[package] update strongswan4 to 4.5.2
authorFlorian Fainelli <florian@openwrt.org>
Thu, 2 Jun 2011 14:24:20 +0000 (14:24 +0000)
committerFlorian Fainelli <florian@openwrt.org>
Thu, 2 Jun 2011 14:24:20 +0000 (14:24 +0000)
Update version of strongswan4 package from 4.5.1 to 4.5.2.

Add new strongswan4 plugins: coupling, duplicheck, whitelist.

Add strongswan4-libfast package and make build dependencies on
clearsilver and fcgi conditional. Previously libfast was being built,
but not packaged. Now libfast will only be built when the it's package
is selected.

Remove ipsec.conf and strongswan.conf and use configuration files from
upstream instead. The previously provided strongswan.conf was not
functional.

Omit strongswan4-mod-kernel-klips from strongswan4-full meta package in
favor of strongswan4-mod-kernel-netlink. Only one of these two kernel
interfaces should be installed.

Omit strongswan4-mod-socket-default from strongswan4-full meta package
in favor of strongswan4-mod-socket-raw. Only the raw socket allows
charon to run while pluto is also running.

Make all build dependencies on libraries required by strongswan4 plugins
conditional.

Signed-off-by: Lars Hjersted <lars@hjersted.com>
SVN-Revision: 27092

net/strongswan4/Makefile
net/strongswan4/files/ipsec.conf [deleted file]
net/strongswan4/files/strongswan.conf [deleted file]

index 01d1a51..999c237 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
-PKG_VERSION:=4.5.1
+PKG_VERSION:=4.5.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/
-PKG_MD5SUM:=81a4a699c4a1a49b74061dfa47b5a033
+PKG_MD5SUM:=ac33b8f849a274127f84df0838cae953
 
 PKG_MOD_AVAILABLE:= \
        aes \
@@ -22,10 +22,12 @@ PKG_MOD_AVAILABLE:= \
        attr-sql \
        blowfish \
        constraints \
+       coupling \
        curl \
        des \
        dhcp \
        dnskey \
+       duplicheck \
        eap-md5 \
        eap-mschapv2 \
        eap-radius \
@@ -62,13 +64,14 @@ PKG_MOD_AVAILABLE:= \
        stroke \
        uci \
        updown \
+       whitelist \
        x509 \
        xauth \
        xcbc \
 
 PKG_BUILD_DEPENDS:= \
-       clearsilver \
-       fcgi \
+       PACKAGE_strongswan4-libfast:clearsilver \
+       PACKAGE_strongswan4-libfast:fcgi \
 
 PKG_CONFIG_DEPENDS:= \
        CONFIG_STRONGSWAN4_ENABLE_CISCO_QUIRKS \
@@ -128,16 +131,19 @@ $(call Package/strongswan4/Default)
   DEPENDS:= strongswan4 \
        +strongswan4-app-charon \
        +strongswan4-app-pluto \
+       +strongswan4-libfast \
        +strongswan4-mod-aes \
        +strongswan4-mod-agent \
        +strongswan4-mod-attr \
        +strongswan4-mod-attr-sql \
        +strongswan4-mod-blowfish \
        +strongswan4-mod-constraints \
+       +strongswan4-mod-coupling \
        +strongswan4-mod-curl \
        +strongswan4-mod-des \
        +strongswan4-mod-dhcp \
        +strongswan4-mod-dnskey \
+       +strongswan4-mod-duplicheck \
        +strongswan4-mod-eap-md5 \
        +strongswan4-mod-eap-mschapv2 \
        +strongswan4-mod-eap-radius \
@@ -146,7 +152,6 @@ $(call Package/strongswan4/Default)
        +strongswan4-mod-gcrypt \
        +strongswan4-mod-gmp \
        +strongswan4-mod-hmac \
-       +strongswan4-mod-kernel-klips \
        +strongswan4-mod-kernel-netlink \
        +strongswan4-mod-kernel-pfkey \
        +strongswan4-mod-ldap \
@@ -167,13 +172,13 @@ $(call Package/strongswan4/Default)
        +strongswan4-mod-sha1 \
        +strongswan4-mod-sha2 \
        +strongswan4-mod-smp \
-       +strongswan4-mod-socket-default \
        +strongswan4-mod-socket-raw \
        +strongswan4-mod-sql \
        +strongswan4-mod-sqlite \
        +strongswan4-mod-stroke \
        +strongswan4-mod-uci \
        +strongswan4-mod-updown \
+       +strongswan4-mod-whitelist \
        +strongswan4-mod-x509 \
        +strongswan4-mod-xauth \
        +strongswan4-mod-xcbc \
@@ -183,7 +188,9 @@ endef
 define Package/strongswan4-full/description
 $(call Package/strongswan4/description/Default)
  .
- This meta-package contains only dependencies for a complete setup.
+ This meta-package contains dependencies for all of the strongswan4 
+ plugins except kernel-klips and socket-default which are ommitted in 
+ favor of the kernel-netlink and socket-raw plugins.
 endef
 
 
@@ -281,6 +288,20 @@ $(call Package/strongswan4/description/Default)
 endef
 
 
+define Package/strongswan4-libfast
+$(call Package/strongswan4/Default)
+  TITLE+= libfast
+  DEPENDS:= strongswan4
+endef
+
+define Package/strongswan4-libfast/description
+$(call Package/strongswan4/description/Default)
+ .
+ This package contains libfast, a lightweight framework to build native 
+ web applications using ClearSilver and FastCGI.
+endef
+
+
 define Package/strongswan4-utils
 $(call Package/strongswan4/Default)
   TITLE+= utilities
@@ -323,6 +344,7 @@ CONFIGURE_ARGS+= \
        $(if $(CONFIG_STRONGSWAN4_ENABLE_XAUTH_VID),--enable-xauth-vid,--disable-xauth-vid) \
        --disable-scripts \
        --disable-static \
+       $(if $(CONFIG_PACKAGE_strongswan4-libfast),--enable-fast,--disable-fast) \
        $(if $(CONFIG_PACKAGE_strongswan4-utils),--enable-tools,--disable-tools) \
        --with-random-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_RANDOM))" \
        --with-urandom-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_URANDOM))" \
@@ -332,7 +354,9 @@ CONFIGURE_ARGS+= \
          $(if $(CONFIG_PACKAGE_strongswan4-mod-$(m)),--enable-$(m),--disable-$(m)) \
        ) \
 
-EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
+ifneq ($(CONFIG_PACKAGE_strongswan4-libfast),)
+  EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
+endif
 
 EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
 
@@ -346,23 +370,14 @@ endef
 define Package/strongswan4/install
        $(INSTALL_DIR) $(1)/etc
        $(CP) -R $(PKG_INSTALL_DIR)/etc/ipsec.d $(1)/etc/
+       $(CP) $(PKG_INSTALL_DIR)/etc/{ipsec.conf,strongswan.conf} $(1)/etc/
        $(INSTALL_DIR) $(1)/usr/lib
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/libstrongswan.so.* \
-               $(PKG_INSTALL_DIR)/usr/lib/libhydra.so.* \
-               $(1)/usr/lib/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/
        $(INSTALL_DIR) $(1)/usr/sbin
-       $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/_copyright \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/starter \
-               $(1)/usr/lib/ipsec/
-       $(INSTALL_CONF) \
-               ./files/ipsec.conf \
-               ./files/ipsec.secrets \
-               ./files/strongswan.conf \
-               $(1)/etc/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_copyright,starter} $(1)/usr/lib/ipsec/
+       $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
 endef
 
 
@@ -385,46 +400,36 @@ define Package/strongswan4-app-charon/install
        $(INSTALL_DIR) $(1)/usr/lib
        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcharon.so.* $(1)/usr/lib/
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/stroke \
-               $(1)/usr/lib/ipsec/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{charon,stroke} $(1)/usr/lib/ipsec/
 endef
 
 
 define Package/strongswan4-app-pluto/install
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/pluto \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/_pluto_adns \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/whack \
-               $(1)/usr/lib/ipsec/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{pluto,_pluto_adns,whack} $(1)/usr/lib/ipsec/
+endef
+
+
+define Package/strongswan4-libfast/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfast.so.* $(1)/usr/lib/
 endef
 
 
 define Package/strongswan4-utils/install
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/openac \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/pki \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient \
-               $(1)/usr/lib/ipsec/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/
 endef
 
 
 define Plugin/attr-sql/install
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool \
-               $(1)/usr/lib/ipsec/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/
 endef
 
 define Plugin/updown/install
        $(INSTALL_DIR) $(1)/usr/lib/ipsec
-       $(CP) \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown \
-               $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown_espmark \
-               $(1)/usr/lib/ipsec/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/
 endef
 
 
@@ -434,6 +439,7 @@ $(eval $(call BuildPackage,strongswan4-full))
 $(eval $(call BuildPackage,strongswan4-minimal))
 $(eval $(call BuildPackage,strongswan4-app-charon))
 $(eval $(call BuildPackage,strongswan4-app-pluto))
+$(eval $(call BuildPackage,strongswan4-libfast))
 $(eval $(call BuildPackage,strongswan4-utils))
 
 $(eval $(call BuildPlugin,aes,AES crypto,))
@@ -442,22 +448,24 @@ $(eval $(call BuildPlugin,attr,File-based config attr,))
 $(eval $(call BuildPlugin,attr-sql,SQL-based config attrib,+strongswan4-mod-sql))
 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
 $(eval $(call BuildPlugin,constraints,X.509 constraint checking,))
-$(eval $(call BuildPlugin,curl,cURL,+libcurl))
+$(eval $(call BuildPlugin,coupling,Peer certificate coupling,))
+$(eval $(call BuildPlugin,curl,cURL,+PACKAGE_strongswan4-mod-curl:libcurl))
 $(eval $(call BuildPlugin,des,DES crypto,))
 $(eval $(call BuildPlugin,dhcp,DHCP-based IP and DNS,))
 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
+$(eval $(call BuildPlugin,duplicheck,Duplicate checking,))
 $(eval $(call BuildPlugin,eap-md5,MD5 EAP (CHAP) auth,))
 $(eval $(call BuildPlugin,eap-mschapv2,MS-CHAPv2 EAP auth,))
 $(eval $(call BuildPlugin,eap-radius,RADIUS proxy auth,))
 $(eval $(call BuildPlugin,farp,Fake arp respsonses,))
 $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,))
-$(eval $(call BuildPlugin,gcrypt,libgcrypt,+libgcrypt))
-$(eval $(call BuildPlugin,gmp,libgmp,+libgmp))
+$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan4-mod-gcrypt:libgcrypt))
+$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan4-mod-gmp:libgmp))
 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
 $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
 $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
-$(eval $(call BuildPlugin,ldap,LDAP,+libopenldap))
+$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan4-mod-ldap:libopenldap))
 $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
 $(eval $(call BuildPlugin,load-tester,load testing,))
 $(eval $(call BuildPlugin,md5,MD5 crypto,))
@@ -480,8 +488,9 @@ $(eval $(call BuildPlugin,socket-raw,RAW socket for IKEv1 and IKEv2,))
 $(eval $(call BuildPlugin,sql,SQL database interface,))
 $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan4-mod-sql +PACKAGE_strongswan4-mod-sqlite:libsqlite3))
 $(eval $(call BuildPlugin,stroke,Stroke,))
-$(eval $(call BuildPlugin,uci,UCI config interface,+libuci))
+$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan4-mod-uci:libuci))
 $(eval $(call BuildPlugin,updown,updown firewall,))
+$(eval $(call BuildPlugin,whitelist,Peer identity whitelisting,))
 $(eval $(call BuildPlugin,x509,x509 certificate,))
 $(eval $(call BuildPlugin,xauth,XAUTH authentication,))
 $(eval $(call BuildPlugin,xcbc,xcbc crypto,))
diff --git a/net/strongswan4/files/ipsec.conf b/net/strongswan4/files/ipsec.conf
deleted file mode 100644 (file)
index 8c16d9d..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       authby=secret
-
-conn example
-       left=%defaultroute
-       leftsubnet=192.168.1.0/24
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/net/strongswan4/files/strongswan.conf b/net/strongswan4/files/strongswan.conf
deleted file mode 100644 (file)
index c9493ff..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-# strongswan.conf - strongSwan configuration file
-
-charon {
-
-       # number of worker threads in charon
-       threads = 4
-
-       # plugins to load in charon
-       load = aes gmp hmac pubkey random sha1 x509 xcbc stroke
-
-}
-
-libstrongswan {
-
-       #  set to no, the DH exponent size is optimized
-       #  dh_exponent_ansi_x9_42 = no
-
-}