ipsec-326.tar.gz

diff --git a/ipsec-tools/Common/config.h b/ipsec-tools/Common/config.h
index 5ded22dcc39e2fca2b17ba8081c8b1b42dacebbc..0aff053600f4339041d90253923941bfc99b600e 100644 (file)
--- a/ipsec-tools/Common/config.h
+++ b/ipsec-tools/Common/config.h
@@ -84,26 +84,26 @@
 #define ENABLE_DNSSEC_CERTS 0
 
 /* Define to 1 if keychain is used */
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #undef HAVE_KEYCHAIN
-#else
+#else // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #define HAVE_KEYCHAIN 1
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 /* Define to 1 if keychain is used */
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #undef HAVE_SECURITY_FRAMEWORK
-#else
+#else // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #define HAVE_SECURITY_FRAMEWORK 1
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 
 /* Define to 1 if Open Dir available */
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #undef HAVE_OPENDIR
-#else
+#else // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #define HAVE_OPENDIR 1
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 #define HAVE_NETINET6_IPSEC 1
 

diff --git a/ipsec-tools/Common/ipsecMessageTracer.h b/ipsec-tools/Common/ipsecMessageTracer.h
index 051c54e076586fc3e52f0cb6c94680a1d8ade619..4f6c80b529448c8e6d86606213894979370f29e2 100644 (file)
--- a/ipsec-tools/Common/ipsecMessageTracer.h
+++ b/ipsec-tools/Common/ipsecMessageTracer.h
@@ -44,7 +44,7 @@
 #define IPSECASLDOMAIN                                                          CONSTSTR("com.apple.Networking.ipsec.asl")
 #define IPSECASLKEY                                                             CONSTSTR("IPSEC")
 
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 #define IPSECCONFIGTRACEREVENT(config, eventCode, message, failure_reason)             
 
@@ -55,7 +55,7 @@
 #define IPSECSESSIONTRACERSTOP(session, is_failure, reason)                                            
 #define IPSECSESSIONTRACERESTABLISHED(session)                                  
 
-#else
+#else // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 #define IPSECCONFIGTRACEREVENT(config, eventCode, message, failure_reason)             ipsecConfigTracerEvent(config, eventCode, message, failure_reason)
 
@@ -66,9 +66,9 @@
 #define IPSECSESSIONTRACERSTOP(session, is_failure, reason)                                            ipsecSessionTracerStop(session, is_failure, reason)
 #define IPSECSESSIONTRACERESTABLISHED(session)                                  ipsecSessionTracerLogEstablished(session)
 
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
-#if 1 //TARGET_OS_EMBEDDED
+#if 1
 #define IPSECLOGASLMSG(format, args...) plog(ASL_LEVEL_NOTICE, format, ##args);
 #else
 #define IPSECLOGASLMSG(format, args...) do {                                                           \

diff --git a/ipsec-tools/racoon/crypto_cssm.c b/ipsec-tools/racoon/crypto_cssm.c
index 008ba514b8565409b428d8b97b8524d361862f27..4e367d020f44c9125eb68257cfc2394fa4b2826b 100644 (file)
--- a/ipsec-tools/racoon/crypto_cssm.c
+++ b/ipsec-tools/racoon/crypto_cssm.c
@@ -51,13 +51,13 @@
 #include <Security/SecPolicySearch.h>
 #endif
 #include <CoreFoundation/CoreFoundation.h>
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include <Security/SecIdentitySearch.h>
 #include <Security/SecKeychain.h>
 #include <Security/SecKeychainItem.h>
 #include <Security/SecKeychainItemPriv.h>
 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include "plog.h"
 #include "debug.h"
 #include "misc.h"
@@ -307,14 +307,14 @@ vchar_t* crypto_cssm_getsign(CFDataRef persistentCertRef, vchar_t* hash)
 
        CFDictionaryRef         persistFind = NULL;
        const void                      *keys_persist[] = { kSecReturnRef, kSecValuePersistentRef, kSecClass,
-#if TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                            kSecUseSystemKeychain,
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                          };
        const void                      *values_persist[] = { kCFBooleanTrue, persistentCertRef, kSecClassIdentity,
-#if TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                              kCFBooleanTrue,
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                            };
     
 #define SIG_BUF_SIZE 1024
@@ -383,14 +383,14 @@ vchar_t* crypto_cssm_get_x509cert(CFDataRef persistentCertRef,
        CFDataRef               certData = NULL;
        SecIdentityRef                  identityRef = NULL;
        const void              *keys_persist[] = { kSecReturnRef, kSecValuePersistentRef, kSecClass,
-#if TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                    kSecUseSystemKeychain,
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                  };
        const void              *values_persist[] = { kCFBooleanTrue, persistentCertRef, kSecClassIdentity,
-#if TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                      kCFBooleanTrue,
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                                                    };
        
        /* find identity by persistent ref */
@@ -568,14 +568,14 @@ GetSecurityErrorString(OSStatus err)
                case errSecNotAvailable:
                        return "errSecNotAvailable";
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
         case memFullErr:
                        return "memFullErr";
                case paramErr:
                        return "paramErr";
                case unimpErr:
                        return "unimpErr";
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 #ifndef HAVE_OPENSSL
         /* SecBase.h: */

diff --git a/ipsec-tools/racoon/handler.h b/ipsec-tools/racoon/handler.h
index dbef8b743aa0d1168f1185c8e77a7713f74c6d3e..1756c090936591a08a806f02ca4bc9a4b072022c 100644 (file)
--- a/ipsec-tools/racoon/handler.h
+++ b/ipsec-tools/racoon/handler.h
@@ -51,7 +51,7 @@
 #endif
 #include <sys/socket.h>
 
-#include <schedule.h>
+#include "schedule.h"
 
 #if __has_include(<nw/private.h>)
 #include <nw/private.h>

diff --git a/ipsec-tools/racoon/isakmp_var.h b/ipsec-tools/racoon/isakmp_var.h
index bdec506c6ecb3cefae4f497a8f809d646c30c8ae..f9719dd330619f0adfac4f5a98fb6c266f4edf6b 100644 (file)
--- a/ipsec-tools/racoon/isakmp_var.h
+++ b/ipsec-tools/racoon/isakmp_var.h
@@ -34,7 +34,7 @@
 
 #include "vmbuf.h"
 #include "racoon_types.h"
-#include <schedule.h>
+#include "schedule.h"
 #if __has_include(<nw/private.h>)
 #include <nw/private.h>
 #else

diff --git a/ipsec-tools/racoon/localconf.h b/ipsec-tools/racoon/localconf.h
index 629c485573e5d9824235e04ce3e403b0da0dfa42..49a30f145f5da563bd52f470fdf211bfde484cea 100644 (file)
--- a/ipsec-tools/racoon/localconf.h
+++ b/ipsec-tools/racoon/localconf.h
@@ -32,9 +32,9 @@
 #ifndef _LOCALCONF_H
 #define _LOCALCONF_H
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include <vproc.h>
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include <dispatch/dispatch.h>
 #if __has_include(<nw/private.h>)
 #include <nw/private.h>
@@ -172,9 +172,9 @@ struct localconf {
                 * is enable, racoon uses old format.
                 */
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        vproc_transaction_t vt; /* returned by vproc_transaction_begin */
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 };
 
 

diff --git a/ipsec-tools/racoon/main.c b/ipsec-tools/racoon/main.c
index 80ec2e42fde804aa69b3de518a64dfcffd15e9b4..42b91993a51e77bef2966f7fbbcae09559e119c2 100644 (file)
--- a/ipsec-tools/racoon/main.c
+++ b/ipsec-tools/racoon/main.c
@@ -80,9 +80,9 @@
 #include "crypto_openssl.h"
 #include "vendorid.h"
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include <sandbox.h>
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
 
 #include <CoreFoundation/CoreFoundation.h>
@@ -154,14 +154,14 @@ main(ac, av)
 {
        int error;
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        char *errorbuf;
        if (sandbox_init("racoon", SANDBOX_NAMED, &errorbuf) == -1) {
                plog(ASL_LEVEL_ERR, "initializing sandbox failed %s", errorbuf);
                sandbox_free_error(errorbuf);
                return -1;
        }
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
        /*
         * Check IPSec plist

diff --git a/ipsec-tools/racoon/pfkey_racoon.c b/ipsec-tools/racoon/pfkey_racoon.c
index 672a9fddfb47aadd5c060b473cbc824ae0ddd499..efa1f6cebe2024a7216f612cb16331e3820f6a93 100644 (file)
--- a/ipsec-tools/racoon/pfkey_racoon.c
+++ b/ipsec-tools/racoon/pfkey_racoon.c
@@ -1987,13 +1987,13 @@ pk_recvacquire(mhp)
                goto err;
        }
        
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        if ( lcconf->vt == NULL){
                if (!(lcconf->vt = vproc_transaction_begin(NULL)))
                        plog(ASL_LEVEL_ERR, 
                                "vproc_transaction_begin returns NULL.\n");
        }
-#endif                         
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
        
        return 0;

diff --git a/ipsec-tools/racoon/power_mgmt.c b/ipsec-tools/racoon/power_mgmt.c
index 370b25fbc89ed060f56e7fc0f33133550a9676ba..a67bf3692cab82a14339158dfe9ed573d2492b5a 100644 (file)
--- a/ipsec-tools/racoon/power_mgmt.c
+++ b/ipsec-tools/racoon/power_mgmt.c
@@ -16,9 +16,9 @@
 #include <IOKit/IOKitLib.h>
 #include <IOKit/pwr_mgt/IOPM.h>
 #include <IOKit/pwr_mgt/IOPMLib.h>
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 #include <IOKit/pwr_mgt/IOPMLibPrivate.h>
-#endif /* !TARGET_OS_EMBEDDED */
+#endif /* !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) */
 #include <IOKit/IOMessage.h>
 
 #include "var.h"

diff --git a/ipsec-tools/racoon/remoteconf.c b/ipsec-tools/racoon/remoteconf.c
index 59a634195ef8f1ea9255e2a1bb0c5bd7bf9db25b..b24954e0a830921825ed299a650682c606a9442f 100644 (file)
--- a/ipsec-tools/racoon/remoteconf.c
+++ b/ipsec-tools/racoon/remoteconf.c
@@ -216,17 +216,17 @@ no_remote_configs(ignore_anonymous)
 {
        
        struct remoteconf *p;
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        static const char default_idv[] = "macuser@localhost";
        static const int default_idv_len = sizeof(default_idv) - 1;
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
        TAILQ_FOREACH(p, &rmtree, chain) {
                if (ignore_anonymous) {
                        if (p->remote->ss_family == AF_UNSPEC)  /* anonymous */
                                continue;
                }
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                // ignore the default btmm ipv6 config thats always present in racoon.conf
                if (p->remote->ss_family == AF_INET6 &&
                        p->idvtype == IDTYPE_USERFQDN &&
@@ -235,7 +235,7 @@ no_remote_configs(ignore_anonymous)
                        strncmp(p->idv->v, default_idv, p->idv->l) == 0) {
                        continue;
                }
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                return 0;
        }
        return 1;

diff --git a/ipsec-tools/racoon/session.c b/ipsec-tools/racoon/session.c
index 208ff5dcb110e78d81555a8ed83cd8b0a062dd4e..14ea97e908b4155d5bb0688ce813cd58cf0f24e7 100644 (file)
--- a/ipsec-tools/racoon/session.c
+++ b/ipsec-tools/racoon/session.c
@@ -72,6 +72,7 @@
 #include <vproc_priv.h>
 #include <dispatch/dispatch.h>
 #include <xpc/xpc.h>
+#include <os/transaction_private.h>
 
 #include "libpfkey.h"
 
@@ -109,6 +110,8 @@
 #include <libproc.h>
 
 
+#define IKEv1_TRANSACTION      "IKEv1_Transaction"
+
 extern pid_t racoon_pid;
 extern int launchdlaunched;
 static void close_session (int);
@@ -129,6 +132,8 @@ dispatch_queue_t main_queue;
 
 static NEPolicySessionRef policySession = NULL;
 
+static os_transaction_t g_ikev1_transaction = NULL;
+
 /*
  * This is used to (manually) update racoon's launchd keepalive, which is needed because racoon is (mostly) 
  * launched on demand and for <rdar://problem/8768510> requires a keepalive on dirty/failure exits.
@@ -314,13 +319,15 @@ session(void)
                                "cannot open %s", pid_file);
                }
        }
+
+       if (g_ikev1_transaction == NULL) {
+               g_ikev1_transaction = os_transaction_create(IKEv1_TRANSACTION);
+       }
        
-       xpc_transaction_begin();
-       
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        // enable keepalive for recovery (from crashes and bad exits... after init)
        (void)launchd_update_racoon_keepalive(true);
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                
     // Off to the races!
     if (!terminated) {
@@ -342,12 +349,15 @@ close_session(int error)
        ike_session_flush_all_phase1(false);
        close_sockets();
 
-       xpc_transaction_end();
+       if (g_ikev1_transaction != NULL) {
+               os_release(g_ikev1_transaction);
+               g_ikev1_transaction = NULL;
+       }
        
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        // a clean exit, so disable launchd keepalive
        (void)launchd_update_racoon_keepalive(false);
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
        plog(ASL_LEVEL_NOTICE, "racoon shutdown\n");
        exit(0);
@@ -425,10 +435,10 @@ check_flushsa()
                return;
        }
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        if (lcconf->vt)
                vproc_transaction_end(NULL, lcconf->vt);
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
     close_session(0);
 }
 
@@ -535,7 +545,7 @@ check_sigreq()
                 if (lcconf->logfile_param == NULL && logFileStr[0] == 0)
                     plogresetfile(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
                                            
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                 if (no_remote_configs(TRUE)) {
 #if ENABLE_NO_SA_FLUSH
                     close_session(0);
@@ -549,7 +559,7 @@ check_sigreq()
                     dying();
 #endif /* ENABLE_NO_SA_FLUSH */
                 }
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
                 break;
                 

diff --git a/ipsec-tools/racoon/vpn_control.c b/ipsec-tools/racoon/vpn_control.c
index be334db88c560f2060d4e818d25c84cfb9ca973f..e20c8233382a8b0cacc27b9f2e94cdb76e05288f 100644 (file)
--- a/ipsec-tools/racoon/vpn_control.c
+++ b/ipsec-tools/racoon/vpn_control.c
@@ -51,9 +51,6 @@
  * SUCH DAMAGE.
  */
 
-//#define LION_TEST 1
-
-
 #include "config.h"
 
 #include <sys/types.h>
@@ -82,9 +79,6 @@
 #include <unistd.h>
 #endif
 #include <launch.h>
-#ifndef LION_TEST
-#include <launch_priv.h>
-#endif
 #include <fcntl.h>
 
 #include "var.h"
@@ -130,87 +124,25 @@ extern int vpn_xauth_reply (u_int32_t, void *, size_t);
 int
 checklaunchd()
 {
-       launch_data_t checkin_response = NULL;
-#ifdef LION_TEST
-    launch_data_t checkin_request = NULL;
-#endif
-       launch_data_t sockets_dict, listening_fd_array;
-       launch_data_t listening_fd;
-       struct sockaddr_storage fdsockaddr;
-       socklen_t fdsockaddrlen = sizeof(fdsockaddr);
-       int socketct;
-       int i;
-       int listenerct;
        int returnval = 0;
-       int fd;
-       
-       /* check in with launchd */
-#ifdef LION_TEST
-    if ((checkin_request = launch_data_new_string(LAUNCH_KEY_CHECKIN)) == NULL) {
-#else
-       if ((checkin_response = launch_socket_service_check_in()) == NULL) {
-#endif
-               plog(ASL_LEVEL_ERR,
-                        "failed to launch_socket_service_check_in.\n");
-               goto done;
-       }
-#ifdef LION_TEST
-    if ((checkin_response = launch_msg(checkin_request)) == NULL) {
-        plog(ASL_LEVEL_ERR, "failed to launch_msg.\n");
-        goto done;
-    }
-#endif
-       if (LAUNCH_DATA_ERRNO == launch_data_get_type(checkin_response)) {
-               plog(ASL_LEVEL_ERR,
-                        "launch_data_get_type error %d\n",
-                        launch_data_get_errno(checkin_response));
-               goto done;
-       }
-       if ( (sockets_dict = launch_data_dict_lookup(checkin_response, LAUNCH_JOBKEY_SOCKETS)) == NULL){
-               plog(ASL_LEVEL_ERR,
-                        "failed to launch_data_dict_lookup.\n");
-               goto done;
-       }
-       if ( !(socketct = launch_data_dict_get_count(sockets_dict))){
-               plog(ASL_LEVEL_ERR,
-                        "launch_data_dict_get_count returns no socket defined.\n");
-               goto done;
-       }
-       
-       if ( (listening_fd_array = launch_data_dict_lookup(sockets_dict, "Listeners")) == NULL ){
-               plog(ASL_LEVEL_ERR,
-                        "failed to launch_data_dict_lookup.\n");
-               goto done;
+       int *listening_fd_array = NULL;
+       size_t fd_count = 0;
+
+       int result = launch_activate_socket("Listeners", &listening_fd_array, &fd_count);
+       if (result != 0) {
+               plog(ASL_LEVEL_ERR, "failed to launch_activate_socket with error %s.\n", strerror(result));
+               return returnval;
        }
-       listenerct = launch_data_array_get_count(listening_fd_array);
-       for (i = 0; i < listenerct; i++) {
-               listening_fd = launch_data_array_get_index(listening_fd_array, i);
-               fd = launch_data_get_fd( listening_fd );
-               if ( getsockname( fd , (struct sockaddr *)&fdsockaddr, &fdsockaddrlen)){
-                       continue;
-               }
-               
-               /* Is this the VPN control socket? */
-               if ( fdsockaddr.ss_family == AF_UNIX &&
-                               (!(strcmp(vpncontrolsock_path, ((struct sockaddr_un *)&fdsockaddr)->sun_path))))
-               {
-                       plog(ASL_LEVEL_NOTICE,
-                                "found launchd socket.\n");
-                       returnval = fd;
-                       break;
+
+       if (listening_fd_array != NULL) {
+               if (fd_count > 0) {
+                       returnval = listening_fd_array[0];
                }
+               free(listening_fd_array);
+               listening_fd_array = NULL;
        }
-       // TODO: check if we have any leaked fd
-       if ( listenerct == i){
-               plog(ASL_LEVEL_ERR,
-                        "failed to find launchd socket\n");
-               returnval = 0;
-       }
-       
-done:
-       if (checkin_response)
-               launch_data_free(checkin_response);
-       return(returnval);
+
+       return returnval;
 }
 
                

diff --git a/ipsec.xcodeproj/project.pbxproj b/ipsec.xcodeproj/project.pbxproj
index 37cc7f313ad2eccc2d05225115266023ee01760d..7ef6c45e83d7924ffeac6ebac45daf313d59a6fc 100644 (file)
--- a/ipsec.xcodeproj/project.pbxproj
+++ b/ipsec.xcodeproj/project.pbxproj
@@ -1726,6 +1726,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                SKIP_INSTALL = YES;
@@ -1757,6 +1758,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                YACCFLAGS = "$(YACCFLAGS) -d -p__libipsec";
@@ -1786,6 +1788,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                YACCFLAGS = "$(YACCFLAGS) -d -p__libipsec";
@@ -2792,6 +2795,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                SKIP_INSTALL = YES;
@@ -2826,6 +2830,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                WARNING_CFLAGS = "-Wcast-align";
@@ -2858,6 +2863,7 @@
                                INSTALL_GROUP = wheel;
                                INSTALL_MODE_FLAG = 555;
                                INSTALL_PATH = /usr/lib;
+                               IS_ZIPPERED = YES;
                                LEXFLAGS = "$(LEXFLAGS) -P__libipsec";
                                PRODUCT_NAME = ipsec.A;
                                WARNING_CFLAGS = "-Wcast-align";