diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:55:23 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:56:06 +0300 |
commit | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (patch) | |
tree | cd2f355c9c8ae01d490e733e8c83d86f89e92bc8 /meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb | |
parent | 06a6d53090fbf4da09a79d24c2147c5d78640b0c (diff) | |
download | openbmc-d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b.tar.xz |
subtree updates:nanbield: Jan 11, 2024
poky: bf9f2f6f60..61a59d00a0:
Adam Johnston (1):
useradd_base: Fix sed command line for passwd-expire
Alexander Kanavin (1):
cmake: upgrade 3.27.5 -> 3.27.7
Anuj Mittal (1):
gstreamer1.0: upgrade 1.22.6 -> 1.22.7
Bastian Krause (1):
linux-firmware: add new fw file to ${PN}-rtl8821
Bruce Ashfield (25):
linux-yocto/6.1: update to v6.1.59
linux-yocto/6.1: update to v6.1.60
linux-yocto/6.5: update to v6.5.8
linux-yocto/6.5: update to v6.5.9
kern-tools: make lower context patches reproducible
kern-tools: bump SRCREV for queue processing changes
kern-tools: update SRCREV to include SECURITY.md file
kernel-yocto: improve metadata patching
linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
linux-yocto/6.1: update to v6.1.61
linux-yocto/6.1: update to v6.1.62
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
linux-yocto/6.5: update to v6.5.10
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.1: update to v6.1.68
linux-yocto/6.5: drop removed IMA option
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
Chen Qi (1):
systemd: fix DynamicUser issue
Deepthi Hemraj (1):
rust: Fix CVE-2023-40030
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Dmitry Baryshkov (9):
linux-firmware: upgrade 20230804 -> 20231030
linux-firmware: add missing depenencies on license packages
linux-firmware: add notice file to sdm845 modem firmware
linux-firmware: add audio topology symlink to the X13's audio package
linux-firmware: package firmware for Qualcomm Adreno a702
linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
linux-firmware: package Qualcomm Venus 6.0 firmware
linux-firmware: package Robotics RB5 sensors DSP firmware
meson: use correct targets for rust binaries
Fahad Arslan (1):
linux-firmware: create separate packages
Javier Tia (1):
kernel-arch: use ccache only for compiler
Jermain Horsman (2):
lib/oe/buildcfg.py: Include missing import
lib/oe/buildcfg.py: Remove unused parameter
Joakim Tjernlund (1):
sed -i destroys symlinks
Joshua Watt (1):
bitbake: asyncrpc: Add context manager API
Julien Stephan (2):
devtool: fix update-recipe dry-run mode
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
Justin Bronder (1):
contributor-guide: add License-Update tag
Khem Raj (1):
python3-urllib3: Upgrade to 2.0.7
Lee Chee Yang (10):
migration-guides: add release notes for 4.3.1
migration-guide: add release notes for 4.2.4
migration-guide: add release notes for 4.0.14
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
avahi: add CVE-2023-38473.patch to SRC_URL
grub: fix CVE-2023-4692 CVE-2023-4693
curl: fix CVE-2023-46218
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
gtk: Add rdepend on printbackend for cups
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
systemd: update LICENSE statement
Michael Opdenacker (14):
migration-guides: release 3.5 is actually 4.0
contributor-guide: fix command option
dev-manual: layers: update link to YP Compatible form
ref-manual: releases.svg: update nanbield release status
manuals: fix URL
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
test-manual: use working example
systemd-compat-units.bb: fix postinstall script
ref-manual: update tested and supported distros
Paul Barker (1):
ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults
Peter Kjellerstedt (3):
oeqa/selftest/tinfoil: Add tests that parse virtual recipes
dev-manual: Discourage the use of SRC_URI[md5sum]
bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Randy MacLeod (1):
strace: backport fix for so_peerpidfd-test
Rasmus Villemoes (1):
perf: lift TARGET_CC_ARCH modification out of security_flags.inc
Richard Purdie (7):
qemu: Upgrade 8.1.0 -> 8.1.2
sstate: Ensure sstate searches update file mtime
testimage: Exclude wtmp from target-dumper commands
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
linux/cve-exclusion6.1: Update to latest kernel point release
package_ipk: Fix Source: field variable dependency
testimage: Drop target_dumper and most of monitor_dumper
Ross Burton (6):
xwayland: upgrade to 23.2.2
linux-yocto: update CVE exclusions
linux-yocto: update CVE exclusions
lib/oe/patch: ensure os.chdir restoring always happens
tcl: skip timing-dependent tests in run-ptest
tcl: skip async and event tests in run-ptest
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (1):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
Steve Sakoman (2):
poky.conf: bump version for 4.3.2 release
build-appliance-image: Update to nanbield head revision
Sundeep KOKKONDA (2):
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (2):
lsb-release: use https for UPSTREAM_CHECK_URI
vim: upgrade 9.0.2068 -> 9.0.2130
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Vijay Anusuri (1):
avahi: backport Debian patches to fix multiple CVE's
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Vyacheslav Yurkov (1):
lib/oe/path: Deploy files can start only with a dot
Wang Mingyu (16):
base-passwd: upgrade 3.6.1 -> 3.6.2
enchant2: upgrade 2.6.1 -> 2.6.2
harfbuzz: upgrade 8.2.1 -> 8.2.2
libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
libnewt: upgrade 0.52.23 -> 0.52.24
libnsl2: upgrade 2.0.0 -> 2.0.1
msmtp: upgrade 1.8.24 -> 1.8.25
glib-2.0: upgrade 2.78.0 -> 2.78.1
xserver-xorg: upgrade 21.1.8 -> 21.1.9
ghostscript: upgrade 10.02.0 -> 10.02.1
libsolv: upgrade 0.7.25 -> 0.7.26
bind: upgrade 9.18.19 -> 9.18.20
ell: upgrade 0.59 -> 0.60
libgcrypt: upgrade 1.10.2 -> 1.10.3
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
William Lyu (1):
openssl: improve handshake test error reporting
Zoltán Böszörményi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
meta-openembedded: 1750c66ae8..2da6e1b0e4:
Alexandre Belloni (1):
poco: fix branch
Christian Eggers (1):
python3-gcovr: switch to main branch
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Edi Feschiyan (1):
libbytesize: update SRC_URI
Fabio Estevam (3):
openocd: Use https for github
python3-piccata: Use https for github
multipath-tools: Use https for github
Jeffrey Pautler (1):
apache2: add vendor to product name used for CVE checking
Jonas Gorski (1):
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Khem Raj (3):
hwdata: upgrade 0.370 -> 0.375
openvpn: upgrade 2.6.3 -> 2.6.6
python3-scapy: upgrade to latest revision
Ross Burton (1):
yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
Wang Mingyu (3):
hdf5: Fix install conflict when enable multilib.
dnf-plugin-tui: Recover BBCLASSEXTEND variants
strongswan: upgrade 5.9.11 -> 5.9.12
Zoltán Böszörményi (3):
python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
geos: Fix packaging
meta-arm: 0bd7fece41..79c52afe74:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (1):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb')
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb new file mode 100644 index 0000000000..87d12bc6c8 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb @@ -0,0 +1,194 @@ +DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \ +Linux operating system." +SUMMARY = "strongSwan is an OpenSource IPsec implementation" +HOMEPAGE = "http://www.strongswan.org" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "flex-native flex bison-native" +DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" + +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + " + +SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5" + +UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" + +EXTRA_OECONF = " \ + --without-lib-prefix \ + --with-dev-headers=${includedir}/strongswan \ +" + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" + +PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl curve25519\ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imc imc-hcd imc-os imc-scanner imc-attestation', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imv imv-hcd imv-os imv-scanner imv-attestation', '', d)} \ +" + +PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" +PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils" +PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl" +PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity" +PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2" +PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[nm] = "--enable-nm,--disable-nm,networkmanager,${PN}-nm" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" +PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" +PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" +PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" +PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" +PACKAGECONFIG[curve25519] = "--enable-curve25519,--disable-curve25519,, ${PN}-plugin-curve25519" + +# requires swanctl +PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," + +# tpm needs meta-tpm layer +PACKAGECONFIG[tpm2] = "--enable-tpm,--disable-tpm,,${PN}-plugin-tpm" + + +# integraty configuration needs meta-integraty +#imc +PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,, ${PN}-plugin-tnc-imc ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,," +PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,," +PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,," +PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,," +PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima, json-c," +PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,," + +#imv set +PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,, ${PN}-plugin-tnc-imv ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,," +PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,," +PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,," +PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,," +PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima, json-c," +PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,," + +PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap, libxml2, ${PN}-plugin-tnc-ifmap" +PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,, ${PN}-plugin-tnc-pdp" + +PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2, ${PN}-plugin-tnccs-11" +PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,, ${PN}-plugin-tnccs-20" +PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,${PN}-plugin-tnccs-dynamic" + +inherit autotools systemd pkgconfig + +RRECOMMENDS:${PN} = "kernel-module-ah4 \ + kernel-module-esp4 \ + kernel-module-xfrm-user \ + " + +FILES:${PN} += "${libdir}/ipsec/lib*${SOLIBS}" +FILES:${PN}-dbg += "${bindir}/.debug ${sbindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.debug" +FILES:${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/include/config.h" +FILES:${PN}-staticdev += "${libdir}/ipsec/*.a" + +CONFFILES:${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.conf" + +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY:${PN}-plugins = "1" + +PACKAGE_BEFORE_PN = "${PN}-imcvs ${PN}-imcvs-dbg" +ALLOW_EMPTY:${PN}-imcvs = "1" + +FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so" +FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug" + +PACKAGES =+ "${PN}-nm ${PN}-nm-dbg" +FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.conf" +FILES:${PN}-nm-dbg = "${libexecdir}/ipsec/.debug/charon-nm" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +python split_strongswan_plugins () { + sysconfdir = d.expand('${sysconfdir}/strongswan.d/charon') + libdir = d.expand('${libdir}/ipsec/plugins') + dbglibdir = os.path.join(libdir, '.debug') + + def add_plugin_conf(f, pkg, file_regex, output_pattern, modulename): + dvar = d.getVar('PKGD') + oldfiles = d.getVar('CONFFILES:' + pkg) + newfile = '/' + os.path.relpath(f, dvar) + + if not oldfiles: + d.setVar('CONFFILES:' + pkg, newfile) + else: + d.setVar('CONFFILES:' + pkg, oldfiles + " " + newfile) + + split_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) + do_split_packages(d, sysconfdir, r'(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) + + split_dbg_packages = do_split_packages(d, dbglibdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + split_dev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') + split_staticdev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dev', ' ' + ' '.join(split_dev_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-staticdev', ' ' + ' '.join(split_staticdev_packages)) +} + +PACKAGESPLITFUNCS:prepend = "split_strongswan_plugins " + +# Install some default plugins based on default strongSwan ./configure options +# See https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist +RDEPENDS:${PN} += "\ + ${PN}-plugin-aes \ + ${PN}-plugin-attr \ + ${PN}-plugin-cmac \ + ${PN}-plugin-constraints \ + ${PN}-plugin-des \ + ${PN}-plugin-dnskey \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ + ${PN}-plugin-gcm \ + ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ + ${PN}-plugin-kernel-netlink \ + ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ + ${PN}-plugin-nonce \ + ${PN}-plugin-pem \ + ${PN}-plugin-pgp \ + ${PN}-plugin-pkcs1 \ + ${PN}-plugin-pkcs7 \ + ${PN}-plugin-pkcs8 \ + ${PN}-plugin-pkcs12 \ + ${PN}-plugin-pubkey \ + ${PN}-plugin-random \ + ${PN}-plugin-rc2 \ + ${PN}-plugin-resolve \ + ${PN}-plugin-revocation \ + ${PN}-plugin-sha1 \ + ${PN}-plugin-sha2 \ + ${PN}-plugin-socket-default \ + ${PN}-plugin-sshkey \ + ${PN}-plugin-updown \ + ${PN}-plugin-vici \ + ${PN}-plugin-x509 \ + ${PN}-plugin-xauth-generic \ + ${PN}-plugin-xcbc \ + " + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" + +# The deprecated legacy 'strongswan-starter' service should only be used when charon and +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed. +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd +SYSTEMD_SERVICE:${PN} = " \ + ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \ +" |