[gentoo-commits] gentoo-x86 commit in net-misc/strongswan: strongswan-4.6.4.ebuild ChangeLog strongswan-5.0.0.ebuild - gentoo-commits

From:	"Bjarke Istrup Pedersen (gurligebis)" <gurligebis@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-misc/strongswan: strongswan-4.6.4.ebuild ChangeLog strongswan-5.0.0.ebuild
Date:	Sun, 01 Jul 2012 10:45:28
Message-Id:	`20120701104517.536972004B@flycatcher.gentoo.org`

1

gurligebis    12/07/01 10:45:17

2

3

  Modified:             strongswan-4.6.4.ebuild ChangeLog

4

  Added:                strongswan-5.0.0.ebuild

5

  Log:

6

  Bumping to 5.0.0

7

8

  (Portage version: 2.2.0_alpha114/cvs/Linux i686)

9

10

Revision  Changes    Path

11

1.2                  net-misc/strongswan/strongswan-4.6.4.ebuild

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?rev=1.2&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?rev=1.2&content-type=text/plain

15

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?r1=1.1&r2=1.2

16

17

Index: strongswan-4.6.4.ebuild

18

===================================================================

19

RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v

20

retrieving revision 1.1

21

retrieving revision 1.2

22

diff -u -r1.1 -r1.2

23

--- strongswan-4.6.4.ebuild	31 May 2012 16:30:53 -0000	1.1

24

+++ strongswan-4.6.4.ebuild	1 Jul 2012 10:45:17 -0000	1.2

25

@@ -1,9 +1,9 @@

26

 # Copyright 1999-2012 Gentoo Foundation

27

 # Distributed under the terms of the GNU General Public License v2

28

-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v 1.1 2012/05/31 16:30:53 gurligebis Exp $

29

+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v 1.2 2012/07/01 10:45:17 gurligebis Exp $

30

31

 EAPI=2

32

-inherit eutils linux-info

33

+inherit eutils linux-info user

34

35

 DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"

36

 HOMEPAGE="http://www.strongswan.org/"

1.96                 net-misc/strongswan/ChangeLog

41

42

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.96&view=markup

43

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.96&content-type=text/plain

44

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?r1=1.95&r2=1.96

45

46

Index: ChangeLog

47

===================================================================

48

RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v

49

retrieving revision 1.95

50

retrieving revision 1.96

51

diff -u -r1.95 -r1.96

52

--- ChangeLog	31 May 2012 16:30:53 -0000	1.95

53

+++ ChangeLog	1 Jul 2012 10:45:17 -0000	1.96

54

@@ -1,6 +1,11 @@

55

 # ChangeLog for net-misc/strongswan

56

 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2

57

-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.95 2012/05/31 16:30:53 gurligebis Exp $

58

+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.96 2012/07/01 10:45:17 gurligebis Exp $

59

+

60

+*strongswan-5.0.0 (01 Jul 2012)

61

+

62

+  01 Jul 2012; <gurligebis@g.o> +strongswan-5.0.0.ebuild:

63

+  Bumping to 5.0.0

64

65

 *strongswan-4.6.4 (31 May 2012)

1.1                  net-misc/strongswan/strongswan-5.0.0.ebuild

71

72

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?rev=1.1&view=markup

73

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?rev=1.1&content-type=text/plain

74

75

Index: strongswan-5.0.0.ebuild

76

===================================================================

77

# Copyright 1999-2012 Gentoo Foundation

78

# Distributed under the terms of the GNU General Public License v2

79

# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild,v 1.1 2012/07/01 10:45:17 gurligebis Exp $

80

81

EAPI=2

82

inherit eutils linux-info user

83

84

DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"

85

HOMEPAGE="http://www.strongswan.org/"

86

SRC_URI="http://download.strongswan.org/${P}.tar.bz2"

87

88

LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"

89

SLOT="0"

90

KEYWORDS="~arm ~amd64 ~ppc ~sparc ~x86"

91

IUSE="+caps curl debug dhcp eap farp gcrypt ldap +ikev1 +ikev2 mysql +non-root +openssl sqlite"

92

93

COMMON_DEPEND="!net-misc/openswan

94

	>=dev-libs/gmp-4.1.5

95

	gcrypt? ( dev-libs/libgcrypt )

96

	caps? ( sys-libs/libcap )

97

	curl? ( net-misc/curl )

98

	ldap? ( net-nds/openldap )

99

	openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )

100

	mysql? ( virtual/mysql )

101

	sqlite? ( >=dev-db/sqlite-3.3.1 )"

102

DEPEND="${COMMON_DEPEND}

103

	virtual/linux-sources

104

	sys-kernel/linux-headers"

105

RDEPEND="${COMMON_DEPEND}

106

	virtual/logger

107

	sys-apps/iproute2"

108

109

UGID="ipsec"

110

111

pkg_setup() {

112

	linux-info_pkg_setup

113

	elog "Linux kernel version: ${KV_FULL}"

114

115

	if ! kernel_is -ge 2 6 16; then

116

		eerror

117

		eerror "This ebuild currently only supports ${PN} with the"

118

		eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."

119

		eerror

120

		die "Please install a recent 2.6 kernel."

121

fi

122

123

	if use nat-transport; then

124

		ewarn

125

		ewarn "You have enabled NAT Traversal for transport mode with the IKEv1"

126

		ewarn "protocol. Please double check if you really require this feature"

127

		ewarn "as it is potentially insecure and usually only required in certain"

128

		ewarn "situations when interoperating with Windows using L2TP/IPsec."

129

		ewarn

130

fi

131

132

	if kernel_is -lt 2 6 34; then

133

		ewarn

134

		ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."

135

		ewarn

136

137

		if kernel_is -lt 2 6 29; then

138

			ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"

139

			ewarn "include all required IPv6 modules even if you just intend"

140

			ewarn "to run on IPv4 only."

141

			ewarn

142

			ewarn "This has been fixed with kernels >= 2.6.29."

143

			ewarn

144

fi

145

146

		if kernel_is -lt 2 6 33; then

147

			ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"

148

			ewarn "compliant implementation for SHA-2 HMAC support in ESP and"

149

			ewarn "miss SHA384 and SHA512 HMAC support altogether."

150

			ewarn

151

			ewarn "If you need any of those features, please use kernel >= 2.6.33."

152

			ewarn

153

fi

154

155

		if kernel_is -lt 2 6 34; then

156

			ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"

157

			ewarn "ESP cipher is only included in kernels >= 2.6.34."

158

			ewarn

159

			ewarn "If you need it, please use kernel >= 2.6.34."

160

			ewarn

161

fi

162

fi

163

164

	if use non-root; then

165

		enewgroup ${UGID}

166

		enewuser ${UGID} -1 -1 -1 ${UGID}

167

fi

168

}

169

170

src_configure() {

171

	local myconf=""

172

173

	if use non-root; then

174

		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"

175

fi

176

177

	# If a user has already enabled db support, those plugins will

178

	# most likely be desired as well. Besides they don't impose new

179

	# dependencies and come at no cost (except for space).

180

	if use mysql || use sqlite; then

181

		myconf="${myconf} --enable-attr-sql --enable-sql"

182

fi

183

184

	# strongSwan builds and installs static libs by default which are

185

	# useless to the user (and to strongSwan for that matter) because no

186

	# header files or alike get installed... so disabling them is safe.

187

	econf \

188

		--disable-static \

189

		$(use_with caps capabilities libcap) \

190

		$(use_enable curl) \

191

		$(use_enable ldap) \

192

		$(use_enable debug leak-detective) \

193

		$(use_enable eap eap-sim) \

194

		$(use_enable eap eap-sim-file) \

195

		$(use_enable eap eap-simaka-sql) \

196

		$(use_enable eap eap-simaka-pseudonym) \

197

		$(use_enable eap eap-simaka-reauth) \

198

		$(use_enable eap eap-identity) \

199

		$(use_enable eap eap-md5) \

200

		$(use_enable eap eap-gtc) \

201

		$(use_enable eap eap-aka) \

202

		$(use_enable eap eap-aka-3gpp2) \

203

		$(use_enable eap eap-mschapv2) \

204

		$(use_enable eap eap-radius) \

205

		$(use_enable openssl) \

206

		$(use_enable gcrypt) \

207

		$(use_enable mysql) \

208

		$(use_enable sqlite) \

209

		$(use_enable ikev1) \

210

		$(use_enable ikev2) \

211

		$(use_enable dhcp) \

212

		$(use_enable farp) \

213

		${myconf}

214

}

215

216

src_install() {

217

	emake DESTDIR="${D}" install || die "Install failed"

218

219

	doinitd "${FILESDIR}"/ipsec

220

221

	local dir_ugid

222

	if use non-root; then

223

		fowners ${UGID}:${UGID} \

224

			/etc/ipsec.conf \

225

			/etc/ipsec.secrets \

226

			/etc/strongswan.conf

227

228

		dir_ugid="${UGID}"

229

	else

230

		dir_ugid="root"

231

fi

232

233

	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}

234

	dodir /etc/ipsec.d \

235

		/etc/ipsec.d/aacerts \

236

		/etc/ipsec.d/acerts \

237

		/etc/ipsec.d/cacerts \

238

		/etc/ipsec.d/certs \

239

		/etc/ipsec.d/crls \

240

		/etc/ipsec.d/ocspcerts \

241

		/etc/ipsec.d/private \

242

		/etc/ipsec.d/reqs

243

244

	dodoc NEWS README TODO || die

245

246

	# shared libs are used only internally and there are no static libs,

247

	# so it's safe to get rid of the .la files

248

	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."

249

}

250

251

pkg_preinst() {

252

	has_version "<net-misc/strongswan-4.3.6-r1"

253

	upgrade_from_leq_4_3_6=$(( !$? ))

254

255

	has_version "<net-misc/strongswan-4.3.6-r1[-caps]"

256

	previous_4_3_6_with_caps=$(( !$? ))

257

}

258

259

pkg_postinst() {

260

	if ! use openssl && ! use gcrypt; then

261

		elog

262

		elog "${PN} has been compiled without both OpenSSL and libgcrypt support."

263

		elog "Please note that this might effect availability and speed of some"

264

		elog "cryptographic features. You are advised to enable the OpenSSL plugin."

265

	elif ! use openssl; then

266

		elog

267

		elog "${PN} has been compiled without the OpenSSL plugin. This might effect"

268

		elog "availability and speed of some cryptographic features. There will be"

269

		elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"

270

		elog "25, 26) and ECDSA."

271

fi

272

273

	if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then

274

		chmod 0750 "${ROOT}"/etc/ipsec.d \

275

			"${ROOT}"/etc/ipsec.d/aacerts \

276

			"${ROOT}"/etc/ipsec.d/acerts \

277

			"${ROOT}"/etc/ipsec.d/cacerts \

278

			"${ROOT}"/etc/ipsec.d/certs \

279

			"${ROOT}"/etc/ipsec.d/crls \

280

			"${ROOT}"/etc/ipsec.d/ocspcerts \

281

			"${ROOT}"/etc/ipsec.d/private \

282

			"${ROOT}"/etc/ipsec.d/reqs

283

284

		ewarn

285

		ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"

286

		ewarn "security reasons. Your system installed directories have been"

287

		ewarn "updated accordingly. Please check if necessary."

288

		ewarn

289

290

		if [[ $previous_4_3_6_with_caps == 1 ]]; then

291

			if ! use non-root; then

292

				ewarn

293

				ewarn "IMPORTANT: You previously had ${PN} installed without root"

294

				ewarn "privileges because it was implied by the 'caps' USE flag."

295

				ewarn "This has been changed. If you want ${PN} with user privileges,"

296

				ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."

297

				ewarn

298

fi

299

fi

300

fi

301

	if ! use caps && ! use non-root; then

302

		ewarn

303

		ewarn "You have decided to run ${PN} with root privileges and built it"

304

		ewarn "without support for POSIX capability dropping. It is generally"

305

		ewarn "strongly suggested that you reconsider- especially if you intend"

306

		ewarn "to run ${PN} as server with a public ip address."

307

		ewarn

308

		ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."

309

		ewarn

310

fi

311

	if use non-root; then

312

		elog

313

		elog "${PN} has been installed without superuser privileges (USE=non-root)."

314

		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"

315

		elog "but also a few to the IKEv2 daemon 'charon'."

316

		elog

317

		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"

318

		elog

319

		elog "pluto uses a helper script by default to insert/remove routing and"

320

		elog "policy rules upon connection start/stop which requires superuser"

321

		elog "privileges. charon in contrast does this internally and can do so"

322

		elog "even with reduced (user) privileges."

323

		elog

324

		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"

325

		elog "script to pluto or charon which requires superuser privileges, you"

326

		elog "can work around this limitation by using sudo to grant the"

327

		elog "user \"ipsec\" the appropriate rights."

328

		elog "For example (the default case):"

329

		elog "/etc/sudoers:"

330

		elog "  Defaults:ipsec always_set_home,!env_reset"

331

		elog "  ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"

332

		elog "Under the specific connection block in /etc/ipsec.conf:"

333

		elog "  leftupdown=\"sudo ipsec _updown\""

334

		elog

335

fi

336

	elog

337

	elog "Make sure you have _all_ required kernel modules available including"

338

	elog "the appropriate cryptographic algorithms. A list is available at:"

339

	elog "  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"

340

	elog

341

	elog "The up-to-date manual is available online at:"

342

	elog "  http://wiki.strongswan.org/"

343

	elog

344

}

1	gurligebis 12/07/01 10:45:17
2
3	Modified: strongswan-4.6.4.ebuild ChangeLog
4	Added: strongswan-5.0.0.ebuild
5	Log:
6	Bumping to 5.0.0
7
8	(Portage version: 2.2.0_alpha114/cvs/Linux i686)
9
10	Revision Changes Path
11	1.2 net-misc/strongswan/strongswan-4.6.4.ebuild
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?rev=1.2&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?rev=1.2&content-type=text/plain
15	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild?r1=1.1&r2=1.2
16
17	Index: strongswan-4.6.4.ebuild
18	===================================================================
19	RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v
20	retrieving revision 1.1
21	retrieving revision 1.2
22	diff -u -r1.1 -r1.2
23	--- strongswan-4.6.4.ebuild 31 May 2012 16:30:53 -0000 1.1
24	+++ strongswan-4.6.4.ebuild 1 Jul 2012 10:45:17 -0000 1.2
25	@@ -1,9 +1,9 @@
26	# Copyright 1999-2012 Gentoo Foundation
27	# Distributed under the terms of the GNU General Public License v2
28	-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v 1.1 2012/05/31 16:30:53 gurligebis Exp $
29	+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v 1.2 2012/07/01 10:45:17 gurligebis Exp $
30
31	EAPI=2
32	-inherit eutils linux-info
33	+inherit eutils linux-info user
34
35	DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
36	HOMEPAGE="http://www.strongswan.org/"
37
38
39
40	1.96 net-misc/strongswan/ChangeLog
41
42	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.96&view=markup
43	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?rev=1.96&content-type=text/plain
44	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/ChangeLog?r1=1.95&r2=1.96
45
46	Index: ChangeLog
47	===================================================================
48	RCS file: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v
49	retrieving revision 1.95
50	retrieving revision 1.96
51	diff -u -r1.95 -r1.96
52	--- ChangeLog 31 May 2012 16:30:53 -0000 1.95
53	+++ ChangeLog 1 Jul 2012 10:45:17 -0000 1.96
54	@@ -1,6 +1,11 @@
55	# ChangeLog for net-misc/strongswan
56	# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
57	-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.95 2012/05/31 16:30:53 gurligebis Exp $
58	+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.96 2012/07/01 10:45:17 gurligebis Exp $
59	+
60	+*strongswan-5.0.0 (01 Jul 2012)
61	+
62	+ 01 Jul 2012; <gurligebis@g.o> +strongswan-5.0.0.ebuild:
63	+ Bumping to 5.0.0
64
65	*strongswan-4.6.4 (31 May 2012)
66
67
68
69
70	1.1 net-misc/strongswan/strongswan-5.0.0.ebuild
71
72	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?rev=1.1&view=markup
73	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?rev=1.1&content-type=text/plain
74
75	Index: strongswan-5.0.0.ebuild
76	===================================================================
77	# Copyright 1999-2012 Gentoo Foundation
78	# Distributed under the terms of the GNU General Public License v2
79	# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild,v 1.1 2012/07/01 10:45:17 gurligebis Exp $
80
81	EAPI=2
82	inherit eutils linux-info user
83
84	DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
85	HOMEPAGE="http://www.strongswan.org/"
86	SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
87
88	LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"
89	SLOT="0"
90	KEYWORDS="~arm ~amd64 ~ppc ~sparc ~x86"
91	IUSE="+caps curl debug dhcp eap farp gcrypt ldap +ikev1 +ikev2 mysql +non-root +openssl sqlite"
92
93	COMMON_DEPEND="!net-misc/openswan
94	>=dev-libs/gmp-4.1.5
95	gcrypt? ( dev-libs/libgcrypt )
96	caps? ( sys-libs/libcap )
97	curl? ( net-misc/curl )
98	ldap? ( net-nds/openldap )
99	openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )
100	mysql? ( virtual/mysql )
101	sqlite? ( >=dev-db/sqlite-3.3.1 )"
102	DEPEND="${COMMON_DEPEND}
103	virtual/linux-sources
104	sys-kernel/linux-headers"
105	RDEPEND="${COMMON_DEPEND}
106	virtual/logger
107	sys-apps/iproute2"
108
109	UGID="ipsec"
110
111	pkg_setup() {
112	linux-info_pkg_setup
113	elog "Linux kernel version: ${KV_FULL}"
114
115	if ! kernel_is -ge 2 6 16; then
116	eerror
117	eerror "This ebuild currently only supports ${PN} with the"
118	eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
119	eerror
120	die "Please install a recent 2.6 kernel."
121	fi
122
123	if use nat-transport; then
124	ewarn
125	ewarn "You have enabled NAT Traversal for transport mode with the IKEv1"
126	ewarn "protocol. Please double check if you really require this feature"
127	ewarn "as it is potentially insecure and usually only required in certain"
128	ewarn "situations when interoperating with Windows using L2TP/IPsec."
129	ewarn
130	fi
131
132	if kernel_is -lt 2 6 34; then
133	ewarn
134	ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
135	ewarn
136
137	if kernel_is -lt 2 6 29; then
138	ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
139	ewarn "include all required IPv6 modules even if you just intend"
140	ewarn "to run on IPv4 only."
141	ewarn
142	ewarn "This has been fixed with kernels >= 2.6.29."
143	ewarn
144	fi
145
146	if kernel_is -lt 2 6 33; then
147	ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
148	ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
149	ewarn "miss SHA384 and SHA512 HMAC support altogether."
150	ewarn
151	ewarn "If you need any of those features, please use kernel >= 2.6.33."
152	ewarn
153	fi
154
155	if kernel_is -lt 2 6 34; then
156	ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
157	ewarn "ESP cipher is only included in kernels >= 2.6.34."
158	ewarn
159	ewarn "If you need it, please use kernel >= 2.6.34."
160	ewarn
161	fi
162	fi
163
164	if use non-root; then
165	enewgroup ${UGID}
166	enewuser ${UGID} -1 -1 -1 ${UGID}
167	fi
168	}
169
170	src_configure() {
171	local myconf=""
172
173	if use non-root; then
174	myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
175	fi
176
177	# If a user has already enabled db support, those plugins will
178	# most likely be desired as well. Besides they don't impose new
179	# dependencies and come at no cost (except for space).
180	if use mysql \|\| use sqlite; then
181	myconf="${myconf} --enable-attr-sql --enable-sql"
182	fi
183
184	# strongSwan builds and installs static libs by default which are
185	# useless to the user (and to strongSwan for that matter) because no
186	# header files or alike get installed... so disabling them is safe.
187	econf \
188	--disable-static \
189	$(use_with caps capabilities libcap) \
190	$(use_enable curl) \
191	$(use_enable ldap) \
192	$(use_enable debug leak-detective) \
193	$(use_enable eap eap-sim) \
194	$(use_enable eap eap-sim-file) \
195	$(use_enable eap eap-simaka-sql) \
196	$(use_enable eap eap-simaka-pseudonym) \
197	$(use_enable eap eap-simaka-reauth) \
198	$(use_enable eap eap-identity) \
199	$(use_enable eap eap-md5) \
200	$(use_enable eap eap-gtc) \
201	$(use_enable eap eap-aka) \
202	$(use_enable eap eap-aka-3gpp2) \
203	$(use_enable eap eap-mschapv2) \
204	$(use_enable eap eap-radius) \
205	$(use_enable openssl) \
206	$(use_enable gcrypt) \
207	$(use_enable mysql) \
208	$(use_enable sqlite) \
209	$(use_enable ikev1) \
210	$(use_enable ikev2) \
211	$(use_enable dhcp) \
212	$(use_enable farp) \
213	${myconf}
214	}
215
216	src_install() {
217	emake DESTDIR="${D}" install \|\| die "Install failed"
218
219	doinitd "${FILESDIR}"/ipsec
220
221	local dir_ugid
222	if use non-root; then
223	fowners ${UGID}:${UGID} \
224	/etc/ipsec.conf \
225	/etc/ipsec.secrets \
226	/etc/strongswan.conf
227
228	dir_ugid="${UGID}"
229	else
230	dir_ugid="root"
231	fi
232
233	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
234	dodir /etc/ipsec.d \
235	/etc/ipsec.d/aacerts \
236	/etc/ipsec.d/acerts \
237	/etc/ipsec.d/cacerts \
238	/etc/ipsec.d/certs \
239	/etc/ipsec.d/crls \
240	/etc/ipsec.d/ocspcerts \
241	/etc/ipsec.d/private \
242	/etc/ipsec.d/reqs
243
244	dodoc NEWS README TODO \|\| die
245
246	# shared libs are used only internally and there are no static libs,
247	# so it's safe to get rid of the .la files
248	find "${D}" -name '*.la' -delete \|\| die "Failed to remove .la files."
249	}
250
251	pkg_preinst() {
252	has_version "<net-misc/strongswan-4.3.6-r1"
253	upgrade_from_leq_4_3_6=$(( !$? ))
254
255	has_version "<net-misc/strongswan-4.3.6-r1[-caps]"
256	previous_4_3_6_with_caps=$(( !$? ))
257	}
258
259	pkg_postinst() {
260	if ! use openssl && ! use gcrypt; then
261	elog
262	elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
263	elog "Please note that this might effect availability and speed of some"
264	elog "cryptographic features. You are advised to enable the OpenSSL plugin."
265	elif ! use openssl; then
266	elog
267	elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
268	elog "availability and speed of some cryptographic features. There will be"
269	elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
270	elog "25, 26) and ECDSA."
271	fi
272
273	if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
274	chmod 0750 "${ROOT}"/etc/ipsec.d \
275	"${ROOT}"/etc/ipsec.d/aacerts \
276	"${ROOT}"/etc/ipsec.d/acerts \
277	"${ROOT}"/etc/ipsec.d/cacerts \
278	"${ROOT}"/etc/ipsec.d/certs \
279	"${ROOT}"/etc/ipsec.d/crls \
280	"${ROOT}"/etc/ipsec.d/ocspcerts \
281	"${ROOT}"/etc/ipsec.d/private \
282	"${ROOT}"/etc/ipsec.d/reqs
283
284	ewarn
285	ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
286	ewarn "security reasons. Your system installed directories have been"
287	ewarn "updated accordingly. Please check if necessary."
288	ewarn
289
290	if [[ $previous_4_3_6_with_caps == 1 ]]; then
291	if ! use non-root; then
292	ewarn
293	ewarn "IMPORTANT: You previously had ${PN} installed without root"
294	ewarn "privileges because it was implied by the 'caps' USE flag."
295	ewarn "This has been changed. If you want ${PN} with user privileges,"
296	ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
297	ewarn
298	fi
299	fi
300	fi
301	if ! use caps && ! use non-root; then
302	ewarn
303	ewarn "You have decided to run ${PN} with root privileges and built it"
304	ewarn "without support for POSIX capability dropping. It is generally"
305	ewarn "strongly suggested that you reconsider- especially if you intend"
306	ewarn "to run ${PN} as server with a public ip address."
307	ewarn
308	ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
309	ewarn
310	fi
311	if use non-root; then
312	elog
313	elog "${PN} has been installed without superuser privileges (USE=non-root)."
314	elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
315	elog "but also a few to the IKEv2 daemon 'charon'."
316	elog
317	elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
318	elog
319	elog "pluto uses a helper script by default to insert/remove routing and"
320	elog "policy rules upon connection start/stop which requires superuser"
321	elog "privileges. charon in contrast does this internally and can do so"
322	elog "even with reduced (user) privileges."
323	elog
324	elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
325	elog "script to pluto or charon which requires superuser privileges, you"
326	elog "can work around this limitation by using sudo to grant the"
327	elog "user \"ipsec\" the appropriate rights."
328	elog "For example (the default case):"
329	elog "/etc/sudoers:"
330	elog " Defaults:ipsec always_set_home,!env_reset"
331	elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
332	elog "Under the specific connection block in /etc/ipsec.conf:"
333	elog " leftupdown=\"sudo ipsec _updown\""
334	elog
335	fi
336	elog
337	elog "Make sure you have _all_ required kernel modules available including"
338	elog "the appropriate cryptographic algorithms. A list is available at:"
339	elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
340	elog
341	elog "The up-to-date manual is available online at:"
342	elog " http://wiki.strongswan.org/"
343	elog
344	}

Gentoo Archives: gentoo-commits