/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.1.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Sat Mar 23 19:15:21 2013 UTC (18 months, 1 week ago) by floppym
Branch: MAIN
Changes since 1.2: +2 -2 lines
Don't rename /etc/ipsec.conf if openswan is installed. Bug 462782 by Pl├╝ss Roland.

(Portage version: 2.2.0_alpha169/cvs/Linux x86_64, signed Manifest commit with key 0BBEEA1FEA4843A4)

1 # Copyright 1999-2013 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.1.ebuild,v 1.2 2013/03/16 08:48:44 blueness Exp $
4
5 EAPI="5"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD GPL-2"
14 SLOT="0"
15 KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
16 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18 RDEPEND="
19 dev-libs/openssl
20 kerberos? ( virtual/krb5 )
21 ldap? ( net-nds/openldap )
22 pam? ( sys-libs/pam )
23 readline? ( sys-libs/readline )
24 selinux? (
25 sys-libs/libselinux
26 sec-policy/selinux-ipsec
27 )"
28
29 DEPEND="${RDEPEND}
30 >=sys-kernel/linux-headers-2.6.30"
31
32 pkg_preinst() {
33 if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
34 ewarn
35 ewarn "\033[1;33m**************************************************\033[00m"
36 ewarn
37 if ! has_version "net-misc/strongswan" && ! has_version "net-misc/openswan"; then
38 ewarn "We found an earlier version of ${PN} installed."
39 ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
40 ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
41 ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
42 ewarn "rename this file for you with this upgrade. However, if"
43 ewarn "you later downgrade, you'll have to rename the file to"
44 ewarn "its orignal manually or change /etc/conf.d/racoon to point"
45 ewarn "to the new file."
46
47 if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
48 mv /etc/ipsec.conf /etc/ipsec-tools.conf
49 else
50 ewarn
51 ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
52 ewarn "Either the former doesn't exist or the later does and"
53 ewarn "I won't clobber it. Please fix this situation manually."
54 fi
55 else
56 ewarn "You had both an earlier version of ${PN} and"
57 ewarn "net-misc/strongswan installed. I can't tell whether"
58 ewarn "the configuration file, ipsec.conf, belongs to one"
59 ewarn "package or the other due to a file conflict; bug #436144."
60 ewarn "The current version of ${PN} uses ipsec-tools.conf"
61 ewarn "as its configuration file, as will future versions."
62 ewarn "Please fix this situation manually."
63 fi
64 ewarn
65 ewarn "\033[1;33m**************************************************\033[00m"
66 ewarn
67 fi
68 }
69
70 pkg_setup() {
71 linux-info_pkg_setup
72
73 get_version
74
75 if linux_config_exists && kernel_is -ge 2 6 19; then
76 ewarn
77 ewarn "\033[1;33m**************************************************\033[00m"
78 ewarn
79 ewarn "Checking kernel configuration in /usr/src/linux or"
80 ewarn "or /proc/config.gz for compatibility with ${PN}."
81 ewarn "Here are the potential problems:"
82 ewarn
83
84 local nothing="1"
85
86 # Check options for all flavors of IPSec
87 local msg=""
88 for i in XFRM_USER NET_KEY; do
89 if ! linux_chkconfig_present ${i}; then
90 msg="${msg} ${i}"
91 fi
92 done
93 if [[ ! -z "$msg" ]]; then
94 nothing="0"
95 ewarn
96 ewarn "ALL IPSec may fail. CHECK:"
97 ewarn "${msg}"
98 fi
99
100 # Check unencrypted IPSec
101 if ! linux_chkconfig_present CRYPTO_NULL; then
102 nothing="0"
103 ewarn
104 ewarn "Unencrypted IPSec may fail. CHECK:"
105 ewarn " CRYPTO_NULL"
106 fi
107
108 # Check IPv4 IPSec
109 msg=""
110 for i in \
111 INET_IPCOMP INET_AH INET_ESP \
112 INET_XFRM_MODE_TRANSPORT \
113 INET_XFRM_MODE_TUNNEL \
114 INET_XFRM_MODE_BEET
115 do
116 if ! linux_chkconfig_present ${i}; then
117 msg="${msg} ${i}"
118 fi
119 done
120 if [[ ! -z "$msg" ]]; then
121 nothing="0"
122 ewarn
123 ewarn "IPv4 IPSec may fail. CHECK:"
124 ewarn "${msg}"
125 fi
126
127 # Check IPv6 IPSec
128 if use ipv6; then
129 msg=""
130 for i in INET6_IPCOMP INET6_AH INET6_ESP \
131 INET6_XFRM_MODE_TRANSPORT \
132 INET6_XFRM_MODE_TUNNEL \
133 INET6_XFRM_MODE_BEET
134 do
135 if ! linux_chkconfig_present ${i}; then
136 msg="${msg} ${i}"
137 fi
138 done
139 if [[ ! -z "$msg" ]]; then
140 nothing="0"
141 ewarn
142 ewarn "IPv6 IPSec may fail. CHECK:"
143 ewarn "${msg}"
144 fi
145 fi
146
147 # Check IPSec behind NAT
148 if use nat; then
149 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
150 nothing="0"
151 ewarn
152 ewarn "IPSec behind NAT may fail. CHECK:"
153 ewarn " NETFILTER_XT_MATCH_POLICY"
154 fi
155 fi
156
157 if [[ $nothing == "1" ]]; then
158 ewarn "NO PROBLEMS FOUND"
159 fi
160
161 ewarn
162 ewarn "WARNING: If your *configured* and *running* kernel"
163 ewarn "differ either now or in the future, then these checks"
164 ewarn "may lead to misleading results."
165 ewarn
166 ewarn "\033[1;33m**************************************************\033[00m"
167 ewarn
168 else
169 eerror
170 eerror "\033[1;31m**************************************************\033[00m"
171 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
172 eerror "Building ${PN} now, assuming that you know what you're doing."
173 eerror "\033[1;31m**************************************************\033[00m"
174 eerror
175 fi
176 }
177
178 src_prepare() {
179 # fix for bug #124813
180 sed -i 's:-Werror::g' "${S}"/configure.ac || die
181 # fix for building with gcc-4.6
182 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
183
184 epatch "${FILESDIR}/${PN}-def-psk.patch"
185 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
186 epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
187
188 AT_M4DIR="${S}" eautoreconf
189 }
190
191 src_configure() {
192 #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
193 #--enable-samode-unspec is not supported in linux
194 local myconf
195 myconf="--with-kernel-headers=/usr/include \
196 --enable-adminport \
197 --enable-dependency-tracking \
198 --enable-dpd \
199 --enable-frag \
200 --without-libiconv \
201 --without-libradius \
202 --disable-samode-unspec \
203 $(use_enable idea) \
204 $(use_enable ipv6) \
205 $(use_enable kerberos gssapi) \
206 $(use_with ldap libldap) \
207 $(use_enable nat natt) \
208 $(use_with pam libpam) \
209 $(use_enable rc5) \
210 $(use_with readline) \
211 $(use_enable selinux security-context) \
212 $(use_enable stats)"
213
214 use nat && myconf="${myconf} --enable-natt-versions=yes"
215
216 # enable mode-cfg and xauth support
217 if use pam; then
218 myconf="${myconf} --enable-hybrid"
219 else
220 myconf="${myconf} $(use_enable hybrid)"
221 fi
222
223 econf ${myconf}
224 }
225
226 src_install() {
227 emake DESTDIR="${D}" install
228 keepdir /var/lib/racoon
229 newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
230 newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
231 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
232
233 insinto /etc
234 doins "${FILESDIR}"/ipsec-tools.conf
235 insinto /etc/racoon
236 doins "${FILESDIR}"/racoon.conf
237 doins "${FILESDIR}"/psk.txt
238 chmod 400 "${D}"/etc/racoon/psk.txt
239
240 dodoc ChangeLog README NEWS
241 dodoc -r src/racoon/samples
242 dodoc -r src/racoon/doc
243 docinto samples
244 mv ipsec.conf ipsec-tools.conf
245 newdoc src/setkey/sample.cf ipsec-tools.conf
246 }
247
248 pkg_postinst() {
249 if use nat; then
250 elog
251 elog "You have enabled the nat traversal functionnality."
252 elog "Nat versions wich are enabled by default are 00,02,rfc"
253 elog "you can find those drafts in the CVS repository:"
254 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
255 elog
256 elog "If you feel brave enough and you know what you are"
257 elog "doing, you can consider emerging this ebuild with"
258 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
259 elog
260 fi
261
262 if use ldap; then
263 elog
264 elog "You have enabled ldap support with {$PN}."
265 elog "The man page does NOT contain any information on it yet."
266 elog "Consider using a more recent version or CVS."
267 elog
268 fi
269
270 elog
271 elog "Please have a look in /usr/share/doc/${P} and visit"
272 elog "http://www.netbsd.org/Documentation/network/ipsec/"
273 elog "to find more information on how to configure this tool."
274 elog
275 }

  ViewVC Help
Powered by ViewVC 1.1.20