[gentoo-commits] repo/gentoo:master commit in: net-firewall/ipsec-tools/files/, net-firewall/ipsec-tools/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-firewall/ipsec-tools/files/, net-firewall/ipsec-tools/
Date:	Fri, 27 Nov 2015 22:24:43
Message-Id:	`1448663491.3655190898eff1e14dbf435f04aa8d14946eeaf8.blueness@gentoo`

1

commit:     3655190898eff1e14dbf435f04aa8d14946eeaf8

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Fri Nov 27 22:31:31 2015 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Fri Nov 27 22:31:31 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36551908

7

8

net-firewall/ipsec-tools: add systemd unit files.

9

10

See: https://github.com/gentoo/gentoo/pull/350

11

12

Package-Manager: portage-2.2.20.1

13

14

 net-firewall/ipsec-tools/files/ipsec.service       |  12 +

15

 net-firewall/ipsec-tools/files/racoon.service      |  11 +

16

 .../ipsec-tools/ipsec-tools-0.8.2-r1.ebuild        | 279 +++++++++++++++++++++

17

 3 files changed, 302 insertions(+)

18

19

diff --git a/net-firewall/ipsec-tools/files/ipsec.service b/net-firewall/ipsec-tools/files/ipsec.service

20

new file mode 100644

21

index 0000000..0341aa7

22

--- /dev/null

23

+++ b/net-firewall/ipsec-tools/files/ipsec.service

24

@@ -0,0 +1,12 @@

25

+[Unit]

26

+Description=Load IPSec Security Policy Database

27

+After=syslog.target network.target

28

+

29

+[Service]

30

+Type=oneshot

31

+RemainAfterExit=true

32

+ExecStart=/usr/sbin/setkey -k -f /etc/ipsec-tools.conf

33

+ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F

34

+

35

+[Install]

36

+WantedBy=multi-user.target

37

38

diff --git a/net-firewall/ipsec-tools/files/racoon.service b/net-firewall/ipsec-tools/files/racoon.service

39

new file mode 100644

40

index 0000000..dd72827

41

--- /dev/null

42

+++ b/net-firewall/ipsec-tools/files/racoon.service

43

@@ -0,0 +1,11 @@

44

+[Unit]

45

+Description=Racoon IKEv1 key management daemon for IPSEC

46

+After=syslog.target network.target

47

+Requires=ipsec.service

48

+

49

+[Service]

50

+Type=forking

51

+ExecStart=/usr/sbin/racoon -f /etc/racoon/racoon.conf

52

+

53

+[Install]

54

+WantedBy=multi-user.target

55

56

diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild

57

new file mode 100644

58

index 0000000..1f45d9e

59

--- /dev/null

60

+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild

61

@@ -0,0 +1,279 @@

62

+# Copyright 1999-2015 Gentoo Foundation

63

+# Distributed under the terms of the GNU General Public License v2

64

+# $Id$

65

+

66

+EAPI="5"

67

+

68

+inherit eutils flag-o-matic autotools linux-info pam systemd

69

+

70

+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"

71

+HOMEPAGE="http://ipsec-tools.sourceforge.net/"

72

+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"

73

+

74

+LICENSE="BSD GPL-2"

75

+SLOT="0"

76

+KEYWORDS="~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~x86"

77

+IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"

78

+

79

+CDEPEND="

80

+	dev-libs/openssl:0=

81

+	kerberos? ( virtual/krb5 )

82

+	ldap? ( net-nds/openldap )

83

+	pam? ( sys-libs/pam )

84

+	readline? ( sys-libs/readline:0= )

85

+	selinux? ( sys-libs/libselinux )"

86

+

87

+DEPEND="${CDEPEND}

88

+	>=sys-kernel/linux-headers-2.6.30"

89

+

90

+RDEPEND="${CDEPEND}

91

+	selinux? ( sec-policy/selinux-ipsec )

92

+"

93

+

94

+pkg_preinst() {

95

+	if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then

96

+		ewarn

97

+		ewarn "\033[1;33m**************************************************\033[00m"

98

+		ewarn

99

+		if ! has_version "net-misc/strongswan" &&

100

+			! has_version "net-misc/openswan" &&

101

+			! has_version "net-misc/libreswan"; then

102

+			ewarn "We found an earlier version of ${PN} installed."

103

+			ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"

104

+			ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"

105

+			ewarn "a conflict with net-misc/strongswan; bug #436144.  We will"

106

+			ewarn "rename this file for you with this upgrade.  However, if"

107

+			ewarn "you later downgrade, you'll have to rename the file to"

108

+			ewarn "its orignal manually or change /etc/conf.d/racoon to point"

109

+			ewarn "to the new file."

110

+

111

+			if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then

112

+				mv /etc/ipsec.conf /etc/ipsec-tools.conf

113

+			else

114

+				ewarn

115

+				ewarn "Oops!  I can't move ipsec.conf to ipsec-tools.conf!"

116

+				ewarn "Either the former doesn't exist or the later does and"

117

+				ewarn "I won't clobber it.  Please fix this situation manually."

118

+			fi

119

+		else

120

+			ewarn "You had both an earlier version of ${PN} and"

121

+			ewarn "net-misc/strongswan installed.  I can't tell whether"

122

+			ewarn "the configuration file, ipsec.conf, belongs to one"

123

+			ewarn "package or the other due to a file conflict; bug #436144."

124

+			ewarn "The current version of ${PN} uses ipsec-tools.conf"

125

+			ewarn "as its configuration file, as will future versions."

126

+			ewarn "Please fix this situation manually."

127

+		fi

128

+		ewarn

129

+		ewarn "\033[1;33m**************************************************\033[00m"

130

+		ewarn

131

+	fi

132

+}

133

+

134

+pkg_setup() {

135

+	linux-info_pkg_setup

136

+

137

+	get_version

138

+

139

+	if linux_config_exists && kernel_is -ge 2 6 19; then

140

+		ewarn

141

+		ewarn "\033[1;33m**************************************************\033[00m"

142

+		ewarn

143

+		ewarn "Checking kernel configuration in /usr/src/linux or"

144

+		ewarn "or /proc/config.gz for compatibility with ${PN}."

145

+		ewarn "Here are the potential problems:"

146

+		ewarn

147

+

148

+		local nothing="1"

149

+

150

+		# Check options for all flavors of IPSec

151

+		local msg=""

152

+		for i in XFRM_USER NET_KEY; do

153

+			if ! linux_chkconfig_present ${i}; then

154

+				msg="${msg} ${i}"

155

+			fi

156

+		done

157

+		if [[ ! -z "$msg" ]]; then

158

+			nothing="0"

159

+			ewarn

160

+			ewarn "ALL IPSec may fail. CHECK:"

161

+			ewarn "${msg}"

162

+		fi

163

+

164

+		# Check unencrypted IPSec

165

+		if ! linux_chkconfig_present CRYPTO_NULL; then

166

+			nothing="0"

167

+			ewarn

168

+			ewarn "Unencrypted IPSec may fail. CHECK:"

169

+			ewarn " CRYPTO_NULL"

170

+		fi

171

+

172

+		# Check IPv4 IPSec

173

+		msg=""

174

+		for i in \

175

+			INET_IPCOMP INET_AH INET_ESP \

176

+			INET_XFRM_MODE_TRANSPORT \

177

+			INET_XFRM_MODE_TUNNEL \

178

+			INET_XFRM_MODE_BEET

179

+		do

180

+			if ! linux_chkconfig_present ${i}; then

181

+				msg="${msg} ${i}"

182

+			fi

183

+		done

184

+		if [[ ! -z "$msg" ]]; then

185

+			nothing="0"

186

+			ewarn

187

+			ewarn "IPv4 IPSec may fail. CHECK:"

188

+			ewarn "${msg}"

189

+		fi

190

+

191

+		# Check IPv6 IPSec

192

+		if use ipv6; then

193

+			msg=""

194

+			for i in INET6_IPCOMP INET6_AH INET6_ESP \

195

+				INET6_XFRM_MODE_TRANSPORT \

196

+				INET6_XFRM_MODE_TUNNEL \

197

+				INET6_XFRM_MODE_BEET

198

+			do

199

+				if ! linux_chkconfig_present ${i}; then

200

+					msg="${msg} ${i}"

201

+				fi

202

+			done

203

+			if [[ ! -z "$msg" ]]; then

204

+			nothing="0"

205

+				ewarn

206

+				ewarn "IPv6 IPSec may fail. CHECK:"

207

+				ewarn "${msg}"

208

+			fi

209

+		fi

210

+

211

+		# Check IPSec behind NAT

212

+		if use nat; then

213

+			if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then

214

+				nothing="0"

215

+				ewarn

216

+				ewarn "IPSec behind NAT may fail.  CHECK:"

217

+				ewarn " NETFILTER_XT_MATCH_POLICY"

218

+			fi

219

+		fi

220

+

221

+		if [[ $nothing == "1" ]]; then

222

+			ewarn "NO PROBLEMS FOUND"

223

+		fi

224

+

225

+		ewarn

226

+		ewarn "WARNING: If your *configured* and *running* kernel"

227

+		ewarn "differ either now or in the future, then these checks"

228

+		ewarn "may lead to misleading results."

229

+		ewarn

230

+		ewarn "\033[1;33m**************************************************\033[00m"

231

+		ewarn

232

+	else

233

+		eerror

234

+		eerror "\033[1;31m**************************************************\033[00m"

235

+		eerror "Make sure that your *running* kernel is/will be >=2.6.19."

236

+		eerror "Building ${PN} now, assuming that you know what you're doing."

237

+		eerror "\033[1;31m**************************************************\033[00m"

238

+		eerror

239

+	fi

240

+}

241

+

242

+src_prepare() {

243

+	# fix for bug #124813

244

+	sed -i 's:-Werror::g' "${S}"/configure.ac || die

245

+	# fix for building with gcc-4.6

246

+	sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die

247

+

248

+	epatch "${FILESDIR}/${PN}-def-psk.patch"

249

+	epatch "${FILESDIR}/${PN}-include-vendoridh.patch"

250

+	epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770

251

+

252

+	AT_M4DIR="${S}" eautoreconf

253

+}

254

+

255

+src_configure() {

256

+	#--with-{libiconv,libradius} lead to "Broken getaddrinfo()"

257

+	#--enable-samode-unspec is not supported in linux

258

+	local myconf

259

+	myconf="--with-kernel-headers=/usr/include \

260

+			--enable-adminport \

261

+			--enable-dependency-tracking \

262

+			--enable-dpd \

263

+			--enable-frag \

264

+			--without-libiconv \

265

+			--without-libradius \

266

+			--disable-samode-unspec \

267

+			$(use_enable idea) \

268

+			$(use_enable ipv6) \

269

+			$(use_enable kerberos gssapi) \

270

+			$(use_with ldap libldap) \

271

+			$(use_enable nat natt) \

272

+			$(use_with pam libpam) \

273

+			$(use_enable rc5) \

274

+			$(use_with readline) \

275

+			$(use_enable selinux security-context) \

276

+			$(use_enable stats)"

277

+

278

+	use nat && myconf="${myconf} --enable-natt-versions=yes"

279

+

280

+	# enable mode-cfg and xauth support

281

+	if use pam; then

282

+		myconf="${myconf} --enable-hybrid"

283

+	else

284

+		myconf="${myconf} $(use_enable hybrid)"

285

+	fi

286

+

287

+	econf ${myconf}

288

+}

289

+

290

+src_install() {

291

+	emake DESTDIR="${D}" install

292

+	keepdir /var/lib/racoon

293

+	newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon

294

+	newinitd "${FILESDIR}"/racoon.init.d-r3 racoon

295

+	systemd_dounit "${FILESDIR}/ipsec.service"

296

+	systemd_dounit "${FILESDIR}/racoon.service"

297

+	use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon

298

+

299

+	insinto /etc

300

+	doins "${FILESDIR}"/ipsec-tools.conf

301

+	insinto /etc/racoon

302

+	doins "${FILESDIR}"/racoon.conf

303

+	doins "${FILESDIR}"/psk.txt

304

+	chmod 400 "${D}"/etc/racoon/psk.txt

305

+

306

+	dodoc ChangeLog README NEWS

307

+	dodoc -r src/racoon/samples

308

+	dodoc -r src/racoon/doc

309

+	docinto samples

310

+	newdoc src/setkey/sample.cf ipsec-tools.conf

311

+}

312

+

313

+pkg_postinst() {

314

+	if use nat; then

315

+		elog

316

+		elog "You have enabled the nat traversal functionnality."

317

+		elog "Nat versions wich are enabled by default are 00,02,rfc"

318

+		elog "you can find those drafts in the CVS repository:"

319

+		elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"

320

+		elog

321

+		elog "If you feel brave enough and you know what you are"

322

+		elog "doing, you can consider emerging this ebuild with"

323

+		elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""

324

+		elog

325

+	fi

326

+

327

+	if use ldap; then

328

+		elog

329

+		elog "You have enabled ldap support with {$PN}."

330

+		elog "The man page does NOT contain any information on it yet."

331

+		elog "Consider using a more recent version or CVS."

332

+		elog

333

+	fi

334

+

335

+	elog

336

+	elog "Please have a look in /usr/share/doc/${P} and visit"

337

+	elog "http://www.netbsd.org/Documentation/network/ipsec/"

338

+	elog "to find more information on how to configure this tool."

339

+	elog

340

+}

1	commit: 3655190898eff1e14dbf435f04aa8d14946eeaf8
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Fri Nov 27 22:31:31 2015 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Fri Nov 27 22:31:31 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36551908
7
8	net-firewall/ipsec-tools: add systemd unit files.
9
10	See: https://github.com/gentoo/gentoo/pull/350
11
12	Package-Manager: portage-2.2.20.1
13
14	net-firewall/ipsec-tools/files/ipsec.service \| 12 +
15	net-firewall/ipsec-tools/files/racoon.service \| 11 +
16	.../ipsec-tools/ipsec-tools-0.8.2-r1.ebuild \| 279 +++++++++++++++++++++
17	3 files changed, 302 insertions(+)
18
19	diff --git a/net-firewall/ipsec-tools/files/ipsec.service b/net-firewall/ipsec-tools/files/ipsec.service
20	new file mode 100644
21	index 0000000..0341aa7
22	--- /dev/null
23	+++ b/net-firewall/ipsec-tools/files/ipsec.service
24	@@ -0,0 +1,12 @@
25	+[Unit]
26	+Description=Load IPSec Security Policy Database
27	+After=syslog.target network.target
28	+
29	+[Service]
30	+Type=oneshot
31	+RemainAfterExit=true
32	+ExecStart=/usr/sbin/setkey -k -f /etc/ipsec-tools.conf
33	+ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F
34	+
35	+[Install]
36	+WantedBy=multi-user.target
37
38	diff --git a/net-firewall/ipsec-tools/files/racoon.service b/net-firewall/ipsec-tools/files/racoon.service
39	new file mode 100644
40	index 0000000..dd72827
41	--- /dev/null
42	+++ b/net-firewall/ipsec-tools/files/racoon.service
43	@@ -0,0 +1,11 @@
44	+[Unit]
45	+Description=Racoon IKEv1 key management daemon for IPSEC
46	+After=syslog.target network.target
47	+Requires=ipsec.service
48	+
49	+[Service]
50	+Type=forking
51	+ExecStart=/usr/sbin/racoon -f /etc/racoon/racoon.conf
52	+
53	+[Install]
54	+WantedBy=multi-user.target
55
56	diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild
57	new file mode 100644
58	index 0000000..1f45d9e
59	--- /dev/null
60	+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.2-r1.ebuild
61	@@ -0,0 +1,279 @@
62	+# Copyright 1999-2015 Gentoo Foundation
63	+# Distributed under the terms of the GNU General Public License v2
64	+# $Id$
65	+
66	+EAPI="5"
67	+
68	+inherit eutils flag-o-matic autotools linux-info pam systemd
69	+
70	+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
71	+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
72	+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
73	+
74	+LICENSE="BSD GPL-2"
75	+SLOT="0"
76	+KEYWORDS="~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~x86"
77	+IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
78	+
79	+CDEPEND="
80	+ dev-libs/openssl:0=
81	+ kerberos? ( virtual/krb5 )
82	+ ldap? ( net-nds/openldap )
83	+ pam? ( sys-libs/pam )
84	+ readline? ( sys-libs/readline:0= )
85	+ selinux? ( sys-libs/libselinux )"
86	+
87	+DEPEND="${CDEPEND}
88	+ >=sys-kernel/linux-headers-2.6.30"
89	+
90	+RDEPEND="${CDEPEND}
91	+ selinux? ( sec-policy/selinux-ipsec )
92	+"
93	+
94	+pkg_preinst() {
95	+ if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
96	+ ewarn
97	+ ewarn "\033[1;33m**************************************************\033[00m"
98	+ ewarn
99	+ if ! has_version "net-misc/strongswan" &&
100	+ ! has_version "net-misc/openswan" &&
101	+ ! has_version "net-misc/libreswan"; then
102	+ ewarn "We found an earlier version of ${PN} installed."
103	+ ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
104	+ ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
105	+ ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
106	+ ewarn "rename this file for you with this upgrade. However, if"
107	+ ewarn "you later downgrade, you'll have to rename the file to"
108	+ ewarn "its orignal manually or change /etc/conf.d/racoon to point"
109	+ ewarn "to the new file."
110	+
111	+ if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
112	+ mv /etc/ipsec.conf /etc/ipsec-tools.conf
113	+ else
114	+ ewarn
115	+ ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
116	+ ewarn "Either the former doesn't exist or the later does and"
117	+ ewarn "I won't clobber it. Please fix this situation manually."
118	+ fi
119	+ else
120	+ ewarn "You had both an earlier version of ${PN} and"
121	+ ewarn "net-misc/strongswan installed. I can't tell whether"
122	+ ewarn "the configuration file, ipsec.conf, belongs to one"
123	+ ewarn "package or the other due to a file conflict; bug #436144."
124	+ ewarn "The current version of ${PN} uses ipsec-tools.conf"
125	+ ewarn "as its configuration file, as will future versions."
126	+ ewarn "Please fix this situation manually."
127	+ fi
128	+ ewarn
129	+ ewarn "\033[1;33m**************************************************\033[00m"
130	+ ewarn
131	+ fi
132	+}
133	+
134	+pkg_setup() {
135	+ linux-info_pkg_setup
136	+
137	+ get_version
138	+
139	+ if linux_config_exists && kernel_is -ge 2 6 19; then
140	+ ewarn
141	+ ewarn "\033[1;33m**************************************************\033[00m"
142	+ ewarn
143	+ ewarn "Checking kernel configuration in /usr/src/linux or"
144	+ ewarn "or /proc/config.gz for compatibility with ${PN}."
145	+ ewarn "Here are the potential problems:"
146	+ ewarn
147	+
148	+ local nothing="1"
149	+
150	+ # Check options for all flavors of IPSec
151	+ local msg=""
152	+ for i in XFRM_USER NET_KEY; do
153	+ if ! linux_chkconfig_present ${i}; then
154	+ msg="${msg} ${i}"
155	+ fi
156	+ done
157	+ if [[ ! -z "$msg" ]]; then
158	+ nothing="0"
159	+ ewarn
160	+ ewarn "ALL IPSec may fail. CHECK:"
161	+ ewarn "${msg}"
162	+ fi
163	+
164	+ # Check unencrypted IPSec
165	+ if ! linux_chkconfig_present CRYPTO_NULL; then
166	+ nothing="0"
167	+ ewarn
168	+ ewarn "Unencrypted IPSec may fail. CHECK:"
169	+ ewarn " CRYPTO_NULL"
170	+ fi
171	+
172	+ # Check IPv4 IPSec
173	+ msg=""
174	+ for i in \
175	+ INET_IPCOMP INET_AH INET_ESP \
176	+ INET_XFRM_MODE_TRANSPORT \
177	+ INET_XFRM_MODE_TUNNEL \
178	+ INET_XFRM_MODE_BEET
179	+ do
180	+ if ! linux_chkconfig_present ${i}; then
181	+ msg="${msg} ${i}"
182	+ fi
183	+ done
184	+ if [[ ! -z "$msg" ]]; then
185	+ nothing="0"
186	+ ewarn
187	+ ewarn "IPv4 IPSec may fail. CHECK:"
188	+ ewarn "${msg}"
189	+ fi
190	+
191	+ # Check IPv6 IPSec
192	+ if use ipv6; then
193	+ msg=""
194	+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
195	+ INET6_XFRM_MODE_TRANSPORT \
196	+ INET6_XFRM_MODE_TUNNEL \
197	+ INET6_XFRM_MODE_BEET
198	+ do
199	+ if ! linux_chkconfig_present ${i}; then
200	+ msg="${msg} ${i}"
201	+ fi
202	+ done
203	+ if [[ ! -z "$msg" ]]; then
204	+ nothing="0"
205	+ ewarn
206	+ ewarn "IPv6 IPSec may fail. CHECK:"
207	+ ewarn "${msg}"
208	+ fi
209	+ fi
210	+
211	+ # Check IPSec behind NAT
212	+ if use nat; then
213	+ if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
214	+ nothing="0"
215	+ ewarn
216	+ ewarn "IPSec behind NAT may fail. CHECK:"
217	+ ewarn " NETFILTER_XT_MATCH_POLICY"
218	+ fi
219	+ fi
220	+
221	+ if [[ $nothing == "1" ]]; then
222	+ ewarn "NO PROBLEMS FOUND"
223	+ fi
224	+
225	+ ewarn
226	+ ewarn "WARNING: If your configured and running kernel"
227	+ ewarn "differ either now or in the future, then these checks"
228	+ ewarn "may lead to misleading results."
229	+ ewarn
230	+ ewarn "\033[1;33m**************************************************\033[00m"
231	+ ewarn
232	+ else
233	+ eerror
234	+ eerror "\033[1;31m**************************************************\033[00m"
235	+ eerror "Make sure that your running kernel is/will be >=2.6.19."
236	+ eerror "Building ${PN} now, assuming that you know what you're doing."
237	+ eerror "\033[1;31m**************************************************\033[00m"
238	+ eerror
239	+ fi
240	+}
241	+
242	+src_prepare() {
243	+ # fix for bug #124813
244	+ sed -i 's:-Werror::g' "${S}"/configure.ac \|\| die
245	+ # fix for building with gcc-4.6
246	+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac \|\| die
247	+
248	+ epatch "${FILESDIR}/${PN}-def-psk.patch"
249	+ epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
250	+ epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
251	+
252	+ AT_M4DIR="${S}" eautoreconf
253	+}
254	+
255	+src_configure() {
256	+ #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
257	+ #--enable-samode-unspec is not supported in linux
258	+ local myconf
259	+ myconf="--with-kernel-headers=/usr/include \
260	+ --enable-adminport \
261	+ --enable-dependency-tracking \
262	+ --enable-dpd \
263	+ --enable-frag \
264	+ --without-libiconv \
265	+ --without-libradius \
266	+ --disable-samode-unspec \
267	+ $(use_enable idea) \
268	+ $(use_enable ipv6) \
269	+ $(use_enable kerberos gssapi) \
270	+ $(use_with ldap libldap) \
271	+ $(use_enable nat natt) \
272	+ $(use_with pam libpam) \
273	+ $(use_enable rc5) \
274	+ $(use_with readline) \
275	+ $(use_enable selinux security-context) \
276	+ $(use_enable stats)"
277	+
278	+ use nat && myconf="${myconf} --enable-natt-versions=yes"
279	+
280	+ # enable mode-cfg and xauth support
281	+ if use pam; then
282	+ myconf="${myconf} --enable-hybrid"
283	+ else
284	+ myconf="${myconf} $(use_enable hybrid)"
285	+ fi
286	+
287	+ econf ${myconf}
288	+}
289	+
290	+src_install() {
291	+ emake DESTDIR="${D}" install
292	+ keepdir /var/lib/racoon
293	+ newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon
294	+ newinitd "${FILESDIR}"/racoon.init.d-r3 racoon
295	+ systemd_dounit "${FILESDIR}/ipsec.service"
296	+ systemd_dounit "${FILESDIR}/racoon.service"
297	+ use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
298	+
299	+ insinto /etc
300	+ doins "${FILESDIR}"/ipsec-tools.conf
301	+ insinto /etc/racoon
302	+ doins "${FILESDIR}"/racoon.conf
303	+ doins "${FILESDIR}"/psk.txt
304	+ chmod 400 "${D}"/etc/racoon/psk.txt
305	+
306	+ dodoc ChangeLog README NEWS
307	+ dodoc -r src/racoon/samples
308	+ dodoc -r src/racoon/doc
309	+ docinto samples
310	+ newdoc src/setkey/sample.cf ipsec-tools.conf
311	+}
312	+
313	+pkg_postinst() {
314	+ if use nat; then
315	+ elog
316	+ elog "You have enabled the nat traversal functionnality."
317	+ elog "Nat versions wich are enabled by default are 00,02,rfc"
318	+ elog "you can find those drafts in the CVS repository:"
319	+ elog "cvs -d anoncvs@××××××××××××××.org:/cvsroot co ipsec-tools"
320	+ elog
321	+ elog "If you feel brave enough and you know what you are"
322	+ elog "doing, you can consider emerging this ebuild with"
323	+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
324	+ elog
325	+ fi
326	+
327	+ if use ldap; then
328	+ elog
329	+ elog "You have enabled ldap support with {$PN}."
330	+ elog "The man page does NOT contain any information on it yet."
331	+ elog "Consider using a more recent version or CVS."
332	+ elog
333	+ fi
334	+
335	+ elog
336	+ elog "Please have a look in /usr/share/doc/${P} and visit"
337	+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
338	+ elog "to find more information on how to configure this tool."
339	+ elog
340	+}

Gentoo Archives: gentoo-commits