[gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/files/, net-vpn/libreswan/ - gentoo-commits

From:	Hans de Graaff <graaff@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/files/, net-vpn/libreswan/
Date:	Sat, 27 Jun 2020 06:17:20
Message-Id:	`1593238530.f089a9dbc70325b82be293afe46bf2c9a7c3e9e8.graaff@gentoo`

1

commit:     f089a9dbc70325b82be293afe46bf2c9a7c3e9e8

2

Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

3

AuthorDate: Sat Jun 27 06:15:13 2020 +0000

4

Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

5

CommitDate: Sat Jun 27 06:15:30 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f089a9db

7

8

net-vpn/libreswan: backport NSS compat patch

9

10

Backport a patch for compatibility with newer NSS versions.

11

12

Closes: https://bugs.gentoo.org/721686

13

Package-Manager: Portage-2.3.99, Repoman-2.3.23

14

Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>

15

16

 .../files/libreswan-3.32-nss-compat.patch          |  23 ++++

17

 net-vpn/libreswan/libreswan-3.32-r1.ebuild         | 117 +++++++++++++++++++++

18

 2 files changed, 140 insertions(+)

19

20

diff --git a/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch b/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch

21

new file mode 100644

22

index 00000000000..09f71a9f907

23

--- /dev/null

24

+++ b/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch

25

@@ -0,0 +1,23 @@

26

+Add compatibility setting for NSS

27

+

28

+https://github.com/libreswan/libreswan/commit/65a497959a0e1ca615341109eaad5e75723839d6

29

+

30

+We patch a different file because a later commit moved the setting to this file.

31

+

32

+diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c

33

+index 93a027089a..571913cc1e 100644

34

+--- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c

35

++++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c

36

+@@ -16,6 +16,12 @@

37

+ #include <stdio.h>

38

+ #include <stdlib.h>

39

+

40

++/*

41

++ * Special advise from Bob Relyea - needs to go before any nss include

42

++ *

43

++ */

44

++#define NSS_PKCS11_2_0_COMPAT 1

45

++

46

+ #include "lswlog.h"

47

+ #include "lswnss.h"

48

+ #include "prmem.h"

49

50

diff --git a/net-vpn/libreswan/libreswan-3.32-r1.ebuild b/net-vpn/libreswan/libreswan-3.32-r1.ebuild

51

new file mode 100644

52

index 00000000000..594a265b467

53

--- /dev/null

54

+++ b/net-vpn/libreswan/libreswan-3.32-r1.ebuild

55

@@ -0,0 +1,117 @@

56

+# Copyright 1999-2020 Gentoo Authors

57

+# Distributed under the terms of the GNU General Public License v2

58

+

59

+EAPI=7

60

+

61

+inherit systemd toolchain-funcs

62

+

63

+SRC_URI="https://download.libreswan.org/${P}.tar.gz"

64

+KEYWORDS="~amd64 ~arm ~ppc ~x86"

65

+

66

+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"

67

+HOMEPAGE="https://libreswan.org/"

68

+

69

+LICENSE="GPL-2 BSD-4 RSA DES"

70

+SLOT="0"

71

+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"

72

+RESTRICT="!test? ( test )"

73

+

74

+DEPEND="

75

+	dev-libs/gmp:0=

76

+	dev-libs/libevent:0=

77

+	dev-libs/nspr

78

+	>=dev-libs/nss-3.42

79

+	>=sys-kernel/linux-headers-4.19

80

+	caps? ( sys-libs/libcap-ng )

81

+	curl? ( net-misc/curl )

82

+	dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )

83

+	ldap? ( net-nds/openldap )

84

+	pam? ( sys-libs/pam )

85

+	seccomp? ( sys-libs/libseccomp )

86

+	selinux? ( sys-libs/libselinux )

87

+	systemd? ( sys-apps/systemd:0= )

88

+"

89

+BDEPEND="

90

+	app-text/docbook-xml-dtd:4.1.2

91

+	app-text/xmlto

92

+	dev-libs/nss

93

+	sys-devel/bison

94

+	sys-devel/flex

95

+	virtual/pkgconfig

96

+	test? ( dev-python/setproctitle )

97

+"

98

+RDEPEND="${DEPEND}

99

+	dev-libs/nss[utils(+)]

100

+	sys-apps/iproute2

101

+	!net-vpn/strongswan

102

+	selinux? ( sec-policy/selinux-ipsec )

103

+"

104

+

105

+usetf() {

106

+	usex "$1" true false

107

+}

108

+

109

+PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" "${FILESDIR}/${P}-nss-compat.patch" )

110

+

111

+src_prepare() {

112

+	sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die

113

+	sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die

114

+	default

115

+}

116

+

117

+src_configure() {

118

+	tc-export AR CC

119

+	export INC_USRLOCAL=/usr

120

+	export INC_MANDIR=share/man

121

+	export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}

122

+	export FINALDOCDIR=/usr/share/doc/${PF}/html

123

+	export INITSYSTEM=openrc

124

+	export INC_RCDIRS=

125

+	export INC_RCDEFAULT=/etc/init.d

126

+	export USERCOMPILE=

127

+	export USERLINK=

128

+	export USE_DNSSEC=$(usetf dnssec)

129

+	export USE_LABELED_IPSEC=$(usetf selinux)

130

+	export USE_LIBCAP_NG=$(usetf caps)

131

+	export USE_LIBCURL=$(usetf curl)

132

+	export USE_LINUX_AUDIT=$(usetf selinux)

133

+	export USE_LDAP=$(usetf ldap)

134

+	export USE_SECCOMP=$(usetf seccomp)

135

+	export USE_SYSTEMD_WATCHDOG=$(usetf systemd)

136

+	export SD_WATCHDOGSEC=$(usex systemd 200 0)

137

+	export USE_XAUTHPAM=$(usetf pam)

138

+	export DEBUG_CFLAGS=

139

+	export OPTIMIZE_CFLAGS=

140

+	export WERROR_CFLAGS=

141

+}

142

+

143

+src_compile() {

144

+	emake all

145

+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all

146

+}

147

+

148

+src_test() {

149

+	: # integration tests only that require set of kvms to be set up

150

+}

151

+

152

+src_install() {

153

+	default

154

+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install

155

+

156

+	echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets

157

+	fperms 0600 /etc/ipsec.secrets

158

+

159

+	dodoc -r docs

160

+

161

+	find "${D}" -type d -empty -delete || die

162

+}

163

+

164

+pkg_postinst() {

165

+	local IPSEC_CONFDIR=${ROOT}/etc/ipsec.d

166

+	if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then

167

+		ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"

168

+		certutil -N -d "${IPSEC_CONFDIR}" --empty-password

169

+		eend $?

170

+		einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"

171

+	fi

172

+}

1	commit: f089a9dbc70325b82be293afe46bf2c9a7c3e9e8
2	Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
3	AuthorDate: Sat Jun 27 06:15:13 2020 +0000
4	Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
5	CommitDate: Sat Jun 27 06:15:30 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f089a9db
7
8	net-vpn/libreswan: backport NSS compat patch
9
10	Backport a patch for compatibility with newer NSS versions.
11
12	Closes: https://bugs.gentoo.org/721686
13	Package-Manager: Portage-2.3.99, Repoman-2.3.23
14	Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>
15
16	.../files/libreswan-3.32-nss-compat.patch \| 23 ++++
17	net-vpn/libreswan/libreswan-3.32-r1.ebuild \| 117 +++++++++++++++++++++
18	2 files changed, 140 insertions(+)
19
20	diff --git a/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch b/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch
21	new file mode 100644
22	index 00000000000..09f71a9f907
23	--- /dev/null
24	+++ b/net-vpn/libreswan/files/libreswan-3.32-nss-compat.patch
25	@@ -0,0 +1,23 @@
26	+Add compatibility setting for NSS
27	+
28	+https://github.com/libreswan/libreswan/commit/65a497959a0e1ca615341109eaad5e75723839d6
29	+
30	+We patch a different file because a later commit moved the setting to this file.
31	+
32	+diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
33	+index 93a027089a..571913cc1e 100644
34	+--- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
35	++++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
36	+@@ -16,6 +16,12 @@
37	+ #include <stdio.h>
38	+ #include <stdlib.h>
39	+
40	++/*
41	++ * Special advise from Bob Relyea - needs to go before any nss include
42	++ *
43	++ */
44	++#define NSS_PKCS11_2_0_COMPAT 1
45	++
46	+ #include "lswlog.h"
47	+ #include "lswnss.h"
48	+ #include "prmem.h"
49
50	diff --git a/net-vpn/libreswan/libreswan-3.32-r1.ebuild b/net-vpn/libreswan/libreswan-3.32-r1.ebuild
51	new file mode 100644
52	index 00000000000..594a265b467
53	--- /dev/null
54	+++ b/net-vpn/libreswan/libreswan-3.32-r1.ebuild
55	@@ -0,0 +1,117 @@
56	+# Copyright 1999-2020 Gentoo Authors
57	+# Distributed under the terms of the GNU General Public License v2
58	+
59	+EAPI=7
60	+
61	+inherit systemd toolchain-funcs
62	+
63	+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
64	+KEYWORDS="~amd64 ~arm ~ppc ~x86"
65	+
66	+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
67	+HOMEPAGE="https://libreswan.org/"
68	+
69	+LICENSE="GPL-2 BSD-4 RSA DES"
70	+SLOT="0"
71	+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
72	+RESTRICT="!test? ( test )"
73	+
74	+DEPEND="
75	+ dev-libs/gmp:0=
76	+ dev-libs/libevent:0=
77	+ dev-libs/nspr
78	+ >=dev-libs/nss-3.42
79	+ >=sys-kernel/linux-headers-4.19
80	+ caps? ( sys-libs/libcap-ng )
81	+ curl? ( net-misc/curl )
82	+ dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )
83	+ ldap? ( net-nds/openldap )
84	+ pam? ( sys-libs/pam )
85	+ seccomp? ( sys-libs/libseccomp )
86	+ selinux? ( sys-libs/libselinux )
87	+ systemd? ( sys-apps/systemd:0= )
88	+"
89	+BDEPEND="
90	+ app-text/docbook-xml-dtd:4.1.2
91	+ app-text/xmlto
92	+ dev-libs/nss
93	+ sys-devel/bison
94	+ sys-devel/flex
95	+ virtual/pkgconfig
96	+ test? ( dev-python/setproctitle )
97	+"
98	+RDEPEND="${DEPEND}
99	+ dev-libs/nss[utils(+)]
100	+ sys-apps/iproute2
101	+ !net-vpn/strongswan
102	+ selinux? ( sec-policy/selinux-ipsec )
103	+"
104	+
105	+usetf() {
106	+ usex "$1" true false
107	+}
108	+
109	+PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" "${FILESDIR}/${P}-nss-compat.patch" )
110	+
111	+src_prepare() {
112	+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in \|\| die
113	+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile \|\| die
114	+ default
115	+}
116	+
117	+src_configure() {
118	+ tc-export AR CC
119	+ export INC_USRLOCAL=/usr
120	+ export INC_MANDIR=share/man
121	+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
122	+ export FINALDOCDIR=/usr/share/doc/${PF}/html
123	+ export INITSYSTEM=openrc
124	+ export INC_RCDIRS=
125	+ export INC_RCDEFAULT=/etc/init.d
126	+ export USERCOMPILE=
127	+ export USERLINK=
128	+ export USE_DNSSEC=$(usetf dnssec)
129	+ export USE_LABELED_IPSEC=$(usetf selinux)
130	+ export USE_LIBCAP_NG=$(usetf caps)
131	+ export USE_LIBCURL=$(usetf curl)
132	+ export USE_LINUX_AUDIT=$(usetf selinux)
133	+ export USE_LDAP=$(usetf ldap)
134	+ export USE_SECCOMP=$(usetf seccomp)
135	+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
136	+ export SD_WATCHDOGSEC=$(usex systemd 200 0)
137	+ export USE_XAUTHPAM=$(usetf pam)
138	+ export DEBUG_CFLAGS=
139	+ export OPTIMIZE_CFLAGS=
140	+ export WERROR_CFLAGS=
141	+}
142	+
143	+src_compile() {
144	+ emake all
145	+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all
146	+}
147	+
148	+src_test() {
149	+ : # integration tests only that require set of kvms to be set up
150	+}
151	+
152	+src_install() {
153	+ default
154	+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install
155	+
156	+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
157	+ fperms 0600 /etc/ipsec.secrets
158	+
159	+ dodoc -r docs
160	+
161	+ find "${D}" -type d -empty -delete \|\| die
162	+}
163	+
164	+pkg_postinst() {
165	+ local IPSEC_CONFDIR=${ROOT}/etc/ipsec.d
166	+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
167	+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
168	+ certutil -N -d "${IPSEC_CONFDIR}" --empty-password
169	+ eend $?
170	+ einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
171	+ fi
172	+}

Gentoo Archives: gentoo-commits