mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v4] strongswan: add package
Date: Wed, 27 Mar 2013 19:10:12 +0100	[thread overview]
Message-ID: <20130327181012.GU1289@pengutronix.de> (raw)
In-Reply-To: <1364296873.3864.14.camel@mars>

On Tue, Mar 26, 2013 at 12:21:13PM +0100, Christoph Fritz wrote:
> 
> Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>

Thanks, applied with small changes.

Michael

> ---
>  rules/strongswan.in   |   45 +++++++++
>  rules/strongswan.make |  257 +++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 302 insertions(+)
>  create mode 100644 rules/strongswan.in
>  create mode 100644 rules/strongswan.make
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> new file mode 100644
> index 0000000..a609a3f
> --- /dev/null
> +++ b/rules/strongswan.in
> @@ -0,0 +1,45 @@
> +## SECTION=networking
> +
> +menuconfig STRONGSWAN
> +	bool
> +	prompt "strongswan                    "
> +	select LIBGMP
> +	select LIBCURL if STRONGSWAN_LIBCURL
> +	help
> +	  strongSwan is a complete IPsec implementation.
> +	  Please keep in mind to configure the kernel accordingly to fulfill
> +	  strongSwan's needs. See 'Required Kernel Modules' here:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> +
> +if STRONGSWAN
> +	config STRONGSWAN_LIBCURL
> +	bool
> +	default y
> +	prompt "CURL fetcher plugin to fetch files"
> +	help
> +	  If you intend to dynamically fetch Certificate Revocation Lists
> +	  (CRLs) from an HTTP server or as an alternative want to use
> +	  the Online Certificate Status Protocol (OCSP) say yes.
> +
> +	config STRONGSWAN_AFALG
> +	bool
> +	default y
> +	prompt "AF_ALG crypto interface to Linux Crypto API"
> +	help
> +	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
> +	  crypto algorithms of the kernel available in userland.
> +	  If your strongswan configuration depends on this, be sure to
> +	  enable the appropriate crypto algorithm in your kernel.
> +	  For test configurations see af-alg-* categories here:
> +	  http://www.strongswan.org/uml/testresults4/index.html
> +	  For a list of cipher suite keywords see:
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> +	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
> +
> +	config STRONGSWAN_SYSTEMD_UNIT
> +	bool
> +	default y
> +	depends on SYSTEMD
> +	prompt "install systemd service file"
> +
> +endif
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> new file mode 100644
> index 0000000..a6bfe4c
> --- /dev/null
> +++ b/rules/strongswan.make
> @@ -0,0 +1,257 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2013 by Christoph Fritz <chf.fritz@googlemail.com>
> +#
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> +
> +#
> +# Paths and names
> +#
> +STRONGSWAN_VERSION	:= 5.0.2
> +STRONGSWAN_MD5		:= 77dc16443fd141f46183d3a4f60986ef
> +STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
> +STRONGSWAN_SUFFIX	:= tar.bz2
> +STRONGSWAN_URL		:= http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> +STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
> +STRONGSWAN_LICENSE	:= GPL
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_CONF_TOOL	:= autoconf
> +STRONGSWAN_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
> +	--disable-soup \
> +	--disable-ldap \
> +	--enable-aes \
> +	--enable-des \
> +	--disable-blowfish \
> +	--disable-md4 \
> +	--enable-md5 \
> +	--enable-sha1 \
> +	--enable-sha2 \
> +	--enable-fips-prf \
> +	--enable-gmp \
> +	--disable-rdrand \
> +	--enable-random \
> +	--enable-nonce \
> +	--enable-x509 \
> +	--enable-revocation \
> +	--enable-constraints \
> +	--enable-pubkey \
> +	--enable-pkcs1 \
> +	--enable-pkcs7 \
> +	--enable-pkcs8 \
> +	--enable-pgp \
> +	--enable-dnskey \
> +	--enable-pem \
> +	--enable-hmac \
> +	--enable-cmac \
> +	--enable-xcbc \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
> +	--disable-test-vectors \
> +	--disable-mysql \
> +	--disable-sqlite \
> +	--enable-stroke \
> +	--disable-medsrv \
> +	--disable-medcli \
> +	--disable-smp \
> +	--disable-sql \
> +	--disable-leak-detective \
> +	--disable-lock-profiler \
> +	--disable-unit-tester \
> +	--disable-load-tester \
> +	--disable-eap-sim \
> +	--disable-eap-sim-file \
> +	--disable-eap-sim-pcsc \
> +	--disable-eap-aka \
> +	--disable-eap-aka-3gpp2 \
> +	--disable-eap-simaka-sql \
> +	--disable-eap-simaka-pseudonym \
> +	--disable-eap-simaka-reauth \
> +	--disable-eap-identity \
> +	--disable-eap-md5 \
> +	--disable-eap-gtc \
> +	--disable-eap-mschapv2 \
> +	--disable-eap-tls \
> +	--disable-eap-ttls \
> +	--disable-eap-peap \
> +	--disable-eap-tnc \
> +	--disable-eap-dynamic \
> +	--disable-eap-radius \
> +	--enable-xauth-generic \
> +	--disable-xauth-eap \
> +	--disable-xauth-pam \
> +	--disable-tnc-ifmap \
> +	--disable-tnc-pdp \
> +	--disable-tnc-imc \
> +	--disable-tnc-imv \
> +	--disable-tnccs-11 \
> +	--disable-tnccs-20 \
> +	--disable-tnccs-dynamic \
> +	--disable-imc-test \
> +	--disable-imv-test \
> +	--disable-imc-scanner \
> +	--disable-imv-scanner \
> +	--disable-imc-os \
> +	--disable-imv-os \
> +	--disable-imc-attestation \
> +	--disable-imv-attestation \
> +	--enable-kernel-netlink \
> +	--disable-kernel-pfkey \
> +	--disable-kernel-pfroute \
> +	--disable-kernel-klips \
> +	--disable-libipsec \
> +	--enable-socket-default \
> +	--disable-socket-dynamic \
> +	--disable-farp \
> +	--disable-dumm \
> +	--disable-fast \
> +	--disable-manager \
> +	--disable-mediation \
> +	--disable-integrity-test \
> +	--enable-load-warning \
> +	--enable-ikev1 \
> +	--enable-ikev2 \
> +	--enable-charon \
> +	--enable-tools \
> +	--enable-scripts \
> +	--disable-conftest \
> +	--enable-updown \
> +	--enable-attr \
> +	--disable-attr-sql \
> +	--disable-dhcp \
> +	--enable-resolve \
> +	--disable-padlock \
> +	--disable-openssl \
> +	--disable-gcrypt \
> +	--disable-agent \
> +	--disable-pkcs11 \
> +	--disable-ctr \
> +	--disable-ccm \
> +	--disable-gcm \
> +	--disable-addrblock \
> +	--disable-unity \
> +	--disable-uci \
> +	--disable-android \
> +	--disable-android-log \
> +	--disable-maemo \
> +	--disable-nm \
> +	--disable-ha \
> +	--disable-whitelist \
> +	--disable-lookip \
> +	--disable-error-notify \
> +	--disable-certexpire \
> +	--disable-led \
> +	--disable-duplicheck \
> +	--disable-coupling \
> +	--disable-radattr \
> +	--disable-vstr \
> +	--disable-monolithic \
> +	--disable-bfd-backtraces \
> +	--enable-dependency-tracking \
> +	--enable-shared \
> +	--disable-static \
> +	--enable-fast-install \
> +	--enable-libtool-lock \
> +	--with-ipseclibdir=/usr/lib
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +STRONGSWAN_PLUGINS := \
> +	libstrongswan-aes.so \
> +	libstrongswan-attr.so \
> +	libstrongswan-cmac.so \
> +	libstrongswan-constraints.so \
> +	libstrongswan-des.so \
> +	libstrongswan-dnskey.so \
> +	libstrongswan-fips-prf.so \
> +	libstrongswan-gmp.so \
> +	libstrongswan-hmac.so \
> +	libstrongswan-kernel-netlink.so \
> +	libstrongswan-md5.so \
> +	libstrongswan-nonce.so \
> +	libstrongswan-pem.so \
> +	libstrongswan-pgp.so \
> +	libstrongswan-pkcs1.so \
> +	libstrongswan-pkcs7.so \
> +	libstrongswan-pkcs8.so \
> +	libstrongswan-pubkey.so \
> +	libstrongswan-random.so \
> +	libstrongswan-resolve.so \
> +	libstrongswan-revocation.so \
> +	libstrongswan-sha1.so \
> +	libstrongswan-sha2.so \
> +	libstrongswan-socket-default.so \
> +	libstrongswan-stroke.so \
> +	libstrongswan-updown.so \
> +	libstrongswan-x509.so \
> +	libstrongswan-xauth-generic.so \
> +	libstrongswan-xcbc.so
> +
> +ifdef PTXCONF_STRONGSWAN_LIBCUR
> +	STRONGSWAN_PLUGINS += libstrongswan-curl.so
> +endif
> +ifdef PTXCONF_STRONGSWAN_AFALG
> +	STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
> +endif
> +
> +$(STATEDIR)/strongswan.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, strongswan)
> +	@$(call install_fixup, strongswan,PRIORITY,optional)
> +	@$(call install_fixup, strongswan,SECTION,base)
> +	@$(call install_fixup, strongswan,AUTHOR,"Christoph Fritz <chf.fritz@googlemail.com>")
> +	@$(call install_fixup, strongswan,DESCRIPTION,missing)
> +
> +	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
> +
> +	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
> +
> +	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
> +
> +	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
> +	@$(call install_lib, strongswan, 0, 0, 0644, libhydra)
> +	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
> +
> +	@$(foreach plugin, $(STRONGSWAN_PLUGINS), \
> +		$(call install_copy, strongswan, 0, 0, 0644, -, \
> +			/usr/lib/plugins/$(plugin));)
> +
> +ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
> +	@$(call install_alternative, strongswan, 0, 0, 0644, \
> +		/lib/systemd/system/strongswan.service)
> +	@$(call install_link, strongswan, ../strongswan.service, \
> +		/lib/systemd/system/multi-user.target.wants/strongswan.service)
> +endif
> +
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/certs)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/crls)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/ocspcerts)
> +	@$(call install_copy, strongswan, 0, 0, 0600, /etc/ipsec.d/private)
> +	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/reqs)
> +
> +	@$(call install_finish, strongswan)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.10.4
> 
> 
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

      reply	other threads:[~2013-03-27 18:10 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-20 21:22 [ptxdist] [PATCH] " Christoph Fritz
2013-03-04 17:04 ` Michael Olbrich
2013-03-05 19:37   ` [ptxdist] [PATCH v2] " Christoph Fritz
2013-03-06  8:21     ` Michael Olbrich
2013-03-06 10:10       ` Christoph Fritz
2013-03-06 12:50         ` Robert Schwebel
2013-03-06 22:54           ` [ptxdist] [PATCH v3] " Christoph Fritz
2013-03-20 11:44             ` Christoph Fritz
2013-03-20 13:49             ` Michael Olbrich
2013-03-26 11:21               ` [ptxdist] [PATCH v4] " Christoph Fritz
2013-03-27 18:10                 ` Michael Olbrich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130327181012.GU1289@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox