aboutsummaryrefslogtreecommitdiff
path: root/security/strongswan/Makefile
blob: 0870d891ebced602a5a6f4a91af7320b0a434fe2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
PORTNAME=	strongswan
DISTVERSION=	5.9.9
PORTREVISION=	2
CATEGORIES=	security net-vpn
MASTER_SITES=	https://download.strongswan.org/ \
		https://download2.strongswan.org/

MAINTAINER=	strongswan@nanoteq.com
COMMENT=	Open Source IKEv2 IPsec-based VPN solution
WWW=		https://www.strongswan.org

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

USES=		cpe libtool:keepla pkgconfig ssl tar:bzip2
USE_LDCONFIG=	${PREFIX}/lib/ipsec
USE_RC_SUBR=	strongswan

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--disable-gmp \
		--disable-kernel-netlink \
		--disable-scripts \
		--enable-addrblock \
		--enable-blowfish \
		--enable-cmd \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-mschapv2 \
		--enable-eap-peap \
		--enable-eap-tls \
		--enable-eap-ttls \
		--enable-kernel-pfkey \
		--enable-kernel-pfroute \
		--enable-md4 \
		--enable-openssl \
		--enable-whitelist \
		--with-group=wheel \
		--with-lib-prefix=${PREFIX}

INSTALL_TARGET=	install-strip
TEST_TARGET=	check

OPTIONS_DEFINE=			CTR CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \
				EAPSIMFILE FARP GCM IKEV1 IPSECKEY KDF \
				KERNELLIBIPSEC LDAP LOADTESTER MEDIATION MYSQL \
				PKCS11 PKI PYTHON SCEP SMP SQLITE SWANCTL \
				TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH
OPTIONS_DEFINE_i386=	VIA
OPTIONS_DEFAULT=		BUILTIN CURL GCM IKEV1 KDF PKI SWANCTL VICI
OPTIONS_SINGLE=			PRINTF_HOOKS
OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
OPTIONS_SUB=			yes

# Description of options
BUILTIN_DESC=		Use builtin printf hooks
CTR_DESC=		Enable CTR cipher mode wrapper plugin
CURL_DESC=		Enable CURL to fetch CRL/OCSP
EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
EAPSIMFILE_DESC=	Enable EAP SIM with file backend
FARP_DESC=		Enable farp plugin
GCM_DESC=		Enable GCM AEAD wrapper crypto plugin
IKEV1_DESC=		Enable IKEv1 support
IPSECKEY_DESC=		Enable authentication with IPSECKEY resource records with DNSSEC
KDF_DESC=		Enable KDF (prf+) implementation plugin
KERNELLIBIPSEC_DESC=	Enable IPSec userland backend
LIBC_DESC=		Use libc printf hooks
LOADTESTER_DESC=	Enable load testing plugin
MEDIATION_DESC=		Enable IKEv2 Mediation Extension
PKCS11_DESC=		Enable PKCS11 token support
PKI_DESC=		Enable PKI tools
PYTHON_DESC=		Python VICI protocol plugin
SCEP_DESC=		Enable Simple Certificate Enrollment Protocol
SMP_DESC=		Enable XML-based management protocol (DEPRECATED)
SWANCTL_DESC=		Install swanctl (requires VICI)
TESTVECTOR_DESC=	Enable crypto test vectors
TPM_DESC=		Enable TPM plugin
TSS2_DESC=		Enable TPM 2.0 TSS2 library
UNBOUND_DESC=		Enable DNSSEC-enabled resolver
UNITY_DESC=		Enable Cisco Unity extension plugin
VIA_DESC=		Enable VIA Padlock support
VICI_DESC=		Enable VICI management protocol
VSTR_DESC=		Use devel/vstr printf hooks
XAUTH_DESC=		Enable XAuth password verification

# Extra options
BUILTIN_CONFIGURE_ON=		--with-printf-hooks=builtin
CTR_CONFIGURE_ON=		--enable-ctr
CURL_LIB_DEPENDS=		libcurl.so:ftp/curl
CURL_CONFIGURE_ON=		--enable-curl
EAPAKA3GPP2_LIB_DEPENDS=	libgmp.so:math/gmp
EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka \
				--enable-eap-aka-3gpp2
EAPDYNAMIC_CONFIGURE_ON=	--enable-eap-dynamic
EAPRADIUS_CONFIGURE_ON=		--enable-eap-radius
EAPSIMFILE_CONFIGURE_ON=	--enable-eap-sim \
				--enable-eap-sim-file
FARP_CONFIGURE_ON=		--enable-farp
GCM_CONFIGURE_ON=		--enable-gcm
IKEV1_CONFIGURE_OFF=		--disable-ikev1
IPSECKEY_CONFIGURE_ON=		--enable-ipseckey
KDF_CONFIGURE_ON=		--enable-kdf
KERNELLIBIPSEC_CONFIGURE_ON=	--enable-kernel-libipsec
LDAP_USES=			ldap
LDAP_CONFIGURE_ON=		--enable-ldap
LIBC_CONFIGURE_ON=		--with-printf-hooks=glibc
LOADTESTER_CONFIGURE_ON=	--enable-load-tester
MEDIATION_CONFIGURE_ON=		--enable-mediation
MYSQL_USES=			mysql
MYSQL_CONFIGURE_ON=		--enable-mysql
PKCS11_CONFIGURE_ON=		--enable-pkcs11
PKI_CONFIGURE_OFF=		--disable-pki
PYTHON_IMPLIES=			VICI
PYTHON_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}vici>0:security/py-vici@${PY_FLAVOR}
PYTHON_USES=			python
SCEP_CONFIGURE_OFF=		--disable-scepclient
SMP_LIB_DEPENDS=		libxml2.so:textproc/libxml2
SMP_CONFIGURE_ON=		--enable-smp
SQLITE_LIB_DEPENDS=		libsqlite3.so:databases/sqlite3
SQLITE_CONFIGURE_ON=		--enable-sqlite
SWANCTL_IMPLIES=		VICI
SWANCTL_CONFIGURE_ON=		--enable-swanctl
TESTVECTOR_CONFIGURE_ON=	--enable-test-vectors
TPM_CONFIGURE_ON=		--enable-tpm
TSS2_LIB_DEPENDS=		libtss2-sys.so:security/tpm2-tss
TSS2_CONFIGURE_ON=		--enable-tss-tss2
UNBOUND_LIB_DEPENDS=		libldns.so:dns/ldns \
				libunbound.so:dns/unbound
UNBOUND_CONFIGURE_ON=		--enable-unbound
UNITY_CONFIGURE_ON=		--enable-unity
VIA_CONFIGURE_ON=		--enable-padlock
VICI_CONFIGURE_ON=		--enable-vici
VICI_SUB_LIST=			INTERFACE="vici"
VICI_SUB_LIST_OFF=		INTERFACE="stroke"
VSTR_LIB_DEPENDS=		libvstr.so:devel/vstr
VSTR_CONFIGURE_ON=		--with-printf-hooks=vstr
XAUTH_CONFIGURE_ON=		--enable-xauth-eap \
				--enable-xauth-generic \
				--enable-xauth-pam

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
PLIST_SUB+=	SIMAKA=""
.else
PLIST_SUB+=	SIMAKA="@comment "
.endif

.if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
CONFIGURE_ARGS+=	--enable-attr-sql \
			--enable-sql
PLIST_SUB+=		SQL=""
.else
PLIST_SUB+=		SQL="@comment "
.endif

.if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH}
PLIST_SUB+=	XAUTHGEN=""
.else
PLIST_SUB+=	XAUTHGEN="@comment "
.endif

# Hack to disable VIA in plist of unsupported architectures
.if ! ${OPTIONS_DEFINE:MVIA}
PLIST_SUB+=	VIA="@comment "
.else
.endif

post-install:
.if ${PORT_OPTIONS:MVICI}
	${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \
		${STAGEDIR}${PREFIX}/include
.endif

.include <bsd.port.mk>