From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mediacenter.hi.pengutronix.de ([2001:6f8:1178:2::65]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1Sa7Fb-0004JS-GV for ptxdist@pengutronix.de; Thu, 31 May 2012 17:25:23 +0200 Received: from mol by mediacenter.hi.pengutronix.de with local (Exim 4.72) (envelope-from ) id 1Sa7Fb-0004D0-FR for ptxdist@pengutronix.de; Thu, 31 May 2012 17:25:23 +0200 Date: Thu, 31 May 2012 17:25:23 +0200 From: Michael Olbrich Message-ID: <20120531152523.GI10627@pengutronix.de> References: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1338208981-8681-29-git-send-email-bartvdrmeulen@gmail.com> Subject: Re: [ptxdist] [PATCH] ipsec-tools: add new package Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Mon, May 28, 2012 at 02:42:55PM +0200, Bart vdr. Meulen wrote: > From: "Bart vdr. Meulen" > > Add ipsec-tools package, it contains a port of the > KAME's libipsec, setkey, and racoon tools for Linux. > > Signed-off-by: Bart vdr. Meulen > --- > rules/ipsec-tools.in | 113 ++++++++++++++++++++++++++++++++++++++ > rules/ipsec-tools.make | 140 ++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 253 insertions(+) > create mode 100644 rules/ipsec-tools.in > create mode 100644 rules/ipsec-tools.make > > diff --git a/rules/ipsec-tools.in b/rules/ipsec-tools.in > new file mode 100644 > index 0000000..31ebf5a > --- /dev/null > +++ b/rules/ipsec-tools.in > @@ -0,0 +1,113 @@ > +## SECTION=networking > + > +menuconfig IPSEC_TOOLS > + tristate > + prompt "ipsec-tools" please add the spaces to align then '-->' in the menu > + select KERNEL_HEADER > + select OPENSSL > + select FLEX This really needs flex on the target? > + select HOST_FLEX > + select READLINE if IPSEC_TOOLS_READLINE > + help > + User-space IPsec tools for various IPsec implementations. > + A port of KAME's libipsec, setkey, and racoon to the Linux OS. > + > +if IPSEC_TOOLS > + > +config IPSEC_TOOLS_SETKEY > + bool > + default y > + prompt "Install setkey" > + help > + Install setkey, for manually manipulating the IPsec SA/SP database > + > +config IPSEC_TOOLS_SETKEY_CONF > + bool > + depends on IPSEC_TOOLS_SETKEY > + prompt "Install setkey.conf" Is this option really necessary? I'd prefer a dummy config file in generic/, or is setkey really useful without it? > + > +config IPSEC_TOOLS_RACOON > + bool > + default y > + prompt "Install racoon" > + help > + Install racoon, the IKE (ISAKMP/Oakley) key management daemon > + > +config IPSEC_TOOLS_RACOON_CONF > + bool > + depends on IPSEC_TOOLS_RACOON > + prompt "Install racoon.conf" same here > + > +config IPSEC_TOOLS_RACOON_PSK_FILE > + string > + default "/etc/racoon.psk" > + depends on IPSEC_TOOLS_RACOON_CONF > + prompt "Install this racoon PSK file" when is this (not) needed? A help comment would be good. > + > +config IPSEC_TOOLS_PLAINRSA_GEN > + bool > + depends on IPSEC_TOOLS_RACOON > + prompt "Install plainrsa-gen" > + help > + Install plainrsa-gen, a generator for Plain RSA keys > + > +config IPSEC_TOOLS_ADMINPORT > + bool > + depends on IPSEC_TOOLS_RACOON > + default y > + prompt "Enable racoonctl support" > + help > + This lets racoon to listen to racoon admin port, and will install > + racoonctl which will use the port to control racoon > + > +config IPSEC_TOOLS_NATT > + bool > + prompt "Enable NAT-Traversal" > + help > + This needs kernel support, which is available on Linux. > + If you live in a country where software patents are legal, using > + NAT-Traversal might infringe a patent. > + > +config IPSEC_TOOLS_FRAG > + bool > + prompt "Enable IKE fragmentation." > + help > + Enable IKE fragmentation, which is a workaround for > + broken routers that drop fragmented packets > + > +config IPSEC_TOOLS_STATS > + bool > + default y > + prompt "Enable statistics logging function." > + > +config IPSEC_TOOLS_IPV6_SUPPORT > + bool > + default y > + prompt "Enable IPv6 Support" > + > +config IPSEC_TOOLS_READLINE > + bool > + default y > + prompt "Enable readline input support" > + > +choice > + prompt "Security context" > + default IPSEC_SECCTX_DISABLE > + help > + Selects whether or not to enable security context support. > + > +config IPSEC_SECCTX_DISABLE > + bool > + prompt "Disable security context support" > + > +config IPSEC_SECCTX_ENABLE > + bool > + prompt "Enable SELinux security context support" > + > +config IPSEC_SECCTX_KERNEL > + bool > + prompt "Enable kernel security context" No need to repeat 'security context' every time. none/SELinux/Kernel should be enough > + > +endchoice > + > +endif > diff --git a/rules/ipsec-tools.make b/rules/ipsec-tools.make > new file mode 100644 > index 0000000..00d9e4f > --- /dev/null > +++ b/rules/ipsec-tools.make > @@ -0,0 +1,140 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2011 by Bart vdr. Meulen > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_IPSEC_TOOLS) += ipsec-tools > + > +# > +# Paths and names > +# > +IPSEC_TOOLS_VERSION := 0.8.0 > +IPSEC_TOOLS_MD5 := b79aae3055a51f8de5c0f1b8ca6cf619 > +IPSEC_TOOLS := ipsec-tools-$(IPSEC_TOOLS_VERSION) > +IPSEC_TOOLS_SUFFIX := tar.bz2 > +IPSEC_TOOLS_URL := $(PTXCONF_SETUP_SFMIRROR)/ipsec-tools/$(IPSEC_TOOLS_VERSION)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX) > +IPSEC_TOOLS_SOURCE := $(SRCDIR)/$(IPSEC_TOOLS).$(IPSEC_TOOLS_SUFFIX) > +IPSEC_TOOLS_DIR := $(BUILDDIR)/$(IPSEC_TOOLS) > +IPSEC_TOOLS_LICENSE := BSD > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# autoconf > +# > +IPSEC_TOOLS_CONF_TOOL := autoconf > +IPSEC_TOOLS_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + --disable-hybrid \ > + --without-libpam \ > + --disable-gssapi \ > + --with-kernel-headers=$(KERNEL_HEADERS_INCLUDE_DIR) > + > +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT > +IPSEC_TOOLS_CONF_OPT += --enable-adminport > +else > +IPSEC_TOOLS_CONF_OPT += --disable-adminport > +endif > + > +ifdef PTXCONF_IPSEC_TOOLS_NATT > +IPSEC_TOOLS_CONF_OPT += --enable-natt > +else > +IPSEC_TOOLS_CONF_OPT += --disable-natt > +endif > + > +ifdef PTXCONF_IPSEC_TOOLS_FRAG > +IPSEC_TOOLS_CONF_OPT += --enable-frag > +else > +IPSEC_TOOLS_CONF_OPT += --disable-frag > +endif > + > +ifdef PTXCONF_IPSEC_TOOLS_STATS > +IPSEC_TOOLS_CONF_OPT += --enable-stats > +else > +IPSEC_TOOLS_CONF_OPT += --disable-stats > +endif > + > +ifdef PTXCONF_IPSEC_IPV6_SUPPORT > +IPSEC_TOOLS_CONF_OPT+= --enable-ipv6 > +else > +IPSEC_TOOLS_CONF_OPT+= --disable-ipv6 > +endif I prefer ptx/endis here. > + > +ifndef PTXCONF_IPSEC_TOOLS_READLINE > +IPSEC_TOOLS_CONF_OPT+= --without-readline > +endif Either add the else part, or a comment why this is broken. > + > +ifdef PTXCONF_IPSEC_SECCTX_DISABLE > +IPSEC_TOOLS_CONF_OPT += --enable-security-context=no > +endif > +ifdef PTXCONF_IPSEC_SECCTX_ENABLE > +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes > +endif > +ifdef PTXCONF_IPSEC_SECCTX_KERNEL > +IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel > +endif > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/ipsec-tools.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, ipsec-tools) > + @$(call install_fixup, ipsec-tools,PRIORITY,optional) > + @$(call install_fixup, ipsec-tools,SECTION,base) > + @$(call install_fixup, ipsec-tools,AUTHOR,"Bart vdr. Meulen ") > + @$(call install_fixup, ipsec-tools,DESCRIPTION,missing) > + > +ifdef PTXCONF_IPSEC_TOOLS_SETKEY > + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/setkey) > +ifdef PTXCONF_IPSEC_TOOLS_SETKEY_CONF > + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/setkey.conf) > +endif > +endif > + > +ifdef PTXCONF_IPSEC_TOOLS_RACOON > + @$(call install_copy, ipsec-tools, 0, 0, 0755, /var/racoon) > + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoon) > + > +ifdef PTXCONF_IPSEC_TOOLS_RACOON_CONF > + @$(call install_alternative, ipsec-tools, 0, 0, 0600, /etc/racoon.conf) > +endif > + > +ifneq ($(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE), "") > + @$(call install_alternative, ipsec-tools, 0, 0, 0400, $(PTXCONF_IPSEC_TOOLS_RACOON_PSK_FILE)) > +endif > + > +ifdef PTXCONF_IPSEC_TOOLS_ADMINPORT > + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/racoonctl) > +endif > + > +ifdef IPSEC_TOOLS_PLAINRSA_GEN > + @$(call install_copy, ipsec-tools, 0, 0, 0755, -, /usr/sbin/plainrsa-gen) > +endif > + > +endif > + @$(call install_finish, ipsec-tools) > + > + @$(call touch) > + > +# ---------------------------------------------------------------------------- > +# Clean > +# ---------------------------------------------------------------------------- > + > +#$(STATEDIR)/ipsec-tools.clean: > +# @$(call targetinfo) > +# @$(call clean_pkg, IPSEC_TOOLS) remove. Michael > + > +# vim: syntax=make > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de