/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r2.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.0-r2.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Thu Mar 8 12:06:50 2012 UTC (2 years, 4 months ago) by blueness
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED
Remove poor approach to kernel headers

(Portage version: 2.1.10.44/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r2.ebuild,v 1.1 2012/03/06 00:12:41 blueness Exp $
4
5 EAPI="4"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD"
14 SLOT="0"
15 KEYWORDS="~amd64 ~x86"
16 IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
17
18 RDEPEND="
19 kerberos? ( virtual/krb5 )
20 selinux? (
21 sys-libs/libselinux
22 sec-policy/selinux-ipsec-tools
23 )
24 readline? ( sys-libs/readline )
25 pam? ( sys-libs/pam )
26 ldap? ( net-nds/openldap )
27 dev-libs/openssl
28 virtual/libiconv"
29 # iconv? ( virtual/libiconv )
30 # radius? ( net-dialup/gnuradius )
31
32 DEPEND="${RDEPEND}
33 >=sys-kernel/linux-headers-2.6.30"
34
35 pkg_setup() {
36 linux-info_pkg_setup
37
38 get_version
39
40 if linux_config_exists && kernel_is -ge 2 6 19; then
41 ewarn
42 ewarn "\033[1;33m**************************************************\033[1;33m"
43 ewarn
44 ewarn "Checking kernel configuration in /usr/src/linux or"
45 ewarn "or /proc/config.gz for compatibility with ${PN}."
46 ewarn
47 ewarn "WARNING: If your *configured* and *running* kernel"
48 ewarn "differ either now or in the future, then these checks"
49 ewarn "may lead to misleading results."
50
51 # Check options for all flavors of IPSec
52 local msg=""
53 for i in XFRM_USER NET_KEY; do
54 if ! linux_chkconfig_present ${i}; then
55 msg="${msg} ${i}"
56 fi
57 done
58 if [[ ! -z "$msg" ]]; then
59 ewarn
60 ewarn "ALL IPSec may fail. CHECK:"
61 ewarn "${msg}"
62 fi
63
64 # Check unencrypted IPSec
65 if ! linux_chkconfig_present CRYPTO_NULL; then
66 ewarn
67 ewarn "Unencrypted IPSec may fail. CHECK:"
68 ewarn " CRYPTO_NULL"
69 fi
70
71 # Check IPv4 IPSec
72 msg=""
73 for i in \
74 INET_IPCOMP INET_AH INET_ESP \
75 INET_XFRM_MODE_TRANSPORT \
76 INET_XFRM_MODE_TUNNEL \
77 INET_XFRM_MODE_BEET
78 do
79 if ! linux_chkconfig_present ${i}; then
80 msg="${msg} ${i}"
81 fi
82 done
83 if [[ ! -z "$msg" ]]; then
84 ewarn
85 ewarn "IPv4 IPSec may fail. CHECK:"
86 ewarn "${msg}"
87 fi
88
89 # Check IPv6 IPSec
90 if use ipv6; then
91 msg=""
92 for i in INET6_IPCOMP INET6_AH INET6_ESP \
93 INET6_XFRM_MODE_TRANSPORT \
94 INET6_XFRM_MODE_TUNNEL \
95 INET6_XFRM_MODE_BEET
96 do
97 if ! linux_chkconfig_present ${i}; then
98 msg="${msg} ${i}"
99 fi
100 done
101 if [[ ! -z "$msg" ]]; then
102 ewarn
103 ewarn "IPv6 IPSec may fail. CHECK:"
104 ewarn "${msg}"
105 fi
106 fi
107
108 # Check IPSec behind NAT
109 if use nat; then
110 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
111 ewarn
112 ewarn "IPSec behind NAT may fail. CHECK:"
113 ewarn " NETFILTER_XT_MATCH_POLICY"
114 fi
115 fi
116
117 ewarn
118 ewarn "\033[1;33m**************************************************\033[1;33m"
119 ewarn
120 else
121 eerror
122 eerror "\033[1;31m**************************************************\033[1;31m"
123 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
124 eerror "Building ${PN} now, assuming that you know what you're doing."
125 eerror "\033[1;31m**************************************************\033[1;31m"
126 eerror
127 fi
128 }
129
130 src_prepare() {
131 # fix for bug #76741
132 sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
133 # fix for bug #124813
134 sed -i 's:-Werror::g' "${S}"/configure.ac || die
135 # fix for building with gcc-4.6
136 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
137
138 epatch "${FILESDIR}/${PN}-def-psk.patch"
139 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
140 epatch "${FILESDIR}/${PN}-system-kernel-headers.patch"
141
142 AT_M4DIR="${S}" eautoreconf
143 epunt_cxx
144 }
145
146 src_configure() {
147 # fix for bug #61025
148 filter-flags -march=c3
149
150 local myconf
151 myconf="--with-kernel-headers=/usr/include \
152 --enable-adminport \
153 --enable-frag \
154 --enable-dpd \
155 --enable-dependency-tracking \
156 $(use_enable rc5) \
157 $(use_enable idea) \
158 $(use_enable kerberos gssapi) \
159 $(use_enable stats) \
160 $(use_enable ipv6) \
161 $(use_enable nat natt) \
162 $(use_enable selinux security-context) \
163 $(use_with readline) \
164 $(use_with pam libpam) \
165 $(use_with ldap libldap)"
166
167 use nat && myconf="${myconf} --enable-natt-versions=yes"
168
169 # enable mode-cfg and xauth support
170 if use pam; then
171 myconf="${myconf} --enable-hybrid"
172 else
173 myconf="${myconf} $(use_enable hybrid)"
174 fi
175
176 # dev-libs/libiconv is hard masked
177 #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
178
179 # the default (/usr/include/openssl/) is OK for Gentoo, leave it
180 # myconf="${myconf} $(use_with ssl openssl )"
181
182 # No way to get it compiling with freeradius or gnuradius
183 # We would need libradius which only exists on FreeBSD
184
185 # See bug #77369
186 #myconf="${myconf} --enable-samode-unspec"
187
188 econf ${myconf}
189 }
190
191 src_install() {
192 emake DESTDIR="${D}" install
193 keepdir /var/lib/racoon
194 newconfd "${FILESDIR}"/racoon.conf.d racoon
195 newinitd "${FILESDIR}"/racoon.init.d racoon
196 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
197
198 dodoc ChangeLog README NEWS
199 dodoc -r src/racoon/samples
200 dodoc -r src/racoon/doc
201
202 docinto setkey
203 dodoc src/setkey/sample.cf
204
205 dodir /etc/racoon
206 }
207
208 pkg_postinst() {
209 if use nat; then
210 elog
211 elog "You have enabled the nat traversal functionnality."
212 elog "Nat versions wich are enabled by default are 00,02,rfc"
213 elog "you can find those drafts in the CVS repository:"
214 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
215 elog
216 elog "If you feel brave enough and you know what you are"
217 elog "doing, you can consider emerging this ebuild with"
218 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
219 elog
220 fi
221
222 if use ldap; then
223 elog
224 elog "You have enabled ldap support with {$PN}."
225 elog "The man page does NOT contain any information on it yet."
226 elog "Consider using a more recent version or CVS."
227 elog
228 fi
229
230 elog
231 elog "Please have a look in /usr/share/doc/${P} and visit"
232 elog "http://www.netbsd.org/Documentation/network/ipsec/"
233 elog "to find more information on how to configure this tool."
234 elog
235 }

  ViewVC Help
Powered by ViewVC 1.1.20