From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Thu, 16 Jun 2022 09:53:38 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1o1kJt-003g5U-KT
	for lore@lore.pengutronix.de; Thu, 16 Jun 2022 09:53:38 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1o1kJt-0001L5-UN; Thu, 16 Jun 2022 09:53:37 +0200
Received: from mail.thorsis.com ([92.198.35.195])
 by metis.ext.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1o1kJl-0001Kt-5V
 for ptxdist@pengutronix.de; Thu, 16 Jun 2022 09:53:29 +0200
Date: Thu, 16 Jun 2022 09:53:23 +0200
From: Alexander Dahl <ada@thorsis.com>
To: Lars Pedersen <lapeddk@gmail.com>
Message-ID: <Yqrhc39xY/y/ZkCq@ada.ifak-system.com>
Mail-Followup-To: Lars Pedersen <lapeddk@gmail.com>, ptxdist@pengutronix.de
References: <20220616064235.1163846-1-lapeddk@gmail.com>
 <YqrSUU1TeZJd9wlY@ada-deb-carambola.ifak-system.com>
 <CAKd8=GtPA8q92jZ3k1S_oG56hDTyQ7mc9Bbm-4mSS545RgDpmw@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAKd8=GtPA8q92jZ3k1S_oG56hDTyQ7mc9Bbm-4mSS545RgDpmw@mail.gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE,
 SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
 version=3.4.2
Subject: Re: [ptxdist] [PATCH] strongswan: version bump 5.9.2 -> 5.9.6
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Hello Lars,

Am Thu, Jun 16, 2022 at 09:25:59AM +0200 schrieb Lars Pedersen:
> Hello Alex,
> 
> On Thu, 16 Jun 2022 at 08:48, Alexander Dahl <ada@thorsis.com> wrote:
> >
> > Hello Lars,
> >
> > Am Thu, Jun 16, 2022 at 08:42:35AM +0200 schrieb Lars Pedersen:
> > > New configure options --with-selinux and --disable-kdf
> >
> > That first option is not considered in the patch below, is it?
> 
> --with-selinux is implicitly disabled (without). Should I explicitly
> set it --without-selinux?

Christian already suggested something, but let me answer this
question, because we just discuss the same issue in the RAUC patchset
thread: yes, configure options should be explicitly set in ptxdist.

The reason is package builds should be reproducible:

https://www.ptxdist.org/doc/contributing.html#package-builds-should-be-reproducible

And:

https://www.ptxdist.org/doc/contributing.html#configure-helper

Greets
Alex

> 
> >
> > Greets
> > Alex
> >
> > > Enabled generic modularized KDF (prf/prf+) implementation
> > >
> > > Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
> > > ---
> > >  rules/strongswan.make | 6 ++++--
> > >  1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/rules/strongswan.make b/rules/strongswan.make
> > > index a64e67cc8..2bea6c839 100644
> > > --- a/rules/strongswan.make
> > > +++ b/rules/strongswan.make
> > > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
> > >  #
> > >  # Paths and names
> > >  #
> > > -STRONGSWAN_VERSION   := 5.9.2
> > > -STRONGSWAN_MD5               := 8918e6675e1be3784817641f07eadeb8
> > > +STRONGSWAN_VERSION   := 5.9.6
> > > +STRONGSWAN_MD5               := 0eeb13eda09fb34e9ab5e2bfcfab1211
> > >  STRONGSWAN           := strongswan-$(STRONGSWAN_VERSION)
> > >  STRONGSWAN_SUFFIX    := tar.bz2
> > >  STRONGSWAN_URL               := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> > > @@ -221,6 +221,7 @@ STRONGSWAN_CONF_OPT       := \
> > >       --disable-log-thread-ids \
> > >       --disable-monolithic \
> > >       --disable-defaults \
> > > +     --enable-kdf \
> > >       --enable-dependency-tracking \
> > >       --enable-shared \
> > >       --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
> > > @@ -243,6 +244,7 @@ STRONGSWAN_PLUGINS := \
> > >       libstrongswan-gcm.so \
> > >       libstrongswan-gmp.so \
> > >       libstrongswan-hmac.so \
> > > +     libstrongswan-kdf.so \
> > >       libstrongswan-kernel-netlink.so \
> > >       libstrongswan-nonce.so \
> > >       libstrongswan-pem.so \
> > > --
> > > 2.36.1
> > >
> > >
>