From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mediacenter.hi.pengutronix.de ([2001:6f8:1178:2::65]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1SZlOK-0004t2-8T for ptxdist@pengutronix.de; Wed, 30 May 2012 18:04:56 +0200 Received: from mol by mediacenter.hi.pengutronix.de with local (Exim 4.72) (envelope-from ) id 1SZlOK-0008Kk-7a for ptxdist@pengutronix.de; Wed, 30 May 2012 18:04:56 +0200 Date: Wed, 30 May 2012 18:04:56 +0200 From: Michael Olbrich Message-ID: <20120530160456.GB31687@pengutronix.de> References: <1338208981-8681-8-git-send-email-bartvdrmeulen@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1338208981-8681-8-git-send-email-bartvdrmeulen@gmail.com> Subject: Re: [ptxdist] [PATCH] openswan: Add new package Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Mon, May 28, 2012 at 02:42:34PM +0200, Bart vdr. Meulen wrote: > From: Harro Haan > > Openswan is an IPsec implementation for Linux. > Openswan supports the Openswan KLIPS IPsec stack and the Linux NETKEY > IPsec stack (kernel configuration with CONFIG_NET_KEY required). > For more info about choosing the Kernel IPsec stack see: > www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack > > Signed-off-by: Harro Haan > --- > rules/openswan.in | 35 ++++++++++++ > rules/openswan.make | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 191 insertions(+) > create mode 100755 rules/openswan.in > create mode 100755 rules/openswan.make > > diff --git a/rules/openswan.in b/rules/openswan.in > new file mode 100755 > index 0000000..363d4c3 > --- /dev/null > +++ b/rules/openswan.in > @@ -0,0 +1,35 @@ > +## SECTION=networking > + > +config OPENSWAN > + tristate > + prompt "openswan" > + select LIBGMP > + select BUSYBOX_AWK > + select IPROUTE2 > + select IPTABLES > + select BUSYBOX_LOGGER > + select CROSS_DUMMY_STRIP > + select KERNEL if OPENSWAN_KLIPS_MODULE > + select OPENSSL if OPENSWAN_HAVE_OCF > + help > + Openswan is an IPsec implementation for Linux. Openswan supports the > + Openswan KLIPS IPsec stack and the Linux NETKEY IPsec stack (kernel > + configuration with CONFIG_NET_KEY required). For more info about > + choosing the Kernel IPsec stack see: > + www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack > + if OPENSWAN > +config OPENSWAN_KLIPS_MODULE > + bool "KLIPS kernel module" > + default n > + depends on OPENSWAN remove > + help > + Compile and install Openswan KLIPS kernel module. > +config OPENSWAN_HAVE_OCF > + bool "use OCF-Linux" > + default n > + depends on OPENSWAN dito > + help > + Use OCF-Linux to make use of asynchronous HW/SW crypto acceleration. > + Patched Linux kernel required. For more info see: > + http://ocf-linux.sourceforge.net/ endif > diff --git a/rules/openswan.make b/rules/openswan.make > new file mode 100755 > index 0000000..99b8395 > --- /dev/null > +++ b/rules/openswan.make > @@ -0,0 +1,156 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2010 by Harro Haan > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_OPENSWAN) += openswan > + > +# > +# Paths and names > +# > +OPENSWAN_VERSION := 2.6.35 > +OPENSWAN_MD5 := 7909a251fbbb807914545b7f42437013 > +OPENSWAN := openswan-$(OPENSWAN_VERSION) > +OPENSWAN_SUFFIX := tar.gz > +OPENSWAN_URL := http://www.openswan.org/download/$(OPENSWAN).$(OPENSWAN_SUFFIX) > +OPENSWAN_SOURCE := $(SRCDIR)/$(OPENSWAN).$(OPENSWAN_SUFFIX) > +OPENSWAN_DIR := $(BUILDDIR)/$(OPENSWAN) > +OPENSWAN_LICENSE := GPLv2,BSD,RSADSI > + > +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE > +$(STATEDIR)/kernel.targetinstall.post: $(STATEDIR)/openswan.targetinstall > +endif Make the kernel module a separate package. It can use the source. You just need to set a differen _DIR (see e.g. gdbserver for an example). > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/openswan.prepare: > + @$(call targetinfo) > +ifdef PTXCONF_OPENSWAN_HAVE_OCF > + @( \ > + echo "#ifndef CONFIG_KLIPS_OCF"; \ > + echo "#define CONFIG_KLIPS_OCF 1"; \ > + echo "#endif"; \ > + ) >> $(OPENSWAN_DIR)/packaging/linus/config-all.h > +endif > + @$(call touch) > + > +# ---------------------------------------------------------------------------- > +# Compile > +# ---------------------------------------------------------------------------- > + > +ifdef PTXCONF_OPENSWAN_HAVE_OCF > +OPENSWAN_OCF := HAVE_OCF=true HAVE_OPENSSL=true CONFIG_KLIPS_OCF=y > +else > +OPENSWAN_OCF := > +endif > + > +OPENSWAN_MAKE_ENV = $(CROSS_ENV) \ > + CFLAGS="$(CROSS_CPPFLAGS)" > + > +# settings are based on openswan-2.6.35/CROSSCOMPILE.sh > +OPENSWAN_CROSS := \ > + KERNELSRC=$(KERNEL_DIR) \ > + DESTDIR=$(OPENSWAN_PKGDIR) \ > + INC_USRLOCAL=/usr \ > + INC_RCDEFAULT=/etc/init.d \ > + ARCH=$(PTXCONF_KERNEL_ARCH_STRING) \ > + USERCOMPILE=\"-O2 -g -DGCC_LINT -Dlinux -D__linux__\" \ > + WERROR=' ' \ > + $(OPENSWAN_OCF) > + OPENSWAN_MAKE_OPT := programs $(OPENSWAN_CROSS) then you should be able to use the default stage > +$(STATEDIR)/openswan.compile: > + @$(call targetinfo) > + $(call compile, OPENSWAN, programs $(OPENSWAN_CROSS)) > + > +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE > + @$(call compile, OPENSWAN, module $(OPENSWAN_CROSS)) > + > + $(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \ > + -C $(KERNEL_DIR) \ > + M=$(OPENSWAN_DIR)/modobj26 \ > + OPENSWANSRCDIR=$(OPENSWAN_DIR) $(OPENSWAN_OCF) \ > + modules > +endif > + @$(call touch) > + > +# ---------------------------------------------------------------------------- > +# Install > +# ---------------------------------------------------------------------------- > + OPENSWAN_INSTALL_OPT := install $(OPENSWAN_CROSS) > +$(STATEDIR)/openswan.install: > + @$(call targetinfo) > + @$(call compile, OPENSWAN, install $(OPENSWAN_CROSS)) > + > + @# remove *.old files, but do not strip here by using dummy-strip.sh > + @$(call compile, OPENSWAN, ipkg_strip $(OPENSWAN_CROSS) \ > + STRIP=$(PTXCONF_SYSROOT_CROSS)/bin/strip) why is this necessay? > + > + @$(call touch) > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/openswan.targetinstall: > + @$(call targetinfo) > +ifdef PTXCONF_OPENSWAN_KLIPS_MODULE > + $(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \ > + -C $(KERNEL_DIR) \ > + M=$(OPENSWAN_DIR)/modobj26 \ > + modules_install > +endif > + > + @$(call install_init, openswan) > + @$(call install_fixup, openswan,PRIORITY,optional) > + @$(call install_fixup, openswan,SECTION,base) > + @$(call install_fixup, openswan,AUTHOR,"Harro Haan ") > + @$(call install_fixup, openswan,DESCRIPTION,missing) > + > + # install the startup script there should be an '@' at the beginning of every line here. > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/init.d/ipsec) > + > + # install the default policies > + $(call install_copy, openswan, 0, 0, 0775, /etc/ipsec.d/policies) > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/ipsec.d/policies/block) > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/ipsec.d/policies/clear) > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/ipsec.d/policies/clear-or-private) > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/ipsec.d/policies/private) > + $(call install_alternative, openswan, 0, 0, 0755, \ > + /etc/ipsec.d/policies/private-or-clear) > + > + # install the default configuration > + $(call install_alternative, openswan, 0, 0, 0644, \ > + /etc/ipsec.conf) > + > + # install the runtime libraries > + $(call install_tree, openswan, 0, 0, \ > + $(OPENSWAN_PKGDIR)/usr/lib/ipsec/, \ > + /usr/lib/ipsec/) @$(call install_tree, openswan, 0, 0, -, /usr/lib/ipsec/) should work. > + $(call install_tree, openswan, 0, 0, \ > + $(OPENSWAN_PKGDIR)/usr/libexec/ipsec, \ > + /usr/libexec/ipsec) same here. Michael > + > + # install the actual tool > + $(call install_copy, openswan, 0, 0, 0755, -, \ > + /usr/sbin/ipsec) > + > + @$(call install_finish, openswan) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de