summaryrefslogtreecommitdiff
blob: 49ca0fbac07b40c8cc3a869e0418d7df997e58ca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-2.8.4.ebuild,v 1.1 2007/05/31 11:56:03 pylon Exp $

inherit eutils linux-info

DESCRIPTION="IPsec-based VPN Solution for Linux"
HOMEPAGE="http://www.strongswan.org/"
SRC_URI="http://download.strongswan.org/${P}.tar.bz2"

LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES"
SLOT="0"
KEYWORDS="~amd64 ~ppc ~sparc ~x86"
IUSE="curl ldap nat smartcard"

COMMON_DEPEND="!net-misc/openswan
	dev-libs/gmp"
DEPEND="${COMMON_DEPEND}
	virtual/linux-sources
	sys-kernel/linux-headers
	curl? ( net-misc/curl )
	ldap? ( net-nds/openldap )
	smartcard? ( dev-libs/opensc )"
RDEPEND="${COMMON_DEPEND}
	virtual/logger
	sys-apps/iproute2"

pkg_setup() {
	linux-info_pkg_setup

	if kernel_is 2 6; then
		einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
		einfo "KLIPS will not be compiled/installed."
		MYMAKE="programs"

	elif kernel_is 2 4; then
		if ! [ -d /usr/src/linux/net/ipsec ]; then
			eerror "You need to have an IPsec enabled 2.4.x kernel."
			eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
			die
		fi

		einfo "Using patched-in IPsec code for kernel 2.4."
		einfo "Your kernel only supports KLIPS for kernel level IPsec."
		MYMAKE="confcheck programs"

	else
		eerror "Sorry, no support for your kernel version ${KV_FULL}."
		die "Install an IPsec enabled 2.4 or 2.6 kernel."
	fi
}

src_unpack() {
	unpack ${A}
	cd ${S}

	epatch ${FILESDIR}/ipsec-path-${PV}.patch.bz2

	if use curl ; then
		ebegin "Curl support requested. Enabling curl support"
		sed -i -e 's:\(USE_LIBCURL?=\)false:\1true:g' Makefile.inc || die
		eend $?
	fi

	if use ldap ; then
		ebegin "LDAP support requested. Enabling LDAPv3 support"
		sed -i -e 's:\(USE_LDAP?=\)false:\1true:g' Makefile.inc || die
		eend $?
	fi

	if use nat ; then
		ebegin "Enabling NAT-Traversal on Transport mode (insecure)"
		sed -i -e 's:\(USE_NAT_TRAVERSAL_TRANSPORT_MODE?=\)false:\1true:g' \
			Makefile.inc || die
		eend $?
	fi

	if use smartcard ; then
		ebegin "Smartcard support requested. Enabling opensc support"
		sed -i -e 's:\(USE_SMARTCARD?=\)false:\1true:g' Makefile.inc || die
		sed -i -e 's:\(PKCS11_DEFAULT_LIB=\\\"/usr/lib/pkcs11/opensc-pkcs11.so\\\"\):#\1:g' \
			Makefile.inc || die
		sed -i -e 's:#\(PKCS11_DEFAULT_LIB=\\\"/usr/lib/opensc-pkcs11.so\\\"\):\1:g' \
			Makefile.inc || die
		eend $?
	fi

	# patch broken check-rule
	sed -i -e 's#check:	uml#check:	programs checkprograms#' Makefile

}

src_compile() {
	emake \
		DESTDIR="${D}" \
		USERCOMPILE="${CFLAGS}" \
		FINALCONFDIR=/etc/ipsec \
		INC_RCDEFAULT=/etc/init.d \
		INC_USRLOCAL=/usr \
		INC_MANDIR=share/man \
		FINALEXAMPLECONFDIR=/usr/share/doc/${P} \
		FINALDOCDIR=/usr/share/doc/${P} \
		${MYMAKE} || die "make failed"
}

src_install() {
	# make install wants this directory
	dodir /etc/init.d

	emake \
		DESTDIR="${D}" \
		USERCOMPILE="${CFLAGS}" \
		FINALCONFDIR=/etc/ipsec \
		INC_RCDEFAULT=/etc/init.d \
		INC_USRLOCAL=/usr \
		INC_MANDIR=share/man \
		FINALEXAMPLECONFDIR=/usr/share/doc/${P} \
		FINALDOCDIR=/usr/share/doc/${P} \
		install || die "make install failed"

	dohtml doc/*html
	rm -f ${S}/doc/*.html
	dodoc CHANGES COPYING CREDITS INSTALL LICENSE README doc/*

	doinitd "${FILESDIR}"/ipsec

	fperms -R a-X /etc/ipsec /usr/share
	keepdir /var/run/pluto

	einfo "Configuration files are installed into /etc/ipsec/"
}

pkg_postinst() {
	if kernel_is 2 6; then
		CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
		WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
		WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
		WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
		check_extra_config
	fi
}