Gentoo Archives: gentoo-commits

From: "Anthony G. Basile (blueness)" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-firewall/ipsec-tools: ChangeLog ipsec-tools-0.8.0-r5.ebuild
Date: Fri, 28 Sep 2012 00:45:42
Message-Id: 20120928004526.D683D21601@flycatcher.gentoo.org
1 blueness 12/09/28 00:45:26
2
3 Modified: ChangeLog
4 Added: ipsec-tools-0.8.0-r5.ebuild
5 Log:
6 Fix bug #435398 and #436144
7
8 (Portage version: 2.1.11.9/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.105 net-firewall/ipsec-tools/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?rev=1.105&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?rev=1.105&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ChangeLog?r1=1.104&r2=1.105
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v
20 retrieving revision 1.104
21 retrieving revision 1.105
22 diff -u -r1.104 -r1.105
23 --- ChangeLog 27 Sep 2012 14:11:26 -0000 1.104
24 +++ ChangeLog 28 Sep 2012 00:45:26 -0000 1.105
25 @@ -1,6 +1,13 @@
26 # ChangeLog for net-firewall/ipsec-tools
27 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.104 2012/09/27 14:11:26 blueness Exp $
29 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.105 2012/09/28 00:45:26 blueness Exp $
30 +
31 +*ipsec-tools-0.8.0-r5 (28 Sep 2012)
32 +
33 + 28 Sep 2012; Anthony G. Basile <blueness@g.o>
34 + +ipsec-tools-0.8.0-r5.ebuild, +files/ipsec-tools.conf,
35 + +files/racoon.conf.d-r1, +files/racoon.init.d-r2:
36 + Fix bug #435398 and #436144
37
38 27 Sep 2012; Anthony G. Basile <blueness@g.o>
39 -ipsec-tools-0.7.3.ebuild, -ipsec-tools-0.7.3-r1.ebuild,
40
41
42
43 1.1 net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
44
45 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild?rev=1.1&view=markup
46 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild?rev=1.1&content-type=text/plain
47
48 Index: ipsec-tools-0.8.0-r5.ebuild
49 ===================================================================
50 # Copyright 1999-2012 Gentoo Foundation
51 # Distributed under the terms of the GNU General Public License v2
52 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild,v 1.1 2012/09/28 00:45:26 blueness Exp $
53
54 EAPI="4"
55
56 inherit eutils flag-o-matic autotools linux-info pam
57
58 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
59 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
60 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
61
62 LICENSE="BSD GPL-2"
63 SLOT="0"
64 KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
65 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
66
67 RDEPEND="
68 dev-libs/openssl
69 kerberos? ( virtual/krb5 )
70 ldap? ( net-nds/openldap )
71 pam? ( sys-libs/pam )
72 readline? ( sys-libs/readline )
73 selinux? (
74 sys-libs/libselinux
75 sec-policy/selinux-ipsec
76 )"
77
78 DEPEND="${RDEPEND}
79 >=sys-kernel/linux-headers-2.6.30"
80
81 pkg_preinst() {
82 if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
83 ewarn
84 ewarn "\033[1;33m**************************************************\033[00m"
85 ewarn
86 if ! has_version "net-misc/strongswan" ; then
87 ewarn "We found an earlier version of ${PN} installed."
88 ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
89 ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
90 ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
91 ewarn "rename this file for you with this upgrade. However, if"
92 ewarn "you later downgrade, you'll have to rename the file to"
93 ewarn "its orignal manually or change /etc/conf.d/racoon to point"
94 ewarn "to the new file."
95
96 if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
97 mv /etc/ipsec.conf /etc/ipsec-tools.conf
98 else
99 ewarn
100 ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
101 ewarn "Either the former doesn't exist or the later does and"
102 ewarn "I won't clobber it. Please fix this situation manually."
103 fi
104 else
105 ewarn "You had both an earlier version of ${PN} and"
106 ewarn "net-misc/strongswan installed. I can't tell whether"
107 ewarn "the configuration file, ipsec.conf, belongs to one"
108 ewarn "package or the other due to a file conflict; bug #436144."
109 ewarn "The current version of ${PN} uses ipsec-tools.conf"
110 ewarn "as its configuration file, as will future versions."
111 ewarn "Please fix this situation manually."
112 fi
113 ewarn
114 ewarn "\033[1;33m**************************************************\033[00m"
115 ewarn
116 fi
117 }
118
119 pkg_setup() {
120 linux-info_pkg_setup
121
122 get_version
123
124 if linux_config_exists && kernel_is -ge 2 6 19; then
125 ewarn
126 ewarn "\033[1;33m**************************************************\033[00m"
127 ewarn
128 ewarn "Checking kernel configuration in /usr/src/linux or"
129 ewarn "or /proc/config.gz for compatibility with ${PN}."
130 ewarn "Here are the potential problems:"
131 ewarn
132
133 local nothing="1"
134
135 # Check options for all flavors of IPSec
136 local msg=""
137 for i in XFRM_USER NET_KEY; do
138 if ! linux_chkconfig_present ${i}; then
139 msg="${msg} ${i}"
140 fi
141 done
142 if [[ ! -z "$msg" ]]; then
143 nothing="0"
144 ewarn
145 ewarn "ALL IPSec may fail. CHECK:"
146 ewarn "${msg}"
147 fi
148
149 # Check unencrypted IPSec
150 if ! linux_chkconfig_present CRYPTO_NULL; then
151 nothing="0"
152 ewarn
153 ewarn "Unencrypted IPSec may fail. CHECK:"
154 ewarn " CRYPTO_NULL"
155 fi
156
157 # Check IPv4 IPSec
158 msg=""
159 for i in \
160 INET_IPCOMP INET_AH INET_ESP \
161 INET_XFRM_MODE_TRANSPORT \
162 INET_XFRM_MODE_TUNNEL \
163 INET_XFRM_MODE_BEET
164 do
165 if ! linux_chkconfig_present ${i}; then
166 msg="${msg} ${i}"
167 fi
168 done
169 if [[ ! -z "$msg" ]]; then
170 nothing="0"
171 ewarn
172 ewarn "IPv4 IPSec may fail. CHECK:"
173 ewarn "${msg}"
174 fi
175
176 # Check IPv6 IPSec
177 if use ipv6; then
178 msg=""
179 for i in INET6_IPCOMP INET6_AH INET6_ESP \
180 INET6_XFRM_MODE_TRANSPORT \
181 INET6_XFRM_MODE_TUNNEL \
182 INET6_XFRM_MODE_BEET
183 do
184 if ! linux_chkconfig_present ${i}; then
185 msg="${msg} ${i}"
186 fi
187 done
188 if [[ ! -z "$msg" ]]; then
189 nothing="0"
190 ewarn
191 ewarn "IPv6 IPSec may fail. CHECK:"
192 ewarn "${msg}"
193 fi
194 fi
195
196 # Check IPSec behind NAT
197 if use nat; then
198 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
199 nothing="0"
200 ewarn
201 ewarn "IPSec behind NAT may fail. CHECK:"
202 ewarn " NETFILTER_XT_MATCH_POLICY"
203 fi
204 fi
205
206 if [[ $nothing == "1" ]]; then
207 ewarn "NO PROBLEMS FOUND"
208 fi
209
210 ewarn
211 ewarn "WARNING: If your *configured* and *running* kernel"
212 ewarn "differ either now or in the future, then these checks"
213 ewarn "may lead to misleading results."
214 ewarn
215 ewarn "\033[1;33m**************************************************\033[00m"
216 ewarn
217 else
218 eerror
219 eerror "\033[1;31m**************************************************\033[00m"
220 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
221 eerror "Building ${PN} now, assuming that you know what you're doing."
222 eerror "\033[1;31m**************************************************\033[00m"
223 eerror
224 fi
225 }
226
227 src_prepare() {
228 # fix for bug #124813
229 sed -i 's:-Werror::g' "${S}"/configure.ac || die
230 # fix for building with gcc-4.6
231 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
232
233 epatch "${FILESDIR}/${PN}-def-psk.patch"
234 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
235 epatch "${FILESDIR}"/${P}-sysctl.patch #425770
236
237 AT_M4DIR="${S}" eautoreconf
238 epunt_cxx
239 }
240
241 src_configure() {
242 #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
243 #--enable-samode-unspec is not supported in linux
244 local myconf
245 myconf="--with-kernel-headers=/usr/include \
246 --enable-adminport \
247 --enable-dependency-tracking \
248 --enable-dpd \
249 --enable-frag \
250 --without-libiconv \
251 --without-libradius \
252 --disable-samode-unspec \
253 $(use_enable idea) \
254 $(use_enable ipv6) \
255 $(use_enable kerberos gssapi) \
256 $(use_with ldap libldap) \
257 $(use_enable nat natt) \
258 $(use_with pam libpam) \
259 $(use_enable rc5) \
260 $(use_with readline) \
261 $(use_enable selinux security-context) \
262 $(use_enable stats)"
263
264 use nat && myconf="${myconf} --enable-natt-versions=yes"
265
266 # enable mode-cfg and xauth support
267 if use pam; then
268 myconf="${myconf} --enable-hybrid"
269 else
270 myconf="${myconf} $(use_enable hybrid)"
271 fi
272
273 econf ${myconf}
274 }
275
276 src_install() {
277 emake DESTDIR="${D}" install
278 keepdir /var/lib/racoon
279 newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
280 newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
281 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
282
283 insinto /etc
284 doins "${FILESDIR}"/ipsec-tools.conf
285 insinto /etc/racoon
286 doins "${FILESDIR}"/racoon.conf
287 doins "${FILESDIR}"/psk.txt
288 chmod 400 "${D}"/etc/racoon/psk.txt
289
290 dodoc ChangeLog README NEWS
291 dodoc -r src/racoon/samples
292 dodoc -r src/racoon/doc
293 docinto samples
294 mv ipsec.conf ipsec-tools.conf
295 newdoc src/setkey/sample.cf ipsec-tools.conf
296 }
297
298 pkg_postinst() {
299 if use nat; then
300 elog
301 elog "You have enabled the nat traversal functionnality."
302 elog "Nat versions wich are enabled by default are 00,02,rfc"
303 elog "you can find those drafts in the CVS repository:"
304 elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"
305 elog
306 elog "If you feel brave enough and you know what you are"
307 elog "doing, you can consider emerging this ebuild with"
308 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
309 elog
310 fi
311
312 if use ldap; then
313 elog
314 elog "You have enabled ldap support with {$PN}."
315 elog "The man page does NOT contain any information on it yet."
316 elog "Consider using a more recent version or CVS."
317 elog
318 fi
319
320 elog
321 elog "Please have a look in /usr/share/doc/${P} and visit"
322 elog "http://www.netbsd.org/Documentation/network/ipsec/"
323 elog "to find more information on how to configure this tool."
324 elog
325 }