From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1UIJOc-0002VK-4G for ptxdist@pengutronix.de; Wed, 20 Mar 2013 14:49:38 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.72) (envelope-from ) id 1UIJOa-0005Ls-1d for ptxdist@pengutronix.de; Wed, 20 Mar 2013 14:49:36 +0100 Date: Wed, 20 Mar 2013 14:49:36 +0100 From: Michael Olbrich Message-ID: <20130320134936.GI30288@pengutronix.de> References: <1361395347.22777.1.camel@mars> <20130304170456.GY5360@pengutronix.de> <1362512222.4075.334.camel@mars> <20130306082132.GH7949@pengutronix.de> <1362564630.3919.30.camel@mars> <20130306125031.GW28383@pengutronix.de> <1362610442.3919.62.camel@mars> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1362610442.3919.62.camel@mars> Subject: Re: [ptxdist] [PATCH v3] strongswan: add package Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Wed, Mar 06, 2013 at 11:54:02PM +0100, Christoph Fritz wrote: > > Signed-off-by: Christoph Fritz > --- > rules/strongswan.in | 46 +++++++++++ > rules/strongswan.make | 217 +++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 263 insertions(+) > create mode 100644 rules/strongswan.in > create mode 100644 rules/strongswan.make > > diff --git a/rules/strongswan.in b/rules/strongswan.in > new file mode 100644 > index 0000000..85c8215 > --- /dev/null > +++ b/rules/strongswan.in > @@ -0,0 +1,46 @@ > +## SECTION=networking > + > +menuconfig STRONGSWAN > + bool > + prompt "strongswan " > + select LIBGMP > + select LIBCURL if STRONGSWAN_LIBCURL > + help > + strongSwan is a complete IPsec implementation. > + Please keep in mind to configure the kernel accordingly to fulfill > + strongSwan's needs. See 'Required Kernel Modules' here: > + http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules > + > +if STRONGSWAN > + config STRONGSWAN_STATIC > + bool > + default n > + prompt "build static libraries" > + help > + Libraries will also be built statically. No option for this, unless there is a special need for static libraries. Just use --disable-static > + > + config STRONGSWAN_LIBCURL > + bool > + default y > + prompt "CURL fetcher plugin to fetch files" > + help > + If you intend to dynamically fetch Certificate Revocation Lists > + (CRLs) from an HTTP server or as an alternative want to use > + the Online Certificate Status Protocol (OCSP) say yes. > + > + config STRONGSWAN_AFALG > + bool > + default y > + prompt "AF_ALG crypto interface to Linux Crypto API" > + help > + Linux 2.6.38 introduced the AF_ALG Crypto API which makes the > + crypto algorithms of the kernel available in userland. > + If your strongswan configuration depends on this, be sure to > + enable the appropriate crypto algorithm in your kernel. > + For test configurations see af-alg-* categories here: > + http://www.strongswan.org/uml/testresults4/index.html > + For a list of cipher suite keywords see: > + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites > + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites > +endif > + > diff --git a/rules/strongswan.make b/rules/strongswan.make > new file mode 100644 > index 0000000..4c78fa7 > --- /dev/null > +++ b/rules/strongswan.make > @@ -0,0 +1,217 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2013 by Christoph Fritz > +# > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan > + > +# > +# Paths and names > +# > +STRONGSWAN_VERSION := 5.0.2 > +STRONGSWAN_MD5 := 77dc16443fd141f46183d3a4f60986ef > +STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) > +STRONGSWAN_SUFFIX := tar.bz2 > +STRONGSWAN_URL := http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > +STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > +STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN) > +STRONGSWAN_LICENSE := GPL > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +STRONGSWAN_CONF_TOOL := autoconf > +STRONGSWAN_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ Please sort _exactly_ like in ./configure --help > + --enable-aes \ > + --enable-des \ > + --disable-blowfish \ > + --enable-md5 \ > + --enable-sha1 \ > + --enable-sha2 \ > + --enable-gmp \ > + --disable-soup \ > + --disable-ldap \ > + --disable-md4 \ > + --enable-fips-prf \ > + --disable-rdrand \ > + --enable-random \ > + --enable-nonce \ > + --enable-x509 \ > + --enable-revocation \ > + --enable-constraints \ > + --enable-pubkey \ > + --enable-pkcs1 \ > + --enable-pkcs7 \ > + --enable-pkcs8 \ > + --enable-pgp \ > + --enable-dnskey \ > + --enable-pem \ > + --enable-hmac \ > + --enable-cmac \ > + --enable-xcbc \ > + --disable-test-vectors \ > + --disable-mysql \ > + --disable-sqlite \ > + --enable-stroke \ > + --disable-medsrv \ > + --disable-medcli \ > + --disable-smp \ > + --disable-sql \ > + --disable-leak-detective \ > + --disable-lock-profiler \ > + --disable-unit-tester \ > + --disable-load-tester \ > + --disable-eap-sim \ > + --disable-eap-sim-file \ > + --disable-eap-sim-pcsc \ > + --disable-eap-simaka-sql \ > + --disable-eap-simaka-pseudonym \ > + --disable-eap-simaka-reauth \ > + --disable-eap-identity \ > + --disable-eap-md5 \ > + --disable-eap-gtc \ > + --disable-eap-mschapv2 \ > + --disable-eap-tls \ > + --disable-eap-ttls \ > + --disable-eap-peap \ > + --disable-eap-tnc \ > + --disable-eap-dynamic \ > + --disable-eap-radius \ > + --enable-xauth-generic \ > + --disable-xauth-eap \ > + --disable-xauth-pam \ > + --disable-tnc-ifmap \ > + --disable-tnc-pdp \ > + --disable-tnc-imc \ > + --disable-tnc-imv \ > + --disable-tnccs-11 \ > + --disable-tnccs-20 \ > + --disable-tnccs-dynamic \ > + --disable-imc-test \ > + --disable-imv-test \ > + --disable-imc-scanner \ > + --disable-imv-scanner \ > + --disable-imc-os \ > + --disable-imv-os \ > + --disable-imc-attestation \ > + --disable-imv-attestation \ > + --enable-kernel-netlink \ > + --disable-kernel-pfkey \ > + --disable-kernel-pfroute \ > + --disable-kernel-klips \ > + --disable-libipsec \ > + --enable-socket-default \ > + --disable-socket-dynamic \ > + --disable-farp \ > + --disable-dumm \ > + --disable-fast \ > + --disable-manager \ > + --disable-mediation \ > + --disable-integrity-test \ > + --enable-load-warning \ > + --enable-ikev1 \ > + --enable-ikev2 \ > + --enable-charon \ > + --enable-tools \ > + --enable-scripts \ > + --disable-conftest \ > + --enable-updown \ > + --enable-attr \ > + --disable-attr-sql \ > + --disable-dhcp \ > + --enable-resolve \ > + --disable-padlock \ > + --disable-openssl \ > + --disable-gcrypt \ > + --disable-agent \ > + --disable-pkcs11 \ > + --disable-ctr \ > + --disable-ccm \ > + --disable-gcm \ > + --disable-addrblock \ > + --disable-unity \ > + --disable-uci \ > + --disable-android \ > + --disable-android-log \ > + --disable-maemo \ > + --disable-nm \ > + --disable-ha \ > + --disable-whitelist \ > + --disable-lookip \ > + --disable-error-notify \ > + --disable-certexpire \ > + --disable-led \ > + --disable-duplicheck \ > + --disable-coupling \ > + --disable-radattr \ > + --disable-vstr \ > + --disable-monolithic \ > + --disable-bfd-backtraces \ > + --enable-dependency-tracking \ > + --enable-shared \ > + --enable-fast-install \ > + --enable-libtool-lock \ remove these 2. > + --with-user=root \ > + --with-group=root > + > +ifdef PTXCONF_STRONGSWAN_STATIC > +STRONGSWAN_CONF_OPT += --enable-static > +else > +STRONGSWAN_CONF_OPT += --disable-static > +endif > + > +ifdef PTXCONF_STRONGSWAN_LIBCURL > +STRONGSWAN_CONF_OPT += --enable-curl > +else > +STRONGSWAN_CONF_OPT += --disable-curl > +endif > + --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \ > +ifdef PTXCONF_STRONGSWAN_AFALG > +STRONGSWAN_CONF_OPT += --enable-af-alg > +else > +STRONGSWAN_CONF_OPT += --disable-af-alg > +endif --$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \ use these at the correct place in the list. > + > +STRONGSWAN_CONF_OPT += --with-ipseclibdir=/usr/lib keep this in the list. > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/strongswan.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, strongswan) > + @$(call install_fixup, strongswan,PRIORITY,optional) > + @$(call install_fixup, strongswan,SECTION,base) > + @$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz ") > + @$(call install_fixup, strongswan,DESCRIPTION,missing) What about the configs in /etc? If you do it like this, then you can provide a custom config in the BSP and it will fall back to the file installed with the package: @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) Also, make an option and install the systemd unit. See e.g. the urshd package for an example. > + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/sbin, /usr/sbin) No, this is just one file anyways. Use install copy. Also, you can use '-' for the source if its just $(STRONGSWAN_PKGDIR)/. > + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/libexec, /usr/libexec) @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec) > + @$(call install_tree, strongswan, 0, 0, $(STRONGSWAN_PKGDIR)/usr/lib, /usr/lib) No, this also installs .la files. use install_lib for the normal libs in /usr/lib/. For the plugins make a list and use forech. See e.g. rules/perl.make for an example. Michael > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts) > + @$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private) > + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs) > + > + @$(call install_finish, strongswan) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 1.7.10.4 > > > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de