diff options
-rw-r--r-- | net-misc/openswan/ChangeLog | 11 | ||||
-rw-r--r-- | net-misc/openswan/files/ipsec-initd | 27 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.6.16-gentoo.patch | 69 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch | 45 | ||||
-rw-r--r-- | net-misc/openswan/files/openswan-2.6.16-refine-connection.patch | 22 | ||||
-rw-r--r-- | net-misc/openswan/metadata.xml | 9 | ||||
-rw-r--r-- | net-misc/openswan/openswan-2.6.16.ebuild | 163 |
7 files changed, 343 insertions, 3 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog index 1345c204375d..c8648f3afde2 100644 --- a/net-misc/openswan/ChangeLog +++ b/net-misc/openswan/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-misc/openswan # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.52 2008/09/17 20:57:16 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.53 2008/09/21 12:42:31 mrness Exp $ + +*openswan-2.6.16 (21 Sep 2008) + + 21 Sep 2008; Alin Năstac <mrness@gentoo.org> + +files/openswan-2.6.16-gentoo.patch, + +files/openswan-2.6.16-qa-fixes.patch, + +files/openswan-2.6.16-refine-connection.patch, +files/ipsec-initd, + metadata.xml, +openswan-2.6.16.ebuild: + Version bump to latest 2.6 version (#237132). 17 Sep 2008; Markus Meier <maekke@gentoo.org> openswan-2.4.13.ebuild: amd64/x86 stable, bug #237603 diff --git a/net-misc/openswan/files/ipsec-initd b/net-misc/openswan/files/ipsec-initd new file mode 100644 index 000000000000..28d5eb977467 --- /dev/null +++ b/net-misc/openswan/files/ipsec-initd @@ -0,0 +1,27 @@ +#!/sbin/runscript +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/files/ipsec-initd,v 1.1 2008/09/21 12:42:32 mrness Exp $ + +depend() { + need net logger + after dns +} + +start() { + ebegin "Starting IPSec" + ipsec setup --start + eend $? +} + +stop() { + ebegin "Stopping IPSec" + ipsec setup --stop + eend $? +} + +status() { + if [ "$RC_QUIET" != "yes" ]; then + ipsec setup --status + fi +} diff --git a/net-misc/openswan/files/openswan-2.6.16-gentoo.patch b/net-misc/openswan/files/openswan-2.6.16-gentoo.patch new file mode 100644 index 000000000000..ed40e1c742bf --- /dev/null +++ b/net-misc/openswan/files/openswan-2.6.16-gentoo.patch @@ -0,0 +1,69 @@ +diff -ur openswan-2.6.16.orig/Makefile.inc openswan-2.6.16/Makefile.inc +--- openswan-2.6.16.orig/Makefile.inc 2008-08-18 17:07:48.000000000 +0000 ++++ openswan-2.6.16/Makefile.inc 2008-09-20 19:35:17.000000000 +0000 +@@ -49,7 +49,7 @@ + DESTDIR?= + + # "local" part of tree, used in building other pathnames +-INC_USRLOCAL=/usr/local ++INC_USRLOCAL?=/usr + + # PUBDIR is where the "ipsec" command goes; beware, many things define PATH + # settings which are assumed to include it (or at least, to include *some* +@@ -94,7 +94,7 @@ + + # sample configuration files go into + INC_DOCDIR?=share/doc +-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan ++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan + EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR} + + FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan +diff -ur openswan-2.6.16.orig/programs/setup/Makefile openswan-2.6.16/programs/setup/Makefile +--- openswan-2.6.16.orig/programs/setup/Makefile 2008-08-18 17:07:48.000000000 +0000 ++++ openswan-2.6.16/programs/setup/Makefile 2008-09-20 19:35:17.000000000 +0000 +@@ -18,7 +18,6 @@ + + # this dance is because setup has to get installed as /etc/rc.d/init.d/ipsec + # not as /etc/rc.d/init.d/setup. +-PROGRAMDIR=$(RCDIR) + PROGRAM=setup + EXTRA8MAN=setup.8 + +@@ -29,32 +28,6 @@ + # into the $BINDIR. + # + # the priorities match those in setup's chkconfig line +-doinstall:: setup +- @rm -f $(BINDIR)/setup +- @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec +- @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup +- -@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done +- -@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec +- -@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec +- -@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec +- +-install_file_list:: +- @echo $(RCDIR)/ipsec +- @echo $(BINDIR)/setup +- @echo $(RCDIR)/../rc0.d/K76ipsec +- @echo $(RCDIR)/../rc1.d/K76ipsec +- @echo $(RCDIR)/../rc2.d/S47ipsec +- @echo $(RCDIR)/../rc3.d/S47ipsec +- @echo $(RCDIR)/../rc4.d/S47ipsec +- @echo $(RCDIR)/../rc5.d/S47ipsec +- @echo $(RCDIR)/../rc6.d/K76ipsec +- +-cleanall:: +- @rm -f setup + + # + # $Log: openswan-2.6.16-gentoo.patch,v $ + # Revision 1.1 2008/09/21 12:42:32 mrness + # Version bump to latest 2.6 version (#237132). + # (Portage version: 2.1.4.4) + # diff --git a/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch b/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch new file mode 100644 index 000000000000..ca3b5b26f9ce --- /dev/null +++ b/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch @@ -0,0 +1,45 @@ +diff -ur openswan-2.6.16.orig/include/osw_select.h openswan-2.6.16/include/osw_select.h +--- openswan-2.6.16.orig/include/osw_select.h 2008-08-18 17:07:48.000000000 +0000 ++++ openswan-2.6.16/include/osw_select.h 2008-09-20 20:01:54.000000000 +0000 +@@ -44,6 +44,6 @@ + #define OSW_FD_ISSET(d, s) ((OSW_FDS_BITS (s)[OSW_FDELT(d)] & OSW_FDMASK(d)) != 0) + + #define osw_select(max, r, f, e, t) \ +- select(max, (fd_set *)(r), (fd_set *)(f), (fd_set *)(e), t) ++ select(max, (fd_set *)(void *)(r), (fd_set *)(void *)(f), (fd_set *)(void *)(e), t) + + #endif /* _OSW_SELECT_H_ */ +diff -ur openswan-2.6.16.orig/programs/pluto/connections.c openswan-2.6.16/programs/pluto/connections.c +--- openswan-2.6.16.orig/programs/pluto/connections.c 2008-08-18 17:07:48.000000000 +0000 ++++ openswan-2.6.16/programs/pluto/connections.c 2008-09-20 19:29:32.000000000 +0000 +@@ -247,6 +247,15 @@ + #ifdef DEBUG + lset_t old_cur_debugging = cur_debugging; + #endif ++ union { ++ struct alg_info** ppai; ++#ifdef KERNEL_ALG ++ struct alg_info_esp** ppai_esp; ++#endif ++#ifdef IKE_ALG ++ struct alg_info_ike** ppai_ike; ++#endif ++ } palg_info; + + set_cur_connection(c); + +@@ -323,10 +332,12 @@ + + gw_delref(&c->gw_info); + #ifdef KERNEL_ALG +- alg_info_delref((struct alg_info **)&c->alg_info_esp); ++ palg_info.ppai_esp = &c->alg_info_esp; ++ alg_info_delref(palg_info.ppai); + #endif + #ifdef IKE_ALG +- alg_info_delref((struct alg_info **)&c->alg_info_ike); ++ palg_info.ppai_ike = &c->alg_info_ike; ++ alg_info_delref(palg_info.ppai); + #endif + pfree(c); + } diff --git a/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch b/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch new file mode 100644 index 000000000000..99bc27e2b200 --- /dev/null +++ b/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch @@ -0,0 +1,22 @@ +diff -ur openswan-2.6.16.orig/programs/pluto/connections.c openswan-2.6.16/programs/pluto/connections.c +--- openswan-2.6.16.orig/programs/pluto/connections.c 2008-09-21 11:19:47.000000000 +0200 ++++ openswan-2.6.16/programs/pluto/connections.c 2008-09-21 12:24:55.000000000 +0200 +@@ -2395,14 +2395,13 @@ + for (; d != NULL; d = d->hp_next) + { + bool match1 = match_id(peer_id, &d->spd.that.id, &wildcards); +- bool match2 = trusted_ca(peer_ca, d->spd.that.ca, &peer_pathlen); +- bool match3 = match_requested_ca(c->requested_ca, d->spd.this.ca, &our_pathlen); +- bool match = match1 && match2 && match3; ++ bool match2 = match_requested_ca(c->requested_ca, d->spd.this.ca, &our_pathlen); ++ bool match = match1 && match2; + + DBG(DBG_CONTROLMORE +- , DBG_log("refine_connection: checking %s against %s, best=%s with match=%d(id=%d/ca=%d/reqca=%d)" ++ , DBG_log("refine_connection: checking %s against %s, best=%s with match=%d(id=%d/reqca=%d)" + , c->name, d->name, best_found ? best_found->name : "(none)" +- , match, match1, match2, match3)); ++ , match, match1, match2)); + + /* ignore group connections */ + if (d->policy & POLICY_GROUP) diff --git a/net-misc/openswan/metadata.xml b/net-misc/openswan/metadata.xml index 55d9e1e3e4dc..cfc10f55d824 100644 --- a/net-misc/openswan/metadata.xml +++ b/net-misc/openswan/metadata.xml @@ -12,7 +12,12 @@ implementation of IPsec for the Linux operating system. Is it a code fork of the FreeS/WAN project, started by a few of the developers who were growing frustrated with the politics surrounding the FreeS/WAN project.</longdescription> <use> - <flag name="extra-algorithms">Include additional algorithms such as Blowfish, Twofish and Serpent</flag> - <flag name="weak-algorithms">Include weak algorithms such as DH1 and 1DES</flag> + <flag name="curl">Include curl support (used for fetching CRLs)</flag> + <flag name="ldap">Include LDAP support (used for fetching CRLs)</flag> + <flag name="extra-algorithms">Include additional strong algorithms + (Blowfish, Twofish, Serpent and SHA2)</flag> + <flag name="weak-algorithms">Include weak algorithms (DH1)</flag> + <flag name="nocrypto-algorithms">Include algorithms that don't even encrypt + (1DES)</flag> </use> </pkgmetadata> diff --git a/net-misc/openswan/openswan-2.6.16.ebuild b/net-misc/openswan/openswan-2.6.16.ebuild new file mode 100644 index 000000000000..6d14dfb29c98 --- /dev/null +++ b/net-misc/openswan/openswan-2.6.16.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.16.ebuild,v 1.1 2008/09/21 12:42:31 mrness Exp $ + +inherit eutils linux-info + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)." +HOMEPAGE="http://www.openswan.org/" +SRC_URI="http://www.openswan.org/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="curl ldap smartcard extra-algorithms weak-algorithms nocrypto-algorithms" + +COMMON_DEPEND="!net-misc/strongswan + dev-libs/gmp + dev-lang/perl + smartcard? ( dev-libs/opensc ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + app-text/xmlto" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2" + +pkg_setup() { + if use nocrypto-algorithms && ! use weak-algorithms; then + ewarn "Enabling nocrypto-algorithms USE flag has no effect when" + ewarn "weak-algorithms USE flag is disabled" + fi + + linux-info_pkg_setup + + if kernel_is 2 6; then + einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)." + einfo "KLIPS will not be compiled/installed." + MYMAKE="programs" + + elif kernel_is 2 4; then + if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then + eerror "You need to have an IPsec enabled 2.4.x kernel." + eerror "Ensure you have one running and make a symlink to it in /usr/src/linux" + die + fi + + einfo "Using patched-in IPsec code for kernel 2.4" + einfo "Your kernel only supports KLIPS for kernel level IPsec." + MYMAKE="confcheck programs" + + else + die "Unsupported kernel version" + fi +} + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}"/${P}-gentoo.patch + epatch "${FILESDIR}"/${P}-qa-fixes.patch + epatch "${FILESDIR}"/${P}-refine-connection.patch + + find . -regex '.*[.][1-8]' -exec sed -i \ + -e s:/usr/local:/usr:g '{}' \; || + die "failed to replace text in xml docs" +} + +get_make_options() { + echo KERNELSRC=\"${KERNEL_DIR}\" \ + FINALEXAMPLECONFDIR=/usr/share/doc/${P} \ + INC_RCDEFAULT=/etc/init.d \ + INC_USRLOCAL=/usr \ + INC_MANDIR=share/man \ + FINALDOCDIR=/usr/share/doc/${P} \ + DESTDIR=\"${D}\" \ + USERCOMPILE=\"${CFLAGS}\" + if use smartcard ; then + echo USE_SMARTCARD=true + fi + if use extra-algorithms ; then + echo USE_EXTRACRYPTO=true + else + echo USE_EXTRACRYPTO=false + fi + if use weak-algorithms ; then + echo USE_WEAKSTUFF=true + if use nocrypto-algorithms; then + echo USE_NOCRYPTO=true + fi + fi + echo USE_LWRES=false # needs bind9 with lwres support + local USETHREADS=false + if use curl; then + echo USE_LIBCURL=true + USETHREADS=true + fi + if use ldap; then + echo USE_LDAP=true + USETHREADS=true + fi + echo HAVE_THREADS=${USETHREADS} +} + +src_compile() { + eval set -- $(get_make_options) + emake "$@" \ + ${MYMAKE} || die "emake failed" +} + +src_install() { + eval set -- $(get_make_options) + emake "$@" \ + install || die "emake install failed" + + newinitd "${FILESDIR}"/ipsec-initd ipsec || die "failed to install init script" + + dodir /var/run/pluto || die "failed to create /var/run/pluto" +} + +pkg_preinst() { + if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then + ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':" + local i err=0 + if [ -h "../ipsec.d" ]; then + rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink" + fi + for i in *; do + if [ -e "../$i" ]; then + eerror " $i NOT MOVED, ../$i already exists!" + err=1 + elif [ -d "$i" ]; then + mv "$i" .. || die "failed to move $i directory" + ewarn " directory $i" + elif [ -f "$i" ]; then + sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \ + mv "$i" .. && ewarn " file $i" || \ + die "failed to move $i file" + else + eerror " $i NOT MOVED, it is not a file nor a directory!" + err=1 + fi + done + popd + if [ $err -eq 0 ]; then + rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec" + else + ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself" + fi + fi +} + +pkg_postinst() { + if kernel_is 2 6; then + CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP" + WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)" + WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)" + WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)" + check_extra_config + fi +} |