[package] openvpn: update to 2.2.1, reorganize makefile

Upgrade to new version, add menu, refresh patches and reorganize Makefile. Signed-off-by: Luka Perkov <openwrt@lukaperkov.net> git-svn-id: svn://svn.openwrt.org/openwrt/packages@28098 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-08-28 12:08:25 +00:00 · 2011-08-28 12:08:25 +00:00 · 3d1d83abe7
commit 3d1d83abe7
parent b2b819fca1
3 changed files with 212 additions and 94 deletions
--- a/net/openvpn/Config.in
+++ b/net/openvpn/Config.in
@ -0,0 +1,84 @@
+menu "Configuration"
+	depends on PACKAGE_openvpn
+
+config OPENVPN_LZO
+	bool "Disable LZO compression support"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_CRYPTO
+	bool "Disable OpenSSL crypto support"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_SSL
+	bool "Disable OpenSSL SSL support for TLS-based key exchange"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_X509_ALT_USERNAME
+	bool "Enable the --x509-username-field feature"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_MULTI
+	bool "Disable client/server support (--mode server + client mode)"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_SERVER
+	bool "Disable server support only (but retain client support)"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_EUREPHIA
+	bool "Disable support for the eurephia plug-in"
+	depends on PACKAGE_openvpn
+	default y
+
+config OPENVPN_MANAGEMENT
+	bool "Disable management server support"
+	depends on PACKAGE_openvpn
+	default y
+
+config OPENVPN_PKCS11
+	bool "Disable pkcs11 support"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_HTTP
+	bool "Disable HTTP proxy support"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_FRAGMENT
+	bool "Disable internal fragmentation support (--fragment)"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_MULTIHOME
+	bool "Disable multi-homed UDP server support (--multihome)"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_PORT_SHARE
+	bool "Disable TCP server port-share support (--port-share)"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_ENABLE_PASSWORD_SAVE
+	bool "Allow --askpass and --auth-user-pass passwords to be read from a file"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_DEF_AUTH
+	bool "Disable deferred authentication"
+	depends on PACKAGE_openvpn
+	default n
+
+config OPENVPN_PF
+	bool "Disable internal packet filter"
+	depends on PACKAGE_openvpn
+	default n
+
+endmenu
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@ -8,41 +8,37 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=openvpn
-PKG_VERSION:=2.1.4
-PKG_RELEASE:=3
+PKG_VERSION:=2.2.1
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn
-PKG_MD5SUM:=96a11868082685802489254f03ff3bde
+PKG_MD5SUM:=500bee5449b29906150569aaf2eb2730

 PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1

 include $(INCLUDE_DIR)/package.mk

 define Package/openvpn
  SECTION:=net
  CATEGORY:=Network
+  SUBMENU:=VPN
  DEPENDS:=+kmod-tun +libopenssl +PACKAGE_openvpn_complzo:liblzo
  TITLE:=Open source VPN solution using SSL
  URL:=http://openvpn.net
-  SUBMENU:=VPN
-endef
-
-define Package/openvpn/config
-config PACKAGE_openvpn_complzo
-	bool "Enable --comp-lzo compression option"
-	depends on PACKAGE_openvpn
-	default y
-endef
-
-define Package/openvpn/conffiles
-/etc/config/openvpn
+  MENU:=1
 endef

 define Package/openvpn/description
-	 Open source VPN solution using SSL
+ Open source VPN solution using SSL
 endef

+define Package/openvpn/config
+	source "$(SOURCE)/Config.in"
+endef
+
+
 define Package/openvpn-easy-rsa
  $(call Package/openvpn)
  DEPENDS:=+openssl-util
@ -59,19 +55,97 @@ CONFIGURE_ARGS+= \
 	--with-ifconfig-path=/sbin/ifconfig \
 	--with-iproute-path=/usr/sbin/ip \
 	--with-route-path=/sbin/route \
-	--disable-pthread \
 	--disable-debug \
 	--disable-plugins \
-	--enable-management \
+	--disable-pthread \
+	--disable-selinux \
 	--disable-socks \
-	--enable-password-save \
 	--enable-small

-ifndef CONFIG_PACKAGE_openvpn_complzo
+ifeq ($(CONFIG_OPENVPN_LZO),y)
 CONFIGURE_ARGS += \
 	--disable-lzo
 endif

+ifeq ($(CONFIG_OPENVPN_CRYPTO),y)
+CONFIGURE_ARGS += \
+	--disable-crypto
+endif
+
+ifeq ($(CONFIG_OPENVPN_SSL),y)
+CONFIGURE_ARGS += \
+	--disable-ssl
+endif
+
+ifeq ($(CONFIG_OPENVPN_X509_ALT_USERNAME),y)
+CONFIGURE_ARGS += \
+	--enable-x509-alt-username
+endif
+
+ifeq ($(CONFIG_OPENVPN_MULTI),y)
+CONFIGURE_ARGS += \
+	--disable-multi
+endif
+
+ifeq ($(CONFIG_OPENVPN_SERVER),y)
+CONFIGURE_ARGS += \
+	--disable-server
+endif
+
+ifeq ($(CONFIG_OPENVPN_EUREPHIA),y)
+CONFIGURE_ARGS += \
+	--disable-eurephia
+endif
+
+ifeq ($(CONFIG_OPENVPN_MANAGEMENT),y)
+CONFIGURE_ARGS += \
+	--disable-management
+endif
+
+ifeq ($(CONFIG_OPENVPN_PKCS11),y)
+CONFIGURE_ARGS += \
+	--disable-pkcs11
+endif
+
+ifeq ($(CONFIG_OPENVPN_HTTP),y)
+CONFIGURE_ARGS += \
+	--disable-http
+endif
+
+ifeq ($(CONFIG_OPENVPN_FRAGMENT),y)
+CONFIGURE_ARGS += \
+	--disable-fragment
+endif
+
+ifeq ($(CONFIG_OPENVPN_MULTIHOME),y)
+CONFIGURE_ARGS += \
+	--disable-multihome
+endif
+
+ifeq ($(CONFIG_OPENVPN_PORT_SHARE),y)
+CONFIGURE_ARGS += \
+	--disable-port-share
+endif
+
+ifeq ($(CONFIG_OPENVPN_ENABLE_PASSWORD_SAVE),y)
+CONFIGURE_ARGS += \
+	--enable-password-save
+endif
+
+ifeq ($(CONFIG_OPENVPN_DEF_AUTH),y)
+CONFIGURE_ARGS += \
+	--disable-def-auth
+endif
+
+ifeq ($(CONFIG_OPENVPN_PF),y)
+CONFIGURE_ARGS += \
+	--disable-pf
+endif
+
+define Package/openvpn/conffiles
+/etc/config/openvpn
+endef
+
 define Package/openvpn/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
@ -88,7 +162,7 @@ define Package/openvpn-easy-rsa/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/easy-rsa
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(1)/etc/easy-rsa/openssl.cnf
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
 	$(INSTALL_DIR) $(1)/etc/easy-rsa/keys
 	$(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt
--- a/net/openvpn/patches/001-easy_rsa.patch
+++ b/net/openvpn/patches/001-easy_rsa.patch
@ -1,11 +1,6 @@
 --- a/easy-rsa/2.0/build-ca
 +++ b/easy-rsa/2.0/build-ca
-@@ -1,8 +1,8 @@
-#!/bin/bash
-+#!/bin/sh
- 
- #
- # Build a root certificate
+@@ -5,4 +5,4 @@
 #
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -13,21 +8,17 @@
 +"/usr/sbin/pkitool" --interact --initca $*
 --- a/easy-rsa/2.0/build-dh
 +++ b/easy-rsa/2.0/build-dh
-@@ -1,4 +1,6 @@
-#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Build Diffie-Hellman parameters for the server side
 # of an SSL/TLS connection.
+ 
 --- a/easy-rsa/2.0/build-inter
 +++ b/easy-rsa/2.0/build-inter
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Make an intermediate CA certificate/private key pair using a locally generated
+@@ -4,4 +4,4 @@
 # root certificate.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -35,11 +26,7 @@
 +"/usr/sbin/pkitool" --interact --inter $*
 --- a/easy-rsa/2.0/build-key
 +++ b/easy-rsa/2.0/build-key
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
+@@ -4,4 +4,4 @@
 # root certificate.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -47,11 +34,7 @@
 +"/usr/sbin/pkitool" --interact $*
 --- a/easy-rsa/2.0/build-key-pass
 +++ b/easy-rsa/2.0/build-key-pass
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Similar to build-key, but protect the private key
+@@ -4,4 +4,4 @@
 # with a password.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -59,12 +42,7 @@
 +"/usr/sbin/pkitool" --interact --pass $*
 --- a/easy-rsa/2.0/build-key-pkcs12
 +++ b/easy-rsa/2.0/build-key-pkcs12
-@@ -1,8 +1,8 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
- # root certificate and convert it to a PKCS #12 file including the
+@@ -5,4 +5,4 @@
 # the CA certificate as well.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -72,12 +50,6 @@
 +"/usr/sbin/pkitool" --interact --pkcs12 $*
 --- a/easy-rsa/2.0/build-key-server
 +++ b/easy-rsa/2.0/build-key-server
-@@ -1,4 +1,4 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
- # root certificate.
@@ -7,4 +7,4 @@
 # extension in the openssl.cnf file.
 
@ -86,11 +58,7 @@
 +"/usr/sbin/pkitool" --interact --server $*
 --- a/easy-rsa/2.0/build-req
 +++ b/easy-rsa/2.0/build-req
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Build a certificate signing request and private key.  Use this
+@@ -4,4 +4,4 @@
 # when your root certificate and key is not available locally.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -98,11 +66,7 @@
 +"/usr/sbin/pkitool" --interact --csr $*
 --- a/easy-rsa/2.0/build-req-pass
 +++ b/easy-rsa/2.0/build-req-pass
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Like build-req, but protect your private key
+@@ -4,4 +4,4 @@
 # with a password.
 
 export EASY_RSA="${EASY_RSA:-.}"
@ -110,34 +74,34 @@
 +"/usr/sbin/pkitool" --interact --csr --pass $*
 --- a/easy-rsa/2.0/clean-all
 +++ b/easy-rsa/2.0/clean-all
-@@ -1,4 +1,6 @@
-#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Initialize the $KEY_DIR directory.
 # Note that this script does a
+ # rm -rf on $KEY_DIR so be careful!
 --- a/easy-rsa/2.0/inherit-inter
 +++ b/easy-rsa/2.0/inherit-inter
-@@ -1,4 +1,6 @@
-#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Build a new PKI which is rooted on an intermediate certificate generated
 # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+ # have independent vars settings, and must use a different KEY_DIR directory
 --- a/easy-rsa/2.0/list-crl
 +++ b/easy-rsa/2.0/list-crl
-@@ -1,4 +1,6 @@
-#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # list revoked certificates
 
+ CRL="${1:-crl.pem}"
 --- a/easy-rsa/2.0/pkitool
 +++ b/easy-rsa/2.0/pkitool
@@ -1,5 +1,7 @@
@ -150,21 +114,17 @@
 #             session authentication and key exchange,
 --- a/easy-rsa/2.0/revoke-full
 +++ b/easy-rsa/2.0/revoke-full
-@@ -1,4 +1,6 @@
-#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # revoke a certificate, regenerate CRL,
 # and verify revocation
+ 
 --- a/easy-rsa/2.0/sign-req
 +++ b/easy-rsa/2.0/sign-req
-@@ -1,7 +1,7 @@
-#!/bin/bash
-+#!/bin/sh
- 
- # Sign a certificate signing request (a .csr file)
+@@ -4,4 +4,4 @@
 # with a local root certificate and key.
 
 export EASY_RSA="${EASY_RSA:-.}"