update openswan to 0.4.10, reenable 2.6 support, sync with included openwrt packaging code (ported from wr to kamikaze)

SVN-Revision: 9651

package/openswan/Makefile

@@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.4.8
+PKG_VERSION:=2.4.10
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openswan.org/download
-PKG_MD5SUM:=918cc56ccf8e5d14cd2047e47450b34a
+PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -32,7 +32,7 @@ define Package/openswan
 $(call Package/openswan/Default)
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=@LINUX_2_4 +kmod-openswan +libgmp +ip
+  DEPENDS:=+kmod-openswan +libgmp +ip
   TITLE+= (daemon)
   URL:=http://www.openswan.org/
 endef
@@ -45,7 +45,6 @@ endef
 define KernelPackage/openswan
 $(call Package/openswan/Default)
   SUBMENU:=Network Support
-  DEPENDS:=@LINUX_2_4 
   TITLE+= (kernel module)
   FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX)
 endef
@@ -55,22 +54,29 @@ $(call Package/openswan/Default/description)
  This package contains the Openswan kernel module.
 endef
 
+TARGET_CPPFLAGS = \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(LINUX_DIR)/include
 
-PKG_MAKE_OPTS:= \
-		LINUX_RELEASE="$(LINUX_RELEASE)" \
-		KERNELSRC="$(LINUX_DIR)" \
-		ARCH="$(LINUX_KARCH)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
-		IPSECDIR="/usr/lib/ipsec" \
-		INC_USRLOCAL="/usr" \
+TARGET_LDFLAGS = \
+	-L$(STAGING_DIR)/usr/lib
+
+OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \
+	$(TARGET_CONFIGURE_OPTS) \
+	LINUX_RELEASE="$(LINUX_RELEASE)" \
+	KERNELSRC="$(LINUX_DIR)" \
+	ARCH="$(LINUX_KARCH)" \
+	CROSS_COMPILE="$(TARGET_CROSS)" \
+	USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
+	IPSECDIR="/usr/lib/ipsec" \
+	INC_USRLOCAL="/usr" \
+	INC_RCDEFAULT="/etc/init.d" \
+	MODPROBE="/sbin/insmod" \
+	LDFLAGS="$(TARGET_LDFLAGS)" \
+	DESTDIR="$(PKG_INSTALL_DIR)"
 
 define Build/Compile
-	$(MAKE) -C $(PKG_BUILD_DIR) \
-		$(TARGET_CONFIGURE_OPTS) \
-		$(PKG_MAKE_OPTS) \
-		LDFLAGS="$(TARGET_LDFLAGS)" \
-		DESTDIR="$(PKG_INSTALL_DIR)" \
+	$(OPENSWAN_MAKE) \
 		programs module install
 endef
 

package/openswan/patches/100-pluto_includes.patch

@@ -1,13 +0,0 @@
-Index: openswan-2.4.8/programs/pluto/Makefile
-===================================================================
---- openswan-2.4.8.orig/programs/pluto/Makefile	2007-06-04 13:22:49.950261688 +0200
-+++ openswan-2.4.8/programs/pluto/Makefile	2007-06-04 13:22:50.017251504 +0200
-@@ -265,7 +265,7 @@
- LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS}
- LIBSPLUTO+=${CURL_LIBS} 
- LIBSPLUTO+=${EXTRA_CRYPTO_LIBS}
--LIBSPLUTO+= -lgmp -lresolv # -lefence
-+LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence
- 
- ifneq ($(LD_LIBRARY_PATH),)
- LDFLAGS=-L$(LD_LIBRARY_PATH)

package/openswan/patches/110-scripts.patch

@@ -1,30 +1,15 @@
-Index: openswan-2.4.8/programs/loggerfix
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openswan-2.4.8/programs/loggerfix	2007-06-04 13:22:50.209222320 +0200
+diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
+--- openswan.old/programs/loggerfix	1970-01-01 01:00:00.000000000 +0100
++++ openswan.dev/programs/loggerfix	2006-10-08 20:41:08.000000000 +0200
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
-Index: openswan-2.4.8/programs/look/look.in
-===================================================================
---- openswan-2.4.8.orig/programs/look/look.in	2007-06-04 13:22:49.874273240 +0200
-+++ openswan-2.4.8/programs/look/look.in	2007-06-04 13:22:50.209222320 +0200
-@@ -84,7 +84,7 @@
- then
- 	pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
- else
--	for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
-+	for i in `echo "$IPSECinterfaces" | tr '=' ' '`
- 	do
- 		pat="$pat|$i\$"
- 	done
-Index: openswan-2.4.8/programs/_plutorun/_plutorun.in
-===================================================================
---- openswan-2.4.8.orig/programs/_plutorun/_plutorun.in	2007-06-04 13:22:49.880272328 +0200
-+++ openswan-2.4.8/programs/_plutorun/_plutorun.in	2007-06-04 13:22:50.209222320 +0200
+diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
+--- openswan.old/programs/_plutorun/_plutorun.in	2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_plutorun/_plutorun.in	2006-10-08 20:41:08.000000000 +0200
 @@ -147,7 +147,7 @@
  			exit 1
  		fi
@@ -34,10 +19,9 @@ Index: openswan-2.4.8/programs/_plutorun/_plutorun.in
  		then
  			echo Cannot write to directory to create \"$stderrlog\".
  			exit 1
-Index: openswan-2.4.8/programs/_realsetup/_realsetup.in
-===================================================================
---- openswan-2.4.8.orig/programs/_realsetup/_realsetup.in	2007-06-04 13:22:49.888271112 +0200
-+++ openswan-2.4.8/programs/_realsetup/_realsetup.in	2007-06-04 13:22:50.210222168 +0200
+diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
+--- openswan.old/programs/_realsetup/_realsetup.in	2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_realsetup/_realsetup.in	2006-10-08 20:41:08.000000000 +0200
 @@ -232,7 +232,7 @@
  
  	# misc pre-Pluto setup
@@ -47,193 +31,3 @@ Index: openswan-2.4.8/programs/_realsetup/_realsetup.in
  
  	if test " $IPSECforwardcontrol" = " yes"
  	then
-Index: openswan-2.4.8/programs/send-pr/send-pr.in
-===================================================================
---- openswan-2.4.8.orig/programs/send-pr/send-pr.in	2007-06-04 13:22:49.894270200 +0200
-+++ openswan-2.4.8/programs/send-pr/send-pr.in	2007-06-04 13:22:50.210222168 +0200
-@@ -402,7 +402,7 @@
- 		    else
- 			if [ "$fieldname" != "Category" ]
- 			then
--			    values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
-+			    values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
- 			    valslen=`echo "$values" | wc -c`
- 			else
- 			    values="choose from a category listed above"
-@@ -414,7 +414,7 @@
- 			else
- 				desc="<${values} (one line)>";
- 			fi
--			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- 			echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
- 		    fi
- 		    echo "${fmtname}${desc}" >> $file
-@@ -425,7 +425,7 @@
- 			desc="	$default_val";
- 		    else
- 		        desc="	<`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
--			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- 			echo "s/^${dpat}//" >> $FIXFIL
- 		    fi
- 		    echo "${fmtname}" >> $file;
-@@ -437,7 +437,7 @@
- 			desc="${default_val}"
- 		    else
- 			desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
--			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- 			echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
- 		    fi
- 		    echo "${fmtname}${desc}" >> $file
-Index: openswan-2.4.8/programs/setup/setup.in
-===================================================================
---- openswan-2.4.8.orig/programs/setup/setup.in	2007-06-04 13:22:49.902268984 +0200
-+++ openswan-2.4.8/programs/setup/setup.in	2007-06-04 13:22:50.210222168 +0200
-@@ -117,12 +117,21 @@
- # do it
- case "$1" in
-   start|--start|stop|--stop|_autostop|_autostart)
--	if test " `id -u`" != " 0"
-+	if [ "x${USER}" != "xroot" ]
- 	then
- 		echo "permission denied (must be superuser)" |
- 			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- 		exit 1
- 	fi
-+	# make sure all required directories exist
-+	if [ ! -d /var/run/pluto ]
-+	then
-+		mkdir -p /var/run/pluto
-+	fi
-+	if [ ! -d /var/lock/subsys ]
-+	then
-+		mkdir -p /var/lock/subsys
-+	fi
- 	tmp=/var/run/pluto/ipsec_setup.st
- 	outtmp=/var/run/pluto/ipsec_setup.out
- 	(
-Index: openswan-2.4.8/programs/showhostkey/showhostkey.in
-===================================================================
---- openswan-2.4.8.orig/programs/showhostkey/showhostkey.in	2007-06-04 13:22:49.908268072 +0200
-+++ openswan-2.4.8/programs/showhostkey/showhostkey.in	2007-06-04 13:22:50.214221560 +0200
-@@ -63,7 +63,7 @@
- 	exit 1
- fi
- 
--host="`hostname --fqdn`"
-+host="`cat /proc/sys/kernel/hostname`"
- 
- awk '	BEGIN {
- 		inkey = 0
-@@ -81,7 +81,7 @@
- 		os = "[ \t]*"
- 		x = "[^ \t]+"
- 		oc = "(#.*)?"
--		suffix = ":" os "[rR][sS][aA]" os "{" os oc "$"
-+		suffix = ":" os "[rR][sS][aA]" os "[{]" os oc "$"
- 		if (id == "") {
- 			pat = "^" suffix
- 			printid = "default"
-Index: openswan-2.4.8/programs/starter/klips.c
-===================================================================
---- openswan-2.4.8.orig/programs/starter/klips.c	2007-06-04 13:22:49.914267160 +0200
-+++ openswan-2.4.8/programs/starter/klips.c	2007-06-04 13:22:50.214221560 +0200
-@@ -83,7 +83,7 @@
- 		if (stat(PROC_MODULES,&stb)==0) {
- 			unsetenv("MODPATH");
- 			unsetenv("MODULECONF");
--			system("depmod -a >/dev/null 2>&1 && modprobe ipsec");
-+			system("depmod -a >/dev/null 2>&1 && insmod ipsec");
- 		}
- 		if (stat(PROC_IPSECVERSION,&stb)==0) {
- 			_klips_module_loaded = 1;
-Index: openswan-2.4.8/programs/starter/netkey.c
-===================================================================
---- openswan-2.4.8.orig/programs/starter/netkey.c	2007-06-04 13:22:49.920266248 +0200
-+++ openswan-2.4.8/programs/starter/netkey.c	2007-06-04 13:22:50.214221560 +0200
-@@ -75,7 +75,7 @@
- 		if (stat(PROC_MODULES,&stb)==0) {
- 			unsetenv("MODPATH");
- 			unsetenv("MODULECONF");
--			system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key");
-+			system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key");
- 		}
- 		if (stat(PROC_NETKEY,&stb)==0) {
- 			_netkey_module_loaded = 1;
-Index: openswan-2.4.8/programs/_startklips/_startklips.in
-===================================================================
---- openswan-2.4.8.orig/programs/_startklips/_startklips.in	2007-06-04 13:22:49.928265032 +0200
-+++ openswan-2.4.8/programs/_startklips/_startklips.in	2007-06-04 13:22:50.215221408 +0200
-@@ -272,16 +272,16 @@
-     echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
-     exit
- fi
--if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
-+if test ! -f $ipsecversion && test ! -f $netkey
- then
- 	# statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
--	modprobe ipsec 2> /dev/null
-+	insmod -q ipsec 2> /dev/null
- fi
- 
--if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key
-+if test ! -f $ipsecversion && test ! -f $netkey
- then
- 	# netkey should work then
--	modprobe af_key 2> /dev/null
-+	insmod -q af_key 2> /dev/null
- fi
- if test ! -f $ipsecversion && test ! -f $netkey 
- then
-@@ -294,27 +294,27 @@
- # modules shared between klips and netkey
- if test -f $modules
- then
--	# we modprobe hw_random so ipsec verify can complain about not using it
--	modprobe -q hw_random 2> /dev/null
-+	# we insmod hw_random so ipsec verify can complain about not using it
-+	insmod -q hw_random 2> /dev/null
- 	# padlock must load before aes module
--	modprobe -q padlock 2> /dev/null
-+	insmod -q padlock 2> /dev/null
- 	# load the most common ciphers/algo's
--	modprobe -q sha256 2> /dev/null
--	modprobe -q sha1 2> /dev/null
--	modprobe -q md5 2> /dev/null
--	modprobe -q des 2> /dev/null
--	modprobe -q aes 2> /dev/null
-+	insmod -q sha256 2> /dev/null
-+	insmod -q sha1 2> /dev/null
-+	insmod -q md5 2> /dev/null
-+	insmod -q des 2> /dev/null
-+	insmod -q aes 2> /dev/null
- 
- 	if test -f $netkey
- 	then
- 		klips=false
--		modprobe -q ah4 2> /dev/null
--		modprobe -q esp4 2> /dev/null
--		modprobe -q ipcomp 2> /dev/null
-+		insmod -q ah4 2> /dev/null
-+		insmod -q esp4 2> /dev/null
-+		insmod -q ipcomp 2> /dev/null
- 		#  xfrm4_tunnel is needed by ipip and ipcomp
--		modprobe -q xfrm4_tunnel 2> /dev/null
-+		insmod -q xfrm4_tunnel 2> /dev/null
- 		# xfrm_user contains netlink support for IPsec 
--		modprobe -q xfrm_user 2> /dev/null
-+		insmod -q xfrm_user 2> /dev/null
- 	fi
- 
- 	if test ! -f $ipsecversion && $klips
-@@ -327,7 +327,7 @@
- 		fi
-                	unset MODPATH MODULECONF        # no user overrides!
-                	depmod -a >/dev/null 2>&1
--               	modprobe -v ipsec
-+               	insmod -v ipsec
-         	if test ! -f $ipsecversion
-         	then
-                 	echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"

package/openswan/patches/130-sysctl_api_change.patch

@@ -1,17 +0,0 @@
-Index: openswan-2.4.8/linux/net/ipsec/sysctl_net_ipsec.c
-===================================================================
---- openswan-2.4.8.orig/linux/net/ipsec/sysctl_net_ipsec.c	2007-06-04 13:22:49.815282208 +0200
-+++ openswan-2.4.8/linux/net/ipsec/sysctl_net_ipsec.c	2007-06-04 13:22:51.852972432 +0200
-@@ -130,7 +130,11 @@
- 
- int ipsec_sysctl_register(void)
- {
--        ipsec_table_header = register_sysctl_table(ipsec_root_table, 0);
-+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,20)
-+		ipsec_table_header = register_sysctl_table(ipsec_root_table);
-+#else
-+		ipsec_table_header = register_sysctl_table(ipsec_root_table, 0);
-+#endif
-         if (!ipsec_table_header) {
-                 return -ENOMEM;
- 	}

package/openswan/patches/140-linux_moduleparam.patch

@@ -1,13 +0,0 @@
-diff -urN openswan-2.4.8/linux/net/ipsec/ipsec_proc.c openswan-2.4.8.new/linux/net/ipsec/ipsec_proc.c
---- openswan-2.4.8/linux/net/ipsec/ipsec_proc.c	2006-11-15 23:21:39.000000000 +0100
-+++ openswan-2.4.8.new/linux/net/ipsec/ipsec_proc.c	2007-06-13 20:00:51.000000000 +0200
-@@ -27,6 +27,9 @@
- #include <linux/version.h>
- #define __NO_VERSION__
- #include <linux/module.h>
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-+#include <linux/moduleparam.h>
-+#endif
- #include <linux/kernel.h> /* printk() */
- 
- #include "openswan/ipsec_kversion.h"