Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jeremy Olexa <darkside@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] dev/darkside:master commit in: net-misc/openvpn/, net-misc/openvpn/files/
Date: Sun, 29 Jan 2012 04:32:40
Message-Id: 54ce210f763c641c0bda088dc38e0025fb45d814.darkside@gentoo
1 commit: 54ce210f763c641c0bda088dc38e0025fb45d814
2 Author: Jeremy Olexa <darkside <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jan 29 04:32:25 2012 +0000
4 Commit: Jeremy Olexa <darkside <AT> gentoo <DOT> org>
5 CommitDate: Sun Jan 29 04:32:25 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=dev/darkside.git;a=commit;h=54ce210f
7
8 [net-misc/openvpn] version bump to 2.2.2, bug 383537
9
10 ---
11 net-misc/openvpn/Manifest | 2 +
12 net-misc/openvpn/files/65openvpn | 1 +
13 net-misc/openvpn/files/down.sh | 33 ++++
14 net-misc/openvpn/files/openvpn-2.1.conf | 18 ++
15 net-misc/openvpn/files/openvpn-2.1.init | 133 +++++++++++++++
16 .../openvpn/files/openvpn-2.1_rc13-peercred.patch | 10 ++
17 net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch | 36 ++++
18 net-misc/openvpn/files/openvpn.init | 63 +++++++
19 net-misc/openvpn/files/up.sh | 82 ++++++++++
20 net-misc/openvpn/openvpn-2.2.2.ebuild | 171 ++++++++++++++++++++
21 10 files changed, 549 insertions(+), 0 deletions(-)
22
23 diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest
24 new file mode 100644
25 index 0000000..1833126
26 --- /dev/null
27 +++ b/net-misc/openvpn/Manifest
28 @@ -0,0 +1,2 @@
29 +DIST openvpn-2.2.0-ipv6-20110522-1.patch.gz 36029 RMD160 a476ba5581f0920dd5f42b2b22beeccb7ef2cbe8 SHA1 04dbcd44d825949e895d714a97e4e57617037536 SHA256 e3b415b1dd61f7fb823231c32b40516a93efc99c2b6b52e3b9fce03d4ae45053
30 +DIST openvpn-2.2.2.tar.gz 911158 RMD160 60990f183bdd46933724b3bf39ba5861ed0258a6 SHA1 992373cdf12e1b50655b13765a6d36a87cfd3ca3 SHA256 54ca8b260e2ea3b26e84c2282ccb5f8cb149edcfd424b686d5fb22b8dbbeac00
31
32 diff --git a/net-misc/openvpn/files/65openvpn b/net-misc/openvpn/files/65openvpn
33 new file mode 100644
34 index 0000000..4ddb034
35 --- /dev/null
36 +++ b/net-misc/openvpn/files/65openvpn
37 @@ -0,0 +1 @@
38 +CONFIG_PROTECT="/usr/share/openvpn/easy-rsa"
39
40 diff --git a/net-misc/openvpn/files/down.sh b/net-misc/openvpn/files/down.sh
41 new file mode 100755
42 index 0000000..1c70db0
43 --- /dev/null
44 +++ b/net-misc/openvpn/files/down.sh
45 @@ -0,0 +1,33 @@
46 +#!/bin/sh
47 +# Copyright (c) 2006-2007 Gentoo Foundation
48 +# Distributed under the terms of the GNU General Public License v2
49 +# Contributed by Roy Marples (uberlord@g.o)
50 +
51 +# If we have a service specific script, run this now
52 +if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
53 + /etc/openvpn/"${SVCNAME}"-down.sh "$@"
54 +fi
55 +
56 +# Restore resolv.conf to how it was
57 +if [ "${PEER_DNS}" != "no" ]; then
58 + if [ -x /sbin/resolvconf ] ; then
59 + /sbin/resolvconf -d "${dev}"
60 + elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
61 + # Important that we copy instead of move incase resolv.conf is
62 + # a symlink and not an actual file
63 + cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
64 + rm -f /etc/resolv.conf-"${dev}".sv
65 + fi
66 +fi
67 +
68 +if [ -n "${SVCNAME}" ]; then
69 + # Re-enter the init script to start any dependant services
70 + if /etc/init.d/"${SVCNAME}" --quiet status ; then
71 + export IN_BACKGROUND=true
72 + /etc/init.d/"${SVCNAME}" --quiet stop
73 + fi
74 +fi
75 +
76 +exit 0
77 +
78 +# vim: ts=4 :
79
80 diff --git a/net-misc/openvpn/files/openvpn-2.1.conf b/net-misc/openvpn/files/openvpn-2.1.conf
81 new file mode 100644
82 index 0000000..72510c3
83 --- /dev/null
84 +++ b/net-misc/openvpn/files/openvpn-2.1.conf
85 @@ -0,0 +1,18 @@
86 +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
87 +# resolvconf) if given DNS information by the OpenVPN server.
88 +# Set PEER_DNS="no" to stop this.
89 +PEER_DNS="yes"
90 +
91 +# OpenVPN can run in many modes. Most people will want the init script
92 +# to automatically detect the mode and try and apply a good default
93 +# configuration and setup scripts. However, there are cases where the
94 +# OpenVPN configuration looks like a client, but it's really a peer or
95 +# something else. DETECT_CLIENT controls this behaviour.
96 +DETECT_CLIENT="yes"
97 +
98 +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
99 +# init script (ie, it first becomes "inactive" and the script then starts the
100 +# script again to make it "started") then you can state this below.
101 +# In other words, unless you understand service dependencies and are a
102 +# competent shell scripter, don't set this.
103 +RE_ENTER="no"
104
105 diff --git a/net-misc/openvpn/files/openvpn-2.1.init b/net-misc/openvpn/files/openvpn-2.1.init
106 new file mode 100755
107 index 0000000..d65e6f8
108 --- /dev/null
109 +++ b/net-misc/openvpn/files/openvpn-2.1.init
110 @@ -0,0 +1,133 @@
111 +#!/sbin/runscript
112 +# Copyright 1999-2007 Gentoo Foundation
113 +# Distributed under the terms of the GNU General Public License v2
114 +
115 +VPNDIR=${VPNDIR:-/etc/openvpn}
116 +VPN=${SVCNAME#*.}
117 +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
118 + VPNPID="/var/run/openvpn.${VPN}.pid"
119 +else
120 + VPNPID="/var/run/openvpn.pid"
121 +fi
122 +VPNCONF="${VPNDIR}/${VPN}.conf"
123 +
124 +depend() {
125 + need localmount net
126 + use dns
127 + after bootmisc
128 +}
129 +
130 +checkconfig() {
131 + # Linux has good dynamic tun/tap creation
132 + if [ $(uname -s) = "Linux" ] ; then
133 + if [ ! -e /dev/net/tun ]; then
134 + if ! modprobe tun ; then
135 + eerror "TUN/TAP support is not available" \
136 + "in this kernel"
137 + return 1
138 + fi
139 + fi
140 + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
141 + ebegin "Detected broken /dev/net/tun symlink, fixing..."
142 + rm -f /dev/net/tun
143 + ln -s /dev/misc/net/tun /dev/net/tun
144 + eend $?
145 + fi
146 + return 0
147 + fi
148 +
149 + # Other OS's don't, so we rely on a pre-configured interface
150 + # per vpn instance
151 + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
152 + if [ -z ${ifname} ] ; then
153 + eerror "You need to specify the interface that this openvpn" \
154 + "instance should use" \
155 + "by using the dev option in ${VPNCONF}"
156 + return 1
157 + fi
158 +
159 + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
160 + # Try and create it
161 + echo > /dev/"${ifname}" >/dev/null
162 + fi
163 + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
164 + eerror "${VPNCONF} requires interface ${ifname}" \
165 + "but that does not exist"
166 + return 1
167 + fi
168 +}
169 +
170 +start() {
171 + # If we are re-called by the openvpn gentoo-up.sh script
172 + # then we don't actually want to start openvpn
173 + [ "${IN_BACKGROUND}" = "true" ] && return 0
174 +
175 + ebegin "Starting ${SVCNAME}"
176 +
177 + checkconfig || return 1
178 +
179 + local args="" reenter=${RE_ENTER:-no}
180 + # If the config file does not specify the cd option, we do
181 + # But if we specify it, we override the config option which we do not want
182 + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
183 + args="${args} --cd ${VPNDIR}"
184 + fi
185 +
186 + # We mark the service as inactive and then start it.
187 + # When we get an authenticated packet from the peer then we run our script
188 + # which configures our DNS if any and marks us as up.
189 + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
190 + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then
191 + reenter="yes"
192 + args="${args} --up-delay --up-restart"
193 + args="${args} --script-security 2"
194 + args="${args} --up /etc/openvpn/up.sh"
195 + args="${args} --down-pre --down /etc/openvpn/down.sh"
196 +
197 + # Warn about setting scripts as we override them
198 + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then
199 + ewarn "WARNING: You have defined your own up/down scripts"
200 + ewarn "As you're running as a client, we now force Gentoo specific"
201 + ewarn "scripts to be run for up and down events."
202 + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
203 + ewarn "where you can put your own code."
204 + fi
205 +
206 + # Warn about the inability to change ip/route/dns information when
207 + # dropping privs
208 + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then
209 + ewarn "WARNING: You are dropping root privileges!"
210 + ewarn "As such openvpn may not be able to change ip, routing"
211 + ewarn "or DNS configuration."
212 + fi
213 + else
214 + # So we're a server. Run as openvpn unless otherwise specified
215 + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn"
216 + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn"
217 + fi
218 +
219 + # Ensure that our scripts get the PEER_DNS variable
220 + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
221 +
222 + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
223 + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
224 + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
225 + --setenv SVCNAME "${SVCNAME}" ${args}
226 + eend $? "Check your logs to see why startup failed"
227 +}
228 +
229 +stop() {
230 + # If we are re-called by the openvpn gentoo-down.sh script
231 + # then we don't actually want to stop openvpn
232 + if [ "${IN_BACKGROUND}" = "true" ] ; then
233 + mark_service_inactive "${SVCNAME}"
234 + return 0
235 + fi
236 +
237 + ebegin "Stopping ${SVCNAME}"
238 + start-stop-daemon --stop --quiet \
239 + --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
240 + eend $?
241 +}
242 +
243 +# vim: set ts=4 :
244
245 diff --git a/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch b/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch
246 new file mode 100644
247 index 0000000..6592cf1
248 --- /dev/null
249 +++ b/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch
250 @@ -0,0 +1,10 @@
251 +--- socket.c~ 2008-11-02 01:39:00.406009999 +0100
252 ++++ socket.c 2008-11-02 01:39:00.406009999 +0100
253 +@@ -22,6 +22,7 @@
254 + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
255 + */
256 +
257 ++#define _GNU_SOURCE
258 + #include "syshead.h"
259 +
260 + #include "socket.h"
261
262 diff --git a/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch b/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch
263 new file mode 100644
264 index 0000000..c7115cc
265 --- /dev/null
266 +++ b/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch
267 @@ -0,0 +1,36 @@
268 +diff --git a/easy-rsa/2.0/openssl-0.9.8.cnf b/easy-rsa/2.0/openssl-0.9.8.cnf
269 +index 340b8af..89602a2 100755
270 +--- a/easy-rsa/2.0/openssl-0.9.8.cnf
271 ++++ b/easy-rsa/2.0/openssl-0.9.8.cnf
272 +@@ -283,8 +283,8 @@ authorityKeyIdentifier=keyid:always,issuer:always
273 + #pkcs11 = pkcs11_section
274 +
275 + [ pkcs11_section ]
276 +-engine_id = pkcs11
277 +-dynamic_path = /usr/lib/engines/engine_pkcs11.so
278 +-MODULE_PATH = $ENV::PKCS11_MODULE_PATH
279 +-PIN = $ENV::PKCS11_PIN
280 +-init = 0
281 ++#engine_id = pkcs11
282 ++#dynamic_path = /usr/lib/engines/engine_pkcs11.so
283 ++#MODULE_PATH = $ENV::PKCS11_MODULE_PATH
284 ++#PIN = $ENV::PKCS11_PIN
285 ++#init = 0
286 +diff --git a/easy-rsa/2.0/openssl-1.0.0.cnf b/easy-rsa/2.0/openssl-1.0.0.cnf
287 +index fa258a5..527919d 100755
288 +--- a/easy-rsa/2.0/openssl-1.0.0.cnf
289 ++++ b/easy-rsa/2.0/openssl-1.0.0.cnf
290 +@@ -278,8 +278,8 @@ authorityKeyIdentifier=keyid:always,issuer:always
291 + #pkcs11 = pkcs11_section
292 +
293 + [ pkcs11_section ]
294 +-engine_id = pkcs11
295 +-dynamic_path = /usr/lib/engines/engine_pkcs11.so
296 +-MODULE_PATH = $ENV::PKCS11_MODULE_PATH
297 +-PIN = $ENV::PKCS11_PIN
298 +-init = 0
299 ++#engine_id = pkcs11
300 ++#dynamic_path = /usr/lib/engines/engine_pkcs11.so
301 ++#MODULE_PATH = $ENV::PKCS11_MODULE_PATH
302 ++#PIN = $ENV::PKCS11_PIN
303 ++#init = 0
304
305 diff --git a/net-misc/openvpn/files/openvpn.init b/net-misc/openvpn/files/openvpn.init
306 new file mode 100644
307 index 0000000..489ab49
308 --- /dev/null
309 +++ b/net-misc/openvpn/files/openvpn.init
310 @@ -0,0 +1,63 @@
311 +#!/sbin/runscript
312 +# Copyright 1999-2007 Gentoo Foundation
313 +# Distributed under the terms of the GNU General Public License v2
314 +
315 +VPNDIR="/etc/openvpn"
316 +VPN="${SVCNAME#*.}"
317 +if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
318 + VPNPID="/var/run/openvpn.${VPN}.pid"
319 +else
320 + VPNPID="/var/run/openvpn.pid"
321 +fi
322 +VPNCONF="${VPNDIR}/${VPN}.conf"
323 +
324 +depend() {
325 + need localmount net
326 + before netmount
327 + after bootmisc
328 +}
329 +
330 +checktundevice() {
331 + if [ ! -e /dev/net/tun ]; then
332 + if ! modprobe tun ; then
333 + eerror "TUN/TAP support is not available in this kernel"
334 + return 1
335 + fi
336 + fi
337 + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
338 + ebegin "Detected broken /dev/net/tun symlink, fixing..."
339 + rm -f /dev/net/tun
340 + ln -s /dev/misc/net/tun /dev/net/tun
341 + eend $?
342 + fi
343 +}
344 +
345 +start() {
346 + ebegin "Starting ${SVCNAME}"
347 +
348 + checktundevice || return 1
349 +
350 + if [ ! -e "${VPNCONF}" ]; then
351 + eend 1 "${VPNCONF} does not exist"
352 + return 1
353 + fi
354 +
355 + local args=""
356 + # If the config file does not specify the cd option, we do
357 + # But if we specify it, we override the config option which we do not want
358 + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
359 + args="${args} --cd ${VPNDIR}"
360 + fi
361 +
362 + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
363 + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args}
364 + eend $? "Check your logs to see why startup failed"
365 +}
366 +
367 +stop() {
368 + ebegin "Stopping ${SVCNAME}"
369 + start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
370 + eend $?
371 +}
372 +
373 +# vim: ts=4
374
375 diff --git a/net-misc/openvpn/files/up.sh b/net-misc/openvpn/files/up.sh
376 new file mode 100755
377 index 0000000..4a88687
378 --- /dev/null
379 +++ b/net-misc/openvpn/files/up.sh
380 @@ -0,0 +1,82 @@
381 +#!/bin/sh
382 +# Copyright (c) 2006-2007 Gentoo Foundation
383 +# Distributed under the terms of the GNU General Public License v2
384 +# Contributed by Roy Marples (uberlord@g.o)
385 +
386 +# Setup our resolv.conf
387 +# Vitally important that we use the domain entry in resolv.conf so we
388 +# can setup the nameservers are for the domain ONLY in resolvconf if
389 +# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
390 +# nscd/libc users will get the VPN nameservers before their other ones
391 +# and will use the first one that responds - maybe the LAN ones?
392 +# non resolvconf users just the the VPN resolv.conf
393 +
394 +# FIXME:- if we have >1 domain, then we have to use search :/
395 +# We need to add a flag to resolvconf to say
396 +# "these nameservers should only be used for the listed search domains
397 +# if other global nameservers are present on other interfaces"
398 +# This however, will break compatibility with Debians resolvconf
399 +# A possible workaround would be to just list multiple domain lines
400 +# and try and let resolvconf handle it
401 +
402 +if [ "${PEER_DNS}" != "no" ]; then
403 + NS=
404 + DOMAIN=
405 + SEARCH=
406 + i=1
407 + while true ; do
408 + eval opt=\$foreign_option_${i}
409 + [ -z "${opt}" ] && break
410 + if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
411 + if [ -z "${DOMAIN}" ] ; then
412 + DOMAIN="${opt#dhcp-option DOMAIN *}"
413 + else
414 + SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
415 + fi
416 + elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
417 + NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
418 + fi
419 + i=$((${i} + 1))
420 + done
421 +
422 + if [ -n "${NS}" ] ; then
423 + DNS="# Generated by openvpn for interface ${dev}\n"
424 + if [ -n "${SEARCH}" ] ; then
425 + DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
426 + elif [ -n "${DOMAIN}" ]; then
427 + DNS="${DNS}domain ${DOMAIN}\n"
428 + fi
429 + DNS="${DNS}${NS}"
430 + if [ -x /sbin/resolvconf ] ; then
431 + printf "${DNS}" | /sbin/resolvconf -a "${dev}"
432 + else
433 + # Preserve the existing resolv.conf
434 + if [ -e /etc/resolv.conf ] ; then
435 + cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
436 + fi
437 + printf "${DNS}" > /etc/resolv.conf
438 + chmod 644 /etc/resolv.conf
439 + fi
440 + fi
441 +fi
442 +
443 +# Below section is Gentoo specific
444 +# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
445 +# as we could have >1 openvpn service
446 +
447 +if [ -n "${SVCNAME}" ]; then
448 + # If we have a service specific script, run this now
449 + if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
450 + /etc/openvpn/"${SVCNAME}"-up.sh "$@"
451 + fi
452 +
453 + # Re-enter the init script to start any dependant services
454 + if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
455 + export IN_BACKGROUND=true
456 + /etc/init.d/${SVCNAME} --quiet start
457 + fi
458 +fi
459 +
460 +exit 0
461 +
462 +# vim: ts=4 :
463
464 diff --git a/net-misc/openvpn/openvpn-2.2.2.ebuild b/net-misc/openvpn/openvpn-2.2.2.ebuild
465 new file mode 100644
466 index 0000000..af4c8b9
467 --- /dev/null
468 +++ b/net-misc/openvpn/openvpn-2.2.2.ebuild
469 @@ -0,0 +1,171 @@
470 +# Copyright 1999-2011 Gentoo Foundation
471 +# Distributed under the terms of the GNU General Public License v2
472 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-2.2.0-r1.ebuild,v 1.3 2011/07/29 08:45:05 zmedico Exp $
473 +
474 +EAPI=4
475 +
476 +inherit eutils multilib toolchain-funcs autotools flag-o-matic
477 +
478 +IPV6_VERSION="2.2.0-ipv6-20110522-1"
479 +DESCRIPTION="OpenVPN is a robust and highly flexible tunneling application compatible with many OSes."
480 +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz
481 + ipv6? (
482 + http://www.greenie.net/ipv6/openvpn-${IPV6_VERSION}.patch.gz
483 + )"
484 +HOMEPAGE="http://openvpn.net/"
485 +
486 +LICENSE="GPL-2"
487 +SLOT="0"
488 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-linux"
489 +# ipv6 patch seems broken, ipv6 is planned for the 2.3 release
490 +#IUSE="examples iproute2 ipv6 minimal pam passwordsave selinux ssl static pkcs11 userland_BSD"
491 +IUSE="examples iproute2 minimal pam passwordsave selinux ssl static pkcs11 userland_BSD"
492 +
493 +DEPEND=">=dev-libs/lzo-1.07
494 + kernel_linux? (
495 + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools )
496 + )
497 + !minimal? ( pam? ( virtual/pam ) )
498 + selinux? ( sec-policy/selinux-openvpn )
499 + ssl? ( >=dev-libs/openssl-0.9.6 )
500 + pkcs11? ( >=dev-libs/pkcs11-helper-1.05 )"
501 +RDEPEND="${DEPEND}"
502 +
503 +src_prepare() {
504 + epatch "${FILESDIR}/${PN}-2.2.2-pkcs11.patch"
505 + use ipv6 && epatch "${WORKDIR}/${PN}-${IPV6_VERSION}.patch"
506 + sed -i \
507 + -e "s/gcc \${CC_FLAGS}/\${CC} \${CFLAGS} -Wall/" \
508 + -e "s/-shared/-shared \${LDFLAGS}/" \
509 + plugin/*/Makefile || die "sed failed"
510 + if use ipv6; then
511 + eautoreconf
512 + fi
513 +}
514 +
515 +src_configure() {
516 + # basic.h defines a type 'bool' that conflicts with the altivec
517 + # keyword bool which has to be fixed upstream, see bugs #293840
518 + # and #297854.
519 + # For now, filter out -maltivec on ppc and append -mno-altivec, as
520 + # -maltivec is enabled implicitly by -mcpu and similar flags.
521 + (use ppc || use ppc64) && filter-flags -maltivec && append-flags -mno-altivec
522 +
523 + local myconf=""
524 +
525 + if use minimal ; then
526 + myconf="${myconf} --disable-plugins"
527 + myconf="${myconf} --disable-pkcs11"
528 + else
529 + myconf="$(use_enable pkcs11)"
530 + fi
531 +
532 + econf ${myconf} \
533 + $(use_enable passwordsave password-save) \
534 + $(use_enable ssl) \
535 + $(use_enable ssl crypto) \
536 + $(use_enable iproute2) \
537 + --docdir="${EPREFIX}/usr/share/doc/${PF}"
538 +}
539 +
540 +src_compile() {
541 +
542 + if use static ; then
543 + sed -i -e '/^LIBS/s/LIBS = /LIBS = -static /' Makefile || die "sed failed"
544 + fi
545 +
546 + emake || die "make failed"
547 +
548 + if ! use minimal ; then
549 + cd plugin
550 + for i in *; do
551 + [[ ${i} == "README" || ${i} == "examples" || ${i} == "defer" ]] && continue
552 + [[ ${i} == "auth-pam" ]] && ! use pam && continue
553 + einfo "Building ${i} plugin"
554 + emake -C "${i}" CC=$(tc-getCC) || die "make failed"
555 + done
556 + cd ..
557 + fi
558 +}
559 +
560 +src_install() {
561 + emake DESTDIR="${D}" install || die "make install failed"
562 +
563 + # install documentation
564 + dodoc AUTHORS ChangeLog PORTS README
565 +
566 + # Install some helper scripts
567 + keepdir /etc/openvpn
568 + exeinto /etc/openvpn
569 + doexe "${FILESDIR}/up.sh" || die "doexe failed"
570 + doexe "${FILESDIR}/down.sh" || die "doexe failed"
571 +
572 + # Install the init script and config file
573 + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn || die "newinitd failed"
574 + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn || die "newconfd failed"
575 +
576 + # install examples, controlled by the respective useflag
577 + if use examples ; then
578 + # dodoc does not supportly support directory traversal, #15193
579 + insinto /usr/share/doc/${PF}/examples
580 + doins -r sample-{config-files,keys,scripts} contrib
581 + fi
582 +
583 + # Install plugins and easy-rsa
584 + doenvd "${FILESDIR}/65openvpn" # config-protect easy-rsa
585 + if ! use minimal ; then
586 + cd easy-rsa/2.0
587 + make install "DESTDIR=${D}" "PREFIX=${EPREFIX}/usr/share/${PN}/easy-rsa"
588 + cd ../..
589 +
590 + exeinto "/usr/$(get_libdir)/${PN}"
591 + doexe plugin/*/*.so
592 + fi
593 +}
594 +
595 +pkg_postinst() {
596 + # Add openvpn user so openvpn servers can drop privs
597 + # Clients should run as root so they can change ip addresses,
598 + # dns information and other such things.
599 + enewgroup openvpn
600 + enewuser openvpn "" "" "" openvpn
601 +
602 + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then
603 + ewarn "WARNING: The openvpn init script has changed"
604 + ewarn ""
605 + fi
606 +
607 + elog "The openvpn init script expects to find the configuration file"
608 + elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
609 + elog ""
610 + elog "To create more VPNs, simply create a new .conf file for it and"
611 + elog "then create a symlink to the openvpn init script from a link called"
612 + elog "openvpn.newconfname - like so"
613 + elog " cd /etc/openvpn"
614 + elog " ${EDITOR##*/} foo.conf"
615 + elog " cd /etc/init.d"
616 + elog " ln -s openvpn openvpn.foo"
617 + elog ""
618 + elog "You can then treat openvpn.foo as any other service, so you can"
619 + elog "stop one vpn and start another if you need to."
620 +
621 + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
622 + ewarn ""
623 + ewarn "WARNING: If you use the remote keyword then you are deemed to be"
624 + ewarn "a client by our init script and as such we force up,down scripts."
625 + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
626 + ewarn "can move your scripts to."
627 + fi
628 +
629 + if ! use minimal ; then
630 + einfo ""
631 + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
632 + fi
633 +
634 +# if use ipv6 ; then
635 +# einfo ""
636 +# einfo "This build contains a community-maintained IPv6 patch."
637 +# einfo "For more information please visit:"
638 +# einfo "http://www.greenie.net/ipv6/openvpn.html"
639 +# fi
640 +}
Report Message
Find on MARC Find on Google Groups