/[gentoo-x86]/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild
Gentoo

Contents of /net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.8 - (show annotations) (download)
Tue Jul 14 07:43:22 2015 UTC (3 years, 9 months ago) by vapier
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +5 -7 lines
Use subslots with readline/openssl.

(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key D2E96200)

1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild,v 1.7 2014/11/02 08:51:06 swift Exp $
4
5 EAPI="5"
6
7 inherit eutils flag-o-matic autotools linux-info pam
8
9 DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
10 HOMEPAGE="http://ipsec-tools.sourceforge.net/"
11 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
12
13 LICENSE="BSD GPL-2"
14 SLOT="0"
15 KEYWORDS="amd64 arm ~mips ppc ppc64 x86"
16 IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
17
18 CDEPEND="
19 dev-libs/openssl:0=
20 kerberos? ( virtual/krb5 )
21 ldap? ( net-nds/openldap )
22 pam? ( sys-libs/pam )
23 readline? ( sys-libs/readline:0= )
24 selinux? ( sys-libs/libselinux )"
25
26 DEPEND="${CDEPEND}
27 >=sys-kernel/linux-headers-2.6.30"
28
29 RDEPEND="${CDEPEND}
30 selinux? ( sec-policy/selinux-ipsec )
31 "
32
33 pkg_preinst() {
34 if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
35 ewarn
36 ewarn "\033[1;33m**************************************************\033[00m"
37 ewarn
38 if ! has_version "net-misc/strongswan" &&
39 ! has_version "net-misc/openswan" &&
40 ! has_version "net-misc/libreswan"; then
41 ewarn "We found an earlier version of ${PN} installed."
42 ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
43 ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
44 ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
45 ewarn "rename this file for you with this upgrade. However, if"
46 ewarn "you later downgrade, you'll have to rename the file to"
47 ewarn "its orignal manually or change /etc/conf.d/racoon to point"
48 ewarn "to the new file."
49
50 if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
51 mv /etc/ipsec.conf /etc/ipsec-tools.conf
52 else
53 ewarn
54 ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
55 ewarn "Either the former doesn't exist or the later does and"
56 ewarn "I won't clobber it. Please fix this situation manually."
57 fi
58 else
59 ewarn "You had both an earlier version of ${PN} and"
60 ewarn "net-misc/strongswan installed. I can't tell whether"
61 ewarn "the configuration file, ipsec.conf, belongs to one"
62 ewarn "package or the other due to a file conflict; bug #436144."
63 ewarn "The current version of ${PN} uses ipsec-tools.conf"
64 ewarn "as its configuration file, as will future versions."
65 ewarn "Please fix this situation manually."
66 fi
67 ewarn
68 ewarn "\033[1;33m**************************************************\033[00m"
69 ewarn
70 fi
71 }
72
73 pkg_setup() {
74 linux-info_pkg_setup
75
76 get_version
77
78 if linux_config_exists && kernel_is -ge 2 6 19; then
79 ewarn
80 ewarn "\033[1;33m**************************************************\033[00m"
81 ewarn
82 ewarn "Checking kernel configuration in /usr/src/linux or"
83 ewarn "or /proc/config.gz for compatibility with ${PN}."
84 ewarn "Here are the potential problems:"
85 ewarn
86
87 local nothing="1"
88
89 # Check options for all flavors of IPSec
90 local msg=""
91 for i in XFRM_USER NET_KEY; do
92 if ! linux_chkconfig_present ${i}; then
93 msg="${msg} ${i}"
94 fi
95 done
96 if [[ ! -z "$msg" ]]; then
97 nothing="0"
98 ewarn
99 ewarn "ALL IPSec may fail. CHECK:"
100 ewarn "${msg}"
101 fi
102
103 # Check unencrypted IPSec
104 if ! linux_chkconfig_present CRYPTO_NULL; then
105 nothing="0"
106 ewarn
107 ewarn "Unencrypted IPSec may fail. CHECK:"
108 ewarn " CRYPTO_NULL"
109 fi
110
111 # Check IPv4 IPSec
112 msg=""
113 for i in \
114 INET_IPCOMP INET_AH INET_ESP \
115 INET_XFRM_MODE_TRANSPORT \
116 INET_XFRM_MODE_TUNNEL \
117 INET_XFRM_MODE_BEET
118 do
119 if ! linux_chkconfig_present ${i}; then
120 msg="${msg} ${i}"
121 fi
122 done
123 if [[ ! -z "$msg" ]]; then
124 nothing="0"
125 ewarn
126 ewarn "IPv4 IPSec may fail. CHECK:"
127 ewarn "${msg}"
128 fi
129
130 # Check IPv6 IPSec
131 if use ipv6; then
132 msg=""
133 for i in INET6_IPCOMP INET6_AH INET6_ESP \
134 INET6_XFRM_MODE_TRANSPORT \
135 INET6_XFRM_MODE_TUNNEL \
136 INET6_XFRM_MODE_BEET
137 do
138 if ! linux_chkconfig_present ${i}; then
139 msg="${msg} ${i}"
140 fi
141 done
142 if [[ ! -z "$msg" ]]; then
143 nothing="0"
144 ewarn
145 ewarn "IPv6 IPSec may fail. CHECK:"
146 ewarn "${msg}"
147 fi
148 fi
149
150 # Check IPSec behind NAT
151 if use nat; then
152 if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
153 nothing="0"
154 ewarn
155 ewarn "IPSec behind NAT may fail. CHECK:"
156 ewarn " NETFILTER_XT_MATCH_POLICY"
157 fi
158 fi
159
160 if [[ $nothing == "1" ]]; then
161 ewarn "NO PROBLEMS FOUND"
162 fi
163
164 ewarn
165 ewarn "WARNING: If your *configured* and *running* kernel"
166 ewarn "differ either now or in the future, then these checks"
167 ewarn "may lead to misleading results."
168 ewarn
169 ewarn "\033[1;33m**************************************************\033[00m"
170 ewarn
171 else
172 eerror
173 eerror "\033[1;31m**************************************************\033[00m"
174 eerror "Make sure that your *running* kernel is/will be >=2.6.19."
175 eerror "Building ${PN} now, assuming that you know what you're doing."
176 eerror "\033[1;31m**************************************************\033[00m"
177 eerror
178 fi
179 }
180
181 src_prepare() {
182 # fix for bug #124813
183 sed -i 's:-Werror::g' "${S}"/configure.ac || die
184 # fix for building with gcc-4.6
185 sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
186
187 epatch "${FILESDIR}/${PN}-def-psk.patch"
188 epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
189 epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770
190
191 AT_M4DIR="${S}" eautoreconf
192 }
193
194 src_configure() {
195 #--with-{libiconv,libradius} lead to "Broken getaddrinfo()"
196 #--enable-samode-unspec is not supported in linux
197 local myconf
198 myconf="--with-kernel-headers=/usr/include \
199 --enable-adminport \
200 --enable-dependency-tracking \
201 --enable-dpd \
202 --enable-frag \
203 --without-libiconv \
204 --without-libradius \
205 --disable-samode-unspec \
206 $(use_enable idea) \
207 $(use_enable ipv6) \
208 $(use_enable kerberos gssapi) \
209 $(use_with ldap libldap) \
210 $(use_enable nat natt) \
211 $(use_with pam libpam) \
212 $(use_enable rc5) \
213 $(use_with readline) \
214 $(use_enable selinux security-context) \
215 $(use_enable stats)"
216
217 use nat && myconf="${myconf} --enable-natt-versions=yes"
218
219 # enable mode-cfg and xauth support
220 if use pam; then
221 myconf="${myconf} --enable-hybrid"
222 else
223 myconf="${myconf} $(use_enable hybrid)"
224 fi
225
226 econf ${myconf}
227 }
228
229 src_install() {
230 emake DESTDIR="${D}" install
231 keepdir /var/lib/racoon
232 newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon
233 newinitd "${FILESDIR}"/racoon.init.d-r3 racoon
234 use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
235
236 insinto /etc
237 doins "${FILESDIR}"/ipsec-tools.conf
238 insinto /etc/racoon
239 doins "${FILESDIR}"/racoon.conf
240 doins "${FILESDIR}"/psk.txt
241 chmod 400 "${D}"/etc/racoon/psk.txt
242
243 dodoc ChangeLog README NEWS
244 dodoc -r src/racoon/samples
245 dodoc -r src/racoon/doc
246 docinto samples
247 newdoc src/setkey/sample.cf ipsec-tools.conf
248 }
249
250 pkg_postinst() {
251 if use nat; then
252 elog
253 elog "You have enabled the nat traversal functionnality."
254 elog "Nat versions wich are enabled by default are 00,02,rfc"
255 elog "you can find those drafts in the CVS repository:"
256 elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
257 elog
258 elog "If you feel brave enough and you know what you are"
259 elog "doing, you can consider emerging this ebuild with"
260 elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
261 elog
262 fi
263
264 if use ldap; then
265 elog
266 elog "You have enabled ldap support with {$PN}."
267 elog "The man page does NOT contain any information on it yet."
268 elog "Consider using a more recent version or CVS."
269 elog
270 fi
271
272 elog
273 elog "Please have a look in /usr/share/doc/${P} and visit"
274 elog "http://www.netbsd.org/Documentation/network/ipsec/"
275 elog "to find more information on how to configure this tool."
276 elog
277 }

  ViewVC Help
Powered by ViewVC 1.1.20