Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Bjarke Istrup Pedersen (gurligebis)" <gurligebis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-misc/strongswan: ChangeLog strongswan-5.1.0-r1.ebuild strongswan-5.0.4.ebuild
Date: Sun, 01 Sep 2013 15:39:33
Message-Id: 20130901153926.DDDD020036@flycatcher.gentoo.org
1 gurligebis 13/09/01 15:39:26
2
3 Modified: ChangeLog
4 Added: strongswan-5.1.0-r1.ebuild
5 Removed: strongswan-5.0.4.ebuild
6 Log:
7 Adding dependency for networkmanager, fixing bug #481932
8
9 (Portage version: 2.2.1/cvs/Linux i686, signed Manifest commit with key 15AE484C)
10
11 Revision Changes Path
12 1.126 net-misc/strongswan/ChangeLog
13
14 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.126&view=markup
15 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.126&content-type=text/plain
16 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?r1=1.125&r2=1.126
17
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v
21 retrieving revision 1.125
22 retrieving revision 1.126
23 diff -u -r1.125 -r1.126
24 --- ChangeLog 9 Aug 2013 14:58:11 -0000 1.125
25 +++ ChangeLog 1 Sep 2013 15:39:26 -0000 1.126
26 @@ -1,6 +1,12 @@
27 # ChangeLog for net-misc/strongswan
28 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
29 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.125 2013/08/09 14:58:11 ago Exp $
30 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.126 2013/09/01 15:39:26 gurligebis Exp $
31 +
32 +*strongswan-5.1.0-r1 (01 Sep 2013)
33 +
34 + 01 Sep 2013; <gurligebis@g.o> -strongswan-5.0.4.ebuild,
35 + +strongswan-5.1.0-r1.ebuild:
36 + Adding dependency for networkmanager, fixing bug #481932
37
38 09 Aug 2013; Agostino Sarubbo <ago@g.o> strongswan-5.1.0.ebuild:
39 Stable for arm, wrt bug #479396
40
41
42
43 1.1 net-misc/strongswan/strongswan-5.1.0-r1.ebuild
44
45 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.1.0-r1.ebuild?rev=1.1&view=markup
46 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.1.0-r1.ebuild?rev=1.1&content-type=text/plain
47
48 Index: strongswan-5.1.0-r1.ebuild
49 ===================================================================
50 # Copyright 1999-2013 Gentoo Foundation
51 # Distributed under the terms of the GNU General Public License v2
52 # $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.1.0-r1.ebuild,v 1.1 2013/09/01 15:39:26 gurligebis Exp $
53
54 EAPI=5
55 inherit eutils linux-info systemd user
56
57 DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
58 HOMEPAGE="http://www.strongswan.org/"
59 SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
60
61 LICENSE="GPL-2 RSA DES"
62 SLOT="0"
63 KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
64 IUSE="+caps curl debug dhcp eap farp gcrypt ldap mysql networkmanager +non-root +openssl sqlite pam"
65
66 COMMON_DEPEND="!net-misc/openswan
67 >=dev-libs/gmp-4.1.5
68 gcrypt? ( dev-libs/libgcrypt )
69 caps? ( sys-libs/libcap )
70 curl? ( net-misc/curl )
71 ldap? ( net-nds/openldap )
72 openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )
73 mysql? ( virtual/mysql )
74 sqlite? ( >=dev-db/sqlite-3.3.1 )
75 networkmanager? ( net-misc/networkmanager )
76 pam? ( sys-libs/pam )"
77 DEPEND="${COMMON_DEPEND}
78 virtual/linux-sources
79 sys-kernel/linux-headers"
80 RDEPEND="${COMMON_DEPEND}
81 virtual/logger
82 sys-apps/iproute2"
83
84 UGID="ipsec"
85
86 pkg_setup() {
87 linux-info_pkg_setup
88 elog "Linux kernel version: ${KV_FULL}"
89
90 if ! kernel_is -ge 2 6 16; then
91 eerror
92 eerror "This ebuild currently only supports ${PN} with the"
93 eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
94 eerror
95 fi
96
97 if kernel_is -lt 2 6 34; then
98 ewarn
99 ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
100 ewarn
101
102 if kernel_is -lt 2 6 29; then
103 ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
104 ewarn "include all required IPv6 modules even if you just intend"
105 ewarn "to run on IPv4 only."
106 ewarn
107 ewarn "This has been fixed with kernels >= 2.6.29."
108 ewarn
109 fi
110
111 if kernel_is -lt 2 6 33; then
112 ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
113 ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
114 ewarn "miss SHA384 and SHA512 HMAC support altogether."
115 ewarn
116 ewarn "If you need any of those features, please use kernel >= 2.6.33."
117 ewarn
118 fi
119
120 if kernel_is -lt 2 6 34; then
121 ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
122 ewarn "ESP cipher is only included in kernels >= 2.6.34."
123 ewarn
124 ewarn "If you need it, please use kernel >= 2.6.34."
125 ewarn
126 fi
127 fi
128
129 if use non-root; then
130 enewgroup ${UGID}
131 enewuser ${UGID} -1 -1 -1 ${UGID}
132 fi
133 }
134
135 src_prepare() {
136 epatch_user
137 }
138
139 src_configure() {
140 local myconf=""
141
142 if use non-root; then
143 myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
144 fi
145
146 # If a user has already enabled db support, those plugins will
147 # most likely be desired as well. Besides they don't impose new
148 # dependencies and come at no cost (except for space).
149 if use mysql || use sqlite; then
150 myconf="${myconf} --enable-attr-sql --enable-sql"
151 fi
152
153 # strongSwan builds and installs static libs by default which are
154 # useless to the user (and to strongSwan for that matter) because no
155 # header files or alike get installed... so disabling them is safe.
156 if use pam && use eap; then
157 myconf="${myconf} --enable-eap-gtc"
158 else
159 myconf="${myconf} --disable-eap-gtc"
160 fi
161 econf \
162 --disable-static \
163 --enable-ikev1 \
164 --enable-ikev2 \
165 $(use_with caps capabilities libcap) \
166 $(use_enable curl) \
167 $(use_enable ldap) \
168 $(use_enable debug leak-detective) \
169 $(use_enable eap eap-sim) \
170 $(use_enable eap eap-sim-file) \
171 $(use_enable eap eap-simaka-sql) \
172 $(use_enable eap eap-simaka-pseudonym) \
173 $(use_enable eap eap-simaka-reauth) \
174 $(use_enable eap eap-identity) \
175 $(use_enable eap eap-md5) \
176 $(use_enable eap eap-aka) \
177 $(use_enable eap eap-aka-3gpp2) \
178 $(use_enable eap eap-mschapv2) \
179 $(use_enable eap eap-radius) \
180 $(use_enable eap eap-tls) \
181 $(use_enable openssl) \
182 $(use_enable gcrypt) \
183 $(use_enable mysql) \
184 $(use_enable sqlite) \
185 $(use_enable dhcp) \
186 $(use_enable farp) \
187 $(use_enable networkmanager nm) \
188 "$(systemd_with_unitdir)" \
189 ${myconf}
190 }
191
192 src_install() {
193 emake DESTDIR="${D}" install
194
195 doinitd "${FILESDIR}"/ipsec
196
197 local dir_ugid
198 if use non-root; then
199 fowners ${UGID}:${UGID} \
200 /etc/ipsec.conf \
201 /etc/strongswan.conf
202
203 dir_ugid="${UGID}"
204 else
205 dir_ugid="root"
206 fi
207
208 diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
209 dodir /etc/ipsec.d \
210 /etc/ipsec.d/aacerts \
211 /etc/ipsec.d/acerts \
212 /etc/ipsec.d/cacerts \
213 /etc/ipsec.d/certs \
214 /etc/ipsec.d/crls \
215 /etc/ipsec.d/ocspcerts \
216 /etc/ipsec.d/private \
217 /etc/ipsec.d/reqs
218
219 dodoc NEWS README TODO || die
220
221 # shared libs are used only internally and there are no static libs,
222 # so it's safe to get rid of the .la files
223 find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
224 }
225
226 pkg_preinst() {
227 has_version "<net-misc/strongswan-4.3.6-r1"
228 upgrade_from_leq_4_3_6=$(( !$? ))
229
230 has_version "<net-misc/strongswan-4.3.6-r1[-caps]"
231 previous_4_3_6_with_caps=$(( !$? ))
232 }
233
234 pkg_postinst() {
235 if ! use openssl && ! use gcrypt; then
236 elog
237 elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
238 elog "Please note that this might effect availability and speed of some"
239 elog "cryptographic features. You are advised to enable the OpenSSL plugin."
240 elif ! use openssl; then
241 elog
242 elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
243 elog "availability and speed of some cryptographic features. There will be"
244 elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
245 elog "25, 26) and ECDSA."
246 fi
247
248 if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
249 chmod 0750 "${ROOT}"/etc/ipsec.d \
250 "${ROOT}"/etc/ipsec.d/aacerts \
251 "${ROOT}"/etc/ipsec.d/acerts \
252 "${ROOT}"/etc/ipsec.d/cacerts \
253 "${ROOT}"/etc/ipsec.d/certs \
254 "${ROOT}"/etc/ipsec.d/crls \
255 "${ROOT}"/etc/ipsec.d/ocspcerts \
256 "${ROOT}"/etc/ipsec.d/private \
257 "${ROOT}"/etc/ipsec.d/reqs
258
259 ewarn
260 ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
261 ewarn "security reasons. Your system installed directories have been"
262 ewarn "updated accordingly. Please check if necessary."
263 ewarn
264
265 if [[ $previous_4_3_6_with_caps == 1 ]]; then
266 if ! use non-root; then
267 ewarn
268 ewarn "IMPORTANT: You previously had ${PN} installed without root"
269 ewarn "privileges because it was implied by the 'caps' USE flag."
270 ewarn "This has been changed. If you want ${PN} with user privileges,"
271 ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
272 ewarn
273 fi
274 fi
275 fi
276 if ! use caps && ! use non-root; then
277 ewarn
278 ewarn "You have decided to run ${PN} with root privileges and built it"
279 ewarn "without support for POSIX capability dropping. It is generally"
280 ewarn "strongly suggested that you reconsider- especially if you intend"
281 ewarn "to run ${PN} as server with a public ip address."
282 ewarn
283 ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
284 ewarn
285 fi
286 if use non-root; then
287 elog
288 elog "${PN} has been installed without superuser privileges (USE=non-root)."
289 elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
290 elog "but also a few to the IKEv2 daemon 'charon'."
291 elog
292 elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
293 elog
294 elog "pluto uses a helper script by default to insert/remove routing and"
295 elog "policy rules upon connection start/stop which requires superuser"
296 elog "privileges. charon in contrast does this internally and can do so"
297 elog "even with reduced (user) privileges."
298 elog
299 elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
300 elog "script to pluto or charon which requires superuser privileges, you"
301 elog "can work around this limitation by using sudo to grant the"
302 elog "user \"ipsec\" the appropriate rights."
303 elog "For example (the default case):"
304 elog "/etc/sudoers:"
305 elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
306 elog "Under the specific connection block in /etc/ipsec.conf:"
307 elog " leftupdown=\"sudo -E ipsec _updown iptables\""
308 elog
309 fi
310 elog
311 elog "Make sure you have _all_ required kernel modules available including"
312 elog "the appropriate cryptographic algorithms. A list is available at:"
313 elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
314 elog
315 elog "The up-to-date manual is available online at:"
316 elog " http://wiki.strongswan.org/"
317 elog
318 }
Report Message
Find on MARC Find on Google Groups