diff options
Diffstat (limited to 'net-misc/strongswan')
-rw-r--r-- | net-misc/strongswan/ChangeLog | 10 | ||||
-rw-r--r-- | net-misc/strongswan/strongswan-4.3.6.ebuild | 128 |
2 files changed, 136 insertions, 2 deletions
diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog index 44c1f87d327d..16dcb49d6434 100644 --- a/net-misc/strongswan/ChangeLog +++ b/net-misc/strongswan/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-misc/strongswan -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.77 2009/11/02 13:23:04 wschlich Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.78 2010/02/17 08:49:14 wschlich Exp $ + +*strongswan-4.3.6 (17 Feb 2010) + + 17 Feb 2010; Wolfram Schlich <wschlich@gentoo.org> + +strongswan-4.3.6.ebuild: + version bump *strongswan-4.3.5 (02 Nov 2009) diff --git a/net-misc/strongswan/strongswan-4.3.6.ebuild b/net-misc/strongswan/strongswan-4.3.6.ebuild new file mode 100644 index 000000000000..695e31ba82ee --- /dev/null +++ b/net-misc/strongswan/strongswan-4.3.6.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.6.ebuild,v 1.1 2010/02/17 08:49:14 wschlich Exp $ + +EAPI=2 +inherit eutils linux-info + +UGID="ipsec" + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system." +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES" +SLOT="0" +KEYWORDS="~ppc ~sparc ~x86 ~amd64" +IUSE="caps cisco curl debug ldap nat smartcard static xml" + +COMMON_DEPEND="!net-misc/openswan + dev-libs/gmp + dev-libs/libgcrypt + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + smartcard? ( dev-libs/opensc ) + xml? ( dev-libs/libxml2 )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2" + +#src_prepare() { +# epatch "${FILESDIR}"/${PN}-4.3.3-install.patch +# eautoreconf +#} + +pkg_setup() { + linux-info_pkg_setup + + elog "Linux kernel is version ${KV_FULL}" + + if kernel_is 2 6; then + elog "This ebuild will set ${P} to use 2.6 native IPsec (KAME)." + else + eerror "Sorry, no support for your kernel version ${KV_FULL}." + die "Install an IPsec enabled 2.6 kernel." + fi + + if use caps; then + # change to an unprivileged user if libcaps support is requested + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_configure() { + local myconf="" + + if use caps; then + # change to an unprivileged user if libcaps support is requested + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # strongswan enables both by default; switch to the user's wish + if use static; then + myconf="${myconf} --enable-static --disable-shared" + else + myconf="${myconf} --disable-static --enable-shared" + fi + + # TODO: Review new configure options such as networkmanager + econf \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable ldap) \ + $(use_enable xml smp) \ + $(use_enable smartcard) \ + $(use_enable cisco cisco-quirks) \ + $(use_enable debug leak-detective) \ + $(use_enable nat nat-transport) \ + ${myconf} \ + || die "econf failed" +} + +src_install() { + einstall || die "einstall failed." + + doinitd "${FILESDIR}"/ipsec + + if use caps; then + fowners ipsec:ipsec /etc/ipsec.conf + fi +} + +pkg_postinst() { + if use caps; then + echo + elog "strongSwan has been installed without superuser privileges as" + elog "requested (USE=caps). There are certain restrictions and" + elog "issues regarding non-root operation, so please have a look at:" + elog " http://wiki.strongswan.org/wiki/nonRoot" + echo + elog "Please be aware that with dropped privileges most leftupdown and" + elog "rightupdown scripts will no longer run if they require root privileges." + elog "You might want to use sudo to allow the user \"ipsec\" to run" + elog "the ipsec helper script (/usr/sbin/ipsec) as root." + elog "Example for /etc/sudoers:" + elog " Defaults:ipsec always_set_home,!env_reset" + elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec" + elog "Example for a connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo ipsec _updown\"" + echo +# elog "And please do not forget to add CAP_NET_ADMIN capabilities to" +# elog "your charon and pluto binaries each time you emerge this ebuild." +# echo +# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/pluto" +# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/charon" +# echo +# elog "For more information reagrding POSIX capabilities support please" +# elog "have a look at http://www.friedhoff.org/posixfilecaps.html" +# echo + fi + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + echo +} |