| Age | Commit message (Collapse) | Author |
|---|
|
The practical reason for removing it completely for the time being is that
libnm is not in jessie.
|
|
closes: #814927
|
|
|
|
|
|
not loaded by default
|
|
|
|
packages.
|
|
building for ppc64el on x86. Thanks Helmut Grohne. closes: #866669
|
|
The AppArmor profile for charon-systemd was copied from the existing
profile for /usr/lib/ipsec/charon without much scrutiny other than
testing basic IPsec tunnels (no fancy plugin options were tested). It
appears that the team at Canonical that had written the
/usr/lib/ipsec/charon policy had done extensive testing with several
plugins, and it seems likely that applying the same profile to
charon-systemd will allow those plugins to continue to work.
The AppArmor profile for swanctl was written from scratch and well
tested. It turns out that swanctl unnecessarily loads plugins by
default, so a bit of frivolous access has been granted.
|
|
|
|
* debian/rules:
- remove .la files before install
- don't call dh_install with --fail-missing
- override dh_missing with --fail-missing to catch uninstalled files.
|
|
|
|
- d/rules install AppArmor profiles
- d/control add dh-apparmor build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles
for charon, lookip and stroke
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
|
|
- one enable option per line
- sort enable options
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
|
|
|
|
|
|
- enable connmark only on Linux
- install connmark plugins files only on Linux
- make iptables-dev build-dep Linux-only.
- stop installing connmark plugins files inconditionnaly.
|
|
the clearsilver build-dep FTBFS for now so disable the dependency until
it's fixed
|
|
|
|
|
|
* debian/rules:
- migrate debug package to ddeb.
* debian/control:
- drop strongswan-dbg package.
|
|
* debian/rules:
- make the dh_install override arch-dependent only since it only acts on
arch:any packages.
|
|
|
|
If we want to make the cut for the freeze on Nov 5th, the package needs
to build on all archs right now, so let's just disable the test suite on
buildds and we can experiment later...
|
|
|
|
It gets generated only on Linux, so install it from debian/rules with
the rest of the arch-specific files.
|
|
This reverts commit 6e408eb31340230d4c57da34aeab640098c78d1a.
Conflicts:
debian/changelog
|
|
Build-depending on systemd to get the pkg-config detection to work would
obviously fail on !linux archs, so just hardcode the location of systemd
system units instead…
|
|
|
|
* debian/rules:
- use reduced keylengths in testsuite on various arches, hopefully fixing
FTBFS when the genrsa test runs.
|
|
* debian/rules, debian/*.install:
- install default configuration files for all plugins.
|
|
add new binary packages:
- libstrongswan-standard-plugins
- libstrongswan-extra-plugins
- libcharon-extra-plugins packages
The libstrongswan package now only provide upstream default plugins
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* debian/control:
- add build-dep on dh-autoreconf.
* debian/rules:
- use autoreconf addon to refresh autotools helper files and gain support
for ARM64.
* debian/source/options: ignore files regenerated by autoreconf addon.
|
|
|
|
|
|
|
|
- build using all hardening flags.
- use -Wl,--as-needed -Wl,-O1 for LDFLAGS.
|
|
|
|
|
|
* debian/rules:
- --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not
valid anymore for ./configure, remove them.
- add --enable-xauth-eap and --enable-xauth-pam.
- remove pluto handling since it's gone
- don't special-case XAuth on kFreeBSD anymore.
* debian/control:
- drop strongswan-ikev1 package
- rename strongswan-ikev2 package to strongswan-ike for now.
* debian/strongswan-ikev1.install removed.
|
|
* debian/rules:
- revert dropping privileges, it breaks too many setups for now and it's
not possible to disable it. reopens #529854 and closes: #680722
|
