bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[package] openvpn: update to 2.2.1, reorganize makefile

Browse Source 
Upgrade to new version, add menu, refresh patches and reorganize
Makefile.

Signed-off-by: Luka Perkov <openwrt@lukaperkov.net>

git-svn-id: svn://svn.openwrt.org/openwrt/packages@28098 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
florian 2011-08-28 12:08:25 +00:00
parent b2b819fca1
commit 3d1d83abe7
3 changed files with 212 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
net/openvpn/Config.in Normal file
View File

@ -0,0 +1,84 @@
menu "Configuration"
depends on PACKAGE_openvpn
config OPENVPN_LZO
bool "Disable LZO compression support"
depends on PACKAGE_openvpn
default n
config OPENVPN_CRYPTO
bool "Disable OpenSSL crypto support"
depends on PACKAGE_openvpn
default n
config OPENVPN_SSL
bool "Disable OpenSSL SSL support for TLS-based key exchange"
depends on PACKAGE_openvpn
default n
config OPENVPN_X509_ALT_USERNAME
bool "Enable the --x509-username-field feature"
depends on PACKAGE_openvpn
default n
config OPENVPN_MULTI
bool "Disable client/server support (--mode server + client mode)"
depends on PACKAGE_openvpn
default n
config OPENVPN_SERVER
bool "Disable server support only (but retain client support)"
depends on PACKAGE_openvpn
default n
config OPENVPN_EUREPHIA
bool "Disable support for the eurephia plug-in"
depends on PACKAGE_openvpn
default y
config OPENVPN_MANAGEMENT
bool "Disable management server support"
depends on PACKAGE_openvpn
default y
config OPENVPN_PKCS11
bool "Disable pkcs11 support"
depends on PACKAGE_openvpn
default n
config OPENVPN_HTTP
bool "Disable HTTP proxy support"
depends on PACKAGE_openvpn
default n
config OPENVPN_FRAGMENT
bool "Disable internal fragmentation support (--fragment)"
depends on PACKAGE_openvpn
default n
config OPENVPN_MULTIHOME
bool "Disable multi-homed UDP server support (--multihome)"
depends on PACKAGE_openvpn
default n
config OPENVPN_PORT_SHARE
bool "Disable TCP server port-share support (--port-share)"
depends on PACKAGE_openvpn
default n
config OPENVPN_ENABLE_PASSWORD_SAVE
bool "Allow --askpass and --auth-user-pass passwords to be read from a file"
depends on PACKAGE_openvpn
default n
config OPENVPN_DEF_AUTH
bool "Disable deferred authentication"
depends on PACKAGE_openvpn
default n
config OPENVPN_PF
bool "Disable internal packet filter"
depends on PACKAGE_openvpn
default n
endmenu

116
net/openvpn/Makefile
View File

@ -8,41 +8,37 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn PKG_NAME:=openvpn
PKG_VERSION:=2.1.4 PKG_VERSION:=2.2.1
PKG_RELEASE:=3 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn
PKG_MD5SUM:=96a11868082685802489254f03ff3bde PKG_MD5SUM:=500bee5449b29906150569aaf2eb2730
PKG_INSTALL:=1 PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Package/openvpn define Package/openvpn
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
SUBMENU:=VPN
DEPENDS:=+kmod-tun +libopenssl +PACKAGE_openvpn_complzo:liblzo DEPENDS:=+kmod-tun +libopenssl +PACKAGE_openvpn_complzo:liblzo
TITLE:=Open source VPN solution using SSL TITLE:=Open source VPN solution using SSL
URL:=http://openvpn.net URL:=http://openvpn.net
SUBMENU:=VPN MENU:=1
endef
define Package/openvpn/config
config PACKAGE_openvpn_complzo
bool "Enable --comp-lzo compression option"
depends on PACKAGE_openvpn
default y
endef
define Package/openvpn/conffiles
/etc/config/openvpn
endef endef
define Package/openvpn/description define Package/openvpn/description
Open source VPN solution using SSL Open source VPN solution using SSL
endef endef
define Package/openvpn/config
source "$(SOURCE)/Config.in"
endef
define Package/openvpn-easy-rsa define Package/openvpn-easy-rsa
$(call Package/openvpn) $(call Package/openvpn)
DEPENDS:=+openssl-util DEPENDS:=+openssl-util
@ -59,19 +55,97 @@ CONFIGURE_ARGS+= \
--with-ifconfig-path=/sbin/ifconfig \ --with-ifconfig-path=/sbin/ifconfig \
--with-iproute-path=/usr/sbin/ip \ --with-iproute-path=/usr/sbin/ip \
--with-route-path=/sbin/route \ --with-route-path=/sbin/route \
--disable-pthread \
--disable-debug \ --disable-debug \
--disable-plugins \ --disable-plugins \
--enable-management \ --disable-pthread \
--disable-selinux \
--disable-socks \ --disable-socks \
--enable-password-save \
--enable-small --enable-small
ifndef CONFIG_PACKAGE_openvpn_complzo ifeq ($(CONFIG_OPENVPN_LZO),y)
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--disable-lzo --disable-lzo
endif endif
ifeq ($(CONFIG_OPENVPN_CRYPTO),y)
CONFIGURE_ARGS += \
--disable-crypto
endif
ifeq ($(CONFIG_OPENVPN_SSL),y)
CONFIGURE_ARGS += \
--disable-ssl
endif
ifeq ($(CONFIG_OPENVPN_X509_ALT_USERNAME),y)
CONFIGURE_ARGS += \
--enable-x509-alt-username
endif
ifeq ($(CONFIG_OPENVPN_MULTI),y)
CONFIGURE_ARGS += \
--disable-multi
endif
ifeq ($(CONFIG_OPENVPN_SERVER),y)
CONFIGURE_ARGS += \
--disable-server
endif
ifeq ($(CONFIG_OPENVPN_EUREPHIA),y)
CONFIGURE_ARGS += \
--disable-eurephia
endif
ifeq ($(CONFIG_OPENVPN_MANAGEMENT),y)
CONFIGURE_ARGS += \
--disable-management
endif
ifeq ($(CONFIG_OPENVPN_PKCS11),y)
CONFIGURE_ARGS += \
--disable-pkcs11
endif
ifeq ($(CONFIG_OPENVPN_HTTP),y)
CONFIGURE_ARGS += \
--disable-http
endif
ifeq ($(CONFIG_OPENVPN_FRAGMENT),y)
CONFIGURE_ARGS += \
--disable-fragment
endif
ifeq ($(CONFIG_OPENVPN_MULTIHOME),y)
CONFIGURE_ARGS += \
--disable-multihome
endif
ifeq ($(CONFIG_OPENVPN_PORT_SHARE),y)
CONFIGURE_ARGS += \
--disable-port-share
endif
ifeq ($(CONFIG_OPENVPN_ENABLE_PASSWORD_SAVE),y)
CONFIGURE_ARGS += \
--enable-password-save
endif
ifeq ($(CONFIG_OPENVPN_DEF_AUTH),y)
CONFIGURE_ARGS += \
--disable-def-auth
endif
ifeq ($(CONFIG_OPENVPN_PF),y)
CONFIGURE_ARGS += \
--disable-pf
endif
define Package/openvpn/conffiles
/etc/config/openvpn
endef
define Package/openvpn/install define Package/openvpn/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
@ -88,7 +162,7 @@ define Package/openvpn-easy-rsa/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/easy-rsa $(INSTALL_DIR) $(1)/etc/easy-rsa
$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(1)/etc/easy-rsa/openssl.cnf $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf
$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
$(INSTALL_DIR) $(1)/etc/easy-rsa/keys $(INSTALL_DIR) $(1)/etc/easy-rsa/keys
$(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt

106
net/openvpn/patches/001-easy_rsa.patch
View File

@ -1,11 +1,6 @@
--- a/easy-rsa/2.0/build-ca --- a/easy-rsa/2.0/build-ca
+++ b/easy-rsa/2.0/build-ca +++ b/easy-rsa/2.0/build-ca
@@ -1,8 +1,8 @@ @@ -5,4 +5,4 @@
-#!/bin/bash
+#!/bin/sh
#
# Build a root certificate
# #
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -13,21 +8,17 @@
+"/usr/sbin/pkitool" --interact --initca $* +"/usr/sbin/pkitool" --interact --initca $*
--- a/easy-rsa/2.0/build-dh --- a/easy-rsa/2.0/build-dh
+++ b/easy-rsa/2.0/build-dh +++ b/easy-rsa/2.0/build-dh
@@ -1,4 +1,6 @@ @@ -1,5 +1,7 @@
-#!/bin/bash #!/bin/sh
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+. /etc/easy-rsa/vars
+
# Build Diffie-Hellman parameters for the server side # Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection. # of an SSL/TLS connection.
--- a/easy-rsa/2.0/build-inter --- a/easy-rsa/2.0/build-inter
+++ b/easy-rsa/2.0/build-inter +++ b/easy-rsa/2.0/build-inter
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Make an intermediate CA certificate/private key pair using a locally generated
# root certificate. # root certificate.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -35,11 +26,7 @@
+"/usr/sbin/pkitool" --interact --inter $* +"/usr/sbin/pkitool" --interact --inter $*
--- a/easy-rsa/2.0/build-key --- a/easy-rsa/2.0/build-key
+++ b/easy-rsa/2.0/build-key +++ b/easy-rsa/2.0/build-key
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate. # root certificate.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -47,11 +34,7 @@
+"/usr/sbin/pkitool" --interact $* +"/usr/sbin/pkitool" --interact $*
--- a/easy-rsa/2.0/build-key-pass --- a/easy-rsa/2.0/build-key-pass
+++ b/easy-rsa/2.0/build-key-pass +++ b/easy-rsa/2.0/build-key-pass
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Similar to build-key, but protect the private key
# with a password. # with a password.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -59,12 +42,7 @@
+"/usr/sbin/pkitool" --interact --pass $* +"/usr/sbin/pkitool" --interact --pass $*
--- a/easy-rsa/2.0/build-key-pkcs12 --- a/easy-rsa/2.0/build-key-pkcs12
+++ b/easy-rsa/2.0/build-key-pkcs12 +++ b/easy-rsa/2.0/build-key-pkcs12
@@ -1,8 +1,8 @@ @@ -5,4 +5,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate and convert it to a PKCS #12 file including the
# the CA certificate as well. # the CA certificate as well.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -72,12 +50,6 @@
+"/usr/sbin/pkitool" --interact --pkcs12 $* +"/usr/sbin/pkitool" --interact --pkcs12 $*
--- a/easy-rsa/2.0/build-key-server --- a/easy-rsa/2.0/build-key-server
+++ b/easy-rsa/2.0/build-key-server +++ b/easy-rsa/2.0/build-key-server
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate.
@@ -7,4 +7,4 @@ @@ -7,4 +7,4 @@
# extension in the openssl.cnf file. # extension in the openssl.cnf file.
@ -86,11 +58,7 @@
+"/usr/sbin/pkitool" --interact --server $* +"/usr/sbin/pkitool" --interact --server $*
--- a/easy-rsa/2.0/build-req --- a/easy-rsa/2.0/build-req
+++ b/easy-rsa/2.0/build-req +++ b/easy-rsa/2.0/build-req
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Build a certificate signing request and private key. Use this
# when your root certificate and key is not available locally. # when your root certificate and key is not available locally.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -98,11 +66,7 @@
+"/usr/sbin/pkitool" --interact --csr $* +"/usr/sbin/pkitool" --interact --csr $*
--- a/easy-rsa/2.0/build-req-pass --- a/easy-rsa/2.0/build-req-pass
+++ b/easy-rsa/2.0/build-req-pass +++ b/easy-rsa/2.0/build-req-pass
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Like build-req, but protect your private key
# with a password. # with a password.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"
@ -110,34 +74,34 @@
+"/usr/sbin/pkitool" --interact --csr --pass $* +"/usr/sbin/pkitool" --interact --csr --pass $*
--- a/easy-rsa/2.0/clean-all --- a/easy-rsa/2.0/clean-all
+++ b/easy-rsa/2.0/clean-all +++ b/easy-rsa/2.0/clean-all
@@ -1,4 +1,6 @@ @@ -1,5 +1,7 @@
-#!/bin/bash #!/bin/sh
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+. /etc/easy-rsa/vars
+
# Initialize the $KEY_DIR directory. # Initialize the $KEY_DIR directory.
# Note that this script does a # Note that this script does a
# rm -rf on $KEY_DIR so be careful!
--- a/easy-rsa/2.0/inherit-inter --- a/easy-rsa/2.0/inherit-inter
+++ b/easy-rsa/2.0/inherit-inter +++ b/easy-rsa/2.0/inherit-inter
@@ -1,4 +1,6 @@ @@ -1,5 +1,7 @@
-#!/bin/bash #!/bin/sh
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+. /etc/easy-rsa/vars
+
# Build a new PKI which is rooted on an intermediate certificate generated # Build a new PKI which is rooted on an intermediate certificate generated
# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
# have independent vars settings, and must use a different KEY_DIR directory
--- a/easy-rsa/2.0/list-crl --- a/easy-rsa/2.0/list-crl
+++ b/easy-rsa/2.0/list-crl +++ b/easy-rsa/2.0/list-crl
@@ -1,4 +1,6 @@ @@ -1,5 +1,7 @@
-#!/bin/bash #!/bin/sh
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+. /etc/easy-rsa/vars
+
# list revoked certificates # list revoked certificates
CRL="${1:-crl.pem}"
--- a/easy-rsa/2.0/pkitool --- a/easy-rsa/2.0/pkitool
+++ b/easy-rsa/2.0/pkitool +++ b/easy-rsa/2.0/pkitool
@@ -1,5 +1,7 @@ @@ -1,5 +1,7 @@
@ -150,21 +114,17 @@
# session authentication and key exchange, # session authentication and key exchange,
--- a/easy-rsa/2.0/revoke-full --- a/easy-rsa/2.0/revoke-full
+++ b/easy-rsa/2.0/revoke-full +++ b/easy-rsa/2.0/revoke-full
@@ -1,4 +1,6 @@ @@ -1,5 +1,7 @@
-#!/bin/bash #!/bin/sh
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+. /etc/easy-rsa/vars
+
# revoke a certificate, regenerate CRL, # revoke a certificate, regenerate CRL,
# and verify revocation # and verify revocation
--- a/easy-rsa/2.0/sign-req --- a/easy-rsa/2.0/sign-req
+++ b/easy-rsa/2.0/sign-req +++ b/easy-rsa/2.0/sign-req
@@ -1,7 +1,7 @@ @@ -4,4 +4,4 @@
-#!/bin/bash
+#!/bin/sh
# Sign a certificate signing request (a .csr file)
# with a local root certificate and key. # with a local root certificate and key.
export EASY_RSA="${EASY_RSA:-.}" export EASY_RSA="${EASY_RSA:-.}"