Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
Date: Thu, 27 Sep 2012 14:20:23
Message-Id: 1348755590.83d1e5996f0a489a306a650e10b56bccda70c5f5.blueness@gentoo
1 commit: 83d1e5996f0a489a306a650e10b56bccda70c5f5
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Sep 27 14:19:50 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Thu Sep 27 14:19:50 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=83d1e599
7
8 net-firewall/ipsec-tools: staging to fix bugs #435398 and #436144
9
10 ---
11 net-firewall/ipsec-tools/Manifest | 13 +
12 .../files/ipsec-tools-0.8.0-sysctl.patch | 22 ++
13 .../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 ++
14 .../files/ipsec-tools-include-vendoridh.patch | 11 +
15 net-firewall/ipsec-tools/files/ipsec.conf | 26 +++
16 net-firewall/ipsec-tools/files/psk.txt | 10 +
17 net-firewall/ipsec-tools/files/racoon.conf | 33 +++
18 net-firewall/ipsec-tools/files/racoon.conf.d-r1 | 18 ++
19 net-firewall/ipsec-tools/files/racoon.init.d | 58 +++++
20 net-firewall/ipsec-tools/files/racoon.init.d-r2 | 56 +++++
21 net-firewall/ipsec-tools/files/racoon.pam.d | 4 +
22 .../ipsec-tools/ipsec-tools-0.8.0-r5.ebuild | 237 ++++++++++++++++++++
23 net-firewall/ipsec-tools/metadata.xml | 14 ++
24 13 files changed, 527 insertions(+), 0 deletions(-)
25
26 diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
27 new file mode 100644
28 index 0000000..c6d0c05
29 --- /dev/null
30 +++ b/net-firewall/ipsec-tools/Manifest
31 @@ -0,0 +1,13 @@
32 +AUX ipsec-tools-0.8.0-sysctl.patch 485 SHA256 eb94a1f77ac9c194e51c2f64b65d9c8f70ff109fdfe77f72801449277b7312f4 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 WHIRLPOOL 54c8f99ef2881e0fdf1e1aaf7c7908e9fac31326da9a15df160f81f4b9a8bb7a4db738ebd8c888c9a0bfae7e558c48231cb6413e1e953309a658ad12bfb9e106
33 +AUX ipsec-tools-def-psk.patch 907 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 WHIRLPOOL cfe93bc7e71aa627b973b416acfcdf9f9346ef5237726a079a0da3a383f949bb780624482f1f17b93cc43fc786711c4d8d3abc173f600f05d8790639cbed911a
34 +AUX ipsec-tools-include-vendoridh.patch 434 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c WHIRLPOOL 1507b428ab919b0e45125ec4901af6b3a764a33c98cae6e2df0c061432414cb61e980606d24f55054d4433203f5eca3a123d4dd6dfd74645d7bc222f66cab1bd
35 +AUX ipsec.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437
36 +AUX psk.txt 293 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08 SHA512 ed09588bcbf9b16e4e18315c7b9a7667788b4ab26cd962376430c316cfb0ee5a30ff26910190731b287c1a1b5927951a79f71a096071e73d67dc867a455b14cf WHIRLPOOL fe1aadd94612e742029d6e0be7401f2994c9fed4fec899f3fc09c90cb134aca710c41a083164d6cece46b331652ddb3b76720c60bc40b837243b329db7eb60db
37 +AUX racoon.conf 772 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3 SHA512 8876920331b4003fd096f1997e1266a12783120e390cea55ca283a8fd6485552b54e87f60e75f33409a4cdb99171d2358953287edd47ddeac8bda6da0cc8becc WHIRLPOOL 12c55b1f5e67592483c2602040454f7c0e511c4867b0ed1e7acb593d3ffd0b2b2bfe7a5defb900eb8759006b4382d8c3d891ace2472d772e223e68eb99bd72cc
38 +AUX racoon.conf.d-r1 606 SHA256 a5bac8d1d84d11651027f4264a9adac85d18ea8f126abb504397a866695d2ddd SHA512 c2f12c2829e8f1852a81104feb6b5f4afa58394fa46b65347ec30d469a822b748d3e317023ec0f060c20242988692ab76eba52fdc5f473e393c563243ff53c1d WHIRLPOOL 58a48357c475e927cb3d659582bb8c9b8ae10f1164c1831300375694a33052454dd65a29a0c869f17915f3d36aa2772b64811f44920f57d9de8cf2eb5f3df485
39 +AUX racoon.init.d 1314 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75 SHA512 ef882fde450ac1bd4ce4acfefa498699c1959d6a1fa9eb2ea210446007f8107c2203e5fb6c0ef5f21e7687479569bffe84a3815f32748fb103140fa2e8f3737a WHIRLPOOL d31da300e79211dff92568d9d6901b3cefaabbae57806b45f2e61031e11b4ba8afd53b3a2742e9174110291716a53910deb1a188da3ec279f5af2edcfa9281dc
40 +AUX racoon.init.d-r2 1232 SHA256 d31ca0615464fbc8a3a2a6c6b308ab937e795ca6a1ca7d1a54eadff20caf9825 SHA512 1fa08aff6fe116e8c440600a23bb78385716ad6ab0e6b28d28d63516b9d67c6c592bcd876b198bf6bffa11efe97772399db66c1d2b57e9eaa494983495313f5e WHIRLPOOL d0b691de48313962b04e7a86aeeee1933b03fbbfe322e5e7662229a84d5d5d794bcbb51d0ef45160c25856ec4e1f4e15b435134ddea3378633f5116547c375d7
41 +AUX racoon.pam.d 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
42 +DIST ipsec-tools-0.8.0.tar.bz2 809297 SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 SHA512 3bec6bab4fe555612f1d48966e797202830f5254a8d2146a14d268ff0c68445af790285214db41ab08ee4888625e8e680c3b848c30789d836169d1612a25fe2c WHIRLPOOL 862d2bbf78aca8c9e01e00c995aeb3b662e1ea4a769081b9880a3fee7821ef5968e10fe75d9671268979188c7ca3b91d507a1fc9a097729d0648bc4c965e675d
43 +EBUILD ipsec-tools-0.8.0-r5.ebuild 6061 SHA256 2e7af21ab29e463023165f1404b6033cb21130b4ab147584954d6b941b9d6f16 SHA512 2ab81dee9a018b3010c67abc86a22ee911f41f92bf6a6c75ed19df057d3383aa036e9d476662ce11cb625be9d965aa70e23ef9e0a66d08d3f507c5e7016ebd82 WHIRLPOOL 4a3d73da40c3d8ce2f69d090cd7cd8c45760f0403370be3fc80b0f74dfb5c2c5df219776b3b783f187b9e7c414c9e63e0af6bbd759c8a600734f6ec6a3a7d2e0
44 +MISC metadata.xml 537 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40 SHA512 9b26b2cd54e00527201339c3936ac717c57fe596e470d84e0dc0715f778b5797488b6cac61dea83bab61714a23a88e44dbd537bfeeb2b37d285653dcb838fab5 WHIRLPOOL a0dd0b61f957875ca3c50db5aa66470ed493be9c4f002bd165d75b41a8ca51cbcfd2567b4702bf1845b8e0a1ca54239e6ed163098d8b613d1f9f459192acc14e
45
46 diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
47 new file mode 100644
48 index 0000000..5c69bbb
49 --- /dev/null
50 +++ b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
51 @@ -0,0 +1,22 @@
52 +https://bugs.gentoo.org/425770
53 +
54 +--- a/src/racoon/pfkey.c
55 ++++ b/src/racoon/pfkey.c
56 +@@ -59,7 +59,6 @@
57 + #include <sys/param.h>
58 + #include <sys/socket.h>
59 + #include <sys/queue.h>
60 +-#include <sys/sysctl.h>
61 +
62 + #include <net/route.h>
63 + #include <net/pfkeyv2.h>
64 +--- a/src/setkey/setkey.c
65 ++++ b/src/setkey/setkey.c
66 +@@ -40,7 +40,6 @@
67 + #include <sys/socket.h>
68 + #include <sys/time.h>
69 + #include <sys/stat.h>
70 +-#include <sys/sysctl.h>
71 + #include <err.h>
72 + #include <netinet/in.h>
73 + #include <net/pfkeyv2.h>
74
75 diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
76 new file mode 100644
77 index 0000000..f351860
78 --- /dev/null
79 +++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
80 @@ -0,0 +1,25 @@
81 +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
82 +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
83 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
84 +@@ -2498,8 +2498,21 @@
85 + plog(LLV_ERROR, LOCATION, iph1->remote,
86 + "couldn't find the pskey for %s.\n",
87 + saddrwop2str(iph1->remote));
88 ++ }
89 ++ }
90 ++ if (iph1->authstr == NULL) {
91 ++ /*
92 ++ * If we could not locate a psk above try and locate
93 ++ * the default psk, ie, "*".
94 ++ */
95 ++ iph1->authstr = privsep_getpsk("*", 1);
96 ++ if (iph1->authstr == NULL) {
97 ++ plog(LLV_ERROR, LOCATION, iph1->remote,
98 ++ "couldn't find the the default pskey either.\n");
99 + goto end;
100 + }
101 ++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
102 ++ "Using default PSK.\n");
103 + }
104 + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
105 + /* should be secret PSK */
106
107 diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
108 new file mode 100644
109 index 0000000..2e22c82
110 --- /dev/null
111 +++ b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
112 @@ -0,0 +1,11 @@
113 +diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
114 +--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
115 ++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
116 +@@ -87,6 +87,7 @@
117 + #ifdef HAVE_GSSAPI
118 + #include <iconv.h>
119 + #include "gssapi.h"
120 ++#include "vendorid.h"
121 + #ifdef HAVE_ICONV_2ND_CONST
122 + #define __iconv_const const
123 + #else
124
125 diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec.conf
126 new file mode 100644
127 index 0000000..bfff04a
128 --- /dev/null
129 +++ b/net-firewall/ipsec-tools/files/ipsec.conf
130 @@ -0,0 +1,26 @@
131 +#!/usr/sbin/setkey -f
132 +#
133 +# THIS IS A SAMPLE FILE!
134 +#
135 +# This is a sample file to test Gentoo's ipsec-tools out of the box.
136 +# Do not use it in production. See: http://www.ipsec-howto.org/
137 +#
138 +flush;
139 +spdflush;
140 +
141 +#
142 +# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
143 +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
144 +#
145 +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
146 +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
147 +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
148 +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
149 +
150 +#
151 +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
152 +#
153 +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
154 +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
155 +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
156 +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
157
158 diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt
159 new file mode 100644
160 index 0000000..97f5180
161 --- /dev/null
162 +++ b/net-firewall/ipsec-tools/files/psk.txt
163 @@ -0,0 +1,10 @@
164 +# THIS IS A SAMPLE FILE!
165 +#
166 +# This is a sample file to test Gentoo's ipsec-tools out of the box.
167 +# Do not use it in production. See: http://www.ipsec-howto.org/
168 +#
169 +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
170 +#
171 +# Peer IP/FQDN Secret
172 +# 192.168.3.25 sample
173 +192.168.3.21 sample
174
175 diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf
176 new file mode 100644
177 index 0000000..2e9206d
178 --- /dev/null
179 +++ b/net-firewall/ipsec-tools/files/racoon.conf
180 @@ -0,0 +1,33 @@
181 +# THIS IS A SAMPLE FILE!
182 +#
183 +# This is a sample file to test Gentoo's ipsec-tools out of the box.
184 +# Do not use it in production. See: http://www.ipsec-howto.org/
185 +#
186 +path pre_shared_key "/etc/racoon/psk.txt";
187 +
188 +#
189 +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
190 +#
191 +#remote 192.168.3.25
192 +remote 192.168.3.21
193 +{
194 + exchange_mode main;
195 + proposal {
196 + encryption_algorithm 3des;
197 + hash_algorithm md5;
198 + authentication_method pre_shared_key;
199 + dh_group modp1024;
200 + }
201 +}
202 +
203 +#
204 +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
205 +#
206 +#sainfo address 192.168.3.21 any address 192.168.3.25 any
207 +sainfo address 192.168.3.25 any address 192.168.3.21 any
208 +{
209 + pfs_group modp768;
210 + encryption_algorithm 3des;
211 + authentication_algorithm hmac_md5;
212 + compression_algorithm deflate;
213 +}
214
215 diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
216 new file mode 100644
217 index 0000000..b201e40
218 --- /dev/null
219 +++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
220 @@ -0,0 +1,18 @@
221 +# Copyright 1999-2012 Gentoo Foundation
222 +# Distributed under the terms of the GNU General Public License v2
223 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.4 2012/03/09 02:55:47 blueness Exp $
224 +
225 +# Config file for /etc/init.d/racoon
226 +
227 +# See the man page or run `racoon --help` for valid command-line options
228 +# RACOON_OPTS="-d"
229 +
230 +RACOON_CONF="/etc/racoon/racoon.conf"
231 +RACOON_PSK_FILE="/etc/racoon/psk.txt"
232 +SETKEY_CONF="/etc/ipsec.conf"
233 +
234 +# Comment or remove the following if you don't want the policy tables
235 +# to be flushed when racoon is stopped.
236 +
237 +RACOON_RESET_TABLES="true"
238 +
239
240 diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
241 new file mode 100644
242 index 0000000..16fdec7
243 --- /dev/null
244 +++ b/net-firewall/ipsec-tools/files/racoon.init.d
245 @@ -0,0 +1,58 @@
246 +#!/sbin/runscript
247 +# Copyright 1999-2004 Gentoo Foundation
248 +# Distributed under the terms of the GNU General Public License v2
249 +
250 +depend() {
251 + before netmount
252 + use net
253 +}
254 +
255 +checkconfig() {
256 + if [ ! -e ${SETKEY_CONF} ] ; then
257 + eerror "You need to configure setkey before starting racoon."
258 + return 1
259 + fi
260 + if [ ! -e ${RACOON_CONF} ] ; then
261 + eerror "You need a configuration file to start racoon."
262 + return 1
263 + fi
264 + if [ ! -z ${RACOON_PSK_FILE} ] ; then
265 + if [ ! -f ${RACOON_PSK_FILE} ] ; then
266 + eerror "PSK file not found as specified."
267 + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
268 + return 1
269 + fi
270 + case "`ls -Lldn ${RACOON_PSK_FILE}`" in
271 + -r--------*)
272 + ;;
273 + *)
274 + eerror "Your defined PSK file should be mode 400 for security!"
275 + return 1
276 + ;;
277 + esac
278 + fi
279 +}
280 +
281 +start() {
282 + checkconfig || return 1
283 + einfo "Loading ipsec policies from ${SETKEY_CONF}."
284 + /usr/sbin/setkey -f ${SETKEY_CONF}
285 + if [ $? -eq 1 ] ; then
286 + eerror "Error while loading ipsec policies"
287 + fi
288 + ebegin "Starting racoon"
289 + start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
290 + eend $?
291 +}
292 +
293 +stop() {
294 + ebegin "Stopping racoon"
295 + start-stop-daemon -K -p /var/run/racoon.pid
296 + eend $?
297 + if [ -n "${RACOON_RESET_TABLES}" ]; then
298 + ebegin "Flushing policy entries"
299 + /usr/sbin/setkey -F
300 + /usr/sbin/setkey -FP
301 + eend $?
302 + fi
303 +}
304
305 diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2
306 new file mode 100644
307 index 0000000..04b5752
308 --- /dev/null
309 +++ b/net-firewall/ipsec-tools/files/racoon.init.d-r2
310 @@ -0,0 +1,56 @@
311 +#!/sbin/runscript
312 +# Copyright 1999-2012 Gentoo Foundation
313 +# Distributed under the terms of the GNU General Public License v2
314 +
315 +depend() {
316 + before netmount
317 + use net
318 +}
319 +
320 +checkconfig() {
321 + if [ ! -e ${SETKEY_CONF} ] ; then
322 + eerror "You need to configure setkey before starting racoon."
323 + return 1
324 + fi
325 + if [ ! -e ${RACOON_CONF} ] ; then
326 + eerror "You need a configuration file to start racoon."
327 + return 1
328 + fi
329 + if [ ! -z ${RACOON_PSK_FILE} ] ; then
330 + if [ ! -f ${RACOON_PSK_FILE} ] ; then
331 + eerror "PSK file not found as specified."
332 + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
333 + return 1
334 + fi
335 + case "`ls -Lldn ${RACOON_PSK_FILE}`" in
336 + -r--------*)
337 + ;;
338 + *)
339 + eerror "Your defined PSK file should be mode 400 for security!"
340 + return 1
341 + ;;
342 + esac
343 + fi
344 +}
345 +
346 +command=/usr/sbin/racoon
347 +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
348 +pidfile=/var/run/racoon.pid
349 +
350 +start_pre() {
351 + checkconfig || return 1
352 + einfo "Loading ipsec policies from ${SETKEY_CONF}."
353 + /usr/sbin/setkey -f ${SETKEY_CONF}
354 + if [ $? -eq 1 ] ; then
355 + eerror "Error while loading ipsec policies"
356 + fi
357 +}
358 +
359 +stop_post() {
360 + if [ -n "${RACOON_RESET_TABLES}" ]; then
361 + ebegin "Flushing policy entries"
362 + /usr/sbin/setkey -F
363 + /usr/sbin/setkey -FP
364 + eend $?
365 + fi
366 +}
367
368 diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d
369 new file mode 100644
370 index 0000000..b801aaa
371 --- /dev/null
372 +++ b/net-firewall/ipsec-tools/files/racoon.pam.d
373 @@ -0,0 +1,4 @@
374 +auth include system-remote-login
375 +account include system-remote-login
376 +password include system-remote-login
377 +session include system-remote-login
378
379 diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
380 new file mode 100644
381 index 0000000..86dbe75
382 --- /dev/null
383 +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
384 @@ -0,0 +1,237 @@
385 +# Copyright 1999-2012 Gentoo Foundation
386 +# Distributed under the terms of the GNU General Public License v2
387 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild,v 1.2 2012/09/25 01:12:33 vapier Exp $
388 +
389 +EAPI="4"
390 +
391 +inherit eutils flag-o-matic autotools linux-info pam
392 +
393 +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
394 +HOMEPAGE="http://ipsec-tools.sourceforge.net/"
395 +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
396 +
397 +LICENSE="BSD GPL-2"
398 +SLOT="0"
399 +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
400 +IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
401 +
402 +RDEPEND="
403 + dev-libs/openssl
404 + kerberos? ( virtual/krb5 )
405 + ldap? ( net-nds/openldap )
406 + pam? ( sys-libs/pam )
407 + readline? ( sys-libs/readline )
408 + selinux? (
409 + sys-libs/libselinux
410 + sec-policy/selinux-ipsec
411 + )"
412 +
413 +DEPEND="${RDEPEND}
414 + >=sys-kernel/linux-headers-2.6.30"
415 +
416 +pkg_setup() {
417 + linux-info_pkg_setup
418 +
419 + get_version
420 +
421 + if linux_config_exists && kernel_is -ge 2 6 19; then
422 + ewarn
423 + ewarn "\033[1;33m**************************************************\033[00m"
424 + ewarn
425 + ewarn "Checking kernel configuration in /usr/src/linux or"
426 + ewarn "or /proc/config.gz for compatibility with ${PN}."
427 + ewarn "Here are the potential problems:"
428 + ewarn
429 +
430 + local nothing="1"
431 +
432 + # Check options for all flavors of IPSec
433 + local msg=""
434 + for i in XFRM_USER NET_KEY; do
435 + if ! linux_chkconfig_present ${i}; then
436 + msg="${msg} ${i}"
437 + fi
438 + done
439 + if [[ ! -z "$msg" ]]; then
440 + nothing="0"
441 + ewarn
442 + ewarn "ALL IPSec may fail. CHECK:"
443 + ewarn "${msg}"
444 + fi
445 +
446 + # Check unencrypted IPSec
447 + if ! linux_chkconfig_present CRYPTO_NULL; then
448 + nothing="0"
449 + ewarn
450 + ewarn "Unencrypted IPSec may fail. CHECK:"
451 + ewarn " CRYPTO_NULL"
452 + fi
453 +
454 + # Check IPv4 IPSec
455 + msg=""
456 + for i in \
457 + INET_IPCOMP INET_AH INET_ESP \
458 + INET_XFRM_MODE_TRANSPORT \
459 + INET_XFRM_MODE_TUNNEL \
460 + INET_XFRM_MODE_BEET
461 + do
462 + if ! linux_chkconfig_present ${i}; then
463 + msg="${msg} ${i}"
464 + fi
465 + done
466 + if [[ ! -z "$msg" ]]; then
467 + nothing="0"
468 + ewarn
469 + ewarn "IPv4 IPSec may fail. CHECK:"
470 + ewarn "${msg}"
471 + fi
472 +
473 + # Check IPv6 IPSec
474 + if use ipv6; then
475 + msg=""
476 + for i in INET6_IPCOMP INET6_AH INET6_ESP \
477 + INET6_XFRM_MODE_TRANSPORT \
478 + INET6_XFRM_MODE_TUNNEL \
479 + INET6_XFRM_MODE_BEET
480 + do
481 + if ! linux_chkconfig_present ${i}; then
482 + msg="${msg} ${i}"
483 + fi
484 + done
485 + if [[ ! -z "$msg" ]]; then
486 + nothing="0"
487 + ewarn
488 + ewarn "IPv6 IPSec may fail. CHECK:"
489 + ewarn "${msg}"
490 + fi
491 + fi
492 +
493 + # Check IPSec behind NAT
494 + if use nat; then
495 + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
496 + nothing="0"
497 + ewarn
498 + ewarn "IPSec behind NAT may fail. CHECK:"
499 + ewarn " NETFILTER_XT_MATCH_POLICY"
500 + fi
501 + fi
502 +
503 + if [[ $nothing == "1" ]]; then
504 + ewarn "NO PROBLEMS FOUND"
505 + fi
506 +
507 + ewarn
508 + ewarn "WARNING: If your *configured* and *running* kernel"
509 + ewarn "differ either now or in the future, then these checks"
510 + ewarn "may lead to misleading results."
511 + ewarn
512 + ewarn "\033[1;33m**************************************************\033[00m"
513 + ewarn
514 + else
515 + eerror
516 + eerror "\033[1;31m**************************************************\033[00m"
517 + eerror "Make sure that your *running* kernel is/will be >=2.6.19."
518 + eerror "Building ${PN} now, assuming that you know what you're doing."
519 + eerror "\033[1;31m**************************************************\033[00m"
520 + eerror
521 + fi
522 +}
523 +
524 +src_prepare() {
525 + # fix for bug #124813
526 + sed -i 's:-Werror::g' "${S}"/configure.ac || die
527 + # fix for building with gcc-4.6
528 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
529 +
530 + epatch "${FILESDIR}/${PN}-def-psk.patch"
531 + epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
532 + epatch "${FILESDIR}"/${P}-sysctl.patch #425770
533 +
534 + AT_M4DIR="${S}" eautoreconf
535 + epunt_cxx
536 +}
537 +
538 +src_configure() {
539 + #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
540 + #--enable-samode-unspec is not supported in linux
541 + local myconf
542 + myconf="--with-kernel-headers=/usr/include \
543 + --enable-adminport \
544 + --enable-dependency-tracking \
545 + --enable-dpd \
546 + --enable-frag \
547 + --without-libiconv \
548 + --without-libradius \
549 + --disable-samode-unspec \
550 + $(use_enable idea) \
551 + $(use_enable ipv6) \
552 + $(use_enable kerberos gssapi) \
553 + $(use_with ldap libldap) \
554 + $(use_enable nat natt) \
555 + $(use_with pam libpam) \
556 + $(use_enable rc5) \
557 + $(use_with readline) \
558 + $(use_enable selinux security-context) \
559 + $(use_enable stats)"
560 +
561 + use nat && myconf="${myconf} --enable-natt-versions=yes"
562 +
563 + # enable mode-cfg and xauth support
564 + if use pam; then
565 + myconf="${myconf} --enable-hybrid"
566 + else
567 + myconf="${myconf} $(use_enable hybrid)"
568 + fi
569 +
570 + econf ${myconf}
571 +}
572 +
573 +src_install() {
574 + emake DESTDIR="${D}" install
575 + keepdir /var/lib/racoon
576 + newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
577 + newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
578 + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
579 +
580 + insinto /etc
581 + doins "${FILESDIR}"/ipsec.conf
582 + insinto /etc/racoon
583 + doins "${FILESDIR}"/racoon.conf
584 + doins "${FILESDIR}"/psk.txt
585 + chmod 400 "${D}"/etc/racoon/psk.txt
586 +
587 + dodoc ChangeLog README NEWS
588 + dodoc -r src/racoon/samples
589 + dodoc -r src/racoon/doc
590 + docinto samples
591 + newdoc src/setkey/sample.cf ipsec.conf
592 +}
593 +
594 +pkg_postinst() {
595 + if use nat; then
596 + elog
597 + elog "You have enabled the nat traversal functionnality."
598 + elog "Nat versions wich are enabled by default are 00,02,rfc"
599 + elog "you can find those drafts in the CVS repository:"
600 + elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"
601 + elog
602 + elog "If you feel brave enough and you know what you are"
603 + elog "doing, you can consider emerging this ebuild with"
604 + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
605 + elog
606 + fi
607 +
608 + if use ldap; then
609 + elog
610 + elog "You have enabled ldap support with {$PN}."
611 + elog "The man page does NOT contain any information on it yet."
612 + elog "Consider using a more recent version or CVS."
613 + elog
614 + fi
615 +
616 + elog
617 + elog "Please have a look in /usr/share/doc/${P} and visit"
618 + elog "http://www.netbsd.org/Documentation/network/ipsec/"
619 + elog "to find more information on how to configure this tool."
620 + elog
621 +}
622
623 diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
624 new file mode 100644
625 index 0000000..6e6434c
626 --- /dev/null
627 +++ b/net-firewall/ipsec-tools/metadata.xml
628 @@ -0,0 +1,14 @@
629 +<?xml version="1.0" encoding="UTF-8"?>
630 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
631 +<pkgmetadata>
632 + <maintainer>
633 + <email>blueness@g.o</email>
634 + </maintainer>
635 + <use>
636 + <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
637 + <flag name='idea'>Enable support for the IDEA algorithm</flag>
638 + <flag name='nat'>Enable NAT-Traversal</flag>
639 + <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
640 + <flag name='stats'>Enable statistics reporting</flag>
641 + </use>
642 +</pkgmetadata>
Report Message
Find on MARC Find on Google Groups