diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 993b5e1c8..98ef9e491 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.1 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -454,9 +454,11 @@ endef define Package/strongswan/install $(INSTALL_DIR) $(1)/etc $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/ + echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf $(INSTALL_DIR) $(1)/usr/lib/ipsec $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/ $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ + echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec @@ -502,9 +504,20 @@ endef define Package/strongswan-ipsec/install $(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/ + echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ endef +define Package/strongswan-ipsec/postinst +#!/bin/sh + +[ -z "$${IPKG_INSTROOT}" ] || exit 0 + +opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || { + rm -f /etc/ipsec.conf-opkg +} +endef + define Package/strongswan-pki/install $(INSTALL_DIR) $(1)/etc/strongswan.d $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/ diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init index 1881e1f14..ed55b95a9 100644 --- a/net/strongswan/files/ipsec.init +++ b/net/strongswan/files/ipsec.init @@ -27,58 +27,31 @@ xappend() { local file="$1" shift - echo "${@}" >> "${file}" -} - -remove_include() { - local file="$1" - local include="$2" - - sed -i "\_${include}_d" "${file}" -} - -remove_includes() { - remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" - remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" - remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" -} - -do_include() { - local conf="$1" - local uciconf="$2" - local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX` - - [ ! -f "${conf}" ] && rm -rf "${conf}" - touch "${conf}" - - cat "${conf}" | grep -v "${uciconf}" > "${backup}" - mv "${backup}" "${conf}" - xappend "${conf}" "include ${uciconf}" - file_reset "${uciconf}" + echo "$@" >> "$file" } ipsec_reset() { - do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" + file_reset "$IPSEC_VAR_CONN_FILE" } ipsec_xappend() { - xappend "${IPSEC_VAR_CONN_FILE}" "$@" + xappend "$IPSEC_VAR_CONN_FILE" "$@" } swan_reset() { - do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" + file_reset "$STRONGSWAN_VAR_CONF_FILE" } swan_xappend() { - xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@" + xappend "$STRONGSWAN_VAR_CONF_FILE" "$@" } secret_reset() { - do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" + file_reset "$IPSEC_VAR_SECRETS_FILE" } secret_xappend() { - xappend "${IPSEC_VAR_SECRETS_FILE}" "$@" + xappend "$IPSEC_VAR_SECRETS_FILE" "$@" } warning() { @@ -204,7 +177,7 @@ config_conn() { [ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier" [ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown" [ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown" - [ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker" + [ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker" ipsec_xappend " keyexchange=$keyexchange" set_crypto_proposal "$1" @@ -267,6 +240,14 @@ config_remote() { ipsec_xappend "" } +do_preamble() { + ipsec_xappend "# generated by /etc/init.d/ipsec" + ipsec_xappend "version 2" + ipsec_xappend "" + + secret_xappend "# generated by /etc/init.d/ipsec" +} + config_ipsec() { local debug local rtinstall_enabled @@ -280,11 +261,7 @@ config_ipsec() { secret_reset swan_reset - ipsec_xappend "# generated by /etc/init.d/ipsec" - ipsec_xappend "version 2" - ipsec_xappend "" - - secret_xappend "# generated by /etc/init.d/ipsec" + do_preamble config_get debug "$1" debug 0 config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 @@ -332,7 +309,6 @@ config_ipsec() { prepare_env() { mkdir -p /var/ipsec - remove_includes config_load ipsec config_foreach config_ipsec ipsec config_foreach config_remote remote