Merge pull request #14711 from pprindeville/strongswan-make-includes-persistent
strongswan: make the include's in the .conf files persistent
This commit is contained in:
commit
a7c8f9de0c
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=strongswan
|
PKG_NAME:=strongswan
|
||||||
PKG_VERSION:=5.9.1
|
PKG_VERSION:=5.9.1
|
||||||
PKG_RELEASE:=4
|
PKG_RELEASE:=5
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
|
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
|
||||||
|
@ -454,9 +454,11 @@ endef
|
||||||
define Package/strongswan/install
|
define Package/strongswan/install
|
||||||
$(INSTALL_DIR) $(1)/etc
|
$(INSTALL_DIR) $(1)/etc
|
||||||
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
|
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
|
||||||
|
echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/ipsec
|
$(INSTALL_DIR) $(1)/usr/lib/ipsec
|
||||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
|
||||||
$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
|
$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
|
||||||
|
echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets
|
||||||
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
|
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
|
||||||
$(INSTALL_DIR) $(1)/etc/init.d
|
$(INSTALL_DIR) $(1)/etc/init.d
|
||||||
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
|
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
|
||||||
|
@ -502,9 +504,20 @@ endef
|
||||||
define Package/strongswan-ipsec/install
|
define Package/strongswan-ipsec/install
|
||||||
$(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
|
$(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
|
||||||
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
|
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
|
||||||
|
echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf
|
||||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define Package/strongswan-ipsec/postinst
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
[ -z "$${IPKG_INSTROOT}" ] || exit 0
|
||||||
|
|
||||||
|
opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
|
||||||
|
rm -f /etc/ipsec.conf-opkg
|
||||||
|
}
|
||||||
|
endef
|
||||||
|
|
||||||
define Package/strongswan-pki/install
|
define Package/strongswan-pki/install
|
||||||
$(INSTALL_DIR) $(1)/etc/strongswan.d
|
$(INSTALL_DIR) $(1)/etc/strongswan.d
|
||||||
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/
|
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/
|
||||||
|
|
|
@ -27,58 +27,31 @@ xappend() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
shift
|
shift
|
||||||
|
|
||||||
echo "${@}" >> "${file}"
|
echo "$@" >> "$file"
|
||||||
}
|
|
||||||
|
|
||||||
remove_include() {
|
|
||||||
local file="$1"
|
|
||||||
local include="$2"
|
|
||||||
|
|
||||||
sed -i "\_${include}_d" "${file}"
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_includes() {
|
|
||||||
remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
|
|
||||||
remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
|
|
||||||
remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
|
|
||||||
}
|
|
||||||
|
|
||||||
do_include() {
|
|
||||||
local conf="$1"
|
|
||||||
local uciconf="$2"
|
|
||||||
local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX`
|
|
||||||
|
|
||||||
[ ! -f "${conf}" ] && rm -rf "${conf}"
|
|
||||||
touch "${conf}"
|
|
||||||
|
|
||||||
cat "${conf}" | grep -v "${uciconf}" > "${backup}"
|
|
||||||
mv "${backup}" "${conf}"
|
|
||||||
xappend "${conf}" "include ${uciconf}"
|
|
||||||
file_reset "${uciconf}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ipsec_reset() {
|
ipsec_reset() {
|
||||||
do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
|
file_reset "$IPSEC_VAR_CONN_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
ipsec_xappend() {
|
ipsec_xappend() {
|
||||||
xappend "${IPSEC_VAR_CONN_FILE}" "$@"
|
xappend "$IPSEC_VAR_CONN_FILE" "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
swan_reset() {
|
swan_reset() {
|
||||||
do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
|
file_reset "$STRONGSWAN_VAR_CONF_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
swan_xappend() {
|
swan_xappend() {
|
||||||
xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@"
|
xappend "$STRONGSWAN_VAR_CONF_FILE" "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
secret_reset() {
|
secret_reset() {
|
||||||
do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
|
file_reset "$IPSEC_VAR_SECRETS_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
secret_xappend() {
|
secret_xappend() {
|
||||||
xappend "${IPSEC_VAR_SECRETS_FILE}" "$@"
|
xappend "$IPSEC_VAR_SECRETS_FILE" "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
warning() {
|
warning() {
|
||||||
|
@ -204,7 +177,7 @@ config_conn() {
|
||||||
[ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier"
|
[ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier"
|
||||||
[ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown"
|
[ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown"
|
||||||
[ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown"
|
[ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown"
|
||||||
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker"
|
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker"
|
||||||
ipsec_xappend " keyexchange=$keyexchange"
|
ipsec_xappend " keyexchange=$keyexchange"
|
||||||
|
|
||||||
set_crypto_proposal "$1"
|
set_crypto_proposal "$1"
|
||||||
|
@ -267,6 +240,14 @@ config_remote() {
|
||||||
ipsec_xappend ""
|
ipsec_xappend ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
do_preamble() {
|
||||||
|
ipsec_xappend "# generated by /etc/init.d/ipsec"
|
||||||
|
ipsec_xappend "version 2"
|
||||||
|
ipsec_xappend ""
|
||||||
|
|
||||||
|
secret_xappend "# generated by /etc/init.d/ipsec"
|
||||||
|
}
|
||||||
|
|
||||||
config_ipsec() {
|
config_ipsec() {
|
||||||
local debug
|
local debug
|
||||||
local rtinstall_enabled
|
local rtinstall_enabled
|
||||||
|
@ -280,11 +261,7 @@ config_ipsec() {
|
||||||
secret_reset
|
secret_reset
|
||||||
swan_reset
|
swan_reset
|
||||||
|
|
||||||
ipsec_xappend "# generated by /etc/init.d/ipsec"
|
do_preamble
|
||||||
ipsec_xappend "version 2"
|
|
||||||
ipsec_xappend ""
|
|
||||||
|
|
||||||
secret_xappend "# generated by /etc/init.d/ipsec"
|
|
||||||
|
|
||||||
config_get debug "$1" debug 0
|
config_get debug "$1" debug 0
|
||||||
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
|
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
|
||||||
|
@ -332,7 +309,6 @@ config_ipsec() {
|
||||||
|
|
||||||
prepare_env() {
|
prepare_env() {
|
||||||
mkdir -p /var/ipsec
|
mkdir -p /var/ipsec
|
||||||
remove_includes
|
|
||||||
config_load ipsec
|
config_load ipsec
|
||||||
config_foreach config_ipsec ipsec
|
config_foreach config_ipsec ipsec
|
||||||
config_foreach config_remote remote
|
config_foreach config_remote remote
|
||||||
|
|
Loading…
Reference in New Issue