summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-misc/openswan/ChangeLog11
-rw-r--r--net-misc/openswan/files/ipsec-initd27
-rw-r--r--net-misc/openswan/files/openswan-2.6.16-gentoo.patch69
-rw-r--r--net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch45
-rw-r--r--net-misc/openswan/files/openswan-2.6.16-refine-connection.patch22
-rw-r--r--net-misc/openswan/metadata.xml9
-rw-r--r--net-misc/openswan/openswan-2.6.16.ebuild163
7 files changed, 343 insertions, 3 deletions
diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog
index 1345c204375d..c8648f3afde2 100644
--- a/net-misc/openswan/ChangeLog
+++ b/net-misc/openswan/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-misc/openswan
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.52 2008/09/17 20:57:16 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.53 2008/09/21 12:42:31 mrness Exp $
+
+*openswan-2.6.16 (21 Sep 2008)
+
+ 21 Sep 2008; Alin Năstac <mrness@gentoo.org>
+ +files/openswan-2.6.16-gentoo.patch,
+ +files/openswan-2.6.16-qa-fixes.patch,
+ +files/openswan-2.6.16-refine-connection.patch, +files/ipsec-initd,
+ metadata.xml, +openswan-2.6.16.ebuild:
+ Version bump to latest 2.6 version (#237132).
17 Sep 2008; Markus Meier <maekke@gentoo.org> openswan-2.4.13.ebuild:
amd64/x86 stable, bug #237603
diff --git a/net-misc/openswan/files/ipsec-initd b/net-misc/openswan/files/ipsec-initd
new file mode 100644
index 000000000000..28d5eb977467
--- /dev/null
+++ b/net-misc/openswan/files/ipsec-initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/files/ipsec-initd,v 1.1 2008/09/21 12:42:32 mrness Exp $
+
+depend() {
+ need net logger
+ after dns
+}
+
+start() {
+ ebegin "Starting IPSec"
+ ipsec setup --start
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping IPSec"
+ ipsec setup --stop
+ eend $?
+}
+
+status() {
+ if [ "$RC_QUIET" != "yes" ]; then
+ ipsec setup --status
+ fi
+}
diff --git a/net-misc/openswan/files/openswan-2.6.16-gentoo.patch b/net-misc/openswan/files/openswan-2.6.16-gentoo.patch
new file mode 100644
index 000000000000..ed40e1c742bf
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6.16-gentoo.patch
@@ -0,0 +1,69 @@
+diff -ur openswan-2.6.16.orig/Makefile.inc openswan-2.6.16/Makefile.inc
+--- openswan-2.6.16.orig/Makefile.inc 2008-08-18 17:07:48.000000000 +0000
++++ openswan-2.6.16/Makefile.inc 2008-09-20 19:35:17.000000000 +0000
+@@ -49,7 +49,7 @@
+ DESTDIR?=
+
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL?=/usr
+
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -94,7 +94,7 @@
+
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+
+ FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+diff -ur openswan-2.6.16.orig/programs/setup/Makefile openswan-2.6.16/programs/setup/Makefile
+--- openswan-2.6.16.orig/programs/setup/Makefile 2008-08-18 17:07:48.000000000 +0000
++++ openswan-2.6.16/programs/setup/Makefile 2008-09-20 19:35:17.000000000 +0000
+@@ -18,7 +18,6 @@
+
+ # this dance is because setup has to get installed as /etc/rc.d/init.d/ipsec
+ # not as /etc/rc.d/init.d/setup.
+-PROGRAMDIR=$(RCDIR)
+ PROGRAM=setup
+ EXTRA8MAN=setup.8
+
+@@ -29,32 +28,6 @@
+ # into the $BINDIR.
+ #
+ # the priorities match those in setup's chkconfig line
+-doinstall:: setup
+- @rm -f $(BINDIR)/setup
+- @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+- @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+- -@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+- -@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+- -@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+- -@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+- -@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+-
+-install_file_list::
+- @echo $(RCDIR)/ipsec
+- @echo $(BINDIR)/setup
+- @echo $(RCDIR)/../rc0.d/K76ipsec
+- @echo $(RCDIR)/../rc1.d/K76ipsec
+- @echo $(RCDIR)/../rc2.d/S47ipsec
+- @echo $(RCDIR)/../rc3.d/S47ipsec
+- @echo $(RCDIR)/../rc4.d/S47ipsec
+- @echo $(RCDIR)/../rc5.d/S47ipsec
+- @echo $(RCDIR)/../rc6.d/K76ipsec
+-
+-cleanall::
+- @rm -f setup
+
+ #
+ # $Log: openswan-2.6.16-gentoo.patch,v $
+ # Revision 1.1 2008/09/21 12:42:32 mrness
+ # Version bump to latest 2.6 version (#237132).
+ # (Portage version: 2.1.4.4)
+ #
diff --git a/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch b/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch
new file mode 100644
index 000000000000..ca3b5b26f9ce
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6.16-qa-fixes.patch
@@ -0,0 +1,45 @@
+diff -ur openswan-2.6.16.orig/include/osw_select.h openswan-2.6.16/include/osw_select.h
+--- openswan-2.6.16.orig/include/osw_select.h 2008-08-18 17:07:48.000000000 +0000
++++ openswan-2.6.16/include/osw_select.h 2008-09-20 20:01:54.000000000 +0000
+@@ -44,6 +44,6 @@
+ #define OSW_FD_ISSET(d, s) ((OSW_FDS_BITS (s)[OSW_FDELT(d)] & OSW_FDMASK(d)) != 0)
+
+ #define osw_select(max, r, f, e, t) \
+- select(max, (fd_set *)(r), (fd_set *)(f), (fd_set *)(e), t)
++ select(max, (fd_set *)(void *)(r), (fd_set *)(void *)(f), (fd_set *)(void *)(e), t)
+
+ #endif /* _OSW_SELECT_H_ */
+diff -ur openswan-2.6.16.orig/programs/pluto/connections.c openswan-2.6.16/programs/pluto/connections.c
+--- openswan-2.6.16.orig/programs/pluto/connections.c 2008-08-18 17:07:48.000000000 +0000
++++ openswan-2.6.16/programs/pluto/connections.c 2008-09-20 19:29:32.000000000 +0000
+@@ -247,6 +247,15 @@
+ #ifdef DEBUG
+ lset_t old_cur_debugging = cur_debugging;
+ #endif
++ union {
++ struct alg_info** ppai;
++#ifdef KERNEL_ALG
++ struct alg_info_esp** ppai_esp;
++#endif
++#ifdef IKE_ALG
++ struct alg_info_ike** ppai_ike;
++#endif
++ } palg_info;
+
+ set_cur_connection(c);
+
+@@ -323,10 +332,12 @@
+
+ gw_delref(&c->gw_info);
+ #ifdef KERNEL_ALG
+- alg_info_delref((struct alg_info **)&c->alg_info_esp);
++ palg_info.ppai_esp = &c->alg_info_esp;
++ alg_info_delref(palg_info.ppai);
+ #endif
+ #ifdef IKE_ALG
+- alg_info_delref((struct alg_info **)&c->alg_info_ike);
++ palg_info.ppai_ike = &c->alg_info_ike;
++ alg_info_delref(palg_info.ppai);
+ #endif
+ pfree(c);
+ }
diff --git a/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch b/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch
new file mode 100644
index 000000000000..99bc27e2b200
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6.16-refine-connection.patch
@@ -0,0 +1,22 @@
+diff -ur openswan-2.6.16.orig/programs/pluto/connections.c openswan-2.6.16/programs/pluto/connections.c
+--- openswan-2.6.16.orig/programs/pluto/connections.c 2008-09-21 11:19:47.000000000 +0200
++++ openswan-2.6.16/programs/pluto/connections.c 2008-09-21 12:24:55.000000000 +0200
+@@ -2395,14 +2395,13 @@
+ for (; d != NULL; d = d->hp_next)
+ {
+ bool match1 = match_id(peer_id, &d->spd.that.id, &wildcards);
+- bool match2 = trusted_ca(peer_ca, d->spd.that.ca, &peer_pathlen);
+- bool match3 = match_requested_ca(c->requested_ca, d->spd.this.ca, &our_pathlen);
+- bool match = match1 && match2 && match3;
++ bool match2 = match_requested_ca(c->requested_ca, d->spd.this.ca, &our_pathlen);
++ bool match = match1 && match2;
+
+ DBG(DBG_CONTROLMORE
+- , DBG_log("refine_connection: checking %s against %s, best=%s with match=%d(id=%d/ca=%d/reqca=%d)"
++ , DBG_log("refine_connection: checking %s against %s, best=%s with match=%d(id=%d/reqca=%d)"
+ , c->name, d->name, best_found ? best_found->name : "(none)"
+- , match, match1, match2, match3));
++ , match, match1, match2));
+
+ /* ignore group connections */
+ if (d->policy & POLICY_GROUP)
diff --git a/net-misc/openswan/metadata.xml b/net-misc/openswan/metadata.xml
index 55d9e1e3e4dc..cfc10f55d824 100644
--- a/net-misc/openswan/metadata.xml
+++ b/net-misc/openswan/metadata.xml
@@ -12,7 +12,12 @@ implementation of IPsec for the Linux operating system. Is it a code fork
of the FreeS/WAN project, started by a few of the developers who were
growing frustrated with the politics surrounding the FreeS/WAN project.</longdescription>
<use>
- <flag name="extra-algorithms">Include additional algorithms such as Blowfish, Twofish and Serpent</flag>
- <flag name="weak-algorithms">Include weak algorithms such as DH1 and 1DES</flag>
+ <flag name="curl">Include curl support (used for fetching CRLs)</flag>
+ <flag name="ldap">Include LDAP support (used for fetching CRLs)</flag>
+ <flag name="extra-algorithms">Include additional strong algorithms
+ (Blowfish, Twofish, Serpent and SHA2)</flag>
+ <flag name="weak-algorithms">Include weak algorithms (DH1)</flag>
+ <flag name="nocrypto-algorithms">Include algorithms that don't even encrypt
+ (1DES)</flag>
</use>
</pkgmetadata>
diff --git a/net-misc/openswan/openswan-2.6.16.ebuild b/net-misc/openswan/openswan-2.6.16.ebuild
new file mode 100644
index 000000000000..6d14dfb29c98
--- /dev/null
+++ b/net-misc/openswan/openswan-2.6.16.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.16.ebuild,v 1.1 2008/09/21 12:42:31 mrness Exp $
+
+inherit eutils linux-info
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+HOMEPAGE="http://www.openswan.org/"
+SRC_URI="http://www.openswan.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="curl ldap smartcard extra-algorithms weak-algorithms nocrypto-algorithms"
+
+COMMON_DEPEND="!net-misc/strongswan
+ dev-libs/gmp
+ dev-lang/perl
+ smartcard? ( dev-libs/opensc )
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )"
+DEPEND="${COMMON_DEPEND}
+ virtual/linux-sources
+ app-text/xmlto"
+RDEPEND="${COMMON_DEPEND}
+ virtual/logger
+ sys-apps/iproute2"
+
+pkg_setup() {
+ if use nocrypto-algorithms && ! use weak-algorithms; then
+ ewarn "Enabling nocrypto-algorithms USE flag has no effect when"
+ ewarn "weak-algorithms USE flag is disabled"
+ fi
+
+ linux-info_pkg_setup
+
+ if kernel_is 2 6; then
+ einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+ einfo "KLIPS will not be compiled/installed."
+ MYMAKE="programs"
+
+ elif kernel_is 2 4; then
+ if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then
+ eerror "You need to have an IPsec enabled 2.4.x kernel."
+ eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+ die
+ fi
+
+ einfo "Using patched-in IPsec code for kernel 2.4"
+ einfo "Your kernel only supports KLIPS for kernel level IPsec."
+ MYMAKE="confcheck programs"
+
+ else
+ die "Unsupported kernel version"
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-qa-fixes.patch
+ epatch "${FILESDIR}"/${P}-refine-connection.patch
+
+ find . -regex '.*[.][1-8]' -exec sed -i \
+ -e s:/usr/local:/usr:g '{}' \; ||
+ die "failed to replace text in xml docs"
+}
+
+get_make_options() {
+ echo KERNELSRC=\"${KERNEL_DIR}\" \
+ FINALEXAMPLECONFDIR=/usr/share/doc/${P} \
+ INC_RCDEFAULT=/etc/init.d \
+ INC_USRLOCAL=/usr \
+ INC_MANDIR=share/man \
+ FINALDOCDIR=/usr/share/doc/${P} \
+ DESTDIR=\"${D}\" \
+ USERCOMPILE=\"${CFLAGS}\"
+ if use smartcard ; then
+ echo USE_SMARTCARD=true
+ fi
+ if use extra-algorithms ; then
+ echo USE_EXTRACRYPTO=true
+ else
+ echo USE_EXTRACRYPTO=false
+ fi
+ if use weak-algorithms ; then
+ echo USE_WEAKSTUFF=true
+ if use nocrypto-algorithms; then
+ echo USE_NOCRYPTO=true
+ fi
+ fi
+ echo USE_LWRES=false # needs bind9 with lwres support
+ local USETHREADS=false
+ if use curl; then
+ echo USE_LIBCURL=true
+ USETHREADS=true
+ fi
+ if use ldap; then
+ echo USE_LDAP=true
+ USETHREADS=true
+ fi
+ echo HAVE_THREADS=${USETHREADS}
+}
+
+src_compile() {
+ eval set -- $(get_make_options)
+ emake "$@" \
+ ${MYMAKE} || die "emake failed"
+}
+
+src_install() {
+ eval set -- $(get_make_options)
+ emake "$@" \
+ install || die "emake install failed"
+
+ newinitd "${FILESDIR}"/ipsec-initd ipsec || die "failed to install init script"
+
+ dodir /var/run/pluto || die "failed to create /var/run/pluto"
+}
+
+pkg_preinst() {
+ if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then
+ ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':"
+ local i err=0
+ if [ -h "../ipsec.d" ]; then
+ rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink"
+ fi
+ for i in *; do
+ if [ -e "../$i" ]; then
+ eerror " $i NOT MOVED, ../$i already exists!"
+ err=1
+ elif [ -d "$i" ]; then
+ mv "$i" .. || die "failed to move $i directory"
+ ewarn " directory $i"
+ elif [ -f "$i" ]; then
+ sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \
+ mv "$i" .. && ewarn " file $i" || \
+ die "failed to move $i file"
+ else
+ eerror " $i NOT MOVED, it is not a file nor a directory!"
+ err=1
+ fi
+ done
+ popd
+ if [ $err -eq 0 ]; then
+ rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec"
+ else
+ ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ if kernel_is 2 6; then
+ CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
+ WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
+ WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
+ WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
+ check_extra_config
+ fi
+}