mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Merge pull request #14711 from pprindeville/strongswan-make-includes-persistent 

strongswan: make the include's in the .conf files persistent
This commit is contained in:
Philip Prindeville 2021-03-26 21:45:08 -06:00 committed by GitHub
parent 3c758231cb 643df01275
commit a7c8f9de0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
net/strongswan/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan PKG_NAME:=strongswan
PKG_VERSION:=5.9.1 PKG_VERSION:=5.9.1
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
@ -454,9 +454,11 @@ endef
define Package/strongswan/install define Package/strongswan/install
$(INSTALL_DIR) $(1)/etc $(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf
$(INSTALL_DIR) $(1)/usr/lib/ipsec $(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
@ -502,9 +504,20 @@ endef
define Package/strongswan-ipsec/install define Package/strongswan-ipsec/install
$(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin $(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
endef endef
define Package/strongswan-ipsec/postinst
#!/bin/sh
[ -z "$${IPKG_INSTROOT}" ] || exit 0
opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
rm -f /etc/ipsec.conf-opkg
}
endef
define Package/strongswan-pki/install define Package/strongswan-pki/install
$(INSTALL_DIR) $(1)/etc/strongswan.d $(INSTALL_DIR) $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/ $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/

58
net/strongswan/files/ipsec.init
View File

@ -27,58 +27,31 @@ xappend() {
local file="$1" local file="$1"
shift shift
echo "${@}" >> "${file}" echo "$@" >> "$file"
}
remove_include() {
local file="$1"
local include="$2"
sed -i "\_${include}_d" "${file}"
}
remove_includes() {
remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
}
do_include() {
local conf="$1"
local uciconf="$2"
local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX`
[ ! -f "${conf}" ] && rm -rf "${conf}"
touch "${conf}"
cat "${conf}" | grep -v "${uciconf}" > "${backup}"
mv "${backup}" "${conf}"
xappend "${conf}" "include ${uciconf}"
file_reset "${uciconf}"
} }
ipsec_reset() { ipsec_reset() {
do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" file_reset "$IPSEC_VAR_CONN_FILE"
} }
ipsec_xappend() { ipsec_xappend() {
xappend "${IPSEC_VAR_CONN_FILE}" "$@" xappend "$IPSEC_VAR_CONN_FILE" "$@"
} }
swan_reset() { swan_reset() {
do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" file_reset "$STRONGSWAN_VAR_CONF_FILE"
} }
swan_xappend() { swan_xappend() {
xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@" xappend "$STRONGSWAN_VAR_CONF_FILE" "$@"
} }
secret_reset() { secret_reset() {
do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" file_reset "$IPSEC_VAR_SECRETS_FILE"
} }
secret_xappend() { secret_xappend() {
xappend "${IPSEC_VAR_SECRETS_FILE}" "$@" xappend "$IPSEC_VAR_SECRETS_FILE" "$@"
} }
warning() { warning() {
@ -204,7 +177,7 @@ config_conn() {
[ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier" [ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier"
[ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown" [ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown"
[ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown" [ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown"
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker" [ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker"
ipsec_xappend " keyexchange=$keyexchange" ipsec_xappend " keyexchange=$keyexchange"
set_crypto_proposal "$1" set_crypto_proposal "$1"
@ -267,6 +240,14 @@ config_remote() {
ipsec_xappend "" ipsec_xappend ""
} }
do_preamble() {
ipsec_xappend "# generated by /etc/init.d/ipsec"
ipsec_xappend "version 2"
ipsec_xappend ""
secret_xappend "# generated by /etc/init.d/ipsec"
}
config_ipsec() { config_ipsec() {
local debug local debug
local rtinstall_enabled local rtinstall_enabled
@ -280,11 +261,7 @@ config_ipsec() {
secret_reset secret_reset
swan_reset swan_reset
ipsec_xappend "# generated by /etc/init.d/ipsec" do_preamble
ipsec_xappend "version 2"
ipsec_xappend ""
secret_xappend "# generated by /etc/init.d/ipsec"
config_get debug "$1" debug 0 config_get debug "$1" debug 0
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
@ -332,7 +309,6 @@ config_ipsec() {
prepare_env() { prepare_env() {
mkdir -p /var/ipsec mkdir -p /var/ipsec
remove_includes
config_load ipsec config_load ipsec
config_foreach config_ipsec ipsec config_foreach config_ipsec ipsec
config_foreach config_remote remote config_foreach config_remote remote