mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH] ipsec-tools: add new package
Date: Thu, 31 May 2012 17:25:23 +0200	[thread overview]
Message-ID: <20120531152523.GI10627@pengutronix.de> (raw)
In-Reply-To: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com>

On Mon, May 28, 2012 at 02:42:55PM +0200, Bart vdr. Meulen wrote:
> From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>
> 
> Add ipsec-tools package, it contains a port of the
> KAME's libipsec, setkey, and racoon tools for Linux.
> 
> Signed-off-by: Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> ---
>  rules/ipsec-tools.in   |  113 ++++++++++++++++++++++++++++++++++++++
>  rules/ipsec-tools.make |  140 ++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 253 insertions(+)
>  create mode 100644 rules/ipsec-tools.in
>  create mode 100644 rules/ipsec-tools.make
> 
> diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in
> new file mode 100644
> index 0000000..31ebf5a
> --- /dev/null
> +++ b/rules/ipsec-tools.in
> @@ -0,0 +1,113 @@
> +## SECTION=networking
> +
> +menuconfig IPSEC_TOOLS
> +	tristate
> +	prompt "ipsec-tools"

please add the spaces to align then '-->' in the menu

> +	select KERNEL_HEADER
> +	select OPENSSL
> +	select FLEX

This really needs flex on the target?

> +	select HOST_FLEX
> +	select READLINE if IPSEC_TOOLS_READLINE
> +	help
> +	  User-space IPsec tools for various IPsec implementations.
> +	  A port of KAME's libipsec, setkey, and racoon to the Linux OS.
> +
> +if IPSEC_TOOLS
> +
> +config IPSEC_TOOLS_SETKEY
> +	bool
> +	default y
> +	prompt "Install setkey"
> +	help
> +	  Install setkey, for manually manipulating the IPsec SA/SP database
> +
> +config IPSEC_TOOLS_SETKEY_CONF
> +	bool
> +	depends on IPSEC_TOOLS_SETKEY
> +	prompt "Install setkey.conf"

Is this option really necessary? I'd prefer a dummy config file in
generic/, or is setkey really useful without it?

> +
> +config IPSEC_TOOLS_RACOON
> +	bool
> +	default y
> +	prompt "Install racoon"
> +	help
> +	  Install racoon, the IKE (ISAKMP/Oakley) key management daemon
> +
> +config IPSEC_TOOLS_RACOON_CONF
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	prompt "Install racoon.conf"

same here

> +
> +config IPSEC_TOOLS_RACOON_PSK_FILE
> +	string
> +	default "/etc/racoon.psk"
> +	depends on IPSEC_TOOLS_RACOON_CONF
> +	prompt "Install this racoon PSK file"

when is this (not) needed? A help comment would be good.

> +
> +config IPSEC_TOOLS_PLAINRSA_GEN
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	prompt "Install plainrsa-gen"
> +	help
> +	  Install plainrsa-gen, a generator for Plain RSA keys
> +
> +config IPSEC_TOOLS_ADMINPORT
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	default y
> +	prompt "Enable racoonctl support"
> +	help
> +	  This lets racoon to listen to racoon admin port, and will install
> +	  racoonctl which will use the port to control racoon
> +
> +config IPSEC_TOOLS_NATT
> +	bool
> +	prompt "Enable NAT-Traversal"
> +	help
> +	  This needs kernel support, which is available on Linux.
> +	  If you live in a country where software patents are legal, using
> +	  NAT-Traversal might infringe a patent.
> +
> +config IPSEC_TOOLS_FRAG
> +	bool
> +	prompt "Enable IKE fragmentation."
> +	help
> +	  Enable IKE fragmentation, which is a workaround for
> +	  broken routers that drop fragmented packets
> +
> +config IPSEC_TOOLS_STATS
> +	bool
> +	default y
> +	prompt "Enable statistics logging function."
> +
> +config IPSEC_TOOLS_IPV6_SUPPORT
> +	bool
> +	default y
> +	prompt "Enable IPv6 Support"
> +
> +config IPSEC_TOOLS_READLINE
> +	bool
> +	default y
> +	prompt "Enable readline input support"
> +
> +choice
> +	prompt "Security context"
> +	default IPSEC_SECCTX_DISABLE
> +	help
> +	  Selects whether or not to enable security context support.
> +
> +config IPSEC_SECCTX_DISABLE
> +	bool
> +	prompt "Disable security context support"
> +
> +config IPSEC_SECCTX_ENABLE
> +	bool
> +	prompt "Enable SELinux security context support"
> +
> +config IPSEC_SECCTX_KERNEL
> +	bool
> +	prompt "Enable kernel security context"

No need to repeat 'security context' every time.
none/SELinux/Kernel should be enough

> +
> +endchoice
> +
> +endif
> diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make
> new file mode 100644
> index 0000000..00d9e4f
> --- /dev/null
> +++ b/rules/ipsec-tools.make
> @@ -0,0 +1,140 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2011 by Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools
> +
> +#
> +# Paths and names
> +#
> +IPSEC_TOOLS_VERSION	:= 0.8.0
> +IPSEC_TOOLS_MD5		:= b79aae3055a51f8de5c0f1b8ca6cf619
> +IPSEC_TOOLS		:= ipsec-tools-$(IPSEC_TOOLS_VERSION)
> +IPSEC_TOOLS_SUFFIX	:= tar.bz2
> +IPSEC_TOOLS_URL		:= $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_SOURCE	:= $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_DIR		:= $(BUILDDIR)/$(IPSEC_TOOLS)
> +IPSEC_TOOLS_LICENSE	:= BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +IPSEC_TOOLS_CONF_TOOL	:= autoconf
> +IPSEC_TOOLS_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	  --disable-hybrid \
> +	  --without-libpam \
> +	  --disable-gssapi \
> +	  --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> +IPSEC_TOOLS_CONF_OPT	+= --enable-adminport
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-adminport
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_NATT
> +IPSEC_TOOLS_CONF_OPT	+= --enable-natt
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-natt
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_FRAG
> +IPSEC_TOOLS_CONF_OPT	+= --enable-frag
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-frag
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_STATS
> +IPSEC_TOOLS_CONF_OPT	+= --enable-stats
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-stats
> +endif
> +
> +ifdef PTXCONF_IPSEC_IPV6_SUPPORT
> +IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
> +else
> +IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
> +endif

I prefer ptx/endis here.

> +
> +ifndef PTXCONF_IPSEC_TOOLS_READLINE
> +IPSEC_TOOLS_CONF_OPT+= --without-readline
> +endif

Either add the else part, or a comment why this is broken.

> +
> +ifdef PTXCONF_IPSEC_SECCTX_DISABLE
> +IPSEC_TOOLS_CONF_OPT	+= --enable-security-context=no
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_ENABLE
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_KERNEL
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
> +endif
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/ipsec-tools.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, ipsec-tools)
> +	@$(call install_fixup, ipsec-tools,PRIORITY,optional)
> +	@$(call install_fixup, ipsec-tools,SECTION,base)
> +	@$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen <bartvdrmeulen@gmail.com>")
> +	@$(call install_fixup, ipsec-tools,DESCRIPTION,missing)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey)
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf)
> +endif
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon)
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf)
> +endif
> +
> +ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "")
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE))
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl)
> +endif
> +
> +ifdef IPSEC_TOOLS_PLAINRSA_GEN
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen)
> +endif
> +
> +endif
> +	@$(call install_finish, ipsec-tools)
> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Clean
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/ipsec-tools.clean:
> +#	@$(call targetinfo)
> +#	@$(call clean_pkg, IPSEC_TOOLS)

remove.

Michael

> +
> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

      reply	other threads:[~2012-05-31 15:25 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-28 12:42 Bart vdr. Meulen
2012-05-31 15:25 ` Michael Olbrich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120531152523.GI10627@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox