From e855a6d4aacd39908acdeec6d6bafcf4e9c3aa12 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Mon, 1 Sep 2008 07:05:58 +0000 Subject: - Tweaked configure options for a smaller package. --- debian/changelog | 16 ++++++++++++++++ debian/rules | 16 +++++++++------- 2 files changed, 25 insertions(+), 7 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 8d6caba9d..7e8e8b920 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + + -- Rene Mayrhofer Mon, 01 Sep 2008 08:59:10 +0200 + strongswan (4.2.4-3) unstable; urgency=low * Changed configure option to build peer-to-peer service again. diff --git a/debian/rules b/debian/rules index 23d64ab3f..90ccca852 100755 --- a/debian/rules +++ b/debian/rules @@ -16,9 +16,10 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-nonblocking --enable-thread \ --enable-smartcard --enable-cisco-quirks \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ - --enable-xml \ - --enable-mediation --enable-manager \ - --enable-openssl + --enable-mediation \ + --enable-openssl \ + --disable-aes --disable-des --disable-fips-prf --disable-gmp \ + --disable-md5 --disable-sha1 --disable-sha2 # Could enable --enable-nat-transport, but this is actually insecure, # so don't! # And for --enable-eap-sim we would need the library, which we don't @@ -26,10 +27,11 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) -#the padlock plugin only makes sense on i386 -ifeq ($(DEB_BUILD_ARCH_CPU),i386) - CONFIGUREARGS += --enable-padlock -endif +# the padlock plugin only makes sense on i386 +# but it actually doesn't do much, so no need to enable it +#ifeq ($(DEB_BUILD_ARCH_CPU),i386) +# CONFIGUREARGS += --enable-padlock +#endif configure: configure-stamp -- cgit v1.2.3