[gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
Date:	Wed, 08 Feb 2012 02:27:05
Message-Id:	`384e14dafea620bbe4f61ea2effbe77b5130dccc.blueness@gentoo`

1

commit:     384e14dafea620bbe4f61ea2effbe77b5130dccc

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Wed Feb  8 02:26:48 2012 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Wed Feb  8 02:26:48 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=384e14da

7

8

net-firewall/ipsec-tools: testing new ebuild, bug #365077

9

10

(Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with key 0xD0455535)

11

12

---

13

 net-firewall/ipsec-tools/ChangeLog                 |    9 +

14

 net-firewall/ipsec-tools/Manifest                  |   17 ++

15

 .../ipsec-tools/files/ipsec-tools-def-psk.patch    |   25 +++

16

 net-firewall/ipsec-tools/files/racoon.conf.d       |   19 ++

17

 net-firewall/ipsec-tools/files/racoon.init.d       |   58 ++++++

18

 net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild  |  183 ++++++++++++++++++++

19

 net-firewall/ipsec-tools/metadata.xml              |   14 ++

20

 7 files changed, 325 insertions(+), 0 deletions(-)

21

22

diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog

23

new file mode 100644

24

index 0000000..e01c2c3

25

--- /dev/null

26

+++ b/net-firewall/ipsec-tools/ChangeLog

27

@@ -0,0 +1,9 @@

28

+

29

+

30

+*ipsec-tools-0.8.0 (08 Feb 2012)

31

+

32

+  08 Feb 2012; Anthony G. Basile <blueness@g.o>

33

+  +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch,

34

+  +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml:

35

+  Testing new ebuild, bug #365077

36

+

37

38

diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest

39

new file mode 100644

40

index 0000000..01000bb

41

--- /dev/null

42

+++ b/net-firewall/ipsec-tools/Manifest

43

@@ -0,0 +1,17 @@

44

+-----BEGIN PGP SIGNED MESSAGE-----

45

+Hash: SHA256

46

+

47

+AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656

48

+AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SHA1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f960260929d083c1f6ddfcf094b371bcc2155fb6735d289f

49

+AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 SHA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197f90eef7d98573280ebb445b0260d0442aec6f4d0937

50

+DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717

51

+EBUILD ipsec-tools-0.8.0.ebuild 5092 RMD160 67bb3161ee0d396090981681e139637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275

52

+MISC ChangeLog 250 RMD160 503df09837a8c66d69d5dec9c025ab3bd913b347 SHA1 206dba63f2098d006c7e9580f7f1d45251d8bdd4 SHA256 03e6098bbb57bca95e0568e60ae23d8c1ce60fffd66808ea64bb469970a1d71b

53

+MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40

54

+-----BEGIN PGP SIGNATURE-----

55

+Version: GnuPG v2.0.17 (GNU/Linux)

56

+

57

+iEYEAREIAAYFAk8x3WgACgkQl5yvQNBFVTVwfgCfQErxJYtBH+nldzNQoLZGC8et

58

+gPMAnispXwXM6zgd5hYyQ8s9doQg0V3l

59

+=QB73

60

+-----END PGP SIGNATURE-----

61

62

diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch

63

new file mode 100644

64

index 0000000..f351860

65

--- /dev/null

66

+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch

67

@@ -0,0 +1,25 @@

68

+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c

69

+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c	2009-08-13 11:18:45.000000000 +0200

70

++++ ipsec-tools-0.7.3/src/racoon/oakley.c	2011-06-06 09:36:11.000000000 +0200

71

+@@ -2498,8 +2498,21 @@

72

+ 				plog(LLV_ERROR, LOCATION, iph1->remote,

73

+ 					"couldn't find the pskey for %s.\n",

74

+ 					saddrwop2str(iph1->remote));

75

++			}

76

++		}

77

++		if (iph1->authstr == NULL) {

78

++			/*

79

++			 * If we could not locate a psk above try and locate

80

++			 * the default psk, ie, "*".

81

++			 */

82

++			iph1->authstr = privsep_getpsk("*", 1);

83

++			if (iph1->authstr == NULL) {

84

++				plog(LLV_ERROR, LOCATION, iph1->remote,

85

++					"couldn't find the the default pskey either.\n");

86

+ 				goto end;

87

+ 			}

88

++			plog(LLV_NOTIFY, LOCATION, iph1->remote,

89

++					"Using default PSK.\n");

90

+ 		}

91

+ 		plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");

92

+ 		/* should be secret PSK */

93

94

diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d

95

new file mode 100644

96

index 0000000..b2a1e72

97

--- /dev/null

98

+++ b/net-firewall/ipsec-tools/files/racoon.conf.d

99

@@ -0,0 +1,19 @@

100

+# Copyright 1999-2012 Gentoo Foundation

101

+# Distributed under the terms of the GNU General Public License v2

102

+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $

103

+

104

+# Config file for /etc/init.d/racoon

105

+

106

+# See the manual pages for racoon or run `racoon --help`

107

+# for valid command-line options

108

+

109

+RACOON_OPTS="-4"

110

+

111

+RACOON_CONF="/etc/racoon/racoon.conf"

112

+RACOON_PSK_FILE="/etc/racoon/psk.txt"

113

+SETKEY_CONF="/etc/ipsec.conf"

114

+

115

+# Comment or remove the following if you don't want the policy tables

116

+# to be flushed when racoon is stopped.

117

+

118

+RACOON_RESET_TABLES="true"

119

120

diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d

121

new file mode 100644

122

index 0000000..18703fc

123

--- /dev/null

124

+++ b/net-firewall/ipsec-tools/files/racoon.init.d

125

@@ -0,0 +1,58 @@

126

+#!/sbin/runscript

127

+# Copyright 1999-2012 Gentoo Foundation

128

+# Distributed under the terms of the GNU General Public License v2

129

+

130

+depend() {

131

+	before netmount

132

+	use net

133

+}

134

+

135

+checkconfig() {

136

+	if [ ! -e ${SETKEY_CONF} ] ; then

137

+		eerror "You need to configure setkey before starting racoon."

138

+		return 1

139

+	fi

140

+	if [ ! -e ${RACOON_CONF} ] ; then

141

+		eerror "You need a configuration file to start racoon."

142

+		return 1

143

+	fi

144

+	if [ ! -z ${RACOON_PSK_FILE} ] ; then

145

+		if [ ! -f ${RACOON_PSK_FILE} ] ; then

146

+			eerror "PSK file not found as specified."

147

+			eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."

148

+			return 1

149

+		fi

150

+		case "`ls -Lldn ${RACOON_PSK_FILE}`" in

151

+			-r--------*)

152

+				;;

153

+			*)

154

+				eerror "Your defined PSK file should be mode 400 for security!"

155

+				return 1

156

+				;;

157

+		esac

158

+	fi

159

+}

160

+

161

+start() {

162

+	checkconfig || return 1

163

+	einfo "Loading ipsec policies from ${SETKEY_CONF}."

164

+	/usr/sbin/setkey -f ${SETKEY_CONF}

165

+	if [ $? -eq 1 ] ; then

166

+		eerror "Error while loading ipsec policies"

167

+	fi

168

+	ebegin "Starting racoon"

169

+	start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}

170

+	eend $?

171

+}

172

+

173

+stop() {

174

+	ebegin "Stopping racoon"

175

+	start-stop-daemon -K -p /var/run/racoon.pid

176

+	eend $?

177

+	if [ -n "${RACOON_RESET_TABLES}" ]; then

178

+		ebegin "Flushing policy entries"

179

+		/usr/sbin/setkey -F

180

+		/usr/sbin/setkey -FP

181

+		eend $?

182

+	fi

183

+}

184

185

diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild

186

new file mode 100644

187

index 0000000..1efbf7a

188

--- /dev/null

189

+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild

190

@@ -0,0 +1,183 @@

191

+# Copyright 1999-2012 Gentoo Foundation

192

+# Distributed under the terms of the GNU General Public License v2

193

+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $

194

+

195

+EAPI="4"

196

+

197

+inherit eutils flag-o-matic autotools linux-info

198

+

199

+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"

200

+HOMEPAGE="http://ipsec-tools.sourceforge.net/"

201

+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"

202

+

203

+LICENSE="BSD"

204

+SLOT="0"

205

+KEYWORDS="~amd64 ~x86"

206

+IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"

207

+

208

+RDEPEND="

209

+	kerberos? ( virtual/krb5 )

210

+	selinux? (

211

+		sys-libs/libselinux

212

+		sec-policy/selinux-ipsec-tools

213

+	)

214

+	readline? ( sys-libs/readline )

215

+	pam? ( sys-libs/pam )

216

+	ldap? ( net-nds/openldap )

217

+	dev-libs/openssl

218

+	virtual/libiconv"

219

+#	iconv? ( virtual/libiconv )

220

+#	radius? ( net-dialup/gnuradius )

221

+

222

+DEPEND="${RDEPEND}

223

+	>=sys-kernel/linux-headers-2.6.30"

224

+

225

+pkg_setup() {

226

+	get_version

227

+	if kernel_is -ge 2 6 19 ; then

228

+		einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"

229

+

230

+		if use nat; then

231

+			CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"

232

+			export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"

233

+		fi

234

+

235

+		for i in XFRM_USER NET_KEY; do

236

+			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"

237

+			eval "export WARNING_${i}='No tunnels will be available at all'"

238

+		done

239

+

240

+		for i in INET_IPCOMP INET_AH INET_ESP \

241

+			INET_XFRM_MODE_TRANSPORT \

242

+			INET_XFRM_MODE_TUNNEL \

243

+			INET_XFRM_MODE_BEET ; do

244

+			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"

245

+			eval "export WARNING_${i}='IPv4 tunnels will not be available'"

246

+		done

247

+

248

+		for i in INET6_IPCOMP INET6_AH INET6_ESP \

249

+			INET6_XFRM_MODE_TRANSPORT \

250

+			INET6_XFRM_MODE_TUNNEL \

251

+			INET6_XFRM_MODE_BEET ; do

252

+			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"

253

+			eval "export WARNING_${i}='IPv6 tunnels will not be available'"

254

+		done

255

+

256

+		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"

257

+		export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"

258

+		export CONFIG_CHECK

259

+

260

+		check_extra_config

261

+	else

262

+		eerror "You must have a kernel >=2.6.19 to run ipsec-tools."

263

+		eerror "Building now, assuming that you will run on a different kernel"

264

+	fi

265

+}

266

+

267

+src_prepare() {

268

+	# fix for bug #76741

269

+	sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die

270

+	# fix for bug #124813

271

+	sed -i 's:-Werror::g' "${S}"/configure.ac || die

272

+	# fix for building with gcc-4.6

273

+	sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die

274

+

275

+	epatch "${FILESDIR}/ipsec-tools-def-psk.patch"

276

+

277

+	AT_M4DIR="${S}" eautoreconf

278

+	epunt_cxx

279

+}

280

+

281

+src_configure() {

282

+	# fix for bug #61025

283

+	filter-flags -march=c3

284

+

285

+	local myconf

286

+	myconf="--with-kernel-headers=/usr/include \

287

+			--enable-adminport \

288

+			--enable-frag \

289

+			--enable-dpd \

290

+			--enable-dependency-tracking \

291

+			$(use_enable rc5) \

292

+			$(use_enable idea) \

293

+			$(use_enable kerberos gssapi) \

294

+			$(use_enable stats) \

295

+			$(use_enable ipv6) \

296

+			$(use_enable nat natt) \

297

+			$(use_enable selinux security-context) \

298

+			$(use_with readline) \

299

+			$(use_with pam libpam) \

300

+			$(use_with ldap libldap)"

301

+

302

+	use nat && myconf="${myconf} --enable-natt-versions=yes"

303

+

304

+	# enable mode-cfg and xauth support

305

+	if use pam; then

306

+		myconf="${myconf} --enable-hybrid"

307

+	else

308

+		myconf="${myconf} $(use_enable hybrid)"

309

+	fi

310

+

311

+	# dev-libs/libiconv is hard masked

312

+	#use iconv && myconf="${myconf} $(use_with iconv libiconv)"

313

+

314

+	# the default (/usr/include/openssl/) is OK for Gentoo, leave it

315

+	# myconf="${myconf} $(use_with ssl openssl )"

316

+

317

+	# No way to get it compiling with freeradius or gnuradius

318

+	# We would need libradius which only exists on FreeBSD

319

+

320

+	# See bug #77369

321

+	#myconf="${myconf} --enable-samode-unspec"

322

+

323

+	econf ${myconf}

324

+}

325

+

326

+src_install() {

327

+	emake DESTDIR="${D}" install

328

+	keepdir /var/lib/racoon

329

+	newconfd "${FILESDIR}"/racoon.conf.d racoon

330

+	newinitd "${FILESDIR}"/racoon.init.d racoon

331

+

332

+	dodoc ChangeLog README NEWS

333

+	dodoc -r src/racoon/samples

334

+	dodoc -r src/racoon/doc

335

+

336

+	docinto setkey

337

+	dodoc src/setkey/sample.cf

338

+

339

+	dodir /etc/racoon

340

+

341

+	# RFC are only available from CVS for the moment, see einfo below

342

+	#docinto "rfc"

343

+	#dodoc ${S}/src/racoon/rfc/*

344

+}

345

+

346

+pkg_postinst() {

347

+	if use nat; then

348

+		elog

349

+		elog "You have enabled the nat traversal functionnality."

350

+		elog "Nat versions wich are enabled by default are 00,02,rfc"

351

+		elog "you can find those drafts in the CVS repository:"

352

+		elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"

353

+		elog

354

+		elog "If you feel brave enough and you know what you are"

355

+		elog "doing, you can consider emerging this ebuild with"

356

+		elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""

357

+		elog

358

+	fi

359

+

360

+	if use ldap; then

361

+		elog

362

+		elog "You have enabled ldap support with {$PN}."

363

+		elog "The man page does NOT contain any information on it yet."

364

+		elog "Consider using a more recent version or CVS."

365

+		elog

366

+	fi

367

+

368

+	elog

369

+	elog "Please have a look in /usr/share/doc/${P} and visit"

370

+	elog "http://www.netbsd.org/Documentation/network/ipsec/"

371

+	elog "to find more information on how to configure this tool."

372

+	elog

373

+}

374

375

diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml

376

new file mode 100644

377

index 0000000..6e6434c

378

--- /dev/null

379

+++ b/net-firewall/ipsec-tools/metadata.xml

380

@@ -0,0 +1,14 @@

381

+<?xml version="1.0" encoding="UTF-8"?>

382

+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">

383

+<pkgmetadata>

384

+	<maintainer>

385

+		<email>blueness@g.o</email>

386

+	</maintainer>

387

+	<use>

388

+		<flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>

389

+		<flag name='idea'>Enable support for the IDEA algorithm</flag>

390

+		<flag name='nat'>Enable NAT-Traversal</flag>

391

+		<flag name='rc5'>Enable support for the patented RC5 algorithm</flag>

392

+		<flag name='stats'>Enable statistics reporting</flag>

393

+	</use>

394

+</pkgmetadata>

1	commit: 384e14dafea620bbe4f61ea2effbe77b5130dccc
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Wed Feb 8 02:26:48 2012 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Wed Feb 8 02:26:48 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=384e14da
7
8	net-firewall/ipsec-tools: testing new ebuild, bug #365077
9
10	(Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with key 0xD0455535)
11
12	---
13	net-firewall/ipsec-tools/ChangeLog \| 9 +
14	net-firewall/ipsec-tools/Manifest \| 17 ++
15	.../ipsec-tools/files/ipsec-tools-def-psk.patch \| 25 +++
16	net-firewall/ipsec-tools/files/racoon.conf.d \| 19 ++
17	net-firewall/ipsec-tools/files/racoon.init.d \| 58 ++++++
18	net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild \| 183 ++++++++++++++++++++
19	net-firewall/ipsec-tools/metadata.xml \| 14 ++
20	7 files changed, 325 insertions(+), 0 deletions(-)
21
22	diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
23	new file mode 100644
24	index 0000000..e01c2c3
25	--- /dev/null
26	+++ b/net-firewall/ipsec-tools/ChangeLog
27	@@ -0,0 +1,9 @@
28	+
29	+
30	+*ipsec-tools-0.8.0 (08 Feb 2012)
31	+
32	+ 08 Feb 2012; Anthony G. Basile <blueness@g.o>
33	+ +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch,
34	+ +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml:
35	+ Testing new ebuild, bug #365077
36	+
37
38	diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
39	new file mode 100644
40	index 0000000..01000bb
41	--- /dev/null
42	+++ b/net-firewall/ipsec-tools/Manifest
43	@@ -0,0 +1,17 @@
44	+-----BEGIN PGP SIGNED MESSAGE-----
45	+Hash: SHA256
46	+
47	+AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656
48	+AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SHA1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f960260929d083c1f6ddfcf094b371bcc2155fb6735d289f
49	+AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 SHA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197f90eef7d98573280ebb445b0260d0442aec6f4d0937
50	+DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
51	+EBUILD ipsec-tools-0.8.0.ebuild 5092 RMD160 67bb3161ee0d396090981681e139637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275
52	+MISC ChangeLog 250 RMD160 503df09837a8c66d69d5dec9c025ab3bd913b347 SHA1 206dba63f2098d006c7e9580f7f1d45251d8bdd4 SHA256 03e6098bbb57bca95e0568e60ae23d8c1ce60fffd66808ea64bb469970a1d71b
53	+MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
54	+-----BEGIN PGP SIGNATURE-----
55	+Version: GnuPG v2.0.17 (GNU/Linux)
56	+
57	+iEYEAREIAAYFAk8x3WgACgkQl5yvQNBFVTVwfgCfQErxJYtBH+nldzNQoLZGC8et
58	+gPMAnispXwXM6zgd5hYyQ8s9doQg0V3l
59	+=QB73
60	+-----END PGP SIGNATURE-----
61
62	diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
63	new file mode 100644
64	index 0000000..f351860
65	--- /dev/null
66	+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
67	@@ -0,0 +1,25 @@
68	+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
69	+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
70	++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
71	+@@ -2498,8 +2498,21 @@
72	+ plog(LLV_ERROR, LOCATION, iph1->remote,
73	+ "couldn't find the pskey for %s.\n",
74	+ saddrwop2str(iph1->remote));
75	++ }
76	++ }
77	++ if (iph1->authstr == NULL) {
78	++ /*
79	++ * If we could not locate a psk above try and locate
80	++ * the default psk, ie, "*".
81	++ */
82	++ iph1->authstr = privsep_getpsk("*", 1);
83	++ if (iph1->authstr == NULL) {
84	++ plog(LLV_ERROR, LOCATION, iph1->remote,
85	++ "couldn't find the the default pskey either.\n");
86	+ goto end;
87	+ }
88	++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
89	++ "Using default PSK.\n");
90	+ }
91	+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
92	+ /* should be secret PSK */
93
94	diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d
95	new file mode 100644
96	index 0000000..b2a1e72
97	--- /dev/null
98	+++ b/net-firewall/ipsec-tools/files/racoon.conf.d
99	@@ -0,0 +1,19 @@
100	+# Copyright 1999-2012 Gentoo Foundation
101	+# Distributed under the terms of the GNU General Public License v2
102	+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
103	+
104	+# Config file for /etc/init.d/racoon
105	+
106	+# See the manual pages for racoon or run `racoon --help`
107	+# for valid command-line options
108	+
109	+RACOON_OPTS="-4"
110	+
111	+RACOON_CONF="/etc/racoon/racoon.conf"
112	+RACOON_PSK_FILE="/etc/racoon/psk.txt"
113	+SETKEY_CONF="/etc/ipsec.conf"
114	+
115	+# Comment or remove the following if you don't want the policy tables
116	+# to be flushed when racoon is stopped.
117	+
118	+RACOON_RESET_TABLES="true"
119
120	diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
121	new file mode 100644
122	index 0000000..18703fc
123	--- /dev/null
124	+++ b/net-firewall/ipsec-tools/files/racoon.init.d
125	@@ -0,0 +1,58 @@
126	+#!/sbin/runscript
127	+# Copyright 1999-2012 Gentoo Foundation
128	+# Distributed under the terms of the GNU General Public License v2
129	+
130	+depend() {
131	+ before netmount
132	+ use net
133	+}
134	+
135	+checkconfig() {
136	+ if [ ! -e ${SETKEY_CONF} ] ; then
137	+ eerror "You need to configure setkey before starting racoon."
138	+ return 1
139	+ fi
140	+ if [ ! -e ${RACOON_CONF} ] ; then
141	+ eerror "You need a configuration file to start racoon."
142	+ return 1
143	+ fi
144	+ if [ ! -z ${RACOON_PSK_FILE} ] ; then
145	+ if [ ! -f ${RACOON_PSK_FILE} ] ; then
146	+ eerror "PSK file not found as specified."
147	+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
148	+ return 1
149	+ fi
150	+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in
151	+ -r--------*)
152	+ ;;
153	+ *)
154	+ eerror "Your defined PSK file should be mode 400 for security!"
155	+ return 1
156	+ ;;
157	+ esac
158	+ fi
159	+}
160	+
161	+start() {
162	+ checkconfig \|\| return 1
163	+ einfo "Loading ipsec policies from ${SETKEY_CONF}."
164	+ /usr/sbin/setkey -f ${SETKEY_CONF}
165	+ if [ $? -eq 1 ] ; then
166	+ eerror "Error while loading ipsec policies"
167	+ fi
168	+ ebegin "Starting racoon"
169	+ start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
170	+ eend $?
171	+}
172	+
173	+stop() {
174	+ ebegin "Stopping racoon"
175	+ start-stop-daemon -K -p /var/run/racoon.pid
176	+ eend $?
177	+ if [ -n "${RACOON_RESET_TABLES}" ]; then
178	+ ebegin "Flushing policy entries"
179	+ /usr/sbin/setkey -F
180	+ /usr/sbin/setkey -FP
181	+ eend $?
182	+ fi
183	+}
184
185	diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild
186	new file mode 100644
187	index 0000000..1efbf7a
188	--- /dev/null
189	+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild
190	@@ -0,0 +1,183 @@
191	+# Copyright 1999-2012 Gentoo Foundation
192	+# Distributed under the terms of the GNU General Public License v2
193	+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $
194	+
195	+EAPI="4"
196	+
197	+inherit eutils flag-o-matic autotools linux-info
198	+
199	+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
200	+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
201	+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
202	+
203	+LICENSE="BSD"
204	+SLOT="0"
205	+KEYWORDS="~amd64 ~x86"
206	+IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
207	+
208	+RDEPEND="
209	+ kerberos? ( virtual/krb5 )
210	+ selinux? (
211	+ sys-libs/libselinux
212	+ sec-policy/selinux-ipsec-tools
213	+ )
214	+ readline? ( sys-libs/readline )
215	+ pam? ( sys-libs/pam )
216	+ ldap? ( net-nds/openldap )
217	+ dev-libs/openssl
218	+ virtual/libiconv"
219	+# iconv? ( virtual/libiconv )
220	+# radius? ( net-dialup/gnuradius )
221	+
222	+DEPEND="${RDEPEND}
223	+ >=sys-kernel/linux-headers-2.6.30"
224	+
225	+pkg_setup() {
226	+ get_version
227	+ if kernel_is -ge 2 6 19 ; then
228	+ einfo "Checking for suitable kernel configuration (Networking \| Networking support \| Networking options)"
229	+
230	+ if use nat; then
231	+ CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
232	+ export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
233	+ fi
234	+
235	+ for i in XFRM_USER NET_KEY; do
236	+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
237	+ eval "export WARNING_${i}='No tunnels will be available at all'"
238	+ done
239	+
240	+ for i in INET_IPCOMP INET_AH INET_ESP \
241	+ INET_XFRM_MODE_TRANSPORT \
242	+ INET_XFRM_MODE_TUNNEL \
243	+ INET_XFRM_MODE_BEET ; do
244	+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
245	+ eval "export WARNING_${i}='IPv4 tunnels will not be available'"
246	+ done
247	+
248	+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
249	+ INET6_XFRM_MODE_TRANSPORT \
250	+ INET6_XFRM_MODE_TUNNEL \
251	+ INET6_XFRM_MODE_BEET ; do
252	+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
253	+ eval "export WARNING_${i}='IPv6 tunnels will not be available'"
254	+ done
255	+
256	+ CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
257	+ export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
258	+ export CONFIG_CHECK
259	+
260	+ check_extra_config
261	+ else
262	+ eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
263	+ eerror "Building now, assuming that you will run on a different kernel"
264	+ fi
265	+}
266	+
267	+src_prepare() {
268	+ # fix for bug #76741
269	+ sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c \|\| die
270	+ # fix for bug #124813
271	+ sed -i 's:-Werror::g' "${S}"/configure.ac \|\| die
272	+ # fix for building with gcc-4.6
273	+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac \|\| die
274	+
275	+ epatch "${FILESDIR}/ipsec-tools-def-psk.patch"
276	+
277	+ AT_M4DIR="${S}" eautoreconf
278	+ epunt_cxx
279	+}
280	+
281	+src_configure() {
282	+ # fix for bug #61025
283	+ filter-flags -march=c3
284	+
285	+ local myconf
286	+ myconf="--with-kernel-headers=/usr/include \
287	+ --enable-adminport \
288	+ --enable-frag \
289	+ --enable-dpd \
290	+ --enable-dependency-tracking \
291	+ $(use_enable rc5) \
292	+ $(use_enable idea) \
293	+ $(use_enable kerberos gssapi) \
294	+ $(use_enable stats) \
295	+ $(use_enable ipv6) \
296	+ $(use_enable nat natt) \
297	+ $(use_enable selinux security-context) \
298	+ $(use_with readline) \
299	+ $(use_with pam libpam) \
300	+ $(use_with ldap libldap)"
301	+
302	+ use nat && myconf="${myconf} --enable-natt-versions=yes"
303	+
304	+ # enable mode-cfg and xauth support
305	+ if use pam; then
306	+ myconf="${myconf} --enable-hybrid"
307	+ else
308	+ myconf="${myconf} $(use_enable hybrid)"
309	+ fi
310	+
311	+ # dev-libs/libiconv is hard masked
312	+ #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
313	+
314	+ # the default (/usr/include/openssl/) is OK for Gentoo, leave it
315	+ # myconf="${myconf} $(use_with ssl openssl )"
316	+
317	+ # No way to get it compiling with freeradius or gnuradius
318	+ # We would need libradius which only exists on FreeBSD
319	+
320	+ # See bug #77369
321	+ #myconf="${myconf} --enable-samode-unspec"
322	+
323	+ econf ${myconf}
324	+}
325	+
326	+src_install() {
327	+ emake DESTDIR="${D}" install
328	+ keepdir /var/lib/racoon
329	+ newconfd "${FILESDIR}"/racoon.conf.d racoon
330	+ newinitd "${FILESDIR}"/racoon.init.d racoon
331	+
332	+ dodoc ChangeLog README NEWS
333	+ dodoc -r src/racoon/samples
334	+ dodoc -r src/racoon/doc
335	+
336	+ docinto setkey
337	+ dodoc src/setkey/sample.cf
338	+
339	+ dodir /etc/racoon
340	+
341	+ # RFC are only available from CVS for the moment, see einfo below
342	+ #docinto "rfc"
343	+ #dodoc ${S}/src/racoon/rfc/*
344	+}
345	+
346	+pkg_postinst() {
347	+ if use nat; then
348	+ elog
349	+ elog "You have enabled the nat traversal functionnality."
350	+ elog "Nat versions wich are enabled by default are 00,02,rfc"
351	+ elog "you can find those drafts in the CVS repository:"
352	+ elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"
353	+ elog
354	+ elog "If you feel brave enough and you know what you are"
355	+ elog "doing, you can consider emerging this ebuild with"
356	+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
357	+ elog
358	+ fi
359	+
360	+ if use ldap; then
361	+ elog
362	+ elog "You have enabled ldap support with {$PN}."
363	+ elog "The man page does NOT contain any information on it yet."
364	+ elog "Consider using a more recent version or CVS."
365	+ elog
366	+ fi
367	+
368	+ elog
369	+ elog "Please have a look in /usr/share/doc/${P} and visit"
370	+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
371	+ elog "to find more information on how to configure this tool."
372	+ elog
373	+}
374
375	diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
376	new file mode 100644
377	index 0000000..6e6434c
378	--- /dev/null
379	+++ b/net-firewall/ipsec-tools/metadata.xml
380	@@ -0,0 +1,14 @@
381	+<?xml version="1.0" encoding="UTF-8"?>
382	+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
383	+<pkgmetadata>
384	+ <maintainer>
385	+ <email>blueness@g.o</email>
386	+ </maintainer>
387	+ <use>
388	+ <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
389	+ <flag name='idea'>Enable support for the IDEA algorithm</flag>
390	+ <flag name='nat'>Enable NAT-Traversal</flag>
391	+ <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
392	+ <flag name='stats'>Enable statistics reporting</flag>
393	+ </use>
394	+</pkgmetadata>

Gentoo Archives: gentoo-commits