mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
security/strongswan: Fix default control-interface
Fix default control-interface in rc.d script and also make it user-selectable at build time, defaulting to VICI. Also mention this change in pkg-message, as previously the default was "stroke" and it was changed to "vici" with only a short notice in UPDATING, that was not displayed when using binary upgrades. Committing a portfmt'd version. PR: 255952 Approved by: strongswan@Nanoteq.com (maintainer)
This commit is contained in:
parent
93d73f6a83
commit
0ca8849103
@ -1,8 +1,6 @@
|
||||
# Created by: Riaan Kruger <riaank@gmail.com>
|
||||
|
||||
PORTNAME= strongswan
|
||||
DISTVERSION= 5.9.2
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= security net-vpn
|
||||
MASTER_SITES= http://download.strongswan.org/ \
|
||||
http://download2.strongswan.org/
|
||||
@ -13,123 +11,128 @@ COMMENT= Open Source IKEv2 IPsec-based VPN solution
|
||||
LICENSE= GPLv2
|
||||
LICENSE_FILE= ${WRKSRC}/LICENSE
|
||||
|
||||
USES= cpe libtool:keepla pkgconfig tar:bzip2 ssl
|
||||
USES= cpe libtool:keepla pkgconfig ssl tar:bzip2
|
||||
USE_LDCONFIG= ${PREFIX}/lib/ipsec
|
||||
USE_RC_SUBR= strongswan
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --enable-kernel-pfkey \
|
||||
--enable-kernel-pfroute \
|
||||
--disable-kernel-netlink \
|
||||
--disable-scripts \
|
||||
--disable-gmp \
|
||||
--enable-openssl \
|
||||
CONFIGURE_ARGS= --disable-gmp \
|
||||
--disable-kernel-netlink \
|
||||
--disable-scripts \
|
||||
--enable-addrblock \
|
||||
--enable-blowfish \
|
||||
--enable-cmd \
|
||||
--enable-eap-identity \
|
||||
--enable-eap-md5 \
|
||||
--enable-eap-tls \
|
||||
--enable-eap-mschapv2 \
|
||||
--enable-eap-peap \
|
||||
--enable-eap-tls \
|
||||
--enable-eap-ttls \
|
||||
--enable-kernel-pfkey \
|
||||
--enable-kernel-pfroute \
|
||||
--enable-md4 \
|
||||
--enable-blowfish \
|
||||
--enable-addrblock \
|
||||
--enable-openssl \
|
||||
--enable-whitelist \
|
||||
--enable-cmd \
|
||||
--with-group=wheel \
|
||||
--with-group=wheel \
|
||||
--with-lib-prefix=${PREFIX}
|
||||
|
||||
INSTALL_TARGET= install-strip
|
||||
TEST_TARGET= check
|
||||
|
||||
OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE FARP GCM \
|
||||
IKEV1 IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL \
|
||||
PKI PKCS11 PYTHON SCEP SMP SQLITE SWANCTL TESTVECTOR TPM TSS2 \
|
||||
UNBOUND UNITY VICI XAUTH
|
||||
OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \
|
||||
EAPSIMFILE FARP GCM IKEV1 IPSECKEY \
|
||||
KERNELLIBIPSEC LDAP LOADTESTER MEDIATION MYSQL \
|
||||
PKCS11 PKI PYTHON SCEP SMP SQLITE SWANCTL \
|
||||
TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH
|
||||
OPTIONS_DEFINE_i386= VIA
|
||||
OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI
|
||||
OPTIONS_SINGLE= PRINTF_HOOKS
|
||||
OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI
|
||||
OPTIONS_SINGLE= PRINTF_HOOKS
|
||||
OPTIONS_SINGLE_PRINTF_HOOKS= BUILTIN LIBC VSTR
|
||||
OPTIONS_SUB= yes
|
||||
OPTIONS_SUB= yes
|
||||
|
||||
# Description of options
|
||||
BUILTIN_DESC= Use builtin printf hooks
|
||||
CURL_DESC= Enable CURL to fetch CRL/OCSP
|
||||
BUILTIN_DESC= Use builtin printf hooks
|
||||
CURL_DESC= Enable CURL to fetch CRL/OCSP
|
||||
EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
|
||||
EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
|
||||
EAPRADIUS_DESC= Enable EAP Radius proxy authentication
|
||||
EAPSIMFILE_DESC= Enable EAP SIM with file backend
|
||||
FARP_DESC= Enable farp plugin
|
||||
FARP_DESC= Enable farp plugin
|
||||
GCM_DESC= Enable GCM AEAD wrapper crypto plugin
|
||||
IKEV1_DESC= Enable IKEv1 support
|
||||
IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
|
||||
IKEV1_DESC= Enable IKEv1 support
|
||||
IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
|
||||
KERNELLIBIPSEC_DESC= Enable IPSec userland backend
|
||||
LIBC_DESC= Use libc printf hooks
|
||||
LIBC_DESC= Use libc printf hooks
|
||||
LOADTESTER_DESC= Enable load testing plugin
|
||||
MEDIATION_DESC= Enable IKEv2 Mediation Extension
|
||||
PKCS11_DESC= Enable PKCS11 token support
|
||||
PKI_DESC= Enable PKI tools
|
||||
PYTHON_DESC= Python VICI protocol plugin
|
||||
SCEP_DESC= Enable Simple Certificate Enrollment Protocol
|
||||
SMP_DESC= Enable XML-based management protocol (DEPRECATED)
|
||||
SWANCTL_DESC= Install swanctl (requires VICI)
|
||||
PKCS11_DESC= Enable PKCS11 token support
|
||||
PKI_DESC= Enable PKI tools
|
||||
PYTHON_DESC= Python VICI protocol plugin
|
||||
SCEP_DESC= Enable Simple Certificate Enrollment Protocol
|
||||
SMP_DESC= Enable XML-based management protocol (DEPRECATED)
|
||||
SWANCTL_DESC= Install swanctl (requires VICI)
|
||||
TESTVECTOR_DESC= Enable crypto test vectors
|
||||
TPM_DESC= Enable TPM plugin
|
||||
TSS2_DESC= Enable TPM 2.0 TSS2 library
|
||||
UNBOUND_DESC= Enable DNSSEC-enabled resolver
|
||||
UNITY_DESC= Enable Cisco Unity extension plugin
|
||||
VIA_DESC= Enable VIA Padlock support
|
||||
VICI_DESC= Enable VICI management protocol
|
||||
VSTR_DESC= Use devel/vstr printf hooks
|
||||
XAUTH_DESC= Enable XAuth password verification
|
||||
TPM_DESC= Enable TPM plugin
|
||||
TSS2_DESC= Enable TPM 2.0 TSS2 library
|
||||
UNBOUND_DESC= Enable DNSSEC-enabled resolver
|
||||
UNITY_DESC= Enable Cisco Unity extension plugin
|
||||
VIA_DESC= Enable VIA Padlock support
|
||||
VICI_DESC= Enable VICI management protocol
|
||||
VSTR_DESC= Use devel/vstr printf hooks
|
||||
XAUTH_DESC= Enable XAuth password verification
|
||||
|
||||
# Extra options
|
||||
BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin
|
||||
CURL_LIB_DEPENDS= libcurl.so:ftp/curl
|
||||
CURL_CONFIGURE_ON= --enable-curl
|
||||
EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
|
||||
EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2
|
||||
EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
|
||||
EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
|
||||
EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
|
||||
FARP_CONFIGURE_ON= --enable-farp
|
||||
GCM_CONFIGURE_ON= --enable-gcm
|
||||
IKEV1_CONFIGURE_OFF= --disable-ikev1
|
||||
IPSECKEY_CONFIGURE_ON= --enable-ipseckey
|
||||
BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin
|
||||
CURL_LIB_DEPENDS= libcurl.so:ftp/curl
|
||||
CURL_CONFIGURE_ON= --enable-curl
|
||||
EAPAKA3GPP2_LIB_DEPENDS= libgmp.so:math/gmp
|
||||
EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka \
|
||||
--enable-eap-aka-3gpp2
|
||||
EAPDYNAMIC_CONFIGURE_ON= --enable-eap-dynamic
|
||||
EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
|
||||
EAPSIMFILE_CONFIGURE_ON= --enable-eap-sim \
|
||||
--enable-eap-sim-file
|
||||
FARP_CONFIGURE_ON= --enable-farp
|
||||
GCM_CONFIGURE_ON= --enable-gcm
|
||||
IKEV1_CONFIGURE_OFF= --disable-ikev1
|
||||
IPSECKEY_CONFIGURE_ON= --enable-ipseckey
|
||||
KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec
|
||||
LDAP_USE= OPENLDAP=yes
|
||||
LDAP_CONFIGURE_ON= --enable-ldap
|
||||
LIBC_CONFIGURE_ON= --with-printf-hooks=glibc
|
||||
LOADTESTER_CONFIGURE_ON=--enable-load-tester
|
||||
MEDIATION_CONFIGURE_ON= --enable-mediation
|
||||
MYSQL_USES= mysql
|
||||
MYSQL_CONFIGURE_ON= --enable-mysql
|
||||
PKCS11_CONFIGURE_ON= --enable-pkcs11
|
||||
PKI_CONFIGURE_OFF= --disable-pki
|
||||
PYTHON_IMPLIES= VICI
|
||||
PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR}
|
||||
PYTHON_USES= python
|
||||
SCEP_CONFIGURE_OFF= --disable-scepclient
|
||||
SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2
|
||||
SMP_CONFIGURE_ON= --enable-smp
|
||||
SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3
|
||||
SQLITE_CONFIGURE_ON= --enable-sqlite
|
||||
SWANCTL_IMPLIES= VICI
|
||||
SWANCTL_CONFIGURE_ON= --enable-swanctl
|
||||
TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
|
||||
TPM_CONFIGURE_ON= --enable-tpm
|
||||
TSS2_LIB_DEPENDS= libtss2-sys.so:security/tpm2-tss
|
||||
TSS2_CONFIGURE_ON= --enable-tss-tss2
|
||||
UNBOUND_LIB_DEPENDS= libunbound.so:dns/unbound \
|
||||
libldns.so:dns/ldns
|
||||
UNBOUND_CONFIGURE_ON= --enable-unbound
|
||||
UNITY_CONFIGURE_ON= --enable-unity
|
||||
VIA_CONFIGURE_ON= --enable-padlock
|
||||
VICI_CONFIGURE_ON= --enable-vici
|
||||
VSTR_LIB_DEPENDS= libvstr.so:devel/vstr
|
||||
VSTR_CONFIGURE_ON= --with-printf-hooks=vstr
|
||||
XAUTH_CONFIGURE_ON= --enable-xauth-eap \
|
||||
--enable-xauth-generic \
|
||||
--enable-xauth-pam
|
||||
LDAP_USE= OPENLDAP=yes
|
||||
LDAP_CONFIGURE_ON= --enable-ldap
|
||||
LIBC_CONFIGURE_ON= --with-printf-hooks=glibc
|
||||
LOADTESTER_CONFIGURE_ON= --enable-load-tester
|
||||
MEDIATION_CONFIGURE_ON= --enable-mediation
|
||||
MYSQL_USES= mysql
|
||||
MYSQL_CONFIGURE_ON= --enable-mysql
|
||||
PKCS11_CONFIGURE_ON= --enable-pkcs11
|
||||
PKI_CONFIGURE_OFF= --disable-pki
|
||||
PYTHON_IMPLIES= VICI
|
||||
PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR}
|
||||
PYTHON_USES= python
|
||||
SCEP_CONFIGURE_OFF= --disable-scepclient
|
||||
SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2
|
||||
SMP_CONFIGURE_ON= --enable-smp
|
||||
SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3
|
||||
SQLITE_CONFIGURE_ON= --enable-sqlite
|
||||
SWANCTL_IMPLIES= VICI
|
||||
SWANCTL_CONFIGURE_ON= --enable-swanctl
|
||||
TESTVECTOR_CONFIGURE_ON= --enable-test-vectors
|
||||
TPM_CONFIGURE_ON= --enable-tpm
|
||||
TSS2_LIB_DEPENDS= libtss2-sys.so:security/tpm2-tss
|
||||
TSS2_CONFIGURE_ON= --enable-tss-tss2
|
||||
UNBOUND_LIB_DEPENDS= libldns.so:dns/ldns \
|
||||
libunbound.so:dns/unbound
|
||||
UNBOUND_CONFIGURE_ON= --enable-unbound
|
||||
UNITY_CONFIGURE_ON= --enable-unity
|
||||
VIA_CONFIGURE_ON= --enable-padlock
|
||||
VICI_CONFIGURE_ON= --enable-vici
|
||||
VICI_SUB_LIST= INTERFACE="vici"
|
||||
VICI_SUB_LIST_OFF= INTERFACE="stroke"
|
||||
VSTR_LIB_DEPENDS= libvstr.so:devel/vstr
|
||||
VSTR_CONFIGURE_ON= --with-printf-hooks=vstr
|
||||
XAUTH_CONFIGURE_ON= --enable-xauth-eap \
|
||||
--enable-xauth-generic \
|
||||
--enable-xauth-pam
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
@ -140,10 +143,11 @@ PLIST_SUB+= SIMAKA="@comment "
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
|
||||
CONFIGURE_ARGS+= --enable-attr-sql --enable-sql
|
||||
PLIST_SUB+= SQL=""
|
||||
CONFIGURE_ARGS+= --enable-attr-sql \
|
||||
--enable-sql
|
||||
PLIST_SUB+= SQL=""
|
||||
.else
|
||||
PLIST_SUB+= SQL="@comment "
|
||||
PLIST_SUB+= SQL="@comment "
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH}
|
||||
|
@ -14,7 +14,7 @@
|
||||
# Valid options are:
|
||||
# "stroke" for the old ipsec/startr interface
|
||||
# "vici" for the newer swanctl intrface
|
||||
# Default is "stroke"
|
||||
# Default is "%%INTERFACE%%"
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
@ -26,7 +26,7 @@ rcvar=strongswan_enable
|
||||
load_rc_config $name
|
||||
|
||||
: ${strongswan_enable:=NO}
|
||||
: ${strongswan_interface:="vici"}
|
||||
: ${strongswan_interface:="%%INTERFACE%%"}
|
||||
|
||||
extra_commands="reload statusall"
|
||||
|
||||
|
19
security/strongswan/pkg-message
Normal file
19
security/strongswan/pkg-message
Normal file
@ -0,0 +1,19 @@
|
||||
[
|
||||
{ type: install
|
||||
message: <<EOM
|
||||
The default strongSwan configuration interface have been updated to vici since version 5.9.2_1.
|
||||
To use the stroke interface by default either compile the port without the vici option or
|
||||
set 'strongswan_interface="stroke"' in your rc.conf file.
|
||||
EOM
|
||||
}
|
||||
{
|
||||
type: upgrade
|
||||
minimum_version: "5.9.2_1"
|
||||
message: <<EOM
|
||||
The default strongSwan configuration interface have been updated to vici.
|
||||
To use the stroke interface by default either compile the port without the vici option or
|
||||
set 'strongswan_interface="stroke"' in your rc.conf file.
|
||||
EOM
|
||||
}
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user