commit: b5c7c9a782224f592c9f2521d766cf31322656c7 Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Sat May 1 07:12:11 2021 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Sat May 1 07:12:11 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5c7c9a7
net-vpn/libreswan: set INITSYSTEM correctly INITSYSTEM was hardcoded to always be openrc. This was ignored in libreswan 3.x where runtime detection was used, but in 4.x the INITSYSTEM is hardcoded in the setup script at installation time. Set INITSYSTEM based on the systemd USE flag instead. Closes: https://bugs.gentoo.org/756121 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> net-vpn/libreswan/libreswan-4.4-r1.ebuild | 120 ++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/net-vpn/libreswan/libreswan-4.4-r1.ebuild b/net-vpn/libreswan/libreswan-4.4-r1.ebuild new file mode 100644 index 00000000000..6932991bf6a --- /dev/null +++ b/net-vpn/libreswan/libreswan-4.4-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~ppc ~x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" + +usetf() { + usex "$1" true false +} + +PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" ) + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + export PREFIX=/usr + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=$(usex systemd systemd openrc) + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_AUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + keepdir /var/lib/ipsec/nss + fperms 0700 /var/lib/ipsec/nss + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +}