From 298fa54b92b0bba1c8082fa169dc45f341babdc9 Mon Sep 17 00:00:00 2001 From: Ionen Wolkens Date: Mon, 21 Jun 2021 19:28:01 -0400 Subject: net-vpn/ipsec-tools: use binding := for dev-libs/openssl Needed for upcoming upgrade to OpenSSL 3.0.0 which has changed ABI. Acked-by: David Seifert Signed-off-by: Ionen Wolkens Signed-off-by: Sam James --- net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild | 283 ------------------------ net-vpn/ipsec-tools/ipsec-tools-0.8.2-r7.ebuild | 283 ++++++++++++++++++++++++ 2 files changed, 283 insertions(+), 283 deletions(-) delete mode 100644 net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild create mode 100644 net-vpn/ipsec-tools/ipsec-tools-0.8.2-r7.ebuild (limited to 'net-vpn/ipsec-tools') diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild deleted file mode 100644 index de5c6572394f..000000000000 --- a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r6.ebuild +++ /dev/null @@ -1,283 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit flag-o-matic autotools linux-info pam systemd - -DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" -HOMEPAGE="http://ipsec-tools.sourceforge.net/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2 - https://dev.gentoo.org/~juippis/distfiles/tmp/ipsec-tools-add-openssl-1.1.x-support.patch" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="amd64 arm ~ia64 ~mips ppc ppc64 x86" -IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" - -CDEPEND=" - dev-libs/openssl:0 - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - readline? ( sys-libs/readline:0= ) - selinux? ( sys-libs/libselinux )" - -DEPEND="${CDEPEND} - >=sys-kernel/linux-headers-2.6.30" - -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-ipsec ) -" - -pkg_preinst() { - if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - if ! has_version "net-vpn/strongswan" && - ! has_version "net-misc/openswan" && - ! has_version "net-vpn/libreswan"; then - ewarn "We found an earlier version of ${PN} installed." - ewarn "As of ${PN}-0.8.0-r5, the old configuration file," - ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" - ewarn "a conflict with net-vpn/strongswan; bug #436144. We will" - ewarn "rename this file for you with this upgrade. However, if" - ewarn "you later downgrade, you'll have to rename the file to" - ewarn "its orignal manually or change /etc/conf.d/racoon to point" - ewarn "to the new file." - - if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then - mv /etc/ipsec.conf /etc/ipsec-tools.conf - else - ewarn - ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" - ewarn "Either the former doesn't exist or the later does and" - ewarn "I won't clobber it. Please fix this situation manually." - fi - else - ewarn "You had both an earlier version of ${PN} and" - ewarn "net-vpn/strongswan installed. I can't tell whether" - ewarn "the configuration file, ipsec.conf, belongs to one" - ewarn "package or the other due to a file conflict; bug #436144." - ewarn "The current version of ${PN} uses ipsec-tools.conf" - ewarn "as its configuration file, as will future versions." - ewarn "Please fix this situation manually." - fi - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - fi -} - -pkg_setup() { - linux-info_pkg_setup - - get_version - - if linux_config_exists && kernel_is -ge 2 6 19; then - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - ewarn "Checking kernel configuration in /usr/src/linux or" - ewarn "or /proc/config.gz for compatibility with ${PN}." - ewarn "Here are the potential problems:" - ewarn - - local nothing="1" - - # Check options for all flavors of IPSec - local msg="" - for i in XFRM_USER NET_KEY; do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "ALL IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check unencrypted IPSec - if ! linux_chkconfig_present CRYPTO_NULL; then - nothing="0" - ewarn - ewarn "Unencrypted IPSec may fail. CHECK:" - ewarn " CRYPTO_NULL" - fi - - # Check IPv4 IPSec - msg="" - for i in \ - INET_IPCOMP INET_AH INET_ESP \ - INET_XFRM_MODE_TRANSPORT \ - INET_XFRM_MODE_TUNNEL \ - INET_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv4 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check IPv6 IPSec - if use ipv6; then - msg="" - for i in INET6_IPCOMP INET6_AH INET6_ESP \ - INET6_XFRM_MODE_TRANSPORT \ - INET6_XFRM_MODE_TUNNEL \ - INET6_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv6 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - fi - - # Check IPSec behind NAT - if use nat; then - if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then - nothing="0" - ewarn - ewarn "IPSec behind NAT may fail. CHECK:" - ewarn " NETFILTER_XT_MATCH_POLICY" - fi - fi - - if [[ $nothing == "1" ]]; then - ewarn "NO PROBLEMS FOUND" - fi - - ewarn - ewarn "WARNING: If your *configured* and *running* kernel" - ewarn "differ either now or in the future, then these checks" - ewarn "may lead to misleading results." - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - else - eerror - eerror "\033[1;31m**************************************************\033[00m" - eerror "Make sure that your *running* kernel is/will be >=2.6.19." - eerror "Building ${PN} now, assuming that you know what you're doing." - eerror "\033[1;31m**************************************************\033[00m" - eerror - fi -} - -src_prepare() { - # fix for bug #124813 - sed -i 's:-Werror::g' "${S}"/configure.ac || die - # fix for building with gcc-4.6 - sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die - - eapply "${FILESDIR}/${PN}-def-psk.patch" - eapply "${FILESDIR}/${PN}-include-vendoridh.patch" - eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 - eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch - eapply "${DISTDIR}"/${PN}-add-openssl-1.1.x-support.patch - eapply "${FILESDIR}"/${PN}-CVE-2016-10396.patch - AT_M4DIR="${S}" eautoreconf - - eapply_user -} - -src_configure() { - #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" - #--enable-samode-unspec is not supported in linux - local myconf - myconf="--with-kernel-headers=/usr/include \ - --enable-adminport \ - --enable-dependency-tracking \ - --enable-dpd \ - --enable-frag \ - --without-libiconv \ - --without-libradius \ - --disable-samode-unspec \ - $(use_enable idea) \ - $(use_enable ipv6) \ - $(use_enable kerberos gssapi) \ - $(use_with ldap libldap) \ - $(use_enable nat natt) \ - $(use_with pam libpam) \ - $(use_enable rc5) \ - $(use_with readline) \ - $(use_enable selinux security-context) \ - $(use_enable stats)" - - use nat && myconf="${myconf} --enable-natt-versions=yes" - - # enable mode-cfg and xauth support - if use pam; then - myconf="${myconf} --enable-hybrid" - else - myconf="${myconf} $(use_enable hybrid)" - fi - - econf ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - keepdir /var/lib/racoon - newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon - newinitd "${FILESDIR}"/racoon.init.d-r3 racoon - systemd_dounit "${FILESDIR}/ipsec-tools.service" - systemd_dounit "${FILESDIR}/racoon.service" - use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon - - insinto /etc - doins "${FILESDIR}"/ipsec-tools.conf - insinto /etc/racoon - doins "${FILESDIR}"/racoon.conf - doins "${FILESDIR}"/psk.txt - chmod 400 "${D}"/etc/racoon/psk.txt - - dodoc ChangeLog README NEWS - dodoc -r src/racoon/samples - dodoc -r src/racoon/doc - docinto samples - newdoc src/setkey/sample.cf ipsec-tools.conf -} - -pkg_postinst() { - if use nat; then - elog - elog "You have enabled the nat traversal functionnality." - elog "Nat versions wich are enabled by default are 00,02,rfc" - elog "you can find those drafts in the CVS repository:" - elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" - elog - elog "If you feel brave enough and you know what you are" - elog "doing, you can consider emerging this ebuild with" - elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" - elog - fi - - if use ldap; then - elog - elog "You have enabled ldap support with ${PN}." - elog "The man page does NOT contain any information on it yet." - elog "Consider using a more recent version or CVS." - elog - fi - - elog - elog "Please have a look in /usr/share/doc/${P} and visit" - elog "http://www.netbsd.org/Documentation/network/ipsec/" - elog "to find more information on how to configure this tool." - elog -} diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r7.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r7.ebuild new file mode 100644 index 000000000000..c1eb271650e6 --- /dev/null +++ b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r7.ebuild @@ -0,0 +1,283 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic autotools linux-info pam systemd + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2 + https://dev.gentoo.org/~juippis/distfiles/tmp/ipsec-tools-add-openssl-1.1.x-support.patch" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~ia64 ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" + +CDEPEND=" + dev-libs/openssl:0= + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline:0= ) + selinux? ( sys-libs/libselinux )" + +DEPEND="${CDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ipsec ) +" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-vpn/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-vpn/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-vpn/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-vpn/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + eapply "${FILESDIR}/${PN}-def-psk.patch" + eapply "${FILESDIR}/${PN}-include-vendoridh.patch" + eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 + eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch + eapply "${DISTDIR}"/${PN}-add-openssl-1.1.x-support.patch + eapply "${FILESDIR}"/${PN}-CVE-2016-10396.patch + AT_M4DIR="${S}" eautoreconf + + eapply_user +} + +src_configure() { + #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon + newinitd "${FILESDIR}"/racoon.init.d-r3 racoon + systemd_dounit "${FILESDIR}/ipsec-tools.service" + systemd_dounit "${FILESDIR}/racoon.service" + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with ${PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} -- cgit v1.2.3-65-gdbad