/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.7.3.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.7.3.ebuild

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.7 - (show annotations) (download)
Thu Sep 27 14:11:26 2012 UTC (7 months, 3 weeks ago) by blueness
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +1 -1 lines
FILE REMOVED 
Remove older unstable version

(Portage version: 2.1.11.9/cvs/Linux x86_64)
1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3.ebuild,v 1.6 2012/07/12 00:11:13 blueness Exp $
4
5 inherit eutils flag-o-matic autotools linux-info
6
7 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
8 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
9 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
10
11 LICENSE="BSD GPL-2"
12 SLOT="0"
13 KEYWORDS="~amd64 ~ppc ~sparc ~x86"
14 IUSE="hybrid iconv idea ipv6 kerberos ldap nat pam rc5 readline selinux"
15
16 # FIXME: what is the correct syntax for ~sparc ???
17 DEPEND="!sparc? ( >=sys-kernel/linux-headers-2.6 )
18 readline? ( sys-libs/readline )
19 pam? ( sys-libs/pam )
20 ldap? ( net-nds/openldap )
21 kerberos? ( virtual/krb5 )
22 >=dev-libs/openssl-0.9.8
23 iconv? ( virtual/libiconv )
24 selinux? ( sys-libs/libselinux )"
25 # radius? ( net-dialup/gnuradius )
26
27 RDEPEND="${DEPEND}
28 selinux? ( sec-policy/selinux-ipsec )"
29
30 # {{{ kernel_check()
31 kernel_check() {
32 get_version
33 if kernel_is -ge 2 6 ; then
34 if test "${KV_PATCH}" -ge 19 ; then
35 # Just for kernel >=2.6.19
36 ebegin "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
37
38 if use nat ; then
39 if ! { linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; } ; then
40 ewarn "[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is NOT enabled"
41 eerror "${P} won't compile with use nat traversal (USE=nat) until you enable NETFILTER_XT_MATCH_POLICY in your kernel"
42 die
43 else
44 einfo "....[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is enabled :-)"
45 fi
46 fi
47 # {{{ general stuff
48 if ! { linux_chkconfig_present XFRM_USER; }; then
49 ewarn "[XFRM_USER] Transformation user configuration interface is NOT enabled."
50 else
51 einfo "....[XFRM_USER] Transformation user configuration interface is enabled :-)"
52 fi
53
54 if ! { linux_chkconfig_present NET_KEY; }; then
55 ewarn "[NET_KEY] PF_KEY sockets is NOT enabled."
56 else
57 einfo "....[NET_KEY] PF_KEY sockets is enabled :-)"
58 fi
59 # }}}
60 # {{{ IPv4 stuff
61 if ! { linux_chkconfig_present INET_IPCOMP; }; then
62 ewarn "[INET_IPCOMP] IP: IPComp transformation is NOT enabled"
63 else
64 einfo "....[INET_IPCOMP] IP: IPComp transformation is enabled :-)"
65 fi
66
67 if ! { linux_chkconfig_present INET_AH; }; then
68 ewarn "[INET_AH] AH Transformation is NOT enabled."
69 else
70 einfo "....[INET_AH] AH Transformation is enabled :-)"
71 fi
72
73 if ! { linux_chkconfig_present INET_ESP; }; then
74 ewarn "[INET_ESP] ESP Transformation is NOT enabled."
75 else
76 einfo "....[INET_ESP] ESP Transformation is enabled :-)"
77 fi
78
79 if ! { linux_chkconfig_present INET_XFRM_MODE_TRANSPORT; }; then
80 ewarn "[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is NOT enabled."
81 else
82 einfo "....[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is enabled :-)"
83 fi
84
85 if ! { linux_chkconfig_present INET_XFRM_MODE_TUNNEL; }; then
86 ewarn "[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is NOT enabled."
87 else
88 einfo "....[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is enabled :-)"
89 fi
90
91 if ! { linux_chkconfig_present INET_XFRM_MODE_BEET; }; then
92 ewarn "[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is NOT enabled."
93 else
94 einfo "....[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is enabled :-)"
95 fi
96 # }}}
97 # {{{ IPv6 stuff
98 if use ipv6 ; then
99 if ! { linux_chkconfig_present INET6_IPCOMP; }; then
100 ewarn "[INET6_IPCOMP] IPv6: IPComp transformation is NOT enabled"
101 else
102 einfo "....[INET6_IPCOMP] IPv6: IPComp transformation is enabled :-)"
103 fi
104
105 if ! { linux_chkconfig_present INET6_AH; }; then
106 ewarn "[INET6_AH] IPv6: AH Transformation is NOT enabled."
107 else
108 einfo "....[INET6_AH] IPv6: AH Transformation is enabled :-)"
109 fi
110
111 if ! { linux_chkconfig_present INET6_ESP; }; then
112 ewarn "[INET6_ESP] IPv6: ESP Transformation is NOT enabled."
113 else
114 einfo "....[INET6_ESP] IPv6: ESP Transformation is enabled :-)"
115 fi
116
117 if ! { linux_chkconfig_present INET6_XFRM_MODE_TRANSPORT; }; then
118 ewarn "[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is NOT enabled."
119 else
120 einfo "....[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is enabled :-)"
121 fi
122
123 if ! { linux_chkconfig_present INET6_XFRM_MODE_TUNNEL; }; then
124 ewarn "[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is NOT enabled."
125 else
126 einfo "....[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is enabled :-)"
127 fi
128
129 if ! { linux_chkconfig_present INET6_XFRM_MODE_BEET; }; then
130 ewarn "[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is NOT enabled."
131 else
132 einfo "....[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is enabled :-)"
133 fi
134 if ! { linux_chkconfig_present CRYPTO_NULL; }; then
135 ewarn "[CRYPTO_NULL] Crypto: NULL algorithm is NOT enabled"
136 else
137 einfo "....[CRYPTO_NULL] Cyrpto: Crypto NULL algorithm enabled :-)"
138 fi
139 fi
140 # }}}
141
142 eend $?
143 fi
144 fi
145 }
146 # }}}
147
148 src_unpack() {
149 unpack ${A}
150 cd "${S}"
151 # fix for bug #76741
152 sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c
153 # fix for bug #124813
154 sed -i 's:-Werror::g' "${S}"/configure.ac
155 # Fixing duplicate specification of vmbuf.h #300161
156 epatch "${FILESDIR}"/${PN}-duplicate-header.patch
157
158 AT_M4DIR="${S}" eautoreconf
159 epunt_cxx
160 }
161
162 src_compile() {
163 # fix for bug #61025
164 filter-flags -march=c3
165
166 kernel_check
167
168 myconf="--with-kernel-headers=${KV_DIR}/include \
169 --enable-dependency-tracking \
170 --enable-dpd \
171 --enable-frag \
172 --enable-stats \
173 --enable-fastquit \
174 --enable-stats \
175 --enable-adminport \
176 $(use_enable ipv6) \
177 $(use_enable rc5) \
178 $(use_enable idea) \
179 $(use_with readline)
180 $(use_enable kerberos gssapi) \
181 $(use_with ldap libldap) \
182 $(use_with pam libpam)"
183
184 # we do not want broken-natt from the kernel
185 # myconf="${myconf} $(use_enable broken-natt)"
186 use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes"
187
188 # we only need security-context when using selinux
189 myconf="${myconf} $(use_enable selinux security-context)"
190
191 # enable mode-cfg and xauth support
192 if use pam; then
193 myconf="${myconf} --enable-hybrid"
194 else
195 myconf="${myconf} $(use_enable hybrid)"
196 fi
197
198 # dev-libs/libiconv is hard masked
199 #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
200
201 # the default (/usr/include/openssl/) is OK for Gentoo, leave it
202 # myconf="${myconf} $(use_with ssl openssl )"
203
204 # No way to get it compiling with freeradius or gnuradius
205 # We would need libradius which only exists on FreeBSD
206
207 # See bug #77369
208 #myconf="${myconf} --enable-samode-unspec"
209
210 econf ${myconf} || die
211 emake -j1 || die
212 }
213
214 src_install() {
215 emake DESTDIR="${D}" install || die
216 keepdir /var/lib/racoon
217 newconfd "${FILESDIR}"/racoon.conf.d racoon
218 newinitd "${FILESDIR}"/racoon.init.d racoon
219
220 dodoc ChangeLog README NEWS
221 dodoc src/racoon/samples/*
222 dodoc src/racoon/doc/*
223
224 docinto roadwarrior
225 dodoc src/racoon/samples/roadwarrior/*
226
227 docinto roadwarrior/client
228 dodoc src/racoon/samples/roadwarrior/client/*
229 docinto roadwarrior/server
230 dodoc src/racoon/samples/roadwarrior/server/*
231
232 docinto setkey
233 dodoc src/setkey/sample.cf
234
235 dodir /etc/racoon
236
237 # RFC are only available from CVS for the moment, see einfo below
238 #docinto "rfc"
239 #dodoc ${S}/src/racoon/rfc/*
240 }
241
242 pkg_postinst() {
243 if use nat; then
244 elog
245 elog " You have enabled the nat traversal functionnality."
246 elog " Nat versions wich are enabled by default are 00,02,rfc"
247 elog " you can find those drafts in the CVS repository:"
248 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
249 elog
250 elog "If you feel brave enough and you know what you are"
251 elog "doing, you can consider emerging this ebuild"
252 elog "with"
253 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
254 elog
255 fi;
256
257 if use ldap; then
258 elog
259 elog " You have enabled ldap support with {$PN}."
260 elog " The man page does NOT contain any information on it yet."
261 elog " Consider to use a more recent version or CVS"
262 elog
263 fi;
264
265 elog
266 elog "Please have a look in /usr/share/doc/${P} and visit"
267 elog "http://www.netbsd.org/Documentation/network/ipsec/"
268 elog "to find a lot of information on how to configure this great tool."
269 elog
270 }
271
272 # vim: set foldmethod=marker nowrap :
  ViewVC Help
Powered by ViewVC 1.1.13