2 # Copyright (C) 2012-2013 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR)/rules.mk
14 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 PKG_SOURCE_URL:=http://download.strongswan.org/
16 PKG_MD5SUM:=77dc16443fd141f46183d3a4f60986ef
86 PKG_CONFIG_DEPENDS:= \
87 CONFIG_STRONGSWAN_DEVICE_RANDOM \
88 CONFIG_STRONGSWAN_DEVICE_URANDOM \
89 CONFIG_STRONGSWAN_ROUTING_TABLE \
90 CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO \
91 $(patsubst %,CONFIG_PACKAGE_strongswan-mod-%,$(PKG_MOD_AVAILABLE)) \
97 include $(INCLUDE_DIR)/package.mk
99 define Package/strongswan/Default
104 URL:=http://www.strongswan.org/
107 define Package/strongswan/description/Default
108 StrongSwan is an OpenSource IPsec implementation for the Linux operating system.
111 define Package/strongswan
112 $(call Package/strongswan/Default)
113 DEPENDS:= +libpthread +ip \
114 +kmod-crypto-authenc \
115 +kmod-ipsec +kmod-ipsec4 +kmod-ipsec6 \
116 +kmod-ipt-ipsec +iptables-mod-ipsec
119 define Package/strongswan/config
120 source "$(SOURCE)/Config.in"
123 define Package/strongswan/description
124 $(call Package/strongswan/description/Default)
125 This package contains shared libraries and scripts.
128 define Package/strongswan-full
129 $(call Package/strongswan/Default)
131 DEPENDS:= +strongswan \
133 +strongswan-libfast \
134 +strongswan-mod-addrblock \
135 +strongswan-mod-aes \
136 +strongswan-mod-af-alg \
137 +strongswan-mod-agent \
138 +strongswan-mod-attr \
139 +strongswan-mod-attr-sql \
140 +strongswan-mod-blowfish \
141 +strongswan-mod-ccm \
142 +strongswan-mod-cmac \
143 +strongswan-mod-constraints \
144 +strongswan-mod-coupling \
145 +strongswan-mod-ctr \
146 +strongswan-mod-curl \
147 +strongswan-mod-des \
148 +strongswan-mod-dhcp \
149 +strongswan-mod-dnskey \
150 +strongswan-mod-duplicheck \
151 +strongswan-mod-eap-identity \
152 +strongswan-mod-eap-md5 \
153 +strongswan-mod-eap-mschapv2 \
154 +strongswan-mod-eap-radius \
155 +strongswan-mod-farp \
156 +strongswan-mod-fips-prf \
157 +strongswan-mod-gcm \
158 +strongswan-mod-gcrypt \
159 +strongswan-mod-gmp \
161 +strongswan-mod-hmac \
162 +strongswan-mod-kernel-netlink \
163 +strongswan-mod-ldap \
164 +strongswan-mod-led \
165 +strongswan-mod-load-tester \
166 +strongswan-mod-nonce \
167 +strongswan-mod-md4 \
168 +strongswan-mod-md5 \
169 +strongswan-mod-mysql \
170 +strongswan-mod-openssl \
171 +TARGET_x86:strongswan-mod-padlock \
172 +strongswan-mod-pem \
173 +strongswan-mod-pgp \
174 +strongswan-mod-pkcs1 \
175 +strongswan-mod-pkcs8 \
176 +strongswan-mod-pkcs11 \
177 +strongswan-mod-pubkey \
178 +strongswan-mod-random \
179 +strongswan-mod-resolve \
180 +strongswan-mod-revocation \
181 +strongswan-mod-sha1 \
182 +strongswan-mod-sha2 \
183 +strongswan-mod-smp \
184 +strongswan-mod-socket-default \
185 +strongswan-mod-sql \
186 +strongswan-mod-sqlite \
187 +strongswan-mod-stroke \
188 +strongswan-mod-test-vectors \
189 +strongswan-mod-uci \
190 +strongswan-mod-unity \
191 +strongswan-mod-updown \
192 +strongswan-mod-whitelist \
193 +strongswan-mod-x509 \
194 +strongswan-mod-xauth-eap \
195 +strongswan-mod-xauth-generic \
196 +strongswan-mod-xcbc \
201 define Package/strongswan-full/description
202 $(call Package/strongswan/description/Default)
203 This meta-package contains dependencies for all of the strongswan plugins
204 except kernel-klips, kernel-pfkey, socket-dynamic and which are
205 ommitted in favor of the kernel-netlink and socket-default plugins.
209 define Package/strongswan-default
210 $(call Package/strongswan/Default)
212 DEPENDS:= +strongswan \
214 +strongswan-mod-aes \
215 +strongswan-mod-attr \
216 +strongswan-mod-constraints \
217 +strongswan-mod-des \
218 +strongswan-mod-dnskey \
219 +strongswan-mod-fips-prf \
220 +strongswan-mod-gmp \
221 +strongswan-mod-hmac \
222 +strongswan-mod-kernel-netlink \
223 +strongswan-mod-md5 \
224 +strongswan-mod-nonce \
225 +strongswan-mod-pem \
226 +strongswan-mod-pgp \
227 +strongswan-mod-pkcs1 \
228 +strongswan-mod-pubkey \
229 +strongswan-mod-random \
230 +strongswan-mod-resolve \
231 +strongswan-mod-revocation \
232 +strongswan-mod-sha1 \
233 +strongswan-mod-sha2 \
234 +strongswan-mod-socket-default \
235 +strongswan-mod-stroke \
236 +strongswan-mod-updown \
237 +strongswan-mod-x509 \
238 +strongswan-mod-xauth-generic \
239 +strongswan-mod-xcbc \
243 define Package/strongswan-default/description
244 $(call Package/strongswan/description/Default)
245 This meta-package contains only dependencies to match upstream defaults.
248 define Package/strongswan-minimal
249 $(call Package/strongswan/Default)
251 DEPENDS:= +strongswan \
253 +strongswan-mod-aes \
254 +strongswan-mod-gmp \
255 +strongswan-mod-hmac \
256 +strongswan-mod-kernel-netlink \
257 +strongswan-mod-nonce \
258 +strongswan-mod-pubkey \
259 +strongswan-mod-random \
260 +strongswan-mod-sha1 \
261 +strongswan-mod-socket-default \
262 +strongswan-mod-stroke \
263 +strongswan-mod-updown \
264 +strongswan-mod-x509 \
268 define Package/strongswan-minimal/description
269 $(call Package/strongswan/description/Default)
270 This meta-package contains only dependencies for a minimal IKEv2 setup.
273 define Package/strongswan-charon
274 $(call Package/strongswan/Default)
275 TITLE+= IKEv1/IKEv2 keying daemon
276 DEPENDS:= +strongswan
279 define Package/strongswan-charon/description
280 $(call Package/strongswan/description/Default)
281 This package contains charon, an IKEv2 keying daemon.
284 define Package/strongswan-libfast
285 $(call Package/strongswan/Default)
287 DEPENDS:= +strongswan \
288 +PACKAGE_strongswan-libfast:zlib \
289 +PACKAGE_strongswan-libfast:fcgi \
290 +PACKAGE_strongswan-libfast:clearsilver
293 define Package/strongswan-libfast/description
294 $(call Package/strongswan/description/Default)
295 This package contains libfast, a lightweight framework to build native web
296 applications using ClearSilver and FastCGI.
299 define Package/strongswan-utils
300 $(call Package/strongswan/Default)
302 DEPENDS:= +strongswan
305 define Package/strongswan-utils/description
306 $(call Package/strongswan/description/Default)
307 This package contains the openac, pki & scepclient utilities.
311 define Package/strongswan-mod-$(1)
312 $$(call Package/strongswan/Default)
313 TITLE:= StrongSwan $(2) plugin
314 DEPENDS:= +strongswan $(3)
317 define Package/strongswan-mod-$(1)/install
318 $(INSTALL_DIR) $$(1)/usr/lib/ipsec/plugins
319 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-$(1).so \
320 $$(1)/usr/lib/ipsec/plugins/
321 $(call Plugin/$(1)/install,$$(1))
324 $$(eval $$(call BuildPackage,strongswan-mod-$(1)))
330 $(if $(CONFIG_PACKAGE_strongswan-libfast),--enable-fast,--disable-fast) \
331 $(if $(CONFIG_PACKAGE_strongswan-utils),--enable-tools,--disable-tools) \
332 --with-random-device="$(call qstrip,$(CONFIG_STRONGSWAN_DEVICE_RANDOM))" \
333 --with-urandom-device="$(call qstrip,$(CONFIG_STRONGSWAN_DEVICE_URANDOM))" \
334 --with-routing-table="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE))" \
335 --with-routing-table-prio="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO))" \
336 $(foreach m,$(PKG_MOD_AVAILABLE), \
337 $(if $(CONFIG_PACKAGE_strongswan-mod-$(m)),--enable-$(m),--disable-$(m)) \
340 ifneq ($(CONFIG_PACKAGE_strongswan-libfast),)
341 EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver
344 EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
346 define Package/strongswan/conffiles
352 define Package/strongswan/install
353 $(INSTALL_DIR) $(1)/etc
354 $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
355 $(INSTALL_DIR) $(1)/usr/lib/ipsec
356 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ipsec/
357 $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
358 $(INSTALL_DIR) $(1)/etc/init.d
359 $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
362 define Package/strongswan-default/install
366 define Package/strongswan-full/install
370 define Package/strongswan-minimal/install
374 define Package/strongswan-charon/install
375 $(INSTALL_DIR) $(1)/usr/lib/ipsec
376 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon $(1)/usr/lib/ipsec/
377 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/
380 define Package/strongswan-libfast/install
381 $(INSTALL_DIR) $(1)/usr/lib/ipsec
382 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libfast.so.* $(1)/usr/lib/ipsec/
385 define Package/strongswan-utils/install
386 $(INSTALL_DIR) $(1)/usr/sbin
387 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
388 $(INSTALL_DIR) $(1)/usr/lib/ipsec
389 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/
392 define Plugin/duplicheck/install
393 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
394 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/duplicheck $(1)/usr/lib/ipsec/
395 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-duplicheck.so $(1)/usr/lib/ipsec/plugins/
398 define Plugin/eap-radius/install
399 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
400 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libradius.so.* $(1)/usr/lib/ipsec/
401 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-eap-radius.so $(1)/usr/lib/ipsec/plugins/
404 define Plugin/attr-sql/install
405 $(INSTALL_DIR) $(1)/usr/lib/ipsec
406 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/
409 define Plugin/stroke/install
410 $(INSTALL_DIR) $(1)/etc/ipsec.d/aacerts
411 $(INSTALL_DIR) $(1)/etc/ipsec.d/acerts
412 $(INSTALL_DIR) $(1)/etc/ipsec.d/cacerts
413 $(INSTALL_DIR) $(1)/etc/ipsec.d/certs
414 $(INSTALL_DIR) $(1)/etc/ipsec.d/crls
415 $(INSTALL_DIR) $(1)/etc/ipsec.d/ocspcerts
416 $(INSTALL_DIR) $(1)/etc/ipsec.d/private
417 $(INSTALL_DIR) $(1)/etc/ipsec.d/reqs
419 $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
421 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
422 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{starter,stroke} $(1)/usr/lib/ipsec/
423 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-stroke.so $(1)/usr/lib/ipsec/plugins/
426 define Plugin/updown/install
427 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
428 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/
429 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/
432 define Plugin/whitelist/install
433 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
434 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/whitelist $(1)/usr/lib/ipsec/
435 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-whitelist.so $(1)/usr/lib/ipsec/plugins/
438 $(eval $(call BuildPackage,strongswan))
439 $(eval $(call BuildPackage,strongswan-default))
440 $(eval $(call BuildPackage,strongswan-full))
441 $(eval $(call BuildPackage,strongswan-minimal))
442 $(eval $(call BuildPackage,strongswan-charon))
443 $(eval $(call BuildPackage,strongswan-libfast))
444 $(eval $(call BuildPackage,strongswan-utils))
445 $(eval $(call BuildPlugin,addrblock,RFC 3779 address block constraint support,))
446 $(eval $(call BuildPlugin,aes,AES crypto,))
447 $(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+kmod-crypto-user))
448 $(eval $(call BuildPlugin,agent,SSH agent signing,))
449 $(eval $(call BuildPlugin,attr,file based config,))
450 $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-mod-sql))
451 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
452 $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
453 $(eval $(call BuildPlugin,cmac,CMAC crypto,))
454 $(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
455 $(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,))
456 $(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,))
457 $(eval $(call BuildPlugin,curl,cURL fetcher plugin,+PACKAGE_strongswan-mod-curl:libcurl))
458 $(eval $(call BuildPlugin,des,DES crypto,))
459 $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
460 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
461 $(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
462 $(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
463 $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
464 $(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,))
465 $(eval $(call BuildPlugin,eap-radius,EAP RADIUS auth,))
466 $(eval $(call BuildPlugin,farp,fake arp respsonses,))
467 $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1))
468 $(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,))
469 $(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt))
470 $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
471 $(eval $(call BuildPlugin,ha,high availability cluster,))
472 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
473 $(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
474 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
475 $(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
476 $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
477 $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
478 $(eval $(call BuildPlugin,load-tester,load testing,))
479 $(eval $(call BuildPlugin,nonce,nonce genereation,))
480 $(eval $(call BuildPlugin,md4,MD4 crypto,))
481 $(eval $(call BuildPlugin,md5,MD5 crypto,))
482 $(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r))
483 $(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl))
484 $(eval $(call BuildPlugin,padlock,VIA PadLock crypto,@TARGET_x86))
485 $(eval $(call BuildPlugin,pem,PEM decoding,))
486 $(eval $(call BuildPlugin,pgp,PGP key decoding,))
487 $(eval $(call BuildPlugin,pkcs1,PKCS1 key decoding,))
488 $(eval $(call BuildPlugin,pkcs8,PKCS8 key decoding,))
489 $(eval $(call BuildPlugin,pkcs11,PKCS11 key decoding,))
490 $(eval $(call BuildPlugin,pubkey,raw public key,))
491 $(eval $(call BuildPlugin,random,RNG,))
492 $(eval $(call BuildPlugin,resolve,DNS resolver,))
493 $(eval $(call BuildPlugin,revocation,X509 CRL/OCSP revocation,))
494 $(eval $(call BuildPlugin,sha1,SHA1 crypto,))
495 $(eval $(call BuildPlugin,sha2,SHA2 crypto,))
496 $(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2))
497 $(eval $(call BuildPlugin,socket-default,default socket implementation for charon,))
498 $(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,))
499 $(eval $(call BuildPlugin,sql,SQL database interface,))
500 $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3))
501 $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-utils))
502 $(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
503 $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
504 $(eval $(call BuildPlugin,unity,Cisco Unity extension,))
505 $(eval $(call BuildPlugin,updown,updown firewall,))
506 $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,))
507 $(eval $(call BuildPlugin,x509,x509 certificate,))
508 $(eval $(call BuildPlugin,xauth-eap,EAP XAuth backend,))
509 $(eval $(call BuildPlugin,xauth-generic,generic XAuth backend,))
510 $(eval $(call BuildPlugin,xcbc,xcbc crypto,))