* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-02-08 2:26 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-02-08 2:26 UTC (permalink / raw
To: gentoo-commits
commit: 384e14dafea620bbe4f61ea2effbe77b5130dccc
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 8 02:26:48 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Feb 8 02:26:48 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=384e14da
net-firewall/ipsec-tools: testing new ebuild, bug #365077
(Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with key 0xD0455535)
---
net-firewall/ipsec-tools/ChangeLog | 9 +
net-firewall/ipsec-tools/Manifest | 17 ++
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 +++
net-firewall/ipsec-tools/files/racoon.conf.d | 19 ++
net-firewall/ipsec-tools/files/racoon.init.d | 58 ++++++
net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild | 183 ++++++++++++++++++++
net-firewall/ipsec-tools/metadata.xml | 14 ++
7 files changed, 325 insertions(+), 0 deletions(-)
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
new file mode 100644
index 0000000..e01c2c3
--- /dev/null
+++ b/net-firewall/ipsec-tools/ChangeLog
@@ -0,0 +1,9 @@
+
+
+*ipsec-tools-0.8.0 (08 Feb 2012)
+
+ 08 Feb 2012; Anthony G. Basile <blueness@gentoo.org>
+ +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch,
+ +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml:
+ Testing new ebuild, bug #365077
+
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
new file mode 100644
index 0000000..01000bb
--- /dev/null
+++ b/net-firewall/ipsec-tools/Manifest
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656
+AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SHA1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f960260929d083c1f6ddfcf094b371bcc2155fb6735d289f
+AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 SHA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197f90eef7d98573280ebb445b0260d0442aec6f4d0937
+DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
+EBUILD ipsec-tools-0.8.0.ebuild 5092 RMD160 67bb3161ee0d396090981681e139637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275
+MISC ChangeLog 250 RMD160 503df09837a8c66d69d5dec9c025ab3bd913b347 SHA1 206dba63f2098d006c7e9580f7f1d45251d8bdd4 SHA256 03e6098bbb57bca95e0568e60ae23d8c1ce60fffd66808ea64bb469970a1d71b
+MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iEYEAREIAAYFAk8x3WgACgkQl5yvQNBFVTVwfgCfQErxJYtBH+nldzNQoLZGC8et
+gPMAnispXwXM6zgd5hYyQ8s9doQg0V3l
+=QB73
+-----END PGP SIGNATURE-----
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
new file mode 100644
index 0000000..f351860
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
@@ -0,0 +1,25 @@
+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
+@@ -2498,8 +2498,21 @@
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the pskey for %s.\n",
+ saddrwop2str(iph1->remote));
++ }
++ }
++ if (iph1->authstr == NULL) {
++ /*
++ * If we could not locate a psk above try and locate
++ * the default psk, ie, "*".
++ */
++ iph1->authstr = privsep_getpsk("*", 1);
++ if (iph1->authstr == NULL) {
++ plog(LLV_ERROR, LOCATION, iph1->remote,
++ "couldn't find the the default pskey either.\n");
+ goto end;
+ }
++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
++ "Using default PSK.\n");
+ }
+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
+ /* should be secret PSK */
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d
new file mode 100644
index 0000000..b2a1e72
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.conf.d
@@ -0,0 +1,19 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
+
+# Config file for /etc/init.d/racoon
+
+# See the manual pages for racoon or run `racoon --help`
+# for valid command-line options
+
+RACOON_OPTS="-4"
+
+RACOON_CONF="/etc/racoon/racoon.conf"
+RACOON_PSK_FILE="/etc/racoon/psk.txt"
+SETKEY_CONF="/etc/ipsec.conf"
+
+# Comment or remove the following if you don't want the policy tables
+# to be flushed when racoon is stopped.
+
+RACOON_RESET_TABLES="true"
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
new file mode 100644
index 0000000..18703fc
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.init.d
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ before netmount
+ use net
+}
+
+checkconfig() {
+ if [ ! -e ${SETKEY_CONF} ] ; then
+ eerror "You need to configure setkey before starting racoon."
+ return 1
+ fi
+ if [ ! -e ${RACOON_CONF} ] ; then
+ eerror "You need a configuration file to start racoon."
+ return 1
+ fi
+ if [ ! -z ${RACOON_PSK_FILE} ] ; then
+ if [ ! -f ${RACOON_PSK_FILE} ] ; then
+ eerror "PSK file not found as specified."
+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
+ return 1
+ fi
+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in
+ -r--------*)
+ ;;
+ *)
+ eerror "Your defined PSK file should be mode 400 for security!"
+ return 1
+ ;;
+ esac
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ einfo "Loading ipsec policies from ${SETKEY_CONF}."
+ /usr/sbin/setkey -f ${SETKEY_CONF}
+ if [ $? -eq 1 ] ; then
+ eerror "Error while loading ipsec policies"
+ fi
+ ebegin "Starting racoon"
+ start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping racoon"
+ start-stop-daemon -K -p /var/run/racoon.pid
+ eend $?
+ if [ -n "${RACOON_RESET_TABLES}" ]; then
+ ebegin "Flushing policy entries"
+ /usr/sbin/setkey -F
+ /usr/sbin/setkey -FP
+ eend $?
+ fi
+}
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild
new file mode 100644
index 0000000..1efbf7a
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic autotools linux-info
+
+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
+
+RDEPEND="
+ kerberos? ( virtual/krb5 )
+ selinux? (
+ sys-libs/libselinux
+ sec-policy/selinux-ipsec-tools
+ )
+ readline? ( sys-libs/readline )
+ pam? ( sys-libs/pam )
+ ldap? ( net-nds/openldap )
+ dev-libs/openssl
+ virtual/libiconv"
+# iconv? ( virtual/libiconv )
+# radius? ( net-dialup/gnuradius )
+
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.30"
+
+pkg_setup() {
+ get_version
+ if kernel_is -ge 2 6 19 ; then
+ einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
+
+ if use nat; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
+ export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
+ fi
+
+ for i in XFRM_USER NET_KEY; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='No tunnels will be available at all'"
+ done
+
+ for i in INET_IPCOMP INET_AH INET_ESP \
+ INET_XFRM_MODE_TRANSPORT \
+ INET_XFRM_MODE_TUNNEL \
+ INET_XFRM_MODE_BEET ; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='IPv4 tunnels will not be available'"
+ done
+
+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
+ INET6_XFRM_MODE_TRANSPORT \
+ INET6_XFRM_MODE_TUNNEL \
+ INET6_XFRM_MODE_BEET ; do
+ CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
+ eval "export WARNING_${i}='IPv6 tunnels will not be available'"
+ done
+
+ CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
+ export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
+ export CONFIG_CHECK
+
+ check_extra_config
+ else
+ eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
+ eerror "Building now, assuming that you will run on a different kernel"
+ fi
+}
+
+src_prepare() {
+ # fix for bug #76741
+ sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
+ # fix for bug #124813
+ sed -i 's:-Werror::g' "${S}"/configure.ac || die
+ # fix for building with gcc-4.6
+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
+
+ epatch "${FILESDIR}/ipsec-tools-def-psk.patch"
+
+ AT_M4DIR="${S}" eautoreconf
+ epunt_cxx
+}
+
+src_configure() {
+ # fix for bug #61025
+ filter-flags -march=c3
+
+ local myconf
+ myconf="--with-kernel-headers=/usr/include \
+ --enable-adminport \
+ --enable-frag \
+ --enable-dpd \
+ --enable-dependency-tracking \
+ $(use_enable rc5) \
+ $(use_enable idea) \
+ $(use_enable kerberos gssapi) \
+ $(use_enable stats) \
+ $(use_enable ipv6) \
+ $(use_enable nat natt) \
+ $(use_enable selinux security-context) \
+ $(use_with readline) \
+ $(use_with pam libpam) \
+ $(use_with ldap libldap)"
+
+ use nat && myconf="${myconf} --enable-natt-versions=yes"
+
+ # enable mode-cfg and xauth support
+ if use pam; then
+ myconf="${myconf} --enable-hybrid"
+ else
+ myconf="${myconf} $(use_enable hybrid)"
+ fi
+
+ # dev-libs/libiconv is hard masked
+ #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
+
+ # the default (/usr/include/openssl/) is OK for Gentoo, leave it
+ # myconf="${myconf} $(use_with ssl openssl )"
+
+ # No way to get it compiling with freeradius or gnuradius
+ # We would need libradius which only exists on FreeBSD
+
+ # See bug #77369
+ #myconf="${myconf} --enable-samode-unspec"
+
+ econf ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ keepdir /var/lib/racoon
+ newconfd "${FILESDIR}"/racoon.conf.d racoon
+ newinitd "${FILESDIR}"/racoon.init.d racoon
+
+ dodoc ChangeLog README NEWS
+ dodoc -r src/racoon/samples
+ dodoc -r src/racoon/doc
+
+ docinto setkey
+ dodoc src/setkey/sample.cf
+
+ dodir /etc/racoon
+
+ # RFC are only available from CVS for the moment, see einfo below
+ #docinto "rfc"
+ #dodoc ${S}/src/racoon/rfc/*
+}
+
+pkg_postinst() {
+ if use nat; then
+ elog
+ elog "You have enabled the nat traversal functionnality."
+ elog "Nat versions wich are enabled by default are 00,02,rfc"
+ elog "you can find those drafts in the CVS repository:"
+ elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
+ elog
+ elog "If you feel brave enough and you know what you are"
+ elog "doing, you can consider emerging this ebuild with"
+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
+ elog
+ fi
+
+ if use ldap; then
+ elog
+ elog "You have enabled ldap support with {$PN}."
+ elog "The man page does NOT contain any information on it yet."
+ elog "Consider using a more recent version or CVS."
+ elog
+ fi
+
+ elog
+ elog "Please have a look in /usr/share/doc/${P} and visit"
+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
+ elog "to find more information on how to configure this tool."
+ elog
+}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
new file mode 100644
index 0000000..6e6434c
--- /dev/null
+++ b/net-firewall/ipsec-tools/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>blueness@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
+ <flag name='idea'>Enable support for the IDEA algorithm</flag>
+ <flag name='nat'>Enable NAT-Traversal</flag>
+ <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
+ <flag name='stats'>Enable statistics reporting</flag>
+ </use>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-02-28 23:54 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-02-28 23:54 UTC (permalink / raw
To: gentoo-commits
commit: 72d807efbd47b8702e189daf20066dcbe44e60eb
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 28 23:53:08 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Feb 28 23:53:08 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=72d807ef
net-firewall/ipsec-tools: moved to tree
(Portage version: 2.1.10.44/git/Linux x86_64, unsigned Manifest commit)
---
net-firewall/ipsec-tools/ChangeLog | 19 --
net-firewall/ipsec-tools/Manifest | 17 --
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 ---
net-firewall/ipsec-tools/files/racoon.conf.d | 19 --
net-firewall/ipsec-tools/files/racoon.init.d | 58 ------
.../ipsec-tools/ipsec-tools-0.8.0-r1.ebuild | 183 --------------------
net-firewall/ipsec-tools/metadata.xml | 14 --
7 files changed, 0 insertions(+), 335 deletions(-)
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
deleted file mode 100644
index bec817d..0000000
--- a/net-firewall/ipsec-tools/ChangeLog
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
- 09 Feb 2012; Anthony G. Basile <blueness@gentoo.org>
- -ipsec-tools-0.8.0.ebuild:
- moved ipsec-tools-0.8.0 to the tree
-
-*ipsec-tools-0.8.0-r1 (09 Feb 2012)
-
- 09 Feb 2012; Anthony G. Basile <blueness@gentoo.org>
- ipsec-tools-0.8.0.ebuild, +ipsec-tools-0.8.0-r1.ebuild:
- Isolated patch from comment #1 bug #365077
-
-*ipsec-tools-0.8.0 (08 Feb 2012)
-
- 08 Feb 2012; Anthony G. Basile <blueness@gentoo.org>
- +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch,
- +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml:
- Testing new ebuild, bug #365077
-
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
deleted file mode 100644
index 0a73caf..0000000
--- a/net-firewall/ipsec-tools/Manifest
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656
-AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SHA1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f960260929d083c1f6ddfcf094b371bcc2155fb6735d289f
-AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 SHA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197f90eef7d98573280ebb445b0260d0442aec6f4d0937
-DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
-EBUILD ipsec-tools-0.8.0-r1.ebuild 5092 RMD160 67bb3161ee0d396090981681e139637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275
-MISC ChangeLog 569 RMD160 88458dbe0ab99dbc74077252487226e828acab38 SHA1 c65312e9dedf12df9473c2746e008edd7adda8f5 SHA256 45b9e894be9222ca5883c510742d148982a5657e659ba7b2d71ad17831b7a0ad
-MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iEYEAREIAAYFAk80MWIACgkQl5yvQNBFVTUoDwCdGBlM4TaBqwv6+L0pMsY2Ktzh
-PXYAnje/ffA/oDT6HiGSYscJOx3GcqGM
-=U53p
------END PGP SIGNATURE-----
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
deleted file mode 100644
index f351860..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
---- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
-+++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
-@@ -2498,8 +2498,21 @@
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "couldn't find the pskey for %s.\n",
- saddrwop2str(iph1->remote));
-+ }
-+ }
-+ if (iph1->authstr == NULL) {
-+ /*
-+ * If we could not locate a psk above try and locate
-+ * the default psk, ie, "*".
-+ */
-+ iph1->authstr = privsep_getpsk("*", 1);
-+ if (iph1->authstr == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph1->remote,
-+ "couldn't find the the default pskey either.\n");
- goto end;
- }
-+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
-+ "Using default PSK.\n");
- }
- plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
- /* should be secret PSK */
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d
deleted file mode 100644
index b2a1e72..0000000
--- a/net-firewall/ipsec-tools/files/racoon.conf.d
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
-
-# Config file for /etc/init.d/racoon
-
-# See the manual pages for racoon or run `racoon --help`
-# for valid command-line options
-
-RACOON_OPTS="-4"
-
-RACOON_CONF="/etc/racoon/racoon.conf"
-RACOON_PSK_FILE="/etc/racoon/psk.txt"
-SETKEY_CONF="/etc/ipsec.conf"
-
-# Comment or remove the following if you don't want the policy tables
-# to be flushed when racoon is stopped.
-
-RACOON_RESET_TABLES="true"
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
deleted file mode 100644
index 18703fc..0000000
--- a/net-firewall/ipsec-tools/files/racoon.init.d
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- before netmount
- use net
-}
-
-checkconfig() {
- if [ ! -e ${SETKEY_CONF} ] ; then
- eerror "You need to configure setkey before starting racoon."
- return 1
- fi
- if [ ! -e ${RACOON_CONF} ] ; then
- eerror "You need a configuration file to start racoon."
- return 1
- fi
- if [ ! -z ${RACOON_PSK_FILE} ] ; then
- if [ ! -f ${RACOON_PSK_FILE} ] ; then
- eerror "PSK file not found as specified."
- eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
- return 1
- fi
- case "`ls -Lldn ${RACOON_PSK_FILE}`" in
- -r--------*)
- ;;
- *)
- eerror "Your defined PSK file should be mode 400 for security!"
- return 1
- ;;
- esac
- fi
-}
-
-start() {
- checkconfig || return 1
- einfo "Loading ipsec policies from ${SETKEY_CONF}."
- /usr/sbin/setkey -f ${SETKEY_CONF}
- if [ $? -eq 1 ] ; then
- eerror "Error while loading ipsec policies"
- fi
- ebegin "Starting racoon"
- start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping racoon"
- start-stop-daemon -K -p /var/run/racoon.pid
- eend $?
- if [ -n "${RACOON_RESET_TABLES}" ]; then
- ebegin "Flushing policy entries"
- /usr/sbin/setkey -F
- /usr/sbin/setkey -FP
- eend $?
- fi
-}
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
deleted file mode 100644
index 1efbf7a..0000000
--- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
+++ /dev/null
@@ -1,183 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $
-
-EAPI="4"
-
-inherit eutils flag-o-matic autotools linux-info
-
-DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
-HOMEPAGE="http://ipsec-tools.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
-
-RDEPEND="
- kerberos? ( virtual/krb5 )
- selinux? (
- sys-libs/libselinux
- sec-policy/selinux-ipsec-tools
- )
- readline? ( sys-libs/readline )
- pam? ( sys-libs/pam )
- ldap? ( net-nds/openldap )
- dev-libs/openssl
- virtual/libiconv"
-# iconv? ( virtual/libiconv )
-# radius? ( net-dialup/gnuradius )
-
-DEPEND="${RDEPEND}
- >=sys-kernel/linux-headers-2.6.30"
-
-pkg_setup() {
- get_version
- if kernel_is -ge 2 6 19 ; then
- einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
-
- if use nat; then
- CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
- export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
- fi
-
- for i in XFRM_USER NET_KEY; do
- CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
- eval "export WARNING_${i}='No tunnels will be available at all'"
- done
-
- for i in INET_IPCOMP INET_AH INET_ESP \
- INET_XFRM_MODE_TRANSPORT \
- INET_XFRM_MODE_TUNNEL \
- INET_XFRM_MODE_BEET ; do
- CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
- eval "export WARNING_${i}='IPv4 tunnels will not be available'"
- done
-
- for i in INET6_IPCOMP INET6_AH INET6_ESP \
- INET6_XFRM_MODE_TRANSPORT \
- INET6_XFRM_MODE_TUNNEL \
- INET6_XFRM_MODE_BEET ; do
- CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
- eval "export WARNING_${i}='IPv6 tunnels will not be available'"
- done
-
- CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
- export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
- export CONFIG_CHECK
-
- check_extra_config
- else
- eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
- eerror "Building now, assuming that you will run on a different kernel"
- fi
-}
-
-src_prepare() {
- # fix for bug #76741
- sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
- # fix for bug #124813
- sed -i 's:-Werror::g' "${S}"/configure.ac || die
- # fix for building with gcc-4.6
- sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
-
- epatch "${FILESDIR}/ipsec-tools-def-psk.patch"
-
- AT_M4DIR="${S}" eautoreconf
- epunt_cxx
-}
-
-src_configure() {
- # fix for bug #61025
- filter-flags -march=c3
-
- local myconf
- myconf="--with-kernel-headers=/usr/include \
- --enable-adminport \
- --enable-frag \
- --enable-dpd \
- --enable-dependency-tracking \
- $(use_enable rc5) \
- $(use_enable idea) \
- $(use_enable kerberos gssapi) \
- $(use_enable stats) \
- $(use_enable ipv6) \
- $(use_enable nat natt) \
- $(use_enable selinux security-context) \
- $(use_with readline) \
- $(use_with pam libpam) \
- $(use_with ldap libldap)"
-
- use nat && myconf="${myconf} --enable-natt-versions=yes"
-
- # enable mode-cfg and xauth support
- if use pam; then
- myconf="${myconf} --enable-hybrid"
- else
- myconf="${myconf} $(use_enable hybrid)"
- fi
-
- # dev-libs/libiconv is hard masked
- #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
-
- # the default (/usr/include/openssl/) is OK for Gentoo, leave it
- # myconf="${myconf} $(use_with ssl openssl )"
-
- # No way to get it compiling with freeradius or gnuradius
- # We would need libradius which only exists on FreeBSD
-
- # See bug #77369
- #myconf="${myconf} --enable-samode-unspec"
-
- econf ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- keepdir /var/lib/racoon
- newconfd "${FILESDIR}"/racoon.conf.d racoon
- newinitd "${FILESDIR}"/racoon.init.d racoon
-
- dodoc ChangeLog README NEWS
- dodoc -r src/racoon/samples
- dodoc -r src/racoon/doc
-
- docinto setkey
- dodoc src/setkey/sample.cf
-
- dodir /etc/racoon
-
- # RFC are only available from CVS for the moment, see einfo below
- #docinto "rfc"
- #dodoc ${S}/src/racoon/rfc/*
-}
-
-pkg_postinst() {
- if use nat; then
- elog
- elog "You have enabled the nat traversal functionnality."
- elog "Nat versions wich are enabled by default are 00,02,rfc"
- elog "you can find those drafts in the CVS repository:"
- elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
- elog
- elog "If you feel brave enough and you know what you are"
- elog "doing, you can consider emerging this ebuild with"
- elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
- elog
- fi
-
- if use ldap; then
- elog
- elog "You have enabled ldap support with {$PN}."
- elog "The man page does NOT contain any information on it yet."
- elog "Consider using a more recent version or CVS."
- elog
- fi
-
- elog
- elog "Please have a look in /usr/share/doc/${P} and visit"
- elog "http://www.netbsd.org/Documentation/network/ipsec/"
- elog "to find more information on how to configure this tool."
- elog
-}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
deleted file mode 100644
index 6e6434c..0000000
--- a/net-firewall/ipsec-tools/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer>
- <email>blueness@gentoo.org</email>
- </maintainer>
- <use>
- <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
- <flag name='idea'>Enable support for the IDEA algorithm</flag>
- <flag name='nat'>Enable NAT-Traversal</flag>
- <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
- <flag name='stats'>Enable statistics reporting</flag>
- </use>
-</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-03-06 19:41 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-03-06 19:41 UTC (permalink / raw
To: gentoo-commits
commit: 8ab5b743fbec2a566e24e54753d64aa697d0ed7c
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 6 19:41:37 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Mar 6 19:41:37 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=8ab5b743
net-firewall/ipsec-tools: added sample config files, bug #404321
---
net-firewall/ipsec-tools/Manifest | 12 +
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 ++
| 11 +
.../files/ipsec-tools-include-vendoridh.patch | 11 +
net-firewall/ipsec-tools/files/ipsec.conf | 26 ++
net-firewall/ipsec-tools/files/psk.txt | 10 +
net-firewall/ipsec-tools/files/racoon.conf | 33 +++
net-firewall/ipsec-tools/files/racoon.conf.d | 19 ++
net-firewall/ipsec-tools/files/racoon.init.d | 58 +++++
net-firewall/ipsec-tools/files/racoon.pam.d | 4 +
.../ipsec-tools/ipsec-tools-0.8.0-r3.ebuild | 251 ++++++++++++++++++++
net-firewall/ipsec-tools/metadata.xml | 14 +
12 files changed, 474 insertions(+), 0 deletions(-)
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
new file mode 100644
index 0000000..1fd674f
--- /dev/null
+++ b/net-firewall/ipsec-tools/Manifest
@@ -0,0 +1,12 @@
+AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656
+AUX ipsec-tools-duplicate-header.patch 440 RMD160 0a9f53ad68232b382388447c3c4aa7c81f5b6de1 SHA1 1d48f49fae5e7c5278d52a512e6b06998f24eacf SHA256 47d31a605a48fc7168cd579f62217316a12b153177bc6b16618d46c38e6936d1
+AUX ipsec-tools-include-vendoridh.patch 434 RMD160 cf30a122392ba179a7c6b0cd65f4c21d68d16266 SHA1 a0de513e850618caa2b5917b5d5b838360eaa200 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c
+AUX ipsec.conf 1209 RMD160 38ed5ce1b0ca6ce48d92ba0ad13b14122bd3371c SHA1 563926c8b14dc54cadebfcef108fe53abb189d4a SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816
+AUX psk.txt 293 RMD160 b626935831085771ee71486b9c5e24e606518dc8 SHA1 49e68d8cb0208ed55ebc76a12dec7180f43af431 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08
+AUX racoon.conf 772 RMD160 4ad6f3f94dc587d9b4278e165e76b7eacb475b91 SHA1 e7a74b34181480764e36fc452a9e6a516c8c86b4 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3
+AUX racoon.conf.d 621 RMD160 773a21f70bd4786eb6758f052bb54cc40273c259 SHA1 1291dbe1639cbb72a161e3af727c9c65c6ae0132 SHA256 bc7cf9c0fe8bd5f99c9353aa3c19e3314b3da21a7a2138fc6e901375be21b109
+AUX racoon.init.d 1314 RMD160 14fd9ea02fdb20d13a0e3284e1f1e468117247f2 SHA1 41cb71c0354d632ad35565dbf98a26364b592d56 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75
+AUX racoon.pam.d 156 RMD160 c4f6ba6e3a705eef63e571189e28de71e7d61178 SHA1 1223f7a43a5e124521d48852b2d23bb8ba0a788f SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c
+DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
+EBUILD ipsec-tools-0.8.0-r3.ebuild 6434 RMD160 10903843463d3fa1f349c20d0715c0946635b6dd SHA1 1221812387be6f8b261c8d5c4dcecb977d0660e5 SHA256 cba83aba0cd293c5c2c35d31d39c9f40e446d9957af9dea28ab44b04dd23df42
+MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
new file mode 100644
index 0000000..f351860
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
@@ -0,0 +1,25 @@
+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
+@@ -2498,8 +2498,21 @@
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the pskey for %s.\n",
+ saddrwop2str(iph1->remote));
++ }
++ }
++ if (iph1->authstr == NULL) {
++ /*
++ * If we could not locate a psk above try and locate
++ * the default psk, ie, "*".
++ */
++ iph1->authstr = privsep_getpsk("*", 1);
++ if (iph1->authstr == NULL) {
++ plog(LLV_ERROR, LOCATION, iph1->remote,
++ "couldn't find the the default pskey either.\n");
+ goto end;
+ }
++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
++ "Using default PSK.\n");
+ }
+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
+ /* should be secret PSK */
--git a/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch b/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch
new file mode 100644
index 0000000..6e84804
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch
@@ -0,0 +1,11 @@
+--- src/racoon/Makefile.am
++++ src/racoon/Makefile.am
+@@ -3,7 +3,7 @@
+ sbin_PROGRAMS = racoon racoonctl plainrsa-gen
+ noinst_PROGRAMS = eaytest
+ include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
+- schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h \
++ schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
+ lib_LTLIBRARIES = libracoon.la
+
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
new file mode 100644
index 0000000..2e22c82
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
@@ -0,0 +1,11 @@
+diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
+--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
+@@ -87,6 +87,7 @@
+ #ifdef HAVE_GSSAPI
+ #include <iconv.h>
+ #include "gssapi.h"
++#include "vendorid.h"
+ #ifdef HAVE_ICONV_2ND_CONST
+ #define __iconv_const const
+ #else
diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec.conf
new file mode 100644
index 0000000..bfff04a
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec.conf
@@ -0,0 +1,26 @@
+#!/usr/sbin/setkey -f
+#
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+flush;
+spdflush;
+
+#
+# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
+# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
+#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
+#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
+#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
+#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
+spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
+spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt
new file mode 100644
index 0000000..97f5180
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/psk.txt
@@ -0,0 +1,10 @@
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+# Peer IP/FQDN Secret
+# 192.168.3.25 sample
+192.168.3.21 sample
diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf
new file mode 100644
index 0000000..2e9206d
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.conf
@@ -0,0 +1,33 @@
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+path pre_shared_key "/etc/racoon/psk.txt";
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#remote 192.168.3.25
+remote 192.168.3.21
+{
+ exchange_mode main;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm md5;
+ authentication_method pre_shared_key;
+ dh_group modp1024;
+ }
+}
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#sainfo address 192.168.3.21 any address 192.168.3.25 any
+sainfo address 192.168.3.25 any address 192.168.3.21 any
+{
+ pfs_group modp768;
+ encryption_algorithm 3des;
+ authentication_algorithm hmac_md5;
+ compression_algorithm deflate;
+}
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d
new file mode 100644
index 0000000..66f8ed7
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.conf.d
@@ -0,0 +1,19 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
+
+# Config file for /etc/init.d/racoon
+
+# See the manual pages for racoon or run `racoon --help`
+# for valid command-line options
+
+RACOON_OPTS="-4"
+
+RACOON_CONF="/etc/racoon/racoon.conf"
+RACOON_PSK_FILE="/etc/racoon/psk.txt"
+SETKEY_CONF="/etc/ipsec.conf"
+
+# Comment or remove the following if you don't want the policy tables
+# to be flushed when racoon is stopped.
+
+RACOON_RESET_TABLES="true"
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
new file mode 100644
index 0000000..16fdec7
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.init.d
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ before netmount
+ use net
+}
+
+checkconfig() {
+ if [ ! -e ${SETKEY_CONF} ] ; then
+ eerror "You need to configure setkey before starting racoon."
+ return 1
+ fi
+ if [ ! -e ${RACOON_CONF} ] ; then
+ eerror "You need a configuration file to start racoon."
+ return 1
+ fi
+ if [ ! -z ${RACOON_PSK_FILE} ] ; then
+ if [ ! -f ${RACOON_PSK_FILE} ] ; then
+ eerror "PSK file not found as specified."
+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
+ return 1
+ fi
+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in
+ -r--------*)
+ ;;
+ *)
+ eerror "Your defined PSK file should be mode 400 for security!"
+ return 1
+ ;;
+ esac
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ einfo "Loading ipsec policies from ${SETKEY_CONF}."
+ /usr/sbin/setkey -f ${SETKEY_CONF}
+ if [ $? -eq 1 ] ; then
+ eerror "Error while loading ipsec policies"
+ fi
+ ebegin "Starting racoon"
+ start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping racoon"
+ start-stop-daemon -K -p /var/run/racoon.pid
+ eend $?
+ if [ -n "${RACOON_RESET_TABLES}" ]; then
+ ebegin "Flushing policy entries"
+ /usr/sbin/setkey -F
+ /usr/sbin/setkey -FP
+ eend $?
+ fi
+}
diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d
new file mode 100644
index 0000000..b801aaa
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.pam.d
@@ -0,0 +1,4 @@
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild
new file mode 100644
index 0000000..3298e02
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild
@@ -0,0 +1,251 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild,v 1.3 2012/03/04 18:18:27 blueness Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic autotools linux-info pam
+
+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"
+
+RDEPEND="
+ kerberos? ( virtual/krb5 )
+ selinux? (
+ sys-libs/libselinux
+ sec-policy/selinux-ipsec-tools
+ )
+ readline? ( sys-libs/readline )
+ pam? ( sys-libs/pam )
+ ldap? ( net-nds/openldap )
+ dev-libs/openssl
+ virtual/libiconv"
+# iconv? ( virtual/libiconv )
+# radius? ( net-dialup/gnuradius )
+
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.30"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ get_version
+
+ if linux_config_exists && kernel_is -ge 2 6 19; then
+ ewarn
+ ewarn "\033[1;33m**************************************************\033[1;33m"
+ ewarn
+ ewarn "Checking kernel configuration in /usr/src/linux or"
+ ewarn "or /proc/config.gz for compatibility with ${PN}."
+ ewarn "Here are the potential problems:"
+ ewarn
+
+ local nothing="1"
+
+ # Check options for all flavors of IPSec
+ local msg=""
+ for i in XFRM_USER NET_KEY; do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "ALL IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+
+ # Check unencrypted IPSec
+ if ! linux_chkconfig_present CRYPTO_NULL; then
+ nothing="0"
+ ewarn
+ ewarn "Unencrypted IPSec may fail. CHECK:"
+ ewarn " CRYPTO_NULL"
+ fi
+
+ # Check IPv4 IPSec
+ msg=""
+ for i in \
+ INET_IPCOMP INET_AH INET_ESP \
+ INET_XFRM_MODE_TRANSPORT \
+ INET_XFRM_MODE_TUNNEL \
+ INET_XFRM_MODE_BEET
+ do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "IPv4 IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+
+ # Check IPv6 IPSec
+ if use ipv6; then
+ msg=""
+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
+ INET6_XFRM_MODE_TRANSPORT \
+ INET6_XFRM_MODE_TUNNEL \
+ INET6_XFRM_MODE_BEET
+ do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "IPv6 IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+ fi
+
+ # Check IPSec behind NAT
+ if use nat; then
+ if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
+ nothing="0"
+ ewarn
+ ewarn "IPSec behind NAT may fail. CHECK:"
+ ewarn " NETFILTER_XT_MATCH_POLICY"
+ fi
+ fi
+
+ if [[ $nothing == "1" ]]; then
+ ewarn "NO PROBLEMS FOUND"
+ fi
+
+ ewarn
+ ewarn "WARNING: If your *configured* and *running* kernel"
+ ewarn "differ either now or in the future, then these checks"
+ ewarn "may lead to misleading results."
+ ewarn
+ ewarn "\033[1;33m**************************************************\033[1;33m"
+ ewarn
+ else
+ eerror
+ eerror "\033[1;31m**************************************************\033[1;31m"
+ eerror "Make sure that your *running* kernel is/will be >=2.6.19."
+ eerror "Building ${PN} now, assuming that you know what you're doing."
+ eerror "\033[1;31m**************************************************\033[1;31m"
+ eerror
+ fi
+}
+
+src_prepare() {
+ # fix for bug #76741
+ sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
+ # fix for bug #124813
+ sed -i 's:-Werror::g' "${S}"/configure.ac || die
+ # fix for building with gcc-4.6
+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
+
+ epatch "${FILESDIR}/${PN}-def-psk.patch"
+ epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
+
+ AT_M4DIR="${S}" eautoreconf
+ epunt_cxx
+}
+
+src_configure() {
+ # fix for bug #61025
+ filter-flags -march=c3
+
+ local myconf
+ myconf="--with-kernel-headers=/usr/include \
+ --enable-adminport \
+ --enable-frag \
+ --enable-dpd \
+ --enable-dependency-tracking \
+ $(use_enable rc5) \
+ $(use_enable idea) \
+ $(use_enable kerberos gssapi) \
+ $(use_enable stats) \
+ $(use_enable ipv6) \
+ $(use_enable nat natt) \
+ $(use_enable selinux security-context) \
+ $(use_with readline) \
+ $(use_with pam libpam) \
+ $(use_with ldap libldap)"
+
+ use nat && myconf="${myconf} --enable-natt-versions=yes"
+
+ # enable mode-cfg and xauth support
+ if use pam; then
+ myconf="${myconf} --enable-hybrid"
+ else
+ myconf="${myconf} $(use_enable hybrid)"
+ fi
+
+ # dev-libs/libiconv is hard masked
+ #use iconv && myconf="${myconf} $(use_with iconv libiconv)"
+
+ # the default (/usr/include/openssl/) is OK for Gentoo, leave it
+ # myconf="${myconf} $(use_with ssl openssl )"
+
+ # No way to get it compiling with freeradius or gnuradius
+ # We would need libradius which only exists on FreeBSD
+
+ # See bug #77369
+ #myconf="${myconf} --enable-samode-unspec"
+
+ econf ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ keepdir /var/lib/racoon
+ newconfd "${FILESDIR}"/racoon.conf.d racoon
+ newinitd "${FILESDIR}"/racoon.init.d racoon
+ use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
+
+ insinto /etc
+ doins "${FILESDIR}"/ipsec.conf
+ insinto /etc/racoon
+ doins "${FILESDIR}"/racoon.conf
+ doins "${FILESDIR}"/psk.txt
+ chmod 400 "${D}"/etc/racoon/psk.txt
+
+ dodoc ChangeLog README NEWS
+ dodoc -r src/racoon/samples
+ dodoc -r src/racoon/doc
+ docinto samples
+ newdoc src/setkey/sample.cf ipsec.conf
+}
+
+pkg_postinst() {
+ if use nat; then
+ elog
+ elog "You have enabled the nat traversal functionnality."
+ elog "Nat versions wich are enabled by default are 00,02,rfc"
+ elog "you can find those drafts in the CVS repository:"
+ elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
+ elog
+ elog "If you feel brave enough and you know what you are"
+ elog "doing, you can consider emerging this ebuild with"
+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
+ elog
+ fi
+
+ if use ldap; then
+ elog
+ elog "You have enabled ldap support with {$PN}."
+ elog "The man page does NOT contain any information on it yet."
+ elog "Consider using a more recent version or CVS."
+ elog
+ fi
+
+ elog
+ elog "Please have a look in /usr/share/doc/${P} and visit"
+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
+ elog "to find more information on how to configure this tool."
+ elog
+}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
new file mode 100644
index 0000000..6e6434c
--- /dev/null
+++ b/net-firewall/ipsec-tools/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>blueness@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
+ <flag name='idea'>Enable support for the IDEA algorithm</flag>
+ <flag name='nat'>Enable NAT-Traversal</flag>
+ <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
+ <flag name='stats'>Enable statistics reporting</flag>
+ </use>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-03-08 12:16 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-03-08 12:16 UTC (permalink / raw
To: gentoo-commits
commit: 4295058db762d88679ee38d7929e9981592619e8
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 8 12:16:23 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Mar 8 12:16:23 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=4295058d
net-firewall/ipsec-tools: moved to tree
(Portage version: 2.1.10.44/git/Linux x86_64, unsigned Manifest commit)
---
net-firewall/ipsec-tools/Manifest | 22 --
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 --
| 11 -
.../files/ipsec-tools-include-vendoridh.patch | 11 -
net-firewall/ipsec-tools/files/ipsec.conf | 26 --
net-firewall/ipsec-tools/files/psk.txt | 10 -
net-firewall/ipsec-tools/files/racoon.conf | 33 ---
net-firewall/ipsec-tools/files/racoon.conf.d | 17 --
net-firewall/ipsec-tools/files/racoon.init.d | 58 -----
net-firewall/ipsec-tools/files/racoon.pam.d | 4 -
.../ipsec-tools/ipsec-tools-0.8.0-r3.ebuild | 240 --------------------
net-firewall/ipsec-tools/metadata.xml | 14 --
12 files changed, 0 insertions(+), 471 deletions(-)
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
deleted file mode 100644
index ddc089d..0000000
--- a/net-firewall/ipsec-tools/Manifest
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656
-AUX ipsec-tools-duplicate-header.patch 440 RMD160 0a9f53ad68232b382388447c3c4aa7c81f5b6de1 SHA1 1d48f49fae5e7c5278d52a512e6b06998f24eacf SHA256 47d31a605a48fc7168cd579f62217316a12b153177bc6b16618d46c38e6936d1
-AUX ipsec-tools-include-vendoridh.patch 434 RMD160 cf30a122392ba179a7c6b0cd65f4c21d68d16266 SHA1 a0de513e850618caa2b5917b5d5b838360eaa200 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c
-AUX ipsec.conf 1209 RMD160 38ed5ce1b0ca6ce48d92ba0ad13b14122bd3371c SHA1 563926c8b14dc54cadebfcef108fe53abb189d4a SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816
-AUX psk.txt 293 RMD160 b626935831085771ee71486b9c5e24e606518dc8 SHA1 49e68d8cb0208ed55ebc76a12dec7180f43af431 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08
-AUX racoon.conf 772 RMD160 4ad6f3f94dc587d9b4278e165e76b7eacb475b91 SHA1 e7a74b34181480764e36fc452a9e6a516c8c86b4 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3
-AUX racoon.conf.d 605 RMD160 1c2db39154d8470ecd2e0fe95075ec47ffa47613 SHA1 19171c533f707778e1d5d84f4948a82d75b672b5 SHA256 1bf003daa972cbdc2e251c10f2d93684c1f637f70ac2445ad5482dbe7ee2b1d9
-AUX racoon.init.d 1314 RMD160 14fd9ea02fdb20d13a0e3284e1f1e468117247f2 SHA1 41cb71c0354d632ad35565dbf98a26364b592d56 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75
-AUX racoon.pam.d 156 RMD160 c4f6ba6e3a705eef63e571189e28de71e7d61178 SHA1 1223f7a43a5e124521d48852b2d23bb8ba0a788f SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c
-DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
-EBUILD ipsec-tools-0.8.0-r3.ebuild 6135 RMD160 5c5113c51b9d1410a95a629635b5f5c890451bc0 SHA1 309cfe1bf239c8dffb96f8b7ff188008f9ef8b9a SHA256 bc4ae794a70a2c1961a48cbe099cad87be3edd5bc22a8f9ba65382e62e67df41
-MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iEYEAREIAAYFAk9YH+MACgkQl5yvQNBFVTUpUgCgmo+4jAsCbAJG6RJDD9WgRjxg
-VksAnj+GjzU2EUfhHs5Y/6mGqXzf/j1S
-=YExW
------END PGP SIGNATURE-----
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
deleted file mode 100644
index f351860..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
---- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
-+++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
-@@ -2498,8 +2498,21 @@
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "couldn't find the pskey for %s.\n",
- saddrwop2str(iph1->remote));
-+ }
-+ }
-+ if (iph1->authstr == NULL) {
-+ /*
-+ * If we could not locate a psk above try and locate
-+ * the default psk, ie, "*".
-+ */
-+ iph1->authstr = privsep_getpsk("*", 1);
-+ if (iph1->authstr == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph1->remote,
-+ "couldn't find the the default pskey either.\n");
- goto end;
- }
-+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
-+ "Using default PSK.\n");
- }
- plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
- /* should be secret PSK */
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch b/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch
deleted file mode 100644
index 6e84804..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-duplicate-header.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/racoon/Makefile.am
-+++ src/racoon/Makefile.am
-@@ -3,7 +3,7 @@
- sbin_PROGRAMS = racoon racoonctl plainrsa-gen
- noinst_PROGRAMS = eaytest
- include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
-- schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h \
-+ schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
- lib_LTLIBRARIES = libracoon.la
-
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
deleted file mode 100644
index 2e22c82..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
---- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
-+++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
-@@ -87,6 +87,7 @@
- #ifdef HAVE_GSSAPI
- #include <iconv.h>
- #include "gssapi.h"
-+#include "vendorid.h"
- #ifdef HAVE_ICONV_2ND_CONST
- #define __iconv_const const
- #else
diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec.conf
deleted file mode 100644
index bfff04a..0000000
--- a/net-firewall/ipsec-tools/files/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/sbin/setkey -f
-#
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-flush;
-spdflush;
-
-#
-# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
-# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
-#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
-#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
-#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
-#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
-spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
-spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt
deleted file mode 100644
index 97f5180..0000000
--- a/net-firewall/ipsec-tools/files/psk.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-# Peer IP/FQDN Secret
-# 192.168.3.25 sample
-192.168.3.21 sample
diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf
deleted file mode 100644
index 2e9206d..0000000
--- a/net-firewall/ipsec-tools/files/racoon.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-path pre_shared_key "/etc/racoon/psk.txt";
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#remote 192.168.3.25
-remote 192.168.3.21
-{
- exchange_mode main;
- proposal {
- encryption_algorithm 3des;
- hash_algorithm md5;
- authentication_method pre_shared_key;
- dh_group modp1024;
- }
-}
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#sainfo address 192.168.3.21 any address 192.168.3.25 any
-sainfo address 192.168.3.25 any address 192.168.3.21 any
-{
- pfs_group modp768;
- encryption_algorithm 3des;
- authentication_algorithm hmac_md5;
- compression_algorithm deflate;
-}
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d
deleted file mode 100644
index a8cac41..0000000
--- a/net-firewall/ipsec-tools/files/racoon.conf.d
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
-
-# Config file for /etc/init.d/racoon
-
-# See the man page or run `racoon --help` for valid command-line options
-# RACOON_OPTS="-d"
-
-RACOON_CONF="/etc/racoon/racoon.conf"
-RACOON_PSK_FILE="/etc/racoon/psk.txt"
-SETKEY_CONF="/etc/ipsec.conf"
-
-# Comment or remove the following if you don't want the policy tables
-# to be flushed when racoon is stopped.
-
-RACOON_RESET_TABLES="true"
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
deleted file mode 100644
index 16fdec7..0000000
--- a/net-firewall/ipsec-tools/files/racoon.init.d
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- before netmount
- use net
-}
-
-checkconfig() {
- if [ ! -e ${SETKEY_CONF} ] ; then
- eerror "You need to configure setkey before starting racoon."
- return 1
- fi
- if [ ! -e ${RACOON_CONF} ] ; then
- eerror "You need a configuration file to start racoon."
- return 1
- fi
- if [ ! -z ${RACOON_PSK_FILE} ] ; then
- if [ ! -f ${RACOON_PSK_FILE} ] ; then
- eerror "PSK file not found as specified."
- eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
- return 1
- fi
- case "`ls -Lldn ${RACOON_PSK_FILE}`" in
- -r--------*)
- ;;
- *)
- eerror "Your defined PSK file should be mode 400 for security!"
- return 1
- ;;
- esac
- fi
-}
-
-start() {
- checkconfig || return 1
- einfo "Loading ipsec policies from ${SETKEY_CONF}."
- /usr/sbin/setkey -f ${SETKEY_CONF}
- if [ $? -eq 1 ] ; then
- eerror "Error while loading ipsec policies"
- fi
- ebegin "Starting racoon"
- start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping racoon"
- start-stop-daemon -K -p /var/run/racoon.pid
- eend $?
- if [ -n "${RACOON_RESET_TABLES}" ]; then
- ebegin "Flushing policy entries"
- /usr/sbin/setkey -F
- /usr/sbin/setkey -FP
- eend $?
- fi
-}
diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d
deleted file mode 100644
index b801aaa..0000000
--- a/net-firewall/ipsec-tools/files/racoon.pam.d
+++ /dev/null
@@ -1,4 +0,0 @@
-auth include system-remote-login
-account include system-remote-login
-password include system-remote-login
-session include system-remote-login
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild
deleted file mode 100644
index 5568c9d..0000000
--- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild
+++ /dev/null
@@ -1,240 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild,v 1.3 2012/03/04 18:18:27 blueness Exp $
-
-EAPI="4"
-
-inherit eutils flag-o-matic autotools linux-info pam
-
-DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
-HOMEPAGE="http://ipsec-tools.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
-
-RDEPEND="
- dev-libs/openssl
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )
- pam? ( sys-libs/pam )
- readline? ( sys-libs/readline )
- selinux? (
- sys-libs/libselinux
- sec-policy/selinux-ipsec-tools
- )"
-# radius? ( net-dialup/gnuradius )
-
-DEPEND="${RDEPEND}
- >=sys-kernel/linux-headers-2.6.30"
-
-pkg_setup() {
- linux-info_pkg_setup
-
- get_version
-
- if linux_config_exists && kernel_is -ge 2 6 19; then
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- ewarn "Checking kernel configuration in /usr/src/linux or"
- ewarn "or /proc/config.gz for compatibility with ${PN}."
- ewarn "Here are the potential problems:"
- ewarn
-
- local nothing="1"
-
- # Check options for all flavors of IPSec
- local msg=""
- for i in XFRM_USER NET_KEY; do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "ALL IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
-
- # Check unencrypted IPSec
- if ! linux_chkconfig_present CRYPTO_NULL; then
- nothing="0"
- ewarn
- ewarn "Unencrypted IPSec may fail. CHECK:"
- ewarn " CRYPTO_NULL"
- fi
-
- # Check IPv4 IPSec
- msg=""
- for i in \
- INET_IPCOMP INET_AH INET_ESP \
- INET_XFRM_MODE_TRANSPORT \
- INET_XFRM_MODE_TUNNEL \
- INET_XFRM_MODE_BEET
- do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "IPv4 IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
-
- # Check IPv6 IPSec
- if use ipv6; then
- msg=""
- for i in INET6_IPCOMP INET6_AH INET6_ESP \
- INET6_XFRM_MODE_TRANSPORT \
- INET6_XFRM_MODE_TUNNEL \
- INET6_XFRM_MODE_BEET
- do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "IPv6 IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
- fi
-
- # Check IPSec behind NAT
- if use nat; then
- if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
- nothing="0"
- ewarn
- ewarn "IPSec behind NAT may fail. CHECK:"
- ewarn " NETFILTER_XT_MATCH_POLICY"
- fi
- fi
-
- if [[ $nothing == "1" ]]; then
- ewarn "NO PROBLEMS FOUND"
- fi
-
- ewarn
- ewarn "WARNING: If your *configured* and *running* kernel"
- ewarn "differ either now or in the future, then these checks"
- ewarn "may lead to misleading results."
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- else
- eerror
- eerror "\033[1;31m**************************************************\033[00m"
- eerror "Make sure that your *running* kernel is/will be >=2.6.19."
- eerror "Building ${PN} now, assuming that you know what you're doing."
- eerror "\033[1;31m**************************************************\033[00m"
- eerror
- fi
-}
-
-src_prepare() {
- # fix for bug #124813
- sed -i 's:-Werror::g' "${S}"/configure.ac || die
- # fix for building with gcc-4.6
- sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
-
- epatch "${FILESDIR}/${PN}-def-psk.patch"
- epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
-
- AT_M4DIR="${S}" eautoreconf
- epunt_cxx
-}
-
-src_configure() {
- #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
- #--enable-samode-unspec is not supported in linux
- local myconf
- myconf="--with-kernel-headers=/usr/include \
- --enable-adminport \
- --enable-dependency-tracking \
- --enable-dpd \
- --enable-frag \
- --without-libiconv \
- --without-libradius \
- --disable-samode-unspec \
- $(use_enable idea) \
- $(use_enable ipv6) \
- $(use_enable kerberos gssapi) \
- $(use_with ldap libldap) \
- $(use_enable nat natt) \
- $(use_with pam libpam) \
- $(use_enable rc5) \
- $(use_with readline) \
- $(use_enable selinux security-context) \
- $(use_enable stats)"
-
- use nat && myconf="${myconf} --enable-natt-versions=yes"
-
- # enable mode-cfg and xauth support
- if use pam; then
- myconf="${myconf} --enable-hybrid"
- else
- myconf="${myconf} $(use_enable hybrid)"
- fi
-
- # the default (/usr/include/openssl/) is OK for Gentoo, leave it
- # myconf="${myconf} $(use_with ssl openssl )"
-
- econf ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- keepdir /var/lib/racoon
- newconfd "${FILESDIR}"/racoon.conf.d racoon
- newinitd "${FILESDIR}"/racoon.init.d racoon
- use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
-
- insinto /etc
- doins "${FILESDIR}"/ipsec.conf
- insinto /etc/racoon
- doins "${FILESDIR}"/racoon.conf
- doins "${FILESDIR}"/psk.txt
- chmod 400 "${D}"/etc/racoon/psk.txt
-
- dodoc ChangeLog README NEWS
- dodoc -r src/racoon/samples
- dodoc -r src/racoon/doc
- docinto samples
- newdoc src/setkey/sample.cf ipsec.conf
-}
-
-pkg_postinst() {
- if use nat; then
- elog
- elog "You have enabled the nat traversal functionnality."
- elog "Nat versions wich are enabled by default are 00,02,rfc"
- elog "you can find those drafts in the CVS repository:"
- elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
- elog
- elog "If you feel brave enough and you know what you are"
- elog "doing, you can consider emerging this ebuild with"
- elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
- elog
- fi
-
- if use ldap; then
- elog
- elog "You have enabled ldap support with {$PN}."
- elog "The man page does NOT contain any information on it yet."
- elog "Consider using a more recent version or CVS."
- elog
- fi
-
- elog
- elog "Please have a look in /usr/share/doc/${P} and visit"
- elog "http://www.netbsd.org/Documentation/network/ipsec/"
- elog "to find more information on how to configure this tool."
- elog
-}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
deleted file mode 100644
index 6e6434c..0000000
--- a/net-firewall/ipsec-tools/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer>
- <email>blueness@gentoo.org</email>
- </maintainer>
- <use>
- <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
- <flag name='idea'>Enable support for the IDEA algorithm</flag>
- <flag name='nat'>Enable NAT-Traversal</flag>
- <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
- <flag name='stats'>Enable statistics reporting</flag>
- </use>
-</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-09-27 14:20 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-09-27 14:20 UTC (permalink / raw
To: gentoo-commits
commit: 83d1e5996f0a489a306a650e10b56bccda70c5f5
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 27 14:19:50 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 27 14:19:50 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=83d1e599
net-firewall/ipsec-tools: staging to fix bugs #435398 and #436144
---
net-firewall/ipsec-tools/Manifest | 13 +
.../files/ipsec-tools-0.8.0-sysctl.patch | 22 ++
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 ++
.../files/ipsec-tools-include-vendoridh.patch | 11 +
net-firewall/ipsec-tools/files/ipsec.conf | 26 +++
net-firewall/ipsec-tools/files/psk.txt | 10 +
net-firewall/ipsec-tools/files/racoon.conf | 33 +++
net-firewall/ipsec-tools/files/racoon.conf.d-r1 | 18 ++
net-firewall/ipsec-tools/files/racoon.init.d | 58 +++++
net-firewall/ipsec-tools/files/racoon.init.d-r2 | 56 +++++
net-firewall/ipsec-tools/files/racoon.pam.d | 4 +
.../ipsec-tools/ipsec-tools-0.8.0-r5.ebuild | 237 ++++++++++++++++++++
net-firewall/ipsec-tools/metadata.xml | 14 ++
13 files changed, 527 insertions(+), 0 deletions(-)
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
new file mode 100644
index 0000000..c6d0c05
--- /dev/null
+++ b/net-firewall/ipsec-tools/Manifest
@@ -0,0 +1,13 @@
+AUX ipsec-tools-0.8.0-sysctl.patch 485 SHA256 eb94a1f77ac9c194e51c2f64b65d9c8f70ff109fdfe77f72801449277b7312f4 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 WHIRLPOOL 54c8f99ef2881e0fdf1e1aaf7c7908e9fac31326da9a15df160f81f4b9a8bb7a4db738ebd8c888c9a0bfae7e558c48231cb6413e1e953309a658ad12bfb9e106
+AUX ipsec-tools-def-psk.patch 907 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 WHIRLPOOL cfe93bc7e71aa627b973b416acfcdf9f9346ef5237726a079a0da3a383f949bb780624482f1f17b93cc43fc786711c4d8d3abc173f600f05d8790639cbed911a
+AUX ipsec-tools-include-vendoridh.patch 434 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c WHIRLPOOL 1507b428ab919b0e45125ec4901af6b3a764a33c98cae6e2df0c061432414cb61e980606d24f55054d4433203f5eca3a123d4dd6dfd74645d7bc222f66cab1bd
+AUX ipsec.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437
+AUX psk.txt 293 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08 SHA512 ed09588bcbf9b16e4e18315c7b9a7667788b4ab26cd962376430c316cfb0ee5a30ff26910190731b287c1a1b5927951a79f71a096071e73d67dc867a455b14cf WHIRLPOOL fe1aadd94612e742029d6e0be7401f2994c9fed4fec899f3fc09c90cb134aca710c41a083164d6cece46b331652ddb3b76720c60bc40b837243b329db7eb60db
+AUX racoon.conf 772 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3 SHA512 8876920331b4003fd096f1997e1266a12783120e390cea55ca283a8fd6485552b54e87f60e75f33409a4cdb99171d2358953287edd47ddeac8bda6da0cc8becc WHIRLPOOL 12c55b1f5e67592483c2602040454f7c0e511c4867b0ed1e7acb593d3ffd0b2b2bfe7a5defb900eb8759006b4382d8c3d891ace2472d772e223e68eb99bd72cc
+AUX racoon.conf.d-r1 606 SHA256 a5bac8d1d84d11651027f4264a9adac85d18ea8f126abb504397a866695d2ddd SHA512 c2f12c2829e8f1852a81104feb6b5f4afa58394fa46b65347ec30d469a822b748d3e317023ec0f060c20242988692ab76eba52fdc5f473e393c563243ff53c1d WHIRLPOOL 58a48357c475e927cb3d659582bb8c9b8ae10f1164c1831300375694a33052454dd65a29a0c869f17915f3d36aa2772b64811f44920f57d9de8cf2eb5f3df485
+AUX racoon.init.d 1314 SHA256 7c9447197032b30a2cb76a62179a3b0ef3768870c340adf4743976e7d65eba75 SHA512 ef882fde450ac1bd4ce4acfefa498699c1959d6a1fa9eb2ea210446007f8107c2203e5fb6c0ef5f21e7687479569bffe84a3815f32748fb103140fa2e8f3737a WHIRLPOOL d31da300e79211dff92568d9d6901b3cefaabbae57806b45f2e61031e11b4ba8afd53b3a2742e9174110291716a53910deb1a188da3ec279f5af2edcfa9281dc
+AUX racoon.init.d-r2 1232 SHA256 d31ca0615464fbc8a3a2a6c6b308ab937e795ca6a1ca7d1a54eadff20caf9825 SHA512 1fa08aff6fe116e8c440600a23bb78385716ad6ab0e6b28d28d63516b9d67c6c592bcd876b198bf6bffa11efe97772399db66c1d2b57e9eaa494983495313f5e WHIRLPOOL d0b691de48313962b04e7a86aeeee1933b03fbbfe322e5e7662229a84d5d5d794bcbb51d0ef45160c25856ec4e1f4e15b435134ddea3378633f5116547c375d7
+AUX racoon.pam.d 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
+DIST ipsec-tools-0.8.0.tar.bz2 809297 SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 SHA512 3bec6bab4fe555612f1d48966e797202830f5254a8d2146a14d268ff0c68445af790285214db41ab08ee4888625e8e680c3b848c30789d836169d1612a25fe2c WHIRLPOOL 862d2bbf78aca8c9e01e00c995aeb3b662e1ea4a769081b9880a3fee7821ef5968e10fe75d9671268979188c7ca3b91d507a1fc9a097729d0648bc4c965e675d
+EBUILD ipsec-tools-0.8.0-r5.ebuild 6061 SHA256 2e7af21ab29e463023165f1404b6033cb21130b4ab147584954d6b941b9d6f16 SHA512 2ab81dee9a018b3010c67abc86a22ee911f41f92bf6a6c75ed19df057d3383aa036e9d476662ce11cb625be9d965aa70e23ef9e0a66d08d3f507c5e7016ebd82 WHIRLPOOL 4a3d73da40c3d8ce2f69d090cd7cd8c45760f0403370be3fc80b0f74dfb5c2c5df219776b3b783f187b9e7c414c9e63e0af6bbd759c8a600734f6ec6a3a7d2e0
+MISC metadata.xml 537 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40 SHA512 9b26b2cd54e00527201339c3936ac717c57fe596e470d84e0dc0715f778b5797488b6cac61dea83bab61714a23a88e44dbd537bfeeb2b37d285653dcb838fab5 WHIRLPOOL a0dd0b61f957875ca3c50db5aa66470ed493be9c4f002bd165d75b41a8ca51cbcfd2567b4702bf1845b8e0a1ca54239e6ed163098d8b613d1f9f459192acc14e
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
new file mode 100644
index 0000000..5c69bbb
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
@@ -0,0 +1,22 @@
+https://bugs.gentoo.org/425770
+
+--- a/src/racoon/pfkey.c
++++ b/src/racoon/pfkey.c
+@@ -59,7 +59,6 @@
+ #include <sys/param.h>
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+-#include <sys/sysctl.h>
+
+ #include <net/route.h>
+ #include <net/pfkeyv2.h>
+--- a/src/setkey/setkey.c
++++ b/src/setkey/setkey.c
+@@ -40,7 +40,6 @@
+ #include <sys/socket.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
+-#include <sys/sysctl.h>
+ #include <err.h>
+ #include <netinet/in.h>
+ #include <net/pfkeyv2.h>
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
new file mode 100644
index 0000000..f351860
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
@@ -0,0 +1,25 @@
+diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
+--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
+@@ -2498,8 +2498,21 @@
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the pskey for %s.\n",
+ saddrwop2str(iph1->remote));
++ }
++ }
++ if (iph1->authstr == NULL) {
++ /*
++ * If we could not locate a psk above try and locate
++ * the default psk, ie, "*".
++ */
++ iph1->authstr = privsep_getpsk("*", 1);
++ if (iph1->authstr == NULL) {
++ plog(LLV_ERROR, LOCATION, iph1->remote,
++ "couldn't find the the default pskey either.\n");
+ goto end;
+ }
++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
++ "Using default PSK.\n");
+ }
+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
+ /* should be secret PSK */
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
new file mode 100644
index 0000000..2e22c82
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
@@ -0,0 +1,11 @@
+diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
+--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
+@@ -87,6 +87,7 @@
+ #ifdef HAVE_GSSAPI
+ #include <iconv.h>
+ #include "gssapi.h"
++#include "vendorid.h"
+ #ifdef HAVE_ICONV_2ND_CONST
+ #define __iconv_const const
+ #else
diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec.conf
new file mode 100644
index 0000000..bfff04a
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec.conf
@@ -0,0 +1,26 @@
+#!/usr/sbin/setkey -f
+#
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+flush;
+spdflush;
+
+#
+# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
+# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
+#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
+#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
+#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
+#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
+spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
+spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt
new file mode 100644
index 0000000..97f5180
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/psk.txt
@@ -0,0 +1,10 @@
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+# Peer IP/FQDN Secret
+# 192.168.3.25 sample
+192.168.3.21 sample
diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf
new file mode 100644
index 0000000..2e9206d
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.conf
@@ -0,0 +1,33 @@
+# THIS IS A SAMPLE FILE!
+#
+# This is a sample file to test Gentoo's ipsec-tools out of the box.
+# Do not use it in production. See: http://www.ipsec-howto.org/
+#
+path pre_shared_key "/etc/racoon/psk.txt";
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#remote 192.168.3.25
+remote 192.168.3.21
+{
+ exchange_mode main;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm md5;
+ authentication_method pre_shared_key;
+ dh_group modp1024;
+ }
+}
+
+#
+# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
+#
+#sainfo address 192.168.3.21 any address 192.168.3.25 any
+sainfo address 192.168.3.25 any address 192.168.3.21 any
+{
+ pfs_group modp768;
+ encryption_algorithm 3des;
+ authentication_algorithm hmac_md5;
+ compression_algorithm deflate;
+}
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
new file mode 100644
index 0000000..b201e40
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
@@ -0,0 +1,18 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.4 2012/03/09 02:55:47 blueness Exp $
+
+# Config file for /etc/init.d/racoon
+
+# See the man page or run `racoon --help` for valid command-line options
+# RACOON_OPTS="-d"
+
+RACOON_CONF="/etc/racoon/racoon.conf"
+RACOON_PSK_FILE="/etc/racoon/psk.txt"
+SETKEY_CONF="/etc/ipsec.conf"
+
+# Comment or remove the following if you don't want the policy tables
+# to be flushed when racoon is stopped.
+
+RACOON_RESET_TABLES="true"
+
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
new file mode 100644
index 0000000..16fdec7
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.init.d
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ before netmount
+ use net
+}
+
+checkconfig() {
+ if [ ! -e ${SETKEY_CONF} ] ; then
+ eerror "You need to configure setkey before starting racoon."
+ return 1
+ fi
+ if [ ! -e ${RACOON_CONF} ] ; then
+ eerror "You need a configuration file to start racoon."
+ return 1
+ fi
+ if [ ! -z ${RACOON_PSK_FILE} ] ; then
+ if [ ! -f ${RACOON_PSK_FILE} ] ; then
+ eerror "PSK file not found as specified."
+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
+ return 1
+ fi
+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in
+ -r--------*)
+ ;;
+ *)
+ eerror "Your defined PSK file should be mode 400 for security!"
+ return 1
+ ;;
+ esac
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ einfo "Loading ipsec policies from ${SETKEY_CONF}."
+ /usr/sbin/setkey -f ${SETKEY_CONF}
+ if [ $? -eq 1 ] ; then
+ eerror "Error while loading ipsec policies"
+ fi
+ ebegin "Starting racoon"
+ start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping racoon"
+ start-stop-daemon -K -p /var/run/racoon.pid
+ eend $?
+ if [ -n "${RACOON_RESET_TABLES}" ]; then
+ ebegin "Flushing policy entries"
+ /usr/sbin/setkey -F
+ /usr/sbin/setkey -FP
+ eend $?
+ fi
+}
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2
new file mode 100644
index 0000000..04b5752
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.init.d-r2
@@ -0,0 +1,56 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ before netmount
+ use net
+}
+
+checkconfig() {
+ if [ ! -e ${SETKEY_CONF} ] ; then
+ eerror "You need to configure setkey before starting racoon."
+ return 1
+ fi
+ if [ ! -e ${RACOON_CONF} ] ; then
+ eerror "You need a configuration file to start racoon."
+ return 1
+ fi
+ if [ ! -z ${RACOON_PSK_FILE} ] ; then
+ if [ ! -f ${RACOON_PSK_FILE} ] ; then
+ eerror "PSK file not found as specified."
+ eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
+ return 1
+ fi
+ case "`ls -Lldn ${RACOON_PSK_FILE}`" in
+ -r--------*)
+ ;;
+ *)
+ eerror "Your defined PSK file should be mode 400 for security!"
+ return 1
+ ;;
+ esac
+ fi
+}
+
+command=/usr/sbin/racoon
+command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
+pidfile=/var/run/racoon.pid
+
+start_pre() {
+ checkconfig || return 1
+ einfo "Loading ipsec policies from ${SETKEY_CONF}."
+ /usr/sbin/setkey -f ${SETKEY_CONF}
+ if [ $? -eq 1 ] ; then
+ eerror "Error while loading ipsec policies"
+ fi
+}
+
+stop_post() {
+ if [ -n "${RACOON_RESET_TABLES}" ]; then
+ ebegin "Flushing policy entries"
+ /usr/sbin/setkey -F
+ /usr/sbin/setkey -FP
+ eend $?
+ fi
+}
diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d
new file mode 100644
index 0000000..b801aaa
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/racoon.pam.d
@@ -0,0 +1,4 @@
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
new file mode 100644
index 0000000..86dbe75
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild,v 1.2 2012/09/25 01:12:33 vapier Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic autotools linux-info pam
+
+DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
+IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
+
+RDEPEND="
+ dev-libs/openssl
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap )
+ pam? ( sys-libs/pam )
+ readline? ( sys-libs/readline )
+ selinux? (
+ sys-libs/libselinux
+ sec-policy/selinux-ipsec
+ )"
+
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.30"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ get_version
+
+ if linux_config_exists && kernel_is -ge 2 6 19; then
+ ewarn
+ ewarn "\033[1;33m**************************************************\033[00m"
+ ewarn
+ ewarn "Checking kernel configuration in /usr/src/linux or"
+ ewarn "or /proc/config.gz for compatibility with ${PN}."
+ ewarn "Here are the potential problems:"
+ ewarn
+
+ local nothing="1"
+
+ # Check options for all flavors of IPSec
+ local msg=""
+ for i in XFRM_USER NET_KEY; do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "ALL IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+
+ # Check unencrypted IPSec
+ if ! linux_chkconfig_present CRYPTO_NULL; then
+ nothing="0"
+ ewarn
+ ewarn "Unencrypted IPSec may fail. CHECK:"
+ ewarn " CRYPTO_NULL"
+ fi
+
+ # Check IPv4 IPSec
+ msg=""
+ for i in \
+ INET_IPCOMP INET_AH INET_ESP \
+ INET_XFRM_MODE_TRANSPORT \
+ INET_XFRM_MODE_TUNNEL \
+ INET_XFRM_MODE_BEET
+ do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "IPv4 IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+
+ # Check IPv6 IPSec
+ if use ipv6; then
+ msg=""
+ for i in INET6_IPCOMP INET6_AH INET6_ESP \
+ INET6_XFRM_MODE_TRANSPORT \
+ INET6_XFRM_MODE_TUNNEL \
+ INET6_XFRM_MODE_BEET
+ do
+ if ! linux_chkconfig_present ${i}; then
+ msg="${msg} ${i}"
+ fi
+ done
+ if [[ ! -z "$msg" ]]; then
+ nothing="0"
+ ewarn
+ ewarn "IPv6 IPSec may fail. CHECK:"
+ ewarn "${msg}"
+ fi
+ fi
+
+ # Check IPSec behind NAT
+ if use nat; then
+ if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
+ nothing="0"
+ ewarn
+ ewarn "IPSec behind NAT may fail. CHECK:"
+ ewarn " NETFILTER_XT_MATCH_POLICY"
+ fi
+ fi
+
+ if [[ $nothing == "1" ]]; then
+ ewarn "NO PROBLEMS FOUND"
+ fi
+
+ ewarn
+ ewarn "WARNING: If your *configured* and *running* kernel"
+ ewarn "differ either now or in the future, then these checks"
+ ewarn "may lead to misleading results."
+ ewarn
+ ewarn "\033[1;33m**************************************************\033[00m"
+ ewarn
+ else
+ eerror
+ eerror "\033[1;31m**************************************************\033[00m"
+ eerror "Make sure that your *running* kernel is/will be >=2.6.19."
+ eerror "Building ${PN} now, assuming that you know what you're doing."
+ eerror "\033[1;31m**************************************************\033[00m"
+ eerror
+ fi
+}
+
+src_prepare() {
+ # fix for bug #124813
+ sed -i 's:-Werror::g' "${S}"/configure.ac || die
+ # fix for building with gcc-4.6
+ sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
+
+ epatch "${FILESDIR}/${PN}-def-psk.patch"
+ epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
+ epatch "${FILESDIR}"/${P}-sysctl.patch #425770
+
+ AT_M4DIR="${S}" eautoreconf
+ epunt_cxx
+}
+
+src_configure() {
+ #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
+ #--enable-samode-unspec is not supported in linux
+ local myconf
+ myconf="--with-kernel-headers=/usr/include \
+ --enable-adminport \
+ --enable-dependency-tracking \
+ --enable-dpd \
+ --enable-frag \
+ --without-libiconv \
+ --without-libradius \
+ --disable-samode-unspec \
+ $(use_enable idea) \
+ $(use_enable ipv6) \
+ $(use_enable kerberos gssapi) \
+ $(use_with ldap libldap) \
+ $(use_enable nat natt) \
+ $(use_with pam libpam) \
+ $(use_enable rc5) \
+ $(use_with readline) \
+ $(use_enable selinux security-context) \
+ $(use_enable stats)"
+
+ use nat && myconf="${myconf} --enable-natt-versions=yes"
+
+ # enable mode-cfg and xauth support
+ if use pam; then
+ myconf="${myconf} --enable-hybrid"
+ else
+ myconf="${myconf} $(use_enable hybrid)"
+ fi
+
+ econf ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ keepdir /var/lib/racoon
+ newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
+ newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
+ use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
+
+ insinto /etc
+ doins "${FILESDIR}"/ipsec.conf
+ insinto /etc/racoon
+ doins "${FILESDIR}"/racoon.conf
+ doins "${FILESDIR}"/psk.txt
+ chmod 400 "${D}"/etc/racoon/psk.txt
+
+ dodoc ChangeLog README NEWS
+ dodoc -r src/racoon/samples
+ dodoc -r src/racoon/doc
+ docinto samples
+ newdoc src/setkey/sample.cf ipsec.conf
+}
+
+pkg_postinst() {
+ if use nat; then
+ elog
+ elog "You have enabled the nat traversal functionnality."
+ elog "Nat versions wich are enabled by default are 00,02,rfc"
+ elog "you can find those drafts in the CVS repository:"
+ elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
+ elog
+ elog "If you feel brave enough and you know what you are"
+ elog "doing, you can consider emerging this ebuild with"
+ elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
+ elog
+ fi
+
+ if use ldap; then
+ elog
+ elog "You have enabled ldap support with {$PN}."
+ elog "The man page does NOT contain any information on it yet."
+ elog "Consider using a more recent version or CVS."
+ elog
+ fi
+
+ elog
+ elog "Please have a look in /usr/share/doc/${P} and visit"
+ elog "http://www.netbsd.org/Documentation/network/ipsec/"
+ elog "to find more information on how to configure this tool."
+ elog
+}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
new file mode 100644
index 0000000..6e6434c
--- /dev/null
+++ b/net-firewall/ipsec-tools/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>blueness@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
+ <flag name='idea'>Enable support for the IDEA algorithm</flag>
+ <flag name='nat'>Enable NAT-Traversal</flag>
+ <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
+ <flag name='stats'>Enable statistics reporting</flag>
+ </use>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-09-27 14:42 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-09-27 14:42 UTC (permalink / raw
To: gentoo-commits
commit: 35efb9a4c6383e1dafbf565d6e8f16cf20f20ec1
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 27 14:42:31 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 27 14:42:31 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=35efb9a4
net-firewall/ipsec-tools: addresses bugs #435398 and #436144, no intelligent migration
---
net-firewall/ipsec-tools/Manifest | 8 ++--
.../files/{ipsec.conf => ipsec-tools.conf} | 0
net-firewall/ipsec-tools/files/racoon.conf.d-r1 | 11 ++++-
net-firewall/ipsec-tools/files/racoon.init.d | 58 --------------------
net-firewall/ipsec-tools/files/racoon.init.d-r2 | 1 +
.../ipsec-tools/ipsec-tools-0.8.0-r5.ebuild | 5 +-
6 files changed, 18 insertions(+), 65 deletions(-)
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
index 00ff670..34b1061 100644
--- a/net-firewall/ipsec-tools/Manifest
+++ b/net-firewall/ipsec-tools/Manifest
@@ -1,12 +1,12 @@
AUX ipsec-tools-0.8.0-sysctl.patch 485 SHA256 eb94a1f77ac9c194e51c2f64b65d9c8f70ff109fdfe77f72801449277b7312f4 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 WHIRLPOOL 54c8f99ef2881e0fdf1e1aaf7c7908e9fac31326da9a15df160f81f4b9a8bb7a4db738ebd8c888c9a0bfae7e558c48231cb6413e1e953309a658ad12bfb9e106
AUX ipsec-tools-def-psk.patch 907 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 WHIRLPOOL cfe93bc7e71aa627b973b416acfcdf9f9346ef5237726a079a0da3a383f949bb780624482f1f17b93cc43fc786711c4d8d3abc173f600f05d8790639cbed911a
AUX ipsec-tools-include-vendoridh.patch 434 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c WHIRLPOOL 1507b428ab919b0e45125ec4901af6b3a764a33c98cae6e2df0c061432414cb61e980606d24f55054d4433203f5eca3a123d4dd6dfd74645d7bc222f66cab1bd
-AUX ipsec.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437
+AUX ipsec-tools.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437
AUX psk.txt 293 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08 SHA512 ed09588bcbf9b16e4e18315c7b9a7667788b4ab26cd962376430c316cfb0ee5a30ff26910190731b287c1a1b5927951a79f71a096071e73d67dc867a455b14cf WHIRLPOOL fe1aadd94612e742029d6e0be7401f2994c9fed4fec899f3fc09c90cb134aca710c41a083164d6cece46b331652ddb3b76720c60bc40b837243b329db7eb60db
AUX racoon.conf 772 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3 SHA512 8876920331b4003fd096f1997e1266a12783120e390cea55ca283a8fd6485552b54e87f60e75f33409a4cdb99171d2358953287edd47ddeac8bda6da0cc8becc WHIRLPOOL 12c55b1f5e67592483c2602040454f7c0e511c4867b0ed1e7acb593d3ffd0b2b2bfe7a5defb900eb8759006b4382d8c3d891ace2472d772e223e68eb99bd72cc
-AUX racoon.conf.d-r1 606 SHA256 a5bac8d1d84d11651027f4264a9adac85d18ea8f126abb504397a866695d2ddd SHA512 c2f12c2829e8f1852a81104feb6b5f4afa58394fa46b65347ec30d469a822b748d3e317023ec0f060c20242988692ab76eba52fdc5f473e393c563243ff53c1d WHIRLPOOL 58a48357c475e927cb3d659582bb8c9b8ae10f1164c1831300375694a33052454dd65a29a0c869f17915f3d36aa2772b64811f44920f57d9de8cf2eb5f3df485
-AUX racoon.init.d-r2 1232 SHA256 d31ca0615464fbc8a3a2a6c6b308ab937e795ca6a1ca7d1a54eadff20caf9825 SHA512 1fa08aff6fe116e8c440600a23bb78385716ad6ab0e6b28d28d63516b9d67c6c592bcd876b198bf6bffa11efe97772399db66c1d2b57e9eaa494983495313f5e WHIRLPOOL d0b691de48313962b04e7a86aeeee1933b03fbbfe322e5e7662229a84d5d5d794bcbb51d0ef45160c25856ec4e1f4e15b435134ddea3378633f5116547c375d7
+AUX racoon.conf.d-r1 906 SHA256 a94721a9d51b970f728c63c1f4348c53fb0629b05ef02a6ee2c3f9e5b74e1163 SHA512 3efd2bd0ad9ef5c4340eb1a60aa561c1c37a71740d2d672d2493b0bb9488c3f12ad654270ba4a81c82f2152684f6f1423242a1b029c120c12e0d2300eae509e1 WHIRLPOOL 0ca879cefc0c784cdeddc2562ca9b6cc28ec5d8541f762818733eba7915ba6e9a87615af8fbf674363398333865f69032474fd49030d12e8a256919977da3404
+AUX racoon.init.d-r2 1279 SHA256 d9038da4f5c969a7da450d6d7a566fd77c4471ff0a1ceb2f176f0c9015d1eda8 SHA512 1a5337c74285b54c21b4d3d216f0a3756a3e2d6ea31028b56782c7a635ffac8142d61074fa0927df6dd1034e15234d3a4eda192c94e8cd5f510520e36bcf81a6 WHIRLPOOL f7219e0306b2d9e6311cd12ea06d560e1bf937ce409e44d7bf5a6e77325e4e6357b138fd709ca7972696a4669f1c6e6d72273250c84462ebf6b9e8c979aea330
AUX racoon.pam.d 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
DIST ipsec-tools-0.8.0.tar.bz2 809297 SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 SHA512 3bec6bab4fe555612f1d48966e797202830f5254a8d2146a14d268ff0c68445af790285214db41ab08ee4888625e8e680c3b848c30789d836169d1612a25fe2c WHIRLPOOL 862d2bbf78aca8c9e01e00c995aeb3b662e1ea4a769081b9880a3fee7821ef5968e10fe75d9671268979188c7ca3b91d507a1fc9a097729d0648bc4c965e675d
-EBUILD ipsec-tools-0.8.0-r5.ebuild 6061 SHA256 2e7af21ab29e463023165f1404b6033cb21130b4ab147584954d6b941b9d6f16 SHA512 2ab81dee9a018b3010c67abc86a22ee911f41f92bf6a6c75ed19df057d3383aa036e9d476662ce11cb625be9d965aa70e23ef9e0a66d08d3f507c5e7016ebd82 WHIRLPOOL 4a3d73da40c3d8ce2f69d090cd7cd8c45760f0403370be3fc80b0f74dfb5c2c5df219776b3b783f187b9e7c414c9e63e0af6bbd759c8a600734f6ec6a3a7d2e0
+EBUILD ipsec-tools-0.8.0-r5.ebuild 6105 SHA256 6e08dded31816117b3c097593ffc9058934af41b250215ba9a319b764435a9ae SHA512 1e7fdccb604a90afb72b62873b723581d2b856676631c18068a88a532657ed4c5a0076b5d89b73c92854445d3aa1e5ca8bf2cb0bbfa994dff0df78469c8fa749 WHIRLPOOL d5e5a650274a74193e28b83ba3f86db106988cc6bfe5a12893e752671d596f1aeb64bd1189e9d6f6302b458292e9054e293245b83385fa9cba8a23931bb88716
MISC metadata.xml 537 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40 SHA512 9b26b2cd54e00527201339c3936ac717c57fe596e470d84e0dc0715f778b5797488b6cac61dea83bab61714a23a88e44dbd537bfeeb2b37d285653dcb838fab5 WHIRLPOOL a0dd0b61f957875ca3c50db5aa66470ed493be9c4f002bd165d75b41a8ca51cbcfd2567b4702bf1845b8e0a1ca54239e6ed163098d8b613d1f9f459192acc14e
diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec-tools.conf
similarity index 100%
rename from net-firewall/ipsec-tools/files/ipsec.conf
rename to net-firewall/ipsec-tools/files/ipsec-tools.conf
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
index b201e40..ac2b718 100644
--- a/net-firewall/ipsec-tools/files/racoon.conf.d-r1
+++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
@@ -9,7 +9,16 @@
RACOON_CONF="/etc/racoon/racoon.conf"
RACOON_PSK_FILE="/etc/racoon/psk.txt"
-SETKEY_CONF="/etc/ipsec.conf"
+
+# The amount of time in ms for start-stop-daemon to wait before a timeout
+# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398.
+
+RACOON_WAIT="1000"
+
+# The setkey config file. Don't name it ipsec.conf as this clashes
+# with strongswan. We'll follow debian's naming. Bug #436144.
+
+SETKEY_CONF="/etc/ipsec-tools.conf"
# Comment or remove the following if you don't want the policy tables
# to be flushed when racoon is stopped.
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d
deleted file mode 100644
index 16fdec7..0000000
--- a/net-firewall/ipsec-tools/files/racoon.init.d
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- before netmount
- use net
-}
-
-checkconfig() {
- if [ ! -e ${SETKEY_CONF} ] ; then
- eerror "You need to configure setkey before starting racoon."
- return 1
- fi
- if [ ! -e ${RACOON_CONF} ] ; then
- eerror "You need a configuration file to start racoon."
- return 1
- fi
- if [ ! -z ${RACOON_PSK_FILE} ] ; then
- if [ ! -f ${RACOON_PSK_FILE} ] ; then
- eerror "PSK file not found as specified."
- eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
- return 1
- fi
- case "`ls -Lldn ${RACOON_PSK_FILE}`" in
- -r--------*)
- ;;
- *)
- eerror "Your defined PSK file should be mode 400 for security!"
- return 1
- ;;
- esac
- fi
-}
-
-start() {
- checkconfig || return 1
- einfo "Loading ipsec policies from ${SETKEY_CONF}."
- /usr/sbin/setkey -f ${SETKEY_CONF}
- if [ $? -eq 1 ] ; then
- eerror "Error while loading ipsec policies"
- fi
- ebegin "Starting racoon"
- start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping racoon"
- start-stop-daemon -K -p /var/run/racoon.pid
- eend $?
- if [ -n "${RACOON_RESET_TABLES}" ]; then
- ebegin "Flushing policy entries"
- /usr/sbin/setkey -F
- /usr/sbin/setkey -FP
- eend $?
- fi
-}
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2
index 04b5752..aeed27d 100644
--- a/net-firewall/ipsec-tools/files/racoon.init.d-r2
+++ b/net-firewall/ipsec-tools/files/racoon.init.d-r2
@@ -36,6 +36,7 @@ checkconfig() {
command=/usr/sbin/racoon
command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
pidfile=/var/run/racoon.pid
+start_stop_daemon_args="--wait ${RACOON_WAIT}"
start_pre() {
checkconfig || return 1
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
index 86dbe75..7143c26 100644
--- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
@@ -194,7 +194,7 @@ src_install() {
use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
insinto /etc
- doins "${FILESDIR}"/ipsec.conf
+ doins "${FILESDIR}"/ipsec-tools.conf
insinto /etc/racoon
doins "${FILESDIR}"/racoon.conf
doins "${FILESDIR}"/psk.txt
@@ -204,7 +204,8 @@ src_install() {
dodoc -r src/racoon/samples
dodoc -r src/racoon/doc
docinto samples
- newdoc src/setkey/sample.cf ipsec.conf
+ mv ipsec.conf ipsec-tools.conf
+ newdoc src/setkey/sample.cf ipsec-tools.conf
}
pkg_postinst() {
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/
@ 2012-09-28 0:46 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2012-09-28 0:46 UTC (permalink / raw
To: gentoo-commits
commit: cfcac0b12af83c90e5f771bacc02d3f50c49cbfb
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 28 00:45:53 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Sep 28 00:45:53 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=cfcac0b1
net-firewall/ipsec-tools: moved to tree
---
net-firewall/ipsec-tools/Manifest | 12 -
.../files/ipsec-tools-0.8.0-sysctl.patch | 22 --
.../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 --
.../files/ipsec-tools-include-vendoridh.patch | 11 -
net-firewall/ipsec-tools/files/ipsec-tools.conf | 26 --
net-firewall/ipsec-tools/files/psk.txt | 10 -
net-firewall/ipsec-tools/files/racoon.conf | 33 ---
net-firewall/ipsec-tools/files/racoon.conf.d-r1 | 27 --
net-firewall/ipsec-tools/files/racoon.init.d-r2 | 57 ----
net-firewall/ipsec-tools/files/racoon.pam.d | 4 -
.../ipsec-tools/ipsec-tools-0.8.0-r5.ebuild | 276 --------------------
net-firewall/ipsec-tools/metadata.xml | 14 -
12 files changed, 0 insertions(+), 517 deletions(-)
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
deleted file mode 100644
index 7afd522..0000000
--- a/net-firewall/ipsec-tools/Manifest
+++ /dev/null
@@ -1,12 +0,0 @@
-AUX ipsec-tools-0.8.0-sysctl.patch 485 SHA256 eb94a1f77ac9c194e51c2f64b65d9c8f70ff109fdfe77f72801449277b7312f4 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 WHIRLPOOL 54c8f99ef2881e0fdf1e1aaf7c7908e9fac31326da9a15df160f81f4b9a8bb7a4db738ebd8c888c9a0bfae7e558c48231cb6413e1e953309a658ad12bfb9e106
-AUX ipsec-tools-def-psk.patch 907 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 WHIRLPOOL cfe93bc7e71aa627b973b416acfcdf9f9346ef5237726a079a0da3a383f949bb780624482f1f17b93cc43fc786711c4d8d3abc173f600f05d8790639cbed911a
-AUX ipsec-tools-include-vendoridh.patch 434 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c WHIRLPOOL 1507b428ab919b0e45125ec4901af6b3a764a33c98cae6e2df0c061432414cb61e980606d24f55054d4433203f5eca3a123d4dd6dfd74645d7bc222f66cab1bd
-AUX ipsec-tools.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437
-AUX psk.txt 293 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08 SHA512 ed09588bcbf9b16e4e18315c7b9a7667788b4ab26cd962376430c316cfb0ee5a30ff26910190731b287c1a1b5927951a79f71a096071e73d67dc867a455b14cf WHIRLPOOL fe1aadd94612e742029d6e0be7401f2994c9fed4fec899f3fc09c90cb134aca710c41a083164d6cece46b331652ddb3b76720c60bc40b837243b329db7eb60db
-AUX racoon.conf 772 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3 SHA512 8876920331b4003fd096f1997e1266a12783120e390cea55ca283a8fd6485552b54e87f60e75f33409a4cdb99171d2358953287edd47ddeac8bda6da0cc8becc WHIRLPOOL 12c55b1f5e67592483c2602040454f7c0e511c4867b0ed1e7acb593d3ffd0b2b2bfe7a5defb900eb8759006b4382d8c3d891ace2472d772e223e68eb99bd72cc
-AUX racoon.conf.d-r1 906 SHA256 a94721a9d51b970f728c63c1f4348c53fb0629b05ef02a6ee2c3f9e5b74e1163 SHA512 3efd2bd0ad9ef5c4340eb1a60aa561c1c37a71740d2d672d2493b0bb9488c3f12ad654270ba4a81c82f2152684f6f1423242a1b029c120c12e0d2300eae509e1 WHIRLPOOL 0ca879cefc0c784cdeddc2562ca9b6cc28ec5d8541f762818733eba7915ba6e9a87615af8fbf674363398333865f69032474fd49030d12e8a256919977da3404
-AUX racoon.init.d-r2 1279 SHA256 d9038da4f5c969a7da450d6d7a566fd77c4471ff0a1ceb2f176f0c9015d1eda8 SHA512 1a5337c74285b54c21b4d3d216f0a3756a3e2d6ea31028b56782c7a635ffac8142d61074fa0927df6dd1034e15234d3a4eda192c94e8cd5f510520e36bcf81a6 WHIRLPOOL f7219e0306b2d9e6311cd12ea06d560e1bf937ce409e44d7bf5a6e77325e4e6357b138fd709ca7972696a4669f1c6e6d72273250c84462ebf6b9e8c979aea330
-AUX racoon.pam.d 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
-DIST ipsec-tools-0.8.0.tar.bz2 809297 SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 SHA512 3bec6bab4fe555612f1d48966e797202830f5254a8d2146a14d268ff0c68445af790285214db41ab08ee4888625e8e680c3b848c30789d836169d1612a25fe2c WHIRLPOOL 862d2bbf78aca8c9e01e00c995aeb3b662e1ea4a769081b9880a3fee7821ef5968e10fe75d9671268979188c7ca3b91d507a1fc9a097729d0648bc4c965e675d
-EBUILD ipsec-tools-0.8.0-r5.ebuild 7683 SHA256 e0186e522daa8adaca18cf037da7373b6f9a76e0f8488a94a9f2f52b79bcd265 SHA512 5ba14cb21e44c43fb1a8c1165ac3480b01753b0d042f04932ae7ea06b98603efa873dfe4db286d8ab0188d86061450a46a6a632d0a751c3a6ce7291d7fc0478c WHIRLPOOL c298b1fad30ebe2ab59f01898b0e2d40db45f1cee977d9a639b36b7c22b7ad6c917cd75b39d88e3af7014f94a1a1327cc34c770fa176a060e7571e1ae28c2a55
-MISC metadata.xml 537 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40 SHA512 9b26b2cd54e00527201339c3936ac717c57fe596e470d84e0dc0715f778b5797488b6cac61dea83bab61714a23a88e44dbd537bfeeb2b37d285653dcb838fab5 WHIRLPOOL a0dd0b61f957875ca3c50db5aa66470ed493be9c4f002bd165d75b41a8ca51cbcfd2567b4702bf1845b8e0a1ca54239e6ed163098d8b613d1f9f459192acc14e
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
deleted file mode 100644
index 5c69bbb..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://bugs.gentoo.org/425770
-
---- a/src/racoon/pfkey.c
-+++ b/src/racoon/pfkey.c
-@@ -59,7 +59,6 @@
- #include <sys/param.h>
- #include <sys/socket.h>
- #include <sys/queue.h>
--#include <sys/sysctl.h>
-
- #include <net/route.h>
- #include <net/pfkeyv2.h>
---- a/src/setkey/setkey.c
-+++ b/src/setkey/setkey.c
-@@ -40,7 +40,6 @@
- #include <sys/socket.h>
- #include <sys/time.h>
- #include <sys/stat.h>
--#include <sys/sysctl.h>
- #include <err.h>
- #include <netinet/in.h>
- #include <net/pfkeyv2.h>
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
deleted file mode 100644
index f351860..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
---- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
-+++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
-@@ -2498,8 +2498,21 @@
- plog(LLV_ERROR, LOCATION, iph1->remote,
- "couldn't find the pskey for %s.\n",
- saddrwop2str(iph1->remote));
-+ }
-+ }
-+ if (iph1->authstr == NULL) {
-+ /*
-+ * If we could not locate a psk above try and locate
-+ * the default psk, ie, "*".
-+ */
-+ iph1->authstr = privsep_getpsk("*", 1);
-+ if (iph1->authstr == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph1->remote,
-+ "couldn't find the the default pskey either.\n");
- goto end;
- }
-+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
-+ "Using default PSK.\n");
- }
- plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
- /* should be secret PSK */
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
deleted file mode 100644
index 2e22c82..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c
---- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500
-+++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500
-@@ -87,6 +87,7 @@
- #ifdef HAVE_GSSAPI
- #include <iconv.h>
- #include "gssapi.h"
-+#include "vendorid.h"
- #ifdef HAVE_ICONV_2ND_CONST
- #define __iconv_const const
- #else
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools.conf b/net-firewall/ipsec-tools/files/ipsec-tools.conf
deleted file mode 100644
index bfff04a..0000000
--- a/net-firewall/ipsec-tools/files/ipsec-tools.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/sbin/setkey -f
-#
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-flush;
-spdflush;
-
-#
-# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
-# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
-#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
-#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
-#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
-#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
-spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
-spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt
deleted file mode 100644
index 97f5180..0000000
--- a/net-firewall/ipsec-tools/files/psk.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-# Peer IP/FQDN Secret
-# 192.168.3.25 sample
-192.168.3.21 sample
diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf
deleted file mode 100644
index 2e9206d..0000000
--- a/net-firewall/ipsec-tools/files/racoon.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# THIS IS A SAMPLE FILE!
-#
-# This is a sample file to test Gentoo's ipsec-tools out of the box.
-# Do not use it in production. See: http://www.ipsec-howto.org/
-#
-path pre_shared_key "/etc/racoon/psk.txt";
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#remote 192.168.3.25
-remote 192.168.3.21
-{
- exchange_mode main;
- proposal {
- encryption_algorithm 3des;
- hash_algorithm md5;
- authentication_method pre_shared_key;
- dh_group modp1024;
- }
-}
-
-#
-# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
-#
-#sainfo address 192.168.3.21 any address 192.168.3.25 any
-sainfo address 192.168.3.25 any address 192.168.3.21 any
-{
- pfs_group modp768;
- encryption_algorithm 3des;
- authentication_algorithm hmac_md5;
- compression_algorithm deflate;
-}
diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1
deleted file mode 100644
index ac2b718..0000000
--- a/net-firewall/ipsec-tools/files/racoon.conf.d-r1
+++ /dev/null
@@ -1,27 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.4 2012/03/09 02:55:47 blueness Exp $
-
-# Config file for /etc/init.d/racoon
-
-# See the man page or run `racoon --help` for valid command-line options
-# RACOON_OPTS="-d"
-
-RACOON_CONF="/etc/racoon/racoon.conf"
-RACOON_PSK_FILE="/etc/racoon/psk.txt"
-
-# The amount of time in ms for start-stop-daemon to wait before a timeout
-# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398.
-
-RACOON_WAIT="1000"
-
-# The setkey config file. Don't name it ipsec.conf as this clashes
-# with strongswan. We'll follow debian's naming. Bug #436144.
-
-SETKEY_CONF="/etc/ipsec-tools.conf"
-
-# Comment or remove the following if you don't want the policy tables
-# to be flushed when racoon is stopped.
-
-RACOON_RESET_TABLES="true"
-
diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2
deleted file mode 100644
index aeed27d..0000000
--- a/net-firewall/ipsec-tools/files/racoon.init.d-r2
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- before netmount
- use net
-}
-
-checkconfig() {
- if [ ! -e ${SETKEY_CONF} ] ; then
- eerror "You need to configure setkey before starting racoon."
- return 1
- fi
- if [ ! -e ${RACOON_CONF} ] ; then
- eerror "You need a configuration file to start racoon."
- return 1
- fi
- if [ ! -z ${RACOON_PSK_FILE} ] ; then
- if [ ! -f ${RACOON_PSK_FILE} ] ; then
- eerror "PSK file not found as specified."
- eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
- return 1
- fi
- case "`ls -Lldn ${RACOON_PSK_FILE}`" in
- -r--------*)
- ;;
- *)
- eerror "Your defined PSK file should be mode 400 for security!"
- return 1
- ;;
- esac
- fi
-}
-
-command=/usr/sbin/racoon
-command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
-pidfile=/var/run/racoon.pid
-start_stop_daemon_args="--wait ${RACOON_WAIT}"
-
-start_pre() {
- checkconfig || return 1
- einfo "Loading ipsec policies from ${SETKEY_CONF}."
- /usr/sbin/setkey -f ${SETKEY_CONF}
- if [ $? -eq 1 ] ; then
- eerror "Error while loading ipsec policies"
- fi
-}
-
-stop_post() {
- if [ -n "${RACOON_RESET_TABLES}" ]; then
- ebegin "Flushing policy entries"
- /usr/sbin/setkey -F
- /usr/sbin/setkey -FP
- eend $?
- fi
-}
diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d
deleted file mode 100644
index b801aaa..0000000
--- a/net-firewall/ipsec-tools/files/racoon.pam.d
+++ /dev/null
@@ -1,4 +0,0 @@
-auth include system-remote-login
-account include system-remote-login
-password include system-remote-login
-session include system-remote-login
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
deleted file mode 100644
index 681045d..0000000
--- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild
+++ /dev/null
@@ -1,276 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild,v 1.2 2012/09/25 01:12:33 vapier Exp $
-
-EAPI="4"
-
-inherit eutils flag-o-matic autotools linux-info pam
-
-DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
-HOMEPAGE="http://ipsec-tools.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86"
-IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats"
-
-RDEPEND="
- dev-libs/openssl
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )
- pam? ( sys-libs/pam )
- readline? ( sys-libs/readline )
- selinux? (
- sys-libs/libselinux
- sec-policy/selinux-ipsec
- )"
-
-DEPEND="${RDEPEND}
- >=sys-kernel/linux-headers-2.6.30"
-
-pkg_preinst() {
- if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- if ! has_version "net-misc/strongswan" ; then
- ewarn "We found an earlier version of ${PN} installed."
- ewarn "As of ${PN}-0.8.0-r5, the old configuration file,"
- ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid"
- ewarn "a conflict with net-misc/strongswan; bug #436144. We will"
- ewarn "rename this file for you with this upgrade. However, if"
- ewarn "you later downgrade, you'll have to rename the file to"
- ewarn "its orignal manually or change /etc/conf.d/racoon to point"
- ewarn "to the new file."
-
- if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then
- mv /etc/ipsec.conf /etc/ipsec-tools.conf
- else
- ewarn
- ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!"
- ewarn "Either the former doesn't exist or the later does and"
- ewarn "I won't clobber it. Please fix this situation manually."
- fi
- else
- ewarn "You had both an earlier version of ${PN} and"
- ewarn "net-misc/strongswan installed. I can't tell whether"
- ewarn "the configuration file, ipsec.conf, belongs to one"
- ewarn "package or the other due to a file conflict; bug #436144."
- ewarn "The current version of ${PN} uses ipsec-tools.conf "
- ewarn "as its configuration file, as will future versions."
- ewarn "Please fix this situation manually."
- fi
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- fi
-}
-
-pkg_setup() {
- linux-info_pkg_setup
-
- get_version
-
- if linux_config_exists && kernel_is -ge 2 6 19; then
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- ewarn "Checking kernel configuration in /usr/src/linux or"
- ewarn "or /proc/config.gz for compatibility with ${PN}."
- ewarn "Here are the potential problems:"
- ewarn
-
- local nothing="1"
-
- # Check options for all flavors of IPSec
- local msg=""
- for i in XFRM_USER NET_KEY; do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "ALL IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
-
- # Check unencrypted IPSec
- if ! linux_chkconfig_present CRYPTO_NULL; then
- nothing="0"
- ewarn
- ewarn "Unencrypted IPSec may fail. CHECK:"
- ewarn " CRYPTO_NULL"
- fi
-
- # Check IPv4 IPSec
- msg=""
- for i in \
- INET_IPCOMP INET_AH INET_ESP \
- INET_XFRM_MODE_TRANSPORT \
- INET_XFRM_MODE_TUNNEL \
- INET_XFRM_MODE_BEET
- do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "IPv4 IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
-
- # Check IPv6 IPSec
- if use ipv6; then
- msg=""
- for i in INET6_IPCOMP INET6_AH INET6_ESP \
- INET6_XFRM_MODE_TRANSPORT \
- INET6_XFRM_MODE_TUNNEL \
- INET6_XFRM_MODE_BEET
- do
- if ! linux_chkconfig_present ${i}; then
- msg="${msg} ${i}"
- fi
- done
- if [[ ! -z "$msg" ]]; then
- nothing="0"
- ewarn
- ewarn "IPv6 IPSec may fail. CHECK:"
- ewarn "${msg}"
- fi
- fi
-
- # Check IPSec behind NAT
- if use nat; then
- if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
- nothing="0"
- ewarn
- ewarn "IPSec behind NAT may fail. CHECK:"
- ewarn " NETFILTER_XT_MATCH_POLICY"
- fi
- fi
-
- if [[ $nothing == "1" ]]; then
- ewarn "NO PROBLEMS FOUND"
- fi
-
- ewarn
- ewarn "WARNING: If your *configured* and *running* kernel"
- ewarn "differ either now or in the future, then these checks"
- ewarn "may lead to misleading results."
- ewarn
- ewarn "\033[1;33m**************************************************\033[00m"
- ewarn
- else
- eerror
- eerror "\033[1;31m**************************************************\033[00m"
- eerror "Make sure that your *running* kernel is/will be >=2.6.19."
- eerror "Building ${PN} now, assuming that you know what you're doing."
- eerror "\033[1;31m**************************************************\033[00m"
- eerror
- fi
-}
-
-src_prepare() {
- # fix for bug #124813
- sed -i 's:-Werror::g' "${S}"/configure.ac || die
- # fix for building with gcc-4.6
- sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die
-
- epatch "${FILESDIR}/${PN}-def-psk.patch"
- epatch "${FILESDIR}/${PN}-include-vendoridh.patch"
- epatch "${FILESDIR}"/${P}-sysctl.patch #425770
-
- AT_M4DIR="${S}" eautoreconf
- epunt_cxx
-}
-
-src_configure() {
- #--with-{iconv,libradius} lead to "Broken getaddrinfo()"
- #--enable-samode-unspec is not supported in linux
- local myconf
- myconf="--with-kernel-headers=/usr/include \
- --enable-adminport \
- --enable-dependency-tracking \
- --enable-dpd \
- --enable-frag \
- --without-libiconv \
- --without-libradius \
- --disable-samode-unspec \
- $(use_enable idea) \
- $(use_enable ipv6) \
- $(use_enable kerberos gssapi) \
- $(use_with ldap libldap) \
- $(use_enable nat natt) \
- $(use_with pam libpam) \
- $(use_enable rc5) \
- $(use_with readline) \
- $(use_enable selinux security-context) \
- $(use_enable stats)"
-
- use nat && myconf="${myconf} --enable-natt-versions=yes"
-
- # enable mode-cfg and xauth support
- if use pam; then
- myconf="${myconf} --enable-hybrid"
- else
- myconf="${myconf} $(use_enable hybrid)"
- fi
-
- econf ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- keepdir /var/lib/racoon
- newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon
- newinitd "${FILESDIR}"/racoon.init.d-r2 racoon
- use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon
-
- insinto /etc
- doins "${FILESDIR}"/ipsec-tools.conf
- insinto /etc/racoon
- doins "${FILESDIR}"/racoon.conf
- doins "${FILESDIR}"/psk.txt
- chmod 400 "${D}"/etc/racoon/psk.txt
-
- dodoc ChangeLog README NEWS
- dodoc -r src/racoon/samples
- dodoc -r src/racoon/doc
- docinto samples
- mv ipsec.conf ipsec-tools.conf
- newdoc src/setkey/sample.cf ipsec-tools.conf
-}
-
-pkg_postinst() {
- if use nat; then
- elog
- elog "You have enabled the nat traversal functionnality."
- elog "Nat versions wich are enabled by default are 00,02,rfc"
- elog "you can find those drafts in the CVS repository:"
- elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
- elog
- elog "If you feel brave enough and you know what you are"
- elog "doing, you can consider emerging this ebuild with"
- elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
- elog
- fi
-
- if use ldap; then
- elog
- elog "You have enabled ldap support with {$PN}."
- elog "The man page does NOT contain any information on it yet."
- elog "Consider using a more recent version or CVS."
- elog
- fi
-
- elog
- elog "Please have a look in /usr/share/doc/${P} and visit"
- elog "http://www.netbsd.org/Documentation/network/ipsec/"
- elog "to find more information on how to configure this tool."
- elog
-}
diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml
deleted file mode 100644
index 6e6434c..0000000
--- a/net-firewall/ipsec-tools/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer>
- <email>blueness@gentoo.org</email>
- </maintainer>
- <use>
- <flag name='hybrid'>Makes available both mode-cfg and xauth support</flag>
- <flag name='idea'>Enable support for the IDEA algorithm</flag>
- <flag name='nat'>Enable NAT-Traversal</flag>
- <flag name='rc5'>Enable support for the patented RC5 algorithm</flag>
- <flag name='stats'>Enable statistics reporting</flag>
- </use>
-</pkgmetadata>
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-09-28 0:47 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-27 14:20 [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2012-09-28 0:46 Anthony G. Basile
2012-09-27 14:42 Anthony G. Basile
2012-03-08 12:16 Anthony G. Basile
2012-03-06 19:41 Anthony G. Basile
2012-02-28 23:54 Anthony G. Basile
2012-02-08 2:26 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox