From 856e457b7301947f17866dc4a5aedb3f7117f163 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 3 Dec 2007 19:48:11 +0000 Subject: [PATCH] update openswan to 0.4.10, reenable 2.6 support, sync with included openwrt packaging code (ported from wr to kamikaze) SVN-Revision: 9651 --- package/openswan/Makefile | 40 ++-- .../openswan/patches/100-pluto_includes.patch | 13 - package/openswan/patches/110-scripts.patch | 224 +----------------- .../patches/130-sysctl_api_change.patch | 17 -- .../patches/140-linux_moduleparam.patch | 13 - 5 files changed, 32 insertions(+), 275 deletions(-) delete mode 100644 package/openswan/patches/100-pluto_includes.patch delete mode 100644 package/openswan/patches/130-sysctl_api_change.patch delete mode 100644 package/openswan/patches/140-linux_moduleparam.patch diff --git a/package/openswan/Makefile b/package/openswan/Makefile index 9e786156b7..b53d1cbfc1 100644 --- a/package/openswan/Makefile +++ b/package/openswan/Makefile @@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=openswan -PKG_VERSION:=2.4.8 +PKG_VERSION:=2.4.10 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openswan.org/download -PKG_MD5SUM:=918cc56ccf8e5d14cd2047e47450b34a +PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f include $(INCLUDE_DIR)/package.mk @@ -32,7 +32,7 @@ define Package/openswan $(call Package/openswan/Default) SECTION:=net CATEGORY:=Network - DEPENDS:=@LINUX_2_4 +kmod-openswan +libgmp +ip + DEPENDS:=+kmod-openswan +libgmp +ip TITLE+= (daemon) URL:=http://www.openswan.org/ endef @@ -45,7 +45,6 @@ endef define KernelPackage/openswan $(call Package/openswan/Default) SUBMENU:=Network Support - DEPENDS:=@LINUX_2_4 TITLE+= (kernel module) FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX) endef @@ -55,22 +54,29 @@ $(call Package/openswan/Default/description) This package contains the Openswan kernel module. endef +TARGET_CPPFLAGS = \ + -I$(STAGING_DIR)/usr/include \ + -I$(LINUX_DIR)/include -PKG_MAKE_OPTS:= \ - LINUX_RELEASE="$(LINUX_RELEASE)" \ - KERNELSRC="$(LINUX_DIR)" \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ +TARGET_LDFLAGS = \ + -L$(STAGING_DIR)/usr/lib + +OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + LINUX_RELEASE="$(LINUX_RELEASE)" \ + KERNELSRC="$(LINUX_DIR)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ + IPSECDIR="/usr/lib/ipsec" \ + INC_USRLOCAL="/usr" \ + INC_RCDEFAULT="/etc/init.d" \ + MODPROBE="/sbin/insmod" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + DESTDIR="$(PKG_INSTALL_DIR)" define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - $(PKG_MAKE_OPTS) \ - LDFLAGS="$(TARGET_LDFLAGS)" \ - DESTDIR="$(PKG_INSTALL_DIR)" \ + $(OPENSWAN_MAKE) \ programs module install endef diff --git a/package/openswan/patches/100-pluto_includes.patch b/package/openswan/patches/100-pluto_includes.patch deleted file mode 100644 index cb16d72e58..0000000000 --- a/package/openswan/patches/100-pluto_includes.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openswan-2.4.8/programs/pluto/Makefile -=================================================================== ---- openswan-2.4.8.orig/programs/pluto/Makefile 2007-06-04 13:22:49.950261688 +0200 -+++ openswan-2.4.8/programs/pluto/Makefile 2007-06-04 13:22:50.017251504 +0200 -@@ -265,7 +265,7 @@ - LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS} - LIBSPLUTO+=${CURL_LIBS} - LIBSPLUTO+=${EXTRA_CRYPTO_LIBS} --LIBSPLUTO+= -lgmp -lresolv # -lefence -+LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence - - ifneq ($(LD_LIBRARY_PATH),) - LDFLAGS=-L$(LD_LIBRARY_PATH) diff --git a/package/openswan/patches/110-scripts.patch b/package/openswan/patches/110-scripts.patch index 28269f3275..d605ceaba4 100644 --- a/package/openswan/patches/110-scripts.patch +++ b/package/openswan/patches/110-scripts.patch @@ -1,30 +1,15 @@ -Index: openswan-2.4.8/programs/loggerfix -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openswan-2.4.8/programs/loggerfix 2007-06-04 13:22:50.209222320 +0200 +diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix +--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 ++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200 @@ -0,0 +1,5 @@ +#!/bin/sh +# use filename instead of /dev/null to log, but dont log to flash or ram +# pref. log to nfs mount +echo "$*" >> /dev/null +exit 0 -Index: openswan-2.4.8/programs/look/look.in -=================================================================== ---- openswan-2.4.8.orig/programs/look/look.in 2007-06-04 13:22:49.874273240 +0200 -+++ openswan-2.4.8/programs/look/look.in 2007-06-04 13:22:50.209222320 +0200 -@@ -84,7 +84,7 @@ - then - pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" - else -- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'` -+ for i in `echo "$IPSECinterfaces" | tr '=' ' '` - do - pat="$pat|$i\$" - done -Index: openswan-2.4.8/programs/_plutorun/_plutorun.in -=================================================================== ---- openswan-2.4.8.orig/programs/_plutorun/_plutorun.in 2007-06-04 13:22:49.880272328 +0200 -+++ openswan-2.4.8/programs/_plutorun/_plutorun.in 2007-06-04 13:22:50.209222320 +0200 +diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in +--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200 @@ -147,7 +147,7 @@ exit 1 fi @@ -34,10 +19,9 @@ Index: openswan-2.4.8/programs/_plutorun/_plutorun.in then echo Cannot write to directory to create \"$stderrlog\". exit 1 -Index: openswan-2.4.8/programs/_realsetup/_realsetup.in -=================================================================== ---- openswan-2.4.8.orig/programs/_realsetup/_realsetup.in 2007-06-04 13:22:49.888271112 +0200 -+++ openswan-2.4.8/programs/_realsetup/_realsetup.in 2007-06-04 13:22:50.210222168 +0200 +diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in +--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200 @@ -232,7 +232,7 @@ # misc pre-Pluto setup @@ -47,193 +31,3 @@ Index: openswan-2.4.8/programs/_realsetup/_realsetup.in if test " $IPSECforwardcontrol" = " yes" then -Index: openswan-2.4.8/programs/send-pr/send-pr.in -=================================================================== ---- openswan-2.4.8.orig/programs/send-pr/send-pr.in 2007-06-04 13:22:49.894270200 +0200 -+++ openswan-2.4.8/programs/send-pr/send-pr.in 2007-06-04 13:22:50.210222168 +0200 -@@ -402,7 +402,7 @@ - else - if [ "$fieldname" != "Category" ] - then -- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` -+ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` - valslen=`echo "$values" | wc -c` - else - values="choose from a category listed above" -@@ -414,7 +414,7 @@ - else - desc="<${values} (one line)>"; - fi -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL - fi - echo "${fmtname}${desc}" >> $file -@@ -425,7 +425,7 @@ - desc=" $default_val"; - else - desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>"; -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "s/^${dpat}//" >> $FIXFIL - fi - echo "${fmtname}" >> $file; -@@ -437,7 +437,7 @@ - desc="${default_val}" - else - desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>" -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL - fi - echo "${fmtname}${desc}" >> $file -Index: openswan-2.4.8/programs/setup/setup.in -=================================================================== ---- openswan-2.4.8.orig/programs/setup/setup.in 2007-06-04 13:22:49.902268984 +0200 -+++ openswan-2.4.8/programs/setup/setup.in 2007-06-04 13:22:50.210222168 +0200 -@@ -117,12 +117,21 @@ - # do it - case "$1" in - start|--start|stop|--stop|_autostop|_autostart) -- if test " `id -u`" != " 0" -+ if [ "x${USER}" != "xroot" ] - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi -+ # make sure all required directories exist -+ if [ ! -d /var/run/pluto ] -+ then -+ mkdir -p /var/run/pluto -+ fi -+ if [ ! -d /var/lock/subsys ] -+ then -+ mkdir -p /var/lock/subsys -+ fi - tmp=/var/run/pluto/ipsec_setup.st - outtmp=/var/run/pluto/ipsec_setup.out - ( -Index: openswan-2.4.8/programs/showhostkey/showhostkey.in -=================================================================== ---- openswan-2.4.8.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:22:49.908268072 +0200 -+++ openswan-2.4.8/programs/showhostkey/showhostkey.in 2007-06-04 13:22:50.214221560 +0200 -@@ -63,7 +63,7 @@ - exit 1 - fi - --host="`hostname --fqdn`" -+host="`cat /proc/sys/kernel/hostname`" - - awk ' BEGIN { - inkey = 0 -@@ -81,7 +81,7 @@ - os = "[ \t]*" - x = "[^ \t]+" - oc = "(#.*)?" -- suffix = ":" os "[rR][sS][aA]" os "{" os oc "$" -+ suffix = ":" os "[rR][sS][aA]" os "[{]" os oc "$" - if (id == "") { - pat = "^" suffix - printid = "default" -Index: openswan-2.4.8/programs/starter/klips.c -=================================================================== ---- openswan-2.4.8.orig/programs/starter/klips.c 2007-06-04 13:22:49.914267160 +0200 -+++ openswan-2.4.8/programs/starter/klips.c 2007-06-04 13:22:50.214221560 +0200 -@@ -83,7 +83,7 @@ - if (stat(PROC_MODULES,&stb)==0) { - unsetenv("MODPATH"); - unsetenv("MODULECONF"); -- system("depmod -a >/dev/null 2>&1 && modprobe ipsec"); -+ system("depmod -a >/dev/null 2>&1 && insmod ipsec"); - } - if (stat(PROC_IPSECVERSION,&stb)==0) { - _klips_module_loaded = 1; -Index: openswan-2.4.8/programs/starter/netkey.c -=================================================================== ---- openswan-2.4.8.orig/programs/starter/netkey.c 2007-06-04 13:22:49.920266248 +0200 -+++ openswan-2.4.8/programs/starter/netkey.c 2007-06-04 13:22:50.214221560 +0200 -@@ -75,7 +75,7 @@ - if (stat(PROC_MODULES,&stb)==0) { - unsetenv("MODPATH"); - unsetenv("MODULECONF"); -- system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key"); -+ system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key"); - } - if (stat(PROC_NETKEY,&stb)==0) { - _netkey_module_loaded = 1; -Index: openswan-2.4.8/programs/_startklips/_startklips.in -=================================================================== ---- openswan-2.4.8.orig/programs/_startklips/_startklips.in 2007-06-04 13:22:49.928265032 +0200 -+++ openswan-2.4.8/programs/_startklips/_startklips.in 2007-06-04 13:22:50.215221408 +0200 -@@ -272,16 +272,16 @@ - echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" - exit - fi --if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec -+if test ! -f $ipsecversion && test ! -f $netkey - then - # statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module -- modprobe ipsec 2> /dev/null -+ insmod -q ipsec 2> /dev/null - fi - --if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key -+if test ! -f $ipsecversion && test ! -f $netkey - then - # netkey should work then -- modprobe af_key 2> /dev/null -+ insmod -q af_key 2> /dev/null - fi - if test ! -f $ipsecversion && test ! -f $netkey - then -@@ -294,27 +294,27 @@ - # modules shared between klips and netkey - if test -f $modules - then -- # we modprobe hw_random so ipsec verify can complain about not using it -- modprobe -q hw_random 2> /dev/null -+ # we insmod hw_random so ipsec verify can complain about not using it -+ insmod -q hw_random 2> /dev/null - # padlock must load before aes module -- modprobe -q padlock 2> /dev/null -+ insmod -q padlock 2> /dev/null - # load the most common ciphers/algo's -- modprobe -q sha256 2> /dev/null -- modprobe -q sha1 2> /dev/null -- modprobe -q md5 2> /dev/null -- modprobe -q des 2> /dev/null -- modprobe -q aes 2> /dev/null -+ insmod -q sha256 2> /dev/null -+ insmod -q sha1 2> /dev/null -+ insmod -q md5 2> /dev/null -+ insmod -q des 2> /dev/null -+ insmod -q aes 2> /dev/null - - if test -f $netkey - then - klips=false -- modprobe -q ah4 2> /dev/null -- modprobe -q esp4 2> /dev/null -- modprobe -q ipcomp 2> /dev/null -+ insmod -q ah4 2> /dev/null -+ insmod -q esp4 2> /dev/null -+ insmod -q ipcomp 2> /dev/null - # xfrm4_tunnel is needed by ipip and ipcomp -- modprobe -q xfrm4_tunnel 2> /dev/null -+ insmod -q xfrm4_tunnel 2> /dev/null - # xfrm_user contains netlink support for IPsec -- modprobe -q xfrm_user 2> /dev/null -+ insmod -q xfrm_user 2> /dev/null - fi - - if test ! -f $ipsecversion && $klips -@@ -327,7 +327,7 @@ - fi - unset MODPATH MODULECONF # no user overrides! - depmod -a >/dev/null 2>&1 -- modprobe -v ipsec -+ insmod -v ipsec - if test ! -f $ipsecversion - then - echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)" diff --git a/package/openswan/patches/130-sysctl_api_change.patch b/package/openswan/patches/130-sysctl_api_change.patch deleted file mode 100644 index 894d273f5b..0000000000 --- a/package/openswan/patches/130-sysctl_api_change.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: openswan-2.4.8/linux/net/ipsec/sysctl_net_ipsec.c -=================================================================== ---- openswan-2.4.8.orig/linux/net/ipsec/sysctl_net_ipsec.c 2007-06-04 13:22:49.815282208 +0200 -+++ openswan-2.4.8/linux/net/ipsec/sysctl_net_ipsec.c 2007-06-04 13:22:51.852972432 +0200 -@@ -130,7 +130,11 @@ - - int ipsec_sysctl_register(void) - { -- ipsec_table_header = register_sysctl_table(ipsec_root_table, 0); -+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,20) -+ ipsec_table_header = register_sysctl_table(ipsec_root_table); -+#else -+ ipsec_table_header = register_sysctl_table(ipsec_root_table, 0); -+#endif - if (!ipsec_table_header) { - return -ENOMEM; - } diff --git a/package/openswan/patches/140-linux_moduleparam.patch b/package/openswan/patches/140-linux_moduleparam.patch deleted file mode 100644 index 8fbc358bc9..0000000000 --- a/package/openswan/patches/140-linux_moduleparam.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -urN openswan-2.4.8/linux/net/ipsec/ipsec_proc.c openswan-2.4.8.new/linux/net/ipsec/ipsec_proc.c ---- openswan-2.4.8/linux/net/ipsec/ipsec_proc.c 2006-11-15 23:21:39.000000000 +0100 -+++ openswan-2.4.8.new/linux/net/ipsec/ipsec_proc.c 2007-06-13 20:00:51.000000000 +0200 -@@ -27,6 +27,9 @@ - #include - #define __NO_VERSION__ - #include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+#include -+#endif - #include /* printk() */ - - #include "openswan/ipsec_kversion.h" -- 2.30.2