[ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[Lars Pedersen]

Add swanctl support which replaces the old starter, ipsec and stroke
backend. Swanctl is only tested with systemd.
https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd

Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
---
v3:
- Removed unnecessary configuration options
- Install/enable strongswan systemd service if systemd is used
- Use install_alternative for conf.d folder and swanctl.conf
- Enabling swanctl installs default folder structure like fedora

v2:
- Install_lib and plugins installed like before
- Set rpath to /usr/lib/plugins
- Add license_files field

 rules/strongswan.in   |  9 +++++--
 rules/strongswan.make | 59 +++++++++++++++++++++++++++++++++----------
 2 files changed, 52 insertions(+), 16 deletions(-)

diff --git a/rules/strongswan.in b/rules/strongswan.in
index d0e660c57..8b1adff65 100644
--- a/rules/strongswan.in
+++ b/rules/strongswan.in
@@ -49,9 +49,14 @@ config STRONGSWAN_AFALG
 config STRONGSWAN_SYSTEMD_UNIT
 	bool
 	default y
-	# uses old systemd-daemon / libsystemd-journal libs
-	depends on BROKEN
 	depends on INITMETHOD_SYSTEMD
 	prompt "install systemd service file"
 
+config STRONGSWAN_SWANCTL
+	bool
+	prompt "Use swanctl for configuration"
+	help
+	  Swanctl is a new, portable command line utility to configure,
+	  control and monitor the IKE daemon charon using the vici interface.
+
 endif
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 90db7bef7..1bf78b2b0 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
 #
 # Paths and names
 #
-STRONGSWAN_VERSION	:= 5.6.1
-STRONGSWAN_MD5		:= cb2241f1b96c524cd15b1c0f50ed9a27
+STRONGSWAN_VERSION	:= 5.8.2
+STRONGSWAN_MD5		:= d94eac2caed51b0cc776e5887b10bace
 STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
 STRONGSWAN_SUFFIX	:= tar.bz2
 STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
 STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
 STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
 STRONGSWAN_LICENSE	:= GPL
+STRONGSWAN_LICENSE_FILES	:= \
+	file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \
+	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT	:= \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
 	--disable-bliss \
 	--disable-blowfish \
+	--disable-botan \
 	--disable-ccm \
 	--disable-chapoly \
 	--enable-cmac \
 	--disable-ctr \
 	--disable-des \
+	--disable-drbg \
 	--enable-fips-prf \
 	--enable-gcm \
 	--disable-gcrypt \
@@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-nonce \
 	--disable-ntru \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \
+	--disable-wolfssl \
 	--disable-padlock \
 	--enable-random \
 	--disable-rc2 \
@@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-socket-default \
 	--disable-socket-dynamic \
 	--disable-socket-win \
-	--enable-stroke \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \
 	--disable-smp \
 	--disable-sql \
 	--disable-uci \
-	--disable-vici \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \
 	--disable-android-dns \
 	--enable-attr \
 	--disable-attr-sql \
@@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-imv-os \
 	--disable-imc-attestation \
 	--disable-imv-attestation \
-	--disable-imc-swid \
-	--disable-imv-swid \
 	--disable-imc-swima \
 	--disable-imv-swima \
 	--disable-imc-hcd \
@@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-load-tester \
 	--disable-lookip \
 	--disable-radattr \
+	--disable-save-keys \
 	--disable-systime-fix \
 	--disable-test-vectors \
 	--enable-updown \
 	--disable-aikgen \
-	--enable-charon \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \
 	--disable-cmd \
 	--disable-conftest \
-	--disable-dumm \
 	--disable-fast \
 	--disable-fuzzing \
 	--disable-libipsec \
@@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-medsrv \
 	--disable-nm \
 	--enable-pki \
-	--enable-scepclient \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
 	--enable-scripts \
 	--disable-svc \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
-	--disable-swanctl \
 	--disable-tkm \
 	--disable-bfd-backtraces \
 	--disable-dbghelp-backtraces \
@@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-defaults \
 	--enable-dependency-tracking \
 	--enable-shared \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
 	--with-ipseclibdir=/usr/lib \
 	--with-systemdsystemunitdir=/usr/lib/systemd/system
 
+STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
+
 # ----------------------------------------------------------------------------
 # Target-Install
 # ----------------------------------------------------------------------------
@@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \
 	libstrongswan-sha1.so \
 	libstrongswan-sha2.so \
 	libstrongswan-socket-default.so \
-	libstrongswan-stroke.so \
 	libstrongswan-updown.so \
 	libstrongswan-x509.so \
 	libstrongswan-xauth-generic.so \
 	libstrongswan-xcbc.so
 
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+	STRONGSWAN_PLUGINS += libstrongswan-vici.so
+else
+	STRONGSWAN_PLUGINS += libstrongswan-stroke.so
+endif
+
 ifdef PTXCONF_STRONGSWAN_LIBCURL
 	STRONGSWAN_PLUGINS += libstrongswan-curl.so
 endif
@@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall:
 
 	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
 
-	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
-
-	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/bin)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/sbin)
 
 	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
 	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
@@ -296,6 +307,26 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
 		/usr/lib/systemd/system/multi-user.target.wants/strongswan.service)
 endif
 
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+	@$(call install_lib, strongswan, 0, 0, 0644, libvici)
+	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
+	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
+	@$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp)
+endif
+
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
-- 
2.24.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[Michael Olbrich]

On Mon, Jan 13, 2020 at 01:55:12PM +0100, Lars Pedersen wrote:
> Add swanctl support which replaces the old starter, ipsec and stroke
> backend. Swanctl is only tested with systemd.
> https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
> 
> Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
> ---
> v3:
> - Removed unnecessary configuration options
> - Install/enable strongswan systemd service if systemd is used
> - Use install_alternative for conf.d folder and swanctl.conf
> - Enabling swanctl installs default folder structure like fedora
> 
> v2:
> - Install_lib and plugins installed like before
> - Set rpath to /usr/lib/plugins
> - Add license_files field
> 
>  rules/strongswan.in   |  9 +++++--
>  rules/strongswan.make | 59 +++++++++++++++++++++++++++++++++----------
>  2 files changed, 52 insertions(+), 16 deletions(-)
> 
> diff --git a/rules/strongswan.in b/rules/strongswan.in
> index d0e660c57..8b1adff65 100644
> --- a/rules/strongswan.in
> +++ b/rules/strongswan.in
> @@ -49,9 +49,14 @@ config STRONGSWAN_AFALG
>  config STRONGSWAN_SYSTEMD_UNIT
>  	bool
>  	default y
> -	# uses old systemd-daemon / libsystemd-journal libs
> -	depends on BROKEN
>  	depends on INITMETHOD_SYSTEMD
>  	prompt "install systemd service file"
>  
> +config STRONGSWAN_SWANCTL
> +	bool
> +	prompt "Use swanctl for configuration"
> +	help
> +	  Swanctl is a new, portable command line utility to configure,
> +	  control and monitor the IKE daemon charon using the vici interface.
> +
>  endif
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> index 90db7bef7..1bf78b2b0 100644
> --- a/rules/strongswan.make
> +++ b/rules/strongswan.make
> @@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
>  #
>  # Paths and names
>  #
> -STRONGSWAN_VERSION	:= 5.6.1
> -STRONGSWAN_MD5		:= cb2241f1b96c524cd15b1c0f50ed9a27
> +STRONGSWAN_VERSION	:= 5.8.2
> +STRONGSWAN_MD5		:= d94eac2caed51b0cc776e5887b10bace
>  STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
>  STRONGSWAN_SUFFIX	:= tar.bz2
>  STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
>  STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
>  STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
>  STRONGSWAN_LICENSE	:= GPL
> +STRONGSWAN_LICENSE_FILES	:= \
> +	file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \
> +	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> @@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT	:= \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
>  	--disable-bliss \
>  	--disable-blowfish \
> +	--disable-botan \
>  	--disable-ccm \
>  	--disable-chapoly \
>  	--enable-cmac \
>  	--disable-ctr \
>  	--disable-des \
> +	--disable-drbg \
>  	--enable-fips-prf \
>  	--enable-gcm \
>  	--disable-gcrypt \
> @@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-nonce \
>  	--disable-ntru \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \
> +	--disable-wolfssl \
>  	--disable-padlock \
>  	--enable-random \
>  	--disable-rc2 \
> @@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-socket-default \
>  	--disable-socket-dynamic \
>  	--disable-socket-win \
> -	--enable-stroke \
> +	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \
>  	--disable-smp \
>  	--disable-sql \
>  	--disable-uci \
> -	--disable-vici \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \
>  	--disable-android-dns \
>  	--enable-attr \
>  	--disable-attr-sql \
> @@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-imv-os \
>  	--disable-imc-attestation \
>  	--disable-imv-attestation \
> -	--disable-imc-swid \
> -	--disable-imv-swid \
>  	--disable-imc-swima \
>  	--disable-imv-swima \
>  	--disable-imc-hcd \
> @@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-load-tester \
>  	--disable-lookip \
>  	--disable-radattr \
> +	--disable-save-keys \
>  	--disable-systime-fix \
>  	--disable-test-vectors \
>  	--enable-updown \
>  	--disable-aikgen \
> -	--enable-charon \
> +	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \
>  	--disable-cmd \
>  	--disable-conftest \
> -	--disable-dumm \
>  	--disable-fast \
>  	--disable-fuzzing \
>  	--disable-libipsec \
> @@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-medsrv \
>  	--disable-nm \
>  	--enable-pki \
> -	--enable-scepclient \
> +	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
>  	--enable-scripts \
>  	--disable-svc \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
> -	--disable-swanctl \
>  	--disable-tkm \
>  	--disable-bfd-backtraces \
>  	--disable-dbghelp-backtraces \
> @@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-defaults \
>  	--enable-dependency-tracking \
>  	--enable-shared \
> +	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
>  	--with-ipseclibdir=/usr/lib \
>  	--with-systemdsystemunitdir=/usr/lib/systemd/system
>  
> +STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
> +
>  # ----------------------------------------------------------------------------
>  # Target-Install
>  # ----------------------------------------------------------------------------
> @@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \
>  	libstrongswan-sha1.so \
>  	libstrongswan-sha2.so \
>  	libstrongswan-socket-default.so \
> -	libstrongswan-stroke.so \
>  	libstrongswan-updown.so \
>  	libstrongswan-x509.so \
>  	libstrongswan-xauth-generic.so \
>  	libstrongswan-xcbc.so
>  
> +ifdef PTXCONF_STRONGSWAN_SWANCTL
> +	STRONGSWAN_PLUGINS += libstrongswan-vici.so
> +else
> +	STRONGSWAN_PLUGINS += libstrongswan-stroke.so
> +endif
> +
>  ifdef PTXCONF_STRONGSWAN_LIBCURL
>  	STRONGSWAN_PLUGINS += libstrongswan-curl.so
>  endif
> @@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall:
>  
>  	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
>  
> -	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
> -
> -	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
> +	@$(call install_tree, strongswan, 0, 0, -, /usr/bin)
> +	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec)
> +	@$(call install_tree, strongswan, 0, 0, -, /usr/sbin)
>  
>  	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
>  	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
> @@ -296,6 +307,26 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
>  		/usr/lib/systemd/system/multi-user.target.wants/strongswan.service)
>  endif
>  
> +ifdef PTXCONF_STRONGSWAN_SWANCTL
> +	@$(call install_lib, strongswan, 0, 0, 0644, libvici)
> +	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
> +	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
> +	@$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d)

/etc/swanctl/conf.d does not exist here. From the naming, I expect this to
be a directory to extend swanctl.conf. If that is the case, then just
remove this here.
If someone needs this instead of overwriting swanctl.conf, then an
auxiliary package can be used.

I can do a local fixup, if this is ok with you. No need to resend.

Michael

> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss)
> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa)
> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12)
> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8)
> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey)
> +	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl)
> +	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp)
> +endif
> +
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
>  	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
> -- 
> 2.24.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[Lars Pedersen]

On Sat, 1 Feb 2020 at 07:47, Michael Olbrich <m.olbrich@pengutronix.de> wrote:
> > +ifdef PTXCONF_STRONGSWAN_SWANCTL
> > +     @$(call install_lib, strongswan, 0, 0, 0644, libvici)
> > +     @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
> > +     @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
> > +     @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d)
>
> /etc/swanctl/conf.d does not exist here. From the naming, I expect this to
> be a directory to extend swanctl.conf. If that is the case, then just
> remove this here.
> If someone needs this instead of overwriting swanctl.conf, then an
> auxiliary package can be used.
>
> I can do a local fixup, if this is ok with you. No need to resend.
>
> Michael

You are correct that the conf.d directory only extends swanctl.conf.

https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlDirectory
"conf.d Config snippets, included via include conf.d/*.conf in the
default swanctl.conf file since 5.6.0"

So your fixup sounds fine by me.

/Lars Pedersen

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[Michael Olbrich]

On Mon, Feb 03, 2020 at 09:38:20AM +0100, Lars Pedersen wrote:
> On Sat, 1 Feb 2020 at 07:47, Michael Olbrich <m.olbrich@pengutronix.de> wrote:
> > > +ifdef PTXCONF_STRONGSWAN_SWANCTL
> > > +     @$(call install_lib, strongswan, 0, 0, 0644, libvici)
> > > +     @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
> > > +     @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
> > > +     @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d)
> >
> > /etc/swanctl/conf.d does not exist here. From the naming, I expect this to
> > be a directory to extend swanctl.conf. If that is the case, then just
> > remove this here.
> > If someone needs this instead of overwriting swanctl.conf, then an
> > auxiliary package can be used.
> >
> > I can do a local fixup, if this is ok with you. No need to resend.
> >
> > Michael
> 
> You are correct that the conf.d directory only extends swanctl.conf.
> 
> https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlDirectory
> "conf.d Config snippets, included via include conf.d/*.conf in the
> default swanctl.conf file since 5.6.0"
> 
> So your fixup sounds fine by me.

So, I merged this. But now building fails because swanctl needs
src/libcharon/plugins/vici/libvici.la and that is not built when systemd is
disabled. I think the internal handling for libcharon is broken. What do
you think is the correct fix here?

Michael

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2

[Lars Pedersen]

I'll will create a patch that proposes a fix. I found out that
strongswan always need either charon (enable-charon option) or
charon-systemd(enable-systemd option). So the bug was that both were
disabled when using swanctl without systemd.

/Lars Pedersen.

On Mon, 17 Feb 2020 at 11:19, Michael Olbrich <m.olbrich@pengutronix.de> wrote:
> So, I merged this. But now building fails because swanctl needs
> src/libcharon/plugins/vici/libvici.la and that is not built when systemd is
> disabled. I think the internal handling for libcharon is broken. What do
> you think is the correct fix here?
>
> Michael
>
> --
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de