Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Bjarke Istrup Pedersen (gurligebis)" <gurligebis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-misc/strongswan: strongswan-5.1.0.ebuild ChangeLog strongswan-5.0.4-r1.ebuild
Date: Thu, 01 Aug 2013 15:42:03
Message-Id: 20130801154158.DD1692171C@flycatcher.gentoo.org
1 gurligebis 13/08/01 15:41:58
2
3 Modified: ChangeLog
4 Added: strongswan-5.1.0.ebuild
5 Removed: strongswan-5.0.4-r1.ebuild
6 Log:
7 Bumping to 5.1.0, to help fix #479396
8
9 (Portage version: 2.2.0_alpha190/cvs/Linux i686, signed Manifest commit with key 15AE484C)
10
11 Revision Changes Path
12 1.121 net-misc/strongswan/ChangeLog
13
14 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.121&view=markup
15 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.121&content-type=text/plain
16 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?r1=1.120&r2=1.121
17
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v
21 retrieving revision 1.120
22 retrieving revision 1.121
23 diff -u -r1.120 -r1.121
24 --- ChangeLog 20 Jul 2013 14:34:37 -0000 1.120
25 +++ ChangeLog 1 Aug 2013 15:41:58 -0000 1.121
26 @@ -1,6 +1,12 @@
27 # ChangeLog for net-misc/strongswan
28 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
29 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.120 2013/07/20 14:34:37 pacho Exp $
30 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.121 2013/08/01 15:41:58 gurligebis Exp $
31 +
32 +*strongswan-5.1.0 (01 Aug 2013)
33 +
34 + 01 Aug 2013; <gurligebis@g.o> -strongswan-5.0.4-r1.ebuild,
35 + +strongswan-5.1.0.ebuild:
36 + Bumping to 5.1.0, to help fix #479396
37
38 20 Jul 2013; Pacho Ramos <pacho@g.o> strongswan-5.0.4-r1.ebuild:
39 Use systemd.eclass (#470082 by Alexander Tsoy).
40
41
42
43 1.1 net-misc/strongswan/strongswan-5.1.0.ebuild
44
45 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.1.0.ebuild?rev=1.1&view=markup
46 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.1.0.ebuild?rev=1.1&content-type=text/plain
47
48 Index: strongswan-5.1.0.ebuild
49 ===================================================================
50 # Copyright 1999-2013 Gentoo Foundation
51 # Distributed under the terms of the GNU General Public License v2
52 # $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.1.0.ebuild,v 1.1 2013/08/01 15:41:58 gurligebis Exp $
53
54 EAPI=5
55 inherit eutils linux-info systemd user
56
57 DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
58 HOMEPAGE="http://www.strongswan.org/"
59 SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
60
61 LICENSE="GPL-2 RSA DES"
62 SLOT="0"
63 KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
64 IUSE="+caps curl debug dhcp eap farp gcrypt ldap mysql networkmanager +non-root +openssl sqlite pam"
65
66 COMMON_DEPEND="!net-misc/openswan
67 >=dev-libs/gmp-4.1.5
68 gcrypt? ( dev-libs/libgcrypt )
69 caps? ( sys-libs/libcap )
70 curl? ( net-misc/curl )
71 ldap? ( net-nds/openldap )
72 openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )
73 mysql? ( virtual/mysql )
74 sqlite? ( >=dev-db/sqlite-3.3.1 )
75 pam? ( sys-libs/pam )"
76 DEPEND="${COMMON_DEPEND}
77 virtual/linux-sources
78 sys-kernel/linux-headers"
79 RDEPEND="${COMMON_DEPEND}
80 virtual/logger
81 sys-apps/iproute2"
82
83 UGID="ipsec"
84
85 pkg_setup() {
86 linux-info_pkg_setup
87 elog "Linux kernel version: ${KV_FULL}"
88
89 if ! kernel_is -ge 2 6 16; then
90 eerror
91 eerror "This ebuild currently only supports ${PN} with the"
92 eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
93 eerror
94 fi
95
96 if kernel_is -lt 2 6 34; then
97 ewarn
98 ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
99 ewarn
100
101 if kernel_is -lt 2 6 29; then
102 ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
103 ewarn "include all required IPv6 modules even if you just intend"
104 ewarn "to run on IPv4 only."
105 ewarn
106 ewarn "This has been fixed with kernels >= 2.6.29."
107 ewarn
108 fi
109
110 if kernel_is -lt 2 6 33; then
111 ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
112 ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
113 ewarn "miss SHA384 and SHA512 HMAC support altogether."
114 ewarn
115 ewarn "If you need any of those features, please use kernel >= 2.6.33."
116 ewarn
117 fi
118
119 if kernel_is -lt 2 6 34; then
120 ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
121 ewarn "ESP cipher is only included in kernels >= 2.6.34."
122 ewarn
123 ewarn "If you need it, please use kernel >= 2.6.34."
124 ewarn
125 fi
126 fi
127
128 if use non-root; then
129 enewgroup ${UGID}
130 enewuser ${UGID} -1 -1 -1 ${UGID}
131 fi
132 }
133
134 src_prepare() {
135 epatch_user
136 }
137
138 src_configure() {
139 local myconf=""
140
141 if use non-root; then
142 myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
143 fi
144
145 # If a user has already enabled db support, those plugins will
146 # most likely be desired as well. Besides they don't impose new
147 # dependencies and come at no cost (except for space).
148 if use mysql || use sqlite; then
149 myconf="${myconf} --enable-attr-sql --enable-sql"
150 fi
151
152 # strongSwan builds and installs static libs by default which are
153 # useless to the user (and to strongSwan for that matter) because no
154 # header files or alike get installed... so disabling them is safe.
155 if use pam && use eap; then
156 myconf="${myconf} --enable-eap-gtc"
157 else
158 myconf="${myconf} --disable-eap-gtc"
159 fi
160 econf \
161 --disable-static \
162 --enable-ikev1 \
163 --enable-ikev2 \
164 $(use_with caps capabilities libcap) \
165 $(use_enable curl) \
166 $(use_enable ldap) \
167 $(use_enable debug leak-detective) \
168 $(use_enable eap eap-sim) \
169 $(use_enable eap eap-sim-file) \
170 $(use_enable eap eap-simaka-sql) \
171 $(use_enable eap eap-simaka-pseudonym) \
172 $(use_enable eap eap-simaka-reauth) \
173 $(use_enable eap eap-identity) \
174 $(use_enable eap eap-md5) \
175 $(use_enable eap eap-aka) \
176 $(use_enable eap eap-aka-3gpp2) \
177 $(use_enable eap eap-mschapv2) \
178 $(use_enable eap eap-radius) \
179 $(use_enable eap eap-tls) \
180 $(use_enable openssl) \
181 $(use_enable gcrypt) \
182 $(use_enable mysql) \
183 $(use_enable sqlite) \
184 $(use_enable dhcp) \
185 $(use_enable farp) \
186 $(use_enable networkmanager nm) \
187 "$(systemd_with_unitdir)" \
188 ${myconf}
189 }
190
191 src_install() {
192 emake DESTDIR="${D}" install
193
194 doinitd "${FILESDIR}"/ipsec
195
196 local dir_ugid
197 if use non-root; then
198 fowners ${UGID}:${UGID} \
199 /etc/ipsec.conf \
200 /etc/strongswan.conf
201
202 dir_ugid="${UGID}"
203 else
204 dir_ugid="root"
205 fi
206
207 diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
208 dodir /etc/ipsec.d \
209 /etc/ipsec.d/aacerts \
210 /etc/ipsec.d/acerts \
211 /etc/ipsec.d/cacerts \
212 /etc/ipsec.d/certs \
213 /etc/ipsec.d/crls \
214 /etc/ipsec.d/ocspcerts \
215 /etc/ipsec.d/private \
216 /etc/ipsec.d/reqs
217
218 dodoc NEWS README TODO || die
219
220 # shared libs are used only internally and there are no static libs,
221 # so it's safe to get rid of the .la files
222 find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
223 }
224
225 pkg_preinst() {
226 has_version "<net-misc/strongswan-4.3.6-r1"
227 upgrade_from_leq_4_3_6=$(( !$? ))
228
229 has_version "<net-misc/strongswan-4.3.6-r1[-caps]"
230 previous_4_3_6_with_caps=$(( !$? ))
231 }
232
233 pkg_postinst() {
234 if ! use openssl && ! use gcrypt; then
235 elog
236 elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
237 elog "Please note that this might effect availability and speed of some"
238 elog "cryptographic features. You are advised to enable the OpenSSL plugin."
239 elif ! use openssl; then
240 elog
241 elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
242 elog "availability and speed of some cryptographic features. There will be"
243 elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
244 elog "25, 26) and ECDSA."
245 fi
246
247 if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
248 chmod 0750 "${ROOT}"/etc/ipsec.d \
249 "${ROOT}"/etc/ipsec.d/aacerts \
250 "${ROOT}"/etc/ipsec.d/acerts \
251 "${ROOT}"/etc/ipsec.d/cacerts \
252 "${ROOT}"/etc/ipsec.d/certs \
253 "${ROOT}"/etc/ipsec.d/crls \
254 "${ROOT}"/etc/ipsec.d/ocspcerts \
255 "${ROOT}"/etc/ipsec.d/private \
256 "${ROOT}"/etc/ipsec.d/reqs
257
258 ewarn
259 ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
260 ewarn "security reasons. Your system installed directories have been"
261 ewarn "updated accordingly. Please check if necessary."
262 ewarn
263
264 if [[ $previous_4_3_6_with_caps == 1 ]]; then
265 if ! use non-root; then
266 ewarn
267 ewarn "IMPORTANT: You previously had ${PN} installed without root"
268 ewarn "privileges because it was implied by the 'caps' USE flag."
269 ewarn "This has been changed. If you want ${PN} with user privileges,"
270 ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
271 ewarn
272 fi
273 fi
274 fi
275 if ! use caps && ! use non-root; then
276 ewarn
277 ewarn "You have decided to run ${PN} with root privileges and built it"
278 ewarn "without support for POSIX capability dropping. It is generally"
279 ewarn "strongly suggested that you reconsider- especially if you intend"
280 ewarn "to run ${PN} as server with a public ip address."
281 ewarn
282 ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
283 ewarn
284 fi
285 if use non-root; then
286 elog
287 elog "${PN} has been installed without superuser privileges (USE=non-root)."
288 elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
289 elog "but also a few to the IKEv2 daemon 'charon'."
290 elog
291 elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
292 elog
293 elog "pluto uses a helper script by default to insert/remove routing and"
294 elog "policy rules upon connection start/stop which requires superuser"
295 elog "privileges. charon in contrast does this internally and can do so"
296 elog "even with reduced (user) privileges."
297 elog
298 elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
299 elog "script to pluto or charon which requires superuser privileges, you"
300 elog "can work around this limitation by using sudo to grant the"
301 elog "user \"ipsec\" the appropriate rights."
302 elog "For example (the default case):"
303 elog "/etc/sudoers:"
304 elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
305 elog "Under the specific connection block in /etc/ipsec.conf:"
306 elog " leftupdown=\"sudo -E ipsec _updown iptables\""
307 elog
308 fi
309 elog
310 elog "Make sure you have _all_ required kernel modules available including"
311 elog "the appropriate cryptographic algorithms. A list is available at:"
312 elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
313 elog
314 elog "The up-to-date manual is available online at:"
315 elog " http://wiki.strongswan.org/"
316 elog
317 }
Report Message
Find on MARC Find on Google Groups