aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan
diff options
context:
space:
mode:
Diffstat (limited to 'main/strongswan')
-rw-r--r--main/strongswan/APKBUILD23
-rw-r--r--main/strongswan/charon.initd30
-rw-r--r--main/strongswan/strongswan.initd1
-rw-r--r--main/strongswan/strongswan.pre-install10
4 files changed, 57 insertions, 7 deletions
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index f86cc647b1..53024e4f5d 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -2,18 +2,21 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.3.0
-pkgrel=1
+pkgrel=2
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
+pkgusers="ipsec"
+pkggroups="ipsec"
license="GPL-2 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2 openssl"
-depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev"
+depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev libcap-dev"
makedepends="$depends_dev linux-headers"
-install=""
+install="$pkgname.pre-install"
subpackages="$pkgname-doc"
source="http://download.strongswan.org/$pkgname-$pkgver.tar.bz2
- strongswan.initd"
+ strongswan.initd
+ charon.initd"
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
@@ -41,6 +44,9 @@ build() {
--sysconfdir=/etc \
--libexecdir=/usr/lib \
--with-ipsecdir=/usr/lib/strongswan \
+ --with-capabilities=libcap \
+ --with-user=ipsec \
+ --with-group=ipsec \
--enable-curl \
--disable-ldap \
--disable-aes \
@@ -91,8 +97,11 @@ package() {
}
md5sums="c52d4228231c2025d9c320d0e9990327 strongswan-5.3.0.tar.bz2
-358a63c1c38305afc7dd32d748b0149d strongswan.initd"
+85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
+7962a720ebef6892d80a3cbdab72c204 charon.initd"
sha256sums="824da31a1ff89ac2500d56705e6f9ce06fe5260f9caaeb1da35ea13a8691d284 strongswan-5.3.0.tar.bz2
-7b24ca7d6270e986ffb75d7e147df4a294ee44347fb792db2e9d2875cb40494d strongswan.initd"
+ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
+97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
sha512sums="1bb677e120b7b38942031a19b2c2caa8a55911ffc3220731fedd717efd6f80f937fd8e4e8d8e22ce638d49d548e9f5b1b043eede2550df2727a0242a08ef50e3 strongswan-5.3.0.tar.bz2
-e4c110b2c6102419c74b93748fc10b6c09055d5edf166c8da674b6082a0cf1a15358dec380832aab8e7fba89159ea269bcfbff4ec84cfa2acefb586765b8395d strongswan.initd"
+b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
+6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"
diff --git a/main/strongswan/charon.initd b/main/strongswan/charon.initd
new file mode 100644
index 0000000000..06905c28e8
--- /dev/null
+++ b/main/strongswan/charon.initd
@@ -0,0 +1,30 @@
+#!/sbin/openrc-run
+
+description="strongSwan charon IKE daemon"
+command="/usr/lib/strongswan/charon"
+pidfile="/var/run/charon.pid"
+start_stop_daemon_args="--background"
+extra_started_commands="reload status"
+
+depend() {
+ need net
+ after firewall
+ provide ipsec
+}
+
+start_post() {
+ ebegin "Loading ${name:-$RC_SVCNAME} configuration"
+ sleep 0.2
+ swanctl --load-all &>/dev/null
+ eend $?
+}
+
+reload() {
+ swanctl --reload-settings
+ swanctl --load-all
+}
+
+status() {
+ swanctl --list-conns
+ swanctl --list-sas
+}
diff --git a/main/strongswan/strongswan.initd b/main/strongswan/strongswan.initd
index 4220eac7fa..dfe7add8ec 100644
--- a/main/strongswan/strongswan.initd
+++ b/main/strongswan/strongswan.initd
@@ -3,6 +3,7 @@
depend() {
need net
after firewall
+ provide ipsec
}
start() {
diff --git a/main/strongswan/strongswan.pre-install b/main/strongswan/strongswan.pre-install
new file mode 100644
index 0000000000..e1fa31974d
--- /dev/null
+++ b/main/strongswan/strongswan.pre-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if ! getent group ipsec >/dev/null; then
+ addgroup -S ipsec
+fi
+if ! getent passwd ipsec >/dev/null; then
+ adduser -S -H -h /var/empty -s /sbin/nologin -D -G ipsec ipsec 2>/dev/null
+fi
+
+exit 0