From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1S50Gj-0005Nx-CP for garchives@archives.gentoo.org; Tue, 06 Mar 2012 19:41:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 72C5EE0DD8; Tue, 6 Mar 2012 19:41:48 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2F284E0DD8 for ; Tue, 6 Mar 2012 19:41:48 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 67C1E1B400A for ; Tue, 6 Mar 2012 19:41:47 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 26051E5428 for ; Tue, 6 Mar 2012 19:41:46 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1331062897.8ab5b743fbec2a566e24e54753d64aa697d0ed7c.blueness@gentoo> Subject: [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/ X-VCS-Repository: dev/blueness X-VCS-Files: net-firewall/ipsec-tools/Manifest net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch net-firewall/ipsec-tools/files/ipsec.conf net-firewall/ipsec-tools/files/psk.txt net-firewall/ipsec-tools/files/racoon.conf net-firewall/ipsec-tools/files/racoon.conf.d net-firewall/ipsec-tools/files/racoon.init.d net-firewall/ipsec-tools/files/racoon.pam.d net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild net-firewall/ipsec-tools/metadata.xml X-VCS-Directories: net-firewall/ipsec-tools/ net-firewall/ipsec-tools/files/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 8ab5b743fbec2a566e24e54753d64aa697d0ed7c X-VCS-Branch: master Date: Tue, 6 Mar 2012 19:41:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 2838e3b7-af11-4c4a-9aa8-425587681f4a X-Archives-Hash: d97cb7ff51e9c9d1bb5b229a8bb16aa7 commit: 8ab5b743fbec2a566e24e54753d64aa697d0ed7c Author: Anthony G. Basile gentoo org> AuthorDate: Tue Mar 6 19:41:37 2012 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Mar 6 19:41:37 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Ddev/blueness.git;a= =3Dcommit;h=3D8ab5b743 net-firewall/ipsec-tools: added sample config files, bug #404321 --- net-firewall/ipsec-tools/Manifest | 12 + .../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 ++ .../files/ipsec-tools-duplicate-header.patch | 11 + .../files/ipsec-tools-include-vendoridh.patch | 11 + net-firewall/ipsec-tools/files/ipsec.conf | 26 ++ net-firewall/ipsec-tools/files/psk.txt | 10 + net-firewall/ipsec-tools/files/racoon.conf | 33 +++ net-firewall/ipsec-tools/files/racoon.conf.d | 19 ++ net-firewall/ipsec-tools/files/racoon.init.d | 58 +++++ net-firewall/ipsec-tools/files/racoon.pam.d | 4 + .../ipsec-tools/ipsec-tools-0.8.0-r3.ebuild | 251 ++++++++++++++= ++++++ net-firewall/ipsec-tools/metadata.xml | 14 + 12 files changed, 474 insertions(+), 0 deletions(-) diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools= /Manifest new file mode 100644 index 0000000..1fd674f --- /dev/null +++ b/net-firewall/ipsec-tools/Manifest @@ -0,0 +1,12 @@ +AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5= 787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7d= a892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 +AUX ipsec-tools-duplicate-header.patch 440 RMD160 0a9f53ad68232b38238844= 7c3c4aa7c81f5b6de1 SHA1 1d48f49fae5e7c5278d52a512e6b06998f24eacf SHA256 4= 7d31a605a48fc7168cd579f62217316a12b153177bc6b16618d46c38e6936d1 +AUX ipsec-tools-include-vendoridh.patch 434 RMD160 cf30a122392ba179a7c6b= 0cd65f4c21d68d16266 SHA1 a0de513e850618caa2b5917b5d5b838360eaa200 SHA256 = be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c +AUX ipsec.conf 1209 RMD160 38ed5ce1b0ca6ce48d92ba0ad13b14122bd3371c SHA1= 563926c8b14dc54cadebfcef108fe53abb189d4a SHA256 a9a6cbf1bd42aaefdb637814= bc6198079bab84e37888e1b705f938f590978816 +AUX psk.txt 293 RMD160 b626935831085771ee71486b9c5e24e606518dc8 SHA1 49e= 68d8cb0208ed55ebc76a12dec7180f43af431 SHA256 d34b142b4566712f87382caf0a64= bcc070bbde17f16e2ee49d5dde26cb1bbe08 +AUX racoon.conf 772 RMD160 4ad6f3f94dc587d9b4278e165e76b7eacb475b91 SHA1= e7a74b34181480764e36fc452a9e6a516c8c86b4 SHA256 e00cea25741fa16aa985d80c= e49f2a59af0c98a44707a047193e936644b497a3 +AUX racoon.conf.d 621 RMD160 773a21f70bd4786eb6758f052bb54cc40273c259 SH= A1 1291dbe1639cbb72a161e3af727c9c65c6ae0132 SHA256 bc7cf9c0fe8bd5f99c9353= aa3c19e3314b3da21a7a2138fc6e901375be21b109 +AUX racoon.init.d 1314 RMD160 14fd9ea02fdb20d13a0e3284e1f1e468117247f2 S= HA1 41cb71c0354d632ad35565dbf98a26364b592d56 SHA256 7c9447197032b30a2cb76= a62179a3b0ef3768870c340adf4743976e7d65eba75 +AUX racoon.pam.d 156 RMD160 c4f6ba6e3a705eef63e571189e28de71e7d61178 SHA= 1 1223f7a43a5e124521d48852b2d23bb8ba0a788f SHA256 166136e27d653e0bf481a6c= a79fecb7d9fa2fc3d597d041f97df595f65a8193c +DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e= 5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a2= 4aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 +EBUILD ipsec-tools-0.8.0-r3.ebuild 6434 RMD160 10903843463d3fa1f349c20d0= 715c0946635b6dd SHA1 1221812387be6f8b261c8d5c4dcecb977d0660e5 SHA256 cba8= 3aba0cd293c5c2c35d31d39c9f40e446d9957af9dea28ab44b04dd23df42 +MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SH= A1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c89964= 22e33462b5637f9720a5096025752b93906bcbdc40 diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/n= et-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch new file mode 100644 index 0000000..f351860 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch @@ -0,0 +1,25 @@ +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src= /racoon/oakley.c +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.00000000= 0 +0200 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 = +0200 +@@ -2498,8 +2498,21 @@ + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the pskey for %s.\n", + saddrwop2str(iph1->remote)); ++ } ++ } ++ if (iph1->authstr =3D=3D NULL) { ++ /* ++ * If we could not locate a psk above try and locate ++ * the default psk, ie, "*". ++ */ ++ iph1->authstr =3D privsep_getpsk("*", 1); ++ if (iph1->authstr =3D=3D NULL) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "couldn't find the the default pskey either.\n"); + goto end; + } ++ plog(LLV_NOTIFY, LOCATION, iph1->remote, ++ "Using default PSK.\n"); + } + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); + /* should be secret PSK */ diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.= patch b/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch new file mode 100644 index 0000000..6e84804 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch @@ -0,0 +1,11 @@ +--- src/racoon/Makefile.am ++++ src/racoon/Makefile.am +@@ -3,7 +3,7 @@ + sbin_PROGRAMS =3D racoon racoonctl plainrsa-gen + noinst_PROGRAMS =3D eaytest + include_racoon_HEADERS =3D racoonctl.h var.h vmbuf.h misc.h gcmalloc.h = admin.h \ +- schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h \ ++ schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \ + isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h + lib_LTLIBRARIES =3D libracoon.la +=20 diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh= .patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.pat= ch new file mode 100644 index 0000000..2e22c82 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch @@ -0,0 +1,11 @@ +diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.= 8.0/src/racoon/ipsec_doi.c +--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.0= 00000000 -0500 ++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.0000000= 00 -0500 +@@ -87,6 +87,7 @@ + #ifdef HAVE_GSSAPI + #include + #include "gssapi.h" ++#include "vendorid.h" + #ifdef HAVE_ICONV_2ND_CONST + #define __iconv_const const + #else diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ips= ec-tools/files/ipsec.conf new file mode 100644 index 0000000..bfff04a --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec.conf @@ -0,0 +1,26 @@ +#!/usr/sbin/setkey -f +# +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +flush; +spdflush; + +# +# Uncomment the following if you want to do manual keying, ie, you want = to run IPsec without racoon. +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd038= 74d9e8e4cdf3e6; +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7= b196ceabe0536b; +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12= f4a4487d5a5c3355920fae69a96c831; +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b= 03ea3843f2653255afe8eb5573965df; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//requir= e ah/transport//require; +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//requir= e ah/transport//require; +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require= ah/transport//require; +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require= ah/transport//require; diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-= tools/files/psk.txt new file mode 100644 index 0000000..97f5180 --- /dev/null +++ b/net-firewall/ipsec-tools/files/psk.txt @@ -0,0 +1,10 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +# Peer IP/FQDN Secret +# 192.168.3.25 sample +192.168.3.21 sample diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ip= sec-tools/files/racoon.conf new file mode 100644 index 0000000..2e9206d --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf @@ -0,0 +1,33 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +path pre_shared_key "/etc/racoon/psk.txt"; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#remote 192.168.3.25 +remote 192.168.3.21 +{ + exchange_mode main; + proposal { + encryption_algorithm 3des; + hash_algorithm md5; + authentication_method pre_shared_key; + dh_group modp1024; + } +} + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#sainfo address 192.168.3.21 any address 192.168.3.25 any +sainfo address 192.168.3.25 any address 192.168.3.21 any +{ + pfs_group modp768; + encryption_algorithm 3des; + authentication_algorithm hmac_md5; + compression_algorithm deflate; +} diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/= ipsec-tools/files/racoon.conf.d new file mode 100644 index 0000000..66f8ed7 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf.d @@ -0,0 +1,19 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon= .conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $ + +# Config file for /etc/init.d/racoon + +# See the manual pages for racoon or run `racoon --help` +# for valid command-line options + +RACOON_OPTS=3D"-4" + +RACOON_CONF=3D"/etc/racoon/racoon.conf" +RACOON_PSK_FILE=3D"/etc/racoon/psk.txt" +SETKEY_CONF=3D"/etc/ipsec.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES=3D"true" diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/= ipsec-tools/files/racoon.init.d new file mode 100644 index 0000000..16fdec7 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.init.d @@ -0,0 +1,58 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +start() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi + ebegin "Starting racoon" + start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_= OPTS} + eend $? +} + +stop() { + ebegin "Stopping racoon" + start-stop-daemon -K -p /var/run/racoon.pid + eend $? + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/i= psec-tools/files/racoon.pam.d new file mode 100644 index 0000000..b801aaa --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.pam.d @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild b/net-f= irewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild new file mode 100644 index 0000000..3298e02 --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild @@ -0,0 +1,251 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-= 0.8.0-r1.ebuild,v 1.3 2012/03/04 18:18:27 blueness Exp $ + +EAPI=3D"4" + +inherit eutils flag-o-matic autotools linux-info pam + +DESCRIPTION=3D"A port of KAME's IPsec utilities to the Linux-2.6 IPsec i= mplementation" +HOMEPAGE=3D"http://ipsec-tools.sourceforge.net/" +SRC_URI=3D"mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE=3D"BSD" +SLOT=3D"0" +KEYWORDS=3D"~amd64 ~x86" +IUSE=3D"rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid lda= p" + +RDEPEND=3D" + kerberos? ( virtual/krb5 ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-ipsec-tools + ) + readline? ( sys-libs/readline ) + pam? ( sys-libs/pam ) + ldap? ( net-nds/openldap ) + dev-libs/openssl + virtual/libiconv" +# iconv? ( virtual/libiconv ) +# radius? ( net-dialup/gnuradius ) + +DEPEND=3D"${RDEPEND} + >=3Dsys-kernel/linux-headers-2.6.30" + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\03= 3[1;33m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing=3D"1" + + # Check options for all flavors of IPSec + local msg=3D"" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg=3D"${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing=3D"0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing=3D"0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg=3D"" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg=3D"${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing=3D"0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg=3D"" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg=3D"${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing=3D"0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing=3D"0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing =3D=3D "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\03= 3[1;33m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\0= 33[1;31m" + eerror "Make sure that your *running* kernel is/will be >=3D2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\0= 33[1;31m" + eerror + fi +} + +src_prepare() { + # fix for bug #76741 + sed -i 's:#include ::' src/racoon/pfkey.c src/setkey/setk= ey.c || die + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + epatch "${FILESDIR}/${PN}-def-psk.patch" + epatch "${FILESDIR}/${PN}-include-vendoridh.patch" + + AT_M4DIR=3D"${S}" eautoreconf + epunt_cxx +} + +src_configure() { + # fix for bug #61025 + filter-flags -march=3Dc3 + + local myconf + myconf=3D"--with-kernel-headers=3D/usr/include \ + --enable-adminport \ + --enable-frag \ + --enable-dpd \ + --enable-dependency-tracking \ + $(use_enable rc5) \ + $(use_enable idea) \ + $(use_enable kerberos gssapi) \ + $(use_enable stats) \ + $(use_enable ipv6) \ + $(use_enable nat natt) \ + $(use_enable selinux security-context) \ + $(use_with readline) \ + $(use_with pam libpam) \ + $(use_with ldap libldap)" + + use nat && myconf=3D"${myconf} --enable-natt-versions=3Dyes" + + # enable mode-cfg and xauth support + if use pam; then + myconf=3D"${myconf} --enable-hybrid" + else + myconf=3D"${myconf} $(use_enable hybrid)" + fi + + # dev-libs/libiconv is hard masked + #use iconv && myconf=3D"${myconf} $(use_with iconv libiconv)" + + # the default (/usr/include/openssl/) is OK for Gentoo, leave it + # myconf=3D"${myconf} $(use_with ssl openssl )" + + # No way to get it compiling with freeradius or gnuradius + # We would need libradius which only exists on FreeBSD + + # See bug #77369 + #myconf=3D"${myconf} --enable-samode-unspec" + + econf ${myconf} +} + +src_install() { + emake DESTDIR=3D"${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d racoon + newinitd "${FILESDIR}"/racoon.init.d racoon + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=3D\"--enable-natt-versions=3D08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-t= ools/metadata.xml new file mode 100644 index 0000000..6e6434c --- /dev/null +++ b/net-firewall/ipsec-tools/metadata.xml @@ -0,0 +1,14 @@ + + + + + blueness@gentoo.org + + + Makes available both mode-cfg and xauth support<= /flag> + Enable support for the IDEA algorithm + Enable NAT-Traversal + Enable support for the patented RC5 algorithm + Enable statistics reporting + +