Browse Source

Merge pull request #14711 from pprindeville/strongswan-make-includes-persistent

strongswan: make the include's in the .conf files persistent
lilik-openwrt-22.03
Philip Prindeville 4 years ago
committed by GitHub
parent
commit
a7c8f9de0c
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 42 deletions
  1. +14
    -1
      net/strongswan/Makefile
  2. +17
    -41
      net/strongswan/files/ipsec.init

+ 14
- 1
net/strongswan/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.1
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
@ -454,9 +454,11 @@ endef
define Package/strongswan/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf
$(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
$(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
@ -502,9 +504,20 @@ endef
define Package/strongswan-ipsec/install
$(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
endef
define Package/strongswan-ipsec/postinst
#!/bin/sh
[ -z "$${IPKG_INSTROOT}" ] || exit 0
opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
rm -f /etc/ipsec.conf-opkg
}
endef
define Package/strongswan-pki/install
$(INSTALL_DIR) $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/


+ 17
- 41
net/strongswan/files/ipsec.init View File

@ -27,58 +27,31 @@ xappend() {
local file="$1"
shift
echo "${@}" >> "${file}"
}
remove_include() {
local file="$1"
local include="$2"
sed -i "\_${include}_d" "${file}"
}
remove_includes() {
remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
}
do_include() {
local conf="$1"
local uciconf="$2"
local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX`
[ ! -f "${conf}" ] && rm -rf "${conf}"
touch "${conf}"
cat "${conf}" | grep -v "${uciconf}" > "${backup}"
mv "${backup}" "${conf}"
xappend "${conf}" "include ${uciconf}"
file_reset "${uciconf}"
echo "$@" >> "$file"
}
ipsec_reset() {
do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
file_reset "$IPSEC_VAR_CONN_FILE"
}
ipsec_xappend() {
xappend "${IPSEC_VAR_CONN_FILE}" "$@"
xappend "$IPSEC_VAR_CONN_FILE" "$@"
}
swan_reset() {
do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
file_reset "$STRONGSWAN_VAR_CONF_FILE"
}
swan_xappend() {
xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@"
xappend "$STRONGSWAN_VAR_CONF_FILE" "$@"
}
secret_reset() {
do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
file_reset "$IPSEC_VAR_SECRETS_FILE"
}
secret_xappend() {
xappend "${IPSEC_VAR_SECRETS_FILE}" "$@"
xappend "$IPSEC_VAR_SECRETS_FILE" "$@"
}
warning() {
@ -204,7 +177,7 @@ config_conn() {
[ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier"
[ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown"
[ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown"
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker"
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker"
ipsec_xappend " keyexchange=$keyexchange"
set_crypto_proposal "$1"
@ -267,6 +240,14 @@ config_remote() {
ipsec_xappend ""
}
do_preamble() {
ipsec_xappend "# generated by /etc/init.d/ipsec"
ipsec_xappend "version 2"
ipsec_xappend ""
secret_xappend "# generated by /etc/init.d/ipsec"
}
config_ipsec() {
local debug
local rtinstall_enabled
@ -280,11 +261,7 @@ config_ipsec() {
secret_reset
swan_reset
ipsec_xappend "# generated by /etc/init.d/ipsec"
ipsec_xappend "version 2"
ipsec_xappend ""
secret_xappend "# generated by /etc/init.d/ipsec"
do_preamble
config_get debug "$1" debug 0
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
@ -332,7 +309,6 @@ config_ipsec() {
prepare_env() {
mkdir -p /var/ipsec
remove_includes
config_load ipsec
config_foreach config_ipsec ipsec
config_foreach config_remote remote


Loading…
Cancel
Save