From 2cc570cd27219fa793f5c3158da0c4c048db8038 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Tue, 20 Aug 2013 19:01:19 +0200 Subject: update to latest upstream version, separate easy-rsa package, add polarssl support --- package/openvpn/Makefile | 50 +++++++++--------- package/openvpn/files/serial | 1 - .../openvpn/patches/patch-easy-rsa_2_0_build-dh | 10 ---- .../openvpn/patches/patch-easy-rsa_2_0_clean-all | 9 ---- .../openvpn/patches/patch-easy-rsa_2_0_list-crl | 9 ---- .../patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf | 11 ---- package/openvpn/patches/patch-easy-rsa_2_0_pkitool | 8 --- .../openvpn/patches/patch-easy-rsa_2_0_revoke-full | 10 ---- package/openvpn/patches/patch-easy-rsa_2_0_vars | 32 ------------ package/openvpn/patches/patch-t_client_sh | 61 ---------------------- 10 files changed, 24 insertions(+), 177 deletions(-) delete mode 100644 package/openvpn/files/serial delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_build-dh delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_clean-all delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_list-crl delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_pkitool delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_revoke-full delete mode 100644 package/openvpn/patches/patch-easy-rsa_2_0_vars delete mode 100644 package/openvpn/patches/patch-t_client_sh (limited to 'package/openvpn') diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile index 39fd53b23..2deb20898 100644 --- a/package/openvpn/Makefile +++ b/package/openvpn/Makefile @@ -4,17 +4,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:= openvpn -PKG_VERSION:= 2.2.2 +PKG_VERSION:= 2.3.2 PKG_RELEASE:= 1 -PKG_MD5SUM:= c5181e27b7945fa6276d21873329c5c7 +PKG_MD5SUM:= 06e5f93dbf13f2c19647ca15ffc23ac1 PKG_DESCR:= Open Source VPN solution using SSL PKG_SECTION:= net/security -PKG_DEPENDS:= kmod-tun libopenssl ip -PKG_BUILDDEP:= openssl +PKG_DEPENDS:= kmod-tun ip PKG_URL:= http://openvpn.net/ PKG_SITES:= http://swupdate.openvpn.org/community/releases/ -PKG_SUBPKGS:= OPENVPN OPENVPN_EASY_RSA +PKG_SUBPKGS:= OPENVPN PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS SERVER CLIENT PKGSS_OPENVPN_EASY_RSA:=openssl-util PKGFD_SERVER:= deliver server example configuration @@ -26,10 +25,17 @@ PKGFD_WITH_MANAGEMENT:= enable management server support PKGFD_WITH_HTTPPROXY:= enable http proxy support PKGFD_WITH_SOCKS:= enable socks proxy support +PKG_CHOICES_OPENVPN:= WITH_OPENSSL WITH_POLARSSL +PKGCD_WITH_OPENSSL:= use OpenSSL for crypto +PKGCS_WITH_OPENSSL:= libopenssl +PKGCB_WITH_OPENSSL:= openssl +PKGCD_WITH_POLARSSL:= use PolarSSL for crypto +PKGCS_WITH_POLARSSL:= libpolarssl +PKGCB_WITH_POLARSSL:= polarssl + include $(TOPDIR)/mk/package.mk $(eval $(call PKG_template,OPENVPN,${PKG_NAME},$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) ifneq ($(ADK_PACKAGE_OPENVPN_WITH_LZO),) CONFIGURE_ARGS+= --enable-lzo @@ -44,9 +50,9 @@ CONFIGURE_ARGS+= --disable-management endif ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),) -CONFIGURE_ARGS+= --enable-http +CONFIGURE_ARGS+= --enable-http-proxy else -CONFIGURE_ARGS+= --disable-http +CONFIGURE_ARGS+= --disable-http-proxy endif ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),) @@ -55,13 +61,17 @@ else CONFIGURE_ARGS+= --disable-socks endif -CONFIGURE_ARGS+= --disable-pthread \ - --disable-plugins \ +ifeq (${ADK_PACKAGE_OPENVPN_WITH_OPENSSL},y) +CONFIGURE_ARGS+= --with-crypto-library=openssl +endif +ifeq (${ADK_PACKAGE_OPENVPN_WITH_POLARSSL},y) +CONFIGURE_ARGS+= --with-crypto-library=polarssl +endif + +CONFIGURE_ARGS+= --disable-plugins \ --enable-small \ - --enable-iproute2 \ - --with-iproute-path=/usr/sbin/ip \ - --without-ifconfig-path \ - --without-route-path + --disable-debug \ + --enable-iproute2 post-install: ${INSTALL_DIR} $(IDIR_OPENVPN)/usr/sbin $(IDIR_OPENVPN)/etc/openvpn @@ -75,16 +85,4 @@ ifeq ($(ADK_PACKAGE_OPENVPN_CLIENT),y) echo "/etc/openvpn/client.conf" > ./files/openvpn.conffiles endif -openvpn-easy-rsa-install: - ${INSTALL_DIR} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys - touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt - $(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys - $(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \ - $(IDIR_OPENVPN_EASY_RSA)/usr/sbin - ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf - ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars - include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openvpn/files/serial b/package/openvpn/files/serial deleted file mode 100644 index 8a0f05e16..000000000 --- a/package/openvpn/files/serial +++ /dev/null @@ -1 +0,0 @@ -01 diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh b/package/openvpn/patches/patch-easy-rsa_2_0_build-dh deleted file mode 100644 index 771800a17..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh +++ /dev/null @@ -1,10 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/build-dh 2011-04-27 11:52:59.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/build-dh 2011-12-02 18:10:44.000000000 +0100 -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Build Diffie-Hellman parameters for the server side - # of an SSL/TLS connection. - diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all b/package/openvpn/patches/patch-easy-rsa_2_0_clean-all deleted file mode 100644 index 03df1d1c9..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all +++ /dev/null @@ -1,9 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/clean-all 2011-04-27 11:52:59.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/clean-all 2011-12-01 19:43:07.000000000 +0100 -@@ -1,5 +1,6 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars - # Initialize the $KEY_DIR directory. - # Note that this script does a - # rm -rf on $KEY_DIR so be careful! diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl b/package/openvpn/patches/patch-easy-rsa_2_0_list-crl deleted file mode 100644 index 66f5d764d..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl +++ /dev/null @@ -1,9 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/list-crl 2011-04-27 11:52:59.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/list-crl 2011-12-01 19:43:24.000000000 +0100 -@@ -1,5 +1,6 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars - # list revoked certificates - - CRL="${1:-crl.pem}" diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf b/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf deleted file mode 100644 index 9dd542d8a..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf +++ /dev/null @@ -1,11 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/openssl-1.0.0.cnf 2011-07-01 10:31:26.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf 2011-12-03 11:36:46.000000000 +0100 -@@ -3,7 +3,7 @@ - # This definition stops the following lines choking if HOME isn't - # defined. - HOME = . --RANDFILE = $ENV::HOME/.rnd -+RANDFILE = /etc/easy-rsa/.rnd - openssl_conf = openssl_init - - [ openssl_init ] diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool b/package/openvpn/patches/patch-easy-rsa_2_0_pkitool deleted file mode 100644 index 87b0c33db..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool +++ /dev/null @@ -1,8 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/pkitool 2011-04-27 11:52:59.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/pkitool 2011-12-01 19:43:15.000000000 +0100 -@@ -1,4 +1,5 @@ - #!/bin/sh -+. /etc/easy-rsa/vars - - # OpenVPN -- An application to securely tunnel IP networks - # over a single TCP/UDP port, with support for SSL/TLS-based diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full b/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full deleted file mode 100644 index ac66c4bb9..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full +++ /dev/null @@ -1,10 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/revoke-full 2011-04-27 11:52:59.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/revoke-full 2011-12-01 19:43:00.000000000 +0100 -@@ -2,6 +2,7 @@ - - # revoke a certificate, regenerate CRL, - # and verify revocation -+. /etc/easy-rsa/vars - - CRL="crl.pem" - RT="revoke-test.pem" diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_vars b/package/openvpn/patches/patch-easy-rsa_2_0_vars deleted file mode 100644 index 972f76541..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_vars +++ /dev/null @@ -1,32 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/vars 2011-07-01 10:31:26.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/vars 2011-12-02 19:44:31.000000000 +0100 -@@ -12,7 +12,7 @@ - # This variable should point to - # the top level of the easy-rsa - # tree. --export EASY_RSA="`pwd`" -+export EASY_RSA="/etc/easy-rsa" - - # - # This variable should point to -@@ -26,7 +26,7 @@ export GREP="grep" - # This variable should point to - # the openssl.cnf file included - # with easy-rsa. --export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` -+export KEY_CONFIG=/etc/easy-rsa/openssl.cnf - - # Edit this variable to point to - # your soon-to-be-created key -@@ -66,9 +66,7 @@ export KEY_PROVINCE="CA" - export KEY_CITY="SanFrancisco" - export KEY_ORG="Fort-Funston" - export KEY_EMAIL="me@myhost.mydomain" --export KEY_EMAIL=mail@host.domain --export KEY_CN=changeme --export KEY_NAME=changeme --export KEY_OU=changeme -+export KEY_NAME=VPN -+export KEY_OU="IT Security" - export PKCS11_MODULE_PATH=changeme - export PKCS11_PIN=1234 diff --git a/package/openvpn/patches/patch-t_client_sh b/package/openvpn/patches/patch-t_client_sh deleted file mode 100644 index 43e346ee1..000000000 --- a/package/openvpn/patches/patch-t_client_sh +++ /dev/null @@ -1,61 +0,0 @@ ---- openvpn-2.2.1.orig/t_client.sh 2011-07-01 11:27:01.000000000 +0200 -+++ openvpn-2.2.1/t_client.sh 2011-12-02 19:33:52.000000000 +0100 -@@ -1,4 +1,4 @@ --#!/bin/sh -+#!/bin/bash - # - # run OpenVPN client against ``test reference'' server - # - check that ping, http, ... via tunnel works -@@ -80,12 +80,12 @@ fail() - get_ifconfig_route() - { - # linux / iproute2? (-> if configure got a path) -- if [ "/sbin/ip" != "ip" ] -+ if [ "/usr/sbin/ip" != "ip" ] - then - echo "-- linux iproute2 --" -- /sbin/ip addr show | grep -v valid_lft -- /sbin/ip route show -- /sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //' -+ /usr/sbin/ip addr show | grep -v valid_lft -+ /usr/sbin/ip route show -+ /usr/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //' - return - fi - -@@ -93,27 +93,27 @@ get_ifconfig_route() - case `uname -s` in - Linux) - echo "-- linux / ifconfig --" -- LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)" -- LANG=C /bin/netstat -rn -4 -6 -+ LANG=C no -a |egrep "( addr:|encap:)" -+ LANG=C /usr/sbin/netstat -rn -4 -6 - return - ;; - FreeBSD|NetBSD|Darwin) - echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' -+ no -a | egrep "(flags=|inet)" -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' - return - ;; - OpenBSD) - echo "-- OpenBSD --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" | \ -+ no -a | egrep "(flags=|inet)" | \ - sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//' -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' - return - ;; - SunOS) - echo "-- Solaris --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' -+ no -a | egrep "(flags=|inet)" -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' - return - ;; - esac -- cgit v1.2.3