net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild

# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild,v 1.6 2012/07/12 02:33:57 blueness Exp $

EAPI="4"

inherit eutils flag-o-matic autotools linux-info pam

DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
HOMEPAGE="http://ipsec-tools.sourceforge.net/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"

LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~mips ppc ppc64 ~x86"
IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"

RDEPEND="
        dev-libs/openssl
        kerberos? ( virtual/krb5 )
        ldap? ( net-nds/openldap )
        pam? ( sys-libs/pam )
        readline? ( sys-libs/readline )
        selinux? (
                sys-libs/libselinux
                sec-policy/selinux-ipsec
        )"

DEPEND="${RDEPEND}
        >=sys-kernel/linux-headers-2.6.30"

pkg_setup() {
        linux-info_pkg_setup

        get_version

        if linux_config_exists && kernel_is -ge 2 6 19; then
                ewarn
                ewarn "\033[1;33m**************************************************\033[00m"
                ewarn
                ewarn "Checking kernel configuration in /usr/src/linux or"
                ewarn "or /proc/config.gz for compatibility with ${PN}."
                ewarn "Here are the potential problems:"
                ewarn

                local nothing="1"

                # Check options for all flavors of IPSec
                local msg=""
                for i in XFRM_USER NET_KEY; do
                        if ! linux_chkconfig_present ${i}; then
                                msg="${msg} ${i}"
                        fi
                done
                if [[ ! -z "$msg" ]]; then
                        nothing="0"
                        ewarn
                        ewarn "ALL IPSec may fail. CHECK:"
                        ewarn "${msg}"
                fi

                # Check unencrypted IPSec
                if ! linux_chkconfig_present CRYPTO_NULL; then
                        nothing="0"
                        ewarn
                        ewarn "Unencrypted IPSec may fail. CHECK:"
                        ewarn " CRYPTO_NULL"
                fi

                # Check IPv4 IPSec
                msg=""
                for i in \
                        INET_IPCOMP INET_AH INET_ESP \
                        INET_XFRM_MODE_TRANSPORT \
                        INET_XFRM_MODE_TUNNEL \
                        INET_XFRM_MODE_BEET
                do
                        if ! linux_chkconfig_present ${i}; then
                                msg="${msg} ${i}"
                        fi
                done
                if [[ ! -z "$msg" ]]; then
                        nothing="0"
                        ewarn
                        ewarn "IPv4 IPSec may fail. CHECK:"
                        ewarn "${msg}"
                fi

                # Check IPv6 IPSec
                if use ipv6; then
                        msg=""
                        for i in INET6_IPCOMP INET6_AH INET6_ESP \
                                INET6_XFRM_MODE_TRANSPORT \
                                INET6_XFRM_MODE_TUNNEL \
                                INET6_XFRM_MODE_BEET
                        do
                                if ! linux_chkconfig_present ${i}; then
                                        msg="${msg} ${i}"
                                fi
                        done
                        if [[ ! -z "$msg" ]]; then
                        nothing="0"
                                ewarn
                                ewarn "IPv6 IPSec may fail. CHECK:"
                                ewarn "${msg}"
                        fi
                fi

                # Check IPSec behind NAT
                if use nat; then
                        if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
                                nothing="0"
                                ewarn
                                ewarn "IPSec behind NAT may fail.  CHECK:"
                                ewarn " NETFILTER_XT_MATCH_POLICY"
                        fi
                fi

                if [[ $nothing == "1" ]]; then
                        ewarn "NO PROBLEMS FOUND"
                fi

                ewarn
                ewarn "WARNING: If your *configured* and *running* kernel"
                ewarn "differ either now or in the future, then these checks"
                ewarn "may lead to misleading results."
                ewarn
                ewarn "\033[1;33m**************************************************\033[00m"
                ewarn
        else
                eerror
                eerror "\033[1;31m**************************************************\033[00m"
                eerror "Make sure that your *running* kernel is/will be >=2.6.19."
                eerror "Building ${PN} now, assuming that you know what you're doing."
                eerror "\033[1;31m**************************************************\033[00m"
                eerror
        fi
}

src_prepare() {
        # fix for bug #124813
        sed -i 's:-Werror::g' "${S}"/configure.ac || die
        # fix for building with gcc-4.6
        sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die

        epatch "${FILESDIR}/${PN}-def-psk.patch"
        epatch "${FILESDIR}/${PN}-include-vendoridh.patch"

        AT_M4DIR="${S}" eautoreconf
        epunt_cxx
}

src_configure() {
        #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
        #--enable-samode-unspec is not supported in linux
        local myconf
        myconf="--with-kernel-headers=/usr/include \
                        --enable-adminport \
                        --enable-dependency-tracking \
                        --enable-dpd \
                        --enable-frag \
                        --without-libiconv \
                        --without-libradius \
                        --disable-samode-unspec \
                        $(use_enable idea) \
                        $(use_enable ipv6) \
                        $(use_enable kerberos gssapi) \
                        $(use_with ldap libldap) \
                        $(use_enable nat natt) \
                        $(use_with pam libpam) \
                        $(use_enable rc5) \
                        $(use_with readline) \
                        $(use_enable selinux security-context) \
                        $(use_enable stats)"

        use nat && myconf="${myconf} --enable-natt-versions=yes"

        # enable mode-cfg and xauth support
        if use pam; then
                myconf="${myconf} --enable-hybrid"
        else
                myconf="${myconf} $(use_enable hybrid)"
        fi

        econf ${myconf}
}

src_install() {
        emake DESTDIR="${D}" install
        keepdir /var/lib/racoon
        newconfd "${FILESDIR}"/racoon.conf.d racoon
        newinitd "${FILESDIR}"/racoon.init.d racoon
        use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon

        insinto /etc
        doins "${FILESDIR}"/ipsec.conf
        insinto /etc/racoon
        doins "${FILESDIR}"/racoon.conf
        doins "${FILESDIR}"/psk.txt
        chmod 400 "${D}"/etc/racoon/psk.txt

        dodoc ChangeLog README NEWS
        dodoc -r src/racoon/samples
        dodoc -r src/racoon/doc
        docinto samples
        newdoc src/setkey/sample.cf ipsec.conf
}

pkg_postinst() {
        if use nat; then
                elog
                elog "You have enabled the nat traversal functionnality."
                elog "Nat versions wich are enabled by default are 00,02,rfc"
                elog "you can find those drafts in the CVS repository:"
                elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
                elog
                elog "If you feel brave enough and you know what you are"
                elog "doing, you can consider emerging this ebuild with"
                elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
                elog
        fi

        if use ldap; then
                elog
                elog "You have enabled ldap support with {$PN}."
                elog "The man page does NOT contain any information on it yet."
                elog "Consider using a more recent version or CVS."
                elog
        fi

        elog
        elog "Please have a look in /usr/share/doc/${P} and visit"
        elog "http://www.netbsd.org/Documentation/network/ipsec/"
        elog "to find more information on how to configure this tool."
        elog
}
1	# Copyright 1999-2012 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild,v 1.6 2012/07/12 02:33:57 blueness Exp $
4
5	EAPI="4"
6
7	inherit eutils flag-o-matic autotools linux-info pam
8
9	DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10	HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11	SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13	LICENSE="BSD GPL-2"
14	SLOT="0"
15	KEYWORDS="~amd64 ~mips ppc ppc64 ~x86"
16	IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18	RDEPEND="
19	dev-libs/openssl
20	kerberos? ( virtual/krb5 )
21	ldap? ( net-nds/openldap )
22	pam? ( sys-libs/pam )
23	readline? ( sys-libs/readline )
24	selinux? (
25	sys-libs/libselinux
26	sec-policy/selinux-ipsec
27	)"
28
29	DEPEND="${RDEPEND}
30	>=sys-kernel/linux-headers-2.6.30"
31
32	pkg_setup() {
33	linux-info_pkg_setup
34
35	get_version
36
37	if linux_config_exists && kernel_is -ge 2 6 19; then
38	ewarn
39	ewarn "\033[1;33m**************************************************\033[00m"
40	ewarn
41	ewarn "Checking kernel configuration in /usr/src/linux or"
42	ewarn "or /proc/config.gz for compatibility with ${PN}."
43	ewarn "Here are the potential problems:"
44	ewarn
45
46	local nothing="1"
47
48	# Check options for all flavors of IPSec
49	local msg=""
50	for i in XFRM_USER NET_KEY; do
51	if ! linux_chkconfig_present ${i}; then
52	msg="${msg} ${i}"
53	fi
54	done
55	if [[ ! -z "$msg" ]]; then
56	nothing="0"
57	ewarn
58	ewarn "ALL IPSec may fail. CHECK:"
59	ewarn "${msg}"
60	fi
61
62	# Check unencrypted IPSec
63	if ! linux_chkconfig_present CRYPTO_NULL; then
64	nothing="0"
65	ewarn
66	ewarn "Unencrypted IPSec may fail. CHECK:"
67	ewarn " CRYPTO_NULL"
68	fi
69
70	# Check IPv4 IPSec
71	msg=""
72	for i in \
73	INET_IPCOMP INET_AH INET_ESP \
74	INET_XFRM_MODE_TRANSPORT \
75	INET_XFRM_MODE_TUNNEL \
76	INET_XFRM_MODE_BEET
77	do
78	if ! linux_chkconfig_present ${i}; then
79	msg="${msg} ${i}"
80	fi
81	done
82	if [[ ! -z "$msg" ]]; then
83	nothing="0"
84	ewarn
85	ewarn "IPv4 IPSec may fail. CHECK:"
86	ewarn "${msg}"
87	fi
88
89	# Check IPv6 IPSec
90	if use ipv6; then
91	msg=""
92	for i in INET6_IPCOMP INET6_AH INET6_ESP \
93	INET6_XFRM_MODE_TRANSPORT \
94	INET6_XFRM_MODE_TUNNEL \
95	INET6_XFRM_MODE_BEET
96	do
97	if ! linux_chkconfig_present ${i}; then
98	msg="${msg} ${i}"
99	fi
100	done
101	if [[ ! -z "$msg" ]]; then
102	nothing="0"
103	ewarn
104	ewarn "IPv6 IPSec may fail. CHECK:"
105	ewarn "${msg}"
106	fi
107	fi
108
109	# Check IPSec behind NAT
110	if use nat; then
111	if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
112	nothing="0"
113	ewarn
114	ewarn "IPSec behind NAT may fail. CHECK:"
115	ewarn " NETFILTER_XT_MATCH_POLICY"
116	fi
117	fi
118
119	if [[ $nothing == "1" ]]; then
120	ewarn "NO PROBLEMS FOUND"
121	fi
122
123	ewarn
124	ewarn "WARNING: If your configured and running kernel"
125	ewarn "differ either now or in the future, then these checks"
126	ewarn "may lead to misleading results."
127	ewarn
128	ewarn "\033[1;33m**************************************************\033[00m"
129	ewarn
130	else
131	eerror
132	eerror "\033[1;31m**************************************************\033[00m"
133	eerror "Make sure that your running kernel is/will be >=2.6.19."
134	eerror "Building ${PN} now, assuming that you know what you're doing."
135	eerror "\033[1;31m**************************************************\033[00m"
136	eerror
137	fi
138	}
139
140	src_prepare() {
141	# fix for bug #124813
142	sed -i 's:-Werror::g' "${S}"/configure.ac \|\| die
143	# fix for building with gcc-4.6
144	sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac \|\| die
145
146	epatch "${FILESDIR}/${PN}-def-psk.patch"
147	epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
148
149	AT_M4DIR="${S}" eautoreconf
150	epunt_cxx
151	}
152
153	src_configure() {
154	#--with-{iconv,libradius} lead to "Broken getaddrinfo()"
155	#--enable-samode-unspec is not supported in linux
156	local myconf
157	myconf="--with-kernel-headers=/usr/include \
158	--enable-adminport \
159	--enable-dependency-tracking \
160	--enable-dpd \
161	--enable-frag \
162	--without-libiconv \
163	--without-libradius \
164	--disable-samode-unspec \
165	$(use_enable idea) \
166	$(use_enable ipv6) \
167	$(use_enable kerberos gssapi) \
168	$(use_with ldap libldap) \
169	$(use_enable nat natt) \
170	$(use_with pam libpam) \
171	$(use_enable rc5) \
172	$(use_with readline) \
173	$(use_enable selinux security-context) \
174	$(use_enable stats)"
175
176	use nat && myconf="${myconf} --enable-natt-versions=yes"
177
178	# enable mode-cfg and xauth support
179	if use pam; then
180	myconf="${myconf} --enable-hybrid"
181	else
182	myconf="${myconf} $(use_enable hybrid)"
183	fi
184
185	econf ${myconf}
186	}
187
188	src_install() {
189	emake DESTDIR="${D}" install
190	keepdir /var/lib/racoon
191	newconfd "${FILESDIR}"/racoon.conf.d racoon
192	newinitd "${FILESDIR}"/racoon.init.d racoon
193	use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
194
195	insinto /etc
196	doins "${FILESDIR}"/ipsec.conf
197	insinto /etc/racoon
198	doins "${FILESDIR}"/racoon.conf
199	doins "${FILESDIR}"/psk.txt
200	chmod 400 "${D}"/etc/racoon/psk.txt
201
202	dodoc ChangeLog README NEWS
203	dodoc -r src/racoon/samples
204	dodoc -r src/racoon/doc
205	docinto samples
206	newdoc src/setkey/sample.cf ipsec.conf
207	}
208
209	pkg_postinst() {
210	if use nat; then
211	elog
212	elog "You have enabled the nat traversal functionnality."
213	elog "Nat versions wich are enabled by default are 00,02,rfc"
214	elog "you can find those drafts in the CVS repository:"
215	elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
216	elog
217	elog "If you feel brave enough and you know what you are"
218	elog "doing, you can consider emerging this ebuild with"
219	elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
220	elog
221	fi
222
223	if use ldap; then
224	elog
225	elog "You have enabled ldap support with {$PN}."
226	elog "The man page does NOT contain any information on it yet."
227	elog "Consider using a more recent version or CVS."
228	elog
229	fi
230
231	elog
232	elog "Please have a look in /usr/share/doc/${P} and visit"
233	elog "http://www.netbsd.org/Documentation/network/ipsec/"
234	elog "to find more information on how to configure this tool."
235	elog
236	}