1 |
commit: 384e14dafea620bbe4f61ea2effbe77b5130dccc |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Feb 8 02:26:48 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Feb 8 02:26:48 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=384e14da |
7 |
|
8 |
net-firewall/ipsec-tools: testing new ebuild, bug #365077 |
9 |
|
10 |
(Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with key 0xD0455535) |
11 |
|
12 |
--- |
13 |
net-firewall/ipsec-tools/ChangeLog | 9 + |
14 |
net-firewall/ipsec-tools/Manifest | 17 ++ |
15 |
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 +++ |
16 |
net-firewall/ipsec-tools/files/racoon.conf.d | 19 ++ |
17 |
net-firewall/ipsec-tools/files/racoon.init.d | 58 ++++++ |
18 |
net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild | 183 ++++++++++++++++++++ |
19 |
net-firewall/ipsec-tools/metadata.xml | 14 ++ |
20 |
7 files changed, 325 insertions(+), 0 deletions(-) |
21 |
|
22 |
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog |
23 |
new file mode 100644 |
24 |
index 0000000..e01c2c3 |
25 |
--- /dev/null |
26 |
+++ b/net-firewall/ipsec-tools/ChangeLog |
27 |
@@ -0,0 +1,9 @@ |
28 |
+ |
29 |
+ |
30 |
+*ipsec-tools-0.8.0 (08 Feb 2012) |
31 |
+ |
32 |
+ 08 Feb 2012; Anthony G. Basile <blueness@g.o> |
33 |
+ +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch, |
34 |
+ +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml: |
35 |
+ Testing new ebuild, bug #365077 |
36 |
+ |
37 |
|
38 |
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest |
39 |
new file mode 100644 |
40 |
index 0000000..01000bb |
41 |
--- /dev/null |
42 |
+++ b/net-firewall/ipsec-tools/Manifest |
43 |
@@ -0,0 +1,17 @@ |
44 |
+-----BEGIN PGP SIGNED MESSAGE----- |
45 |
+Hash: SHA256 |
46 |
+ |
47 |
+AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 |
48 |
+AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SHA1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f960260929d083c1f6ddfcf094b371bcc2155fb6735d289f |
49 |
+AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 SHA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197f90eef7d98573280ebb445b0260d0442aec6f4d0937 |
50 |
+DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 |
51 |
+EBUILD ipsec-tools-0.8.0.ebuild 5092 RMD160 67bb3161ee0d396090981681e139637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275 |
52 |
+MISC ChangeLog 250 RMD160 503df09837a8c66d69d5dec9c025ab3bd913b347 SHA1 206dba63f2098d006c7e9580f7f1d45251d8bdd4 SHA256 03e6098bbb57bca95e0568e60ae23d8c1ce60fffd66808ea64bb469970a1d71b |
53 |
+MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40 |
54 |
+-----BEGIN PGP SIGNATURE----- |
55 |
+Version: GnuPG v2.0.17 (GNU/Linux) |
56 |
+ |
57 |
+iEYEAREIAAYFAk8x3WgACgkQl5yvQNBFVTVwfgCfQErxJYtBH+nldzNQoLZGC8et |
58 |
+gPMAnispXwXM6zgd5hYyQ8s9doQg0V3l |
59 |
+=QB73 |
60 |
+-----END PGP SIGNATURE----- |
61 |
|
62 |
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch |
63 |
new file mode 100644 |
64 |
index 0000000..f351860 |
65 |
--- /dev/null |
66 |
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch |
67 |
@@ -0,0 +1,25 @@ |
68 |
+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c |
69 |
+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200 |
70 |
++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200 |
71 |
+@@ -2498,8 +2498,21 @@ |
72 |
+ plog(LLV_ERROR, LOCATION, iph1->remote, |
73 |
+ "couldn't find the pskey for %s.\n", |
74 |
+ saddrwop2str(iph1->remote)); |
75 |
++ } |
76 |
++ } |
77 |
++ if (iph1->authstr == NULL) { |
78 |
++ /* |
79 |
++ * If we could not locate a psk above try and locate |
80 |
++ * the default psk, ie, "*". |
81 |
++ */ |
82 |
++ iph1->authstr = privsep_getpsk("*", 1); |
83 |
++ if (iph1->authstr == NULL) { |
84 |
++ plog(LLV_ERROR, LOCATION, iph1->remote, |
85 |
++ "couldn't find the the default pskey either.\n"); |
86 |
+ goto end; |
87 |
+ } |
88 |
++ plog(LLV_NOTIFY, LOCATION, iph1->remote, |
89 |
++ "Using default PSK.\n"); |
90 |
+ } |
91 |
+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); |
92 |
+ /* should be secret PSK */ |
93 |
|
94 |
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d |
95 |
new file mode 100644 |
96 |
index 0000000..b2a1e72 |
97 |
--- /dev/null |
98 |
+++ b/net-firewall/ipsec-tools/files/racoon.conf.d |
99 |
@@ -0,0 +1,19 @@ |
100 |
+# Copyright 1999-2012 Gentoo Foundation |
101 |
+# Distributed under the terms of the GNU General Public License v2 |
102 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $ |
103 |
+ |
104 |
+# Config file for /etc/init.d/racoon |
105 |
+ |
106 |
+# See the manual pages for racoon or run `racoon --help` |
107 |
+# for valid command-line options |
108 |
+ |
109 |
+RACOON_OPTS="-4" |
110 |
+ |
111 |
+RACOON_CONF="/etc/racoon/racoon.conf" |
112 |
+RACOON_PSK_FILE="/etc/racoon/psk.txt" |
113 |
+SETKEY_CONF="/etc/ipsec.conf" |
114 |
+ |
115 |
+# Comment or remove the following if you don't want the policy tables |
116 |
+# to be flushed when racoon is stopped. |
117 |
+ |
118 |
+RACOON_RESET_TABLES="true" |
119 |
|
120 |
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d |
121 |
new file mode 100644 |
122 |
index 0000000..18703fc |
123 |
--- /dev/null |
124 |
+++ b/net-firewall/ipsec-tools/files/racoon.init.d |
125 |
@@ -0,0 +1,58 @@ |
126 |
+#!/sbin/runscript |
127 |
+# Copyright 1999-2012 Gentoo Foundation |
128 |
+# Distributed under the terms of the GNU General Public License v2 |
129 |
+ |
130 |
+depend() { |
131 |
+ before netmount |
132 |
+ use net |
133 |
+} |
134 |
+ |
135 |
+checkconfig() { |
136 |
+ if [ ! -e ${SETKEY_CONF} ] ; then |
137 |
+ eerror "You need to configure setkey before starting racoon." |
138 |
+ return 1 |
139 |
+ fi |
140 |
+ if [ ! -e ${RACOON_CONF} ] ; then |
141 |
+ eerror "You need a configuration file to start racoon." |
142 |
+ return 1 |
143 |
+ fi |
144 |
+ if [ ! -z ${RACOON_PSK_FILE} ] ; then |
145 |
+ if [ ! -f ${RACOON_PSK_FILE} ] ; then |
146 |
+ eerror "PSK file not found as specified." |
147 |
+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." |
148 |
+ return 1 |
149 |
+ fi |
150 |
+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in |
151 |
+ -r--------*) |
152 |
+ ;; |
153 |
+ *) |
154 |
+ eerror "Your defined PSK file should be mode 400 for security!" |
155 |
+ return 1 |
156 |
+ ;; |
157 |
+ esac |
158 |
+ fi |
159 |
+} |
160 |
+ |
161 |
+start() { |
162 |
+ checkconfig || return 1 |
163 |
+ einfo "Loading ipsec policies from ${SETKEY_CONF}." |
164 |
+ /usr/sbin/setkey -f ${SETKEY_CONF} |
165 |
+ if [ $? -eq 1 ] ; then |
166 |
+ eerror "Error while loading ipsec policies" |
167 |
+ fi |
168 |
+ ebegin "Starting racoon" |
169 |
+ start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS} |
170 |
+ eend $? |
171 |
+} |
172 |
+ |
173 |
+stop() { |
174 |
+ ebegin "Stopping racoon" |
175 |
+ start-stop-daemon -K -p /var/run/racoon.pid |
176 |
+ eend $? |
177 |
+ if [ -n "${RACOON_RESET_TABLES}" ]; then |
178 |
+ ebegin "Flushing policy entries" |
179 |
+ /usr/sbin/setkey -F |
180 |
+ /usr/sbin/setkey -FP |
181 |
+ eend $? |
182 |
+ fi |
183 |
+} |
184 |
|
185 |
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild |
186 |
new file mode 100644 |
187 |
index 0000000..1efbf7a |
188 |
--- /dev/null |
189 |
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild |
190 |
@@ -0,0 +1,183 @@ |
191 |
+# Copyright 1999-2012 Gentoo Foundation |
192 |
+# Distributed under the terms of the GNU General Public License v2 |
193 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $ |
194 |
+ |
195 |
+EAPI="4" |
196 |
+ |
197 |
+inherit eutils flag-o-matic autotools linux-info |
198 |
+ |
199 |
+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" |
200 |
+HOMEPAGE="http://ipsec-tools.sourceforge.net/" |
201 |
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" |
202 |
+ |
203 |
+LICENSE="BSD" |
204 |
+SLOT="0" |
205 |
+KEYWORDS="~amd64 ~x86" |
206 |
+IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap" |
207 |
+ |
208 |
+RDEPEND=" |
209 |
+ kerberos? ( virtual/krb5 ) |
210 |
+ selinux? ( |
211 |
+ sys-libs/libselinux |
212 |
+ sec-policy/selinux-ipsec-tools |
213 |
+ ) |
214 |
+ readline? ( sys-libs/readline ) |
215 |
+ pam? ( sys-libs/pam ) |
216 |
+ ldap? ( net-nds/openldap ) |
217 |
+ dev-libs/openssl |
218 |
+ virtual/libiconv" |
219 |
+# iconv? ( virtual/libiconv ) |
220 |
+# radius? ( net-dialup/gnuradius ) |
221 |
+ |
222 |
+DEPEND="${RDEPEND} |
223 |
+ >=sys-kernel/linux-headers-2.6.30" |
224 |
+ |
225 |
+pkg_setup() { |
226 |
+ get_version |
227 |
+ if kernel_is -ge 2 6 19 ; then |
228 |
+ einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)" |
229 |
+ |
230 |
+ if use nat; then |
231 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY" |
232 |
+ export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel" |
233 |
+ fi |
234 |
+ |
235 |
+ for i in XFRM_USER NET_KEY; do |
236 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}" |
237 |
+ eval "export WARNING_${i}='No tunnels will be available at all'" |
238 |
+ done |
239 |
+ |
240 |
+ for i in INET_IPCOMP INET_AH INET_ESP \ |
241 |
+ INET_XFRM_MODE_TRANSPORT \ |
242 |
+ INET_XFRM_MODE_TUNNEL \ |
243 |
+ INET_XFRM_MODE_BEET ; do |
244 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}" |
245 |
+ eval "export WARNING_${i}='IPv4 tunnels will not be available'" |
246 |
+ done |
247 |
+ |
248 |
+ for i in INET6_IPCOMP INET6_AH INET6_ESP \ |
249 |
+ INET6_XFRM_MODE_TRANSPORT \ |
250 |
+ INET6_XFRM_MODE_TUNNEL \ |
251 |
+ INET6_XFRM_MODE_BEET ; do |
252 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}" |
253 |
+ eval "export WARNING_${i}='IPv6 tunnels will not be available'" |
254 |
+ done |
255 |
+ |
256 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL" |
257 |
+ export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available" |
258 |
+ export CONFIG_CHECK |
259 |
+ |
260 |
+ check_extra_config |
261 |
+ else |
262 |
+ eerror "You must have a kernel >=2.6.19 to run ipsec-tools." |
263 |
+ eerror "Building now, assuming that you will run on a different kernel" |
264 |
+ fi |
265 |
+} |
266 |
+ |
267 |
+src_prepare() { |
268 |
+ # fix for bug #76741 |
269 |
+ sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die |
270 |
+ # fix for bug #124813 |
271 |
+ sed -i 's:-Werror::g' "${S}"/configure.ac || die |
272 |
+ # fix for building with gcc-4.6 |
273 |
+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die |
274 |
+ |
275 |
+ epatch "${FILESDIR}/ipsec-tools-def-psk.patch" |
276 |
+ |
277 |
+ AT_M4DIR="${S}" eautoreconf |
278 |
+ epunt_cxx |
279 |
+} |
280 |
+ |
281 |
+src_configure() { |
282 |
+ # fix for bug #61025 |
283 |
+ filter-flags -march=c3 |
284 |
+ |
285 |
+ local myconf |
286 |
+ myconf="--with-kernel-headers=/usr/include \ |
287 |
+ --enable-adminport \ |
288 |
+ --enable-frag \ |
289 |
+ --enable-dpd \ |
290 |
+ --enable-dependency-tracking \ |
291 |
+ $(use_enable rc5) \ |
292 |
+ $(use_enable idea) \ |
293 |
+ $(use_enable kerberos gssapi) \ |
294 |
+ $(use_enable stats) \ |
295 |
+ $(use_enable ipv6) \ |
296 |
+ $(use_enable nat natt) \ |
297 |
+ $(use_enable selinux security-context) \ |
298 |
+ $(use_with readline) \ |
299 |
+ $(use_with pam libpam) \ |
300 |
+ $(use_with ldap libldap)" |
301 |
+ |
302 |
+ use nat && myconf="${myconf} --enable-natt-versions=yes" |
303 |
+ |
304 |
+ # enable mode-cfg and xauth support |
305 |
+ if use pam; then |
306 |
+ myconf="${myconf} --enable-hybrid" |
307 |
+ else |
308 |
+ myconf="${myconf} $(use_enable hybrid)" |
309 |
+ fi |
310 |
+ |
311 |
+ # dev-libs/libiconv is hard masked |
312 |
+ #use iconv && myconf="${myconf} $(use_with iconv libiconv)" |
313 |
+ |
314 |
+ # the default (/usr/include/openssl/) is OK for Gentoo, leave it |
315 |
+ # myconf="${myconf} $(use_with ssl openssl )" |
316 |
+ |
317 |
+ # No way to get it compiling with freeradius or gnuradius |
318 |
+ # We would need libradius which only exists on FreeBSD |
319 |
+ |
320 |
+ # See bug #77369 |
321 |
+ #myconf="${myconf} --enable-samode-unspec" |
322 |
+ |
323 |
+ econf ${myconf} |
324 |
+} |
325 |
+ |
326 |
+src_install() { |
327 |
+ emake DESTDIR="${D}" install |
328 |
+ keepdir /var/lib/racoon |
329 |
+ newconfd "${FILESDIR}"/racoon.conf.d racoon |
330 |
+ newinitd "${FILESDIR}"/racoon.init.d racoon |
331 |
+ |
332 |
+ dodoc ChangeLog README NEWS |
333 |
+ dodoc -r src/racoon/samples |
334 |
+ dodoc -r src/racoon/doc |
335 |
+ |
336 |
+ docinto setkey |
337 |
+ dodoc src/setkey/sample.cf |
338 |
+ |
339 |
+ dodir /etc/racoon |
340 |
+ |
341 |
+ # RFC are only available from CVS for the moment, see einfo below |
342 |
+ #docinto "rfc" |
343 |
+ #dodoc ${S}/src/racoon/rfc/* |
344 |
+} |
345 |
+ |
346 |
+pkg_postinst() { |
347 |
+ if use nat; then |
348 |
+ elog |
349 |
+ elog "You have enabled the nat traversal functionnality." |
350 |
+ elog "Nat versions wich are enabled by default are 00,02,rfc" |
351 |
+ elog "you can find those drafts in the CVS repository:" |
352 |
+ elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools" |
353 |
+ elog |
354 |
+ elog "If you feel brave enough and you know what you are" |
355 |
+ elog "doing, you can consider emerging this ebuild with" |
356 |
+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" |
357 |
+ elog |
358 |
+ fi |
359 |
+ |
360 |
+ if use ldap; then |
361 |
+ elog |
362 |
+ elog "You have enabled ldap support with {$PN}." |
363 |
+ elog "The man page does NOT contain any information on it yet." |
364 |
+ elog "Consider using a more recent version or CVS." |
365 |
+ elog |
366 |
+ fi |
367 |
+ |
368 |
+ elog |
369 |
+ elog "Please have a look in /usr/share/doc/${P} and visit" |
370 |
+ elog "http://www.netbsd.org/Documentation/network/ipsec/" |
371 |
+ elog "to find more information on how to configure this tool." |
372 |
+ elog |
373 |
+} |
374 |
|
375 |
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml |
376 |
new file mode 100644 |
377 |
index 0000000..6e6434c |
378 |
--- /dev/null |
379 |
+++ b/net-firewall/ipsec-tools/metadata.xml |
380 |
@@ -0,0 +1,14 @@ |
381 |
+<?xml version="1.0" encoding="UTF-8"?> |
382 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
383 |
+<pkgmetadata> |
384 |
+ <maintainer> |
385 |
+ <email>blueness@g.o</email> |
386 |
+ </maintainer> |
387 |
+ <use> |
388 |
+ <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag> |
389 |
+ <flag name='idea'>Enable support for the IDEA algorithm</flag> |
390 |
+ <flag name='nat'>Enable NAT-Traversal</flag> |
391 |
+ <flag name='rc5'>Enable support for the patented RC5 algorithm</flag> |
392 |
+ <flag name='stats'>Enable statistics reporting</flag> |
393 |
+ </use> |
394 |
+</pkgmetadata> |