diff options
| author | Jaymin Patel <jem.patel@gmail.com> | 2022-08-22 16:41:33 +0530 |
|---|---|---|
| committer | Jaymin Patel <jem.patel@gmail.com> | 2023-10-30 23:44:39 +0530 |
| commit | 52af24ff563c94a28b2c44c4be67bbc40ca364d3 (patch) | |
| tree | f161193b435f90d71d720419947da12fee9f06b8 /net/libreswan/Makefile | |
| parent | a2ef62e6699f3e47af6f2a22980b8a832f1ba1f4 (diff) | |
libreswan: uci configuration support
Add libreswan UCI configuration and hotplug support
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
Diffstat (limited to 'net/libreswan/Makefile')
| -rw-r--r-- | net/libreswan/Makefile | 147 |
1 files changed, 114 insertions, 33 deletions
diff --git a/net/libreswan/Makefile b/net/libreswan/Makefile index 4ecc00a44..eb407e432 100644 --- a/net/libreswan/Makefile +++ b/net/libreswan/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libreswan PKG_VERSION:=4.12 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.libreswan.org/ @@ -25,46 +25,65 @@ PKG_BUILD_FLAGS:=lto include $(INCLUDE_DIR)/package.mk -define Package/libreswan/Default - TITLE:=Libreswan - URL:=https://libreswan.org/ -endef - -define Package/libreswan/Default/description - Libreswan is a free software implementation of the most widely supported and - standardized VPN protocol based on ("IPsec") and the Internet Key Exchange - ("IKE"). These standards are produced and maintained by the Internet - Engineering Task Force ("IETF"). -endef - -define Package/libreswan -$(call Package/libreswan/Default) +define Package/libreswan/default SUBMENU:=VPN SECTION:=net CATEGORY:=Network - DEPENDS:= +IPV6:kmod-ip6-vti +IPV6:kmod-ipsec6 +ip-full +iptables-mod-ipsec \ - +kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \ - +kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \ - +kmod-ipsec4 +kmod-ipt-ipsec +kmod-xfrm-interface +libevent2 +libevent2-pthreads \ - +libldns +librt +libunbound +nss-utils +nspr +libcap-ng + TITLE:=Libreswan + URL:=https://libreswan.org/ PROVIDES:=openswan CONFLICTS:=strongswan - TITLE+= IPsec Server +endef + +define Package/libreswan + $(Package/libreswan/default) + DEPENDS:= \ + +kmod-ip-vti +IPV6:kmod-ip6-vti \ + +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \ + +ip-full +kmod-xfrm-interface \ + +libevent2 +libevent2-pthreads \ + +libldns +librt +libunbound +nss-utils +nspr +libcap-ng \ + +kmod-crypto-acompress \ + +kmod-crypto-aead \ + +kmod-crypto-authenc \ + +kmod-crypto-arc4 \ + +kmod-crypto-cbc \ + +kmod-crypto-ccm \ + +kmod-crypto-chacha20poly1305 \ + +kmod-crypto-cmac \ + +kmod-crypto-ctr \ + +kmod-crypto-cts \ + +kmod-crypto-des \ + +kmod-crypto-ecb \ + +kmod-crypto-ecdh \ + +kmod-crypto-gcm \ + +kmod-crypto-ghash \ + +kmod-crypto-hash \ + +kmod-crypto-hmac \ + +kmod-crypto-md4 \ + +kmod-crypto-md5 \ + +kmod-crypto-null \ + +kmod-crypto-pcbc \ + +kmod-crypto-sha1 \ + +kmod-crypto-sha256 \ + +kmod-crypto-sha512 \ + +kmod-crypto-xcbc \ + +kmod-crypto-rng endef define Package/libreswan/description -$(call Package/libreswan/Default/description) - Libreswan is a free software implementation of the most widely supported and - standardized VPN protocol based on ("IPsec") and the Internet Key Exchange - ("IKE"). These standards are produced and maintained by the Internet - Engineering Task Force ("IETF"). + Libreswan is a free software implementation of the most widely supported and + standardized VPN protocol based on ("IPsec") and the Internet Key Exchange + ("IKE"). These standards are produced and maintained by the Internet + Engineering Task Force ("IETF"). endef define Package/libreswan/conffiles /etc/ipsec.d -/etc/ipsec.conf -/etc/ipsec.secrets +/etc/config/libreswan +/etc/ipsec.user endef + TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed MAKE_FLAGS+= \ @@ -103,20 +122,82 @@ endef define Package/libreswan/install $(INSTALL_DIR) \ - $(1)/etc/init.d \ $(1)/etc/ipsec.d/policies \ $(1)/usr/libexec/ipsec \ - $(1)/usr/sbin + $(1)/usr/sbin \ + $(1)/etc/config \ + $(1)/etc/init.d \ + $(1)/etc/hotplug.d/libreswan \ + $(1)/etc/hotplug.d/iface \ + $(1)/usr/libexec/rpcd \ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec \ $(1)/usr/sbin/ipsec - $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec - $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf - $(INSTALL_DATA) ./files/ipsec.secrets $(1)/etc/ipsec.secrets $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ipsec.d/policies/* \ $(1)/etc/ipsec.d/policies/ $(CP) $(PKG_INSTALL_DIR)/usr/libexec/ipsec/* \ $(1)/usr/libexec/ipsec/ + + $(INSTALL_BIN) ./files/usr/libexec/ipsec/_updown.xfrm $(1)/usr/libexec/ipsec/_updown.xfrm + $(INSTALL_BIN) ./files/etc/init.d/ipsec $(1)/etc/init.d/ipsec + $(INSTALL_BIN) ./files/usr/libexec/rpcd/libreswan $(1)/usr/libexec/rpcd/libreswan + $(INSTALL_DATA) ./files/etc/ipsec.conf $(1)/etc/ipsec.conf + $(INSTALL_DATA) ./files/etc/ipsec.secrets $(1)/etc/ipsec.secrets + $(INSTALL_DATA) ./files/etc/config/libreswan $(1)/etc/config/libreswan + $(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/01-user $(1)/etc/hotplug.d/libreswan/01-user + $(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/02-vti $(1)/etc/hotplug.d/libreswan/02-vti + $(INSTALL_DATA) ./files/etc/hotplug.d/iface/89-libreswan $(1)/etc/hotplug.d/iface/89-libreswan +endef + +define Package/libreswan-nftables + $(Package/libreswan/default) + TITLE+= nftables plugin) + DEPENDS+=firewall4 +libreswan +kmod-nft-xfrm +nftables \ + +kmod-nfnetlink-log +endef + +define Package/libreswan-nftables/description + Provides Libreswan nftables plugin for adding firewall rules +endef + +define Package/libreswan-nftables/install + $(INSTALL_DIR) $(1)/etc/hotplug.d/libreswan \ + $(1)/usr/share/nftables.d/ruleset-post + + $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d + $(CP) ./files/etc/hotplug.d/libreswan/62-nftables $(1)/etc/hotplug.d/libreswan/62-nftables + $(LN) /tmp/libreswan/firewall.d/libreswan.rules $(1)/usr/share/nftables.d/ruleset-post/10_libreswan.nft +endef + +define Package/libreswan-iptables + $(Package/libreswan/default) + TITLE+= iptables plugin) + DEPENDS+=firewall +libreswan +iptables-mod-ipsec +kmod-ipt-ipsec \ + +iptables-zz-legacy +IPV6:ip6tables-zz-legacy \ + +kmod-ipt-nflog +iptables-mod-nflog +endef + +define Package/libreswan-iptables/description + Provides Libreswan iptables plugin for adding firewall rules +endef + +define Package/libreswan-iptables/install + $(INSTALL_DIR) $(1)/etc \ + $(1)/etc/uci-defaults \ + $(1)/etc/hotplug.d/libreswan + + $(CP) ./files/etc/hotplug.d/libreswan/61-iptables $(1)/etc/hotplug.d/libreswan/61-iptables + $(CP) ./files/etc/uci-defaults/091-libreswan $(1)/etc/uci-defaults/091-libreswan + $(INSTALL_BIN) ./files/etc/libreswan_firewall.sh $(1)/etc/libreswan_firewall.sh +endef + +define Package/libreswan-iptables/postinst +#!/bin/sh +[ -n "$$IPKG_INSTROOT" ] || { + /etc/init.d/firewall reload +} endef $(eval $(call BuildPackage,libreswan)) +$(eval $(call BuildPackage,libreswan-nftables)) +$(eval $(call BuildPackage,libreswan-iptables)) |