diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2012-07-02 15:41:16 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-07-02 15:41:53 +0200 |
| commit | 1ad7db82d5016c43353dc2dff02d6c422c080c60 (patch) | |
| tree | a525fabf68a7c48d0a1eaf8a02d2d5983d84e9fa /debian/rules | |
| parent | 7cdc5510e163b66be3b6379d1b3a785f2c91e4e5 (diff) | |
| download | vyos-strongswan-1ad7db82d5016c43353dc2dff02d6c422c080c60.tar.gz vyos-strongswan-1ad7db82d5016c43353dc2dff02d6c422c080c60.zip | |
correcty hande non linux arches:
* debian/rules:
- and finally libcap-dev linux-any too...
- make -ikev1 linux-any since pluto can't be build on FreeBSD.
- handle non kFreeBSD more carefully closes: #640928
+ don't enable NM and Linux capabilities drop;
+ disable pluto (and xauth plugin);
+ don't enable farp and dhcp, enable kernel-pf{key,route} plugins
Diffstat (limited to 'debian/rules')
| -rwxr-xr-x | debian/rules | 58 |
1 files changed, 50 insertions, 8 deletions
diff --git a/debian/rules b/debian/rules index 373264e9e..6bb408ecb 100755 --- a/debian/rules +++ b/debian/rules @@ -4,7 +4,6 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-ldap --enable-curl \ - --with-capabilities=libcap \ --enable-smartcard --enable-pkcs11 \ --with-default-pkcs11=/usr/lib/$(DEB_HOST_MULTIARCH)/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ @@ -14,10 +13,9 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ --enable-sql --enable-integrity-test \ - --enable-ha --enable-dhcp --enable-farp \ + --enable-ha \ --enable-led --enable-gcrypt \ --enable-test-vectors --enable-nat-transport \ - --enable-nm \ --with-user=strongswan --with-group=nogroup \ --disable-blowfish --disable-des # BSD-Young license # --enable-kernel-pfkey --enable-kernel-klips \ @@ -31,7 +29,25 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ # but it actually doesn't do much, so maybe we don't need it DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) ifeq ($(DEB_BUILD_ARCH_CPU),i386) - CONFIGUREARGS += --enable-padlock + CONFIGUREARGS += --enable-padlock +endif + +ifeq ($(DEB_BUILD_ARCH_OS),linux) + # only enable network-manager and capabilities dropping on linux hosts + # some plugins are linux-only too + CONFIGUREARGS += --enable-nm \ + --with-capabilities=libcap \ + --enable-farp \ + --enable-dhcp +endif + +ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) + # recommended configure line for FreeBSD + # http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD + CONFIGUREARGS += --disable-kernel-netlink \ + --enable-kernel-pfkey --enable-kernel-pfroute \ + --disable-pluto --with-group=wheel + #--disable-tools --disable-scripts --disable-pluto --with-group=wheel endif override_dh_auto_configure: @@ -55,14 +71,37 @@ override_dh_auto_clean: override_dh_install: - # install files from debian/tmp into proper package dirs - dh_install --fail-missing -X\.la -X\.a -Xmedsrv -Xman3 -Xlibstrongswan-padlock.so - # special handling for padlock, as it is only built on i386 + # first special cases +ifeq ($(DEB_BUILD_ARCH_OS),linux) + # handle Linux-only plugins + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-dhcp.so + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-farp.so + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-xauth.so + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-kernel-netlink.so +endif + +ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) + # handle FreeBSD-only plugins + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-kernel-pfkey.so + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-kernel-pfroute.so +endif + ifeq ($(DEB_BUILD_ARCH_CPU),i386) - install $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-padlock.so* $(CURDIR)/debian/libstrongswan/usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/ + # special handling for padlock, as it is only built on i386 + dh_install -p libstrongswan usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-padlock.so endif + # then install the rest, ignoring the above + dh_install --fail-missing \ + -X\.la -X\.a \ + -Xmedsrv -Xman3 \ + -Xlibstrongswan-kernel \ + -Xlibstrongswan-dhcp.so \ + -Xlibstrongswan-farp.so \ + -Xlibstrongswan-xauth.so \ + -Xlibstrongswan-padlock.so + # add additional files not covered by upstream makefile... install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets # also "patch" ipsec.conf to include the debconf-managed file @@ -103,5 +142,8 @@ override_dh_fixperms: override_dh_makeshlibs: dh_makeshlibs -n -X usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins +override_dh_installlogcheck: + dh_installlogcheck --name strongswan + %: dh $@ --parallel |