diff options
| author |   Daniel Black <dragonheart@gentoo.org> | 2008-09-09 21:22:55 +0000 |
|---|---|---|
| committer | Daniel Black <dragonheart@gentoo.org> | 2008-09-09 21:22:55 +0000 |
| commit | 42a3b425c51e4275a7efca8385d9f55452990a7b (patch) | |
| tree | 1301ab605e39e66bdf7e8cd1063e637a60e775cd /net-firewall | |
| parent | Remove an old ebuild. (diff) | |
| download | historical-42a3b425c51e4275a7efca8385d9f55452990a7b.tar.gz historical-42a3b425c51e4275a7efca8385d9f55452990a7b.tar.bz2 historical-42a3b425c51e4275a7efca8385d9f55452990a7b.zip | |
version bump wrt bug #232831. ebuild cleanup thanks to Craig.
Package-Manager: portage-2.2_rc8/cvs/Linux 2.6.22-vs2.2.0.7-gentoo x86_64
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/ipsec-tools/ChangeLog | 8 | ||||
| -rw-r--r-- | net-firewall/ipsec-tools/Manifest | 14 | ||||
| -rw-r--r-- | net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild | 265 |
3 files changed, 275 insertions, 12 deletions
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog index d13f177af83e..2aa056b9a8a8 100644 --- a/net-firewall/ipsec-tools/ChangeLog +++ b/net-firewall/ipsec-tools/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-firewall/ipsec-tools # Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.62 2008/08/17 15:57:30 cardoe Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.63 2008/09/09 21:22:55 dragonheart Exp $ + +*ipsec-tools-0.7.1 (09 Sep 2008) + + 09 Sep 2008; Daniel Black <dragonheart@gentoo.org> + +ipsec-tools-0.7.1.ebuild: + version bump wrt bug #232831. ebuild cleanup thanks to Craig. 17 Aug 2008; Doug Goldstein <cardoe@gentoo.org> metadata.xml: add GLEP 56 USE flag desc from use.local.desc diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest index 0e535b3ff749..2eb7b8bc3467 100644 --- a/net-firewall/ipsec-tools/Manifest +++ b/net-firewall/ipsec-tools/Manifest @@ -1,16 +1,8 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX racoon.conf.d 621 RMD160 773a21f70bd4786eb6758f052bb54cc40273c259 SHA1 1291dbe1639cbb72a161e3af727c9c65c6ae0132 SHA256 bc7cf9c0fe8bd5f99c9353aa3c19e3314b3da21a7a2138fc6e901375be21b109 AUX racoon.init.d 1314 RMD160 14fd9ea02fdb20d13a0e3284e1f1e468117247f2 SHA1 41cb71c0354d632ad35565dbf98a26364b592d56 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75 DIST ipsec-tools-0.6.7.tar.bz2 723032 RMD160 97c27922f5be941fd6c69e35e69bed921b9f13e7 SHA1 ed3a6566409c506d5a7cd82cf263a5b8df3fad55 SHA256 4239f836dc610a2443ded7ba35cb3b87de9d582c800e5d9eb5eed37defd61ef2 +DIST ipsec-tools-0.7.1.tar.bz2 784046 RMD160 98c5bb292006fb49eb78133059ee74d0dd3b8122 SHA1 7a2ef71ece73710bf9a5ef2f63aacfcea1c58efb SHA256 ca9895808d354cc3e1c114687bb66a5f8efac2c6c42fce39687b369624c62fc0 EBUILD ipsec-tools-0.6.7.ebuild 8292 RMD160 858e01df1a89602ebd7bdec89248817b0793bd10 SHA1 17532d5fe99d32258872f0ec664dfa8a68d5479e SHA256 4412ca3d2c4ce34e4838f9be4b5bc7a0fe81bd49d84b2bbd7163638a3c3d6e89 -MISC ChangeLog 10134 RMD160 53b614c95caedc09a975381b9a4d379e1f62d685 SHA1 3145978a7a8ac183c7ff388567d803a28ca92ee4 SHA256 2ccb055a00185b2d6fa51b0859c7bcebb79fb0aa03d847ce07b50e4e5b3b628e +EBUILD ipsec-tools-0.7.1.ebuild 8064 RMD160 0e4cee91fac0125b766e68402a95c1aa4505d432 SHA1 3660c38249b63116e4b6f0201538013f613ab960 SHA256 2159fbad6688279bbc40170f83cfc6bd9c67af107e8ca094026de2177da51e9b +MISC ChangeLog 10320 RMD160 9dc7897cd5d2204eec3c4790e0f7353d6d4f9566 SHA1 eb57874750821af132f37ef2ce751b8fb29a6224 SHA256 4f4747958d0b7df6d31f32bdd990bb29d0d23daace693da78581471fcaab54df MISC metadata.xml 524 RMD160 351bb5819013ef3b7ec49fe70d22f363490a5ba1 SHA1 681504ef57886ed098e7bd5b13363c31fc7ce750 SHA256 b6818c278dcc159f496cadff08d546d6971be255cb4353728a08e03f2fbc47ef ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.9 (GNU/Linux) - -iEYEARECAAYFAkioSnAACgkQoeSe8B0zEfx5AgCeLCdZIjgkCjuS5f/YDvpL2Rfe -QAMAnA0JT1Fhwk38BmajuQAkcBuQV3cX -=rxiB ------END PGP SIGNATURE----- diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild new file mode 100644 index 000000000000..3eeeb7d00576 --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild @@ -0,0 +1,265 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild,v 1.1 2008/09/09 21:22:55 dragonheart Exp $ + +inherit eutils flag-o-matic autotools linux-info + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="idea ipv6 pam rc5 readline selinux ldap kerberos nat hybrid iconv selinux" + +# FIXME: what is the correct syntax for ~sparc ??? +DEPEND="!sparc? ( >=sys-kernel/linux-headers-2.6 ) + readline? ( sys-libs/readline ) + pam? ( sys-libs/pam ) + ldap? ( net-nds/openldap ) + kerberos? ( virtual/krb5 ) + >=dev-libs/openssl-0.9.8 + iconv? ( virtual/libiconv ) + selinux? ( sys-libs/libselinux )" +# radius? ( net-dialup/gnuradius ) + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-ipsec-tools )" + +# {{{ kernel_check() +kernel_check() { + get_version + if kernel_is 2 6 ; then + if test "${KV_PATCH}" -ge 19 ; then + # Just for kernel >=2.6.19 + ebegin "Checking for suitable kernel configuration (Networking | Networking support | Networking options)" + + if use nat ; then + if ! { linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; } ; then + ewarn "[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is NOT enabled" + eerror "${P} won't compile with use nat traversal (USE=nat) until you enable NETFILTER_XT_MATCH_POLICY in your kernel" + die + else + einfo "....[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is enabled :-)" + fi + fi + # {{{ general stuff + if ! { linux_chkconfig_present XFRM_USER; }; then + ewarn "[XFRM_USER] Transformation user configuration interface is NOT enabled." + else + einfo "....[XFRM_USER] Transformation user configuration interface is enabled :-)" + fi + + if ! { linux_chkconfig_present NET_KEY; }; then + ewarn "[NET_KEY] PF_KEY sockets is NOT enabled." + else + einfo "....[NET_KEY] PF_KEY sockets is enabled :-)" + fi + # }}} + # {{{ IPv4 stuff + if ! { linux_chkconfig_present INET_IPCOMP; }; then + ewarn "[INET_IPCOMP] IP: IPComp transformation is NOT enabled" + else + einfo "....[INET_IPCOMP] IP: IPComp transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET_AH; }; then + ewarn "[INET_AH] AH Transformation is NOT enabled." + else + einfo "....[INET_AH] AH Transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET_ESP; }; then + ewarn "[INET_ESP] ESP Transformation is NOT enabled." + else + einfo "....[INET_ESP] ESP Transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET_XFRM_MODE_TRANSPORT; }; then + ewarn "[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is NOT enabled." + else + einfo "....[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is enabled :-)" + fi + + if ! { linux_chkconfig_present INET_XFRM_MODE_TUNNEL; }; then + ewarn "[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is NOT enabled." + else + einfo "....[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is enabled :-)" + fi + + if ! { linux_chkconfig_present INET_XFRM_MODE_BEET; }; then + ewarn "[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is NOT enabled." + else + einfo "....[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is enabled :-)" + fi + # }}} + # {{{ IPv6 stuff + if use ipv6 ; then + if ! { linux_chkconfig_present INET6_IPCOMP; }; then + ewarn "[INET6_IPCOMP] IPv6: IPComp transformation is NOT enabled" + else + einfo "....[INET6_IPCOMP] IPv6: IPComp transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET6_AH; }; then + ewarn "[INET6_AH] IPv6: AH Transformation is NOT enabled." + else + einfo "....[INET6_AH] IPv6: AH Transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET6_ESP; }; then + ewarn "[INET6_ESP] IPv6: ESP Transformation is NOT enabled." + else + einfo "....[INET6_ESP] IPv6: ESP Transformation is enabled :-)" + fi + + if ! { linux_chkconfig_present INET6_XFRM_MODE_TRANSPORT; }; then + ewarn "[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is NOT enabled." + else + einfo "....[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is enabled :-)" + fi + + if ! { linux_chkconfig_present INET6_XFRM_MODE_TUNNEL; }; then + ewarn "[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is NOT enabled." + else + einfo "....[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is enabled :-)" + fi + + if ! { linux_chkconfig_present INET6_XFRM_MODE_BEET; }; then + ewarn "[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is NOT enabled." + else + einfo "....[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is enabled :-)" + fi + fi + # }}} + + eend $? + fi + fi +} +# }}} + +src_unpack() { + unpack ${A} + cd "${S}" + # fix for bug #76741 + sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac + + AT_M4DIR="${S}" eautoreconf + epunt_cxx +} + +src_compile() { + # fix for bug #61025 + filter-flags -march=c3 + + kernel_check + + myconf="--with-kernel-headers=${KV_DIR}/include \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --enable-stats \ + --enable-fastquit \ + --enable-stats \ + --enable-adminport \ + $(use_enable ipv6) \ + $(use_enable rc5) \ + $(use_enable idea) \ + $(use_with readline) + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_with pam libpam)" + +# we do not want broken-natt from the kernel +# myconf="${myconf} $(use_enable broken-natt)" + use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes" + + # we only need security-context when using selinux + myconf="${myconf} $(use_enable selinux security-context)" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + # dev-libs/libiconv is hard masked + #use iconv && myconf="${myconf} $(use_with iconv libiconv)" + + # the default (/usr/include/openssl/) is OK for Gentoo, leave it + # myconf="${myconf} $(use_with ssl openssl )" + + # No way to get it compiling with freeradius or gnuradius + # We would need libradius which only exists on FreeBSD + + # See bug #77369 + #myconf="${myconf} --enable-samode-unspec" + + econf ${myconf} || die + emake -j1 || die +} + +src_install() { + emake DESTDIR="${D}" install || die + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d racoon + newinitd "${FILESDIR}"/racoon.init.d racoon + + dodoc ChangeLog README NEWS + dodoc src/racoon/samples/* + dodoc src/racoon/doc/* + + docinto roadwarrior + dodoc src/racoon/samples/roadwarrior/* + + docinto roadwarrior/client + dodoc src/racoon/samples/roadwarrior/client/* + docinto roadwarrior/server + dodoc src/racoon/samples/roadwarrior/server/* + + docinto setkey + dodoc src/setkey/sample.cf + + dodir /etc/racoon + + # RFC are only available from CVS for the moment, see einfo below + #docinto "rfc" + #dodoc ${S}/src/racoon/rfc/* +} + +pkg_postinst() { + if use nat; then + elog + elog " You have enabled the nat traversal functionnality." + elog " Nat versions wich are enabled by default are 00,02,rfc" + elog " you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild" + elog "with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi; + + if use ldap; then + elog + elog " You have enabled ldap support with {$PN}." + elog " The man page does NOT contain any information on it yet." + elog " Consider to use a more recent version or CVS" + elog + fi; + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find a lot of information on how to configure this great tool." + elog +} + +# vim: set foldmethod=marker nowrap : |