNIT
+	bool
+	default y
+	depends on SYSTEMD
+	prompt "install systemd service file"
+
+endif
diff --git a/rules/strongswan.make b/rules/strongswan.make
new file mode 100644
index 0000000..a6bfe4c
--- /dev/null
+++ b/rules/strongswan.make
@@ -0,0 +1,257 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
+#
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
+
+#
+# Paths and names
+#
+STRONGSWAN_VERSION	:= 5.0.2
+STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
+STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
+STRONGSWAN_SUFFIX	:= tar.bz2
+STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
+STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
+STRONGSWAN_LICENSE	:= GPL
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_CONF_TOOL	:= autoconf
+STRONGSWAN_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
+	--disable-soup \
+	--disable-ldap \
+	--enable-aes \
+	--enable-des \
+	--disable-blowfish \
+	--disable-md4 \
+	--enable-md5 \
+	--enable-sha1 \
+	--enable-sha2 \
+	--enable-fips-prf \
+	--enable-gmp \
+	--disable-rdrand \
+	--enable-random \
+	--enable-nonce \
+	--enable-x509 \
+	--enable-revocation \
+	--enable-constraints \
+	--enable-pubkey \
+	--enable-pkcs1 \
+	--enable-pkcs7 \
+	--enable-pkcs8 \
+	--enable-pgp \
+	--enable-dnskey \
+	--enable-pem \
+	--enable-hmac \
+	--enable-cmac \
+	--enable-xcbc \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
+	--disable-test-vectors \
+	--disable-mysql \
+	--disable-sqlite \
+	--enable-stroke \
+	--disable-medsrv \
+	--disable-medcli \
+	--disable-smp \
+	--disable-sql \
+	--disable-leak-detective \
+	--disable-lock-profiler \
+	--disable-unit-tester \
+	--disable-load-tester \
+	--disable-eap-sim \
+	--disable-eap-sim-file \
+	--disable-eap-sim-pcsc \
+	--disable-eap-aka \
+	--disable-eap-aka-3gpp2 \
+	--disable-eap-simaka-sql \
+	--disable-eap-simaka-pseudonym \
+	--disable-eap-simaka-reauth \
+	--disable-eap-identity \
+	--disable-eap-md5 \
+	--disable-eap-gtc \
+	--disable-eap-mschapv2 \
+	--disable-eap-tls \
+	--disable-eap-ttls \
+	--disable-eap-peap \
+	--disable-eap-tnc \
+	--disable-eap-dynamic \
+	--disable-eap-radius \
+	--enable-xauth-generic \
+	--disable-xauth-eap \
+	--disable-xauth-pam \
+	--disable-tnc-ifmap \
+	--disable-tnc-pdp \
+	--disable-tnc-imc \
+	--disable-tnc-imv \
+	--disable-tnccs-11 \
+	--disable-tnccs-20 \
+	--disable-tnccs-dynamic \
+	--disable-imc-test \
+	--disable-imv-test \
+	--disable-imc-scanner \
+	--disable-imv-scanner \
+	--disable-imc-os \
+	--disable-imv-os \
+	--disable-imc-attestation \
+	--disable-imv-attestation \
+	--enable-kernel-netlink \
+	--disable-kernel-pfkey \
+	--disable-kernel-pfroute \
+	--disable-kernel-klips \
+	--disable-libipsec \
+	--enable-socket-default \
+	--disable-socket-dynamic \
+	--disable-farp \
+	--disable-dumm \
+	--disable-fast \
+	--disable-manager \
+	--disable-mediation \
+	--disable-integrity-test \
+	--enable-load-warning \
+	--enable-ikev1 \
+	--enable-ikev2 \
+	--enable-charon \
+	--enable-tools \
+	--enable-scripts \
+	--disable-conftest \
+	--enable-updown \
+	--enable-attr \
+	--disable-attr-sql \
+	--disable-dhcp \
+	--enable-resolve \
+	--disable-padlock \
+	--disable-openssl \
+	--disable-gcrypt \
+	--disable-agent \
+	--disable-pkcs11 \
+	--disable-ctr \
+	--disable-ccm \
+	--disable-gcm \
+	--disable-addrblock \
+	--disable-unity \
+	--disable-uci \
+	--disable-android \
+	--disable-android-log \
+	--disable-maemo \
+	--disable-nm \
+	--disable-ha \
+	--disable-whitelist \
+	--disable-lookip \
+	--disable-error-notify \
+	--disable-certexpire \
+	--disable-led \
+	--disable-duplicheck \
+	--disable-coupling \
+	--disable-radattr \
+	--disable-vstr \
+	--disable-monolithic \
+	--disable-bfd-backtraces \
+	--enable-dependency-tracking \
+	--enable-shared \
+	--disable-static \
+	--enable-fast-install \
+	--enable-libtool-lock \
+	--with-ipseclibdir=/usr/lib
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+STRONGSWAN_PLUGINS := \
+	libstrongswan-aes.so \
+	libstrongswan-attr.so \
+	libstrongswan-cmac.so \
+	libstrongswan-constraints.so \
+	libstrongswan-des.so \
+	libstrongswan-dnskey.so \
+	libstrongswan-fips-prf.so \
+	libstrongswan-gmp.so \
+	libstrongswan-hmac.so \
+	libstrongswan-kernel-netlink.so \
+	libstrongswan-md5.so \
+	libstrongswan-nonce.so \
+	libstrongswan-pem.so \
+	libstrongswan-pgp.so \
+	libstrongswan-pkcs1.so \
+	libstrongswan-pkcs7.so \
+	libstrongswan-pkcs8.so \
+	libstrongswan-pubkey.so \
+	libstrongswan-random.so \
+	libstrongswan-resolve.so \
+	libstrongswan-revocation.so \
+	libstrongswan-sha1.so \
+	libstrongswan-sha2.so \
+	libstrongswan-socket-default.so \
+	libstrongswan-stroke.so \
+	libstrongswan-updown.so \
+	libstrongswan-x509.so \
+	libstrongswan-xauth-generic.so \
+	libstrongswan-xcbc.so
+
+ifdef PTXCONF_STRONGSWAN_LIBCUR
+	STRONGSWAN_PLUGINS += libstrongswan-curl.so
+endif
+ifdef PTXCONF_STRONGSWAN_AFALG
+	STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
+endif
+
+$(STATEDIR)/strongswan.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, strongswan)
+	@$(call install_fixup, strongswan,PRIORITY,optional)
+	@$(call install_fixup, strongswan,SECTION,base)
+	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
+	@$(call install_fixup, strongswan,DESCRIPTION,missing)
+
+	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
+
+	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
+
+	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+
+	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
+	@$(call install_lib, strongswan, 0, 0, 0644, libhydra)
+	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
+
+	@$(foreach plugin, $(STRONGSWAN_PLUGINS), \
+		$(call install_copy, strongswan, 0, 0, 0644, -, \
+			/usr/lib/plugins/$(plugin));)
+
+ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
+	@$(call install_alternative, strongswan, 0, 0, 0644, \
+		/lib/systemd/system/strongswan.service)
+	@$(call install_link, strongswan, ../strongswan.service, \
+		/lib/systemd/system/multi-user.target.wants/strongswan.service)
+endif
+
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
+	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
+	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
+
+	@$(call install_finish, strongswan)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.10.4




-- 
ptxdist mailing list
ptxdist@pengutronix.de