Re: [ptxdist] [PATCH] openswan: Add new package

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH] openswan: Add new package
Date: Wed, 30 May 2012 18:04:56 +0200	[thread overview]
Message-ID: <20120530160456.GB31687@pengutronix.de> (raw)
In-Reply-To: <1338208981-8681-8-git-send-email-bartvdrmeulen@gmail.com>

On Mon, May 28, 2012 at 02:42:34PM +0200, Bart vdr. Meulen wrote:
> From: Harro Haan <hrhaan@gmail.com>
> 
> Openswan is an IPsec implementation for Linux.
> Openswan supports the Openswan KLIPS IPsec stack and the Linux NETKEY
> IPsec stack (kernel configuration with CONFIG_NET_KEY required).
> For more info about choosing the Kernel IPsec stack see:
> www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
> 
> Signed-off-by: Harro Haan <hrhaan@gmail.com>
> ---
>  rules/openswan.in   |   35 ++++++++++++
>  rules/openswan.make |  156 +++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 191 insertions(+)
>  create mode 100755 rules/openswan.in
>  create mode 100755 rules/openswan.make
> 
> diff --git a/rules/openswan.in b/rules/openswan.in
> new file mode 100755
> index 0000000..363d4c3
> --- /dev/null
> +++ b/rules/openswan.in
> @@ -0,0 +1,35 @@
> +## SECTION=networking
> +
> +config OPENSWAN
> +	tristate
> +	prompt "openswan"
> +	select LIBGMP
> +	select BUSYBOX_AWK
> +	select IPROUTE2
> +	select IPTABLES
> +	select BUSYBOX_LOGGER
> +	select CROSS_DUMMY_STRIP
> +	select KERNEL if OPENSWAN_KLIPS_MODULE
> +	select OPENSSL if OPENSWAN_HAVE_OCF
> +	help
> +	  Openswan is an IPsec implementation for Linux. Openswan supports the
> +	  Openswan KLIPS IPsec stack and the Linux NETKEY IPsec stack (kernel
> +	  configuration with CONFIG_NET_KEY required). For more info about
> +	  choosing the Kernel IPsec stack see:
> +	  www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
> +

if OPENSWAN

> +config OPENSWAN_KLIPS_MODULE
> +	bool "KLIPS kernel module"

> +	default n
> +	depends on OPENSWAN

remove


> +	help
> +	  Compile and install Openswan KLIPS kernel module.



> +config OPENSWAN_HAVE_OCF
> +	bool "use OCF-Linux"
> +	default n
> +	depends on OPENSWAN

dito

> +	help
> +	  Use OCF-Linux to make use of asynchronous HW/SW crypto acceleration.
> +	  Patched Linux kernel required. For more info see:
> +	  http://ocf-linux.sourceforge.net/

endif

> diff --git a/rules/openswan.make b/rules/openswan.make
> new file mode 100755
> index 0000000..99b8395
> --- /dev/null
> +++ b/rules/openswan.make
> @@ -0,0 +1,156 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2010 by Harro Haan <hrhaan@gmail.com>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_OPENSWAN) += openswan
> +
> +#
> +# Paths and names
> +#
> +OPENSWAN_VERSION	:= 2.6.35
> +OPENSWAN_MD5		:= 7909a251fbbb807914545b7f42437013
> +OPENSWAN		:= openswan-$(OPENSWAN_VERSION)
> +OPENSWAN_SUFFIX	:= tar.gz
> +OPENSWAN_URL		:= http://www.openswan.org/download/$(OPENSWAN).$(OPENSWAN_SUFFIX)
> +OPENSWAN_SOURCE	:= $(SRCDIR)/$(OPENSWAN).$(OPENSWAN_SUFFIX)
> +OPENSWAN_DIR		:= $(BUILDDIR)/$(OPENSWAN)
> +OPENSWAN_LICENSE	:= GPLv2,BSD,RSADSI
> +
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +$(STATEDIR)/kernel.targetinstall.post: $(STATEDIR)/openswan.targetinstall
> +endif

Make the kernel module a separate package. It can use the source. You just
need to set a differen <PKG>_DIR (see e.g. gdbserver for an example).


> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/openswan.prepare:
> +	@$(call targetinfo)
> +ifdef PTXCONF_OPENSWAN_HAVE_OCF
> +	@( \
> +		echo "#ifndef CONFIG_KLIPS_OCF"; \
> +		echo "#define CONFIG_KLIPS_OCF 1"; \
> +		echo "#endif"; \
> +	) >> $(OPENSWAN_DIR)/packaging/linus/config-all.h
> +endif
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Compile
> +# ----------------------------------------------------------------------------
> +
> +ifdef PTXCONF_OPENSWAN_HAVE_OCF
> +OPENSWAN_OCF := HAVE_OCF=true HAVE_OPENSSL=true CONFIG_KLIPS_OCF=y
> +else
> +OPENSWAN_OCF :=
> +endif
> +
> +OPENSWAN_MAKE_ENV = $(CROSS_ENV) \
> +		    CFLAGS="$(CROSS_CPPFLAGS)"
> +
> +# settings are based on openswan-2.6.35/CROSSCOMPILE.sh
> +OPENSWAN_CROSS := \
> +	KERNELSRC=$(KERNEL_DIR) \
> +	DESTDIR=$(OPENSWAN_PKGDIR) \
> +	INC_USRLOCAL=/usr \
> +	INC_RCDEFAULT=/etc/init.d \
> +	ARCH=$(PTXCONF_KERNEL_ARCH_STRING) \
> +	USERCOMPILE=\"-O2 -g -DGCC_LINT -Dlinux -D__linux__\" \
> +	WERROR=' ' \
> +	$(OPENSWAN_OCF)
> +

OPENSWAN_MAKE_OPT := programs $(OPENSWAN_CROSS)

then you should be able to use the default stage

> +$(STATEDIR)/openswan.compile:
> +	@$(call targetinfo)
> +	$(call compile, OPENSWAN, programs $(OPENSWAN_CROSS))
> +
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +	@$(call compile, OPENSWAN, module $(OPENSWAN_CROSS))
> +
> +	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
> +		-C $(KERNEL_DIR) \
> +		M=$(OPENSWAN_DIR)/modobj26 \
> +		OPENSWANSRCDIR=$(OPENSWAN_DIR) $(OPENSWAN_OCF) \
> +		modules
> +endif
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Install
> +# ----------------------------------------------------------------------------
> +

OPENSWAN_INSTALL_OPT := install $(OPENSWAN_CROSS)

> +$(STATEDIR)/openswan.install:
> +	@$(call targetinfo)
> +	@$(call compile, OPENSWAN, install $(OPENSWAN_CROSS))
> +
> +	@# remove *.old files, but do not strip here by using dummy-strip.sh
> +	@$(call compile, OPENSWAN, ipkg_strip $(OPENSWAN_CROSS) \
> +		STRIP=$(PTXCONF_SYSROOT_CROSS)/bin/strip)

why is this necessay?

> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/openswan.targetinstall:
> +	@$(call targetinfo)
> +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
> +	$(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
> +		-C $(KERNEL_DIR) \
> +		M=$(OPENSWAN_DIR)/modobj26 \
> +		modules_install
> +endif
> +
> +	@$(call install_init, openswan)
> +	@$(call install_fixup, openswan,PRIORITY,optional)
> +	@$(call install_fixup, openswan,SECTION,base)
> +	@$(call install_fixup, openswan,AUTHOR,"Harro Haan <hrhaan@gmail.com>")
> +	@$(call install_fixup, openswan,DESCRIPTION,missing)
> +
> +	# install the startup script

there should be an '@' at the beginning of every line here.

> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/init.d/ipsec)
> +
> +	# install the default policies
> +	$(call install_copy, openswan, 0, 0, 0775, /etc/ipsec.d/policies)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/block)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/clear)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/clear-or-private)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/private)
> +	$(call install_alternative, openswan, 0, 0, 0755, \
> +		/etc/ipsec.d/policies/private-or-clear)
> +
> +	# install the default configuration
> +	$(call install_alternative, openswan, 0, 0, 0644, \
> +		/etc/ipsec.conf)
> +
> +	# install the runtime libraries
> +	$(call install_tree, openswan, 0, 0, \
> +		$(OPENSWAN_PKGDIR)/usr/lib/ipsec/, \
> +		/usr/lib/ipsec/)

	@$(call install_tree, openswan, 0, 0, -, /usr/lib/ipsec/)

should work.

> +	$(call install_tree, openswan, 0, 0, \
> +		$(OPENSWAN_PKGDIR)/usr/libexec/ipsec, \
> +		/usr/libexec/ipsec)

same here.

Michael

> +
> +	# install the actual tool
> +	$(call install_copy, openswan, 0, 0, 0755, -, \
> +		/usr/sbin/ipsec)
> +
> +	@$(call install_finish, openswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

     prev parent reply	other threads:[~2012-05-30 16:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-28 12:42 Bart vdr. Meulen
2012-05-30 16:04 ` Michael Olbrich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120530160456.GB31687@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox