* [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG
@ 2020-11-09 15:34 Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
0 siblings, 2 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
These patches add a couple new PACKAGECONFIG options for EAP, and update
the default options to use swanctl, rather than deprecated components.
v2:
- Make systemd-charon conditional on systemd DISTRO_FEATURE
- Don't resend "strongswan: add some PACKAGECONFIG options for EAP"
since it was already committed
- Add a patch to remove ldap from PACKAGECONFIG by default
Nick Rosbrook (2):
strongswan: do not use deprecated stroke and starter by default
strongswan: remove ldap from default PACKAGECONFIG
.../recipes-support/strongswan/strongswan_5.8.4.bb | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
@ 2020-11-09 15:34 ` Nick Rosbrook
2020-11-10 0:00 ` Khem Raj
2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
1 sibling, 1 reply; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
and systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
.../recipes-support/strongswan/strongswan_5.8.4.bb | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index ca645ed2c..abba86e39 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -25,7 +25,8 @@ EXTRA_OECONF = " \
EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
-PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
+PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
@@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
-SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
+
+# The deprecated legacy 'strongswan-starter' service should only be used when charon and
+# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
+# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
+SYSTEMD_SERVICE_${PN} = " \
+ ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
+"
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG
2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-09 15:34 ` Nick Rosbrook
1 sibling, 0 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook
Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index abba86e39..8133b9943 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -27,7 +27,6 @@ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-syst
PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
- ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-10 0:00 ` Khem Raj
2020-11-10 14:55 ` Nick Rosbrook
0 siblings, 1 reply; 5+ messages in thread
From: Khem Raj @ 2020-11-10 0:00 UTC (permalink / raw)
To: Nick Rosbrook; +Cc: openembeded-devel, Nick Rosbrook
it seems to fail
https://errors.yoctoproject.org/Errors/Details/537881/
On Mon, Nov 9, 2020 at 7:34 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
>
> The swanctl and vici configuration of strongswan is preferred, as the stroke
> plugin used with starter is deprecated. As a reasonable default, add swanctl
> and systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
>
> While here, make sure strongswan-starter.service is only installed when
> charon is enabled. The current unconditional installation of
> strongswan-starter.service can break systems which install strongswan.service
> for use with swanctl.
>
> Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> ---
> .../recipes-support/strongswan/strongswan_5.8.4.bb | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> index ca645ed2c..abba86e39 100644
> --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> @@ -25,7 +25,8 @@ EXTRA_OECONF = " \
>
> EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
>
> -PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
> +PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
> + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
> ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
> "
> PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
> @@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
> RPROVIDES_${PN} += "${PN}-systemd"
> RREPLACES_${PN} += "${PN}-systemd"
> RCONFLICTS_${PN} += "${PN}-systemd"
> -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
> +
> +# The deprecated legacy 'strongswan-starter' service should only be used when charon and
> +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
> +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
> +SYSTEMD_SERVICE_${PN} = " \
> + ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
> + ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
> +"
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
2020-11-10 0:00 ` Khem Raj
@ 2020-11-10 14:55 ` Nick Rosbrook
0 siblings, 0 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-10 14:55 UTC (permalink / raw)
To: Khem Raj; +Cc: openembeded-devel, Nick Rosbrook
On Mon, Nov 9, 2020 at 7:01 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> it seems to fail
>
> https://errors.yoctoproject.org/Errors/Details/537881/
Ah, I think I figured it out. Is this build for a non-systemd distro?
I think 'charon' needs to be the false value in the DISTRO_FEATURES
contains systemd check.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-10 14:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-10 0:00 ` Khem Raj
2020-11-10 14:55 ` Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.