1 files changed, 197 insertions, 0 deletions

diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..ba9eefab7
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,197 @@
+#!/usr/bin/make -f
+export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1
+#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
+		--enable-ldap --enable-curl \
+		--enable-pkcs11 \
+		--enable-mediation --enable-medsrv --enable-medcli \
+		--enable-openssl --enable-agent \
+		--enable-ctr --enable-ccm --enable-gcm --enable-addrblock \
+		--enable-eap-radius --enable-eap-identity --enable-eap-md5 \
+		--enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \
+		--enable-eap-tls --enable-eap-ttls --enable-eap-tnc \
+		--enable-ha \
+		--enable-led --enable-gcrypt \
+		--enable-test-vectors \
+		--enable-xauth-eap --enable-xauth-pam \
+		--enable-cmd \
+		--enable-certexpire \
+		--enable-lookip \
+		--enable-error-notify \
+		--enable-unity \
+		--disable-blowfish --disable-des # BSD-Young license
+	#--with-user=strongswan --with-group=nogroup
+	#	--enable-kernel-pfkey --enable-kernel-klips \
+	# And for --enable-eap-sim we would need the library, which we don't
+	# have right now.
+	# Don't --enable-cisco-quirks, because some other IPsec implementations
+	# (most notably the Phion one) have problems connecting when pluto 
+	# sends these Cisco options.
+
+# get the various DEB_BUILD/DEB_HOST variables
+include /usr/share/dpkg/architecture.mk
+
+# the padlock plugin only makes sense on i386
+# RdRand only makes sense on i386 and amd64
+ifeq ($(DEB_BUILD_ARCH_CPU),i386)
+  CONFIGUREARGS += --enable-padlock --enable-rdrand
+endif
+
+ifeq ($(DEB_BUILD_ARCH_CPU),amd64)
+  CONFIGUREARGS += --enable-rdrand
+endif
+
+ifeq ($(DEB_BUILD_ARCH_OS),linux)
+	# only enable network-manager and capabilities dropping on linux hosts
+	# some plugins are linux-only too
+	CONFIGUREARGS += --enable-nm \
+		--with-capabilities=libcap \
+		--enable-farp \
+		--enable-dhcp \
+		--enable-af-alg
+endif
+
+ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd)
+	# recommended configure line for FreeBSD
+	# http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD
+	CONFIGUREARGS += --disable-kernel-netlink \
+		--enable-kernel-pfkey --enable-kernel-pfroute \
+		--with-group=wheel
+endif
+
+override_dh_auto_configure:
+	dh_auto_configure -- $(CONFIGUREARGS)
+
+override_dh_auto_clean:
+	dh_auto_clean
+	# after a make clean, no binaries _should_ be left, but ....
+	-find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm
+
+	# Really clean (#356716)
+	# This is a hack: should be better implemented
+	rm -f lib/libstrongswan/libstrongswan.a || true
+	rm -f lib/libstrongswan/liboswlog.a || true
+
+	# just in case something went wrong
+	rm -f $(CURDIR)/debian/ipsec.secrets
+
+	# and make sure that template are up-to-date
+	debconf-updatepo
+
+
+override_dh_install:
+
+	# first special cases
+ifeq ($(DEB_BUILD_ARCH_OS),linux)
+	# handle Linux-only plugins
+	dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-dhcp.so
+	dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/dhcp.conf
+	dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/dhcp.conf
+
+	dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-farp.so
+	dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/farp.conf
+	dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/farp.conf
+
+	dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so
+	dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-netlink.conf
+	dh_install -p libstrongswan etc/strongswan.d/charon/kernel-netlink.conf
+
+	dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-af-alg.so
+	dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/af-alg.conf
+	dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/af-alg.conf
+	# the systemd service file only gets generated on Linux
+	dh_install -p strongswan-starter lib/systemd/system/strongswan.service
+endif
+
+ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd)
+	# handle FreeBSD-only plugins
+	dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfkey.so
+	dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfkey.conf
+	dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfkey.conf
+
+	dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfroute.so
+	dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfroute.conf
+	dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfroute.conf
+endif
+
+ifeq ($(DEB_BUILD_ARCH_CPU),i386)
+	# special handling for padlock, as it is only built on i386
+	dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-padlock.so
+	dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/padlock.conf
+	dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/padlock.conf
+
+	dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so
+	dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf
+	dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf
+endif
+
+ifeq ($(DEB_BUILD_ARCH_CPU), amd64)
+	dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so
+	dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf
+	dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf
+endif
+
+	# then install the rest, ignoring the above
+	dh_install --fail-missing \
+		-X\.la -X\.a \
+		-Xmedsrv -Xman3 \
+		-Xlibstrongswan-kernel- -X kernel- \
+		-Xlibstrongswan-dhcp.so -X dhcp.conf \
+		-Xlibstrongswan-farp.so -X farp.conf \
+		-Xlibstrongswan-padlock.so -X padlock.conf \
+		-Xlibstrongswan-rdrand.so -X rdrand.conf \
+		-Xlibstrongswan-af-alg.so -X af-alg.conf \
+		-Xstrongswan.service
+
+	# add additional files not covered by upstream makefile...
+	install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets
+	# also "patch" ipsec.conf to include the debconf-managed file
+	echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf
+	echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf
+	# and to enable both IKEv1 and IKEv2 by default
+	sed -r 's/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp
+	mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf
+
+	# set permissions on ipsec.secrets
+	chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets
+	chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/
+	chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/
+
+	# this is handled by update-rc.d
+	rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d
+
+	# delete var/lock/subsys and var/run to satisfy lintian
+	rm -rf $(CURDIR)/debian/openswan/var/lock
+	rm -rf $(CURDIR)/debian/openswan/var/run
+
+	# more lintian cleanups
+	find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f
+	find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf
+
+override_dh_installinit:
+	dh_installinit -n --name=ipsec
+
+override_dh_installchangelogs:
+	dh_installchangelogs NEWS
+
+override_dh_strip:
+	dh_strip --dbg-package=strongswan-dbg
+
+override_dh_fixperms:
+	dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan
+
+override_dh_makeshlibs:
+	dh_makeshlibs -n -X usr/lib/ipsec/plugins
+
+override_dh_installlogcheck:
+	dh_installlogcheck --name strongswan
+
+override_dh_auto_test:
+ifeq ($(DEB_BUILD_ARCH),amd64)
+	dh_auto_test
+endif
+
+%:
+	dh $@ --parallel --with autoreconf,systemd