Menu
▾
▴
astlinux-commits
|
From: <abe...@us...> - 2016-11-12 19:36:08
|
Revision: 7950
http://sourceforge.net/p/astlinux/code/7950
Author: abelbeck
Date: 2016-11-12 19:36:06 +0000 (Sat, 12 Nov 2016)
Log Message:
-----------
strongswan, a usable /etc/init.d/ipsec script and symlink /etc/ strongswan files/dirs to /mnt/kd/ipsec/strongswan/
Modified Paths:
--------------
branches/1.0/package/strongswan/ipsec.init
branches/1.0/package/strongswan/strongswan.mk
Modified: branches/1.0/package/strongswan/ipsec.init
===================================================================
--- branches/1.0/package/strongswan/ipsec.init 2016-11-12 04:50:08 UTC (rev 7949)
+++ branches/1.0/package/strongswan/ipsec.init 2016-11-12 19:36:06 UTC (rev 7950)
@@ -2,21 +2,64 @@
. /etc/rc.conf
-init ()
-{
- :
+. /etc/init.d/functions.d/misc
+
+PIDFILE="/var/run/charon.pid"
+
+init () {
+
+ if ! SYS_is_vpn_type ipsec; then
+ exit
+ fi
+
+ if [ ! -d /mnt/kd/ipsec/strongswan ]; then
+ mkdir -p /mnt/kd/ipsec/strongswan
+ if [ -d /stat/etc/strongswan ]; then
+ cp -a /stat/etc/strongswan/* /mnt/kd/ipsec/strongswan/
+ fi
+ fi
+
+ ln -snf /mnt/kd/ipsec/strongswan /tmp/etc/strongswan
+
+ # Create lock dir managed by 'ipsec'
+ mkdir -p /var/lock/subsys
}
start ()
{
- :
+ if SYS_is_vpn_type ipsec; then
+
+ /usr/sbin/ipsec start >/dev/null
+ fi
}
stop ()
{
- :
+ if [ -f $PIDFILE ]; then
+
+ /usr/sbin/ipsec stop
+
+ # strongswan is known to leave PID files behind when something goes wrong, cleanup here
+ cnt=5
+ while [ $cnt -gt 0 ] && [ -f $PIDFILE ]; do
+ cnt=$((cnt - 1))
+ sleep 1
+ done
+ rm -f $PIDFILE
+ # and just to make sure they are really really dead at this point...
+ killall -9 charon >/dev/null 2>&1
+ fi
}
+reload ()
+{
+ if [ -f $PIDFILE ]; then
+ /usr/sbin/ipsec reload
+ else
+ start
+ fi
+}
+
case $1 in
init)
@@ -38,8 +81,12 @@
start
;;
+reload)
+ reload
+ ;;
+
*)
- echo "Usage: start|stop|restart" >&2
+ echo "Usage: start|stop|restart|reload" >&2
exit 1
;;
Modified: branches/1.0/package/strongswan/strongswan.mk
===================================================================
--- branches/1.0/package/strongswan/strongswan.mk 2016-11-12 04:50:08 UTC (rev 7949)
+++ branches/1.0/package/strongswan/strongswan.mk 2016-11-12 19:36:06 UTC (rev 7950)
@@ -8,6 +8,8 @@
STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
STRONGSWAN_SITE = https://download.strongswan.org
STRONGSWAN_DEPENDENCIES = openssl host-pkg-config
+STRONGSWAN_TARGET_ETC = ipsec.conf ipsec.d ipsec.secrets strongswan.conf strongswan.d swanctl
+
STRONGSWAN_CONF_OPT += \
--without-lib-prefix \
--enable-led=no \
@@ -53,6 +55,13 @@
endif
define STRONGSWAN_POST_INSTALL
+ mkdir -p $(TARGET_DIR)/stat/etc/strongswan
+ for i in $(STRONGSWAN_TARGET_ETC); do \
+ cp -a $(TARGET_DIR)/etc/$$i $(TARGET_DIR)/stat/etc/strongswan/ ; \
+ rm -rf $(TARGET_DIR)/etc/$$i ; \
+ ln -s /tmp/etc/strongswan/$$i $(TARGET_DIR)/etc/$$i ; \
+ done
+ rm -rf $(TARGET_DIR)/usr/share/strongswan
$(INSTALL) -m 0755 -D package/strongswan/ipsec.init $(TARGET_DIR)/etc/init.d/ipsec
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/S31ipsec
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/K20ipsec
@@ -63,12 +72,10 @@
STRONGSWAN_UNINSTALL_STAGING_OPT = --version
define STRONGSWAN_UNINSTALL_TARGET_CMDS
+ rm -rf $(TARGET_DIR)/stat/etc/strongswan
rm -rf $(TARGET_DIR)/usr/lib/ipsec
rm -rf $(TARGET_DIR)/usr/libexec/ipsec
- rm -rf $(TARGET_DIR)/etc/strongswan.*
- rm -rf $(TARGET_DIR)/etc/ipsec.*
- rm -rf $(TARGET_DIR)/etc/swanctl
- rm -rf $(TARGET_DIR)/usr/share/strongswan
+ rm -f $(addprefix $(TARGET_DIR)/etc/, $(STRONGSWAN_TARGET_ETC))
rm -f $(TARGET_DIR)/etc/init.d/ipsec
rm -f $(TARGET_DIR)/etc/runlevels/default/S31ipsec
rm -f $(TARGET_DIR)/etc/runlevels/default/K20ipsec
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-11-13 21:41:20
|
Revision: 7955
http://sourceforge.net/p/astlinux/code/7955
Author: abelbeck
Date: 2016-11-13 21:41:18 +0000 (Sun, 13 Nov 2016)
Log Message:
-----------
strongswan, reference /stat/etc/strongswan/ plugins .conf by default, disable firewall updown, remove /usr/share/strongswan (again)
Modified Paths:
--------------
branches/1.0/package/strongswan/ipsec.init
branches/1.0/package/strongswan/strongswan.mk
Added Paths:
-----------
branches/1.0/package/strongswan/strongswan-default-strongswan-conf.patch
Modified: branches/1.0/package/strongswan/ipsec.init
===================================================================
--- branches/1.0/package/strongswan/ipsec.init 2016-11-13 16:07:33 UTC (rev 7954)
+++ branches/1.0/package/strongswan/ipsec.init 2016-11-13 21:41:18 UTC (rev 7955)
@@ -16,6 +16,11 @@
mkdir -p /mnt/kd/ipsec/strongswan
if [ -d /stat/etc/strongswan ]; then
cp -a /stat/etc/strongswan/* /mnt/kd/ipsec/strongswan/
+
+ ## Remove /mnt/kd/ipsec/strongswan/ plugin .conf files so they don't get stale.
+ ## File strongswan.conf references the /stat/etc/strongswan/ versions by default.
+ rm /mnt/kd/ipsec/strongswan/strongswan.d/*.conf
+ rm /mnt/kd/ipsec/strongswan/strongswan.d/charon/*.conf
fi
fi
Added: branches/1.0/package/strongswan/strongswan-default-strongswan-conf.patch
===================================================================
--- branches/1.0/package/strongswan/strongswan-default-strongswan-conf.patch (rev 0)
+++ branches/1.0/package/strongswan/strongswan-default-strongswan-conf.patch 2016-11-13 21:41:18 UTC (rev 7955)
@@ -0,0 +1,15 @@
+--- strongswan-5.5.1/conf/strongswan.conf.orig 2016-11-13 14:37:20.044511922 -0600
++++ strongswan-5.5.1/conf/strongswan.conf 2016-11-13 14:39:31.565086615 -0600
+@@ -7,8 +7,10 @@
+ charon {
+ load_modular = yes
+ plugins {
+- include strongswan.d/charon/*.conf
++ include /stat/etc/strongswan/strongswan.d/charon/*.conf
++ #include strongswan.d/charon/*.conf
+ }
+ }
+
+-include strongswan.d/*.conf
++include /stat/etc/strongswan/strongswan.d/*.conf
++#include strongswan.d/*.conf
Modified: branches/1.0/package/strongswan/strongswan.mk
===================================================================
--- branches/1.0/package/strongswan/strongswan.mk 2016-11-13 16:07:33 UTC (rev 7954)
+++ branches/1.0/package/strongswan/strongswan.mk 2016-11-13 21:41:18 UTC (rev 7955)
@@ -13,6 +13,7 @@
STRONGSWAN_CONF_OPT += \
--disable-static \
--without-lib-prefix \
+ --enable-updown=no \
--enable-led=no \
--enable-pkcs11=no \
--enable-kernel-netlink=yes \
@@ -73,6 +74,7 @@
rm -rf $(TARGET_DIR)/etc/$$i ; \
ln -s /tmp/etc/strongswan/$$i $(TARGET_DIR)/etc/$$i ; \
done
+ rm -rf $(TARGET_DIR)/usr/share/strongswan
$(INSTALL) -m 0755 -D package/strongswan/ipsec.init $(TARGET_DIR)/etc/init.d/ipsec
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/S31ipsec
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/K20ipsec
@@ -86,7 +88,6 @@
rm -rf $(TARGET_DIR)/stat/etc/strongswan
rm -rf $(TARGET_DIR)/usr/lib/ipsec
rm -rf $(TARGET_DIR)/usr/libexec/ipsec
- rm -rf $(TARGET_DIR)/usr/share/strongswan
rm -f $(addprefix $(TARGET_DIR)/etc/, $(STRONGSWAN_TARGET_ETC))
rm -f $(TARGET_DIR)/etc/init.d/ipsec
rm -f $(TARGET_DIR)/etc/runlevels/default/S31ipsec
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-12-15 17:48:44
|
Revision: 8036
http://sourceforge.net/p/astlinux/code/8036
Author: abelbeck
Date: 2016-12-15 17:48:42 +0000 (Thu, 15 Dec 2016)
Log Message:
-----------
strongswan, move most logs to '/var/log/charon.log' instead of syslog, and rotate the log file
Modified Paths:
--------------
branches/1.0/package/strongswan/strongswan.mk
Added Paths:
-----------
branches/1.0/package/strongswan/charon-logging.conf
branches/1.0/package/strongswan/charon.logrotate
Added: branches/1.0/package/strongswan/charon-logging.conf
===================================================================
--- branches/1.0/package/strongswan/charon-logging.conf (rev 0)
+++ branches/1.0/package/strongswan/charon-logging.conf 2016-12-15 17:48:42 UTC (rev 8036)
@@ -0,0 +1,27 @@
+charon {
+ filelog {
+ /var/log/charon.log {
+ # add a timestamp prefix
+ time_format = %b %e %T
+ # prepend connection name
+ ike_name = yes
+ # overwrite existing files
+ append = no
+ # default loglevel for all daemon subsystems
+ default = 1
+ # flush each line to disk
+ flush_line = yes
+ }
+ }
+ syslog {
+ # use 'silent' settings to log to the LOG_DAEMON facility
+ daemon {
+ default = -1
+ }
+ # use 'silent' settings to log to the LOG_AUTHPRIV facility
+ auth {
+ default = -1
+ }
+ }
+}
+
Added: branches/1.0/package/strongswan/charon.logrotate
===================================================================
--- branches/1.0/package/strongswan/charon.logrotate (rev 0)
+++ branches/1.0/package/strongswan/charon.logrotate 2016-12-15 17:48:42 UTC (rev 8036)
@@ -0,0 +1,13 @@
+#
+/var/log/charon.log {
+ missingok
+ size 100k
+ rotate 1
+ sharedscripts
+ postrotate
+ if [ -f /var/run/charon.pid ]; then
+ /bin/kill -HUP $(cat /var/run/charon.pid) >/dev/null 2>&1
+ fi
+ endscript
+}
+
Modified: branches/1.0/package/strongswan/strongswan.mk
===================================================================
--- branches/1.0/package/strongswan/strongswan.mk 2016-12-14 14:17:11 UTC (rev 8035)
+++ branches/1.0/package/strongswan/strongswan.mk 2016-12-15 17:48:42 UTC (rev 8036)
@@ -75,7 +75,9 @@
ln -s /tmp/etc/strongswan/$$i $(TARGET_DIR)/etc/$$i ; \
done
rm -rf $(TARGET_DIR)/usr/share/strongswan
- $(INSTALL) -m 0755 -D package/strongswan/ipsec.init $(TARGET_DIR)/etc/init.d/ipsec
+ $(INSTALL) -m 755 -D package/strongswan/ipsec.init $(TARGET_DIR)/etc/init.d/ipsec
+ $(INSTALL) -m 644 -D package/strongswan/charon.logrotate $(TARGET_DIR)/etc/logrotate.d/charon
+ $(INSTALL) -m 644 -D package/strongswan/charon-logging.conf $(TARGET_DIR)/stat/etc/strongswan/strongswan.d/charon-logging.conf
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/S31ipsec
ln -sf ../../init.d/ipsec $(TARGET_DIR)/etc/runlevels/default/K20ipsec
endef
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X