From: "Hans de Graaff" <graaff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/, net-vpn/libreswan/files/
Date: Sun, 21 Feb 2021 06:47:34 +0000 (UTC) [thread overview]
Message-ID: <1613890047.c5207c8eb8f78de5c6ce9cbfe848ba1c198ab90e.graaff@gentoo> (raw)
commit: c5207c8eb8f78de5c6ce9cbfe848ba1c198ab90e
Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 06:47:27 2021 +0000
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 06:47:27 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5207c8e
net-vpn/libreswan: add 4.2
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>
net-vpn/libreswan/Manifest | 1 +
.../libreswan/files/libreswan-4.2-ip-path.patch | 11 ++
net-vpn/libreswan/libreswan-4.2.ebuild | 120 +++++++++++++++++++++
3 files changed, 132 insertions(+)
diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest
index 0ce65bd9900..11c0f86ad23 100644
--- a/net-vpn/libreswan/Manifest
+++ b/net-vpn/libreswan/Manifest
@@ -1,2 +1,3 @@
DIST libreswan-3.32.tar.gz 4141631 BLAKE2B 37a4cb5c1f52d69b17ba60abd2b7a181d9f5567914a453ab875185110aeda4d33ecdaacfc83e361f153860a1db66faec70e0ad06af65e310af28ae72ce68fc6a SHA512 bb65512351059e2fac6f1c3ed1e291eabd6835faacf6d9c58649dd71dab1bb4fe6d6074178dea6dea01f24d39f3fbefd84c6060e4d8436b5d057fa55ae4467f3
DIST libreswan-4.1.tar.gz 3427012 BLAKE2B 2ec58a53756efd2dc8e6a9e305c1efd1e3b8b1aaa089d783e86cf19d747b99838de451a2f94965981e0e2342d5866c16f36c4cf07e7ab971f3e689f8616c28f6 SHA512 c98dfdf6bff17eda6f028e35653b822941665989e37974266bcc54fda20e05f71b86c1dfee858a8ba9a544f86e9217e8e08fa2dfe03ab011f6c2d039b4ee05fe
+DIST libreswan-4.2.tar.gz 3467095 BLAKE2B 0630e9f7cf7ce6182712b4837688fd6b7a1ad1644f167f7ded4e63c7a0aac960a38d903cefbf0189da22b6ddb8c15f217ff3134f220b64020812789c1a196d29 SHA512 290be2e36fb41959c9889597aad8ab5df1edc1999ed7315e8f2e50213de073732c91ad497a2b5634f7bc83bca84089ef9f711420a77309c6cce243f1419a2d0f
diff --git a/net-vpn/libreswan/files/libreswan-4.2-ip-path.patch b/net-vpn/libreswan/files/libreswan-4.2-ip-path.patch
new file mode 100644
index 00000000000..b31071ffcd6
--- /dev/null
+++ b/net-vpn/libreswan/files/libreswan-4.2-ip-path.patch
@@ -0,0 +1,11 @@
+--- a/initsystems/systemd/ipsec.service.in.~1~ 2021-02-03 02:36:01.000000000 +0100
++++ b/initsystems/systemd/ipsec.service.in 2021-02-21 07:37:50.841582048 +0100
+@@ -33,7 +33,7 @@
+ # ExecStartPost=@FINALLIBEXECDIR@/portexcludes
+ ExecStop=@FINALLIBEXECDIR@/whack --shutdown
+ # 12 is the exit code of pluto for shutting down "leaving state"
+-ExecStopPost=/bin/bash -c 'if test "$EXIT_STATUS" != "12"; then /sbin/ip xfrm policy flush; /sbin/ip xfrm state flush; fi'
++ExecStopPost=/bin/bash -c 'if test "$EXIT_STATUS" != "12"; then /bin/ip xfrm policy flush; /bin/ip xfrm state flush; fi'
+ ExecStopPost=@FINALSBINDIR@/ipsec --stopnflog
+ ExecReload=@FINALLIBEXECDIR@/whack --listen
+
diff --git a/net-vpn/libreswan/libreswan-4.2.ebuild b/net-vpn/libreswan/libreswan-4.2.ebuild
new file mode 100644
index 00000000000..a9a0951d564
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-4.2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/"
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/gmp:0=
+ dev-libs/libevent:0=
+ dev-libs/nspr
+ >=dev-libs/nss-3.42
+ >=sys-kernel/linux-headers-4.19
+ caps? ( sys-libs/libcap-ng )
+ curl? ( net-misc/curl )
+ dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )
+ ldap? ( net-nds/openldap )
+ pam? ( sys-libs/pam )
+ seccomp? ( sys-libs/libseccomp )
+ selinux? ( sys-libs/libselinux )
+ systemd? ( sys-apps/systemd:0= )
+"
+BDEPEND="
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ dev-libs/nss
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ test? ( dev-python/setproctitle )
+"
+RDEPEND="${DEPEND}
+ dev-libs/nss[utils(+)]
+ sys-apps/iproute2
+ !net-vpn/strongswan
+ selinux? ( sec-policy/selinux-ipsec )
+"
+
+usetf() {
+ usex "$1" true false
+}
+
+PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" )
+
+src_prepare() {
+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
+ default
+}
+
+src_configure() {
+ tc-export AR CC
+ export PREFIX=/usr
+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+ export FINALDOCDIR=/usr/share/doc/${PF}/html
+ export INITSYSTEM=openrc
+ export INITDDIRS=
+ export INITDDIR_DEFAULT=/etc/init.d
+ export USERCOMPILE=${CFLAGS}
+ export USERLINK=${LDFLAGS}
+ export USE_DNSSEC=$(usetf dnssec)
+ export USE_LABELED_IPSEC=$(usetf selinux)
+ export USE_LIBCAP_NG=$(usetf caps)
+ export USE_LIBCURL=$(usetf curl)
+ export USE_LINUX_AUDIT=$(usetf selinux)
+ export USE_LDAP=$(usetf ldap)
+ export USE_NM=$(usetf networkmanager)
+ export USE_SECCOMP=$(usetf seccomp)
+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+ export SD_WATCHDOGSEC=$(usex systemd 200 0)
+ export USE_XAUTHPAM=$(usetf pam)
+ export DEBUG_CFLAGS=
+ export OPTIMIZE_CFLAGS=
+ export WERROR_CFLAGS=
+}
+
+src_compile() {
+ emake all
+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all
+}
+
+src_test() {
+ : # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+ default
+ emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install
+
+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+ fperms 0600 /etc/ipsec.secrets
+
+ keepdir /var/lib/ipsec/nss
+ fperms 0700 /var/lib/ipsec/nss
+
+ dodoc -r docs
+
+ find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+ local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss
+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
+ certutil -N -d "${IPSEC_CONFDIR}" --empty-password
+ eend $?
+ einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
+ fi
+}
next reply other threads:[~2021-02-21 6:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-21 6:47 Hans de Graaff [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-02-14 7:18 [gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/, net-vpn/libreswan/files/ Hans de Graaff
2018-09-19 6:47 Hans de Graaff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1613890047.c5207c8eb8f78de5c6ce9cbfe848ba1c198ab90e.graaff@gentoo \
--to=graaff@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox