/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.6.7.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.6.7.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.14 - (show annotations) (download)
Wed May 6 19:12:00 2009 UTC (5 years, 3 months ago) by a3li
Branch: MAIN
CVS Tags: HEAD
Changes since 1.13: +1 -1 lines
FILE REMOVED
Removing vulnerable versions wrt bug 267135.
(Portage version: 2.2_rc32/cvs/Linux x86_64)

1 # Copyright 1999-2008 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.6.7.ebuild,v 1.13 2008/06/06 23:53:31 swegener Exp $
4
5 inherit eutils flag-o-matic autotools linux-info
6
7 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
8 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
9 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
10
11 LICENSE="BSD"
12 SLOT="0"
13 KEYWORDS="amd64 ppc sparc x86"
14 IUSE="idea ipv6 pam rc5 readline selinux ldap kerberos nat hybrid iconv"
15
16 # FIXME: what is the correct syntax for ~sparc ???
17 DEPEND="!sparc? ( >=sys-kernel/linux-headers-2.6 )
18 readline? ( sys-libs/readline )
19 pam? ( sys-libs/pam )
20 ldap? ( net-nds/openldap )
21 kerberos? ( virtual/krb5 )
22 >=dev-libs/openssl-0.9.8
23 iconv? ( virtual/libiconv )"
24 # radius? ( net-dialup/gnuradius )
25
26 RDEPEND="${DEPEND}
27 selinux? ( sec-policy/selinux-ipsec-tools )"
28
29 # {{{ kernel_check()
30 kernel_check() {
31 get_version
32 if kernel_is 2 6 ; then
33 if test "${KV_PATCH}" -ge 19 ; then
34 # Just for kernel >=2.6.19
35 ebegin "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
36
37 if use nat ; then
38 if ! { linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; } ; then
39 ewarn "[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is NOT enabled"
40 eerror "${P} won't compile with use nat traversal (USE=nat) until you enable NETFILTER_XT_MATCH_POLICY in your kernel"
41 die
42 else
43 einfo "....[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is enabled :-)"
44 fi
45 fi
46 # {{{ general stuff
47 if ! { linux_chkconfig_present XFRM_USER; }; then
48 ewarn "[XFRM_USER] Transformation user configuration interface is NOT enabled."
49 else
50 einfo "....[XFRM_USER] Transformation user configuration interface is enabled :-)"
51 fi
52
53 if ! { linux_chkconfig_present NET_KEY; }; then
54 ewarn "[NET_KEY] PF_KEY sockets is NOT enabled."
55 else
56 einfo "....[NET_KEY] PF_KEY sockets is enabled :-)"
57 fi
58 # }}}
59 # {{{ IPv4 stuff
60 if ! { linux_chkconfig_present INET_IPCOMP; }; then
61 ewarn "[INET_IPCOMP] IP: IPComp transformation is NOT enabled"
62 else
63 einfo "....[INET_IPCOMP] IP: IPComp transformation is enabled :-)"
64 fi
65
66 if ! { linux_chkconfig_present INET_AH; }; then
67 ewarn "[INET_AH] AH Transformation is NOT enabled."
68 else
69 einfo "....[INET_AH] AH Transformation is enabled :-)"
70 fi
71
72 if ! { linux_chkconfig_present INET_ESP; }; then
73 ewarn "[INET_ESP] ESP Transformation is NOT enabled."
74 else
75 einfo "....[INET_ESP] ESP Transformation is enabled :-)"
76 fi
77
78 if ! { linux_chkconfig_present INET_XFRM_MODE_TRANSPORT; }; then
79 ewarn "[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is NOT enabled."
80 else
81 einfo "....[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is enabled :-)"
82 fi
83
84 if ! { linux_chkconfig_present INET_XFRM_MODE_TUNNEL; }; then
85 ewarn "[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is NOT enabled."
86 else
87 einfo "....[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is enabled :-)"
88 fi
89
90 if ! { linux_chkconfig_present INET_XFRM_MODE_BEET; }; then
91 ewarn "[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is NOT enabled."
92 else
93 einfo "....[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is enabled :-)"
94 fi
95 # }}}
96 # {{{ IPv6 stuff
97 if use ipv6 ; then
98 if ! { linux_chkconfig_present INET6_IPCOMP; }; then
99 ewarn "[INET6_IPCOMP] IPv6: IPComp transformation is NOT enabled"
100 else
101 einfo "....[INET6_IPCOMP] IPv6: IPComp transformation is enabled :-)"
102 fi
103
104 if ! { linux_chkconfig_present INET6_AH; }; then
105 ewarn "[INET6_AH] IPv6: AH Transformation is NOT enabled."
106 else
107 einfo "....[INET6_AH] IPv6: AH Transformation is enabled :-)"
108 fi
109
110 if ! { linux_chkconfig_present INET6_ESP; }; then
111 ewarn "[INET6_ESP] IPv6: ESP Transformation is NOT enabled."
112 else
113 einfo "....[INET6_ESP] IPv6: ESP Transformation is enabled :-)"
114 fi
115
116 if ! { linux_chkconfig_present INET6_XFRM_MODE_TRANSPORT; }; then
117 ewarn "[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is NOT enabled."
118 else
119 einfo "....[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is enabled :-)"
120 fi
121
122 if ! { linux_chkconfig_present INET6_XFRM_MODE_TUNNEL; }; then
123 ewarn "[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is NOT enabled."
124 else
125 einfo "....[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is enabled :-)"
126 fi
127
128 if ! { linux_chkconfig_present INET6_XFRM_MODE_BEET; }; then
129 ewarn "[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is NOT enabled."
130 else
131 einfo "....[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is enabled :-)"
132 fi
133 fi
134 # }}}
135
136 eend $?
137 fi
138 fi
139 }
140 # }}}
141
142 src_unpack() {
143 unpack ${A}
144 cd "${S}"
145 # fix for bug #76741
146 sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c
147 # fix for bug #124813
148 sed -i 's:-Werror::g' "${S}"/configure.ac
149
150 AT_M4DIR="${S}" eautoreconf
151 epunt_cxx
152 }
153
154 src_compile() {
155 # fix for bug #61025
156 filter-flags -march=c3
157
158 kernel_check
159
160 myconf="${myconf} --with-kernel-headers=${KV_DIR}/include"
161
162 use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes"
163 # myconf="${myconf} $(use_enable broken-natt)"
164 myconf="${myconf} --enable-dependency-tracking $(use_enable ipv6)"
165 # myconf="${myconf} $(use_enable adminport)"
166 myconf="${myconf} $(use_enable rc5)"
167 if use pam; then
168 myconf="${myconf} --enable-hybrid"
169 else
170 myconf="${myconf} $(use_enable hybrid)"
171 fi;
172 # myconf="${myconf} $(use_enable dpd)"
173 # myconf="${myconf} $(use_enable frag)"
174 # myconf="${myconf} $(use_enable stats)"
175 # myconf="${myconf} $(use_enable fastquit)"
176 # myconf="${myconf} $(use_enable security-context)"
177 myconf="${myconf} --enable-dpd --enable-frag --enable-stats --enable-fastquit"
178 myconf="${myconf} --enable-adminport --enable-security-context"
179 myconf="${myconf} $(use_enable idea)"
180 myconf="${myconf} $(use_enable kerberos gssapi)"
181
182 # dev-libs/libiconv is hard masked
183 #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
184 myconf="${myconf} $(use_with ldap libldap)"
185 myconf="${myconf} $(use_with pam libpam)"
186
187 # the default (/usr/include/openssl/) is OK for Gentoo, leave it
188 # myconf="${myconf} $(use_with ssl openssl )"
189
190 # No way to get it compiling with freeradius or gnuradius
191 # We need libradius wich only exist on FreeBSD
192 #use radius && myconf="${myconf} $(use_with radius libradius )"
193
194 use readline && myconf="${myconf} $(use_with readline )"
195
196 # See bug #77369
197 #myconf="${myconf} --enable-samode-unspec"
198
199 econf ${myconf} || die
200 emake -j1 || die
201
202 }
203
204 src_install() {
205 emake DESTDIR="${D}" install || die
206 keepdir /var/lib/racoon
207 newconfd "${FILESDIR}"/racoon.conf.d racoon
208 newinitd "${FILESDIR}"/racoon.init.d racoon
209
210 dodoc ChangeLog README NEWS
211 dodoc src/racoon/samples/*
212 dodoc src/racoon/doc/*
213
214 docinto roadwarrior
215 dodoc src/racoon/samples/roadwarrior/*
216
217 docinto roadwarrior/client
218 dodoc src/racoon/samples/roadwarrior/client/*
219 docinto roadwarrior/server
220 dodoc src/racoon/samples/roadwarrior/server/*
221
222 docinto setkey
223 dodoc src/setkey/sample.cf
224
225 dodir /etc/racoon
226
227 # RFC are only available from CVS for the moment, see einfo below
228 #docinto "rfc"
229 #dodoc ${S}/src/racoon/rfc/*
230 }
231
232 pkg_postinst() {
233 if use nat; then
234 elog
235 elog " You have enabled the nat traversal functionnality."
236 elog " Nat versions wich are enabled by default are 00,02,rfc"
237 elog " you can find those drafts in the CVS repository:"
238 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
239 elog
240 elog "If you feel brave enough and you know what you are"
241 elog "doing, you can consider emerging this ebuild"
242 elog "with"
243 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
244 elog
245 fi;
246
247 if use ldap; then
248 elog
249 elog " You have enabled ldap support with {$PN}."
250 elog " The man page does NOT contain any information on it yet."
251 elog " Consider to use a more recent version or CVS"
252 elog
253 fi;
254
255 elog
256 elog "Please have a look in /usr/share/doc/${P} and visit"
257 elog "http://www.netbsd.org/Documentation/network/ipsec/"
258 elog "to find a lot of information on how to configure this great tool."
259 elog
260 }
261
262 # vim: set foldmethod=marker nowrap :

  ViewVC Help
Powered by ViewVC 1.1.20