[ptxdist] [PATCH] ipsec-tools: add new package

[ptxdist] [PATCH] ipsec-tools: add new package

[Bart vdr. Meulen]

From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>

Add ipsec-tools package, it contains a port of the
KAME's libipsec, setkey, and racoon tools for Linux.

Signed-off-by: Bart vdr. Meulen <bartvdrmeulen@gmail.com>
---
 rules/ipsec-tools.in   |  113 ++++++++++++++++++++++++++++++++++++++
 rules/ipsec-tools.make |  140 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 253 insertions(+)
 create mode 100644 rules/ipsec-tools.in
 create mode 100644 rules/ipsec-tools.make

diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in
new file mode 100644
index 0000000..31ebf5a
--- /dev/null
+++ b/rules/ipsec-tools.in
@@ -0,0 +1,113 @@
+## SECTION=networking
+
+menuconfig IPSEC_TOOLS
+	tristate
+	prompt "ipsec-tools"
+	select KERNEL_HEADER
+	select OPENSSL
+	select FLEX
+	select HOST_FLEX
+	select READLINE if IPSEC_TOOLS_READLINE
+	help
+	  User-space IPsec tools for various IPsec implementations.
+	  A port of KAME's libipsec, setkey, and racoon to the Linux OS.
+
+if IPSEC_TOOLS
+
+config IPSEC_TOOLS_SETKEY
+	bool
+	default y
+	prompt "Install setkey"
+	help
+	  Install setkey, for manually manipulating the IPsec SA/SP database
+
+config IPSEC_TOOLS_SETKEY_CONF
+	bool
+	depends on IPSEC_TOOLS_SETKEY
+	prompt "Install setkey.conf"
+
+config IPSEC_TOOLS_RACOON
+	bool
+	default y
+	prompt "Install racoon"
+	help
+	  Install racoon, the IKE (ISAKMP/Oakley) key management daemon
+
+config IPSEC_TOOLS_RACOON_CONF
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	prompt "Install racoon.conf"
+
+config IPSEC_TOOLS_RACOON_PSK_FILE
+	string
+	default "/etc/racoon.psk"
+	depends on IPSEC_TOOLS_RACOON_CONF
+	prompt "Install this racoon PSK file"
+
+config IPSEC_TOOLS_PLAINRSA_GEN
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	prompt "Install plainrsa-gen"
+	help
+	  Install plainrsa-gen, a generator for Plain RSA keys
+
+config IPSEC_TOOLS_ADMINPORT
+	bool
+	depends on IPSEC_TOOLS_RACOON
+	default y
+	prompt "Enable racoonctl support"
+	help
+	  This lets racoon to listen to racoon admin port, and will install
+	  racoonctl which will use the port to control racoon
+
+config IPSEC_TOOLS_NATT
+	bool
+	prompt "Enable NAT-Traversal"
+	help
+	  This needs kernel support, which is available on Linux.
+	  If you live in a country where software patents are legal, using
+	  NAT-Traversal might infringe a patent.
+
+config IPSEC_TOOLS_FRAG
+	bool
+	prompt "Enable IKE fragmentation."
+	help
+	  Enable IKE fragmentation, which is a workaround for
+	  broken routers that drop fragmented packets
+
+config IPSEC_TOOLS_STATS
+	bool
+	default y
+	prompt "Enable statistics logging function."
+
+config IPSEC_TOOLS_IPV6_SUPPORT
+	bool
+	default y
+	prompt "Enable IPv6 Support"
+
+config IPSEC_TOOLS_READLINE
+	bool
+	default y
+	prompt "Enable readline input support"
+
+choice
+	prompt "Security context"
+	default IPSEC_SECCTX_DISABLE
+	help
+	  Selects whether or not to enable security context support.
+
+config IPSEC_SECCTX_DISABLE
+	bool
+	prompt "Disable security context support"
+
+config IPSEC_SECCTX_ENABLE
+	bool
+	prompt "Enable SELinux security context support"
+
+config IPSEC_SECCTX_KERNEL
+	bool
+	prompt "Enable kernel security context"
+
+endchoice
+
+endif
diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make
new file mode 100644
index 0000000..00d9e4f
--- /dev/null
+++ b/rules/ipsec-tools.make
@@ -0,0 +1,140 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2011 by Bart vdr. Meulen <bartvdrmeulen@gmail.com>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools
+
+#
+# Paths and names
+#
+IPSEC_TOOLS_VERSION	:= 0.8.0
+IPSEC_TOOLS_MD5		:= b79aae3055a51f8de5c0f1b8ca6cf619
+IPSEC_TOOLS		:= ipsec-tools-$(IPSEC_TOOLS_VERSION)
+IPSEC_TOOLS_SUFFIX	:= tar.bz2
+IPSEC_TOOLS_URL		:= $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
+IPSEC_TOOLS_SOURCE	:= $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
+IPSEC_TOOLS_DIR		:= $(BUILDDIR)/$(IPSEC_TOOLS)
+IPSEC_TOOLS_LICENSE	:= BSD
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+IPSEC_TOOLS_CONF_TOOL	:= autoconf
+IPSEC_TOOLS_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	  --disable-hybrid \
+	  --without-libpam \
+	  --disable-gssapi \
+	  --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR)
+
+ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
+IPSEC_TOOLS_CONF_OPT	+= --enable-adminport
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-adminport
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_NATT
+IPSEC_TOOLS_CONF_OPT	+= --enable-natt
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-natt
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_FRAG
+IPSEC_TOOLS_CONF_OPT	+= --enable-frag
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-frag
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_STATS
+IPSEC_TOOLS_CONF_OPT	+= --enable-stats
+else
+IPSEC_TOOLS_CONF_OPT	+= --disable-stats
+endif
+
+ifdef PTXCONF_IPSEC_IPV6_SUPPORT
+IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
+else
+IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
+endif
+
+ifndef PTXCONF_IPSEC_TOOLS_READLINE
+IPSEC_TOOLS_CONF_OPT+= --without-readline
+endif
+
+ifdef PTXCONF_IPSEC_SECCTX_DISABLE
+IPSEC_TOOLS_CONF_OPT	+= --enable-security-context=no
+endif
+ifdef PTXCONF_IPSEC_SECCTX_ENABLE
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
+endif
+ifdef PTXCONF_IPSEC_SECCTX_KERNEL
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
+endif
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/ipsec-tools.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, ipsec-tools)
+	@$(call install_fixup, ipsec-tools,PRIORITY,optional)
+	@$(call install_fixup, ipsec-tools,SECTION,base)
+	@$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen <bartvdrmeulen@gmail.com>")
+	@$(call install_fixup, ipsec-tools,DESCRIPTION,missing)
+
+ifdef PTXCONF_IPSEC_TOOLS_SETKEY
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey)
+ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF
+	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf)
+endif
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_RACOON
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon)
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon)
+
+ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF
+	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf)
+endif
+
+ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "")
+	@$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE))
+endif
+
+ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl)
+endif
+
+ifdef IPSEC_TOOLS_PLAINRSA_GEN
+	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen)
+endif
+
+endif
+	@$(call install_finish, ipsec-tools)
+
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Clean
+# ----------------------------------------------------------------------------
+
+#$(STATEDIR)/ipsec-tools.clean:
+#	@$(call targetinfo)
+#	@$(call clean_pkg, IPSEC_TOOLS)
+
+# vim: syntax=make
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] ipsec-tools: add new package

[Michael Olbrich]

On Mon, May 28, 2012 at 02:42:55PM +0200, Bart vdr. Meulen wrote:
> From: "Bart vdr. Meulen" <bartvdrmeulen@gmail.com>
> 
> Add ipsec-tools package, it contains a port of the
> KAME's libipsec, setkey, and racoon tools for Linux.
> 
> Signed-off-by: Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> ---
>  rules/ipsec-tools.in   |  113 ++++++++++++++++++++++++++++++++++++++
>  rules/ipsec-tools.make |  140 ++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 253 insertions(+)
>  create mode 100644 rules/ipsec-tools.in
>  create mode 100644 rules/ipsec-tools.make
> 
> diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in
> new file mode 100644
> index 0000000..31ebf5a
> --- /dev/null
> +++ b/rules/ipsec-tools.in
> @@ -0,0 +1,113 @@
> +## SECTION=networking
> +
> +menuconfig IPSEC_TOOLS
> +	tristate
> +	prompt "ipsec-tools"

please add the spaces to align then '-->' in the menu

> +	select KERNEL_HEADER
> +	select OPENSSL
> +	select FLEX

This really needs flex on the target?

> +	select HOST_FLEX
> +	select READLINE if IPSEC_TOOLS_READLINE
> +	help
> +	  User-space IPsec tools for various IPsec implementations.
> +	  A port of KAME's libipsec, setkey, and racoon to the Linux OS.
> +
> +if IPSEC_TOOLS
> +
> +config IPSEC_TOOLS_SETKEY
> +	bool
> +	default y
> +	prompt "Install setkey"
> +	help
> +	  Install setkey, for manually manipulating the IPsec SA/SP database
> +
> +config IPSEC_TOOLS_SETKEY_CONF
> +	bool
> +	depends on IPSEC_TOOLS_SETKEY
> +	prompt "Install setkey.conf"

Is this option really necessary? I'd prefer a dummy config file in
generic/, or is setkey really useful without it?

> +
> +config IPSEC_TOOLS_RACOON
> +	bool
> +	default y
> +	prompt "Install racoon"
> +	help
> +	  Install racoon, the IKE (ISAKMP/Oakley) key management daemon
> +
> +config IPSEC_TOOLS_RACOON_CONF
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	prompt "Install racoon.conf"

same here

> +
> +config IPSEC_TOOLS_RACOON_PSK_FILE
> +	string
> +	default "/etc/racoon.psk"
> +	depends on IPSEC_TOOLS_RACOON_CONF
> +	prompt "Install this racoon PSK file"

when is this (not) needed? A help comment would be good.

> +
> +config IPSEC_TOOLS_PLAINRSA_GEN
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	prompt "Install plainrsa-gen"
> +	help
> +	  Install plainrsa-gen, a generator for Plain RSA keys
> +
> +config IPSEC_TOOLS_ADMINPORT
> +	bool
> +	depends on IPSEC_TOOLS_RACOON
> +	default y
> +	prompt "Enable racoonctl support"
> +	help
> +	  This lets racoon to listen to racoon admin port, and will install
> +	  racoonctl which will use the port to control racoon
> +
> +config IPSEC_TOOLS_NATT
> +	bool
> +	prompt "Enable NAT-Traversal"
> +	help
> +	  This needs kernel support, which is available on Linux.
> +	  If you live in a country where software patents are legal, using
> +	  NAT-Traversal might infringe a patent.
> +
> +config IPSEC_TOOLS_FRAG
> +	bool
> +	prompt "Enable IKE fragmentation."
> +	help
> +	  Enable IKE fragmentation, which is a workaround for
> +	  broken routers that drop fragmented packets
> +
> +config IPSEC_TOOLS_STATS
> +	bool
> +	default y
> +	prompt "Enable statistics logging function."
> +
> +config IPSEC_TOOLS_IPV6_SUPPORT
> +	bool
> +	default y
> +	prompt "Enable IPv6 Support"
> +
> +config IPSEC_TOOLS_READLINE
> +	bool
> +	default y
> +	prompt "Enable readline input support"
> +
> +choice
> +	prompt "Security context"
> +	default IPSEC_SECCTX_DISABLE
> +	help
> +	  Selects whether or not to enable security context support.
> +
> +config IPSEC_SECCTX_DISABLE
> +	bool
> +	prompt "Disable security context support"
> +
> +config IPSEC_SECCTX_ENABLE
> +	bool
> +	prompt "Enable SELinux security context support"
> +
> +config IPSEC_SECCTX_KERNEL
> +	bool
> +	prompt "Enable kernel security context"

No need to repeat 'security context' every time.
none/SELinux/Kernel should be enough

> +
> +endchoice
> +
> +endif
> diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make
> new file mode 100644
> index 0000000..00d9e4f
> --- /dev/null
> +++ b/rules/ipsec-tools.make
> @@ -0,0 +1,140 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2011 by Bart vdr. Meulen <bartvdrmeulen@gmail.com>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools
> +
> +#
> +# Paths and names
> +#
> +IPSEC_TOOLS_VERSION	:= 0.8.0
> +IPSEC_TOOLS_MD5		:= b79aae3055a51f8de5c0f1b8ca6cf619
> +IPSEC_TOOLS		:= ipsec-tools-$(IPSEC_TOOLS_VERSION)
> +IPSEC_TOOLS_SUFFIX	:= tar.bz2
> +IPSEC_TOOLS_URL		:= $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_SOURCE	:= $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX)
> +IPSEC_TOOLS_DIR		:= $(BUILDDIR)/$(IPSEC_TOOLS)
> +IPSEC_TOOLS_LICENSE	:= BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +IPSEC_TOOLS_CONF_TOOL	:= autoconf
> +IPSEC_TOOLS_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	  --disable-hybrid \
> +	  --without-libpam \
> +	  --disable-gssapi \
> +	  --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> +IPSEC_TOOLS_CONF_OPT	+= --enable-adminport
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-adminport
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_NATT
> +IPSEC_TOOLS_CONF_OPT	+= --enable-natt
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-natt
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_FRAG
> +IPSEC_TOOLS_CONF_OPT	+= --enable-frag
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-frag
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_STATS
> +IPSEC_TOOLS_CONF_OPT	+= --enable-stats
> +else
> +IPSEC_TOOLS_CONF_OPT	+= --disable-stats
> +endif
> +
> +ifdef PTXCONF_IPSEC_IPV6_SUPPORT
> +IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
> +else
> +IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
> +endif

I prefer ptx/endis here.

> +
> +ifndef PTXCONF_IPSEC_TOOLS_READLINE
> +IPSEC_TOOLS_CONF_OPT+= --without-readline
> +endif

Either add the else part, or a comment why this is broken.

> +
> +ifdef PTXCONF_IPSEC_SECCTX_DISABLE
> +IPSEC_TOOLS_CONF_OPT	+= --enable-security-context=no
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_ENABLE
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
> +endif
> +ifdef PTXCONF_IPSEC_SECCTX_KERNEL
> +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
> +endif
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/ipsec-tools.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, ipsec-tools)
> +	@$(call install_fixup, ipsec-tools,PRIORITY,optional)
> +	@$(call install_fixup, ipsec-tools,SECTION,base)
> +	@$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen <bartvdrmeulen@gmail.com>")
> +	@$(call install_fixup, ipsec-tools,DESCRIPTION,missing)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey)
> +ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf)
> +endif
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon)
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon)
> +
> +ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf)
> +endif
> +
> +ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "")
> +	@$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE))
> +endif
> +
> +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl)
> +endif
> +
> +ifdef IPSEC_TOOLS_PLAINRSA_GEN
> +	@$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen)
> +endif
> +
> +endif
> +	@$(call install_finish, ipsec-tools)
> +
> +	@$(call touch)
> +
> +# ----------------------------------------------------------------------------
> +# Clean
> +# ----------------------------------------------------------------------------
> +
> +#$(STATEDIR)/ipsec-tools.clean:
> +#	@$(call targetinfo)
> +#	@$(call clean_pkg, IPSEC_TOOLS)

remove.

Michael

> +
> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de