mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH 1/2] strongswan: Always install strongswan.d dir
@ 2022-12-05  8:56 Lars Pedersen
  2022-12-05  8:56 ` [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 Lars Pedersen
  2022-12-15  7:34 ` [ptxdist] [APPLIED] strongswan: Always install strongswan.d dir Michael Olbrich
  0 siblings, 2 replies; 4+ messages in thread
From: Lars Pedersen @ 2022-12-05  8:56 UTC (permalink / raw)
  To: ptxdist; +Cc: Lars Pedersen

The default strongswan.conf loads plugins via
strongswan.d/charon/*.conf files.

Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
---
 rules/strongswan.make | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/strongswan.make b/rules/strongswan.make
index 99f2fae74..07a7ade73 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -312,7 +312,6 @@ endif
 
 ifdef PTXCONF_STRONGSWAN_SWANCTL
 	@$(call install_lib, strongswan, 0, 0, 0644, libvici)
-	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
 	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
 	@$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss)
 	@$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa)
@@ -329,6 +328,7 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL
 	@$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp)
 endif
 
+	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
-- 
2.38.1




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8
  2022-12-05  8:56 [ptxdist] [PATCH 1/2] strongswan: Always install strongswan.d dir Lars Pedersen
@ 2022-12-05  8:56 ` Lars Pedersen
  2022-12-09  8:00   ` Michael Olbrich
  2022-12-15  7:34 ` [ptxdist] [APPLIED] strongswan: Always install strongswan.d dir Michael Olbrich
  1 sibling, 1 reply; 4+ messages in thread
From: Lars Pedersen @ 2022-12-05  8:56 UTC (permalink / raw)
  To: ptxdist; +Cc: Lars Pedersen

Configure options:

* scepclient deprecated and removed
* Disabled AddressSanitizer (--disable-asan)
* New --with-python-sys-prefix unspecified for GNU default values
* New --with-python_prefix unspecified for GNU default values
* New --with-python_exec_prefix unspecified for GNU default values
* Disabled extended compiler warnings (--disable-warnings) because of
  compile error: (OSELAS.Toolchain-2021.07.0)

  cmac.c: In function 'derive_key':
  cmac.c:236:36: error: writing 1 byte into a region of size 0
  [-Werror=stringop-overflow=]
  236 |                 rb.ptr[rb.len - 1] = 0x87;
      |                 ~~~~~~~~~~~~~~~~~~~^~~~~~
  cc1: all warnings being treated as errors

Plugins:

* Fixed missing plugin targetinstall of libstrongswan-acert.so
* Enabled mgf1 since swanctl and starting strongswan gave following
  error:

plugin 'mgf1': failed to load - mgf1_plugin_create not found and no
plugin file available

Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
---
 rules/strongswan.make | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/rules/strongswan.make b/rules/strongswan.make
index 07a7ade73..f8e8236a5 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
 #
 # Paths and names
 #
-STRONGSWAN_VERSION	:= 5.9.6
-STRONGSWAN_MD5		:= 0eeb13eda09fb34e9ab5e2bfcfab1211
+STRONGSWAN_VERSION	:= 5.9.8
+STRONGSWAN_MD5		:= f46b0d3e7aed88824650d0721c887443
 STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
 STRONGSWAN_SUFFIX	:= tar.bz2
 STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
@@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-hmac \
 	--disable-md4 \
 	--disable-md5 \
-	--disable-mgf1 \
+	--enable-mgf1 \
 	--disable-newhope \
 	--enable-nonce \
 	--disable-ntru \
@@ -194,7 +194,6 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-medsrv \
 	--disable-nm \
 	--enable-pki \
-	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
 	--enable-scripts \
 	--disable-svc \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
@@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-kdf \
 	--enable-dependency-tracking \
 	--enable-shared \
+	--disable-warnings \
+	--disable-asan \
 	--$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
 	--with-ipseclibdir=/usr/lib \
@@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
 # ----------------------------------------------------------------------------
 
 STRONGSWAN_PLUGINS := \
+	libstrongswan-acert.so \
 	libstrongswan-aes.so \
 	libstrongswan-attr.so \
 	libstrongswan-cmac.so \
@@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \
 	libstrongswan-hmac.so \
 	libstrongswan-kdf.so \
 	libstrongswan-kernel-netlink.so \
+	libstrongswan-mgf1.so \
 	libstrongswan-nonce.so \
 	libstrongswan-pem.so \
 	libstrongswan-pgp.so \
-- 
2.38.1




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8
  2022-12-05  8:56 ` [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 Lars Pedersen
@ 2022-12-09  8:00   ` Michael Olbrich
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2022-12-09  8:00 UTC (permalink / raw)
  To: Lars Pedersen; +Cc: ptxdist

On Mon, Dec 05, 2022 at 09:56:44AM +0100, Lars Pedersen wrote:
> Configure options:
> 
> * scepclient deprecated and removed
> * Disabled AddressSanitizer (--disable-asan)
> * New --with-python-sys-prefix unspecified for GNU default values
> * New --with-python_prefix unspecified for GNU default values
> * New --with-python_exec_prefix unspecified for GNU default values
> * Disabled extended compiler warnings (--disable-warnings) because of
>   compile error: (OSELAS.Toolchain-2021.07.0)
> 
>   cmac.c: In function 'derive_key':
>   cmac.c:236:36: error: writing 1 byte into a region of size 0
>   [-Werror=stringop-overflow=]
>   236 |                 rb.ptr[rb.len - 1] = 0x87;
>       |                 ~~~~~~~~~~~~~~~~~~~^~~~~~
>   cc1: all warnings being treated as errors
> 
> Plugins:
> 
> * Fixed missing plugin targetinstall of libstrongswan-acert.so
> * Enabled mgf1 since swanctl and starting strongswan gave following
>   error:
> 
> plugin 'mgf1': failed to load - mgf1_plugin_create not found and no
> plugin file available

My sanity checker complains that /usr/bin/pki (installed by this package)
uses libtls.so.0 which is not in the rootfs. That's also provided by this
package, so it needs to be installed as well (or don't install pki, I have
no idea it it's needed).

Michael

> Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
> ---
>  rules/strongswan.make | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> index 07a7ade73..f8e8236a5 100644
> --- a/rules/strongswan.make
> +++ b/rules/strongswan.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
>  #
>  # Paths and names
>  #
> -STRONGSWAN_VERSION	:= 5.9.6
> -STRONGSWAN_MD5		:= 0eeb13eda09fb34e9ab5e2bfcfab1211
> +STRONGSWAN_VERSION	:= 5.9.8
> +STRONGSWAN_MD5		:= f46b0d3e7aed88824650d0721c887443
>  STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
>  STRONGSWAN_SUFFIX	:= tar.bz2
>  STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> @@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-hmac \
>  	--disable-md4 \
>  	--disable-md5 \
> -	--disable-mgf1 \
> +	--enable-mgf1 \
>  	--disable-newhope \
>  	--enable-nonce \
>  	--disable-ntru \
> @@ -194,7 +194,6 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-medsrv \
>  	--disable-nm \
>  	--enable-pki \
> -	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
>  	--enable-scripts \
>  	--disable-svc \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
> @@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-kdf \
>  	--enable-dependency-tracking \
>  	--enable-shared \
> +	--disable-warnings \
> +	--disable-asan \
>  	--$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
>  	--with-ipseclibdir=/usr/lib \
> @@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
>  # ----------------------------------------------------------------------------
>  
>  STRONGSWAN_PLUGINS := \
> +	libstrongswan-acert.so \
>  	libstrongswan-aes.so \
>  	libstrongswan-attr.so \
>  	libstrongswan-cmac.so \
> @@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \
>  	libstrongswan-hmac.so \
>  	libstrongswan-kdf.so \
>  	libstrongswan-kernel-netlink.so \
> +	libstrongswan-mgf1.so \
>  	libstrongswan-nonce.so \
>  	libstrongswan-pem.so \
>  	libstrongswan-pgp.so \
> -- 
> 2.38.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [APPLIED] strongswan: Always install strongswan.d dir
  2022-12-05  8:56 [ptxdist] [PATCH 1/2] strongswan: Always install strongswan.d dir Lars Pedersen
  2022-12-05  8:56 ` [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 Lars Pedersen
@ 2022-12-15  7:34 ` Michael Olbrich
  1 sibling, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2022-12-15  7:34 UTC (permalink / raw)
  To: ptxdist; +Cc: Lars Pedersen

Thanks, applied as 4b88e91e28e84a77e55237b1c3f2053de9fa8869.

Michael

[sent from post-receive hook]

On Thu, 15 Dec 2022 08:34:52 +0100, Lars Pedersen <lapeddk@gmail.com> wrote:
> The default strongswan.conf loads plugins via
> strongswan.d/charon/*.conf files.
> 
> Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
> Message-Id: <20221205085644.221422-1-lapeddk@gmail.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> index 99f2fae74143..07a7ade73748 100644
> --- a/rules/strongswan.make
> +++ b/rules/strongswan.make
> @@ -312,7 +312,6 @@ endif
>  
>  ifdef PTXCONF_STRONGSWAN_SWANCTL
>  	@$(call install_lib, strongswan, 0, 0, 0644, libvici)
> -	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
>  	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
>  	@$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss)
>  	@$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa)
> @@ -329,6 +328,7 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL
>  	@$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp)
>  endif
>  
> +	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-12-15  7:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-05  8:56 [ptxdist] [PATCH 1/2] strongswan: Always install strongswan.d dir Lars Pedersen
2022-12-05  8:56 ` [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 Lars Pedersen
2022-12-09  8:00   ` Michael Olbrich
2022-12-15  7:34 ` [ptxdist] [APPLIED] strongswan: Always install strongswan.d dir Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox