security/strongswan/Makefile

   1 # Created by: Riaan Kruger <riaank@gmail.com>
   2 # $FreeBSD$
   3
   4 PORTNAME=       strongswan
   5 PORTVERSION=    5.5.2
   6 CATEGORIES=     security
   7 MASTER_SITES=   http://download.strongswan.org/ \
   8                 http://download2.strongswan.org/
   9
  10 MAINTAINER=     strongswan@nanoteq.com
  11 COMMENT=        Open Source IKEv2 IPsec-based VPN solution
  12
  13 LICENSE=        GPLv2
  14
  15 USES=           cpe execinfo libtool:keepla pkgconfig tar:bzip2 ssl
  16 USE_RC_SUBR=    strongswan
  17 GNU_CONFIGURE=  yes
  18 USE_LDCONFIG=   ${PREFIX}/lib/ipsec
  19 INSTALL_TARGET= install-strip
  20
  21 CONFIGURE_ARGS= --enable-kernel-pfkey \
  22                 --enable-kernel-pfroute  \
  23                 --disable-kernel-netlink  \
  24                 --disable-scripts  \
  25                 --disable-gmp \
  26                 --enable-openssl \
  27                 --enable-eap-identity \
  28                 --enable-eap-md5 \
  29                 --enable-eap-tls \
  30                 --enable-eap-mschapv2 \
  31                 --enable-eap-peap \
  32                 --enable-eap-ttls \
  33                 --enable-md4 \
  34                 --enable-blowfish \
  35                 --enable-addrblock \
  36                 --enable-whitelist \
  37                 --enable-cmd \
  38                 --with-group=wheel  \
  39                 --with-lib-prefix=${PREFIX}
  40
  41 OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEv1 \
  42                 IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL PKI SCEP SMP \
  43                 SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY VICI XAUTH
  44 OPTIONS_DEFAULT=        IKEv1 BUILTIN PKI SWANCTL VICI
  45 OPTIONS_SINGLE= PRINTF_HOOKS
  46 OPTIONS_SINGLE_PRINTF_HOOKS=    BUILTIN LIBC VSTR
  47 OPTIONS_SUB=    yes
  48
  49 # Description of options
  50 CURL_DESC=      Enable CURL to fetch CRL/OCSP
  51 EAPAKA3GPP2_DESC=       Enable EAP AKA with 3gpp2 backend
  52 EAPDYNAMIC_DESC=        Enable EAP dynamic proxy module
  53 EAPRADIUS_DESC=         Enable EAP Radius proxy authentication
  54 EAPSIMFILE_DESC=        Enable EAP SIM with file backend
  55 GCM_DESC=               Enable GCM AEAD wrapper crypto plugin
  56 IKEv1_DESC=     Enable IKEv1 support
  57 IPSECKEY_DESC=  Enable authentication with IPSECKEY resource records with DNSSEC
  58 KERNELLIBIPSEC_DESC=    Enable IPSec userland backend
  59 LOADTESTER_DESC=        Enable load testing plugin
  60 PKI_DESC=       Enable PKI tools
  61 SCEP_DESC=      Enable Simple Certificate Enrollment Protocol
  62 SMP_DESC=       Enable XML-based management protocol (DEPRECATED)
  63 SWANCTL_DESC=   Install swanctl (requires VICI)
  64 TESTVECTOR_DESC=        Enable crypto test vectors
  65 TPM_DESC=       Enable TPM plugin
  66 UNBOUND_DESC=   Enable DNSSEC-enabled resolver
  67 UNITY_DESC=     Enable Cisco Unity extension plugin
  68 VICI_DESC=      Enable VICI management protocol
  69 XAUTH_DESC=     Enable XAuth password verification
  70 BUILTIN_DESC=   Use builtin printf hooks
  71 LIBC_DESC=      Use libc printf hooks
  72 VSTR_DESC=      Use devel/vstr printf hooks
  73
  74 # Extra options
  75 CURL_CONFIGURE_ON=      --enable-curl
  76 CURL_LIB_DEPENDS=       libcurl.so:ftp/curl
  77 EAPAKA3GPP2_CONFIGURE_ON=       --enable-eap-aka --enable-eap-aka-3gpp2
  78 EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
  79 EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
  80 EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
  81 EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
  82 GCM_CONFIGURE_ON=       --enable-gcm
  83 IKEv1_CONFIGURE_OFF=    --disable-ikev1
  84 IPSECKEY_CONFIGURE_ON=  --enable-ipseckey
  85 KERNELLIBIPSEC_CONFIGURE_ON=    --enable-kernel-libipsec
  86 LOADTESTER_CONFIGURE_ON=--enable-load-tester
  87 LDAP_CONFIGURE_ON=      --enable-ldap
  88 LDAP_USE=               OPENLDAP=yes
  89 MYSQL_CONFIGURE_ON=     --enable-mysql
  90 MYSQL_USES=             mysql
  91 PKI_CONFIGURE_OFF=      --disable-pki
  92 SCEP_CONFIGURE_OFF=     --disable-scepclient
  93 SMP_LIB_DEPENDS=        libxml2.so:textproc/libxml2
  94 SMP_CONFIGURE_ON=       --enable-smp
  95 SQLITE_CONFIGURE_ON=    --enable-sqlite
  96 SQLITE_LIB_DEPENDS=     libsqlite3.so:databases/sqlite3
  97 SWANCTL_CONFIGURE_ON=   --enable-swanctl
  98 SWANCTL_IMPLIES=        VICI
  99 TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
 100 TPM_CONFIGURE_ON=       --enable-tpm
 101 UNBOUND_CONFIGURE_ON=   --enable-unbound
 102 UNBOUND_LIB_DEPENDS=    libunbound.so:dns/unbound \
 103                         libldns.so:dns/ldns
 104 UNITY_CONFIGURE_ON=     --enable-unity
 105 VICI_CONFIGURE_ON=      --enable-vici
 106 XAUTH_CONFIGURE_ON=     --enable-xauth-eap --enable-xauth-generic
 107 BUILTIN_CONFIGURE_ON=   --with-printf-hooks=builtin
 108 LIBC_CONFIGURE_ON=      --with-printf-hooks=glibc
 109 VSTR_CONFIGURE_ON=      --with-printf-hooks=vstr
 110 VSTR_LIB_DEPENDS=       libvstr.so:devel/vstr
 111
 112 .include <bsd.port.options.mk>
 113
 114 .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
 115 PLIST_SUB+=     SIMAKA=""
 116 .else
 117 PLIST_SUB+=     SIMAKA="@comment "
 118 .endif
 119
 120 .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
 121 CONFIGURE_ARGS+=        --enable-attr-sql --enable-sql
 122 PLIST_SUB+=     SQL=""
 123 .else
 124 PLIST_SUB+=     SQL="@comment "
 125 .endif
 126
 127 .if ${PORT_OPTIONS:MIKEv1} || ${PORT_OPTIONS:MXAUTH}
 128 PLIST_SUB+=     XAUTHGEN=""
 129 .else
 130 PLIST_SUB+=     XAUTHGEN="@comment "
 131 .endif
 132
 133 post-install:
 134 .if ${PORT_OPTIONS:MVICI}
 135         ${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \
 136                 ${STAGEDIR}${PREFIX}/include
 137 .endif
 138 .if ${PORT_OPTIONS:MSWANCTL}
 139         ${MV} ${STAGEDIR}${PREFIX}/etc/swanctl/swanctl.conf \
 140                 ${STAGEDIR}${PREFIX}/etc/swanctl/swanctl.conf.sample
 141 .endif
 142
 143 .include <bsd.port.mk>