Update openswan to 2.6.18 (#4019)

git-svn-id: svn://svn.openwrt.org/openwrt/packages@13092 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-11-01 16:52:42 +00:00 · 2008-11-01 16:52:42 +00:00 · 7188245a4c
commit 7188245a4c
parent f1032571f2
3 changed files with 107 additions and 93 deletions
--- a/net/openswan/Makefile
+++ b/net/openswan/Makefile
@ -10,19 +10,19 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=openswan
-PKG_VERSION:=2.4.10
+PKG_VERSION:=2.6.18
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openswan.org/download
-PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f
+PKG_MD5SUM:=b485b38b1074155bc337f80557c24c0d

 include $(INCLUDE_DIR)/package.mk

 define Package/openswan/Default
  TITLE:=Openswan
  URL:=http://www.openswan.org/
-  DEPENDS:=@BROKEN
+  DEPENDS:=@LINUX_2_6
 endef

 define Package/openswan/Default/description
--- a/net/openswan/files/ipsec.init
+++ b/net/openswan/files/ipsec.init
@ -1,8 +1,7 @@
 #!/bin/sh /etc/rc.common
 # IPsec startup and shutdown script
 # Copyright (C) 1998, 1999, 2001  Henry Spencer.
-# Copyright (C) 2002              Michael Richardson <mcr@freeswan.org>
-# Copyright (C) 2006              OpenWrt.org
+# Copyright (C) 2002			  Michael Richardson <mcr@freeswan.org>
 # 
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by the
@ -14,10 +13,9 @@
 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # for more details.
 #
-# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
 #
-# ipsec         init.d script for starting and stopping
-#               the IPsec security subsystem (KLIPS and Pluto).
+# ipsec		 init.d script for starting and stopping
+#			   the IPsec security subsystem (KLIPS and Pluto).
 #
 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
 # and is also accessible as "ipsec setup" (the preferred route for human
@ -33,6 +31,9 @@
 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.

 START=60
+EXTRA_COMMANDS=status
+EXTRA_HELP="    status  Show the status of the service"
+
 script_init() {
 	me='ipsec setup'		# for messages

@ -44,12 +45,12 @@ script_init() {

 	if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
 	then
-	    # we must establish a suitable PATH ourselves
-	    PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
-	    export PATH
+		# we must establish a suitable PATH ourselves
+		PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
+		export PATH

-	    IPSEC_DIR="$IPSEC_LIBDIR"
-	    export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
+		IPSEC_DIR="$IPSEC_LIBDIR"
+		export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
 	fi

 	# Check that the ipsec command is available.
@ -69,22 +70,46 @@ script_init() {
 		exit 1
 	fi

+	# accept a few flags
+
+	export IPSEC_setupflags
+	IPSEC_setupflags=""
+
+	config=""
+
+	for dummy
+	do
+		case "$1" in
+		--showonly|--show)  IPSEC_setupflags="$1" ;;
+		--config)  config="--config $2" ; shift	;;
+		*) break ;;
+		esac
+		shift
+	done
+
+
 	# Pick up IPsec configuration (until we have done this, successfully, we
 	# do not know where errors should go, hence the explicit "daemon.error"s.)
 	# Note the "--export", which exports the variables created.
-	eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
+	variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
+	if [ $? != 0 ]
+	then
+		echo "Failed to parse config setup portion of ipsec.conf"
+		exit $?
+	fi
+	eval $variables

 	if test " $IPSEC_confreadstatus" != " "
 	then
-	    case $1 in 
-	    stop|--stop|_autostop) 
+		case $1 in 
+		stop|--stop|_autostop) 
 		echo "$IPSEC_confreadstatus -- \`$1' may not work" |
 			logger -s -p daemon.error -t ipsec_setup;;
-
-	    *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
-		    logger -s -p daemon.error -t ipsec_setup;
+			
+		*) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
+			logger -s -p daemon.error -t ipsec_setup;
 		exit 1;;
-	    esac
+		esac
 	fi

 	IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
@ -100,40 +125,69 @@ script_init() {
 }

 script_command() {
-	if [ "${USER}" != "root" ]
-	then
-		echo "permission denied (must be superuser)" |
-			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		exit 1
-	fi
-	# make sure all required directories exist
-	if [ ! -d /var/run/pluto ]
-	then
-		mkdir -p /var/run/pluto
-	fi
-	if [ ! -d /var/lock/subsys ]
-	then
-		mkdir -p /var/lock/subsys
-	fi
-	tmp=/var/run/pluto/ipsec_setup.st
-	outtmp=/var/run/pluto/ipsec_setup.out
-	(
+	# do it
+	case "$1" in
+	start|--start|stop|--stop|_autostop|_autostart)
+		# remove for: @cygwin_START@ 
+		# portable way for checking for root
+		if [ ! -w / ]
+		then
+
+			echo "permission denied (must be superuser)" |
+				logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+			exit 1
+		fi
+		# remove for: @cygwin_END@
+		tmp=/var/run/pluto/ipsec_setup.st
+		outtmp=/var/run/pluto/ipsec_setup.out
+		(
+			ipsec _realsetup $1
+			echo "$?" >$tmp
+		) > ${outtmp} 2>&1
+		st=$?
+		if test -f $tmp
+		then
+			st=`cat $tmp`
+			rm -f $tmp
+		fi
+		if [ -f ${outtmp} ]; then
+			cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+			rm -f ${outtmp}
+		fi
+		;;
+
+	restart|--restart|force-reload)
+		$0 $IPSEC_setupflags stop
+		$0 $IPSEC_setupflags start
+		;;
+
+	_autorestart)			# for internal use only
+		$0 $IPSEC_setupflags _autostop
+		$0 $IPSEC_setupflags _autostart
+		;;
+
+	status|--status)
 		ipsec _realsetup $1
-		echo "$?" >$tmp
-	) > ${outtmp} 2>&1
-	st=$?
-	if test -f $tmp
-	then
-		st=`cat $tmp`
-		rm -f $tmp
-	fi
-	if [ -f ${outtmp} ]; then
-		cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		rm -f ${outtmp}
-	fi
+		exit
+		;;
+
+	--version)
+		echo "$me $IPSEC_VERSION"
+		exit 0
+		;;
+
+	--help)
+		echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
+		echo "	   $me --status"
+		exit 0
+		;;
+
+	*)
+		echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
+		echo "	   $me --status"
+		exit 2
+	esac
 }
-
-
 start() {
 	script_init start "$@"
 	script_command start "$@"
@ -154,5 +208,4 @@ status() {
 	script_init status "$@"
 	ipsec _realsetup status
 }
-EXTRA_COMMANDS=status
-EXTRA_HELP="	status	Show the status of the service"
+
--- a/net/openswan/patches/120-use_dev_urandom.patch
+++ b/net/openswan/patches/120-use_dev_urandom.patch
@ -1,39 +0,0 @@
-Index: openswan-2.4.8/programs/ranbits/ranbits.c
-===================================================================
--- openswan-2.4.8.orig/programs/ranbits/ranbits.c	2007-06-04 13:22:49.835279168 +0200
-+++ openswan-2.4.8/programs/ranbits/ranbits.c	2007-06-04 13:22:51.648003592 +0200
-@@ -29,7 +29,7 @@
- #include <openswan.h>
- 
- #ifndef DEVICE
-#define	DEVICE	"/dev/random"
-+#define	DEVICE	"/dev/urandom"
- #endif
- #ifndef QDEVICE
- #define	QDEVICE	"/dev/urandom"
-Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c
-===================================================================
--- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c	2007-06-04 13:22:49.842278104 +0200
-+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c	2007-06-04 13:22:51.649003440 +0200
-@@ -31,7 +31,7 @@
- #include <gmp.h>
- 
- #ifndef DEVICE
-#define	DEVICE	"/dev/random"
-+#define	DEVICE	"/dev/urandom"
- #endif
- #ifndef MAXBITS
- #define	MAXBITS	20000
-Index: openswan-2.4.8/programs/starter/files.h
-===================================================================
--- openswan-2.4.8.orig/programs/starter/files.h	2007-06-04 13:22:49.850276888 +0200
-+++ openswan-2.4.8/programs/starter/files.h	2007-06-04 13:22:51.649003440 +0200
-@@ -36,7 +36,7 @@
- 
- #define MY_PID_FILE     "/var/run/pluto/ipsec-starter.pid"
- 
-#define DEV_RANDOM      "/dev/random"
-+#define DEV_RANDOM      "/dev/urandom"
- #define DEV_URANDOM     "/dev/urandom"
- 
- #define PROC_IPSECVERSION   "/proc/net/ipsec_version"