* [meta-networking][PATCH 0/2] strongswan PACKAGECONFIG options
@ 2020-11-05 19:49 rosbrookn
2020-11-05 19:49 ` [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-05 19:49 ` [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP Nick Rosbrook
0 siblings, 2 replies; 7+ messages in thread
From: rosbrookn @ 2020-11-05 19:49 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
These patches add a couple new PACKAGECONFIG options for EAP, and update
the default options to use swanctl, rather than deprecated components.
Nick Rosbrook (2):
strongswan: do not use deprecated stroke and starter by default
strongswan: add some PACKAGECONFIG options for EAP
.../recipes-support/strongswan/strongswan_5.8.4.bb | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-05 19:49 [meta-networking][PATCH 0/2] strongswan PACKAGECONFIG options rosbrookn
@ 2020-11-05 19:49 ` Nick Rosbrook
2020-11-05 20:20 ` Khem Raj
2020-11-05 19:49 ` [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP Nick Rosbrook
1 sibling, 1 reply; 7+ messages in thread
From: Nick Rosbrook @ 2020-11-05 19:49 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
.../recipes-support/strongswan/strongswan_5.8.4.bb | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index 8a8809243..59641cb83 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -25,7 +25,7 @@ EXTRA_OECONF = " \
EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
-PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
+PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl systemd-charon \
${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
@@ -133,4 +133,11 @@ RDEPENDS_${PN} += "\
RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
-SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
+
+# The deprecated legacy 'strongswan-starter' service should only be used when charon and
+# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
+# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
+SYSTEMD_SERVICE_${PN} = " \
+ ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
+"
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP
2020-11-05 19:49 [meta-networking][PATCH 0/2] strongswan PACKAGECONFIG options rosbrookn
2020-11-05 19:49 ` [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-05 19:49 ` Nick Rosbrook
2020-11-09 21:31 ` Khem Raj
1 sibling, 1 reply; 7+ messages in thread
From: Nick Rosbrook @ 2020-11-05 19:49 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
Add options for eap-identity and eap-mschapv2 plugins.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index 59641cb83..075982c77 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -32,6 +32,8 @@ PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
PACKAGECONFIG[charon] = "--enable-charon,--disable-charon,"
PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl"
+PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity"
+PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2"
PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp"
PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap"
PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql"
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-05 19:49 ` [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-05 20:20 ` Khem Raj
2020-11-05 20:55 ` Nick Rosbrook
0 siblings, 1 reply; 7+ messages in thread
From: Khem Raj @ 2020-11-05 20:20 UTC (permalink / raw)
To: Nick Rosbrook; +Cc: openembeded-devel, Nick Rosbrook
On Thu, Nov 5, 2020 at 11:49 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
>
> The swanctl and vici configuration of strongswan is preferred, as the stroke
> plugin used with starter is deprecated. As a reasonable default, add swanctl
> systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
>
> While here, make sure strongswan-starter.service is only installed when
> charon is enabled. The current unconditional installation of
> strongswan-starter.service can break systems which install strongswan.service
> for use with swanctl.
>
> Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> ---
> .../recipes-support/strongswan/strongswan_5.8.4.bb | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> index 8a8809243..59641cb83 100644
> --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> @@ -25,7 +25,7 @@ EXTRA_OECONF = " \
>
> EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
>
> -PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
> +PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl systemd-charon \
> ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
ldap is not a standard DISTRO_FEATURE so lets keep it disabled by
default. secondly enabling systemd-charon here would mean it wont work
with sysvinit so lets make that
option depend on systemd DISTRO_FEATURE
> "
> PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
> @@ -133,4 +133,11 @@ RDEPENDS_${PN} += "\
> RPROVIDES_${PN} += "${PN}-systemd"
> RREPLACES_${PN} += "${PN}-systemd"
> RCONFLICTS_${PN} += "${PN}-systemd"
> -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
> +
> +# The deprecated legacy 'strongswan-starter' service should only be used when charon and
> +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
> +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
> +SYSTEMD_SERVICE_${PN} = " \
> + ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
> + ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
> +"
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-05 20:20 ` Khem Raj
@ 2020-11-05 20:55 ` Nick Rosbrook
2020-11-06 1:20 ` Khem Raj
0 siblings, 1 reply; 7+ messages in thread
From: Nick Rosbrook @ 2020-11-05 20:55 UTC (permalink / raw)
To: Khem Raj; +Cc: openembeded-devel, Nick Rosbrook
On Thu, Nov 05, 2020 at 12:20:36PM -0800, Khem Raj wrote:
> On Thu, Nov 5, 2020 at 11:49 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
> >
> > The swanctl and vici configuration of strongswan is preferred, as the stroke
> > plugin used with starter is deprecated. As a reasonable default, add swanctl
> > systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
> >
> > While here, make sure strongswan-starter.service is only installed when
> > charon is enabled. The current unconditional installation of
> > strongswan-starter.service can break systems which install strongswan.service
> > for use with swanctl.
> >
> > Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> > ---
> > .../recipes-support/strongswan/strongswan_5.8.4.bb | 11 +++++++++--
> > 1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > index 8a8809243..59641cb83 100644
> > --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > @@ -25,7 +25,7 @@ EXTRA_OECONF = " \
> >
> > EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
> >
> > -PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
> > +PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl systemd-charon \
> > ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
>
> ldap is not a standard DISTRO_FEATURE so lets keep it disabled by
> default. secondly enabling systemd-charon here would mean it wont work
> with sysvinit so lets make that
> option depend on systemd DISTRO_FEATURE
To be clear, the ldap line is not from this patch. That is in the
existing recipe. But, if you're asking me to change that while I'm here,
I'm happy to do so.
I will make systemd-charon depend on the systemd DISTRO_FEATURE.
Thanks,
-NR
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-05 20:55 ` Nick Rosbrook
@ 2020-11-06 1:20 ` Khem Raj
0 siblings, 0 replies; 7+ messages in thread
From: Khem Raj @ 2020-11-06 1:20 UTC (permalink / raw)
To: Nick Rosbrook; +Cc: openembeded-devel, Nick Rosbrook
On Thu, Nov 5, 2020 at 12:55 PM Nick Rosbrook <rosbrookn@gmail.com> wrote:
>
> On Thu, Nov 05, 2020 at 12:20:36PM -0800, Khem Raj wrote:
> > On Thu, Nov 5, 2020 at 11:49 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
> > >
> > > The swanctl and vici configuration of strongswan is preferred, as the stroke
> > > plugin used with starter is deprecated. As a reasonable default, add swanctl
> > > systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
> > >
> > > While here, make sure strongswan-starter.service is only installed when
> > > charon is enabled. The current unconditional installation of
> > > strongswan-starter.service can break systems which install strongswan.service
> > > for use with swanctl.
> > >
> > > Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> > > ---
> > > .../recipes-support/strongswan/strongswan_5.8.4.bb | 11 +++++++++--
> > > 1 file changed, 9 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > > index 8a8809243..59641cb83 100644
> > > --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > > +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> > > @@ -25,7 +25,7 @@ EXTRA_OECONF = " \
> > >
> > > EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
> > >
> > > -PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
> > > +PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl systemd-charon \
> > > ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
> >
> > ldap is not a standard DISTRO_FEATURE so lets keep it disabled by
> > default. secondly enabling systemd-charon here would mean it wont work
> > with sysvinit so lets make that
> > option depend on systemd DISTRO_FEATURE
>
> To be clear, the ldap line is not from this patch. That is in the
> existing recipe. But, if you're asking me to change that while I'm here,
> I'm happy to do so.
OK please do it while you are here.
>
> I will make systemd-charon depend on the systemd DISTRO_FEATURE.
>
> Thanks,
> -NR
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP
2020-11-05 19:49 ` [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP Nick Rosbrook
@ 2020-11-09 21:31 ` Khem Raj
0 siblings, 0 replies; 7+ messages in thread
From: Khem Raj @ 2020-11-09 21:31 UTC (permalink / raw)
To: Nick Rosbrook; +Cc: openembeded-devel, Nick Rosbrook
Hi Nick
I am seeing a failure with clang compiler
https://errors.yoctoproject.org/Errors/Details/537872/
Other builds have not finished yet so don't know if its specific to
clang or generic.
On Thu, Nov 5, 2020 at 11:50 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
>
> Add options for eap-identity and eap-mschapv2 plugins.
>
> Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> ---
> meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> index 59641cb83..075982c77 100644
> --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> @@ -32,6 +32,8 @@ PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
> PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
> PACKAGECONFIG[charon] = "--enable-charon,--disable-charon,"
> PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl"
> +PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity"
> +PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2"
> PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp"
> PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap"
> PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql"
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-11-09 21:32 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-05 19:49 [meta-networking][PATCH 0/2] strongswan PACKAGECONFIG options rosbrookn
2020-11-05 19:49 ` [meta-networking][PATCH 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-05 20:20 ` Khem Raj
2020-11-05 20:55 ` Nick Rosbrook
2020-11-06 1:20 ` Khem Raj
2020-11-05 19:49 ` [meta-networking][PATCH 2/2] strongswan: add some PACKAGECONFIG options for EAP Nick Rosbrook
2020-11-09 21:31 ` Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.