summaryrefslogtreecommitdiff
path: root/user/strongswan/APKBUILD
blob: c755ec76752228bcc290e2a14192a0152a910d5b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Contributor: Jesse Young <jlyo@jlyo.org>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Lee Starnes <lee@canned-death.us>
pkgname=strongswan
pkgver=5.9.13
pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="https://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL-2.0 AND RSA-MD5 AND RSA-PKCS11 AND DES"
depends="iproute2"
depends_dev=""
makedepends="$depends_dev linux-headers python3 sqlite-dev openssl-dev curl-dev
	gmp-dev libcap-dev"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-openrc"
install="$pkgname.pre-install"
source="https://download.strongswan.org/$pkgname-$pkgver.tar.bz2

	strongswan.initd
	charon.initd
	"

# secfixes:
#   5.9.12-r0:
#     - CVE-2023-41913
#   5.9.11-r0:
#     - CVE-2023-26463
#   5.9.8-r0:
#     - CVE-2022-40617
#   5.9.5-r0:
#     - CVE-2021-45079
#   5.7.1-r0:
#     - CVE-2018-17540

build() {
	# notes about configuration:
	# - try to keep options in ./configure --help order
	# - apk depends on openssl, so we use that
	# - openssl provides ciphers, randomness, etc
	#   -> disable all redundant in-tree copies

	./configure --prefix=/usr \
		--sysconfdir=/etc \
		--libexecdir=/usr/lib \
		--with-ipsecdir=/usr/lib/strongswan \
		--with-capabilities=libcap \
		--with-user=ipsec \
		--with-group=ipsec \
		--enable-curl \
		--disable-ldap \
		--disable-aes \
		--disable-des \
		--disable-rc2 \
		--disable-md5 \
		--disable-sha1 \
		--disable-sha2 \
		--enable-gmp \
		--disable-hmac \
		--disable-mysql \
		--enable-sqlite \
		--enable-eap-sim \
		--enable-eap-sim-file \
		--enable-eap-aka \
		--enable-eap-aka-3gpp2 \
		--enable-eap-simaka-pseudonym \
		--enable-eap-simaka-reauth \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--disable-eap-gtc \
		--enable-eap-mschapv2 \
		--enable-eap-radius \
		--enable-xauth-eap \
		--enable-farp \
		--enable-vici \
		--enable-attr-sql \
		--enable-dhcp \
		--enable-openssl \
		--enable-unity \
		--enable-ha \
		--enable-cmd \
		--enable-swanctl \
		--enable-shared \
		--disable-static
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install
	install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname"
	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
}

sha512sums="a929c1fb2a5e7d3064f6cd0be76703198406dad981f4b345311a004c18aa3c12adcb49eb33705fe4c3c31daf556cef5906d8753f5d9fbff5a27b732f93d8f19f  strongswan-5.9.13.tar.bz2
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
7182bed917585bce9749b4495ad64d3052d2999dbb505c34d568acd6df7b151232ec10c8efe12f0a07d0555ddfe01aad4e3b767b08f17a55ffcbedc57dc9d934  charon.initd"