summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/strongswan')
-rw-r--r--net-misc/strongswan/ChangeLog10
-rw-r--r--net-misc/strongswan/strongswan-4.3.6.ebuild128
2 files changed, 136 insertions, 2 deletions
diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog
index 44c1f87d327d..16dcb49d6434 100644
--- a/net-misc/strongswan/ChangeLog
+++ b/net-misc/strongswan/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-misc/strongswan
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.77 2009/11/02 13:23:04 wschlich Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.78 2010/02/17 08:49:14 wschlich Exp $
+
+*strongswan-4.3.6 (17 Feb 2010)
+
+ 17 Feb 2010; Wolfram Schlich <wschlich@gentoo.org>
+ +strongswan-4.3.6.ebuild:
+ version bump
*strongswan-4.3.5 (02 Nov 2009)
diff --git a/net-misc/strongswan/strongswan-4.3.6.ebuild b/net-misc/strongswan/strongswan-4.3.6.ebuild
new file mode 100644
index 000000000000..695e31ba82ee
--- /dev/null
+++ b/net-misc/strongswan/strongswan-4.3.6.ebuild
@@ -0,0 +1,128 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.6.ebuild,v 1.1 2010/02/17 08:49:14 wschlich Exp $
+
+EAPI=2
+inherit eutils linux-info
+
+UGID="ipsec"
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES"
+SLOT="0"
+KEYWORDS="~ppc ~sparc ~x86 ~amd64"
+IUSE="caps cisco curl debug ldap nat smartcard static xml"
+
+COMMON_DEPEND="!net-misc/openswan
+ dev-libs/gmp
+ dev-libs/libgcrypt
+ caps? ( sys-libs/libcap )
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )
+ smartcard? ( dev-libs/opensc )
+ xml? ( dev-libs/libxml2 )"
+DEPEND="${COMMON_DEPEND}
+ virtual/linux-sources
+ sys-kernel/linux-headers"
+RDEPEND="${COMMON_DEPEND}
+ virtual/logger
+ sys-apps/iproute2"
+
+#src_prepare() {
+# epatch "${FILESDIR}"/${PN}-4.3.3-install.patch
+# eautoreconf
+#}
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ elog "Linux kernel is version ${KV_FULL}"
+
+ if kernel_is 2 6; then
+ elog "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+ else
+ eerror "Sorry, no support for your kernel version ${KV_FULL}."
+ die "Install an IPsec enabled 2.6 kernel."
+ fi
+
+ if use caps; then
+ # change to an unprivileged user if libcaps support is requested
+ enewgroup ${UGID}
+ enewuser ${UGID} -1 -1 -1 ${UGID}
+ fi
+}
+
+src_configure() {
+ local myconf=""
+
+ if use caps; then
+ # change to an unprivileged user if libcaps support is requested
+ myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+ fi
+
+ # strongswan enables both by default; switch to the user's wish
+ if use static; then
+ myconf="${myconf} --enable-static --disable-shared"
+ else
+ myconf="${myconf} --disable-static --enable-shared"
+ fi
+
+ # TODO: Review new configure options such as networkmanager
+ econf \
+ $(use_with caps capabilities libcap) \
+ $(use_enable curl) \
+ $(use_enable ldap) \
+ $(use_enable xml smp) \
+ $(use_enable smartcard) \
+ $(use_enable cisco cisco-quirks) \
+ $(use_enable debug leak-detective) \
+ $(use_enable nat nat-transport) \
+ ${myconf} \
+ || die "econf failed"
+}
+
+src_install() {
+ einstall || die "einstall failed."
+
+ doinitd "${FILESDIR}"/ipsec
+
+ if use caps; then
+ fowners ipsec:ipsec /etc/ipsec.conf
+ fi
+}
+
+pkg_postinst() {
+ if use caps; then
+ echo
+ elog "strongSwan has been installed without superuser privileges as"
+ elog "requested (USE=caps). There are certain restrictions and"
+ elog "issues regarding non-root operation, so please have a look at:"
+ elog " http://wiki.strongswan.org/wiki/nonRoot"
+ echo
+ elog "Please be aware that with dropped privileges most leftupdown and"
+ elog "rightupdown scripts will no longer run if they require root privileges."
+ elog "You might want to use sudo to allow the user \"ipsec\" to run"
+ elog "the ipsec helper script (/usr/sbin/ipsec) as root."
+ elog "Example for /etc/sudoers:"
+ elog " Defaults:ipsec always_set_home,!env_reset"
+ elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
+ elog "Example for a connection block in /etc/ipsec.conf:"
+ elog " leftupdown=\"sudo ipsec _updown\""
+ echo
+# elog "And please do not forget to add CAP_NET_ADMIN capabilities to"
+# elog "your charon and pluto binaries each time you emerge this ebuild."
+# echo
+# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/pluto"
+# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/charon"
+# echo
+# elog "For more information reagrding POSIX capabilities support please"
+# elog "have a look at http://www.friedhoff.org/posixfilecaps.html"
+# echo
+ fi
+ elog "The up-to-date manual is available online at:"
+ elog " http://wiki.strongswan.org/"
+ echo
+}