diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index 2a0d6853d12e..0be9f77ebb70 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -1,8 +1,6 @@ -# Created by: Riaan Kruger - PORTNAME= strongswan DISTVERSION= 5.9.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net-vpn MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -13,123 +11,128 @@ COMMENT= Open Source IKEv2 IPsec-based VPN solution LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= cpe libtool:keepla pkgconfig tar:bzip2 ssl +USES= cpe libtool:keepla pkgconfig ssl tar:bzip2 USE_LDCONFIG= ${PREFIX}/lib/ipsec USE_RC_SUBR= strongswan GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-kernel-pfkey \ - --enable-kernel-pfroute \ - --disable-kernel-netlink \ - --disable-scripts \ - --disable-gmp \ - --enable-openssl \ +CONFIGURE_ARGS= --disable-gmp \ + --disable-kernel-netlink \ + --disable-scripts \ + --enable-addrblock \ + --enable-blowfish \ + --enable-cmd \ --enable-eap-identity \ --enable-eap-md5 \ - --enable-eap-tls \ --enable-eap-mschapv2 \ --enable-eap-peap \ + --enable-eap-tls \ --enable-eap-ttls \ + --enable-kernel-pfkey \ + --enable-kernel-pfroute \ --enable-md4 \ - --enable-blowfish \ - --enable-addrblock \ + --enable-openssl \ --enable-whitelist \ - --enable-cmd \ - --with-group=wheel \ + --with-group=wheel \ --with-lib-prefix=${PREFIX} INSTALL_TARGET= install-strip TEST_TARGET= check -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE FARP GCM \ - IKEV1 IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL \ - PKI PKCS11 PYTHON SCEP SMP SQLITE SWANCTL TESTVECTOR TPM TSS2 \ - UNBOUND UNITY VICI XAUTH +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \ + EAPSIMFILE FARP GCM IKEV1 IPSECKEY \ + KERNELLIBIPSEC LDAP LOADTESTER MEDIATION MYSQL \ + PKCS11 PKI PYTHON SCEP SMP SQLITE SWANCTL \ + TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH OPTIONS_DEFINE_i386= VIA -OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI -OPTIONS_SINGLE= PRINTF_HOOKS +OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI +OPTIONS_SINGLE= PRINTF_HOOKS OPTIONS_SINGLE_PRINTF_HOOKS= BUILTIN LIBC VSTR -OPTIONS_SUB= yes +OPTIONS_SUB= yes # Description of options -BUILTIN_DESC= Use builtin printf hooks -CURL_DESC= Enable CURL to fetch CRL/OCSP +BUILTIN_DESC= Use builtin printf hooks +CURL_DESC= Enable CURL to fetch CRL/OCSP EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend EAPDYNAMIC_DESC= Enable EAP dynamic proxy module EAPRADIUS_DESC= Enable EAP Radius proxy authentication EAPSIMFILE_DESC= Enable EAP SIM with file backend -FARP_DESC= Enable farp plugin +FARP_DESC= Enable farp plugin GCM_DESC= Enable GCM AEAD wrapper crypto plugin -IKEV1_DESC= Enable IKEv1 support -IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC +IKEV1_DESC= Enable IKEv1 support +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC KERNELLIBIPSEC_DESC= Enable IPSec userland backend -LIBC_DESC= Use libc printf hooks +LIBC_DESC= Use libc printf hooks LOADTESTER_DESC= Enable load testing plugin MEDIATION_DESC= Enable IKEv2 Mediation Extension -PKCS11_DESC= Enable PKCS11 token support -PKI_DESC= Enable PKI tools -PYTHON_DESC= Python VICI protocol plugin -SCEP_DESC= Enable Simple Certificate Enrollment Protocol -SMP_DESC= Enable XML-based management protocol (DEPRECATED) -SWANCTL_DESC= Install swanctl (requires VICI) +PKCS11_DESC= Enable PKCS11 token support +PKI_DESC= Enable PKI tools +PYTHON_DESC= Python VICI protocol plugin +SCEP_DESC= Enable Simple Certificate Enrollment Protocol +SMP_DESC= Enable XML-based management protocol (DEPRECATED) +SWANCTL_DESC= Install swanctl (requires VICI) TESTVECTOR_DESC= Enable crypto test vectors -TPM_DESC= Enable TPM plugin -TSS2_DESC= Enable TPM 2.0 TSS2 library -UNBOUND_DESC= Enable DNSSEC-enabled resolver -UNITY_DESC= Enable Cisco Unity extension plugin -VIA_DESC= Enable VIA Padlock support -VICI_DESC= Enable VICI management protocol -VSTR_DESC= Use devel/vstr printf hooks -XAUTH_DESC= Enable XAuth password verification +TPM_DESC= Enable TPM plugin +TSS2_DESC= Enable TPM 2.0 TSS2 library +UNBOUND_DESC= Enable DNSSEC-enabled resolver +UNITY_DESC= Enable Cisco Unity extension plugin +VIA_DESC= Enable VIA Padlock support +VICI_DESC= Enable VICI management protocol +VSTR_DESC= Use devel/vstr printf hooks +XAUTH_DESC= Enable XAuth password verification # Extra options -BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin -CURL_LIB_DEPENDS= libcurl.so:ftp/curl -CURL_CONFIGURE_ON= --enable-curl -EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp -EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2 -EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic -EAPRADIUS_CONFIGURE_ON= --enable-eap-radius -EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file -FARP_CONFIGURE_ON= --enable-farp -GCM_CONFIGURE_ON= --enable-gcm -IKEV1_CONFIGURE_OFF= --disable-ikev1 -IPSECKEY_CONFIGURE_ON= --enable-ipseckey +BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin +CURL_LIB_DEPENDS= libcurl.so:ftp/curl +CURL_CONFIGURE_ON= --enable-curl +EAPAKA3GPP2_LIB_DEPENDS= libgmp.so:math/gmp +EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka \ + --enable-eap-aka-3gpp2 +EAPDYNAMIC_CONFIGURE_ON= --enable-eap-dynamic +EAPRADIUS_CONFIGURE_ON= --enable-eap-radius +EAPSIMFILE_CONFIGURE_ON= --enable-eap-sim \ + --enable-eap-sim-file +FARP_CONFIGURE_ON= --enable-farp +GCM_CONFIGURE_ON= --enable-gcm +IKEV1_CONFIGURE_OFF= --disable-ikev1 +IPSECKEY_CONFIGURE_ON= --enable-ipseckey KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec -LDAP_USE= OPENLDAP=yes -LDAP_CONFIGURE_ON= --enable-ldap -LIBC_CONFIGURE_ON= --with-printf-hooks=glibc -LOADTESTER_CONFIGURE_ON=--enable-load-tester -MEDIATION_CONFIGURE_ON= --enable-mediation -MYSQL_USES= mysql -MYSQL_CONFIGURE_ON= --enable-mysql -PKCS11_CONFIGURE_ON= --enable-pkcs11 -PKI_CONFIGURE_OFF= --disable-pki -PYTHON_IMPLIES= VICI -PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR} -PYTHON_USES= python -SCEP_CONFIGURE_OFF= --disable-scepclient -SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2 -SMP_CONFIGURE_ON= --enable-smp -SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3 -SQLITE_CONFIGURE_ON= --enable-sqlite -SWANCTL_IMPLIES= VICI -SWANCTL_CONFIGURE_ON= --enable-swanctl -TESTVECTOR_CONFIGURE_ON=--enable-test-vectors -TPM_CONFIGURE_ON= --enable-tpm -TSS2_LIB_DEPENDS= libtss2-sys.so:security/tpm2-tss -TSS2_CONFIGURE_ON= --enable-tss-tss2 -UNBOUND_LIB_DEPENDS= libunbound.so:dns/unbound \ - libldns.so:dns/ldns -UNBOUND_CONFIGURE_ON= --enable-unbound -UNITY_CONFIGURE_ON= --enable-unity -VIA_CONFIGURE_ON= --enable-padlock -VICI_CONFIGURE_ON= --enable-vici -VSTR_LIB_DEPENDS= libvstr.so:devel/vstr -VSTR_CONFIGURE_ON= --with-printf-hooks=vstr -XAUTH_CONFIGURE_ON= --enable-xauth-eap \ - --enable-xauth-generic \ - --enable-xauth-pam +LDAP_USE= OPENLDAP=yes +LDAP_CONFIGURE_ON= --enable-ldap +LIBC_CONFIGURE_ON= --with-printf-hooks=glibc +LOADTESTER_CONFIGURE_ON= --enable-load-tester +MEDIATION_CONFIGURE_ON= --enable-mediation +MYSQL_USES= mysql +MYSQL_CONFIGURE_ON= --enable-mysql +PKCS11_CONFIGURE_ON= --enable-pkcs11 +PKI_CONFIGURE_OFF= --disable-pki +PYTHON_IMPLIES= VICI +PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR} +PYTHON_USES= python +SCEP_CONFIGURE_OFF= --disable-scepclient +SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2 +SMP_CONFIGURE_ON= --enable-smp +SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3 +SQLITE_CONFIGURE_ON= --enable-sqlite +SWANCTL_IMPLIES= VICI +SWANCTL_CONFIGURE_ON= --enable-swanctl +TESTVECTOR_CONFIGURE_ON= --enable-test-vectors +TPM_CONFIGURE_ON= --enable-tpm +TSS2_LIB_DEPENDS= libtss2-sys.so:security/tpm2-tss +TSS2_CONFIGURE_ON= --enable-tss-tss2 +UNBOUND_LIB_DEPENDS= libldns.so:dns/ldns \ + libunbound.so:dns/unbound +UNBOUND_CONFIGURE_ON= --enable-unbound +UNITY_CONFIGURE_ON= --enable-unity +VIA_CONFIGURE_ON= --enable-padlock +VICI_CONFIGURE_ON= --enable-vici +VICI_SUB_LIST= INTERFACE="vici" +VICI_SUB_LIST_OFF= INTERFACE="stroke" +VSTR_LIB_DEPENDS= libvstr.so:devel/vstr +VSTR_CONFIGURE_ON= --with-printf-hooks=vstr +XAUTH_CONFIGURE_ON= --enable-xauth-eap \ + --enable-xauth-generic \ + --enable-xauth-pam .include @@ -140,10 +143,11 @@ PLIST_SUB+= SIMAKA="@comment " .endif .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE} -CONFIGURE_ARGS+= --enable-attr-sql --enable-sql -PLIST_SUB+= SQL="" +CONFIGURE_ARGS+= --enable-attr-sql \ + --enable-sql +PLIST_SUB+= SQL="" .else -PLIST_SUB+= SQL="@comment " +PLIST_SUB+= SQL="@comment " .endif .if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH} diff --git a/security/strongswan/files/strongswan.in b/security/strongswan/files/strongswan.in index 6bb22a8c7b3b..443e2e4738a2 100644 --- a/security/strongswan/files/strongswan.in +++ b/security/strongswan/files/strongswan.in @@ -14,7 +14,7 @@ # Valid options are: # "stroke" for the old ipsec/startr interface # "vici" for the newer swanctl intrface -# Default is "stroke" +# Default is "%%INTERFACE%%" . /etc/rc.subr @@ -26,7 +26,7 @@ rcvar=strongswan_enable load_rc_config $name : ${strongswan_enable:=NO} -: ${strongswan_interface:="vici"} +: ${strongswan_interface:="%%INTERFACE%%"} extra_commands="reload statusall" diff --git a/security/strongswan/pkg-message b/security/strongswan/pkg-message new file mode 100644 index 000000000000..e882f4d0f7c0 --- /dev/null +++ b/security/strongswan/pkg-message @@ -0,0 +1,19 @@ +[ +{ type: install + message: <