diff options
author | Nick Rosbrook <rosbrookn@gmail.com> | 2020-11-10 10:29:40 -0500 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2020-11-10 08:15:56 -0800 |
commit | b5700729022f51bef387d532e35168d7ebe6d4bc (patch) | |
tree | 9c1705582694fae92960ed8331ef023c0eca83ff /meta-networking | |
parent | 65751e16ac63d083301596453736b353a391dc9e (diff) | |
download | meta-openembedded-b5700729022f51bef387d532e35168d7ebe6d4bc.tar.gz |
strongswan: do not use deprecated stroke and starter by default
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.
While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.
Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking')
-rw-r--r-- | meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb index ca645ed2c..7f2a2b1e4 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | |||
@@ -25,7 +25,8 @@ EXTRA_OECONF = " \ | |||
25 | 25 | ||
26 | EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" | 26 | EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" |
27 | 27 | ||
28 | PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \ | 28 | PACKAGECONFIG ??= "curl gmp openssl sqlite3 swanctl \ |
29 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \ | ||
29 | ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \ | 30 | ${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)} \ |
30 | " | 31 | " |
31 | PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" | 32 | PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" |
@@ -135,4 +136,11 @@ RDEPENDS_${PN} += "\ | |||
135 | RPROVIDES_${PN} += "${PN}-systemd" | 136 | RPROVIDES_${PN} += "${PN}-systemd" |
136 | RREPLACES_${PN} += "${PN}-systemd" | 137 | RREPLACES_${PN} += "${PN}-systemd" |
137 | RCONFLICTS_${PN} += "${PN}-systemd" | 138 | RCONFLICTS_${PN} += "${PN}-systemd" |
138 | SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} ${BPN}-starter.service" | 139 | |
140 | # The deprecated legacy 'strongswan-starter' service should only be used when charon and | ||
141 | # stroke are enabled. When swanctl is in use, 'strongswan.service' is needed. | ||
142 | # See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd | ||
143 | SYSTEMD_SERVICE_${PN} = " \ | ||
144 | ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \ | ||
145 | ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \ | ||
146 | " | ||