pkg-openswan/trunk/Makefile.inc

# Openswan pathnames and other master configuration
# Copyright (C) 2001, 2002  Henry Spencer.
# Copyright (C) 2003, 2004  Xelerance Corporation
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: Makefile.inc,v 1.101.2.1 2004/12/21 21:12:28 mcr Exp $


# Variables in this file with names starting with INC_ are not for use
# by Makefiles which include it; they are subject to change without warning.
#
# "Final" and "finally" refer to where the files will end up on the
# running IPsec system, as opposed to where they get installed by our
# Makefiles.  (The two are different for cross-compiles and the like,
# where our Makefiles are not the end of the installation process.)
# Paths with FINAL in their names are the only ones that the installed
# software itself depends on.  (Very few things should know about the
# FINAL paths; think twice and consult Henry before making something new
# depend on them.)  All other paths are install targets.
# See also DESTDIR, below.


### boilerplate, do not change
SHELL=/bin/sh

### paths within the source tree

KLIPSINC=${OPENSWANSRCDIR}/linux/include
KLIPSSRC=${OPENSWANSRCDIR}/linux/net/ipsec

LIBOPENSWANDIR=${OPENSWANSRCDIR}/lib/libopenswan
OPENSWANLIB=${OPENSWANSRCDIR}/lib/libopenswan/libopenswan.a
OSWLOGLIB=${OPENSWANSRCDIR}/lib/libopenswan/liboswlog.a

LWRESDIR=${OPENSWANSRCDIR}/lib/liblwres
LWRESLIB=${LWRESDIR}/liblwres.a

LIBDESSRCDIR=${OPENSWANSRCDIR}/linux/crypto/ciphers/des
LIBDESLITE=${OPENSWANSRCDIR}/lib/libcrypto/libdes/libdes.a
LIBAES=${OPENSWANSRCDIR}/lib/libcrypto/libaes/libaes.a

LIBPOLICYDIR=${OPENSWANSRCDIR}/linux/lib/libipsecpolicy
POLICYLIB=${OPENSWANSRCDIR}/lib/libipsecpolicy/libipsecpolicy.a

.PHONY: programs checkprograms clean

### install pathnames

# DESTDIR can be used to supply a prefix to all install targets.
# (Note that "final" pathnames, signifying where files will eventually
# reside rather than where install puts them, are exempt from this.)
# The prefixing is done in this file, so as to have central control over
# it; DESTDIR itself should never appear in any other Makefile.
DESTDIR?=

# "local" part of tree, used in building other pathnames
INC_USRLOCAL=/usr/local

# PUBDIR is where the "ipsec" command goes; beware, many things define PATH
# settings which are assumed to include it (or at least, to include *some*
# copy of the "ipsec" command).
PUBDIR=$(DESTDIR)$(INC_USRLOCAL)/sbin

# BINDIR is where sub-commands get put, FINALBINDIR is where the "ipsec"
# command will look for them when it is run. Also called LIBEXECDIR.
FINALLIBEXECDIR=$(INC_USRLOCAL)/libexec/ipsec
LIBEXECDIR=$(DESTDIR)$(FINALBINDIR)

FINALBINDIR=${FINALLIBEXECDIR}
BINDIR=${LIBEXECDIR}


# SBINDIR is where the user interface command goes.
FINALSBINDIR=$(INC_USRLOCAL)/sbin
SBINDIR=$(DESTDIR)$(FINALSBINDIR)

# libdir is where utility files go
FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
LIBDIR=$(DESTDIR)$(FINALLIBDIR)


# where the appropriate manpage tree is located
# location within INC_USRLOCAL
INC_MANDIR=man
# the full pathname
MANTREE=$(DESTDIR)$(INC_USRLOCAL)/$(INC_MANDIR)
# all relevant subdirectories of MANTREE
MANPLACES=man3 man5 man8

# where configuration files go
FINALCONFFILE?=/etc/ipsec.conf
CONFFILE=$(DESTDIR)$(FINALCONFFILE)

FINALCONFDIR?=/etc
CONFDIR=$(DESTDIR)$(FINALCONFDIR)

FINALCONFDDIR?=${FINALCONFDIR}/ipsec.d
CONFDDIR=$(DESTDIR)$(FINALCONFDDIR)

# sample configuration files go into
INC_DOCDIR?=share/doc
FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}

FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
DOCDIR=${DESTDIR}${FINALDOCDIR}

# where per-conn pluto logs go
VARDIR?=/var
FINALLOGDIR?=${VARDIR}/log
LOGDIR?=${DESTDIR}${FINALLOGDIR}


# An attempt is made to automatically figure out where boot/shutdown scripts 
# will finally go:  the first directory in INC_RCDIRS which exists gets them.
# If none of those exists (or INC_RCDIRS is empty), INC_RCDEFAULT gets them.
# With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
# INC_RCDIRS directories has been pre-created under DESTDIR.
INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
INC_RCDEFAULT=/etc/rc.d/init.d

# RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
# will finally be (so utils/Makefile can create a symlink in BINDIR to the
# place where the boot/shutdown script will finally be, rather than the
# place where it is installed).
FINALRCDIR=$(shell for d in $(INC_RCDIRS) ; \
                do if test -d $(DESTDIR)/$$d ; \
                then echo $$d ; exit 0 ; \
                fi ; done ; echo $(INC_RCDEFAULT) )
RCDIR=$(DESTDIR)$(FINALRCDIR)


### kernel pathnames

# Kernel location:  where patches are inserted, where kernel builds are done.

# this is a hack using the wildcard to look for existence of a file/dir
ifneq ($(wildcard /usr/src/linux-2.6),)
KERNELSRC?=/usr/src/linux-2.6
else
ifneq ($(wildcard /usr/src/linux-2.4),)
KERNELSRC?=/usr/src/linux-2.4
else
KERNELSRC?=/usr/src/linux
endif
endif

# where kernel configuration outputs are located
KCFILE=$(KERNELSRC)/.config
ACFILE=$(KERNELSRC)/include/linux/autoconf.h
VERFILE=$(KERNELSRC)/include/linux/version.h


### misc installation stuff

# what program to use when installing things
INSTALL=install

# flags to the install program, for programs, manpages, and config files
# -b has install make backups (n.b., unlinks original), --suffix controls
# how backup names are composed.
# Note that the install procedures will never overwrite an existing config
# file, which is why -b is not specified for them.
INSTBINFLAGS=-b --suffix=.old
INSTMANFLAGS=
INSTCONFFLAGS=


### misc configuration, included here in hopes that other files will not
### have to be changed for common customizations.

# extra compile flags, for userland and kernel stuff, e.g. -g for debug info
# Do no use this for cross-compiling flags such as -I or -L. Add those to a
# CC variable
# (caution, this stuff is still being sorted out, will change in future)
USERCOMPILE?=-g -O3
KLIPSCOMPILE=-O3

# command used to link/copy KLIPS into kernel source tree
# There are good reasons why this is "ln -s"; only people like distribution
# builders should ever change it.
KLIPSLINK=ln -s -f

# extra options for use in kernel build
KERNMAKEOPTS=

# kernel Makefile targets to be done before build
# Can be overridden if you are *sure* your kernel doesn't need them.  (2.2.xx
# and later reportedly do not.)
KERNDEP=dep
KERNCLEAN=clean

# kernel make name:  zImage for 2.0.xx, bzImage for 2.2.xx and later, and
# boot on non-x86s (what ever happened to standards?)
INC_B=$(shell test -d $(DIRIN22) && echo b)
KERNEL=$(shell if expr " `uname -m`" : ' i.86' >/dev/null ; \
        then echo $(INC_B)zImage ; \
        else echo boot ; \
        fi)

#
# default number of bits for ipsec newhostkey
#
RSAKEYBITS:=2192

# temporary directory to be used when building RPMs, and where to put the
# resulting RPM tree
RPMKERNDIR := $(shell echo `pwd`/tmp.rpmkernel)
RPMTMPDIR := $(shell echo `pwd`/tmp.rpmbuild)
RPMDEST := $(shell echo `pwd`/rpms)

# Newer versions of RPM do not permit building of packages with the "rpm" 
# command. For RedHat systems with older version of RPM, use:
# RPMBUILD=rpm
# instead.
RPMBUILD=rpmbuild

### paths to resources on the host system
#
# Set this to a RedHat kernel-sources RPM. This normally extracts into
# /usr/src/linux-2.4, but you might have extracted it elsewhere with
# rpm2cpio.
#
RH_KERNELSRC?=/usr/src/linux-2.4

#RH_KERNELSRC=/c2/kernel/rh/linux-2.4.9-13


## build environment variations
##

# set this to a place where you have installed a bind9.3 
# snapshot (20021115 or better). A bind 9.2, particularly a RedHat
# installed one in RH 7.2, won't work - you wind up depending upon
# openssl.

BIND9STATICLIBDIR?=/usr/local/lib

# if you install elsewere, you may need to point the include files to it.
#BIND9STATICLIBDIR?=/sandel/lib
#BIND9INCDIR?=/sandel/include


#
# USE_ variables determine if features are compiled into Openswan.
#       these let you turn on/off specific features
# HAVE_ variables let you tell Openswan what system related libraries
#       you may or maynot have

# LWRES is the lightweight resolver, part of BIND9
# We test with LWRES, but ship with it off, as it requires
# additional headers not present on most systems.
USE_LWRES?=false

# Whether or not to use iproute2 based commands.
# On Kernel 2.0, and early 2.2 systems you may need to either install the
# iproute2 package, or set this to false
USE_IPROUTE2?=true

# what kind of firewalling to use:
#  2.0  - ipfwadm
#  2.2  - ipchains
#  2.4  - iptables or ipchains
#  2.6  - iptables
IPSEC_FIREWALLTYPE=iptables

# whether or not to include ipsec policy code into pluto.
# false for now, since it is still experimental.
USE_IPSECPOLICY?=false

# include IKEPING (a utility for testing IKE daemons) in the distribution
USE_IKEPING?=true

# include support for KEY RR 
# this will become false in the future, as all OE sites transition to
# using TXT instead of KEY records.  See references to 'Flag Day'
USE_KEYRR?=true

# include support for Kernel 2.5/2.6 IPsec in pluto
# You can safely do this on Kernel 2.6 systems, and it is recommended
# to leave this enabled so if you do upgrade to a 2.6 Kernel, you don't
# need to recompile.
USE_KERNEL26?=true


# include support for sending Openswan Vendor IDs
USE_VENDORID?=false


# include aggressive mode authentication system code - both Server and Client.
# This off by default, since aggressive mode leads to denial of service
# attacks.
USE_AGGRESSIVE?=true

# include XAUTH authentication system code - both Server and Client.
# This off by default, since XAUTH is tricky, and you can get into 
# security trouble unless you do additional configuration.
USE_XAUTH?=true

# When doing XAUTH, include PAM support as well, requires HAVE_THREADS be
# true as well
USE_XAUTHPAM?=false

# whether to support NAT Traversal (aka NAT-T)
USE_NAT_TRAVERSAL?=true

# where to support NAT-T in transport mode (needed for Win2K NAT-T Interop)
USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true

# Include LDAP support (currently used for fetching CRLs)
USE_LDAP?=false

# Include libcurl support (currently used for fetching CRLs)
USE_LIBCURL?=false

# Include Smartcard support (disabled by default, as most users don't
# have the required hardware and drivers/software installed)
USE_SMARTCARD?=false

# should opportunistic encryption be turned on by default?
# Enabled during testing, but probably turned off in shipping versions.
USE_OE?=no
ifeq ($(USE_OE),no)
# warning: examples subdirectory is statically defined here
OE_FLAG=\#Disable Opportunistic Encryption\\ninclude ${FINALCONFDDIR}/examples/no_oe.conf
else
endif

# should we include all manner of known to be broken/weak?
# use this only if you are building some kind of a testing
# device. Normal use does not need any of this.
USE_WEAKSTUFF?=false

# Do we have pthreads available?  Only yes if you need it for XAUTH+PAM,
# or if you need it for CRL fetching.
# 
HAVE_THREADS?=false

# set this to space where a linked/configured tree can be created by 
# preprhkern4module. Only needed if you are going to be created RPMs
# outside of a distribution (as the FS team does for RedHat).
#RH_KERNELSRC_POOL=/c2/openswan/rh_kern

# the following is a list of symbols which will be used to construct
# the module goo to identify which module goes with each kernel.
MODULE_GOO_LIST=irq_stat netif_rx register_sysctl_table send_sig
MODULE_GOO_LIST+=kmalloc __kfree_skb __ip_select_ident alloc_skb
MODULE_GOO_LIST+=icmp_send ip_fragment sock_register 

MODULE_DEF_INCLUDE=${OPENSWANSRCDIR}/packaging/linus/config-all.h
MODULE_DEFCONFIG?=${KLIPSSRC}/defconfig
MODBUILDDIR?=${OPENSWANSRCDIR}/modobj
MOD26BUILDDIR?=${OPENSWANSRCDIR}/modobj26

MODULE_FLAGS:=KLIPSMODULE=true -f ${MODULE_DEFCONFIG} 

# supply kernel-configuration ARCH defaults
ifeq ($(ARCH),)
ARCH := $(shell uname -m)
endif
# always sanitize $(ARCH)
ARCH := $(shell echo $(ARCH) | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)

# export everything so that scripts can use them.
export LIBOPENSWANDIR OPENSWANSRCDIR OPENSWANLIB ARCH OSWLOGLIB

-include ${OPENSWANSRCDIR}/Makefile.ver

X509_VERSION=X.509-1.5.4
NONINTCONFIG=oldconfig

#KERNELBUILDMFLAGS=--debug=biv V=1 

# for emacs
#
# Local Variables: ;;;
# mode: makefile ;;;
# End Variables: ;;;
#
1	# Openswan pathnames and other master configuration
2	# Copyright (C) 2001, 2002 Henry Spencer.
3	# Copyright (C) 2003, 2004 Xelerance Corporation
4	#
5	# This program is free software; you can redistribute it and/or modify it
6	# under the terms of the GNU General Public License as published by the
7	# Free Software Foundation; either version 2 of the License, or (at your
8	# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9	#
10	# This program is distributed in the hope that it will be useful, but
11	# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12	# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13	# for more details.
14	#
15	# RCSID $Id: Makefile.inc,v 1.101.2.1 2004/12/21 21:12:28 mcr Exp $
16
17
18
19	# Variables in this file with names starting with INC_ are not for use
20	# by Makefiles which include it; they are subject to change without warning.
21	#
22	# "Final" and "finally" refer to where the files will end up on the
23	# running IPsec system, as opposed to where they get installed by our
24	# Makefiles. (The two are different for cross-compiles and the like,
25	# where our Makefiles are not the end of the installation process.)
26	# Paths with FINAL in their names are the only ones that the installed
27	# software itself depends on. (Very few things should know about the
28	# FINAL paths; think twice and consult Henry before making something new
29	# depend on them.) All other paths are install targets.
30	# See also DESTDIR, below.
31
32
33
34	### boilerplate, do not change
35	SHELL=/bin/sh
36
37	### paths within the source tree
38
39	KLIPSINC=${OPENSWANSRCDIR}/linux/include
40	KLIPSSRC=${OPENSWANSRCDIR}/linux/net/ipsec
41
42	LIBOPENSWANDIR=${OPENSWANSRCDIR}/lib/libopenswan
43	OPENSWANLIB=${OPENSWANSRCDIR}/lib/libopenswan/libopenswan.a
44	OSWLOGLIB=${OPENSWANSRCDIR}/lib/libopenswan/liboswlog.a
45
46	LWRESDIR=${OPENSWANSRCDIR}/lib/liblwres
47	LWRESLIB=${LWRESDIR}/liblwres.a
48
49	LIBDESSRCDIR=${OPENSWANSRCDIR}/linux/crypto/ciphers/des
50	LIBDESLITE=${OPENSWANSRCDIR}/lib/libcrypto/libdes/libdes.a
51	LIBAES=${OPENSWANSRCDIR}/lib/libcrypto/libaes/libaes.a
52
53	LIBPOLICYDIR=${OPENSWANSRCDIR}/linux/lib/libipsecpolicy
54	POLICYLIB=${OPENSWANSRCDIR}/lib/libipsecpolicy/libipsecpolicy.a
55
56	.PHONY: programs checkprograms clean
57
58	### install pathnames
59
60	# DESTDIR can be used to supply a prefix to all install targets.
61	# (Note that "final" pathnames, signifying where files will eventually
62	# reside rather than where install puts them, are exempt from this.)
63	# The prefixing is done in this file, so as to have central control over
64	# it; DESTDIR itself should never appear in any other Makefile.
65	DESTDIR?=
66
67	# "local" part of tree, used in building other pathnames
68	INC_USRLOCAL=/usr/local
69
70	# PUBDIR is where the "ipsec" command goes; beware, many things define PATH
71	# settings which are assumed to include it (or at least, to include some
72	# copy of the "ipsec" command).
73	PUBDIR=$(DESTDIR)$(INC_USRLOCAL)/sbin
74
75	# BINDIR is where sub-commands get put, FINALBINDIR is where the "ipsec"
76	# command will look for them when it is run. Also called LIBEXECDIR.
77	FINALLIBEXECDIR=$(INC_USRLOCAL)/libexec/ipsec
78	LIBEXECDIR=$(DESTDIR)$(FINALBINDIR)
79
80	FINALBINDIR=${FINALLIBEXECDIR}
81	BINDIR=${LIBEXECDIR}
82
83
84	# SBINDIR is where the user interface command goes.
85	FINALSBINDIR=$(INC_USRLOCAL)/sbin
86	SBINDIR=$(DESTDIR)$(FINALSBINDIR)
87
88	# libdir is where utility files go
89	FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
90	LIBDIR=$(DESTDIR)$(FINALLIBDIR)
91
92
93	# where the appropriate manpage tree is located
94	# location within INC_USRLOCAL
95	INC_MANDIR=man
96	# the full pathname
97	MANTREE=$(DESTDIR)$(INC_USRLOCAL)/$(INC_MANDIR)
98	# all relevant subdirectories of MANTREE
99	MANPLACES=man3 man5 man8
100
101	# where configuration files go
102	FINALCONFFILE?=/etc/ipsec.conf
103	CONFFILE=$(DESTDIR)$(FINALCONFFILE)
104
105	FINALCONFDIR?=/etc
106	CONFDIR=$(DESTDIR)$(FINALCONFDIR)
107
108	FINALCONFDDIR?=${FINALCONFDIR}/ipsec.d
109	CONFDDIR=$(DESTDIR)$(FINALCONFDDIR)
110
111	# sample configuration files go into
112	INC_DOCDIR?=share/doc
113	FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
114	EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
115
116	FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
117	DOCDIR=${DESTDIR}${FINALDOCDIR}
118
119	# where per-conn pluto logs go
120	VARDIR?=/var
121	FINALLOGDIR?=${VARDIR}/log
122	LOGDIR?=${DESTDIR}${FINALLOGDIR}
123
124
125	# An attempt is made to automatically figure out where boot/shutdown scripts
126	# will finally go: the first directory in INC_RCDIRS which exists gets them.
127	# If none of those exists (or INC_RCDIRS is empty), INC_RCDEFAULT gets them.
128	# With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
129	# INC_RCDIRS directories has been pre-created under DESTDIR.
130	INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
131	INC_RCDEFAULT=/etc/rc.d/init.d
132
133	# RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
134	# will finally be (so utils/Makefile can create a symlink in BINDIR to the
135	# place where the boot/shutdown script will finally be, rather than the
136	# place where it is installed).
137	FINALRCDIR=$(shell for d in $(INC_RCDIRS) ; \
138	do if test -d $(DESTDIR)/$$d ; \
139	then echo $$d ; exit 0 ; \
140	fi ; done ; echo $(INC_RCDEFAULT) )
141	RCDIR=$(DESTDIR)$(FINALRCDIR)
142
143
144
145	### kernel pathnames
146
147	# Kernel location: where patches are inserted, where kernel builds are done.
148
149	# this is a hack using the wildcard to look for existence of a file/dir
150	ifneq ($(wildcard /usr/src/linux-2.6),)
151	KERNELSRC?=/usr/src/linux-2.6
152	else
153	ifneq ($(wildcard /usr/src/linux-2.4),)
154	KERNELSRC?=/usr/src/linux-2.4
155	else
156	KERNELSRC?=/usr/src/linux
157	endif
158	endif
159
160	# where kernel configuration outputs are located
161	KCFILE=$(KERNELSRC)/.config
162	ACFILE=$(KERNELSRC)/include/linux/autoconf.h
163	VERFILE=$(KERNELSRC)/include/linux/version.h
164
165
166
167	### misc installation stuff
168
169	# what program to use when installing things
170	INSTALL=install
171
172	# flags to the install program, for programs, manpages, and config files
173	# -b has install make backups (n.b., unlinks original), --suffix controls
174	# how backup names are composed.
175	# Note that the install procedures will never overwrite an existing config
176	# file, which is why -b is not specified for them.
177	INSTBINFLAGS=-b --suffix=.old
178	INSTMANFLAGS=
179	INSTCONFFLAGS=
180
181
182	### misc configuration, included here in hopes that other files will not
183	### have to be changed for common customizations.
184
185	# extra compile flags, for userland and kernel stuff, e.g. -g for debug info
186	# Do no use this for cross-compiling flags such as -I or -L. Add those to a
187	# CC variable
188	# (caution, this stuff is still being sorted out, will change in future)
189	USERCOMPILE?=-g -O3
190	KLIPSCOMPILE=-O3
191
192	# command used to link/copy KLIPS into kernel source tree
193	# There are good reasons why this is "ln -s"; only people like distribution
194	# builders should ever change it.
195	KLIPSLINK=ln -s -f
196
197	# extra options for use in kernel build
198	KERNMAKEOPTS=
199
200	# kernel Makefile targets to be done before build
201	# Can be overridden if you are sure your kernel doesn't need them. (2.2.xx
202	# and later reportedly do not.)
203	KERNDEP=dep
204	KERNCLEAN=clean
205
206	# kernel make name: zImage for 2.0.xx, bzImage for 2.2.xx and later, and
207	# boot on non-x86s (what ever happened to standards?)
208	INC_B=$(shell test -d $(DIRIN22) && echo b)
209	KERNEL=$(shell if expr " `uname -m`" : ' i.86' >/dev/null ; \
210	then echo $(INC_B)zImage ; \
211	else echo boot ; \
212	fi)
213
214	#
215	# default number of bits for ipsec newhostkey
216	#
217	RSAKEYBITS:=2192
218
219	# temporary directory to be used when building RPMs, and where to put the
220	# resulting RPM tree
221	RPMKERNDIR := $(shell echo `pwd`/tmp.rpmkernel)
222	RPMTMPDIR := $(shell echo `pwd`/tmp.rpmbuild)
223	RPMDEST := $(shell echo `pwd`/rpms)
224
225	# Newer versions of RPM do not permit building of packages with the "rpm"
226	# command. For RedHat systems with older version of RPM, use:
227	# RPMBUILD=rpm
228	# instead.
229	RPMBUILD=rpmbuild
230
231	### paths to resources on the host system
232	#
233	# Set this to a RedHat kernel-sources RPM. This normally extracts into
234	# /usr/src/linux-2.4, but you might have extracted it elsewhere with
235	# rpm2cpio.
236	#
237	RH_KERNELSRC?=/usr/src/linux-2.4
238
239	#RH_KERNELSRC=/c2/kernel/rh/linux-2.4.9-13
240
241
242	## build environment variations
243	##
244
245	# set this to a place where you have installed a bind9.3
246	# snapshot (20021115 or better). A bind 9.2, particularly a RedHat
247	# installed one in RH 7.2, won't work - you wind up depending upon
248	# openssl.
249
250	BIND9STATICLIBDIR?=/usr/local/lib
251
252	# if you install elsewere, you may need to point the include files to it.
253	#BIND9STATICLIBDIR?=/sandel/lib
254	#BIND9INCDIR?=/sandel/include
255
256
257	#
258	# USE_ variables determine if features are compiled into Openswan.
259	# these let you turn on/off specific features
260	# HAVE_ variables let you tell Openswan what system related libraries
261	# you may or maynot have
262
263	# LWRES is the lightweight resolver, part of BIND9
264	# We test with LWRES, but ship with it off, as it requires
265	# additional headers not present on most systems.
266	USE_LWRES?=false
267
268	# Whether or not to use iproute2 based commands.
269	# On Kernel 2.0, and early 2.2 systems you may need to either install the
270	# iproute2 package, or set this to false
271	USE_IPROUTE2?=true
272
273	# what kind of firewalling to use:
274	# 2.0 - ipfwadm
275	# 2.2 - ipchains
276	# 2.4 - iptables or ipchains
277	# 2.6 - iptables
278	IPSEC_FIREWALLTYPE=iptables
279
280	# whether or not to include ipsec policy code into pluto.
281	# false for now, since it is still experimental.
282	USE_IPSECPOLICY?=false
283
284	# include IKEPING (a utility for testing IKE daemons) in the distribution
285	USE_IKEPING?=true
286
287	# include support for KEY RR
288	# this will become false in the future, as all OE sites transition to
289	# using TXT instead of KEY records. See references to 'Flag Day'
290	USE_KEYRR?=true
291
292	# include support for Kernel 2.5/2.6 IPsec in pluto
293	# You can safely do this on Kernel 2.6 systems, and it is recommended
294	# to leave this enabled so if you do upgrade to a 2.6 Kernel, you don't
295	# need to recompile.
296	USE_KERNEL26?=true
297
298
299	# include support for sending Openswan Vendor IDs
300	USE_VENDORID?=false
301
302
303	# include aggressive mode authentication system code - both Server and Client.
304	# This off by default, since aggressive mode leads to denial of service
305	# attacks.
306	USE_AGGRESSIVE?=true
307
308	# include XAUTH authentication system code - both Server and Client.
309	# This off by default, since XAUTH is tricky, and you can get into
310	# security trouble unless you do additional configuration.
311	USE_XAUTH?=true
312
313	# When doing XAUTH, include PAM support as well, requires HAVE_THREADS be
314	# true as well
315	USE_XAUTHPAM?=false
316
317	# whether to support NAT Traversal (aka NAT-T)
318	USE_NAT_TRAVERSAL?=true
319
320	# where to support NAT-T in transport mode (needed for Win2K NAT-T Interop)
321	USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
322
323	# Include LDAP support (currently used for fetching CRLs)
324	USE_LDAP?=false
325
326	# Include libcurl support (currently used for fetching CRLs)
327	USE_LIBCURL?=false
328
329	# Include Smartcard support (disabled by default, as most users don't
330	# have the required hardware and drivers/software installed)
331	USE_SMARTCARD?=false
332
333	# should opportunistic encryption be turned on by default?
334	# Enabled during testing, but probably turned off in shipping versions.
335	USE_OE?=no
336	ifeq ($(USE_OE),no)
337	# warning: examples subdirectory is statically defined here
338	OE_FLAG=\#Disable Opportunistic Encryption\\ninclude ${FINALCONFDDIR}/examples/no_oe.conf
339	else
340	endif
341
342	# should we include all manner of known to be broken/weak?
343	# use this only if you are building some kind of a testing
344	# device. Normal use does not need any of this.
345	USE_WEAKSTUFF?=false
346
347	# Do we have pthreads available? Only yes if you need it for XAUTH+PAM,
348	# or if you need it for CRL fetching.
349	#
350	HAVE_THREADS?=false
351
352	# set this to space where a linked/configured tree can be created by
353	# preprhkern4module. Only needed if you are going to be created RPMs
354	# outside of a distribution (as the FS team does for RedHat).
355	#RH_KERNELSRC_POOL=/c2/openswan/rh_kern
356
357	# the following is a list of symbols which will be used to construct
358	# the module goo to identify which module goes with each kernel.
359	MODULE_GOO_LIST=irq_stat netif_rx register_sysctl_table send_sig
360	MODULE_GOO_LIST+=kmalloc __kfree_skb __ip_select_ident alloc_skb
361	MODULE_GOO_LIST+=icmp_send ip_fragment sock_register
362
363	MODULE_DEF_INCLUDE=${OPENSWANSRCDIR}/packaging/linus/config-all.h
364	MODULE_DEFCONFIG?=${KLIPSSRC}/defconfig
365	MODBUILDDIR?=${OPENSWANSRCDIR}/modobj
366	MOD26BUILDDIR?=${OPENSWANSRCDIR}/modobj26
367
368	MODULE_FLAGS:=KLIPSMODULE=true -f ${MODULE_DEFCONFIG}
369
370	# supply kernel-configuration ARCH defaults
371	ifeq ($(ARCH),)
372	ARCH := $(shell uname -m)
373	endif
374	# always sanitize $(ARCH)
375	ARCH := $(shell echo $(ARCH) \| sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
376
377	# export everything so that scripts can use them.
378	export LIBOPENSWANDIR OPENSWANSRCDIR OPENSWANLIB ARCH OSWLOGLIB
379
380	-include ${OPENSWANSRCDIR}/Makefile.ver
381
382	X509_VERSION=X.509-1.5.4
383	NONINTCONFIG=oldconfig
384
385	#KERNELBUILDMFLAGS=--debug=biv V=1
386
387	# for emacs
388	#
389	# Local Variables: ;;;
390	# mode: makefile ;;;
391	# End Variables: ;;;
392	#