diff options
Diffstat (limited to 'package/openswan')
-rw-r--r-- | package/openswan/Makefile | 94 | ||||
-rw-r--r-- | package/openswan/patches/100-pluto_includes.patch | 12 | ||||
-rw-r--r-- | package/openswan/patches/110-scripts.patch | 243 | ||||
-rw-r--r-- | package/openswan/patches/120-use_dev_urandom.patch | 36 |
4 files changed, 385 insertions, 0 deletions
diff --git a/package/openswan/Makefile b/package/openswan/Makefile new file mode 100644 index 0000000000..54b565efdd --- /dev/null +++ b/package/openswan/Makefile @@ -0,0 +1,94 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=openswan +PKG_VERSION:=2.4.6 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://www.openswan.org/download +PKG_MD5SUM:=b34d71ca49dedad017879b0e912d40dd +PKG_CAT:=zcat + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install + +PKG_INIT_PRIO:=60 + +include $(INCLUDE_DIR)/package.mk + +define Package/openswan/Default + TITLE:=Openswan + DESCRIPTION:=\ + Openswan is an IPsec implementation for Linux. + URL:=http://www.openswan.org/ +endef + +define Package/openswan + $(call Package/openswan/Default) + SECTION:=net + CATEGORY:=Network + DEPENDS:=+kmod-openswan +libgmp + TITLE+= (daemon) + DESCRIPTION+=\\\ + \\\ + This package contains the Openswan user-land daemon. + URL:=http://www.openswan.org/ +endef + +define Package/kmod-openswan + $(call Package/openswan/Default) + SECTION:=kernel + CATEGORY:=Kernel drivers + TITLE+= (kernel module) + DESCRIPTION+=\\\ + \\\ + This package contains the Openswan kernel module. + VERSION:=$(LINUX_VERSION)+$(PKG_VERSION)-$(BOARD)-$(PKG_RELEASE) +endef + +PKG_MAKE_OPTS:= \ + LINUX_RELEASE="$(LINUX_RELEASE)" \ + KERNELSRC="$(LINUX_DIR)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include -I$(STAGING_DIR)/usr/include -L$(STAGING_DIR)/usr/lib" \ + IPSECDIR="/usr/lib/ipsec" \ + INC_USRLOCAL="/usr" \ + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + $(PKG_MAKE_OPTS) \ + LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib" \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + programs module install +endef + +define Package/openswan/install + $(CP) $(PKG_INSTALL_DIR)/* $(1) + install -d -m0755 $(1)/etc/init.d + $(CP) $(1)/etc/rc.d/init.d/ipsec $(1)/etc/init.d/S$(PKG_INIT_PRIO)ipsec + rm -rf $(1)/usr/share + rm -rf $(1)/usr/man + rm -rf $(1)/var + rm -rf $(1)/etc/rc.d + find $(1) -name \*.old | xargs rm -rf +endef + +define Package/kmod-openswan/install + mkdir -p $(1)/lib/modules/$(LINUX_VERSION) + $(CP) $(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX) \ + $(1)/lib/modules/$(LINUX_VERSION)/ +endef + +$(eval $(call BuildPackage,openswan)) +$(eval $(call BuildPackage,kmod-openswan)) diff --git a/package/openswan/patches/100-pluto_includes.patch b/package/openswan/patches/100-pluto_includes.patch new file mode 100644 index 0000000000..8cd1398d4a --- /dev/null +++ b/package/openswan/patches/100-pluto_includes.patch @@ -0,0 +1,12 @@ +diff -Nur openswan-2.4.0.orig/programs/pluto/Makefile openswan-2.4.0/programs/pluto/Makefile +--- openswan-2.4.0.orig/programs/pluto/Makefile 2005-08-12 03:12:38.000000000 +0200 ++++ openswan-2.4.0/programs/pluto/Makefile 2005-09-29 13:41:14.016377750 +0200 +@@ -271,7 +271,7 @@ + LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS} + LIBSPLUTO+=${CURL_LIBS} + LIBSPLUTO+=${EXTRA_CRYPTO_LIBS} +-LIBSPLUTO+= -lgmp -lresolv # -lefence ++LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence + + ifneq ($(LD_LIBRARY_PATH),) + LDFLAGS=-L$(LD_LIBRARY_PATH) diff --git a/package/openswan/patches/110-scripts.patch b/package/openswan/patches/110-scripts.patch new file mode 100644 index 0000000000..ed8eba92cf --- /dev/null +++ b/package/openswan/patches/110-scripts.patch @@ -0,0 +1,243 @@ +diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix +--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 ++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200 +@@ -0,0 +1,5 @@ ++#!/bin/sh ++# use filename instead of /dev/null to log, but dont log to flash or ram ++# pref. log to nfs mount ++echo "$*" >> /dev/null ++exit 0 +diff -urN openswan.old/programs/look/look.in openswan.dev/programs/look/look.in +--- openswan.old/programs/look/look.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/look/look.in 2006-10-08 20:41:08.000000000 +0200 +@@ -84,7 +84,7 @@ + then + pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" + else +- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'` ++ for i in `echo "$IPSECinterfaces" | tr '=' ' '` + do + pat="$pat|$i\$" + done +diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in +--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200 +@@ -147,7 +147,7 @@ + exit 1 + fi + else +- if test ! -w "`dirname $stderrlog`" ++ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" + then + echo Cannot write to directory to create \"$stderrlog\". + exit 1 +diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in +--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200 +@@ -232,7 +232,7 @@ + + # misc pre-Pluto setup + +- perform test -d `dirname $subsyslock` "&&" touch $subsyslock ++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock + + if test " $IPSECforwardcontrol" = " yes" + then +diff -urN openswan.old/programs/send-pr/send-pr.in openswan.dev/programs/send-pr/send-pr.in +--- openswan.old/programs/send-pr/send-pr.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/send-pr/send-pr.in 2006-10-08 20:41:08.000000000 +0200 +@@ -402,7 +402,7 @@ + else + if [ "$fieldname" != "Category" ] + then +- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` ++ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` + valslen=`echo "$values" | wc -c` + else + values="choose from a category listed above" +@@ -414,7 +414,7 @@ + else + desc="<${values} (one line)>"; + fi +- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` ++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` + echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL + fi + echo "${fmtname}${desc}" >> $file +@@ -425,7 +425,7 @@ + desc=" $default_val"; + else + desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>"; +- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` ++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` + echo "s/^${dpat}//" >> $FIXFIL + fi + echo "${fmtname}" >> $file; +@@ -437,7 +437,7 @@ + desc="${default_val}" + else + desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>" +- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` ++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` + echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL + fi + echo "${fmtname}${desc}" >> $file +diff -urN openswan.old/programs/setup/setup.in openswan.dev/programs/setup/setup.in +--- openswan.old/programs/setup/setup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/setup/setup.in 2006-10-08 20:41:08.000000000 +0200 +@@ -117,12 +117,21 @@ + # do it + case "$1" in + start|--start|stop|--stop|_autostop|_autostart) +- if test " `id -u`" != " 0" ++ if [ "x${USER}" != "xroot" ] + then + echo "permission denied (must be superuser)" | + logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + exit 1 + fi ++ # make sure all required directories exist ++ if [ ! -d /var/run/pluto ] ++ then ++ mkdir -p /var/run/pluto ++ fi ++ if [ ! -d /var/lock/subsys ] ++ then ++ mkdir -p /var/lock/subsys ++ fi + tmp=/var/run/pluto/ipsec_setup.st + outtmp=/var/run/pluto/ipsec_setup.out + ( +diff -urN openswan.old/programs/showhostkey/showhostkey.in openswan.dev/programs/showhostkey/showhostkey.in +--- openswan.old/programs/showhostkey/showhostkey.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/showhostkey/showhostkey.in 2006-10-08 20:41:08.000000000 +0200 +@@ -63,7 +63,7 @@ + exit 1 + fi + +-host="`hostname --fqdn`" ++host="`cat /proc/sys/kernel/hostname`" + + awk ' BEGIN { + inkey = 0 +@@ -81,7 +81,7 @@ + os = "[ \t]*" + x = "[^ \t]+" + oc = "(#.*)?" +- suffix = ":" os "[rR][sS][aA]" os "{" os oc "$" ++ suffix = ":" os "[rR][sS][aA]" os "\0173" os oc "$" + if (id == "") { + pat = "^" suffix + printid = "default" +diff -urN openswan.old/programs/starter/klips.c openswan.dev/programs/starter/klips.c +--- openswan.old/programs/starter/klips.c 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/starter/klips.c 2006-10-08 20:41:08.000000000 +0200 +@@ -83,7 +83,7 @@ + if (stat(PROC_MODULES,&stb)==0) { + unsetenv("MODPATH"); + unsetenv("MODULECONF"); +- system("depmod -a >/dev/null 2>&1 && modprobe ipsec"); ++ system("depmod -a >/dev/null 2>&1 && insmod ipsec"); + } + if (stat(PROC_IPSECVERSION,&stb)==0) { + _klips_module_loaded = 1; +diff -urN openswan.old/programs/starter/netkey.c openswan.dev/programs/starter/netkey.c +--- openswan.old/programs/starter/netkey.c 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/starter/netkey.c 2006-10-08 20:41:08.000000000 +0200 +@@ -75,7 +75,7 @@ + if (stat(PROC_MODULES,&stb)==0) { + unsetenv("MODPATH"); + unsetenv("MODULECONF"); +- system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key"); ++ system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key"); + } + if (stat(PROC_NETKEY,&stb)==0) { + _netkey_module_loaded = 1; +diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in +--- openswan.old/programs/_startklips/_startklips.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_startklips/_startklips.in 2006-10-08 20:41:46.000000000 +0200 +@@ -242,7 +242,7 @@ + fi + if test -f $moduleinstplace/$wantgoo + then +- echo "modprobe failed, but found matching template module $wantgoo." ++ echo "insmod failed, but found matching template module $wantgoo." + echo "Copying $moduleinstplace/$wantgoo to $module." + rm -f $module + mkdir -p $moduleplace +@@ -262,15 +262,15 @@ + echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" + exit + fi +-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec ++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec + then + # statically compiled KLIPS/NETKEY not found; try to load the module +- modprobe ipsec ++ insmod ipsec + fi + + if test ! -f $ipsecversion && test ! -f $netkey + then +- modprobe -v af_key ++ insmod -v af_key + fi + + if test -f $netkey +@@ -278,25 +278,25 @@ + klips=false + if test -f $modules + then +- modprobe -qv ah4 +- modprobe -qv esp4 +- modprobe -qv ipcomp ++ insmod -qv ah4 ++ insmod -qv esp4 ++ insmod -qv ipcomp + # xfrm4_tunnel is needed by ipip and ipcomp +- modprobe -qv xfrm4_tunnel ++ insmod -qv xfrm4_tunnel + # xfrm_user contains netlink support for IPsec +- modprobe -qv xfrm_user ++ insmod -qv xfrm_user + if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ] + then + echo "VIA Nehemiah detected, probing for PadLock" +- modprobe -qv hw_random ++ insmod -qv hw_random + # padlock must load before aes module +- modprobe -qv padlock ++ insmod -qv padlock + fi + # load the most common ciphers/algo's +- modprobe -qv sha1 +- modprobe -qv md5 +- modprobe -qv des +- modprobe -qv aes ++ insmod -qv sha1 ++ insmod -qv md5 ++ insmod -qv des ++ insmod -qv aes + fi + fi + +@@ -312,10 +312,16 @@ + fi + unset MODPATH MODULECONF # no user overrides! + depmod -a >/dev/null 2>&1 +- modprobe -qv hw_random ++ insmod -qv hw_random + # padlock must load before aes module +- modprobe -qv padlock +- modprobe -v ipsec ++ insmod -qv padlock ++ if [ -f insmod ] ++ then ++ insmod -v ipsec ++ elif [ -f insmod ] ++ then ++ insmod ipsec ++ fi + fi + if test ! -f $ipsecversion + then diff --git a/package/openswan/patches/120-use_dev_urandom.patch b/package/openswan/patches/120-use_dev_urandom.patch new file mode 100644 index 0000000000..1a19884584 --- /dev/null +++ b/package/openswan/patches/120-use_dev_urandom.patch @@ -0,0 +1,36 @@ +diff -urN openswan-2.3.1dr6.old/programs/ranbits/ranbits.c openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c +--- openswan-2.3.1dr6.old/programs/ranbits/ranbits.c 2004-04-04 03:50:56.000000000 +0200 ++++ openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c 2005-04-05 17:37:16.000000000 +0200 +@@ -29,7 +29,7 @@ + #include <openswan.h> + + #ifndef DEVICE +-#define DEVICE "/dev/random" ++#define DEVICE "/dev/urandom" + #endif + #ifndef QDEVICE + #define QDEVICE "/dev/urandom" +diff -urN openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c +--- openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c 2004-05-23 23:32:03.000000000 +0200 ++++ openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c 2005-04-05 17:38:00.000000000 +0200 +@@ -31,7 +31,7 @@ + #include <gmp.h> + + #ifndef DEVICE +-#define DEVICE "/dev/random" ++#define DEVICE "/dev/urandom" + #endif + #ifndef MAXBITS + #define MAXBITS 20000 +diff -urN openswan-2.3.1dr6.old/programs/starter/files.h openswan-2.3.1dr6.dev/programs/starter/files.h +--- openswan-2.3.1dr6.old/programs/starter/files.h 2005-01-11 18:52:51.000000000 +0100 ++++ openswan-2.3.1dr6.dev/programs/starter/files.h 2005-04-05 17:38:16.000000000 +0200 +@@ -36,7 +36,7 @@ + + #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid" + +-#define DEV_RANDOM "/dev/random" ++#define DEV_RANDOM "/dev/urandom" + #define DEV_URANDOM "/dev/urandom" + + #define PROC_IPSECVERSION "/proc/net/ipsec_version" |