blob: 3b454bb8fc3b6497541abfbbbd5fe44884d37071 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.8.0
_pkgver=${pkgver//_rc/rc}
pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="https://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL-2.0 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2"
depends_dev=""
makedepends="$depends_dev linux-headers python2 sqlite-dev openssl-dev curl-dev
gmp-dev libcap-dev"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="https://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
strongswan.initd
charon.initd
"
builddir="$srcdir/$pkgname-$_pkgver"
# secfixes:
# 5.7.1-r0:
# - CVE-2018-17540
# 5.7.0-r0:
# - CVE-2018-16151
# - CVE-2018-16152
# 5.6.3-r0:
# - CVE-2018-5388
# - CVE-2018-10811
# 5.5.3-r0:
# - CVE-2017-9022
# - CVE-2017-9023
prepare() {
local i
cd "$builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || _err="$_err $i" ;;
esac
done
if [ -n "$_err" ]; then
error "The following patches failed:"
for i in $_err; do
echo " $i"
done
return 1
fi
# the headers they ship conflicts with the real thing.
#rm -r src/include/linux
}
build() {
cd "$builddir"
# notes about configuration:
# - try to keep options in ./configure --help order
# - apk depends on openssl, so we use that
# - openssl provides ciphers, randomness, etc
# -> disable all redundant in-tree copies
local _aesni=
case "$CARCH" in
x86_64) _aesni="--enable-aesni";;
esac
./configure --prefix=/usr \
--sysconfdir=/etc \
--libexecdir=/usr/lib \
--with-ipsecdir=/usr/lib/strongswan \
--with-capabilities=libcap \
--with-user=ipsec \
--with-group=ipsec \
--enable-curl \
--disable-ldap \
--disable-aes \
--disable-des \
--disable-rc2 \
--disable-md5 \
--disable-sha1 \
--disable-sha2 \
--enable-gmp \
--disable-hmac \
--disable-mysql \
--enable-sqlite \
--enable-eap-sim \
--enable-eap-sim-file \
--enable-eap-aka \
--enable-eap-aka-3gpp2 \
--enable-eap-simaka-pseudonym \
--enable-eap-simaka-reauth \
--enable-eap-identity \
--enable-eap-md5 \
--enable-eap-tls \
--disable-eap-gtc \
--enable-eap-mschapv2 \
--enable-eap-radius \
--enable-xauth-eap \
--enable-farp \
--enable-vici \
--enable-attr-sql \
--enable-dhcp \
--enable-openssl \
--enable-unity \
--enable-ha \
--enable-cmd \
--enable-swanctl \
--enable-shared \
--disable-static \
$_aesni
make
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname"
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
}
sha512sums="bf70aa6f9bb3d64d7cf02c7efd9053830efaa51b4cb20bd18dc75b1f0e7532c6217b4074b24dc10bd214484442bc496a57f7ca46bb341c50153feff98cd2bf94 strongswan-5.8.0.tar.bz2
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd"
|
