[Pkg-swan-devel] Bug#718302: strongswan: Enable sqlite and mysql plugins
Gerald Turner
gturner at unzane.com
Sun Apr 23 22:14:47 UTC 2017
Control: tags -1 + patch
I've tested this patch extensively with the sqlite plugin, works great,
except for my first run when I thought that adding an IPv6 /64 pool
would be reasonable! (it's not, that's 2^64 record insertions) ;-)
Per Tobias Brunner's suggestion of building separate libstrongswan-mysql
and libstrongswan-sqlite packages, I'd be happy to work on this patch to
build additional packages. However as Yves-Alexis Perez points out, one
package per plugin may be overkill. Personally I think something near
having one package per plugin would be useful (especially if each plugin
package had Depends, Recommends, Suggests meticulously maintained), for
instance on my installations, I have overwritten 'load = no' in several
plugin conf files, and on package upgrade I have to deal with the dpkg
conffile prompts (sometimes killing my IPsec tunnel, due to charon being
shutdown for those prompts, rather than autonomously upgraded/restarted,
and have to shell in from another network and manually cleanup the dpkg
processes that have been detached from the terminal).
Example:
libcharon-attr-sql-plugin
Recommends: libstrongswan-mysql-plugin | libstrongswan-sqlite-plugin
libstrongswan-mysql-plugin
Depends: libcharon-attr-sql-plugin
libstrongswan-sqlite-plugin
Depends: libcharon-attr-sql-plugin
libstrongswan
Suggests: libcharon-attr-sql-plugin
Would you like me to work on that?
Otherwise this patch, as-is, simply adds the three plugins to the
existing libcharon-extra-plugins and libstrongswan-extra-plugins
packages.
BTW, I'm uncertain about the Build-Depends on
default-libmysqlclient-dev, I realize that there's some kind of
MySQL/MariaDB transition, but haven't researched any policy on how to
best depend on libmysqlclient-dev.
---
debian/control | 4 ++++
debian/libcharon-extra-plugins.install | 6 ++++++
debian/libstrongswan-extra-plugins.install | 8 ++++++++
debian/rules | 3 +++
4 files changed, 21 insertions(+)
diff --git a/debian/control b/debian/control
index 25e0c16f..59e08ce9 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
Build-Depends: bison,
bzip2,
debhelper (>= 9.20151219),
+ default-libmysqlclient-dev,
dh-apparmor,
dh-autoreconf,
dh-systemd (>= 1.5),
@@ -146,10 +147,12 @@ Description: strongSwan utility and crypto library (extra plugins)
- gcrypt (Crypto backend based on libgcrypt, provides
RSA/DH/ciphers/hashers/rng)
- ldap (LDAP fetching plugin based on libldap)
+ - mysql (MySQL database backend based on libmysqlclient)
- padlock (VIA padlock crypto backend, provides AES128/SHA1)
- pkcs11 (PKCS#11 smartcard backend)
- rdrand (High quality / high performance random source using the Intel
rdrand instruction found on Ivy Bridge processors)
+ - sqlite (SQLite database backend based on libsqlite3)
- test-vectors (Set of test vectors for various algorithms)
Package: libcharon-extra-plugins
@@ -166,6 +169,7 @@ Description: strongSwan charon library (extra plugins)
This package provides extra plugins for the charon library:
- addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
certificates)
+ - attr-sql (Provides IKE attributes read from a database to peers)
- certexpire (Export expiration dates of used certificates)
- dnscert (Provides authentication via CERT RRs protected by DNSSEC)
- eap-aka (Generic EAP-AKA protocol handler using different backends)
diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install
index 3e242e00..d2535506 100644
--- a/debian/libcharon-extra-plugins.install
+++ b/debian/libcharon-extra-plugins.install
@@ -1,5 +1,6 @@
# libcharon plugins
usr/lib/ipsec/plugins/libstrongswan-addrblock.so
+usr/lib/ipsec/plugins/libstrongswan-attr-sql.so
usr/lib/ipsec/plugins/libstrongswan-certexpire.so
usr/lib/ipsec/plugins/libstrongswan-dnscert.so
usr/lib/ipsec/plugins/libstrongswan-eap*.so
@@ -15,6 +16,7 @@ usr/lib/ipsec/plugins/libstrongswan-unity.so
usr/lib/ipsec/plugins/libstrongswan-xauth-*.so
# standard configuration files
usr/share/strongswan/templates/config/plugins/addrblock.conf
+usr/share/strongswan/templates/config/plugins/attr-sql.conf
usr/share/strongswan/templates/config/plugins/certexpire.conf
usr/share/strongswan/templates/config/plugins/dnscert.conf
usr/share/strongswan/templates/config/plugins/eap-*.conf
@@ -28,9 +30,12 @@ usr/share/strongswan/templates/config/plugins/lookip.conf
usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf
usr/share/strongswan/templates/config/plugins/unity.conf
usr/share/strongswan/templates/config/plugins/xauth-*.conf
+usr/share/strongswan/templates/config/strongswan.d/pool.conf
usr/share/strongswan/templates/config/strongswan.d/tnc.conf
+etc/strongswan.d/pool.conf
etc/strongswan.d/tnc.conf
etc/strongswan.d/charon/addrblock.conf
+etc/strongswan.d/charon/attr-sql.conf
etc/strongswan.d/charon/certexpire.conf
etc/strongswan.d/charon/dnscert.conf
etc/strongswan.d/charon/eap-*.conf
@@ -56,4 +61,5 @@ usr/lib/ipsec/libtpmtss.so*
# binaries
usr/lib/ipsec/error-notify
usr/lib/ipsec/lookip
+usr/lib/ipsec/pool
usr/lib/ipsec/pt-tls-client
diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
index b922ea3b..e5f8baac 100644
--- a/debian/libstrongswan-extra-plugins.install
+++ b/debian/libstrongswan-extra-plugins.install
@@ -5,7 +5,9 @@ usr/lib/ipsec/plugins/libstrongswan-ctr.so
usr/lib/ipsec/plugins/libstrongswan-curl.so
usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
usr/lib/ipsec/plugins/libstrongswan-ldap.so
+usr/lib/ipsec/plugins/libstrongswan-mysql.so
usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
+usr/lib/ipsec/plugins/libstrongswan-sqlite.so
usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
usr/lib/ipsec/plugins/libstrongswan-unbound.so
# default configuration files
@@ -15,15 +17,21 @@ usr/share/strongswan/templates/config/plugins/ctr.conf
usr/share/strongswan/templates/config/plugins/curl.conf
usr/share/strongswan/templates/config/plugins/gcrypt.conf
usr/share/strongswan/templates/config/plugins/ldap.conf
+usr/share/strongswan/templates/config/plugins/mysql.conf
usr/share/strongswan/templates/config/plugins/pkcs11.conf
+usr/share/strongswan/templates/config/plugins/sqlite.conf
usr/share/strongswan/templates/config/plugins/test-vectors.conf
usr/share/strongswan/templates/config/plugins/unbound.conf
+usr/share/strongswan/templates/database/sql/mysql.sql
+usr/share/strongswan/templates/database/sql/sqlite.sql
etc/strongswan.d/charon/ccm.conf
etc/strongswan.d/charon/cmac.conf
etc/strongswan.d/charon/ctr.conf
etc/strongswan.d/charon/curl.conf
etc/strongswan.d/charon/gcrypt.conf
etc/strongswan.d/charon/ldap.conf
+etc/strongswan.d/charon/mysql.conf
etc/strongswan.d/charon/pkcs11.conf
+etc/strongswan.d/charon/sqlite.conf
etc/strongswan.d/charon/test-vectors.conf
etc/strongswan.d/charon/unbound.conf
diff --git a/debian/rules b/debian/rules
index e687018a..08c8aa09 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,7 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+all
CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
--enable-addrblock \
--enable-agent \
+ --enable-attr-sql \
--enable-ccm \
--enable-certexpire \
--enable-cmd \
@@ -30,8 +31,10 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
--enable-led \
--enable-lookip \
--enable-mediation \
+ --enable-mysql \
--enable-openssl \
--enable-pkcs11 \
+ --enable-sqlite \
--enable-test-vectors \
--enable-unbound \
--enable-unity \
--
Gerald Turner <gturner at unzane.com> Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170423/58383447/attachment.sig>
More information about the Pkg-swan-devel
mailing list