Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libreswan: various fixes

Browse source 
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
This commit is contained in:
Lucian Cristian 2020-05-17 04:57:48 +03:00
parent dad8672037
commit a659c58f29
3 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
net/libreswan/Makefile
View file

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan PKG_NAME:=libreswan
PKG_VERSION:=3.32 PKG_VERSION:=3.32
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/ PKG_SOURCE_URL:=https://download.libreswan.org/
@ -45,7 +45,7 @@ $(call Package/libreswan/Default)
+kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \ +kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
+kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \ +kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
+kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \ +kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \
+libldns +librt +libunbound-heavy +nss-utils +nspr +libldns +librt +libunbound-heavy +nss-utils +nspr +libcap-ng
PROVIDES:=openswan PROVIDES:=openswan
CONFLICTS:=strongswan CONFLICTS:=strongswan
TITLE+= IPsec Server TITLE+= IPsec Server
@ -69,6 +69,7 @@ TARGET_CFLAGS += -flto
MAKE_FLAGS+= \ MAKE_FLAGS+= \
WERROR_CFLAGS=" " \ WERROR_CFLAGS=" " \
NSS_REQ_AVA_COPY=false \
USE_LINUX_AUDIT=false \ USE_LINUX_AUDIT=false \
USE_LABELED_IPSEC=false \ USE_LABELED_IPSEC=false \
USE_NM=false \ USE_NM=false \
@ -77,11 +78,12 @@ MAKE_FLAGS+= \
USE_LIBCURL=false \ USE_LIBCURL=false \
USE_GLIBC_KERN_FLIP_HEADERS=true \ USE_GLIBC_KERN_FLIP_HEADERS=true \
USE_XAUTHPAM=false \ USE_XAUTHPAM=false \
USE_LIBCAP_NG=false \ USE_LIBCAP_NG=true \
USE_SYSTEMD_WATCHDOG=false \ USE_SYSTEMD_WATCHDOG=false \
USE_SECCOMP=false\ USE_SECCOMP=false\
INC_USRLOCAL="/usr" \ INC_USRLOCAL="/usr" \
FINALRUNDIR="/var/run/pluto" \ FINALRUNDIR="/var/run/pluto" \
MODPROBEARGS="-q" \
ARCH="$(LINUX_KARCH)" \ ARCH="$(LINUX_KARCH)" \
ifdef CONFIG_LINUX_4_14 ifdef CONFIG_LINUX_4_14

1
net/libreswan/files/ipsec.init
View file

@ -11,6 +11,7 @@ IPSEC_BIN=/usr/sbin/ipsec
checkconfig() { checkconfig() {
${IPSEC_BIN} addconn --checkconfig || return 1 ${IPSEC_BIN} addconn --checkconfig || return 1
mkdir -p /var/run/pluto
} }
start_service() { start_service() {

12
net/libreswan/patches/099-continue_on_missing_ipv6.patch Normal file
View file

@ -0,0 +1,12 @@
--- a/programs/pluto/kernel_xfrm.c 2020-05-16 19:12:30.107226478 +0300
+++ b/programs/pluto/kernel_xfrm.c 2020-05-16 19:20:25.735522574 +0300
@@ -2759,7 +2759,8 @@
LOG_ERRNO(errno, "\"%s\"", proc_f);
}
} else {
- LOG_ERRNO(errno, "could not stat \"%s\"", proc_f);
+ DBG(DBG_KERNEL, DBG_log("starting without ipv6 support!"));
+ disable_ipv6 = 1;
}
if (disable_ipv6 == 1) {