summaryrefslogtreecommitdiff
path: root/scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch')
-rw-r--r--scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch115
1 files changed, 115 insertions, 0 deletions
diff --git a/scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch b/scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch
new file mode 100644
index 00000000..57a622e8
--- /dev/null
+++ b/scripts/package-build/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch
@@ -0,0 +1,115 @@
+From ee6c0b3ff6e3df5c7aef628621e19a813ff308ed Mon Sep 17 00:00:00 2001
+From: Christian Poessinger <christian@poessinger.com>
+Date: Tue, 27 Dec 2022 13:36:43 +0000
+Subject: [PATCH] VyOS: disable options enabled by Debian that are unused
+
+VyOS does not implement CLI options for all options exposed by Debian.
+
+The following options need to be disabled for the DMVPN patchset:
+ - mediation
+ - nm
+
+In addition we have no LED, LDAP and SQL configuration knows, thus we spare
+the plugins.
+---
+ debian/libcharon-extra-plugins.install | 3 ---
+ debian/libstrongswan-extra-plugins.install | 3 ---
+ debian/rules | 11 ++++++++++-
+ debian/strongswan-nm.install | 2 --
+ 4 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install
+index 94fbabd88..068708ecb 100644
+--- a/debian/libcharon-extra-plugins.install
++++ b/debian/libcharon-extra-plugins.install
+@@ -13,7 +13,6 @@ usr/lib/ipsec/plugins/libstrongswan-error-notify.so
+ usr/lib/ipsec/plugins/libstrongswan-forecast.so
+ usr/lib/ipsec/plugins/libstrongswan-ha.so
+ usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so
+-usr/lib/ipsec/plugins/libstrongswan-led.so
+ usr/lib/ipsec/plugins/libstrongswan-lookip.so
+ #usr/lib/ipsec/plugins/libstrongswan-medsrv.so
+ #usr/lib/ipsec/plugins/libstrongswan-medcli.so
+@@ -36,7 +35,6 @@ usr/share/strongswan/templates/config/plugins/error-notify.conf
+ usr/share/strongswan/templates/config/plugins/forecast.conf
+ usr/share/strongswan/templates/config/plugins/ha.conf
+ usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf
+-usr/share/strongswan/templates/config/plugins/led.conf
+ usr/share/strongswan/templates/config/plugins/lookip.conf
+ #usr/share/strongswan/templates/config/plugins/medsrv.conf
+ #usr/share/strongswan/templates/config/plugins/medcli.conf
+@@ -60,7 +58,6 @@ etc/strongswan.d/charon/error-notify.conf
+ etc/strongswan.d/charon/forecast.conf
+ etc/strongswan.d/charon/ha.conf
+ etc/strongswan.d/charon/kernel-libipsec.conf
+-etc/strongswan.d/charon/led.conf
+ etc/strongswan.d/charon/lookip.conf
+ #etc/strongswan.d/charon/medsrv.conf
+ #etc/strongswan.d/charon/medcli.conf
+diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install
+index 2846e2155..00cd0a146 100644
+--- a/debian/libstrongswan-extra-plugins.install
++++ b/debian/libstrongswan-extra-plugins.install
+@@ -8,7 +8,6 @@ usr/lib/ipsec/plugins/libstrongswan-ctr.so
+ usr/lib/ipsec/plugins/libstrongswan-curl.so
+ usr/lib/ipsec/plugins/libstrongswan-curve25519.so
+ usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
+-usr/lib/ipsec/plugins/libstrongswan-ldap.so
+ usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
+ usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
+ usr/lib/ipsec/plugins/libstrongswan-tpm.so
+@@ -20,7 +19,6 @@ usr/share/strongswan/templates/config/plugins/ctr.conf
+ usr/share/strongswan/templates/config/plugins/curl.conf
+ usr/share/strongswan/templates/config/plugins/curve25519.conf
+ usr/share/strongswan/templates/config/plugins/gcrypt.conf
+-usr/share/strongswan/templates/config/plugins/ldap.conf
+ usr/share/strongswan/templates/config/plugins/pkcs11.conf
+ usr/share/strongswan/templates/config/plugins/test-vectors.conf
+ usr/share/strongswan/templates/config/plugins/tpm.conf
+@@ -31,7 +29,6 @@ etc/strongswan.d/charon/ctr.conf
+ etc/strongswan.d/charon/curl.conf
+ etc/strongswan.d/charon/curve25519.conf
+ etc/strongswan.d/charon/gcrypt.conf
+-etc/strongswan.d/charon/ldap.conf
+ etc/strongswan.d/charon/pkcs11.conf
+ etc/strongswan.d/charon/test-vectors.conf
+ etc/strongswan.d/charon/tpm.conf
+diff --git a/debian/rules b/debian/rules
+index 2fed1f10f..fa0d21a0c 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -3,6 +3,15 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,-O1
+ #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs
+ export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
++CONFIGUREARGS_VYOS := --disable-warnings \
++ --disable-ldap \
++ --disable-led \
++ --disable-nm \
++ --disable-mediation \
++ --disable-mysql \
++ --disable-sqlite \
++ --disable-sql
++
+ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
+ --enable-addrblock \
+ --enable-agent \
+@@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
+ deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,)
+
+ override_dh_auto_configure:
+- dh_auto_configure -- $(CONFIGUREARGS)
++ dh_auto_configure -- $(CONFIGUREARGS) $(CONFIGUREARGS_VYOS)
+
+ override_dh_auto_clean:
+ dh_auto_clean
+diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install
+index b0c05d94f..e69de29bb 100644
+--- a/debian/strongswan-nm.install
++++ b/debian/strongswan-nm.install
+@@ -1,2 +0,0 @@
+-usr/lib/ipsec/charon-nm
+-usr/share/dbus-1/system.d/nm-strongswan-service.conf
+--
+2.30.2
+