Minor comment. It's my understanding that gmake will fork/exec commands
directly if it doesn't detect any meta-characters, thereby saving a fork/exec
pair of $(SHELL) to interpret them. In this case:
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient}
> $(1)/usr/lib/ipsec/
it would be a lot more efficient to just write out both pathnames as absolute
(easier to grep through logs, too).
-Philip
On 5/25/11 1:11 PM, Lars Hjersted wrote:
> Update version of strongswan4 package from 4.5.1 to 4.5.2.
>
> Add new strongswan4 plugins: coupling, duplicheck, whitelist.
>
> Add strongswan4-libfast package and make build dependencies on
> clearsilver and fcgi conditional. Previously libfast was being built,
> but not packaged. Now libfast will only be built when the it's package
> is selected.
>
> Remove ipsec.conf and strongswan.conf and use configuration files from
> upstream instead. The previously provided strongswan.conf was not
> functional.
>
> Omit strongswan4-mod-kernel-klips from strongswan4-full meta package in
> favor of strongswan4-mod-kernel-netlink. Only one of these two kernel
> interfaces should be installed.
>
> Omit strongswan4-mod-socket-default from strongswan4-full meta package
> in favor of strongswan4-mod-socket-raw. Only the raw socket allows
> charon to run while pluto is also running.
>
> Make all build dependencies on libraries required by strongswan4 plugins
> conditional.
>
> Signed-off-by: Lars Hjersted <l...@hjersted.com>
> ---
> net/strongswan4/Makefile | 105
> ++++++++++++++++++---------------
> net/strongswan4/files/ipsec.conf | 19 ------
> net/strongswan4/files/strongswan.conf | 18 ------
> 3 files changed, 57 insertions(+), 85 deletions(-)
> delete mode 100644 net/strongswan4/files/ipsec.conf
> delete mode 100644 net/strongswan4/files/strongswan.conf
>
> diff --git a/net/strongswan4/Makefile b/net/strongswan4/Makefile
> index 01d1a51..999c237 100644
> --- a/net/strongswan4/Makefile
> +++ b/net/strongswan4/Makefile
> @@ -8,12 +8,12 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=strongswan
> -PKG_VERSION:=4.5.1
> +PKG_VERSION:=4.5.2
> PKG_RELEASE:=1
>
> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
> PKG_SOURCE_URL:=http://download.strongswan.org/
> -PKG_MD5SUM:=81a4a699c4a1a49b74061dfa47b5a033
> +PKG_MD5SUM:=ac33b8f849a274127f84df0838cae953
>
> PKG_MOD_AVAILABLE:= \
> aes \
> @@ -22,10 +22,12 @@ PKG_MOD_AVAILABLE:= \
> attr-sql \
> blowfish \
> constraints \
> + coupling \
> curl \
> des \
> dhcp \
> dnskey \
> + duplicheck \
> eap-md5 \
> eap-mschapv2 \
> eap-radius \
> @@ -62,13 +64,14 @@ PKG_MOD_AVAILABLE:= \
> stroke \
> uci \
> updown \
> + whitelist \
> x509 \
> xauth \
> xcbc \
>
> PKG_BUILD_DEPENDS:= \
> - clearsilver \
> - fcgi \
> + PACKAGE_strongswan4-libfast:clearsilver \
> + PACKAGE_strongswan4-libfast:fcgi \
>
> PKG_CONFIG_DEPENDS:= \
> CONFIG_STRONGSWAN4_ENABLE_CISCO_QUIRKS \
> @@ -128,16 +131,19 @@ $(call Package/strongswan4/Default)
> DEPENDS:= strongswan4 \
> +strongswan4-app-charon \
> +strongswan4-app-pluto \
> + +strongswan4-libfast \
> +strongswan4-mod-aes \
> +strongswan4-mod-agent \
> +strongswan4-mod-attr \
> +strongswan4-mod-attr-sql \
> +strongswan4-mod-blowfish \
> +strongswan4-mod-constraints \
> + +strongswan4-mod-coupling \
> +strongswan4-mod-curl \
> +strongswan4-mod-des \
> +strongswan4-mod-dhcp \
> +strongswan4-mod-dnskey \
> + +strongswan4-mod-duplicheck \
> +strongswan4-mod-eap-md5 \
> +strongswan4-mod-eap-mschapv2 \
> +strongswan4-mod-eap-radius \
> @@ -146,7 +152,6 @@ $(call Package/strongswan4/Default)
> +strongswan4-mod-gcrypt \
> +strongswan4-mod-gmp \
> +strongswan4-mod-hmac \
> - +strongswan4-mod-kernel-klips \
> +strongswan4-mod-kernel-netlink \
> +strongswan4-mod-kernel-pfkey \
> +strongswan4-mod-ldap \
> @@ -167,13 +172,13 @@ $(call Package/strongswan4/Default)
> +strongswan4-mod-sha1 \
> +strongswan4-mod-sha2 \
> +strongswan4-mod-smp \
> - +strongswan4-mod-socket-default \
> +strongswan4-mod-socket-raw \
> +strongswan4-mod-sql \
> +strongswan4-mod-sqlite \
> +strongswan4-mod-stroke \
> +strongswan4-mod-uci \
> +strongswan4-mod-updown \
> + +strongswan4-mod-whitelist \
> +strongswan4-mod-x509 \
> +strongswan4-mod-xauth \
> +strongswan4-mod-xcbc \
> @@ -183,7 +188,9 @@ endef
> define Package/strongswan4-full/description
> $(call Package/strongswan4/description/Default)
> .
> - This meta-package contains only dependencies for a complete setup.
> + This meta-package contains dependencies for all of the strongswan4
> + plugins except kernel-klips and socket-default which are ommitted in
> + favor of the kernel-netlink and socket-raw plugins.
> endef
>
>
> @@ -281,6 +288,20 @@ $(call Package/strongswan4/description/Default)
> endef
>
>
> +define Package/strongswan4-libfast
> +$(call Package/strongswan4/Default)
> + TITLE+= libfast
> + DEPENDS:= strongswan4
> +endef
> +
> +define Package/strongswan4-libfast/description
> +$(call Package/strongswan4/description/Default)
> + .
> + This package contains libfast, a lightweight framework to build native
> + web applications using ClearSilver and FastCGI.
> +endef
> +
> +
> define Package/strongswan4-utils
> $(call Package/strongswan4/Default)
> TITLE+= utilities
> @@ -323,6 +344,7 @@ CONFIGURE_ARGS+= \
> $(if
> $(CONFIG_STRONGSWAN4_ENABLE_XAUTH_VID),--enable-xauth-vid,--disable-xauth-vid)
> \
> --disable-scripts \
> --disable-static \
> + $(if
> $(CONFIG_PACKAGE_strongswan4-libfast),--enable-fast,--disable-fast) \
> $(if
> $(CONFIG_PACKAGE_strongswan4-utils),--enable-tools,--disable-tools) \
> --with-random-device="$(call
> qstrip,$(CONFIG_STRONGSWAN4_DEVICE_RANDOM))" \
> --with-urandom-device="$(call
> qstrip,$(CONFIG_STRONGSWAN4_DEVICE_URANDOM))" \
> @@ -332,7 +354,9 @@ CONFIGURE_ARGS+= \
> $(if
> $(CONFIG_PACKAGE_strongswan4-mod-$(m)),--enable-$(m),--disable-$(m)) \
> ) \
>
> -EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
> +ifneq ($(CONFIG_PACKAGE_strongswan4-libfast),)
> + EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
> +endif
>
> EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
>
> @@ -346,23 +370,14 @@ endef
> define Package/strongswan4/install
> $(INSTALL_DIR) $(1)/etc
> $(CP) -R $(PKG_INSTALL_DIR)/etc/ipsec.d $(1)/etc/
> + $(CP) $(PKG_INSTALL_DIR)/etc/{ipsec.conf,strongswan.conf} $(1)/etc/
> $(INSTALL_DIR) $(1)/usr/lib
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/libstrongswan.so.* \
> - $(PKG_INSTALL_DIR)/usr/lib/libhydra.so.* \
> - $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/{libstrongswan.so.*,libhydra.so.*}
> $(1)/usr/lib/
> $(INSTALL_DIR) $(1)/usr/sbin
> - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
> + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_copyright \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/starter \
> - $(1)/usr/lib/ipsec/
> - $(INSTALL_CONF) \
> - ./files/ipsec.conf \
> - ./files/ipsec.secrets \
> - ./files/strongswan.conf \
> - $(1)/etc/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_copyright,starter}
> $(1)/usr/lib/ipsec/
> + $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
> endef
>
>
> @@ -385,46 +400,36 @@ define Package/strongswan4-app-charon/install
> $(INSTALL_DIR) $(1)/usr/lib
> $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcharon.so.* $(1)/usr/lib/
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/stroke \
> - $(1)/usr/lib/ipsec/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{charon,stroke}
> $(1)/usr/lib/ipsec/
> endef
>
>
> define Package/strongswan4-app-pluto/install
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pluto \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_pluto_adns \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/whack \
> - $(1)/usr/lib/ipsec/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{pluto,_pluto_adns,whack}
> $(1)/usr/lib/ipsec/
> +endef
> +
> +
> +define Package/strongswan4-libfast/install
> + $(INSTALL_DIR) $(1)/usr/lib
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfast.so.* $(1)/usr/lib/
> endef
>
>
> define Package/strongswan4-utils/install
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/openac \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pki \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient \
> - $(1)/usr/lib/ipsec/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient}
> $(1)/usr/lib/ipsec/
> endef
>
>
> define Plugin/attr-sql/install
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool \
> - $(1)/usr/lib/ipsec/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/
> endef
>
> define Plugin/updown/install
> $(INSTALL_DIR) $(1)/usr/lib/ipsec
> - $(CP) \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown \
> - $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown_espmark \
> - $(1)/usr/lib/ipsec/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark}
> $(1)/usr/lib/ipsec/
> endef
>
>
> @@ -434,6 +439,7 @@ $(eval $(call BuildPackage,strongswan4-full))
> $(eval $(call BuildPackage,strongswan4-minimal))
> $(eval $(call BuildPackage,strongswan4-app-charon))
> $(eval $(call BuildPackage,strongswan4-app-pluto))
> +$(eval $(call BuildPackage,strongswan4-libfast))
> $(eval $(call BuildPackage,strongswan4-utils))
>
> $(eval $(call BuildPlugin,aes,AES crypto,))
> @@ -442,22 +448,24 @@ $(eval $(call BuildPlugin,attr,File-based config attr,))
> $(eval $(call BuildPlugin,attr-sql,SQL-based config
> attrib,+strongswan4-mod-sql))
> $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
> $(eval $(call BuildPlugin,constraints,X.509 constraint checking,))
> -$(eval $(call BuildPlugin,curl,cURL,+libcurl))
> +$(eval $(call BuildPlugin,coupling,Peer certificate coupling,))
> +$(eval $(call BuildPlugin,curl,cURL,+PACKAGE_strongswan4-mod-curl:libcurl))
> $(eval $(call BuildPlugin,des,DES crypto,))
> $(eval $(call BuildPlugin,dhcp,DHCP-based IP and DNS,))
> $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
> +$(eval $(call BuildPlugin,duplicheck,Duplicate checking,))
> $(eval $(call BuildPlugin,eap-md5,MD5 EAP (CHAP) auth,))
> $(eval $(call BuildPlugin,eap-mschapv2,MS-CHAPv2 EAP auth,))
> $(eval $(call BuildPlugin,eap-radius,RADIUS proxy auth,))
> $(eval $(call BuildPlugin,farp,Fake arp respsonses,))
> $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,))
> -$(eval $(call BuildPlugin,gcrypt,libgcrypt,+libgcrypt))
> -$(eval $(call BuildPlugin,gmp,libgmp,+libgmp))
> +$(eval $(call
> BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan4-mod-gcrypt:libgcrypt))
> +$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan4-mod-gmp:libgmp))
> $(eval $(call BuildPlugin,hmac,HMAC crypto,))
> $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
> $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
> $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
> -$(eval $(call BuildPlugin,ldap,LDAP,+libopenldap))
> +$(eval $(call
> BuildPlugin,ldap,LDAP,+PACKAGE_strongswan4-mod-ldap:libopenldap))
> $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
> $(eval $(call BuildPlugin,load-tester,load testing,))
> $(eval $(call BuildPlugin,md5,MD5 crypto,))
> @@ -480,8 +488,9 @@ $(eval $(call BuildPlugin,socket-raw,RAW socket for IKEv1
> and IKEv2,))
> $(eval $(call BuildPlugin,sql,SQL database interface,))
> $(eval $(call BuildPlugin,sqlite,SQLite database
> interface,+strongswan4-mod-sql +PACKAGE_strongswan4-mod-sqlite:libsqlite3))
> $(eval $(call BuildPlugin,stroke,Stroke,))
> -$(eval $(call BuildPlugin,uci,UCI config interface,+libuci))
> +$(eval $(call BuildPlugin,uci,UCI config
> interface,+PACKAGE_strongswan4-mod-uci:libuci))
> $(eval $(call BuildPlugin,updown,updown firewall,))
> +$(eval $(call BuildPlugin,whitelist,Peer identity whitelisting,))
> $(eval $(call BuildPlugin,x509,x509 certificate,))
> $(eval $(call BuildPlugin,xauth,XAUTH authentication,))
> $(eval $(call BuildPlugin,xcbc,xcbc crypto,))
> diff --git a/net/strongswan4/files/ipsec.conf
> b/net/strongswan4/files/ipsec.conf
> deleted file mode 100644
> index 8c16d9d..0000000
> --- a/net/strongswan4/files/ipsec.conf
> +++ /dev/null
> @@ -1,19 +0,0 @@
> -# /etc/ipsec.conf - strongSwan IPsec configuration file
> -
> -config setup
> - plutostart=no
> -
> -conn %default
> - ikelifetime=60m
> - keylife=20m
> - rekeymargin=3m
> - keyingtries=1
> - keyexchange=ikev2
> - authby=secret
> -
> -conn example
> - left=%defaultroute
> - leftsubnet=192.168.1.0/24
> - leftfirewall=yes
> - right=%any
> - auto=add
> diff --git a/net/strongswan4/files/strongswan.conf
> b/net/strongswan4/files/strongswan.conf
> deleted file mode 100644
> index c9493ff..0000000
> --- a/net/strongswan4/files/strongswan.conf
> +++ /dev/null
> @@ -1,18 +0,0 @@
> -# strongswan.conf - strongSwan configuration file
> -
> -charon {
> -
> - # number of worker threads in charon
> - threads = 4
> -
> - # plugins to load in charon
> - load = aes gmp hmac pubkey random sha1 x509 xcbc stroke
> -
> -}
> -
> -libstrongswan {
> -
> - # set to no, the DH exponent size is optimized
> - # dh_exponent_ansi_x9_42 = no
> -
> -}
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
