From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RuxFQ-0007mW-N0 for garchives@archives.gentoo.org; Wed, 08 Feb 2012 02:27:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 71B58E07DA; Wed, 8 Feb 2012 02:26:55 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2AC70E07DA for ; Wed, 8 Feb 2012 02:26:55 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8EDE51B402C for ; Wed, 8 Feb 2012 02:26:54 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 0B72480043 for ; Wed, 8 Feb 2012 02:26:54 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <384e14dafea620bbe4f61ea2effbe77b5130dccc.blueness@gentoo> Subject: [gentoo-commits] dev/blueness:master commit in: net-firewall/ipsec-tools/, net-firewall/ipsec-tools/files/ X-VCS-Repository: dev/blueness X-VCS-Files: net-firewall/ipsec-tools/ChangeLog net-firewall/ipsec-tools/Manifest net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch net-firewall/ipsec-tools/files/racoon.conf.d net-firewall/ipsec-tools/files/racoon.init.d net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild net-firewall/ipsec-tools/metadata.xml X-VCS-Directories: net-firewall/ipsec-tools/ net-firewall/ipsec-tools/files/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 384e14dafea620bbe4f61ea2effbe77b5130dccc Date: Wed, 8 Feb 2012 02:26:54 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: eadcc991-70da-4c6b-9b39-1c2899550cd3 X-Archives-Hash: 0ab175d076aa3c119b440a3c62f1a877 commit: 384e14dafea620bbe4f61ea2effbe77b5130dccc Author: Anthony G. Basile gentoo org> AuthorDate: Wed Feb 8 02:26:48 2012 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Wed Feb 8 02:26:48 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Ddev/blueness.git;a= =3Dcommit;h=3D384e14da net-firewall/ipsec-tools: testing new ebuild, bug #365077 (Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with= key 0xD0455535) --- net-firewall/ipsec-tools/ChangeLog | 9 + net-firewall/ipsec-tools/Manifest | 17 ++ .../ipsec-tools/files/ipsec-tools-def-psk.patch | 25 +++ net-firewall/ipsec-tools/files/racoon.conf.d | 19 ++ net-firewall/ipsec-tools/files/racoon.init.d | 58 ++++++ net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild | 183 ++++++++++++++= ++++++ net-firewall/ipsec-tools/metadata.xml | 14 ++ 7 files changed, 325 insertions(+), 0 deletions(-) diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tool= s/ChangeLog new file mode 100644 index 0000000..e01c2c3 --- /dev/null +++ b/net-firewall/ipsec-tools/ChangeLog @@ -0,0 +1,9 @@ + + +*ipsec-tools-0.8.0 (08 Feb 2012) + + 08 Feb 2012; Anthony G. Basile + +ipsec-tools-0.8.0.ebuild, +files/ipsec-tools-def-psk.patch, + +files/racoon.conf.d, +files/racoon.init.d, +metadata.xml: + Testing new ebuild, bug #365077 + diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools= /Manifest new file mode 100644 index 0000000..01000bb --- /dev/null +++ b/net-firewall/ipsec-tools/Manifest @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX ipsec-tools-def-psk.patch 907 RMD160 4a72e22ecbc821cc96b338004b6ebb5= 787018569 SHA1 61be2483534c3a3084120a2d9fa08f660b7301f6 SHA256 15da775a7d= a892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 +AUX racoon.conf.d 621 RMD160 7f1d0b6e171e5dd60f1b033e4890bfd79d718389 SH= A1 05c0759df99c544f1a68fb8916d1c953ceac0af8 SHA256 4e894adb1a76f673f96026= 0929d083c1f6ddfcf094b371bcc2155fb6735d289f +AUX racoon.init.d 1314 RMD160 f0c385fa389fad6cddef87aee9f10172c2ca6838 S= HA1 b82a83850239f564b8d50c8039e188de6f18de7e SHA256 4d6506775650cc36b7197= f90eef7d98573280ebb445b0260d0442aec6f4d0937 +DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e= 5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a2= 4aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 +EBUILD ipsec-tools-0.8.0.ebuild 5092 RMD160 67bb3161ee0d396090981681e139= 637d7eecf1ff SHA1 f60cf34ee9ae9bb416c9578d24157fb3f9d5495e SHA256 6189653= 978e5e50627736bbb2508bda32dbd682779aca810dccc5f950567f275 +MISC ChangeLog 250 RMD160 503df09837a8c66d69d5dec9c025ab3bd913b347 SHA1 = 206dba63f2098d006c7e9580f7f1d45251d8bdd4 SHA256 03e6098bbb57bca95e0568e60= ae23d8c1ce60fffd66808ea64bb469970a1d71b +MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SH= A1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c89964= 22e33462b5637f9720a5096025752b93906bcbdc40 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.17 (GNU/Linux) + +iEYEAREIAAYFAk8x3WgACgkQl5yvQNBFVTVwfgCfQErxJYtBH+nldzNQoLZGC8et +gPMAnispXwXM6zgd5hYyQ8s9doQg0V3l +=3DQB73 +-----END PGP SIGNATURE----- diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/n= et-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch new file mode 100644 index 0000000..f351860 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch @@ -0,0 +1,25 @@ +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src= /racoon/oakley.c +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.00000000= 0 +0200 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 = +0200 +@@ -2498,8 +2498,21 @@ + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the pskey for %s.\n", + saddrwop2str(iph1->remote)); ++ } ++ } ++ if (iph1->authstr =3D=3D NULL) { ++ /* ++ * If we could not locate a psk above try and locate ++ * the default psk, ie, "*". ++ */ ++ iph1->authstr =3D privsep_getpsk("*", 1); ++ if (iph1->authstr =3D=3D NULL) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "couldn't find the the default pskey either.\n"); + goto end; + } ++ plog(LLV_NOTIFY, LOCATION, iph1->remote, ++ "Using default PSK.\n"); + } + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); + /* should be secret PSK */ diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/= ipsec-tools/files/racoon.conf.d new file mode 100644 index 0000000..b2a1e72 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf.d @@ -0,0 +1,19 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon= .conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $ + +# Config file for /etc/init.d/racoon + +# See the manual pages for racoon or run `racoon --help` +# for valid command-line options + +RACOON_OPTS=3D"-4" + +RACOON_CONF=3D"/etc/racoon/racoon.conf" +RACOON_PSK_FILE=3D"/etc/racoon/psk.txt" +SETKEY_CONF=3D"/etc/ipsec.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES=3D"true" diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/= ipsec-tools/files/racoon.init.d new file mode 100644 index 0000000..18703fc --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.init.d @@ -0,0 +1,58 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +start() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi + ebegin "Starting racoon" + start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_= OPTS} + eend $? +} + +stop() { + ebegin "Stopping racoon" + start-stop-daemon -K -p /var/run/racoon.pid + eend $? + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild b/net-fire= wall/ipsec-tools/ipsec-tools-0.8.0.ebuild new file mode 100644 index 0000000..1efbf7a --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild @@ -0,0 +1,183 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-= 0.7.3-r1.ebuild,v 1.3 2011/04/06 01:01:46 flameeyes Exp $ + +EAPI=3D"4" + +inherit eutils flag-o-matic autotools linux-info + +DESCRIPTION=3D"A port of KAME's IPsec utilities to the Linux-2.6 IPsec i= mplementation" +HOMEPAGE=3D"http://ipsec-tools.sourceforge.net/" +SRC_URI=3D"mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE=3D"BSD" +SLOT=3D"0" +KEYWORDS=3D"~amd64 ~x86" +IUSE=3D"rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid lda= p" + +RDEPEND=3D" + kerberos? ( virtual/krb5 ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-ipsec-tools + ) + readline? ( sys-libs/readline ) + pam? ( sys-libs/pam ) + ldap? ( net-nds/openldap ) + dev-libs/openssl + virtual/libiconv" +# iconv? ( virtual/libiconv ) +# radius? ( net-dialup/gnuradius ) + +DEPEND=3D"${RDEPEND} + >=3Dsys-kernel/linux-headers-2.6.30" + +pkg_setup() { + get_version + if kernel_is -ge 2 6 19 ; then + einfo "Checking for suitable kernel configuration (Networking | Networ= king support | Networking options)" + + if use nat; then + CONFIG_CHECK=3D"${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY" + export WARNING_NETFILTER_XT_MATCH_POLICY=3D"NAT support may fail weir= dly unless you enable this option in your kernel" + fi + + for i in XFRM_USER NET_KEY; do + CONFIG_CHECK=3D"${CONFIG_CHECK} ~${i}" + eval "export WARNING_${i}=3D'No tunnels will be available at all'" + done + + for i in INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET ; do + CONFIG_CHECK=3D"${CONFIG_CHECK} ~${i}" + eval "export WARNING_${i}=3D'IPv4 tunnels will not be available'" + done + + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET ; do + CONFIG_CHECK=3D"${CONFIG_CHECK} ~${i}" + eval "export WARNING_${i}=3D'IPv6 tunnels will not be available'" + done + + CONFIG_CHECK=3D"${CONFIG_CHECK} ~CRYPTO_NULL" + export WARNING_CRYPTO_NULL=3D"Unencrypted tunnels will not be availabl= e" + export CONFIG_CHECK + + check_extra_config + else + eerror "You must have a kernel >=3D2.6.19 to run ipsec-tools." + eerror "Building now, assuming that you will run on a different kernel= " + fi +} + +src_prepare() { + # fix for bug #76741 + sed -i 's:#include ::' src/racoon/pfkey.c src/setkey/setk= ey.c || die + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + epatch "${FILESDIR}/ipsec-tools-def-psk.patch" + + AT_M4DIR=3D"${S}" eautoreconf + epunt_cxx +} + +src_configure() { + # fix for bug #61025 + filter-flags -march=3Dc3 + + local myconf + myconf=3D"--with-kernel-headers=3D/usr/include \ + --enable-adminport \ + --enable-frag \ + --enable-dpd \ + --enable-dependency-tracking \ + $(use_enable rc5) \ + $(use_enable idea) \ + $(use_enable kerberos gssapi) \ + $(use_enable stats) \ + $(use_enable ipv6) \ + $(use_enable nat natt) \ + $(use_enable selinux security-context) \ + $(use_with readline) \ + $(use_with pam libpam) \ + $(use_with ldap libldap)" + + use nat && myconf=3D"${myconf} --enable-natt-versions=3Dyes" + + # enable mode-cfg and xauth support + if use pam; then + myconf=3D"${myconf} --enable-hybrid" + else + myconf=3D"${myconf} $(use_enable hybrid)" + fi + + # dev-libs/libiconv is hard masked + #use iconv && myconf=3D"${myconf} $(use_with iconv libiconv)" + + # the default (/usr/include/openssl/) is OK for Gentoo, leave it + # myconf=3D"${myconf} $(use_with ssl openssl )" + + # No way to get it compiling with freeradius or gnuradius + # We would need libradius which only exists on FreeBSD + + # See bug #77369 + #myconf=3D"${myconf} --enable-samode-unspec" + + econf ${myconf} +} + +src_install() { + emake DESTDIR=3D"${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d racoon + newinitd "${FILESDIR}"/racoon.init.d racoon + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + + docinto setkey + dodoc src/setkey/sample.cf + + dodir /etc/racoon + + # RFC are only available from CVS for the moment, see einfo below + #docinto "rfc" + #dodoc ${S}/src/racoon/rfc/* +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=3D\"--enable-natt-versions=3D08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-t= ools/metadata.xml new file mode 100644 index 0000000..6e6434c --- /dev/null +++ b/net-firewall/ipsec-tools/metadata.xml @@ -0,0 +1,14 @@ + + + + + blueness@gentoo.org + + + Makes available both mode-cfg and xauth support<= /flag> + Enable support for the IDEA algorithm + Enable NAT-Traversal + Enable support for the patented RC5 algorithm + Enable statistics reporting + +