aboutsummaryrefslogtreecommitdiff
path: root/security/strongswan/Makefile
blob: b6338514ab6266de109a26781232dde7da48a5cb (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Created by: Riaan Kruger <riaank@gmail.com>
# $FreeBSD$

PORTNAME=	strongswan
PORTVERSION=	5.6.0
CATEGORIES=	security
MASTER_SITES=	http://download.strongswan.org/ \
		http://download2.strongswan.org/

MAINTAINER=	strongswan@nanoteq.com
COMMENT=	Open Source IKEv2 IPsec-based VPN solution

LICENSE=	GPLv2

USES=		cpe libtool:keepla pkgconfig tar:bzip2 ssl
USE_RC_SUBR=	strongswan
GNU_CONFIGURE=	yes
USE_LDCONFIG=	${PREFIX}/lib/ipsec
INSTALL_TARGET=	install-strip

CONFIGURE_ARGS=	--enable-kernel-pfkey \
		--enable-kernel-pfroute  \
		--disable-kernel-netlink  \
		--disable-scripts  \
		--disable-gmp \
		--enable-openssl \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--enable-eap-mschapv2 \
		--enable-eap-peap \
		--enable-eap-ttls \
		--enable-md4 \
		--enable-blowfish \
		--enable-addrblock \
		--enable-whitelist \
		--enable-cmd \
		--with-group=wheel  \
		--with-lib-prefix=${PREFIX}

OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEv1 \
		IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI SCEP SMP \
		SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY VICI XAUTH
OPTIONS_DEFAULT=	IKEv1 BUILTIN PKI SWANCTL VICI
OPTIONS_SINGLE=	PRINTF_HOOKS
OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
OPTIONS_SUB=	yes

# Description of options
CURL_DESC=	Enable CURL to fetch CRL/OCSP
EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
EAPSIMFILE_DESC=	Enable EAP SIM with file backend
GCM_DESC=		Enable GCM AEAD wrapper crypto plugin
IKEv1_DESC=	Enable IKEv1 support
IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
KERNELLIBIPSEC_DESC=	Enable IPSec userland backend
LOADTESTER_DESC=	Enable load testing plugin
MEDIATION_DESC=		Enable IKEv2 Mediation Extension
PKI_DESC=	Enable PKI tools
SCEP_DESC=	Enable Simple Certificate Enrollment Protocol
SMP_DESC=	Enable XML-based management protocol (DEPRECATED)
SWANCTL_DESC=	Install swanctl (requires VICI)
TESTVECTOR_DESC=	Enable crypto test vectors
TPM_DESC=	Enable TPM plugin
UNBOUND_DESC=	Enable DNSSEC-enabled resolver
UNITY_DESC=	Enable Cisco Unity extension plugin
VICI_DESC=	Enable VICI management protocol
XAUTH_DESC=	Enable XAuth password verification
BUILTIN_DESC=	Use builtin printf hooks
LIBC_DESC=	Use libc printf hooks
VSTR_DESC=	Use devel/vstr printf hooks

# Extra options
CURL_CONFIGURE_ON=	--enable-curl
CURL_LIB_DEPENDS=	libcurl.so:ftp/curl
EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka --enable-eap-aka-3gpp2
EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
EAPRADIUS_CONFIGURE_ON=	--enable-eap-radius
EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
GCM_CONFIGURE_ON=	--enable-gcm
IKEv1_CONFIGURE_OFF=	--disable-ikev1
IPSECKEY_CONFIGURE_ON=	--enable-ipseckey
KERNELLIBIPSEC_CONFIGURE_ON=	--enable-kernel-libipsec
LOADTESTER_CONFIGURE_ON=--enable-load-tester
LDAP_CONFIGURE_ON=	--enable-ldap
LDAP_USE=		OPENLDAP=yes
MEDIATION_CONFIGURE_ON=	--enable-mediation
MYSQL_CONFIGURE_ON=	--enable-mysql
MYSQL_USES=		mysql
PKI_CONFIGURE_OFF=	--disable-pki
SCEP_CONFIGURE_OFF=	--disable-scepclient
SMP_LIB_DEPENDS=	libxml2.so:textproc/libxml2
SMP_CONFIGURE_ON=	--enable-smp
SQLITE_CONFIGURE_ON=	--enable-sqlite
SQLITE_LIB_DEPENDS=	libsqlite3.so:databases/sqlite3
SWANCTL_CONFIGURE_ON=	--enable-swanctl
SWANCTL_IMPLIES=	VICI
TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
TPM_CONFIGURE_ON=	--enable-tpm
UNBOUND_CONFIGURE_ON=	--enable-unbound
UNBOUND_LIB_DEPENDS=	libunbound.so:dns/unbound \
			libldns.so:dns/ldns
UNITY_CONFIGURE_ON=	--enable-unity
VICI_CONFIGURE_ON=	--enable-vici
XAUTH_CONFIGURE_ON=	--enable-xauth-eap --enable-xauth-generic
BUILTIN_CONFIGURE_ON=	--with-printf-hooks=builtin
LIBC_CONFIGURE_ON=	--with-printf-hooks=glibc
VSTR_CONFIGURE_ON=	--with-printf-hooks=vstr
VSTR_LIB_DEPENDS=	libvstr.so:devel/vstr

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
PLIST_SUB+=	SIMAKA=""
.else
PLIST_SUB+=	SIMAKA="@comment "
.endif

.if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
CONFIGURE_ARGS+=	--enable-attr-sql --enable-sql
PLIST_SUB+=	SQL=""
.else
PLIST_SUB+=	SQL="@comment "
.endif

.if ${PORT_OPTIONS:MIKEv1} || ${PORT_OPTIONS:MXAUTH}
PLIST_SUB+=	XAUTHGEN=""
.else
PLIST_SUB+=	XAUTHGEN="@comment "
.endif

post-install:
.if ${PORT_OPTIONS:MVICI}
	${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \
		${STAGEDIR}${PREFIX}/include
.endif
.if ${PORT_OPTIONS:MSWANCTL}
	${MV} ${STAGEDIR}${PREFIX}/etc/swanctl/swanctl.conf \
		${STAGEDIR}${PREFIX}/etc/swanctl/swanctl.conf.sample
.endif

.include <bsd.port.mk>