d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
abfe9da03e3ec8993467a29e2e230b226233d9e5
operating-system/buildroot/package/strongswan/Config.in
Stefan Agner a0871be6c0 Bump buildroot to 2020.11-rc1 (#985) 
* Update buildroot-patches for 2020.11-rc1 buildroot

* Update buildroot to 2020.11-rc1

Signed-off-by: Stefan Agner <stefan@agner.ch>

* Don't rely on sfdisk --list-free output

The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).

Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.

* Migrate defconfigs for Buildroot 2020.11-rc1

In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).

* Rebase/remove systemd patches for systemd 246

* Drop apparmor/libapparmor from buildroot-external

* hassos-persists: use /run as directory for lockfiles

The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).

* Disable systemd-update-done.service

The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.

* Disable apparmor.service for now

The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00

138 lines
3.2 KiB
Plaintext
Raw Blame History

comment "strongswan needs a toolchain w/ threads, dynamic library"
depends on BR2_USE_MMU
depends on BR2_TOOLCHAIN_HAS_ATOMIC
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
menuconfig BR2_PACKAGE_STRONGSWAN
bool "strongswan"
depends on BR2_USE_MMU # fork()
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_TOOLCHAIN_HAS_ATOMIC
depends on !BR2_STATIC_LIBS
help
strongSwan is an OpenSource IPsec implementation for the
Linux operating system. It is based on the discontinued
FreeS/WAN project and the X.509 patch.
The focus is on:
- simplicity of configuration
- strong encryption and authentication methods
- powerful IPsec policies supporting large and complex
VPN networks
strongSwan provide many plugins. Only a few are presented
here.
http://www.strongswan.org/
if BR2_PACKAGE_STRONGSWAN
choice
prompt "Cryptographic backend"
default BR2_PACKAGE_STRONGSWAN_GMP
config BR2_PACKAGE_STRONGSWAN_OPENSSL
bool "OpenSSL"
select BR2_PACKAGE_OPENSSL
config BR2_PACKAGE_STRONGSWAN_GCRYPT
bool "libgcrypt"
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
select BR2_PACKAGE_LIBGCRYPT
config BR2_PACKAGE_STRONGSWAN_GMP
bool "GNU MP (libgmp)"
select BR2_PACKAGE_GMP
config BR2_PACKAGE_STRONGSWAN_WOLFSSL
bool "wolfssl"
select BR2_PACKAGE_WOLFSSL
endchoice
config BR2_PACKAGE_STRONGSWAN_AF_ALG
bool "Enable AF_ALG crypto interface to Linux Crypto API"
config BR2_PACKAGE_STRONGSWAN_CURL
bool "Enable CURL fetcher plugin to fetch files via libcurl"
select BR2_PACKAGE_LIBCURL
config BR2_PACKAGE_STRONGSWAN_CHARON
bool "Enable the IKEv1/IKEv2 keying daemon charon"
default y
if BR2_PACKAGE_STRONGSWAN_CHARON
config BR2_PACKAGE_STRONGSWAN_TNCCS_11
bool "Enable TNCCS 1.1 protocol module"
select BR2_PACKAGE_LIBXML2
config BR2_PACKAGE_STRONGSWAN_TNCCS_20
bool "Enable TNCCS 2.0 protocol module"
config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
bool "Enable dynamic TNCCS protocol discovery module"
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
help
Enable various EAP protocols:
- mschapv2
- tls
- ttls
- peap
- sim
- sim-file
- aka
- aka-3gpp2
- simaka-sql
- simaka-pseudonym
- simaka-reauth
- identity
- md5
- gtc
- tnc
- dynamic
- radius
if BR2_PACKAGE_STRONGSWAN_EAP
config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
bool "Enable EAP-SIM smart card backend"
depends on !BR2_STATIC_LIBS # pcsc-lite
select BR2_PACKAGE_PCSC_LITE
endif
config BR2_PACKAGE_STRONGSWAN_UNITY
bool "Enables Cisco Unity extension plugin"
config BR2_PACKAGE_STRONGSWAN_STROKE
bool "Enable charons stroke configuration backend"
default y
config BR2_PACKAGE_STRONGSWAN_SQL
bool "Enable SQL database configuration backend"
depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL
endif
config BR2_PACKAGE_STRONGSWAN_PKI
bool "Enable pki certificate utility"
default y
config BR2_PACKAGE_STRONGSWAN_SCEP
bool "Enable SCEP client tool"
config BR2_PACKAGE_STRONGSWAN_SCRIPTS
bool "Enable additional utilities (found in scripts directory)"
default y
depends on BR2_PACKAGE_STRONGSWAN_CHARON
config BR2_PACKAGE_STRONGSWAN_VICI
bool "Enable vici/swanctl"
default y
depends on BR2_PACKAGE_STRONGSWAN_CHARON
endif
Reference in New Issue View Git Blame Copy Permalink