From: Antony Antony Date: Thu, 16 May 2019 07:23:57 +0000 (+0200) Subject: libreswan: update to libreswan 3.29-1 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=8f99aff8fd82a516591cffdeed0bc89bb307757c;p=feed%2Fpackages.git libreswan: update to libreswan 3.29-1 remove unused patches Add patch to: Automatically detect whether Curve25519 is available in NSS for USE_DH31 Signed-off-by: Antony Antony --- diff --git a/net/libreswan/Makefile b/net/libreswan/Makefile index da88e2f928..5b71685e12 100644 --- a/net/libreswan/Makefile +++ b/net/libreswan/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libreswan -PKG_VERSION:=3.27 -PKG_RELEASE:=3 +PKG_VERSION:=3.29 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.libreswan.org/ -PKG_HASH:=ead07dd701116094b483dc57e54e2a5ee9a06d3982bb142260bcbf3d1faf7b82 +PKG_HASH:=d60e4160f43272b6307b697a13f79f56b5ec2bca61d83097ddadd8586a58ab3e PKG_LICENSE:=GPL-2.0 PKG_MAINTAINER:=Lucian Cristian diff --git a/net/libreswan/patches/000-dh31-auto-detect.patch b/net/libreswan/patches/000-dh31-auto-detect.patch new file mode 100644 index 0000000000..301e87a928 --- /dev/null +++ b/net/libreswan/patches/000-dh31-auto-detect.patch @@ -0,0 +1,34 @@ +From 9126ec99ca9e136666cbba5b48a8a02cb11350e0 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor +Date: Mon, 15 Oct 2018 11:16:54 -0400 +Subject: [PATCH] Automatically detect whether Curve25519 is available in NSS + for USE_DH31 + +currently, USE_DH31 defaults to true. + +On some platforms, where older versions of NSS are in use, this should +default to false. + +This patch automatically detects such systems and disables USE_DH31 on +those platforms. + +It produces some amount of noise on stderr about CURVE_25519 during +the build on those older platforms, but that seems ok to me, since +those platforms should know that they're missing a modern feature. + +If you prefer less noise, i'd be happy with any modification that does +a similar sort of autodetection. + +diff --git a/mk/userland-cflags.mk b/mk/userland-cflags.mk +index d0a88b1aa1..7d88874b1c 100644 +--- a/mk/userland-cflags.mk ++++ b/mk/userland-cflags.mk +@@ -240,7 +240,7 @@ ifeq ($(USE_DH24),true) + USERLAND_CFLAGS += -DUSE_DH24 + endif + +-USE_DH31 ?= true ++USE_DH31 ?= $(shell if printf '\#include \nint main() { return SEC_OID_CURVE25519; }\n'| $(CC) -x c $$(pkg-config --cflags nss) -o /dev/null -; then echo true; else echo false; fi ) + ifeq ($(USE_DH31),true) + USERLAND_CFLAGS += -DUSE_DH31 + endif diff --git a/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch b/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch deleted file mode 100644 index 0cca6c3770..0000000000 --- a/net/libreswan/patches/001-move_kernel_klips_to_mk_kernel.mk.patch +++ /dev/null @@ -1,973 +0,0 @@ -From 010a9f2bbdaa97024933be04eff1a48ff1f9b657 Mon Sep 17 00:00:00 2001 -From: Andrew Cagney -Date: Thu, 25 Oct 2018 21:00:59 -0400 -Subject: [PATCH] building: move kernel (klips) rules to mk/kernel.mk - ---- - Makefile | 448 +----------------------------------------------- - mk/kernel.mk | 468 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 474 insertions(+), 442 deletions(-) - create mode 100644 mk/kernel.mk - -diff --git a/Makefile b/Makefile -index b706defd0f..0b070966e6 100644 ---- a/Makefile -+++ b/Makefile -@@ -97,119 +97,14 @@ KERNELREL=$(shell ${KVSHORTUTIL} ${KERNELSRC}/Makefile) - - # directories visited by all recursion - --# declaration for make's benefit --.PHONY: def insert kpatch patches _patches _patches2.4 \ -- klipsdefaults programs man install \ -- precheck verset confcheck kernel \ -- module module24 module26 kinstall minstall minstall24 minstall26 \ -- moduleclean mod24clean module24clean mod26clean module26clean \ -- backup unpatch uninstall \ -- check \ -- --kpatch: unapplypatch applypatch klipsdefaults --npatch: unapplynpatch applynpatch --sarefpatch: unapplysarefpatch applysarefpatch -- --unapplypatch: -- @echo "info: making unapplypatch in `pwd` and KERNELSRC=\"${KERNELSRC}\";" -- -@if [ -f ${KERNELSRC}/libreswan.patch ]; then \ -- echo Undoing previous patches; \ -- cat ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ -- fi -- --applypatch: -- @echo "info: Now performing forward patches in `pwd`"; -- ${MAKE} kernelpatch${KERNELREL} | tee ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) -- --unapplynpatch: -- @echo "info: making unapplynpatch (note the second N) in `pwd`"; -- -@if [ -f ${KERNELSRC}/natt.patch ]; then \ -- echo Undoing previous NAT patches; \ -- cat ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ -- fi -- --applynpatch: -- @echo "info: Now performing forward NAT patches in `pwd`"; -- ${MAKE} nattpatch${KERNELREL} | tee ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) -- --unapplysarefpatch: -- @echo "info: making unapplysarefpatch in `pwd`"; -- -@if [ -f ${KERNELSRC}/saref.patch ]; then \ -- echo Undoing previous saref patches; \ -- cat ${KERNELSRC}/saref.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preng --reverse --ignore-whitespace ); \ -- fi -- --applysarefpatch: -- @echo "info: Now performing SAref patches in `pwd`"; -- ${MAKE} sarefpatch${KERNELREL} | tee ${KERNELSRC}/klipsng.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preng --forward --ignore-whitespace ) -- --# patch kernel --PATCHER=packaging/utils/patcher -- --_patches: -- echo "===============" >>out.kpatch -- echo "`date` `cd $(KERNELSRC) ; pwd`" >>out.kpatch -- $(MAKE) __patches$(KERNELREL) >>out.kpatch -- --# Linux-2.4.0 version --__patches2.4: -- @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ -- 'CONFIG_KLIPS' $(PATCHES)/Documentation/Configure.help.fs2_2.patch -- @$(PATCHER) -v $(KERNELSRC) net/Config.in \ -- 'CONFIG_KLIPS' $(PATCHES)/net/Config.in.fs2_4.patch -- @$(PATCHER) -v $(KERNELSRC) net/Makefile \ -- 'CONFIG_KLIPS' $(PATCHES)/net/Makefile.fs2_4.patch -- @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ -- 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/af_inet.c.fs2_4.patch -- @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ -- 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/udp.c.fs2_4.patch -- @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ -- 'CONFIG_KLIPS' $(PATCHES)/include/net/sock.h.fs2_4.patch --# Removed patches, will unpatch automatically. -- @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h -- @$(PATCHER) -v $(KERNELSRC) net/core/dev.c -- @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c -- @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c -- @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h -- @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c -- @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c -- @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c -- --klipsdefaults: -- @KERNELDEFCONFIG=$(KERNELSRC)/arch/$(ARCH)/defconfig ; \ -- KERNELCONFIG=$(KCFILE) ; \ -- if ! egrep -q 'CONFIG_KLIPS' $$KERNELDEFCONFIG ; \ -- then \ -- set -x ; \ -- cp -a $$KERNELDEFCONFIG $$KERNELDEFCONFIG.orig ; \ -- chmod u+w $$KERNELDEFCONFIG ; \ -- cat $$KERNELDEFCONFIG $(KERNELKLIPS)/defconfig \ -- >$$KERNELDEFCONFIG.tmp ; \ -- rm -f $$KERNELDEFCONFIG ; \ -- cp -a $$KERNELDEFCONFIG.tmp $$KERNELDEFCONFIG ; \ -- rm -f $$KERNELDEFCONFIG.tmp ; \ -- fi ; \ -- if ! egrep -q 'CONFIG_KLIPS' $$KERNELCONFIG ; \ -- then \ -- set -x ; \ -- cp -a $$KERNELCONFIG $$KERNELCONFIG.orig ; \ -- chmod u+w $$KERNELCONFIG ; \ -- cat $$KERNELCONFIG $(KERNELKLIPS)/defconfig \ -- >$$KERNELCONFIG.tmp ; \ -- rm -f $$KERNELCONFIG ; \ -- cp -a $$KERNELCONFIG.tmp $$KERNELCONFIG ; \ -- rm -f $$KERNELCONFIG.tmp ; \ -- fi -- -- -- - # programs - - ABSOBJDIR:=$(shell mkdir -p ${OBJDIR}; cd ${OBJDIR} && pwd) - OBJDIRTOP=${ABSOBJDIR} - - # Recursive clean dealt with elsewhere. --local-clean-base: moduleclean -+.PHONY: local-clean-base -+local-clean-base: - $(foreach file,$(RPMTMPDIR) $(RPMDEST) out.*build out.*install, \ - rm -rf $(file) ; ) # but leave out.kpatch - -@@ -219,339 +114,13 @@ local-clean-base: moduleclean - # $(OBJDIR), "distclean" does not depend on it. If it did, "make - # distclean" would have the quirky behaviour of first creating - # $(OBJDIR) only to then delete it. --distclean: moduleclean module24clean module26clean clean-kvm-keys -+.PHONY: distclean -+distclean: clean-kvm-keys - rm -f $(RPMTMPDIR) $(RPMDEST) out.* - rm -rf testing/pluto/*/OUTPUT* - rm -rf OBJ.* $(OBJDIR) - rm -rf BACKUP - --# proxies for major kernel make operations -- --# do-everything entries --KINSERT_PRE=precheck verset insert --PRE=precheck verset kpatch --POST=confcheck programs kernel install --MPOST=confcheck programs module install -- --# preliminaries --precheck: -- @if test ! -d $(KERNELSRC) -a ! -L $(KERNELSRC) ; \ -- then \ -- echo '*** cannot find directory "$(KERNELSRC)"!!' ; \ -- echo '*** may be necessary to add symlink to kernel source' ; \ -- exit 1 ; \ -- fi -- @if ! cd $(KERNELSRC) ; \ -- then \ -- echo '*** cannot "cd $(KERNELSRC)"!!' ; \ -- echo '*** may be necessary to add symlink to kernel source' ; \ -- exit 1 ; \ -- fi -- @if test ! -f $(KCFILE) ; \ -- then \ -- echo '*** cannot find "$(KCFILE)"!!' ; \ -- echo '*** perhaps kernel has never been configured?' ; \ -- echo '*** please do that first; the results are necessary.' ; \ -- exit 1 ; \ -- fi -- @if test ! -f $(VERFILE) ; \ -- then \ -- echo '*** cannot find "$(VERFILE)"!!' ; \ -- echo '*** perhaps kernel has never been compiled?' ; \ -- echo '*** please do that first; the results are necessary.' ; \ -- exit 1 ; \ -- fi -- --# configuring (exit statuses disregarded, something fishy here sometimes) --xcf: -- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) xconfig --mcf: -- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) menuconfig --pcf: -- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) config -- --ocf: -- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig -- --rcf: -- cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) ${NONINTCONFIG} /dev/null -- --kclean: -- -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) clean -- --confcheck: -- @if test ! -f $(KCFILE) ; \ -- then echo '*** no kernel configuration file written!!' ; exit 1 ; \ -- fi -- @if ! egrep -q '^CONFIG_KLIPS=[my]' $(KCFILE) ; \ -- then echo '*** IPsec not in kernel config ($(KCFILE))!!' ; exit 1 ; \ -- fi -- @if ! egrep -q 'CONFIG_KLIPS[ ]+1' $(ACFILE) && \ -- ! egrep -q 'CONFIG_KLIPS_MODULE[ ]+1' $(ACFILE) ; \ -- then echo '*** IPsec in kernel config ($(KCFILE)),' ; \ -- echo '*** but not in config header file ($(ACFILE))!!' ; \ -- exit 1 ; \ -- fi -- @if egrep -q '^CONFIG_KLIPS=m' $(KCFILE) && \ -- ! egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -- then echo '*** IPsec configured as module in kernel with no module support!!' ; exit 1 ; \ -- fi -- @if ! egrep -q 'CONFIG_KLIPS_AH[ ]+1' $(ACFILE) && \ -- ! egrep -q 'CONFIG_KLIPS_ESP[ ]+1' $(ACFILE) ; \ -- then echo '*** IPsec configuration must include AH or ESP!!' ; exit 1 ; \ -- fi -- --# kernel building, with error checks --kernel: -- rm -f out.kbuild out.kinstall -- # undocumented kernel folklore: clean BEFORE dep. -- # we run make dep separately, because there is no point in running ERRCHECK -- # on the make dep output. -- # see LKML thread "clean before or after dep?" -- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNCLEAN) $(KERNDEP) ) -- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNEL) ) 2>&1 | tee out.kbuild -- @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -- then set -x ; \ -- ( cd $(KERNELSRC) ; \ -- $(MAKE) $(KERNMAKEOPTS) modules 2>&1 ) | tee -a out.kbuild ; \ -- fi -- ${ERRCHECK} out.kbuild -- --# module-only building, with error checks --ifneq ($(strip $(MOD24BUILDDIR)),) --${MOD24BUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make -- mkdir -p ${MOD24BUILDDIR} -- cp ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make ${MOD24BUILDDIR}/Makefile -- --module: -- @if [ -f ${KERNELSRC}/README.libreswan-2 ] ; then \ -- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with libreswan-2, out of tree build might fail!"; \ -- fi; -- @if [ -f ${KERNELSRC}/README.openswan ] ; then \ -- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan, out of tree build might fail!"; \ -- fi; -- @if [ -f ${KERNELSRC}/README.openswan-2 ] ; then \ -- echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan-2, out of tree build might fail!"; \ -- fi; -- @if [ -f ${KERNELSRC}/README.freeswan ] ; then \ -- echo "ERROR: Kernel source ${KERNELSRC} has already been patched with freeswan, out of tree build will fail!"; \ -- fi; -- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ -- echo "Building module for a 2.4 kernel"; ${MAKE} module24 ; \ -- else echo "Building module for a 2.6 kernel"; ${MAKE} module26; \ -- fi; -- --modclean moduleclean: -- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ -- echo "Cleaning module for a 2.4 kernel"; ${MAKE} module24clean ; \ -- else echo "Cleaning module for a 2.6 kernel"; ${MAKE} module26clean; \ -- fi; -- --module24: -- @if [ ! -f ${KERNELSRC}/Rules.make ] ; then \ -- echo "Warning: Building for a 2.4 kernel in what looks like a 2.6 tree"; \ -- fi ; \ -- ${MAKE} ${MOD24BUILDDIR}/Makefile -- ${MAKE} -C ${MOD24BUILDDIR} LIBRESWANSRCDIR=${LIBRESWANSRCDIR} ARCH=${ARCH} V=${V} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} TOPDIR=${KERNELSRC} -f Makefile ipsec.o -- @echo -- @echo '=========================================================' -- @echo -- @echo 'KLIPS24 module built successfully. ' -- @echo ipsec.o is in ${MOD24BUILDDIR} -- @echo -- @(cd ${MOD24BUILDDIR}; ls -l ipsec.o) -- @(cd ${MOD24BUILDDIR}; size ipsec.o) -- @echo -- @echo 'use make minstall as root to install it' -- @echo -- @echo '=========================================================' -- @echo -- --mod24clean module24clean: -- rm -rf ${MOD24BUILDDIR} -- --#autoodetect 2.4 and 2.6 --module_install minstall install-module: -- @if [ -f $(KERNELSRC)/Rules.make ] ; then \ -- $(MAKE) minstall24 ; \ -- else \ -- $(MAKE) minstall26 ; \ -- fi; -- --# Extract the value of MODLIB from the output of $(MAKE). Also hide --# the sup-process $(MAKE) so that GNU Make doesn't always invoke the --# target ("make -n" ignored). --# --# If $(MAKE) directly appears in a target (for instance in minstall26) --# then GNU Make will assume that it is a recursive make invocation and --# invoke the target regardless of -n. --# --# XXX: minstall24 should also use this. -- --osmodlib-from-make = \ -- OSMODLIB=$$($(MAKE) $(1) 2>/dev/null | sed -n -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/p' | head -1) ; \ -- test -z "$$OSMODLIB" || echo "OSMODLIB=$$OSMODLIB ($(MAKE) $(1))" -- --# module-only install, with error checks --minstall24: -- ( OSMODLIB=`${MAKE} -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ -- if [ -z "$$OSMODLIB" ] ; then \ -- OSMODLIB=`${MAKE} -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ -- fi ; \ -- if [ -z "$$OSMODLIB" ] ; then \ -- echo "No known place to install module. Aborting." ; \ -- exit 93 ; \ -- fi ; \ -- set -x ; \ -- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- cp $(MOD24BUILDDIR)/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- if [ -f /sbin/depmod ] ; then /sbin/depmod -a ; fi; \ -- if [ -n "$(OSMOD_DESTDIR)" ] ; then \ -- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- if [ -f $$OSMODLIB/kernel/ipsec.o -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ] ; then \ -- echo "WARNING: two ipsec.o modules found in $$OSMODLIB/kernel:" ; \ -- ls -l $$OSMODLIB/kernel/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ; \ -- exit 1; \ -- fi ; \ -- fi ; \ -- set -x ) ; -- -- --else --module: -- echo 'Building in place is no longer supported. Please set MOD24BUILDDIR=' -- exit 1 -- --endif -- --# module-only building, with error checks --ifneq ($(strip $(MODBUILDDIR)),) --${MODBUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module.make -- mkdir -p ${MODBUILDDIR} -- echo ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/*.S ${MODBUILDDIR} -- (rm -f ${MODBUILDDIR}/des; mkdir -p ${MODBUILDDIR}/des && cd ${MODBUILDDIR}/des && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/* . && ln -s -f Makefile.fs2_6 Makefile) -- (rm -f ${MODBUILDDIR}/aes; mkdir -p ${MODBUILDDIR}/aes && cd ${MODBUILDDIR}/aes && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/aes/* . && ln -s -f Makefile.fs2_6 Makefile) -- mkdir -p ${MODBUILDDIR}/aes -- cp ${LIBRESWANSRCDIR}/packaging/makefiles/module.make ${MODBUILDDIR}/Makefile -- ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/match*.S ${MODBUILDDIR} -- --module26: -- @if [ -f ${KERNELSRC}/Rules.make ] ; then \ echo "Warning: Building for a 2.6+ kernel in what looks like a 2.4 tree"; \ -- fi ; \ -- ${MAKE} ${MODBUILDDIR}/Makefile -- ${MAKE} -C ${KERNELSRC} ${KERNELBUILDMFLAGS} BUILDDIR=${MODBUILDDIR} SUBDIRS=${MODBUILDDIR} INITSYSTEM=$(INITSYSTEM) MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} MODULE_DEFCONFIG=${MODULE_DEFCONFIG} MODULE_EXTRA_INCLUDE=${MODULE_EXTRA_INCLUDE} ARCH=${ARCH} V=${V} modules -- @echo -- @echo '=========================================================' -- @echo -- @echo 'KLIPS module built successfully. ' -- @echo ipsec.ko is in ${MODBUILDDIR} -- @echo -- @(cd ${MODBUILDDIR}; ls -l ipsec.ko) -- @(cd ${MODBUILDDIR}; size ipsec.ko) -- @echo -- @echo 'use make minstall as root to install it' -- @echo -- @echo '=========================================================' -- @echo -- --mod26clean module26clean: -- rm -rf ${MODBUILDDIR} -- --# module-only install, with error checks --minstall26: -- $(call osmodlib-from-make,-C $(KERNELSRC) -p help) ; \ -- if [ -z "$$OSMODLIB" ] ; then \ -- $(call osmodlib-from-make,-C $(KERNELSRC) -n -p modules_install) ; \ -- fi ; \ -- if [ -z "$$OSMODLIB" ] ; then \ -- echo "No known place to install module. Aborting." ; \ -- exit 93 ; \ -- fi ; \ -- set -x ; \ -- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- cp $(MODBUILDDIR)/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- if [ -f /sbin/depmod ] ; then \ -- /sbin/depmod -a ; \ -- fi ; \ -- if [ -n "$(OSMOD_DESTDIR)" ] ; then \ -- mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -- if [ -f $$OSMODLIB/kernel/ipsec.ko -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \ -- echo "WARNING: two ipsec.ko modules found in $$OSMODLIB/kernel:" ; \ -- ls -l $$OSMODLIB/kernel/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \ -- exit 1; \ -- fi ; \ -- fi -- -- --else --module26: -- echo 'Building in place is no longer supported. Please set MODBUILDDIR=' -- exit 1 -- --endif -- --# kernel install, with error checks --kinstall: -- rm -f out.kinstall -- >out.kinstall -- # undocumented kernel folklore: modules_install must precede install (observed on RHL8.0) -- @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -- then set -x ; \ -- ( cd $(KERNELSRC) ; \ -- $(MAKE) $(KERNMAKEOPTS) modules_install 2>&1 ) | tee -a out.kinstall ; \ -- fi -- ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) install ) 2>&1 | tee -a out.kinstall -- ${ERRCHECK} out.kinstall -- --kernelpatch3 kernelpatch3.5 kernelpatch2.6 kernelpatch: -- packaging/utils/kernelpatch 2.6 -- --kernelpatch2.4: -- packaging/utils/kernelpatch 2.4 -- --nattpatch: -- if [ -f ${KERNELSRC}/Makefile ]; then \ -- ${MAKE} nattpatch${KERNELREL}; \ -- else echo "Cannot determine Linux kernel version. Perhaps you need to set KERNELSRC? (eg: export KERNELSRC=/usr/src/linux-`uname -r`/)"; exit 1; \ -- fi; -- --sarefpatch2.6: -- #cat patches/kernel/2.6.38/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch -- #packaging/utils/sarefpatch 2.6 -- echo "" -- --nattpatch2.6: -- packaging/utils/nattpatch 2.6 -- --nattpatch2.4: -- packaging/utils/nattpatch 2.4 -- --nattupdate: -- (cd UMLPOOL && diff -u plain26/net/ipv4/udp.c.orig plain26/net/ipv4/udp.c; exit 0) >nat-t/net/ipv4/udp.c.os2_6.patch -- --# take all the patches out of the kernel --# (Note, a couple of files are modified by non-patch means; they are --# included in "make backup".) --unpatch: -- @echo \"make unpatch\" is obsolete. See make unapplypatch. -- exit 1 -- --_unpatch: -- for f in `find $(KERNELSRC)/. -name '*.preipsec' -print` ; \ -- do \ -- echo "restoring $$f:" ; \ -- dir=`dirname $$f` ; \ -- core=`basename $$f .preipsec` ; \ -- cd $$dir ; \ -- mv -f $$core.preipsec $$core ; \ -- rm -f $$core.wipsec $$core.ipsecmd5 ; \ -- done -- --# at the moment there is no difference between snapshot and release build --snapready: buildready --relready: buildready --ready: devready - - # set up for build - buildready: -@@ -604,13 +173,6 @@ deb: - #debuild -S -sa - @echo "to build optional KLIPS kernel module, run make deb-klips" - --deb-klips: -- sudo module-assistant prepare -u . -- sudo dpkg -i ../libreswan-modules-source_`make -s showdebversion`_all.deb -- sudo module-assistant -u . prepare -- sudo module-assistant -u . build libreswan -- -- - release: - packaging/utils/makerelease - -@@ -654,3 +216,5 @@ install-fipshmac: - include ${LIBRESWANSRCDIR}/mk/docker-targets.mk - include ${LIBRESWANSRCDIR}/mk/kvm-targets.mk - include ${LIBRESWANSRCDIR}/mk/web-targets.mk -+include ${LIBRESWANSRCDIR}/mk/kernel.mk -+ -diff --git a/mk/kernel.mk b/mk/kernel.mk -new file mode 100644 -index 0000000000..187167d440 ---- /dev/null -+++ b/mk/kernel.mk -@@ -0,0 +1,468 @@ -+# Libreswan master makefile -+# -+# Copyright (C) 1998-2002 Henry Spencer. -+# Copyright (C) 2003-2004 Xelerance Corporation -+# Copyright (C) 2017, Richard Guy Briggs -+# Copyright (C) 2015-2018 Andrew Cagney -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+ -+PATCHES=linux -+# where KLIPS goes in the kernel -+# note, some of the patches know the last part of this path -+KERNELKLIPS=$(KERNELSRC)/net/ipsec -+KERNELCRYPTODES=$(KERNELSRC)/crypto/ciphers/des -+KERNELLIBFREESWAN=$(KERNELSRC)/lib/libfreeswan -+KERNELLIBZLIB=$(KERNELSRC)/lib/zlib -+KERNELINCLUDE=$(KERNELSRC)/include -+ -+MAKEUTILS=packaging/utils -+ERRCHECK=${MAKEUTILS}/errcheck -+KVUTIL=${MAKEUTILS}/kernelversion -+KVSHORTUTIL=${MAKEUTILS}/kernelversion-short -+ -+# kernel details -+# what variant of our patches should we use, and where is it -+KERNELREL=$(shell ${KVSHORTUTIL} ${KERNELSRC}/Makefile) -+ -+# directories visited by all recursion -+ -+# declaration for make's benefit -+.PHONY: def insert kpatch patches _patches _patches2.4 \ -+ klipsdefaults programs man install \ -+ precheck verset confcheck kernel \ -+ module module24 module26 kinstall minstall minstall24 minstall26 \ -+ moduleclean mod24clean module24clean mod26clean module26clean \ -+ backup unpatch uninstall \ -+ check \ -+ -+kpatch: unapplypatch applypatch klipsdefaults -+npatch: unapplynpatch applynpatch -+sarefpatch: unapplysarefpatch applysarefpatch -+ -+unapplypatch: -+ @echo "info: making unapplypatch in `pwd` and KERNELSRC=\"${KERNELSRC}\";" -+ -@if [ -f ${KERNELSRC}/libreswan.patch ]; then \ -+ echo Undoing previous patches; \ -+ cat ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ -+ fi -+ -+applypatch: -+ @echo "info: Now performing forward patches in `pwd`"; -+ ${MAKE} kernelpatch${KERNELREL} | tee ${KERNELSRC}/libreswan.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) -+ -+unapplynpatch: -+ @echo "info: making unapplynpatch (note the second N) in `pwd`"; -+ -@if [ -f ${KERNELSRC}/natt.patch ]; then \ -+ echo Undoing previous NAT patches; \ -+ cat ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ -+ fi -+ -+applynpatch: -+ @echo "info: Now performing forward NAT patches in `pwd`"; -+ ${MAKE} nattpatch${KERNELREL} | tee ${KERNELSRC}/natt.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) -+ -+unapplysarefpatch: -+ @echo "info: making unapplysarefpatch in `pwd`"; -+ -@if [ -f ${KERNELSRC}/saref.patch ]; then \ -+ echo Undoing previous saref patches; \ -+ cat ${KERNELSRC}/saref.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preng --reverse --ignore-whitespace ); \ -+ fi -+ -+applysarefpatch: -+ @echo "info: Now performing SAref patches in `pwd`"; -+ ${MAKE} sarefpatch${KERNELREL} | tee ${KERNELSRC}/klipsng.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preng --forward --ignore-whitespace ) -+ -+# patch kernel -+PATCHER=packaging/utils/patcher -+ -+_patches: -+ echo "===============" >>out.kpatch -+ echo "`date` `cd $(KERNELSRC) ; pwd`" >>out.kpatch -+ $(MAKE) __patches$(KERNELREL) >>out.kpatch -+ -+# Linux-2.4.0 version -+__patches2.4: -+ @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ -+ 'CONFIG_KLIPS' $(PATCHES)/Documentation/Configure.help.fs2_2.patch -+ @$(PATCHER) -v $(KERNELSRC) net/Config.in \ -+ 'CONFIG_KLIPS' $(PATCHES)/net/Config.in.fs2_4.patch -+ @$(PATCHER) -v $(KERNELSRC) net/Makefile \ -+ 'CONFIG_KLIPS' $(PATCHES)/net/Makefile.fs2_4.patch -+ @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ -+ 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/af_inet.c.fs2_4.patch -+ @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ -+ 'CONFIG_KLIPS' $(PATCHES)/net/ipv4/udp.c.fs2_4.patch -+ @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ -+ 'CONFIG_KLIPS' $(PATCHES)/include/net/sock.h.fs2_4.patch -+# Removed patches, will unpatch automatically. -+ @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h -+ @$(PATCHER) -v $(KERNELSRC) net/core/dev.c -+ @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c -+ @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c -+ @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h -+ @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c -+ @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c -+ @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c -+ -+klipsdefaults: -+ @KERNELDEFCONFIG=$(KERNELSRC)/arch/$(ARCH)/defconfig ; \ -+ KERNELCONFIG=$(KCFILE) ; \ -+ if ! egrep -q 'CONFIG_KLIPS' $$KERNELDEFCONFIG ; \ -+ then \ -+ set -x ; \ -+ cp -a $$KERNELDEFCONFIG $$KERNELDEFCONFIG.orig ; \ -+ chmod u+w $$KERNELDEFCONFIG ; \ -+ cat $$KERNELDEFCONFIG $(KERNELKLIPS)/defconfig \ -+ >$$KERNELDEFCONFIG.tmp ; \ -+ rm -f $$KERNELDEFCONFIG ; \ -+ cp -a $$KERNELDEFCONFIG.tmp $$KERNELDEFCONFIG ; \ -+ rm -f $$KERNELDEFCONFIG.tmp ; \ -+ fi ; \ -+ if ! egrep -q 'CONFIG_KLIPS' $$KERNELCONFIG ; \ -+ then \ -+ set -x ; \ -+ cp -a $$KERNELCONFIG $$KERNELCONFIG.orig ; \ -+ chmod u+w $$KERNELCONFIG ; \ -+ cat $$KERNELCONFIG $(KERNELKLIPS)/defconfig \ -+ >$$KERNELCONFIG.tmp ; \ -+ rm -f $$KERNELCONFIG ; \ -+ cp -a $$KERNELCONFIG.tmp $$KERNELCONFIG ; \ -+ rm -f $$KERNELCONFIG.tmp ; \ -+ fi -+ -+ -+local-clean-base: moduleclean -+distclean: moduleclean module24clean module26clean clean-kvm-keys -+ -+# proxies for major kernel make operations -+ -+# do-everything entries -+KINSERT_PRE=precheck verset insert -+PRE=precheck verset kpatch -+POST=confcheck programs kernel install -+MPOST=confcheck programs module install -+ -+# preliminaries -+precheck: -+ @if test ! -d $(KERNELSRC) -a ! -L $(KERNELSRC) ; \ -+ then \ -+ echo '*** cannot find directory "$(KERNELSRC)"!!' ; \ -+ echo '*** may be necessary to add symlink to kernel source' ; \ -+ exit 1 ; \ -+ fi -+ @if ! cd $(KERNELSRC) ; \ -+ then \ -+ echo '*** cannot "cd $(KERNELSRC)"!!' ; \ -+ echo '*** may be necessary to add symlink to kernel source' ; \ -+ exit 1 ; \ -+ fi -+ @if test ! -f $(KCFILE) ; \ -+ then \ -+ echo '*** cannot find "$(KCFILE)"!!' ; \ -+ echo '*** perhaps kernel has never been configured?' ; \ -+ echo '*** please do that first; the results are necessary.' ; \ -+ exit 1 ; \ -+ fi -+ @if test ! -f $(VERFILE) ; \ -+ then \ -+ echo '*** cannot find "$(VERFILE)"!!' ; \ -+ echo '*** perhaps kernel has never been compiled?' ; \ -+ echo '*** please do that first; the results are necessary.' ; \ -+ exit 1 ; \ -+ fi -+ -+# configuring (exit statuses disregarded, something fishy here sometimes) -+xcf: -+ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) xconfig -+mcf: -+ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) menuconfig -+pcf: -+ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) config -+ -+ocf: -+ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig -+ -+rcf: -+ cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) ${NONINTCONFIG} /dev/null -+ -+kclean: -+ -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) clean -+ -+confcheck: -+ @if test ! -f $(KCFILE) ; \ -+ then echo '*** no kernel configuration file written!!' ; exit 1 ; \ -+ fi -+ @if ! egrep -q '^CONFIG_KLIPS=[my]' $(KCFILE) ; \ -+ then echo '*** IPsec not in kernel config ($(KCFILE))!!' ; exit 1 ; \ -+ fi -+ @if ! egrep -q 'CONFIG_KLIPS[ ]+1' $(ACFILE) && \ -+ ! egrep -q 'CONFIG_KLIPS_MODULE[ ]+1' $(ACFILE) ; \ -+ then echo '*** IPsec in kernel config ($(KCFILE)),' ; \ -+ echo '*** but not in config header file ($(ACFILE))!!' ; \ -+ exit 1 ; \ -+ fi -+ @if egrep -q '^CONFIG_KLIPS=m' $(KCFILE) && \ -+ ! egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -+ then echo '*** IPsec configured as module in kernel with no module support!!' ; exit 1 ; \ -+ fi -+ @if ! egrep -q 'CONFIG_KLIPS_AH[ ]+1' $(ACFILE) && \ -+ ! egrep -q 'CONFIG_KLIPS_ESP[ ]+1' $(ACFILE) ; \ -+ then echo '*** IPsec configuration must include AH or ESP!!' ; exit 1 ; \ -+ fi -+ -+# kernel building, with error checks -+kernel: -+ rm -f out.kbuild out.kinstall -+ # undocumented kernel folklore: clean BEFORE dep. -+ # we run make dep separately, because there is no point in running ERRCHECK -+ # on the make dep output. -+ # see LKML thread "clean before or after dep?" -+ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNCLEAN) $(KERNDEP) ) -+ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNEL) ) 2>&1 | tee out.kbuild -+ @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -+ then set -x ; \ -+ ( cd $(KERNELSRC) ; \ -+ $(MAKE) $(KERNMAKEOPTS) modules 2>&1 ) | tee -a out.kbuild ; \ -+ fi -+ ${ERRCHECK} out.kbuild -+ -+# module-only building, with error checks -+ifneq ($(strip $(MOD24BUILDDIR)),) -+${MOD24BUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make -+ mkdir -p ${MOD24BUILDDIR} -+ cp ${LIBRESWANSRCDIR}/packaging/makefiles/module24.make ${MOD24BUILDDIR}/Makefile -+ -+module: -+ @if [ -f ${KERNELSRC}/README.libreswan-2 ] ; then \ -+ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with libreswan-2, out of tree build might fail!"; \ -+ fi; -+ @if [ -f ${KERNELSRC}/README.openswan ] ; then \ -+ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan, out of tree build might fail!"; \ -+ fi; -+ @if [ -f ${KERNELSRC}/README.openswan-2 ] ; then \ -+ echo "WARNING: Kernel source ${KERNELSRC} has already been patched with openswan-2, out of tree build might fail!"; \ -+ fi; -+ @if [ -f ${KERNELSRC}/README.freeswan ] ; then \ -+ echo "ERROR: Kernel source ${KERNELSRC} has already been patched with freeswan, out of tree build will fail!"; \ -+ fi; -+ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ -+ echo "Building module for a 2.4 kernel"; ${MAKE} module24 ; \ -+ else echo "Building module for a 2.6 kernel"; ${MAKE} module26; \ -+ fi; -+ -+modclean moduleclean: -+ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ -+ echo "Cleaning module for a 2.4 kernel"; ${MAKE} module24clean ; \ -+ else echo "Cleaning module for a 2.6 kernel"; ${MAKE} module26clean; \ -+ fi; -+ -+module24: -+ @if [ ! -f ${KERNELSRC}/Rules.make ] ; then \ -+ echo "Warning: Building for a 2.4 kernel in what looks like a 2.6 tree"; \ -+ fi ; \ -+ ${MAKE} ${MOD24BUILDDIR}/Makefile -+ ${MAKE} -C ${MOD24BUILDDIR} LIBRESWANSRCDIR=${LIBRESWANSRCDIR} ARCH=${ARCH} V=${V} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} TOPDIR=${KERNELSRC} -f Makefile ipsec.o -+ @echo -+ @echo '=========================================================' -+ @echo -+ @echo 'KLIPS24 module built successfully. ' -+ @echo ipsec.o is in ${MOD24BUILDDIR} -+ @echo -+ @(cd ${MOD24BUILDDIR}; ls -l ipsec.o) -+ @(cd ${MOD24BUILDDIR}; size ipsec.o) -+ @echo -+ @echo 'use make minstall as root to install it' -+ @echo -+ @echo '=========================================================' -+ @echo -+ -+mod24clean module24clean: -+ rm -rf ${MOD24BUILDDIR} -+ -+#autoodetect 2.4 and 2.6 -+module_install minstall install-module: -+ @if [ -f $(KERNELSRC)/Rules.make ] ; then \ -+ $(MAKE) minstall24 ; \ -+ else \ -+ $(MAKE) minstall26 ; \ -+ fi; -+ -+# Extract the value of MODLIB from the output of $(MAKE). Also hide -+# the sup-process $(MAKE) so that GNU Make doesn't always invoke the -+# target ("make -n" ignored). -+# -+# If $(MAKE) directly appears in a target (for instance in minstall26) -+# then GNU Make will assume that it is a recursive make invocation and -+# invoke the target regardless of -n. -+# -+# XXX: minstall24 should also use this. -+ -+osmodlib-from-make = \ -+ OSMODLIB=$$($(MAKE) $(1) 2>/dev/null | sed -n -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/p' | head -1) ; \ -+ test -z "$$OSMODLIB" || echo "OSMODLIB=$$OSMODLIB ($(MAKE) $(1))" -+ -+# module-only install, with error checks -+minstall24: -+ ( OSMODLIB=`${MAKE} -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ -+ if [ -z "$$OSMODLIB" ] ; then \ -+ OSMODLIB=`${MAKE} -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ -+ fi ; \ -+ if [ -z "$$OSMODLIB" ] ; then \ -+ echo "No known place to install module. Aborting." ; \ -+ exit 93 ; \ -+ fi ; \ -+ set -x ; \ -+ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ cp $(MOD24BUILDDIR)/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ if [ -f /sbin/depmod ] ; then /sbin/depmod -a ; fi; \ -+ if [ -n "$(OSMOD_DESTDIR)" ] ; then \ -+ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ if [ -f $$OSMODLIB/kernel/ipsec.o -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ] ; then \ -+ echo "WARNING: two ipsec.o modules found in $$OSMODLIB/kernel:" ; \ -+ ls -l $$OSMODLIB/kernel/ipsec.o $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.o ; \ -+ exit 1; \ -+ fi ; \ -+ fi ; \ -+ set -x ) ; -+ -+ -+else -+module: -+ echo 'Building in place is no longer supported. Please set MOD24BUILDDIR=' -+ exit 1 -+ -+endif -+ -+# module-only building, with error checks -+ifneq ($(strip $(MODBUILDDIR)),) -+${MODBUILDDIR}/Makefile : ${LIBRESWANSRCDIR}/packaging/makefiles/module.make -+ mkdir -p ${MODBUILDDIR} -+ echo ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/*.S ${MODBUILDDIR} -+ (rm -f ${MODBUILDDIR}/des; mkdir -p ${MODBUILDDIR}/des && cd ${MODBUILDDIR}/des && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/des/* . && ln -s -f Makefile.fs2_6 Makefile) -+ (rm -f ${MODBUILDDIR}/aes; mkdir -p ${MODBUILDDIR}/aes && cd ${MODBUILDDIR}/aes && ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/aes/* . && ln -s -f Makefile.fs2_6 Makefile) -+ mkdir -p ${MODBUILDDIR}/aes -+ cp ${LIBRESWANSRCDIR}/packaging/makefiles/module.make ${MODBUILDDIR}/Makefile -+ ln -s -f ${LIBRESWANSRCDIR}/linux/net/ipsec/match*.S ${MODBUILDDIR} -+ -+module26: -+ @if [ -f ${KERNELSRC}/Rules.make ] ; then \ echo "Warning: Building for a 2.6+ kernel in what looks like a 2.4 tree"; \ -+ fi ; \ -+ ${MAKE} ${MODBUILDDIR}/Makefile -+ ${MAKE} -C ${KERNELSRC} ${KERNELBUILDMFLAGS} BUILDDIR=${MODBUILDDIR} SUBDIRS=${MODBUILDDIR} INITSYSTEM=$(INITSYSTEM) MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} MODULE_DEFCONFIG=${MODULE_DEFCONFIG} MODULE_EXTRA_INCLUDE=${MODULE_EXTRA_INCLUDE} ARCH=${ARCH} V=${V} modules -+ @echo -+ @echo '=========================================================' -+ @echo -+ @echo 'KLIPS module built successfully. ' -+ @echo ipsec.ko is in ${MODBUILDDIR} -+ @echo -+ @(cd ${MODBUILDDIR}; ls -l ipsec.ko) -+ @(cd ${MODBUILDDIR}; size ipsec.ko) -+ @echo -+ @echo 'use make minstall as root to install it' -+ @echo -+ @echo '=========================================================' -+ @echo -+ -+mod26clean module26clean: -+ rm -rf ${MODBUILDDIR} -+ -+# module-only install, with error checks -+minstall26: -+ $(call osmodlib-from-make,-C $(KERNELSRC) -p help) ; \ -+ if [ -z "$$OSMODLIB" ] ; then \ -+ $(call osmodlib-from-make,-C $(KERNELSRC) -n -p modules_install) ; \ -+ fi ; \ -+ if [ -z "$$OSMODLIB" ] ; then \ -+ echo "No known place to install module. Aborting." ; \ -+ exit 93 ; \ -+ fi ; \ -+ set -x ; \ -+ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ cp $(MODBUILDDIR)/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ if [ -f /sbin/depmod ] ; then \ -+ /sbin/depmod -a ; \ -+ fi ; \ -+ if [ -n "$(OSMOD_DESTDIR)" ] ; then \ -+ mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \ -+ if [ -f $$OSMODLIB/kernel/ipsec.ko -a -f $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \ -+ echo "WARNING: two ipsec.ko modules found in $$OSMODLIB/kernel:" ; \ -+ ls -l $$OSMODLIB/kernel/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \ -+ exit 1; \ -+ fi ; \ -+ fi -+ -+ -+else -+module26: -+ echo 'Building in place is no longer supported. Please set MODBUILDDIR=' -+ exit 1 -+ -+endif -+ -+# kernel install, with error checks -+kinstall: -+ rm -f out.kinstall -+ >out.kinstall -+ # undocumented kernel folklore: modules_install must precede install (observed on RHL8.0) -+ @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ -+ then set -x ; \ -+ ( cd $(KERNELSRC) ; \ -+ $(MAKE) $(KERNMAKEOPTS) modules_install 2>&1 ) | tee -a out.kinstall ; \ -+ fi -+ ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) install ) 2>&1 | tee -a out.kinstall -+ ${ERRCHECK} out.kinstall -+ -+kernelpatch3 kernelpatch3.5 kernelpatch2.6 kernelpatch: -+ packaging/utils/kernelpatch 2.6 -+ -+kernelpatch2.4: -+ packaging/utils/kernelpatch 2.4 -+ -+nattpatch: -+ if [ -f ${KERNELSRC}/Makefile ]; then \ -+ ${MAKE} nattpatch${KERNELREL}; \ -+ else echo "Cannot determine Linux kernel version. Perhaps you need to set KERNELSRC? (eg: export KERNELSRC=/usr/src/linux-`uname -r`/)"; exit 1; \ -+ fi; -+ -+sarefpatch2.6: -+ #cat patches/kernel/2.6.38/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch -+ #packaging/utils/sarefpatch 2.6 -+ echo "" -+ -+nattpatch2.6: -+ packaging/utils/nattpatch 2.6 -+ -+nattpatch2.4: -+ packaging/utils/nattpatch 2.4 -+ -+nattupdate: -+ (cd UMLPOOL && diff -u plain26/net/ipv4/udp.c.orig plain26/net/ipv4/udp.c; exit 0) >nat-t/net/ipv4/udp.c.os2_6.patch -+ -+# take all the patches out of the kernel -+# (Note, a couple of files are modified by non-patch means; they are -+# included in "make backup".) -+unpatch: -+ @echo \"make unpatch\" is obsolete. See make unapplypatch. -+ exit 1 -+ -+_unpatch: -+ for f in `find $(KERNELSRC)/. -name '*.preipsec' -print` ; \ -+ do \ -+ echo "restoring $$f:" ; \ -+ dir=`dirname $$f` ; \ -+ core=`basename $$f .preipsec` ; \ -+ cd $$dir ; \ -+ mv -f $$core.preipsec $$core ; \ -+ rm -f $$core.wipsec $$core.ipsecmd5 ; \ -+ done diff --git a/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch b/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch deleted file mode 100644 index f07f0eda60..0000000000 --- a/net/libreswan/patches/002-cripple_klips_klips_kernel_rules.patch +++ /dev/null @@ -1,22 +0,0 @@ -From fa00316e8c5151747f3e80895e6afd9ee1a9c0cd Mon Sep 17 00:00:00 2001 -From: Andrew Cagney -Date: Thu, 25 Oct 2018 21:02:45 -0400 -Subject: [PATCH] building: when !USE_KLIPS=true cripple klips kernel module - rules - ---- - Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 0b070966e6..2fcf0229fd 100644 ---- a/Makefile -+++ b/Makefile -@@ -216,5 +216,6 @@ install-fipshmac: - include ${LIBRESWANSRCDIR}/mk/docker-targets.mk - include ${LIBRESWANSRCDIR}/mk/kvm-targets.mk - include ${LIBRESWANSRCDIR}/mk/web-targets.mk -+ifeq ($(USE_KLIPS),true) - include ${LIBRESWANSRCDIR}/mk/kernel.mk -- -+endif