diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-03-01 23:30:19 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-03-02 00:24:34 +0300 |
| commit | 7363086d8a6f87f6c162a314937f1c2e3c063b42 (patch) | |
| tree | f37b4996342d0af75369338b4a1a0fc416c5feeb /meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb | |
| parent | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (diff) | |
| download | openbmc-nanbield.tar.xz | |
subtree updatesnanbield
meta-arm: 79c52afe74..9a4ae38e84:
Emekcan Aras (1):
arm-bsp/optee: Improve PIN counter handling robustness
Harsimran Singh Tungal (2):
corstone1000:arm-bsp/tftf: Fix tftf tests on mps3
arm-bsp/tf-a-tests: fix corstone1000
Ross Burton (2):
arm-bsp/documentation: upgrade Sphinx slightly
CI: use https: to fetch meta-virtualization
meta-openembedded: 2da6e1b0e4..da9063bdfb:
Changqing Li (2):
postgresql: upgrade 15.4 -> 15.5
redis: upgrade 6.2.13 -> 6.2.14
Khem Raj (1):
webkitgtk3: upgrade 2.42.0 -> 2.42.1
Meenali Gupta (1):
nginx: upgrade 1.25.2 -> 1.25.3
Mingli Yu (1):
mariadb: Upgrade to 10.11.6
Wang Mingyu (5):
strongswan: upgrade 5.9.12 -> 5.9.13
webkitgtk3: upgrade 2.42.1 -> 2.42.2
webkitgtk3: upgrade 2.42.2 -> 2.42.3
webkitgtk3: upgrade 2.42.3 -> 2.42.4
libssh: upgrade 0.10.5 -> 0.10.6
Yi Zhao (1):
samba: upgrade 4.18.8 -> 4.18.9
poky: 61a59d00a0..1a5c00f00c:
Alassane Yattara (1):
bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer
Alexander Kanavin (2):
glibc-y2038-tests: do not run tests using 32 bit time APIs
icon-naming-utils: take tarball from debian
Alexander Sverdlin (1):
linux-firmware: upgrade 20231030 -> 20231211
Anuj Mittal (2):
base-passwd: upgrade 3.6.2 -> 3.6.3
glib-2.0: upgrade 2.78.1 -> 2.78.3
Baruch Siach (1):
contributor-guide: fix lore URL
Benjamin Bara (1):
glibc: stable 2.38 branch updates
Bruce Ashfield (8):
linux-yocto/6.1: update to v6.1.69
linux-yocto/6.1: update to v6.1.70
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: update to v6.1.72
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: security/cfg: add configs to harden protection
linux-yocto/6.1: update to v6.1.73
linux-yocto/6.1: update CVE exclusions
Chen Qi (2):
sudo: upgrade from 1.9.15p2 to 1.9.15p5
multilib_global.bbclass: fix parsing error with no kernel module split
Clay Chang (1):
devtool: deploy: provide max_process to strip_execs
Enguerrand de Ribaucourt (1):
manuals: document VSCode extension
Ilya A. Kriveshko (1):
dev-manual: update license manifest path
Jason Andryuk (3):
linux-firmware: Package iwlwifi .pnvm files
linux-firmware: Change bnx2 packaging
linux-firmware: Create bnx2x subpackage
Jeremy A. Puhlman (1):
create-spdx-2.2: combine spdx can try to write before dir creation
Joao Marcos Costa (1):
documentation.conf: fix do_menuconfig description
Jonathan GUILLOT (1):
udev-extraconf: fix unmount directories containing octal-escaped chars
Jose Quaresma (2):
go: update 1.20.10 -> 1.20.11
go: update 1.20.11 -> 1.20.12
Joshua Watt (2):
rpcbind: Specify state directory under /run
classes-global/sstate: Fix variable typo
Julien Stephan (1):
externalsrc: fix task dependency for do_populate_lic
Jörg Sommer (1):
documentation: Add UBOOT_BINARY, extend UBOOT_CONFIG
Kai Kang (1):
xserver-xorg: 21.1.9 -> 21.1.11
Khem Raj (2):
tiff: Backport fixes for CVE-2023-6277
tcl: Fix prepending to run-ptest script
Lee Chee Yang (5):
curl: Fix CVE-2023-46219
qemu: 8.1.2 -> 8.1.4
migration-guide: add release notes for 4.3.2
migration-guide: add release notes for 4.0.16
migration-guide: add release notes for 4.3.3
Markus Volk (1):
libadwaita: update 1.4.0 -> 1.4.2
Massimiliano Minella (1):
zstd: fix LICENSE statement
Maxin B. John (1):
ref-manual: classes: remove insserv bbclass
Michael Opdenacker (3):
contributor-guide: use "apt" instead of "aptitude"
release-notes-4.3: fix spacing
migration-guides: fix release notes for 4.3.3
Ming Liu (2):
grub: fs/fat: Don't error when mtime is 0
qemu.bbclass: fix a python TypeError
Mingli Yu (1):
python3-license-expression: Fix the ptest failure
Peter Kjellerstedt (1):
devtool: modify: Handle recipes with a menuconfig task correctly
Peter Marko (4):
dtc: preserve version also from shallow git clones
sqlite3: upgrade 3.43.1 -> 3.43.2
sqlite: drop obsolete CVE ignore
zlib: ignore CVE-2023-6992
Richard Purdie (9):
pseudo: Update to pull in syncfs probe fix
sstate: Fix dir ownership issues in SSTATE_DIR
curl: Disable two intermittently failing tests
lib/prservice: Improve lock handling robustness
oeqa/selftest/prservice: Improve test robustness
curl: Disable test 1091 due to intermittent failures
allarch: Fix allarch corner case
reproducible: Fix race with externalsrc/devtool over lockfile
pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
Robert Berger (1):
uninative-tarball.xz - reproducibility fix
Robert Joslyn (1):
gtk: Set CVE_PRODUCT
Robert Yang (2):
nfs-utils: Upgrade 2.6.3 -> 2.6.4
nfs-utils: Update Upstream-Status
Rodrigo M. Duarte (1):
linux-firmware: Fix the linux-firmware-bcm4373 FILES variable
Ross Burton (4):
avahi: update URL for new project location
libssh2: backport fix for CVE-2023-48795
cve_check: handle CVE_STATUS being set to the empty string
cve_check: cleanup logging
Saul Wold (1):
package.py: OEHasPackage: Add MLPREFIX to packagename
Simone Weiß (5):
dev-manual: start.rst: Update use of Download page
dev-manual: start.rst: Update use of Download page
glibc: Set status for CVE-2023-5156 & CVE-2023-0687
dev-manual: gen-tapdevs need iptables installed
gcc: Update status of CVE-2023-4039
Soumya Sambu (1):
ncurses: Fix - tty is hung after reset
Steve Sakoman (2):
poky.conf: bump version for 4.3.3 release
build-appliance-image: Update to nanbield head revision
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
Wang Mingyu (9):
xwayland: upgrade 23.2.2 -> 23.2.3
libatomic-ops: upgrade 7.8.0 -> 7.8.2
libva-utils: upgrade 2.20.0 -> 2.20.1
kea: upgrade 2.4.0 -> 2.4.1
gstreamer1.0: upgrade 1.22.7 -> 1.22.8
aspell: upgrade 0.60.8 -> 0.60.8.1
at-spi2-core: upgrade 2.50.0 -> 2.50.1
cpio: upgrade 2.14 -> 2.15
gstreamer: upgrade 1.22.8 -> 1.22.9
William Lyu (1):
elfutils: Update license information
Xiangyu Chen (2):
shadow: Fix for CVE-2023-4641
sudo: upgrade 1.9.14p3 -> 1.9.15p2
Yang Xu (1):
rootfs.py: check depmodwrapper execution result
Yogita Urade (2):
tiff: fix CVE-2023-6228
tiff: fix CVE-2023-52355 and CVE-2023-52356
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
baruch@tkos.co.il (1):
overlayfs: add missing closing parenthesis in selftest
Change-Id: I613697694d0eb51ae9451f7e869b69d6c1ba1fd3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb')
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb new file mode 100644 index 0000000000..4523187af2 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb @@ -0,0 +1,194 @@ +DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \ +Linux operating system." +SUMMARY = "strongSwan is an OpenSource IPsec implementation" +HOMEPAGE = "http://www.strongswan.org" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "flex-native flex bison-native" +DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" + +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + " + +SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55" + +UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" + +EXTRA_OECONF = " \ + --without-lib-prefix \ + --with-dev-headers=${includedir}/strongswan \ +" + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" + +PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl curve25519\ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imc imc-hcd imc-os imc-scanner imc-attestation', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imv imv-hcd imv-os imv-scanner imv-attestation', '', d)} \ +" + +PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" +PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils" +PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl" +PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity" +PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2" +PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[nm] = "--enable-nm,--disable-nm,networkmanager,${PN}-nm" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" +PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" +PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" +PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" +PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" +PACKAGECONFIG[curve25519] = "--enable-curve25519,--disable-curve25519,, ${PN}-plugin-curve25519" + +# requires swanctl +PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," + +# tpm needs meta-tpm layer +PACKAGECONFIG[tpm2] = "--enable-tpm,--disable-tpm,,${PN}-plugin-tpm" + + +# integraty configuration needs meta-integraty +#imc +PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,, ${PN}-plugin-tnc-imc ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,," +PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,," +PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,," +PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,," +PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima, json-c," +PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,," + +#imv set +PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,, ${PN}-plugin-tnc-imv ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,," +PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,," +PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,," +PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,," +PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima, json-c," +PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,," + +PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap, libxml2, ${PN}-plugin-tnc-ifmap" +PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,, ${PN}-plugin-tnc-pdp" + +PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2, ${PN}-plugin-tnccs-11" +PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,, ${PN}-plugin-tnccs-20" +PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,${PN}-plugin-tnccs-dynamic" + +inherit autotools systemd pkgconfig + +RRECOMMENDS:${PN} = "kernel-module-ah4 \ + kernel-module-esp4 \ + kernel-module-xfrm-user \ + " + +FILES:${PN} += "${libdir}/ipsec/lib*${SOLIBS}" +FILES:${PN}-dbg += "${bindir}/.debug ${sbindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.debug" +FILES:${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/include/config.h" +FILES:${PN}-staticdev += "${libdir}/ipsec/*.a" + +CONFFILES:${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.conf" + +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY:${PN}-plugins = "1" + +PACKAGE_BEFORE_PN = "${PN}-imcvs ${PN}-imcvs-dbg" +ALLOW_EMPTY:${PN}-imcvs = "1" + +FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so" +FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug" + +PACKAGES =+ "${PN}-nm ${PN}-nm-dbg" +FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.conf" +FILES:${PN}-nm-dbg = "${libexecdir}/ipsec/.debug/charon-nm" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +python split_strongswan_plugins () { + sysconfdir = d.expand('${sysconfdir}/strongswan.d/charon') + libdir = d.expand('${libdir}/ipsec/plugins') + dbglibdir = os.path.join(libdir, '.debug') + + def add_plugin_conf(f, pkg, file_regex, output_pattern, modulename): + dvar = d.getVar('PKGD') + oldfiles = d.getVar('CONFFILES:' + pkg) + newfile = '/' + os.path.relpath(f, dvar) + + if not oldfiles: + d.setVar('CONFFILES:' + pkg, newfile) + else: + d.setVar('CONFFILES:' + pkg, oldfiles + " " + newfile) + + split_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) + do_split_packages(d, sysconfdir, r'(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) + + split_dbg_packages = do_split_packages(d, dbglibdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + split_dev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') + split_staticdev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dev', ' ' + ' '.join(split_dev_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-staticdev', ' ' + ' '.join(split_staticdev_packages)) +} + +PACKAGESPLITFUNCS:prepend = "split_strongswan_plugins " + +# Install some default plugins based on default strongSwan ./configure options +# See https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist +RDEPENDS:${PN} += "\ + ${PN}-plugin-aes \ + ${PN}-plugin-attr \ + ${PN}-plugin-cmac \ + ${PN}-plugin-constraints \ + ${PN}-plugin-des \ + ${PN}-plugin-dnskey \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ + ${PN}-plugin-gcm \ + ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ + ${PN}-plugin-kernel-netlink \ + ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ + ${PN}-plugin-nonce \ + ${PN}-plugin-pem \ + ${PN}-plugin-pgp \ + ${PN}-plugin-pkcs1 \ + ${PN}-plugin-pkcs7 \ + ${PN}-plugin-pkcs8 \ + ${PN}-plugin-pkcs12 \ + ${PN}-plugin-pubkey \ + ${PN}-plugin-random \ + ${PN}-plugin-rc2 \ + ${PN}-plugin-resolve \ + ${PN}-plugin-revocation \ + ${PN}-plugin-sha1 \ + ${PN}-plugin-sha2 \ + ${PN}-plugin-socket-default \ + ${PN}-plugin-sshkey \ + ${PN}-plugin-updown \ + ${PN}-plugin-vici \ + ${PN}-plugin-x509 \ + ${PN}-plugin-xauth-generic \ + ${PN}-plugin-xcbc \ + " + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" + +# The deprecated legacy 'strongswan-starter' service should only be used when charon and +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed. +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd +SYSTEMD_SERVICE:${PN} = " \ + ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \ +" |