summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-firewall/ipsec-tools/ChangeLog12
-rw-r--r--net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild199
2 files changed, 210 insertions, 1 deletions
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
index 75d02338cafe..80a97a586865 100644
--- a/net-firewall/ipsec-tools/ChangeLog
+++ b/net-firewall/ipsec-tools/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for net-firewall/ipsec-tools
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.74 2010/01/09 23:20:49 vostorga Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.75 2010/01/10 01:12:10 robbat2 Exp $
+
+*ipsec-tools-0.7.3-r1 (10 Jan 2010)
+
+ 10 Jan 2010; Robin H. Johnson <robbat2@gentoo.org>
+ +ipsec-tools-0.7.3-r1.ebuild:
+ Bug #283320: linux-info changes require that linux_config_exists is called
+ before linux_chkconfig*. Bug #284810: ensure HAVE_PFKEY_POLICY_PRIORITY
+ and HAVE_POLICY_FWD are always available. Bug #264233: Avoid reference to
+ missing swab.h from mixing header/kernel sources versions - by not mixing
+ the versions at all anymore.
09 Jan 2010; Víctor Ostorga <vostorga@gentoo.org>
ipsec-tools-0.7.3.ebuild, +files/ipsec-tools-duplicate-header.patch:
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild
new file mode 100644
index 000000000000..ad75f0e6e9aa
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.1 2010/01/10 01:12:10 robbat2 Exp $
+
+inherit eutils flag-o-matic autotools linux-info
+
+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="idea ipv6 pam rc5 readline selinux ldap kerberos nat hybrid iconv selinux"
+
+DEPEND_COMMON="
+ selinux? ( sys-libs/libselinux )
+ readline? ( sys-libs/readline )
+ pam? ( sys-libs/pam )
+ ldap? ( net-nds/openldap )
+ kerberos? ( virtual/krb5 )
+ >=dev-libs/openssl-0.9.8
+ iconv? ( virtual/libiconv )"
+# radius? ( net-dialup/gnuradius )
+
+RDEPEND="${DEPEND_COMMON}
+ selinux? ( sec-policy/selinux-ipsec-tools )"
+
+DEPEND="${DEPEND_COMMON}
+ >=sys-kernel/linux-headers-2.6.30"
+
+pkg_setup() {
+ get_version
+ if kernel_is 2 6 ; then
+ if test "${KV_PATCH}" -ge 19 ; then
+ # Just for kernel >=2.6.19
+ einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
+
+ if use nat; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
+ export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
+ fi
+
+ for i in XFRM_USER NET_KEY; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='No tunnels will be available at all'"
+ done
+
+ for i in INET_IPCOMP INET_AH INET_ESP \
+ INET_XFRM_MODE_TRANSPORT \
+ INET_XFRM_MODE_TUNNEL \
+ INET_XFRM_MODE_BEET ; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='IPv4 tunnels will not be available'"
+ done
+
+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
+ INET6_XFRM_MODE_TRANSPORT \
+ INET6_XFRM_MODE_TUNNEL \
+ INET6_XFRM_MODE_BEET ; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='IPv6 tunnels will not be available'"
+ done
+
+ CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
+ export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
+ export CONFIG_CHECK
+
+ check_extra_config
+ else
+ eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
+ eerror "Building now, assuming that you will run on a different kernel"
+ fi
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ # fix for bug #76741
+ sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c
+ # fix for bug #124813
+ sed -i 's:-Werror::g' "${S}"/configure.ac
+ # Fixing duplicate specification of vmbuf.h #300161
+ epatch "${FILESDIR}"/${PN}-duplicate-header.patch
+
+ AT_M4DIR="${S}" eautoreconf
+ epunt_cxx
+}
+
+src_compile() {
+ # fix for bug #61025
+ filter-flags -march=c3
+
+ myconf="--with-kernel-headers=/usr/include \
+ --enable-dependency-tracking \
+ --enable-dpd \
+ --enable-frag \
+ --enable-stats \
+ --enable-fastquit \
+ --enable-stats \
+ --enable-adminport \
+ $(use_enable ipv6) \
+ $(use_enable rc5) \
+ $(use_enable idea) \
+ $(use_with readline)
+ $(use_enable kerberos gssapi) \
+ $(use_with ldap libldap) \
+ $(use_with pam libpam)"
+
+# we do not want broken-natt from the kernel
+# myconf="${myconf} $(use_enable broken-natt)"
+ use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes"
+
+ # we only need security-context when using selinux
+ myconf="${myconf} $(use_enable selinux security-context)"
+
+ # enable mode-cfg and xauth support
+ if use pam; then
+ myconf="${myconf} --enable-hybrid"
+ else
+ myconf="${myconf} $(use_enable hybrid)"
+ fi
+
+ # dev-libs/libiconv is hard masked
+ #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
+
+ # the default (/usr/include/openssl/) is OK for Gentoo, leave it
+ # myconf="${myconf} $(use_with ssl openssl )"
+
+ # No way to get it compiling with freeradius or gnuradius
+ # We would need libradius which only exists on FreeBSD
+
+ # See bug #77369
+ #myconf="${myconf} --enable-samode-unspec"
+
+ econf ${myconf} || die
+ emake -j1 || die
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+ keepdir /var/lib/racoon
+ newconfd "${FILESDIR}"/racoon.conf.d racoon
+ newinitd "${FILESDIR}"/racoon.init.d racoon
+
+ dodoc ChangeLog README NEWS
+ dodoc src/racoon/samples/*
+ dodoc src/racoon/doc/*
+
+ docinto roadwarrior
+ dodoc src/racoon/samples/roadwarrior/*
+
+ docinto roadwarrior/client
+ dodoc src/racoon/samples/roadwarrior/client/*
+ docinto roadwarrior/server
+ dodoc src/racoon/samples/roadwarrior/server/*
+
+ docinto setkey
+ dodoc src/setkey/sample.cf
+
+ dodir /etc/racoon
+
+ # RFC are only available from CVS for the moment, see einfo below
+ #docinto "rfc"
+ #dodoc ${S}/src/racoon/rfc/*
+}
+
+pkg_postinst() {
+ if use nat; then
+ elog
+ elog " You have enabled the nat traversal functionnality."
+ elog " Nat versions wich are enabled by default are 00,02,rfc"
+ elog " you can find those drafts in the CVS repository:"
+ elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
+ elog
+ elog "If you feel brave enough and you know what you are"
+ elog "doing, you can consider emerging this ebuild"
+ elog "with"
+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
+ elog
+ fi;
+
+ if use ldap; then
+ elog
+ elog " You have enabled ldap support with {$PN}."
+ elog " The man page does NOT contain any information on it yet."
+ elog " Consider to use a more recent version or CVS"
+ elog
+ fi;
+
+ elog
+ elog "Please have a look in /usr/share/doc/${P} and visit"
+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
+ elog "to find a lot of information on how to configure this great tool."
+ elog
+}
+
+# vim: set foldmethod=marker nowrap :