diff options
| -rw-r--r-- | debian/README.Debian | 123 | ||||
| -rw-r--r-- | debian/changelog | 13 | ||||
| -rw-r--r-- | debian/control | 57 | ||||
| -rw-r--r-- | debian/copyright | 2 | ||||
| -rw-r--r-- | debian/doc-base | 14 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.apply | 46 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.dirs | 3 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.docs | 2 | ||||
| -rw-r--r-- | debian/linux-patch-strongswan.unpatch | 39 | ||||
| -rwxr-xr-x | debian/rules | 107 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.control.in | 13 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.dirs | 1 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.docs | 2 | ||||
| -rw-r--r-- | debian/strongswan-modules-source.kernel-config | 110 | ||||
| -rwxr-xr-x | debian/strongswan-modules-source.rules | 150 | ||||
| -rw-r--r-- | debian/strongswan.config | 44 | ||||
| -rw-r--r-- | debian/strongswan.postinst | 46 | ||||
| -rw-r--r-- | debian/strongswan.postrm | 2 | ||||
| -rw-r--r-- | debian/strongswan.prerm | 4 | ||||
| -rw-r--r-- | debian/watch | 2 |
20 files changed, 95 insertions, 685 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index c7129d134..cde9f038e 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1,124 +1,37 @@ -openswan for Debian +strongswan for Debian ---------------------- 1) General Remarks -This package has been created from scratch with some ideas from the -freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by -Aaron Johnson merged in. Most of the code in debian/rules for creating the -linux-patch-openswan package has been initially taken from Tommi Virtanen's -package, but has been mostly rewritten to fit the needs of newer kernel -versions (since version 1.9-1). +This package has been created from the openswan package, which was again +created from the freeswan package, which was created from scratch with some +ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 +package by Aaron Johnson merged in. -After the decision of the FreeS/WAN project to cease the development of -FreeS/WAN, we decided to switch over to the Openswan fork. This code base -includes all the patches that had to be applied manually before, which makes -packaging simple. Alexander List prepared the first preliminary openswan -package based on my freeswan packaging, which I updated to the relevant parts -of the current freeswan package. +The differences between the strongSwan and the Openswan packages are +documented at http://www.strongswan.org/ . 2) Kernel Support Note: This package can make use of the in-kernel IPSec stack, which is available in the stock Debian kernel images (>=2.4.24 and 2.6.x). -If you want to use the openswan utilities, you will need the appropriate +If you want to use the strongswan utilities, you will need the appropriate kernel modules. The Debian default kernel native IPSec stack (which is included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) -can be used out-of-the-box with opeswan pluto, the key management daemon. +can be used out-of-the-box with strongswan pluto, the key management daemon. This native Linux IPSec stack is of high quality, has all of the features of the latest Debian freeswan and openswan packages (i.e. support for other ciphers like AES and NAT Traversal support) and is well integrated into the kernel networking subsystem (which is not true for the freeswan kernel -modules). However, it is not as well tested as the freeswan kernel modules -simply because the code base is younger. But nonetheless, the easiest way to -get IPSec support in Debian is to use the default kernels (or recompile from -the Debian kernel sources) and install the mature freeswan pluto key management -daemon. +modules). This is the recommended kernel support for strongswan. If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or -are building a custom 2.4 kernel, then the KLIPS kernel part is available in -two forms: the kernel tree can be patched using the linux-patch-openswan -package, which will be applied automatically by make-kpkg, or stand-alone -modules can be built using the openswan-modules-source package. Please note -that, for building the modules, you need the _complete_, built kernel tree -for invoking "make-kpkg modules_install", only having the kernel headers is -not enough. NAT Traversal can not be used at the moment with the stand-alone -modules, it still needs a small kernel patch applied to the kernel tree. If -you need NAT Traversal, please use either the in-kernel IPSec stack (which is -preferred), the linux-patch-openswan package, or patch the kernel tree with -the (small) NAT Traversal patch before compiling it. - -Attention: Please note that KLIPS will not compile cleanly with newer GCC -versiobs that are stricter with their syntax checks. It is known to compile -with GCC 3.4, so I recommend to use this version for building it. If you build -KLIPS modules without patching the kernel source, please note that the kernel -needs to be compiled with the same GCC version, or the modules will not load! - -When using make-kpkg, the GCC version can be set with the environment variable -MAKEFLAGS, e.g. with - MAKEFLAGS="CC=gcc-3.4" make-kpkg ... -This should be necessary for 2.4 kernels, while KLIPS for 2.6 kernels might -compile with newer GCC versions as well. - -For using the openswan (KLIPS) kernel modules, there are now two different -methods: - -2.1) openswan-modules-source: -When you install the openswan-modules-source package and use -make-kpkg to build your kernel, make-kpkg modules_image will automatically -create a kernel module package. However, since the openswan-modules-source -package follows other modules source packages, you will first have to extract -the source tree: - $ cd /usr/src - $ tar xvzf openswan-modules.tar.gz -Again, please note that only the kernel headers are not enough to build these -modules! You really need to have the kernel source tree, configured for your -running kernel (or the one you will run the openswan module with). If you did -not build your own kernel, the following trick might help (thanks to Olaf -Lundqvist for documenting this in the BTS): - a) unpack the kernel source: - $ apt-get install kernel-source-<debian version> - $ cd /usr/src - $ tar xvfj kernel-source-<debian version>.tar.bz2 - $ cd kernel-source-<upstream version> - b) copy kernel-headers information to that directory: - $ apt-get install kernel-headers-<debian version> - $ cp -r ../kernel-headers-<debian-version>/* . - c) build the openswan kernel modules: - $ cd /usr/src/modules/openswan - $ debian/rules binary-modules \ - KVERS="<debian version>" \ - KSRC="/usr/src/kernel-source-<debian version>" 2>&1 -Where upstream version is e.g. 2.4.20 and debian-version is e.g. 2.4.20-2 (it -should match the Debian package version). - -If you want to use NAT Traversal but still want to use openswan-modules-source -(since you need to patch the kernel anyway, using linux-patch-openswan is -easier), you can find the necessary patch under -/usr/src/modules/openswan/debian/nat-t-<major version>.diff -It should apply cleanly to newer vanilla 2.4 and 2.6 series kernels. Debian -kernels usually have that patch already applied, so you will not need to patch -a Debian kernel to use openswan. - -2) linux-patch-openswan: -By installing the linux-patch-openswan package and using make-kpkg to build -your kernel, it automatically gets patched to include the freeswan IPSec kernel -support in the kernel tree. This allows to enable NAT Traversal (which is not -possible with building the openswan modules outside the kernel tree with the -openswan-modules-source package without the additional patch). Please note -that the environment variable PATCH_THE_KERNEL=YES has to be set for make-kpkg -to apply the kernel patches. - -3) Miscellaneous - -Warning: Due to an upstream bug, pluto from this version will dump core on -certain CRLs. If you are hit by this bug, please report it directly to -upstream, they are still tracking the issue down. - -For support, please use the mailing list debian-openswan@gibraltar.at, which -is now the official support address for the Debian package of openswan. You -can subscribe to the list and view its archives at -https://www.gibraltar.at/mailman/listinfo/debian-openswan - - -- Rene Mayrhofer <rmayr@debian.org>, Mon, Sep 19 14:58:00 2005 +are building a custom 2.4 kernel, then the KLIPS kernel part can be used. +strongswan no longer ships this part, but is instead focussing on the newer +native IPSec stack. However, strongswan is interoperable with the KLIPS part +shipped with openswan, both for 2.4 and 2.6 series kernels. Please install +either the linux-patch-openswan or the openswan-modules-source packages and +follow their respective README.Debian files when you want to use KLIPS. + + -- Rene Mayrhofer <rmayr@debian.org>, Sun, Jul 09 12:31:00 2006 diff --git a/debian/changelog b/debian/changelog index 087475d0f..6c22b455d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,17 @@ +strongswan (2.7.2-2) unstable; urgency=low + + * First upload to the main Debian archive. This does no longer build + the linux-patch-strongswan and strongswan-modules-source packages, + as KLIPS will be removed from the strongswan upstream source anyway + for the next major release. However, the openswan KLIPS could should + be interoperable with strongswan user space. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 8 Jul 2006 17:24:45 +0100 + strongswan (2.7.2-1) unstable; urgency=low * New upstream release. This release fixes a potential DoS problem. - Closes: #372267: ITP: strongswan -- second fork of freeswan. -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Jun 2006 12:34:43 +0100 @@ -9,7 +19,6 @@ strongswan (2.7.0-1) unstable; urgency=low * Initial Debian packaging of strongswan. This is directly based on my Debian package of openswan 2.4.5-3. - Closes: #372267: ITP: strongswan -- second fork of freeswan. * Do not compile and ship fswcert right now, because it is not included in strongswan upstream. If it turns out to be necessary for supporting easy-to-use OE in the future (i.e. for generating the DNS format for the diff --git a/debian/control b/debian/control index 3cab07683..5c80f8a5e 100644 --- a/debian/control +++ b/debian/control @@ -9,74 +9,33 @@ Package: strongswan Architecture: any Pre-Depends: debconf | debconf-2.0 Depends: ${shlibs:Depends}, bsdmainutils, debianutils (>=1.7), ipsec-tools, openssl, host, iproute -Suggests: strongswan-modules-source | linux-patch-strongswan, curl +Suggests: curl Provides: ike-server Conflicts: freeswan (<< 2.04-12), openswan Replaces: openswan -Description: IPSEC utilities for strongSwan - IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide +Description: IPSec utilities for strongSwan + IPSec is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. . This version of strongSwan supports Opportunistic Encryption (OE) out of the - box. OE enables you to set up IPsec tunnels to a site without + box. OE enables you to set up IPSec tunnels to a site without co-ordinating with the site administrator, and without hand configuring each tunnel. If enough sites support OE, a "FAX effect" occurs, and many of us can communicate without eavesdroppers. . In addition to OE, you may manually configure secure tunnels through untrusted networks. Everything passing through the untrusted net is - encrypted by the IPSEC gateway machine and decrypted by the gateway + encrypted by the IPSec gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet. . Please note that you will need a recent kernel (>=2.4.24 or 2.6.x) - for using this package. The standard Debian kernel includes both IPSEC + for using this package. The standard Debian kernel includes both IPSec and crypto support, patching the kernel is no longer necessary! . If you want to use the KLIPS IPSec code for kernel modules instead of the - native ones, you will need to install either strongswan-modules-source or - linux-patch-strongswan and build the respective modules for your kernel. - -Package: strongswan-modules-source -Architecture: all -Depends: coreutils | fileutils, debhelper, bzip2 -Recommends: kernel-package (>= 7.04), kernel-source -Suggests: strongswan -Description: IPSEC kernel modules source for strongSwan - This package contains the source for the strongSwan modules to get the necessary - kernel support to use strongSwan. - . - It includes the NAT Traversal patches, which will need to be applied to the - kernel tree if NAT Traversal is needed. - . - This package will not work with 2.6 kernels! It is recommended to use the - native IPSec stack included with 2.6 kernels with strongSwan. If you want to - use KLIPS (the FreeSWan/Openswan/strongSwan IPSec kernel support) with a 2.6 - kernel, then please use the openswan-modules-source package. It is - interoperable with the strongswan user space programs. - -Package: linux-patch-strongswan -Architecture: all -Depends: coreutils | fileutils -Recommends: kernel-package (>= 7.04) -Suggests: strongswan -Provides: kernel-patch-strongswan -Replaces: kernel-patch-strongswan -Description: IPSEC Linux kernel support for strongSwan - This package contains the patches for the Linux kernel to get the necessary - kernel support to use strongSwan. If you want to build a kernel module for - IPSec, it is much easier to use the strongswan-modules-source package instead. - This kernel-patch package should probably only be used when building a - non-modular kernel or when compiling IPSec non-modular. - . - It includes the NAT Traversal patches and applies them automatically to the - kernel after inserting KLIPS. - . - This package will not work with 2.6 kernels! It is recommended to use the - native IPSec stack included with 2.6 kernels with strongSwan. If you want to - use KLIPS (the FreeSWan/Openswan/strongSwan IPSec kernel support) with a 2.6 - kernel, then please use the linux-patch-strongswan package. It is - interoperable with the strongswan user space programs. + native ones, you will need to install either openswan-modules-source or + linux-patch-openswan and build the respective modules for your kernel. diff --git a/debian/copyright b/debian/copyright index 536550087..4e08fa8b4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -6,7 +6,7 @@ previous freeswan packages by Tommi Virtanen and Aaron Johnson. The upstream software was downloaded from http://www.freeswan.org/ After the FreeS/WAN folks decided to cease development, we used the forked -code base at http://www.openswan.org/. +code base at http://www.strongswan.org/. This project has multiple authors, please see the file CREDITS for details. However, all of the code is DFSG-free and, since 2002-09-16, diff --git a/debian/doc-base b/debian/doc-base index 5e20233cc..e9fe8c0dc 100644 --- a/debian/doc-base +++ b/debian/doc-base @@ -1,10 +1,10 @@ -Document: openswan -Title: Openswan documentation -Author: The Openswan project -Abstract: This is a comprehensive document which describes what IPSEC - is, how it works, and the Openswan IPSEC implementation. +Document: strongswan +Title: strongSwan documentation +Author: The strongSwan project +Abstract: This is a comprehensive document which describes what IPSec + is, how it works, and the strongSwan IPSec implementation. Section: Apps/System Format: HTML -Index: /usr/share/doc/openswan/doc/index.html -Files: /usr/share/doc/openswan/doc/*.html +Index: /usr/share/doc/strongswan/doc/index.html +Files: /usr/share/doc/strongswan/doc/*.html diff --git a/debian/linux-patch-strongswan.apply b/debian/linux-patch-strongswan.apply deleted file mode 100644 index 107cdb0e7..000000000 --- a/debian/linux-patch-strongswan.apply +++ /dev/null @@ -1,46 +0,0 @@ -#! /bin/sh -# -# (C) 1998 Manoj Srivastava & Eric Delaunay. - -set -e - -ARCHITECTURE=all -PATCHNAME=openswan -PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan -#PATCHDIR=`dirname $0`/../$PATCHNAME - -if ! test -d kernel -a -d Documentation ; then - echo "Not in kernel top level directory. Exiting" >&2 - exit 1 -fi - -if test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then - exit 0 # patch already applied -fi - -rm -rf net/ipsec -KERNELDIR=`pwd` - -# apply the NAT-T patch first (if it applies...) -echo "Applying NAT Traversal patch to networking subsystem." -if make -C "$PATCHDIR" -f Makefile nattpatch \ - | patch -p1 --dry-run >/dev/null; then - make -C "$PATCHDIR" -f Makefile nattpatch \ - | patch -p1 -else - echo "The patch does not apply cleanly, skipping it. Please check manually" - echo "if your kernel already supports NAT Traversal (Debian kernel sources" - echo "might already be patched to do so)." -fi - -echo "Inserting KLIPS into kernel." -make -C "$PATCHDIR" -f Makefile kpatch \ - KERNELSRC="$KERNELDIR"\ - PATCHER="./patcher" -make -C "$PATCHDIR" -f Makefile klink \ - KERNELSRC="$KERNELDIR"\ - KLIPSLINK="cp -a" -make -C "$PATCHDIR" -f Makefile klipsdefaults \ - KERNELSRC="$KERNELDIR" - -mkdir -p debian && touch debian/APPLIED_${ARCHITECTURE}_$PATCHNAME diff --git a/debian/linux-patch-strongswan.dirs b/debian/linux-patch-strongswan.dirs deleted file mode 100644 index 7101a7cb5..000000000 --- a/debian/linux-patch-strongswan.dirs +++ /dev/null @@ -1,3 +0,0 @@ -usr/src/kernel-patches/all/apply -usr/src/kernel-patches/all/unpatch -usr/src/kernel-patches/all/strongswan diff --git a/debian/linux-patch-strongswan.docs b/debian/linux-patch-strongswan.docs deleted file mode 100644 index e61535265..000000000 --- a/debian/linux-patch-strongswan.docs +++ /dev/null @@ -1,2 +0,0 @@ -CREDITS -debian/README.Debian diff --git a/debian/linux-patch-strongswan.unpatch b/debian/linux-patch-strongswan.unpatch deleted file mode 100644 index 2fca79aa6..000000000 --- a/debian/linux-patch-strongswan.unpatch +++ /dev/null @@ -1,39 +0,0 @@ -#! /bin/sh -# -# (C) 1998 Manoj Srivastava & Eric Delaunay. - -set -e - -ARCHITECTURE=all -PATCHNAME=openswan -PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan -#PATCHDIR=`dirname $`/../$PATCHNAME - -if ! test -d kernel -a -d Documentation ; then - echo "Not in kernel top level directory. Exiting" >&2 - exit 1 -fi - -if ! test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then - exit 0 # no need to remove a non existent patch -fi - -rm -rf net/ipsec -patchedfiles=`find . -name "*.preipsec" -type f` -for f in $patchedfiles; do - origname=`expr "$f" : '\(.*\)\.preipsec$'` - echo "Restoring $origname from $f" - mv $f $origname -done - -removefiles=`find . -name "*.ipsecmd5" -type f` -removefiles="$removefiles `find . -name "*.wipsec" -type f`" -for f in $removefiles; do - echo "Removing $f" - rm $f -done - -rm -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME -[ -d debian ] && ( rmdir -p debian || true ) - -exit 0 diff --git a/debian/rules b/debian/rules index 3fe57e144..a88b451b6 100755 --- a/debian/rules +++ b/debian/rules @@ -69,8 +69,6 @@ clean: unpatch -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm - rm -rf debian/strongswan-modules-source-build/ - # Really clean (#356716) # This is a hack: should be better implemented rm -f lib/libstrongswan/libstrongswan.a || true @@ -160,109 +158,6 @@ install-strongswan: build find $(CURDIR)/debian/strongswan -name ".cvsignore" | xargs --no-run-if-empty rm -f find $(CURDIR)/debian/strongswan -name "/.svn/" | xargs --no-run-if-empty rm -rf -install-strongswan-modules-source: DH_OPTIONS=-i -install-strongswan-modules-source: PKGDIR=$(CURDIR)/debian/strongswan-modules-source -install-strongswan-modules-source: BUILDDIR=$(CURDIR)/debian/strongswan-modules-source-build -install-strongswan-modules-source: patch - dh_testdir - dh_testroot - dh_installdirs - mkdir -p "$(BUILDDIR)/modules/strongswan" - mkdir -p "$(BUILDDIR)/modules/strongswan/lib" - mkdir -p "$(BUILDDIR)/modules/strongswan/debian" - mkdir -p "$(BUILDDIR)/modules/strongswan/packaging" - cp -r Makefile Makefile.inc Makefile.ver linux/ \ - "$(BUILDDIR)/modules/strongswan" - cp -r lib/libcrypto "$(BUILDDIR)/modules/strongswan/lib/" - cp -r packaging/makefiles packaging/linus \ - "$(BUILDDIR)/modules/strongswan/packaging/" - find "$(BUILDDIR)/modules/strongswan/lib/" -name "*.o" | xargs --no-run-if-empty rm - install --mode=644 debian/strongswan-modules-source.kernel-config "$(BUILDDIR)/modules/strongswan/config-all.h" - install --mode=755 debian/strongswan-modules-source.rules "$(BUILDDIR)/modules/strongswan/debian/rules" - install --mode=644 debian/strongswan-modules-source.control.in "$(BUILDDIR)/modules/strongswan/debian/control.in" - install --mode=644 debian/changelog "$(BUILDDIR)/modules/strongswan/debian/" - - tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \ - "$(PKGDIR)/usr/src/strongswan-modules.tar.bz2" - - dh_installdocs -pstrongswan-modules-source -n - - # more lintian cleanups - find $(CURDIR)/debian/strongswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f - find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf - -install-linux-patch-strongswan: DH_OPTIONS=-i -install-linux-patch-strongswan: PKGDIR=$(CURDIR)/debian/linux-patch-strongswan -install-linux-patch-strongswan: patch - dh_testdir - dh_testroot - dh_installdirs - # some of this has been taken from Tommi Virtanen's package - install --mode=0755 debian/linux-patch-strongswan.apply \ - "$(PKGDIR)/usr/src/kernel-patches/all/apply/strongswan" - install --mode=0755 debian/linux-patch-strongswan.unpatch \ - "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/strongswan" - install --mode=0755 packaging/utils/patcher \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" - cp -r Makefile Makefile.inc Makefile.ver lib/ linux/ \ - packaging/ \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" - # also don't generate the out.kpatch file under /usr/src/.... - sed 's/>>out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" - sed 's/>out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" - sed 's/rm -f out.kpatch//' \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" \ - > "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" - mv "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile.tmp" \ - "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/Makefile" - chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" - # remove extra junk not needed on linux / that lintian would complain about - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" \ - -name '*.o' -print0 | xargs --no-run-if-empty -0 rm -f - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" \ - -name '*.a' -print0 | xargs --no-run-if-empty -0 rm -f - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libstrongswan/" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libdes/" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/liblwres/" - rm -f "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/COPYING.LIB" - rm -f "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/README" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/linus" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/ipkg" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/makefiles" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/redhat" - rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/suse" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/disttools.pl" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/kernel.patch.gen.sh" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/sshenv" - rm -r "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/packaging/utils/setup" - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/des/asm/" \ - -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ - perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libcrypto/" \ - -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ - perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/des/asm/" \ - -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/lib/libcrypto/" \ - -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x - find "$(PKGDIR)/usr/src/kernel-patches/all/strongswan/linux/net/ipsec/alg/scripts/" \ - -name '*.sh' -print0 | xargs --no-run-if-empty -0 chmod a+x - chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/strongswan" - - dh_installdocs -plinux-patch-strongswan -n - - # more lintian cleanups - find $(PKGDIR) -name ".cvsignore" | xargs --no-run-if-empty rm -f - find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf - binary-common: #dh_testversion 2 dh_testdir @@ -283,7 +178,7 @@ binary-common: dh_builddeb # Build architecture-independent files here. -binary-indep: install-strongswan-modules-source install-linux-patch-strongswan +binary-indep: $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common # Build architecture-dependent files here. diff --git a/debian/strongswan-modules-source.control.in b/debian/strongswan-modules-source.control.in deleted file mode 100644 index 7e5aa5307..000000000 --- a/debian/strongswan-modules-source.control.in +++ /dev/null @@ -1,13 +0,0 @@ -Section: net -Priority: optional -Maintainer: $KMAINT <$KEMAIL> -Build-Depends: debhelper (>= 4) -Standards-Version: 3.6.0 -Source: openswan - -Package: openswan-modules-$KVERS -Architecture: any -Recommends: kernel-image-$KVERS (= $KDREV) -Description: IPSEC kernel modules for Openswan (binary kernel modules) - This package contains the openswan binary kernel modules for linux - version $KVERS. diff --git a/debian/strongswan-modules-source.dirs b/debian/strongswan-modules-source.dirs deleted file mode 100644 index 531fa90c3..000000000 --- a/debian/strongswan-modules-source.dirs +++ /dev/null @@ -1 +0,0 @@ -/usr/src/ diff --git a/debian/strongswan-modules-source.docs b/debian/strongswan-modules-source.docs deleted file mode 100644 index e61535265..000000000 --- a/debian/strongswan-modules-source.docs +++ /dev/null @@ -1,2 +0,0 @@ -CREDITS -debian/README.Debian diff --git a/debian/strongswan-modules-source.kernel-config b/debian/strongswan-modules-source.kernel-config deleted file mode 100644 index 16727d166..000000000 --- a/debian/strongswan-modules-source.kernel-config +++ /dev/null @@ -1,110 +0,0 @@ -#ifndef _CONFIG_ALL_H_ -/* - * Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: openswan-modules-source.kernel-config,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ - */ -#define _CONFIG_ALL_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_AES -#define CONFIG_IPSEC_ENC_AES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -#ifndef CONFIG_IPSEC_NAT_TRAVERSAL -#define CONFIG_IPSEC_NAT_TRAVERSAL 1 -#endif - -#ifndef CONFIG_IPSEC_ALG -#define CONFIG_IPSEC_ALG 1 -#endif -#ifndef CONFIG_IPSEC_ALG_AES -#define CONFIG_IPSEC_ALG_AES 1 -#endif -#ifndef CONFIG_IPSEC_ALG_TWOFISH -#define CONFIG_IPSEC_ALG_TWOFISH 1 -#endif -#ifndef CONFIG_IPSEC_ALG_BLOWFISH -#define CONFIG_IPSEC_ALG_BLOWFISH 1 -#endif -#ifndef CONFIG_IPSEC_ALG_SERPENT -#define CONFIG_IPSEC_ALG_SERPENT 1 -#endif -#ifndef CONFIG_IPSEC_ALG_3DES -#define CONFIG_IPSEC_ALG_3DES 1 -#endif -#ifndef CONFIG_IPSEC_ALG_CAST -#define CONFIG_IPSEC_ALG_CAST 1 -#endif -#ifndef CONFIG_IPSEC_ALG_MD5 -#define CONFIG_IPSEC_ALG_MD5 1 -#endif -#ifndef CONFIG_IPSEC_ALG_NULL -#define CONFIG_IPSEC_ALG_NULL 1 -#endif -#ifndef CONFIG_IPSEC_ALG_SHA1 -#define CONFIG_IPSEC_ALG_SHA1 1 -#endif -#ifndef CONFIG_IPSEC_ALG_SHA2 -#define CONFIG_IPSEC_ALG_SHA2 1 -#endif - -#ifndef CONFIG_IPSEC_ALG_CRYPTOAPI -#define CONFIG_IPSEC_ALG_CRYPTOAPI 1 -#endif -#ifndef CONFIG_IPSEC_ALG_NON_LIBRE -#define CONFIG_IPSEC_ALG_NON_LIBRE 1 -#endif - -#endif /* _CONFIG_ALL_H */ diff --git a/debian/strongswan-modules-source.rules b/debian/strongswan-modules-source.rules deleted file mode 100755 index f31746de1..000000000 --- a/debian/strongswan-modules-source.rules +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/make -f -# Sample debian/rules that uses debhelper. -# GNU copyright 1997 to 1999 by Joey Hess. - -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -# This is the debhelper compatability version to use. -export DH_COMPAT=4 - -VERS = $(shell sed -ne '1s/.*(\(.*\)).*/\1/p' debian/changelog) - -# KSRC is the location of the kernel source. This is the default value, -# when make-kpkg is used it will supply to real value -KSRC = /usr/src/linux - -# KDREV is the package-revision, as given to make-kpkg by the user. -# Just put a simply default value in here which we use when we test -# the packagebuilding without make-kpkg -KDREV = "Custom.1.00" - -# Separate the epoch from the normal revision number in KDREV -# for use with dh_gencontrol -KDREV_EPOCH = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\1/p') -KDREV_REV = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\2/p') - -# Now we need to get the kernel-version somehow -KVERS=`sed -n -e '/UTS_RELEASE/s/^[^"]*"\([^"]*\)".*$$/\1/p' $(KSRC)/include/linux/version.h` - -SED_SCRIPT=s!\$$KVERS!$(KVERS)!g; \ - s!\$$KSRC!$(KSRC)!; \ - s!\$$KEMAIL!$(KEMAIL)!; \ - s!\$$KMAINT!$(KMAINT)!; \ - s!\$$KDREV!$(KDREV)!; \ - s!\$$DEBDATE!$(shell date +"%a, %d %b %Y %H:%M:%S %z")! - -ifeq ($(DEB_DEST),) -DEB_DEST=$(KSRC)/.. -endif - -# Clear root command if already root -ifeq ($(shell id -u),0) -ROOT_CMD= -endif - -# this primarily sets ARCH, we may be able to do that in another way -# but it also defines IPSECVERSION, which is needed below -include Makefile.inc - -debian/control: debian/control.in - sed -e "$(SED_SCRIPT)" debian/control.in > $@ - -.PHONY: debian/control - - -configure: configure-stamp -configure-stamp: - dh_testdir - # Add here commands to configure the package. - - touch configure-stamp - -build: debian/control configure-stamp build-stamp -build-stamp: - dh_testdir - - $(MAKE) module KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) - - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp configure-stamp - - $(MAKE) modclean KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) - - dh_clean - - rm -f debian/control - -MODDESTDIR=$(CURDIR)/debian/openswan-modules-$(KVERS)/lib/modules/$(KVERS)/kernel/net/ipsec -install: -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - mkdir -p $(MODDESTDIR) - if [ -d modobj ]; then \ - cp modobj/ipsec.o $(MODDESTDIR); \ - cp modobj/ipsec_alg_*.o $(MODDESTDIR); \ - else \ - cp modobj26/ipsec.ko $(MODDESTDIR); \ - fi - - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot -# dh_installdebconf - dh_installdocs - dh_installexamples - dh_installmenu -# dh_installlogrotate -# dh_installemacsen -# dh_installpam -# dh_installmime -# dh_installinit - dh_installmodules - dh_installcron - dh_installman - dh_installinfo -# dh_undocumented - dh_installchangelogs - dh_link - dh_strip - dh_compress - dh_fixperms -# dh_makeshlibs - dh_installdeb -# dh_perl - dh_shlibdeps - dh_gencontrol -- -v$(KDREV_EPOCH)$(VERS)+$(KDREV_REV) - dh_md5sums - dh_builddeb --destdir=$(DEB_DEST) - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install configure - -binary-modules: binary - - -kdist_image: - $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules - $(ROOT_CMD) $(MAKE) -f debian/rules clean -kdist_clean: debian/control clean -kdist: - $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules -kdist_configure: configure-stamp - - -.PHONY: binary-modules kdist_image - diff --git a/debian/strongswan.config b/debian/strongswan.config index e779a2ab1..0d051f4ce 100644 --- a/debian/strongswan.config +++ b/debian/strongswan.config @@ -2,56 +2,56 @@ . /usr/share/debconf/confmodule -db_input medium openswan/start_level || true +db_input medium strongswan/start_level || true -db_input medium openswan/restart || true +db_input medium strongswan/restart || true -db_input high openswan/enable-oe || true +db_input high strongswan/enable-oe || true -db_input high openswan/create_rsa_key || true +db_input high strongswan/create_rsa_key || true db_go || true -db_get openswan/create_rsa_key +db_get strongswan/create_rsa_key if [ "$RET" = "true" ]; then - db_input high openswan/rsa_key_type || true + db_input high strongswan/rsa_key_type || true db_go || true - db_get openswan/rsa_key_type + db_get strongswan/rsa_key_type if [ "$RET" = "plain" ]; then # create just a plain RSA keypair - db_input medium openswan/rsa_key_length || true + db_input medium strongswan/rsa_key_length || true db_go || true else # extract the RSA keypair from a x509 certificate - db_input high openswan/existing_x509_certificate || true + db_input high strongswan/existing_x509_certificate || true db_go || true # create a new certificate - db_input medium openswan/rsa_key_length || true - db_input high openswan/x509_self_signed || true + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true # we can't allow the country code to be empty - openssl will # refuse to create a certificate this way countrycode="" while [ -z "$countrycode" ]; do - db_input medium openswan/x509_country_code || true + db_input medium strongswan/x509_country_code || true db_go || true - db_get openswan/x509_country_code + db_get strongswan/x509_country_code countrycode="$RET" done - db_input medium openswan/x509_state_name || true - db_input medium openswan/x509_locality_name || true - db_input medium openswan/x509_organization_name || true - db_input medium openswan/x509_organizational_unit || true - db_input medium openswan/x509_common_name || true - db_input medium openswan/x509_email_address || true + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true db_go || true fi else - db_get openswan/existing_x509_certificate + db_get strongswan/existing_x509_certificate if [ "$RET" = "true" ]; then # existing certificate - use it - db_input critical openswan/existing_x509_certificate_filename || true - db_input critical openswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true db_go || true fi fi diff --git a/debian/strongswan.postinst b/debian/strongswan.postinst index 7d9b19b4b..5875db9db 100644 --- a/debian/strongswan.postinst +++ b/debian/strongswan.postinst @@ -1,5 +1,5 @@ #! /bin/bash -# postinst script for openswan +# postinst script for strongswan # # see: dh_installdeb(1) @@ -103,26 +103,26 @@ make_x509_cert() { case "$1" in configure) - db_get openswan/create_rsa_key + db_get strongswan/create_rsa_key if [ "$RET" = "true" ]; then repair_legacy_secrets # OK, ipsec.secrets should now be correct - db_get openswan/rsa_key_type + db_get strongswan/rsa_key_type if [ "$RET" = "plain" ]; then # a RSA keypair should be created - check if there is one already if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then echo "Warning: there is already a RSA key in /etc/ipsec.secrets." echo "Creating an additional one." fi - # create a plain openswan keypair - db_get openswan/rsa_key_length + # create a plain strongswan keypair + db_get strongswan/rsa_key_length umask 077 keylength=$RET privkey=`mktemp /tmp/ipsec-postinst.XXXXXX` /usr/lib/ipsec/rsasigkey $keylength > $privkey insert_private_key "`cat $privkey`" rm $privkey - echo "Successfully created a plain openswan RSA keypair." + echo "Successfully created a plain strongSwan RSA keypair." else # extract the key from a (newly created) x509 certificate host=`hostname` @@ -133,29 +133,29 @@ case "$1" in echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." else # create a new certificate - db_get openswan/rsa_key_length + db_get strongswan/rsa_key_length keylength=$RET - db_get openswan/x509_self_signed + db_get strongswan/x509_self_signed selfsigned=$RET - db_get openswan/x509_country_code + db_get strongswan/x509_country_code countrycode=$RET if [ -z "$countrycode" ]; then countrycode="."; fi - db_get openswan/x509_state_name + db_get strongswan/x509_state_name statename=$RET if [ -z "$statename" ]; then statename="."; fi - db_get openswan/x509_locality_name + db_get strongswan/x509_locality_name localityname=$RET if [ -z "$localityname" ]; then localityname="."; fi - db_get openswan/x509_organization_name + db_get strongswan/x509_organization_name orgname=$RET if [ -z "$orgname" ]; then orgname="."; fi - db_get openswan/x509_organizational_unit + db_get strongswan/x509_organizational_unit orgunit=$RET if [ -z "$orgunit" ]; then orgunit="."; fi - db_get openswan/x509_common_name + db_get strongswan/x509_common_name commonname=$RET if [ -z "$commonname" ]; then commonname="."; fi - db_get openswan/x509_email_address + db_get strongswan/x509_email_address email=$RET if [ -z "$email" ]; then email="."; fi make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" @@ -166,16 +166,16 @@ case "$1" in fi fi else - db_get openswan/existing_x509_certificate + db_get strongswan/existing_x509_certificate if [ "$RET" = "true" ]; then if [ -e $newcertfile -o -e $newkeyfile ]; then echo "Error: $newcertfile or $newkeyfile already exists." echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." else # existing certificate - use it - db_get openswan/existing_x509_certificate_filename + db_get strongswan/existing_x509_certificate_filename certfile=$RET - db_get openswan/existing_x509_key_filename + db_get strongswan/existing_x509_key_filename keyfile=$RET if [ ! -r $certfile ] || [ ! -r $keyfile ]; then echo "Either the certificate or the key file could not be read !" @@ -193,7 +193,7 @@ case "$1" in fi # figure out the correct start time - db_get openswan/start_level + db_get strongswan/start_level if [ "$RET" = "earliest" ]; then LEVELS="start 41 S . stop 34 0 6 ." elif [ "$RET" = "after NFS" ]; then @@ -203,7 +203,7 @@ case "$1" in fi update-rc.d ipsec $LEVELS > /dev/null - db_get openswan/enable-oe + db_get strongswan/enable-oe if [ "$RET" != "true" ]; then echo -n "Disabling opportunistic encryption (OE) in config file ... " if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then @@ -227,11 +227,11 @@ EOF fi if [ -z "$2" ]; then - # no old configured version - start openswan now + # no old configured version - start strongswan now invoke-rc.d ipsec start || true else - # does the user wish openswan to restart? - db_get openswan/restart + # does the user wish strongswan to restart? + db_get strongswan/restart if [ "$RET" = "true" ]; then invoke-rc.d ipsec restart || true # sure, we'll restart it for you fi diff --git a/debian/strongswan.postrm b/debian/strongswan.postrm index f5aa182f1..8ccb5b7a9 100644 --- a/debian/strongswan.postrm +++ b/debian/strongswan.postrm @@ -1,5 +1,5 @@ #! /bin/sh -# postrm script for openswan +# postrm script for strongswan # # see: dh_installdeb(1) diff --git a/debian/strongswan.prerm b/debian/strongswan.prerm index de804d5cb..cd5986762 100644 --- a/debian/strongswan.prerm +++ b/debian/strongswan.prerm @@ -1,5 +1,5 @@ #! /bin/sh -# prerm script for openswan +# prerm script for strongswan # # see: dh_installdeb(1) @@ -20,7 +20,7 @@ case "$1" in ;; remove|deconfigure) /etc/init.d/ipsec stop || true -# install-info --quiet --remove /usr/info/openswan.info.gz +# install-info --quiet --remove /usr/info/strongswan.info.gz ;; failed-upgrade) ;; diff --git a/debian/watch b/debian/watch index e40202f1e..812049178 100644 --- a/debian/watch +++ b/debian/watch @@ -1,2 +1,2 @@ version=3 -http://www.openswan.org/download/openswan-([\d.]+)\.tar\.gz +http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 |