FreeBSD Bugzilla – Attachment 210512 Details for
Bug 243166
security/strongswan: load ipsec module by rcscript
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
strongswan.diff
strongswan.diff (text/plain), 7.61 KB, created by
Dries Michiels
on 2020-01-07 19:23:12 UTC
(
hide
)
Description:
strongswan.diff
Filename:
MIME Type:
Creator:
Dries Michiels
Created:
2020-01-07 19:23:12 UTC
Size:
7.61 KB
patch
obsolete
>Index: security/strongswan/Makefile >=================================================================== >--- security/strongswan/Makefile (revision 522354) >+++ security/strongswan/Makefile (working copy) >@@ -1,157 +1,158 @@ > # Created by: Riaan Kruger <riaank@gmail.com> > # $FreeBSD$ > > PORTNAME= strongswan > PORTVERSION= 5.8.2 >+PORTREVISION= 1 > CATEGORIES= security net-vpn > MASTER_SITES= http://download.strongswan.org/ \ > http://download2.strongswan.org/ > > MAINTAINER= strongswan@nanoteq.com > COMMENT= Open Source IKEv2 IPsec-based VPN solution > > LICENSE= GPLv2 > LICENSE_FILE= ${WRKSRC}/LICENSE > > USES= cpe libtool:keepla pkgconfig tar:bzip2 ssl > USE_RC_SUBR= strongswan > USE_LDCONFIG= ${PREFIX}/lib/ipsec > > GNU_CONFIGURE= yes > INSTALL_TARGET= install-strip > > CONFIGURE_ARGS= --enable-kernel-pfkey \ > --enable-kernel-pfroute \ > --disable-kernel-netlink \ > --disable-scripts \ > --disable-gmp \ > --enable-openssl \ > --enable-eap-identity \ > --enable-eap-md5 \ > --enable-eap-tls \ > --enable-eap-mschapv2 \ > --enable-eap-peap \ > --enable-eap-ttls \ > --enable-md4 \ > --enable-blowfish \ > --enable-addrblock \ > --enable-whitelist \ > --enable-cmd \ > --with-group=wheel \ > --with-lib-prefix=${PREFIX} > > OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEV1 \ > IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI \ > PKCS11 SCEP SMP SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY \ > VICI XAUTH > OPTIONS_DEFINE_i386= VIA > OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI > OPTIONS_SINGLE= PRINTF_HOOKS > OPTIONS_SINGLE_PRINTF_HOOKS= BUILTIN LIBC VSTR > OPTIONS_SUB= yes > > # Description of options > BUILTIN_DESC= Use builtin printf hooks > CURL_DESC= Enable CURL to fetch CRL/OCSP > EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend > EAPDYNAMIC_DESC= Enable EAP dynamic proxy module > EAPRADIUS_DESC= Enable EAP Radius proxy authentication > EAPSIMFILE_DESC= Enable EAP SIM with file backend > GCM_DESC= Enable GCM AEAD wrapper crypto plugin > IKEV1_DESC= Enable IKEv1 support > IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC > KERNELLIBIPSEC_DESC= Enable IPSec userland backend > LIBC_DESC= Use libc printf hooks > LOADTESTER_DESC= Enable load testing plugin > MEDIATION_DESC= Enable IKEv2 Mediation Extension > PKCS11_DESC= Enable PKCS11 token support > PKI_DESC= Enable PKI tools > SCEP_DESC= Enable Simple Certificate Enrollment Protocol > SMP_DESC= Enable XML-based management protocol (DEPRECATED) > SWANCTL_DESC= Install swanctl (requires VICI) > TESTVECTOR_DESC= Enable crypto test vectors > TPM_DESC= Enable TPM plugin > UNBOUND_DESC= Enable DNSSEC-enabled resolver > UNITY_DESC= Enable Cisco Unity extension plugin > VIA_DESC= Enable VIA Padlock support > VICI_DESC= Enable VICI management protocol > VSTR_DESC= Use devel/vstr printf hooks > XAUTH_DESC= Enable XAuth password verification > > # Extra options > BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin > CURL_CONFIGURE_ON= --enable-curl > CURL_LIB_DEPENDS= libcurl.so:ftp/curl > EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2 > EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp > EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic > EAPRADIUS_CONFIGURE_ON= --enable-eap-radius > EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file > GCM_CONFIGURE_ON= --enable-gcm > IKEV1_CONFIGURE_OFF= --disable-ikev1 > IPSECKEY_CONFIGURE_ON= --enable-ipseckey > KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec > LDAP_CONFIGURE_ON= --enable-ldap > LDAP_USE= OPENLDAP=yes > LIBC_CONFIGURE_ON= --with-printf-hooks=glibc > LOADTESTER_CONFIGURE_ON=--enable-load-tester > MEDIATION_CONFIGURE_ON= --enable-mediation > MYSQL_CONFIGURE_ON= --enable-mysql > MYSQL_USES= mysql > PKCS11_CONFIGURE_ON= --enable-pkcs11 > PKI_CONFIGURE_OFF= --disable-pki > SCEP_CONFIGURE_OFF= --disable-scepclient > SMP_CONFIGURE_ON= --enable-smp > SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2 > SQLITE_CONFIGURE_ON= --enable-sqlite > SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3 > SWANCTL_CONFIGURE_ON= --enable-swanctl > SWANCTL_IMPLIES= VICI > TESTVECTOR_CONFIGURE_ON=--enable-test-vectors > TPM_CONFIGURE_ON= --enable-tpm > UNBOUND_CONFIGURE_ON= --enable-unbound > UNBOUND_LIB_DEPENDS= libunbound.so:dns/unbound \ > libldns.so:dns/ldns > UNITY_CONFIGURE_ON= --enable-unity > VIA_CONFIGURE_ON= --enable-padlock > VICI_CONFIGURE_ON= --enable-vici > VSTR_CONFIGURE_ON= --with-printf-hooks=vstr > VSTR_LIB_DEPENDS= libvstr.so:devel/vstr > XAUTH_CONFIGURE_ON= --enable-xauth-eap \ > --enable-xauth-generic \ > --enable-xauth-pam > > .include <bsd.port.options.mk> > > .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2} > PLIST_SUB+= SIMAKA="" > .else > PLIST_SUB+= SIMAKA="@comment " > .endif > > .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE} > CONFIGURE_ARGS+= --enable-attr-sql --enable-sql > PLIST_SUB+= SQL="" > .else > PLIST_SUB+= SQL="@comment " > .endif > > .if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH} > PLIST_SUB+= XAUTHGEN="" > .else > PLIST_SUB+= XAUTHGEN="@comment " > .endif > > # Hack to disable VIA in plist of unsupported architectures > .if ! ${OPTIONS_DEFINE:MVIA} > PLIST_SUB+= VIA="@comment " > .else > .endif > > post-install: > .if ${PORT_OPTIONS:MVICI} > ${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \ > ${STAGEDIR}${PREFIX}/include > .endif > > .include <bsd.port.mk> >Index: security/strongswan/files/strongswan.in >=================================================================== >--- security/strongswan/files/strongswan.in (revision 522354) >+++ security/strongswan/files/strongswan.in (working copy) >@@ -1,97 +1,98 @@ > #!/bin/sh > # Start or stop strongswan > # $FreeBSD$ > > # PROVIDE: strongswan > # REQUIRE: DAEMON > # BEFORE: LOGIN > # KEYWORD: shutdown > > # strongswan_enable (bool): > # Set it to "YES" to enable strongswan > # Default is "NO" > # strongswan_interface (string): > # Set the control interface to use. > # Valid options are: > # "stroke" for the old ipsec/startr interface > # "vici" for the newer swanctl intrface > # Default is "stroke" > > . /etc/rc.subr > > name=strongswan > desc="Strongswan IPsec startup script" >+required_modules="ipsec" > rcvar=strongswan_enable > > load_rc_config $name > > : ${strongswan_enable:=NO} > : ${strongswan_interface:="stroke"} > > extra_commands="reload statusall" > > charon_command=%%PREFIX%%/libexec/ipsec/charon > charon_pidfile=/var/run/charon.pid > swanctl_command=%%PREFIX%%/sbin/swanctl > > case $strongswan_interface in > [Ss][Tt][Rr][Oo][Kk][Ee]) > # "stroke" > command="%%PREFIX%%/sbin/ipsec" > start_precmd=command_args=start > stop_cmd="${command} stop" > status_cmd="${command} status" > reload_cmd="${command} reload" > statusall_cmd="${command} statusall" > ;; > > [Vv][Ii][Cc][Ii]) > # "vici" > command=/usr/sbin/daemon > pidfile=/var/run/daemon-charon.pid > command_args="-S -P ${pidfile} ${charon_command} --use-syslog" > > required_files=${charon_command} > extra_commands="reload statusall" > > start_postcmd=${name}_swanctl_poststart > status_cmd="${swanctl_command} --stats" > reload_cmd=${name}_swanctl_reload > statusall_cmd=${name}_swanctl_statusall > ;; > > *) > # "default" > warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"." > exit 1 > ;; > esac > > strongswan_swanctl_poststart() > { > local _waitmax=5 > > # Need to wait for charon to finish startup, > # else vici socket is unreadable > while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do > sleep 1 > _waitmax=$((_waitmax - 1)) > done > > ${swanctl_command} --load-all --noprompt > } > > strongswan_swanctl_reload() > { > ${swanctl_command} --reload-settings > ${swanctl_command} --load-all --noprompt > } > > strongswan_swanctl_statusall() > { > ${swanctl_command} --stats > ${swanctl_command} --list-conns > ${swanctl_command} --list-sas > } > > run_rc_command "$1"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=210512">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 243166
: 210512