[gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/

Sat, 01 May 2021 00:12:28 -0700 

commit:     b5c7c9a782224f592c9f2521d766cf31322656c7
Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Sat May  1 07:12:11 2021 +0000
Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Sat May  1 07:12:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5c7c9a7

net-vpn/libreswan: set INITSYSTEM correctly

INITSYSTEM was hardcoded to always be openrc. This was ignored in
libreswan 3.x where runtime detection was used, but in 4.x the
INITSYSTEM is hardcoded in the setup script at installation time. Set
INITSYSTEM based on the systemd USE flag instead.

Closes: https://bugs.gentoo.org/756121
Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>

 net-vpn/libreswan/libreswan-4.4-r1.ebuild | 120 ++++++++++++++++++++++++++++++
 1 file changed, 120 insertions(+)

diff --git a/net-vpn/libreswan/libreswan-4.4-r1.ebuild 
b/net-vpn/libreswan/libreswan-4.4-r1.ebuild
new file mode 100644
index 00000000000..6932991bf6a
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-4.4-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz";
+KEYWORDS="~amd64 ~arm ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/";
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+       dev-libs/gmp:0=
+       dev-libs/libevent:0=
+       dev-libs/nspr
+       >=dev-libs/nss-3.42
+       >=sys-kernel/linux-headers-4.19
+       caps? ( sys-libs/libcap-ng )
+       curl? ( net-misc/curl )
+       dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )
+       ldap? ( net-nds/openldap )
+       pam? ( sys-libs/pam )
+       seccomp? ( sys-libs/libseccomp )
+       selinux? ( sys-libs/libselinux )
+       systemd? ( sys-apps/systemd:0= )
+"
+BDEPEND="
+       app-text/docbook-xml-dtd:4.1.2
+       app-text/xmlto
+       dev-libs/nss
+       sys-devel/bison
+       sys-devel/flex
+       virtual/pkgconfig
+       test? ( dev-python/setproctitle )
+"
+RDEPEND="${DEPEND}
+       dev-libs/nss[utils(+)]
+       sys-apps/iproute2
+       !net-vpn/strongswan
+       selinux? ( sec-policy/selinux-ipsec )
+"
+
+usetf() {
+       usex "$1" true false
+}
+
+PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" )
+
+src_prepare() {
+       sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' 
initsystems/openrc/ipsec.init.in || die
+       sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ 
s/oldinitdcheck//' initsystems/systemd/Makefile || die
+       default
+}
+
+src_configure() {
+       tc-export AR CC
+       export PREFIX=/usr
+       export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+       export FINALDOCDIR=/usr/share/doc/${PF}/html
+       export INITSYSTEM=$(usex systemd systemd openrc)
+       export INITDDIRS=
+       export INITDDIR_DEFAULT=/etc/init.d
+       export USERCOMPILE=${CFLAGS}
+       export USERLINK=${LDFLAGS}
+       export USE_DNSSEC=$(usetf dnssec)
+       export USE_LABELED_IPSEC=$(usetf selinux)
+       export USE_LIBCAP_NG=$(usetf caps)
+       export USE_LIBCURL=$(usetf curl)
+       export USE_LINUX_AUDIT=$(usetf selinux)
+       export USE_LDAP=$(usetf ldap)
+       export USE_NM=$(usetf networkmanager)
+       export USE_SECCOMP=$(usetf seccomp)
+       export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+       export SD_WATCHDOGSEC=$(usex systemd 200 0)
+       export USE_AUTHPAM=$(usetf pam)
+       export DEBUG_CFLAGS=
+       export OPTIMIZE_CFLAGS=
+       export WERROR_CFLAGS=
+}
+
+src_compile() {
+       emake all
+       emake -C initsystems INITSYSTEM=systemd 
SYSTEMUNITDIR="$(systemd_get_systemunitdir)" 
SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all
+}
+
+src_test() {
+       : # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+       default
+       emake -C initsystems INITSYSTEM=systemd 
SYSTEMUNITDIR="$(systemd_get_systemunitdir)" 
SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install
+
+       echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+       fperms 0600 /etc/ipsec.secrets
+
+       keepdir /var/lib/ipsec/nss
+       fperms 0700 /var/lib/ipsec/nss
+
+       dodoc -r docs
+
+       find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+       local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss
+       if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db 
]] ; then
+               ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty 
password"
+               certutil -N -d "${IPSEC_CONFDIR}" --empty-password
+               eend $?
+               einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
+       fi
+}

Reply via email to