1 |
commit: 5eb5ac90d68ae10603c84ece0b83967c519f9ae9 |
2 |
Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 19 06:43:25 2018 +0000 |
4 |
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 19 06:44:49 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eb5ac90 |
7 |
|
8 |
net-vpn/libreswan: add 3.26 |
9 |
|
10 |
Package-Manager: Portage-2.3.49, Repoman-2.3.10 |
11 |
|
12 |
net-vpn/libreswan/Manifest | 1 + |
13 |
.../libreswan/files/libreswan-3.26-nss-link.patch | 22 ++++ |
14 |
net-vpn/libreswan/files/libreswan-3.26-nss.patch | 27 +++++ |
15 |
net-vpn/libreswan/libreswan-3.26.ebuild | 115 +++++++++++++++++++++ |
16 |
4 files changed, 165 insertions(+) |
17 |
|
18 |
diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest |
19 |
index a8dd92def94..281c1a96924 100644 |
20 |
--- a/net-vpn/libreswan/Manifest |
21 |
+++ b/net-vpn/libreswan/Manifest |
22 |
@@ -1,2 +1,3 @@ |
23 |
DIST libreswan-3.22.tar.gz 6910418 BLAKE2B c06134fa2d1096231797f1ea93de8ed61121472b10ae30ee9a843250dce4ef9f21e7d3bf63f38daf53fbfd8d1e435cfdc704743d0fdcbde8ecac137d9becac48 SHA512 93868327394527750590e1297443d3eb1c9a528d680348098fd2913123dac52c9fecd73b855ee00586c2516b8aa00f7f0d158d8e9b19d7487b5fb26432b86aff |
24 |
DIST libreswan-3.25.tar.gz 3988630 BLAKE2B 8479b5b0d7d49055b7dcefa6c3b2f469b0aa60005e05446d5c1c6f73a32c904835422248c6ead2a1c2dc83b63794fd50f7461fd22c4206414b5890c01b99b722 SHA512 246649cb5bef1d0690217d1080f3f6f175a0d7a5f27e5a7affdf291b2f418a11937e96b64716a33e6312530409a2c1b10b90e2fa5ec339a27c94c990d86ed517 |
25 |
+DIST libreswan-3.26.tar.gz 3706205 BLAKE2B e54e6d3a0163f0b6812c53400e7f57e01319d7cf64a5d9e84d5002bbab24d5de1b6461c6bba02d60630017a50c23ecb1a095f3da1a36a4e6fc64e90cf08fd798 SHA512 10965a23197ef5d21a66dc0838066ceb620b2653f64471553284e0043fbc993584e497742b498e0be410427aeed3d8ce5bfdc6dfab59b8a1a1ba9a363473c4a4 |
26 |
|
27 |
diff --git a/net-vpn/libreswan/files/libreswan-3.26-nss-link.patch b/net-vpn/libreswan/files/libreswan-3.26-nss-link.patch |
28 |
new file mode 100644 |
29 |
index 00000000000..267aa2120db |
30 |
--- /dev/null |
31 |
+++ b/net-vpn/libreswan/files/libreswan-3.26-nss-link.patch |
32 |
@@ -0,0 +1,22 @@ |
33 |
+From b3199806cc66de4888917ddc85b511b433e43d63 Mon Sep 17 00:00:00 2001 |
34 |
+From: Paul Wouters <pwouters@××××××.com> |
35 |
+Date: Mon, 17 Sep 2018 11:23:11 -0400 |
36 |
+Subject: [PATCH] building: -lfreebl is no longer needed |
37 |
+ |
38 |
+--- |
39 |
+ mk/config.mk | 2 +- |
40 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
41 |
+ |
42 |
+diff --git a/mk/config.mk b/mk/config.mk |
43 |
+index 3bd2527497..d8497c2104 100644 |
44 |
+--- a/mk/config.mk |
45 |
++++ b/mk/config.mk |
46 |
+@@ -234,7 +234,7 @@ BISONOSFLAGS?= |
47 |
+ NSSFLAGS?=$(shell pkg-config --cflags nss) |
48 |
+ # We don't want to link against every library pkg-config --libs nss |
49 |
+ # returns |
50 |
+-NSS_LDFLAGS ?= -lnss3 -lfreebl -lnssutil3 |
51 |
++NSS_LDFLAGS ?= -lnss3 -lnssutil3 |
52 |
+ NSS_SMIME_LDFLAGS ?= -lsmime3 |
53 |
+ NSS_UTIL_LDFLAGS ?= -lnssutil3 |
54 |
+ NSPR_LDFLAGS ?= -lnspr4 |
55 |
|
56 |
diff --git a/net-vpn/libreswan/files/libreswan-3.26-nss.patch b/net-vpn/libreswan/files/libreswan-3.26-nss.patch |
57 |
new file mode 100644 |
58 |
index 00000000000..89a6436a2a2 |
59 |
--- /dev/null |
60 |
+++ b/net-vpn/libreswan/files/libreswan-3.26-nss.patch |
61 |
@@ -0,0 +1,27 @@ |
62 |
+From 910f69119b491c6d7abcc85cf8911d2fa012a135 Mon Sep 17 00:00:00 2001 |
63 |
+From: Andrew Cagney <cagney@×××.org> |
64 |
+Date: Mon, 17 Sep 2018 11:56:56 -0400 |
65 |
+Subject: [PATCH] ecdsa: don't include NSS's "blapi.h", no longer needed and |
66 |
+ not on debian |
67 |
+ |
68 |
+(not to be confused with "lbapit.h", which also looks suspect) |
69 |
+ |
70 |
+Follow-up b3199806cc66de4888917ddc85b511b433e43d63 and |
71 |
+2d093c9fb83c8104604e4b40defa4e41129577ea. The latter |
72 |
+relaced the call to ECDSA_VerifyDigest() with PK11_Verify(). |
73 |
+--- |
74 |
+ programs/pluto/keys.c | 1 - |
75 |
+ 1 file changed, 1 deletion(-) |
76 |
+ |
77 |
+diff --git a/programs/pluto/keys.c b/programs/pluto/keys.c |
78 |
+index b3df5802cf..bd9d8d8c6c 100644 |
79 |
+--- a/programs/pluto/keys.c |
80 |
++++ b/programs/pluto/keys.c |
81 |
+@@ -72,7 +72,6 @@ |
82 |
+ #include <secerr.h> |
83 |
+ #include <secport.h> |
84 |
+ #include <time.h> |
85 |
+-#include <blapi.h> |
86 |
+ #include "lswconf.h" |
87 |
+ #include "lswnss.h" |
88 |
+ #include "secrets.h" |
89 |
|
90 |
diff --git a/net-vpn/libreswan/libreswan-3.26.ebuild b/net-vpn/libreswan/libreswan-3.26.ebuild |
91 |
new file mode 100644 |
92 |
index 00000000000..7c3de3ac0b8 |
93 |
--- /dev/null |
94 |
+++ b/net-vpn/libreswan/libreswan-3.26.ebuild |
95 |
@@ -0,0 +1,115 @@ |
96 |
+# Copyright 1999-2018 Gentoo Foundation |
97 |
+# Distributed under the terms of the GNU General Public License v2 |
98 |
+ |
99 |
+EAPI=6 |
100 |
+ |
101 |
+inherit systemd toolchain-funcs |
102 |
+ |
103 |
+SRC_URI="https://download.libreswan.org/${P}.tar.gz" |
104 |
+KEYWORDS="~amd64 ~ppc ~x86" |
105 |
+ |
106 |
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan" |
107 |
+HOMEPAGE="https://libreswan.org/" |
108 |
+ |
109 |
+LICENSE="GPL-2 BSD-4 RSA DES" |
110 |
+SLOT="0" |
111 |
+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test" |
112 |
+ |
113 |
+COMMON_DEPEND=" |
114 |
+ dev-libs/gmp:0= |
115 |
+ dev-libs/libevent:0= |
116 |
+ dev-libs/nspr |
117 |
+ caps? ( sys-libs/libcap-ng ) |
118 |
+ curl? ( net-misc/curl ) |
119 |
+ dnssec? ( net-dns/unbound:= net-libs/ldns ) |
120 |
+ ldap? ( net-nds/openldap ) |
121 |
+ pam? ( sys-libs/pam ) |
122 |
+ seccomp? ( sys-libs/libseccomp ) |
123 |
+ selinux? ( sys-libs/libselinux ) |
124 |
+ systemd? ( sys-apps/systemd:0= ) |
125 |
+" |
126 |
+DEPEND="${COMMON_DEPEND} |
127 |
+ app-text/docbook-xml-dtd:4.1.2 |
128 |
+ app-text/xmlto |
129 |
+ dev-libs/nss |
130 |
+ sys-devel/bison |
131 |
+ sys-devel/flex |
132 |
+ virtual/pkgconfig |
133 |
+ test? ( dev-python/setproctitle ) |
134 |
+" |
135 |
+RDEPEND="${COMMON_DEPEND} |
136 |
+ dev-libs/nss[utils(+)] |
137 |
+ sys-apps/iproute2 |
138 |
+ !net-misc/openswan |
139 |
+ !net-vpn/strongswan |
140 |
+ selinux? ( sec-policy/selinux-ipsec ) |
141 |
+" |
142 |
+ |
143 |
+usetf() { |
144 |
+ usex "$1" true false |
145 |
+} |
146 |
+ |
147 |
+src_prepare() { |
148 |
+ eapply "${FILESDIR}/${P}-nss.patch" |
149 |
+ eapply "${FILESDIR}/${P}-nss-link.patch" |
150 |
+ |
151 |
+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die |
152 |
+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die |
153 |
+ default |
154 |
+} |
155 |
+ |
156 |
+src_configure() { |
157 |
+ tc-export AR CC |
158 |
+ export INC_USRLOCAL=/usr |
159 |
+ export INC_MANDIR=share/man |
160 |
+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} |
161 |
+ export FINALDOCDIR=/usr/share/doc/${PF}/html |
162 |
+ export INITSYSTEM=openrc |
163 |
+ export INC_RCDIRS= |
164 |
+ export INC_RCDEFAULT=/etc/init.d |
165 |
+ export USERCOMPILE= |
166 |
+ export USERLINK= |
167 |
+ export USE_DNSSEC=$(usetf dnssec) |
168 |
+ export USE_LABELED_IPSEC=$(usetf selinux) |
169 |
+ export USE_LIBCAP_NG=$(usetf caps) |
170 |
+ export USE_LIBCURL=$(usetf curl) |
171 |
+ export USE_LINUX_AUDIT=$(usetf selinux) |
172 |
+ export USE_LDAP=$(usetf ldap) |
173 |
+ export USE_SECCOMP=$(usetf seccomp) |
174 |
+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd) |
175 |
+ export SD_WATCHDOGSEC=$(usex systemd 200 0) |
176 |
+ export USE_XAUTHPAM=$(usetf pam) |
177 |
+ export DEBUG_CFLAGS= |
178 |
+ export OPTIMIZE_CFLAGS= |
179 |
+ export WERROR_CFLAGS= |
180 |
+} |
181 |
+ |
182 |
+src_compile() { |
183 |
+ emake all |
184 |
+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all |
185 |
+} |
186 |
+ |
187 |
+src_test() { |
188 |
+ : # integration tests only that require set of kvms to be set up |
189 |
+} |
190 |
+ |
191 |
+src_install() { |
192 |
+ default |
193 |
+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install |
194 |
+ |
195 |
+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets |
196 |
+ fperms 0600 /etc/ipsec.secrets |
197 |
+ |
198 |
+ dodoc -r docs |
199 |
+ |
200 |
+ find "${D}" -type d -empty -delete || die |
201 |
+} |
202 |
+ |
203 |
+pkg_postinst() { |
204 |
+ local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d |
205 |
+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then |
206 |
+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" |
207 |
+ certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) |
208 |
+ eend $? |
209 |
+ fi |
210 |
+} |