[package] update strongswan4 to 4.5.2

Update version of strongswan4 package from 4.5.1 to 4.5.2. Add new strongswan4 plugins: coupling, duplicheck, whitelist. Add strongswan4-libfast package and make build dependencies on clearsilver and fcgi conditional. Previously libfast was being built, but not packaged. Now libfast will only be built when the it's package is selected. Remove ipsec.conf and strongswan.conf and use configuration files from upstream instead. The previously provided strongswan.conf was not functional. Omit strongswan4-mod-kernel-klips from strongswan4-full meta package in favor of strongswan4-mod-kernel-netlink. Only one of these two kernel interfaces should be installed. Omit strongswan4-mod-socket-default from strongswan4-full meta package in favor of strongswan4-mod-socket-raw. Only the raw socket allows charon to run while pluto is also running. Make all build dependencies on libraries required by strongswan4 plugins conditional. Signed-off-by: Lars Hjersted <lars@hjersted.com> git-svn-id: svn://svn.openwrt.org/openwrt/packages@27092 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-06-02 14:24:20 +00:00 · 2011-06-02 14:24:20 +00:00 · 6a60ef1233
commit 6a60ef1233
parent cb6d6001bc
3 changed files with 57 additions and 85 deletions
--- a/net/strongswan4/Makefile
+++ b/net/strongswan4/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=strongswan
-PKG_VERSION:=4.5.1
+PKG_VERSION:=4.5.2
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/
-PKG_MD5SUM:=81a4a699c4a1a49b74061dfa47b5a033
+PKG_MD5SUM:=ac33b8f849a274127f84df0838cae953

 PKG_MOD_AVAILABLE:= \
 	aes \
@ -22,10 +22,12 @@ PKG_MOD_AVAILABLE:= \
 	attr-sql \
 	blowfish \
 	constraints \
+	coupling \
 	curl \
 	des \
 	dhcp \
 	dnskey \
+	duplicheck \
 	eap-md5 \
 	eap-mschapv2 \
 	eap-radius \
@ -62,13 +64,14 @@ PKG_MOD_AVAILABLE:= \
 	stroke \
 	uci \
 	updown \
+	whitelist \
 	x509 \
 	xauth \
 	xcbc \

 PKG_BUILD_DEPENDS:= \
-	clearsilver \
-	fcgi \
+	PACKAGE_strongswan4-libfast:clearsilver \
+	PACKAGE_strongswan4-libfast:fcgi \

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_STRONGSWAN4_ENABLE_CISCO_QUIRKS \
@ -128,16 +131,19 @@ $(call Package/strongswan4/Default)
  DEPENDS:= strongswan4 \
 	+strongswan4-app-charon \
 	+strongswan4-app-pluto \
+	+strongswan4-libfast \
 	+strongswan4-mod-aes \
 	+strongswan4-mod-agent \
 	+strongswan4-mod-attr \
 	+strongswan4-mod-attr-sql \
 	+strongswan4-mod-blowfish \
 	+strongswan4-mod-constraints \
+	+strongswan4-mod-coupling \
 	+strongswan4-mod-curl \
 	+strongswan4-mod-des \
 	+strongswan4-mod-dhcp \
 	+strongswan4-mod-dnskey \
+	+strongswan4-mod-duplicheck \
 	+strongswan4-mod-eap-md5 \
 	+strongswan4-mod-eap-mschapv2 \
 	+strongswan4-mod-eap-radius \
@ -146,7 +152,6 @@ $(call Package/strongswan4/Default)
 	+strongswan4-mod-gcrypt \
 	+strongswan4-mod-gmp \
 	+strongswan4-mod-hmac \
-	+strongswan4-mod-kernel-klips \
 	+strongswan4-mod-kernel-netlink \
 	+strongswan4-mod-kernel-pfkey \
 	+strongswan4-mod-ldap \
@ -167,13 +172,13 @@ $(call Package/strongswan4/Default)
 	+strongswan4-mod-sha1 \
 	+strongswan4-mod-sha2 \
 	+strongswan4-mod-smp \
-	+strongswan4-mod-socket-default \
 	+strongswan4-mod-socket-raw \
 	+strongswan4-mod-sql \
 	+strongswan4-mod-sqlite \
 	+strongswan4-mod-stroke \
 	+strongswan4-mod-uci \
 	+strongswan4-mod-updown \
+	+strongswan4-mod-whitelist \
 	+strongswan4-mod-x509 \
 	+strongswan4-mod-xauth \
 	+strongswan4-mod-xcbc \
@ -183,7 +188,9 @@ endef
 define Package/strongswan4-full/description
 $(call Package/strongswan4/description/Default)
 .
- This meta-package contains only dependencies for a complete setup.
+ This meta-package contains dependencies for all of the strongswan4 
+ plugins except kernel-klips and socket-default which are ommitted in 
+ favor of the kernel-netlink and socket-raw plugins.
 endef


@ -281,6 +288,20 @@ $(call Package/strongswan4/description/Default)
 endef


+define Package/strongswan4-libfast
+$(call Package/strongswan4/Default)
+  TITLE+= libfast
+  DEPENDS:= strongswan4
+endef
+
+define Package/strongswan4-libfast/description
+$(call Package/strongswan4/description/Default)
+ .
+ This package contains libfast, a lightweight framework to build native 
+ web applications using ClearSilver and FastCGI.
+endef
+
+
 define Package/strongswan4-utils
 $(call Package/strongswan4/Default)
  TITLE+= utilities
@ -323,6 +344,7 @@ CONFIGURE_ARGS+= \
 	$(if $(CONFIG_STRONGSWAN4_ENABLE_XAUTH_VID),--enable-xauth-vid,--disable-xauth-vid) \
 	--disable-scripts \
 	--disable-static \
+	$(if $(CONFIG_PACKAGE_strongswan4-libfast),--enable-fast,--disable-fast) \
 	$(if $(CONFIG_PACKAGE_strongswan4-utils),--enable-tools,--disable-tools) \
 	--with-random-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_RANDOM))" \
 	--with-urandom-device="$(call qstrip,$(CONFIG_STRONGSWAN4_DEVICE_URANDOM))" \
@ -332,7 +354,9 @@ CONFIGURE_ARGS+= \
 	  $(if $(CONFIG_PACKAGE_strongswan4-mod-$(m)),--enable-$(m),--disable-$(m)) \
 	) \

-EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
+ifneq ($(CONFIG_PACKAGE_strongswan4-libfast),)
+  EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
+endif

 EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib

@ -346,23 +370,14 @@ endef
 define Package/strongswan4/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) -R $(PKG_INSTALL_DIR)/etc/ipsec.d $(1)/etc/
+	$(CP) $(PKG_INSTALL_DIR)/etc/{ipsec.conf,strongswan.conf} $(1)/etc/
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/libstrongswan.so.* \
-		$(PKG_INSTALL_DIR)/usr/lib/libhydra.so.* \
-		$(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/_copyright \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/starter \
-		$(1)/usr/lib/ipsec/
-	$(INSTALL_CONF) \
-		./files/ipsec.conf \
-		./files/ipsec.secrets \
-		./files/strongswan.conf \
-		$(1)/etc/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_copyright,starter} $(1)/usr/lib/ipsec/
+	$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
 endef


@ -385,46 +400,36 @@ define Package/strongswan4-app-charon/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcharon.so.* $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/charon \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/stroke \
-		$(1)/usr/lib/ipsec/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{charon,stroke} $(1)/usr/lib/ipsec/
 endef


 define Package/strongswan4-app-pluto/install
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/pluto \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/_pluto_adns \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/whack \
-		$(1)/usr/lib/ipsec/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{pluto,_pluto_adns,whack} $(1)/usr/lib/ipsec/
+endef
+
+
+define Package/strongswan4-libfast/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfast.so.* $(1)/usr/lib/
 endef


 define Package/strongswan4-utils/install
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/openac \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/pki \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient \
-		$(1)/usr/lib/ipsec/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/
 endef


 define Plugin/attr-sql/install
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/pool \
-		$(1)/usr/lib/ipsec/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/
 endef

 define Plugin/updown/install
 	$(INSTALL_DIR) $(1)/usr/lib/ipsec
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown \
-		$(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown_espmark \
-		$(1)/usr/lib/ipsec/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/
 endef


@ -434,6 +439,7 @@ $(eval $(call BuildPackage,strongswan4-full))
 $(eval $(call BuildPackage,strongswan4-minimal))
 $(eval $(call BuildPackage,strongswan4-app-charon))
 $(eval $(call BuildPackage,strongswan4-app-pluto))
+$(eval $(call BuildPackage,strongswan4-libfast))
 $(eval $(call BuildPackage,strongswan4-utils))

 $(eval $(call BuildPlugin,aes,AES crypto,))
@ -442,22 +448,24 @@ $(eval $(call BuildPlugin,attr,File-based config attr,))
 $(eval $(call BuildPlugin,attr-sql,SQL-based config attrib,+strongswan4-mod-sql))
 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
 $(eval $(call BuildPlugin,constraints,X.509 constraint checking,))
-$(eval $(call BuildPlugin,curl,cURL,+libcurl))
+$(eval $(call BuildPlugin,coupling,Peer certificate coupling,))
+$(eval $(call BuildPlugin,curl,cURL,+PACKAGE_strongswan4-mod-curl:libcurl))
 $(eval $(call BuildPlugin,des,DES crypto,))
 $(eval $(call BuildPlugin,dhcp,DHCP-based IP and DNS,))
 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
+$(eval $(call BuildPlugin,duplicheck,Duplicate checking,))
 $(eval $(call BuildPlugin,eap-md5,MD5 EAP (CHAP) auth,))
 $(eval $(call BuildPlugin,eap-mschapv2,MS-CHAPv2 EAP auth,))
 $(eval $(call BuildPlugin,eap-radius,RADIUS proxy auth,))
 $(eval $(call BuildPlugin,farp,Fake arp respsonses,))
 $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,))
-$(eval $(call BuildPlugin,gcrypt,libgcrypt,+libgcrypt))
-$(eval $(call BuildPlugin,gmp,libgmp,+libgmp))
+$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan4-mod-gcrypt:libgcrypt))
+$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan4-mod-gmp:libgmp))
 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
 $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
 $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
-$(eval $(call BuildPlugin,ldap,LDAP,+libopenldap))
+$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan4-mod-ldap:libopenldap))
 $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
 $(eval $(call BuildPlugin,load-tester,load testing,))
 $(eval $(call BuildPlugin,md5,MD5 crypto,))
@ -480,8 +488,9 @@ $(eval $(call BuildPlugin,socket-raw,RAW socket for IKEv1 and IKEv2,))
 $(eval $(call BuildPlugin,sql,SQL database interface,))
 $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan4-mod-sql +PACKAGE_strongswan4-mod-sqlite:libsqlite3))
 $(eval $(call BuildPlugin,stroke,Stroke,))
-$(eval $(call BuildPlugin,uci,UCI config interface,+libuci))
+$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan4-mod-uci:libuci))
 $(eval $(call BuildPlugin,updown,updown firewall,))
+$(eval $(call BuildPlugin,whitelist,Peer identity whitelisting,))
 $(eval $(call BuildPlugin,x509,x509 certificate,))
 $(eval $(call BuildPlugin,xauth,XAUTH authentication,))
 $(eval $(call BuildPlugin,xcbc,xcbc crypto,))
--- a/net/strongswan4/files/ipsec.conf
+++ b/net/strongswan4/files/ipsec.conf
@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-	authby=secret
-
-conn example
-	left=%defaultroute
-	leftsubnet=192.168.1.0/24
-	leftfirewall=yes
-	right=%any
-	auto=add
--- a/net/strongswan4/files/strongswan.conf
+++ b/net/strongswan4/files/strongswan.conf
@ -1,18 +0,0 @@
-# strongswan.conf - strongSwan configuration file
-
-charon {
-
-	# number of worker threads in charon
-	threads = 4
-
-	# plugins to load in charon
-	load = aes gmp hmac pubkey random sha1 x509 xcbc stroke
-
-}
-
-libstrongswan {
-
-	#  set to no, the DH exponent size is optimized
-	#  dh_exponent_ansi_x9_42 = no
-
-}