From 3a1b33357be26332f5bdcb74011170f42a60239c Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Thu, 15 Jul 2010 18:31:13 +0200 Subject: fix kernel module choices for strongswan --- package/strongswan/Makefile | 12 ++++++------ package/strongswan/files/strongswan.conffiles | 3 +++ .../patches/patch-src_starter_interfaces_c | 20 ++++++++++++++++++++ .../strongswan/patches/patch-src_starter_netkey_c | 19 +++++++++++++++++++ 4 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 package/strongswan/files/strongswan.conffiles create mode 100644 package/strongswan/patches/patch-src_starter_interfaces_c create mode 100644 package/strongswan/patches/patch-src_starter_netkey_c (limited to 'package/strongswan') diff --git a/package/strongswan/Makefile b/package/strongswan/Makefile index c5c364c5a..b67311e3c 100644 --- a/package/strongswan/Makefile +++ b/package/strongswan/Makefile @@ -12,6 +12,9 @@ PKG_SECTION:= net/security PKG_DEPENDS:= libgmp ip libpthread kmod-net-key kmod-xfrm-user PKG_DEPENDS+= kmod-inet-ah kmod-inet-esp kmod-inet-ipcomp PKG_DEPENDS+= kmod-inet-xfrm-mode-tunnel kmod-inet-xfrm-mode-transport +PKG_DEPENDS+= kmod-crypto-sha1 kmod-crypto-aes kmod-crypto-md5 +PKG_DEPENDS+= kmod-crypto-des kmod-crypto-hmac +PKG_DEPENDS+= kmod-crypto-null kmod-crypto-cbc PKG_BUILDDEP+= gmp PKG_URL:= http://strongswan.org/index.htm PKG_SITES:= http://download.strongswan.org/ @@ -20,6 +23,9 @@ include $(TOPDIR)/mk/package.mk $(eval $(call PKG_template,STRONGSWAN,$(PKG_NAME),$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) +CONFIGURE_ARGS+= --disable-tools \ + --disable-sha2 + post-install: $(INSTALL_DIR) $(IDIR_STRONGSWAN)/etc $(INSTALL_DIR) $(IDIR_STRONGSWAN)/usr/sbin @@ -30,8 +36,6 @@ post-install: $(CP) $(WRKINST)/etc/* $(IDIR_STRONGSWAN)/etc $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/charon \ $(IDIR_STRONGSWAN)/usr/libexec/ipsec - $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/openac \ - $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/_pluto_adns \ $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/starter \ @@ -42,12 +46,8 @@ post-install: $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/_copyright \ $(IDIR_STRONGSWAN)/usr/libexec/ipsec - $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/pki \ - $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/pluto \ $(IDIR_STRONGSWAN)/usr/libexec/ipsec - $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/scepclient \ - $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/stroke \ $(IDIR_STRONGSWAN)/usr/libexec/ipsec $(INSTALL_BIN) $(WRKINST)/usr/libexec/ipsec/_updown_espmark \ diff --git a/package/strongswan/files/strongswan.conffiles b/package/strongswan/files/strongswan.conffiles new file mode 100644 index 000000000..852aa250d --- /dev/null +++ b/package/strongswan/files/strongswan.conffiles @@ -0,0 +1,3 @@ +/etc/ipsec.secrets +/etc/ipsec.conf +/etc/strongswan.conf diff --git a/package/strongswan/patches/patch-src_starter_interfaces_c b/package/strongswan/patches/patch-src_starter_interfaces_c new file mode 100644 index 000000000..80d774a2e --- /dev/null +++ b/package/strongswan/patches/patch-src_starter_interfaces_c @@ -0,0 +1,20 @@ +--- strongswan-4.4.0.orig/src/starter/interfaces.c 2010-03-15 21:52:51.000000000 +0100 ++++ strongswan-4.4.0/src/starter/interfaces.c 2010-07-14 17:36:33.959074540 +0200 +@@ -56,7 +56,7 @@ get_defaultroute(defaultroute_t *default + ssize_t msglen; + int fd; + +- bzero(&rtu, sizeof(rtu)); ++ memset(&rtu, 0, sizeof(rtu)); + rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt)); + rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; + rtu.m.nh.nlmsg_type = RTM_GETROUTE; +@@ -142,7 +142,7 @@ get_defaultroute(defaultroute_t *default + plog("could not open AF_INET socket"); + break; + } +- bzero(&req, sizeof(req)); ++ memset(&req, 0, sizeof(req)); + req.ifr_ifindex = iface_idx; + if (ioctl(fd, SIOCGIFNAME, &req) < 0 || + ioctl(fd, SIOCGIFADDR, &req) < 0) diff --git a/package/strongswan/patches/patch-src_starter_netkey_c b/package/strongswan/patches/patch-src_starter_netkey_c new file mode 100644 index 000000000..eae417f7b --- /dev/null +++ b/package/strongswan/patches/patch-src_starter_netkey_c @@ -0,0 +1,19 @@ +--- strongswan-4.4.0.orig/src/starter/netkey.c 2010-03-15 21:52:51.000000000 +0100 ++++ strongswan-4.4.0/src/starter/netkey.c 2010-07-14 19:05:06.911085736 +0200 +@@ -48,6 +48,8 @@ starter_netkey_init(void) + } + + /* make sure that all required IPsec modules are loaded */ ++ /* OpenADK loads all kernel modules already */ ++#if 0 + if (stat(PROC_MODULES, &stb) == 0) + { + ignore_result(system("modprobe -qv ah4")); +@@ -60,6 +62,7 @@ starter_netkey_init(void) + DBG(DBG_CONTROL, + DBG_log("Found netkey IPsec stack") + ) ++#endif + return TRUE; + } + -- cgit v1.2.3