/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.7 - (show annotations) (download)
Sun Mar 16 04:07:47 2014 UTC (4 years, 1 month ago) by vapier
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +1 -2 lines
Drop unused `mv` config call that spits a warning.

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key D2E96200)

1 # Copyright 1999-2014 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild,v 1.6 2014/03/14 10:04:53 ago Exp $
4
5 EAPI="5"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD GPL-2"
14 SLOT="0"
15 KEYWORDS="amd64 arm ~mips ppc ppc64 x86"
16 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18 RDEPEND="
19 dev-libs/openssl
20 kerberos? ( virtual/krb5 )
21 ldap? ( net-nds/openldap )
22 pam? ( sys-libs/pam )
23 readline? ( sys-libs/readline )
24 selinux? (
25 sys-libs/libselinux
26 sec-policy/selinux-ipsec
27 )"
28
29 DEPEND="${RDEPEND}
30 >=sys-kernel/linux-headers-2.6.30"
31
32 pkg_preinst() {
33 if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
34 ewarn
35 ewarn "\033[1;33m**************************************************\033[00m"
36 ewarn
37 if ! has_version "net-misc/strongswan" &&
38 ! has_version "net-misc/openswan" &&
39 ! has_version "net-misc/libreswan"; then
40 ewarn "We found an earlier version of ${PN} installed."
41 ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
42 ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
43 ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
44 ewarn "rename this file for you with this upgrade. However, if"
45 ewarn "you later downgrade, you'll have to rename the file to"
46 ewarn "its orignal manually or change /etc/conf.d/racoon to point"
47 ewarn "to the new file."
48
49 if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
50 mv /etc/ipsec.conf /etc/ipsec-tools.conf
51 else
52 ewarn
53 ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
54 ewarn "Either the former doesn't exist or the later does and"
55 ewarn "I won't clobber it. Please fix this situation manually."
56 fi
57 else
58 ewarn "You had both an earlier version of ${PN} and"
59 ewarn "net-misc/strongswan installed. I can't tell whether"
60 ewarn "the configuration file, ipsec.conf, belongs to one"
61 ewarn "package or the other due to a file conflict; bug #436144."
62 ewarn "The current version of ${PN} uses ipsec-tools.conf"
63 ewarn "as its configuration file, as will future versions."
64 ewarn "Please fix this situation manually."
65 fi
66 ewarn
67 ewarn "\033[1;33m**************************************************\033[00m"
68 ewarn
69 fi
70 }
71
72 pkg_setup() {
73 linux-info_pkg_setup
74
75 get_version
76
77 if linux_config_exists && kernel_is -ge 2 6 19; then
78 ewarn
79 ewarn "\033[1;33m**************************************************\033[00m"
80 ewarn
81 ewarn "Checking kernel configuration in /usr/src/linux or"
82 ewarn "or /proc/config.gz for compatibility with ${PN}."
83 ewarn "Here are the potential problems:"
84 ewarn
85
86 local nothing="1"
87
88 # Check options for all flavors of IPSec
89 local msg=""
90 for i in XFRM_USER NET_KEY; do
91 if ! linux_chkconfig_present ${i}; then
92 msg="${msg} ${i}"
93 fi
94 done
95 if [[ ! -z "$msg" ]]; then
96 nothing="0"
97 ewarn
98 ewarn "ALL IPSec may fail. CHECK:"
99 ewarn "${msg}"
100 fi
101
102 # Check unencrypted IPSec
103 if ! linux_chkconfig_present CRYPTO_NULL; then
104 nothing="0"
105 ewarn
106 ewarn "Unencrypted IPSec may fail. CHECK:"
107 ewarn " CRYPTO_NULL"
108 fi
109
110 # Check IPv4 IPSec
111 msg=""
112 for i in \
113 INET_IPCOMP INET_AH INET_ESP \
114 INET_XFRM_MODE_TRANSPORT \
115 INET_XFRM_MODE_TUNNEL \
116 INET_XFRM_MODE_BEET
117 do
118 if ! linux_chkconfig_present ${i}; then
119 msg="${msg} ${i}"
120 fi
121 done
122 if [[ ! -z "$msg" ]]; then
123 nothing="0"
124 ewarn
125 ewarn "IPv4 IPSec may fail. CHECK:"
126 ewarn "${msg}"
127 fi
128
129 # Check IPv6 IPSec
130 if use ipv6; then
131 msg=""
132 for i in INET6_IPCOMP INET6_AH INET6_ESP \
133 INET6_XFRM_MODE_TRANSPORT \
134 INET6_XFRM_MODE_TUNNEL \
135 INET6_XFRM_MODE_BEET
136 do
137 if ! linux_chkconfig_present ${i}; then
138 msg="${msg} ${i}"
139 fi
140 done
141 if [[ ! -z "$msg" ]]; then
142 nothing="0"
143 ewarn
144 ewarn "IPv6 IPSec may fail. CHECK:"
145 ewarn "${msg}"
146 fi
147 fi
148
149 # Check IPSec behind NAT
150 if use nat; then
151 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
152 nothing="0"
153 ewarn
154 ewarn "IPSec behind NAT may fail. CHECK:"
155 ewarn " NETFILTER_XT_MATCH_POLICY"
156 fi
157 fi
158
159 if [[ $nothing == "1" ]]; then
160 ewarn "NO PROBLEMS FOUND"
161 fi
162
163 ewarn
164 ewarn "WARNING: If your *configured* and *running* kernel"
165 ewarn "differ either now or in the future, then these checks"
166 ewarn "may lead to misleading results."
167 ewarn
168 ewarn "\033[1;33m**************************************************\033[00m"
169 ewarn
170 else
171 eerror
172 eerror "\033[1;31m**************************************************\033[00m"
173 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
174 eerror "Building ${PN} now, assuming that you know what you're doing."
175 eerror "\033[1;31m**************************************************\033[00m"
176 eerror
177 fi
178 }
179
180 src_prepare() {
181 # fix for bug #124813
182 sed -i 's:-Werror::g' "${S}"/configure.ac || die
183 # fix for building with gcc-4.6
184 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
185
186 epatch "${FILESDIR}/${PN}-def-psk.patch"
187 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
188 epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
189
190 AT_M4DIR="${S}" eautoreconf
191 }
192
193 src_configure() {
194 #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
195 #--enable-samode-unspec is not supported in linux
196 local myconf
197 myconf="--with-kernel-headers=/usr/include \
198 --enable-adminport \
199 --enable-dependency-tracking \
200 --enable-dpd \
201 --enable-frag \
202 --without-libiconv \
203 --without-libradius \
204 --disable-samode-unspec \
205 $(use_enable idea) \
206 $(use_enable ipv6) \
207 $(use_enable kerberos gssapi) \
208 $(use_with ldap libldap) \
209 $(use_enable nat natt) \
210 $(use_with pam libpam) \
211 $(use_enable rc5) \
212 $(use_with readline) \
213 $(use_enable selinux security-context) \
214 $(use_enable stats)"
215
216 use nat && myconf="${myconf} --enable-natt-versions=yes"
217
218 # enable mode-cfg and xauth support
219 if use pam; then
220 myconf="${myconf} --enable-hybrid"
221 else
222 myconf="${myconf} $(use_enable hybrid)"
223 fi
224
225 econf ${myconf}
226 }
227
228 src_install() {
229 emake DESTDIR="${D}" install
230 keepdir /var/lib/racoon
231 newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon
232 newinitd "${FILESDIR}"/racoon.init.d-r3 racoon
233 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
234
235 insinto /etc
236 doins "${FILESDIR}"/ipsec-tools.conf
237 insinto /etc/racoon
238 doins "${FILESDIR}"/racoon.conf
239 doins "${FILESDIR}"/psk.txt
240 chmod 400 "${D}"/etc/racoon/psk.txt
241
242 dodoc ChangeLog README NEWS
243 dodoc -r src/racoon/samples
244 dodoc -r src/racoon/doc
245 docinto samples
246 newdoc src/setkey/sample.cf ipsec-tools.conf
247 }
248
249 pkg_postinst() {
250 if use nat; then
251 elog
252 elog "You have enabled the nat traversal functionnality."
253 elog "Nat versions wich are enabled by default are 00,02,rfc"
254 elog "you can find those drafts in the CVS repository:"
255 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
256 elog
257 elog "If you feel brave enough and you know what you are"
258 elog "doing, you can consider emerging this ebuild with"
259 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
260 elog
261 fi
262
263 if use ldap; then
264 elog
265 elog "You have enabled ldap support with {$PN}."
266 elog "The man page does NOT contain any information on it yet."
267 elog "Consider using a more recent version or CVS."
268 elog
269 fi
270
271 elog
272 elog "Please have a look in /usr/share/doc/${P} and visit"
273 elog "http://www.netbsd.org/Documentation/network/ipsec/"
274 elog "to find more information on how to configure this tool."
275 elog
276 }

  ViewVC Help
Powered by ViewVC 1.1.20