From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-bk0-x231.google.com ([2a00:1450:4008:c01::231]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1UKRwQ-0002rD-V7 for ptxdist@pengutronix.de; Tue, 26 Mar 2013 12:21:25 +0100 Received: by mail-bk0-f49.google.com with SMTP id w12so156554bku.8 for ; Tue, 26 Mar 2013 04:21:17 -0700 (PDT) From: Christoph Fritz In-Reply-To: <20130320134936.GI30288@pengutronix.de> References: <1361395347.22777.1.camel@mars> <20130304170456.GY5360@pengutronix.de> <1362512222.4075.334.camel@mars> <20130306082132.GH7949@pengutronix.de> <1362564630.3919.30.camel@mars> <20130306125031.GW28383@pengutronix.de> <1362610442.3919.62.camel@mars> <20130320134936.GI30288@pengutronix.de> Date: Tue, 26 Mar 2013 12:21:13 +0100 Message-ID: <1364296873.3864.14.camel@mars> Mime-Version: 1.0 Subject: [ptxdist] [PATCH v4] strongswan: add package Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Signed-off-by: Christoph Fritz --- rules/strongswan.in | 45 +++++++++ rules/strongswan.make | 257 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 rules/strongswan.in create mode 100644 rules/strongswan.make diff --git a/rules/strongswan.in b/rules/strongswan.in new file mode 100644 index 0000000..a609a3f --- /dev/null +++ b/rules/strongswan.in @@ -0,0 +1,45 @@ +## SECTION=networking + +menuconfig STRONGSWAN + bool + prompt "strongswan " + select LIBGMP + select LIBCURL if STRONGSWAN_LIBCURL + help + strongSwan is a complete IPsec implementation. + Please keep in mind to configure the kernel accordingly to fulfill + strongSwan's needs. See 'Required Kernel Modules' here: + http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules + +if STRONGSWAN + config STRONGSWAN_LIBCURL + bool + default y + prompt "CURL fetcher plugin to fetch files" + help + If you intend to dynamically fetch Certificate Revocation Lists + (CRLs) from an HTTP server or as an alternative want to use + the Online Certificate Status Protocol (OCSP) say yes. + + config STRONGSWAN_AFALG + bool + default y + prompt "AF_ALG crypto interface to Linux Crypto API" + help + Linux 2.6.38 introduced the AF_ALG Crypto API which makes the + crypto algorithms of the kernel available in userland. + If your strongswan configuration depends on this, be sure to + enable the appropriate crypto algorithm in your kernel. + For test configurations see af-alg-* categories here: + http://www.strongswan.org/uml/testresults4/index.html + For a list of cipher suite keywords see: + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites + + config STRONGSWAN_SYSTEMD_UNIT + bool + default y + depends on SYSTEMD + prompt "install systemd service file" + +endif diff --git a/rules/strongswan.make b/rules/strongswan.make new file mode 100644 index 0000000..a6bfe4c --- /dev/null +++ b/rules/strongswan.make @@ -0,0 +1,257 @@ +# -*-makefile-*- +# +# Copyright (C) 2013 by Christoph Fritz +# +# +# See CREDITS for details about who has contributed to this project. +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan + +# +# Paths and names +# +STRONGSWAN_VERSION := 5.0.2 +STRONGSWAN_MD5 := 77dc16443fd141f46183d3a4f60986ef +STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) +STRONGSWAN_SUFFIX := tar.bz2 +STRONGSWAN_URL := http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) +STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) +STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN) +STRONGSWAN_LICENSE := GPL + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +STRONGSWAN_CONF_TOOL := autoconf +STRONGSWAN_CONF_OPT := \ + $(CROSS_AUTOCONF_USR) \ + --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \ + --disable-soup \ + --disable-ldap \ + --enable-aes \ + --enable-des \ + --disable-blowfish \ + --disable-md4 \ + --enable-md5 \ + --enable-sha1 \ + --enable-sha2 \ + --enable-fips-prf \ + --enable-gmp \ + --disable-rdrand \ + --enable-random \ + --enable-nonce \ + --enable-x509 \ + --enable-revocation \ + --enable-constraints \ + --enable-pubkey \ + --enable-pkcs1 \ + --enable-pkcs7 \ + --enable-pkcs8 \ + --enable-pgp \ + --enable-dnskey \ + --enable-pem \ + --enable-hmac \ + --enable-cmac \ + --enable-xcbc \ + --$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \ + --disable-test-vectors \ + --disable-mysql \ + --disable-sqlite \ + --enable-stroke \ + --disable-medsrv \ + --disable-medcli \ + --disable-smp \ + --disable-sql \ + --disable-leak-detective \ + --disable-lock-profiler \ + --disable-unit-tester \ + --disable-load-tester \ + --disable-eap-sim \ + --disable-eap-sim-file \ + --disable-eap-sim-pcsc \ + --disable-eap-aka \ + --disable-eap-aka-3gpp2 \ + --disable-eap-simaka-sql \ + --disable-eap-simaka-pseudonym \ + --disable-eap-simaka-reauth \ + --disable-eap-identity \ + --disable-eap-md5 \ + --disable-eap-gtc \ + --disable-eap-mschapv2 \ + --disable-eap-tls \ + --disable-eap-ttls \ + --disable-eap-peap \ + --disable-eap-tnc \ + --disable-eap-dynamic \ + --disable-eap-radius \ + --enable-xauth-generic \ + --disable-xauth-eap \ + --disable-xauth-pam \ + --disable-tnc-ifmap \ + --disable-tnc-pdp \ + --disable-tnc-imc \ + --disable-tnc-imv \ + --disable-tnccs-11 \ + --disable-tnccs-20 \ + --disable-tnccs-dynamic \ + --disable-imc-test \ + --disable-imv-test \ + --disable-imc-scanner \ + --disable-imv-scanner \ + --disable-imc-os \ + --disable-imv-os \ + --disable-imc-attestation \ + --disable-imv-attestation \ + --enable-kernel-netlink \ + --disable-kernel-pfkey \ + --disable-kernel-pfroute \ + --disable-kernel-klips \ + --disable-libipsec \ + --enable-socket-default \ + --disable-socket-dynamic \ + --disable-farp \ + --disable-dumm \ + --disable-fast \ + --disable-manager \ + --disable-mediation \ + --disable-integrity-test \ + --enable-load-warning \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-charon \ + --enable-tools \ + --enable-scripts \ + --disable-conftest \ + --enable-updown \ + --enable-attr \ + --disable-attr-sql \ + --disable-dhcp \ + --enable-resolve \ + --disable-padlock \ + --disable-openssl \ + --disable-gcrypt \ + --disable-agent \ + --disable-pkcs11 \ + --disable-ctr \ + --disable-ccm \ + --disable-gcm \ + --disable-addrblock \ + --disable-unity \ + --disable-uci \ + --disable-android \ + --disable-android-log \ + --disable-maemo \ + --disable-nm \ + --disable-ha \ + --disable-whitelist \ + --disable-lookip \ + --disable-error-notify \ + --disable-certexpire \ + --disable-led \ + --disable-duplicheck \ + --disable-coupling \ + --disable-radattr \ + --disable-vstr \ + --disable-monolithic \ + --disable-bfd-backtraces \ + --enable-dependency-tracking \ + --enable-shared \ + --disable-static \ + --enable-fast-install \ + --enable-libtool-lock \ + --with-ipseclibdir=/usr/lib + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +STRONGSWAN_PLUGINS := \ + libstrongswan-aes.so \ + libstrongswan-attr.so \ + libstrongswan-cmac.so \ + libstrongswan-constraints.so \ + libstrongswan-des.so \ + libstrongswan-dnskey.so \ + libstrongswan-fips-prf.so \ + libstrongswan-gmp.so \ + libstrongswan-hmac.so \ + libstrongswan-kernel-netlink.so \ + libstrongswan-md5.so \ + libstrongswan-nonce.so \ + libstrongswan-pem.so \ + libstrongswan-pgp.so \ + libstrongswan-pkcs1.so \ + libstrongswan-pkcs7.so \ + libstrongswan-pkcs8.so \ + libstrongswan-pubkey.so \ + libstrongswan-random.so \ + libstrongswan-resolve.so \ + libstrongswan-revocation.so \ + libstrongswan-sha1.so \ + libstrongswan-sha2.so \ + libstrongswan-socket-default.so \ + libstrongswan-stroke.so \ + libstrongswan-updown.so \ + libstrongswan-x509.so \ + libstrongswan-xauth-generic.so \ + libstrongswan-xcbc.so + +ifdef PTXCONF_STRONGSWAN_LIBCUR + STRONGSWAN_PLUGINS += libstrongswan-curl.so +endif +ifdef PTXCONF_STRONGSWAN_AFALG + STRONGSWAN_PLUGINS += libstrongswan-af-alg.so +endif + +$(STATEDIR)/strongswan.targetinstall: + @$(call targetinfo) + + @$(call install_init, strongswan) + @$(call install_fixup, strongswan,PRIORITY,optional) + @$(call install_fixup, strongswan,SECTION,base) + @$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz ") + @$(call install_fixup, strongswan,DESCRIPTION,missing) + + @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) + + @$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec) + + @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec) + + @$(call install_lib, strongswan, 0, 0, 0644, libcharon) + @$(call install_lib, strongswan, 0, 0, 0644, libhydra) + @$(call install_lib, strongswan, 0, 0, 0644, libstrongswan) + + @$(foreach plugin, $(STRONGSWAN_PLUGINS), \ + $(call install_copy, strongswan, 0, 0, 0644, -, \ + /usr/lib/plugins/$(plugin));) + +ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT + @$(call install_alternative, strongswan, 0, 0, 0644, \ + /lib/systemd/system/strongswan.service) + @$(call install_link, strongswan, ../strongswan.service, \ + /lib/systemd/system/multi-user.target.wants/strongswan.service) +endif + + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts) + @$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private) + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs) + + @$(call install_finish, strongswan) + + @$(call touch) + +# vim: syntax=make -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de