strongswan: Version bump 5.6.1 -> 5.8.2

Add swanctl support which replaces the old starter, ipsec and stroke backend. Swanctl is only tested with systemd. https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd Signed-off-by: Lars Pedersen <lapeddk@gmail.com> Message-Id: <20200113125512.267496-1-lapeddk@gmail.com> [mol: don't install /etc/swanctl/conf.d] Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
author: Lars Pedersen <lapeddk@gmail.com> 2020-01-13 13:55:12 +0100
committer: Michael Olbrich <m.olbrich@pengutronix.de> 2020-02-14 09:07:45 +0100
commit: 84596eb9cd341e4ac1978c14849ec0188a8d916f (patch)
tree: c61607af9d9e065d3e3060d874a6bdae4ec8504f /rules/strongswan.make
parent: 8d02a8a6e3891da78c8c80dd810f2997dc1edac0 (diff)
download: ptxdist-84596eb9cd341e4ac1978c14849ec0188a8d916f.tar.gz
ptxdist-84596eb9cd341e4ac1978c14849ec0188a8d916f.tar.xz
1 files changed, 44 insertions, 14 deletions
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 90db7bef7..7e9f44e45 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -15,14 +15,17 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
 #
 # Paths and names
 #
-STRONGSWAN_VERSION	:= 5.6.1
-STRONGSWAN_MD5		:= cb2241f1b96c524cd15b1c0f50ed9a27
+STRONGSWAN_VERSION	:= 5.8.2
+STRONGSWAN_MD5		:= d94eac2caed51b0cc776e5887b10bace
 STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
 STRONGSWAN_SUFFIX	:= tar.bz2
 STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
 STRONGSWAN_SOURCE	:= $(SRCDIR)/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
 STRONGSWAN_DIR		:= $(BUILDDIR)/$(STRONGSWAN)
 STRONGSWAN_LICENSE	:= GPL
+STRONGSWAN_LICENSE_FILES	:= \
+	file://LICENSE;md5=7744b64eaadabebdfd17e8a5ae6c9855 \
+	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -36,11 +39,13 @@ STRONGSWAN_CONF_OPT	:= \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_AFALG)-af-alg \
 	--disable-bliss \
 	--disable-blowfish \
+	--disable-botan \
 	--disable-ccm \
 	--disable-chapoly \
 	--enable-cmac \
 	--disable-ctr \
 	--disable-des \
+	--disable-drbg \
 	--enable-fips-prf \
 	--enable-gcm \
 	--disable-gcrypt \
@@ -54,6 +59,7 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-nonce \
 	--disable-ntru \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \
+	--disable-wolfssl \
 	--disable-padlock \
 	--enable-random \
 	--disable-rc2 \
@@ -126,11 +132,11 @@ STRONGSWAN_CONF_OPT	:= \
 	--enable-socket-default \
 	--disable-socket-dynamic \
 	--disable-socket-win \
-	--enable-stroke \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-stroke \
 	--disable-smp \
 	--disable-sql \
 	--disable-uci \
-	--disable-vici \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-vici \
 	--disable-android-dns \
 	--enable-attr \
 	--disable-attr-sql \
@@ -147,8 +153,6 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-imv-os \
 	--disable-imc-attestation \
 	--disable-imv-attestation \
-	--disable-imc-swid \
-	--disable-imv-swid \
 	--disable-imc-swima \
 	--disable-imv-swima \
 	--disable-imc-hcd \
@@ -174,14 +178,14 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-load-tester \
 	--disable-lookip \
 	--disable-radattr \
+	--disable-save-keys \
 	--disable-systime-fix \
 	--disable-test-vectors \
 	--enable-updown \
 	--disable-aikgen \
-	--enable-charon \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-charon \
 	--disable-cmd \
 	--disable-conftest \
-	--disable-dumm \
 	--disable-fast \
 	--disable-fuzzing \
 	--disable-libipsec \
@@ -190,11 +194,10 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-medsrv \
 	--disable-nm \
 	--enable-pki \
-	--enable-scepclient \
+	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
 	--enable-scripts \
 	--disable-svc \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
-	--disable-swanctl \
 	--disable-tkm \
 	--disable-bfd-backtraces \
 	--disable-dbghelp-backtraces \
@@ -220,9 +223,12 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-defaults \
 	--enable-dependency-tracking \
 	--enable-shared \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
 	--with-ipseclibdir=/usr/lib \
 	--with-systemdsystemunitdir=/usr/lib/systemd/system
 
+STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
+
 # ----------------------------------------------------------------------------
 # Target-Install
 # ----------------------------------------------------------------------------
@@ -251,12 +257,17 @@ STRONGSWAN_PLUGINS := \
 	libstrongswan-sha1.so \
 	libstrongswan-sha2.so \
 	libstrongswan-socket-default.so \
-	libstrongswan-stroke.so \
 	libstrongswan-updown.so \
 	libstrongswan-x509.so \
 	libstrongswan-xauth-generic.so \
 	libstrongswan-xcbc.so
 
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+	STRONGSWAN_PLUGINS += libstrongswan-vici.so
+else
+	STRONGSWAN_PLUGINS += libstrongswan-stroke.so
+endif
+
 ifdef PTXCONF_STRONGSWAN_LIBCURL
 	STRONGSWAN_PLUGINS += libstrongswan-curl.so
 endif
@@ -278,9 +289,9 @@ $(STATEDIR)/strongswan.targetinstall:
 
 	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf)
 
-	@$(call install_copy, strongswan, 0, 0, 0755, -, /usr/sbin/ipsec)
-
-	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec/ipsec)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/bin)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/libexec)
+	@$(call install_tree, strongswan, 0, 0, -, /usr/sbin)
 
 	@$(call install_lib, strongswan, 0, 0, 0644, libcharon)
 	@$(call install_lib, strongswan, 0, 0, 0644, libstrongswan)
@@ -296,6 +307,25 @@ ifdef PTXCONF_STRONGSWAN_SYSTEMD_UNIT
 		/usr/lib/systemd/system/multi-user.target.wants/strongswan.service)
 endif
 
+ifdef PTXCONF_STRONGSWAN_SWANCTL
+	@$(call install_lib, strongswan, 0, 0, 0644, libvici)
+	@$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d)
+	@$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey)
+	@$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl)
+	@$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp)
+endif
+
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/acerts)
 	@$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/cacerts)
author	Lars Pedersen <lapeddk@gmail.com>	2020-01-13 13:55:12 +0100
committer	Michael Olbrich <m.olbrich@pengutronix.de>	2020-02-14 09:07:45 +0100
commit	84596eb9cd341e4ac1978c14849ec0188a8d916f (patch)
tree	c61607af9d9e065d3e3060d874a6bdae4ec8504f /rules/strongswan.make
parent	8d02a8a6e3891da78c8c80dd810f2997dc1edac0 (diff)
download	ptxdist-84596eb9cd341e4ac1978c14849ec0188a8d916f.tar.gz ptxdist-84596eb9cd341e4ac1978c14849ec0188a8d916f.tar.xz