/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Fri Sep 28 00:45:26 2012 UTC (23 months, 2 weeks ago) by blueness
Branch: MAIN
Fix bug #435398 and #436144

(Portage version: 2.1.11.9/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild,v 1.2 2012/09/25 01:12:33 vapier Exp $
4
5 EAPI="4"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD GPL-2"
14 SLOT="0"
15 KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
16 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18 RDEPEND="
19 dev-libs/openssl
20 kerberos? ( virtual/krb5 )
21 ldap? ( net-nds/openldap )
22 pam? ( sys-libs/pam )
23 readline? ( sys-libs/readline )
24 selinux? (
25 sys-libs/libselinux
26 sec-policy/selinux-ipsec
27 )"
28
29 DEPEND="${RDEPEND}
30 >=sys-kernel/linux-headers-2.6.30"
31
32 pkg_preinst() {
33 if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
34 ewarn
35 ewarn "\033[1;33m**************************************************\033[00m"
36 ewarn
37 if ! has_version "net-misc/strongswan" ; then
38 ewarn "We found an earlier version of ${PN} installed."
39 ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
40 ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
41 ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
42 ewarn "rename this file for you with this upgrade. However, if"
43 ewarn "you later downgrade, you'll have to rename the file to"
44 ewarn "its orignal manually or change /etc/conf.d/racoon to point"
45 ewarn "to the new file."
46
47 if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
48 mv /etc/ipsec.conf /etc/ipsec-tools.conf
49 else
50 ewarn
51 ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
52 ewarn "Either the former doesn't exist or the later does and"
53 ewarn "I won't clobber it. Please fix this situation manually."
54 fi
55 else
56 ewarn "You had both an earlier version of ${PN} and"
57 ewarn "net-misc/strongswan installed. I can't tell whether"
58 ewarn "the configuration file, ipsec.conf, belongs to one"
59 ewarn "package or the other due to a file conflict; bug #436144."
60 ewarn "The current version of ${PN} uses ipsec-tools.conf"
61 ewarn "as its configuration file, as will future versions."
62 ewarn "Please fix this situation manually."
63 fi
64 ewarn
65 ewarn "\033[1;33m**************************************************\033[00m"
66 ewarn
67 fi
68 }
69
70 pkg_setup() {
71 linux-info_pkg_setup
72
73 get_version
74
75 if linux_config_exists && kernel_is -ge 2 6 19; then
76 ewarn
77 ewarn "\033[1;33m**************************************************\033[00m"
78 ewarn
79 ewarn "Checking kernel configuration in /usr/src/linux or"
80 ewarn "or /proc/config.gz for compatibility with ${PN}."
81 ewarn "Here are the potential problems:"
82 ewarn
83
84 local nothing="1"
85
86 # Check options for all flavors of IPSec
87 local msg=""
88 for i in XFRM_USER NET_KEY; do
89 if ! linux_chkconfig_present ${i}; then
90 msg="${msg} ${i}"
91 fi
92 done
93 if [[ ! -z "$msg" ]]; then
94 nothing="0"
95 ewarn
96 ewarn "ALL IPSec may fail. CHECK:"
97 ewarn "${msg}"
98 fi
99
100 # Check unencrypted IPSec
101 if ! linux_chkconfig_present CRYPTO_NULL; then
102 nothing="0"
103 ewarn
104 ewarn "Unencrypted IPSec may fail. CHECK:"
105 ewarn " CRYPTO_NULL"
106 fi
107
108 # Check IPv4 IPSec
109 msg=""
110 for i in \
111 INET_IPCOMP INET_AH INET_ESP \
112 INET_XFRM_MODE_TRANSPORT \
113 INET_XFRM_MODE_TUNNEL \
114 INET_XFRM_MODE_BEET
115 do
116 if ! linux_chkconfig_present ${i}; then
117 msg="${msg} ${i}"
118 fi
119 done
120 if [[ ! -z "$msg" ]]; then
121 nothing="0"
122 ewarn
123 ewarn "IPv4 IPSec may fail. CHECK:"
124 ewarn "${msg}"
125 fi
126
127 # Check IPv6 IPSec
128 if use ipv6; then
129 msg=""
130 for i in INET6_IPCOMP INET6_AH INET6_ESP \
131 INET6_XFRM_MODE_TRANSPORT \
132 INET6_XFRM_MODE_TUNNEL \
133 INET6_XFRM_MODE_BEET
134 do
135 if ! linux_chkconfig_present ${i}; then
136 msg="${msg} ${i}"
137 fi
138 done
139 if [[ ! -z "$msg" ]]; then
140 nothing="0"
141 ewarn
142 ewarn "IPv6 IPSec may fail. CHECK:"
143 ewarn "${msg}"
144 fi
145 fi
146
147 # Check IPSec behind NAT
148 if use nat; then
149 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
150 nothing="0"
151 ewarn
152 ewarn "IPSec behind NAT may fail. CHECK:"
153 ewarn " NETFILTER_XT_MATCH_POLICY"
154 fi
155 fi
156
157 if [[ $nothing == "1" ]]; then
158 ewarn "NO PROBLEMS FOUND"
159 fi
160
161 ewarn
162 ewarn "WARNING: If your *configured* and *running* kernel"
163 ewarn "differ either now or in the future, then these checks"
164 ewarn "may lead to misleading results."
165 ewarn
166 ewarn "\033[1;33m**************************************************\033[00m"
167 ewarn
168 else
169 eerror
170 eerror "\033[1;31m**************************************************\033[00m"
171 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
172 eerror "Building ${PN} now, assuming that you know what you're doing."
173 eerror "\033[1;31m**************************************************\033[00m"
174 eerror
175 fi
176 }
177
178 src_prepare() {
179 # fix for bug #124813
180 sed -i 's:-Werror::g' "${S}"/configure.ac || die
181 # fix for building with gcc-4.6
182 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
183
184 epatch "${FILESDIR}/${PN}-def-psk.patch"
185 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
186 epatch "${FILESDIR}"/${P}-sysctl.patch #425770
187
188 AT_M4DIR="${S}" eautoreconf
189 epunt_cxx
190 }
191
192 src_configure() {
193 #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
194 #--enable-samode-unspec is not supported in linux
195 local myconf
196 myconf="--with-kernel-headers=/usr/include \
197 --enable-adminport \
198 --enable-dependency-tracking \
199 --enable-dpd \
200 --enable-frag \
201 --without-libiconv \
202 --without-libradius \
203 --disable-samode-unspec \
204 $(use_enable idea) \
205 $(use_enable ipv6) \
206 $(use_enable kerberos gssapi) \
207 $(use_with ldap libldap) \
208 $(use_enable nat natt) \
209 $(use_with pam libpam) \
210 $(use_enable rc5) \
211 $(use_with readline) \
212 $(use_enable selinux security-context) \
213 $(use_enable stats)"
214
215 use nat && myconf="${myconf} --enable-natt-versions=yes"
216
217 # enable mode-cfg and xauth support
218 if use pam; then
219 myconf="${myconf} --enable-hybrid"
220 else
221 myconf="${myconf} $(use_enable hybrid)"
222 fi
223
224 econf ${myconf}
225 }
226
227 src_install() {
228 emake DESTDIR="${D}" install
229 keepdir /var/lib/racoon
230 newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
231 newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
232 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
233
234 insinto /etc
235 doins "${FILESDIR}"/ipsec-tools.conf
236 insinto /etc/racoon
237 doins "${FILESDIR}"/racoon.conf
238 doins "${FILESDIR}"/psk.txt
239 chmod 400 "${D}"/etc/racoon/psk.txt
240
241 dodoc ChangeLog README NEWS
242 dodoc -r src/racoon/samples
243 dodoc -r src/racoon/doc
244 docinto samples
245 mv ipsec.conf ipsec-tools.conf
246 newdoc src/setkey/sample.cf ipsec-tools.conf
247 }
248
249 pkg_postinst() {
250 if use nat; then
251 elog
252 elog "You have enabled the nat traversal functionnality."
253 elog "Nat versions wich are enabled by default are 00,02,rfc"
254 elog "you can find those drafts in the CVS repository:"
255 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
256 elog
257 elog "If you feel brave enough and you know what you are"
258 elog "doing, you can consider emerging this ebuild with"
259 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
260 elog
261 fi
262
263 if use ldap; then
264 elog
265 elog "You have enabled ldap support with {$PN}."
266 elog "The man page does NOT contain any information on it yet."
267 elog "Consider using a more recent version or CVS."
268 elog
269 fi
270
271 elog
272 elog "Please have a look in /usr/share/doc/${P} and visit"
273 elog "http://www.netbsd.org/Documentation/network/ipsec/"
274 elog "to find more information on how to configure this tool."
275 elog
276 }

  ViewVC Help
Powered by ViewVC 1.1.20