aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan/APKBUILD
blob: 584e5c97230976886a8730935d2c6ab3330285af (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.3.5
_pkgver=${pkgver//_rc/rc}
pkgrel=3
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL2 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2 openssl"
depends_dev=""
makedepends="$depends_dev linux-headers python	sqlite-dev openssl-dev curl-dev
	gmp-dev libcap-dev"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
	0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
	1001-charon-add-optional-source-and-remote-overrides-for-.patch
	1002-vici-send-certificates-for-ike-sa-events.patch
	1003-vici-add-support-for-individual-sa-state-changes.patch
	1004-vici-support-asynchronous-initiation.patch
	2001-support-gre-key-in-ikev1.patch
	CVE-2017-9022.patch
	CVE-2017-9023.patch

	strongswan.initd
	charon.initd"

_builddir="$srcdir/$pkgname-$_pkgver"

# secfixes:
#   5.3.5-r2:
#     - CVE-2017-9022
#     - CVE-2017-9023

prepare() {
	local i
	cd "$srcdir/$pkgname-$_pkgver"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || _err="$_err $i" ;;
		esac
	done

	if [ -n "$_err" ]; then
		error "The following patches failed:"
		for i in $_err; do
			echo "  $i"
		done
		return 1
	fi

	# the headers they ship conflicts with the real thing.
	#rm -r src/include/linux
}

build() {
	cd "$_builddir"

	# notes about configuration:
	# - try to keep options in ./configure --help order
	# - apk depends on openssl, so we use that
	# - openssl provides ciphers, randomness, etc
	#   -> disable all redundant in-tree copies

	./configure --prefix=/usr \
		--sysconfdir=/etc \
		--libexecdir=/usr/lib \
		--with-ipsecdir=/usr/lib/strongswan \
		--with-capabilities=libcap \
		--with-user=ipsec \
		--with-group=ipsec \
		--enable-curl \
		--disable-ldap \
		--disable-aes \
		--disable-des \
		--disable-rc2 \
		--disable-md5 \
		--disable-sha1 \
		--disable-sha2 \
		--enable-gmp \
		--disable-hmac \
		--disable-mysql \
		--enable-sqlite \
		--enable-eap-sim \
		--enable-eap-sim-file \
		--enable-eap-aka \
		--enable-eap-aka-3gpp2 \
		--enable-eap-simaka-pseudonym \
		--enable-eap-simaka-reauth \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--disable-eap-gtc \
		--enable-eap-mschapv2 \
		--enable-eap-radius \
		--enable-xauth-eap \
		--enable-farp \
		--enable-vici \
		--enable-attr-sql \
		--enable-dhcp \
		--enable-openssl \
		--enable-unity \
		--enable-ha \
		--enable-cmd \
		--enable-swanctl \
		--enable-shared \
		--disable-static \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname" || return 1
	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
}

md5sums="a2f9ea185f27e7f8413d4cd2ee61efe4  strongswan-5.3.5.tar.bz2
5f476baa26448b8eb463b3ccc7416c59  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
63d8d76d3af822819adc7db7e94d8248  1001-charon-add-optional-source-and-remote-overrides-for-.patch
82b8d2b282888abd7fe12fa3325ea946  1002-vici-send-certificates-for-ike-sa-events.patch
2fb36e79e83640044d0010fd23db27bf  1003-vici-add-support-for-individual-sa-state-changes.patch
12089aa81c7bdd472d1be27371e0effe  1004-vici-support-asynchronous-initiation.patch
ccb77ee342e1b3108a49262549bbbf36  2001-support-gre-key-in-ikev1.patch
e86511ed5f224224cc479d34d7690f51  CVE-2017-9022.patch
54049b04a17893f0042509b1f5751bfe  CVE-2017-9023.patch
72a956819c451931d3d31a528a0d1b9c  strongswan.initd
a7993f28e4eacc61f51722044645587e  charon.initd"
sha256sums="2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350  strongswan-5.3.5.tar.bz2
7a7f9fa4ec183f62e3e01564aa6b303a7a883b959391cd7b63336afb6357b6ef  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
3570f7e209b8efc91f4b7d1f9b2747c47d391357ac871b82966f781b71e6f59c  1001-charon-add-optional-source-and-remote-overrides-for-.patch
3201072d73e875189b2d982c9144be824ecc6448f614d51de4c22b3810789099  1002-vici-send-certificates-for-ike-sa-events.patch
55418460a0fde9429b1f2f0138a3723f9b0a51502fd5eb71329fb6d945a585d7  1003-vici-add-support-for-individual-sa-state-changes.patch
15954f7b3b357806f32bc1cfc1afd6a0832e97bffc2bfc3aee4b522016f3aa51  1004-vici-support-asynchronous-initiation.patch
bbdbc73ba6cafaaab1ea303eec6d026ebb50ecd12b7c32be0b4dfeaf8ae24245  2001-support-gre-key-in-ikev1.patch
f5ba7f46cf7ae81dd81bc86f9e4cfa0c5c7c6987149b3bc9c0b8bf08598a1063  CVE-2017-9022.patch
03db8c7a4133e877e8992e155c046dd27ec4810d50f239abf55595f0280caf31  CVE-2017-9023.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4  strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a  charon.initd"
sha512sums="4e6dd124d9a73ad5baf08998a284aba5c02c9dc79e4377e2cbd14c285d1df8e29c0548d347a0fdfa19341b1ae27b560ae9d8d25260898630351230b11c6eb2bb  strongswan-5.3.5.tar.bz2
591cc0ebc746dee4ded51aa131d705d6edd6f0d840661732162c80781ae99bb629ad844d8601637d81f71dbde46d2017b3067fc7eee4ab87071f4cb6b0470a76  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
dd6d8bad4de89d77d92c93c890935880eaa55dc056eac92100fe034c1c045e0771995db58f9787a9f29cc42c4887ed5cf850035d559a471aea12c7d69fe174d7  1001-charon-add-optional-source-and-remote-overrides-for-.patch
00c4e5303c16cd2921af6dd319ae3955e9fd91a59b45f18283d6329623c0a2dca76ba2fc2aed92c14cab226de6c240b1675f2b3a62b5087d46a8fb1f1e9bfa92  1002-vici-send-certificates-for-ike-sa-events.patch
4c538557b21621ebcdac6d57a3e9997e1c3780c926eea28f0d3b762826dddc9f1e748cee6fe136f6b568f4c49740e2262110fe4038030463d1b9ee1b6f658154  1003-vici-add-support-for-individual-sa-state-changes.patch
82ac04c4f093e19f031538de3da7632d7126f87fcbffb41461022a707f89c24f9388b1ba71138572f7a437065f6347cfabd86474884c86ffff50267facfc580d  1004-vici-support-asynchronous-initiation.patch
0e554a6117f51a564a1b269c9ed2f2858d22ef61df483e2eb09997a3075444deb10df9d0cc8b9ddbe2bb2f740640860c21b1492a9ec28657844fa9c41b822bfc  2001-support-gre-key-in-ikev1.patch
667bbce53de819ac1c885d451b821520d70384d9c4d6d437c6bac571b9e5ab0a74344249aa967f625f4665bcd3d9d2cb62b465838d68aea2dae5e4f52e3e64fd  CVE-2017-9022.patch
44bc2802bf5bf093e3ea17fedc7b50d3ee3d7bf22c097b02a368c9ddf9772e2c13efe72c8b41ff173d2ef4c80cd1981a3db892c5cb2f05ccac627b294cde3e3d  CVE-2017-9023.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"