[oe-commits] Bian Naimeng : ipsec-tools: install a sample config file for racoon
git at git.openembedded.org
git at git.openembedded.org
Fri Feb 27 07:06:00 UTC 2015
Module: meta-openembedded.git
Branch: master-next
Commit: a900b9b577c625cc899293192f3654b0d2cb0670
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=a900b9b577c625cc899293192f3654b0d2cb0670
Author: Bian Naimeng <biannm at cn.fujitsu.com>
Date: Mon Feb 16 11:14:34 2015 +0800
ipsec-tools: install a sample config file for racoon
Signed-off-by: Bian Naimeng <biannm at cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
---
.../ipsec-tools/ipsec-tools/racoon.conf.sample | 40 ++++++++++++++++++++++
.../ipsec-tools/ipsec-tools_0.8.2.bb | 7 ++++
2 files changed, 47 insertions(+)
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample
new file mode 100644
index 0000000..2948a4a
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample
@@ -0,0 +1,40 @@
+#
+# NOTE: This file will not be used if you use racoon-tool(8) to manage your
+# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
+# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
+# of this file.
+#
+# Simple racoon.conf
+#
+#
+# Please look in /usr/share/doc/racoon/examples for
+# examples that come with the source.
+#
+# Please read racoon.conf(5) for details, and alsoread setkey(8).
+#
+#
+# Also read the Linux IPSEC Howto up at
+# http://www.ipsec-howto.org/t1.html
+#
+log notify;
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+#remote 172.31.1.1 {
+# exchange_mode main,aggressive;
+# proposal {
+# encryption_algorithm 3des;
+# hash_algorithm sha1;
+# authentication_method pre_shared_key;
+# dh_group modp1024;
+# }
+# generate_policy off;
+#}
+#
+#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
+# pfs_group modp768;
+# encryption_algorithm 3des;
+# authentication_algorithm hmac_md5;
+# compression_algorithm deflate;
+#}
+
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 8cc55ef..7519d83 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
file://racoon-check-invalid-ivm.patch \
file://glibc-2.20.patch \
file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
+ file://racoon.conf.sample \
"
SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
@@ -54,6 +55,7 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
--enable-shared \
--enable-dpd \
--enable-natt=yes \
+ --sysconfdir=${sysconfdir}/racoon \
${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
@@ -62,3 +64,8 @@ CFLAGS += "-fno-strict-aliasing"
PACKAGECONFIG ??= ""
PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"
+
+do_install_append() {
+ install -d ${D}${sysconfdir}/racoon
+ install -m 0644 ${WORKDIR}/racoon.conf.sample ${D}${sysconfdir}/racoon/racoon.conf
+}
More information about the Openembedded-commits
mailing list