diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-06-20 14:45:01 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-06-20 14:45:01 +0100 |
commit | 34dea8e38f88007799629d0a56b12dec480b1d21 (patch) | |
tree | 6790873994b58030360328cf5897d934b3b03d16 /net-vpn | |
parent | 7932d472a02d4c016ff7dff4b7a5479ab9d1883d (diff) |
gentoo resync : 20.06.2021
Diffstat (limited to 'net-vpn')
-rw-r--r-- | net-vpn/Manifest.gz | bin | 6904 -> 6902 bytes | |||
-rw-r--r-- | net-vpn/i2pd/Manifest | 2 | ||||
-rw-r--r-- | net-vpn/i2pd/i2pd-2.38.0-r3.ebuild (renamed from net-vpn/i2pd/i2pd-2.38.0-r1.ebuild) | 6 | ||||
-rw-r--r-- | net-vpn/strongswan/Manifest | 6 | ||||
-rw-r--r-- | net-vpn/strongswan/strongswan-5.9.0.ebuild | 308 | ||||
-rw-r--r-- | net-vpn/strongswan/strongswan-5.9.2-r1.ebuild (renamed from net-vpn/strongswan/strongswan-5.9.1.ebuild) | 2 | ||||
-rw-r--r-- | net-vpn/strongswan/strongswan-5.9.2.ebuild | 308 | ||||
-rw-r--r-- | net-vpn/tor/Manifest | 8 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.4.9-r1.ebuild (renamed from net-vpn/tor/tor-0.4.4.9.ebuild) | 2 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.5.7-r1.ebuild (renamed from net-vpn/tor/tor-0.4.5.7.ebuild) | 2 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.5.9-r1.ebuild (renamed from net-vpn/tor/tor-0.4.5.9.ebuild) | 2 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.6.5-r1.ebuild (renamed from net-vpn/tor/tor-0.4.6.5.ebuild) | 2 |
12 files changed, 14 insertions, 634 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 687ca5968409..52d999fcc492 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest index 70031ed5a36a..a3da3da12b5a 100644 --- a/net-vpn/i2pd/Manifest +++ b/net-vpn/i2pd/Manifest @@ -5,5 +5,5 @@ AUX i2pd-2.38.0.service 906 BLAKE2B 583c1856ceada5e60b7f595452afbe3e254616185d64 AUX i2pd-2.6.0-r3.confd 322 BLAKE2B 1abce31d300785fe0f42eb0c15bc26f723e99bfe4f3d21ef4d83620c064838d0e27f89f287a97404276490b848bd1372a40b915d4830b7755d801c4bda551099 SHA512 083f4c860d7556bd14f2765b098743c25f996ef16de3982430ff27ac7711051738d48709654441099ea8c755b6d9a6e25b52286f7e8c928d3f39f1207a9517a9 AUX i2pd-2.6.0-r3.initd 1385 BLAKE2B 5c754a7e289f8d102b2690f78fb3e9b805c6eb46208fba8d8200886dcd30e5e7ba682bb9eb493d654bbec03b8fa7ec58cf885f91203db400280c9de4d9c1e377 SHA512 c09d9164fedac748162eeeafabf4776e16869e7ad06ba5f1b008fa57655fbe8f9633804575e44011b61130699e394bd0d8623b13e9614623b8a9b34e5ad6ecd5 DIST i2pd-2.38.0.tar.gz 555543 BLAKE2B a47c4b77e3a1d4c88cfd18b288b53592a8096509e0bed01bbf57f8d81b715699f822059cd9eecc0deb8fc82d98c23a8c0f6a67ac71654da528f81785338bfe54 SHA512 01e160394dc07621b3d236fcc13d78b46e109290f59dbb77f282c05f4d80fdfa01c9b062de5ca91d6d6e739beb8a5b6f731508b48d9483f1a132a93a71d88e6f -EBUILD i2pd-2.38.0-r1.ebuild 2215 BLAKE2B 573602917de4a854582de366a8d00e6f7ac9e3cbe9aacc262acb3697ef351e20a50a495a3857f1ebf1789276462211edcaf13194d4dab50cfe80a6fb613ca26d SHA512 550ea1400297f7c44142504c2635af1e9f98acceab266f0604e4271b37291db8d747f54dc304136d8b4b1dc7d9bbab479e0ebb43688e628d31f317370f389fea +EBUILD i2pd-2.38.0-r3.ebuild 2224 BLAKE2B a104476434aefb858637afa9227c98ca9c6349e1ab5435ee50bac6e005af51b871a0529c61899852147c8c3fd408f78a8dae859a7a73715bb2df6420c9240748 SHA512 14798f72573625ac5cd13f90f3501ae956285fcdaf579add0f556ca668e1ba6eb997db5d41dcd9aa56dd5a7ef20aea2da5492a12141390bacb72cebe93ca3e66 MISC metadata.xml 727 BLAKE2B 2956a473062444342fb7436a09686b9774210105445288152df0e024fdf81b93b86782a1e3e5348ce8d4a2d71383db3ed63dd51dde00abadcfdce5f84819b37f SHA512 0362e22d09aa7735d12b66da01cc717704429750a57dc2cc625c2907525c935764ede0a83ef4908417542bc0afe24cb21ada71ee3100dffdb3d3b2ab3999da38 diff --git a/net-vpn/i2pd/i2pd-2.38.0-r1.ebuild b/net-vpn/i2pd/i2pd-2.38.0-r3.ebuild index b77a5dab495a..bc5464e5280a 100644 --- a/net-vpn/i2pd/i2pd-2.38.0-r1.ebuild +++ b/net-vpn/i2pd/i2pd-2.38.0-r3.ebuild @@ -18,13 +18,13 @@ RDEPEND=" acct-user/i2pd acct-group/i2pd !static? ( - dev-libs/boost:=[threads] - dev-libs/openssl:0=[-bindist] + dev-libs/boost:=[threads(+)] + dev-libs/openssl:0=[-bindist(-)] upnp? ( net-libs/miniupnpc:= ) )" DEPEND="${RDEPEND} static? ( - dev-libs/boost:=[static-libs,threads] + dev-libs/boost:=[static-libs,threads(+)] sys-libs/zlib[static-libs] dev-libs/openssl:0=[static-libs] upnp? ( net-libs/miniupnpc:=[static-libs] ) diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index 63ae6257aca7..ebda3c352363 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -1,8 +1,4 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c -DIST strongswan-5.9.0.tar.bz2 4568404 BLAKE2B daf5cce5cbe12253f9ad201d89323ab7d54ba7ff466685b84830737689e4d417fbb97d053d8c9f3de5acb6dee9a192ebae48ec0d4aa07ba3c8969ee6d8f06ab3 SHA512 b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821 -DIST strongswan-5.9.1.tar.bz2 4590867 BLAKE2B 1515764352e7473c47f853a5aa68e582d1fd61122ac1e1577bdc7813da77e0213803c69abf41a1667166e32fb9f2a4bfe8c74616d6431e698e31cf51e939ce3e SHA512 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 DIST strongswan-5.9.2.tar.bz2 4607281 BLAKE2B 84f5457bc970f49c9bc99d0ef41182d815e39b8a88be349ad0a78b531a983d3b3919d5c9f3b97793b0b2569f2c6b151cc3b5d9b145a8bfd663db6f79d8ff3dd6 SHA512 dca30b9be7847e0af59d1526c2e38d440b6729055cb3f0f0637d50d7381df465c7b59e79662efe63870a7a5a44eef696c02231274d2764f9e3c430ce2fd694f6 -EBUILD strongswan-5.9.0.ebuild 9527 BLAKE2B 2ef6b0a313b9fccdd5b389f09fc0cb46f1bdbcf72888ee026e194aa7abd595e034591ffd10db3e75109c18a1779cde184e2e51572a3e1aaedcf1ceaa841ea1f0 SHA512 ae80168f8334a9ea110a3e7ea87e083a530f4219f1d687dd0559318ef189d08333872758f0987bdb8f2e2e538a8cd4c434d1bc8ea07aa427bf6de77803daf1ae -EBUILD strongswan-5.9.1.ebuild 9473 BLAKE2B fce96a09c5ea4b6c9466f82b9707914ad6333a414b9866634827c4fbb6e02c67988e518140ce82c7fb2156d53f59cc9e45dbb8eacd4c6f93387ad7cccf0153b4 SHA512 657a5d92574c578cb14d9c0b34998681d57a86f1b9fc4b2edc98c056f3a98a0eb594b7c7e8e867172872515fae04367ab55a11583564588d9e3c580e0f072a1a -EBUILD strongswan-5.9.2.ebuild 9473 BLAKE2B fce96a09c5ea4b6c9466f82b9707914ad6333a414b9866634827c4fbb6e02c67988e518140ce82c7fb2156d53f59cc9e45dbb8eacd4c6f93387ad7cccf0153b4 SHA512 657a5d92574c578cb14d9c0b34998681d57a86f1b9fc4b2edc98c056f3a98a0eb594b7c7e8e867172872515fae04367ab55a11583564588d9e3c580e0f072a1a +EBUILD strongswan-5.9.2-r1.ebuild 9476 BLAKE2B 224e5c6d8b9e4bc44efc05088487aa1c967172ff3b8aeb6cc0cbbf945b9ca94456d719f3a04d37310fc8df03dbbba2adb57160327e5917797ed028a1318195e3 SHA512 7d08af11744fbd85e84197b0ccbfcb0eb665293d8326c4600685b781c77d99229943f7ff08b107498c0d617a2bb2249463861285708958df5ee6493fdb3b4c67 MISC metadata.xml 4148 BLAKE2B cee80f9768668f9c455b812471498725970cef329ab4e36d727d3a2201980944a251286cf1d26ff3195c770a2709b3b8a484f5c473bf75acf4d9b9eb82325d60 SHA512 1a093806557dc1f9d40c2221dd1fe11900830008026218864e6cdd463218c5d876911ef78d5c21b6d9f9226dcce1c71acdc270f9a8eabdf1847e61c975ae24ad diff --git a/net-vpn/strongswan/strongswan-5.9.0.ebuild b/net-vpn/strongswan/strongswan-5.9.0.ebuild deleted file mode 100644 index 119c3deceb5b..000000000000 --- a/net-vpn/strongswan/strongswan-5.9.0.ebuild +++ /dev/null @@ -1,308 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -inherit linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="https://www.strongswan.org/" -SRC_URI="https://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="amd64 arm ~arm64 ppc ~ppc64 x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish bypass-lan ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( dev-db/mysql-connector-c:= ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - systemd? ( sys-apps/systemd ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap eap-ttls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - $(use_enable systemd) \ - $(use_with caps capabilities libcap) \ - --with-piddir=/run \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - if ! use systemd; then - rm -rf "${ED}"/lib/systemd || die - fi - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " https://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.9.1.ebuild b/net-vpn/strongswan/strongswan-5.9.2-r1.ebuild index b7b28afa8ea2..cd1ecbe44da2 100644 --- a/net-vpn/strongswan/strongswan-5.9.1.ebuild +++ b/net-vpn/strongswan/strongswan-5.9.2-r1.ebuild @@ -32,7 +32,7 @@ COMMON_DEPEND="non-root? ( caps? ( sys-libs/libcap ) curl? ( net-misc/curl ) ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist(-)] ) mysql? ( dev-db/mysql-connector-c:= ) sqlite? ( >=dev-db/sqlite-3.3.1 ) systemd? ( sys-apps/systemd ) diff --git a/net-vpn/strongswan/strongswan-5.9.2.ebuild b/net-vpn/strongswan/strongswan-5.9.2.ebuild deleted file mode 100644 index b7b28afa8ea2..000000000000 --- a/net-vpn/strongswan/strongswan-5.9.2.ebuild +++ /dev/null @@ -1,308 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -inherit linux-info systemd - -DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="https://www.strongswan.org/" -SRC_URI="https://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="amd64 arm ~arm64 ppc ~ppc64 x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish bypass-lan ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="non-root? ( - acct-user/ipsec - acct-group/ipsec - ) - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( dev-db/mysql-connector-c:= ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - systemd? ( sys-apps/systemd ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" - -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" - -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap eap-ttls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - $(use_enable systemd) \ - $(use_with caps capabilities libcap) \ - --with-piddir=/run \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - if ! use systemd; then - rm -rf "${ED}"/lib/systemd || die - fi - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " https://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 883996fd5755..0367d25cf406 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -14,8 +14,8 @@ DIST tor-0.4.5.9.tar.gz 7840294 BLAKE2B 75babcbf7929fa34034ad706df1189ca7988e8c5 DIST tor-0.4.5.9.tar.gz.asc 833 BLAKE2B fca3769b683e8bb90540026dda6d2f302d499262c806f7c7215e7a30908cd46b807717fd130380d114660380166852f6a0cbb702966c6930004d04098718d582 SHA512 df538981aa19a2fa730a1e357f277f22b3cae769a1d13fa1d920a5e949d5b3770a8de9883eeaf2522c8b24327f73505569ac0f6ecf77139ddb5ef1e2418924b6 DIST tor-0.4.6.5.tar.gz 7754823 BLAKE2B bdff61863f8b48381cc52d66c54f417e90177118d6cdd1402f3ecca9783f32141f74bb979b4f8c919d9e2c6cd4373fd9a5e0e84498a26470af1fbc6eb2c7caed SHA512 62bcd8d446199cdd397a688d454730a057ef20be4152e6d0632f64df27c993c70be0dbde0a2e7679a8a20850371a503b8daf777296d555760d8aae3286e48050 DIST tor-0.4.6.5.tar.gz.asc 833 BLAKE2B 966ab724e37dd341c3ef45f2aeb7e1c928270831ea790cb6cb0e77084a0c813d66ce35c5d31d49bf9d1e9a6ecfb3d4fb6ee4424fd83183d654016d22fcb90d7e SHA512 1cf9111ba08594c716874a2b6f35a7959c5c391518ec1e5b1491d84454f3fe1c705e06dfcfd23f30e0eb619063304c430cbebc9827190df0b03ec09cecd1773c -EBUILD tor-0.4.4.9.ebuild 2794 BLAKE2B 561a2af6b4e64dd50cd04f30a8fb5a67e56d6759a5d6144c19db21b914e9d5be44947d897769a4f8f3d2b6ba7faa73e9d0f36caff73ff14e10934014f0481059 SHA512 3b6b96b82ba712d4258818cce58a51baaa097ac2c249ba51ed53e9c689ccc85fa7e43ee44c62919911c8474eb106ea1ae5384272e2751cb6331954b315221dfc -EBUILD tor-0.4.5.7.ebuild 2785 BLAKE2B 806c5ed6f41d3f7e792127dfdd92d7d015a6f5b9cfdf182523896503ef86bc72a239abfd20f2badca408254a04e8b440e4d1f405794c02385a5ffcd9270bcbe5 SHA512 42a07d094edff6560f6b20c588ae6ec41ccbf20a5bc8dd3255badbfe2f09c07bb739356120ea4b6d4287b4b03652c17d32f46a511111d6040b6a8d8074676f18 -EBUILD tor-0.4.5.9.ebuild 2541 BLAKE2B ae1d9127c828b13a877e7d620c70863f473daf722ff0cecc26b4bd2fc0120c24183c930fbc1d24f3cd0be7e3269644473bc75ad910d7e56e22093cf1f0ef908c SHA512 45a469f5e22244d2d5138bba4994c60fc889d19d3cdbe02c3e6d4a105d1d773467a7411ef2e073e7230756c054e9bbc03991fe9b7f844764270737ded22490e6 -EBUILD tor-0.4.6.5.ebuild 2739 BLAKE2B e9f1b852aed9b3124be411c407f4c5686ed8645957b31acf1aedc349b3290cb0a745b7c28801fe19415c2a5531064fa596af50e3db0e0143aa0a883cb983ac31 SHA512 ae8ca192172d72aa4829a4760a6d4734e0895153eeb6fc785a98aea4fdbd77c094af1b288f3b5feec6db8a897a1d23cc59a5e842488bb3678c91b6e8175e864a +EBUILD tor-0.4.4.9-r1.ebuild 2797 BLAKE2B 2b37de0b894e2b7088fad0463bb173a08139ca8da49507fc5718d270db00b2084f012d619e8df9f0f4821eaf78357401b23348f4ecbef53d972e486198045c8e SHA512 c2b0dd7537064d8d1cbe0eb9d213610460afa79938849232390fd512cd8498e076138f5e9fdad6b0a85b665f73c1ab62bbaac0cb07f543536bbff9dae0590915 +EBUILD tor-0.4.5.7-r1.ebuild 2788 BLAKE2B 7c390e7a4789c967ce7b63b6a9505d487fc5dc7eba3b3d11d929f37a4bb4768dbd00c9547263d051aee401f8016f1abb69189acec02fa22616bfe8b3fb1cbc48 SHA512 746c9462ee787c860d3cee7deb8435b310cd1488c11dd385895fa891a43043bcacc15ed2c3df6905242f132111dbb2ac64850f21397e392e80bd09f851322fca +EBUILD tor-0.4.5.9-r1.ebuild 2544 BLAKE2B 840d53158ed06452c125ac933253d01f79996b73a24293890dcd25011c969da7dd6e6a8b87bd94f7c0e9426a180e74515a29cade4702dcd14e946a6be2134cc6 SHA512 76f2944e47441bc85be06bdf05c943f5032f344d6aaa28710c79c26ff4f293879e40d463764cb03e44319d6ca7faa743456084d51f8ae3476e912b4daca00266 +EBUILD tor-0.4.6.5-r1.ebuild 2742 BLAKE2B ded94096f45ce9dd6be3ed15c762f80086aff5f2590ae83b94850ef1a2827d0c436313ee27f661dc190c89ef36417c3b2e8deb89817351b8b82d6e28e3d51eb5 SHA512 489760dbb35167c927ba53f061a767d03f17d90168010907e4a89db62a394029f3ed88f86e127d13c9720f8b875832531545aee4f5fee24522554602a973c692 MISC metadata.xml 549 BLAKE2B af6257c0e04c7487b23edb1f5c6fce91fbb76aedf9c0357bb4f214ff4af9d6055e0c6bb32fef5c9906f461f34b5631891a681a039612c73feecff8ff77a0a3c2 SHA512 2b9d9c20a9691dd67cb5ef98e386bea8cff9ba79208373922c5a379ca8c96e021e94748d7b85e860a24063f1fc439a3adee59b3dde70cf6b35401d18518b5689 diff --git a/net-vpn/tor/tor-0.4.4.9.ebuild b/net-vpn/tor/tor-0.4.4.9-r1.ebuild index bdb635b77531..8a971fb7b60f 100644 --- a/net-vpn/tor/tor-0.4.4.9.ebuild +++ b/net-vpn/tor/tor-0.4.4.9-r1.ebuild @@ -29,7 +29,7 @@ DEPEND=" sys-libs/zlib caps? ( sys-libs/libcap ) man? ( app-text/asciidoc ) - dev-libs/openssl:0=[-bindist] + dev-libs/openssl:0=[-bindist(-)] lzma? ( app-arch/xz-utils ) scrypt? ( app-crypt/libscrypt ) seccomp? ( >=sys-libs/libseccomp-2.4.1 ) diff --git a/net-vpn/tor/tor-0.4.5.7.ebuild b/net-vpn/tor/tor-0.4.5.7-r1.ebuild index 82738f38a284..aacbb466ed11 100644 --- a/net-vpn/tor/tor-0.4.5.7.ebuild +++ b/net-vpn/tor/tor-0.4.5.7-r1.ebuild @@ -29,7 +29,7 @@ DEPEND=" sys-libs/zlib caps? ( sys-libs/libcap ) man? ( app-text/asciidoc ) - dev-libs/openssl:0=[-bindist] + dev-libs/openssl:0=[-bindist(-)] lzma? ( app-arch/xz-utils ) scrypt? ( app-crypt/libscrypt ) seccomp? ( >=sys-libs/libseccomp-2.4.1 ) diff --git a/net-vpn/tor/tor-0.4.5.9.ebuild b/net-vpn/tor/tor-0.4.5.9-r1.ebuild index 5616d54e5b3c..7ffede47e2de 100644 --- a/net-vpn/tor/tor-0.4.5.9.ebuild +++ b/net-vpn/tor/tor-0.4.5.9-r1.ebuild @@ -26,7 +26,7 @@ DEPEND=" sys-libs/zlib caps? ( sys-libs/libcap ) man? ( app-text/asciidoc ) - dev-libs/openssl:0=[-bindist] + dev-libs/openssl:0=[-bindist(-)] lzma? ( app-arch/xz-utils ) scrypt? ( app-crypt/libscrypt ) seccomp? ( >=sys-libs/libseccomp-2.4.1 ) diff --git a/net-vpn/tor/tor-0.4.6.5.ebuild b/net-vpn/tor/tor-0.4.6.5-r1.ebuild index b58b53b2f97b..5b9be817185e 100644 --- a/net-vpn/tor/tor-0.4.6.5.ebuild +++ b/net-vpn/tor/tor-0.4.6.5-r1.ebuild @@ -29,7 +29,7 @@ DEPEND=" sys-libs/zlib caps? ( sys-libs/libcap ) man? ( app-text/asciidoc ) - dev-libs/openssl:0=[-bindist] + dev-libs/openssl:0=[-bindist(-)] lzma? ( app-arch/xz-utils ) scrypt? ( app-crypt/libscrypt ) seccomp? ( >=sys-libs/libseccomp-2.4.1 ) |