blob: 49ca0fbac07b40c8cc3a869e0418d7df997e58ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-2.8.4.ebuild,v 1.1 2007/05/31 11:56:03 pylon Exp $
inherit eutils linux-info
DESCRIPTION="IPsec-based VPN Solution for Linux"
HOMEPAGE="http://www.strongswan.org/"
SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES"
SLOT="0"
KEYWORDS="~amd64 ~ppc ~sparc ~x86"
IUSE="curl ldap nat smartcard"
COMMON_DEPEND="!net-misc/openswan
dev-libs/gmp"
DEPEND="${COMMON_DEPEND}
virtual/linux-sources
sys-kernel/linux-headers
curl? ( net-misc/curl )
ldap? ( net-nds/openldap )
smartcard? ( dev-libs/opensc )"
RDEPEND="${COMMON_DEPEND}
virtual/logger
sys-apps/iproute2"
pkg_setup() {
linux-info_pkg_setup
if kernel_is 2 6; then
einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
einfo "KLIPS will not be compiled/installed."
MYMAKE="programs"
elif kernel_is 2 4; then
if ! [ -d /usr/src/linux/net/ipsec ]; then
eerror "You need to have an IPsec enabled 2.4.x kernel."
eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
die
fi
einfo "Using patched-in IPsec code for kernel 2.4."
einfo "Your kernel only supports KLIPS for kernel level IPsec."
MYMAKE="confcheck programs"
else
eerror "Sorry, no support for your kernel version ${KV_FULL}."
die "Install an IPsec enabled 2.4 or 2.6 kernel."
fi
}
src_unpack() {
unpack ${A}
cd ${S}
epatch ${FILESDIR}/ipsec-path-${PV}.patch.bz2
if use curl ; then
ebegin "Curl support requested. Enabling curl support"
sed -i -e 's:\(USE_LIBCURL?=\)false:\1true:g' Makefile.inc || die
eend $?
fi
if use ldap ; then
ebegin "LDAP support requested. Enabling LDAPv3 support"
sed -i -e 's:\(USE_LDAP?=\)false:\1true:g' Makefile.inc || die
eend $?
fi
if use nat ; then
ebegin "Enabling NAT-Traversal on Transport mode (insecure)"
sed -i -e 's:\(USE_NAT_TRAVERSAL_TRANSPORT_MODE?=\)false:\1true:g' \
Makefile.inc || die
eend $?
fi
if use smartcard ; then
ebegin "Smartcard support requested. Enabling opensc support"
sed -i -e 's:\(USE_SMARTCARD?=\)false:\1true:g' Makefile.inc || die
sed -i -e 's:\(PKCS11_DEFAULT_LIB=\\\"/usr/lib/pkcs11/opensc-pkcs11.so\\\"\):#\1:g' \
Makefile.inc || die
sed -i -e 's:#\(PKCS11_DEFAULT_LIB=\\\"/usr/lib/opensc-pkcs11.so\\\"\):\1:g' \
Makefile.inc || die
eend $?
fi
# patch broken check-rule
sed -i -e 's#check: uml#check: programs checkprograms#' Makefile
}
src_compile() {
emake \
DESTDIR="${D}" \
USERCOMPILE="${CFLAGS}" \
FINALCONFDIR=/etc/ipsec \
INC_RCDEFAULT=/etc/init.d \
INC_USRLOCAL=/usr \
INC_MANDIR=share/man \
FINALEXAMPLECONFDIR=/usr/share/doc/${P} \
FINALDOCDIR=/usr/share/doc/${P} \
${MYMAKE} || die "make failed"
}
src_install() {
# make install wants this directory
dodir /etc/init.d
emake \
DESTDIR="${D}" \
USERCOMPILE="${CFLAGS}" \
FINALCONFDIR=/etc/ipsec \
INC_RCDEFAULT=/etc/init.d \
INC_USRLOCAL=/usr \
INC_MANDIR=share/man \
FINALEXAMPLECONFDIR=/usr/share/doc/${P} \
FINALDOCDIR=/usr/share/doc/${P} \
install || die "make install failed"
dohtml doc/*html
rm -f ${S}/doc/*.html
dodoc CHANGES COPYING CREDITS INSTALL LICENSE README doc/*
doinitd "${FILESDIR}"/ipsec
fperms -R a-X /etc/ipsec /usr/share
keepdir /var/run/pluto
einfo "Configuration files are installed into /etc/ipsec/"
}
pkg_postinst() {
if kernel_is 2 6; then
CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
check_extra_config
fi
}
|