[Pkg-swan-devel] Patch for vici, swanctl, xauth-noauth and kernel-libipsec

Mon Nov 10 10:55:17 UTC 2014

Hello!
There is a new strongswan control utility named swanctl, which requires
new protocol named vici, and it's very convinient.
Also, there is module xauth-noauth which is very helpful for IKEv1
clients which support XAUTH-RSA only with username/password authentication.
And the last one is kernel-libipsec. It is a user-land IPsec
implementation, which allows to use strongSwan in OpenVZ containers.
I'd like to have this options enabled in the build. Here is the patch.
Please test kernel-libipsec. It should not load if native IPsec support
is detected. If it loads, maybe it would be better to split it into
individual package.

--- strongswan-5.2.1/debian/rules	2014-10-27 14:36:53.659872404 +0300
+++ strongswan-5.2.1/debian/rules	2014-10-27 15:10:07.003054721 +0300
@@ -15,7 +15,7 @@
 		--enable-ha \
 		--enable-led --enable-gcrypt \
 		--enable-test-vectors \
-		--enable-xauth-eap --enable-xauth-pam \
+		--enable-xauth-eap --enable-xauth-pam --enable-xauth-noauth \
 		--enable-cmd \
 		--enable-certexpire \
 		--enable-lookip \
@@ -50,7 +50,7 @@
 		--with-capabilities=libcap \
 		--enable-farp \
 		--enable-dhcp \
-		--enable-af-alg
+		--enable-vici --enable-swanctl --enable-kernel-libipsec
 endif

 ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd)
@@ -98,9 +98,27 @@
 	dh_install -p libstrongswan
usr/share/strongswan/templates/config/plugins/kernel-netlink.conf
 	dh_install -p libstrongswan etc/strongswan.d/charon/kernel-netlink.conf

-	dh_install -p libstrongswan-extra-plugins
usr/lib/ipsec/plugins/libstrongswan-af-alg.so
-	dh_install -p libstrongswan-extra-plugins
usr/share/strongswan/templates/config/plugins/af-alg.conf
-	dh_install -p libstrongswan-extra-plugins
etc/strongswan.d/charon/af-alg.conf
+	dh_install -p libstrongswan usr/lib/ipsec/libipsec.so
+	dh_install -p libstrongswan usr/lib/ipsec/libipsec.so.0
+	dh_install -p libstrongswan usr/lib/ipsec/libipsec.so.0.0.0
+	dh_install -p libstrongswan
usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so
+	dh_install -p libstrongswan
usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf
+	dh_install -p libstrongswan etc/strongswan.d/charon/kernel-libipsec.conf
+
+	dh_install -p libstrongswan usr/lib/ipsec/libvici.so.0.0.0
+	dh_install -p libstrongswan usr/lib/ipsec/libvici.so.0
+	dh_install -p libstrongswan usr/lib/ipsec/libvici.so
+	dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-vici.so
+
+	dh_install -p strongswan-starter
usr/share/strongswan/templates/config/strongswan.d/swanctl.conf
+	dh_install -p strongswan-starter
usr/share/strongswan/templates/config/plugins/vici.conf
+	dh_install -p strongswan-starter usr/share/man/man8/swanctl.8
+	dh_install -p strongswan-starter usr/share/man/man5/swanctl.conf.5
+	dh_install -p strongswan-starter usr/sbin/swanctl
+	dh_install -p strongswan-starter etc/swanctl/swanctl.conf
+	dh_install -p strongswan-starter etc/strongswan.d/swanctl.conf
+	dh_install -p strongswan-starter etc/strongswan.d/charon/vici.conf
+
 	# the systemd service file only gets generated on Linux
 	dh_install -p strongswan-starter lib/systemd/system/strongswan.service
 endif
@@ -142,8 +160,9 @@
 		-Xlibstrongswan-farp.so -X farp.conf \
 		-Xlibstrongswan-padlock.so -X padlock.conf \
 		-Xlibstrongswan-rdrand.so -X rdrand.conf \
-		-Xlibstrongswan-af-alg.so -X af-alg.conf \
-		-Xstrongswan.service
+		-Xstrongswan.service -Xlibipsec.so \
+		-Xlibvici.so -Xlibstrongswan-vici.so \
+		-Xswanctl -Xvici.conf

 	# add additional files not covered by upstream makefile...
 	install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto
$(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20141110/489cf3a2/attachment.sig>
