blob: 93a0148e89c9a6ae25a79d2e662f961df669a95a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# Created by: Riaan Kruger <riaank@gmail.com>
# $FreeBSD$
PORTNAME= strongswan
PORTVERSION= 5.1.3
PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://download.strongswan.org/ \
http://download2.strongswan.org/
MAINTAINER= strongswan@nanoteq.com
COMMENT= Open Source IKEv2 IPsec-based VPN solution
LIB_DEPENDS= libexecinfo.so:${PORTSDIR}/devel/libexecinfo
USES= libtool:keepla tar:bzip2
USE_OPENSSL= yes
USE_RC_SUBR= strongswan
GNU_CONFIGURE= yes
USE_LDCONFIG= yes
CONFIGURE_ARGS= --enable-kernel-pfkey \
--enable-kernel-pfroute \
--disable-kernel-netlink \
--disable-scripts \
--disable-gmp \
--enable-openssl \
--enable-eap-identity \
--enable-eap-md5 \
--enable-eap-tls \
--enable-eap-mschapv2 \
--enable-eap-peap \
--enable-eap-ttls \
--enable-md4 \
--enable-blowfish \
--enable-addrblock \
--enable-whitelist \
--enable-cmd \
--with-group=wheel \
--with-lib-prefix=${PREFIX}
OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKEv1 \
IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \
TESTVECTOR TOOLS UNBOUND XAUTH
OPTIONS_SUB= yes
CURL_DESC= Enable CURL to fetch CRL/OCSP
EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
EAPRADIUS_DESC= Enable EAP Radius proxy authentication
EAPSIMFILE_DESC= Enable EAP SIM with file backend
IKEv1_DESC= Enable IKEv1 support
IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
KERNELLIBIPSEC_DESC= Enable IPSec userland backend
LOADTESTER_DESC= Enable load testing plugin
TESTVECTOR_DESC= Enable crypto test vectors
TOOLS_DESC= Enable PKI tools
UNBOUND_DESC= Enable DNSSEC-enabled resolver
XAUTH_DESC= Enable XAuth password verification
# Extra options
CURL_CONFIGURE_ON= --enable-curl
CURL_LIB_DEPENDS= libcurl.so:${PORTSDIR}/ftp/curl
EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2
EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:${PORTSDIR}/math/gmp
EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
IKEv1_CONFIGURE_OFF= --disable-ikev1
IPSECKEY_CONFIGURE_ON= --enable-ipseckey
KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec
LOADTESTER_CONFIGURE_ON=--enable-load-tester
LDAP_CONFIGURE_ON= --enable-ldap
LDAP_USE= USE_OPENLDAP=yes
MYSQL_CONFIGURE_ON= --enable-mysql
MYSQL_USE= USE_MYSQL=yes
SQLITE_CONFIGURE_ON= --enable-sqlite
SQLITE_LIB_DEPENDS= libsqlite3.so:${PORTSDIR}/databases/sqlite3
TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
TOOLS_CONFIGURE_OFF= --disable-tools
UNBOUND_CONFIGURE_ON= --enable-unbound
UNBOUND_LIB_DEPENDS= libunbound.so:${PORTSDIR}/dns/unbound
XAUTH_CONFIGURE_ON= --enable-xauth-eap --enable-xauth-generic
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
PLIST_SUB+= SIMAKA=""
.else
PLIST_SUB+= SIMAKA="@comment "
.endif
.if ${PORT_OPTIONS:MEAPDYNAMIC} || ${PORT_OPTIONS:MEAPAKA3GPP2}
PLIST_SUB+= DYNAKA=""
.else
PLIST_SUB+= DYNAKA="@comment "
.endif
.if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
CONFIGURE_ARGS+= --enable-attr-sql --enable-sql
PLIST_SUB+= SQL=""
.else
PLIST_SUB+= SQL="@comment "
.endif
.if ${PORT_OPTIONS:MIKEv1} || ${PORT_OPTIONS:MXAUTH}
PLIST_SUB+= XAUTHGEN=""
.else
PLIST_SUB+= XAUTHGEN="@comment "
.endif
post-install:
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/strongswan.d
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/strongswan.d/charon
${INSTALL_DATA} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR}
${INSTALL_DATA} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR}
${INSTALL_DATA} ${STAGEDIR}${PREFIX}/etc/strongswan.d/*.* ${STAGEDIR}${EXAMPLESDIR}/strongswan.d
${INSTALL_DATA} ${STAGEDIR}${PREFIX}/etc/strongswan.d/charon/*.* ${STAGEDIR}${EXAMPLESDIR}/strongswan.d/charon
.for i in strongswan hydra tls charon
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/ipsec/lib${i}.so.0.0.0
.endfor
.for i in aes des blowfish rc2 md4 md5 sha1 sha2 random nonce hmac cmac xcbc x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap whitelist addrblock
${STRIP_CMD} \
${STAGEDIR}${PREFIX}/lib/ipsec/plugins/libstrongswan-${i}.so
.endfor
.include <bsd.port.mk>
|
