diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 06:41:59 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 06:41:59 +0000 |
| commit | c6d4f7459c3436c6e629a6b1fcd7f73bcaeca790 (patch) | |
| tree | ceeffc0a0897427a5c42733da1d9d46992f303f7 /debian | |
| parent | 4769e2f961d2930ffcc6cfa5b1561548e4ea552c (diff) | |
| download | vyos-strongswan-c6d4f7459c3436c6e629a6b1fcd7f73bcaeca790.tar.gz vyos-strongswan-c6d4f7459c3436c6e629a6b1fcd7f73bcaeca790.zip | |
- s/openswan/strongswan/g
- s/Openswan/strongSwan/g
But basically manually. Is certainly incomplete right now.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 496 | ||||
| -rw-r--r-- | debian/changelog.debian | 10 | ||||
| -rw-r--r-- | debian/control | 50 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.apply (renamed from debian/linux-patch-openswan.apply) | 0 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.dirs (renamed from debian/linux-patch-openswan.dirs) | 0 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.docs (renamed from debian/linux-patch-openswan.docs) | 0 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.unpatch (renamed from debian/linux-patch-openswan.unpatch) | 0 | ||||
| -rwxr-xr-x | debian/rules | 204 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.control.in (renamed from debian/openswan-modules-source.control.in) | 0 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.dirs (renamed from debian/openswan-modules-source.dirs) | 0 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.docs (renamed from debian/openswan-modules-source.docs) | 0 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.kernel-config (renamed from debian/openswan-modules-source.kernel-config) | 0 | ||||
| -rwxr-xr-x | debian/strongswan-modules-source.rules (renamed from debian/openswan-modules-source.rules) | 0 | ||||
| -rw-r--r-- | debian/strongswan.config (renamed from debian/openswan.config) | 0 | ||||
| -rw-r--r-- | debian/strongswan.dirs (renamed from debian/openswan.dirs) | 0 | ||||
| -rw-r--r-- | debian/strongswan.docs (renamed from debian/openswan.docs) | 0 | ||||
| -rw-r--r-- | debian/strongswan.postinst (renamed from debian/openswan.postinst) | 0 | ||||
| -rw-r--r-- | debian/strongswan.postrm (renamed from debian/openswan.postrm) | 0 | ||||
| -rw-r--r-- | debian/strongswan.prerm (renamed from debian/openswan.prerm) | 0 | ||||
| -rw-r--r-- | debian/strongswan.templates (renamed from debian/openswan.templates) | 0 | ||||
| -rw-r--r-- | debian/strongswan.templates.master (renamed from debian/openswan.templates.master) | 68 |
21 files changed, 171 insertions, 657 deletions
diff --git a/debian/changelog b/debian/changelog index 8b7e14fda..6e4484588 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,497 +1,9 @@ -openswan (1:2.4.5-3) unstable; urgency=low +strongswan (2.7.0-1) unstable; urgency=low - * Renamed kernel-patch-openswan to linux-patch-openswan. - * Removed the remarks in the package descriptions that linux-patch-openswan - and openswan-modules-source will only work with 2.4 series kernels. This - is no longer true. - * Use updated French translation. Thanks to Christian Perrier and sorry for - not giving time to update the translations before the last upload. I felt - that the FTBFS should be corrected quickly. - Closes: #364399: openswan: [INTL:fr] French debconf templates translation + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. - -- Rene Mayrhofer <rmayr@debian.org> Sun, 23 Apr 2006 21:47:53 +0100 - -openswan (1:2.4.5-2) unstable; urgency=low - - * The NMU patch doesn't seem to have applied to debian/control, - because the dependency was still on libopensc1-dev. Fixed that now - by adding libopensc2-dev. - Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on - libopensc1-dev - * Added the patch to fix alignment issues on Sparc, as upstream acknowledged - it and applied it to their development tree. - Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due - to request memory alignment issue - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 17 Apr 2006 14:53:37 +0100 - -openswan (1:2.4.5-1) unstable; urgency=low - - * New upstream release. This release adds support for patching newer kernel - versions. Verified that the patched kernel tree compiles with Debian - kernel sources 2.6.15-8 and 2.6.16-6. - Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 - kernel - It also adds the patches for an IPSec/L2TP server behind a NAT. - Closes: #307529: More patches for openswan server behind NAT - Closes: #353792: openswan nat-t failure - And additionally there are (according to upstream changelogs) fixes for - running on SMP systems. If the following bug still persists (can not test - myself), then please reopen. - Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze - The patch to fix the snmpd crash is also in this upstream version (just - checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions - as well, so this might have been closed earlier. It's not mentioned in - upstream changelog, so I don't know exactly when it has been fixed. - Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference - when using snmpd - The ipsec.conf manual page has been updated to document connaddrfamily. - Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the - parameter "connaddrfamily" - * Acknowledge fixes in last NMU - thanks to Christian. - Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no - installation candidate - Closes: #356716: openswan: Incomplete clean when building - Closes: #316693: openswan_1/2.2.0-10 - Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation - * Enable building of XAUTH support. - * Import override files from /etc/default instead of /etc/sysconfig. This - uses dpatch, so now Build-Depend on it. - Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, - please change to /etc/default/ - * Only ask if an existing certificate/private key pair should be used when - the user chose not to create a new key pair. Also mention, when asking to - create a new key pair, that an existing one can be used alternatively. - Closes: #298250: confusing debconf question about certificate creation - * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the - "make install" to the "make programs" call where it belongs. - Closes: #292838: openswan: Dynamic CRL fetching not supported - * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of - /usr/share/doc/openswan/doc/index.html, and only the latter one has links - to existing files. - Closes: #311613: openswan: html documentation links to the wrong place - Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html - Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html - * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and - vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, - a second option is necessary for inet_(add|del)_protocol. This should - allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified - that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. - Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on - sarge - Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 - 2.4.27-11 - * Document in README.Debian that KLIPS for 2.4 kernels will not compile with - newer GCC versions and give a hint on how to use older versions with - make-kpkg. - * Kernel 2.6.8 is not properly supported and is horribly outdated by now. - If you really need to use 2.6.8, then please use the native 26sec IPSec - stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. - Closes: #318136: kernel-patch-openswan: Problem applying - kernel-openswan-patch to kernel-source-2.6.8 - * Compress the modules source tree with bzip2 instead of gzip and thus - reduce the size of the openswan-modules-source package. - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 15 Apr 2006 21:36:36 +0100 - -openswan (1:2.4.4-3.1) unstable; urgency=high - - * Non-maintainer upload with maintainer's agreement - * Fix FTBFS by replacing the build dependency on libopensc1-dev to - libopensc2-dev. Closes: #352050 - * Really clean when building - Closes: #356716 - * Correct typos and English errors in templates - Unfuzzy translations - Closes: #316693 - * Swedish debconf templates translation added - Closes: #339390 - - -- Christian Perrier <bubulle@debian.org> Thu, 16 Mar 2006 06:10:05 +0100 - -openswan (1:2.4.4-3) unstable; urgency=low - - * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. - Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script - but =freeswan in unpatch - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 27 Dec 2005 10:38:33 +0000 - -openswan (1:2.4.4-2) unstable; urgency=low - - * Build-depend on libkrb5-dev. - Closes: #344612: openswan: pluto has shared library dependency on - libkrb5support.so - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Dec 2005 11:22:17 +0000 - -openswan (1:2.4.4-1) unstable; urgency=high - - Reasoning for urgency high: DoS security issues. - * New upstream version. This is supposed to fix the other part of the DoS - problem. - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 18 Nov 2005 19:23:49 +0000 - -openswan (1:2.4.3-1) unstable; urgency=high - - Reasoning for urgency high: DoS security issues. - * New upstream version. - Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation - problems / DoS - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 15 Nov 2005 15:49:44 +0000 - -openswan (1:2.4.0-3) unstable; urgency=low - - * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 - package branch. Now again change the debconf depends to debconf | - debconf-2.0. - Closes: #332055: openswan depends on debconf without | debconf-2.0 - alternate; blocks cdebconf transition - * Also build-depend on the new libssl (>= 0.9.8-1) now to help the - transition. If you recompile this package for woody/sarge, you can safely - ignore this versioned build-dependency. No new API is needed this is just - for the ABI transition. - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 10 Oct 2005 11:22:12 +0100 - -openswan (1:2.4.0-2) unstable; urgency=low - - * Module building has changed a bit for the new openswan upstream - releases (need additional files). Adapt the openswan-modules-source - package to that and also fix pfkey_v2.c to compile with kernel 2.4 - (patches sent to upstream for future inclusion). - Closes: #291274: Fails to build with 2.4.29: missing Makefile - Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - * Fix the postinst script (must have been a bash update that broke it). - Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a - valid identifier" - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 30 Sep 2005 18:11:28 +0100 - -openswan (1:2.4.0-1) unstable; urgency=low - - * New upstream release. This finally allows the Debian packages to be - updated since the regression from 2.2.X to 2.3.X has been fixed (pluto - crash with roadwarriors). Please be aware that pluto daemons from 2.2 or - 2.3 openswan release will still crash, so please update all your - installations as soon as possible. - Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior - comes in using 2.3.0 - This release also supports KLIPS with 2.6 kernels now. - Closes: #301801: kernel-patch-openswan: Fails to build with Debian - 2.6.10 source - #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - #318136: kernel-patch-openswan: Problem applying - kernel-openswan-patch to kernel-source-2.6.8 - * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). - * Added Vietnamese debconf translation. - Closes: #316692: INTL:vi - * Introduced the epoch in this branch to allow automatic updates from the - previously downgraded 2.2 release. - * Edited the debian/copyright file to mention the shared GPL path and - removed old licenses (only refer to CREDITS now). - - -- Rene Mayrhofer <rmayr@debian.org> Mon, 19 Sep 2005 13:40:30 +0100 - -openswan (2.3.1-1) unstable; urgency=high - - Urgency HIGH because openswan is an important package for testing (at least - in my opinion...). - * New upstream version. This update should fix the various crashes - that openswan 2.3.0 pluto was causing on other openswan boxes - (occured in the wild with 2.2.0 and 2.3.0, but might also happen - with others) in some cases. - Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior - comes in using 2.3.0 - * Adapt to the new way of building modules (which changed between upstream - version 2.2.0 and 2.3.0). openswan-modules-source should now build with - 2.4 and with 2.6 kernels (using make-kpkg). - Closes: #291274: Fails to build with 2.4.29: missing Makefile - Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o - not kernel modules - * Also enable building of 2.6 kernel modules in openswan-modules-source. - Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - - different from #273144 (?) - * kernel-patch-openswan also needed some changes due to the new tree - layout (specifically the new Makefile.top). Now kernel-patch-openswan - has been enabled to work with kernel 2.6, so you can now get ipsecX - interfaces with kernel 2.6 (tested with vanilla 2.6.10)! - Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 - source - * There was no reply by the original bug submitter, so this really seemed - to be a toolchain problem. I can't reproduce this bug. - Closes: #283387: openswan: Fails to build on testing (Sarge) - * The build-dependency has already been updated from libcurl2-dev to - libcurl3-dev in package 2.3.0-1. Now updated it to - libcurl3-dev | libcurl2-dev so that backporting to woody is easier. - Closes: #298468 openswan fails to build on sarge due to missing - libcurl2-dev dependancy - * The same goes for libopensc*-dev. - * Fixed typos in the logcheck ignore files. - Closes: #298693: openswan: logcheck files - typo - * Updated debconf translations. - Closes: #290847: openswan: [INTL:fr] French debconf templates translation - Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to - update openswan's pt_BR debconf translation - Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) - * Removed the source code for the fswcert utility from the debian/ dir in - the source package - it is now included in the upstream source under - programs/. - * Removed the conflicts with ike-server (still providing it though). - Closes: #297186: openswan: Remove conflict on ike-server - * Don't conflict with freeswan generally, but only with versions < 2.04-12. - (This is in preparation of the freeswan transition package that I am - working on.) - * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. - Closes: #298245: wrong permissions in /etc - * No longer need gawk for openswan scripts to work. This allows to finally - removed the awk-to-gawk hack in debian/rules and means that openswan no - longer depends on gawk. - * Enable the building of pluto code for dynamic URL fetching (which needs - libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we - now build-depend on libpam0g-dev. - Closes: #292838: openswan: Dynamic CRL fetching not supported - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 9 Apr 2005 17:56:16 +0200 - -openswan (2.3.0-2) unstable; urgency=HIGH - - Urgency HIGH due to security issue and problems with build-deps in sarge. - * Fix the security issue. Please see - http://www.idefense.com/application/poi/display?id=190& - type=vulnerabilities&flashstatus=false - or CAN-2005-0162 at - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 - for more details. Thanks to Martin Schulze for informing me about this - issue. - Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability - * Added a Build-Dependency to lynx. - Closes: #291143: openswan: FTBFS: Missing build dependency. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 27 Jan 2005 16:10:11 +0100 - -openswan (2.3.0-1) unstable; urgency=low - - * New upstream release. - Important change: aes-sha1 is now the default proposal (but 3des-md5 is - still supported if the other side requests it). Please look at - /usr/share/doc/openswan/docs/RELEASE-NOTES for details. - * Includes KLIPS support for kernel 2.6 for the first time, but I have not - yet modified openswan-modules-source to cope with that. If somebody wants - to lend me a hand to address #273443, it would be more than welcome. - * This release includes a fix for the reported snmpd crash - (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. - Closes: #261892: openswan: System crashes when snmpd runs at the same time - * Update Build-Depends from libopensc0-dev to libopensc1-dev. - Closes: #289600: openswan: can't fulfill the build dependencies - * Update Build-Depends from libcurl2-dev to libcurl3-dev. - * Include Japanese debconf translation and fix a typo in the master. - Closes: #288996: openswan: Japanese po-debconf template translation - (ja.po) and typo in template.pot - * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This - was changed by openswan (the freeswan version included the NAT-T patch - automatically). Thus, the patch is now applied before inserting the KLIPS - part. - * Include a ready-to-use NAT-T diff in the openswan-modules-source package - so that anybody who uses this package still has the option of using NAT - Traversal (though this means patching the kernel anyway, and kind of - makes the out-of-tree compilation senseless). However, Debian 2.4 series - kernels should already have NAT-T applied. - * Document the above two changes in the package descriptions and - README.Debian. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 13 Jan 2005 09:30:45 +0100 - -openswan (2.2.0-5) unstable; urgency=low - - * Added more explanations to README.Debian on how to build the kernel - modules with either openswan-modules-source or kernel-patch-openswan. - - -- Rene Mayrhofer <rmayr@debian.org> Sat, 16 Oct 2004 13:11:48 +0200 - -openswan (2.2.0-4) unstable; urgency=medium - - Urgency medium to get this version into sarge - it fixes a bug that turned - up on some machines and prevented openswan from starting. - * no_oe.conf will work when there are spaces at the end, many thanks to - Hans Fugal for figuring that out! - Closes: #270012: openswan: Fails to start after Installation - (/etc/ipsec.d/examples/no_oe.conf problem?) - I am now sending this towards upstream so that it should hopefully get - fixed for the next release - it's a bit awkward for a config file. - * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key - is already present in ipsec.secrets and a new one is being created, a - needless line was printed. Silenced by adding -q to egrep. - - -- Rene Mayrhofer <rmayr@debian.org> Sun, 3 Oct 2004 20:57:22 +0200 - -openswan (2.2.0-3) unstable; urgency=low - - * Also added flex to Build-Depends, the new starter (replacement for - the init scripts, but not yet active) needs it to build. - Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing - build-depends - Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' - * Adapted the rules file of openswan-modules-source to cope with the new - upstream source code - need to generate a C file from a template before - the ipsec module can be built. - Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c - neither created nor compiled - * Enabled the building of modular extensions (AES and cryptoapi) by default - for openswan-modules-source. Also enabled the AES cipher in addition to - 3DES (this is directly in the ipsec.o kernel module, the modular - extensions version is an alternative to this). - - -- Rene Mayrhofer <rmayr@debian.org> Fri, 24 Sep 2004 12:38:47 +0200 - -openswan (2.2.0-2) unstable; urgency=low - - * Added bison to Build-Depends. - - -- Rene Mayrhofer <rmayr@debian.org> Thu, 23 Sep 2004 15:18:51 +0200 - -openswan (2.2.0-1) unstable; urgency=medium - - * New upstream version: - - Introduces AES support, which is the reason for urgency medium. AES - should definitly go into sarge. - - Adds RFC 3706 DPD (dead peer detection) support, see - /usr/share/doc/openswan/docs/README.DPD for details. - This adds the last missing piece (AES) to replace the freeswan package - completely. As of now, freeswan is officially unsupported and will soon - be removed from Debian. Please upgrade to openswan, which should not cause - any issues. Configuration files and certificates are completely compatible. - Closes: #270012: openswan: Fails to start after Installation - (/etc/ipsec.d/examples/no_oe.conf problem?) - I can no longer reproduce this problem on a fresh install of - 2.2.0-1. - Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated - certificate - The new X.509 patch included in this upstream release (no longer - patched by the Debian package) should fix this too. - Closes: #246828: /etc/ipsec.conf refers to invalid URLs - The default ipsec.conf file distributed by upstream no longer - refers to an URL. - * Fixed a thinko in the postinst script that prevented the correct insertion - of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 - certificates). Fixed now. - Closes: #268742: openswan: Plain RSA key not successfully written to - ipsec.secrets - * Adapt to the new way of openswan handling the disabling of opportunistic - encryption. In the default ipsec.conf distributed with upstream openswan, - OE is now disabled (which changes the previous default). Adapted the - postinst script so that it can now enable and disable OE support based on - the debconf option. - Closes: #268743: openswan: fails to respect debconf OE setting - * Updated the French and Brazilian Portugese debconf translations. - Closes: #256457: openswan: [INTL:fr] French debconf templates translation - Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian - Portuguese debconf template translation - * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks - to Andreas Jochens for the patch! - Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound - statement - * Documented how to build the KLIPS kernel part with either the - kernel-patch-openswan or the openswan-modules-source packages. - Closes: #246819: Needs documentation on how to build the kernel modules - * Bump Standards-Version to 3.6.1.0, no changes necessary. - - -- Rene Mayrhofer <rmayr@debian.org> Tue, 21 Sep 2004 18:13:52 +0200 - -openswan (2.1.5-1) unstable; urgency=medium - - * New upstream release, which fixes another potential security issue. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Sun, 5 Sep 2004 18:00:40 +0200 - -openswan (2.1.3-1) unstable; urgency=HIGH - - Urgency high because of a possibly security issue. - * New upstream version. This includes the CRL fix form 2.1.1-5 and the - proper activation of NAT traversal in Makefile.inc. - Closes: #253457: Openswan: new upstream available that includes xauth - Closes: #253458: Openswan: new upstream available that includes xauth - Closes: #253461: Openswan: new upstream available - Closes: #253782: openswan: Should automatically load kernel module - xfrm_user - But I have currently not explicitly enabled xaut support in Makefile.inc, - quoting from there: "off by default, since XAUTH is tricky, and you can - get into security trouble". If it needs to be enabled to work, please tell - me and I will need to take a far closer look on it (and the involved - problems). - This new upstream version also fixes a possible security issue in the - X.509 certificate authentication. - * The last upload didn't seem to have hit the archives, strange... - However, the bugs are still fixed, closing them now. - Closes: #245450: openswan should not depend on - kernel-image-2.4 || kernel-image-2.6 - Closes: #246847: openswan: shouldn't conflict with ike-server - Closes: #246373: openswan: [INTL:fr] French debconf templates translation - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 17 June 2004 12:22:45 +0200 - -openswan (2.1.1-5) unstable; urgency=low - - * Applied a patch from openswan CVS to fix CRL related crashes. - * Drop the dependency on kernels it works with - the package description - already says that it will need kernel support to work. This allows people - to easily use self-compiled kernels with the right support (e.g. 2.6.5). - Closes: #245450: openswan should not depend on - kernel-image-2.4 || kernel-image-2.6 - * While I'm at it, also replace the various Suggests: *freeswan* with - openswan. Oops. - * openswan conflicts with ike-server because only one ike-server can be - active at any given time (it will listen on UDP port 500). This policy - has been agreed to by all Debian IPSec package maintainers and implemented - in all ike-server providing packages. - Closes: #246847: openswan: shouldn't conflict with ike-server - * Took the debconf translations from the freeswan package and "ported" them - via debconf-updatepo. Thanks to Christian Perrier for mentioning that it - was this easy. - The templates should now be correct (all instances of FreeS/wan replaced - by Openswan). - Closes: #246373: openswan: [INTL:fr] French debconf templates translation - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Tue, 18 May 2004 19:46:24 +0200 - -openswan (2.1.1-4) unstable; urgency=low - - * Fixed the kernel-patch-openswan apply script. - * Warning: Due to an upstream bug, pluto from this version will dump core - on certain CRLs. If you are hit by this bug, please report it directly to - upstream, they are still tracking the issue down. - - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 15 Apr 2004 09:50:32 +0200 - -openswan (2.1.1-3) unstable; urgency=low - - * Also build the openswan-modules-source and kernel-patch-openswan - packages now. - * Fixed _startklips in combination with the native IPSec stack - many thanks - to Nate Carlson for the patch. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 19:33:49 +0200 - -openswan (2.1.1-2) unstable; urgency=low - - * Took the package as official maintainer. - * Updated all relevant packaging stuff to the level of freeswan 2.04-9, - including auto-generation of X.509 certificates and insertion in - ipsec.secrets. This also corrects the libexec path in some scripts. - - -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 11:23:46 +0200 - -openswan (2.1.1-1) unstable; urgency=low - - * Initial version - packaging based on Rene Mayrhofer's - FreeS/WAN packaging - - -- Alexander List <alexlist@sbox.tu-graz.ac.at> Sun, 21 Mar 2004 21:47:53 +0100 + -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100 Local variables: mode: debian-changelog diff --git a/debian/changelog.debian b/debian/changelog.debian deleted file mode 100644 index 14b30ca82..000000000 --- a/debian/changelog.debian +++ /dev/null @@ -1,10 +0,0 @@ -freeswan (2.00) unstable; urgency=low - - This is a major update to the FreeS/WAN source tree to include the - debian packaging components. This version supports just the native - pieces of FreeS/WAN - no patches. - - The debian changelog is at changelog.debian. - - - diff --git a/debian/control b/debian/control index 919875eab..8ed778e7a 100644 --- a/debian/control +++ b/debian/control @@ -1,24 +1,24 @@ -Source: openswan +Source: strongswan Section: net Priority: optional Maintainer: Rene Mayrhofer <rmayr@debian.org> Standards-Version: 3.6.1.0 Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), htmldoc, man2html, libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, lynx, dpatch, bzip2 -Package: openswan +Package: strongswan Architecture: any Pre-Depends: debconf | debconf-2.0 Depends: ${shlibs:Depends}, bsdmainutils, makedev | devfsd, debianutils (>=1.7), ipsec-tools, openssl, host, iproute -Suggests: openswan-modules-source | linux-patch-openswan, curl +Suggests: strongswan-modules-source | linux-patch-strongswan, curl Provides: ike-server Conflicts: freeswan (<< 2.04-12) -Description: IPSEC utilities for Openswan +Description: IPSEC utilities for strongSwan IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. . - This version of Openswan supports Opportunistic Encryption (OE) out of the + This version of strongSwan supports Opportunistic Encryption (OE) out of the box. OE enables you to set up IPsec tunnels to a site without co-ordinating with the site administrator, and without hand configuring each tunnel. If enough sites support OE, a "FAX effect" @@ -36,34 +36,46 @@ Description: IPSEC utilities for Openswan and crypto support, patching the kernel is no longer necessary! . If you want to use the KLIPS IPSec code for kernel modules instead of the - native ones, you will need to install either openswan-modules-source or - linux-patch-openswan and build the respective modules for your kernel. + native ones, you will need to install either strongswan-modules-source or + linux-patch-strongswan and build the respective modules for your kernel. -Package: openswan-modules-source +Package: strongswan-modules-source Architecture: all Depends: coreutils | fileutils, debhelper, bzip2 Recommends: kernel-package (>= 7.04), kernel-source -Suggests: openswan -Description: IPSEC kernel modules source for Openswan - This package contains the source for the Openswan modules to get the necessary - kernel support to use Openswan. +Suggests: strongswan +Description: IPSEC kernel modules source for strongSwan + This package contains the source for the strongSwan modules to get the necessary + kernel support to use strongSwan. . It includes the NAT Traversal patches, which will need to be applied to the kernel tree if NAT Traversal is needed. + . + This package will not work with 2.6 kernels! It is recommended to use the + native IPSec stack included with 2.6 kernels with strongSwan. If you want to + use KLIPS (the FreeSWan/Openswan/strongSwan IPSec kernel support) with a 2.6 + kernel, then please use the openswan-modules-source package. It is + interoperable with the strongswan user space programs. -Package: linux-patch-openswan +Package: linux-patch-strongswan Architecture: all Depends: coreutils | fileutils Recommends: kernel-package (>= 7.04) -Suggests: openswan -Provides: kernel-patch-openswan -Replaces: kernel-patch-openswan -Description: IPSEC Linux kernel support for Openswan +Suggests: strongswan +Provides: kernel-patch-strongswan +Replaces: kernel-patch-strongswan +Description: IPSEC Linux kernel support for strongSwan This package contains the patches for the Linux kernel to get the necessary - kernel support to use Openswan. If you want to build a kernel module for - IPSec, it is much easier to use the openswan-modules-source package instead. + kernel support to use strongSwan. If you want to build a kernel module for + IPSec, it is much easier to use the strongswan-modules-source package instead. This kernel-patch package should probably only be used when building a non-modular kernel or when compiling IPSec non-modular. . It includes the NAT Traversal patches and applies them automatically to the kernel after inserting KLIPS. + . + This package will not work with 2.6 kernels! It is recommended to use the + native IPSec stack included with 2.6 kernels with strongSwan. If you want to + use KLIPS (the FreeSWan/Openswan/strongSwan IPSec kernel support) with a 2.6 + kernel, then please use the linux-patch-strongswan package. It is + interoperable with the strongswan user space programs. diff --git a/debian/linux-patch-openswan.apply b/debian/linux-patch-strongswan.apply index 107cdb0e7..107cdb0e7 100644 --- a/debian/linux-patch-openswan.apply +++ b/debian/linux-patch-strongswan.apply diff --git a/debian/linux-patch-openswan.dirs b/debian/linux-patch-strongswan.dirs index 57f41cb32..57f41cb32 100644 --- a/debian/linux-patch-openswan.dirs +++ b/debian/linux-patch-strongswan.dirs diff --git a/debian/linux-patch-openswan.docs b/debian/linux-patch-strongswan.docs index e61535265..e61535265 100644 --- a/debian/linux-patch-openswan.docs +++ b/debian/linux-patch-strongswan.docs diff --git a/debian/linux-patch-openswan.unpatch b/debian/linux-patch-strongswan.unpatch index 2fca79aa6..2fca79aa6 100644 --- a/debian/linux-patch-openswan.unpatch +++ b/debian/linux-patch-strongswan.unpatch diff --git a/debian/rules b/debian/rules index b57711f7a..d0e1090ac 100755 --- a/debian/rules +++ b/debian/rules @@ -72,12 +72,12 @@ clean: unpatch -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm - rm -rf debian/openswan-modules-source-build/ + rm -rf debian/strongswan-modules-source-build/ # Really clean (#356716) # This is a hack: should be better implemented - rm -f lib/libopenswan/libopenswan.a || true - rm -f lib/libopenswan/liboswlog.a || true + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true # just in case something went wrong rm -f $(CURDIR)/debian/ipsec.secrets @@ -92,12 +92,12 @@ ifeq ($(PO2DEBCONF),yes) # 4.1.16) depends on it), the binary-arch target will generate a # better version for sarge. echo 1 > debian/po/output - po2debconf debian/openswan.templates.master > debian/openswan.templates + po2debconf debian/strongswan.templates.master > debian/strongswan.templates rm -f debian/po/output endif -install-openswan: DH_OPTIONS=-a -install-openswan: build +install-strongswan: DH_OPTIONS=-a +install-strongswan: build dh_testdir dh_testroot dh_clean -k @@ -107,30 +107,30 @@ install-openswan: build $(MAKE) install INC_USRLOCAL=/usr \ FINALBINDIR=/usr/lib/ipsec \ FINALLIBEXECDIR=/usr/lib/ipsec \ - PUBDIR=$(CURDIR)/debian/openswan/usr/sbin \ - MANTREE=$(CURDIR)/debian/openswan/usr/share/man \ - DESTDIR=$(CURDIR)/debian/openswan - rm -rf $(CURDIR)/debian/openswan/usr/local - install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/openswan/etc/ipsec.secrets + PUBDIR=$(CURDIR)/debian/strongswan/usr/sbin \ + MANTREE=$(CURDIR)/debian/strongswan/usr/share/man \ + DESTDIR=$(CURDIR)/debian/strongswan + rm -rf $(CURDIR)/debian/strongswan/usr/local + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan/etc/ipsec.secrets # use bash for init.d and _plutorun - patch $(CURDIR)/debian/openswan/etc/init.d/ipsec < debian/use-bash.diff - patch $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun < debian/use-bash.diff + patch $(CURDIR)/debian/strongswan/etc/init.d/ipsec < debian/use-bash.diff + patch $(CURDIR)/debian/strongswan/usr/lib/ipsec/_plutorun < debian/use-bash.diff # install the fswcert tool - install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/openswan/usr/bin - install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/openswan/usr/share/man/man8 + install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/strongswan/usr/bin + install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/strongswan/usr/share/man/man8 - rm -f $(CURDIR)/debian/openswan/etc/init.d/ipsec?* - rm -f $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun?* + rm -f $(CURDIR)/debian/strongswan/etc/init.d/ipsec?* + rm -f $(CURDIR)/debian/strongswan/usr/lib/ipsec/_plutorun?* # this is handled by update-rc.d - rm -rf $(CURDIR)/debian/openswan/etc/rc?.d + rm -rf $(CURDIR)/debian/strongswan/etc/rc?.d - dh_installdocs -popenswan -n + dh_installdocs -pstrongswan -n # change the paths in the installed doc files (but only in regular # files, not in links to the outside of the build tree !) - ( cd $(CURDIR)/debian/openswan/; \ + ( cd $(CURDIR)/debian/strongswan/; \ for f in `grep "/usr/local/" --recursive --files-with-match *`; \ do \ if [ -f $$f -a ! -L $$f ]; then \ @@ -140,132 +140,132 @@ install-openswan: build fi; \ done ) # but remove the doc/src dir, which just duplicates the HTML files - rm -rf $(CURDIR)/debian/openswan/usr/share/doc/openswan/doc/src + rm -rf $(CURDIR)/debian/strongswan/usr/share/doc/strongswan/doc/src # and the index file in the main doc directory - it's replicated under # doc/ - rm -f $(CURDIR)/debian/openswan/usr/share/doc/openswan/index.html + rm -f $(CURDIR)/debian/strongswan/usr/share/doc/strongswan/index.html # the logcheck ignore files - install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.paranoid/openswan - install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.server/openswan - install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.workstation/openswan - install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/openswan/etc/logcheck/violations.ignore.d/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.paranoid/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.server/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.workstation/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/strongswan/etc/logcheck/violations.ignore.d/strongswan # set permissions on ipsec.secrets - chmod 600 $(CURDIR)/debian/openswan/etc/ipsec.secrets - chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.conf - chmod 700 -R $(CURDIR)/debian/openswan/etc/ipsec.d/private/ + chmod 600 $(CURDIR)/debian/strongswan/etc/ipsec.secrets + chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.conf + chmod 700 -R $(CURDIR)/debian/strongswan/etc/ipsec.d/private/ # don't know why they come with +x set by default... - chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/policies/* - chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/examples/* + chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/policies/* + chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/examples/* # more lintian cleanups - find $(CURDIR)/debian/openswan -name ".cvsignore" | xargs --no-run-if-empty rm -f - find $(CURDIR)/debian/openswan -name "/.svn/" | xargs --no-run-if-empty rm -rf + find $(CURDIR)/debian/strongswan -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/strongswan -name "/.svn/" | xargs --no-run-if-empty rm -rf -install-openswan-modules-source: DH_OPTIONS=-i -install-openswan-modules-source: PKGDIR=$(CURDIR)/debian/openswan-modules-source -install-openswan-modules-source: BUILDDIR=$(CURDIR)/debian/openswan-modules-source-build -install-openswan-modules-source: patch +install-strongswan-modules-source: DH_OPTIONS=-i +install-strongswan-modules-source: PKGDIR=$(CURDIR)/debian/strongswan-modules-source +install-strongswan-modules-source: BUILDDIR=$(CURDIR)/debian/strongswan-modules-source-build +install-strongswan-modules-source: patch dh_testdir dh_testroot dh_installdirs - mkdir -p "$(BUILDDIR)/modules/openswan" - mkdir -p "$(BUILDDIR)/modules/openswan/lib" - mkdir -p "$(BUILDDIR)/modules/openswan/debian" - mkdir -p "$(BUILDDIR)/modules/openswan/packaging" + mkdir -p "$(BUILDDIR)/modules/strongswan" + mkdir -p "$(BUILDDIR)/modules/strongswan/lib" + mkdir -p "$(BUILDDIR)/modules/strongswan/debian" + mkdir -p "$(BUILDDIR)/modules/strongswan/packaging" cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \ - "$(BUILDDIR)/modules/openswan" - cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/" + "$(BUILDDIR)/modules/strongswan" + cp -r lib/libcrypto "$(BUILDDIR)/modules/strongswan/lib/" cp -r packaging/makefiles packaging/linus packaging/defaults/ \ - "$(BUILDDIR)/modules/openswan/packaging/" - find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm - install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h" - install --mode=755 debian/openswan-modules-source.rules "$(BUILDDIR)/modules/openswan/debian/rules" - install --mode=644 debian/openswan-modules-source.control.in "$(BUILDDIR)/modules/openswan/debian/control.in" - install --mode=644 debian/changelog "$(BUILDDIR)/modules/openswan/debian/" + "$(BUILDDIR)/modules/strongswan/packaging/" + find "$(BUILDDIR)/modules/strongswan/lib/" -name "*.o" | xargs --no-run-if-empty rm + install --mode=644 debian/strongswan-modules-source.kernel-config "$(BUILDDIR)/modules/strongswan/config-all.h" + install --mode=755 debian/strongswan-modules-source.rules "$(BUILDDIR)/modules/strongswan/debian/rules" + install --mode=644 debian/strongswan-modules-source.control.in "$(BUILDDIR)/modules/strongswan/debian/control.in" + install --mode=644 debian/changelog "$(BUILDDIR)/modules/strongswan/debian/" # This creates the NAT-T patches that can be used on the kernel tree - # even with openswan-modules-source. - make nattpatch2.4 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.4.diff - make nattpatch2.6 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.6.diff + # even with strongswan-modules-source. + make nattpatch2.4 > $(BUILDDIR)/modules/strongswan/debian/nat-t-2.4.diff + make nattpatch2.6 > $(BUILDDIR)/modules/strongswan/debian/nat-t-2.6.diff tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \ - "$(PKGDIR)/usr/src/openswan-modules.tar.bz2" + "$(PKGDIR)/usr/src/strongswan-modules.tar.bz2" - dh_installdocs -popenswan-modules-source -n + dh_installdocs -pstrongswan-modules-source -n # more lintian cleanups - find $(CURDIR)/debian/openswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/strongswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf -install-linux-patch-openswan: DH_OPTIONS=-i -install-linux-patch-openswan: PKGDIR=$(CURDIR)/debian/linux-patch-openswan -install-linux-patch-openswan: patch +install-linux-patch-strongswan: DH_OPTIONS=-i +install-linux-patch-strongswan: PKGDIR=$(CURDIR)/debian/linux-patch-strongswan +install-linux-patch-strongswan: patch dh_testdir dh_testroot dh_installdirs # some of this has been taken from Tommi Virtanen's package - install --mode=0755 debian/linux-patch-openswan.apply \ - "$(PKGDIR)/usr/src/kernel-patches/all/apply/openswan" - install --mode=0755 debian/linux-patch-openswan.unpatch \ - "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/openswan" + install --mode=0755 debian/linux-patch-strongswan.apply \ + "$(PKGDIR)/usr/src/kernel-patches/all/apply/strongswan" + install --mode=0755 debian/linux-patch-strongswan.unpatch \ + "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/strongswan" install --mode=0755 packaging/utils/patcher \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" cp -r Makefile Makefile.inc Makefile.ver Makefile.top lib/ linux/ \ packaging/ nat-t/ \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" # also don't generate the out.kpatch file under /usr/src/.... sed 's/>>out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" sed 's/>out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" sed 's/rm -f out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" - chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" + chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" # remove extra junk not needed on linux / that lintian would complain about - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" \ -name '*.o' -print0 | xargs --no-run-if-empty -0 rm -f - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" \ -name '*.a' -print0 | xargs --no-run-if-empty -0 rm -f - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libopenswan/" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libdes/" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/liblwres/" - rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/COPYING.LIB" - rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/README" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/linus" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/ipkg" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/makefiles" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/redhat" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/suse" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/disttools.pl" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/kernel.patch.gen.sh" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/sshenv" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/setup" - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libstrongswan/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libdes/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/liblwres/" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/COPYING.LIB" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/README" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/linus" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/ipkg" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/makefiles" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/redhat" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/suse" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/disttools.pl" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/kernel.patch.gen.sh" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/sshenv" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/setup" + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/des/asm/" \ -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libcrypto/" \ -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/des/asm/" \ -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libcrypto/" \ -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x - find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/alg/scripts/" \ + find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/alg/scripts/" \ -name '*.sh' -print0 | xargs --no-run-if-empty -0 chmod a+x - chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" - dh_installdocs -plinux-patch-openswan -n + dh_installdocs -plinux-patch-strongswan -n # more lintian cleanups find $(PKGDIR) -name ".cvsignore" | xargs --no-run-if-empty rm -f @@ -291,11 +291,11 @@ binary-common: dh_builddeb # Build architecture-independent files here. -binary-indep: install-openswan-modules-source install-linux-patch-openswan +binary-indep: install-strongswan-modules-source install-linux-patch-strongswan $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common # Build architecture-dependent files here. -binary-arch: install-openswan +binary-arch: install-strongswan $(MAKE) -f debian/rules DH_OPTIONS=-a binary-common # Any other binary targets build just one binary package at a time. diff --git a/debian/openswan-modules-source.control.in b/debian/strongswan-modules-source.control.in index 7e5aa5307..7e5aa5307 100644 --- a/debian/openswan-modules-source.control.in +++ b/debian/strongswan-modules-source.control.in diff --git a/debian/openswan-modules-source.dirs b/debian/strongswan-modules-source.dirs index 531fa90c3..531fa90c3 100644 --- a/debian/openswan-modules-source.dirs +++ b/debian/strongswan-modules-source.dirs diff --git a/debian/openswan-modules-source.docs b/debian/strongswan-modules-source.docs index e61535265..e61535265 100644 --- a/debian/openswan-modules-source.docs +++ b/debian/strongswan-modules-source.docs diff --git a/debian/openswan-modules-source.kernel-config b/debian/strongswan-modules-source.kernel-config index 16727d166..16727d166 100644 --- a/debian/openswan-modules-source.kernel-config +++ b/debian/strongswan-modules-source.kernel-config diff --git a/debian/openswan-modules-source.rules b/debian/strongswan-modules-source.rules index f31746de1..f31746de1 100755 --- a/debian/openswan-modules-source.rules +++ b/debian/strongswan-modules-source.rules diff --git a/debian/openswan.config b/debian/strongswan.config index e779a2ab1..e779a2ab1 100644 --- a/debian/openswan.config +++ b/debian/strongswan.config diff --git a/debian/openswan.dirs b/debian/strongswan.dirs index 778085209..778085209 100644 --- a/debian/openswan.dirs +++ b/debian/strongswan.dirs diff --git a/debian/openswan.docs b/debian/strongswan.docs index e206d4729..e206d4729 100644 --- a/debian/openswan.docs +++ b/debian/strongswan.docs diff --git a/debian/openswan.postinst b/debian/strongswan.postinst index 7d9b19b4b..7d9b19b4b 100644 --- a/debian/openswan.postinst +++ b/debian/strongswan.postinst diff --git a/debian/openswan.postrm b/debian/strongswan.postrm index f5aa182f1..f5aa182f1 100644 --- a/debian/openswan.postrm +++ b/debian/strongswan.postrm diff --git a/debian/openswan.prerm b/debian/strongswan.prerm index de804d5cb..de804d5cb 100644 --- a/debian/openswan.prerm +++ b/debian/strongswan.prerm diff --git a/debian/openswan.templates b/debian/strongswan.templates index 6f75e1ef4..6f75e1ef4 100644 --- a/debian/openswan.templates +++ b/debian/strongswan.templates diff --git a/debian/openswan.templates.master b/debian/strongswan.templates.master index f9c9e7e7f..3da305930 100644 --- a/debian/openswan.templates.master +++ b/debian/strongswan.templates.master @@ -1,23 +1,23 @@ -Template: openswan/start_level +Template: strongswan/start_level Type: select _Choices: earliest, "after NFS", "after PCMCIA" Default: earliest -_Description: At which level do you wish to start Openswan ? +_Description: At which level do you wish to start strongSwan ? With the current Debian startup levels (nearly everything starting in - level 20), it is impossible for Openswan to always start at the correct - time. There are three possibilities when Openswan can start: before or + level 20), it is impossible for strongSwan to always start at the correct + time. There are three possibilities when strongSwan can start: before or after the NFS services and after the PCMCIA services. The correct answer depends on your specific setup. . If you do not have your /usr tree mounted via NFS (either you only mount other, less vital trees via NFS or don't use NFS mounted trees at all) and - don't use a PCMCIA network card, then it's best to start Openswan at + don't use a PCMCIA network card, then it's best to start strongSwan at the earliest possible time, thus allowing the NFS mounts to be secured by IPSec. In this case (or if you don't understand or care about this issue), answer "earliest" to this question (the default). . If you have your /usr tree mounted via NFS and don't use a PCMCIA network - card, then you will need to start Openswan after NFS so that all + card, then you will need to start strongSwan after NFS so that all necessary files are available. In this case, answer "after NFS" to this question. Please note that the NFS mount of /usr can not be secured by IPSec in this case. @@ -27,16 +27,16 @@ _Description: At which level do you wish to start Openswan ? PCMCIA" in this case. This is also the correct answer if you want to fetch keys from a locally running DNS server with DNSSec support. -Template: openswan/restart +Template: strongswan/restart Type: boolean Default: true -_Description: Do you wish to restart Openswan? - Restarting Openswan is a good idea, since if there is a security fix, it +_Description: Do you wish to restart strongSwan? + Restarting strongSwan is a good idea, since if there is a security fix, it will not be fixed until the daemon restarts. Most people expect the daemon to restart, so this is generally a good idea. However this might take down existing connections and then bring them back up. -Template: openswan/create_rsa_key +Template: strongswan/create_rsa_key Type: boolean Default: true _Description: Do you want to create a RSA public/private keypair for this host ? @@ -51,50 +51,50 @@ _Description: Do you want to create a RSA public/private keypair for this host ? If you do not want to create a new public/private keypair, you can choose to use an existing one. -Template: openswan/rsa_key_type +Template: strongswan/rsa_key_type Type: select _Choices: x509, plain Default: x509 _Description: Which type of RSA keypair do you want to create ? It is possible to create a plain RSA public/private keypair for use - with Openswan or to create a X509 certificate file which contains the RSA + with strongSwan or to create a X509 certificate file which contains the RSA public key and additionally stores the corresponding private key. . If you only want to build up IPSec connections to hosts also running - Openswan, it might be a bit easier using plain RSA keypairs. But if you + strongSwan, it might be a bit easier using plain RSA keypairs. But if you want to connect to other IPSec implementations, you will need a X509 certificate. It is also possible to create a X509 certificate here and extract the RSA public key in plain format if the other side runs - Openswan without X509 certificate support. + strongSwan without X509 certificate support. . Therefore a X509 certificate is recommended since it is more flexible and this installer should be able to hide the complex creation of the X509 - certificate and its use in Openswan anyway. + certificate and its use in strongSwan anyway. -Template: openswan/existing_x509_certificate +Template: strongswan/existing_x509_certificate Type: boolean Default: false -_Description: Do you have an existing X509 certificate file that you want to use for Openswan ? +_Description: Do you have an existing X509 certificate file that you want to use for strongSwan ? This installer can automatically extract the needed information from an existing X509 certificate with a matching RSA private key. Both parts can be in one file, if it is in PEM format. Do you have such an existing certificate and key file and want to use it for authenticating IPSec connections ? -Template: openswan/existing_x509_certificate_filename +Template: strongswan/existing_x509_certificate_filename Type: string _Description: Please enter the location of your X509 certificate in PEM format. Please enter the location of the file containing your X509 certificate in PEM format. -Template: openswan/existing_x509_key_filename +Template: strongswan/existing_x509_key_filename Type: string _Description: Please enter the location of your X509 private key in PEM format. Please enter the location of the file containing the private RSA key matching your X509 certificate in PEM format. This can be the same file that contains the X509 certificate. -Template: openswan/rsa_key_length +Template: strongswan/rsa_key_length Type: string Default: 2048 _Description: Which length should the created RSA key have ? @@ -103,7 +103,7 @@ _Description: Which length should the created RSA key have ? not need anything more than 2048 bits because it only slows the authentication process down and is not needed at the moment. -Template: openswan/x509_self_signed +Template: strongswan/x509_self_signed Type: boolean Default: true _Description: Do you want to create a self-signed X509 certificate ? @@ -112,7 +112,7 @@ _Description: Do you want to create a self-signed X509 certificate ? the certificate request. If you want to create a self-signed certificate, you can use it immediately to connect to other IPSec hosts that support X509 certificate for authentication of IPSec connections. However, if you - want to use the new PKI features of Openswan >= 1.91, you will need to + want to use the new PKI features of strongSwan >= 1.91, you will need to have all X509 certificates signed by a single certificate authority to create a trust path. . @@ -121,7 +121,7 @@ _Description: Do you want to create a self-signed X509 certificate ? and you will have to sign the certificate request with your certificate authority. -Template: openswan/x509_country_code +Template: strongswan/x509_country_code Type: string Default: AT _Description: Please enter the country code for the X509 certificate request. @@ -134,7 +134,7 @@ _Description: Please enter the country code for the X509 certificate request. . Example: AT -Template: openswan/x509_state_name +Template: strongswan/x509_state_name Type: string Default: _Description: Please enter the state or province name for the X509 certificate request. @@ -143,7 +143,7 @@ _Description: Please enter the state or province name for the X509 certificate r . Example: Upper Austria -Template: openswan/x509_locality_name +Template: strongswan/x509_locality_name Type: string Default: _Description: Please enter the locality name for the X509 certificate request. @@ -152,7 +152,7 @@ _Description: Please enter the locality name for the X509 certificate request. . Example: Vienna -Template: openswan/x509_organization_name +Template: strongswan/x509_organization_name Type: string Default: _Description: Please enter the organization name for the X509 certificate request. @@ -162,7 +162,7 @@ _Description: Please enter the organization name for the X509 certificate reques . Example: Debian -Template: openswan/x509_organizational_unit +Template: strongswan/x509_organizational_unit Type: string Default: _Description: Please enter the organizational unit for the X509 certificate request. @@ -172,7 +172,7 @@ _Description: Please enter the organizational unit for the X509 certificate requ . Example: security group -Template: openswan/x509_common_name +Template: strongswan/x509_common_name Type: string Default: _Description: Please enter the common name for the X509 certificate request. @@ -182,7 +182,7 @@ _Description: Please enter the common name for the X509 certificate request. . Example: gateway.debian.org -Template: openswan/x509_email_address +Template: strongswan/x509_email_address Type: string Default: _Description: Please enter the email address for the X509 certificate request. @@ -190,17 +190,17 @@ _Description: Please enter the email address for the X509 certificate request. responsible for the X509 certificate, This address will be placed in the certificate request. -Template: openswan/enable-oe +Template: strongswan/enable-oe Type: boolean Default: false -_Description: Do you wish to enable opportunistic encryption in Openswan? - Openswan comes with support for opportunistic encryption (OE), which stores +_Description: Do you wish to enable opportunistic encryption in strongSwan? + strongSwan comes with support for opportunistic encryption (OE), which stores IPSec authentication information (i.e. RSA public keys) in (preferably secure) DNS records. Until this is widely deployed, activating it will cause a significant slow-down for every new, outgoing connection. Since - version 2.0, Openswan upstream comes with OE enabled by default and is thus + version 2.0, strongSwan upstream comes with OE enabled by default and is thus likely to break your existing connection to the Internet (i.e. your default - route) as soon as pluto (the Openswan keying daemon) is started. + route) as soon as pluto (the strongSwan keying daemon) is started. . Please choose whether you want to enable support for OE. If unsure, do not enable it. |