Openwrt/packages
0
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-02-07 03:29:52 +00:00
Code
packages/net/libreswan/Makefile
Jaymin Patel 52af24ff56 libreswan: uci configuration support 
Add libreswan UCI configuration and hotplug support

Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
2023-10-30 23:44:39 +05:30

204 lines
5.9 KiB
Makefile
Raw Permalink Blame History

#
# Copyright (C) 2019 Lucian Cristian <lucian.cristian@gmail.com>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan
PKG_VERSION:=4.12
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
PKG_HASH:=ae85abe415f7becf4b6a2b9897e1712f27e5aac9c35dfbdddbcce0ad7dfd99f7
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING LICENSE
PKG_CPE_ID:=cpe:/a:libreswan:libreswan
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_BUILD_FLAGS:=lto
include $(INCLUDE_DIR)/package.mk
define Package/libreswan/default
SUBMENU:=VPN
SECTION:=net
CATEGORY:=Network
TITLE:=Libreswan
URL:=https://libreswan.org/
PROVIDES:=openswan
CONFLICTS:=strongswan
endef
define Package/libreswan
$(Package/libreswan/default)
DEPENDS:= \
+kmod-ip-vti +IPV6:kmod-ip6-vti \
+kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
+ip-full +kmod-xfrm-interface \
+libevent2 +libevent2-pthreads \
+libldns +librt +libunbound +nss-utils +nspr +libcap-ng \
+kmod-crypto-acompress \
+kmod-crypto-aead \
+kmod-crypto-authenc \
+kmod-crypto-arc4 \
+kmod-crypto-cbc \
+kmod-crypto-ccm \
+kmod-crypto-chacha20poly1305 \
+kmod-crypto-cmac \
+kmod-crypto-ctr \
+kmod-crypto-cts \
+kmod-crypto-des \
+kmod-crypto-ecb \
+kmod-crypto-ecdh \
+kmod-crypto-gcm \
+kmod-crypto-ghash \
+kmod-crypto-hash \
+kmod-crypto-hmac \
+kmod-crypto-md4 \
+kmod-crypto-md5 \
+kmod-crypto-null \
+kmod-crypto-pcbc \
+kmod-crypto-sha1 \
+kmod-crypto-sha256 \
+kmod-crypto-sha512 \
+kmod-crypto-xcbc \
+kmod-crypto-rng
endef
define Package/libreswan/description
Libreswan is a free software implementation of the most widely supported and
standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
("IKE"). These standards are produced and maintained by the Internet
Engineering Task Force ("IETF").
endef
define Package/libreswan/conffiles
/etc/ipsec.d
/etc/config/libreswan
/etc/ipsec.user
endef
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
MAKE_FLAGS+= \
WERROR_CFLAGS=" " \
NSS_REQ_AVA_COPY=false \
USE_LINUX_AUDIT=false \
USE_LABELED_IPSEC=false \
USE_NM=false \
USE_NSS_KDF=true \
USE_LIBCURL=false \
USE_GLIBC_KERN_FLIP_HEADERS=true \
USE_AUTHPAM=false \
USE_LIBCAP_NG=true \
USE_SYSTEMD_WATCHDOG=false \
USE_SECCOMP=false\
USE_XFRM_INTERFACE_IFLA_HEADER=false \
PREFIX="/usr" \
FINALRUNDIR="/var/run/pluto" \
FINALNSSDIR="/etc/ipsec.d" \
DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/unbound/root.key \
MODPROBEARGS="-q" \
OSDEP=linux \
BUILDENV=linux \
LINUX_VARIANT="openwrt" \
ARCH="$(LINUX_KARCH)" \
define Build/Prepare
$(call Build/Prepare/Default)
$(SED) 's,include $$$$(top_srcdir)/mk/manpages.mk,,g' \
$(PKG_BUILD_DIR)/mk/program.mk
endef
define Build/Compile
$(call Build/Compile/Default,all)
endef
define Package/libreswan/install
$(INSTALL_DIR) \
$(1)/etc/ipsec.d/policies \
$(1)/usr/libexec/ipsec \
$(1)/usr/sbin \
$(1)/etc/config \
$(1)/etc/init.d \
$(1)/etc/hotplug.d/libreswan \
$(1)/etc/hotplug.d/iface \
$(1)/usr/libexec/rpcd \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec \
$(1)/usr/sbin/ipsec
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ipsec.d/policies/* \
$(1)/etc/ipsec.d/policies/
$(CP) $(PKG_INSTALL_DIR)/usr/libexec/ipsec/* \
$(1)/usr/libexec/ipsec/
$(INSTALL_BIN) ./files/usr/libexec/ipsec/_updown.xfrm $(1)/usr/libexec/ipsec/_updown.xfrm
$(INSTALL_BIN) ./files/etc/init.d/ipsec $(1)/etc/init.d/ipsec
$(INSTALL_BIN) ./files/usr/libexec/rpcd/libreswan $(1)/usr/libexec/rpcd/libreswan
$(INSTALL_DATA) ./files/etc/ipsec.conf $(1)/etc/ipsec.conf
$(INSTALL_DATA) ./files/etc/ipsec.secrets $(1)/etc/ipsec.secrets
$(INSTALL_DATA) ./files/etc/config/libreswan $(1)/etc/config/libreswan
$(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/01-user $(1)/etc/hotplug.d/libreswan/01-user
$(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/02-vti $(1)/etc/hotplug.d/libreswan/02-vti
$(INSTALL_DATA) ./files/etc/hotplug.d/iface/89-libreswan $(1)/etc/hotplug.d/iface/89-libreswan
endef
define Package/libreswan-nftables
$(Package/libreswan/default)
TITLE+= nftables plugin)
DEPENDS+=firewall4 +libreswan +kmod-nft-xfrm +nftables \
+kmod-nfnetlink-log
endef
define Package/libreswan-nftables/description
Provides Libreswan nftables plugin for adding firewall rules
endef
define Package/libreswan-nftables/install
$(INSTALL_DIR) $(1)/etc/hotplug.d/libreswan \
$(1)/usr/share/nftables.d/ruleset-post
$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d
$(CP) ./files/etc/hotplug.d/libreswan/62-nftables $(1)/etc/hotplug.d/libreswan/62-nftables
$(LN) /tmp/libreswan/firewall.d/libreswan.rules $(1)/usr/share/nftables.d/ruleset-post/10_libreswan.nft
endef
define Package/libreswan-iptables
$(Package/libreswan/default)
TITLE+= iptables plugin)
DEPENDS+=firewall +libreswan +iptables-mod-ipsec +kmod-ipt-ipsec \
+iptables-zz-legacy +IPV6:ip6tables-zz-legacy \
+kmod-ipt-nflog +iptables-mod-nflog
endef
define Package/libreswan-iptables/description
Provides Libreswan iptables plugin for adding firewall rules
endef
define Package/libreswan-iptables/install
$(INSTALL_DIR) $(1)/etc \
$(1)/etc/uci-defaults \
$(1)/etc/hotplug.d/libreswan
$(CP) ./files/etc/hotplug.d/libreswan/61-iptables $(1)/etc/hotplug.d/libreswan/61-iptables
$(CP) ./files/etc/uci-defaults/091-libreswan $(1)/etc/uci-defaults/091-libreswan
$(INSTALL_BIN) ./files/etc/libreswan_firewall.sh $(1)/etc/libreswan_firewall.sh
endef
define Package/libreswan-iptables/postinst
#!/bin/sh
[ -n "$$IPKG_INSTROOT" ] || {
/etc/init.d/firewall reload
}
endef
$(eval $(call BuildPackage,libreswan))
$(eval $(call BuildPackage,libreswan-nftables))
$(eval $(call BuildPackage,libreswan-iptables))
View Git Blame Copy Permalink