/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations) (download)
Sun Mar 16 04:07:47 2014 UTC (5 years, 2 months ago) by vapier
Branch: MAIN
Changes since 1.1: +1 -2 lines
Drop unused `mv` config call that spits a warning.

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key D2E96200)

1 blueness 1.1 # Copyright 1999-2014 Gentoo Foundation
2     # Distributed under the terms of the GNU General Public License v2
3 vapier 1.2 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild,v 1.1 2014/02/28 16:41:59 blueness Exp $
4 blueness 1.1
5     EAPI="5"
6    
7     inherit eutils flag-o-matic autotools linux-info pam
8    
9     DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10     HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11     SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12    
13     LICENSE="BSD GPL-2"
14     SLOT="0"
15     KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
16     IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17    
18     RDEPEND="
19     dev-libs/openssl
20     kerberos? ( virtual/krb5 )
21     ldap? ( net-nds/openldap )
22     pam? ( sys-libs/pam )
23     readline? ( sys-libs/readline )
24     selinux? (
25     sys-libs/libselinux
26     sec-policy/selinux-ipsec
27     )"
28    
29     DEPEND="${RDEPEND}
30     >=sys-kernel/linux-headers-2.6.30"
31    
32     pkg_preinst() {
33     if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
34     ewarn
35     ewarn "\033[1;33m**************************************************\033[00m"
36     ewarn
37     if ! has_version "net-misc/strongswan" &&
38     ! has_version "net-misc/openswan" &&
39     ! has_version "net-misc/libreswan"; then
40     ewarn "We found an earlier version of ${PN} installed."
41     ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
42     ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
43     ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
44     ewarn "rename this file for you with this upgrade. However, if"
45     ewarn "you later downgrade, you'll have to rename the file to"
46     ewarn "its orignal manually or change /etc/conf.d/racoon to point"
47     ewarn "to the new file."
48    
49     if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
50     mv /etc/ipsec.conf /etc/ipsec-tools.conf
51     else
52     ewarn
53     ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
54     ewarn "Either the former doesn't exist or the later does and"
55     ewarn "I won't clobber it. Please fix this situation manually."
56     fi
57     else
58     ewarn "You had both an earlier version of ${PN} and"
59     ewarn "net-misc/strongswan installed. I can't tell whether"
60     ewarn "the configuration file, ipsec.conf, belongs to one"
61     ewarn "package or the other due to a file conflict; bug #436144."
62     ewarn "The current version of ${PN} uses ipsec-tools.conf"
63     ewarn "as its configuration file, as will future versions."
64     ewarn "Please fix this situation manually."
65     fi
66     ewarn
67     ewarn "\033[1;33m**************************************************\033[00m"
68     ewarn
69     fi
70     }
71    
72     pkg_setup() {
73     linux-info_pkg_setup
74    
75     get_version
76    
77     if linux_config_exists && kernel_is -ge 2 6 19; then
78     ewarn
79     ewarn "\033[1;33m**************************************************\033[00m"
80     ewarn
81     ewarn "Checking kernel configuration in /usr/src/linux or"
82     ewarn "or /proc/config.gz for compatibility with ${PN}."
83     ewarn "Here are the potential problems:"
84     ewarn
85    
86     local nothing="1"
87    
88     # Check options for all flavors of IPSec
89     local msg=""
90     for i in XFRM_USER NET_KEY; do
91     if ! linux_chkconfig_present ${i}; then
92     msg="${msg} ${i}"
93     fi
94     done
95     if [[ ! -z "$msg" ]]; then
96     nothing="0"
97     ewarn
98     ewarn "ALL IPSec may fail. CHECK:"
99     ewarn "${msg}"
100     fi
101    
102     # Check unencrypted IPSec
103     if ! linux_chkconfig_present CRYPTO_NULL; then
104     nothing="0"
105     ewarn
106     ewarn "Unencrypted IPSec may fail. CHECK:"
107     ewarn " CRYPTO_NULL"
108     fi
109    
110     # Check IPv4 IPSec
111     msg=""
112     for i in \
113     INET_IPCOMP INET_AH INET_ESP \
114     INET_XFRM_MODE_TRANSPORT \
115     INET_XFRM_MODE_TUNNEL \
116     INET_XFRM_MODE_BEET
117     do
118     if ! linux_chkconfig_present ${i}; then
119     msg="${msg} ${i}"
120     fi
121     done
122     if [[ ! -z "$msg" ]]; then
123     nothing="0"
124     ewarn
125     ewarn "IPv4 IPSec may fail. CHECK:"
126     ewarn "${msg}"
127     fi
128    
129     # Check IPv6 IPSec
130     if use ipv6; then
131     msg=""
132     for i in INET6_IPCOMP INET6_AH INET6_ESP \
133     INET6_XFRM_MODE_TRANSPORT \
134     INET6_XFRM_MODE_TUNNEL \
135     INET6_XFRM_MODE_BEET
136     do
137     if ! linux_chkconfig_present ${i}; then
138     msg="${msg} ${i}"
139     fi
140     done
141     if [[ ! -z "$msg" ]]; then
142     nothing="0"
143     ewarn
144     ewarn "IPv6 IPSec may fail. CHECK:"
145     ewarn "${msg}"
146     fi
147     fi
148    
149     # Check IPSec behind NAT
150     if use nat; then
151     if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
152     nothing="0"
153     ewarn
154     ewarn "IPSec behind NAT may fail. CHECK:"
155     ewarn " NETFILTER_XT_MATCH_POLICY"
156     fi
157     fi
158    
159     if [[ $nothing == "1" ]]; then
160     ewarn "NO PROBLEMS FOUND"
161     fi
162    
163     ewarn
164     ewarn "WARNING: If your *configured* and *running* kernel"
165     ewarn "differ either now or in the future, then these checks"
166     ewarn "may lead to misleading results."
167     ewarn
168     ewarn "\033[1;33m**************************************************\033[00m"
169     ewarn
170     else
171     eerror
172     eerror "\033[1;31m**************************************************\033[00m"
173     eerror "Make sure that your *running* kernel is/will be >=2.6.19."
174     eerror "Building ${PN} now, assuming that you know what you're doing."
175     eerror "\033[1;31m**************************************************\033[00m"
176     eerror
177     fi
178     }
179    
180     src_prepare() {
181     # fix for bug #124813
182     sed -i 's:-Werror::g' "${S}"/configure.ac || die
183     # fix for building with gcc-4.6
184     sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
185    
186     epatch "${FILESDIR}/${PN}-def-psk.patch"
187     epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
188     epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
189    
190     AT_M4DIR="${S}" eautoreconf
191     }
192    
193     src_configure() {
194     #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
195     #--enable-samode-unspec is not supported in linux
196     local myconf
197     myconf="--with-kernel-headers=/usr/include \
198     --enable-adminport \
199     --enable-dependency-tracking \
200     --enable-dpd \
201     --enable-frag \
202     --without-libiconv \
203     --without-libradius \
204     --disable-samode-unspec \
205     $(use_enable idea) \
206     $(use_enable ipv6) \
207     $(use_enable kerberos gssapi) \
208     $(use_with ldap libldap) \
209     $(use_enable nat natt) \
210     $(use_with pam libpam) \
211     $(use_enable rc5) \
212     $(use_with readline) \
213     $(use_enable selinux security-context) \
214     $(use_enable stats)"
215    
216     use nat && myconf="${myconf} --enable-natt-versions=yes"
217    
218     # enable mode-cfg and xauth support
219     if use pam; then
220     myconf="${myconf} --enable-hybrid"
221     else
222     myconf="${myconf} $(use_enable hybrid)"
223     fi
224    
225     econf ${myconf}
226     }
227    
228     src_install() {
229     emake DESTDIR="${D}" install
230     keepdir /var/lib/racoon
231     newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon
232     newinitd "${FILESDIR}"/racoon.init.d-r3 racoon
233     use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
234    
235     insinto /etc
236     doins "${FILESDIR}"/ipsec-tools.conf
237     insinto /etc/racoon
238     doins "${FILESDIR}"/racoon.conf
239     doins "${FILESDIR}"/psk.txt
240     chmod 400 "${D}"/etc/racoon/psk.txt
241    
242     dodoc ChangeLog README NEWS
243     dodoc -r src/racoon/samples
244     dodoc -r src/racoon/doc
245     docinto samples
246     newdoc src/setkey/sample.cf ipsec-tools.conf
247     }
248    
249     pkg_postinst() {
250     if use nat; then
251     elog
252     elog "You have enabled the nat traversal functionnality."
253     elog "Nat versions wich are enabled by default are 00,02,rfc"
254     elog "you can find those drafts in the CVS repository:"
255     elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
256     elog
257     elog "If you feel brave enough and you know what you are"
258     elog "doing, you can consider emerging this ebuild with"
259     elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
260     elog
261     fi
262    
263     if use ldap; then
264     elog
265     elog "You have enabled ldap support with {$PN}."
266     elog "The man page does NOT contain any information on it yet."
267     elog "Consider using a more recent version or CVS."
268     elog
269     fi
270    
271     elog
272     elog "Please have a look in /usr/share/doc/${P} and visit"
273     elog "http://www.netbsd.org/Documentation/network/ipsec/"
274     elog "to find more information on how to configure this tool."
275     elog
276     }

  ViewVC Help
Powered by ViewVC 1.1.20