Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Bjarke Istrup Pedersen (gurligebis)" <gurligebis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-misc/strongswan: ChangeLog strongswan-5.0.4.ebuild strongswan-5.0.4-r1.ebuild strongswan-5.0.0.ebuild
Date: Sun, 30 Jun 2013 18:04:11
Message-Id: 20130630180407.D09E42171C@flycatcher.gentoo.org
1 gurligebis 13/06/30 18:04:07
2
3 Modified: ChangeLog strongswan-5.0.4.ebuild
4 Added: strongswan-5.0.4-r1.ebuild
5 Removed: strongswan-5.0.0.ebuild
6 Log:
7 Adding support for EAP-TLS, fixing bug #473248.
8 Removing old version.
9
10 (Portage version: 2.2.0_alpha186/cvs/Linux i686, signed Manifest commit with key 15AE484C)
11
12 Revision Changes Path
13 1.119 net-misc/strongswan/ChangeLog
14
15 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.119&view=markup
16 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.119&content-type=text/plain
17 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?r1=1.118&r2=1.119
18
19 Index: ChangeLog
20 ===================================================================
21 RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v
22 retrieving revision 1.118
23 retrieving revision 1.119
24 diff -u -r1.118 -r1.119
25 --- ChangeLog 30 Jun 2013 15:00:22 -0000 1.118
26 +++ ChangeLog 30 Jun 2013 18:04:07 -0000 1.119
27 @@ -1,6 +1,13 @@
28 # ChangeLog for net-misc/strongswan
29 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
30 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.118 2013/06/30 15:00:22 gurligebis Exp $
31 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.119 2013/06/30 18:04:07 gurligebis Exp $
32 +
33 +*strongswan-5.0.4-r1 (30 Jun 2013)
34 +
35 + 30 Jun 2013; <gurligebis@g.o> -strongswan-5.0.0.ebuild,
36 + strongswan-5.0.4.ebuild, +strongswan-5.0.4-r1.ebuild:
37 + Adding support for EAP-TLS, fixing bug #473248.
38 + Removing old version.
39
40 30 Jun 2013; <gurligebis@g.o> strongswan-5.0.4.ebuild:
41 Adding support for networkmanager, fixing bug #472436.
42
43
44
45 1.7 net-misc/strongswan/strongswan-5.0.4.ebuild
46
47 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild?rev=1.7&view=markup
48 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild?rev=1.7&content-type=text/plain
49 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild?r1=1.6&r2=1.7
50
51 Index: strongswan-5.0.4.ebuild
52 ===================================================================
53 RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild,v
54 retrieving revision 1.6
55 retrieving revision 1.7
56 diff -u -r1.6 -r1.7
57 --- strongswan-5.0.4.ebuild 30 Jun 2013 15:00:22 -0000 1.6
58 +++ strongswan-5.0.4.ebuild 30 Jun 2013 18:04:07 -0000 1.7
59 @@ -1,8 +1,8 @@
60 # Copyright 1999-2013 Gentoo Foundation
61 # Distributed under the terms of the GNU General Public License v2
62 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild,v 1.6 2013/06/30 15:00:22 gurligebis Exp $
63 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.4.ebuild,v 1.7 2013/06/30 18:04:07 gurligebis Exp $
64
65 -EAPI=5
66 +EAPI=2
67 inherit eutils linux-info user
68
69 DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
70 @@ -12,7 +12,7 @@
71 LICENSE="GPL-2 RSA DES"
72 SLOT="0"
73 KEYWORDS="amd64 arm ppc ~ppc64 x86"
74 -IUSE="+caps curl debug dhcp eap farp gcrypt ldap mysql networkmanager +non-root +openssl sqlite pam"
75 +IUSE="+caps curl debug dhcp eap farp gcrypt ldap mysql +non-root +openssl sqlite pam"
76
77 COMMON_DEPEND="!net-misc/openswan
78 >=dev-libs/gmp-4.1.5
79 @@ -133,12 +133,11 @@
80 $(use_enable sqlite) \
81 $(use_enable dhcp) \
82 $(use_enable farp) \
83 - $(use_enable networkmanager nm) \
84 ${myconf}
85 }
86
87 src_install() {
88 - emake DESTDIR="${D}" install
89 + emake DESTDIR="${D}" install || die "Install failed"
90
91 doinitd "${FILESDIR}"/ipsec
92
93
94
95
96 1.1 net-misc/strongswan/strongswan-5.0.4-r1.ebuild
97
98 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.4-r1.ebuild?rev=1.1&view=markup
99 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.4-r1.ebuild?rev=1.1&content-type=text/plain
100
101 Index: strongswan-5.0.4-r1.ebuild
102 ===================================================================
103 # Copyright 1999-2013 Gentoo Foundation
104 # Distributed under the terms of the GNU General Public License v2
105 # $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.4-r1.ebuild,v 1.1 2013/06/30 18:04:07 gurligebis Exp $
106
107 EAPI=5
108 inherit eutils linux-info user
109
110 DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
111 HOMEPAGE="http://www.strongswan.org/"
112 SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
113
114 LICENSE="GPL-2 RSA DES"
115 SLOT="0"
116 KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
117 IUSE="+caps curl debug dhcp eap farp gcrypt ldap mysql networkmanager +non-root +openssl sqlite pam"
118
119 COMMON_DEPEND="!net-misc/openswan
120 >=dev-libs/gmp-4.1.5
121 gcrypt? ( dev-libs/libgcrypt )
122 caps? ( sys-libs/libcap )
123 curl? ( net-misc/curl )
124 ldap? ( net-nds/openldap )
125 openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )
126 mysql? ( virtual/mysql )
127 sqlite? ( >=dev-db/sqlite-3.3.1 )
128 pam? ( sys-libs/pam )"
129 DEPEND="${COMMON_DEPEND}
130 virtual/linux-sources
131 sys-kernel/linux-headers"
132 RDEPEND="${COMMON_DEPEND}
133 virtual/logger
134 sys-apps/iproute2"
135
136 UGID="ipsec"
137
138 pkg_setup() {
139 linux-info_pkg_setup
140 elog "Linux kernel version: ${KV_FULL}"
141
142 if ! kernel_is -ge 2 6 16; then
143 eerror
144 eerror "This ebuild currently only supports ${PN} with the"
145 eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
146 eerror
147 fi
148
149 if kernel_is -lt 2 6 34; then
150 ewarn
151 ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
152 ewarn
153
154 if kernel_is -lt 2 6 29; then
155 ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
156 ewarn "include all required IPv6 modules even if you just intend"
157 ewarn "to run on IPv4 only."
158 ewarn
159 ewarn "This has been fixed with kernels >= 2.6.29."
160 ewarn
161 fi
162
163 if kernel_is -lt 2 6 33; then
164 ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
165 ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
166 ewarn "miss SHA384 and SHA512 HMAC support altogether."
167 ewarn
168 ewarn "If you need any of those features, please use kernel >= 2.6.33."
169 ewarn
170 fi
171
172 if kernel_is -lt 2 6 34; then
173 ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
174 ewarn "ESP cipher is only included in kernels >= 2.6.34."
175 ewarn
176 ewarn "If you need it, please use kernel >= 2.6.34."
177 ewarn
178 fi
179 fi
180
181 if use non-root; then
182 enewgroup ${UGID}
183 enewuser ${UGID} -1 -1 -1 ${UGID}
184 fi
185 }
186
187 src_prepare() {
188 epatch_user
189 }
190
191 src_configure() {
192 local myconf=""
193
194 if use non-root; then
195 myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
196 fi
197
198 # If a user has already enabled db support, those plugins will
199 # most likely be desired as well. Besides they don't impose new
200 # dependencies and come at no cost (except for space).
201 if use mysql || use sqlite; then
202 myconf="${myconf} --enable-attr-sql --enable-sql"
203 fi
204
205 # strongSwan builds and installs static libs by default which are
206 # useless to the user (and to strongSwan for that matter) because no
207 # header files or alike get installed... so disabling them is safe.
208 if use pam && use eap; then
209 myconf="${myconf} --enable-eap-gtc"
210 else
211 myconf="${myconf} --disable-eap-gtc"
212 fi
213 econf \
214 --disable-static \
215 --enable-ikev1 \
216 --enable-ikev2 \
217 $(use_with caps capabilities libcap) \
218 $(use_enable curl) \
219 $(use_enable ldap) \
220 $(use_enable debug leak-detective) \
221 $(use_enable eap eap-sim) \
222 $(use_enable eap eap-sim-file) \
223 $(use_enable eap eap-simaka-sql) \
224 $(use_enable eap eap-simaka-pseudonym) \
225 $(use_enable eap eap-simaka-reauth) \
226 $(use_enable eap eap-identity) \
227 $(use_enable eap eap-md5) \
228 $(use_enable eap eap-aka) \
229 $(use_enable eap eap-aka-3gpp2) \
230 $(use_enable eap eap-mschapv2) \
231 $(use_enable eap eap-radius) \
232 $(use_enable eap eap-tls) \
233 $(use_enable openssl) \
234 $(use_enable gcrypt) \
235 $(use_enable mysql) \
236 $(use_enable sqlite) \
237 $(use_enable dhcp) \
238 $(use_enable farp) \
239 $(use_enable networkmanager nm) \
240 ${myconf}
241 }
242
243 src_install() {
244 emake DESTDIR="${D}" install
245
246 doinitd "${FILESDIR}"/ipsec
247
248 local dir_ugid
249 if use non-root; then
250 fowners ${UGID}:${UGID} \
251 /etc/ipsec.conf \
252 /etc/strongswan.conf
253
254 dir_ugid="${UGID}"
255 else
256 dir_ugid="root"
257 fi
258
259 diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
260 dodir /etc/ipsec.d \
261 /etc/ipsec.d/aacerts \
262 /etc/ipsec.d/acerts \
263 /etc/ipsec.d/cacerts \
264 /etc/ipsec.d/certs \
265 /etc/ipsec.d/crls \
266 /etc/ipsec.d/ocspcerts \
267 /etc/ipsec.d/private \
268 /etc/ipsec.d/reqs
269
270 dodoc NEWS README TODO || die
271
272 # shared libs are used only internally and there are no static libs,
273 # so it's safe to get rid of the .la files
274 find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
275 }
276
277 pkg_preinst() {
278 has_version "<net-misc/strongswan-4.3.6-r1"
279 upgrade_from_leq_4_3_6=$(( !$? ))
280
281 has_version "<net-misc/strongswan-4.3.6-r1[-caps]"
282 previous_4_3_6_with_caps=$(( !$? ))
283 }
284
285 pkg_postinst() {
286 if ! use openssl && ! use gcrypt; then
287 elog
288 elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
289 elog "Please note that this might effect availability and speed of some"
290 elog "cryptographic features. You are advised to enable the OpenSSL plugin."
291 elif ! use openssl; then
292 elog
293 elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
294 elog "availability and speed of some cryptographic features. There will be"
295 elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
296 elog "25, 26) and ECDSA."
297 fi
298
299 if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
300 chmod 0750 "${ROOT}"/etc/ipsec.d \
301 "${ROOT}"/etc/ipsec.d/aacerts \
302 "${ROOT}"/etc/ipsec.d/acerts \
303 "${ROOT}"/etc/ipsec.d/cacerts \
304 "${ROOT}"/etc/ipsec.d/certs \
305 "${ROOT}"/etc/ipsec.d/crls \
306 "${ROOT}"/etc/ipsec.d/ocspcerts \
307 "${ROOT}"/etc/ipsec.d/private \
308 "${ROOT}"/etc/ipsec.d/reqs
309
310 ewarn
311 ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
312 ewarn "security reasons. Your system installed directories have been"
313 ewarn "updated accordingly. Please check if necessary."
314 ewarn
315
316 if [[ $previous_4_3_6_with_caps == 1 ]]; then
317 if ! use non-root; then
318 ewarn
319 ewarn "IMPORTANT: You previously had ${PN} installed without root"
320 ewarn "privileges because it was implied by the 'caps' USE flag."
321 ewarn "This has been changed. If you want ${PN} with user privileges,"
322 ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
323 ewarn
324 fi
325 fi
326 fi
327 if ! use caps && ! use non-root; then
328 ewarn
329 ewarn "You have decided to run ${PN} with root privileges and built it"
330 ewarn "without support for POSIX capability dropping. It is generally"
331 ewarn "strongly suggested that you reconsider- especially if you intend"
332 ewarn "to run ${PN} as server with a public ip address."
333 ewarn
334 ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
335 ewarn
336 fi
337 if use non-root; then
338 elog
339 elog "${PN} has been installed without superuser privileges (USE=non-root)."
340 elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
341 elog "but also a few to the IKEv2 daemon 'charon'."
342 elog
343 elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
344 elog
345 elog "pluto uses a helper script by default to insert/remove routing and"
346 elog "policy rules upon connection start/stop which requires superuser"
347 elog "privileges. charon in contrast does this internally and can do so"
348 elog "even with reduced (user) privileges."
349 elog
350 elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
351 elog "script to pluto or charon which requires superuser privileges, you"
352 elog "can work around this limitation by using sudo to grant the"
353 elog "user \"ipsec\" the appropriate rights."
354 elog "For example (the default case):"
355 elog "/etc/sudoers:"
356 elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
357 elog "Under the specific connection block in /etc/ipsec.conf:"
358 elog " leftupdown=\"sudo -E ipsec _updown iptables\""
359 elog
360 fi
361 elog
362 elog "Make sure you have _all_ required kernel modules available including"
363 elog "the appropriate cryptographic algorithms. A list is available at:"
364 elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
365 elog
366 elog "The up-to-date manual is available online at:"
367 elog " http://wiki.strongswan.org/"
368 elog
369 }
Report Message
Find on MARC Find on Google Groups