Rework LuCI build system

 * Rename subdirectories to their repective OpenWrt package names
 * Make each LuCI module its own standalone package
 * Deploy a shared luci.mk which is used by each module Makefile

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

1 files changed, 336 insertions, 0 deletions

diff --git a/libs/luci-lib-nixio/axTLS/ssl/Config.in b/libs/luci-lib-nixio/axTLS/ssl/Config.in
new file mode 100644
index 0000000000..d047d420ec
--- /dev/null
+++ b/libs/luci-lib-nixio/axTLS/ssl/Config.in
@@ -0,0 +1,336 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "SSL Library"
+
+choice
+    prompt "Mode"
+    default CONFIG_SSL_FULL_MODE
+
+config CONFIG_SSL_SERVER_ONLY
+    bool "Server only - no verification"
+    help
+        Enable server functionality (no client functionality). 
+        This mode still supports sessions and chaining (which can be turned
+        off in configuration).
+
+        The axssl sample runs with the minimum of features.
+                
+        This is the most space efficient of the modes with the library 
+        about 45kB in size. Use this mode if you are doing standard SSL server
+        work.
+
+config CONFIG_SSL_CERT_VERIFICATION
+    bool "Server only - with verification"
+    help
+        Enable server functionality with client authentication (no client
+        functionality). 
+
+        The axssl sample runs with the "-verify" and "-CAfile" options.
+
+        This mode produces a library about 49kB in size. Use this mode if you
+        have an SSL server which requires client authentication (which is 
+        uncommon in browser applications).
+
+config CONFIG_SSL_ENABLE_CLIENT
+    bool "Client/Server enabled"
+    help
+        Enable client/server functionality (including peer authentication).
+
+        The axssl sample runs with the "s_client" option enabled.
+
+        This mode produces a library about 51kB in size. Use this mode if you
+        require axTLS to use SSL client functionality (the SSL server code
+        is always enabled).
+
+config CONFIG_SSL_FULL_MODE
+    bool "Client/Server enabled with diagnostics"
+    help
+        Enable client/server functionality including diagnostics. Most of the
+        extra size in this mode is due to the storage of various strings that
+        are used.
+
+        The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
+
+        This mode produces a library about 58kB in size. It is suggested that 
+        this mode is used only during development, or systems that have more
+        generous memory limits.
+
+        It is the default to demonstrate the features of axTLS.
+
+config CONFIG_SSL_SKELETON_MODE
+    bool "Skeleton mode - the smallest server mode"
+    help
+        This is an experiment to build the smallest library at the expense of
+        features and speed.
+
+        * Server mode only.
+        * The AES cipher is disabled.
+        * No session resumption.
+        * No external keys/certificates are supported.
+        * The bigint library has most of the performance features disabled.
+        * Some other features/API calls may not work.
+
+        This mode produces a library about 37kB in size. The main
+        disadvantage of this mode is speed - it will be much slower than the 
+        other build modes.
+
+endchoice
+
+choice
+    prompt "Protocol Preference"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default CONFIG_SSL_PROT_MEDIUM
+
+config CONFIG_SSL_PROT_LOW
+    bool "Low"
+    help
+        Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
+      
+        This will use the fastest cipher(s) but at the expense of security.
+
+config CONFIG_SSL_PROT_MEDIUM
+    bool "Medium"
+    help
+        Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
+       
+        This mode is a balance between speed and security and is the default.
+
+config CONFIG_SSL_PROT_HIGH
+    bool "High"
+    help
+        Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
+        
+        This will use the strongest cipher(s) at the cost of speed.
+
+endchoice
+
+config CONFIG_SSL_USE_DEFAULT_KEY
+    bool "Enable default key"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default y 
+    help
+        Some applications will not require the default private key/certificate
+        that is built in. This is one way to save on a couple of kB's if an
+        external private key/certificate is used.
+
+        The private key is in ssl/private_key.h and the certificate is in
+        ssl/cert.h.
+
+        The advantage of a built-in private key/certificate is that no file
+        system is required for access. Both the certificate and the private
+        key will be automatically loaded on a ssl_ctx_new().
+        
+        However this private key/certificate can never be changed (without a
+        code update).
+
+        This mode is enabled by default. Disable this mode if the 
+        built-in key/certificate is not used.
+
+config CONFIG_SSL_PRIVATE_KEY_LOCATION
+    string "Private key file location"
+    depends on !CONFIG_SSL_USE_DEFAULT_KEY && !CONFIG_SSL_SKELETON_MODE
+    help
+        The file location of the private key which will be automatically
+        loaded on a ssl_ctx_new().
+
+config CONFIG_SSL_PRIVATE_KEY_PASSWORD
+    string "Private key password"
+    depends on !CONFIG_SSL_USE_DEFAULT_KEY && CONFIG_SSL_HAS_PEM
+    help
+        The password required to decrypt a PEM-encoded password file.
+
+config CONFIG_SSL_X509_CERT_LOCATION
+    string "X.509 certificate file location"
+    depends on !CONFIG_SSL_GENERATE_X509_CERT && !CONFIG_SSL_USE_DEFAULT_KEY && !CONFIG_SSL_SKELETON_MODE
+    help
+        The file location of the X.509 certificate which will be automatically
+        loaded on a ssl_ctx_new().
+
+config CONFIG_SSL_GENERATE_X509_CERT
+    bool "Generate X.509 Certificate"
+    default n
+    help
+        An X.509 certificate can be automatically generated on a
+        ssl_ctx_new(). A private key still needs to be provided (the private
+        key in ss/private_key.h will be used unless 
+        CONFIG_SSL_PRIVATE_KEY_LOCATION is set).
+
+        The certificate is generated on the fly, and so a minor start-up time
+        penalty is to be expected. This feature adds around 5kB to the
+        library.
+
+        This feature is disabled by default.
+
+config CONFIG_SSL_X509_COMMON_NAME
+    string "X.509 Common Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The common name for the X.509 certificate. This should be the fully 
+        qualified domain name (FQDN), e.g. www.foo.com.
+
+        If this is blank, then this will be value from gethostname() and
+        getdomainname().
+
+config CONFIG_SSL_X509_ORGANIZATION_NAME
+    string "X.509 Organization Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The organization name for the generated X.509 certificate. 
+
+        This field is optional.
+
+config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    string "X.509 Organization Unit Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The organization unit name for the generated X.509 certificate. 
+
+        This field is optional.
+
+config CONFIG_SSL_ENABLE_V23_HANDSHAKE
+    bool "Enable v23 Handshake"
+    default y
+    help
+        Some browsers use the v23 handshake client hello message 
+        (an SSL2 format message which all SSL servers can understand). 
+        It may be used if SSL2 is enabled in the browser.
+
+        Since this feature takes a kB or so, this feature may be disabled - at
+        the risk of making it incompatible with some browsers (IE6 is ok,
+        Firefox 1.5 and below use it).
+
+        Disable if backwards compatibility is not an issue (i.e. the client is
+        always using TLS1.0)
+
+config CONFIG_SSL_HAS_PEM
+    bool "Enable PEM"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SKELETON_MODE
+    help
+        Enable the use of PEM format for certificates and private keys.
+
+        PEM is not normally needed - PEM files can be converted into DER files
+        quite easily. However they have the convenience of allowing multiple
+        certificates/keys in the same file.
+        
+        This feature will add a couple of kB to the library. 
+
+        Disable if PEM is not used (which will be in most cases).
+
+config CONFIG_SSL_USE_PKCS12
+    bool "Use PKCS8/PKCS12"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        PKCS#12 certificates combine private keys and certificates together in
+        one file.
+
+        PKCS#8 private keys are also suppported (as it is a subset of PKCS#12).
+
+        The decryption of these certificates uses RC4-128 (and these
+        certificates must be encrypted using this cipher). The actual
+        algorithm is "PBE-SHA1-RC4-128".
+
+        Disable if PKCS#12 is not used (which will be in most cases).
+
+config CONFIG_SSL_EXPIRY_TIME
+    int "Session expiry time (in hours)"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default 24 
+    help
+        The time (in hours) before a session expires. 
+        
+        A longer time means that the expensive parts of a handshake don't 
+        need to be run when a client reconnects later.
+
+        The default is 1 day.
+
+config CONFIG_X509_MAX_CA_CERTS
+    int "Maximum number of certificate authorites"
+    default 4
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        Determines the number of CA's allowed. 
+
+        Increase this figure if more trusted sites are allowed. Each
+        certificate adds about 300 bytes (when added).
+
+        The default is to allow four certification authorities.
+
+config CONFIG_SSL_MAX_CERTS
+    int "Maximum number of chained certificates"
+    default 2
+    help
+        Determines the number of certificates used in a certificate
+        chain. The chain length must be at least 1.
+
+        Increase this figure if more certificates are to be added to the 
+        chain. Each certificate adds about 300 bytes (when added).
+
+        The default is to allow one certificate + 1 certificate in the chain
+        (which may be the certificate authority certificate).
+
+config CONFIG_SSL_CTX_MUTEXING
+    bool "Enable SSL_CTX mutexing"
+    default n
+    help
+        Normally mutexing is not required - each SSL_CTX object can deal with
+        many SSL objects (as long as each SSL_CTX object is using a single
+        thread).
+
+        If the SSL_CTX object is not thread safe e.g. the case where a 
+        new thread is created for each SSL object, then mutexing is required. 
+
+        Select y when a mutex on the SSL_CTX object is required.
+
+config CONFIG_USE_DEV_URANDOM
+    bool "Use /dev/urandom"
+    default y
+    depends on !CONFIG_PLATFORM_WIN32
+    help 
+        Use /dev/urandom. Otherwise a custom RNG is used.
+
+        This will be the default on most Linux systems.
+
+config CONFIG_WIN32_USE_CRYPTO_LIB
+    bool "Use Win32 Crypto Library"
+    depends on CONFIG_PLATFORM_WIN32
+    help 
+        Microsoft produce a Crypto API which requires the Platform SDK to be
+        installed. It's used for the RNG.
+
+        This will be the default on most Win32 systems.
+
+config CONFIG_OPENSSL_COMPATIBLE
+    bool "Enable openssl API compatibility"
+    default n
+    help 
+        To ease the porting of openssl applications, a subset of the openssl
+        API is wrapped around the axTLS API.
+
+        Note: not all the API is implemented, so parts may still break. And
+        it's definitely not 100% compatible.
+
+config CONFIG_PERFORMANCE_TESTING
+    bool "Build the bigint performance test tool"
+    default n
+    help
+        Used for performance testing of bigint.
+
+        This is a testing tool and is normally disabled.
+
+config CONFIG_SSL_TEST
+    bool "Build the SSL testing tool"
+    default n
+    depends on CONFIG_SSL_FULL_MODE && !CONFIG_SSL_GENERATE_X509_CERT 
+    help
+        Used for sanity checking the SSL handshaking.
+
+        This is a testing tool and is normally disabled.
+
+endmenu