blob: 879fa64940e2bfd9db860c740bb6b722f50259d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
|
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.7.1.ebuild,v 1.4 2008/10/11 13:06:53 bluebird Exp $
inherit eutils flag-o-matic autotools linux-info
DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
HOMEPAGE="http://ipsec-tools.sourceforge.net/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
LICENSE="BSD"
SLOT="0"
KEYWORDS="amd64 ~ppc sparc x86"
IUSE="idea ipv6 pam rc5 readline selinux ldap kerberos nat hybrid iconv selinux"
# FIXME: what is the correct syntax for ~sparc ???
DEPEND="!sparc? ( >=sys-kernel/linux-headers-2.6 )
readline? ( sys-libs/readline )
pam? ( sys-libs/pam )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
>=dev-libs/openssl-0.9.8
iconv? ( virtual/libiconv )
selinux? ( sys-libs/libselinux )"
# radius? ( net-dialup/gnuradius )
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-ipsec-tools )"
# {{{ kernel_check()
kernel_check() {
get_version
if kernel_is 2 6 ; then
if test "${KV_PATCH}" -ge 19 ; then
# Just for kernel >=2.6.19
ebegin "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
if use nat ; then
if ! { linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; } ; then
ewarn "[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is NOT enabled"
eerror "${P} won't compile with use nat traversal (USE=nat) until you enable NETFILTER_XT_MATCH_POLICY in your kernel"
die
else
einfo "....[NETFILTER_XT_MATCH_POLICY] IPsec policy match support is enabled :-)"
fi
fi
# {{{ general stuff
if ! { linux_chkconfig_present XFRM_USER; }; then
ewarn "[XFRM_USER] Transformation user configuration interface is NOT enabled."
else
einfo "....[XFRM_USER] Transformation user configuration interface is enabled :-)"
fi
if ! { linux_chkconfig_present NET_KEY; }; then
ewarn "[NET_KEY] PF_KEY sockets is NOT enabled."
else
einfo "....[NET_KEY] PF_KEY sockets is enabled :-)"
fi
# }}}
# {{{ IPv4 stuff
if ! { linux_chkconfig_present INET_IPCOMP; }; then
ewarn "[INET_IPCOMP] IP: IPComp transformation is NOT enabled"
else
einfo "....[INET_IPCOMP] IP: IPComp transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_AH; }; then
ewarn "[INET_AH] AH Transformation is NOT enabled."
else
einfo "....[INET_AH] AH Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_ESP; }; then
ewarn "[INET_ESP] ESP Transformation is NOT enabled."
else
einfo "....[INET_ESP] ESP Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_TRANSPORT; }; then
ewarn "[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_TRANSPORT] IP: IPsec transport mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_TUNNEL; }; then
ewarn "[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_TUNNEL] IP: IPsec tunnel mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET_XFRM_MODE_BEET; }; then
ewarn "[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is NOT enabled."
else
einfo "....[INET_XFRM_MODE_BEET] IP: IPsec BEET mode is enabled :-)"
fi
# }}}
# {{{ IPv6 stuff
if use ipv6 ; then
if ! { linux_chkconfig_present INET6_IPCOMP; }; then
ewarn "[INET6_IPCOMP] IPv6: IPComp transformation is NOT enabled"
else
einfo "....[INET6_IPCOMP] IPv6: IPComp transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_AH; }; then
ewarn "[INET6_AH] IPv6: AH Transformation is NOT enabled."
else
einfo "....[INET6_AH] IPv6: AH Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_ESP; }; then
ewarn "[INET6_ESP] IPv6: ESP Transformation is NOT enabled."
else
einfo "....[INET6_ESP] IPv6: ESP Transformation is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_TRANSPORT; }; then
ewarn "[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_TRANSPORT] IPv6: IPsec transport mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_TUNNEL; }; then
ewarn "[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_TUNNEL] IPv6: IPsec tunnel mode is enabled :-)"
fi
if ! { linux_chkconfig_present INET6_XFRM_MODE_BEET; }; then
ewarn "[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is NOT enabled."
else
einfo "....[INET6_XFRM_MODE_BEET] IPv6: IPsec BEET mode is enabled :-)"
fi
if ! { linux_chkconfig_present CRYPTO_NULL; }; then
ewarn "[CRYPTO_NULL] Crypto: NULL algorithm is NOT enabled"
else
einfo "....[CRYPTO_NULL] Cyrpto: Crypto NULL algorithm enabled :-)"
fi
fi
# }}}
eend $?
fi
fi
}
# }}}
src_unpack() {
unpack ${A}
cd "${S}"
# fix for bug #76741
sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c
# fix for bug #124813
sed -i 's:-Werror::g' "${S}"/configure.ac
AT_M4DIR="${S}" eautoreconf
epunt_cxx
}
src_compile() {
# fix for bug #61025
filter-flags -march=c3
kernel_check
myconf="--with-kernel-headers=${KV_DIR}/include \
--enable-dependency-tracking \
--enable-dpd \
--enable-frag \
--enable-stats \
--enable-fastquit \
--enable-stats \
--enable-adminport \
$(use_enable ipv6) \
$(use_enable rc5) \
$(use_enable idea) \
$(use_with readline)
$(use_enable kerberos gssapi) \
$(use_with ldap libldap) \
$(use_with pam libpam)"
# we do not want broken-natt from the kernel
# myconf="${myconf} $(use_enable broken-natt)"
use nat && myconf="${myconf} --enable-natt --enable-natt-versions=yes"
# we only need security-context when using selinux
myconf="${myconf} $(use_enable selinux security-context)"
# enable mode-cfg and xauth support
if use pam; then
myconf="${myconf} --enable-hybrid"
else
myconf="${myconf} $(use_enable hybrid)"
fi
# dev-libs/libiconv is hard masked
#use iconv && myconf="${myconf} $(use_with iconv libiconv)"
# the default (/usr/include/openssl/) is OK for Gentoo, leave it
# myconf="${myconf} $(use_with ssl openssl )"
# No way to get it compiling with freeradius or gnuradius
# We would need libradius which only exists on FreeBSD
# See bug #77369
#myconf="${myconf} --enable-samode-unspec"
econf ${myconf} || die
emake -j1 || die
}
src_install() {
emake DESTDIR="${D}" install || die
keepdir /var/lib/racoon
newconfd "${FILESDIR}"/racoon.conf.d racoon
newinitd "${FILESDIR}"/racoon.init.d racoon
dodoc ChangeLog README NEWS
dodoc src/racoon/samples/*
dodoc src/racoon/doc/*
docinto roadwarrior
dodoc src/racoon/samples/roadwarrior/*
docinto roadwarrior/client
dodoc src/racoon/samples/roadwarrior/client/*
docinto roadwarrior/server
dodoc src/racoon/samples/roadwarrior/server/*
docinto setkey
dodoc src/setkey/sample.cf
dodir /etc/racoon
# RFC are only available from CVS for the moment, see einfo below
#docinto "rfc"
#dodoc ${S}/src/racoon/rfc/*
}
pkg_postinst() {
if use nat; then
elog
elog " You have enabled the nat traversal functionnality."
elog " Nat versions wich are enabled by default are 00,02,rfc"
elog " you can find those drafts in the CVS repository:"
elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
elog
elog "If you feel brave enough and you know what you are"
elog "doing, you can consider emerging this ebuild"
elog "with"
elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
elog
fi;
if use ldap; then
elog
elog " You have enabled ldap support with {$PN}."
elog " The man page does NOT contain any information on it yet."
elog " Consider to use a more recent version or CVS"
elog
fi;
elog
elog "Please have a look in /usr/share/doc/${P} and visit"
elog "http://www.netbsd.org/Documentation/network/ipsec/"
elog "to find a lot of information on how to configure this great tool."
elog
}
# vim: set foldmethod=marker nowrap :
|