All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG
@ 2020-11-09 15:34 Nick Rosbrook
  2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
  2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
  0 siblings, 2 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
  To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook

These patches add a couple new PACKAGECONFIG options for EAP, and update
the default options to use swanctl, rather than deprecated components.

v2:
  - Make systemd-charon conditional on systemd DISTRO_FEATURE
  - Don't resend "strongswan: add some PACKAGECONFIG options for EAP"
    since it was already committed
  - Add a patch to remove ldap from PACKAGECONFIG by default

Nick Rosbrook (2):
  strongswan: do not use deprecated stroke and starter by default
  strongswan: remove ldap from default PACKAGECONFIG

 .../recipes-support/strongswan/strongswan_5.8.4.bb  | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
  2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
@ 2020-11-09 15:34 ` Nick Rosbrook
  2020-11-10  0:00   ` Khem Raj
  2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook
  1 sibling, 1 reply; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
  To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook

The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
and systemd-charon to PACKAGECONFIG by default, removing charon and stroke.

While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
 .../recipes-support/strongswan/strongswan_5.8.4.bb   | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index ca645ed2c..abba86e39 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -25,7 +25,8 @@ EXTRA_OECONF = " \
 
 EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
 
-PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
+PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
         ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
 "
 PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
@@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
 RPROVIDES_${PN} += "${PN}-systemd"
 RREPLACES_${PN} += "${PN}-systemd"
 RCONFLICTS_${PN} += "${PN}-systemd"
-SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
+
+# The deprecated legacy 'strongswan-starter' service should only be used when charon and
+# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
+# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
+SYSTEMD_SERVICE_${PN} = " \
+    ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
+"
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG
  2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
  2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-09 15:34 ` Nick Rosbrook
  1 sibling, 0 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-09 15:34 UTC (permalink / raw)
  To: openembedded-devel; +Cc: raj.khem, Nick Rosbrook

Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
---
 meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
index abba86e39..8133b9943 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
@@ -27,7 +27,6 @@ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-syst
 
 PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
         ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
-        ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
 "
 PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
 PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
  2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
@ 2020-11-10  0:00   ` Khem Raj
  2020-11-10 14:55     ` Nick Rosbrook
  0 siblings, 1 reply; 5+ messages in thread
From: Khem Raj @ 2020-11-10  0:00 UTC (permalink / raw)
  To: Nick Rosbrook; +Cc: openembeded-devel, Nick Rosbrook

it seems to fail

https://errors.yoctoproject.org/Errors/Details/537881/

On Mon, Nov 9, 2020 at 7:34 AM Nick Rosbrook <rosbrookn@gmail.com> wrote:
>
> The swanctl and vici configuration of strongswan is preferred, as the stroke
> plugin used with starter is deprecated. As a reasonable default, add swanctl
> and systemd-charon to PACKAGECONFIG by default, removing charon and stroke.
>
> While here, make sure strongswan-starter.service is only installed when
> charon is enabled. The current unconditional installation of
> strongswan-starter.service can break systems which install strongswan.service
> for use with swanctl.
>
> Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
> ---
>  .../recipes-support/strongswan/strongswan_5.8.4.bb   | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> index ca645ed2c..abba86e39 100644
> --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
> @@ -25,7 +25,8 @@ EXTRA_OECONF = " \
>
>  EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
>
> -PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
> +PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
> +        ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', '', d)} \
>          ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
>  "
>  PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
> @@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
>  RPROVIDES_${PN} += "${PN}-systemd"
>  RREPLACES_${PN} += "${PN}-systemd"
>  RCONFLICTS_${PN} += "${PN}-systemd"
> -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
> +
> +# The deprecated legacy 'strongswan-starter' service should only be used when charon and
> +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
> +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
> +SYSTEMD_SERVICE_${PN} = " \
> +    ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
> +    ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
> +"
> --
> 2.17.1
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default
  2020-11-10  0:00   ` Khem Raj
@ 2020-11-10 14:55     ` Nick Rosbrook
  0 siblings, 0 replies; 5+ messages in thread
From: Nick Rosbrook @ 2020-11-10 14:55 UTC (permalink / raw)
  To: Khem Raj; +Cc: openembeded-devel, Nick Rosbrook

On Mon, Nov 9, 2020 at 7:01 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> it seems to fail
>
> https://errors.yoctoproject.org/Errors/Details/537881/

Ah, I think I figured it out. Is this build for a non-systemd distro?
I think 'charon' needs to be the false value in the DISTRO_FEATURES
contains systemd check.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-10 14:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-09 15:34 [meta-networking][PATCH v2 0/2] strongswan PACKAGECONFIG Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 1/2] strongswan: do not use deprecated stroke and starter by default Nick Rosbrook
2020-11-10  0:00   ` Khem Raj
2020-11-10 14:55     ` Nick Rosbrook
2020-11-09 15:34 ` [meta-networking][PATCH v2 2/2] strongswan: remove ldap from default PACKAGECONFIG Nick Rosbrook

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.