mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-05 02:50:46 +00:00
Code Issues Projects Releases Wiki Activity

strongswan: do not use deprecated stroke and starter by default

Browse Source 
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.

While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Nick Rosbrook
2020-11-10 10:29:40 -05:00
committed by Khem Raj
parent 65751e16ac
commit b570072902
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb
+10 -2
View File
@@ -25,7 +25,8 @@ EXTRA_OECONF = " \
EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \
PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \
"
PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
@@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\
RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service"
# The deprecated legacy 'strongswan-starter' service should only be used when charon and
# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
SYSTEMD_SERVICE_${PN} = " \
${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
"