[Swan] Building on OSX 10.9 Mavericks

Paul Wouters paul at nohats.ca
Mon Oct 27 20:56:38 EET 2014 

On Mon, 27 Oct 2014, Noah Easterly wrote:

> Subject: Re: [Swan] Building on OSX 10.9 Mavericks
> 
> Yep, I can remove that line without obvious issue, but the build still has issues:
> 
> Next attempt at `make programs` got
> 
> /usr/local/src/libreswan-3.8/lib/libswan/udpfromto.c:75:2: error: "Must have either IP_PKTINFO or IP_RECVDSTADDR"
> 
> So I added the following to ports/darwin/include/sysdep.h, as OSX supports IP_RECVDSTADDR (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man4/ip.4.html)
> 
> /* udpfromto socket option for BSD */
> #define HAVE_UDPFROMTO 1
> #define HAVE_IP_RECVDSTADDR 1
> 
> The next error after that proved to be
> 
> /usr/local/src/libreswan-3.8/lib/libbsdpfkey/pfkey.c:38:10: fatal error: 'netkey/key_var.h' file not found
> 
> The racoon macport had a similar issue (http://article.gmane.org/gmane.os.opendarwin.darwinports/6225) and I solved it the same way they did (https://trac.macports.org/ticket/2173), by creating an
> include/netkey directory and putting netkey/key_var.h and netkey/key_debug.h (from http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/netkey/) in there.

Sounds all reasonable. If you have a patch with all of this in it, that
would be great :)

> The next error was
> 
> /usr/local/src/libreswan-3.8/programs/pluto/plutomain.c:100:11: fatal error: 'cap-ng.h' file not found
> 
> And a quick google doesn't seem sufficient to solve that. I don't think OSX supports capng_change_id, and I'm not sure what the local analogue would be.

Try this patch:

diff --git a/Makefile.inc b/Makefile.inc
index 67d9b63..f28e952 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -375,9 +375,15 @@ USE_LABELED_IPSEC?=false

  # Support for LIBCAP-NG to drop unneeded capabilities for the pluto
  # daemon
  USE_LIBCAP_NG?=true
+ifeq ($(OSDEP),darwin)
+USE_LIBCAP_NG=false
+endif

  # Support for Network Manager
  USE_NM?=true
+ifeq ($(OSDEP),darwin)
+USE_NM=false
+endif

  # Include LDAP support (currently used for fetching CRLs)
  USE_LDAP?=false

Paul

More information about the Swan mailing list