* [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation
@ 2021-09-13 14:26 Martin Elshuber
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
` (3 more replies)
0 siblings, 4 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-13 14:26 UTC (permalink / raw)
To: buildroot; +Cc: Jérôme Pouiller, Martin Elshuber
The AKA backend for 3GPP2 requires libgmp (see
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
when selecting a crypto backend different from
BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
selected as well. When doing so, make fails since the package is in the
dependency chain but not selected:
$ make
Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
make: *** [Makefile:23: _all] Error 2
To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
package/strongswan/Config.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 47c7107f59..368cd1ecc0 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -75,6 +75,7 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
+ select BR2_PACKAGE_GMP
help
Enable various EAP protocols:
- mschapv2
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins
2021-09-13 14:26 [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Martin Elshuber
@ 2021-09-13 14:26 ` Martin Elshuber
2021-09-18 21:06 ` Yann E. MORIN
` (2 more replies)
2021-09-13 14:26 ` [Buildroot] [PATCH 3/3] strongswan: " Martin Elshuber
` (2 subsequent siblings)
3 siblings, 3 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-13 14:26 UTC (permalink / raw)
To: buildroot; +Cc: Jérôme Pouiller, Martin Elshuber
Add options to chose EAP plugins.
Since the only plugin requiring libgmp is
BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
is moved down accordingly.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
package/strongswan/strongswan.mk | 36 ++++++-------
2 files changed, 87 insertions(+), 38 deletions(-)
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 368cd1ecc0..77d437d7d9 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
- select BR2_PACKAGE_GMP
- help
- Enable various EAP protocols:
- - mschapv2
- - tls
- - ttls
- - peap
- - sim
- - sim-file
- - aka
- - aka-3gpp2
- - simaka-sql
- - simaka-pseudonym
- - simaka-reauth
- - identity
- - md5
- - gtc
- - tnc
- - dynamic
- - radius
if BR2_PACKAGE_STRONGSWAN_EAP
+config BR2_PACKAGE_STRONGSWAN_EAP_SIM
+ bool "Enable EAP-SIM"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE
+ bool "Enable EAP-SIM file backend"
+ default y
+
config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
bool "Enable EAP-SIM smart card backend"
depends on !BR2_STATIC_LIBS # pcsc-lite
select BR2_PACKAGE_PCSC_LITE
+config BR2_PACKAGE_STRONGSWAN_EAP_AKA
+ bool "Enable EAP-AKA"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2
+ bool "Enable EAP-AKA 3GPP2 algorithms"
+ default y
+ select BR2_PACKAGE_GMP
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL
+ bool "Enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM
+ bool "Enable EAP-SIM/AKA pseudonym storage"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH
+ bool "Enable EAP-SIM/AKA reauthentication data storage"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY
+ bool "Enable EAP-Identity"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_MD5
+ bool "Enable EAP-MD5"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_GTC
+ bool "Enable EAP-GDC"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
+ bool "Enable EAP-MSCHAPv2"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
+ bool "Enable EAP-PEAP"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_RADIUS
+ bool "Enable EAP-RADIUS"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TLS
+ bool "Enable EAP-TLS"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TTLS
+ bool "Enable EAP-TTLS"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
+ bool "Enable EAP-TTLS"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TNC
+ bool "Enable EAP-TNC"
+ default y
+
endif
config BR2_PACKAGE_STRONGSWAN_UNITY
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index 322abfbd7b..ebfa1a11f3 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -48,30 +48,30 @@ endif
ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
STRONGSWAN_CONF_OPTS += \
- --enable-eap-sim \
- --enable-eap-sim-file \
- --enable-eap-aka \
- --enable-eap-aka-3gpp2 \
- --enable-eap-simaka-sql \
- --enable-eap-simaka-pseudonym \
- --enable-eap-simaka-reauth \
- --enable-eap-identity \
- --enable-eap-md5 \
- --enable-eap-gtc \
- --enable-eap-mschapv2 \
- --enable-eap-tls \
- --enable-eap-ttls \
- --enable-eap-peap \
- --enable-eap-tnc \
- --enable-eap-dynamic \
- --enable-eap-radius
-STRONGSWAN_DEPENDENCIES += gmp
+ --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
+ --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
+ --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
+ --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \
+ --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \
+ --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \
+ --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \
+ --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \
+ --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \
+ --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \
+ --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \
+ --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \
+ --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \
+ --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \
+ --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \
+ --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \
+ --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no)
endif
STRONGSWAN_DEPENDENCIES += \
$(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \
$(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \
$(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \
+ $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \
$(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \
$(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \
$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Buildroot] [PATCH 3/3] strongswan: add md4 hash algorithm option
2021-09-13 14:26 [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Martin Elshuber
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
@ 2021-09-13 14:26 ` Martin Elshuber
2021-09-18 21:12 ` [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Yann E. MORIN
2021-10-04 11:09 ` Peter Korsgaard
3 siblings, 0 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-13 14:26 UTC (permalink / raw)
To: buildroot; +Cc: Jérôme Pouiller, Martin Elshuber
Add the option to enable the md4 hash algorithm and default it to 'no'
since this is a new option.
Since md4 is required by EAP-MSCHAPv2 it is selected by
BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
further details.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
package/strongswan/Config.in | 4 ++++
package/strongswan/strongswan.mk | 1 +
2 files changed, 5 insertions(+)
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 77d437d7d9..2d972f525a 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
bool "Enable dynamic TNCCS protocol discovery module"
+config BR2_PACKAGE_STRONGSWAN_MD4
+ bool "Enable MD4 hash algorithm"
+
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
@@ -126,6 +129,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
bool "Enable EAP-MSCHAPv2"
+ select BR2_PACKAGE_STRONGSWAN_MD4
default y
config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index ebfa1a11f3..b9f3de83bc 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
+ --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
--with-ipseclibdir=/usr/lib \
--with-plugindir=/usr/lib/ipsec/plugins \
--with-imcvdir=/usr/lib/ipsec/imcvs \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
@ 2021-09-18 21:06 ` Yann E. MORIN
2021-09-20 15:14 ` Martin Elshuber
2021-09-20 15:28 ` [Buildroot] [PATCH v2 1/2] " Martin Elshuber
2021-09-20 15:28 ` [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option Martin Elshuber
2 siblings, 1 reply; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-18 21:06 UTC (permalink / raw)
To: Martin Elshuber; +Cc: Jérôme Pouiller, buildroot
Martin, All,
On 2021-09-13 16:26 +0200, Martin Elshuber spake thusly:
> Add options to chose EAP plugins.
>
> Since the only plugin requiring libgmp is
> BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
> is moved down accordingly.
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> ---
> package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
> package/strongswan/strongswan.mk | 36 ++++++-------
> 2 files changed, 87 insertions(+), 38 deletions(-)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 368cd1ecc0..77d437d7d9 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
If I understand correctly, BR2_PACKAGE_STRONGSWAN_EAP no drives no
option directly, right? As such, it can be moved to legacy, and
then [...]
> - select BR2_PACKAGE_GMP
> - help
> - Enable various EAP protocols:
> - - mschapv2
> - - tls
> - - ttls
> - - peap
> - - sim
> - - sim-file
> - - aka
> - - aka-3gpp2
> - - simaka-sql
> - - simaka-pseudonym
> - - simaka-reauth
> - - identity
> - - md5
> - - gtc
> - - tnc
> - - dynamic
> - - radius
>
> if BR2_PACKAGE_STRONGSWAN_EAP
>
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM
> + bool "Enable EAP-SIM"
> + default y
[...] each individual EAP option would have a conditional default:
default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
This would have the added benefit that, when we eventually get rid of
the legacy entry, we can also get rid of the legacy default.
[--SNIP--]
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 322abfbd7b..ebfa1a11f3 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -48,30 +48,30 @@ endif
>
> ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
> STRONGSWAN_CONF_OPTS += \
> - --enable-eap-sim \
> - --enable-eap-sim-file \
> - --enable-eap-aka \
> - --enable-eap-aka-3gpp2 \
> - --enable-eap-simaka-sql \
> - --enable-eap-simaka-pseudonym \
> - --enable-eap-simaka-reauth \
> - --enable-eap-identity \
> - --enable-eap-md5 \
> - --enable-eap-gtc \
> - --enable-eap-mschapv2 \
> - --enable-eap-tls \
> - --enable-eap-ttls \
> - --enable-eap-peap \
> - --enable-eap-tnc \
> - --enable-eap-dynamic \
> - --enable-eap-radius
> -STRONGSWAN_DEPENDENCIES += gmp
> + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
> + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \
> + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \
> + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \
> + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \
> + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \
> + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \
> + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \
> + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \
> + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \
> + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \
> + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \
> + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \
> + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \
> + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no)
> endif
And indeed, from the above list, BR2_PACKAGE_STRONGSWAN_EAP by itself no
longer means anything; setting it to 'n' does not even forces all
sub-options to 'no', but leaves them to their default value (as was the
case previously, though, so not a regression).
I think this ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) can be dropped
altogether, now.
Unless I missed something?
Regards,
Yann E. MORIN.
> STRONGSWAN_DEPENDENCIES += \
> $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \
> $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \
> $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \
> + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \
> $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \
> $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \
> $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@lists.buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation
2021-09-13 14:26 [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Martin Elshuber
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
2021-09-13 14:26 ` [Buildroot] [PATCH 3/3] strongswan: " Martin Elshuber
@ 2021-09-18 21:12 ` Yann E. MORIN
2021-10-04 11:09 ` Peter Korsgaard
3 siblings, 0 replies; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-18 21:12 UTC (permalink / raw)
To: Martin Elshuber; +Cc: Jérôme Pouiller, buildroot
Martin, All,
On 2021-09-13 16:26 +0200, Martin Elshuber spake thusly:
> The AKA backend for 3GPP2 requires libgmp (see
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
> the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
> when selecting a crypto backend different from
> BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
> selected as well. When doing so, make fails since the package is in the
> dependency chain but not selected:
>
> $ make
> Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
> make: *** [Makefile:23: _all] Error 2
>
> To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Applied to master, thanks.
I was a bit confused as to what would happen if both gmp and other
crypto backend were used to gether, but there are explicitl options to
select each of them at ./configure time, so it seems it should be OK, I
guess...
Regards,
Yann E. MORIN.
> ---
> package/strongswan/Config.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 47c7107f59..368cd1ecc0 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -75,6 +75,7 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
> + select BR2_PACKAGE_GMP
> help
> Enable various EAP protocols:
> - mschapv2
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@lists.buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins
2021-09-18 21:06 ` Yann E. MORIN
@ 2021-09-20 15:14 ` Martin Elshuber
0 siblings, 0 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-20 15:14 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Jérôme Pouiller, buildroot
[-- Attachment #1.1: Type: text/plain, Size: 5646 bytes --]
Hi Yann, All,
thank for the feedback.
On 18/09/2021 23:06, Yann E. MORIN wrote:
> Martin, All,
>
> On 2021-09-13 16:26 +0200, Martin Elshuber spake thusly:
>> Add options to chose EAP plugins.
>>
>> Since the only plugin requiring libgmp is
>> BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
>> is moved down accordingly.
>>
>> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
>> ---
>> package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
>> package/strongswan/strongswan.mk | 36 ++++++-------
>> 2 files changed, 87 insertions(+), 38 deletions(-)
>>
>> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
>> index 368cd1ecc0..77d437d7d9 100644
>> --- a/package/strongswan/Config.in
>> +++ b/package/strongswan/Config.in
>> @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>>
>> config BR2_PACKAGE_STRONGSWAN_EAP
>> bool "Enable EAP protocols"
> If I understand correctly, BR2_PACKAGE_STRONGSWAN_EAP no drives no
> option directly, right? As such, it can be moved to legacy, and
> then [...]
Correct. Will update
>> - select BR2_PACKAGE_GMP
>> - help
>> - Enable various EAP protocols:
>> - - mschapv2
>> - - tls
>> - - ttls
>> - - peap
>> - - sim
>> - - sim-file
>> - - aka
>> - - aka-3gpp2
>> - - simaka-sql
>> - - simaka-pseudonym
>> - - simaka-reauth
>> - - identity
>> - - md5
>> - - gtc
>> - - tnc
>> - - dynamic
>> - - radius
>>
>> if BR2_PACKAGE_STRONGSWAN_EAP
>>
>> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM
>> + bool "Enable EAP-SIM"
>> + default y
> [...] each individual EAP option would have a conditional default:
>
> default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
>
> This would have the added benefit that, when we eventually get rid of
> the legacy entry, we can also get rid of the legacy default.
Ack. However I am not sure if you want to get rid of the defaults in
the future, since it might introduce a pitfall for the person configuring
strongswan. But that is a problem for another day :).
>
> [--SNIP--]
>> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
>> index 322abfbd7b..ebfa1a11f3 100644
>> --- a/package/strongswan/strongswan.mk
>> +++ b/package/strongswan/strongswan.mk
>> @@ -48,30 +48,30 @@ endif
>>
>> ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
>> STRONGSWAN_CONF_OPTS += \
>> - --enable-eap-sim \
>> - --enable-eap-sim-file \
>> - --enable-eap-aka \
>> - --enable-eap-aka-3gpp2 \
>> - --enable-eap-simaka-sql \
>> - --enable-eap-simaka-pseudonym \
>> - --enable-eap-simaka-reauth \
>> - --enable-eap-identity \
>> - --enable-eap-md5 \
>> - --enable-eap-gtc \
>> - --enable-eap-mschapv2 \
>> - --enable-eap-tls \
>> - --enable-eap-ttls \
>> - --enable-eap-peap \
>> - --enable-eap-tnc \
>> - --enable-eap-dynamic \
>> - --enable-eap-radius
>> -STRONGSWAN_DEPENDENCIES += gmp
>> + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
>> + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
>> + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
>> + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \
>> + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \
>> + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \
>> + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \
>> + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \
>> + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \
>> + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \
>> + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \
>> + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \
>> + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \
>> + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \
>> + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \
>> + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \
>> + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no)
>> endif
> And indeed, from the above list, BR2_PACKAGE_STRONGSWAN_EAP by itself no
> longer means anything; setting it to 'n' does not even forces all
> sub-options to 'no', but leaves them to their default value (as was the
> case previously, though, so not a regression).
>
> I think this ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) can be dropped
> altogether, now.
It can. Will move the whole block into the general
STRONGSWAN_CONF_OPTS = {...} block
>
> Unless I missed something?
I guess no.
>
> Regards,
> Yann E. MORIN.
>
>> STRONGSWAN_DEPENDENCIES += \
>> $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \
>> $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \
>> $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \
>> + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \
>> $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \
>> $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \
>> $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
>> --
>> 2.30.2
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot@lists.buildroot.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.buildroot.org_mailman_listinfo_buildroot&d=DwIBaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=WUaTHm7595mhxO1H3AMKtTdzXTgwvezJrC62UXYMTfsy0k4SqBTM2mfmbqYdqwva&m=4FTeZDHlQL1GQdkl2pRk8-ZlLhvtYhPEPMLF24oTSBs&s=wWkgHAeyK-THzsFI1NUPxoJcZAcdAN1PYD3Y2geLV18&e=
[-- Attachment #1.2: Type: text/html, Size: 7444 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Buildroot] [PATCH v2 1/2] package/strongswan: Add options to select EAP plugins
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
2021-09-18 21:06 ` Yann E. MORIN
@ 2021-09-20 15:28 ` Martin Elshuber
2021-09-27 16:56 ` Arnout Vandecappelle
2021-09-28 20:47 ` Yann E. MORIN
2021-09-20 15:28 ` [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option Martin Elshuber
2 siblings, 2 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-20 15:28 UTC (permalink / raw)
To: buildroot; +Cc: Yann E . MORIN, Jérôme Pouiller, Martin Elshuber
Add options to chose EAP plugins.
Since the only plugin requiring libgmp is
BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
is moved down accordingly.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
Changes v1 -> v2:
- use conditional defaults and mark as legacy
- drop 'ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)'
- fix title for BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
package/strongswan/strongswan.mk | 40 +++++++-------
2 files changed, 87 insertions(+), 42 deletions(-)
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 368cd1ecc0..8eae568b6a 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
- select BR2_PACKAGE_GMP
- help
- Enable various EAP protocols:
- - mschapv2
- - tls
- - ttls
- - peap
- - sim
- - sim-file
- - aka
- - aka-3gpp2
- - simaka-sql
- - simaka-pseudonym
- - simaka-reauth
- - identity
- - md5
- - gtc
- - tnc
- - dynamic
- - radius
if BR2_PACKAGE_STRONGSWAN_EAP
+config BR2_PACKAGE_STRONGSWAN_EAP_SIM
+ bool "Enable EAP-SIM"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE
+ bool "Enable EAP-SIM file backend"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
bool "Enable EAP-SIM smart card backend"
depends on !BR2_STATIC_LIBS # pcsc-lite
select BR2_PACKAGE_PCSC_LITE
+config BR2_PACKAGE_STRONGSWAN_EAP_AKA
+ bool "Enable EAP-AKA"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2
+ bool "Enable EAP-AKA 3GPP2 algorithms"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+ select BR2_PACKAGE_GMP
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL
+ bool "Enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM
+ bool "Enable EAP-SIM/AKA pseudonym storage"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH
+ bool "Enable EAP-SIM/AKA reauthentication data storage"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY
+ bool "Enable EAP-Identity"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_MD5
+ bool "Enable EAP-MD5"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_GTC
+ bool "Enable EAP-GDC"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
+ bool "Enable EAP-MSCHAPv2"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
+ bool "Enable EAP-PEAP"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_RADIUS
+ bool "Enable EAP-RADIUS"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TLS
+ bool "Enable EAP-TLS"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TTLS
+ bool "Enable EAP-TTLS"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
+ bool "Enable EAP-DYNAMIC"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
+config BR2_PACKAGE_STRONGSWAN_EAP_TNC
+ bool "Enable EAP-TNC"
+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+
endif
config BR2_PACKAGE_STRONGSWAN_UNITY
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index 322abfbd7b..5fb4e6821a 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -37,6 +37,23 @@ STRONGSWAN_CONF_OPTS += \
--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
+ --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
+ --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
+ --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
+ --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \
+ --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \
+ --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \
+ --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \
+ --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \
+ --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \
+ --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \
+ --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \
+ --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \
+ --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \
+ --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \
+ --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \
+ --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \
+ --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no)
--with-ipseclibdir=/usr/lib \
--with-plugindir=/usr/lib/ipsec/plugins \
--with-imcvdir=/usr/lib/ipsec/imcvs \
@@ -46,32 +63,11 @@ ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
STRONGSWAN_CONF_ENV += LIBS='-latomic'
endif
-ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
-STRONGSWAN_CONF_OPTS += \
- --enable-eap-sim \
- --enable-eap-sim-file \
- --enable-eap-aka \
- --enable-eap-aka-3gpp2 \
- --enable-eap-simaka-sql \
- --enable-eap-simaka-pseudonym \
- --enable-eap-simaka-reauth \
- --enable-eap-identity \
- --enable-eap-md5 \
- --enable-eap-gtc \
- --enable-eap-mschapv2 \
- --enable-eap-tls \
- --enable-eap-ttls \
- --enable-eap-peap \
- --enable-eap-tnc \
- --enable-eap-dynamic \
- --enable-eap-radius
-STRONGSWAN_DEPENDENCIES += gmp
-endif
-
STRONGSWAN_DEPENDENCIES += \
$(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \
$(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \
$(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \
+ $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \
$(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \
$(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \
$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
2021-09-18 21:06 ` Yann E. MORIN
2021-09-20 15:28 ` [Buildroot] [PATCH v2 1/2] " Martin Elshuber
@ 2021-09-20 15:28 ` Martin Elshuber
2021-09-27 17:00 ` Arnout Vandecappelle
2021-09-28 20:47 ` Yann E. MORIN
2 siblings, 2 replies; 15+ messages in thread
From: Martin Elshuber @ 2021-09-20 15:28 UTC (permalink / raw)
To: buildroot; +Cc: Yann E . MORIN, Jérôme Pouiller, Martin Elshuber
Add the option to enable the md4 hash algorithm and default it to 'no'
since this is a new option.
Since md4 is required by EAP-MSCHAPv2 it is selected by
BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
further details.
---
Changes v1 -> v2:
- change git title
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
---
package/strongswan/Config.in | 4 ++++
package/strongswan/strongswan.mk | 1 +
2 files changed, 5 insertions(+)
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 8eae568b6a..21f84ebb71 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
bool "Enable dynamic TNCCS protocol discovery module"
+config BR2_PACKAGE_STRONGSWAN_MD4
+ bool "Enable MD4 hash algorithm"
+
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
@@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
bool "Enable EAP-MSCHAPv2"
default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
+ select BR2_PACKAGE_STRONGSWAN_MD4
config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
bool "Enable EAP-PEAP"
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index 5fb4e6821a..c308d3a4f3 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
--enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
+ --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
--enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
--enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
--enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 1/2] package/strongswan: Add options to select EAP plugins
2021-09-20 15:28 ` [Buildroot] [PATCH v2 1/2] " Martin Elshuber
@ 2021-09-27 16:56 ` Arnout Vandecappelle
2021-09-27 17:21 ` Yann E. MORIN
2021-09-28 20:47 ` Yann E. MORIN
1 sibling, 1 reply; 15+ messages in thread
From: Arnout Vandecappelle @ 2021-09-27 16:56 UTC (permalink / raw)
To: Martin Elshuber, buildroot; +Cc: Yann E . MORIN, Jérôme Pouiller
On 20/09/2021 17:28, Martin Elshuber wrote:
> Add options to chose EAP plugins.
>
> Since the only plugin requiring libgmp is
> BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
> is moved down accordingly.
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
>
> ---
> Changes v1 -> v2:
> - use conditional defaults and mark as legacy
> - drop 'ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)'
> - fix title for BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> ---
> package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
> package/strongswan/strongswan.mk | 40 +++++++-------
> 2 files changed, 87 insertions(+), 42 deletions(-)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 368cd1ecc0..8eae568b6a 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
> - select BR2_PACKAGE_GMP
> - help
> - Enable various EAP protocols:
> - - mschapv2
> - - tls
> - - ttls
> - - peap
> - - sim
> - - sim-file
> - - aka
> - - aka-3gpp2
> - - simaka-sql
> - - simaka-pseudonym
> - - simaka-reauth
> - - identity
> - - md5
> - - gtc
> - - tnc
> - - dynamic
> - - radius
>
> if BR2_PACKAGE_STRONGSWAN_EAP
>
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM
> + bool "Enable EAP-SIM"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
This is already inside if BR2_PACKAGE_STRONGSWAN_EAP, so the condition on the
default is meaningless. Yann said something about this legacy stuff which I
don't quite follow, since the BR2_PACKAGE_STRONGSWAN_EAP is not legacy. Yann,
did you mean that BR2_PACKAGE_STRONGSWAN_EAP should be removed (i.e. moved to
Config.in.legacy), or was it a mistake?
Regards,
Arnout
[snip]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option
2021-09-20 15:28 ` [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option Martin Elshuber
@ 2021-09-27 17:00 ` Arnout Vandecappelle
2021-09-28 20:26 ` Yann E. MORIN
2021-09-28 20:47 ` Yann E. MORIN
1 sibling, 1 reply; 15+ messages in thread
From: Arnout Vandecappelle @ 2021-09-27 17:00 UTC (permalink / raw)
To: Martin Elshuber, buildroot; +Cc: Yann E . MORIN, Jérôme Pouiller
On 20/09/2021 17:28, Martin Elshuber wrote:
> Add the option to enable the md4 hash algorithm and default it to 'no'
> since this is a new option.
>
> Since md4 is required by EAP-MSCHAPv2 it is selected by
> BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
> further details.
>
> ---
> Changes v1 -> v2:
> - change git title
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> ---
> package/strongswan/Config.in | 4 ++++
> package/strongswan/strongswan.mk | 1 +
> 2 files changed, 5 insertions(+)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 8eae568b6a..21f84ebb71 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
> config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
> bool "Enable dynamic TNCCS protocol discovery module"
>
> +config BR2_PACKAGE_STRONGSWAN_MD4
> + bool "Enable MD4 hash algorithm"
> +
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
>
> @@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
> config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
> bool "Enable EAP-MSCHAPv2"
> default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> + select BR2_PACKAGE_STRONGSWAN_MD4
This md4 option makes me realize: do we really want to add options for broken
security in a security package? OpenSSL has just deprecated MD4 in 3.0.0.
Regards,
Arnout
>
> config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
> bool "Enable EAP-PEAP"
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 5fb4e6821a..c308d3a4f3 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
> --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> + --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
> --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 1/2] package/strongswan: Add options to select EAP plugins
2021-09-27 16:56 ` Arnout Vandecappelle
@ 2021-09-27 17:21 ` Yann E. MORIN
0 siblings, 0 replies; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-27 17:21 UTC (permalink / raw)
To: Arnout Vandecappelle
Cc: buildroot, Jérôme Pouiller, Martin Elshuber
Arnout, Martin, All,
On 2021-09-27 18:56 +0200, Arnout Vandecappelle spake thusly:
> On 20/09/2021 17:28, Martin Elshuber wrote:
> >Add options to chose EAP plugins.
> >
> >Since the only plugin requiring libgmp is
> >BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
> >is moved down accordingly.
> >
> >Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> >
> >---
> >Changes v1 -> v2:
> > - use conditional defaults and mark as legacy
> > - drop 'ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)'
> > - fix title for BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
> >
> >Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> >---
> > package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
> > package/strongswan/strongswan.mk | 40 +++++++-------
> > 2 files changed, 87 insertions(+), 42 deletions(-)
> >
> >diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> >index 368cd1ecc0..8eae568b6a 100644
> >--- a/package/strongswan/Config.in
> >+++ b/package/strongswan/Config.in
> >@@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
> > config BR2_PACKAGE_STRONGSWAN_EAP
> > bool "Enable EAP protocols"
> >- select BR2_PACKAGE_GMP
> >- help
> >- Enable various EAP protocols:
> >- - mschapv2
> >- - tls
> >- - ttls
> >- - peap
> >- - sim
> >- - sim-file
> >- - aka
> >- - aka-3gpp2
> >- - simaka-sql
> >- - simaka-pseudonym
> >- - simaka-reauth
> >- - identity
> >- - md5
> >- - gtc
> >- - tnc
> >- - dynamic
> >- - radius
> > if BR2_PACKAGE_STRONGSWAN_EAP
> >+config BR2_PACKAGE_STRONGSWAN_EAP_SIM
> >+ bool "Enable EAP-SIM"
> >+ default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
>
> This is already inside if BR2_PACKAGE_STRONGSWAN_EAP, so the condition on
> the default is meaningless. Yann said something about this legacy stuff
> which I don't quite follow, since the BR2_PACKAGE_STRONGSWAN_EAP is not
> legacy. Yann, did you mean that BR2_PACKAGE_STRONGSWAN_EAP should be removed
> (i.e. moved to Config.in.legacy), or was it a mistake?
Yes, BR2_PACKAGE_STRONGSWAN_EAP should be moved to legacy, i.e. to
Config.in.legacy. Sorry, I was not so clear in my previous review...
My understanding is that, with this change, BR2_PACKAGE_STRONGSWAN_EAP
by itself will no longer enable/disable anything; only the new
sub-options will.
As such, BR2_PACKAGE_STRONGSWAN_EAP serves no other purpose that to
hide/show a bunch of options; this is superfluous. Hence, my suggestion
to move it to legacy.
Regards,
Yann E. MORIN.
> Regards,
> Arnout
>
> [snip]
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option
2021-09-27 17:00 ` Arnout Vandecappelle
@ 2021-09-28 20:26 ` Yann E. MORIN
0 siblings, 0 replies; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-28 20:26 UTC (permalink / raw)
To: Arnout Vandecappelle
Cc: buildroot, Jérôme Pouiller, Martin Elshuber
Arnout, All,
On 2021-09-27 19:00 +0200, Arnout Vandecappelle spake thusly:
> On 20/09/2021 17:28, Martin Elshuber wrote:
> >Add the option to enable the md4 hash algorithm and default it to 'no'
> >since this is a new option.
> >
> >Since md4 is required by EAP-MSCHAPv2 it is selected by
> >BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
> >https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
> >further details.
> >
> >---
> >Changes v1 -> v2:
> >- change git title
> >
> >Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> >---
> > package/strongswan/Config.in | 4 ++++
> > package/strongswan/strongswan.mk | 1 +
> > 2 files changed, 5 insertions(+)
> >
> >diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> >index 8eae568b6a..21f84ebb71 100644
> >--- a/package/strongswan/Config.in
> >+++ b/package/strongswan/Config.in
> >@@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
> > config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
> > bool "Enable dynamic TNCCS protocol discovery module"
> >+config BR2_PACKAGE_STRONGSWAN_MD4
> >+ bool "Enable MD4 hash algorithm"
> >+
> > config BR2_PACKAGE_STRONGSWAN_EAP
> > bool "Enable EAP protocols"
> >@@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
> > config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
> > bool "Enable EAP-MSCHAPv2"
> > default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> >+ select BR2_PACKAGE_STRONGSWAN_MD4
>
> This md4 option makes me realize: do we really want to add options for
> broken security in a security package? OpenSSL has just deprecated MD4 in
> 3.0.0.
Well, there is a nice side effect to addign the md4 option: it is
selected by EAP-MSCHAPv2, so a user that is concerned about the ude of
nd4 will notice that they should also disable EAP-MSCHAPv2.
If we do not add this option, it is forcibly enabled by strongswan when
EAP-MSCHAPv2 is enabled, so this is hidden to the user...
Regards,
Yann E. MORIN.
> Regards,
> Arnout
>
> > config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
> > bool "Enable EAP-PEAP"
> >diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> >index 5fb4e6821a..c308d3a4f3 100644
> >--- a/package/strongswan/strongswan.mk
> >+++ b/package/strongswan/strongswan.mk
> >@@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
> > --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> > --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> > --enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> >+ --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
> > --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> > --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> > --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
> >
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 1/2] package/strongswan: Add options to select EAP plugins
2021-09-20 15:28 ` [Buildroot] [PATCH v2 1/2] " Martin Elshuber
2021-09-27 16:56 ` Arnout Vandecappelle
@ 2021-09-28 20:47 ` Yann E. MORIN
1 sibling, 0 replies; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-28 20:47 UTC (permalink / raw)
To: Martin Elshuber; +Cc: Jérôme Pouiller, buildroot
Martin, All,
On 2021-09-20 17:28 +0200, Martin Elshuber spake thusly:
> Add options to chose EAP plugins.
>
> Since the only plugin requiring libgmp is
> BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP
> is moved down accordingly.
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Applied to master with the following changes:
- move BR2_PACKAGE_STRONGSWAN_EAP to legacy
- extend commit log accordingly
- fix check-package:
package/strongswan/strongswan.mk:57: unexpected indent with tabs
Thanks!
Regards,
Yann E. MORIN.
> ---
> Changes v1 -> v2:
> - use conditional defaults and mark as legacy
> - drop 'ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)'
> - fix title for BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> ---
> package/strongswan/Config.in | 89 +++++++++++++++++++++++++-------
> package/strongswan/strongswan.mk | 40 +++++++-------
> 2 files changed, 87 insertions(+), 42 deletions(-)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 368cd1ecc0..8eae568b6a 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
> - select BR2_PACKAGE_GMP
> - help
> - Enable various EAP protocols:
> - - mschapv2
> - - tls
> - - ttls
> - - peap
> - - sim
> - - sim-file
> - - aka
> - - aka-3gpp2
> - - simaka-sql
> - - simaka-pseudonym
> - - simaka-reauth
> - - identity
> - - md5
> - - gtc
> - - tnc
> - - dynamic
> - - radius
>
> if BR2_PACKAGE_STRONGSWAN_EAP
>
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM
> + bool "Enable EAP-SIM"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE
> + bool "Enable EAP-SIM file backend"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
> bool "Enable EAP-SIM smart card backend"
> depends on !BR2_STATIC_LIBS # pcsc-lite
> select BR2_PACKAGE_PCSC_LITE
>
> +config BR2_PACKAGE_STRONGSWAN_EAP_AKA
> + bool "Enable EAP-AKA"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2
> + bool "Enable EAP-AKA 3GPP2 algorithms"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> + select BR2_PACKAGE_GMP
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL
> + bool "Enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM
> + bool "Enable EAP-SIM/AKA pseudonym storage"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH
> + bool "Enable EAP-SIM/AKA reauthentication data storage"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY
> + bool "Enable EAP-Identity"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_MD5
> + bool "Enable EAP-MD5"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_GTC
> + bool "Enable EAP-GDC"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
> + bool "Enable EAP-MSCHAPv2"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
> + bool "Enable EAP-PEAP"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_RADIUS
> + bool "Enable EAP-RADIUS"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_TLS
> + bool "Enable EAP-TLS"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_TTLS
> + bool "Enable EAP-TTLS"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC
> + bool "Enable EAP-DYNAMIC"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> +config BR2_PACKAGE_STRONGSWAN_EAP_TNC
> + bool "Enable EAP-TNC"
> + default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +
> endif
>
> config BR2_PACKAGE_STRONGSWAN_UNITY
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 322abfbd7b..5fb4e6821a 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -37,6 +37,23 @@ STRONGSWAN_CONF_OPTS += \
> --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
> + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \
> + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \
> + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \
> + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \
> + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \
> + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \
> + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \
> + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \
> + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \
> + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \
> + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \
> + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \
> + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \
> + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no)
> --with-ipseclibdir=/usr/lib \
> --with-plugindir=/usr/lib/ipsec/plugins \
> --with-imcvdir=/usr/lib/ipsec/imcvs \
> @@ -46,32 +63,11 @@ ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
> STRONGSWAN_CONF_ENV += LIBS='-latomic'
> endif
>
> -ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
> -STRONGSWAN_CONF_OPTS += \
> - --enable-eap-sim \
> - --enable-eap-sim-file \
> - --enable-eap-aka \
> - --enable-eap-aka-3gpp2 \
> - --enable-eap-simaka-sql \
> - --enable-eap-simaka-pseudonym \
> - --enable-eap-simaka-reauth \
> - --enable-eap-identity \
> - --enable-eap-md5 \
> - --enable-eap-gtc \
> - --enable-eap-mschapv2 \
> - --enable-eap-tls \
> - --enable-eap-ttls \
> - --enable-eap-peap \
> - --enable-eap-tnc \
> - --enable-eap-dynamic \
> - --enable-eap-radius
> -STRONGSWAN_DEPENDENCIES += gmp
> -endif
> -
> STRONGSWAN_DEPENDENCIES += \
> $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \
> $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \
> $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \
> + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \
> $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \
> $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \
> $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
> --
> 2.30.2
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option
2021-09-20 15:28 ` [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option Martin Elshuber
2021-09-27 17:00 ` Arnout Vandecappelle
@ 2021-09-28 20:47 ` Yann E. MORIN
1 sibling, 0 replies; 15+ messages in thread
From: Yann E. MORIN @ 2021-09-28 20:47 UTC (permalink / raw)
To: Martin Elshuber; +Cc: Jérôme Pouiller, buildroot
Martin, All,
On 2021-09-20 17:28 +0200, Martin Elshuber spake thusly:
> Add the option to enable the md4 hash algorithm and default it to 'no'
> since this is a new option.
>
> Since md4 is required by EAP-MSCHAPv2 it is selected by
> BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
> further details.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> Changes v1 -> v2:
> - change git title
>
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
> ---
> package/strongswan/Config.in | 4 ++++
> package/strongswan/strongswan.mk | 1 +
> 2 files changed, 5 insertions(+)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 8eae568b6a..21f84ebb71 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
> config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
> bool "Enable dynamic TNCCS protocol discovery module"
>
> +config BR2_PACKAGE_STRONGSWAN_MD4
> + bool "Enable MD4 hash algorithm"
> +
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
>
> @@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
> config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
> bool "Enable EAP-MSCHAPv2"
> default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> + select BR2_PACKAGE_STRONGSWAN_MD4
>
> config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
> bool "Enable EAP-PEAP"
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 5fb4e6821a..c308d3a4f3 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
> --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> + --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
> --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
> --
> 2.30.2
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation
2021-09-13 14:26 [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Martin Elshuber
` (2 preceding siblings ...)
2021-09-18 21:12 ` [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Yann E. MORIN
@ 2021-10-04 11:09 ` Peter Korsgaard
3 siblings, 0 replies; 15+ messages in thread
From: Peter Korsgaard @ 2021-10-04 11:09 UTC (permalink / raw)
To: Martin Elshuber; +Cc: Jérôme Pouiller, buildroot
>>>>> "Martin" == Martin Elshuber <martin.elshuber@theobroma-systems.com> writes:
> The AKA backend for 3GPP2 requires libgmp (see
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
> the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
> when selecting a crypto backend different from
> BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
> selected as well. When doing so, make fails since the package is in the
> dependency chain but not selected:
> $ make
> Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
> make: *** [Makefile:23: _all] Error 2
> To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2021-10-04 11:09 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 14:26 [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Martin Elshuber
2021-09-13 14:26 ` [Buildroot] [PATCH 2/3] package/strongswan: Add options to select EAP plugins Martin Elshuber
2021-09-18 21:06 ` Yann E. MORIN
2021-09-20 15:14 ` Martin Elshuber
2021-09-20 15:28 ` [Buildroot] [PATCH v2 1/2] " Martin Elshuber
2021-09-27 16:56 ` Arnout Vandecappelle
2021-09-27 17:21 ` Yann E. MORIN
2021-09-28 20:47 ` Yann E. MORIN
2021-09-20 15:28 ` [Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option Martin Elshuber
2021-09-27 17:00 ` Arnout Vandecappelle
2021-09-28 20:26 ` Yann E. MORIN
2021-09-28 20:47 ` Yann E. MORIN
2021-09-13 14:26 ` [Buildroot] [PATCH 3/3] strongswan: " Martin Elshuber
2021-09-18 21:12 ` [Buildroot] [PATCH 1/3] package/strongswan: fix broken dependency relation Yann E. MORIN
2021-10-04 11:09 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.