/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.11 - (show annotations) (download)
Sun Sep 16 17:57:53 2012 UTC (22 months, 2 weeks ago) by blueness
Branch: MAIN
Changes since 1.10: +2 -2 lines
Stable arm

(Portage version: 2.1.11.9/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild,v 1.10 2012/08/05 20:08:33 blueness Exp $
4
5 EAPI="4"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD GPL-2"
14 SLOT="0"
15 KEYWORDS="amd64 arm ~mips ppc ppc64 x86"
16 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18 RDEPEND="
19 dev-libs/openssl
20 kerberos? ( virtual/krb5 )
21 ldap? ( net-nds/openldap )
22 pam? ( sys-libs/pam )
23 readline? ( sys-libs/readline )
24 selinux? (
25 sys-libs/libselinux
26 sec-policy/selinux-ipsec
27 )"
28
29 DEPEND="${RDEPEND}
30 >=sys-kernel/linux-headers-2.6.30"
31
32 pkg_setup() {
33 linux-info_pkg_setup
34
35 get_version
36
37 if linux_config_exists && kernel_is -ge 2 6 19; then
38 ewarn
39 ewarn "\033[1;33m**************************************************\033[00m"
40 ewarn
41 ewarn "Checking kernel configuration in /usr/src/linux or"
42 ewarn "or /proc/config.gz for compatibility with ${PN}."
43 ewarn "Here are the potential problems:"
44 ewarn
45
46 local nothing="1"
47
48 # Check options for all flavors of IPSec
49 local msg=""
50 for i in XFRM_USER NET_KEY; do
51 if ! linux_chkconfig_present ${i}; then
52 msg="${msg} ${i}"
53 fi
54 done
55 if [[ ! -z "$msg" ]]; then
56 nothing="0"
57 ewarn
58 ewarn "ALL IPSec may fail. CHECK:"
59 ewarn "${msg}"
60 fi
61
62 # Check unencrypted IPSec
63 if ! linux_chkconfig_present CRYPTO_NULL; then
64 nothing="0"
65 ewarn
66 ewarn "Unencrypted IPSec may fail. CHECK:"
67 ewarn " CRYPTO_NULL"
68 fi
69
70 # Check IPv4 IPSec
71 msg=""
72 for i in \
73 INET_IPCOMP INET_AH INET_ESP \
74 INET_XFRM_MODE_TRANSPORT \
75 INET_XFRM_MODE_TUNNEL \
76 INET_XFRM_MODE_BEET
77 do
78 if ! linux_chkconfig_present ${i}; then
79 msg="${msg} ${i}"
80 fi
81 done
82 if [[ ! -z "$msg" ]]; then
83 nothing="0"
84 ewarn
85 ewarn "IPv4 IPSec may fail. CHECK:"
86 ewarn "${msg}"
87 fi
88
89 # Check IPv6 IPSec
90 if use ipv6; then
91 msg=""
92 for i in INET6_IPCOMP INET6_AH INET6_ESP \
93 INET6_XFRM_MODE_TRANSPORT \
94 INET6_XFRM_MODE_TUNNEL \
95 INET6_XFRM_MODE_BEET
96 do
97 if ! linux_chkconfig_present ${i}; then
98 msg="${msg} ${i}"
99 fi
100 done
101 if [[ ! -z "$msg" ]]; then
102 nothing="0"
103 ewarn
104 ewarn "IPv6 IPSec may fail. CHECK:"
105 ewarn "${msg}"
106 fi
107 fi
108
109 # Check IPSec behind NAT
110 if use nat; then
111 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
112 nothing="0"
113 ewarn
114 ewarn "IPSec behind NAT may fail. CHECK:"
115 ewarn " NETFILTER_XT_MATCH_POLICY"
116 fi
117 fi
118
119 if [[ $nothing == "1" ]]; then
120 ewarn "NO PROBLEMS FOUND"
121 fi
122
123 ewarn
124 ewarn "WARNING: If your *configured* and *running* kernel"
125 ewarn "differ either now or in the future, then these checks"
126 ewarn "may lead to misleading results."
127 ewarn
128 ewarn "\033[1;33m**************************************************\033[00m"
129 ewarn
130 else
131 eerror
132 eerror "\033[1;31m**************************************************\033[00m"
133 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
134 eerror "Building ${PN} now, assuming that you know what you're doing."
135 eerror "\033[1;31m**************************************************\033[00m"
136 eerror
137 fi
138 }
139
140 src_prepare() {
141 # fix for bug #124813
142 sed -i 's:-Werror::g' "${S}"/configure.ac || die
143 # fix for building with gcc-4.6
144 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
145
146 epatch "${FILESDIR}/${PN}-def-psk.patch"
147 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
148
149 AT_M4DIR="${S}" eautoreconf
150 epunt_cxx
151 }
152
153 src_configure() {
154 #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
155 #--enable-samode-unspec is not supported in linux
156 local myconf
157 myconf="--with-kernel-headers=/usr/include \
158 --enable-adminport \
159 --enable-dependency-tracking \
160 --enable-dpd \
161 --enable-frag \
162 --without-libiconv \
163 --without-libradius \
164 --disable-samode-unspec \
165 $(use_enable idea) \
166 $(use_enable ipv6) \
167 $(use_enable kerberos gssapi) \
168 $(use_with ldap libldap) \
169 $(use_enable nat natt) \
170 $(use_with pam libpam) \
171 $(use_enable rc5) \
172 $(use_with readline) \
173 $(use_enable selinux security-context) \
174 $(use_enable stats)"
175
176 use nat && myconf="${myconf} --enable-natt-versions=yes"
177
178 # enable mode-cfg and xauth support
179 if use pam; then
180 myconf="${myconf} --enable-hybrid"
181 else
182 myconf="${myconf} $(use_enable hybrid)"
183 fi
184
185 econf ${myconf}
186 }
187
188 src_install() {
189 emake DESTDIR="${D}" install
190 keepdir /var/lib/racoon
191 newconfd "${FILESDIR}"/racoon.conf.d racoon
192 newinitd "${FILESDIR}"/racoon.init.d racoon
193 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
194
195 insinto /etc
196 doins "${FILESDIR}"/ipsec.conf
197 insinto /etc/racoon
198 doins "${FILESDIR}"/racoon.conf
199 doins "${FILESDIR}"/psk.txt
200 chmod 400 "${D}"/etc/racoon/psk.txt
201
202 dodoc ChangeLog README NEWS
203 dodoc -r src/racoon/samples
204 dodoc -r src/racoon/doc
205 docinto samples
206 newdoc src/setkey/sample.cf ipsec.conf
207 }
208
209 pkg_postinst() {
210 if use nat; then
211 elog
212 elog "You have enabled the nat traversal functionnality."
213 elog "Nat versions wich are enabled by default are 00,02,rfc"
214 elog "you can find those drafts in the CVS repository:"
215 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
216 elog
217 elog "If you feel brave enough and you know what you are"
218 elog "doing, you can consider emerging this ebuild with"
219 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
220 elog
221 fi
222
223 if use ldap; then
224 elog
225 elog "You have enabled ldap support with {$PN}."
226 elog "The man page does NOT contain any information on it yet."
227 elog "Consider using a more recent version or CVS."
228 elog
229 fi
230
231 elog
232 elog "Please have a look in /usr/share/doc/${P} and visit"
233 elog "http://www.netbsd.org/Documentation/network/ipsec/"
234 elog "to find more information on how to configure this tool."
235 elog
236 }

  ViewVC Help
Powered by ViewVC 1.1.20