* [meta-networking][PATCH v3 0/2] strongswan PACKAGECONFIG
@ 2020-11-10 15:29 Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
0 siblings, 2 replies; 3+ messages in thread
From: Nick Rosbrook @ 2020-11-10 15:29 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
These patches add a couple new PACKAGECONFIG options for EAP, and update
the default options to use swanctl, rather than deprecated components.
v2:
- Make systemd-charon conditional on systemd DISTRO_FEATURE
- Don't resend "strongswan: add some PACKAGECONFIG options for EAP"
since it was already committed
- Add a patch to remove ldap from PACKAGECONFIG by default
v3:
- Use 'charon' as the false value in the DISTRO_FEATURES contains
systemd check
- Update ldap patch
Nick Rosbrook (2):
strongswan: do not use deprecated stroke and starter by default
strongswan: remove ldap from default PACKAGECONFIG
.../recipes-support/strongswan/strongswan_5.8.4.bb | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [meta-networking][PATCH v3 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-10 15:29 [meta-networking][PATCH v3 0/2] strongswan PACKAGECONFIG Nick Rosbrook
@ 2020-11-10 15:29 ` Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
1 sibling, 0 replies; 3+ messages in thread
From: Nick Rosbrook @ 2020-11-10 15:29 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
.../recipes-support/strongswan/strongswan_5.8.4.bb | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index ca645ed2c..7f2a2b1e4 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -25,7 +25,8 @@ EXTRA_OECONF = " \
EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
-PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
+PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
@@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
-SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
+
+# The deprecated legacy 'strongswan-starter' service should only be used when charon and
+# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
+# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
+SYSTEMD_SERVICE_${PN} = " \
+ ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
+"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [meta-networking][PATCH v3 2/2] strongswan: remove ldap from default PACKAGECONFIG
2020-11-10 15:29 [meta-networking][PATCH v3 0/2] strongswan PACKAGECONFIG Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-10 15:29 ` Nick Rosbrook
1 sibling, 0 replies; 3+ messages in thread
From: Nick Rosbrook @ 2020-11-10 15:29 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index 7f2a2b1e4..bd3e87a3f 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -27,7 +27,6 @@ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-syst
PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \
- ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-11-10 15:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10 15:29 [meta-networking][PATCH v3 0/2] strongswan PACKAGECONFIG Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-10 15:29 ` [meta-networking][PATCH v3 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.