diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support/strongswan')
3 files changed, 255 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch new file mode 100644 index 000000000..00178c84a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch @@ -0,0 +1,24 @@ +From 33a53dc13fd924949a582109b45fedd8d0bed59b Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 27 Jun 2017 07:42:11 -0700 +Subject: [PATCH] memory.h: Include stdint.h for uintptr_t + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + src/libstrongswan/utils/utils/memory.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h +index e840330..8a356a8 100644 +--- a/src/libstrongswan/utils/utils/memory.h ++++ b/src/libstrongswan/utils/utils/memory.h +@@ -22,6 +22,8 @@ + #ifndef MEMORY_H_ + #define MEMORY_H_ + ++#include <stdint.h> ++ + /** + * Helper function that compares two binary blobs for equality + */ diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch new file mode 100644 index 000000000..be660d1fd --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch @@ -0,0 +1,99 @@ +From 9f97479373f3fceedc471074b81486d77a49618d Mon Sep 17 00:00:00 2001 +From: "Roy.Li" <rongqing.li@windriver.com> +Date: Tue, 4 Mar 2014 14:38:42 +0800 +Subject: [PATCH] fix the function parameter + +Upstream-Status: pending + +Original openssl_diffie_hellman_create has three parameters, but +it is reassigned a function pointer which has one parameter, and +is called with one parameter, which will lead to segment fault +on PPC, Now we simply correct the number of parameters. + + #0 0x484d4aa0 in __GI_raise (sig=6) + at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 + #1 0x484d9930 in __GI_abort () at abort.c:91 + #2 0x10002064 in segv_handler (signal=11) at charon.c:224 + #3 <signal handler called> + #4 0x48d89630 in openssl_diffie_hellman_create (group=MODP_1024_BIT, g=..., + p=<error reading variable: Cannot access memory at address 0x0>) + at openssl_diffie_hellman.c:143 + #5 0x482c54f8 in create_dh (this=0x11ac6e68, group=MODP_1024_BIT) + at crypto/crypto_factory.c:358 + #6 0x48375884 in create_dh (this=<optimized out>, group=<optimized out>) + at sa/keymat.c:132 + #7 0x483843b8 in process_payloads (this=0x51400a78, message=<optimized + out>) + at sa/tasks/ike_init.c:200 + #8 0x483844d0 in process_r (this=0x51400a78, message=0x51500778) + at sa/tasks/ike_init.c:319 + #9 0x48374c9c in process_request (message=0x51500778, this=0x51400d20) + at sa/task_manager.c:870 + #10 process_message (this=0x51400d20, msg=0x51500778) at + sa/task_manager.c:925 + #11 0x4836c378 in process_message (this=0x514005f0, message=0x51500778) + at sa/ike_sa.c:1317 + #12 0x48362270 in execute (this=0x515008d0) + at processing/jobs/process_message_job.c:74 + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> + +--- + src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 8 +++++++- + src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h | 4 +++- + src/libstrongswan/plugins/openssl/openssl_plugin.c | 1 + + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +index 8e9c118..a73b038 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c ++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +@@ -192,7 +192,7 @@ METHOD(diffie_hellman_t, destroy, void, + /* + * Described in header. + */ +-openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( + diffie_hellman_group_t group, ...) + { + private_openssl_diffie_hellman_t *this; +@@ -255,5 +255,11 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( + DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey)); + return &this->public; + } ++openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group) ++{ ++ chunk_t g; ++ chunk_t p; ++ openssl_diffie_hellman_create_custom(group, g, p); ++} + + #endif /* OPENSSL_NO_DH */ +diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +index 5de5520..22586e0 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h ++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +@@ -43,8 +43,10 @@ struct openssl_diffie_hellman_t { + * @param ... expects generator and prime as chunk_t if MODP_CUSTOM + * @return openssl_diffie_hellman_t object, NULL if not supported + */ +-openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( + diffie_hellman_group_t group, ...); ++openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++ diffie_hellman_group_t group); + + #endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ + +diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c +index 8b0a7c5..114d575 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c ++++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c +@@ -609,6 +609,7 @@ METHOD(plugin_t, get_features, int, + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), ++ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create_custom), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), + #endif + #ifndef OPENSSL_NO_RSA diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.6.2.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.6.2.bb new file mode 100644 index 000000000..f2fe1f1cb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.6.2.bb @@ -0,0 +1,132 @@ +DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \ +Linux operating system." +SUMMARY = "strongSwan is an OpenSource IPsec implementation" +HOMEPAGE = "http://www.strongswan.org" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "gmp openssl flex-native flex bison-native" + +SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + file://fix-funtion-parameter.patch \ + file://0001-memory.h-Include-stdint.h-for-uintptr_t.patch \ + " + +SRC_URI[md5sum] = "46aa3aa18fbc4bd528f9a0345ce79913" +SRC_URI[sha256sum] = "e0a60a30ebf3c534c223559e1686497a21ded709a5d605c5123c2f52bcc22e92" + +EXTRA_OECONF = " \ + --without-lib-prefix \ +" + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" + + +PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \ +" +PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" +PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl" +PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" +PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient," +PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" +PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" +PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" +PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" + +# requires swanctl +PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," + +inherit autotools systemd pkgconfig + +RRECOMMENDS_${PN} = "kernel-module-ipsec" + +FILES_${PN} += "${libdir}/ipsec/lib*${SOLIBS}" +FILES_${PN}-dbg += "${bindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.debug" +FILES_${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la" +FILES_${PN}-staticdev += "${libdir}/ipsec/*.a" + +CONFFILES_${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.conf" + +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY_${PN}-plugins = "1" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +python split_strongswan_plugins () { + sysconfdir = d.expand('${sysconfdir}/strongswan.d/charon') + libdir = d.expand('${libdir}/ipsec/plugins') + dbglibdir = os.path.join(libdir, '.debug') + + def add_plugin_conf(f, pkg, file_regex, output_pattern, modulename): + dvar = d.getVar('PKGD', True) + oldfiles = d.getVar('CONFFILES_' + pkg, True) + newfile = '/' + os.path.relpath(f, dvar) + + if not oldfiles: + d.setVar('CONFFILES_' + pkg, newfile) + else: + d.setVar('CONFFILES_' + pkg, oldfiles + " " + newfile) + + split_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) + do_split_packages(d, sysconfdir, '(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) + + split_dbg_packages = do_split_packages(d, dbglibdir, 'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + split_dev_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') + split_staticdev_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') + + if split_packages: + pn = d.getVar('PN', True) + d.setVar('RRECOMMENDS_' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-dev', ' ' + ' '.join(split_dev_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-staticdev', ' ' + ' '.join(split_staticdev_packages)) +} + +PACKAGESPLITFUNCS_prepend = "split_strongswan_plugins " + +# Install some default plugins based on default strongSwan ./configure options +# See https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist +RDEPENDS_${PN} += "\ + ${PN}-plugin-aes \ + ${PN}-plugin-attr \ + ${PN}-plugin-cmac \ + ${PN}-plugin-constraints \ + ${PN}-plugin-des \ + ${PN}-plugin-dnskey \ + ${PN}-plugin-hmac \ + ${PN}-plugin-kernel-netlink \ + ${PN}-plugin-md5 \ + ${PN}-plugin-nonce \ + ${PN}-plugin-pem \ + ${PN}-plugin-pgp \ + ${PN}-plugin-pkcs1 \ + ${PN}-plugin-pkcs7 \ + ${PN}-plugin-pkcs8 \ + ${PN}-plugin-pkcs12 \ + ${PN}-plugin-pubkey \ + ${PN}-plugin-random \ + ${PN}-plugin-rc2 \ + ${PN}-plugin-resolve \ + ${PN}-plugin-revocation \ + ${PN}-plugin-sha1 \ + ${PN}-plugin-sha2 \ + ${PN}-plugin-socket-default \ + ${PN}-plugin-sshkey \ + ${PN}-plugin-updown \ + ${PN}-plugin-vici \ + ${PN}-plugin-x509 \ + ${PN}-plugin-xauth-generic \ + ${PN}-plugin-xcbc \ + ${PN}-plugin-curve25519 \ + " + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}-swanctl.service', '${BPN}.service', d)}" |
