update to latest upstream version, separate easy-rsa package, add polarssl support

author: Waldemar Brodkorb <wbx@openadk.org> 2013-08-20 19:01:19 +0200
committer: Waldemar Brodkorb <wbx@openadk.org> 2013-08-20 19:01:19 +0200
commit: 2cc570cd27219fa793f5c3158da0c4c048db8038 (patch)
tree: a0efa550b8cae1ccdc5b8769a69af3c5145fa2a7 /package/openvpn
parent: 3820a77d14514b8a1c5ac020616944667bd839da (diff)
10 files changed, 24 insertions, 177 deletions
diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile
index 39fd53b23..2deb20898 100644
--- a/package/openvpn/Makefile
+++ b/package/openvpn/Makefile
@@ -4,17 +4,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=		openvpn
-PKG_VERSION:=		2.2.2
+PKG_VERSION:=		2.3.2
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		c5181e27b7945fa6276d21873329c5c7
+PKG_MD5SUM:=		06e5f93dbf13f2c19647ca15ffc23ac1
 PKG_DESCR:=		Open Source VPN solution using SSL
 PKG_SECTION:=		net/security
-PKG_DEPENDS:=		kmod-tun libopenssl ip
-PKG_BUILDDEP:=		openssl
+PKG_DEPENDS:=		kmod-tun ip
 PKG_URL:=		http://openvpn.net/
 PKG_SITES:=		http://swupdate.openvpn.org/community/releases/
 
-PKG_SUBPKGS:=		OPENVPN OPENVPN_EASY_RSA
+PKG_SUBPKGS:=		OPENVPN
 PKG_FLAVOURS_OPENVPN:=	WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS SERVER CLIENT
 PKGSS_OPENVPN_EASY_RSA:=openssl-util
 PKGFD_SERVER:=		deliver server example configuration
@@ -26,10 +25,17 @@ PKGFD_WITH_MANAGEMENT:=	enable management server support
 PKGFD_WITH_HTTPPROXY:=	enable http proxy support
 PKGFD_WITH_SOCKS:=	enable socks proxy support
 
+PKG_CHOICES_OPENVPN:=		WITH_OPENSSL WITH_POLARSSL
+PKGCD_WITH_OPENSSL:=		use OpenSSL for crypto
+PKGCS_WITH_OPENSSL:=		libopenssl
+PKGCB_WITH_OPENSSL:=		openssl
+PKGCD_WITH_POLARSSL:=		use PolarSSL for crypto
+PKGCS_WITH_POLARSSL:=		libpolarssl
+PKGCB_WITH_POLARSSL:=		polarssl
+
 include $(TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,OPENVPN,${PKG_NAME},$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_LZO),)
 CONFIGURE_ARGS+=	--enable-lzo
@@ -44,9 +50,9 @@ CONFIGURE_ARGS+=	--disable-management
 endif
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),)
-CONFIGURE_ARGS+=	--enable-http
+CONFIGURE_ARGS+=	--enable-http-proxy
 else
-CONFIGURE_ARGS+=	--disable-http
+CONFIGURE_ARGS+=	--disable-http-proxy
 endif
 
 ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),)
@@ -55,13 +61,17 @@ else
 CONFIGURE_ARGS+=	--disable-socks
 endif
 
-CONFIGURE_ARGS+=	--disable-pthread \
-			--disable-plugins \
+ifeq (${ADK_PACKAGE_OPENVPN_WITH_OPENSSL},y)
+CONFIGURE_ARGS+=	--with-crypto-library=openssl
+endif
+ifeq (${ADK_PACKAGE_OPENVPN_WITH_POLARSSL},y)
+CONFIGURE_ARGS+=	--with-crypto-library=polarssl
+endif
+
+CONFIGURE_ARGS+=	--disable-plugins \
 			--enable-small \
-			--enable-iproute2 \
-			--with-iproute-path=/usr/sbin/ip \
-			--without-ifconfig-path \
-			--without-route-path
+			--disable-debug \
+			--enable-iproute2
 
 post-install:
 	${INSTALL_DIR} $(IDIR_OPENVPN)/usr/sbin $(IDIR_OPENVPN)/etc/openvpn
@@ -75,16 +85,4 @@ ifeq ($(ADK_PACKAGE_OPENVPN_CLIENT),y)
 	echo "/etc/openvpn/client.conf" > ./files/openvpn.conffiles
 endif
 
-openvpn-easy-rsa-install:
-	${INSTALL_DIR} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
-	touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt
-	$(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
-	$(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \
-		$(IDIR_OPENVPN_EASY_RSA)/usr/sbin
-	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
-	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \
-		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
-
 include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/openvpn/files/serial b/package/openvpn/files/serial
deleted file mode 100644
index 8a0f05e16..000000000
--- a/package/openvpn/files/serial
+++ /dev/null
@@ -1 +0,0 @@
-01
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh b/package/openvpn/patches/patch-easy-rsa_2_0_build-dh
deleted file mode 100644
index 771800a17..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh
+++ /dev/null
@@ -1,10 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/build-dh	2011-04-27 11:52:59.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/build-dh	2011-12-02 18:10:44.000000000 +0100
-@@ -1,5 +1,7 @@
- #!/bin/sh
- 
-+. /etc/easy-rsa/vars
-+
- # Build Diffie-Hellman parameters for the server side
- # of an SSL/TLS connection.
- 
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all b/package/openvpn/patches/patch-easy-rsa_2_0_clean-all
deleted file mode 100644
index 03df1d1c9..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all
+++ /dev/null
@@ -1,9 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/clean-all	2011-04-27 11:52:59.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/clean-all	2011-12-01 19:43:07.000000000 +0100
-@@ -1,5 +1,6 @@
- #!/bin/sh
- 
-+. /etc/easy-rsa/vars
- # Initialize the $KEY_DIR directory.
- # Note that this script does a
- # rm -rf on $KEY_DIR so be careful!
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl b/package/openvpn/patches/patch-easy-rsa_2_0_list-crl
deleted file mode 100644
index 66f5d764d..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl
+++ /dev/null
@@ -1,9 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/list-crl	2011-04-27 11:52:59.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/list-crl	2011-12-01 19:43:24.000000000 +0100
-@@ -1,5 +1,6 @@
- #!/bin/sh
- 
-+. /etc/easy-rsa/vars
- # list revoked certificates
- 
- CRL="${1:-crl.pem}"
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf b/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf
deleted file mode 100644
index 9dd542d8a..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf
+++ /dev/null
@@ -1,11 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/openssl-1.0.0.cnf	2011-07-01 10:31:26.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf	2011-12-03 11:36:46.000000000 +0100
-@@ -3,7 +3,7 @@
- # This definition stops the following lines choking if HOME isn't
- # defined.
- HOME			= .
--RANDFILE		= $ENV::HOME/.rnd
-+RANDFILE		= /etc/easy-rsa/.rnd
- openssl_conf		= openssl_init
- 
- [ openssl_init ]
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool b/package/openvpn/patches/patch-easy-rsa_2_0_pkitool
deleted file mode 100644
index 87b0c33db..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool
+++ /dev/null
@@ -1,8 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/pkitool	2011-04-27 11:52:59.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/pkitool	2011-12-01 19:43:15.000000000 +0100
-@@ -1,4 +1,5 @@
- #!/bin/sh
-+. /etc/easy-rsa/vars
- 
- #  OpenVPN -- An application to securely tunnel IP networks
- #             over a single TCP/UDP port, with support for SSL/TLS-based
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full b/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full
deleted file mode 100644
index ac66c4bb9..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full
+++ /dev/null
@@ -1,10 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/revoke-full	2011-04-27 11:52:59.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/revoke-full	2011-12-01 19:43:00.000000000 +0100
-@@ -2,6 +2,7 @@
- 
- # revoke a certificate, regenerate CRL,
- # and verify revocation
-+. /etc/easy-rsa/vars
- 
- CRL="crl.pem"
- RT="revoke-test.pem"
diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_vars b/package/openvpn/patches/patch-easy-rsa_2_0_vars
deleted file mode 100644
index 972f76541..000000000
--- a/package/openvpn/patches/patch-easy-rsa_2_0_vars
+++ /dev/null
@@ -1,32 +0,0 @@
---- openvpn-2.2.1.orig/easy-rsa/2.0/vars	2011-07-01 10:31:26.000000000 +0200
-+++ openvpn-2.2.1/easy-rsa/2.0/vars	2011-12-02 19:44:31.000000000 +0100
-@@ -12,7 +12,7 @@
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
--export EASY_RSA="`pwd`"
-+export EASY_RSA="/etc/easy-rsa"
- 
- #
- # This variable should point to
-@@ -26,7 +26,7 @@ export GREP="grep"
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
--export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-+export KEY_CONFIG=/etc/easy-rsa/openssl.cnf
- 
- # Edit this variable to point to
- # your soon-to-be-created key
-@@ -66,9 +66,7 @@ export KEY_PROVINCE="CA"
- export KEY_CITY="SanFrancisco"
- export KEY_ORG="Fort-Funston"
- export KEY_EMAIL="me@myhost.mydomain"
--export KEY_EMAIL=mail@host.domain
--export KEY_CN=changeme
--export KEY_NAME=changeme
--export KEY_OU=changeme
-+export KEY_NAME=VPN
-+export KEY_OU="IT Security"
- export PKCS11_MODULE_PATH=changeme
- export PKCS11_PIN=1234
diff --git a/package/openvpn/patches/patch-t_client_sh b/package/openvpn/patches/patch-t_client_sh
deleted file mode 100644
index 43e346ee1..000000000
--- a/package/openvpn/patches/patch-t_client_sh
+++ /dev/null
@@ -1,61 +0,0 @@
---- openvpn-2.2.1.orig/t_client.sh	2011-07-01 11:27:01.000000000 +0200
-+++ openvpn-2.2.1/t_client.sh	2011-12-02 19:33:52.000000000 +0100
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/bin/bash
- #
- # run OpenVPN client against ``test reference'' server
- # - check that ping, http, ... via tunnel works
-@@ -80,12 +80,12 @@ fail()
- get_ifconfig_route()
- {
-     # linux / iproute2? (-> if configure got a path)
--    if [ "/sbin/ip" != "ip" ]
-+    if [ "/usr/sbin/ip" != "ip" ]
-     then
- 	echo "-- linux iproute2 --"
--	/sbin/ip addr show     | grep -v valid_lft
--	/sbin/ip route show
--	/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
-+	/usr/sbin/ip addr show     | grep -v valid_lft
-+	/usr/sbin/ip route show
-+	/usr/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
- 	return
-     fi
- 
-@@ -93,27 +93,27 @@ get_ifconfig_route()
-     case `uname -s` in
- 	Linux)
- 	   echo "-- linux / ifconfig --"
--	   LANG=C /sbin/ifconfig -a |egrep  "( addr:|encap:)"
--	   LANG=C /bin/netstat -rn -4 -6
-+	   LANG=C no -a |egrep  "( addr:|encap:)"
-+	   LANG=C /usr/sbin/netstat -rn -4 -6
- 	   return
- 	   ;;
- 	FreeBSD|NetBSD|Darwin)
- 	   echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)"
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
-+	   no -a | egrep "(flags=|inet)"
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- 	   return
- 	   ;;
- 	OpenBSD)
- 	   echo "-- OpenBSD --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)" | \
-+	   no -a | egrep "(flags=|inet)" | \
- 		sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//'
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- 	   return
- 	   ;;
- 	SunOS)
- 	   echo "-- Solaris --"
--	   /sbin/ifconfig -a | egrep "(flags=|inet)"
--	   /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
-+	   no -a | egrep "(flags=|inet)"
-+	   /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
- 	   return
- 	   ;;
-     esac
author	Waldemar Brodkorb <wbx@openadk.org>	2013-08-20 19:01:19 +0200
committer	Waldemar Brodkorb <wbx@openadk.org>	2013-08-20 19:01:19 +0200
commit	2cc570cd27219fa793f5c3158da0c4c048db8038 (patch)
tree	a0efa550b8cae1ccdc5b8769a69af3c5145fa2a7 /package/openvpn
parent	3820a77d14514b8a1c5ac020616944667bd839da (diff)