git: de8342c34458 - main - security/strongswan: Allow old stroke interface to be enabled

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Vladimir Druzenko <vvd_at_FreeBSD.org>
Date: Thu, 27 Feb 2025 08:51:51 UTC
The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=de8342c344586c7f63cad0576b807820eb568099

commit de8342c344586c7f63cad0576b807820eb568099
Author:     kwf <kwf@nanoteq.com>
AuthorDate: 2025-02-27 08:48:04 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-02-27 08:51:44 +0000

    security/strongswan: Allow old stroke interface to be enabled
    
    Note that strongSwan has deprecated the stroke management interface for
    years, and it is recommended to migrate the configuration to vici before
    it is removed.
    
    PR:     285049
---
 security/strongswan/Makefile  |  6 +++++-
 security/strongswan/pkg-plist | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
index a8f429c1d728..b65637df0d71 100644
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	strongswan
 DISTVERSION=	6.0.0
+PORTREVISION=	1
 CATEGORIES=	security net-vpn
 MASTER_SITES=	https://download.strongswan.org/ \
 		https://download2.strongswan.org/
@@ -43,7 +44,7 @@ TEST_TARGET=	check
 OPTIONS_DEFINE=			CTR CURL DHCP EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS \
 				EAPSIMFILE FARP GCM IKEV1 IPSECKEY KDF \
 				KERNELLIBIPSEC LDAP LOADTESTER MEDIATION ML MYSQL \
-				PKCS11 PKI PYTHON SMP SQLITE SWANCTL \
+				PKCS11 PKI PYTHON SMP SQLITE STROKE SWANCTL \
 				TESTVECTOR TPM TSS2 UNBOUND UNITY VICI XAUTH
 OPTIONS_DEFINE_i386=	VIA
 OPTIONS_DEFAULT=		BUILTIN CURL GCM IKEV1 KDF PKI SWANCTL VICI
@@ -74,6 +75,7 @@ PKCS11_DESC=		Enable PKCS11 token support
 PKI_DESC=		Enable PKI tools
 PYTHON_DESC=		Python VICI protocol plugin
 SMP_DESC=		Enable XML-based management protocol (DEPRECATED)
+STROKE_DESC=		Enable stroke management protcol (DEPRECATED)
 SWANCTL_DESC=		Install swanctl (requires VICI)
 TESTVECTOR_DESC=	Enable crypto test vectors
 TPM_DESC=		Enable TPM plugin
@@ -122,6 +124,7 @@ SMP_LIB_DEPENDS=		libxml2.so:textproc/libxml2
 SMP_CONFIGURE_ON=		--enable-smp
 SQLITE_LIB_DEPENDS=		libsqlite3.so:databases/sqlite3
 SQLITE_CONFIGURE_ON=		--enable-sqlite
+STROKE_CONFIGURE_ON=		--enable-stroke
 SWANCTL_IMPLIES=		VICI
 SWANCTL_CONFIGURE_ON=		--enable-swanctl
 TESTVECTOR_CONFIGURE_ON=	--enable-test-vectors
@@ -135,6 +138,7 @@ UNITY_CONFIGURE_ON=		--enable-unity
 VIA_CONFIGURE_ON=		--enable-padlock
 VICI_CONFIGURE_ON=		--enable-vici
 VICI_SUB_LIST=			INTERFACE="vici"
+VICI_SUB_LIST_OFF=		INTERFACE="stroke"
 VSTR_LIB_DEPENDS=		libvstr.so:devel/vstr
 VSTR_CONFIGURE_ON=		--with-printf-hooks=vstr
 XAUTH_CONFIGURE_ON=		--enable-xauth-eap \
diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist
index 2c9b9cca2b09..5911dac35547 100644
--- a/security/strongswan/pkg-plist
+++ b/security/strongswan/pkg-plist
@@ -15,6 +15,7 @@
 %%DHCP%%%%ETCDIR%%.d/charon/dhcp.conf.sample
 @sample %%ETCDIR%%.d/charon/dnskey.conf.sample
 @sample %%ETCDIR%%.d/charon/drbg.conf.sample
+%%STROKE%%@sample %%ETCDIR%%.d/starter.conf.sample
 %%EAPAKA3GPP2%%@sample %%ETCDIR%%.d/charon/eap-aka-3gpp2.conf.sample
 %%EAPAKA3GPP2%%@sample %%ETCDIR%%.d/charon/eap-aka.conf.sample
 %%EAPDYNAMIC%%@sample %%ETCDIR%%.d/charon/eap-dynamic.conf.sample
@@ -57,6 +58,7 @@
 %%SMP%%@sample %%ETCDIR%%.d/charon/smp.conf.sample
 @sample %%ETCDIR%%.d/charon/socket-default.conf.sample
 %%SQL%%@sample %%ETCDIR%%.d/charon/sql.conf.sample
+%%STROKE%%@sample %%ETCDIR%%.d/charon/stroke.conf.sample
 %%SQLITE%%@sample %%ETCDIR%%.d/charon/sqlite.conf.sample
 @sample %%ETCDIR%%.d/charon/sshkey.conf.sample
 %%TESTVECTOR%%@sample %%ETCDIR%%.d/charon/test-vectors.conf.sample
@@ -74,6 +76,8 @@
 %%PKI%%@sample %%ETCDIR%%.d/pki.conf.sample
 %%SQL%%@sample %%ETCDIR%%.d/pool.conf.sample
 %%SWANCTL%%@sample %%ETCDIR%%.d/swanctl.conf.sample
+%%STROKE%%@sample etc/ipsec.conf.sample
+%%STROKE%%@sample etc/ipsec.secrets.sample
 %%SWANCTL%%@sample etc/swanctl/swanctl.conf.sample
 %%VICI%%include/libvici.h
 lib/ipsec/libcharon.la
@@ -222,6 +226,8 @@ lib/ipsec/plugins/libstrongswan-socket-default.so
 %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so
 lib/ipsec/plugins/libstrongswan-sshkey.la
 lib/ipsec/plugins/libstrongswan-sshkey.so
+%%STROKE%%lib/ipsec/plugins/libstrongswan-stroke.la
+%%STROKE%%lib/ipsec/plugins/libstrongswan-stroke.so
 %%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la
 %%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so
 %%TPM%%lib/ipsec/plugins/libstrongswan-tpm.la
@@ -248,6 +254,8 @@ lib/ipsec/plugins/libstrongswan-xcbc.la
 lib/ipsec/plugins/libstrongswan-xcbc.so
 libexec/ipsec/_updown
 libexec/ipsec/charon
+%%STROKE%%libexec/ipsec/starter
+%%STROKE%%libexec/ipsec/stroke
 %%LOADTESTER%%libexec/ipsec/load-tester
 %%SQL%%libexec/ipsec/pool
 libexec/ipsec/whitelist
@@ -269,11 +277,15 @@ libexec/ipsec/whitelist
 %%PKI%%share/man/man1/pki---signcrl.1.gz
 %%PKI%%share/man/man1/pki---verify.1.gz
 %%PKI%%share/man/man1/pki.1.gz
+%%STROKE%%share/man/man5/ipsec.conf.5.gz
+%%STROKE%%share/man/man5/ipsec.secrets.5.gz
+%%STROKE%%share/man/man8/ipsec.8.gz
 share/man/man5/strongswan.conf.5.gz
 %%SWANCTL%%share/man/man5/swanctl.conf.5.gz
 share/man/man8/charon-cmd.8.gz
 %%SWANCTL%%share/man/man8/swanctl.8.gz
 sbin/charon-cmd
+%%STROKE%%sbin/ipsec
 %%SWANCTL%%sbin/swanctl
 %%DATADIR%%/templates/config/plugins/addrblock.conf
 %%SQL%%%%DATADIR%%/templates/config/plugins/attr-sql.conf
@@ -331,6 +343,8 @@ sbin/charon-cmd
 %%SQL%%%%DATADIR%%/templates/config/plugins/sql.conf
 %%SQLITE%%%%DATADIR%%/templates/config/plugins/sqlite.conf
 %%DATADIR%%/templates/config/plugins/sshkey.conf
+%%STROKE%%%%DATADIR%%/templates/config/plugins/stroke.conf
+%%STROKE%%%%DATADIR%%/templates/config/strongswan.d/starter.conf
 %%TESTVECTOR%%%%DATADIR%%/templates/config/plugins/test-vectors.conf
 %%TPM%%%%DATADIR%%/templates/config/plugins/tpm.conf
 %%UNBOUND%%%%DATADIR%%/templates/config/plugins/unbound.conf
@@ -364,3 +378,11 @@ sbin/charon-cmd
 %%SWANCTL%%@dir etc/swanctl/x509ca
 %%SWANCTL%%@dir etc/swanctl/x509crl
 %%SWANCTL%%@dir etc/swanctl/x509ocsp
+%%STROKE%%@dir etc/ipsec.d/aacerts
+%%STROKE%%@dir etc/ipsec.d/acerts
+%%STROKE%%@dir etc/ipsec.d/cacerts
+%%STROKE%%@dir etc/ipsec.d/certs
+%%STROKE%%@dir etc/ipsec.d/crls
+%%STROKE%%@dir etc/ipsec.d/ocspcerts
+%%STROKE%%@dir etc/ipsec.d/private
+%%STROKE%%@dir etc/ipsec.d/reqs