update to latest upstream version, separate easy-rsa package, add polarssl support

12 files changed, 80 insertions, 119 deletions

diff --git a/package/easy-rsa/Makefile b/package/easy-rsa/Makefile
new file mode 100644
index 000000000..9b350cd92
--- /dev/null
+++ b/package/easy-rsa/Makefile
@@ -0,0 +1,36 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=		easy-rsa
+PKG_VERSION:=		2.0
+PKG_RELEASE:=		1
+PKG_MD5SUM:=		0937fb2f91d534d4fb961e047f714946
+PKG_DESCR:=		openssl ca scripts
+PKG_SECTION:=		crypto
+PKG_DEPENDS:=		openssl-util
+PKG_URL:=		https://github.com/OpenVPN/easy-rsa
+PKG_SITES:=		http://openadk.org/distfiles/
+
+include $(TOPDIR)/mk/package.mk
+
+$(eval $(call PKG_template,EASY_RSA,easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
+
+CONFIG_STYLE:=		manual
+BUILD_STYLE:=		manual
+INSTALL_STYLE:=		manual
+
+easy-rsa-install:
+	${INSTALL_DIR} $(IDIR_EASY_RSA)/usr/sbin \
+		$(IDIR_EASY_RSA)/etc/easy-rsa/keys
+	touch $(IDIR_EASY_RSA)/etc/easy-rsa/keys/index.txt
+	$(CP) ./files/serial $(IDIR_EASY_RSA)/etc/easy-rsa/keys
+	$(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \
+		$(IDIR_EASY_RSA)/usr/sbin
+	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \
+		$(IDIR_EASY_RSA)/etc/easy-rsa/openssl.cnf
+	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \
+		$(IDIR_EASY_RSA)/etc/easy-rsa/vars
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/openvpn/files/serial b/package/easy-rsa/files/serial
index 8a0f05e16..8a0f05e16 100644
--- a/package/openvpn/files/serial
+++ b/package/easy-rsa/files/serial
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh b/package/easy-rsa/patches/patch-easy-rsa_2_0_build-dh
index 771800a17..771800a17 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_build-dh
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all b/package/easy-rsa/patches/patch-easy-rsa_2_0_clean-all
index 03df1d1c9..03df1d1c9 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_clean-all
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl b/package/easy-rsa/patches/patch-easy-rsa_2_0_list-crl
index 66f5d764d..66f5d764d 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_list-crl
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf b/package/easy-rsa/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf
index 9dd542d8a..9dd542d8a 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool b/package/easy-rsa/patches/patch-easy-rsa_2_0_pkitool
index 87b0c33db..87b0c33db 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_pkitool
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full b/package/easy-rsa/patches/patch-easy-rsa_2_0_revoke-full
index ac66c4bb9..ac66c4bb9 100644
--- a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_revoke-full
diff --git a/package/easy-rsa/patches/patch-easy-rsa_2_0_vars b/package/easy-rsa/patches/patch-easy-rsa_2_0_vars
new file mode 100644
index 000000000..964c6bc6a
--- /dev/null
+++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_vars
@@ -0,0 +1,20 @@
+--- easy-rsa-2.0.orig/easy-rsa/2.0/vars	2013-08-18 10:11:06.000000000 +0200
++++ easy-rsa-2.0/easy-rsa/2.0/vars	2013-08-18 10:38:50.635782024 +0200
+@@ -12,7 +12,7 @@
+ # This variable should point to
+ # the top level of the easy-rsa
+ # tree.
+-export EASY_RSA="`pwd`"
++export EASY_RSA="/etc/easy-rsa"
+ 
+ #
+ # This variable should point to
+@@ -26,7 +26,7 @@ export GREP="grep"
+ # This variable should point to
+ # the openssl.cnf file included
+ # with easy-rsa.
+-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
++export KEY_CONFIG=/etc/easy-rsa/openssl.cnf
+ 
+ # Edit this variable to point to
+ # your soon-to-be-created key
diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile
index 39fd53b23..2deb20898 100644
--- a/package/openvpn/Makefile
+++ b/package/openvpn/Makefile
@@ -4,17 +4,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=		openvpn
-PKG_VERSION:=		2.2.2
+PKG_VERSION:=		2.3.2
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		c5181e27b7945fa6276d21873329c5c7
+PKG_MD5SUM:=		06e5f93dbf13f2c19647ca15ffc23ac1
 PKG_DESCR:=		Open Source VPN solution using SSL
 PKG_SECTION:=		net/security
-PKG_DEPENDS:=		kmod-tun libopenssl ip
-PKG_BUILDDEP:=		openssl
+PKG_DEPENDS:=		kmod-tun ip
 PKG_URL:=		http://openvpn.net/
 PKG_SITES:=		http://swupdate.openvpn.org/community/releases/
 
-PKG_SUBPKGS:=		OPENVPN OPENVPN_EASY_RSA
+PKG_SUBPKGS:=		OPENVPN
 PKG_FLAVOURS_OPENVPN:=	WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS SERVER CLIENT
 PKGSS_OPENVPN_EASY_RSA:=openssl-util
 PKGFD_SERVER:=		deliver server example configuration
@@ -26,10 +25,17 @@ PKGFD_WITH_MANAGEMENT:=	enable management server support
 PKGFD_WITH_HTTPPROXY:=	enable http proxy support
 PKGFD_WITH_SOCKS:=	enable socks proxy support
 
+PKG_CHOICES_OPENVPN:=		WITH_OPENSSL WITH_POLARSSL
+PKGCD_WITH_OPENSSL:=		use OpenSSL for crypto
+PKGCS_WITH_OPENSSL:=		libopenssl
+PKGCB_WITH_OPENSSL:=		openssl
+PKGCD_WITH_POLARSSL:=		use PolarSSL for crypto
+PKGCS_WITH_POLARSSL:=		libpolarssl
+PKGCB_WITH_POLARSSL:=		polarssl
+
 include $(TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,OPENVPN,${PKG_NAME},$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_LZO),)
 CONFIGURE_ARGS+=	--enable-lzo
@@ -44,9 +50,9 @@ CONFIGURE_ARGS+=	--disable-management
 endif
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),)
-CONFIGURE_ARGS+=	--enable-http
+CONFIGURE_ARGS+=	--enable-http-proxy
 else
-CONFIGURE_ARGS+=	--disable-http
+CONFIGURE_ARGS+=	--disable-http-proxy
 endif
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),)
@@ -55,13 +61,17 @@ else
 CONFIGURE_ARGS+=	--disable-socks
 endif
 
-CONFIGURE_ARGS+=	--disable-pthread \
-			--disable-plugins \
+ifeq (${ADK_PACKAGE_OPENVPN_WITH_OPENSSL},y)
+CONFIGURE_ARGS+=	--with-crypto-library=openssl
+endif
+ifeq (${ADK_PACKAGE_OPENVPN_WITH_POLARSSL},y)
+CONFIGURE_ARGS+=	--with-crypto-library=polarssl
+endif
+
+CONFIGURE_ARGS+=	--disable-plugins \
 			--enable-small \
-			--enable-iproute2 \
-			--with-iproute-path=/usr/sbin/ip \
-			--without-ifconfig-path \
-			--without-route-path
+			--disable-debug \
+			--enable-iproute2
 
 post-install:
 	${INSTALL_DIR} $(IDIR_OPENVPN)/usr/sbin $(IDIR_OPENVPN)/etc/openvpn
@@ -75,16 +85,4 @@ ifeq ($(ADK_PACKAGE_OPENVPN_CLIENT),y)
 	echo "/etc/openvpn/client.conf" > ./files/openvpn.conffiles
 endif
 
-openvpn-easy-rsa-install:
-	${INSTALL_DIR} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
-	touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt
-	$(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
-	$(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \
-		$(IDIR_OPENVPN_EASY_RSA)/usr/sbin
-	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
-	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
-
 include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_vars b/package/openvpn/patches/patch-easy-rsa_2_0_vars
deleted file mode 100644
index 972f76541..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_vars
+++ /dev/null
@@ -1,32 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/vars	2011-07-01 10:31:26.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/vars	2011-12-02 19:44:31.000000000 +0100
-@@ -12,7 +12,7 @@
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
--export EASY_RSA="`pwd`"
-+export EASY_RSA="/etc/easy-rsa"
- 
- #
- # This variable should point to
-@@ -26,7 +26,7 @@ export GREP="grep"
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
--export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-+export KEY_CONFIG=/etc/easy-rsa/openssl.cnf
- 
- # Edit this variable to point to
- # your soon-to-be-created key
-@@ -66,9 +66,7 @@ export KEY_PROVINCE="CA"
- export KEY_CITY="SanFrancisco"
- export KEY_ORG="Fort-Funston"
- export KEY_EMAIL="me@myhost.mydomain"
--export KEY_EMAIL=mail@host.domain
--export KEY_CN=changeme
--export KEY_NAME=changeme
--export KEY_OU=changeme
-+export KEY_NAME=VPN
-+export KEY_OU="IT Security"
- export PKCS11_MODULE_PATH=changeme
- export PKCS11_PIN=1234
diff --git a/package/openvpn/patches/patch-t_client_sh b/package/openvpn/patches/patch-t_client_sh
deleted file mode 100644
index 43e346ee1..000000000
--- a/package/openvpn/patches/patch-t_client_sh
+++ /dev/null
@@ -1,61 +0,0 @@
---- openvpn-2.2.1.orig/t_client.sh	2011-07-01 11:27:01.000000000 +0200
-+++ openvpn-2.2.1/t_client.sh	2011-12-02 19:33:52.000000000 +0100
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/bin/bash
- #
- # run OpenVPN client against ``test reference'' server
- # - check that ping, http, ... via tunnel works
-@@ -80,12 +80,12 @@ fail()
- get_ifconfig_route()
- {
-     # linux / iproute2? (-> if configure got a path)
--    if [ "/sbin/ip" != "ip" ]
-+    if [ "/usr/sbin/ip" != "ip" ]
-     then
- 	echo "-- linux iproute2 --"
--	/sbin/ip addr show     | grep -v valid_lft
--	/sbin/ip route show
--	/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
-+	/usr/sbin/ip addr show     | grep -v valid_lft
-+	/usr/sbin/ip route show
-+	/usr/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
- 	return
-     fi
- 
-@@ -93,27 +93,27 @@ get_ifconfig_route()
-     case `uname -s` in
- 	Linux)
- 	   echo "-- linux / ifconfig --"
--	   LANG=C /sbin/ifconfig -a |egrep  "( addr:|encap:)"
--	   LANG=C /bin/netstat -rn -4 -6
-+	   LANG=C no -a |egrep  "( addr:|encap:)"
-+	   LANG=C /usr/sbin/netstat -rn -4 -6
- 	   return
- 	   ;;
- 	FreeBSD|NetBSD|Darwin)
- 	   echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)"
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
-+	   no -a | egrep "(flags=|inet)"
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- 	   return
- 	   ;;
- 	OpenBSD)
- 	   echo "-- OpenBSD --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)" | \
-+	   no -a | egrep "(flags=|inet)" | \
- 		sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//'
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- 	   return
- 	   ;;
- 	SunOS)
- 	   echo "-- Solaris --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)"
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
-+	   no -a | egrep "(flags=|inet)"
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
- 	   return
- 	   ;;
-     esac