- Modularize: move stuff to sub-packages.

13 files changed, 131 insertions, 25 deletions

diff --git a/debian/changelog b/debian/changelog
index d2e7a6740..1b4060aa0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,7 +10,8 @@ strongswan (4.2.12-1) unstable; urgency=low
 
   * New upstream release. Starting with this version, the strongswan
     packages is modularized and includes support for plugins like the 
-    NetworkManager plugin.
+    NetworkManager plugin. Many details were adopted from Martin Willi's
+    packages.
   * Dropping support for raw RSA public/private keypairs, as charon does
     not support it.
   * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge.
diff --git a/debian/control b/debian/control
index e79379786..0e9d005aa 100644
--- a/debian/control
+++ b/debian/control
@@ -7,35 +7,94 @@ Build-Depends: debhelper (>= 7.0.0), libtool, libgmp3-dev, libssl-dev (>= 0.9.8)
 Homepage: http://www.strongswan.org
 
 Package: strongswan
+Architecture: all
+Depends: strongswan-ikev1, strongswan-ikev2
+Suggests: network-manager-strongswan
+Description: IPsec VPN solution metapackage
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ strongSwan is one of the two remaining forks of the original FreeS/WAN 
+ project and focuses on IKEv2 support, X.509 authentication and complete PKI 
+ support. For a focus on Opportunistic Encryption (OE) and interoperability 
+ with non-standard IPsec features, see Openswan.
+ .
+ This metapackage has dependencies to the IKEv1 daemon pluto and IKEv2 daemon
+ charon. It installs the required packages to run IKEv1 and IKEv2 connections
+ using a ipsec.conf/ipsec.secrets based configuration.
+
+Package: libstrongswan
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, openssl
+Description: strongSwan utility and crypto library
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ libstrongswan is the underlying library of charon and other strongSwan
+ components. It is built in a modular way and is extendable through various
+ plugins.
+
+Package: strongswan-starter
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan, strongswan-ikev1 | strongswan-ikev2
+Description: strongSwan daemon starter and configuration file parser
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ The starter and the associated "ipsec" script control both pluto and charon
+ from the command line. It parses ipsec.conf and loads the configurations to
+ the daemons. While the IKEv2 daemon can use other configuration backends, the
+ IKEv1 daemon is limited to configurations from ipsec.conf.
+
+Package: strongswan-ikev1
 Architecture: any
 Pre-Depends: debconf | debconf-2.0
-Depends: ${shlibs:Depends}, ${misc:Depends}, bsdmainutils, debianutils (>=1.7), ipsec-tools, openssl, host, iproute
+Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-starter, bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute
 Suggests: curl
 Provides: ike-server
 Conflicts: freeswan (<< 2.04-12), openswan
 Replaces: openswan
-Description: IPSec utilities for strongSwan
- strongSwan is an open source IPsec implementation for the Linux
- operating system. It is one of the two remaining forks of the 
- original FreeS/WAN projects and focuses on IKEv2 support, X.509 
- authentication and complete PKI support. For a focus on
- Opportunistic Encryption (OE) and interoperability with non-standard
- IPsec features, see Openswan.
- .
- In addition to OE, you may manually configure secure tunnels through
- untrusted networks. Everything passing through the untrusted net is
- encrypted by the IPsec gateway machine and decrypted by the gateway
- at the other end. The result is Virtual Private Network or VPN. This
- is a network which is effectively private even though it includes
- machines at several different sites connected by the insecure Internet.
- .
- Please note that you will need a recent kernel (>=2.4.24 or 2.6.x)
- for using this package. The standard Debian kernel includes both IPsec
- and crypto support, patching the kernel is no longer necessary!
+Description: strongSwan IKEv1 keying daemon
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ Pluto is a IPsec IKEv1 keying daemon. It was inherited from the FreeS/WAN
+ project, but provides improved X.509 certificate support and other features.
+ .
+ Pluto can run in parallel with charon, the newer IKEv2 daemon.
+
+Package: strongswan-ikev2
+Architecture: any
+Pre-Depends: debconf | debconf-2.0
+Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan, strongswan-starter | strongswan-nm, bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute
+Suggests: curl
+Provides: ike-server
+Conflicts: freeswan (<< 2.04-12), openswan
+Description: strongSwan IKEv2 keying daemon
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ Charon is the IPsec IKEv2 keying daemon of the strongSwan project. It is
+ written from scratch using a fully multi-threaded design and a modular
+ architecture. Various plugins provide additional functionality.
+ .
+ This build of charon can run in parallel with pluto, the IKEv1 daemon.
 
-Package: network-manager-strongswan
+Package: strongswan-nm
 Architecture: any
-Depends: ${shlibs:Depends}, strongswan, network-manager (>= 0.7)
+Depends: ${shlibs:Depends}, strongswan-ikev2
+Recommends: network-manager-strongswan
 Description: strongSwan plugin to interact with NetworkManager
- This plugin for NetworkManager allows to configure strongSwan
- and control the IKEv2 daemon directly through DBUS. 
+ strongSwan is a IPsec based VPN solution for the Linux kernel. It uses the
+ native IPsec stack and runs on any recent 2.6 kernel (no patching required).
+ It supports both IKEv1 and the newer IKEv2 protocols.
+ .
+ This plugin provides an interface which allows NetworkManager to configure
+ and control the IKEv2 daemon directly through DBUS. It is designed to work
+ in conjunction with the network-manager-strongswan package, providing
+ a simple graphical frontend to configure IPsec based VPNs.
diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install
new file mode 100644
index 000000000..9c2a6659b
--- /dev/null
+++ b/debian/libstrongswan.install
@@ -0,0 +1,9 @@
+usr/lib/libstrongswan.so*                                                       usr/lib/
+usr/lib/strongswan/plugins/libstrongswan-x509.so*       usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-pubkey.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-hmac.so*       usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-xcbc.so*       usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-random.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-openssl.so*    usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-padlock.so*    usr/lib/strongswan/plugins/
+etc/strongswan.conf                                                                     etc/
diff --git a/debian/rules b/debian/rules
index a743af7a1..2ab2b68de 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,7 +18,6 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
 		--with-default-pkcs11=/usr/lib/opensc-pkcs11.so \
 		--enable-mediation --enable-medsrv --enable-medcli \
 		--enable-openssl --enable-agent \
-		--enable-kernel-klips \
 		--disable-aes --disable-des --disable-fips-prf --disable-gmp \
 		--disable-md5 --disable-sha1 --disable-sha2 \
 		--enable-nm
diff --git a/debian/strongswan-ikev1.install b/debian/strongswan-ikev1.install
new file mode 100644
index 000000000..1ac8dce5a
--- /dev/null
+++ b/debian/strongswan-ikev1.install
@@ -0,0 +1,4 @@
+usr/lib/strongswan/pluto                usr/lib/strongswan/
+usr/lib/strongswan/_pluto_adns  usr/lib/strongswan/
+usr/lib/strongswan/whack                usr/lib/strongswan/
+usr/share/man/man8/pluto.8              usr/share/man/man8/
diff --git a/debian/strongswan-ikev2.install b/debian/strongswan-ikev2.install
new file mode 100644
index 000000000..6827b7d6f
--- /dev/null
+++ b/debian/strongswan-ikev2.install
@@ -0,0 +1,9 @@
+usr/lib/strongswan/charon       usr/lib/strongswan/
+usr/lib/strongswan/plugins/libstrongswan-kernel-netlink.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-eapgtc.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-eapidentity.so*        usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-eapmd5.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-eapmschapv2.so*        usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-agent.so*      usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-curl.so*       usr/lib/strongswan/plugins/
+usr/lib/strongswan/plugins/libstrongswan-ldap.so*       usr/lib/strongswan/plugins/
diff --git a/debian/strongswan.config b/debian/strongswan-starter.config
index eb5f2c2dd..eb5f2c2dd 100644
--- a/debian/strongswan.config
+++ b/debian/strongswan-starter.config
diff --git a/debian/strongswan-starter.install b/debian/strongswan-starter.install
new file mode 100644
index 000000000..60de34d5a
--- /dev/null
+++ b/debian/strongswan-starter.install
@@ -0,0 +1,25 @@
+# starter
+usr/lib/strongswan/starter                              usr/lib/strongswan/
+usr/lib/strongswan/_copyright                   usr/lib/strongswan/
+usr/sbin/ipsec                                                  usr/sbin/
+etc/ipsec.d                                                             etc/
+etc/ipsec.conf                                                  etc/
+etc/ipsec.secrets                                                  etc/
+usr/share/man/man8/ipsec.8                              usr/share/man/man8/
+usr/share/man/man8/_copyright.8                 usr/share/man/man8/
+usr/share/man/man5/ipsec.conf.5                 usr/share/man/man5/
+usr/share/man/man5/ipsec.secrets.5              usr/share/man/man5/
+# updown
+usr/lib/strongswan/plugins/libstrongswan-updown.so*     usr/lib/strongswan/plugins/
+usr/lib/strongswan/_updown                                                      usr/lib/strongswan/
+usr/lib/strongswan/_updown_espmark                                      usr/lib/strongswan/
+usr/share/man/man8/_updown.8                                            usr/share/man/man8/
+usr/share/man/man8/_updown_espmark.8                            usr/share/man/man8/
+# tools
+usr/lib/strongswan/scepclient           usr/lib/strongswan/
+usr/lib/strongswan/openac                       usr/lib/strongswan/
+usr/share/man/man8/scepclient.8         usr/share/man/man8/
+usr/share/man/man8/openac.8                     usr/share/man/man8/
+# stroke
+usr/lib/strongswan/stroke                                                       usr/lib/strongswan/
+usr/lib/strongswan/plugins/libstrongswan-stroke.so*     usr/lib/strongswan/plugins/
diff --git a/debian/strongswan.ipsec.init b/debian/strongswan-starter.ipsec.init
index 5cefef516..5cefef516 100644
--- a/debian/strongswan.ipsec.init
+++ b/debian/strongswan-starter.ipsec.init
diff --git a/debian/strongswan.postinst b/debian/strongswan-starter.postinst
index c63273dc2..c63273dc2 100644
--- a/debian/strongswan.postinst
+++ b/debian/strongswan-starter.postinst
diff --git a/debian/strongswan.postrm b/debian/strongswan-starter.postrm
index 18f9069b6..18f9069b6 100644
--- a/debian/strongswan.postrm
+++ b/debian/strongswan-starter.postrm
diff --git a/debian/strongswan.prerm b/debian/strongswan-starter.prerm
index c1ba063d6..c1ba063d6 100644
--- a/debian/strongswan.prerm
+++ b/debian/strongswan-starter.prerm
diff --git a/debian/strongswan.templates b/debian/strongswan-starter.templates
index 781773ac5..781773ac5 100644
--- a/debian/strongswan.templates
+++ b/debian/strongswan-starter.templates