commit: 982b7f94985759390d89299381c9657f9b603240 Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Thu Apr 25 06:03:15 2024 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Thu Apr 25 06:03:26 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=982b7f94
net-vpn/libreswan: add 5.0 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> net-vpn/libreswan/Manifest | 1 + net-vpn/libreswan/libreswan-5.0.ebuild | 135 +++++++++++++++++++++++++++++++++ net-vpn/libreswan/metadata.xml | 19 ++--- 3 files changed, 146 insertions(+), 9 deletions(-) diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index 0538bed5f570..33ca84f5c3d6 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -1,2 +1,3 @@ DIST libreswan-4.14.tar.gz 3721106 BLAKE2B 29c0beb8bb1d1fc3bc4fe5d229dd24ac74ca3f173c24bdf6982813f06aa1bad4572c8c472a414d58bdd5699b4fba33499ab5db7c55870c78314b39c213fc0e89 SHA512 fb4c4dc426530614d308a7c4f5d21123a166b1ad652f66393b45d4987a3e2be8e8bc135e7eedfe1c014db962b70f08108757f876e27cd9e7739a79764c6d4f2d DIST libreswan-4.15.tar.gz 3728498 BLAKE2B f2fd0955c73fb7278f4b2dbce3c1fa483406502c12340746426c77faa39143252e9b5f0b2c0cb60e238a962789b22b1f5b33a5bf5a42e79bb7e513fb2f12855f SHA512 49a60688bb4a5241dbd791bdde0c71ae80cfb7383bb841ea0788a9d0237569d7ad79e59985c700526e3807817ddae77ebd57521897526fbb8fb93ffbea631efe +DIST libreswan-5.0.tar.gz 3957806 BLAKE2B c7ff493c332ac63d416651e9a85254bfe3c749dc812ff682b8aa99c35887cc6976d23fb5a5013196e0973681a2d7054167d06d29b33ca6d93809e35a130e4bb0 SHA512 b1c7cebe1ffc21aeaae76f2562764195d535ff5d51fb6ad570046678df19387df68f2d52586eb290844019cbdc17e6192773f9110531a26cf1583e2c016289c6 diff --git a/net-vpn/libreswan/libreswan-5.0.ebuild b/net-vpn/libreswan/libreswan-5.0.ebuild new file mode 100644 index 000000000000..c9e2f853b153 --- /dev/null +++ b/net-vpn/libreswan/libreswan-5.0.ebuild @@ -0,0 +1,135 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd flag-o-matic toolchain-funcs tmpfiles + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/"; +SRC_URI="https://download.libreswan.org/${P}.tar.gz"; + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="caps curl dnssec +ikev1 ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + virtual/libcrypt:= + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= net-dns/dnssec-root ) + ldap? ( net-nds/openldap:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" +DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + + use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS + + export PREFIX=/usr + export DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/dnssec/icannbundle.pem + export EXAMPLE_IPSEC_SYSCONFDIR=/usr/share/doc/${PF} + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export INITSYSTEM=$(usex systemd systemd openrc) + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_IKEV1=$(usetf ikev1) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_AUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + DESTDIR="${D}" \ + install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + keepdir /var/lib/ipsec/nss + fperms 0700 /var/lib/ipsec/nss + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + tmpfiles_process libreswan.conf + + local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +} diff --git a/net-vpn/libreswan/metadata.xml b/net-vpn/libreswan/metadata.xml index ee9c662fbe16..f4ce7127d525 100644 --- a/net-vpn/libreswan/metadata.xml +++ b/net-vpn/libreswan/metadata.xml @@ -1,13 +1,14 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> <pkgmetadata> - <maintainer type="person"> - <email>gra...@gentoo.org</email> - </maintainer> - <use> - <flag name="dnssec">Use DNSSEC resolver (requires <pkg>net-dns/unbound</pkg>)</flag> - </use> - <upstream> - <remote-id type="github">libreswan/libreswan</remote-id> - </upstream> + <maintainer type="person"> + <email>gra...@gentoo.org</email> + </maintainer> + <use> + <flag name="dnssec">Use DNSSEC resolver (requires <pkg>net-dns/unbound</pkg>)</flag> + <flag name="ikev1">Enable the IKEv1 protocol</flag> + </use> + <upstream> + <remote-id type="github">libreswan/libreswan</remote-id> + </upstream> </pkgmetadata>
