aboutsummaryrefslogtreecommitdiffstats
path: root/package/openswan
diff options
context:
space:
mode:
Diffstat (limited to 'package/openswan')
-rw-r--r--package/openswan/Makefile94
-rw-r--r--package/openswan/patches/100-pluto_includes.patch12
-rw-r--r--package/openswan/patches/110-scripts.patch243
-rw-r--r--package/openswan/patches/120-use_dev_urandom.patch36
4 files changed, 385 insertions, 0 deletions
diff --git a/package/openswan/Makefile b/package/openswan/Makefile
new file mode 100644
index 0000000000..54b565efdd
--- /dev/null
+++ b/package/openswan/Makefile
@@ -0,0 +1,94 @@
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=openswan
+PKG_VERSION:=2.4.6
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.openswan.org/download
+PKG_MD5SUM:=b34d71ca49dedad017879b0e912d40dd
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+PKG_INIT_PRIO:=60
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openswan/Default
+ TITLE:=Openswan
+ DESCRIPTION:=\
+ Openswan is an IPsec implementation for Linux.
+ URL:=http://www.openswan.org/
+endef
+
+define Package/openswan
+ $(call Package/openswan/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+kmod-openswan +libgmp
+ TITLE+= (daemon)
+ DESCRIPTION+=\\\
+ \\\
+ This package contains the Openswan user-land daemon.
+ URL:=http://www.openswan.org/
+endef
+
+define Package/kmod-openswan
+ $(call Package/openswan/Default)
+ SECTION:=kernel
+ CATEGORY:=Kernel drivers
+ TITLE+= (kernel module)
+ DESCRIPTION+=\\\
+ \\\
+ This package contains the Openswan kernel module.
+ VERSION:=$(LINUX_VERSION)+$(PKG_VERSION)-$(BOARD)-$(PKG_RELEASE)
+endef
+
+PKG_MAKE_OPTS:= \
+ LINUX_RELEASE="$(LINUX_RELEASE)" \
+ KERNELSRC="$(LINUX_DIR)" \
+ ARCH="$(LINUX_KARCH)" \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
+ USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include -I$(STAGING_DIR)/usr/include -L$(STAGING_DIR)/usr/lib" \
+ IPSECDIR="/usr/lib/ipsec" \
+ INC_USRLOCAL="/usr" \
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ $(PKG_MAKE_OPTS) \
+ LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib" \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ programs module install
+endef
+
+define Package/openswan/install
+ $(CP) $(PKG_INSTALL_DIR)/* $(1)
+ install -d -m0755 $(1)/etc/init.d
+ $(CP) $(1)/etc/rc.d/init.d/ipsec $(1)/etc/init.d/S$(PKG_INIT_PRIO)ipsec
+ rm -rf $(1)/usr/share
+ rm -rf $(1)/usr/man
+ rm -rf $(1)/var
+ rm -rf $(1)/etc/rc.d
+ find $(1) -name \*.old | xargs rm -rf
+endef
+
+define Package/kmod-openswan/install
+ mkdir -p $(1)/lib/modules/$(LINUX_VERSION)
+ $(CP) $(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX) \
+ $(1)/lib/modules/$(LINUX_VERSION)/
+endef
+
+$(eval $(call BuildPackage,openswan))
+$(eval $(call BuildPackage,kmod-openswan))
diff --git a/package/openswan/patches/100-pluto_includes.patch b/package/openswan/patches/100-pluto_includes.patch
new file mode 100644
index 0000000000..8cd1398d4a
--- /dev/null
+++ b/package/openswan/patches/100-pluto_includes.patch
@@ -0,0 +1,12 @@
+diff -Nur openswan-2.4.0.orig/programs/pluto/Makefile openswan-2.4.0/programs/pluto/Makefile
+--- openswan-2.4.0.orig/programs/pluto/Makefile 2005-08-12 03:12:38.000000000 +0200
++++ openswan-2.4.0/programs/pluto/Makefile 2005-09-29 13:41:14.016377750 +0200
+@@ -271,7 +271,7 @@
+ LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS}
+ LIBSPLUTO+=${CURL_LIBS}
+ LIBSPLUTO+=${EXTRA_CRYPTO_LIBS}
+-LIBSPLUTO+= -lgmp -lresolv # -lefence
++LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence
+
+ ifneq ($(LD_LIBRARY_PATH),)
+ LDFLAGS=-L$(LD_LIBRARY_PATH)
diff --git a/package/openswan/patches/110-scripts.patch b/package/openswan/patches/110-scripts.patch
new file mode 100644
index 0000000000..ed8eba92cf
--- /dev/null
+++ b/package/openswan/patches/110-scripts.patch
@@ -0,0 +1,243 @@
+diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
+--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200
+@@ -0,0 +1,5 @@
++#!/bin/sh
++# use filename instead of /dev/null to log, but dont log to flash or ram
++# pref. log to nfs mount
++echo "$*" >> /dev/null
++exit 0
+diff -urN openswan.old/programs/look/look.in openswan.dev/programs/look/look.in
+--- openswan.old/programs/look/look.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/look/look.in 2006-10-08 20:41:08.000000000 +0200
+@@ -84,7 +84,7 @@
+ then
+ pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
+ else
+- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
++ for i in `echo "$IPSECinterfaces" | tr '=' ' '`
+ do
+ pat="$pat|$i\$"
+ done
+diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
+--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200
+@@ -147,7 +147,7 @@
+ exit 1
+ fi
+ else
+- if test ! -w "`dirname $stderrlog`"
++ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
+ then
+ echo Cannot write to directory to create \"$stderrlog\".
+ exit 1
+diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
+--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200
+@@ -232,7 +232,7 @@
+
+ # misc pre-Pluto setup
+
+- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
+
+ if test " $IPSECforwardcontrol" = " yes"
+ then
+diff -urN openswan.old/programs/send-pr/send-pr.in openswan.dev/programs/send-pr/send-pr.in
+--- openswan.old/programs/send-pr/send-pr.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/send-pr/send-pr.in 2006-10-08 20:41:08.000000000 +0200
+@@ -402,7 +402,7 @@
+ else
+ if [ "$fieldname" != "Category" ]
+ then
+- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
++ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
+ valslen=`echo "$values" | wc -c`
+ else
+ values="choose from a category listed above"
+@@ -414,7 +414,7 @@
+ else
+ desc="<${values} (one line)>";
+ fi
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
+ echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
+ fi
+ echo "${fmtname}${desc}" >> $file
+@@ -425,7 +425,7 @@
+ desc=" $default_val";
+ else
+ desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
+ echo "s/^${dpat}//" >> $FIXFIL
+ fi
+ echo "${fmtname}" >> $file;
+@@ -437,7 +437,7 @@
+ desc="${default_val}"
+ else
+ desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
+ echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
+ fi
+ echo "${fmtname}${desc}" >> $file
+diff -urN openswan.old/programs/setup/setup.in openswan.dev/programs/setup/setup.in
+--- openswan.old/programs/setup/setup.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/setup/setup.in 2006-10-08 20:41:08.000000000 +0200
+@@ -117,12 +117,21 @@
+ # do it
+ case "$1" in
+ start|--start|stop|--stop|_autostop|_autostart)
+- if test " `id -u`" != " 0"
++ if [ "x${USER}" != "xroot" ]
+ then
+ echo "permission denied (must be superuser)" |
+ logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ exit 1
+ fi
++ # make sure all required directories exist
++ if [ ! -d /var/run/pluto ]
++ then
++ mkdir -p /var/run/pluto
++ fi
++ if [ ! -d /var/lock/subsys ]
++ then
++ mkdir -p /var/lock/subsys
++ fi
+ tmp=/var/run/pluto/ipsec_setup.st
+ outtmp=/var/run/pluto/ipsec_setup.out
+ (
+diff -urN openswan.old/programs/showhostkey/showhostkey.in openswan.dev/programs/showhostkey/showhostkey.in
+--- openswan.old/programs/showhostkey/showhostkey.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/showhostkey/showhostkey.in 2006-10-08 20:41:08.000000000 +0200
+@@ -63,7 +63,7 @@
+ exit 1
+ fi
+
+-host="`hostname --fqdn`"
++host="`cat /proc/sys/kernel/hostname`"
+
+ awk ' BEGIN {
+ inkey = 0
+@@ -81,7 +81,7 @@
+ os = "[ \t]*"
+ x = "[^ \t]+"
+ oc = "(#.*)?"
+- suffix = ":" os "[rR][sS][aA]" os "{" os oc "$"
++ suffix = ":" os "[rR][sS][aA]" os "\0173" os oc "$"
+ if (id == "") {
+ pat = "^" suffix
+ printid = "default"
+diff -urN openswan.old/programs/starter/klips.c openswan.dev/programs/starter/klips.c
+--- openswan.old/programs/starter/klips.c 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/starter/klips.c 2006-10-08 20:41:08.000000000 +0200
+@@ -83,7 +83,7 @@
+ if (stat(PROC_MODULES,&stb)==0) {
+ unsetenv("MODPATH");
+ unsetenv("MODULECONF");
+- system("depmod -a >/dev/null 2>&1 && modprobe ipsec");
++ system("depmod -a >/dev/null 2>&1 && insmod ipsec");
+ }
+ if (stat(PROC_IPSECVERSION,&stb)==0) {
+ _klips_module_loaded = 1;
+diff -urN openswan.old/programs/starter/netkey.c openswan.dev/programs/starter/netkey.c
+--- openswan.old/programs/starter/netkey.c 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/starter/netkey.c 2006-10-08 20:41:08.000000000 +0200
+@@ -75,7 +75,7 @@
+ if (stat(PROC_MODULES,&stb)==0) {
+ unsetenv("MODPATH");
+ unsetenv("MODULECONF");
+- system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key");
++ system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key");
+ }
+ if (stat(PROC_NETKEY,&stb)==0) {
+ _netkey_module_loaded = 1;
+diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in
+--- openswan.old/programs/_startklips/_startklips.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_startklips/_startklips.in 2006-10-08 20:41:46.000000000 +0200
+@@ -242,7 +242,7 @@
+ fi
+ if test -f $moduleinstplace/$wantgoo
+ then
+- echo "modprobe failed, but found matching template module $wantgoo."
++ echo "insmod failed, but found matching template module $wantgoo."
+ echo "Copying $moduleinstplace/$wantgoo to $module."
+ rm -f $module
+ mkdir -p $moduleplace
+@@ -262,15 +262,15 @@
+ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
+ exit
+ fi
+-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec
+ then
+ # statically compiled KLIPS/NETKEY not found; try to load the module
+- modprobe ipsec
++ insmod ipsec
+ fi
+
+ if test ! -f $ipsecversion && test ! -f $netkey
+ then
+- modprobe -v af_key
++ insmod -v af_key
+ fi
+
+ if test -f $netkey
+@@ -278,25 +278,25 @@
+ klips=false
+ if test -f $modules
+ then
+- modprobe -qv ah4
+- modprobe -qv esp4
+- modprobe -qv ipcomp
++ insmod -qv ah4
++ insmod -qv esp4
++ insmod -qv ipcomp
+ # xfrm4_tunnel is needed by ipip and ipcomp
+- modprobe -qv xfrm4_tunnel
++ insmod -qv xfrm4_tunnel
+ # xfrm_user contains netlink support for IPsec
+- modprobe -qv xfrm_user
++ insmod -qv xfrm_user
+ if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ]
+ then
+ echo "VIA Nehemiah detected, probing for PadLock"
+- modprobe -qv hw_random
++ insmod -qv hw_random
+ # padlock must load before aes module
+- modprobe -qv padlock
++ insmod -qv padlock
+ fi
+ # load the most common ciphers/algo's
+- modprobe -qv sha1
+- modprobe -qv md5
+- modprobe -qv des
+- modprobe -qv aes
++ insmod -qv sha1
++ insmod -qv md5
++ insmod -qv des
++ insmod -qv aes
+ fi
+ fi
+
+@@ -312,10 +312,16 @@
+ fi
+ unset MODPATH MODULECONF # no user overrides!
+ depmod -a >/dev/null 2>&1
+- modprobe -qv hw_random
++ insmod -qv hw_random
+ # padlock must load before aes module
+- modprobe -qv padlock
+- modprobe -v ipsec
++ insmod -qv padlock
++ if [ -f insmod ]
++ then
++ insmod -v ipsec
++ elif [ -f insmod ]
++ then
++ insmod ipsec
++ fi
+ fi
+ if test ! -f $ipsecversion
+ then
diff --git a/package/openswan/patches/120-use_dev_urandom.patch b/package/openswan/patches/120-use_dev_urandom.patch
new file mode 100644
index 0000000000..1a19884584
--- /dev/null
+++ b/package/openswan/patches/120-use_dev_urandom.patch
@@ -0,0 +1,36 @@
+diff -urN openswan-2.3.1dr6.old/programs/ranbits/ranbits.c openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c
+--- openswan-2.3.1dr6.old/programs/ranbits/ranbits.c 2004-04-04 03:50:56.000000000 +0200
++++ openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c 2005-04-05 17:37:16.000000000 +0200
+@@ -29,7 +29,7 @@
+ #include <openswan.h>
+
+ #ifndef DEVICE
+-#define DEVICE "/dev/random"
++#define DEVICE "/dev/urandom"
+ #endif
+ #ifndef QDEVICE
+ #define QDEVICE "/dev/urandom"
+diff -urN openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c
+--- openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c 2004-05-23 23:32:03.000000000 +0200
++++ openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c 2005-04-05 17:38:00.000000000 +0200
+@@ -31,7 +31,7 @@
+ #include <gmp.h>
+
+ #ifndef DEVICE
+-#define DEVICE "/dev/random"
++#define DEVICE "/dev/urandom"
+ #endif
+ #ifndef MAXBITS
+ #define MAXBITS 20000
+diff -urN openswan-2.3.1dr6.old/programs/starter/files.h openswan-2.3.1dr6.dev/programs/starter/files.h
+--- openswan-2.3.1dr6.old/programs/starter/files.h 2005-01-11 18:52:51.000000000 +0100
++++ openswan-2.3.1dr6.dev/programs/starter/files.h 2005-04-05 17:38:16.000000000 +0200
+@@ -36,7 +36,7 @@
+
+ #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid"
+
+-#define DEV_RANDOM "/dev/random"
++#define DEV_RANDOM "/dev/urandom"
+ #define DEV_URANDOM "/dev/urandom"
+
+ #define PROC_IPSECVERSION "/proc/net/ipsec_version"