[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: [Openswan dev] Further patches against 2.2.0-1
From: Rene Mayrhofer <rene.mayrhofer () gibraltar ! at>
Date: 2004-10-05 17:15:22
Message-ID: 4162D6AA.7020202 () gibraltar ! at
[Download RAW message or body]
Hi Ken, Hi all,
As promised, here are two patches: one to get the Debian packaging of
2.2.0-1 up to the current 2.2.0-4 level (fixing some smaller bugs in the
packaging, but mostly enabling the building of AES modules again). The
second one fixed the AES and crypto-API modules so that they can be
compiled outside the kernel tree, as external modules (i.e. make
module). On my systems, I have verified that with this fix both the
in-kernel compile of all openswan modules and the out-of-kernel compile
work. Some fixed are obvious (freeswan->openswan, libaes->crypto changes
in the kernel includes), others might need a bit of checking if I am
messing anything else up with them. Juanjo, anyone?
best regards,
Rene
["openswan-2.2.0-4-aes.diff" (text/x-patch)]
diff -urN openswan-2.2.0-1/linux/net/ipsec/alg/ipsec_alg_aes.c \
openswan-2.2.0-4/linux/net/ipsec/alg/ipsec_alg_aes.c
--- openswan-2.2.0-1/linux/net/ipsec/alg/ipsec_alg_aes.c 2004-04-06 \
04:49:40.000000000 +0200
+++ openswan-2.2.0-4/linux/net/ipsec/alg/ipsec_alg_aes.c 2004-10-05 \
18:57:48.000000000 +0200 @@ -46,8 +46,8 @@
#endif
/* Low freeswan header coupling */
-#include "freeswan/ipsec_alg.h"
-#include "libaes/aes_cbc.h"
+#include "openswan/ipsec_alg.h"
+#include "crypto/aes_cbc.h"
#define CONFIG_IPSEC_ALG_AES_MAC 1
@@ -65,7 +65,7 @@
MODULE_PARM(keymaxbits, "i");
#if CONFIG_IPSEC_ALG_AES_MAC
-#include "libaes/aes_xcbc_mac.h"
+#include "crypto/aes_xcbc_mac.h"
/*
* Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt).
diff -urN openswan-2.2.0-1/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c \
openswan-2.2.0-4/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c
--- openswan-2.2.0-1/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c 2004-04-06 \
04:49:40.000000000 +0200
+++ openswan-2.2.0-4/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c 2004-10-05 \
18:57:48.000000000 +0200 @@ -57,7 +57,7 @@
#define NO_CRYPTOAPI_SUPPORT
#endif
/* Low freeswan header coupling */
-#include "freeswan/ipsec_alg.h"
+#include "openswan/ipsec_alg.h"
#include <linux/crypto.h>
#ifdef CRYPTO_API_VERSION_CODE
diff -urN openswan-2.2.0-1/linux/net/ipsec/alg/Makefile \
openswan-2.2.0-4/linux/net/ipsec/alg/Makefile
--- openswan-2.2.0-1/linux/net/ipsec/alg/Makefile 2004-04-06 04:49:40.000000000 +0200
+++ openswan-2.2.0-4/linux/net/ipsec/alg/Makefile 2004-10-05 18:57:48.000000000 +0200
@@ -80,7 +80,7 @@
rm -f $@
$(LD) $(LD_EXTRAFLAGS) $(obj-y) -r -o $@
-perlasm: $(LIBCRYPTO)/perlasm
+perlasm: ../../../crypto/ciphers/des/asm/perlasm
ln -sf $? $@
$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h \
$(TOPDIR)/include/linux/autoconf.h \
$(KLIPS_TOP)/include/freeswan/ipsec_alg.h
diff -urN openswan-2.2.0-1/linux/net/ipsec/alg/Makefile.alg_aes \
openswan-2.2.0-4/linux/net/ipsec/alg/Makefile.alg_aes
--- openswan-2.2.0-1/linux/net/ipsec/alg/Makefile.alg_aes 2004-04-06 \
04:49:40.000000000 +0200
+++ openswan-2.2.0-4/linux/net/ipsec/alg/Makefile.alg_aes 2004-10-05 \
18:57:48.000000000 +0200 @@ -7,17 +7,10 @@
static_init-func-$(CONFIG_IPSEC_ALG_AES)+= ipsec_aes_init
alg_obj-$(CONFIG_IPSEC_ALG_AES) += ipsec_alg_aes.o
-AES_OBJS := ipsec_alg_aes.o libaes/libaes.a
+AES_OBJS := ipsec_alg_aes.o $(LIBCRYPTO)/libaes/libaes.a
-$(MOD_AES): libaes $(AES_OBJS)
+$(MOD_AES): $(AES_OBJS)
$(LD) $(EXTRA_LDFLAGS) -r $(AES_OBJS) -o $@
-libaes: $(LIBCRYPTO)/libaes
- test -d $@ || mkdir $@ ;exit 0
- test -d $@/asm || mkdir $@/asm;exit 0
- cd $@ && ln -sf $?/Makefile $?/*.[chS] .
- cd $@/asm && ln -sf $?/asm/*.S .
-
-libaes/libaes.a: libaes
- ( cd libaes && \
- $(MAKE) CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' \
libaes.a ;) +$(LIBCRYPTO)/libaes/libaes.a:
+ $(MAKE) -C $(LIBCRYPTO)/libaes CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) \
$(EXTRA_CFLAGS)' libaes.a
diff -urN openswan-2.2.0-1/Makefile openswan-2.2.0-4/Makefile
--- openswan-2.2.0-1/Makefile 2004-06-09 04:09:10.000000000 +0200
+++ openswan-2.2.0-4/Makefile 2004-10-05 18:57:49.000000000 +0200
@@ -111,7 +111,7 @@
$(KLIPSLINK) `pwd`/linux/lib/libfreeswan/Makefile* $(KERNELLIBFREESWAN)
$(KLIPSLINK) `pwd`/linux/crypto/ciphers/des/*.[chsS] $(KERNELCRYPTODES)
$(KLIPSLINK) `pwd`/linux/crypto/ciphers/des/Makefile* $(KERNELCRYPTODES)
- sed '/"/s/xxx/$(IPSECVERSION)/' linux/lib/libfreeswan/version.in.c \
>$(KERNELKLIPS)/version.c + sed '/"/s/xxx/$(IPSECVERSION)/' \
> `pwd`/linux/net/ipsec/version.in.c >$(KERNELKLIPS)/version.c
# patch kernel
PATCHER=packaging/utils/patcher
["openswan-2.2.0-4-debian.diff" (text/x-patch)]
diff -urN openswan-2.2.0-1/debian/changelog openswan-2.2.0-4/debian/changelog
--- openswan-2.2.0-1/debian/changelog 2004-10-05 18:57:35.000000000 +0200
+++ openswan-2.2.0-4/debian/changelog 2004-10-05 18:57:48.000000000 +0200
@@ -1,3 +1,44 @@
+openswan (2.2.0-4) unstable; urgency=medium
+
+ Urgency medium to get this version into sarge - it fixes a bug that turned
+ up on some machines and prevented openswan from starting.
+ * no_oe.conf will work when there are spaces at the end, many thanks to
+ Hans Fugal for figuring that out!
+ Closes: #270012: openswan: Fails to start after Installation
+ (/etc/ipsec.d/examples/no_oe.conf problem?)
+ I am now sending this towards upstream so that it should hopefully get
+ fixed for the next release - it's a bit awkward for a config file.
+ * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key
+ is already present in ipsec.secrets and a new one is being created, a
+ needless line was printed. Silenced by adding -q to egrep.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 3 Oct 2004 20:57:22 +0200
+
+openswan (2.2.0-3) unstable; urgency=low
+
+ * Also added flex to Build-Depends, the new starter (replacement for
+ the init scripts, but not yet active) needs it to build.
+ Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing
+ build-depends
+ Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex'
+ * Adapted the rules file of openswan-modules-source to cope with the new
+ upstream source code - need to generate a C file from a template before
+ the ipsec module can be built.
+ Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c
+ neither created nor compiled
+ * Enabled the building of modular extensions (AES and cryptoapi) by default
+ for openswan-modules-source. Also enabled the AES cipher in addition to
+ 3DES (this is directly in the ipsec.o kernel module, the modular
+ extensions version is an alternative to this).
+
+ -- Rene Mayrhofer <rmayr@debian.org> Fri, 24 Sep 2004 12:38:47 +0200
+
+openswan (2.2.0-2) unstable; urgency=low
+
+ * Added bison to Build-Depends.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 23 Sep 2004 15:18:51 +0200
+
openswan (2.2.0-1) unstable; urgency=medium
* New upstream version:
diff -urN openswan-2.2.0-1/debian/control openswan-2.2.0-4/debian/control
--- openswan-2.2.0-1/debian/control 2004-10-05 18:57:35.000000000 +0200
+++ openswan-2.2.0-4/debian/control 2004-10-05 18:57:48.000000000 +0200
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Standards-Version: 3.6.1.0
-Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev, htmldoc, man2html, \
gawk, libcurl2-dev, libopensc0-dev, libldap2-dev +Build-Depends: debhelper (>= \
4.1.16), libgmp3-dev, libssl-dev, htmldoc, man2html, gawk, libcurl2-dev, \
libopensc0-dev, libldap2-dev, bison, flex
Package: openswan
Architecture: any
diff -urN openswan-2.2.0-1/debian/openswan-modules-source.kernel-config \
openswan-2.2.0-4/debian/openswan-modules-source.kernel-config
--- openswan-2.2.0-1/debian/openswan-modules-source.kernel-config 2004-10-05 \
18:57:35.000000000 +0200
+++ openswan-2.2.0-4/debian/openswan-modules-source.kernel-config 2004-10-05 \
18:57:48.000000000 +0200 @@ -54,6 +54,10 @@
#define CONFIG_IPSEC_ENC_3DES 1
#endif
+#ifndef CONFIG_IPSEC_ENC_AES
+#define CONFIG_IPSEC_ENC_AES 1
+#endif
+
#ifndef CONFIG_IPSEC_REGRESS
#define CONFIG_IPSEC_REGRESS 0
#endif
@@ -99,6 +103,8 @@
#ifndef CONFIG_IPSEC_ALG_CRYPTOAPI
#define CONFIG_IPSEC_ALG_CRYPTOAPI 1
#endif
-
+#ifndef CONFIG_IPSEC_ALG_NON_LIBRE
+#define CONFIG_IPSEC_ALG_NON_LIBRE 1
+#endif
#endif /* _CONFIG_ALL_H */
diff -urN openswan-2.2.0-1/debian/openswan-modules-source.rules \
openswan-2.2.0-4/debian/openswan-modules-source.rules
--- openswan-2.2.0-1/debian/openswan-modules-source.rules 2004-10-05 \
18:57:35.000000000 +0200
+++ openswan-2.2.0-4/debian/openswan-modules-source.rules 2004-10-05 \
18:57:48.000000000 +0200 @@ -44,6 +44,7 @@
endif
# this primarily sets ARCH, we may be able to do that in another way
+# but it also defines IPSECVERSION, which is needed below
include Makefile.inc
debian/control: debian/control.in
@@ -63,21 +64,26 @@
build-stamp:
dh_testdir
+ # this is taken from the main openswan Makefile
+ sed '/"/s/xxx/$(IPSECVERSION)/' linux/net/ipsec/version.in.c > \
linux/net/ipsec/version.c +
+ # now build the ipsec module
$(MAKE) -C linux/net/ipsec ARCH=${ARCH} KLIPSMODULE=true \
TOPDIR=${KSRC} -f `pwd`/linux/net/ipsec/defconfig -f Makefile \
MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
CONFIG_IPSEC=m \
ipsec.o
-# $(MAKE) -C linux/net/ipsec/alg ARCH=${ARCH} KLIPSMODULE=true \
-# TOPDIR=${KSRC} \
-# MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
-# LIBCRYPTO=`pwd`/lib/libcrypto \
-# EXTRA_CFLAGS="-D__KERNEL__ -include `pwd`/config-all.h \
-# -I`pwd`/linux/include \
-# -I`pwd`/lib/libcrypto/include \
-# -I${KSRC}/include" \
-# CONFIG_IPSEC=m \
-# all_alg_modules
+ $(MAKE) -C linux/net/ipsec/alg ARCH=${ARCH} KLIPSMODULE=true \
+ TOPDIR=${KSRC} \
+ MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
+ LIBCRYPTO=`pwd`/lib/libcrypto \
+ EXTRA_CFLAGS="-D__KERNEL__ -include `pwd`/config-all.h \
+ -I`pwd`/linux/include \
+ -I`pwd`/lib/libcrypto/include \
+ -I`pwd`/linux/include/ \
+ -I${KSRC}/include" \
+ CONFIG_IPSEC=m \
+ all_alg_modules
touch build-stamp
@@ -91,10 +97,11 @@
TOPDIR=${KSRC} -f `pwd`/linux/net/ipsec/defconfig -f Makefile \
MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
clean
-# -$(MAKE) -C linux/net/ipsec/alg ARCH=${ARCH} KLIPSMODULE=true \
-# TOPDIR=${KSRC} \
-# MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
-# clean
+ -$(MAKE) -C linux/net/ipsec/alg ARCH=${ARCH} KLIPSMODULE=true \
+ TOPDIR=${KSRC} \
+ MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \
+ clean
+ rm -f linux/net/ipsec/version.c
dh_clean
@@ -109,13 +116,11 @@
dh_clean -k
dh_installdirs
- # Add here commands to install the package into debian/lirc-modules.
- #$(MAKE) install prefix=$(CURDIR)/debian/lirc-modules-$(KVERS)
mkdir -p $(MODDESTDIR)
-# mkdir -p $(MOD_ALGDESTDIR)
+ mkdir -p $(MOD_ALGDESTDIR)
cp linux/net/ipsec/ipsec.o $(MODDESTDIR)
-# cp linux/net/ipsec/alg/ipsec_*.o $(MOD_ALGDESTDIR)
-# rm $(MOD_ALGDESTDIR)/ipsec_alg_*.o
+ cp linux/net/ipsec/alg/ipsec_*.o $(MOD_ALGDESTDIR)
+ rm $(MOD_ALGDESTDIR)/ipsec_alg_*.o
# Build architecture-independent files here.
binary-indep: build install
diff -urN openswan-2.2.0-1/debian/openswan.postinst \
openswan-2.2.0-4/debian/openswan.postinst
--- openswan-2.2.0-1/debian/openswan.postinst 2004-10-05 18:57:35.000000000 +0200
+++ openswan-2.2.0-4/debian/openswan.postinst 2004-10-05 18:57:48.000000000 +0200
@@ -110,7 +110,7 @@
db_get openswan/rsa_key_type
if [ "$RET" = "plain" ]; then
# a RSA keypair should be created - check if there is one already
- if egrep ": RSA[:space:]*" /etc/ipsec.secrets; then
+ if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then
echo "Warning: there is already a RSA key in \
/etc/ipsec.secrets." echo "Creating an additional one."
fi
_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic