1 |
commit: fa5237ceb181378b6fae03e2441ea7fa943b4af5 |
2 |
Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu May 26 06:01:22 2022 +0000 |
4 |
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 26 06:01:22 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa5237ce |
7 |
|
8 |
net-vpn/libreswan: add 4.7 |
9 |
|
10 |
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> |
11 |
|
12 |
net-vpn/libreswan/Manifest | 1 + |
13 |
net-vpn/libreswan/libreswan-4.7.ebuild | 126 +++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 127 insertions(+) |
15 |
|
16 |
diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest |
17 |
index b7a2cc17fadf..3328923822ab 100644 |
18 |
--- a/net-vpn/libreswan/Manifest |
19 |
+++ b/net-vpn/libreswan/Manifest |
20 |
@@ -1 +1,2 @@ |
21 |
DIST libreswan-4.6.tar.gz 3579760 BLAKE2B 56099e753d9da882ea9e4b7966706f39bac36cd88adcba5fa1c3201cbe0a2ba7a02042cb9eeb8fd52a7b1ba0f3128b854114abc748fe9bf6d9059937a72eb0e4 SHA512 c1c3efd7665dee6caaf08cb5aa50fcd37c299acad4b62648284fdb04edd50ba8fc8d33a9fb210edaf2312697f8cd251f33a6b16587eb2cfefd1269b4482dd499 |
22 |
+DIST libreswan-4.7.tar.gz 3684167 BLAKE2B bf55be53d1034ab7706b183a7c5c3556f361ffd9453df41b03c0b03ff256ed81541365af7c7fdb2dd3d8740fe594b34b4df5301a704138b43290c601183b45aa SHA512 aea958be5512e08ea809145021695edd4e7df4487a0f3ba94c4d0165113647195c1c1599cd5fbbbfae8f6a2bebf39d7514a694f86297c29c543b1a63646ca44e |
23 |
|
24 |
diff --git a/net-vpn/libreswan/libreswan-4.7.ebuild b/net-vpn/libreswan/libreswan-4.7.ebuild |
25 |
new file mode 100644 |
26 |
index 000000000000..66ad39f4df47 |
27 |
--- /dev/null |
28 |
+++ b/net-vpn/libreswan/libreswan-4.7.ebuild |
29 |
@@ -0,0 +1,126 @@ |
30 |
+# Copyright 1999-2022 Gentoo Authors |
31 |
+# Distributed under the terms of the GNU General Public License v2 |
32 |
+ |
33 |
+EAPI=8 |
34 |
+ |
35 |
+inherit systemd flag-o-matic toolchain-funcs tmpfiles |
36 |
+ |
37 |
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan" |
38 |
+HOMEPAGE="https://libreswan.org/" |
39 |
+SRC_URI="https://download.libreswan.org/${P}.tar.gz" |
40 |
+ |
41 |
+LICENSE="GPL-2 BSD-4 RSA DES" |
42 |
+SLOT="0" |
43 |
+KEYWORDS="~amd64 ~arm ~ppc ~x86" |
44 |
+IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" |
45 |
+RESTRICT="!test? ( test )" |
46 |
+ |
47 |
+DEPEND=" |
48 |
+ dev-libs/gmp:0= |
49 |
+ dev-libs/libevent:0= |
50 |
+ dev-libs/nspr |
51 |
+ >=dev-libs/nss-3.42 |
52 |
+ >=sys-kernel/linux-headers-4.19 |
53 |
+ virtual/libcrypt:= |
54 |
+ caps? ( sys-libs/libcap-ng ) |
55 |
+ curl? ( net-misc/curl ) |
56 |
+ dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= ) |
57 |
+ ldap? ( net-nds/openldap:= ) |
58 |
+ pam? ( sys-libs/pam ) |
59 |
+ seccomp? ( sys-libs/libseccomp ) |
60 |
+ selinux? ( sys-libs/libselinux ) |
61 |
+ systemd? ( sys-apps/systemd:0= ) |
62 |
+" |
63 |
+BDEPEND=" |
64 |
+ app-text/docbook-xml-dtd:4.1.2 |
65 |
+ app-text/xmlto |
66 |
+ dev-libs/nss |
67 |
+ sys-devel/bison |
68 |
+ sys-devel/flex |
69 |
+ virtual/pkgconfig |
70 |
+ test? ( dev-python/setproctitle ) |
71 |
+" |
72 |
+RDEPEND="${DEPEND} |
73 |
+ dev-libs/nss[utils(+)] |
74 |
+ sys-apps/iproute2 |
75 |
+ !net-vpn/strongswan |
76 |
+ selinux? ( sec-policy/selinux-ipsec ) |
77 |
+" |
78 |
+DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" |
79 |
+ |
80 |
+usetf() { |
81 |
+ usex "$1" true false |
82 |
+} |
83 |
+ |
84 |
+PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" ) |
85 |
+ |
86 |
+src_prepare() { |
87 |
+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die |
88 |
+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die |
89 |
+ default |
90 |
+} |
91 |
+ |
92 |
+src_configure() { |
93 |
+ tc-export AR CC |
94 |
+ |
95 |
+ use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS |
96 |
+ |
97 |
+ export PREFIX=/usr |
98 |
+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} |
99 |
+ export FINALDOCDIR=/usr/share/doc/${PF}/html |
100 |
+ export INITSYSTEM=$(usex systemd systemd openrc) |
101 |
+ export INITDDIRS= |
102 |
+ export INITDDIR_DEFAULT=/etc/init.d |
103 |
+ export USERCOMPILE=${CFLAGS} |
104 |
+ export USERLINK=${LDFLAGS} |
105 |
+ export USE_DNSSEC=$(usetf dnssec) |
106 |
+ export USE_LABELED_IPSEC=$(usetf selinux) |
107 |
+ export USE_LIBCAP_NG=$(usetf caps) |
108 |
+ export USE_LIBCURL=$(usetf curl) |
109 |
+ export USE_LINUX_AUDIT=$(usetf selinux) |
110 |
+ export USE_LDAP=$(usetf ldap) |
111 |
+ export USE_NM=$(usetf networkmanager) |
112 |
+ export USE_SECCOMP=$(usetf seccomp) |
113 |
+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd) |
114 |
+ export SD_WATCHDOGSEC=$(usex systemd 200 0) |
115 |
+ export USE_AUTHPAM=$(usetf pam) |
116 |
+ export DEBUG_CFLAGS= |
117 |
+ export OPTIMIZE_CFLAGS= |
118 |
+ export WERROR_CFLAGS= |
119 |
+} |
120 |
+ |
121 |
+src_compile() { |
122 |
+ emake all |
123 |
+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all |
124 |
+} |
125 |
+ |
126 |
+src_test() { |
127 |
+ : # integration tests only that require set of kvms to be set up |
128 |
+} |
129 |
+ |
130 |
+src_install() { |
131 |
+ default |
132 |
+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install |
133 |
+ |
134 |
+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets |
135 |
+ fperms 0600 /etc/ipsec.secrets |
136 |
+ |
137 |
+ keepdir /var/lib/ipsec/nss |
138 |
+ fperms 0700 /var/lib/ipsec/nss |
139 |
+ |
140 |
+ dodoc -r docs |
141 |
+ |
142 |
+ find "${D}" -type d -empty -delete || die |
143 |
+} |
144 |
+ |
145 |
+pkg_postinst() { |
146 |
+ tmpfiles_process libreswan.conf |
147 |
+ |
148 |
+ local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss |
149 |
+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then |
150 |
+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" |
151 |
+ certutil -N -d "${IPSEC_CONFDIR}" --empty-password |
152 |
+ eend $? |
153 |
+ einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" |
154 |
+ fi |
155 |
+} |