strongswan: bump
This commit is contained in:
Shea Levy
parent
826f5468ab
commit
4fe383de48
@ -1,16 +1,14 @@
|
||||
{ stdenv, fetchurl, gmp, autoreconfHook, gettext, pkgconfig }:
|
||||
{ stdenv, fetchurl, gmp, pkgconfig }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "strongswan-5.2.0";
|
||||
name = "strongswan-5.2.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.strongswan.org/${name}.tar.bz2";
|
||||
sha256 = "1ki6v9c54ykppqnj3prgh62na97yajnvnm2zr1gjxzv05syk035h";
|
||||
sha256 = "05cjjd7gg65bl6fswj2r2i13nn1nk4x86s06y75gwfdvnlrsnlga";
|
||||
};
|
||||
|
||||
patches = [ ./respect-path.patch ./no-hardcoded-sysconfdir.patch ];
|
||||
|
||||
buildInputs = [ gmp autoreconfHook gettext pkgconfig ];
|
||||
buildInputs = [ gmp pkgconfig ];
|
||||
|
||||
configureFlags = [ "--enable-swanctl" "--enable-cmd" ];
|
||||
|
||||
|
||||
@ -1,145 +0,0 @@
|
||||
commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 15:14:47 2014 -0400
|
||||
|
||||
Allow specifying the ipsec.conf location in strongswan.conf
|
||||
|
||||
diff --git a/conf/options/starter.opt b/conf/options/starter.opt
|
||||
index 4e6574d..6d7162a 100644
|
||||
--- a/conf/options/starter.opt
|
||||
+++ b/conf/options/starter.opt
|
||||
@@ -3,3 +3,6 @@ starter.load =
|
||||
|
||||
starter.load_warning = yes
|
||||
Disable charon plugin load option warning.
|
||||
+
|
||||
+starter.config_file = ${sysconfdir}/ipsec.conf
|
||||
+ Location of the ipsec.conf conf file
|
||||
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||||
index 5c84593..1f365cc 100644
|
||||
--- a/src/starter/starter.c
|
||||
+++ b/src/starter/starter.c
|
||||
@@ -488,7 +488,8 @@ int main (int argc, char **argv)
|
||||
}
|
||||
if (!config_file)
|
||||
{
|
||||
- config_file = CONFIG_FILE;
|
||||
+ config_file = lib->settings->get_str(lib->settings, "starter.config_file",
|
||||
+ CONFIG_FILE);
|
||||
}
|
||||
|
||||
init_log("ipsec_starter");
|
||||
|
||||
commit 8b839cec684e26ed96f3d891b3ae3565558b2cff
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 15:11:03 2014 -0400
|
||||
|
||||
Allow specifying the ipsec.secrets location in strongswan.conf
|
||||
|
||||
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
|
||||
index 2cfc2c6..b3ca2b7 100644
|
||||
--- a/conf/plugins/stroke.opt
|
||||
+++ b/conf/plugins/stroke.opt
|
||||
@@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no
|
||||
charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
|
||||
Socket provided by the stroke plugin.
|
||||
|
||||
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
|
||||
+ Location of the ipsec.secrets conf file
|
||||
+
|
||||
charon.plugins.stroke.timeout = 0
|
||||
Timeout in ms for any stroke command. Use 0 to disable the timeout.
|
||||
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
index f908219..673e492 100644
|
||||
--- a/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
|
||||
@@ -67,6 +67,7 @@ struct private_stroke_cred_t {
|
||||
/**
|
||||
* credentials
|
||||
*/
|
||||
+ char *secrets_file;
|
||||
mem_cred_t *creds;
|
||||
|
||||
/**
|
||||
@@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void,
|
||||
if (msg->reread.flags & REREAD_SECRETS)
|
||||
{
|
||||
DBG1(DBG_CFG, "rereading secrets");
|
||||
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
|
||||
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
|
||||
}
|
||||
if (msg->reread.flags & REREAD_CACERTS)
|
||||
{
|
||||
@@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create()
|
||||
.cachecrl = _cachecrl,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
+ .secrets_file = lib->settings->get_str(lib->settings,
|
||||
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
|
||||
+ lib->ns),
|
||||
.creds = mem_cred_create(),
|
||||
);
|
||||
|
||||
@@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create()
|
||||
FALSE, lib->ns);
|
||||
|
||||
load_certs(this);
|
||||
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
|
||||
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||||
index 71f33ae..5c84593 100644
|
||||
--- a/src/starter/starter.c
|
||||
+++ b/src/starter/starter.c
|
||||
@@ -263,8 +263,11 @@ static void generate_selfcert()
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
+ const char *secrets_file = lib->settings->get_str(lib->settings,
|
||||
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
|
||||
+
|
||||
/* if ipsec.secrets file is missing then generate RSA default key pair */
|
||||
- if (stat(SECRETS_FILE, &stb) != 0)
|
||||
+ if (stat(secrets_file, &stb) != 0)
|
||||
{
|
||||
mode_t oldmask;
|
||||
FILE *f;
|
||||
@@ -302,7 +305,7 @@ static void generate_selfcert()
|
||||
/* ipsec.secrets is root readable only */
|
||||
oldmask = umask(0066);
|
||||
|
||||
- f = fopen(SECRETS_FILE, "w");
|
||||
+ f = fopen(secrets_file, "w");
|
||||
if (f)
|
||||
{
|
||||
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
|
||||
@@ -310,7 +313,7 @@ static void generate_selfcert()
|
||||
fprintf(f, ": RSA myKey.der\n");
|
||||
fclose(f);
|
||||
}
|
||||
- ignore_result(chown(SECRETS_FILE, uid, gid));
|
||||
+ ignore_result(chown(secrets_file, uid, gid));
|
||||
umask(oldmask);
|
||||
}
|
||||
}
|
||||
|
||||
commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Tue Sep 30 14:31:50 2014 -0400
|
||||
|
||||
Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var
|
||||
|
||||
diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c
|
||||
--- a/src/libstrongswan/library.c 2014-06-05 03:50:30.000000000 -0400
|
||||
+++ b/src/libstrongswan/library.c 2014-09-30 15:25:27.927757711 -0400
|
||||
@@ -307,7 +307,7 @@
|
||||
#ifdef STRONGSWAN_CONF
|
||||
if (!settings)
|
||||
{
|
||||
- settings = STRONGSWAN_CONF;
|
||||
+ settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF;
|
||||
}
|
||||
#endif
|
||||
this->public.settings = settings_create(settings);
|
||||
@ -1,36 +0,0 @@
|
||||
commit 0de10fe4950672053fe2b242bcec064e9e88c880
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Fri Sep 19 14:32:22 2014 -0400
|
||||
|
||||
Don't fail to install if sysconfdir isn't writable
|
||||
|
||||
diff --git a/conf/Makefile.am b/conf/Makefile.am
|
||||
index 373be16..85b7b0e 100644
|
||||
--- a/conf/Makefile.am
|
||||
+++ b/conf/Makefile.am
|
||||
@@ -152,9 +152,9 @@ maintainer-clean-local:
|
||||
rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
|
||||
|
||||
install-data-local: $(plugins_install_src)
|
||||
- test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
|
||||
- test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
|
||||
- test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
|
||||
+ test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true
|
||||
+ test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true
|
||||
+ test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
|
||||
test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
|
||||
for f in $(options_install_src); do \
|
||||
name=`basename $$f`; \
|
||||
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
|
||||
index 385737a..912fdf8 100644
|
||||
--- a/src/swanctl/Makefile.am
|
||||
+++ b/src/swanctl/Makefile.am
|
||||
@@ -54,7 +54,7 @@ maintainer-clean-local:
|
||||
cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
|
||||
|
||||
install-data-local: swanctl.conf
|
||||
- test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
|
||||
+ test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
|
||||
test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
|
||||
test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
|
||||
test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
|
||||
@ -1,19 +0,0 @@
|
||||
commit 09c4ae5b7bcd7057bede788f02c1d2d30aeeacda
|
||||
Author: Shea Levy <shea@shealevy.com>
|
||||
Date: Thu Sep 18 02:00:03 2014 -0400
|
||||
|
||||
ipsec script: just append to PATH if already set
|
||||
|
||||
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
|
||||
index e6725d0..82041f4 100644
|
||||
--- a/src/ipsec/_ipsec.in
|
||||
+++ b/src/ipsec/_ipsec.in
|
||||
@@ -15,7 +15,7 @@
|
||||
# for more details.
|
||||
|
||||
# define a minimum PATH environment in case it is not set
|
||||
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
|
||||
+PATH="${PATH:-/sbin:/bin:/usr/sbin:/usr/bin}:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
|
||||
export PATH
|
||||
|
||||
# set daemon name
|
||||
Loading…
Reference in New Issue
Block a user