diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-09-01 07:05:58 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-09-01 07:05:58 +0000 |
| commit | e855a6d4aacd39908acdeec6d6bafcf4e9c3aa12 (patch) | |
| tree | be3f062190c78dc1bea893c554610a21165b980b | |
| parent | c195a7a5c9826db4eaa98943dbe08165b5ef3745 (diff) | |
| download | vyos-strongswan-e855a6d4aacd39908acdeec6d6bafcf4e9c3aa12.tar.gz vyos-strongswan-e855a6d4aacd39908acdeec6d6bafcf4e9c3aa12.zip | |
- Tweaked configure options for a smaller package.
| -rw-r--r-- | debian/changelog | 16 | ||||
| -rwxr-xr-x | debian/rules | 16 |
2 files changed, 25 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index 8d6caba9d..7e8e8b920 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 01 Sep 2008 08:59:10 +0200 + strongswan (4.2.4-3) unstable; urgency=low * Changed configure option to build peer-to-peer service again. diff --git a/debian/rules b/debian/rules index 23d64ab3f..90ccca852 100755 --- a/debian/rules +++ b/debian/rules @@ -16,9 +16,10 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-nonblocking --enable-thread \ --enable-smartcard --enable-cisco-quirks \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ - --enable-xml \ - --enable-mediation --enable-manager \ - --enable-openssl + --enable-mediation \ + --enable-openssl \ + --disable-aes --disable-des --disable-fips-prf --disable-gmp \ + --disable-md5 --disable-sha1 --disable-sha2 # Could enable --enable-nat-transport, but this is actually insecure, # so don't! # And for --enable-eap-sim we would need the library, which we don't @@ -26,10 +27,11 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) -#the padlock plugin only makes sense on i386 -ifeq ($(DEB_BUILD_ARCH_CPU),i386) - CONFIGUREARGS += --enable-padlock -endif +# the padlock plugin only makes sense on i386 +# but it actually doesn't do much, so no need to enable it +#ifeq ($(DEB_BUILD_ARCH_CPU),i386) +# CONFIGUREARGS += --enable-padlock +#endif configure: configure-stamp |