stunnel: Bring it back at v5.10

From: Michael Haas <haas@computerlinguist.org> * init script no longer creates certificates (consider client mode as use case) * patches/010_fix_getnameinfo.patch: Fix getnameinfo signature * patches/011_disable_ssp_linking.patch: Disable -fstack-protector as it is not always available in OpenWRT * old patches (in oldpackages) no longer necessary * remove libwrap dependency * remove libpthread dependency * respect CONFIG_IPV6 * init script uses procd * sample stunnel.conf runs in client mode - prevents start failure, does not require cert Possible enhancement: automatically generate certificate as done in uhttpd. However, as client mode is a possible use case, I'd rather not. Additionally, stunnel may use several certs with user-defined locations and we can't easily set a cert location via command-line args. The package is based on https://sites.google.com/site/twisteroidambassador/openwrt/stunnel Signed-off-by: Michael Haas <haas@computerlinguist.org>
2026-04-30 07:28:39 +01:00 · 2015-03-10 09:54:17 +01:00
parent b59def2299
commit f6927350e4
5 changed files with 299 additions and 0 deletions
@@ -0,0 +1,77 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=stunnel
+PKG_VERSION:=5.10
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-2.0+
+PKG_MAINTAINER:=Michael Haas <haas@computerlinguist.org>
+PKG_LICENSE_FILES:=COPYING COPYRIGHT.GPL
+
+PKG_SOURCE_URL:=http://stunnel.cybermirror.org/archive/5.x/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MD5SUM:=a0edda805eb7d6ea600a230fb0979ea1
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/stunnel
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libopenssl
+  TITLE:=SSL TCP Wrapper
+  URL:=http://www.stunnel.org/
+endef
+
+define Package/stunnel/description
+	Stunnel is a program that allows you to encrypt arbitrary TCP
+	connections inside SSL (Secure Sockets Layer) available on both Unix
+	and Windows. Stunnel can allow you to secure non-SSL aware daemons and
+	protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
+	encryption, requiring no changes to the daemon's code.
+endef
+
+define Package/stunnel/conffiles
+/etc/stunnel/stunnel.conf
+endef
+
+
+CONFIGURE_ARGS+= \
+	--with-random=/dev/urandom \
+	--with-threads=fork \
+	--with-ssl=$(STAGING_DIR)/usr \
+	--disable-libwrap \
+	--disable-systemd
+
+ifeq ($(CONFIG_IPV6),n)
+CONFIGURE_ARGS+= \
+	--disable-ipv6
+endif
+
+define Build/Compile
+	mkdir -p $(PKG_INSTALL_DIR)/etc/stunnel
+	echo '#dummy' > $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.pem
+	$(call Build/Compile/Default)
+endef
+
+define Package/stunnel/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stunnel $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/lib/stunnel
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
+	$(INSTALL_DIR) $(1)/etc/stunnel
+	$(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel
+endef
+
+$(eval $(call BuildPackage,stunnel))