diff options
| author | Lucian Cristian <lucian.cristian@gmail.com> | 2019-04-21 16:47:51 +0300 |
|---|---|---|
| committer | Lucian Cristian <lucian.cristian@gmail.com> | 2019-04-21 16:47:51 +0300 |
| commit | b4b98e2922713eebb334f6f5a0a9dcc56c7bcb8a (patch) | |
| tree | 433af98001c18475bbfcd7c29c8ee1ee4e582902 /net/libreswan/patches | |
| parent | 50e017f7df1331362b2cffc7962f77d8b8498b2f (diff) | |
libreswan: backport deprecating KLIPS
remove building kernel module, it is not used and is not working with 4.19
rework the ready to use l2tp-ipsec example
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Diffstat (limited to 'net/libreswan/patches')
| -rw-r--r-- | net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch | 973 | ||||
| -rw-r--r-- | net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch | 22 |
2 files changed, 995 insertions, 0 deletions
diff --git a/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch b/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch new file mode 100644 index 000000000..0cca6c377 --- /dev/null +++ b/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch @@ -0,0 +1,973 @@ +From 010a9f2bbdaa97024933be04eff1a48ff1f9b657 Mon Sep 17 00:00:00 2001 +From: Andrew Cagney <cagney@gnu.org> +Date: Thu, 25 Oct 2018 21:00:59 -0400 +Subject: [PATCH] building: move kernel (klips) rules to mk/kernel.mk + +--- + Makefile | 448 +----------------------------------------------- + mk/kernel.mk | 468 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 474 insertions(+), 442 deletions(-) + create mode 100644 mk/kernel.mk + +diff --git a/Makefile b/Makefile +index b706defd0f..0b070966e6 100644 +--- a/Makefile ++++ b/Makefile +@@ -97,119 +97,14 @@ KERNELREL=$(shell ${KVSHORTUTIL} ${KERNELSRC}/Makefile) + + # directories visited by all recursion + +-# declaration for make's benefit +-.PHONY: def insert kpatch patches _patches _patches2.4 \ +- klipsdefaults programs man install \ +- precheck verset confcheck kernel \ +- module module24 module26 kinstall minstall minstall24 minstall26 \ +- moduleclean mod24clean module24clean mod26clean module26clean \ +- backup unpatch uninstall \ +- check \ +- +-kpatch: unapplypatch applypatch klipsdefaults +-npatch: unapplynpatch applynpatch +-sarefpatch: unapplysarefpatch applysarefpatch +- +-unapplypatch: +- @echo "info: making unapplypatch in `pwd` and KERNELSRC=\"${KERNELSRC}\";" +- -@if [ -f ${KERNELSRC}/libreswan.patch ]; then \ +- echo Undoing previous patches; \ +- cat ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ +- fi +- +-applypatch: +- @echo "info: Now performing forward patches in `pwd`"; +- ${MAKE} kernelpatch${KERNELREL} | tee ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) +- +-unapplynpatch: +- @echo "info: making unapplynpatch (note the second N) in `pwd`"; +- -@if [ -f ${KERNELSRC}/natt.patch ]; then \ +- echo Undoing previous NAT patches; \ +- cat ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ +- fi +- +-applynpatch: +- @echo "info: Now performing forward NAT patches in `pwd`"; +- ${MAKE} nattpatch${KERNELREL} | tee ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) +- +-unapplysarefpatch: +- @echo "info: making unapplysarefpatch in `pwd`"; +- -@if [ -f ${KERNELSRC}/saref.patch ]; then \ +- echo Undoing previous saref patches; \ +- cat ${KERNELSRC}/saref.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preng --reverse --ignore-whitespace ); \ +- fi +- +-applysarefpatch: +- @echo "info: Now performing SAref patches in `pwd`"; +- ${MAKE} sarefpatch${KERNELREL} | tee ${KERNELSRC}/klipsng.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preng --forward --ignore-whitespace ) +- +-# patch kernel +-PATCHER=packaging/utils/patcher +- +-_patches: +- echo "===============" >>out.kpatch +- echo "`date` `cd $(KERNELSRC) ; pwd`" >>out.kpatch +- $(MAKE) __patches$(KERNELREL) >>out.kpatch +- +-# Linux-2.4.0 version +-__patches2.4: +- @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ +- 'CONFIG_KLIPS' $(PATCHES)/Documentation/Configure.help.fs2_2.patch +- @$(PATCHER) -v $(KERNELSRC) net/Config.in \ +- 'CONFIG_KLIPS' $(PATCHES)/net/Config.in.fs2_4.patch +- @$(PATCHER) -v $(KERNELSRC) net/Makefile \ +- 'CONFIG_KLIPS' $(PATCHES)/net/Makefile.fs2_4.patch +- @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ +- 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/af_inet.c.fs2_4.patch +- @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ +- 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/udp.c.fs2_4.patch +- @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ +- 'CONFIG_KLIPS' $(PATCHES)/include/net/sock.h.fs2_4.patch +-# Removed patches, will unpatch automatically. +- @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h +- @$(PATCHER) -v $(KERNELSRC) net/core/dev.c +- @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c +- @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c +- @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h +- @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c +- @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c +- @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c +- +-klipsdefaults: +- @KERNELDEFCONFIG=$(KERNELSRC)/arch/$(ARCH)/defconfig ; \ +- KERNELCONFIG=$(KCFILE) ; \ +- if ! egrep -q 'CONFIG_KLIPS' $$KERNELDEFCONFIG ; \ +- then \ +- set -x ; \ +- cp -a $$KERNELDEFCONFIG $$KERNELDEFCONFIG.orig ; \ +- chmod u+w $$KERNELDEFCONFIG ; \ +- cat $$KERNELDEFCONFIG $(KERNELKLIPS)/defconfig \ +- >$$KERNELDEFCONFIG.tmp ; \ +- rm -f $$KERNELDEFCONFIG ; \ +- cp -a $$KERNELDEFCONFIG.tmp $$KERNELDEFCONFIG ; \ +- rm -f $$KERNELDEFCONFIG.tmp ; \ +- fi ; \ +- if ! egrep -q 'CONFIG_KLIPS' $$KERNELCONFIG ; \ +- then \ +- set -x ; \ +- cp -a $$KERNELCONFIG $$KERNELCONFIG.orig ; \ +- chmod u+w $$KERNELCONFIG ; \ +- cat $$KERNELCONFIG $(KERNELKLIPS)/defconfig \ +- >$$KERNELCONFIG.tmp ; \ +- rm -f $$KERNELCONFIG ; \ +- cp -a $$KERNELCONFIG.tmp $$KERNELCONFIG ; \ +- rm -f $$KERNELCONFIG.tmp ; \ +- fi +- +- +- + # programs + + ABSOBJDIR:=$(shell mkdir -p ${OBJDIR}; cd ${OBJDIR} && pwd) + OBJDIRTOP=${ABSOBJDIR} + + # Recursive clean dealt with elsewhere. +-local-clean-base: moduleclean ++.PHONY: local-clean-base ++local-clean-base: + $(foreach file,$(RPMTMPDIR) $(RPMDEST) out.*build out.*install, \ + rm -rf $(file) ; ) # but leave out.kpatch + +@@ -219,339 +114,13 @@ local-clean-base: moduleclean + # $(OBJDIR), "distclean" does not depend on it. If it did, "make + # distclean" would have the quirky behaviour of first creating + # $(OBJDIR) only to then delete it. +-distclean: moduleclean module24clean module26clean clean-kvm-keys ++.PHONY: distclean ++distclean: clean-kvm-keys + rm -f $(RPMTMPDIR) $(RPMDEST) out.* + rm -rf testing/pluto/*/OUTPUT* + rm -rf OBJ.* $(OBJDIR) + rm -rf BACKUP + +-# proxies for major kernel make operations +- +-# do-everything entries +-KINSERT_PRE=precheck verset insert +-PRE=precheck verset kpatch +-POST=confcheck programs kernel install +-MPOST=confcheck programs module install +- +-# preliminaries +-precheck: +- @if test ! -d $(KERNELSRC) -a ! -L $(KERNELSRC) ; \ +- then \ +- echo '*** cannot find directory "$(KERNELSRC)"!!' ; \ +- echo '*** may be necessary to add symlink to kernel source' ; \ +- exit 1 ; \ +- fi +- @if ! cd $(KERNELSRC) ; \ +- then \ +- echo '*** cannot "cd $(KERNELSRC)"!!' ; \ +- echo '*** may be necessary to add symlink to kernel source' ; \ +- exit 1 ; \ +- fi +- @if test ! -f $(KCFILE) ; \ +- then \ +- echo '*** cannot find "$(KCFILE)"!!' ; \ +- echo '*** perhaps kernel has never been configured?' ; \ +- echo '*** please do that first; the results are necessary.' ; \ +- exit 1 ; \ +- fi +- @if test ! -f $(VERFILE) ; \ +- then \ +- echo '*** cannot find "$(VERFILE)"!!' ; \ +- echo '*** perhaps kernel has never been compiled?' ; \ +- echo '*** please do that first; the results are necessary.' ; \ +- exit 1 ; \ +- fi +- +-# configuring (exit statuses disregarded, something fishy here sometimes) +-xcf: +- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) xconfig +-mcf: +- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) menuconfig +-pcf: +- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) config +- +-ocf: +- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig +- +-rcf: +- cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) ${NONINTCONFIG} </dev/null +- cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) dep >/dev/null +- +-kclean: +- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) clean +- +-confcheck: +- @if test ! -f $(KCFILE) ; \ +- then echo '*** no kernel configuration file written!!' ; exit 1 ; \ +- fi +- @if ! egrep -q '^CONFIG_KLIPS=[my]' $(KCFILE) ; \ +- then echo '*** IPsec not in kernel config ($(KCFILE))!!' ; exit 1 ; \ +- fi +- @if ! egrep -q 'CONFIG_KLIPS[ ]+1' $(ACFILE) && \ +- ! egrep -q 'CONFIG_KLIPS_MODULE[ ]+1' $(ACFILE) ; \ +- then echo '*** IPsec in kernel config ($(KCFILE)),' ; \ +- echo '*** but not in config header file ($(ACFILE))!!' ; \ +- exit 1 ; \ +- fi +- @if egrep -q '^CONFIG_KLIPS=m' $(KCFILE) && \ +- ! egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ +- then echo '*** IPsec configured as module in kernel with no module support!!' ; exit 1 ; \ +- fi +- @if ! egrep -q 'CONFIG_KLIPS_AH[ ]+1' $(ACFILE) && \ +- ! egrep -q 'CONFIG_KLIPS_ESP[ ]+1' $(ACFILE) ; \ +- then echo '*** IPsec configuration must include AH or ESP!!' ; exit 1 ; \ +- fi +- +-# kernel building, with error checks +-kernel: +- rm -f out.kbuild out.kinstall +- # undocumented kernel folklore: clean BEFORE dep. +- # we run make dep separately, because there is no point in running ERRCHECK +- # on the make dep output. +- # see LKML thread "clean before or after dep?" +- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNCLEAN) $(KERNDEP) ) +- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNEL) ) 2>&1 | tee out.kbuild +- @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ +- then set -x ; \ +- ( cd $(KERNELSRC) ; \ +- $(MAKE) $(KERNMAKEOPTS) modules 2>&1 ) | tee -a out.kbuild ; \ +- fi +- ${ERRCHECK} out.kbuild +- +-# module-only building, with error checks +-ifneq ($(strip $(MOD24BUILDDIR)),) +-${MOD24BUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make +- mkdir -p ${MOD24BUILDDIR} +- cp ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make ${MOD24BUILDDIR}/Makefile +- +-module: +- @if [ -f ${KERNELSRC}/README.libreswan-2 ] ; then \ +- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with libreswan-2, out of tree build might fail!"; \ +- fi; +- @if [ -f ${KERNELSRC}/README.openswan ] ; then \ +- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan, out of tree build might fail!"; \ +- fi; +- @if [ -f ${KERNELSRC}/README.openswan-2 ] ; then \ +- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan-2, out of tree build might fail!"; \ +- fi; +- @if [ -f ${KERNELSRC}/README.freeswan ] ; then \ +- echo "ERROR: Kernel source ${KERNELSRC} has already been patched with freeswan, out of tree build will fail!"; \ +- fi; +- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ +- echo "Building module for a 2.4 kernel"; ${MAKE} module24 ; \ +- else echo "Building module for a 2.6 kernel"; ${MAKE} module26; \ +- fi; +- +-modclean moduleclean: +- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ +- echo "Cleaning module for a 2.4 kernel"; ${MAKE} module24clean ; \ +- else echo "Cleaning module for a 2.6 kernel"; ${MAKE} module26clean; \ +- fi; +- +-module24: +- @if [ ! -f ${KERNELSRC}/Rules.make ] ; then \ +- echo "Warning: Building for a 2.4 kernel in what looks like a 2.6 tree"; \ +- fi ; \ +- ${MAKE} ${MOD24BUILDDIR}/Makefile +- ${MAKE} -C ${MOD24BUILDDIR} LIBRESWANSRCDIR=${LIBRESWANSRCDIR} ARCH=${ARCH} V=${V} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} TOPDIR=${KERNELSRC} -f Makefile ipsec.o +- @echo +- @echo '=========================================================' +- @echo +- @echo 'KLIPS24 module built successfully. ' +- @echo ipsec.o is in ${MOD24BUILDDIR} +- @echo +- @(cd ${MOD24BUILDDIR}; ls -l ipsec.o) +- @(cd ${MOD24BUILDDIR}; size ipsec.o) +- @echo +- @echo 'use make minstall as root to install it' +- @echo +- @echo '=========================================================' +- @echo +- +-mod24clean module24clean: +- rm -rf ${MOD24BUILDDIR} +- +-#autoodetect 2.4 and 2.6 +-module_install minstall install-module: +- @if [ -f $(KERNELSRC)/Rules.make ] ; then \ +- $(MAKE) minstall24 ; \ +- else \ +- $(MAKE) minstall26 ; \ +- fi; +- +-# Extract the value of MODLIB from the output of $(MAKE). Also hide +-# the sup-process $(MAKE) so that GNU Make doesn't always invoke the +-# target ("make -n" ignored). +-# +-# If $(MAKE) directly appears in a target (for instance in minstall26) +-# then GNU Make will assume that it is a recursive make invocation and +-# invoke the target regardless of -n. +-# +-# XXX: minstall24 should also use this. +- +-osmodlib-from-make = \ +- OSMODLIB=$$($(MAKE) $(1) 2>/dev/null | sed -n -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/p' | head -1) ; \ +- test -z "$$OSMODLIB" || echo "OSMODLIB=$$OSMODLIB ($(MAKE) $(1))" +- +-# module-only install, with error checks +-minstall24: +- ( OSMODLIB=`${MAKE} -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ +- if [ -z "$$OSMODLIB" ] ; then \ +- OSMODLIB=`${MAKE} -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ +- fi ; \ +- if [ -z "$$OSMODLIB" ] ; then \ +- echo "No known place to install module. Aborting." ; \ +- exit 93 ; \ +- fi ; \ +- set -x ; \ +- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- cp $(MOD24BUILDDIR)/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- if [ -f /sbin/depmod ] ; then /sbin/depmod -a ; fi; \ +- if [ -n "$(OSMOD_DESTDIR)" ] ; then \ +- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- if [ -f $$OSMODLIB/kernel/ipsec.o -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ] ; then \ +- echo "WARNING: two ipsec.o modules found in $$OSMODLIB/kernel:" ; \ +- ls -l $$OSMODLIB/kernel/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ; \ +- exit 1; \ +- fi ; \ +- fi ; \ +- set -x ) ; +- +- +-else +-module: +- echo 'Building in place is no longer supported. Please set MOD24BUILDDIR=' +- exit 1 +- +-endif +- +-# module-only building, with error checks +-ifneq ($(strip $(MODBUILDDIR)),) +-${MODBUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module.make +- mkdir -p ${MODBUILDDIR} +- echo ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/*.S ${MODBUILDDIR} +- (rm -f ${MODBUILDDIR}/des; mkdir -p ${MODBUILDDIR}/des && cd ${MODBUILDDIR}/des && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/* . && ln -s -f Makefile.fs2_6 Makefile) +- (rm -f ${MODBUILDDIR}/aes; mkdir -p ${MODBUILDDIR}/aes && cd ${MODBUILDDIR}/aes && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/aes/* . && ln -s -f Makefile.fs2_6 Makefile) +- mkdir -p ${MODBUILDDIR}/aes +- cp ${LIBRESWANSRCDIR}/packaging/makefiles/module.make ${MODBUILDDIR}/Makefile +- ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/match*.S ${MODBUILDDIR} +- +-module26: +- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ echo "Warning: Building for a 2.6+ kernel in what looks like a 2.4 tree"; \ +- fi ; \ +- ${MAKE} ${MODBUILDDIR}/Makefile +- ${MAKE} -C ${KERNELSRC} ${KERNELBUILDMFLAGS} BUILDDIR=${MODBUILDDIR} SUBDIRS=${MODBUILDDIR} INITSYSTEM=$(INITSYSTEM) MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} MODULE_DEFCONFIG=${MODULE_DEFCONFIG} MODULE_EXTRA_INCLUDE=${MODULE_EXTRA_INCLUDE} ARCH=${ARCH} V=${V} modules +- @echo +- @echo '=========================================================' +- @echo +- @echo 'KLIPS module built successfully. ' +- @echo ipsec.ko is in ${MODBUILDDIR} +- @echo +- @(cd ${MODBUILDDIR}; ls -l ipsec.ko) +- @(cd ${MODBUILDDIR}; size ipsec.ko) +- @echo +- @echo 'use make minstall as root to install it' +- @echo +- @echo '=========================================================' +- @echo +- +-mod26clean module26clean: +- rm -rf ${MODBUILDDIR} +- +-# module-only install, with error checks +-minstall26: +- $(call osmodlib-from-make,-C $(KERNELSRC) -p help) ; \ +- if [ -z "$$OSMODLIB" ] ; then \ +- $(call osmodlib-from-make,-C $(KERNELSRC) -n -p modules_install) ; \ +- fi ; \ +- if [ -z "$$OSMODLIB" ] ; then \ +- echo "No known place to install module. Aborting." ; \ +- exit 93 ; \ +- fi ; \ +- set -x ; \ +- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- cp $(MODBUILDDIR)/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- if [ -f /sbin/depmod ] ; then \ +- /sbin/depmod -a ; \ +- fi ; \ +- if [ -n "$(OSMOD_DESTDIR)" ] ; then \ +- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ +- if [ -f $$OSMODLIB/kernel/ipsec.ko -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \ +- echo "WARNING: two ipsec.ko modules found in $$OSMODLIB/kernel:" ; \ +- ls -l $$OSMODLIB/kernel/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \ +- exit 1; \ +- fi ; \ +- fi +- +- +-else +-module26: +- echo 'Building in place is no longer supported. Please set MODBUILDDIR=' +- exit 1 +- +-endif +- +-# kernel install, with error checks +-kinstall: +- rm -f out.kinstall +- >out.kinstall +- # undocumented kernel folklore: modules_install must precede install (observed on RHL8.0) +- @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ +- then set -x ; \ +- ( cd $(KERNELSRC) ; \ +- $(MAKE) $(KERNMAKEOPTS) modules_install 2>&1 ) | tee -a out.kinstall ; \ +- fi +- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) install ) 2>&1 | tee -a out.kinstall +- ${ERRCHECK} out.kinstall +- +-kernelpatch3 kernelpatch3.5 kernelpatch2.6 kernelpatch: +- packaging/utils/kernelpatch 2.6 +- +-kernelpatch2.4: +- packaging/utils/kernelpatch 2.4 +- +-nattpatch: +- if [ -f ${KERNELSRC}/Makefile ]; then \ +- ${MAKE} nattpatch${KERNELREL}; \ +- else echo "Cannot determine Linux kernel version. Perhaps you need to set KERNELSRC? (eg: export KERNELSRC=/usr/src/linux-`uname -r`/)"; exit 1; \ +- fi; +- +-sarefpatch2.6: +- #cat patches/kernel/2.6.38/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch +- #packaging/utils/sarefpatch 2.6 +- echo "" +- +-nattpatch2.6: +- packaging/utils/nattpatch 2.6 +- +-nattpatch2.4: +- packaging/utils/nattpatch 2.4 +- +-nattupdate: +- (cd UMLPOOL && diff -u plain26/net/ipv4/udp.c.orig plain26/net/ipv4/udp.c; exit 0) >nat-t/net/ipv4/udp.c.os2_6.patch +- +-# take all the patches out of the kernel +-# (Note, a couple of files are modified by non-patch means; they are +-# included in "make backup".) +-unpatch: +- @echo \"make unpatch\" is obsolete. See make unapplypatch. +- exit 1 +- +-_unpatch: +- for f in `find $(KERNELSRC)/. -name '*.preipsec' -print` ; \ +- do \ +- echo "restoring $$f:" ; \ +- dir=`dirname $$f` ; \ +- core=`basename $$f .preipsec` ; \ +- cd $$dir ; \ +- mv -f $$core.preipsec $$core ; \ +- rm -f $$core.wipsec $$core.ipsecmd5 ; \ +- done +- +-# at the moment there is no difference between snapshot and release build +-snapready: buildready +-relready: buildready +-ready: devready + + # set up for build + buildready: +@@ -604,13 +173,6 @@ deb: + #debuild -S -sa + @echo "to build optional KLIPS kernel module, run make deb-klips" + +-deb-klips: +- sudo module-assistant prepare -u . +- sudo dpkg -i ../libreswan-modules-source_`make -s showdebversion`_all.deb +- sudo module-assistant -u . prepare +- sudo module-assistant -u . build libreswan +- +- + release: + packaging/utils/makerelease + +@@ -654,3 +216,5 @@ install-fipshmac: + include ${LIBRESWANSRCDIR}/mk/docker-targets.mk + include ${LIBRESWANSRCDIR}/mk/kvm-targets.mk + include ${LIBRESWANSRCDIR}/mk/web-targets.mk ++include ${LIBRESWANSRCDIR}/mk/kernel.mk ++ +diff --git a/mk/kernel.mk b/mk/kernel.mk +new file mode 100644 +index 0000000000..187167d440 +--- /dev/null ++++ b/mk/kernel.mk +@@ -0,0 +1,468 @@ ++# Libreswan master makefile ++# ++# Copyright (C) 1998-2002 Henry Spencer. ++# Copyright (C) 2003-2004 Xelerance Corporation ++# Copyright (C) 2017, Richard Guy Briggs <rgb@tricolour.ca> ++# Copyright (C) 2015-2018 Andrew Cagney ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++ ++PATCHES=linux ++# where KLIPS goes in the kernel ++# note, some of the patches know the last part of this path ++KERNELKLIPS=$(KERNELSRC)/net/ipsec ++KERNELCRYPTODES=$(KERNELSRC)/crypto/ciphers/des ++KERNELLIBFREESWAN=$(KERNELSRC)/lib/libfreeswan ++KERNELLIBZLIB=$(KERNELSRC)/lib/zlib ++KERNELINCLUDE=$(KERNELSRC)/include ++ ++MAKEUTILS=packaging/utils ++ERRCHECK=${MAKEUTILS}/errcheck ++KVUTIL=${MAKEUTILS}/kernelversion ++KVSHORTUTIL=${MAKEUTILS}/kernelversion-short ++ ++# kernel details ++# what variant of our patches should we use, and where is it ++KERNELREL=$(shell ${KVSHORTUTIL} ${KERNELSRC}/Makefile) ++ ++# directories visited by all recursion ++ ++# declaration for make's benefit ++.PHONY: def insert kpatch patches _patches _patches2.4 \ ++ klipsdefaults programs man install \ ++ precheck verset confcheck kernel \ ++ module module24 module26 kinstall minstall minstall24 minstall26 \ ++ moduleclean mod24clean module24clean mod26clean module26clean \ ++ backup unpatch uninstall \ ++ check \ ++ ++kpatch: unapplypatch applypatch klipsdefaults ++npatch: unapplynpatch applynpatch ++sarefpatch: unapplysarefpatch applysarefpatch ++ ++unapplypatch: ++ @echo "info: making unapplypatch in `pwd` and KERNELSRC=\"${KERNELSRC}\";" ++ -@if [ -f ${KERNELSRC}/libreswan.patch ]; then \ ++ echo Undoing previous patches; \ ++ cat ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ ++ fi ++ ++applypatch: ++ @echo "info: Now performing forward patches in `pwd`"; ++ ${MAKE} kernelpatch${KERNELREL} | tee ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) ++ ++unapplynpatch: ++ @echo "info: making unapplynpatch (note the second N) in `pwd`"; ++ -@if [ -f ${KERNELSRC}/natt.patch ]; then \ ++ echo Undoing previous NAT patches; \ ++ cat ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ ++ fi ++ ++applynpatch: ++ @echo "info: Now performing forward NAT patches in `pwd`"; ++ ${MAKE} nattpatch${KERNELREL} | tee ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) ++ ++unapplysarefpatch: ++ @echo "info: making unapplysarefpatch in `pwd`"; ++ -@if [ -f ${KERNELSRC}/saref.patch ]; then \ ++ echo Undoing previous saref patches; \ ++ cat ${KERNELSRC}/saref.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preng --reverse --ignore-whitespace ); \ ++ fi ++ ++applysarefpatch: ++ @echo "info: Now performing SAref patches in `pwd`"; ++ ${MAKE} sarefpatch${KERNELREL} | tee ${KERNELSRC}/klipsng.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preng --forward --ignore-whitespace ) ++ ++# patch kernel ++PATCHER=packaging/utils/patcher ++ ++_patches: ++ echo "===============" >>out.kpatch ++ echo "`date` `cd $(KERNELSRC) ; pwd`" >>out.kpatch ++ $(MAKE) __patches$(KERNELREL) >>out.kpatch ++ ++# Linux-2.4.0 version ++__patches2.4: ++ @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ ++ 'CONFIG_KLIPS' $(PATCHES)/Documentation/Configure.help.fs2_2.patch ++ @$(PATCHER) -v $(KERNELSRC) net/Config.in \ ++ 'CONFIG_KLIPS' $(PATCHES)/net/Config.in.fs2_4.patch ++ @$(PATCHER) -v $(KERNELSRC) net/Makefile \ ++ 'CONFIG_KLIPS' $(PATCHES)/net/Makefile.fs2_4.patch ++ @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ ++ 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/af_inet.c.fs2_4.patch ++ @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ ++ 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/udp.c.fs2_4.patch ++ @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ ++ 'CONFIG_KLIPS' $(PATCHES)/include/net/sock.h.fs2_4.patch ++# Removed patches, will unpatch automatically. ++ @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h ++ @$(PATCHER) -v $(KERNELSRC) net/core/dev.c ++ @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c ++ @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c ++ @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h ++ @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c ++ @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c ++ @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c ++ ++klipsdefaults: ++ @KERNELDEFCONFIG=$(KERNELSRC)/arch/$(ARCH)/defconfig ; \ ++ KERNELCONFIG=$(KCFILE) ; \ ++ if ! egrep -q 'CONFIG_KLIPS' $$KERNELDEFCONFIG ; \ ++ then \ ++ set -x ; \ ++ cp -a $$KERNELDEFCONFIG $$KERNELDEFCONFIG.orig ; \ ++ chmod u+w $$KERNELDEFCONFIG ; \ ++ cat $$KERNELDEFCONFIG $(KERNELKLIPS)/defconfig \ ++ >$$KERNELDEFCONFIG.tmp ; \ ++ rm -f $$KERNELDEFCONFIG ; \ ++ cp -a $$KERNELDEFCONFIG.tmp $$KERNELDEFCONFIG ; \ ++ rm -f $$KERNELDEFCONFIG.tmp ; \ ++ fi ; \ ++ if ! egrep -q 'CONFIG_KLIPS' $$KERNELCONFIG ; \ ++ then \ ++ set -x ; \ ++ cp -a $$KERNELCONFIG $$KERNELCONFIG.orig ; \ ++ chmod u+w $$KERNELCONFIG ; \ ++ cat $$KERNELCONFIG $(KERNELKLIPS)/defconfig \ ++ >$$KERNELCONFIG.tmp ; \ ++ rm -f $$KERNELCONFIG ; \ ++ cp -a $$KERNELCONFIG.tmp $$KERNELCONFIG ; \ ++ rm -f $$KERNELCONFIG.tmp ; \ ++ fi ++ ++ ++local-clean-base: moduleclean ++distclean: moduleclean module24clean module26clean clean-kvm-keys ++ ++# proxies for major kernel make operations ++ ++# do-everything entries ++KINSERT_PRE=precheck verset insert ++PRE=precheck verset kpatch ++POST=confcheck programs kernel install ++MPOST=confcheck programs module install ++ ++# preliminaries ++precheck: ++ @if test ! -d $(KERNELSRC) -a ! -L $(KERNELSRC) ; \ ++ then \ ++ echo '*** cannot find directory "$(KERNELSRC)"!!' ; \ ++ echo '*** may be necessary to add symlink to kernel source' ; \ ++ exit 1 ; \ ++ fi ++ @if ! cd $(KERNELSRC) ; \ ++ then \ ++ echo '*** cannot "cd $(KERNELSRC)"!!' ; \ ++ echo '*** may be necessary to add symlink to kernel source' ; \ ++ exit 1 ; \ ++ fi ++ @if test ! -f $(KCFILE) ; \ ++ then \ ++ echo '*** cannot find "$(KCFILE)"!!' ; \ ++ echo '*** perhaps kernel has never been configured?' ; \ ++ echo '*** please do that first; the results are necessary.' ; \ ++ exit 1 ; \ ++ fi ++ @if test ! -f $(VERFILE) ; \ ++ then \ ++ echo '*** cannot find "$(VERFILE)"!!' ; \ ++ echo '*** perhaps kernel has never been compiled?' ; \ ++ echo '*** please do that first; the results are necessary.' ; \ ++ exit 1 ; \ ++ fi ++ ++# configuring (exit statuses disregarded, something fishy here sometimes) ++xcf: ++ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) xconfig ++mcf: ++ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) menuconfig ++pcf: ++ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) config ++ ++ocf: ++ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig ++ ++rcf: ++ cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) ${NONINTCONFIG} </dev/null ++ cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) dep >/dev/null ++ ++kclean: ++ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) clean ++ ++confcheck: ++ @if test ! -f $(KCFILE) ; \ ++ then echo '*** no kernel configuration file written!!' ; exit 1 ; \ ++ fi ++ @if ! egrep -q '^CONFIG_KLIPS=[my]' $(KCFILE) ; \ ++ then echo '*** IPsec not in kernel config ($(KCFILE))!!' ; exit 1 ; \ ++ fi ++ @if ! egrep -q 'CONFIG_KLIPS[ ]+1' $(ACFILE) && \ ++ ! egrep -q 'CONFIG_KLIPS_MODULE[ ]+1' $(ACFILE) ; \ ++ then echo '*** IPsec in kernel config ($(KCFILE)),' ; \ ++ echo '*** but not in config header file ($(ACFILE))!!' ; \ ++ exit 1 ; \ ++ fi ++ @if egrep -q '^CONFIG_KLIPS=m' $(KCFILE) && \ ++ ! egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ ++ then echo '*** IPsec configured as module in kernel with no module support!!' ; exit 1 ; \ ++ fi ++ @if ! egrep -q 'CONFIG_KLIPS_AH[ ]+1' $(ACFILE) && \ ++ ! egrep -q 'CONFIG_KLIPS_ESP[ ]+1' $(ACFILE) ; \ ++ then echo '*** IPsec configuration must include AH or ESP!!' ; exit 1 ; \ ++ fi ++ ++# kernel building, with error checks ++kernel: ++ rm -f out.kbuild out.kinstall ++ # undocumented kernel folklore: clean BEFORE dep. ++ # we run make dep separately, because there is no point in running ERRCHECK ++ # on the make dep output. ++ # see LKML thread "clean before or after dep?" ++ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNCLEAN) $(KERNDEP) ) ++ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNEL) ) 2>&1 | tee out.kbuild ++ @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ ++ then set -x ; \ ++ ( cd $(KERNELSRC) ; \ ++ $(MAKE) $(KERNMAKEOPTS) modules 2>&1 ) | tee -a out.kbuild ; \ ++ fi ++ ${ERRCHECK} out.kbuild ++ ++# module-only building, with error checks ++ifneq ($(strip $(MOD24BUILDDIR)),) ++${MOD24BUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make ++ mkdir -p ${MOD24BUILDDIR} ++ cp ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make ${MOD24BUILDDIR}/Makefile ++ ++module: ++ @if [ -f ${KERNELSRC}/README.libreswan-2 ] ; then \ ++ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with libreswan-2, out of tree build might fail!"; \ ++ fi; ++ @if [ -f ${KERNELSRC}/README.openswan ] ; then \ ++ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan, out of tree build might fail!"; \ ++ fi; ++ @if [ -f ${KERNELSRC}/README.openswan-2 ] ; then \ ++ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan-2, out of tree build might fail!"; \ ++ fi; ++ @if [ -f ${KERNELSRC}/README.freeswan ] ; then \ ++ echo "ERROR: Kernel source ${KERNELSRC} has already been patched with freeswan, out of tree build will fail!"; \ ++ fi; ++ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ ++ echo "Building module for a 2.4 kernel"; ${MAKE} module24 ; \ ++ else echo "Building module for a 2.6 kernel"; ${MAKE} module26; \ ++ fi; ++ ++modclean moduleclean: ++ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ ++ echo "Cleaning module for a 2.4 kernel"; ${MAKE} module24clean ; \ ++ else echo "Cleaning module for a 2.6 kernel"; ${MAKE} module26clean; \ ++ fi; ++ ++module24: ++ @if [ ! -f ${KERNELSRC}/Rules.make ] ; then \ ++ echo "Warning: Building for a 2.4 kernel in what looks like a 2.6 tree"; \ ++ fi ; \ ++ ${MAKE} ${MOD24BUILDDIR}/Makefile ++ ${MAKE} -C ${MOD24BUILDDIR} LIBRESWANSRCDIR=${LIBRESWANSRCDIR} ARCH=${ARCH} V=${V} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} TOPDIR=${KERNELSRC} -f Makefile ipsec.o ++ @echo ++ @echo '=========================================================' ++ @echo ++ @echo 'KLIPS24 module built successfully. ' ++ @echo ipsec.o is in ${MOD24BUILDDIR} ++ @echo ++ @(cd ${MOD24BUILDDIR}; ls -l ipsec.o) ++ @(cd ${MOD24BUILDDIR}; size ipsec.o) ++ @echo ++ @echo 'use make minstall as root to install it' ++ @echo ++ @echo '=========================================================' ++ @echo ++ ++mod24clean module24clean: ++ rm -rf ${MOD24BUILDDIR} ++ ++#autoodetect 2.4 and 2.6 ++module_install minstall install-module: ++ @if [ -f $(KERNELSRC)/Rules.make ] ; then \ ++ $(MAKE) minstall24 ; \ ++ else \ ++ $(MAKE) minstall26 ; \ ++ fi; ++ ++# Extract the value of MODLIB from the output of $(MAKE). Also hide ++# the sup-process $(MAKE) so that GNU Make doesn't always invoke the ++# target ("make -n" ignored). ++# ++# If $(MAKE) directly appears in a target (for instance in minstall26) ++# then GNU Make will assume that it is a recursive make invocation and ++# invoke the target regardless of -n. ++# ++# XXX: minstall24 should also use this. ++ ++osmodlib-from-make = \ ++ OSMODLIB=$$($(MAKE) $(1) 2>/dev/null | sed -n -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/p' | head -1) ; \ ++ test -z "$$OSMODLIB" || echo "OSMODLIB=$$OSMODLIB ($(MAKE) $(1))" ++ ++# module-only install, with error checks ++minstall24: ++ ( OSMODLIB=`${MAKE} -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ ++ if [ -z "$$OSMODLIB" ] ; then \ ++ OSMODLIB=`${MAKE} -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ ++ fi ; \ ++ if [ -z "$$OSMODLIB" ] ; then \ ++ echo "No known place to install module. Aborting." ; \ ++ exit 93 ; \ ++ fi ; \ ++ set -x ; \ ++ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ cp $(MOD24BUILDDIR)/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ if [ -f /sbin/depmod ] ; then /sbin/depmod -a ; fi; \ ++ if [ -n "$(OSMOD_DESTDIR)" ] ; then \ ++ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ if [ -f $$OSMODLIB/kernel/ipsec.o -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ] ; then \ ++ echo "WARNING: two ipsec.o modules found in $$OSMODLIB/kernel:" ; \ ++ ls -l $$OSMODLIB/kernel/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ; \ ++ exit 1; \ ++ fi ; \ ++ fi ; \ ++ set -x ) ; ++ ++ ++else ++module: ++ echo 'Building in place is no longer supported. Please set MOD24BUILDDIR=' ++ exit 1 ++ ++endif ++ ++# module-only building, with error checks ++ifneq ($(strip $(MODBUILDDIR)),) ++${MODBUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module.make ++ mkdir -p ${MODBUILDDIR} ++ echo ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/*.S ${MODBUILDDIR} ++ (rm -f ${MODBUILDDIR}/des; mkdir -p ${MODBUILDDIR}/des && cd ${MODBUILDDIR}/des && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/* . && ln -s -f Makefile.fs2_6 Makefile) ++ (rm -f ${MODBUILDDIR}/aes; mkdir -p ${MODBUILDDIR}/aes && cd ${MODBUILDDIR}/aes && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/aes/* . && ln -s -f Makefile.fs2_6 Makefile) ++ mkdir -p ${MODBUILDDIR}/aes ++ cp ${LIBRESWANSRCDIR}/packaging/makefiles/module.make ${MODBUILDDIR}/Makefile ++ ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/match*.S ${MODBUILDDIR} ++ ++module26: ++ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ echo "Warning: Building for a 2.6+ kernel in what looks like a 2.4 tree"; \ ++ fi ; \ ++ ${MAKE} ${MODBUILDDIR}/Makefile ++ ${MAKE} -C ${KERNELSRC} ${KERNELBUILDMFLAGS} BUILDDIR=${MODBUILDDIR} SUBDIRS=${MODBUILDDIR} INITSYSTEM=$(INITSYSTEM) MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} MODULE_DEFCONFIG=${MODULE_DEFCONFIG} MODULE_EXTRA_INCLUDE=${MODULE_EXTRA_INCLUDE} ARCH=${ARCH} V=${V} modules ++ @echo ++ @echo '=========================================================' ++ @echo ++ @echo 'KLIPS module built successfully. ' ++ @echo ipsec.ko is in ${MODBUILDDIR} ++ @echo ++ @(cd ${MODBUILDDIR}; ls -l ipsec.ko) ++ @(cd ${MODBUILDDIR}; size ipsec.ko) ++ @echo ++ @echo 'use make minstall as root to install it' ++ @echo ++ @echo '=========================================================' ++ @echo ++ ++mod26clean module26clean: ++ rm -rf ${MODBUILDDIR} ++ ++# module-only install, with error checks ++minstall26: ++ $(call osmodlib-from-make,-C $(KERNELSRC) -p help) ; \ ++ if [ -z "$$OSMODLIB" ] ; then \ ++ $(call osmodlib-from-make,-C $(KERNELSRC) -n -p modules_install) ; \ ++ fi ; \ ++ if [ -z "$$OSMODLIB" ] ; then \ ++ echo "No known place to install module. Aborting." ; \ ++ exit 93 ; \ ++ fi ; \ ++ set -x ; \ ++ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ cp $(MODBUILDDIR)/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ if [ -f /sbin/depmod ] ; then \ ++ /sbin/depmod -a ; \ ++ fi ; \ ++ if [ -n "$(OSMOD_DESTDIR)" ] ; then \ ++ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ ++ if [ -f $$OSMODLIB/kernel/ipsec.ko -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \ ++ echo "WARNING: two ipsec.ko modules found in $$OSMODLIB/kernel:" ; \ ++ ls -l $$OSMODLIB/kernel/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \ ++ exit 1; \ ++ fi ; \ ++ fi ++ ++ ++else ++module26: ++ echo 'Building in place is no longer supported. Please set MODBUILDDIR=' ++ exit 1 ++ ++endif ++ ++# kernel install, with error checks ++kinstall: ++ rm -f out.kinstall ++ >out.kinstall ++ # undocumented kernel folklore: modules_install must precede install (observed on RHL8.0) ++ @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ ++ then set -x ; \ ++ ( cd $(KERNELSRC) ; \ ++ $(MAKE) $(KERNMAKEOPTS) modules_install 2>&1 ) | tee -a out.kinstall ; \ ++ fi ++ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) install ) 2>&1 | tee -a out.kinstall ++ ${ERRCHECK} out.kinstall ++ ++kernelpatch3 kernelpatch3.5 kernelpatch2.6 kernelpatch: ++ packaging/utils/kernelpatch 2.6 ++ ++kernelpatch2.4: ++ packaging/utils/kernelpatch 2.4 ++ ++nattpatch: ++ if [ -f ${KERNELSRC}/Makefile ]; then \ ++ ${MAKE} nattpatch${KERNELREL}; \ ++ else echo "Cannot determine Linux kernel version. Perhaps you need to set KERNELSRC? (eg: export KERNELSRC=/usr/src/linux-`uname -r`/)"; exit 1; \ ++ fi; ++ ++sarefpatch2.6: ++ #cat patches/kernel/2.6.38/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch ++ #packaging/utils/sarefpatch 2.6 ++ echo "" ++ ++nattpatch2.6: ++ packaging/utils/nattpatch 2.6 ++ ++nattpatch2.4: ++ packaging/utils/nattpatch 2.4 ++ ++nattupdate: ++ (cd UMLPOOL && diff -u plain26/net/ipv4/udp.c.orig plain26/net/ipv4/udp.c; exit 0) >nat-t/net/ipv4/udp.c.os2_6.patch ++ ++# take all the patches out of the kernel ++# (Note, a couple of files are modified by non-patch means; they are ++# included in "make backup".) ++unpatch: ++ @echo \"make unpatch\" is obsolete. See make unapplypatch. ++ exit 1 ++ ++_unpatch: ++ for f in `find $(KERNELSRC)/. -name '*.preipsec' -print` ; \ ++ do \ ++ echo "restoring $$f:" ; \ ++ dir=`dirname $$f` ; \ ++ core=`basename $$f .preipsec` ; \ ++ cd $$dir ; \ ++ mv -f $$core.preipsec $$core ; \ ++ rm -f $$core.wipsec $$core.ipsecmd5 ; \ ++ done diff --git a/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch b/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch new file mode 100644 index 000000000..f07f0eda6 --- /dev/null +++ b/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch @@ -0,0 +1,22 @@ +From fa00316e8c5151747f3e80895e6afd9ee1a9c0cd Mon Sep 17 00:00:00 2001 +From: Andrew Cagney <cagney@gnu.org> +Date: Thu, 25 Oct 2018 21:02:45 -0400 +Subject: [PATCH] building: when !USE_KLIPS=true cripple klips kernel module + rules + +--- + Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 0b070966e6..2fcf0229fd 100644 +--- a/Makefile ++++ b/Makefile +@@ -216,5 +216,6 @@ install-fipshmac: + include ${LIBRESWANSRCDIR}/mk/docker-targets.mk + include ${LIBRESWANSRCDIR}/mk/kvm-targets.mk + include ${LIBRESWANSRCDIR}/mk/web-targets.mk ++ifeq ($(USE_KLIPS),true) + include ${LIBRESWANSRCDIR}/mk/kernel.mk +- ++endif |