Message ID | 20210913142652.942533-2-martin.elshuber@theobroma-systems.com |
---|---|
State | Superseded |
Headers | show |
Series | [1/3] package/strongswan: fix broken dependency relation | expand |
Martin, All, On 2021-09-13 16:26 +0200, Martin Elshuber spake thusly: > Add options to chose EAP plugins. > > Since the only plugin requiring libgmp is > BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP > is moved down accordingly. > > Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com> > --- > package/strongswan/Config.in | 89 +++++++++++++++++++++++++------- > package/strongswan/strongswan.mk | 36 ++++++------- > 2 files changed, 87 insertions(+), 38 deletions(-) > > diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in > index 368cd1ecc0..77d437d7d9 100644 > --- a/package/strongswan/Config.in > +++ b/package/strongswan/Config.in > @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC > > config BR2_PACKAGE_STRONGSWAN_EAP > bool "Enable EAP protocols" If I understand correctly, BR2_PACKAGE_STRONGSWAN_EAP no drives no option directly, right? As such, it can be moved to legacy, and then [...] > - select BR2_PACKAGE_GMP > - help > - Enable various EAP protocols: > - - mschapv2 > - - tls > - - ttls > - - peap > - - sim > - - sim-file > - - aka > - - aka-3gpp2 > - - simaka-sql > - - simaka-pseudonym > - - simaka-reauth > - - identity > - - md5 > - - gtc > - - tnc > - - dynamic > - - radius > > if BR2_PACKAGE_STRONGSWAN_EAP > > +config BR2_PACKAGE_STRONGSWAN_EAP_SIM > + bool "Enable EAP-SIM" > + default y [...] each individual EAP option would have a conditional default: default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy This would have the added benefit that, when we eventually get rid of the legacy entry, we can also get rid of the legacy default. [--SNIP--] > diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk > index 322abfbd7b..ebfa1a11f3 100644 > --- a/package/strongswan/strongswan.mk > +++ b/package/strongswan/strongswan.mk > @@ -48,30 +48,30 @@ endif > > ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) > STRONGSWAN_CONF_OPTS += \ > - --enable-eap-sim \ > - --enable-eap-sim-file \ > - --enable-eap-aka \ > - --enable-eap-aka-3gpp2 \ > - --enable-eap-simaka-sql \ > - --enable-eap-simaka-pseudonym \ > - --enable-eap-simaka-reauth \ > - --enable-eap-identity \ > - --enable-eap-md5 \ > - --enable-eap-gtc \ > - --enable-eap-mschapv2 \ > - --enable-eap-tls \ > - --enable-eap-ttls \ > - --enable-eap-peap \ > - --enable-eap-tnc \ > - --enable-eap-dynamic \ > - --enable-eap-radius > -STRONGSWAN_DEPENDENCIES += gmp > + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \ > + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \ > + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \ > + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \ > + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \ > + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \ > + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \ > + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \ > + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \ > + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \ > + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \ > + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \ > + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \ > + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \ > + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \ > + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \ > + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no) > endif And indeed, from the above list, BR2_PACKAGE_STRONGSWAN_EAP by itself no longer means anything; setting it to 'n' does not even forces all sub-options to 'no', but leaves them to their default value (as was the case previously, though, so not a regression). I think this ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) can be dropped altogether, now. Unless I missed something? Regards, Yann E. MORIN. > STRONGSWAN_DEPENDENCIES += \ > $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \ > $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \ > $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \ > + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \ > $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \ > $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \ > $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \ > -- > 2.30.2 > > _______________________________________________ > buildroot mailing list > buildroot@lists.buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
Hi Yann, All, thank for the feedback. On 18/09/2021 23:06, Yann E. MORIN wrote: > Martin, All, > > On 2021-09-13 16:26 +0200, Martin Elshuber spake thusly: >> Add options to chose EAP plugins. >> >> Since the only plugin requiring libgmp is >> BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP >> is moved down accordingly. >> >> Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com> >> --- >> package/strongswan/Config.in | 89 +++++++++++++++++++++++++------- >> package/strongswan/strongswan.mk | 36 ++++++------- >> 2 files changed, 87 insertions(+), 38 deletions(-) >> >> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in >> index 368cd1ecc0..77d437d7d9 100644 >> --- a/package/strongswan/Config.in >> +++ b/package/strongswan/Config.in >> @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC >> >> config BR2_PACKAGE_STRONGSWAN_EAP >> bool "Enable EAP protocols" > If I understand correctly, BR2_PACKAGE_STRONGSWAN_EAP no drives no > option directly, right? As such, it can be moved to legacy, and > then [...] Correct. Will update >> - select BR2_PACKAGE_GMP >> - help >> - Enable various EAP protocols: >> - - mschapv2 >> - - tls >> - - ttls >> - - peap >> - - sim >> - - sim-file >> - - aka >> - - aka-3gpp2 >> - - simaka-sql >> - - simaka-pseudonym >> - - simaka-reauth >> - - identity >> - - md5 >> - - gtc >> - - tnc >> - - dynamic >> - - radius >> >> if BR2_PACKAGE_STRONGSWAN_EAP >> >> +config BR2_PACKAGE_STRONGSWAN_EAP_SIM >> + bool "Enable EAP-SIM" >> + default y > [...] each individual EAP option would have a conditional default: > > default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy > > This would have the added benefit that, when we eventually get rid of > the legacy entry, we can also get rid of the legacy default. Ack. However I am not sure if you want to get rid of the defaults in the future, since it might introduce a pitfall for the person configuring strongswan. But that is a problem for another day :). > > [--SNIP--] >> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk >> index 322abfbd7b..ebfa1a11f3 100644 >> --- a/package/strongswan/strongswan.mk >> +++ b/package/strongswan/strongswan.mk >> @@ -48,30 +48,30 @@ endif >> >> ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) >> STRONGSWAN_CONF_OPTS += \ >> - --enable-eap-sim \ >> - --enable-eap-sim-file \ >> - --enable-eap-aka \ >> - --enable-eap-aka-3gpp2 \ >> - --enable-eap-simaka-sql \ >> - --enable-eap-simaka-pseudonym \ >> - --enable-eap-simaka-reauth \ >> - --enable-eap-identity \ >> - --enable-eap-md5 \ >> - --enable-eap-gtc \ >> - --enable-eap-mschapv2 \ >> - --enable-eap-tls \ >> - --enable-eap-ttls \ >> - --enable-eap-peap \ >> - --enable-eap-tnc \ >> - --enable-eap-dynamic \ >> - --enable-eap-radius >> -STRONGSWAN_DEPENDENCIES += gmp >> + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \ >> + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \ >> + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \ >> + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \ >> + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \ >> + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \ >> + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \ >> + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \ >> + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \ >> + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \ >> + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \ >> + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \ >> + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \ >> + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \ >> + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \ >> + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \ >> + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no) >> endif > And indeed, from the above list, BR2_PACKAGE_STRONGSWAN_EAP by itself no > longer means anything; setting it to 'n' does not even forces all > sub-options to 'no', but leaves them to their default value (as was the > case previously, though, so not a regression). > > I think this ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) can be dropped > altogether, now. It can. Will move the whole block into the general STRONGSWAN_CONF_OPTS = {...} block > > Unless I missed something? I guess no. > > Regards, > Yann E. MORIN. > >> STRONGSWAN_DEPENDENCIES += \ >> $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \ >> $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \ >> $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \ >> + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \ >> $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \ >> $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \ >> $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \ >> -- >> 2.30.2 >> >> _______________________________________________ >> buildroot mailing list >> buildroot@lists.buildroot.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.buildroot.org_mailman_listinfo_buildroot&d=DwIBaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=WUaTHm7595mhxO1H3AMKtTdzXTgwvezJrC62UXYMTfsy0k4SqBTM2mfmbqYdqwva&m=4FTeZDHlQL1GQdkl2pRk8-ZlLhvtYhPEPMLF24oTSBs&s=wWkgHAeyK-THzsFI1NUPxoJcZAcdAN1PYD3Y2geLV18&e=
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in index 368cd1ecc0..77d437d7d9 100644 --- a/package/strongswan/Config.in +++ b/package/strongswan/Config.in @@ -75,34 +75,83 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC config BR2_PACKAGE_STRONGSWAN_EAP bool "Enable EAP protocols" - select BR2_PACKAGE_GMP - help - Enable various EAP protocols: - - mschapv2 - - tls - - ttls - - peap - - sim - - sim-file - - aka - - aka-3gpp2 - - simaka-sql - - simaka-pseudonym - - simaka-reauth - - identity - - md5 - - gtc - - tnc - - dynamic - - radius if BR2_PACKAGE_STRONGSWAN_EAP +config BR2_PACKAGE_STRONGSWAN_EAP_SIM + bool "Enable EAP-SIM" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE + bool "Enable EAP-SIM file backend" + default y + config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC bool "Enable EAP-SIM smart card backend" depends on !BR2_STATIC_LIBS # pcsc-lite select BR2_PACKAGE_PCSC_LITE +config BR2_PACKAGE_STRONGSWAN_EAP_AKA + bool "Enable EAP-AKA" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2 + bool "Enable EAP-AKA 3GPP2 algorithms" + default y + select BR2_PACKAGE_GMP + +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL + bool "Enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM + bool "Enable EAP-SIM/AKA pseudonym storage" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH + bool "Enable EAP-SIM/AKA reauthentication data storage" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY + bool "Enable EAP-Identity" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_MD5 + bool "Enable EAP-MD5" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_GTC + bool "Enable EAP-GDC" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2 + bool "Enable EAP-MSCHAPv2" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_PEAP + bool "Enable EAP-PEAP" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_RADIUS + bool "Enable EAP-RADIUS" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_TLS + bool "Enable EAP-TLS" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_TTLS + bool "Enable EAP-TTLS" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC + bool "Enable EAP-TTLS" + default y + +config BR2_PACKAGE_STRONGSWAN_EAP_TNC + bool "Enable EAP-TNC" + default y + endif config BR2_PACKAGE_STRONGSWAN_UNITY diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk index 322abfbd7b..ebfa1a11f3 100644 --- a/package/strongswan/strongswan.mk +++ b/package/strongswan/strongswan.mk @@ -48,30 +48,30 @@ endif ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) STRONGSWAN_CONF_OPTS += \ - --enable-eap-sim \ - --enable-eap-sim-file \ - --enable-eap-aka \ - --enable-eap-aka-3gpp2 \ - --enable-eap-simaka-sql \ - --enable-eap-simaka-pseudonym \ - --enable-eap-simaka-reauth \ - --enable-eap-identity \ - --enable-eap-md5 \ - --enable-eap-gtc \ - --enable-eap-mschapv2 \ - --enable-eap-tls \ - --enable-eap-ttls \ - --enable-eap-peap \ - --enable-eap-tnc \ - --enable-eap-dynamic \ - --enable-eap-radius -STRONGSWAN_DEPENDENCIES += gmp + --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \ + --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \ + --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \ + --enable-eap-aka-3gpp2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),yes,no) \ + --enable-eap-simaka-sql=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL),yes,no) \ + --enable-eap-simaka-pseudonym=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM),yes,no) \ + --enable-eap-simaka-reauth=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH),yes,no) \ + --enable-eap-identity=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY),yes,no) \ + --enable-eap-md5=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MD5),yes,no) \ + --enable-eap-gtc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_GTC),yes,no) \ + --enable-eap-mschapv2=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2),yes,no) \ + --enable-eap-tls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TLS),yes,no) \ + --enable-eap-ttls=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TTLS),yes,no) \ + --enable-eap-peap=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_PEAP),yes,no) \ + --enable-eap-tnc=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_TNC),yes,no) \ + --enable-eap-dynamic=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC),yes,no) \ + --enable-eap-radius=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_RADIUS),yes,no) endif STRONGSWAN_DEPENDENCIES += \ $(if $(BR2_PACKAGE_STRONGSWAN_OPENSSL),openssl) \ $(if $(BR2_PACKAGE_STRONGSWAN_GCRYPT),libgcrypt) \ $(if $(BR2_PACKAGE_STRONGSWAN_GMP),gmp) \ + $(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2),gmp) \ $(if $(BR2_PACKAGE_STRONGSWAN_CURL),libcurl) \ $(if $(BR2_PACKAGE_STRONGSWAN_TNCCS_11),libxml2) \ $(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC),pcsc-lite) \
Add options to chose EAP plugins. Since the only plugin requiring libgmp is BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2, the selection of BR2_PACKAGE_GMP is moved down accordingly. Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com> --- package/strongswan/Config.in | 89 +++++++++++++++++++++++++------- package/strongswan/strongswan.mk | 36 ++++++------- 2 files changed, 87 insertions(+), 38 deletions(-)