updated INSTALL to conform with autotools

added a short HACKING introduction
This commit is contained in:
Martin Willi 2006-06-08 06:34:52 +00:00
parent 8d77eddec2
commit c0d63ac9db
2 changed files with 155 additions and 126 deletions

35
HACKING Normal file
View File

@ -0,0 +1,35 @@
-------------------------
strongSwan - Development
-------------------------
For interested developers, we have a public repository. To check out and
compile the code, you need the following tools:
- Subversion (1.3.1)
- a recent GNU C complier (gcc-3.4.6)
- recent autotools (autoconf-2.59, automake-1.9.6, libtool-1.5.22)
- the usual strongSwan dependencies (gmp >= 4.1.4, optional curl, ldap)
- perl (5.8.8)
- lex (flex-2.5.33)
- yacc (bison-2.1)
- gperf (3.0.1)
- Doxygen (1.4.6)
The numbers in brackets represent the versions used on our development systems,
other version MAY work, too. Not all tools are checked by the configure script,
as they are not needed in the tarball distributions, so check them manually.
To check out the trunk, use:
svn co http://www.strongswan.org/ikev2/trunk strongswan
After a successful check out, give the autotools a try:
cd strongswan/
./autogen.sh
Then you're in, start the build as usual:
./configure [options]
make
make install

146
INSTALL
View File

@ -6,29 +6,69 @@
Contents
--------
1. Required packages
2. Optional packages
2.1 libcurl
2.2 OpenLDAP
2.3 PKCS#11 smartcard library modules
3. Building and running strongSwan with a Linux 2.6 kernel
1. Overview
2. Required packages
3. Optional packages
3.1 libcurl
3.2 OpenLDAP
3.3 PKCS#11 smartcard library modules
4. Kernel configuration
1. Overview
--------
The strongSwan 4.x branch introduces a new build environment featuring
GNU autotools. This should simplify the build process and package
maintenance.
First check for the availability of required packages on your system
(section 2.). You may want to include support for additional features, which
require other packages to be installed (section 3.).
To compile an extracted tarball, run the ./configure script first:
./configure
You may want to specify some arguments listed in section 3., or see the
available options of the script using "./configure --help".
After a successful run of the script, run
make
followed by
make install
in the usual manner.
To check if your kernel fullfills the requirements, see section 4.
Next add your connections to "/etc/ipsec.conf" and your secrets to
"/etc/ipsec.secrets". Connections that are to be negotiated by the new
IKEv2 charon keying daemon should be designated by "keyexchange=ikev2" and
those by the IKEv1 pluto keying daemon either by "keyexchange=ikev1" or
the default "keyexchange=ike".
At last start strongSwan with
ipsec start
1. Required packages
2. Required packages
-----------------
In order to be able to build strongSwan you'll need the GNU Multiprecision
Arithmetic Library (GMP) available from http://www.swox.com/gmp/.
Arithmetic Library (GMP) available from http://www.swox.com/gmp/. At least
version 4.1.5 of libgmp is required.
The libgmp library and the corresponding header file gmp.h are usually
included in the form of one or two packages in the major Linux
distributions (SuSE: gmp; Debian unstable: libgmp3, libgmp3-dev).
2. Optional packages
3. Optional packages
-----------------
2.1 libcurl
3.1 libcurl
-------
If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
@ -49,17 +89,12 @@ Contents
favorite Linux distribution (SuSE: curl, curl-devel).
In order to activate the use of the libcurl library in strongSwan you must
set the USE_LIBCURL option in "Makefile.inc":
enable the ./configure switch:
# include libcurl support (CRL fetching, OCSP and SCEP)
USE_LIBCURL?=true
Under Gentoo emerge strongSwan with
USE="curl -ssl" emerge strongswan
./configure [...] --enable-http
2.2 OpenLDAP
3.2 OpenLDAP
--------
If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
@ -71,28 +106,15 @@ Contents
openldap2-devel).
In order to activate the use of the libldap library in strongSwan you must
set the USE_LDAP option in "Makefile.inc":
enable the ./configure switch:
# include LDAP support (CRL fetching)
USE_LDAP?=true
./configure [...] --enable-ldap
Depending upon whether your LDAP server understands the V3 (preferred) or
V2 LDAP protocol, uncomment one ot the two following lines:
# Uncomment to enable dynamic CRL fetching using LDAP V3
LDAP_VERSION=3
# Uncomment to enable dynamic CRL fetching using LDAP V2
#LDAP_VERSION=2
The latest OpenLDAP releases use the LDAP V3 protocol, whereas older
versions require LDAP V2.
Under Gentoo emerge strongSwan with
USE="ldap -ssl" emerge strongswan
LDAP Protocl version 2 is not supported anymore, --enable-ldap uses always
version 3 of the LDAP protocol
2.3 PKCS#11 smartcard library modules
3.3 PKCS#11 smartcard library modules
---------------------------------
If you want to securely store your X.509 certificates and private RSA keys
@ -111,21 +133,17 @@ Contents
M.U.S.C.L.E project http://www.linuxnet.com/ .
In order to activate the PKCS#11-based smartcard support in strongSwan
you must set the USE_SMARTCARD option in "Makefile.inc":
you must enable the smartcard ./configure switch:
#include PKCS11-based smartcard support
USE_SMARTCARD?=true
./configure [...] --enable-smartcard
During compilation no externel smart card libraries must be present.
strongSwan directly references a copy of the standard RSAREF pkcs11.h
header files stored in the pluto/rsaref sub directory. During compile
time a pathname to a default PKCS#11 dynamical library can be specified
in "Makefile.inc"
with a ./configure flag:
# Uncomment this line if using OpenSC <= 0.9.6
# PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
# Uncomment tis line if using OpenSC >= 0.10.0
PKCS11_DEFAULT_LIB=\"usr/lib/opensc-pkcs11.so\"
./configure --enable-smartcard --with-default-pkcs11=/path/to/lib.so
This default path to the easily-obtainable OpenSC library module can be
simply overridden during run-time by specifying an alternative path in
@ -134,18 +152,13 @@ Contents
config setup
pkcs11module="/usr/lib/xyz-pkcs11.so"
Under Gentoo emerge strongSwan with
USE="smartcard usb -pam -X" emerge strongswan
4. Kernel configuration
--------------------
3. Building and running strongSwan with a Linux 2.6 kernel
-------------------------------------------------------
* Because the Linux 2.6 kernel comes with a built-in native IPsec stack,
you won't need to build the strongSwan kernel modules. Please make sure
that the the following Linux 2.6 IPsec kernel modules are available:
The strongSwan 4.x series currently support only 2.6 kernels and its
nativ IPsec stack. Please make sure that the the following IPsec kernel
modules are available:
o af_key
o ah4
@ -154,28 +167,9 @@ Contents
o xfrm_user
o xfrm4_tunnel
These may be build into the kernel or as modules. Modules get loaded
automatically at strongSwan startup.
Also the built-in kernel Cryptoapi modules with selected encryption and
hash algorithms should be available.
* First select any desired compile options in "Makefile.inc" (see section 2.
Optional packages). Then in the strongwan-4.x.x top directory type
make
followed by
make install
* Next add your connections to "/etc/ipsec.conf" and your secrets to
"/etc/ipsec.secrets". Connections that are to be negotiated by the new
IKEv2 charon keying daemon should be designated by "keyexchange=ikev2" and
those by the IKEv1 pluto keying daemon either by "keyexchange=ikev1" or
the default "keyexchange=ike".
* At last start strongSwan with
ipsec start
-----------------------------------------------------------------------------
This file is RCSID $Id: INSTALL,v 1.9 2006/05/01 16:02:37 as Exp $