summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-09-03 17:43:25 +0000
committerflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-09-03 17:43:25 +0000
commit14f98984d719bb2660a48b3e7b997465db73216e (patch)
tree11e715cabee8682a9dfe950edf4ddabe6ac1df1c
parent3b42d8a75cdea08fc99a825e76079991a46ad298 (diff)
Add isakmpd, OpenBSD's IKE daemon
git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4741 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/isakmpd/Makefile50
-rw-r--r--package/isakmpd/patches/01-standardize.patch132
-rw-r--r--package/isakmpd/patches/02-openssl_hashes.patch154
3 files changed, 336 insertions, 0 deletions
diff --git a/package/isakmpd/Makefile b/package/isakmpd/Makefile
new file mode 100644
index 0000000000..d0ae6f6c97
--- /dev/null
+++ b/package/isakmpd/Makefile
@@ -0,0 +1,50 @@
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id: Makefile 4619 2006-08-22 09:50:02Z florian $
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=isakmpd
+PKG_VERSION:=20040115cvs
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@SF/isakmpd
+PKG_MD5SUM:=9f59b10d57cfed5e95743255f1c1620d
+PKG_CAT:=bzcat
+
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/isakmpd
+SECTION:=base
+CATEGORY:=Network
+DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp
+TITLE:=IPsec management tools
+DESCRIPTION:=IPsec management tools
+URL:=http://isakmpd.sourceforge.net/
+endef
+
+define Build/Compile
+ $(call Build/Compile/Default,LINUX_DIR="$(LINUX_DIR)" \
+ STAGING_DIR="$(STAGING_DIR)" \
+ DESTDIR="$(PKG_INSTALL_DIR)")
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ INSTALL="install -c" \
+ install-bin
+endef
+
+define Package/isakmpd/install
+ install -d -m0755 $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/* $(1)/
+endef
+
+$(eval $(call BuildPackage,isakmpd))
diff --git a/package/isakmpd/patches/01-standardize.patch b/package/isakmpd/patches/01-standardize.patch
new file mode 100644
index 0000000000..74ffac2d50
--- /dev/null
+++ b/package/isakmpd/patches/01-standardize.patch
@@ -0,0 +1,132 @@
+diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
+--- isakmpd/GNUmakefile 2004-01-16 13:36:32.000000000 +0100
++++ isakmpd.new/GNUmakefile 2006-09-03 17:33:03.000000000 +0200
+@@ -40,12 +40,12 @@
+ # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
+ # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5
+ # and later with native IPSec support.
+-OS= openbsd
++#OS= openbsd
+ #OS= netbsd
+ #OS= freebsd
+ #OS= freeswan
+ #OS= darwin
+-#OS= linux
++OS= linux
+
+ .CURDIR:= $(shell pwd)
+ VPATH= ${.CURDIR}/sysdep/${OS}
+@@ -53,11 +53,11 @@
+ PROG= isakmpd
+
+ ifndef BINDIR
+-BINDIR= /sbin
+-endif
+-ifndef LDSTATIC
+-LDSTATIC= -static
++BINDIR= /usr/sbin
+ endif
++#ifndef LDSTATIC
++#LDSTATIC= -static
++#endif
+
+ SRCS= app.c attribute.c cert.c connection.c \
+ constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \
+@@ -154,7 +154,7 @@
+
+ ifdef USE_KEYNOTE
+ USE_LIBCRYPTO= yes
+-LDADD+= -lkeynote -lm
++LDADD+= -L${LIBKEYNOTEDIR} -lkeynote -lm
+ DPADD+= ${LIBKEYNOTE} ${LIBM}
+ POLICY= policy.c
+ CFLAGS+= -DUSE_KEYNOTE
+@@ -238,3 +238,16 @@
+
+ realcleandepend:
+ rm -f .depend tags
++
++# Install rules
++install: install-bin install-man
++
++install-bin: isakmpd
++ -mkdir -p $(DESTDIR)$(BINDIR)
++ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR)
++
++install-man:
++ -mkdir -p $(DESTDIR)$(MANDIR)/man8
++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8
++ -mkdir -p $(DESTDIR)$(MANDIR)/man5
++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5
+diff -urN isakmpd/samples/Makefile isakmpd.new/samples/Makefile
+--- isakmpd/samples/Makefile 2003-06-03 16:39:50.000000000 +0200
++++ isakmpd.new/samples/Makefile 2006-09-03 17:07:24.000000000 +0200
+@@ -26,7 +26,7 @@
+ #
+
+ FILES= VPN-* policy singlehost-*
+-TARGETDIR= /usr/share/ipsec/isakmpd
++TARGETDIR= /usr/share/isakmpd/samples
+
+ # The mkdir below is for installation on OpenBSD pre 2.7
+ install:
+diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
+--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2004-01-16 13:36:42.000000000 +0100
++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-03 17:16:48.000000000 +0200
+@@ -25,18 +25,20 @@
+ # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ #
+
+-LIBGMP:= /usr/lib/libgmp.a
+-LIBCRYPTO:= /usr/lib/libcrypto.a
++LIBGMP:= -lgmp
++LIBCRYPTO:= -lcrypto
+ LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
+ LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
+
+-LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
++LIBKEYNOTEDIR:= $(STAGING_DIR)/usr/include
++
++LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} -L$(STAGING_DIR)/usr/lib
+ DPADD+= ${LIBGMP} ${LIBSYSDEP}
+
+ CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
+ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \
+- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \
+- -I/usr/include/openssl
++ -I$(LINUX_DIR)/include -I${.CURDIR}/sysdep/common \
++ -I$(STAGING_DIR)/usr/include/openssl -I${LIBKEYNOTEDIR}
+
+ FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
+
+@@ -50,7 +52,7 @@
+ # hack libsysdep.a dependenc
+ ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
+ cd ${LIBSYSDEPDIR} && \
+- ${MAKE} --no-print-directory ${MAKEFLAGS} \
++ ${MAKE} --no-print-directory \
+ CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
+
+ ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
+diff -urN isakmpd/x509.c isakmpd.new/x509.c
+--- isakmpd/x509.c 2004-01-06 01:09:19.000000000 +0100
++++ isakmpd.new/x509.c 2006-09-03 17:07:24.000000000 +0200
+@@ -969,14 +969,14 @@
+ * trust.
+ */
+ X509_STORE_CTX_init (&csc, x509_cas, cert, NULL);
+-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+- /* XXX See comment in x509_read_crls_from_dir. */
+- if (x509_cas->flags & X509_V_FLAG_CRL_CHECK)
++//#if OPENSSL_VERSION_NUMBER >= 0x00907000L
++ /* XXX See comment in x509_read_crls_from_dir. */
++ /*if (x509_cas->flags & X509_V_FLAG_CRL_CHECK)
+ {
+ X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK);
+ X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK_ALL);
+ }
+-#endif
++#endif */
+ res = X509_verify_cert (&csc);
+ err = csc.error;
+ X509_STORE_CTX_cleanup (&csc);
diff --git a/package/isakmpd/patches/02-openssl_hashes.patch b/package/isakmpd/patches/02-openssl_hashes.patch
new file mode 100644
index 0000000000..680db86a31
--- /dev/null
+++ b/package/isakmpd/patches/02-openssl_hashes.patch
@@ -0,0 +1,154 @@
+diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
+--- isakmpd/GNUmakefile 2006-09-01 19:29:05.000000000 +0200
++++ isakmpd.new/GNUmakefile 2006-09-01 19:29:28.000000000 +0200
+@@ -75,13 +75,14 @@
+ isakmp_fld.c isakmp_fld.h
+ MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
+
+-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
++CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \
+ -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
+
+ # Different debugging & profiling suggestions
+
+ # Include symbolic debugging info
+ DEBUG= -g
++CFLAGS+= -g
+
+ # Do execution time profiles
+ #CFLAGS+= -pg
+@@ -172,6 +173,14 @@
+ CFLAGS+= -DUSE_RAWKEY
+ endif
+
++ifdef USE_OPENSSL_MD5
++CFLAGS+= -DUSE_OPENSSL_MD5
++endif
++
++ifdef USE_OPENSSL_SHA1
++CFLAGS+= -DUSE_OPENSSL_SHA1
++endif
++
+ SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+ $(ISAKMP_CFG)
+ CFLAGS+= ${IPSEC_CFLAGS}
+diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile
+--- isakmpd/sysdep/common/libsysdep/GNUmakefile 2003-06-03 16:52:06.000000000 +0200
++++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile 2006-09-01 19:29:28.000000000 +0200
+@@ -31,10 +31,18 @@
+ .CURDIR:= $(shell pwd)
+
+ LIB= sysdep
+-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
++SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
+ NOMAN=
+ CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+
++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
++SRCS+=md5.c
++endif
++
++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
++SRCS+=sha1.c
++endif
++
+ lib${LIB}.a: ${SRCS:%.c=%.o}
+ ar cq $@ ${SRCS:%.c=%.o}
+
+diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c
+--- isakmpd/sysdep/common/libsysdep/md5.c 2002-06-14 23:34:58.000000000 +0200
++++ isakmpd.new/sysdep/common/libsysdep/md5.c 2006-09-01 19:29:28.000000000 +0200
+@@ -5,6 +5,8 @@
+ * changes to accommodate it in the kernel by ji.
+ */
+
++#ifndef USE_OPENSSL_MD5
++
+ /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+@@ -390,3 +392,4 @@
+ #endif
+ #endif
+
++#endif /* USE_OPENSSL_MD5 */
+diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c
+--- isakmpd/sysdep/common/libsysdep/sha1.c 2001-01-28 23:38:48.000000000 +0100
++++ isakmpd.new/sysdep/common/libsysdep/sha1.c 2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,7 @@
+ /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
+
++#ifndef USE_OPENSSL_SHA1
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -171,3 +173,5 @@
+ SHA1Transform(context->state, context->buffer);
+ #endif
+ }
++
++#endif /* USE_OPENSSL_SHA1 */
+diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h
+--- isakmpd/sysdep/common/md5.h 2001-01-28 23:38:47.000000000 +0100
++++ isakmpd.new/sysdep/common/md5.h 2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,15 @@
+ /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+
++#ifdef USE_OPENSSL_MD5
++
++#include <openssl/md5.h>
++
++#define MD5Init MD5_Init
++#define MD5Update MD5_Update
++#define MD5Final MD5_Final
++
++#else /* USE_OPENSSL_MD5 */
++
+ /* GLOBAL.H - RSAREF types and constants
+ */
+
+@@ -71,3 +81,5 @@
+ void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+
+ #define _MD5_H_
++
++#endif /* USE_OPENSSL_MD5 */
+diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h
+--- isakmpd/sysdep/common/sha1.h 2001-01-28 23:38:47.000000000 +0100
++++ isakmpd.new/sysdep/common/sha1.h 2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,16 @@
+ /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+
++#ifdef USE_OPENSSL_SHA1
++
++#include <openssl/sha.h>
++
++typedef SHA_CTX SHA1_CTX;
++#define SHA1Init SHA1_Init
++#define SHA1Update SHA1_Update
++#define SHA1Final SHA1_Final
++
++#else /* USE_OPENSSL_SHA1 */
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -16,3 +27,5 @@
+ void SHA1Init(SHA1_CTX* context);
+ void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
+ void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
++
++#endif /* USE_OPENSSL_SHA1 */
+diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
+--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:05.000000000 +0200
++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:29.000000000 +0200
+@@ -48,6 +48,8 @@
+ USE_LIBCRYPO= defined
+ HAVE_DLOPEN= defined
+ USE_KEYNOTE= defined
++USE_OPENSSL_MD5= defined
++USE_OPENSSL_SHA1= defined
+
+ # hack libsysdep.a dependenc
+ ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: