Add swanctl support which replaces the old starter, ipsec and stroke
backend. Swanctl is only tested with systemd.
https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
Signed-off-by: Lars Pedersen <lape...@gmail.com>
---
v3:
- Removed unnecessary configuration options
- Install/enable strongswan systemd service if systemd is used
- Use install_alternative for conf.d folder and swanctl.conf
- Enabling swanctl installs default folder structure like fedora
v2:
- Install_lib and plugins installed like before
- Set rpath to /usr/lib/plugins
- Add license_files field
rules/strongswan.in | 9 +++++--
rules/strongswan.make | 59 +++++++++++++++++++++++++++++++++----------
2 files changed, 52 insertions(+), 16 deletions(-)
diff --git a/rules/strongswan.in b/rules/strongswan.in
index d0e660c57..8b1adff65 100644
--- a/rules/strongswan.in
+++ b/rules/strongswan.in
@@ -49,9 +49,14 @@ config STRONGSWAN_AFALG
config STRONGSWAN_SYSTEMD_UNIT
bool
default y
- # uses old systemd-daemon / libsystemd-journal libs
- depends on BROKEN
depends on INITMETHOD_SYSTEMD
prompt "install systemd service file"
+config STRONGSWAN_SWANCTL
+ bool
+ prompt "Use swanctl for configuration"
+ help
+ Swanctl is a new, portable command line utility to configure,
+ control and monitor the IKE daemon charon using the vici interface.
+
endif
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 90db7bef7..1bf78b2b0 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
#
# Paths and names
#
-STRONGSWAN_VERSION := 5.6.1
-STRONGSWAN_MD5 := cb2241f1b96c524cd15b1c0f50ed9a27
+STRONGSWAN_VERSION := 5.8.2
+STRONGSWAN_MD5 := d94eac2caed51b0cc776e5887b10bace
STRONGSWAN := strongswan-$(STRONGSWAN_VERSION)
STRONGSWAN_SUFFIX := tar.bz2
STRONGSWAN_URL :=
https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
STRONGSWAN_SOURCE := $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
STRONGSWAN_DIR := $(BUILDDIR)/$(STRONGSWAN)
STRONGSWAN_LICENSE := GPL
+STRONGSWAN_LICENSE_FILES := \
+ file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \
+ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
# ----------------------------------------------------------------------------
# Prepare
@@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT := \
--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
--disable-bliss \
--disable-blowfish \
+ --disable-botan \
--disable-ccm \
--disable-chapoly \
--enable-cmac \
--disable-ctr \
--disable-des \
+ --disable-drbg \
--enable-fips-prf \
--enable-gcm \
--disable-gcrypt \
@@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT := \
--enable-nonce \
--disable-ntru \
--$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \
+ --disable-wolfssl \
--disable-padlock \
--enable-random \
--disable-rc2 \
@@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT := \
--enable-socket-default \
--disable-socket-dynamic \
--disable-socket-win \
- --enable-stroke \
+ --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \
--disable-smp \
--disable-sql \
--disable-uci \
- --disable-vici \
+ --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \
--disable-android-dns \
--enable-attr \
--disable-attr-sql \
@@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT := \
--disable-imv-os \
--disable-imc-attestation \
--disable-imv-attestation \
- --disable-imc-swid \
- --disable-imv-swid \
--disable-imc-swima \
--disable-imv-swima \
--disable-imc-hcd \
@@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT := \
--disable-load-tester \
--disable-lookip \
--disable-radattr \
+ --disable-save-keys \
--disable-systime-fix \
--disable-test-vectors \
--enable-updown \
--disable-aikgen \
- --enable-charon \
+ --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \
--disable-cmd \
--disable-conftest \
- --disable-dumm \
--disable-fast \
--disable-fuzzing \
--disable-libipsec \
@@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT := \
--disable-medsrv \
--disable-nm \
--enable-pki \
- --enable-scepclient \
+ --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
--enable-scripts \
--disable-svc \
--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
- --disable-swanctl \
--disable-tkm \
--disable-bfd-backtraces \
--disable-dbghelp-backtraces \
@@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT := \
--disable-defaults \
--enable-dependency-tracking \
--enable-shared \
+ --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
--with-ipseclibdir=/usr/lib \
--with-systemdsystemunitdir=/usr/lib/systemd/system
+STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins
+
# ----------------------------------------------------------------------------
# Target-Install
# ----------------------------------------------------------------------------
@@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \
libstrongswan-sha1.so \
libstrongswan-sha2.so \
libstrongswan-socket-default.so \
- libstrongswan-stroke.so \
libstrongswan-updown.so \
libstrongswan-x509.so \
libstrongswan-xauth-generic.so \
libstrongswan-xcbc.so
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+ STRONGSWAN_PLUGINS += libstrongswan-vici.so
+else
+ STRONGSWAN_PLUGINS += libstrongswan-stroke.so
+endif
+
ifdef PTXCONF_STRONGSWAN_LIBCURL
STRONGSWAN_PLUGINS += libstrongswan-curl.so
endif
@@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall:
@$(call install_alternative, strongswan, 0, 0, 0644,
/etc/strongswan.conf)
- @$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
-
- @$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+ @$(call install_tree, strongswan, 0, 0, -, /usr/bin)
+ @$(call install_tree, strongswan, 0, 0, -, /usr/libexec)
+ @$(call install_tree, strongswan, 0, 0, -, /usr/sbin)
@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
@@ -296,6 +307,26 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
/usr/lib/systemd/system/multi-user.target.wants/strongswan.service)
endif
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+ @$(call install_lib, strongswan, 0, 0, 0644, libvici)
+ @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
+ @$(call install_alternative, strongswan, 0, 0, 0644,
/etc/swanctl/swanctl.conf)
+ @$(call install_alternative, strongswan, 0, 0, 750, /etc/swanctl/conf.d)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey)
+ @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl)
+ @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp)
+endif
+
@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
--
2.24.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
