This patch updates the strongSwan package in Attitude Adjustment 12.09.1 to the Current Release 5.1.1
Ticket: https://dev.openwrt.org/ticket/14018 Signed-off-by: Edy Corak [email protected]
Index: patches/300-include-ipsec-user-script.patch =================================================================== --- patches/300-include-ipsec-user-script.patch (Revision 0) +++ patches/300-include-ipsec-user-script.patch (Revision 0) @@ -0,0 +1,17 @@ +--- a/src/_updown/_updown.in ++++ b/src/_updown/_updown.in +@@ -16,11 +16,9 @@ + # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + # for more details. + +-# CAUTION: Installing a new version of strongSwan will install a new +-# copy of this script, wiping out any custom changes you make. If +-# you need changes, make a copy of this under another name, and customize +-# that, and use the (left/right)updown parameters in ipsec.conf to make +-# strongSwan use yours instead of this default one. ++# Add your custom ip rules to the /etc/ipsec.user file if you need that functionality. ++ ++[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1" + + # things that this script gets (from ipsec_pluto(8) man page) + # Index: Makefile =================================================================== --- Makefile (Revision 38701) +++ Makefile (Arbeitskopie) @@ -1,5 +1,5 @@ # -# Copyright (C) 2012 OpenWrt.org +# Copyright (C) 2012-2013 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan -PKG_VERSION:=5.0.0 -PKG_RELEASE:=1 +PKG_VERSION:=5.1.1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://download.strongswan.org/ -PKG_MD5SUM:=c8b861305def7c0abae04f7bbefec212 +PKG_MD5SUM:=e3af3d493d22286be3cd794533a8966a PKG_MOD_AVAILABLE:= \ addrblock \ @@ -36,6 +36,7 @@ eap-identity \ eap-md5 \ eap-mschapv2 \ + eap-radius \ farp \ fips-prf \ gcm \ @@ -69,11 +70,11 @@ smp \ socket-default \ socket-dynamic \ - socket-raw \ sql \ sqlite \ stroke \ test-vectors \ + unity \ uci \ updown \ whitelist \ @@ -150,6 +151,7 @@ +strongswan-mod-eap-identity \ +strongswan-mod-eap-md5 \ +strongswan-mod-eap-mschapv2 \ + +strongswan-mod-eap-radius \ +strongswan-mod-farp \ +strongswan-mod-fips-prf \ +strongswan-mod-gcm \ @@ -185,6 +187,7 @@ +strongswan-mod-stroke \ +strongswan-mod-test-vectors \ +strongswan-mod-uci \ + +strongswan-mod-unity \ +strongswan-mod-updown \ +strongswan-mod-whitelist \ +strongswan-mod-x509 \ @@ -198,7 +201,7 @@ define Package/strongswan-full/description $(call Package/strongswan/description/Default) This meta-package contains dependencies for all of the strongswan plugins - except kernel-klips, kernel-pfkey, socket-dynamic and socket-raw which are + except kernel-klips, kernel-pfkey, socket-dynamic and which are ommitted in favor of the kernel-netlink and socket-default plugins. endef @@ -343,6 +346,7 @@ define Package/strongswan/conffiles /etc/ipsec.conf /etc/ipsec.secrets +/etc/ipsec.user /etc/strongswan.conf endef @@ -352,6 +356,8 @@ $(INSTALL_DIR) $(1)/usr/lib/ipsec $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ipsec/ $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec endef define Package/strongswan-default/install @@ -378,10 +384,12 @@ endef define Package/strongswan-utils/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/ $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,scepclient} $(1)/usr/lib/ipsec/ endef define Plugin/duplicheck/install @@ -390,6 +398,12 @@ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-duplicheck.so $(1)/usr/lib/ipsec/plugins/ endef +define Plugin/eap-radius/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libradius.so.* $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-eap-radius.so $(1)/usr/lib/ipsec/plugins/ +endef + define Plugin/attr-sql/install $(INSTALL_DIR) $(1)/usr/lib/ipsec $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/ @@ -416,6 +430,8 @@ $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/ + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ endef define Plugin/whitelist/install @@ -451,6 +467,7 @@ $(eval $(call BuildPlugin,eap-identity,EAP identity helper,)) $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,)) $(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,)) +$(eval $(call BuildPlugin,eap-radius,EAP RADIUS auth,)) $(eval $(call BuildPlugin,farp,fake arp respsonses,)) $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1)) $(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,)) @@ -484,12 +501,12 @@ $(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2)) $(eval $(call BuildPlugin,socket-default,default socket implementation for charon,)) $(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,)) -$(eval $(call BuildPlugin,socket-raw,raw socket implementation for charon,)) $(eval $(call BuildPlugin,sql,SQL database interface,)) $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3)) $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-utils)) $(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) +$(eval $(call BuildPlugin,unity,Cisco Unity extension,)) $(eval $(call BuildPlugin,updown,updown firewall,)) $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,)) $(eval $(call BuildPlugin,x509,x509 certificate,)) Index: files/ipsec.init =================================================================== --- files/ipsec.init (Revision 0) +++ files/ipsec.init (Revision 0) @@ -0,0 +1,20 @@ +#!/bin/sh /etc/rc.common + +START=90 +STOP=10 + +start() { + ipsec start +} + +stop() { + ipsec stop +} + +restart() { + ipsec restart +} + +reload() { + ipsec update +} Index: files/ipsec.user =================================================================== --- files/ipsec.user (Revision 0) +++ files/ipsec.user (Revision 0) @@ -0,0 +1,6 @@ +# This file is interpreted as shell script. +# Put your custom ip rules here, they will +# be executed with each call to the script +# /usr/lib/ipsec/_updown which by default +# strongswan executes. +
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
