Using debcheckout to build strongSwan 5.0 on Debian wheezy

Normally most people try to use packages from a stable Linux distribution because of their convenience and security support. Sometimes it's necessary to use a newer version, I recently had to do this with strongSwan and I'm sharing the procedure for other people to try.

These days, it is actually very very easy to build a new version of a package from source and this procedure will work for many Debian packages.

Debian wheezy ships with strongSwan version 4.5 packages. These are lacking support for a couple of features I needed, including dual-stack IPv4/IPv6 virtual IPs on a single user connection and maintaining the DNS server list on road-warriors

Oddly enough, for a variety of reasons, I had to rebuild strongSwan on all the platforms where I wanted to use it (not just on Debian). I recently described how to build it with ECDSA support on Fedora and also how to build it with ECDSA support on OpenWRT. Following all of these procedures you will end up with strongSwan packages on all systems that can interoperate using dual stack IPv4, IPv6 and establish connections quickly, securely and reliably using ECC certificates.

Get the build dependencies

Many packages require extra tools and header files when building. These are packages that are not usually installed or required when running the package. However, they are very easy to get. For strongSwan:

sudo apt-get update
sudo apt-get install devscripts fakeroot
sudo apt-get build-dep strongswan

This should download and install the necessary dependencies. Notice we also installed the devscripts package, it provides the very handy debcheckout utility.

Obtain and build the package

Now for the real work. Fortunately this is not too hard either:

mkdir ~/ws
cd ~/ws
debcheckout strongswan
cd strongswan
dpkg-buildpackage -rfakeroot -uc -b

Look in the directory ~/ws and you will find the .deb package files.

Problems?

On my own system, I observed that I could upgrade from the existing packages to the v5.0.4-6 package without any change to the configuration files. It just worked.

Hopefully, these packages will eventually end up in Debian's backports catalog where you can install them without compiling.

Nonetheless, problems for these packages can still be submitted through Debian's bug tracker - just make sure you clearly indicate that you built the package from source and give the git commit number (output of the command cd ~/ws/strongswan && git show | head -1)

Before trying the package and definitely before reporting any problem, it is worth checking the bug tracker and the Package Tracking System for known issues