diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-27 15:40:34 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-27 15:40:34 +0000 |
commit | cc7f376e575482c9a4866a4bd0c1f470394d740b (patch) | |
tree | f68205940618fe594dccd517e1e08bf4fa1e1001 | |
parent | 810bd67d7d700df0d376254a668e7390e3b344ed (diff) | |
download | vyos-strongswan-cc7f376e575482c9a4866a4bd0c1f470394d740b.tar.gz vyos-strongswan-cc7f376e575482c9a4866a4bd0c1f470394d740b.zip |
- Reenable capability dropping with libcap.
- Install additional libraries after strongswan refactoring.
- Cleanup rules.
-rw-r--r-- | debian/changelog | 4 | ||||
-rw-r--r-- | debian/control | 3 | ||||
-rw-r--r-- | debian/libstrongswan.install | 6 | ||||
-rwxr-xr-x | debian/rules | 4 | ||||
-rw-r--r-- | debian/strongswan-ikev2.install | 1 |
5 files changed, 12 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog index 1af3b66e5..7331b84a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,10 @@ strongswan (4.4.0-1) unstable; urgency=low * New upstream release, now with a high-availability plugin. * Enable building of ha, dhcp, and farp plugins. + * Enable capability dropping (now depends on libcap). Switching + user to new system user strongswan (with nogroup) after startup + is still disabled until the iptables updown script can be made + to work. -- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200 diff --git a/debian/control b/debian/control index 3059290f3..48e315466 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,8 @@ Build-Depends: debhelper (>= 7.1), libtool, libgmp3-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf, hardening-wrapper, network-manager-dev, libfcgi-dev, clearsilver-dev, libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7), - libnm-glib-vpn-dev (>= 0.7), libnm-util-dev (>= 0.7), gperf + libnm-glib-vpn-dev (>= 0.7), libnm-util-dev (>= 0.7), + gperf, libcap-dev Homepage: http://www.strongswan.org Package: strongswan diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install index a03944f27..6445b354e 100644 --- a/debian/libstrongswan.install +++ b/debian/libstrongswan.install @@ -1,5 +1,7 @@ -usr/lib/libstrongswan.so* usr/lib/ -usr/lib/ipsec/plugins/libstrongswan-gmp.so* usr/lib/ipsec/plugins/ +usr/lib/libstrongswan.so* usr/lib/ +usr/lib/libhydra.so* usr/lib/ +usr/lib/libfast.so* usr/lib/ +usr/lib/ipsec/plugins/libstrongswan-gmp.so* usr/lib/ipsec/plugins/ usr/lib/ipsec/plugins/libstrongswan-x509.so* usr/lib/ipsec/plugins/ usr/lib/ipsec/plugins/libstrongswan-pubkey.so* usr/lib/ipsec/plugins/ usr/lib/ipsec/plugins/libstrongswan-hmac.so* usr/lib/ipsec/plugins/ diff --git a/debian/rules b/debian/rules index 63df0f756..cdad0ee0f 100755 --- a/debian/rules +++ b/debian/rules @@ -13,7 +13,7 @@ export DEB_BUILD_HARDENING=1 CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --libexecdir=/usr/lib \ --enable-ldap --enable-curl \ - --enable-nonblocking --enable-thread \ + --with-capabilities=libcap \ --enable-smartcard --enable-cisco-quirks \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ @@ -22,7 +22,6 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ --enable-sql --enable-integrity-test \ --enable-nm --enable-ha --enable-dhcp --enable-farp - # --with-capabilities=libcap \ # --with-user=strongswan --with-group=nogroup \ # --enable-kernel-pfkey --enable-kernel-klips \ # Could enable --enable-nat-transport, but this is actually insecure, @@ -61,7 +60,6 @@ clean: #-$(MAKE) -C programs/fswcert/ clean # after a make clean, no binaries _should_ be left, but .... -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm - -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm # Really clean (#356716) # This is a hack: should be better implemented diff --git a/debian/strongswan-ikev2.install b/debian/strongswan-ikev2.install index 0bcd2324c..bd466b2ce 100644 --- a/debian/strongswan-ikev2.install +++ b/debian/strongswan-ikev2.install @@ -1,3 +1,4 @@ +usr/lib/libcharon.so* usr/lib/ usr/lib/ipsec/charon usr/lib/ipsec/ usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so* usr/lib/ipsec/plugins/ usr/lib/ipsec/plugins/libstrongswan-eap*.so* usr/lib/ipsec/plugins/ |