# Contributor: Jesse Young # Maintainer: Natanael Copa global pkgname := 'strongswan' global pkgver := '5.6.0' global _pkgver := $(pkgver//_rc/rc) global pkgrel := '0' global pkgdesc := '"IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE'" global url := '"http://www.strongswan.org/'" global arch := '"all'" global pkgusers := '"ipsec'" global pkggroups := '"ipsec'" global license := '"GPL2 RSA-MD5 RSA-PKCS11 DES'" global depends := '"iproute2'" global depends_dev := ''"" global makedepends := ""$depends_dev linux-headers python2 sqlite-dev libressl-dev curl-dev gmp-dev libcap-dev"" global install := ""$pkgname.pre-install"" global subpackages := ""$pkgname-doc $pkgname-dbg"" global source := ""http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch libressl.patch strongswan.initd charon.initd "" global builddir := ""$srcdir/$pkgname-$_pkgver"" # secfixes: # 5.5.3-r0: # - CVE-2017-9022 # - CVE-2017-9023 proc prepare { var i = '' cd $builddir for i in [$source] { matchstr $i { *.patch { msg $i; patch -Np1 -i "$srcdir"/$i || global _err := ""$_err $i"" } } } if test -n $_err { error "The following patches failed:" for i in [$_err] { echo " $i" } return 1 } # the headers they ship conflicts with the real thing. #rm -r src/include/linux } proc build { cd $builddir # notes about configuration: # - try to keep options in ./configure --help order # - apk depends on openssl, so we use that # - openssl provides ciphers, randomness, etc # -> disable all redundant in-tree copies ./configure --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=/usr/lib \ --with-ipsecdir=/usr/lib/strongswan \ --with-capabilities=libcap \ --with-user=ipsec \ --with-group=ipsec \ --enable-curl \ --disable-ldap \ --disable-aes \ --disable-des \ --disable-rc2 \ --disable-md5 \ --disable-sha1 \ --disable-sha2 \ --enable-gmp \ --disable-hmac \ --disable-mysql \ --enable-sqlite \ --enable-eap-sim \ --enable-eap-sim-file \ --enable-eap-aka \ --enable-eap-aka-3gpp2 \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-tls \ --disable-eap-gtc \ --enable-eap-mschapv2 \ --enable-eap-radius \ --enable-xauth-eap \ --enable-farp \ --enable-vici \ --enable-attr-sql \ --enable-dhcp \ --enable-openssl \ --enable-unity \ --enable-ha \ --enable-cmd \ --enable-swanctl \ --enable-shared \ --disable-static make } proc package { cd $builddir make DESTDIR="$pkgdir" install install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname" install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" } global sha512sums := '"9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649 strongswan-5.6.0.tar.bz2 768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch 0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b 1002-vici-send-certificates-for-ike-sa-events.patch d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc 1003-vici-add-support-for-individual-sa-state-changes.patch 8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd'" (CommandList children: [ (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgname) op:Equal rhs:{(strongswan)} spids:[6])] spids: [6] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgver) op:Equal rhs:{(5.6.0)} spids:[9])] spids: [9] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:_pkgver) op: Equal rhs: { (BracedVarSub token: suffix_op: (PatSub pat: {(_rc)} replace: {(rc)} do_all: True do_prefix: False do_suffix: False ) spids: [13 20] ) } spids: [12] ) ] spids: [12] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgrel) op:Equal rhs:{(0)} spids:[22])] spids: [22] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pkgdesc) op: Equal rhs: { (DQ ( "IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" ) ) } spids: [25] ) ] spids: [25] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:url) op: Equal rhs: {(DQ ("http://www.strongswan.org/"))} spids: [30] ) ] spids: [30] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:arch) op:Equal rhs:{(DQ (all))} spids:[35])] spids: [35] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgusers) op:Equal rhs:{(DQ (ipsec))} spids:[40])] spids: [40] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkggroups) op:Equal rhs:{(DQ (ipsec))} spids:[45])] spids: [45] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:license) op: Equal rhs: {(DQ ("GPL2 RSA-MD5 RSA-PKCS11 DES"))} spids: [50] ) ] spids: [50] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:depends) op:Equal rhs:{(DQ (iproute2))} spids:[55])] spids: [55] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:depends_dev) op:Equal rhs:{(DQ )} spids:[60])] spids: [60] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:makedepends) op: Equal rhs: { (DQ ($ VSub_Name "$depends_dev") (" linux-headers python2 sqlite-dev libressl-dev curl-dev\n") ("\tgmp-dev libcap-dev") ) } spids: [64] ) ] spids: [64] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:install) op: Equal rhs: {(DQ ($ VSub_Name "$pkgname") (.pre-install))} spids: [71] ) ] spids: [71] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:subpackages) op: Equal rhs: {(DQ ($ VSub_Name "$pkgname") ("-doc ") ($ VSub_Name "$pkgname") (-dbg))} spids: [77] ) ] spids: [77] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:source) op: Equal rhs: { (DQ ("http://download.strongswan.org/") ($ VSub_Name "$pkgname") (-) ($ VSub_Name "$_pkgver") (".tar.bz2\n") ("\t0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch\n") ("\t1001-charon-add-optional-source-and-remote-overrides-for-.patch\n") ("\t1002-vici-send-certificates-for-ike-sa-events.patch\n") ("\t1003-vici-add-support-for-individual-sa-state-changes.patch\n") ("\tlibressl.patch\n") ("\n") ("\tstrongswan.initd\n") ("\tcharon.initd\n") ("\t") ) } spids: [85] ) ] spids: [85] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:builddir) op: Equal rhs: {(DQ ($ VSub_Name "$srcdir") (/) ($ VSub_Name "$pkgname") (-) ($ VSub_Name "$_pkgver"))} spids: [103] ) ] spids: [103] ) (FuncDef name: prepare body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [(assign_pair lhs:(LhsName name:i) op:Equal spids:[135])] spids: [133] ) (C {(cd)} {(DQ ($ VSub_Name "$builddir"))}) (ForEach iter_name: i iter_words: [{($ VSub_Name "$source")}] do_arg_iter: False body: (DoGroup children: [ (Case to_match: {($ VSub_Name "$i")} arms: [ (case_arm pat_list: [{(Lit_Other "*") (.patch)}] action: [ (Sentence child: (C {(msg)} {($ VSub_Name "$i")}) terminator: ) (AndOr children: [ (C {(patch)} {(-Np1)} {(-i)} {(DQ ($ VSub_Name "$srcdir")) (/) ($ VSub_Name "$i")} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:_err) op: Equal rhs: {(DQ ($ VSub_Name "$_err") (" ") ($ VSub_Name "$i"))} spids: [187] ) ] spids: [187] ) ] op_id: Op_DPipe ) ] spids: [164 166 194 -1] ) ] spids: [157 161 197] ) ] spids: [154 200] ) spids: [150 152] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(-n)} {(DQ ($ VSub_Name "$_err"))} {(Lit_Other "]")}) terminator: ) ] action: [ (C {(error)} {(DQ ("The following patches failed:"))}) (ForEach iter_name: i iter_words: [{($ VSub_Name "$_err")}] do_arg_iter: False body: (DoGroup children: [(C {(echo)} {(DQ (" ") ($ VSub_Name "$i"))})] spids: [236 247] ) spids: [232 234] ) (ControlFlow token: arg_word:{(1)}) ] spids: [-1 217] ) ] spids: [-1 255] ) ] spids: [130] ) spids: [126 129] ) (FuncDef name: build body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$builddir"))}) (C {(./configure)} {(--prefix) (Lit_Other "=") (/usr)} {(--sysconfdir) (Lit_Other "=") (/etc)} {(--libexecdir) (Lit_Other "=") (/usr/lib)} {(--with-ipsecdir) (Lit_Other "=") (/usr/lib/strongswan)} {(--with-capabilities) (Lit_Other "=") (libcap)} {(--with-user) (Lit_Other "=") (ipsec)} {(--with-group) (Lit_Other "=") (ipsec)} {(--enable-curl)} {(--disable-ldap)} {(--disable-aes)} {(--disable-des)} {(--disable-rc2)} {(--disable-md5)} {(--disable-sha1)} {(--disable-sha2)} {(--enable-gmp)} {(--disable-hmac)} {(--disable-mysql)} {(--enable-sqlite)} {(--enable-eap-sim)} {(--enable-eap-sim-file)} {(--enable-eap-aka)} {(--enable-eap-aka-3gpp2)} {(--enable-eap-simaka-pseudonym)} {(--enable-eap-simaka-reauth)} {(--enable-eap-identity)} {(--enable-eap-md5)} {(--enable-eap-tls)} {(--disable-eap-gtc)} {(--enable-eap-mschapv2)} {(--enable-eap-radius)} {(--enable-xauth-eap)} {(--enable-farp)} {(--enable-vici)} {(--enable-attr-sql)} {(--enable-dhcp)} {(--enable-openssl)} {(--enable-unity)} {(--enable-ha)} {(--enable-cmd)} {(--enable-swanctl)} {(--enable-shared)} {(--disable-static)} ) (C {(make)}) ] spids: [273] ) spids: [269 272] ) (FuncDef name: package body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$builddir"))}) (C {(make)} {(Lit_VarLike "DESTDIR=") (DQ ($ VSub_Name "$pkgdir"))} {(install)}) (C {(install)} {(-m755)} {(-D)} {(DQ ($ VSub_Name "$srcdir") (/) ($ VSub_Name "$pkgname") (.initd))} {(DQ ($ VSub_Name "$pkgdir") (/etc/init.d/) ($ VSub_Name "$pkgname"))} ) (C {(install)} {(-m755)} {(-D)} {(DQ ($ VSub_Name "$srcdir") (/charon.initd))} {(DQ ($ VSub_Name "$pkgdir") (/etc/init.d/charon))} ) ] spids: [501] ) spids: [497 500] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sha512sums) op: Equal rhs: { (DQ ( "9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649 strongswan-5.6.0.tar.bz2\n" ) ( "768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch\n" ) ( "df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch\n" ) ( "0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b 1002-vici-send-certificates-for-ike-sa-events.patch\n" ) ( "d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc 1003-vici-add-support-for-individual-sa-state-changes.patch\n" ) ( "8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch\n" ) ( "8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd\n" ) ( "1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" ) ) } spids: [560] ) ] spids: [560] ) ] )