/[gentoo-x86]/net-misc/strongswan/strongswan-4.3.5.ebuild
Gentoo

Contents of /net-misc/strongswan/strongswan-4.3.5.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Fri Apr 2 15:39:54 2010 UTC (9 years, 8 months ago) by yngwin
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +1 -1 lines
FILE REMOVED
  Remove 'nat' useflag as it is misleading and replace it with an
  appropriate 'nat-transport' flag and warn users about it. Fix dependency on
  openssl[-bindist] wrt bug #311981. Thanks to Thomas Klute for reporting this.
  Overhaul of package/useflag descriptions. Drop built_with_use again
  (deprecated) which I introduced in the latest revision. Addition of several
  new warnings/logs that will hopefully help the user. Drop old (and
  unsupported by proxy maintainer) ebuilds. Update metadata.xml.
(Portage version: 2.2_rc67/cvs/Linux x86_64)

1 # Copyright 1999-2010 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.5.ebuild,v 1.2 2010/02/27 22:43:10 ulm Exp $
4
5 EAPI=2
6 inherit eutils linux-info
7
8 UGID="ipsec"
9
10 DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
11 HOMEPAGE="http://www.strongswan.org/"
12 SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
13
14 LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"
15 SLOT="0"
16 KEYWORDS="~ppc ~sparc ~x86 ~amd64"
17 IUSE="caps cisco curl debug ldap nat smartcard static xml"
18
19 COMMON_DEPEND="!net-misc/openswan
20 dev-libs/gmp
21 dev-libs/libgcrypt
22 caps? ( sys-libs/libcap )
23 curl? ( net-misc/curl )
24 ldap? ( net-nds/openldap )
25 smartcard? ( dev-libs/opensc )
26 xml? ( dev-libs/libxml2 )"
27 DEPEND="${COMMON_DEPEND}
28 virtual/linux-sources
29 sys-kernel/linux-headers"
30 RDEPEND="${COMMON_DEPEND}
31 virtual/logger
32 sys-apps/iproute2"
33
34 #src_prepare() {
35 # epatch "${FILESDIR}"/${PN}-4.3.3-install.patch
36 # eautoreconf
37 #}
38
39 pkg_setup() {
40 linux-info_pkg_setup
41
42 elog "Linux kernel is version ${KV_FULL}"
43
44 if kernel_is 2 6; then
45 elog "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
46 else
47 eerror "Sorry, no support for your kernel version ${KV_FULL}."
48 die "Install an IPsec enabled 2.6 kernel."
49 fi
50
51 if use caps; then
52 # change to an unprivileged user if libcaps support is requested
53 enewgroup ${UGID}
54 enewuser ${UGID} -1 -1 -1 ${UGID}
55 fi
56 }
57
58 src_configure() {
59 local myconf=""
60
61 if use caps; then
62 # change to an unprivileged user if libcaps support is requested
63 myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
64 fi
65
66 # strongswan enables both by default; switch to the user's wish
67 if use static; then
68 myconf="${myconf} --enable-static --disable-shared"
69 else
70 myconf="${myconf} --disable-static --enable-shared"
71 fi
72
73 # TODO: Review new configure options such as networkmanager
74 econf \
75 $(use_with caps capabilities libcap) \
76 $(use_enable curl) \
77 $(use_enable ldap) \
78 $(use_enable xml smp) \
79 $(use_enable smartcard) \
80 $(use_enable cisco cisco-quirks) \
81 $(use_enable debug leak-detective) \
82 $(use_enable nat nat-transport) \
83 ${myconf} \
84 || die "econf failed"
85 }
86
87 src_install() {
88 einstall || die "einstall failed."
89
90 doinitd "${FILESDIR}"/ipsec
91
92 if use caps; then
93 fowners ipsec:ipsec /etc/ipsec.conf
94 fi
95 }
96
97 pkg_postinst() {
98 if use caps; then
99 echo
100 elog "strongSwan has been installed without superuser privileges as"
101 elog "requested (USE=caps). There are certain restrictions and"
102 elog "issues regarding non-root operation, so please have a look at:"
103 elog " http://wiki.strongswan.org/wiki/nonRoot"
104 echo
105 elog "Please be aware that with dropped privileges most leftupdown and"
106 elog "rightupdown scripts will no longer run if they require root privileges."
107 elog "You might want to use sudo to allow the user \"ipsec\" to run"
108 elog "the ipsec helper script (/usr/sbin/ipsec) as root."
109 elog "Example for /etc/sudoers:"
110 elog " Defaults:ipsec always_set_home,!env_reset"
111 elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
112 elog "Example for a connection block in /etc/ipsec.conf:"
113 elog " leftupdown=\"sudo ipsec _updown\""
114 echo
115 # elog "And please do not forget to add CAP_NET_ADMIN capabilities to"
116 # elog "your charon and pluto binaries each time you emerge this ebuild."
117 # echo
118 # elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/pluto"
119 # elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/charon"
120 # echo
121 # elog "For more information reagrding POSIX capabilities support please"
122 # elog "have a look at http://www.friedhoff.org/posixfilecaps.html"
123 # echo
124 fi
125 elog "The up-to-date manual is available online at:"
126 elog " http://wiki.strongswan.org/"
127 echo
128 }

  ViewVC Help
Powered by ViewVC 1.1.20