1 |
blueness 14/01/30 22:53:45 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: ipsec-tools-0.8.1-r1.ebuild |
5 |
Log: |
6 |
Add SETKEY_OPTS when init racoon, bug #497440 |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA) |
9 |
|
10 |
Revision Changes Path |
11 |
1.115 net-firewall/ipsec-tools/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?rev=1.115&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?rev=1.115&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?r1=1.114&r2=1.115 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v |
20 |
retrieving revision 1.114 |
21 |
retrieving revision 1.115 |
22 |
diff -u -r1.114 -r1.115 |
23 |
--- ChangeLog 5 Jan 2014 00:58:20 -0000 1.114 |
24 |
+++ ChangeLog 30 Jan 2014 22:53:45 -0000 1.115 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for net-firewall/ipsec-tools |
27 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.114 2014/01/05 00:58:20 floppym Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.115 2014/01/30 22:53:45 blueness Exp $ |
30 |
+ |
31 |
+*ipsec-tools-0.8.1-r1 (30 Jan 2014) |
32 |
+ |
33 |
+ 30 Jan 2014; Anthony G. Basile <blueness@g.o> +files/racoon.conf.d-r2, |
34 |
+ +files/racoon.init.d-r3, +ipsec-tools-0.8.1-r1.ebuild: |
35 |
+ Add SETKEY_OPTS when init racoon, bug #497440 |
36 |
|
37 |
05 Jan 2014; Mike Gilbert <floppym@g.o> ipsec-tools-0.8.0-r5.ebuild, |
38 |
ipsec-tools-0.8.1.ebuild: |
39 |
|
40 |
|
41 |
|
42 |
1.1 net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: ipsec-tools-0.8.1-r1.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2014 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild,v 1.1 2014/01/30 22:53:45 blueness Exp $ |
52 |
|
53 |
EAPI="5" |
54 |
|
55 |
inherit eutils flag-o-matic autotools linux-info pam |
56 |
|
57 |
DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" |
58 |
HOMEPAGE="http://ipsec-tools.sourceforge.net/" |
59 |
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" |
60 |
|
61 |
LICENSE="BSD GPL-2" |
62 |
SLOT="0" |
63 |
KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86" |
64 |
IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" |
65 |
|
66 |
RDEPEND=" |
67 |
dev-libs/openssl |
68 |
kerberos? ( virtual/krb5 ) |
69 |
ldap? ( net-nds/openldap ) |
70 |
pam? ( sys-libs/pam ) |
71 |
readline? ( sys-libs/readline ) |
72 |
selinux? ( |
73 |
sys-libs/libselinux |
74 |
sec-policy/selinux-ipsec |
75 |
)" |
76 |
|
77 |
DEPEND="${RDEPEND} |
78 |
>=sys-kernel/linux-headers-2.6.30" |
79 |
|
80 |
pkg_preinst() { |
81 |
if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then |
82 |
ewarn |
83 |
ewarn "\033[1;33m**************************************************\033[00m" |
84 |
ewarn |
85 |
if ! has_version "net-misc/strongswan" && |
86 |
! has_version "net-misc/openswan" && |
87 |
! has_version "net-misc/libreswan"; then |
88 |
ewarn "We found an earlier version of ${PN} installed." |
89 |
ewarn "As of ${PN}-0.8.0-r5, the old configuration file," |
90 |
ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" |
91 |
ewarn "a conflict with net-misc/strongswan; bug #436144. We will" |
92 |
ewarn "rename this file for you with this upgrade. However, if" |
93 |
ewarn "you later downgrade, you'll have to rename the file to" |
94 |
ewarn "its orignal manually or change /etc/conf.d/racoon to point" |
95 |
ewarn "to the new file." |
96 |
|
97 |
if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then |
98 |
mv /etc/ipsec.conf /etc/ipsec-tools.conf |
99 |
else |
100 |
ewarn |
101 |
ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" |
102 |
ewarn "Either the former doesn't exist or the later does and" |
103 |
ewarn "I won't clobber it. Please fix this situation manually." |
104 |
fi |
105 |
else |
106 |
ewarn "You had both an earlier version of ${PN} and" |
107 |
ewarn "net-misc/strongswan installed. I can't tell whether" |
108 |
ewarn "the configuration file, ipsec.conf, belongs to one" |
109 |
ewarn "package or the other due to a file conflict; bug #436144." |
110 |
ewarn "The current version of ${PN} uses ipsec-tools.conf" |
111 |
ewarn "as its configuration file, as will future versions." |
112 |
ewarn "Please fix this situation manually." |
113 |
fi |
114 |
ewarn |
115 |
ewarn "\033[1;33m**************************************************\033[00m" |
116 |
ewarn |
117 |
fi |
118 |
} |
119 |
|
120 |
pkg_setup() { |
121 |
linux-info_pkg_setup |
122 |
|
123 |
get_version |
124 |
|
125 |
if linux_config_exists && kernel_is -ge 2 6 19; then |
126 |
ewarn |
127 |
ewarn "\033[1;33m**************************************************\033[00m" |
128 |
ewarn |
129 |
ewarn "Checking kernel configuration in /usr/src/linux or" |
130 |
ewarn "or /proc/config.gz for compatibility with ${PN}." |
131 |
ewarn "Here are the potential problems:" |
132 |
ewarn |
133 |
|
134 |
local nothing="1" |
135 |
|
136 |
# Check options for all flavors of IPSec |
137 |
local msg="" |
138 |
for i in XFRM_USER NET_KEY; do |
139 |
if ! linux_chkconfig_present ${i}; then |
140 |
msg="${msg} ${i}" |
141 |
fi |
142 |
done |
143 |
if [[ ! -z "$msg" ]]; then |
144 |
nothing="0" |
145 |
ewarn |
146 |
ewarn "ALL IPSec may fail. CHECK:" |
147 |
ewarn "${msg}" |
148 |
fi |
149 |
|
150 |
# Check unencrypted IPSec |
151 |
if ! linux_chkconfig_present CRYPTO_NULL; then |
152 |
nothing="0" |
153 |
ewarn |
154 |
ewarn "Unencrypted IPSec may fail. CHECK:" |
155 |
ewarn " CRYPTO_NULL" |
156 |
fi |
157 |
|
158 |
# Check IPv4 IPSec |
159 |
msg="" |
160 |
for i in \ |
161 |
INET_IPCOMP INET_AH INET_ESP \ |
162 |
INET_XFRM_MODE_TRANSPORT \ |
163 |
INET_XFRM_MODE_TUNNEL \ |
164 |
INET_XFRM_MODE_BEET |
165 |
do |
166 |
if ! linux_chkconfig_present ${i}; then |
167 |
msg="${msg} ${i}" |
168 |
fi |
169 |
done |
170 |
if [[ ! -z "$msg" ]]; then |
171 |
nothing="0" |
172 |
ewarn |
173 |
ewarn "IPv4 IPSec may fail. CHECK:" |
174 |
ewarn "${msg}" |
175 |
fi |
176 |
|
177 |
# Check IPv6 IPSec |
178 |
if use ipv6; then |
179 |
msg="" |
180 |
for i in INET6_IPCOMP INET6_AH INET6_ESP \ |
181 |
INET6_XFRM_MODE_TRANSPORT \ |
182 |
INET6_XFRM_MODE_TUNNEL \ |
183 |
INET6_XFRM_MODE_BEET |
184 |
do |
185 |
if ! linux_chkconfig_present ${i}; then |
186 |
msg="${msg} ${i}" |
187 |
fi |
188 |
done |
189 |
if [[ ! -z "$msg" ]]; then |
190 |
nothing="0" |
191 |
ewarn |
192 |
ewarn "IPv6 IPSec may fail. CHECK:" |
193 |
ewarn "${msg}" |
194 |
fi |
195 |
fi |
196 |
|
197 |
# Check IPSec behind NAT |
198 |
if use nat; then |
199 |
if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then |
200 |
nothing="0" |
201 |
ewarn |
202 |
ewarn "IPSec behind NAT may fail. CHECK:" |
203 |
ewarn " NETFILTER_XT_MATCH_POLICY" |
204 |
fi |
205 |
fi |
206 |
|
207 |
if [[ $nothing == "1" ]]; then |
208 |
ewarn "NO PROBLEMS FOUND" |
209 |
fi |
210 |
|
211 |
ewarn |
212 |
ewarn "WARNING: If your *configured* and *running* kernel" |
213 |
ewarn "differ either now or in the future, then these checks" |
214 |
ewarn "may lead to misleading results." |
215 |
ewarn |
216 |
ewarn "\033[1;33m**************************************************\033[00m" |
217 |
ewarn |
218 |
else |
219 |
eerror |
220 |
eerror "\033[1;31m**************************************************\033[00m" |
221 |
eerror "Make sure that your *running* kernel is/will be >=2.6.19." |
222 |
eerror "Building ${PN} now, assuming that you know what you're doing." |
223 |
eerror "\033[1;31m**************************************************\033[00m" |
224 |
eerror |
225 |
fi |
226 |
} |
227 |
|
228 |
src_prepare() { |
229 |
# fix for bug #124813 |
230 |
sed -i 's:-Werror::g' "${S}"/configure.ac || die |
231 |
# fix for building with gcc-4.6 |
232 |
sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die |
233 |
|
234 |
epatch "${FILESDIR}/${PN}-def-psk.patch" |
235 |
epatch "${FILESDIR}/${PN}-include-vendoridh.patch" |
236 |
epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 |
237 |
|
238 |
AT_M4DIR="${S}" eautoreconf |
239 |
} |
240 |
|
241 |
src_configure() { |
242 |
#--with-{libiconv,libradius} lead to "Broken getaddrinfo()" |
243 |
#--enable-samode-unspec is not supported in linux |
244 |
local myconf |
245 |
myconf="--with-kernel-headers=/usr/include \ |
246 |
--enable-adminport \ |
247 |
--enable-dependency-tracking \ |
248 |
--enable-dpd \ |
249 |
--enable-frag \ |
250 |
--without-libiconv \ |
251 |
--without-libradius \ |
252 |
--disable-samode-unspec \ |
253 |
$(use_enable idea) \ |
254 |
$(use_enable ipv6) \ |
255 |
$(use_enable kerberos gssapi) \ |
256 |
$(use_with ldap libldap) \ |
257 |
$(use_enable nat natt) \ |
258 |
$(use_with pam libpam) \ |
259 |
$(use_enable rc5) \ |
260 |
$(use_with readline) \ |
261 |
$(use_enable selinux security-context) \ |
262 |
$(use_enable stats)" |
263 |
|
264 |
use nat && myconf="${myconf} --enable-natt-versions=yes" |
265 |
|
266 |
# enable mode-cfg and xauth support |
267 |
if use pam; then |
268 |
myconf="${myconf} --enable-hybrid" |
269 |
else |
270 |
myconf="${myconf} $(use_enable hybrid)" |
271 |
fi |
272 |
|
273 |
econf ${myconf} |
274 |
} |
275 |
|
276 |
src_install() { |
277 |
emake DESTDIR="${D}" install |
278 |
keepdir /var/lib/racoon |
279 |
newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon |
280 |
newinitd "${FILESDIR}"/racoon.init.d-r3 racoon |
281 |
use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon |
282 |
|
283 |
insinto /etc |
284 |
doins "${FILESDIR}"/ipsec-tools.conf |
285 |
insinto /etc/racoon |
286 |
doins "${FILESDIR}"/racoon.conf |
287 |
doins "${FILESDIR}"/psk.txt |
288 |
chmod 400 "${D}"/etc/racoon/psk.txt |
289 |
|
290 |
dodoc ChangeLog README NEWS |
291 |
dodoc -r src/racoon/samples |
292 |
dodoc -r src/racoon/doc |
293 |
docinto samples |
294 |
mv ipsec.conf ipsec-tools.conf |
295 |
newdoc src/setkey/sample.cf ipsec-tools.conf |
296 |
} |
297 |
|
298 |
pkg_postinst() { |
299 |
if use nat; then |
300 |
elog |
301 |
elog "You have enabled the nat traversal functionnality." |
302 |
elog "Nat versions wich are enabled by default are 00,02,rfc" |
303 |
elog "you can find those drafts in the CVS repository:" |
304 |
elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools" |
305 |
elog |
306 |
elog "If you feel brave enough and you know what you are" |
307 |
elog "doing, you can consider emerging this ebuild with" |
308 |
elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" |
309 |
elog |
310 |
fi |
311 |
|
312 |
if use ldap; then |
313 |
elog |
314 |
elog "You have enabled ldap support with {$PN}." |
315 |
elog "The man page does NOT contain any information on it yet." |
316 |
elog "Consider using a more recent version or CVS." |
317 |
elog |
318 |
fi |
319 |
|
320 |
elog |
321 |
elog "Please have a look in /usr/share/doc/${P} and visit" |
322 |
elog "http://www.netbsd.org/Documentation/network/ipsec/" |
323 |
elog "to find more information on how to configure this tool." |
324 |
elog |
325 |
} |