include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
-PKG_VERSION:=5.9.1
-PKG_RELEASE:=3
+PKG_VERSION:=5.9.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
-PKG_HASH:=a337c9fb63d973b8440827755c784031648bf423b7114a04918b0b00fd42cafb
+PKG_HASH:=61c72f741edb2c1295a7b7ccce0317a104b3f9d39efd04c52cd05b01b55ab063
PKG_LICENSE:=GPL-2.0-or-later
-PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
+PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
PKG_CPE_ID:=cpe:/a:strongswan:strongswan
PKG_MOD_AVAILABLE:= \
agent \
attr \
attr-sql \
+ bliss \
blowfish \
ccm \
+ chapoly \
cmac \
constraints \
connmark \
nonce \
md4 \
md5 \
+ mgf1 \
mysql \
+ newhope \
+ ntru \
openssl \
pem \
pgp \
revocation \
sha1 \
sha2 \
+ sha3 \
smp \
socket-default \
socket-dynamic \
+strongswan-charon \
+strongswan-charon-cmd \
+strongswan-ipsec \
+ +strongswan-libnttfft \
+strongswan-mod-addrblock \
+strongswan-mod-aes \
+strongswan-mod-af-alg \
+strongswan-mod-agent \
+strongswan-mod-attr \
+strongswan-mod-attr-sql \
+ +strongswan-mod-bliss \
+strongswan-mod-blowfish \
+strongswan-mod-ccm \
+ +strongswan-mod-chapoly \
+strongswan-mod-cmac \
+strongswan-mod-constraints \
+strongswan-mod-connmark \
+strongswan-mod-nonce \
+strongswan-mod-md4 \
+strongswan-mod-md5 \
+ +strongswan-mod-mgf1 \
+strongswan-mod-mysql \
+ +strongswan-mod-newhope \
+ +strongswan-mod-ntru \
+strongswan-mod-openssl \
+strongswan-mod-pem \
+strongswan-mod-pgp \
+strongswan-mod-revocation \
+strongswan-mod-sha1 \
+strongswan-mod-sha2 \
+ +strongswan-mod-sha3 \
+strongswan-mod-smp \
+strongswan-mod-socket-default \
+strongswan-mod-sql \
This package contains the ipsec utility.
endef
+define Package/strongswan-libnttfft
+$(call Package/strongswan/Default)
+ TITLE+= nttfft library
+ DEPENDS:= +strongswan
+endef
+
+define Package/strongswan-libnttfft/description
+$(call Package/strongswan/description/Default)
+ This package contains the Number Theoretic Transforms library.
+endef
+
define Package/strongswan-pki
$(call Package/strongswan/Default)
TITLE+= PKI tool
define Package/strongswan/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
+ echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf
$(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
- $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
- $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
endef
define Package/strongswan-default/install
define Package/strongswan-ipsec/install
$(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
+ echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf
+ $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
+ echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets
+ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
endef
+define Package/strongswan-ipsec/postinst
+#!/bin/sh
+
+[ -z "$${IPKG_INSTROOT}" ] || exit 0
+
+opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
+ rm -f /etc/ipsec.conf-opkg
+}
+endef
+
+define Package/strongswan-libnttfft/install
+ $(INSTALL_DIR) $(1)/usr/lib/ipsec
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libnttfft.so.* $(1)/usr/lib/ipsec/
+endef
+
define Package/strongswan-pki/install
$(INSTALL_DIR) $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/
endef
define Package/strongswan-swanctl/install
+ $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/swanctl/{bliss,conf.d,ecdsa,pkcs{12,8},private,pubkey,rsa}
$(INSTALL_DIR) $(1)/etc/swanctl/x509{,aa,ac,ca,crl,ocsp}
$(CP) $(PKG_INSTALL_DIR)/etc/swanctl/swanctl.conf $(1)/etc/swanctl/
+ echo "include /var/swanctl/swanctl.conf" >> $(1)/etc/swanctl/swanctl.conf
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/swanctl $(1)/usr/sbin/
+ $(INSTALL_BIN) ./files/swanctl.init $(1)/etc/init.d/swanctl
endef
define Package/strongswan-libtls/install
$(eval $(call BuildPackage,strongswan-charon))
$(eval $(call BuildPackage,strongswan-charon-cmd))
$(eval $(call BuildPackage,strongswan-ipsec))
+$(eval $(call BuildPackage,strongswan-libnttfft))
$(eval $(call BuildPackage,strongswan-pki))
$(eval $(call BuildPackage,strongswan-scepclient))
$(eval $(call BuildPackage,strongswan-swanctl))
$(eval $(call BuildPlugin,agent,SSH agent signing,))
$(eval $(call BuildPlugin,attr,file based config,))
$(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon))
+$(eval $(call BuildPlugin,bliss,BLISS crypto,+strongswan-libnttfft +strongswan-mod-mgf1 +strongswan-mod-hmac))
$(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
$(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
+$(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,))
$(eval $(call BuildPlugin,cmac,CMAC crypto,))
$(eval $(call BuildPlugin,connmark,netfilter connection marking,))
$(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
$(eval $(call BuildPlugin,nonce,nonce genereation,))
$(eval $(call BuildPlugin,md4,MD4 crypto,))
$(eval $(call BuildPlugin,md5,MD5 crypto,))
+$(eval $(call BuildPlugin,mgf1,MGF1 crypto,))
$(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r))
+$(eval $(call BuildPlugin,newhope,New Hope crypto,+strongswan-libnttfft +strongswan-mod-chapoly +strongswan-mod-sha3))
+$(eval $(call BuildPlugin,ntru,NTRU crypto,+strongswan-mod-mgf1))
$(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl))
$(eval $(call BuildPlugin,pem,PEM decoding,))
$(eval $(call BuildPlugin,pgp,PGP key decoding,))
$(eval $(call BuildPlugin,revocation,X509 CRL/OCSP revocation,))
$(eval $(call BuildPlugin,sha1,SHA1 crypto,))
$(eval $(call BuildPlugin,sha2,SHA2 crypto,))
+$(eval $(call BuildPlugin,sha3,SHA3 and SHAKE crypto,))
$(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2))
$(eval $(call BuildPlugin,socket-default,default socket implementation for charon,))
$(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,))