plugins: remove PLUGIN_FLAVOUR handling and related LibreSSL bits

2023-02-07 09:34:11 +01:00 · 2023-02-07 09:34:11 +01:00 · 38a172b488
parent 2e1d61e301
commit 38a172b488
8 changed files with 5 additions and 27 deletions
--- a/Mk/defaults.mk
+++ b/Mk/defaults.mk
@ -39,18 +39,6 @@ GITVERSION=	${SCRIPTSDIR}/version.sh
 _PLUGIN_ARCH!=	uname -p
 PLUGIN_ARCH?=	${_PLUGIN_ARCH}

-OPENSSL?=	${LOCALBASE}/bin/openssl
-
-.if ! defined(PLUGIN_FLAVOUR)
-.if exists(${OPENSSL})
-_PLUGIN_FLAVOUR!=	${OPENSSL} version
-PLUGIN_FLAVOUR?=	${_PLUGIN_FLAVOUR:[1]}
-.else
-.warning "Detected 'Base' flavour is not currently supported"
-PLUGIN_FLAVOUR?=	Base
-.endif
-.endif
-
 VERSIONBIN=	${LOCALBASE}/sbin/opnsense-version

 .if exists(${VERSIONBIN})
@ -83,7 +71,6 @@ PLUGIN_PYTHON?=	${_PLUGIN_PYTHON:[2]:S/./ /g:[1..2]:tW:S/ //}

 REPLACEMENTS=	PLUGIN_ABI \
 		PLUGIN_ARCH \
-		PLUGIN_FLAVOUR \
 		PLUGIN_HASH \
 		PLUGIN_MAINTAINER \
 		PLUGIN_NAME \
--- a/Templates/version
+++ b/Templates/version
@ -2,7 +2,6 @@
    "product_abi": "%%PLUGIN_ABI%%",
    "product_arch": "%%PLUGIN_ARCH%%",
    "product_email": "%%PLUGIN_MAINTAINER%%",
-    "product_flavour": "%%PLUGIN_FLAVOUR%%",
    "product_hash": "%%PLUGIN_HASH%%",
    "product_id": "%%PLUGIN_PKGNAME%%",
    "product_name": "%%PLUGIN_NAME%%",
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -1,5 +1,6 @@
 PLUGIN_NAME=		haproxy
 PLUGIN_VERSION=		4.0
+PLUGIN_REVISION=	1
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy26
 PLUGIN_MAINTAINER=	opnsense@moov.de
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@ -1050,11 +1050,7 @@ global
    ssl-default-bind-ciphers {{ OPNsense.HAProxy.general.tuning.ssl_cipherList }}
 {%   endif %}
 {%   if OPNsense.HAProxy.general.tuning.ssl_cipherSuites|default("") != "" %}
-{%     if helpers.exists('system.firmware.flavour') and not(helpers.empty('system.firmware.flavour')) and system.firmware.flavour|default('') == 'libressl' %}
-    # WARNING: ssl-default-bind-ciphersuites cannot be used with flavour {{ system.firmware.flavour}}.
-{%     else %}
    ssl-default-bind-ciphersuites {{ OPNsense.HAProxy.general.tuning.ssl_cipherSuites }}
-{%     endif %}
 {%   endif %}
 {% endif %}
 {# # specify local peer #}
@ -1327,11 +1323,7 @@ frontend {{frontend.name}}
 {%             do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
 {%           endif %}
 {%           if frontend.ssl_cipherSuites|default("") != "" %}
-{%             if helpers.exists('system.firmware.flavour') and not(helpers.empty('system.firmware.flavour')) and system.firmware.flavour|default('') == 'libressl' %}
-    # WARNING: ciphersuites cannot be used with flavour {{ system.firmware.flavour}}.
-{%             else %}
 {%               do ssl_options.append('ciphersuites ' ~ frontend.ssl_cipherSuites) %}
-{%             endif %}
 {%           endif %}
 {#           # HSTS #}
 {%           if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
--- a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogHost.xml
+++ b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogHost.xml
@ -50,7 +50,7 @@
      <label>Cipher</label>
      <type>dropdown</type>
      <help>The symmetric cipher algorithm used to encrypt UDP packets.
-             Any cipher supported by LibreSSL or OpenSSL is recognised.
+             Any cipher supported by OpenSSL is recognised.
             Furthermore, specifying "none" will turn off packet encryption.
             It is best to use only those ciphers which support CBC mode
      </help>
--- a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml
+++ b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml
@ -37,7 +37,7 @@
      <label>Cipher</label>
      <type>dropdown</type>
      <help>The symmetric cipher algorithm used to encrypt UDP packets.
-             Any cipher supported by LibreSSL or OpenSSL is recognised.
+             Any cipher supported by OpenSSL is recognised.
             Furthermore, specifying "none" will turn off packet encryption.
             It is best to use only those ciphers which support CBC mode
      </help>
--- a/vendor/sunnyvalley/Makefile
+++ b/vendor/sunnyvalley/Makefile
@ -1,9 +1,8 @@
 PLUGIN_NAME=		sunnyvalley
 PLUGIN_VERSION=		1.2
-PLUGIN_REVISION=	2
+PLUGIN_REVISION=	3
 PLUGIN_COMMENT=		Vendor Repository for Zenarmor (a.k.a Sensei, Next Generation Firewall Extensions)
 PLUGIN_MAINTAINER=	opensource@sunnyvalley.io
 PLUGIN_WWW=		https://www.sunnyvalley.io
-PLUGIN_DEPENDS=		${PLUGIN_FLAVOUR:tl}

 .include "../../Mk/plugins.mk"
--- a/vendor/sunnyvalley/src/etc/pkg/repos/SunnyValley.conf.in
+++ b/vendor/sunnyvalley/src/etc/pkg/repos/SunnyValley.conf.in
@ -1,6 +1,6 @@
 SunnyValley: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/SunnyValley",
-  url: "https://updates.sunnyvalley.io/opnsense/${ABI}/%%PLUGIN_ABI%%/%%PLUGIN_FLAVOUR%%/latest",
+  url: "https://updates.sunnyvalley.io/opnsense/${ABI}/%%PLUGIN_ABI%%/OpenSSL/latest",
  signature_type: "fingerprints",
  priority: 7,
  enabled: yes