security/strongswan: Fix default control-interface

Fix default control-interface in rc.d script and also
make it user-selectable at build time, defaulting to VICI.

Also mention this change in pkg-message, as previously the
default was "stroke" and it was changed to "vici" with
only a short notice in UPDATING, that was not displayed
when using binary upgrades.

Committing a portfmt'd version.

PR:		255952
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan/Makefile

@@ -1,8 +1,6 @@
-# Created by: Riaan Kruger <riaank@gmail.com>
-
 PORTNAME=	strongswan
 DISTVERSION=	5.9.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security net-vpn
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/
@@ -13,123 +11,128 @@ COMMENT=	Open Source IKEv2 IPsec-based VPN solution
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		cpe libtool:keepla pkgconfig tar:bzip2 ssl
+USES=		cpe libtool:keepla pkgconfig ssl tar:bzip2
 USE_LDCONFIG=	${PREFIX}/lib/ipsec
 USE_RC_SUBR=	strongswan
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--enable-kernel-pfkey \
-		--enable-kernel-pfroute  \
-		--disable-kernel-netlink  \
-		--disable-scripts  \
-		--disable-gmp \
-		--enable-openssl \
+CONFIGURE_ARGS=	--disable-gmp \
+		--disable-kernel-netlink \
+		--disable-scripts \
+		--enable-addrblock \
+		--enable-blowfish \
+		--enable-cmd \
 		--enable-eap-identity \
 		--enable-eap-md5 \
-		--enable-eap-tls \
 		--enable-eap-mschapv2 \
 		--enable-eap-peap \
+		--enable-eap-tls \
 		--enable-eap-ttls \
+		--enable-kernel-pfkey \
+		--enable-kernel-pfroute \
 		--enable-md4 \
-		--enable-blowfish \
-		--enable-addrblock \
+		--enable-openssl \
 		--enable-whitelist \
-		--enable-cmd \
-		--with-group=wheel  \
+		--with-group=wheel \
 		--with-lib-prefix=${PREFIX}
 
 INSTALL_TARGET=	install-strip
 TEST_TARGET=	check
 
-OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE FARP GCM \
-		IKEV1 IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL \
-		PKI PKCS11 PYTHON SCEP SMP SQLITE SWANCTL TESTVECTOR TPM TSS2 \
-		UNBOUND UNITY VICI XAUTH
+OPTIONS_DEFINE=			CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \
+				EAPSIMFILE FARP GCM IKEV1 IPSECKEY \
+				KERNELLIBIPSEC LDAP LOADTESTER MEDIATION MYSQL \
+				PKCS11 PKI PYTHON SCEP SMP SQLITE SWANCTL \
+				TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH
 OPTIONS_DEFINE_i386=	VIA
-OPTIONS_DEFAULT=	BUILTIN CURL IKEV1 PKI SWANCTL VICI
-OPTIONS_SINGLE=	PRINTF_HOOKS
+OPTIONS_DEFAULT=		BUILTIN CURL IKEV1 PKI SWANCTL VICI
+OPTIONS_SINGLE=			PRINTF_HOOKS
 OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
-OPTIONS_SUB=	yes
+OPTIONS_SUB=			yes
 
 # Description of options
-BUILTIN_DESC=	Use builtin printf hooks
-CURL_DESC=	Enable CURL to fetch CRL/OCSP
+BUILTIN_DESC=		Use builtin printf hooks
+CURL_DESC=		Enable CURL to fetch CRL/OCSP
 EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
 EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
 EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
 EAPSIMFILE_DESC=	Enable EAP SIM with file backend
-FARP_DESC=	Enable farp plugin
+FARP_DESC=		Enable farp plugin
 GCM_DESC=		Enable GCM AEAD wrapper crypto plugin
-IKEV1_DESC=	Enable IKEv1 support
-IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
+IKEV1_DESC=		Enable IKEv1 support
+IPSECKEY_DESC=		Enable authentication with IPSECKEY resource records with DNSSEC
 KERNELLIBIPSEC_DESC=	Enable IPSec userland backend
-LIBC_DESC=	Use libc printf hooks
+LIBC_DESC=		Use libc printf hooks
 LOADTESTER_DESC=	Enable load testing plugin
 MEDIATION_DESC=		Enable IKEv2 Mediation Extension
-PKCS11_DESC=	Enable PKCS11 token support
-PKI_DESC=	Enable PKI tools
-PYTHON_DESC=	Python VICI protocol plugin
-SCEP_DESC=	Enable Simple Certificate Enrollment Protocol
-SMP_DESC=	Enable XML-based management protocol (DEPRECATED)
-SWANCTL_DESC=	Install swanctl (requires VICI)
+PKCS11_DESC=		Enable PKCS11 token support
+PKI_DESC=		Enable PKI tools
+PYTHON_DESC=		Python VICI protocol plugin
+SCEP_DESC=		Enable Simple Certificate Enrollment Protocol
+SMP_DESC=		Enable XML-based management protocol (DEPRECATED)
+SWANCTL_DESC=		Install swanctl (requires VICI)
 TESTVECTOR_DESC=	Enable crypto test vectors
-TPM_DESC=	Enable TPM plugin
-TSS2_DESC=	Enable TPM 2.0 TSS2 library
-UNBOUND_DESC=	Enable DNSSEC-enabled resolver
-UNITY_DESC=	Enable Cisco Unity extension plugin
-VIA_DESC=	Enable VIA Padlock support
-VICI_DESC=	Enable VICI management protocol
-VSTR_DESC=	Use devel/vstr printf hooks
-XAUTH_DESC=	Enable XAuth password verification
+TPM_DESC=		Enable TPM plugin
+TSS2_DESC=		Enable TPM 2.0 TSS2 library
+UNBOUND_DESC=		Enable DNSSEC-enabled resolver
+UNITY_DESC=		Enable Cisco Unity extension plugin
+VIA_DESC=		Enable VIA Padlock support
+VICI_DESC=		Enable VICI management protocol
+VSTR_DESC=		Use devel/vstr printf hooks
+XAUTH_DESC=		Enable XAuth password verification
 
 # Extra options
-BUILTIN_CONFIGURE_ON=	--with-printf-hooks=builtin
-CURL_LIB_DEPENDS=	libcurl.so:ftp/curl
-CURL_CONFIGURE_ON=	--enable-curl
-EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
-EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka --enable-eap-aka-3gpp2
-EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
-EAPRADIUS_CONFIGURE_ON=	--enable-eap-radius
-EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
-FARP_CONFIGURE_ON=	--enable-farp
-GCM_CONFIGURE_ON=	--enable-gcm
-IKEV1_CONFIGURE_OFF=	--disable-ikev1
-IPSECKEY_CONFIGURE_ON=	--enable-ipseckey
+BUILTIN_CONFIGURE_ON=		--with-printf-hooks=builtin
+CURL_LIB_DEPENDS=		libcurl.so:ftp/curl
+CURL_CONFIGURE_ON=		--enable-curl
+EAPAKA3GPP2_LIB_DEPENDS=	libgmp.so:math/gmp
+EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka \
+				--enable-eap-aka-3gpp2
+EAPDYNAMIC_CONFIGURE_ON=	--enable-eap-dynamic
+EAPRADIUS_CONFIGURE_ON=		--enable-eap-radius
+EAPSIMFILE_CONFIGURE_ON=	--enable-eap-sim \
+				--enable-eap-sim-file
+FARP_CONFIGURE_ON=		--enable-farp
+GCM_CONFIGURE_ON=		--enable-gcm
+IKEV1_CONFIGURE_OFF=		--disable-ikev1
+IPSECKEY_CONFIGURE_ON=		--enable-ipseckey
 KERNELLIBIPSEC_CONFIGURE_ON=	--enable-kernel-libipsec
-LDAP_USE=		OPENLDAP=yes
-LDAP_CONFIGURE_ON=	--enable-ldap
-LIBC_CONFIGURE_ON=	--with-printf-hooks=glibc
-LOADTESTER_CONFIGURE_ON=--enable-load-tester
-MEDIATION_CONFIGURE_ON=	--enable-mediation
-MYSQL_USES=		mysql
-MYSQL_CONFIGURE_ON=	--enable-mysql
-PKCS11_CONFIGURE_ON=	--enable-pkcs11
-PKI_CONFIGURE_OFF=	--disable-pki
-PYTHON_IMPLIES=		VICI
-PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR}
-PYTHON_USES=		python
-SCEP_CONFIGURE_OFF=	--disable-scepclient
-SMP_LIB_DEPENDS=	libxml2.so:textproc/libxml2
-SMP_CONFIGURE_ON=	--enable-smp
-SQLITE_LIB_DEPENDS=	libsqlite3.so:databases/sqlite3
-SQLITE_CONFIGURE_ON=	--enable-sqlite
-SWANCTL_IMPLIES=	VICI
-SWANCTL_CONFIGURE_ON=	--enable-swanctl
-TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
-TPM_CONFIGURE_ON=	--enable-tpm
-TSS2_LIB_DEPENDS=	libtss2-sys.so:security/tpm2-tss
-TSS2_CONFIGURE_ON=	--enable-tss-tss2
-UNBOUND_LIB_DEPENDS=	libunbound.so:dns/unbound \
-			libldns.so:dns/ldns
-UNBOUND_CONFIGURE_ON=	--enable-unbound
-UNITY_CONFIGURE_ON=	--enable-unity
-VIA_CONFIGURE_ON=	--enable-padlock
-VICI_CONFIGURE_ON=	--enable-vici
-VSTR_LIB_DEPENDS=	libvstr.so:devel/vstr
-VSTR_CONFIGURE_ON=	--with-printf-hooks=vstr
-XAUTH_CONFIGURE_ON=	--enable-xauth-eap \
-			--enable-xauth-generic \
-			--enable-xauth-pam
+LDAP_USE=			OPENLDAP=yes
+LDAP_CONFIGURE_ON=		--enable-ldap
+LIBC_CONFIGURE_ON=		--with-printf-hooks=glibc
+LOADTESTER_CONFIGURE_ON=	--enable-load-tester
+MEDIATION_CONFIGURE_ON=		--enable-mediation
+MYSQL_USES=			mysql
+MYSQL_CONFIGURE_ON=		--enable-mysql
+PKCS11_CONFIGURE_ON=		--enable-pkcs11
+PKI_CONFIGURE_OFF=		--disable-pki
+PYTHON_IMPLIES=			VICI
+PYTHON_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR}
+PYTHON_USES=			python
+SCEP_CONFIGURE_OFF=		--disable-scepclient
+SMP_LIB_DEPENDS=		libxml2.so:textproc/libxml2
+SMP_CONFIGURE_ON=		--enable-smp
+SQLITE_LIB_DEPENDS=		libsqlite3.so:databases/sqlite3
+SQLITE_CONFIGURE_ON=		--enable-sqlite
+SWANCTL_IMPLIES=		VICI
+SWANCTL_CONFIGURE_ON=		--enable-swanctl
+TESTVECTOR_CONFIGURE_ON=	--enable-test-vectors
+TPM_CONFIGURE_ON=		--enable-tpm
+TSS2_LIB_DEPENDS=		libtss2-sys.so:security/tpm2-tss
+TSS2_CONFIGURE_ON=		--enable-tss-tss2
+UNBOUND_LIB_DEPENDS=		libldns.so:dns/ldns \
+				libunbound.so:dns/unbound
+UNBOUND_CONFIGURE_ON=		--enable-unbound
+UNITY_CONFIGURE_ON=		--enable-unity
+VIA_CONFIGURE_ON=		--enable-padlock
+VICI_CONFIGURE_ON=		--enable-vici
+VICI_SUB_LIST=			INTERFACE="vici"
+VICI_SUB_LIST_OFF=		INTERFACE="stroke"
+VSTR_LIB_DEPENDS=		libvstr.so:devel/vstr
+VSTR_CONFIGURE_ON=		--with-printf-hooks=vstr
+XAUTH_CONFIGURE_ON=		--enable-xauth-eap \
+				--enable-xauth-generic \
+				--enable-xauth-pam
 
 .include <bsd.port.options.mk>
 
@@ -140,10 +143,11 @@ PLIST_SUB+=	SIMAKA="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
-CONFIGURE_ARGS+=	--enable-attr-sql --enable-sql
-PLIST_SUB+=	SQL=""
+CONFIGURE_ARGS+=	--enable-attr-sql \
+			--enable-sql
+PLIST_SUB+=		SQL=""
 .else
-PLIST_SUB+=	SQL="@comment "
+PLIST_SUB+=		SQL="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH}

security/strongswan/files/strongswan.in

@@ -14,7 +14,7 @@
 #	Valid options are:
 #	"stroke" for the old ipsec/startr interface
 #	"vici" for the newer swanctl intrface
-#	Default is "stroke"
+#	Default is "%%INTERFACE%%"
 
 . /etc/rc.subr
 
@@ -26,7 +26,7 @@ rcvar=strongswan_enable
 load_rc_config $name
 
 : ${strongswan_enable:=NO}
-: ${strongswan_interface:="vici"}
+: ${strongswan_interface:="%%INTERFACE%%"}
 
 extra_commands="reload statusall"
 

security/strongswan/pkg-message

@@ -0,0 +1,19 @@
+[
+{ type: install
+  message: <<EOM
+The default strongSwan configuration interface have been updated to vici since version 5.9.2_1.
+To use the stroke interface by default either compile the port without the vici option or
+set 'strongswan_interface="stroke"' in your rc.conf file.
+EOM
+}
+{
+  type: upgrade
+  minimum_version: "5.9.2_1"
+  message: <<EOM
+The default strongSwan configuration interface have been updated to vici.
+To use the stroke interface by default either compile the port without the vici option or
+set 'strongswan_interface="stroke"' in your rc.conf file.
+EOM
+}
+]
+