See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Libreswan will set DEFAULT_DNSSEC_ROOTKEY_FILE from the LINUX_VARIANT
variable, which is taken from the ID field in /etc/os-release. This
points to the host file, which is wrong.
Set both variables when calling make.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom
This patch specifies Linux as a target platfrom
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
According to a comment in programs/pluto/kernel_xfrm_interface.c:177:
* IFLA_XFRM_IF_ID was added to mainline kernel 4.19 linux/if_link.h
with older kernel headers 'make USE_XFRM_INTERFACE_IFLA_HEADER=true'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Added missing limits header. This is normally included in fortify-headers,
which I have disabled locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
remove building kernel module, it is not used and is not working with 4.19
rework the ready to use l2tp-ipsec example
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Libreswan is a free software implementation of the most widely
supported and standardized VPN protocol based on ("IPsec") and
the Internet Key Exchange ("IKE"). These standards are produced
and maintained by the Internet Engineering Task Force ("IETF").
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
