diff --git a/net/openswan/Makefile b/net/openswan/Makefile index 6b6821dcf..3901c3605 100644 --- a/net/openswan/Makefile +++ b/net/openswan/Makefile @@ -10,19 +10,19 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=openswan -PKG_VERSION:=2.4.10 +PKG_VERSION:=2.6.18 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openswan.org/download -PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f +PKG_MD5SUM:=b485b38b1074155bc337f80557c24c0d include $(INCLUDE_DIR)/package.mk define Package/openswan/Default TITLE:=Openswan URL:=http://www.openswan.org/ - DEPENDS:=@BROKEN + DEPENDS:=@LINUX_2_6 endef define Package/openswan/Default/description diff --git a/net/openswan/files/ipsec.init b/net/openswan/files/ipsec.init index 33c416351..68ad35929 100755 --- a/net/openswan/files/ipsec.init +++ b/net/openswan/files/ipsec.init @@ -1,8 +1,7 @@ #!/bin/sh /etc/rc.common # IPsec startup and shutdown script # Copyright (C) 1998, 1999, 2001 Henry Spencer. -# Copyright (C) 2002 Michael Richardson -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2002 Michael Richardson # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the @@ -14,10 +13,9 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $ # -# ipsec init.d script for starting and stopping -# the IPsec security subsystem (KLIPS and Pluto). +# ipsec init.d script for starting and stopping +# the IPsec security subsystem (KLIPS and Pluto). # # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) # and is also accessible as "ipsec setup" (the preferred route for human @@ -33,6 +31,9 @@ # KLIPS is the kernel half of it, Pluto is the user-level management daemon. START=60 +EXTRA_COMMANDS=status +EXTRA_HELP=" status Show the status of the service" + script_init() { me='ipsec setup' # for messages @@ -44,12 +45,12 @@ script_init() { if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command then - # we must establish a suitable PATH ourselves - PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin - export PATH + # we must establish a suitable PATH ourselves + PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin + export PATH - IPSEC_DIR="$IPSEC_LIBDIR" - export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR + IPSEC_DIR="$IPSEC_LIBDIR" + export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR fi # Check that the ipsec command is available. @@ -69,22 +70,46 @@ script_init() { exit 1 fi + # accept a few flags + + export IPSEC_setupflags + IPSEC_setupflags="" + + config="" + + for dummy + do + case "$1" in + --showonly|--show) IPSEC_setupflags="$1" ;; + --config) config="--config $2" ; shift ;; + *) break ;; + esac + shift + done + + # Pick up IPsec configuration (until we have done this, successfully, we # do not know where errors should go, hence the explicit "daemon.error"s.) # Note the "--export", which exports the variables created. - eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` + variables=`ipsec addconn $config --varprefix IPSEC --configsetup` + if [ $? != 0 ] + then + echo "Failed to parse config setup portion of ipsec.conf" + exit $? + fi + eval $variables if test " $IPSEC_confreadstatus" != " " then - case $1 in - stop|--stop|_autostop) + case $1 in + stop|--stop|_autostop) echo "$IPSEC_confreadstatus -- \`$1' may not work" | logger -s -p daemon.error -t ipsec_setup;; - - *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup; + + *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | + logger -s -p daemon.error -t ipsec_setup; exit 1;; - esac + esac fi IPSEC_confreadsection=${IPSEC_confreadsection:-setup} @@ -100,40 +125,69 @@ script_init() { } script_command() { - if [ "${USER}" != "root" ] - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi - # make sure all required directories exist - if [ ! -d /var/run/pluto ] - then - mkdir -p /var/run/pluto - fi - if [ ! -d /var/lock/subsys ] - then - mkdir -p /var/lock/subsys - fi - tmp=/var/run/pluto/ipsec_setup.st - outtmp=/var/run/pluto/ipsec_setup.out - ( + # do it + case "$1" in + start|--start|stop|--stop|_autostop|_autostart) + # remove for: @cygwin_START@ + # portable way for checking for root + if [ ! -w / ] + then + + echo "permission denied (must be superuser)" | + logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + exit 1 + fi + # remove for: @cygwin_END@ + tmp=/var/run/pluto/ipsec_setup.st + outtmp=/var/run/pluto/ipsec_setup.out + ( + ipsec _realsetup $1 + echo "$?" >$tmp + ) > ${outtmp} 2>&1 + st=$? + if test -f $tmp + then + st=`cat $tmp` + rm -f $tmp + fi + if [ -f ${outtmp} ]; then + cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + rm -f ${outtmp} + fi + ;; + + restart|--restart|force-reload) + $0 $IPSEC_setupflags stop + $0 $IPSEC_setupflags start + ;; + + _autorestart) # for internal use only + $0 $IPSEC_setupflags _autostop + $0 $IPSEC_setupflags _autostart + ;; + + status|--status) ipsec _realsetup $1 - echo "$?" >$tmp - ) > ${outtmp} 2>&1 - st=$? - if test -f $tmp - then - st=`cat $tmp` - rm -f $tmp - fi - if [ -f ${outtmp} ]; then - cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - rm -f ${outtmp} - fi + exit + ;; + + --version) + echo "$me $IPSEC_VERSION" + exit 0 + ;; + + --help) + echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" + echo " $me --status" + exit 0 + ;; + + *) + echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" + echo " $me --status" + exit 2 + esac } - - start() { script_init start "$@" script_command start "$@" @@ -154,5 +208,4 @@ status() { script_init status "$@" ipsec _realsetup status } -EXTRA_COMMANDS=status -EXTRA_HELP=" status Show the status of the service" + diff --git a/net/openswan/patches/120-use_dev_urandom.patch b/net/openswan/patches/120-use_dev_urandom.patch deleted file mode 100644 index 6bbcbf164..000000000 --- a/net/openswan/patches/120-use_dev_urandom.patch +++ /dev/null @@ -1,39 +0,0 @@ -Index: openswan-2.4.8/programs/ranbits/ranbits.c -=================================================================== ---- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200 -+++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200 -@@ -29,7 +29,7 @@ - #include - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef QDEVICE - #define QDEVICE "/dev/urandom" -Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c -=================================================================== ---- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200 -+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200 -@@ -31,7 +31,7 @@ - #include - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef MAXBITS - #define MAXBITS 20000 -Index: openswan-2.4.8/programs/starter/files.h -=================================================================== ---- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200 -+++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200 -@@ -36,7 +36,7 @@ - - #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid" - --#define DEV_RANDOM "/dev/random" -+#define DEV_RANDOM "/dev/urandom" - #define DEV_URANDOM "/dev/urandom" - - #define PROC_IPSECVERSION "/proc/net/ipsec_version"