summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-27 15:40:34 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-27 15:40:34 +0000
commitcc7f376e575482c9a4866a4bd0c1f470394d740b (patch)
treef68205940618fe594dccd517e1e08bf4fa1e1001
parent810bd67d7d700df0d376254a668e7390e3b344ed (diff)
downloadvyos-strongswan-cc7f376e575482c9a4866a4bd0c1f470394d740b.tar.gz
vyos-strongswan-cc7f376e575482c9a4866a4bd0c1f470394d740b.zip
- Reenable capability dropping with libcap.
- Install additional libraries after strongswan refactoring. - Cleanup rules.
-rw-r--r--debian/changelog4
-rw-r--r--debian/control3
-rw-r--r--debian/libstrongswan.install6
-rwxr-xr-xdebian/rules4
-rw-r--r--debian/strongswan-ikev2.install1
5 files changed, 12 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index 1af3b66e5..7331b84a7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ strongswan (4.4.0-1) unstable; urgency=low
* New upstream release, now with a high-availability plugin.
* Enable building of ha, dhcp, and farp plugins.
+ * Enable capability dropping (now depends on libcap). Switching
+ user to new system user strongswan (with nogroup) after startup
+ is still disabled until the iptables updown script can be made
+ to work.
-- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200
diff --git a/debian/control b/debian/control
index 3059290f3..48e315466 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,8 @@ Build-Depends: debhelper (>= 7.1), libtool, libgmp3-dev,
libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf,
hardening-wrapper, network-manager-dev, libfcgi-dev, clearsilver-dev,
libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7),
- libnm-glib-vpn-dev (>= 0.7), libnm-util-dev (>= 0.7), gperf
+ libnm-glib-vpn-dev (>= 0.7), libnm-util-dev (>= 0.7),
+ gperf, libcap-dev
Homepage: http://www.strongswan.org
Package: strongswan
diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install
index a03944f27..6445b354e 100644
--- a/debian/libstrongswan.install
+++ b/debian/libstrongswan.install
@@ -1,5 +1,7 @@
-usr/lib/libstrongswan.so* usr/lib/
-usr/lib/ipsec/plugins/libstrongswan-gmp.so* usr/lib/ipsec/plugins/
+usr/lib/libstrongswan.so* usr/lib/
+usr/lib/libhydra.so* usr/lib/
+usr/lib/libfast.so* usr/lib/
+usr/lib/ipsec/plugins/libstrongswan-gmp.so* usr/lib/ipsec/plugins/
usr/lib/ipsec/plugins/libstrongswan-x509.so* usr/lib/ipsec/plugins/
usr/lib/ipsec/plugins/libstrongswan-pubkey.so* usr/lib/ipsec/plugins/
usr/lib/ipsec/plugins/libstrongswan-hmac.so* usr/lib/ipsec/plugins/
diff --git a/debian/rules b/debian/rules
index 63df0f756..cdad0ee0f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,7 +13,7 @@ export DEB_BUILD_HARDENING=1
CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--libexecdir=/usr/lib \
--enable-ldap --enable-curl \
- --enable-nonblocking --enable-thread \
+ --with-capabilities=libcap \
--enable-smartcard --enable-cisco-quirks \
--with-default-pkcs11=/usr/lib/opensc-pkcs11.so \
--enable-mediation --enable-medsrv --enable-medcli \
@@ -22,7 +22,6 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \
--enable-sql --enable-integrity-test \
--enable-nm --enable-ha --enable-dhcp --enable-farp
- # --with-capabilities=libcap \
# --with-user=strongswan --with-group=nogroup \
# --enable-kernel-pfkey --enable-kernel-klips \
# Could enable --enable-nat-transport, but this is actually insecure,
@@ -61,7 +60,6 @@ clean:
#-$(MAKE) -C programs/fswcert/ clean
# after a make clean, no binaries _should_ be left, but ....
-find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm
- -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm
# Really clean (#356716)
# This is a hack: should be better implemented
diff --git a/debian/strongswan-ikev2.install b/debian/strongswan-ikev2.install
index 0bcd2324c..bd466b2ce 100644
--- a/debian/strongswan-ikev2.install
+++ b/debian/strongswan-ikev2.install
@@ -1,3 +1,4 @@
+usr/lib/libcharon.so* usr/lib/
usr/lib/ipsec/charon usr/lib/ipsec/
usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so* usr/lib/ipsec/plugins/
usr/lib/ipsec/plugins/libstrongswan-eap*.so* usr/lib/ipsec/plugins/