mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-05-14 01:34:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/main/strongswan/APKBUILD
J0WI d374351ea9 main/strongswan: upgrade to 5.9.14
2024-11-25 16:09:54 +00:00

179 lines
5.5 KiB
Text
Raw Permalink Blame History

# Contributor: Jesse Young <jlyo@jlyo.org>
# Contributor: Nicolas Lorin <androw95220@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.9.14
pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="https://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL-2.0-or-later WITH OpenSSL-Exception"
depends="iproute2"
makedepends="
curl-dev
gettext-dev
gmp-dev
libcap-dev
linux-headers
openssl-dev>3
py3-setuptools
python3
sqlite-dev
"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc py3-vici-pyc py3-vici::noarch"
source="https://download.strongswan.org/strongswan-$pkgver.tar.bz2
0001-charon-add-optional-source-and-remote-overrides-for-.patch
0002-vici-send-certificates-for-ike-sa-events.patch
0003-vici-add-support-for-individual-sa-state-changes.patch
0004-fix-musl.patch
0005-fix-musl.patch
disable_test_time_printf_hook.patch
strongswan.initd
charon.initd
charon.logrotate
charon-logfile.conf
"
# 32bit archs seem to get stuck in rsa test suite at "generate" or "load"
case "$CARCH" in
arm*|x86) options="!check";;
esac
# secfixes:
# 5.9.12-r0:
# - CVE-2023-41913
# 5.9.10-r0:
# - CVE-2023-26463
# 5.9.8-r0:
# - CVE-2022-40617
# 5.9.1-r4:
# - CVE-2021-45079
# 5.9.1-r3:
# - CVE-2021-41990
# - CVE-2021-41991
# 5.7.1-r0:
# - CVE-2018-17540
# 5.7.0-r0:
# - CVE-2018-16151
# - CVE-2018-16152
# 5.6.3-r0:
# - CVE-2018-5388
# - CVE-2018-10811
# 5.5.3-r0:
# - CVE-2017-9022
# - CVE-2017-9023
build() {
# notes about configuration:
# - try to keep options in ./configure --help order
# - apk depends on openssl, so we use that
# - openssl provides ciphers, randomness, etc
# -> disable all redundant in-tree copies
local _aesni=
case "$CARCH" in
x86_64) _aesni="--enable-aesni";;
esac
./configure --prefix=/usr \
--sysconfdir=/etc \
--libexecdir=/usr/lib \
--with-ipsecdir=/usr/lib/strongswan \
--with-capabilities=libcap \
--with-user=ipsec \
--with-group=ipsec \
--enable-curl \
--disable-ldap \
--disable-aes \
--disable-des \
--disable-rc2 \
--disable-md5 \
--disable-sha1 \
--disable-sha2 \
--enable-gmp \
--disable-hmac \
--disable-mysql \
--enable-sqlite \
--enable-eap-sim \
--enable-eap-sim-file \
--enable-eap-aka \
--enable-eap-aka-3gpp2 \
--enable-eap-simaka-pseudonym \
--enable-eap-simaka-reauth \
--enable-eap-identity \
--enable-eap-md5 \
--enable-eap-tls \
--disable-eap-gtc \
--enable-eap-mschapv2 \
--enable-eap-radius \
--enable-xauth-eap \
--enable-farp \
--enable-vici \
--enable-attr-sql \
--enable-dhcp \
--enable-openssl \
--enable-unity \
--enable-ha \
--enable-cmd \
--enable-python-eggs \
--enable-swanctl \
--enable-shared \
--disable-static \
--enable-bypass-lan \
$_aesni
make
cd src/libcharon/plugins/vici/python
make
python3 setup.py build
}
check() {
make check
}
package() {
make DESTDIR="$pkgdir" install
install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname"
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
# for CRL caching
chown ipsec:ipsec "$pkgdir"/etc/ipsec.d/crls "$pkgdir"/etc/swanctl/x509crl
cd src/libcharon/plugins/vici/python/
python setup.py install --root="$pkgdir" --skip-build
}
logfile() {
pkgdesc="Dedicated log file configuration for charon"
depends=$pkgname
install -m 644 -D charon.logrotate "$subpkgdir/etc/logrotate.d/charon"
install -m 644 -D charon-logfile.conf \
"$subpkgdir/etc/strongswan.d/charon-logfile.conf"
install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec"
}
vici() {
pkgdesc="Native Python interface for strongSwan's VICI protocol"
amove usr/lib/python*
}
sha512sums="
e48bc9d215f9de6b54e24f7b4765d59aec4c615291d5c1f24f6a6d7da45dc8b17b2e0e150faf5fabb35e5d465abc5e6f6efa06cd002467067c5d7844ead359f6 strongswan-5.9.14.tar.bz2
50ddcaa115237a31aa021c7be46ae9ec84f5f7c1f340af254026ebf47a0e53147373bf691c71d51cae3a871cb3d9635542c209d47457f608780f67f376258a13 0001-charon-add-optional-source-and-remote-overrides-for-.patch
378060da77cd3ecec98f033953cf26170b765b12500b96067517e31f9cc904bff9bb2637b520906f6a9ccd2db39d085c38c3fcabedef8c441353f14920f7e33a 0002-vici-send-certificates-for-ike-sa-events.patch
da04054d30adee03b9f21cbb7649cc30c7dfcef50a9aaea038ac8f35e5e9cb199a62c9e666ed6b7c4520dfca39d00eaee85a1ebe7de2def3b003e92e0b2bb4cc 0003-vici-add-support-for-individual-sa-state-changes.patch
3d5b6f5d48134aecf2e390c7c9b74e3f231f88ff7f77e123f30d6d4aa901fc7c68cb79a3ccd6706b743320117241fa31b28fd22c8797670231d96ec2e64fa3cc 0004-fix-musl.patch
57935eff4280095f27be52f10af59218b30333e31ad94833d27e4f69d4634f2945482691470e94c3f26da555e2e157cb2c2bedf96245047572d90f8ede19eac3 0005-fix-musl.patch
23e175fdd7445e06e5d7275903380a6a5e4c76d833b2680c8c9fcd704d5908990ded0bb408bba718cd67a41cb32c7ad308a6c93aeb7eae82f8bc5803f8e1bbc4 disable_test_time_printf_hook.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd
3eb0cd762a186d611a6322c1470581298c953b3e729fc85a13801611940eb896e8f6935e10eaa36884bd5c36600ba778d4af4c0ed1e9063436bd748268fd733b charon.logrotate
5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf
"
Reference in a new issue View git blame Copy permalink