* [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 @ 2020-01-13 12:55 Lars Pedersen 2020-02-01 6:46 ` Michael Olbrich 0 siblings, 1 reply; 5+ messages in thread From: Lars Pedersen @ 2020-01-13 12:55 UTC (permalink / raw) To: ptxdist; +Cc: Lars Pedersen Add swanctl support which replaces the old starter, ipsec and stroke backend. Swanctl is only tested with systemd. https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd Signed-off-by: Lars Pedersen <lapeddk@gmail.com> --- v3: - Removed unnecessary configuration options - Install/enable strongswan systemd service if systemd is used - Use install_alternative for conf.d folder and swanctl.conf - Enabling swanctl installs default folder structure like fedora v2: - Install_lib and plugins installed like before - Set rpath to /usr/lib/plugins - Add license_files field rules/strongswan.in | 9 +++++-- rules/strongswan.make | 59 +++++++++++++++++++++++++++++++++---------- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/rules/strongswan.in b/rules/strongswan.in index d0e660c57..8b1adff65 100644 --- a/rules/strongswan.in +++ b/rules/strongswan.in @@ -49,9 +49,14 @@ config STRONGSWAN_AFALG config STRONGSWAN_SYSTEMD_UNIT bool default y - # uses old systemd-daemon / libsystemd-journal libs - depends on BROKEN depends on INITMETHOD_SYSTEMD prompt "install systemd service file" +config STRONGSWAN_SWANCTL + bool + prompt "Use swanctl for configuration" + help + Swanctl is a new, portable command line utility to configure, + control and monitor the IKE daemon charon using the vici interface. + endif diff --git a/rules/strongswan.make b/rules/strongswan.make index 90db7bef7..1bf78b2b0 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan # # Paths and names # -STRONGSWAN_VERSION := 5.6.1 -STRONGSWAN_MD5 := cb2241f1b96c524cd15b1c0f50ed9a27 +STRONGSWAN_VERSION := 5.8.2 +STRONGSWAN_MD5 := d94eac2caed51b0cc776e5887b10bace STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) STRONGSWAN_SUFFIX := tar.bz2 STRONGSWAN_URL := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN) STRONGSWAN_LICENSE := GPL +STRONGSWAN_LICENSE_FILES := \ + file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 # ---------------------------------------------------------------------------- # Prepare @@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT := \ --$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \ --disable-bliss \ --disable-blowfish \ + --disable-botan \ --disable-ccm \ --disable-chapoly \ --enable-cmac \ --disable-ctr \ --disable-des \ + --disable-drbg \ --enable-fips-prf \ --enable-gcm \ --disable-gcrypt \ @@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT := \ --enable-nonce \ --disable-ntru \ --$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \ + --disable-wolfssl \ --disable-padlock \ --enable-random \ --disable-rc2 \ @@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT := \ --enable-socket-default \ --disable-socket-dynamic \ --disable-socket-win \ - --enable-stroke \ + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \ --disable-smp \ --disable-sql \ --disable-uci \ - --disable-vici \ + --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \ --disable-android-dns \ --enable-attr \ --disable-attr-sql \ @@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT := \ --disable-imv-os \ --disable-imc-attestation \ --disable-imv-attestation \ - --disable-imc-swid \ - --disable-imv-swid \ --disable-imc-swima \ --disable-imv-swima \ --disable-imc-hcd \ @@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT := \ --disable-load-tester \ --disable-lookip \ --disable-radattr \ + --disable-save-keys \ --disable-systime-fix \ --disable-test-vectors \ --enable-updown \ --disable-aikgen \ - --enable-charon \ + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \ --disable-cmd \ --disable-conftest \ - --disable-dumm \ --disable-fast \ --disable-fuzzing \ --disable-libipsec \ @@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT := \ --disable-medsrv \ --disable-nm \ --enable-pki \ - --enable-scepclient \ + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \ --enable-scripts \ --disable-svc \ --$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \ - --disable-swanctl \ --disable-tkm \ --disable-bfd-backtraces \ --disable-dbghelp-backtraces \ @@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT := \ --disable-defaults \ --enable-dependency-tracking \ --enable-shared \ + --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \ --with-ipseclibdir=/usr/lib \ --with-systemdsystemunitdir=/usr/lib/systemd/system +STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins + # ---------------------------------------------------------------------------- # Target-Install # ---------------------------------------------------------------------------- @@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \ libstrongswan-sha1.so \ libstrongswan-sha2.so \ libstrongswan-socket-default.so \ - libstrongswan-stroke.so \ libstrongswan-updown.so \ libstrongswan-x509.so \ libstrongswan-xauth-generic.so \ libstrongswan-xcbc.so +ifdef PTXCONF_STRONGSWAN_SWANCTL + STRONGSWAN_PLUGINS += libstrongswan-vici.so +else + STRONGSWAN_PLUGINS += libstrongswan-stroke.so +endif + ifdef PTXCONF_STRONGSWAN_LIBCURL STRONGSWAN_PLUGINS += libstrongswan-curl.so endif @@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall: @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) - @$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec) - - @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec) + @$(call install_tree, strongswan, 0, 0, -, /usr/bin) + @$(call install_tree, strongswan, 0, 0, -, /usr/libexec) + @$(call install_tree, strongswan, 0, 0, -, /usr/sbin) @$(call install_lib, strongswan, 0, 0, 0644, libcharon) @$(call install_lib, strongswan, 0, 0, 0644, libstrongswan) @@ -296,6 +307,26 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT /usr/lib/systemd/system/multi-user.target.wants/strongswan.service) endif +ifdef PTXCONF_STRONGSWAN_SWANCTL + @$(call install_lib, strongswan, 0, 0, 0644, libvici) + @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) + @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) + @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) +endif + @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts) @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts) -- 2.24.1 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 2020-01-13 12:55 [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 Lars Pedersen @ 2020-02-01 6:46 ` Michael Olbrich 2020-02-03 8:38 ` Lars Pedersen 0 siblings, 1 reply; 5+ messages in thread From: Michael Olbrich @ 2020-02-01 6:46 UTC (permalink / raw) To: ptxdist On Mon, Jan 13, 2020 at 01:55:12PM +0100, Lars Pedersen wrote: > Add swanctl support which replaces the old starter, ipsec and stroke > backend. Swanctl is only tested with systemd. > https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd > > Signed-off-by: Lars Pedersen <lapeddk@gmail.com> > --- > v3: > - Removed unnecessary configuration options > - Install/enable strongswan systemd service if systemd is used > - Use install_alternative for conf.d folder and swanctl.conf > - Enabling swanctl installs default folder structure like fedora > > v2: > - Install_lib and plugins installed like before > - Set rpath to /usr/lib/plugins > - Add license_files field > > rules/strongswan.in | 9 +++++-- > rules/strongswan.make | 59 +++++++++++++++++++++++++++++++++---------- > 2 files changed, 52 insertions(+), 16 deletions(-) > > diff --git a/rules/strongswan.in b/rules/strongswan.in > index d0e660c57..8b1adff65 100644 > --- a/rules/strongswan.in > +++ b/rules/strongswan.in > @@ -49,9 +49,14 @@ config STRONGSWAN_AFALG > config STRONGSWAN_SYSTEMD_UNIT > bool > default y > - # uses old systemd-daemon / libsystemd-journal libs > - depends on BROKEN > depends on INITMETHOD_SYSTEMD > prompt "install systemd service file" > > +config STRONGSWAN_SWANCTL > + bool > + prompt "Use swanctl for configuration" > + help > + Swanctl is a new, portable command line utility to configure, > + control and monitor the IKE daemon charon using the vici interface. > + > endif > diff --git a/rules/strongswan.make b/rules/strongswan.make > index 90db7bef7..1bf78b2b0 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan > # > # Paths and names > # > -STRONGSWAN_VERSION := 5.6.1 > -STRONGSWAN_MD5 := cb2241f1b96c524cd15b1c0f50ed9a27 > +STRONGSWAN_VERSION := 5.8.2 > +STRONGSWAN_MD5 := d94eac2caed51b0cc776e5887b10bace > STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) > STRONGSWAN_SUFFIX := tar.bz2 > STRONGSWAN_URL := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN) > STRONGSWAN_LICENSE := GPL > +STRONGSWAN_LICENSE_FILES := \ > + file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \ > + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 > > # ---------------------------------------------------------------------------- > # Prepare > @@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT := \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \ > --disable-bliss \ > --disable-blowfish \ > + --disable-botan \ > --disable-ccm \ > --disable-chapoly \ > --enable-cmac \ > --disable-ctr \ > --disable-des \ > + --disable-drbg \ > --enable-fips-prf \ > --enable-gcm \ > --disable-gcrypt \ > @@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT := \ > --enable-nonce \ > --disable-ntru \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \ > + --disable-wolfssl \ > --disable-padlock \ > --enable-random \ > --disable-rc2 \ > @@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT := \ > --enable-socket-default \ > --disable-socket-dynamic \ > --disable-socket-win \ > - --enable-stroke \ > + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \ > --disable-smp \ > --disable-sql \ > --disable-uci \ > - --disable-vici \ > + --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \ > --disable-android-dns \ > --enable-attr \ > --disable-attr-sql \ > @@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT := \ > --disable-imv-os \ > --disable-imc-attestation \ > --disable-imv-attestation \ > - --disable-imc-swid \ > - --disable-imv-swid \ > --disable-imc-swima \ > --disable-imv-swima \ > --disable-imc-hcd \ > @@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT := \ > --disable-load-tester \ > --disable-lookip \ > --disable-radattr \ > + --disable-save-keys \ > --disable-systime-fix \ > --disable-test-vectors \ > --enable-updown \ > --disable-aikgen \ > - --enable-charon \ > + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \ > --disable-cmd \ > --disable-conftest \ > - --disable-dumm \ > --disable-fast \ > --disable-fuzzing \ > --disable-libipsec \ > @@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT := \ > --disable-medsrv \ > --disable-nm \ > --enable-pki \ > - --enable-scepclient \ > + --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \ > --enable-scripts \ > --disable-svc \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \ > - --disable-swanctl \ > --disable-tkm \ > --disable-bfd-backtraces \ > --disable-dbghelp-backtraces \ > @@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT := \ > --disable-defaults \ > --enable-dependency-tracking \ > --enable-shared \ > + --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \ > --with-ipseclibdir=/usr/lib \ > --with-systemdsystemunitdir=/usr/lib/systemd/system > > +STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins > + > # ---------------------------------------------------------------------------- > # Target-Install > # ---------------------------------------------------------------------------- > @@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \ > libstrongswan-sha1.so \ > libstrongswan-sha2.so \ > libstrongswan-socket-default.so \ > - libstrongswan-stroke.so \ > libstrongswan-updown.so \ > libstrongswan-x509.so \ > libstrongswan-xauth-generic.so \ > libstrongswan-xcbc.so > > +ifdef PTXCONF_STRONGSWAN_SWANCTL > + STRONGSWAN_PLUGINS += libstrongswan-vici.so > +else > + STRONGSWAN_PLUGINS += libstrongswan-stroke.so > +endif > + > ifdef PTXCONF_STRONGSWAN_LIBCURL > STRONGSWAN_PLUGINS += libstrongswan-curl.so > endif > @@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall: > > @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) > > - @$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec) > - > - @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec) > + @$(call install_tree, strongswan, 0, 0, -, /usr/bin) > + @$(call install_tree, strongswan, 0, 0, -, /usr/libexec) > + @$(call install_tree, strongswan, 0, 0, -, /usr/sbin) > > @$(call install_lib, strongswan, 0, 0, 0644, libcharon) > @$(call install_lib, strongswan, 0, 0, 0644, libstrongswan) > @@ -296,6 +307,26 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT > /usr/lib/systemd/system/multi-user.target.wants/strongswan.service) > endif > > +ifdef PTXCONF_STRONGSWAN_SWANCTL > + @$(call install_lib, strongswan, 0, 0, 0644, libvici) > + @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) > + @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) > + @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d) /etc/swanctl/conf.d does not exist here. From the naming, I expect this to be a directory to extend swanctl.conf. If that is the case, then just remove this here. If someone needs this instead of overwriting swanctl.conf, then an auxiliary package can be used. I can do a local fixup, if this is ok with you. No need to resend. Michael > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) > + @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) > + @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) > +endif > + > @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) > @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts) > @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts) > -- > 2.24.1 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 2020-02-01 6:46 ` Michael Olbrich @ 2020-02-03 8:38 ` Lars Pedersen 2020-02-17 10:19 ` Michael Olbrich 0 siblings, 1 reply; 5+ messages in thread From: Lars Pedersen @ 2020-02-03 8:38 UTC (permalink / raw) To: ptxdist, m.olbrich On Sat, 1 Feb 2020 at 07:47, Michael Olbrich <m.olbrich@pengutronix.de> wrote: > > +ifdef PTXCONF_STRONGSWAN_SWANCTL > > + @$(call install_lib, strongswan, 0, 0, 0644, libvici) > > + @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) > > + @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) > > + @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d) > > /etc/swanctl/conf.d does not exist here. From the naming, I expect this to > be a directory to extend swanctl.conf. If that is the case, then just > remove this here. > If someone needs this instead of overwriting swanctl.conf, then an > auxiliary package can be used. > > I can do a local fixup, if this is ok with you. No need to resend. > > Michael You are correct that the conf.d directory only extends swanctl.conf. https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlDirectory "conf.d Config snippets, included via include conf.d/*.conf in the default swanctl.conf file since 5.6.0" So your fixup sounds fine by me. /Lars Pedersen _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 2020-02-03 8:38 ` Lars Pedersen @ 2020-02-17 10:19 ` Michael Olbrich 2020-02-17 12:44 ` Lars Pedersen 0 siblings, 1 reply; 5+ messages in thread From: Michael Olbrich @ 2020-02-17 10:19 UTC (permalink / raw) To: Lars Pedersen; +Cc: ptxdist On Mon, Feb 03, 2020 at 09:38:20AM +0100, Lars Pedersen wrote: > On Sat, 1 Feb 2020 at 07:47, Michael Olbrich <m.olbrich@pengutronix.de> wrote: > > > +ifdef PTXCONF_STRONGSWAN_SWANCTL > > > + @$(call install_lib, strongswan, 0, 0, 0644, libvici) > > > + @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) > > > + @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) > > > + @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d) > > > > /etc/swanctl/conf.d does not exist here. From the naming, I expect this to > > be a directory to extend swanctl.conf. If that is the case, then just > > remove this here. > > If someone needs this instead of overwriting swanctl.conf, then an > > auxiliary package can be used. > > > > I can do a local fixup, if this is ok with you. No need to resend. > > > > Michael > > You are correct that the conf.d directory only extends swanctl.conf. > > https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlDirectory > "conf.d Config snippets, included via include conf.d/*.conf in the > default swanctl.conf file since 5.6.0" > > So your fixup sounds fine by me. So, I merged this. But now building fails because swanctl needs src/libcharon/plugins/vici/libvici.la and that is not built when systemd is disabled. I think the internal handling for libcharon is broken. What do you think is the correct fix here? Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 2020-02-17 10:19 ` Michael Olbrich @ 2020-02-17 12:44 ` Lars Pedersen 0 siblings, 0 replies; 5+ messages in thread From: Lars Pedersen @ 2020-02-17 12:44 UTC (permalink / raw) To: m.olbrich; +Cc: ptxdist I'll will create a patch that proposes a fix. I found out that strongswan always need either charon (enable-charon option) or charon-systemd(enable-systemd option). So the bug was that both were disabled when using swanctl without systemd. /Lars Pedersen. On Mon, 17 Feb 2020 at 11:19, Michael Olbrich <m.olbrich@pengutronix.de> wrote: > So, I merged this. But now building fails because swanctl needs > src/libcharon/plugins/vici/libvici.la and that is not built when systemd is > disabled. I think the internal handling for libcharon is broken. What do > you think is the correct fix here? > > Michael > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-17 12:44 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-01-13 12:55 [ptxdist] [PATCH v3] strongswan: Version bump 5.6.1 -> 5.8.2 Lars Pedersen 2020-02-01 6:46 ` Michael Olbrich 2020-02-03 8:38 ` Lars Pedersen 2020-02-17 10:19 ` Michael Olbrich 2020-02-17 12:44 ` Lars Pedersen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox