[gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/files/, net-vpn/libreswan/ - gentoo-commits

From:	Hans de Graaff <graaff@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/files/, net-vpn/libreswan/
Date:	Fri, 16 Feb 2018 08:59:49
Message-Id:	`1518771575.7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97.graaff@gentoo`

1

commit:     7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97

2

Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

3

AuthorDate: Fri Feb 16 08:59:16 2018 +0000

4

Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

5

CommitDate: Fri Feb 16 08:59:35 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dd4310a

7

8

net-vpn/libreswan: fix glibc/kernel incompatibility, bug 647198

9

10

Apply upstream patch to support newer glibc and kernel combinations.

11

Not applied upstream yet because they also need to support old

12

distributions. This patch works with current stable glibc 2.25.

13

14

Closes: https://bugs.gentoo.org/647198

15

Package-Manager: Portage-2.3.19, Repoman-2.3.6

16

17

 .../files/libreswan-3.23-modern-kernels.patch      |  15 +++

18

 net-vpn/libreswan/libreswan-3.23-r1.ebuild         | 114 +++++++++++++++++++++

19

 2 files changed, 129 insertions(+)

20

21

diff --git a/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch

22

new file mode 100644

23

index 00000000000..5dedfeb34c7

24

--- /dev/null

25

+++ b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch

26

@@ -0,0 +1,15 @@

27

+diff --git a/programs/pluto/kernel_netlink.c

28

+b/programs/pluto/kernel_netlink.c

29

+index 8cec3a2..a2500f4 100644

30

+--- a/programs/pluto/kernel_netlink.c

31

++++ b/programs/pluto/kernel_netlink.c

32

+@@ -51,8 +51,8 @@

33

+ #include <linux/if_addr.h>

34

+ #include <linux/if_link.h>

35

+

36

+-#include "libreswan.h" /* before xfrm.h otherwise break on F22 */

37

+ #include "linux/xfrm.h" /* local (if configured) or system copy */

38

++#include "libreswan.h" /* before xfrm.h otherwise break on F22 */

39

+

40

+ #include "libreswan/pfkeyv2.h"

41

+ #include "libreswan/pfkey.h"

42

43

diff --git a/net-vpn/libreswan/libreswan-3.23-r1.ebuild b/net-vpn/libreswan/libreswan-3.23-r1.ebuild

44

new file mode 100644

45

index 00000000000..3a6e2002c93

46

--- /dev/null

47

+++ b/net-vpn/libreswan/libreswan-3.23-r1.ebuild

48

@@ -0,0 +1,114 @@

49

+# Copyright 1999-2018 Gentoo Foundation

50

+# Distributed under the terms of the GNU General Public License v2

51

+

52

+EAPI=6

53

+

54

+inherit systemd toolchain-funcs

55

+

56

+SRC_URI="https://download.libreswan.org/${P}.tar.gz"

57

+KEYWORDS="~amd64 ~ppc ~x86"

58

+

59

+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"

60

+HOMEPAGE="https://libreswan.org/"

61

+

62

+LICENSE="GPL-2 BSD-4 RSA DES"

63

+SLOT="0"

64

+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"

65

+

66

+COMMON_DEPEND="

67

+	dev-libs/gmp:0=

68

+	dev-libs/libevent:0=

69

+	dev-libs/nspr

70

+	caps? ( sys-libs/libcap-ng )

71

+	curl? ( net-misc/curl )

72

+	dnssec? ( net-dns/unbound net-libs/ldns )

73

+	ldap? ( net-nds/openldap )

74

+	pam? ( sys-libs/pam )

75

+	seccomp? ( sys-libs/libseccomp )

76

+	selinux? ( sys-libs/libselinux )

77

+	systemd? ( sys-apps/systemd:0= )

78

+"

79

+DEPEND="${COMMON_DEPEND}

80

+	app-text/docbook-xml-dtd:4.1.2

81

+	app-text/xmlto

82

+	dev-libs/nss

83

+	sys-devel/bison

84

+	sys-devel/flex

85

+	virtual/pkgconfig

86

+	test? ( dev-python/setproctitle )

87

+"

88

+RDEPEND="${COMMON_DEPEND}

89

+	dev-libs/nss[utils(+)]

90

+	sys-apps/iproute2

91

+	!net-misc/openswan

92

+	!net-vpn/strongswan

93

+	selinux? ( sec-policy/selinux-ipsec )

94

+"

95

+

96

+PATCHES=( "${FILESDIR}/${P}-modern-kernels.patch" )

97

+

98

+usetf() {

99

+	usex "$1" true false

100

+}

101

+

102

+src_prepare() {

103

+	sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die

104

+	sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die

105

+	default

106

+}

107

+

108

+src_configure() {

109

+	tc-export AR CC

110

+	export INC_USRLOCAL=/usr

111

+	export INC_MANDIR=share/man

112

+	export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}

113

+	export FINALDOCDIR=/usr/share/doc/${PF}/html

114

+	export INITSYSTEM=openrc

115

+	export INC_RCDIRS=

116

+	export INC_RCDEFAULT=/etc/init.d

117

+	export USERCOMPILE=

118

+	export USERLINK=

119

+	export USE_DNSSEC=$(usetf dnssec)

120

+	export USE_LABELED_IPSEC=$(usetf selinux)

121

+	export USE_LIBCAP_NG=$(usetf caps)

122

+	export USE_LIBCURL=$(usetf curl)

123

+	export USE_LINUX_AUDIT=$(usetf selinux)

124

+	export USE_LDAP=$(usetf ldap)

125

+	export USE_SECCOMP=$(usetf seccomp)

126

+	export USE_SYSTEMD_WATCHDOG=$(usetf systemd)

127

+	export SD_WATCHDOGSEC=$(usex systemd 200 0)

128

+	export USE_XAUTHPAM=$(usetf pam)

129

+	export DEBUG_CFLAGS=

130

+	export OPTIMIZE_CFLAGS=

131

+	export WERROR_CFLAGS=

132

+}

133

+

134

+src_compile() {

135

+	emake all

136

+	emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all

137

+}

138

+

139

+src_test() {

140

+	: # integration tests only that require set of kvms to be set up

141

+}

142

+

143

+src_install() {

144

+	default

145

+	emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install

146

+

147

+	echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets

148

+	fperms 0600 /etc/ipsec.secrets

149

+

150

+	dodoc -r docs

151

+

152

+	find "${D}" -type d -empty -delete || die

153

+}

154

+

155

+pkg_postinst() {

156

+	local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d

157

+	if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then

158

+		ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"

159

+		certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)

160

+		eend $?

161

+	fi

162

+}

1	commit: 7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97
2	Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
3	AuthorDate: Fri Feb 16 08:59:16 2018 +0000
4	Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
5	CommitDate: Fri Feb 16 08:59:35 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dd4310a
7
8	net-vpn/libreswan: fix glibc/kernel incompatibility, bug 647198
9
10	Apply upstream patch to support newer glibc and kernel combinations.
11	Not applied upstream yet because they also need to support old
12	distributions. This patch works with current stable glibc 2.25.
13
14	Closes: https://bugs.gentoo.org/647198
15	Package-Manager: Portage-2.3.19, Repoman-2.3.6
16
17	.../files/libreswan-3.23-modern-kernels.patch \| 15 +++
18	net-vpn/libreswan/libreswan-3.23-r1.ebuild \| 114 +++++++++++++++++++++
19	2 files changed, 129 insertions(+)
20
21	diff --git a/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
22	new file mode 100644
23	index 00000000000..5dedfeb34c7
24	--- /dev/null
25	+++ b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
26	@@ -0,0 +1,15 @@
27	+diff --git a/programs/pluto/kernel_netlink.c
28	+b/programs/pluto/kernel_netlink.c
29	+index 8cec3a2..a2500f4 100644
30	+--- a/programs/pluto/kernel_netlink.c
31	++++ b/programs/pluto/kernel_netlink.c
32	+@@ -51,8 +51,8 @@
33	+ #include <linux/if_addr.h>
34	+ #include <linux/if_link.h>
35	+
36	+-#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
37	+ #include "linux/xfrm.h" /* local (if configured) or system copy */
38	++#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
39	+
40	+ #include "libreswan/pfkeyv2.h"
41	+ #include "libreswan/pfkey.h"
42
43	diff --git a/net-vpn/libreswan/libreswan-3.23-r1.ebuild b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
44	new file mode 100644
45	index 00000000000..3a6e2002c93
46	--- /dev/null
47	+++ b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
48	@@ -0,0 +1,114 @@
49	+# Copyright 1999-2018 Gentoo Foundation
50	+# Distributed under the terms of the GNU General Public License v2
51	+
52	+EAPI=6
53	+
54	+inherit systemd toolchain-funcs
55	+
56	+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
57	+KEYWORDS="~amd64 ~ppc ~x86"
58	+
59	+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
60	+HOMEPAGE="https://libreswan.org/"
61	+
62	+LICENSE="GPL-2 BSD-4 RSA DES"
63	+SLOT="0"
64	+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
65	+
66	+COMMON_DEPEND="
67	+ dev-libs/gmp:0=
68	+ dev-libs/libevent:0=
69	+ dev-libs/nspr
70	+ caps? ( sys-libs/libcap-ng )
71	+ curl? ( net-misc/curl )
72	+ dnssec? ( net-dns/unbound net-libs/ldns )
73	+ ldap? ( net-nds/openldap )
74	+ pam? ( sys-libs/pam )
75	+ seccomp? ( sys-libs/libseccomp )
76	+ selinux? ( sys-libs/libselinux )
77	+ systemd? ( sys-apps/systemd:0= )
78	+"
79	+DEPEND="${COMMON_DEPEND}
80	+ app-text/docbook-xml-dtd:4.1.2
81	+ app-text/xmlto
82	+ dev-libs/nss
83	+ sys-devel/bison
84	+ sys-devel/flex
85	+ virtual/pkgconfig
86	+ test? ( dev-python/setproctitle )
87	+"
88	+RDEPEND="${COMMON_DEPEND}
89	+ dev-libs/nss[utils(+)]
90	+ sys-apps/iproute2
91	+ !net-misc/openswan
92	+ !net-vpn/strongswan
93	+ selinux? ( sec-policy/selinux-ipsec )
94	+"
95	+
96	+PATCHES=( "${FILESDIR}/${P}-modern-kernels.patch" )
97	+
98	+usetf() {
99	+ usex "$1" true false
100	+}
101	+
102	+src_prepare() {
103	+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in \|\| die
104	+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile \|\| die
105	+ default
106	+}
107	+
108	+src_configure() {
109	+ tc-export AR CC
110	+ export INC_USRLOCAL=/usr
111	+ export INC_MANDIR=share/man
112	+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
113	+ export FINALDOCDIR=/usr/share/doc/${PF}/html
114	+ export INITSYSTEM=openrc
115	+ export INC_RCDIRS=
116	+ export INC_RCDEFAULT=/etc/init.d
117	+ export USERCOMPILE=
118	+ export USERLINK=
119	+ export USE_DNSSEC=$(usetf dnssec)
120	+ export USE_LABELED_IPSEC=$(usetf selinux)
121	+ export USE_LIBCAP_NG=$(usetf caps)
122	+ export USE_LIBCURL=$(usetf curl)
123	+ export USE_LINUX_AUDIT=$(usetf selinux)
124	+ export USE_LDAP=$(usetf ldap)
125	+ export USE_SECCOMP=$(usetf seccomp)
126	+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
127	+ export SD_WATCHDOGSEC=$(usex systemd 200 0)
128	+ export USE_XAUTHPAM=$(usetf pam)
129	+ export DEBUG_CFLAGS=
130	+ export OPTIMIZE_CFLAGS=
131	+ export WERROR_CFLAGS=
132	+}
133	+
134	+src_compile() {
135	+ emake all
136	+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all
137	+}
138	+
139	+src_test() {
140	+ : # integration tests only that require set of kvms to be set up
141	+}
142	+
143	+src_install() {
144	+ default
145	+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install
146	+
147	+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
148	+ fperms 0600 /etc/ipsec.secrets
149	+
150	+ dodoc -r docs
151	+
152	+ find "${D}" -type d -empty -delete \|\| die
153	+}
154	+
155	+pkg_postinst() {
156	+ local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d
157	+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then
158	+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"
159	+ certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)
160	+ eend $?
161	+ fi
162	+}

Gentoo Archives: gentoo-commits