From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH] ipsec-tools: add new package
Date: Thu, 31 May 2012 17:25:23 +0200 [thread overview]
Message-ID: <20120531152523.GI10627@pengutronix.de> (raw)
In-Reply-To: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com>
On Mon, May 28, 2012 at 02:42:55PM +0200, Bart vdr. Meulen wrote:
> From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>
>
> Add ipsec-tools package, it contains a port of the
> KAME's libipsec, setkey, and racoon tools for Linux.
>
> Signed-off-by: Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> ---
> rules/ipsec-tools.in | 113 ++++++++++++++++++++++++++++++++++++++
> rules/ipsec-tools.make | 140 ++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 253 insertions(+)
> create mode 100644 rules/ipsec-tools.in
> create mode 100644 rules/ipsec-tools.make
>
> diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in
> new file mode 100644
> index 0000000..31ebf5a
> --- /dev/null
> +++ b/rules/ipsec-tools.in
> @@ -0,0 +1,113 @@
> +## SECTION=networking
> +
> +menuconfig IPSEC_TOOLS
> + tristate
> + prompt "ipsec-tools"
please add the spaces to align then '-->' in the menu
> + select KERNEL_HEADER
> + select OPENSSL
> + select FLEX
This really needs flex on the target?
> + select HOST_FLEX
> + select READLINE if IPSEC_TOOLS_READLINE
> + help
> + User-space IPsec tools for various IPsec implementations.
> + A port of KAME's libipsec, setkey, and racoon to the Linux OS.
> +
> +if IPSEC_TOOLS
> +
> +config IPSEC_TOOLS_SETKEY
> + bool
> + default y
> + prompt "Install setkey"
> + help
> + Install setkey, for manually manipulating the IPsec SA/SP database
> +
> +config IPSEC_TOOLS_SETKEY_CONF
> + bool
> + depends on IPSEC_TOOLS_SETKEY
> + prompt "Install setkey.conf"
Is this option really necessary? I'd prefer a dummy config file in
generic/, or is setkey really useful without it?
> +
> +config IPSEC_TOOLS_RACOON
> + bool
> + default y
> + prompt "Install racoon"
> + help
> + Install racoon, the IKE (ISAKMP/Oakley) key management daemon
> +
> +config IPSEC_TOOLS_RACOON_CONF
> + bool
> + depends on IPSEC_TOOLS_RACOON
> + prompt "Install racoon.conf"
same here
> +
> +config IPSEC_TOOLS_RACOON_PSK_FILE
> + string
> + default "/etc/racoon.psk"
> + depends on IPSEC_TOOLS_RACOON_CONF
> + prompt "Install this racoon PSK file"
when is this (not) needed? A help comment would be good.
> +
> +config IPSEC_TOOLS_PLAINRSA_GEN
> + bool
> + depends on IPSEC_TOOLS_RACOON
> + prompt "Install plainrsa-gen"
> + help
> + Install plainrsa-gen, a generator for Plain RSA keys
> +
> +config IPSEC_TOOLS_ADMINPORT
> + bool
> + depends on IPSEC_TOOLS_RACOON
> + default y
> + prompt "Enable racoonctl support"
> + help
> + This lets racoon to listen to racoon admin port, and will install
> + racoonctl which will use the port to control racoon
> +
> +config IPSEC_TOOLS_NATT
> + bool
> + prompt "Enable NAT-Traversal"
> + help
> + This needs kernel support, which is available on Linux.
> + If you live in a country where software patents are legal, using
> + NAT-Traversal might infringe a patent.
> +
> +config IPSEC_TOOLS_FRAG
> + bool
> + prompt "Enable IKE fragmentation."
> + help
> + Enable IKE fragmentation, which is a workaround for
> + broken routers that drop fragmented packets
> +
> +config IPSEC_TOOLS_STATS
> + bool
> + default y
> + prompt "Enable statistics logging function."
> +
> +config IPSEC_TOOLS_IPV6_SUPPORT
> + bool
> + default y
> + prompt "Enable IPv6 Support"
> +
> +config IPSEC_TOOLS_READLINE
> + bool
> + default y
> + prompt "Enable readline input support"
> +
> +choice
> + prompt "Security context"
> + default IPSEC_SECCTX_DISABLE
> + help
> + Selects whether or not to enable security context support.
> +
> +config IPSEC_SECCTX_DISABLE
> + bool
> + prompt "Disable security context support"
> +
> +config IPSEC_SECCTX_ENABLE
> + bool
> + prompt "Enable SELinux security context support"
> +
> +config IPSEC_SECCTX_KERNEL
> + bool
> + prompt "Enable kernel security context"
No need to repeat 'security context' every time.
none/SELinux/Kernel should be enough
> +
> +endchoice
> +
> +endif
> diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make
> new file mode 100644
> index 0000000..00d9e4f
> --- /dev/null
> +++ b/rules/ipsec-tools.make
> @@ -0,0 +1,140 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2011 by Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools
> +
> +#
> +# Paths and names
> +#
> +IPSEC_TOOLS_VERSION := 0.8.0
> +IPSEC_TOOLS_MD5 := b79aae3055a51f8de5c0f1b8ca6cf619
> +IPSEC_TOOLS := ipsec-tools-$(IPSEC_TOOLS_VERSION)
> +IPSEC_TOOLS_SUFFIX := tar.bz2
> +IPSEC_TOOLS_URL := $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_SOURCE := $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_DIR := $(BUILDDIR)/$(IPSEC_TOOLS)
> +IPSEC_TOOLS_LICENSE := BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +IPSEC_TOOLS_CONF_TOOL := autoconf
> +IPSEC_TOOLS_CONF_OPT := \
> + $(CROSS_AUTOCONF_USR) \
> + --disable-hybrid \
> + --without-libpam \
> + --disable-gssapi \
> + --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> +IPSEC_TOOLS_CONF_OPT += --enable-adminport
> +else
> +IPSEC_TOOLS_CONF_OPT += --disable-adminport
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_NATT
> +IPSEC_TOOLS_CONF_OPT += --enable-natt
> +else
> +IPSEC_TOOLS_CONF_OPT += --disable-natt
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_FRAG
> +IPSEC_TOOLS_CONF_OPT += --enable-frag
> +else
> +IPSEC_TOOLS_CONF_OPT += --disable-frag
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_STATS
> +IPSEC_TOOLS_CONF_OPT += --enable-stats
> +else
> +IPSEC_TOOLS_CONF_OPT += --disable-stats
> +endif
> +
> +ifdef PTXCONF_IPSEC_IPV6_SUPPORT
> +IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
> +else
> +IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
> +endif
I prefer ptx/endis here.
> +
> +ifndef PTXCONF_IPSEC_TOOLS_READLINE
> +IPSEC_TOOLS_CONF_OPT+= --without-readline
> +endif
Either add the else part, or a comment why this is broken.
> +
> +ifdef PTXCONF_IPSEC_SECCTX_DISABLE
> +IPSEC_TOOLS_CONF_OPT += --enable-security-context=no
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_ENABLE
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_KERNEL
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
> +endif
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/ipsec-tools.targetinstall:
> + @$(call targetinfo)
> +
> + @$(call install_init, ipsec-tools)
> + @$(call install_fixup, ipsec-tools,PRIORITY,optional)
> + @$(call install_fixup, ipsec-tools,SECTION,base)
> + @$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen <bartvdrmeulen@gmail.com>")
> + @$(call install_fixup, ipsec-tools,DESCRIPTION,missing)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY
> + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey)
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF
> + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf)
> +endif
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON
> + @$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon)
> + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF
> + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf)
> +endif
> +
> +ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "")
> + @$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE))
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl)
> +endif
> +
> +ifdef IPSEC_TOOLS_PLAINRSA_GEN
> + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen)
> +endif
> +
> +endif
> + @$(call install_finish, ipsec-tools)
> +
> + @$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Clean
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/ipsec-tools.clean:
> +# @$(call targetinfo)
> +# @$(call clean_pkg, IPSEC_TOOLS)
remove.
Michael
> +
> +# vim: syntax=make
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
prev parent reply other threads:[~2012-05-31 15:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-28 12:42 Bart vdr. Meulen
2012-05-31 15:25 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120531152523.GI10627@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox