[Pkg-swan-devel] Bug#861037: [PATCH 06/12] Enable dnscert, ipseckey, and unbound plugins (closes #718298)

Gerald Turner gturner at unzane.com
Sun Apr 23 22:45:17 UTC 2017


---
 debian/control                             | 5 +++++
 debian/libcharon-extra-plugins.install     | 6 ++++++
 debian/libstrongswan-extra-plugins.install | 3 +++
 debian/rules                               | 3 +++
 4 files changed, 17 insertions(+)

diff --git a/debian/control b/debian/control
index 53a436b8..25e0c16f 100644
--- a/debian/control
+++ b/debian/control
@@ -24,6 +24,7 @@ Build-Depends: bison,
                libgmp3-dev,
                libkrb5-dev,
                libldap2-dev,
+               libldns-dev,
                libnm-glib-vpn-dev (>= 0.7) [linux-any],
                libnm-util-dev (>= 0.7) [linux-any],
                libpam0g-dev,
@@ -31,6 +32,7 @@ Build-Depends: bison,
                libssl-dev (>= 0.9.8),
                libsystemd-dev [linux-any],
                libtool,
+               libunbound-dev,
                libxml2-dev,
                network-manager-dev (>= 0.7) [linux-any],
                pkg-config,
@@ -88,6 +90,7 @@ Description: strongSwan utility and crypto library
   - sha1 (SHA1 hasher software implementation)
   - sha2 (SHA256/SHA384/SHA512 hasher software implementation)
   - sshkey (SSH key decoding routines)
+  - unbound (DNSSEC enabled resolver using libunbound)
   - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
     and OCSP messages)
   - xcbc (XCBC wrapper using various ciphers)
@@ -164,6 +167,7 @@ Description: strongSwan charon library (extra plugins)
   - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
     certificates)
   - certexpire (Export expiration dates of used certificates)
+  - dnscert (Provides authentication via CERT RRs protected by DNSSEC)
   - eap-aka (Generic EAP-AKA protocol handler using different backends)
   - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
   - eap-identity (EAP-Identity identity exchange algorithm, to use with other
@@ -178,6 +182,7 @@ Description: strongSwan charon library (extra plugins)
   - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
   - error-notify (Notification about errors via UNIX socket)
   - ha (High-Availability clustering)
+  - ipseckey (Provides authentication via IPSECKEY RRs protected by DNSSEC)
   - led (Let Linux LED subsystem LEDs blink on IKE activity)
   - lookip (Virtual IP lookup facility using a UNIX socket)
   - medcli (Web interface based mediation client interface)
diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install
index 23415665..3e242e00 100644
--- a/debian/libcharon-extra-plugins.install
+++ b/debian/libcharon-extra-plugins.install
@@ -1,9 +1,11 @@
 # libcharon plugins
 usr/lib/ipsec/plugins/libstrongswan-addrblock.so
 usr/lib/ipsec/plugins/libstrongswan-certexpire.so
+usr/lib/ipsec/plugins/libstrongswan-dnscert.so
 usr/lib/ipsec/plugins/libstrongswan-eap*.so
 usr/lib/ipsec/plugins/libstrongswan-error-notify.so
 usr/lib/ipsec/plugins/libstrongswan-ha.so
+usr/lib/ipsec/plugins/libstrongswan-ipseckey.so
 usr/lib/ipsec/plugins/libstrongswan-led.so
 usr/lib/ipsec/plugins/libstrongswan-lookip.so
 #usr/lib/ipsec/plugins/libstrongswan-medsrv.so
@@ -14,9 +16,11 @@ usr/lib/ipsec/plugins/libstrongswan-xauth-*.so
 # standard configuration files
 usr/share/strongswan/templates/config/plugins/addrblock.conf
 usr/share/strongswan/templates/config/plugins/certexpire.conf
+usr/share/strongswan/templates/config/plugins/dnscert.conf
 usr/share/strongswan/templates/config/plugins/eap-*.conf
 usr/share/strongswan/templates/config/plugins/error-notify.conf
 usr/share/strongswan/templates/config/plugins/ha.conf
+usr/share/strongswan/templates/config/plugins/ipseckey.conf
 usr/share/strongswan/templates/config/plugins/led.conf
 usr/share/strongswan/templates/config/plugins/lookip.conf
 #usr/share/strongswan/templates/config/plugins/medsrv.conf
@@ -28,9 +32,11 @@ usr/share/strongswan/templates/config/strongswan.d/tnc.conf
 etc/strongswan.d/tnc.conf
 etc/strongswan.d/charon/addrblock.conf
 etc/strongswan.d/charon/certexpire.conf
+etc/strongswan.d/charon/dnscert.conf
 etc/strongswan.d/charon/eap-*.conf
 etc/strongswan.d/charon/error-notify.conf
 etc/strongswan.d/charon/ha.conf
+etc/strongswan.d/charon/ipseckey.conf
 etc/strongswan.d/charon/led.conf
 etc/strongswan.d/charon/lookip.conf
 #etc/strongswan.d/charon/medsrv.conf
diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
index 2a7c209a..b922ea3b 100644
--- a/debian/libstrongswan-extra-plugins.install
+++ b/debian/libstrongswan-extra-plugins.install
@@ -7,6 +7,7 @@ usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
 usr/lib/ipsec/plugins/libstrongswan-ldap.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
 usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
+usr/lib/ipsec/plugins/libstrongswan-unbound.so
 # default configuration files
 usr/share/strongswan/templates/config/plugins/ccm.conf
 usr/share/strongswan/templates/config/plugins/cmac.conf
@@ -16,6 +17,7 @@ usr/share/strongswan/templates/config/plugins/gcrypt.conf
 usr/share/strongswan/templates/config/plugins/ldap.conf
 usr/share/strongswan/templates/config/plugins/pkcs11.conf
 usr/share/strongswan/templates/config/plugins/test-vectors.conf
+usr/share/strongswan/templates/config/plugins/unbound.conf
 etc/strongswan.d/charon/ccm.conf
 etc/strongswan.d/charon/cmac.conf
 etc/strongswan.d/charon/ctr.conf
@@ -24,3 +26,4 @@ etc/strongswan.d/charon/gcrypt.conf
 etc/strongswan.d/charon/ldap.conf
 etc/strongswan.d/charon/pkcs11.conf
 etc/strongswan.d/charon/test-vectors.conf
+etc/strongswan.d/charon/unbound.conf
diff --git a/debian/rules b/debian/rules
index ad984684..e687018a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
 		--enable-cmd \
 		--enable-ctr \
 		--enable-curl \
+		--enable-dnscert \
 		--enable-eap-aka \
 		--enable-eap-gtc \
 		--enable-eap-identity \
@@ -24,6 +25,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
 		--enable-gcm \
 		--enable-gcrypt \
 		--enable-ha \
+		--enable-ipseckey \
 		--enable-ldap \
 		--enable-led \
 		--enable-lookip \
@@ -31,6 +33,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
 		--enable-openssl \
 		--enable-pkcs11 \
 		--enable-test-vectors \
+		--enable-unbound \
 		--enable-unity \
 		--enable-xauth-eap \
 		--enable-xauth-pam \
-- 
Gerald Turner <gturner at unzane.com>        Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170423/2cb0e31b/attachment.sig>


More information about the Pkg-swan-devel mailing list