From: Florian Fainelli Date: Sun, 28 Aug 2011 12:08:25 +0000 (+0000) Subject: [package] openvpn: update to 2.2.1, reorganize makefile X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=3687804297692b5408d1bdf5ca6f87390ddeff57 [package] openvpn: update to 2.2.1, reorganize makefile Upgrade to new version, add menu, refresh patches and reorganize Makefile. Signed-off-by: Luka Perkov SVN-Revision: 28098 --- diff --git a/net/openvpn/Config.in b/net/openvpn/Config.in new file mode 100644 index 0000000000..be2aee26ff --- /dev/null +++ b/net/openvpn/Config.in @@ -0,0 +1,84 @@ +menu "Configuration" + depends on PACKAGE_openvpn + +config OPENVPN_LZO + bool "Disable LZO compression support" + depends on PACKAGE_openvpn + default n + +config OPENVPN_CRYPTO + bool "Disable OpenSSL crypto support" + depends on PACKAGE_openvpn + default n + +config OPENVPN_SSL + bool "Disable OpenSSL SSL support for TLS-based key exchange" + depends on PACKAGE_openvpn + default n + +config OPENVPN_X509_ALT_USERNAME + bool "Enable the --x509-username-field feature" + depends on PACKAGE_openvpn + default n + +config OPENVPN_MULTI + bool "Disable client/server support (--mode server + client mode)" + depends on PACKAGE_openvpn + default n + +config OPENVPN_SERVER + bool "Disable server support only (but retain client support)" + depends on PACKAGE_openvpn + default n + +config OPENVPN_EUREPHIA + bool "Disable support for the eurephia plug-in" + depends on PACKAGE_openvpn + default y + +config OPENVPN_MANAGEMENT + bool "Disable management server support" + depends on PACKAGE_openvpn + default y + +config OPENVPN_PKCS11 + bool "Disable pkcs11 support" + depends on PACKAGE_openvpn + default n + +config OPENVPN_HTTP + bool "Disable HTTP proxy support" + depends on PACKAGE_openvpn + default n + +config OPENVPN_FRAGMENT + bool "Disable internal fragmentation support (--fragment)" + depends on PACKAGE_openvpn + default n + +config OPENVPN_MULTIHOME + bool "Disable multi-homed UDP server support (--multihome)" + depends on PACKAGE_openvpn + default n + +config OPENVPN_PORT_SHARE + bool "Disable TCP server port-share support (--port-share)" + depends on PACKAGE_openvpn + default n + +config OPENVPN_ENABLE_PASSWORD_SAVE + bool "Allow --askpass and --auth-user-pass passwords to be read from a file" + depends on PACKAGE_openvpn + default n + +config OPENVPN_DEF_AUTH + bool "Disable deferred authentication" + depends on PACKAGE_openvpn + default n + +config OPENVPN_PF + bool "Disable internal packet filter" + depends on PACKAGE_openvpn + default n + +endmenu diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index c618988ec7..2b4c0b4639 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -8,40 +8,36 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.1.4 -PKG_RELEASE:=3 +PKG_VERSION:=2.2.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn -PKG_MD5SUM:=96a11868082685802489254f03ff3bde +PKG_MD5SUM:=500bee5449b29906150569aaf2eb2730 PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk define Package/openvpn SECTION:=net CATEGORY:=Network + SUBMENU:=VPN DEPENDS:=+kmod-tun +libopenssl +PACKAGE_openvpn_complzo:liblzo TITLE:=Open source VPN solution using SSL URL:=http://openvpn.net - SUBMENU:=VPN + MENU:=1 endef -define Package/openvpn/config -config PACKAGE_openvpn_complzo - bool "Enable --comp-lzo compression option" - depends on PACKAGE_openvpn - default y +define Package/openvpn/description + Open source VPN solution using SSL endef -define Package/openvpn/conffiles -/etc/config/openvpn +define Package/openvpn/config + source "$(SOURCE)/Config.in" endef -define Package/openvpn/description - Open source VPN solution using SSL -endef define Package/openvpn-easy-rsa $(call Package/openvpn) @@ -59,19 +55,97 @@ CONFIGURE_ARGS+= \ --with-ifconfig-path=/sbin/ifconfig \ --with-iproute-path=/usr/sbin/ip \ --with-route-path=/sbin/route \ - --disable-pthread \ --disable-debug \ --disable-plugins \ - --enable-management \ + --disable-pthread \ + --disable-selinux \ --disable-socks \ - --enable-password-save \ --enable-small -ifndef CONFIG_PACKAGE_openvpn_complzo +ifeq ($(CONFIG_OPENVPN_LZO),y) CONFIGURE_ARGS += \ --disable-lzo endif +ifeq ($(CONFIG_OPENVPN_CRYPTO),y) +CONFIGURE_ARGS += \ + --disable-crypto +endif + +ifeq ($(CONFIG_OPENVPN_SSL),y) +CONFIGURE_ARGS += \ + --disable-ssl +endif + +ifeq ($(CONFIG_OPENVPN_X509_ALT_USERNAME),y) +CONFIGURE_ARGS += \ + --enable-x509-alt-username +endif + +ifeq ($(CONFIG_OPENVPN_MULTI),y) +CONFIGURE_ARGS += \ + --disable-multi +endif + +ifeq ($(CONFIG_OPENVPN_SERVER),y) +CONFIGURE_ARGS += \ + --disable-server +endif + +ifeq ($(CONFIG_OPENVPN_EUREPHIA),y) +CONFIGURE_ARGS += \ + --disable-eurephia +endif + +ifeq ($(CONFIG_OPENVPN_MANAGEMENT),y) +CONFIGURE_ARGS += \ + --disable-management +endif + +ifeq ($(CONFIG_OPENVPN_PKCS11),y) +CONFIGURE_ARGS += \ + --disable-pkcs11 +endif + +ifeq ($(CONFIG_OPENVPN_HTTP),y) +CONFIGURE_ARGS += \ + --disable-http +endif + +ifeq ($(CONFIG_OPENVPN_FRAGMENT),y) +CONFIGURE_ARGS += \ + --disable-fragment +endif + +ifeq ($(CONFIG_OPENVPN_MULTIHOME),y) +CONFIGURE_ARGS += \ + --disable-multihome +endif + +ifeq ($(CONFIG_OPENVPN_PORT_SHARE),y) +CONFIGURE_ARGS += \ + --disable-port-share +endif + +ifeq ($(CONFIG_OPENVPN_ENABLE_PASSWORD_SAVE),y) +CONFIGURE_ARGS += \ + --enable-password-save +endif + +ifeq ($(CONFIG_OPENVPN_DEF_AUTH),y) +CONFIGURE_ARGS += \ + --disable-def-auth +endif + +ifeq ($(CONFIG_OPENVPN_PF),y) +CONFIGURE_ARGS += \ + --disable-pf +endif + +define Package/openvpn/conffiles +/etc/config/openvpn +endef + define Package/openvpn/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/ @@ -88,7 +162,7 @@ define Package/openvpn-easy-rsa/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/easy-rsa - $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(1)/etc/easy-rsa/openssl.cnf + $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars $(INSTALL_DIR) $(1)/etc/easy-rsa/keys $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt diff --git a/net/openvpn/patches/001-easy_rsa.patch b/net/openvpn/patches/001-easy_rsa.patch index fa987a247c..6b1d0b7575 100644 --- a/net/openvpn/patches/001-easy_rsa.patch +++ b/net/openvpn/patches/001-easy_rsa.patch @@ -1,11 +1,6 @@ --- a/easy-rsa/2.0/build-ca +++ b/easy-rsa/2.0/build-ca -@@ -1,8 +1,8 @@ --#!/bin/bash -+#!/bin/sh - - # - # Build a root certificate +@@ -5,4 +5,4 @@ # export EASY_RSA="${EASY_RSA:-.}" @@ -13,21 +8,17 @@ +"/usr/sbin/pkitool" --interact --initca $* --- a/easy-rsa/2.0/build-dh +++ b/easy-rsa/2.0/build-dh -@@ -1,4 +1,6 @@ --#!/bin/bash -+#!/bin/sh -+ -+. /etc/easy-rsa/vars +@@ -1,5 +1,7 @@ + #!/bin/sh ++. /etc/easy-rsa/vars ++ # Build Diffie-Hellman parameters for the server side # of an SSL/TLS connection. + --- a/easy-rsa/2.0/build-inter +++ b/easy-rsa/2.0/build-inter -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Make an intermediate CA certificate/private key pair using a locally generated +@@ -4,4 +4,4 @@ # root certificate. export EASY_RSA="${EASY_RSA:-.}" @@ -35,11 +26,7 @@ +"/usr/sbin/pkitool" --interact --inter $* --- a/easy-rsa/2.0/build-key +++ b/easy-rsa/2.0/build-key -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Make a certificate/private key pair using a locally generated +@@ -4,4 +4,4 @@ # root certificate. export EASY_RSA="${EASY_RSA:-.}" @@ -47,11 +34,7 @@ +"/usr/sbin/pkitool" --interact $* --- a/easy-rsa/2.0/build-key-pass +++ b/easy-rsa/2.0/build-key-pass -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Similar to build-key, but protect the private key +@@ -4,4 +4,4 @@ # with a password. export EASY_RSA="${EASY_RSA:-.}" @@ -59,12 +42,7 @@ +"/usr/sbin/pkitool" --interact --pass $* --- a/easy-rsa/2.0/build-key-pkcs12 +++ b/easy-rsa/2.0/build-key-pkcs12 -@@ -1,8 +1,8 @@ --#!/bin/bash -+#!/bin/sh - - # Make a certificate/private key pair using a locally generated - # root certificate and convert it to a PKCS #12 file including the +@@ -5,4 +5,4 @@ # the CA certificate as well. export EASY_RSA="${EASY_RSA:-.}" @@ -72,12 +50,6 @@ +"/usr/sbin/pkitool" --interact --pkcs12 $* --- a/easy-rsa/2.0/build-key-server +++ b/easy-rsa/2.0/build-key-server -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # Make a certificate/private key pair using a locally generated - # root certificate. @@ -7,4 +7,4 @@ # extension in the openssl.cnf file. @@ -86,11 +58,7 @@ +"/usr/sbin/pkitool" --interact --server $* --- a/easy-rsa/2.0/build-req +++ b/easy-rsa/2.0/build-req -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Build a certificate signing request and private key. Use this +@@ -4,4 +4,4 @@ # when your root certificate and key is not available locally. export EASY_RSA="${EASY_RSA:-.}" @@ -98,11 +66,7 @@ +"/usr/sbin/pkitool" --interact --csr $* --- a/easy-rsa/2.0/build-req-pass +++ b/easy-rsa/2.0/build-req-pass -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Like build-req, but protect your private key +@@ -4,4 +4,4 @@ # with a password. export EASY_RSA="${EASY_RSA:-.}" @@ -110,34 +74,34 @@ +"/usr/sbin/pkitool" --interact --csr --pass $* --- a/easy-rsa/2.0/clean-all +++ b/easy-rsa/2.0/clean-all -@@ -1,4 +1,6 @@ --#!/bin/bash -+#!/bin/sh -+ -+. /etc/easy-rsa/vars +@@ -1,5 +1,7 @@ + #!/bin/sh ++. /etc/easy-rsa/vars ++ # Initialize the $KEY_DIR directory. # Note that this script does a + # rm -rf on $KEY_DIR so be careful! --- a/easy-rsa/2.0/inherit-inter +++ b/easy-rsa/2.0/inherit-inter -@@ -1,4 +1,6 @@ --#!/bin/bash -+#!/bin/sh -+ -+. /etc/easy-rsa/vars +@@ -1,5 +1,7 @@ + #!/bin/sh ++. /etc/easy-rsa/vars ++ # Build a new PKI which is rooted on an intermediate certificate generated # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should + # have independent vars settings, and must use a different KEY_DIR directory --- a/easy-rsa/2.0/list-crl +++ b/easy-rsa/2.0/list-crl -@@ -1,4 +1,6 @@ --#!/bin/bash -+#!/bin/sh -+ -+. /etc/easy-rsa/vars +@@ -1,5 +1,7 @@ + #!/bin/sh ++. /etc/easy-rsa/vars ++ # list revoked certificates + CRL="${1:-crl.pem}" --- a/easy-rsa/2.0/pkitool +++ b/easy-rsa/2.0/pkitool @@ -1,5 +1,7 @@ @@ -150,21 +114,17 @@ # session authentication and key exchange, --- a/easy-rsa/2.0/revoke-full +++ b/easy-rsa/2.0/revoke-full -@@ -1,4 +1,6 @@ --#!/bin/bash -+#!/bin/sh -+ -+. /etc/easy-rsa/vars +@@ -1,5 +1,7 @@ + #!/bin/sh ++. /etc/easy-rsa/vars ++ # revoke a certificate, regenerate CRL, # and verify revocation + --- a/easy-rsa/2.0/sign-req +++ b/easy-rsa/2.0/sign-req -@@ -1,7 +1,7 @@ --#!/bin/bash -+#!/bin/sh - - # Sign a certificate signing request (a .csr file) +@@ -4,4 +4,4 @@ # with a local root certificate and key. export EASY_RSA="${EASY_RSA:-.}"