/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.4 - (show annotations) (download)
Sat Mar 10 12:33:26 2012 UTC (2 years, 6 months ago) by blueness
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +1 -1 lines
FILE REMOVED
Remove older unstable version

(Portage version: 2.1.10.44/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild,v 1.3 2012/03/04 18:18:27 blueness Exp $
4
5 EAPI="4"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD"
14 SLOT="0"
15 KEYWORDS="~amd64 ~x86"
16 IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
17
18 RDEPEND="
19 kerberos? ( virtual/krb5 )
20 selinux? (
21 sys-libs/libselinux
22 sec-policy/selinux-ipsec-tools
23 )
24 readline? ( sys-libs/readline )
25 pam? ( sys-libs/pam )
26 ldap? ( net-nds/openldap )
27 dev-libs/openssl
28 virtual/libiconv"
29 # iconv? ( virtual/libiconv )
30 # radius? ( net-dialup/gnuradius )
31
32 DEPEND="${RDEPEND}
33 >=sys-kernel/linux-headers-2.6.30"
34
35 pkg_setup() {
36 linux-info_pkg_setup
37
38 get_version
39
40 if linux_config_exists && kernel_is -ge 2 6 19; then
41 ewarn
42 ewarn "\033[1;33m**************************************************\033[1;33m"
43 ewarn
44 ewarn "Checking kernel configuration in /usr/src/linux or"
45 ewarn "or /proc/config.gz for compatibility with ${PN}."
46 ewarn
47 ewarn "WARNING: If your *configured* and *running* kernel"
48 ewarn "differ either now or in the future, then these checks"
49 ewarn "may lead to misleading results."
50
51 # Check options for all flavors of IPSec
52 local msg=""
53 for i in XFRM_USER NET_KEY; do
54 if ! linux_chkconfig_present ${i}; then
55 msg="${msg} ${i}"
56 fi
57 done
58 if [[ ! -z "$msg" ]]; then
59 ewarn
60 ewarn "ALL IPSec may fail. CHECK:"
61 ewarn "${msg}"
62 fi
63
64 # Check unencrypted IPSec
65 if ! linux_chkconfig_present CRYPTO_NULL; then
66 ewarn
67 ewarn "Unencrypted IPSec may fail. CHECK:"
68 ewarn " CRYPTO_NULL"
69 fi
70
71 # Check IPv4 IPSec
72 msg=""
73 for i in \
74 INET_IPCOMP INET_AH INET_ESP \
75 INET_XFRM_MODE_TRANSPORT \
76 INET_XFRM_MODE_TUNNEL \
77 INET_XFRM_MODE_BEET
78 do
79 if ! linux_chkconfig_present ${i}; then
80 msg="${msg} ${i}"
81 fi
82 done
83 if [[ ! -z "$msg" ]]; then
84 ewarn
85 ewarn "IPv4 IPSec may fail. CHECK:"
86 ewarn "${msg}"
87 fi
88
89 # Check IPv6 IPSec
90 if use ipv6; then
91 msg=""
92 for i in INET6_IPCOMP INET6_AH INET6_ESP \
93 INET6_XFRM_MODE_TRANSPORT \
94 INET6_XFRM_MODE_TUNNEL \
95 INET6_XFRM_MODE_BEET
96 do
97 if ! linux_chkconfig_present ${i}; then
98 msg="${msg} ${i}"
99 fi
100 done
101 if [[ ! -z "$msg" ]]; then
102 ewarn
103 ewarn "IPv6 IPSec may fail. CHECK:"
104 ewarn "${msg}"
105 fi
106 fi
107
108 # Check IPSec behind NAT
109 if use nat; then
110 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
111 ewarn
112 ewarn "IPSec behind NAT may fail. CHECK:"
113 ewarn " NETFILTER_XT_MATCH_POLICY"
114 fi
115 fi
116
117 ewarn
118 ewarn "\033[1;33m**************************************************\033[1;33m"
119 ewarn
120 else
121 eerror
122 eerror "\033[1;31m**************************************************\033[1;31m"
123 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
124 eerror "Building ${PN} now, assuming that you know what you're doing."
125 eerror "\033[1;31m**************************************************\033[1;31m"
126 eerror
127 fi
128 }
129
130 src_prepare() {
131 # fix for bug #76741
132 sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
133 # fix for bug #124813
134 sed -i 's:-Werror::g' "${S}"/configure.ac || die
135 # fix for building with gcc-4.6
136 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
137
138 epatch "${FILESDIR}/${PN}-def-psk.patch"
139 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
140
141 AT_M4DIR="${S}" eautoreconf
142 epunt_cxx
143 }
144
145 src_configure() {
146 # fix for bug #61025
147 filter-flags -march=c3
148
149 local myconf
150 myconf="--with-kernel-headers=/usr/include \
151 --enable-adminport \
152 --enable-frag \
153 --enable-dpd \
154 --enable-dependency-tracking \
155 $(use_enable rc5) \
156 $(use_enable idea) \
157 $(use_enable kerberos gssapi) \
158 $(use_enable stats) \
159 $(use_enable ipv6) \
160 $(use_enable nat natt) \
161 $(use_enable selinux security-context) \
162 $(use_with readline) \
163 $(use_with pam libpam) \
164 $(use_with ldap libldap)"
165
166 use nat && myconf="${myconf} --enable-natt-versions=yes"
167
168 # enable mode-cfg and xauth support
169 if use pam; then
170 myconf="${myconf} --enable-hybrid"
171 else
172 myconf="${myconf} $(use_enable hybrid)"
173 fi
174
175 # dev-libs/libiconv is hard masked
176 #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
177
178 # the default (/usr/include/openssl/) is OK for Gentoo, leave it
179 # myconf="${myconf} $(use_with ssl openssl )"
180
181 # No way to get it compiling with freeradius or gnuradius
182 # We would need libradius which only exists on FreeBSD
183
184 # See bug #77369
185 #myconf="${myconf} --enable-samode-unspec"
186
187 econf ${myconf}
188 }
189
190 src_install() {
191 emake DESTDIR="${D}" install
192 keepdir /var/lib/racoon
193 newconfd "${FILESDIR}"/racoon.conf.d racoon
194 newinitd "${FILESDIR}"/racoon.init.d racoon
195 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
196
197 dodoc ChangeLog README NEWS
198 dodoc -r src/racoon/samples
199 dodoc -r src/racoon/doc
200
201 docinto setkey
202 dodoc src/setkey/sample.cf
203
204 dodir /etc/racoon
205 }
206
207 pkg_postinst() {
208 if use nat; then
209 elog
210 elog "You have enabled the nat traversal functionnality."
211 elog "Nat versions wich are enabled by default are 00,02,rfc"
212 elog "you can find those drafts in the CVS repository:"
213 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
214 elog
215 elog "If you feel brave enough and you know what you are"
216 elog "doing, you can consider emerging this ebuild with"
217 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
218 elog
219 fi
220
221 if use ldap; then
222 elog
223 elog "You have enabled ldap support with {$PN}."
224 elog "The man page does NOT contain any information on it yet."
225 elog "Consider using a more recent version or CVS."
226 elog
227 fi
228
229 elog
230 elog "Please have a look in /usr/share/doc/${P} and visit"
231 elog "http://www.netbsd.org/Documentation/network/ipsec/"
232 elog "to find more information on how to configure this tool."
233 elog
234 }

  ViewVC Help
Powered by ViewVC 1.1.20