1 |
commit: ad185fc90aff90a11a083e208150e08cc9c23427 |
2 |
Author: Dirkjan Ochtman <djc <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Dec 6 19:54:10 2015 +0000 |
4 |
Commit: Dirkjan Ochtman <djc <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Dec 6 20:07:11 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad185fc9 |
7 |
|
8 |
net-misc/openvpn: add support for libressl (fixes bug 565242) |
9 |
|
10 |
Package-Manager: portage-2.2.20.1 |
11 |
|
12 |
net-misc/openvpn/openvpn-2.3.8-r1.ebuild | 133 +++++++++++++++++++++++++++++++ |
13 |
1 file changed, 133 insertions(+) |
14 |
|
15 |
diff --git a/net-misc/openvpn/openvpn-2.3.8-r1.ebuild b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild |
16 |
new file mode 100644 |
17 |
index 0000000..e7e8e63 |
18 |
--- /dev/null |
19 |
+++ b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild |
20 |
@@ -0,0 +1,133 @@ |
21 |
+# Copyright 1999-2015 Gentoo Foundation |
22 |
+# Distributed under the terms of the GNU General Public License v2 |
23 |
+# $Id$ |
24 |
+ |
25 |
+EAPI=4 |
26 |
+ |
27 |
+inherit multilib flag-o-matic user systemd |
28 |
+ |
29 |
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" |
30 |
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz" |
31 |
+HOMEPAGE="http://openvpn.net/" |
32 |
+ |
33 |
+LICENSE="GPL-2" |
34 |
+SLOT="0" |
35 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux" |
36 |
+IUSE="examples down-root iproute2 libressl +lzo pam passwordsave pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD" |
37 |
+ |
38 |
+REQUIRED_USE="static? ( !plugins !pkcs11 ) |
39 |
+ polarssl? ( ssl !libressl ) |
40 |
+ pkcs11? ( ssl ) |
41 |
+ !plugins? ( !pam !down-root )" |
42 |
+ |
43 |
+DEPEND=" |
44 |
+ kernel_linux? ( |
45 |
+ iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) |
46 |
+ ) |
47 |
+ pam? ( virtual/pam ) |
48 |
+ ssl? ( |
49 |
+ !polarssl? ( |
50 |
+ !libressl? ( >=dev-libs/openssl-0.9.7 ) |
51 |
+ libressl? ( dev-libs/libressl ) |
52 |
+ ) |
53 |
+ polarssl? ( >=net-libs/polarssl-1.2.10 ) |
54 |
+ ) |
55 |
+ lzo? ( >=dev-libs/lzo-1.07 ) |
56 |
+ pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) |
57 |
+ systemd? ( sys-apps/systemd )" |
58 |
+RDEPEND="${DEPEND} |
59 |
+ selinux? ( sec-policy/selinux-openvpn ) |
60 |
+" |
61 |
+ |
62 |
+src_configure() { |
63 |
+ use static && LDFLAGS="${LDFLAGS} -Xcompiler -static" |
64 |
+ local myconf |
65 |
+ use polarssl && myconf="--with-crypto-library=polarssl" |
66 |
+ econf \ |
67 |
+ ${myconf} \ |
68 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \ |
69 |
+ --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ |
70 |
+ $(use_enable passwordsave password-save) \ |
71 |
+ $(use_enable ssl) \ |
72 |
+ $(use_enable ssl crypto) \ |
73 |
+ $(use_enable lzo) \ |
74 |
+ $(use_enable pkcs11) \ |
75 |
+ $(use_enable plugins) \ |
76 |
+ $(use_enable iproute2) \ |
77 |
+ $(use_enable socks) \ |
78 |
+ $(use_enable pam plugin-auth-pam) \ |
79 |
+ $(use_enable down-root plugin-down-root) \ |
80 |
+ $(use_enable systemd) |
81 |
+} |
82 |
+ |
83 |
+src_install() { |
84 |
+ default |
85 |
+ find "${ED}/usr" -name '*.la' -delete |
86 |
+ # install documentation |
87 |
+ dodoc AUTHORS ChangeLog PORTS README README.IPv6 |
88 |
+ |
89 |
+ # Install some helper scripts |
90 |
+ keepdir /etc/openvpn |
91 |
+ exeinto /etc/openvpn |
92 |
+ doexe "${FILESDIR}/up.sh" |
93 |
+ doexe "${FILESDIR}/down.sh" |
94 |
+ |
95 |
+ # Install the init script and config file |
96 |
+ newinitd "${FILESDIR}/${PN}-2.1.init" openvpn |
97 |
+ newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn |
98 |
+ |
99 |
+ # install examples, controlled by the respective useflag |
100 |
+ if use examples ; then |
101 |
+ # dodoc does not supportly support directory traversal, #15193 |
102 |
+ insinto /usr/share/doc/${PF}/examples |
103 |
+ doins -r sample contrib |
104 |
+ fi |
105 |
+ |
106 |
+ systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf |
107 |
+ systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service |
108 |
+ systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service |
109 |
+} |
110 |
+ |
111 |
+pkg_postinst() { |
112 |
+ # Add openvpn user so openvpn servers can drop privs |
113 |
+ # Clients should run as root so they can change ip addresses, |
114 |
+ # dns information and other such things. |
115 |
+ enewgroup openvpn |
116 |
+ enewuser openvpn "" "" "" openvpn |
117 |
+ |
118 |
+ if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then |
119 |
+ ewarn "WARNING: The openvpn init script has changed" |
120 |
+ ewarn "" |
121 |
+ fi |
122 |
+ |
123 |
+ elog "The openvpn init script expects to find the configuration file" |
124 |
+ elog "openvpn.conf in /etc/openvpn along with any extra files it may need." |
125 |
+ elog "" |
126 |
+ elog "To create more VPNs, simply create a new .conf file for it and" |
127 |
+ elog "then create a symlink to the openvpn init script from a link called" |
128 |
+ elog "openvpn.newconfname - like so" |
129 |
+ elog " cd /etc/openvpn" |
130 |
+ elog " ${EDITOR##*/} foo.conf" |
131 |
+ elog " cd /etc/init.d" |
132 |
+ elog " ln -s openvpn openvpn.foo" |
133 |
+ elog "" |
134 |
+ elog "You can then treat openvpn.foo as any other service, so you can" |
135 |
+ elog "stop one vpn and start another if you need to." |
136 |
+ |
137 |
+ if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then |
138 |
+ ewarn "" |
139 |
+ ewarn "WARNING: If you use the remote keyword then you are deemed to be" |
140 |
+ ewarn "a client by our init script and as such we force up,down scripts." |
141 |
+ ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" |
142 |
+ ewarn "can move your scripts to." |
143 |
+ fi |
144 |
+ |
145 |
+ if use plugins ; then |
146 |
+ einfo "" |
147 |
+ einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" |
148 |
+ fi |
149 |
+ |
150 |
+ einfo "" |
151 |
+ einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities." |
152 |
+ einfo "They can now be emerged via app-crypt/easy-rsa." |
153 |
+} |