blob: 6c9386ecf07529ac5601a2a6aea16a296aca5a47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.4.ebuild,v 1.2 2010/02/27 22:43:10 ulm Exp $
EAPI=2
inherit eutils linux-info autotools
UGID="ipsec"
DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
HOMEPAGE="http://www.strongswan.org/"
SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"
SLOT="0"
KEYWORDS="~ppc ~sparc ~x86 ~amd64"
IUSE="caps cisco curl debug ldap nat smartcard static xml"
COMMON_DEPEND="!net-misc/openswan
dev-libs/gmp
dev-libs/libgcrypt
caps? ( sys-libs/libcap )
curl? ( net-misc/curl )
ldap? ( net-nds/openldap )
smartcard? ( dev-libs/opensc )
xml? ( dev-libs/libxml2 )"
DEPEND="${COMMON_DEPEND}
virtual/linux-sources
sys-kernel/linux-headers"
RDEPEND="${COMMON_DEPEND}
virtual/logger
sys-apps/iproute2"
src_prepare() {
epatch "${FILESDIR}"/${PN}-4.3.3-install.patch
eautoreconf
}
pkg_setup() {
linux-info_pkg_setup
elog "Linux kernel is version ${KV_FULL}"
if kernel_is 2 6; then
elog "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
else
eerror "Sorry, no support for your kernel version ${KV_FULL}."
die "Install an IPsec enabled 2.6 kernel."
fi
if use caps; then
# change to an unprivileged user if libcaps support is requested
enewgroup ${UGID}
enewuser ${UGID} -1 -1 -1 ${UGID}
fi
}
src_configure() {
local myconf=""
if use caps; then
# change to an unprivileged user if libcaps support is requested
myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
fi
# strongswan enables both by default; switch to the user's wish
if use static; then
myconf="${myconf} --enable-static --disable-shared"
else
myconf="${myconf} --disable-static --enable-shared"
fi
# TODO: Review new configure options such as networkmanager
econf \
$(use_with caps capabilities libcap) \
$(use_enable curl) \
$(use_enable ldap) \
$(use_enable xml smp) \
$(use_enable smartcard) \
$(use_enable cisco cisco-quirks) \
$(use_enable debug leak-detective) \
$(use_enable nat nat-transport) \
${myconf} \
|| die "econf failed"
}
src_install() {
einstall || die "einstall failed."
doinitd "${FILESDIR}"/ipsec
if use caps; then
fowners ipsec:ipsec /etc/ipsec.conf
fi
}
pkg_postinst() {
if use caps; then
echo
elog "strongSwan has been installed without superuser privileges as"
elog "requested (USE=caps). There are certain restrictions and"
elog "issues regarding non-root operation, so please have a look at:"
elog " http://wiki.strongswan.org/wiki/nonRoot"
echo
elog "Please be aware that with dropped privileges most leftupdown and"
elog "rightupdown scripts will no longer run if they require root privileges."
elog "You might want to use sudo to allow the user \"ipsec\" to run"
elog "the ipsec helper script (/usr/sbin/ipsec) as root."
elog "Example for /etc/sudoers:"
elog " Defaults:ipsec always_set_home,!env_reset"
elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
elog "Example for a connection block in /etc/ipsec.conf:"
elog " leftupdown=\"sudo ipsec _updown\""
echo
# elog "And please do not forget to add CAP_NET_ADMIN capabilities to"
# elog "your charon and pluto binaries each time you emerge this ebuild."
# echo
# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/pluto"
# elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/charon"
# echo
# elog "For more information reagrding POSIX capabilities support please"
# elog "have a look at http://www.friedhoff.org/posixfilecaps.html"
# echo
fi
elog "The up-to-date manual is available online at:"
elog " http://wiki.strongswan.org/"
echo
}
|