main/strongswan: subpackage for logfile config

3 files changed, 33 insertions, 3 deletions

diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index b68d2599d2..646a190aa2 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=strongswan
 pkgver=5.8.1
 _pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=2
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="https://www.strongswan.org/"
 arch="all"
@@ -14,7 +14,7 @@ depends="iproute2"
 makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev
 	gmp-dev libcap-dev"
 install="$pkgname.pre-install"
-subpackages="$pkgname-doc $pkgname-dbg $pkgname-openrc"
+subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc"
 source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
 	0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 	1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -23,6 +23,8 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
 
 	strongswan.initd
 	charon.initd
+	charon.logrotate
+	charon-logfile.conf
 	"
 
 # secfixes:
@@ -129,10 +131,22 @@ package() {
 	chown ipsec:ipsec "$pkgdir"/etc/ipsec.d/crls "$pkgdir"/etc/swanctl/x509crl
 }
 
+logfile() {
+	pkgdesc="Dedicated log file configuration for charon"
+	depends=$pkgname
+
+	install -m 644 -D charon.logrotate "$subpkgdir/etc/logrotate.d/charon"
+	install -m 644 -D charon-logfile.conf \
+		"$subpkgdir/etc/strongswan.d/charon-logfile.conf"
+	install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec"
+}
+
 sha512sums="630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f  strongswan-5.8.1.tar.bz2
 c829b59d33f5dcffd86fbc81d824b51397ed48dc94da6271ec2d7d70e5975cff0c13d235147f92e1981b391857d5573507972593fed0ce831968da10d119da0f  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 cdc8b9d56fbd7c079dfa37e8de822cfa925d3b6741ff7d04afbc8b856d717ed090750e85b19af2296e28ee030c2d91597d2492f4b9b3540a5647b120bf609556  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 f92609a1f6810786baeae1688688cbdd2a3116200cdba8d23e13da08992f5280bcbe04712cc89402f1e39aff6f4ebc8da05a2529b1e61e25a5229deb74c4dc3f  1002-vici-send-certificates-for-ike-sa-events.patch
 da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75ceb99d51813f8e59631e687b09c1ff5c6437388f5f4d9647  1003-vici-add-support-for-individual-sa-state-changes.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
-4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5  charon.initd"
+4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5  charon.initd
+0417de0c0aa779602b216f29b1ad58cc842f0b0fbb8f5238d39199125dac30eaae89d869b337f8f504f8427f074ee7a363f55e3b3875516fe1ed5f0ed7f34c6f  charon.logrotate
+5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363  charon-logfile.conf"
diff --git a/main/strongswan/charon-logfile.conf b/main/strongswan/charon-logfile.conf
new file mode 100644
index 0000000000..f71317f32f
--- /dev/null
+++ b/main/strongswan/charon-logfile.conf
@@ -0,0 +1,10 @@
+charon {
+	filelog {
+		/var/log/ipsec/charon {
+			default = 1
+			flush_line = yes
+			ike_name = yes
+			time_format = %b %e %T
+		}
+	}
+}
diff --git a/main/strongswan/charon.logrotate b/main/strongswan/charon.logrotate
new file mode 100644
index 0000000000..4d42f64d8d
--- /dev/null
+++ b/main/strongswan/charon.logrotate
@@ -0,0 +1,6 @@
+/var/log/ipsec/charon {
+	missingok
+	postrotate
+		killall -HUP charon
+	endscript
+}