diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-vpn | |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-vpn')
242 files changed, 11740 insertions, 0 deletions
diff --git a/net-vpn/6tunnel/6tunnel-0.12.ebuild b/net-vpn/6tunnel/6tunnel-0.12.ebuild new file mode 100644 index 000000000000..31053d5ce0bb --- /dev/null +++ b/net-vpn/6tunnel/6tunnel-0.12.ebuild @@ -0,0 +1,13 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="TCP proxy for applications that don't speak IPv6" +HOMEPAGE="http://toxygen.net/6tunnel" +SRC_URI="http://toxygen.net/6tunnel/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~s390 x86" +IUSE="" diff --git a/net-vpn/6tunnel/Manifest b/net-vpn/6tunnel/Manifest new file mode 100644 index 000000000000..ad52e9ac3239 --- /dev/null +++ b/net-vpn/6tunnel/Manifest @@ -0,0 +1,3 @@ +DIST 6tunnel-0.12.tar.gz 96364 SHA256 80dbe91bb92282c3c5e98dec871dcd1738ae824e532f9fd6db0d6ebd469d79bf SHA512 56c5b8b285c730e25a1bd57a37fc6d169c4c54a842e7763a1580231158858a098b8eb5549dd8adf0c5ae4516cce9c70b00ae82f27b6e152ca10eba7681b8808b WHIRLPOOL 86b4da2155fff16e6f5dc45a239165e6e300ebda57bc2aab389fed5c7780db52d1f22b74486047d820d5108e05a060ab071be0aa7650a206324a181c43e1bc7c +EBUILD 6tunnel-0.12.ebuild 327 SHA256 dc509c46b9e08263ece98b729d6b33778f7adfa3a80cfd575414dc873fb211cf SHA512 1de35b42125b47ec457201704e694c915a1759c0f30fc0a3b6237a3770ddf715799c563f414eff8c98c4ce1244eab716600e7d1dbe8a71115f7cd98a10b5d990 WHIRLPOOL 97c74a84d35c9dd185c3d9970acaca5e2f31faaf3b3fdb09f78a27fb8260ae55ebe6d4903265a069c5c42e905ee5d66499ee07da12eb98184724be009dee678a +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-vpn/6tunnel/metadata.xml b/net-vpn/6tunnel/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-vpn/6tunnel/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-vpn/aiccu/Manifest b/net-vpn/aiccu/Manifest new file mode 100644 index 000000000000..76b663870737 --- /dev/null +++ b/net-vpn/aiccu/Manifest @@ -0,0 +1,9 @@ +AUX aiccu-2007.01.15-Makefile.patch 2128 SHA256 8e282eb8004da15927cb4811e3a3c007cbfb39fab15483b5b918f78e0cfbfcd6 SHA512 bafc7d397edcfc24138fc32137dc0ee6eb2afedd5e14656e3b769ff50790619a421b5dc3860c316e4c2150890154ded1149eaa5e23734dd0e2471464ff032544 WHIRLPOOL ec96c82ef7b2058a82fe4ec2c2a0217a5bd9447eb6b392b9b77db6d9527b393cff2b6892f34d6645728d181cc754dfb66ba27ab687843c82d9cca315e0acfa48 +AUX aiccu-2007.01.15-gnutls-3.4.patch 927 SHA256 23831ea1971f51eafe57b87590a7dfdb75c380d8dcc8103ebc6f2f82c4942a15 SHA512 43d875eab0d4d4a6133b1a37a76098f58c4601c0235614806c5a9bfae88c6f3a52a32815ea83b1ec1d55c8ae3e18c5348ff16f73567aaed6bee081944783636c WHIRLPOOL b39a22dff8f78a14af54e011f3bc553f44a399012350fa267c9c7aec527bba39f89646308935c56bc727bc94db881eb457357eb948d838de9f875a5e18eb766f +AUX aiccu-2007.01.15-r2-init.gentoo.patch 677 SHA256 80f1503eb963484ffc8c7dd5a4ef132721439695f5fef77eed0220edc1927a47 SHA512 06ca8ca7d860fddf3c1f30eecbfcb7fb8b2e62b66ea3fbdba25af16b03fd91d47c26c54f9b5589c1e91b3a2dc7efeeb457b98db7dde85484402f6c24db0e2570 WHIRLPOOL 1a039cfdc006023ff48f6d37833c37a73bee1ca86fbbdabe079454b1c205064e3c9bd8dfccae246e7db5b161dbf93a5a1810f42b6caa889f4668f9321bd9447c +AUX aiccu-2007.01.15-setupscript.patch 414 SHA256 f1bcc87aac41d1c9bbb667c3a26097bf8939279f983245a76c1f7224a1f5c675 SHA512 6170c9c52516d58ea68f2acd61c78379f21a1810a9c19867c57249547aa07ca35b1281ae4dea905ac4600d2b2643b3a1c7050e3adbad963efb3554688dc4ac0a WHIRLPOOL f6257d70de47c9003da2fc9afa7367d770f9b1a9793aca6c847b238acf6f353d6f18a35ec9611dd0db9fbc4eae59c340ad0d1aecd95a45bdff278e61d3eac55b +AUX aiccu-2007.01.15-systemd.patch 1365 SHA256 d3e7b47aa9b2ebc69966a5bd70dc11f3afb84c1c67c8cb53e2b217452836a52c SHA512 3caf0282aa6e8731b0c0ad7cbb6e2975a7588a6e7df9d0346d0e602e8777d9eddeefc481ae0b9e236b780c6fdd7f434a679bd45303ea0aaa6754f2891e0d7bff WHIRLPOOL 79aab0ed7e52f67a74b00b90343670cf5c1ebcf6b69b02f1672edb056043918988e9961744dcffef1f8f525ec110f401a7b6f94995905753dc4a5c66dd8348db +AUX aiccu-2007.01.15-uclibc.patch 790 SHA256 221f6ca988595ab183eeb09cd50ae2cec2f7c5eaf6aad9a8b1a781aabfdb092b SHA512 fe2382db103f1cda397dfdd02b97e44e1b54b256d87a81fc04e46b999ed5692a077f15a974414f7cbddf6e22c5ba975da0d0fa96e5de516c3741d9121deafca6 WHIRLPOOL cd6fb97e889cc02940146aaf55d7235b916ea63e38ed73a0fc8a1812bd46682078dac64f52452e7d95a47565736fcc6af0e4ff7b500f3fc9d3bd9da26554b27b +DIST aiccu_20070115.tar.gz 70056 SHA256 2260f426c13471169ccff8cb4a3908dc5f79fda18ddb6a55363e7824e6c4c760 SHA512 15b2f0dab51843e58abbd8a0cc13139e492057ee348e368e1b65476bb2760119e88982cd03ffc6ec2cb563a1b7a061e1f66a98861eaad15972d486ac17b7bc78 WHIRLPOOL a5743e9c28ec3b9f6bc43f1b715553842a13872f18281239ed76d3b322e3a4c3c3e0f0c5d80b47694bbedaf831d1b3feed285af9f37174cac323b2c1814813d7 +EBUILD aiccu-2007.01.15-r5.ebuild 1285 SHA256 c590435a55c7f37382b3c4a394dd2c7c6394a9bf216e89f73468103d9ca4ca07 SHA512 8f1fb3e0eb1b21aeff4092493fadaf64ff9a54a22736e5b5a116650bc074a25b2921d940a39eec13903a92ffe74054fefa303da5a2399a74f81c3e5f9a33d73e WHIRLPOOL 20345110cb214ab714008eccc4633859baa1d7d04472638100dd9f0aa29aa379bd8259d0412d488ca6b9b83d68064ab7ad3d7061ebd3b82f4af9ca6782049834 +MISC metadata.xml 237 SHA256 ffb571839c57797d282263369646d2bba2662601a45f7bb3251bb97f716554a6 SHA512 ae2360aa6b1b00c67e0acea4935c02b64585b9a15e126fec9d5d99637021c542c0a495e5116205f3da287def46fa5b19cb1a7f3042c12c5f7a78d66d92fcb03f WHIRLPOOL 60d6da846c983457e038ea5ba3c0bf48f939c9586610985a14cac9772fd1d45d781a643abc16482f232f3028e44fe99fe1a382deaebf6589602fc244a4460e3f diff --git a/net-vpn/aiccu/aiccu-2007.01.15-r5.ebuild b/net-vpn/aiccu/aiccu-2007.01.15-r5.ebuild new file mode 100644 index 000000000000..2887d7a02020 --- /dev/null +++ b/net-vpn/aiccu/aiccu-2007.01.15-r5.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils linux-info systemd toolchain-funcs + +DESCRIPTION="AICCU Client to configure an IPv6 tunnel to SixXS" +HOMEPAGE="https://www.sixxs.net/tools/aiccu" +SRC_URI="https://www.sixxs.net/archive/sixxs/aiccu/unix/aiccu_${PV//\./}.tar.gz" + +LICENSE="SixXS" +SLOT="0" +KEYWORDS="amd64 arm hppa ppc sparc x86" +IUSE="systemd" + +RDEPEND=" + net-libs/gnutls + sys-apps/iproute2 + systemd? ( sys-apps/systemd ) +" +DEPEND="${RDEPEND} + virtual/pkgconfig +" + +S=${WORKDIR}/${PN} + +CONFIG_CHECK="~TUN" + +src_prepare() { + epatch \ + "${FILESDIR}"/${P}-r2-init.gentoo.patch \ + "${FILESDIR}"/${P}-Makefile.patch \ + "${FILESDIR}"/${P}-setupscript.patch \ + "${FILESDIR}"/${P}-uclibc.patch \ + "${FILESDIR}"/${P}-systemd.patch \ + "${FILESDIR}"/${P}-gnutls-3.4.patch +} + +src_compile() { + # Don't use main Makefile since it requires additional + # dependencies which are useless for us. + emake CC=$(tc-getCC) STRIP= -C unix-console \ + HAVE_SYSTEMD=$(usex systemd 1 0) +} + +src_install() { + dosbin unix-console/${PN} + + insopts -m 600 + insinto /etc + doins doc/${PN}.conf + newinitd doc/${PN}.init.gentoo ${PN} + + use systemd && systemd_dounit doc/${PN}.service + + dodoc doc/{HOWTO,README,changelog} +} diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-Makefile.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-Makefile.patch new file mode 100644 index 000000000000..c0eabbefd906 --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-Makefile.patch @@ -0,0 +1,79 @@ +--- unix-console/Makefile.old 2010-06-28 21:56:32.287782600 +0200 ++++ unix-console/Makefile 2010-06-28 22:15:56.232637681 +0200 +@@ -25,14 +25,11 @@ CWARNS += -W -Wall -Wshadow -Wpointer-ar + # CWARNS += -Wpacked + + #CFLAGS += $(CWARNS) -D_GNU_SOURCE -D_DEBUG -g3 -O0 +-CFLAGS += $(CWARNS) -D_GNU_SOURCE ++CFLAGS ?= $(CWARNS) -O3 ++CFLAGS += -D_GNU_SOURCE + CC = @gcc + RM = rm +- +-# Add -O3 when nothing is specified yet +-ifeq ($(shell echo $(CFLAGS) | grep -c "\-O"),0) +-CFLAGS += -O3 +-endif ++STRIP = strip + + # This is a console client + CFLAGS += -D AICCU_CONSOLE +@@ -42,7 +39,7 @@ CFLAGS += -D AICCU_CONSOLE + # Currently defaultly builds only on Linux, but other platforms might easily also support it + ifeq ($(shell uname | grep -c "Linux"),1) + CFLAGS += -D AICCU_GNUTLS +-LDFLAGS += -lgnutls ++LIBS += -lgnutls + endif + + # Linux +@@ -50,7 +47,7 @@ ifeq ($(shell uname | grep -c "Linux"),1 + CFLAGS += -D_LINUX -D HAS_IFHEAD -D AICCU_TYPE="\"linux\"" + SRCS += ../common/aiccu_linux.c + OBJS += ../common/aiccu_linux.o +-LDFLAGS += -lpthread -lresolv ++LIBS += -lpthread -lresolv + endif + + # FreeBSD +@@ -118,7 +115,7 @@ ifeq ($(shell uname | grep -c "Darwin"), + CFLAGS += -D_DARWIN -D NEED_IFHEAD -D AICCU_TYPE="\"darwin\"" + SRCS += ../common/aiccu_darwin.c + OBJS += ../common/aiccu_darwin.o +-LDFLAGS += -lresolv ++LIBS += -lresolv + endif + + # SunOS / Solaris +@@ -126,7 +123,7 @@ ifeq ($(shell uname | grep -c "SunOS"),1 + CFLAGS += -D_SUNOS -D AICCU_TYPE="\"sunos\"" + SRCS += ../common/aiccu_sunos.c + OBJS += ../common/aiccu_sunos.o +-LDFLAGS += -lsocket -lnsl -lresolv ++LIBS += -lsocket -lnsl -lresolv + endif + + # AIX +@@ -137,17 +134,19 @@ CFLAGS += -D AICCU_CONSOLE + CFLAGS += -D_AIX -D AICCU_TYPE="\"aix\"" + SRCS += ../common/aiccu_aix.c + OBJS += ../common/aiccu_aix.o +-LDFLAGS += -lpthread ++LIBS += -lpthread + endif + + + all: aiccu + + aiccu: $(OBJS) ${SRCS} ${INCS} +- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) + ifeq ($(shell echo $(CFLAGS) | grep -c "DEBUG"),0) + ifeq ($(shell echo "$(RPM_OPT_FLAGS)" | wc -c),1) +- strip $@ ++ifdef STRIP ++ $(STRIP) $@ ++endif + endif + endif + diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-gnutls-3.4.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-gnutls-3.4.patch new file mode 100644 index 000000000000..ee637a761029 --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-gnutls-3.4.patch @@ -0,0 +1,22 @@ +from http://git.alpinelinux.org/cgit/aports/tree/main/aiccu + +--- aiccu/common/common.c 2015-04-17 23:08:32.543680010 +0200 ++++ aiccu/common/common.c.new 2015-04-17 23:14:02.152457972 +0200 +@@ -272,7 +272,6 @@ + { + #ifdef AICCU_GNUTLS + /* Allow connections to servers that have OpenPGP keys as well */ +- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + int ret; + #endif /* AICCU_GNUTLS*/ + +@@ -300,8 +299,7 @@ + gnutls_set_default_priority(sock->session); + /* XXX: Return value is not documented in GNUTLS documentation! */ + +- gnutls_certificate_type_set_priority(sock->session, cert_type_priority); +- /* XXX: Return value is not documented in GNUTLS documentation! */ ++ gnutls_priority_set_direct(sock->session, "NORMAL:+CTYPE-OPENPGP", NULL); + + /* Configure the x509 credentials for the current session */ + gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred); diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-r2-init.gentoo.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-r2-init.gentoo.patch new file mode 100644 index 000000000000..35ca2b8a6719 --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-r2-init.gentoo.patch @@ -0,0 +1,33 @@ +--- aiccu/doc/aiccu.init.gentoo ++++ aiccu/doc/aiccu.init.gentoo +@@ -2,7 +2,7 @@ + + depend() { + need net +- after ntp-client ++ after ntp-client ntpd + } + + checkconfig() { +@@ -23,14 +23,19 @@ + start() { + checkconfig || return 1 + ebegin "Starting aiccu" +- start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/aiccu -- start ++ start-stop-daemon --start --quiet --exec /usr/sbin/aiccu -- start + eend $? + } + + + stop() { + ebegin "Stopping aiccu" +- start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/aiccu -- stop ++ start-stop-daemon --stop --pidfile /var/run/aiccu.pid --quiet --exec /usr/sbin/aiccu -- stop + eend $? + } + ++restart() { ++ stop ++ sleep 3 ++ start ++} diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-setupscript.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-setupscript.patch new file mode 100644 index 000000000000..8981530435f3 --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-setupscript.patch @@ -0,0 +1,17 @@ +--- aiccu/unix-console/main.c ++++ aiccu/unix-console/main.c +@@ -471,6 +471,14 @@ + */ + if (aiccu_setup(hTunnel, true)) + { ++ ++ /* Running setup script */ ++ if (g_aiccu->setupscript) ++ { ++ aiccu_exec("%s", g_aiccu->setupscript); ++ } ++ ++ + /* We need to stay running when doing Heartbeat or AYIYA */ + if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 || + strcasecmp(hTunnel->sType, "ayiya") == 0) diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-systemd.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-systemd.patch new file mode 100644 index 000000000000..e8616d04b3fc --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-systemd.patch @@ -0,0 +1,52 @@ +--- /dev/null ++++ aiccu-2007.01.15/doc/aiccu.service +@@ -0,0 +1,13 @@ ++[Unit] ++Description=Automatic IPv6 Connectivity Client Utility ++After=time-sync.target network.target ++ConditionPathExists=/etc/aiccu.conf ++ ++ ++[Service] ++Type=notify ++ExecStart=/usr/sbin/aiccu start ++ExecStop=/usr/sbin/aiccu stop ++ ++[Install] ++WantedBy=multi-user.target +--- aiccu-2007.01.15/unix-console/Makefile ++++ aiccu-2007.01.15/unix-console/Makefile +@@ -48,6 +48,10 @@ ifeq ($(shell uname | grep -c "Linux"),1) + SRCS += ../common/aiccu_linux.c + OBJS += ../common/aiccu_linux.o + LIBS += -lpthread -lresolv ++ifeq (1,$(HAVE_SYSTEMD)) ++LIBS += $(shell pkg-config --libs libsystemd 2>/dev/null || pkg-config --libs libsystemd-daemon) ++CFLAGS += -DHAVE_SYSTEMD ++endif + endif + + # FreeBSD +--- aiccu-2007.01.15/unix-console/main.c ++++ aiccu-2007.01.15/unix-console/main.c +@@ -12,6 +12,9 @@ + + #include "../common/aiccu.h" + #include "../common/tun.h" ++#ifdef HAVE_SYSTEMD ++#include <systemd/sd-daemon.h> ++#endif + + #ifndef _WIN32 + /* Enable/Disable heartbeating */ +@@ -478,6 +481,10 @@ int main(int argc, char *argv[]) + aiccu_exec("%s", g_aiccu->setupscript); + } + ++#ifdef HAVE_SYSTEMD ++ /* Tell systemd we are operational. */ ++ sd_notify(0, "READY=1"); ++#endif + + /* We need to stay running when doing Heartbeat or AYIYA */ + if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 || diff --git a/net-vpn/aiccu/files/aiccu-2007.01.15-uclibc.patch b/net-vpn/aiccu/files/aiccu-2007.01.15-uclibc.patch new file mode 100644 index 000000000000..56341dea72f4 --- /dev/null +++ b/net-vpn/aiccu/files/aiccu-2007.01.15-uclibc.patch @@ -0,0 +1,29 @@ +--- aiccu/common/resolver.c ++++ aiccu/common/resolver.c +@@ -26,7 +26,7 @@ + + int getrrs(const char *label, int rrtype, void gotrec(unsigned int num, int type, const char *record)) + { +-#ifdef _LINUX ++#if defined(_LINUX) && ! defined(__UCLIBC__) + struct __res_state res; + #endif + unsigned char answer[8192]; +@@ -38,7 +38,7 @@ + uint16_t type = 0, class = 0; + uint32_t ttl = 0; + +-#ifdef _LINUX ++#if defined(_LINUX) && ! defined(__UCLIBC__) + memset(&res, 0, sizeof(res)); + res.options = RES_DEBUG; + res_ninit(&res); +@@ -47,7 +47,7 @@ + #endif + + memset(answer, 0, sizeof(answer)); +-#ifdef _LINUX ++#if defined(_LINUX) && ! defined(__UCLIBC__) + ret = res_nquery(&res, label, C_IN, rrtype, answer, sizeof(answer)); + #else + ret = res_query(label, C_IN, rrtype, answer, sizeof(answer)); diff --git a/net-vpn/aiccu/metadata.xml b/net-vpn/aiccu/metadata.xml new file mode 100644 index 000000000000..a535b8852829 --- /dev/null +++ b/net-vpn/aiccu/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> +<email>xmw@gentoo.org</email> +<name>Michael Weber</name> +</maintainer> +</pkgmetadata> diff --git a/net-vpn/badvpn/Manifest b/net-vpn/badvpn/Manifest new file mode 100644 index 000000000000..4636ca82d04c --- /dev/null +++ b/net-vpn/badvpn/Manifest @@ -0,0 +1,17 @@ +AUX badvpn-1.999.127-ncd.init 592 SHA256 765fb9d39bbe17925bcb83bcf5eb6082c88f14dc72a35dba80bd44d642dc25e1 SHA512 d82803b5042c0f450c20023be601860e751ef5d32d0174cb71c903e4d57ebab14e36cdbe7a268e322cd88e49824071659703f71e0e5fa92f0f70ce8c1412ef05 WHIRLPOOL a3cab59389fede3b4d50646e3075fc57b95fcf191e15b9a6f67b35775e9e4b5d31eed29b8a9ac97c2e7e08f0f746a55b1f2f38c3346e72e0be7b57786b61ed29 +AUX badvpn-ncd.conf 182 SHA256 52e17827c5455c65fed6e1609a2feb35491393be389798760d518b2bf4b0eec3 SHA512 4b113e3630de4b679d3c74cd4154d0353c6ea8791a77b302c867f5007e889502cf4e6bd1c45d6151e1ea6843bc13ac3e6458790eb4e646daf17d0126b996492f WHIRLPOOL 15b3bbfa207870dd4eda28781e387bd4de8981984ebf400e6742ba652ede7edc25e94f256d1d4e5dec615d727dc763d9680374dcc934fc4dc4b0c167f23ca3af +AUX badvpn-ncd.init 1146 SHA256 8b77297644aa9d5816f37bbbd3c99b01b914ed26f28a63e2b82b6be5fb781a11 SHA512 5bed2372af376241f86037baba383ba7ac28aabe7b05d791345c69fbc23df453a4caca8d9680e3f16c9352c537b369dd04d73234aed4ee711af7d66d1a076ddd WHIRLPOOL d522dd1ed5bcb5df68d9b464e44a421368211ff3aef09cdc5de1edc5571f8467f74e4658f0da3256acf9cffe263fd1912a93d8da14895c0d5434267a3ffeb2fa +AUX badvpn-ncd.service 266 SHA256 c80a55b0c7a38401521aca7a3eac4724e88cf5fc1857a27d4199c9b02b1c24d2 SHA512 5087d35a4d8c0d17202fe71d2bd2c881292720b550811d99d711623307e32515938464cb885be6c02a784cfc24311aef0b76576fbffeeadcad9b59c3a05e3fc9 WHIRLPOOL 6ff54db1d355047e1a253310a4af02705e326d09f884e5c782e24fba73d8cb1dc9081149c8a5ea50d598572b2e10cf859dd35c339c94051c2beb64b6ed4caeed +AUX badvpn-server.conf 227 SHA256 888f63e217739f1684574064d5c6f3e88cf562dab17885b15e14905a70cd86f3 SHA512 c5628f1380434884d297846a1c49a31f369a17f97ab9914a741cfde9a21df52926b247c0b9544605c2438f47110c9f548b9161c5975be91e70dacfdf993839c8 WHIRLPOOL adf1d5584e84d5027dd566ee01e0792b7e23ace5b51a808ad3762d3141852f2373bf67c300d78c6f4fcd75add36742b5d84ef03c7d92b6a9c2a76812e51c458d +AUX badvpn-server.init 1136 SHA256 3cc8d6e3d200c1d4b2043d18b0fdc28702987a8e635efcce368cdfe272ab9234 SHA512 12326aa9ee4966786bb49dcc8184bceefaa0c02bf4ed00ca6437d58b64178762b75ec137846401493ca8a8d0cee313339915df49e44870bc9745176ca9edffd5 WHIRLPOOL ae44f2294740b1a0ce061d25919e664d879ec937b2d7c33dc0418d87c8c1763e032834de28ec206bb410b7569217562d96e2dbd142686236092d01336e4ab982 +DIST badvpn-1.999.126.tar.bz2 936233 SHA256 188440a6d2fa575162f65baf4b8a2645d6fda71ef1a20794ec0be42a3053f2ff SHA512 3d0bbe3c8f91a3cb758b78a0fce4fd111f93fa0578ce06f0a8db5cc575d02f52248b37e7fa097447589257e47084a607a9df7078448ef44ae9fb66eb59e8b9e2 WHIRLPOOL 6767bc359c92d85d91f7b32d15c17bd0f33dcaa36716d8cc3b87eb59a110d7d26d91b38145e9f47cce3950f49470756ade29c6768b956f27108fff143248ac79 +DIST badvpn-1.999.127.tar.bz2 962224 SHA256 d20c79d69a7aa9eac1e0bf9a52fb9c9cdca78be123b6d17d59ff277f282e7943 SHA512 7484a817795392a52b44d3bf68765652739029aae8c16965b433bbfb4ca67ea70048f76376ba445196aac07a8f19f97696917ad24fe2bcb34025adda1f18a9fb WHIRLPOOL a3030691d50add2f76854b3a4c3cd1a66c3d3c53b0780c592e0a7337907c7d253a4ea552c57c26e03abc0adf5c4d2f416b18a3e74bc3a6af9b9182927cd721f5 +DIST badvpn-1.999.128.tar.bz2 1000636 SHA256 d6b28d5d566470dd1b0584b14b7ffab8159e4f604c1facbf9ef3a3ddbc0c9bfc SHA512 7d59e8365c10e7164c6c74b95d5f212ae0c480870bea31a6fb4ed25883f28bb6365e09a9271a9ecedccccd886e5f5e50a6f6df406ee3c40fad40031bbd3f049b WHIRLPOOL 5541a8d91a48f69fb5646451c276d0dd8844e508f9a33d553f08c5aabbe2c6d5bab8bd6073829641facec861d507cfce7c346497bc3f321033dd46c036f719d9 +DIST badvpn-1.999.129.tar.gz 1327123 SHA256 f4fd6fef72203acee10af7d7a6198f6f5fdfc00d9607f0924f6ebae84d570f1d SHA512 7a305198d7b4aaa31e567ff1f1bf23e0a65070d8eae78e7ed6be1a3a3b7bce7fcba32c0eb8ae549ef1851a61675afc1770f52dedf131658036b7b6414fdd4e4e WHIRLPOOL 821a4228ff1f3e2fbc5af7db07536ffeeed7c35ad6a9238948f3c9b350ddf556fbc69e036ce08ed2bc9c7c805b653ff1532c336b37b67acb40ccf41e7bacb6a2 +DIST badvpn-1.999.130.tar.gz 1340372 SHA256 bfd4bbfebd7274bcec792558c9a2fd60e39cd92e04673825ade5d04154766109 SHA512 958d6f3b7a8074fa7ba2f26812c9b2c39272b75d762a12a821ad2d0db9cdc9b9307338d77ca0dcadcf57b81fa4632362e67524de4246d01829951e8924a89770 WHIRLPOOL 77bf158eb4624301a7ecc3f17583faf3525d8ff165478535d6f9d33b42d4e50906ede42a8dea4454bb06b6845a20aa3127649ba0ceaf08e0e04fe9839de7184c +EBUILD badvpn-1.999.126.ebuild 1950 SHA256 cd773f8b040bc907ee3496d589c642a8981dc3af904083f7a40c8b40b5c8f860 SHA512 df2c00a2d0e74bb54fa11b30744bf685caf3ec6b42d6639314a8c0b11862d18a38a15ee8f12692ccdd74c1c70f74a9c4fec25e00260af356487c3cd6119042d1 WHIRLPOOL d9c6dea57ff8d4782fc5e5339e5ec925a00ec8bc8911a1366821feafc87a10979d1093673158bfd99d3217728b149ebb7d536049742077c57339e0d67a4f6eda +EBUILD badvpn-1.999.127.ebuild 2004 SHA256 886da7ce9dd19a63d561ab3cb7c2c3f2433351f93e32316c659e4910c3743dc2 SHA512 bd246dab767f82d2b3e9976782e0a76b72e5bac17e09392712156158952a5f31dba9a51518a738b448c94064e94dc4050a559c485143da70ba1a7173078dabf3 WHIRLPOOL 1a11e65c34b21f9a4b8a812f9dfaca3703faf1fb68f6cac116dd82aab06f4a181a87ed2524ba55c29458399d7a94a8760b4f935a8b79f7f8936c4d2fa18f6bdc +EBUILD badvpn-1.999.128.ebuild 2018 SHA256 50a723f0d6ac115e74def6a337643a3d9139c13b5e725b99a9c178cef4f12e2c SHA512 961793858377216a5ac12cdd614765572332bf37fbbe1b7bef8a3f17d495d9e70bdc9271d4dee522fe212744a0fec08591426a71a3a13665c4879bac4daac8b3 WHIRLPOOL 6201512a4d51445ffc7ead41ae8c4365338b01e43c3ce30c687eda8c18753fead5ee7b25598b30ab4dcf15fd406c5ff0fa00db02d511b543f0e395e7d0bc527c +EBUILD badvpn-1.999.129.ebuild 2070 SHA256 97bdb6e172e0f9eda1b8d5836aae09ae6205bf5af88c3c7e30e8ea9aadeab0e8 SHA512 95afb2657387e0598987965e58ede6a274d595bdc1748eb8e22c3d16e39af1206605e34420b7ea51a2ace928ce9a577d65293dec8512fd745b272c4b9b003359 WHIRLPOOL 815dc81c6e04fb57c8a7632495f611c7d39dd3e96269bfd8852c423eb7dc0676fdf616b1718bfab57f3dfc3eb73ca46bed5106c27934f0e6557d079272b73672 +EBUILD badvpn-1.999.130.ebuild 1976 SHA256 1f9d3c707539e1385946853b0c94364ddebc44a2da9f555d6ffe31fd0ab08af3 SHA512 ba1c2e0362eaa4aec4b9b4f2cf782d5a5bca50c821cd95c2b6e7077390459bb047f5d59f31b0fcfc752d4a15d5327dd2dc68d23c24f14e7a90c587f3571d6548 WHIRLPOOL 0a477aab4e3ae6328d281896d7d0a53e0c7c66f8a1b20280700b1940a788e4174e6d0b846f31ecd9056c5fdb887340a1534abadbb6b8c7ca01428d579fc718e8 +MISC metadata.xml 1849 SHA256 717870252cb6f900f827d8ccb2615bb249eb739ee069b3dbea744f665270189a SHA512 fcec8de10a74e9c1950b1dc3e70b949bd6d5a8cbbcad3295f1b7dd177882959f53842b52e613dba70cf1928e85b8caa97d5b19abdec68804fe7e24bad36e8a08 WHIRLPOOL 7849599b81efd51bc98ca5e9b04fd692a996216fe28e322aa183c92fac920e97876c6094afa404fd49fd94576d2bef13c633ad4848d7a922dc3c8177027b895e diff --git a/net-vpn/badvpn/badvpn-1.999.126.ebuild b/net-vpn/badvpn/badvpn-1.999.126.ebuild new file mode 100644 index 000000000000..56e19578c566 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.126.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.127.ebuild b/net-vpn/badvpn/badvpn-1.999.127.ebuild new file mode 100644 index 000000000000..f8b68ce72105 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.127.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="amd64 arm x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${P}-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.128.ebuild b/net-vpn/badvpn/badvpn-1.999.128.ebuild new file mode 100644 index 000000000000..879722ef31ba --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.128.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.129.ebuild b/net-vpn/badvpn/badvpn-1.999.129.ebuild new file mode 100644 index 000000000000..6183228f2ab0 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.129.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://github.com/ambrop72/badvpn https://code.google.com/p/badvpn/" +SRC_URI="https://github.com/ambrop72/badvpn/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +KEYWORDS="amd64 ~arm x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.130.ebuild b/net-vpn/badvpn/badvpn-1.999.130.ebuild new file mode 100644 index 000000000000..8fc6bb47aa1e --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.130.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://github.com/ambrop72/badvpn https://code.google.com/p/badvpn/" +SRC_URI="https://github.com/ambrop72/badvpn/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:0 + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:0 + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init b/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init new file mode 100644 index 000000000000..69f7ba45992a --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${ncd_exec:-"/usr/bin/badvpn-ncd"}" +command_args="${ncd_args} --config-file ${ncd_config:-/etc/ncd.conf}" +command_background="YES" +description="Network Configuration Daemon" +pidfile="/var/run/${RC_SVCNAME}.pid" + +depend() { + need localmount + after bootmisc + before netmount +} + +start_pre() { + if yesno "${ncd_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${ncd_syslog_ident:-${RC_SVCNAME}}\" + --channel-loglevel ncd_log_msg info" + fi +} diff --git a/net-vpn/badvpn/files/badvpn-ncd.conf b/net-vpn/badvpn/files/badvpn-ncd.conf new file mode 100644 index 000000000000..ad34c66f7ca3 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.conf @@ -0,0 +1,11 @@ +# NCD program file. +#ncd_config="/etc/ncd.conf" + +# enable or disable syslog. +#ncd_syslog="NO" + +# Syslog identification. +#ncd_syslog_ident="ncd" + +# Additional arguments. +#ncd_args="" diff --git a/net-vpn/badvpn/files/badvpn-ncd.init b/net-vpn/badvpn/files/badvpn-ncd.init new file mode 100644 index 000000000000..e408075128a4 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.init @@ -0,0 +1,48 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${ncd_exec:-"/usr/bin/badvpn-ncd"}" +command_args="${ncd_args} --config-file ${ncd_config:-/etc/ncd.conf}" +command_background="YES" +description="Network Configuration Daemon" +pidfile="/var/run/${RC_SVCNAME}.pid" + +depend() { + need localmount + after bootmisc + before netmount + if yesno "${ncd_syslog:-NO}"; then + use logger + fi +} + +start_pre() { + if yesno "${ncd_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${ncd_syslog_ident:-${RC_SVCNAME}}\"" + fi +} + +start() +{ + [ -n "$command" ] || return 0 + local _background= + ebegin "Starting ${name:-$RC_SVCNAME}" + if yesno "${command_background}"; then + if [ -z "${pidfile}" ]; then + eend 1 "command_background option used but no pidfile specified" + return 1 + fi + _background="--background --make-pidfile" + fi + eval start-stop-daemon --start \ + --exec $command \ + ${procname:+--name} $procname \ + ${pidfile:+--pidfile} $pidfile \ + $_background $start_stop_daemon_args \ + -- $command_args + eend $? "Failed to start $RC_SVCNAME" + return $? +} diff --git a/net-vpn/badvpn/files/badvpn-ncd.service b/net-vpn/badvpn/files/badvpn-ncd.service new file mode 100644 index 000000000000..6ca7aa515e00 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Configuation Daemon +After=syslog.target + +[Service] +ExecStart=/usr/bin/badvpn-ncd --logger syslog --syslog-ident ncd --loglevel warning --channel-loglevel ncd_log_msg info /etc/ncd.conf +Restart=always + +[Install] +WantedBy=multi-user.target + diff --git a/net-vpn/badvpn/files/badvpn-server.conf b/net-vpn/badvpn/files/badvpn-server.conf new file mode 100644 index 000000000000..ed5103d3d0ef --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-server.conf @@ -0,0 +1,11 @@ +# User account to run server as. +#vpn_user="badvpn" + +# Enable or disable syslog. +#vpn_syslog="NO" + +# Syslog identification. +#vpn_syslog_ident="badvpn-server" + +# Arguments to badvpn-server. +vpn_args="--listen-addr 0.0.0.0:7179" diff --git a/net-vpn/badvpn/files/badvpn-server.init b/net-vpn/badvpn/files/badvpn-server.init new file mode 100644 index 000000000000..32ee7fefe33e --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-server.init @@ -0,0 +1,48 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${vpn_exec:-/usr/bin/badvpn-server}" +command_args="${vpn_args}" +command_background="YES" +description="BadVPN server" +pidfile="/var/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="--user \"${vpn_user:-badvpn}\"" + +depend() { + need localmount + after bootmisc + if yesno "${vpn_syslog:-NO}"; then + use logger + fi +} + +start_pre() { + if yesno "${vpn_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${vpn_syslog_ident:-${RC_SVCNAME}}\"" + fi +} + +start() +{ + [ -n "$command" ] || return 0 + local _background= + ebegin "Starting ${name:-$RC_SVCNAME}" + if yesno "${command_background}"; then + if [ -z "${pidfile}" ]; then + eend 1 "command_background option used but no pidfile specified" + return 1 + fi + _background="--background --make-pidfile" + fi + eval start-stop-daemon --start \ + --exec $command \ + ${procname:+--name} $procname \ + ${pidfile:+--pidfile} $pidfile \ + $_background $start_stop_daemon_args \ + -- $command_args + eend $? "Failed to start $RC_SVCNAME" + return $? +} diff --git a/net-vpn/badvpn/metadata.xml b/net-vpn/badvpn/metadata.xml new file mode 100644 index 000000000000..e2a7803599c3 --- /dev/null +++ b/net-vpn/badvpn/metadata.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <description>backup Maintainer, CC him on bugs</description> + </maintainer> + <upstream> + <maintainer status="active"> + <email>ambrop7@gmail.com</email> + <name>Ambroz Bizjak</name> + </maintainer> + <doc lang="en">https://code.google.com/p/badvpn/w/list</doc> + <bugs-to>https://github.com/ambrop72/badvpn/issues</bugs-to> + <remote-id type="github">ambrop72/badvpn</remote-id> + <remote-id type="google-code">badvpn</remote-id> + </upstream> + <use> + <flag name="client">Build the badvpn-client program, a daemon that + runs on endpoints of the VPN.</flag> + <flag name="server">Build the badvpn-server program, a central + server that manages the VPN network.</flag> + <flag name="ncd">Build NCD, a lightweight scripting language + especially suited for network configurations.</flag> + <flag name="tun2socks">Build tun2socks, a program which implements + a TUN device that forwards TCP traffic through a SOCKS5 + server.</flag> + <flag name="udpgw">Build udpgw, a small daemon which allows tun2socks to forward UDP traffic.</flag> </use> + <longdescription lang="en"> + BadVPN is an open-source peer-to-peer VPN system. It provides a + Layer 2 (Ethernet) network between the peers (VPN nodes). The peers + connect to a central server which acts as a chat server for them to + establish direct connections between each other (data connections). + These connections are used for transferring network data (Ethernet + frames), and can be secured with a multitude of mechanisms. + + The BadVPN package also includes other network-related software, + like tun2socks and NCD. + </longdescription> +</pkgmetadata> diff --git a/net-vpn/corkscrew/Manifest b/net-vpn/corkscrew/Manifest new file mode 100644 index 000000000000..c1e252ee131a --- /dev/null +++ b/net-vpn/corkscrew/Manifest @@ -0,0 +1,3 @@ +DIST corkscrew-2.0.tar.gz 56749 SHA256 0d0fcbb41cba4a81c4ab494459472086f377f9edb78a2e2238ed19b58956b0be SHA512 bfea81064601cdf67ba1730b49e3a5f7aa377423edbfb052ff0f6b2776b49e104852b7f126f4668d37541a706313ef37d9b4535126e94bb202db4ac38f693e6f WHIRLPOOL 3a765adb7d17e3d48df6396e2da7796ee90b3f25bf99737ddb40f28193183821b363b21bb071cfbf6bf7166c66e069066cf429d2aceff5c08bea4b2ed719e022 +EBUILD corkscrew-2.0.ebuild 985 SHA256 a662c1d0afefc82485450fca1ac5bda135031aafac13e18e04c4027380956542 SHA512 f8bee38825cf415c8af32936cb6537968198c1b5a9e3619e6863b8e3bd41b1b8e6ed58943878be84077ee3220d328fa7c9afc6de812fd870e95aa79e0d12523b WHIRLPOOL add84505b19baa80d07bc67ed73d8bfe9a659af4cd79524329b12cb9314e78cd0c466537290062fe1997bef37e65efbba5d2f3dfcbd590e64a762a8605500d44 +MISC metadata.xml 490 SHA256 b7a90d80e4dc474a29e1b5cfda80b71ea76d18f77a2367b04cfcd15ee2cbcb0a SHA512 5eb192864e8d355c8437a1f62f05cceda9608392cc66c76a0a47c4ff5aa37bc47debbb1b756cb27ce7553156ff0813f7224639a1cc6fb57fd7b81e3d147146fb WHIRLPOOL 1e92d52de9d343ee5d3e006189159caabc3f716b5d391db3f6427fea28baa907e1f8a7752e170e2767af20f4adb1c860011eb67d61477fe333baedec2be9f75b diff --git a/net-vpn/corkscrew/corkscrew-2.0.ebuild b/net-vpn/corkscrew/corkscrew-2.0.ebuild new file mode 100644 index 000000000000..2982c2a8fddf --- /dev/null +++ b/net-vpn/corkscrew/corkscrew-2.0.ebuild @@ -0,0 +1,32 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 +inherit autotools + +DESCRIPTION="a tool for tunneling SSH through HTTP proxies" +HOMEPAGE="http://www.agroman.net/corkscrew/" +SRC_URI="http://www.agroman.net/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm ~ppc ~sparc x86" +IUSE="" + +DOCS="AUTHORS ChangeLog README TODO" + +src_prepare() { + # Christoph Mende <angelos@gentoo.org (23 Jun 2010) + # Shipped configure doesn't work with some locales (bug #305771) + # Shipped missing doesn't work with new configure, so we'll force + # regeneration + rm -f install-sh missing mkinstalldirs || die + + # Samuli Suominen <ssuominen@gentoo.org> (24 Jun 2012) + # AC_HEADER_STDC is called separately and #include <string.h> is + # without #ifdef in corkscrew.c. Instead of using AC_C_PROTOTYPES, + # remove the call entirely as unused wrt bug #423193 + sed -i -e 's:AM_C_PROTOTYPES:dnl &:' configure.in || die + + eautoreconf +} diff --git a/net-vpn/corkscrew/metadata.xml b/net-vpn/corkscrew/metadata.xml new file mode 100644 index 000000000000..306c354edf5b --- /dev/null +++ b/net-vpn/corkscrew/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>sysadmin@gentoo.org</email> + <name>Gentoo Sysadmin Project</name> +</maintainer> +<longdescription> +Corkscrew is a tool for tunneling SSH through HTTP proxies. +</longdescription> +<longdescription lang="ja"> +Corkscrew は HTTP プロクシ経由の SSH トンネルを構築するツールです。 +</longdescription> +</pkgmetadata> diff --git a/net-vpn/freelan/Manifest b/net-vpn/freelan/Manifest new file mode 100644 index 000000000000..3087652ac085 --- /dev/null +++ b/net-vpn/freelan/Manifest @@ -0,0 +1,10 @@ +AUX boost158.patch 1433 SHA256 691de01fa83ab4c7dca925949f659de6b7bd2260fc113d5d123b1c69c6ec27cb SHA512 862765ea32542275777a50ca0c6cc135525dc4cab8c6db184f85aaa24daf7e34ca809e6c9b7b52c49c68d5d3aade5d5e5c0eb60816f4f84d8fccf754e5841640 WHIRLPOOL 603aad7f69ebe4673130750291a643e47a4bf55c5a9e5e89def676a80514b083e8ad0aecb747bf5cb8e2d6d0c68950752c79bb0079fd7353b45c7bdeb7c4dbfc +AUX boost163.patch 1448 SHA256 30f53c3ea4d1bd0da75c66ddffc6c426c070a4cf352a1129f3bd1f5116c19ed0 SHA512 ce67970a5d24314318c6c418178b154a7577e4568571129995961b318b087595bb7133d734c05e6d741836f99b2c978293fd786fc538b9a057fe9c85b164b318 WHIRLPOOL 310a4b5447a1f6a7b1ec379d987874608a7d19fefbd69d23b450439c97a3108aae6b60b4d915aed5e109ba7a55926ff013a0c9e737c150e2048805acbc8f41f1 +AUX gcc7.patch 1821 SHA256 5d98804200cf681c799dffe1a7b23714399b536e9561c49d7e4fd4a5e400d92b SHA512 8448139692db3fe01ae45fa36f378e036ff947f8e500bb97c74326bf27a28479bc1981ff16c1a15288905e0f3fd76b05d16588437038fc47abee23a77388f9ea WHIRLPOOL 9a703203cc59eb4adfed03b68340f8c1bd00d628e62938df39530ac9b604cc93d46b694f17ad0a3078dd9edb2e20f01b40b2045b31350081d3948733d13d25ff +AUX glibc225.patch 710 SHA256 83bfefa3540a1c10d38d0465348d9bbbd52447fb141314ad1397c51234616e9a SHA512 150d3d259aa54575bf77b7ba97fb9e8bfad0d9eec14a82098a8ab6e1151696b93f90f9ba60b1570f22468806f3da26514cdfb12351071a7fbced4ba15dbac549 WHIRLPOOL af57b34b8208b2e7d414eefbf70450d12f58c053c2884aec438fe6fc03126f98ec8df6c16a25711d7a8ff866925602e4a0acafe21ac1164e38fff5590dffa47c +AUX mf.patch 1004 SHA256 71962009bf97f0072660135fe5adf5697554104c68b01559deabb1c71f6ec859 SHA512 1753cd420ec43d3aab05b28326ebb41c43ce8d3437bfa3703bc90b3b86d0a65cfbba17aff3b99057900dc84bb54c815c0178441171ba51029aefec0a131f6313 WHIRLPOOL 5940116fa1b7986da4e1817446692ed89222dd2114fa6645651ea6daafa7324e1e21f75a15252260ebbcd74d885e6f0b560f127c69dd6fc5f5f139cfe14efdbf +AUX openrc/freelan.initd 263 SHA256 f50f7925e427f266e4a810f9ec29bc184926cbb172252e907c27c9955f551dae SHA512 bf8ac87cbfdf83ab38e0a90f85d598abf25028682cd94b6b44de69d02daecf35d35403e2a3e63c10cb6a99f783f7a72bb58fd0e0cb00013c32fe2aba4b179f23 WHIRLPOOL e24e2e15877e925492803940fc3909981534adc886a35659a7835018b9c48c6c2a746689482702190d471d8b67938db5d28a5c3360302dfabcc70970cc1e0428 +AUX prefix.patch 3282 SHA256 8d3d4f3a0a51905ad4b4219b54558b12acc32a02ba1133e1fa614eeeb485724c SHA512 8a4751cd2cc9933e7fd3ae47c03292f2752416002b8ce6fe1ff651aa7c341d6195a640d51f0c88e25113084aeb4e2e88eef91f9b97936b46da6ec600d0efe799 WHIRLPOOL c08529e9fc2dd0a00e5ca19d743d61451582085d0b3c8d1e6f99744c121dd550c17bf615e5edda330f3dd902c67e251e4f9046e8fefe71b2079c07beca521686 +DIST freelan-2.0.tar.gz 4330112 SHA256 02fa5b4806655ca7ad24bdb265a7b79e2e8b900797dca1c87a157e76ec85f529 SHA512 72e5381fdad4d413f4f85c4789ad78c38360a300da6f49a3e8119fe2cacb7a7b05ce16ddcbfcdc008e1c2848c535648967e92f082338fdfb2c1b8e43f53291cc WHIRLPOOL ba51350692c510a689772cb75a03f0607d58898581d85d3c58f78191df72bb2a762ee14a6fcb0c49745170ddf015a49b090a679613dfc1d2b478dc35e2d9a7d8 +EBUILD freelan-2.0.ebuild 1370 SHA256 c53202963bc5eed123ab9f365bc72346ecdb501b187e66ff3ba3b504aeaf990d SHA512 5dbdb99545cadc5d840d6b0ae0f34e9e8082fbf8cd312f8f3dcad1ba89b480d396b826d8a7071b6f2caa4e713954592327ca830921913522e5536030d113205d WHIRLPOOL 548173c18440571c430bf755cda5b2932216e257c9644b3c1a2da91a55828edd396a39179da53044ceb345da4c7c4453efb79247e411f5331a23eb049c32ea26 +MISC metadata.xml 340 SHA256 37cc32014ec752dd3a7aeb74969f0d44ed6f01871d5c286cd55e2279f95c7c89 SHA512 864027adfa1b5b2947c04b737a862aabb9dee4f411d837489cad78bd0e46cd92d31a71ee1167dc938ec0dd23d8005dc1255df6d1b21820f05c3b420f1e280608 WHIRLPOOL 8dd329f979f48ddd02f3e2165e7cfcb76518076bc454196afe5685f3be8c92c1cff1d054ac65179c78cb1124ca8a3477af296ffc7a8ace09804e8a3cff11d43d diff --git a/net-vpn/freelan/files/boost158.patch b/net-vpn/freelan/files/boost158.patch new file mode 100644 index 000000000000..7d5bb740f7bd --- /dev/null +++ b/net-vpn/freelan/files/boost158.patch @@ -0,0 +1,41 @@ +commit 68d18a5a7dd7fad8638409d46d144d33a30b54ce +Author: Mihai Bişog <mihai.bisog@gmail.com> +Date: Sat Aug 1 15:18:35 2015 +0300 + + Fixed compilation errors when compiling against boost 1.58 + +diff --git a/libs/asiotap/include/asiotap/types/endpoint.hpp b/libs/asiotap/include/asiotap/types/endpoint.hpp +index 125e1b4..318b7e6 100644 +--- a/libs/asiotap/include/asiotap/types/endpoint.hpp ++++ b/libs/asiotap/include/asiotap/types/endpoint.hpp +@@ -350,6 +350,9 @@ namespace asiotap + */ + std::istream& operator>>(std::istream& is, endpoint& value); + ++// Note: this operator is defined in boost variant as of version 1.58. Keeping it around will ++// introduce overload resolution ambiguity. ++#if BOOST_VERSION < 105800 + /** + * \brief Compare two endpoints. + * \param lhs The left argument. +@@ -360,6 +363,7 @@ namespace asiotap + { + return !(lhs == rhs); + } ++#endif + + /** + * \brief Get an endpoint with a default port. +diff --git a/libs/freelan/src/curl.cpp b/libs/freelan/src/curl.cpp +index 342bb79..392d734 100644 +--- a/libs/freelan/src/curl.cpp ++++ b/libs/freelan/src/curl.cpp +@@ -146,7 +146,7 @@ namespace freelan + + void curl::set_proxy(const asiotap::endpoint& proxy) + { +- if (proxy != asiotap::hostname_endpoint::null()) ++ if (proxy != asiotap::endpoint(asiotap::hostname_endpoint::null())) + { + set_option(CURLOPT_PROXY, static_cast<const void*>(boost::lexical_cast<std::string>(proxy).c_str())); + } diff --git a/net-vpn/freelan/files/boost163.patch b/net-vpn/freelan/files/boost163.patch new file mode 100644 index 000000000000..33636ef0d0b1 --- /dev/null +++ b/net-vpn/freelan/files/boost163.patch @@ -0,0 +1,24 @@ +Index: freelan-2.0/libs/freelan/src/core.cpp +=================================================================== +--- freelan-2.0.orig/libs/freelan/src/core.cpp ++++ freelan-2.0/libs/freelan/src/core.cpp +@@ -1766,7 +1766,8 @@ namespace freelan + { + m_logger(fscp::log_level::information) << "IPv4 address: " << m_configuration.tap_adapter.ipv4_address_prefix_length; + +- tap_config.ipv4.network_address = { m_configuration.tap_adapter.ipv4_address_prefix_length.address(), m_configuration.tap_adapter.ipv4_address_prefix_length.prefix_length() }; ++ asiotap::base_ip_network_address<boost::asio::ip::address_v4> a(m_configuration.tap_adapter.ipv4_address_prefix_length.address(), m_configuration.tap_adapter.ipv4_address_prefix_length.prefix_length()); ++ tap_config.ipv4.network_address = a; + } + else + { +@@ -1778,7 +1779,8 @@ namespace freelan + { + m_logger(fscp::log_level::information) << "IPv6 address: " << m_configuration.tap_adapter.ipv6_address_prefix_length; + +- tap_config.ipv6.network_address = { m_configuration.tap_adapter.ipv6_address_prefix_length.address(), m_configuration.tap_adapter.ipv6_address_prefix_length.prefix_length() }; ++ asiotap::base_ip_network_address<boost::asio::ip::address_v6> a(m_configuration.tap_adapter.ipv6_address_prefix_length.address(), m_configuration.tap_adapter.ipv6_address_prefix_length.prefix_length()); ++ tap_config.ipv6.network_address = a; + } + else + { diff --git a/net-vpn/freelan/files/gcc7.patch b/net-vpn/freelan/files/gcc7.patch new file mode 100644 index 000000000000..71bcf3d9a841 --- /dev/null +++ b/net-vpn/freelan/files/gcc7.patch @@ -0,0 +1,60 @@ +commit 5014a8023b42762052d6417ebbc0cd2adb1fda90 +Author: Sebastien Vincent <sebastien.vincent@cppextrem.com> +Date: Sat Aug 5 20:10:55 2017 +0200 + + Fixes compilation with g++-7. + +diff --git a/libs/asiotap/src/posix/posix_tap_adapter.cpp b/libs/asiotap/src/posix/posix_tap_adapter.cpp +index 71377cee..cdd7abf3 100644 +--- a/libs/asiotap/src/posix/posix_tap_adapter.cpp ++++ b/libs/asiotap/src/posix/posix_tap_adapter.cpp +@@ -206,6 +206,7 @@ namespace asiotap + { + result[name] = name; + } ++ break; + } + case tap_adapter_layer::ip: + { +@@ -213,6 +214,7 @@ namespace asiotap + { + result[name] = name; + } ++ break; + } + } + } +diff --git a/libs/netlinkplus/include/netlinkplus/endpoint.hpp b/libs/netlinkplus/include/netlinkplus/endpoint.hpp +index 3503cae3..74fb7e1b 100644 +--- a/libs/netlinkplus/include/netlinkplus/endpoint.hpp ++++ b/libs/netlinkplus/include/netlinkplus/endpoint.hpp +@@ -44,6 +44,8 @@ + + #pragma once + ++#include <cstring> ++ + #include <boost/asio.hpp> + + #include <linux/netlink.h> +@@ -125,17 +127,17 @@ namespace netlinkplus + + friend bool operator==(const netlink_endpoint& lhs, const netlink_endpoint& rhs) + { +- return (lhs.m_sockaddr == rhs.m_sockaddr); ++ return (std::memcmp(&lhs.m_sockaddr, &rhs.m_sockaddr, sizeof(sockaddr_nl)) == 0); + } + + friend bool operator!=(const netlink_endpoint& lhs, const netlink_endpoint& rhs) + { +- return (lhs.m_sockaddr != rhs.m_sockaddr); ++ return (std::memcmp(&lhs.m_sockaddr, &rhs.m_sockaddr, sizeof(sockaddr_nl)) != 0); + } + + friend bool operator<(const netlink_endpoint& lhs, const netlink_endpoint& rhs) + { +- return (lhs.m_sockaddr < rhs.m_sockaddr); ++ return (std::memcmp(&lhs.m_sockaddr, &rhs.m_sockaddr, sizeof(sockaddr_nl)) < 0); + } + + private: diff --git a/net-vpn/freelan/files/glibc225.patch b/net-vpn/freelan/files/glibc225.patch new file mode 100644 index 000000000000..e21df29d1aec --- /dev/null +++ b/net-vpn/freelan/files/glibc225.patch @@ -0,0 +1,21 @@ +commit 597b6eb65b4ea68f0fe8015db38ce68b71c280d7 +Author: Florian Lamprecht <florian_lamprecht@gmx.de> +Date: Sun Mar 19 13:37:27 2017 +0100 + + Fix a compiler warning on linux + + include a systemmacro explictly to avoid warning, which is handled as error. + +diff --git a/libs/asiotap/src/posix/posix_tap_adapter.cpp b/libs/asiotap/src/posix/posix_tap_adapter.cpp +index 74e9eb2a..71377cee 100644 +--- a/libs/asiotap/src/posix/posix_tap_adapter.cpp ++++ b/libs/asiotap/src/posix/posix_tap_adapter.cpp +@@ -56,7 +56,7 @@ + #ifdef LINUX + + #include <linux/if_tun.h> +- ++#include <sys/sysmacros.h> + /** + * \struct in6_ifreq + * \brief Replacement structure since the include of linux/ipv6.h introduces conflicts. diff --git a/net-vpn/freelan/files/mf.patch b/net-vpn/freelan/files/mf.patch new file mode 100644 index 000000000000..c7e169f4e8a7 --- /dev/null +++ b/net-vpn/freelan/files/mf.patch @@ -0,0 +1,33 @@ +commit 4109bb053906f45b545a6cca4399734b91bca425 +Author: Julien Kauffmann <julien.kauffmann@freelan.org> +Date: Sat May 9 16:55:51 2015 -0400 + + Fixed Makefile + +diff --git a/Makefile b/Makefile +index d6bcd59..20b5ea1 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,14 +1,15 @@ + PRODUCT_NAME:=freelan +-PRODUCT_VERSION:=$(shell git describe) ++PRODUCT_VERSION:=$(shell cat VERSION | tr -d '\r\n') ++PRODUCT_PREFIX=/usr + +-default: install +- +-install: +- # Install the files to ${DESTDIR} (defaults to /) +- scons install prefix=/ ++default: build + + build: +- scons all samples ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} ++ ++install: ++ # Install the files to $(DESTDIR) (defaults to /) ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} + + package: + git archive HEAD --prefix=${PRODUCT_NAME}-${PRODUCT_VERSION}/ | gzip > ${PRODUCT_NAME}-${PRODUCT_VERSION}.tar.gz diff --git a/net-vpn/freelan/files/openrc/freelan.initd b/net-vpn/freelan/files/openrc/freelan.initd new file mode 100755 index 000000000000..bab116d3db06 --- /dev/null +++ b/net-vpn/freelan/files/openrc/freelan.initd @@ -0,0 +1,12 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/freelan" +command_args="-s -p /var/run/freelan.pid" +pidfile="/var/run/freelan.pid" + +depend() { + need net + use logger +} diff --git a/net-vpn/freelan/files/prefix.patch b/net-vpn/freelan/files/prefix.patch new file mode 100644 index 000000000000..ac75e87fb1d1 --- /dev/null +++ b/net-vpn/freelan/files/prefix.patch @@ -0,0 +1,81 @@ +commit d782a42eaeecdce9b4377a7b41dc60b9fecca31c +Author: Julien Kauffmann <julien.kauffmann@freelan.org> +Date: Sat May 9 19:30:11 2015 -0400 + + Added support for a different binary prefix + +diff --git a/Makefile b/Makefile +index 20b5ea1..b009d2c 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,15 +1,16 @@ + PRODUCT_NAME:=freelan + PRODUCT_VERSION:=$(shell cat VERSION | tr -d '\r\n') +-PRODUCT_PREFIX=/usr ++PRODUCT_BIN_PREFIX=/usr ++PRODUCT_PREFIX=/ + + default: build + + build: +- FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} bin_prefix=${PRODUCT_BIN_PREFIX} + + install: + # Install the files to $(DESTDIR) (defaults to /) +- FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} bin_prefix=${PRODUCT_BIN_PREFIX} + + package: + git archive HEAD --prefix=${PRODUCT_NAME}-${PRODUCT_VERSION}/ | gzip > ${PRODUCT_NAME}-${PRODUCT_VERSION}.tar.gz +diff --git a/SConstruct b/SConstruct +index 32a9915..bc68b71 100644 +--- a/SConstruct ++++ b/SConstruct +@@ -28,7 +28,7 @@ class FreelanEnvironment(Environment): + A freelan specific environment class. + """ + +- def __init__(self, mode, prefix, **kwargs): ++ def __init__(self, mode, prefix, bin_prefix=None, **kwargs): + """ + Initialize the environment. + +@@ -66,14 +66,19 @@ class FreelanEnvironment(Environment): + + self.mode = mode + self.prefix = prefix ++ self.bin_prefix = bin_prefix if bin_prefix else prefix + self.destdir = self['ENV'].get('DESTDIR', '') + + if self.destdir: + self.install_prefix = os.path.normpath( + os.path.abspath(self.destdir), + ) + self.prefix ++ self.bin_install_prefix = os.path.normpath( ++ os.path.abspath(self.destdir), ++ ) + self.bin_prefix + else: + self.install_prefix = self.prefix ++ self.bin_install_prefix = self.bin_prefix + + if os.path.basename(self['CXX']) == 'clang++': + self.Append(CXXFLAGS=['-Qunused-arguments']) +@@ -147,10 +152,15 @@ class FreelanEnvironment(Environment): + mode = GetOption('mode') + prefix = os.path.normpath(os.path.abspath(ARGUMENTS.get('prefix', './install'))) + ++if 'bin_prefix' in ARGUMENTS: ++ bin_prefix = os.path.normpath(os.path.abspath(ARGUMENTS['bin_prefix'])) ++else: ++ bin_prefix = None ++ + if mode in ('all', 'release'): +- env = FreelanEnvironment(mode='release', prefix=prefix) ++ env = FreelanEnvironment(mode='release', prefix=prefix, bin_prefix=bin_prefix) + libraries, includes, apps, samples, configurations = SConscript('SConscript', exports='env', variant_dir=os.path.join('build', env.mode)) +- install = env.Install(os.path.join(env.install_prefix, 'bin'), apps) ++ install = env.Install(os.path.join(env.bin_install_prefix, 'bin'), apps) + install.extend(env.Install(os.path.join(env.install_prefix, 'etc', 'freelan'), configurations)) + + Alias('install', install) diff --git a/net-vpn/freelan/freelan-2.0.ebuild b/net-vpn/freelan/freelan-2.0.ebuild new file mode 100644 index 000000000000..eb641501a7e4 --- /dev/null +++ b/net-vpn/freelan/freelan-2.0.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit scons-utils toolchain-funcs eutils + +DESCRIPTION="Peer-to-peer VPN software that abstracts a LAN over the Internet" +HOMEPAGE="http://www.freelan.org/" +SRC_URI="https://github.com/freelan-developers/freelan/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="debug" + +DEPEND=" + dev-libs/boost:=[threads] + dev-libs/openssl:0= + net-misc/curl:= + virtual/libiconv +" +RDEPEND="${DEPEND}" + +FREELAN_NO_GIT=1 +FREELAN_NO_GIT_VERSION=${PV} + +src_prepare() { + epatch \ + "${FILESDIR}/boost158.patch" \ + "${FILESDIR}/mf.patch" \ + "${FILESDIR}/prefix.patch" \ + "${FILESDIR}/boost163.patch" \ + "${FILESDIR}/glibc225.patch" \ + "${FILESDIR}/gcc7.patch" + + sed -e "s/CXXFLAGS='-O3'/CXXFLAGS=''/" \ + -e "s/CXXFLAGS=\['-Werror'\]/CXXFLAGS=[]/" \ + -e "s/CXXFLAGS=\['-pedantic'\]/CXXFLAGS=[]/" \ + -i SConstruct || die + epatch_user +} + +src_compile() { + tc-export CXX CC AR + export LINK="$(tc-getCXX)" + + local MYSCONS=( + "--mode=$(usex debug debug release)" + prefix="${EPREFIX:-/}" + bin_prefix="/usr" + apps + ) + escons "${MYSCONS[@]}" +} + +src_install() { + DESTDIR="${D}" escons --mode=release prefix="${EPREFIX:-/}" bin_prefix="/usr" install + dodoc CONTRIBUTING.md README.md + + newinitd "${FILESDIR}/openrc/freelan.initd" freelan +} diff --git a/net-vpn/freelan/metadata.xml b/net-vpn/freelan/metadata.xml new file mode 100644 index 000000000000..a3e769a44857 --- /dev/null +++ b/net-vpn/freelan/metadata.xml @@ -0,0 +1,11 @@ +<?xml version='1.0' encoding='UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>aballier@gentoo.org</email> + <name>Alexis Ballier</name> + </maintainer> + <upstream> + <remote-id type="github">freelan-developers/freelan</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/httptunnel/Manifest b/net-vpn/httptunnel/Manifest new file mode 100644 index 000000000000..a22f636fdf20 --- /dev/null +++ b/net-vpn/httptunnel/Manifest @@ -0,0 +1,4 @@ +AUX httptunnel-3.3-fix_write_stdin.patch 541 SHA256 11b9ebbd380054e2666a5efdf59a6f545c362e37ab838adc5e1c4b3fa7e845d7 SHA512 d8a0cf3319c31f67a7e7bdf097923d52c619aa39cf80e261475213c1fcfaf43297f2a797952bcee413ecc78e78c15f817bc6f783ed525b07940fbe053e49fb6b WHIRLPOOL 253993015351bd8fcb80accba66a6effee8cd1dcf8981a0082c073a3dcffb143c12190260f666d2f85799c9415db4cb93cd971d18a7f5bdb5b908689740e5c82 +DIST httptunnel-3.3.tar.gz 262749 SHA256 142f82b204876c2aa90f19193c7ff78d90bb4c2cba99dfd4ef625864aed1c556 SHA512 84503e27e84cd39441a7592d6446e30fce07a54b940e4398407dc105fabc6c8f96d3b5d05137d6dab22b2088c5b114728551337429748c900bd6fe7d6b6109e5 WHIRLPOOL 2a747d5c7b0feb563a055013a330d8842b7cddbb4864aa13c98a47aaadab04480c48ffe00a4a26c44a52fe9afd7820646307b4d815ee1038d65a1e2546c451d4 +EBUILD httptunnel-3.3-r2.ebuild 658 SHA256 6e4118388a4646aa5fb5c04bcd57ab3fd91d22be93c132b58336980c50f5d427 SHA512 06a39ab5fae75f191f9e9376905ba5053dac1f063c904a17c37fadc7362f3acd787082c3c99bb57f5f214f4707bddeadbbedea5641b92800beb6a92d98ac2b38 WHIRLPOOL d4e8f85d99cc04b43b85f400e14d131fc2e8d31342f94fa37ad10ee17a57f0411b79998ae0a71b3edf691792d327a65721670336cf812b822791fc3ecd8e3c40 +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-vpn/httptunnel/files/httptunnel-3.3-fix_write_stdin.patch b/net-vpn/httptunnel/files/httptunnel-3.3-fix_write_stdin.patch new file mode 100644 index 000000000000..904df6f91159 --- /dev/null +++ b/net-vpn/httptunnel/files/httptunnel-3.3-fix_write_stdin.patch @@ -0,0 +1,12 @@ +diff -dur httptunnel-3.3/common.c httptunnel-3.3-fix_write_stdin/common.c +--- httptunnel-3.3/common.c 2001-02-25 12:45:41.000000000 +0100 ++++ httptunnel-3.3-fix_write_stdin/common.c 2007-06-20 21:38:54.000000000 +0200 +@@ -314,7 +314,7 @@ + + /* If fd == 0, then we are using --stdin-stdout so write to stdout, + * not fd. */ +- m = write_all (fd ? fd : 0, buf, (size_t)n); ++ m = write_all (fd ? fd : 1, buf, (size_t)n); + log_annoying ("write_all (%d, %p, %d) = %d", fd ? fd : 1, buf, n, m); + return m; + } diff --git a/net-vpn/httptunnel/httptunnel-3.3-r2.ebuild b/net-vpn/httptunnel/httptunnel-3.3-r2.ebuild new file mode 100644 index 000000000000..74bc2848e259 --- /dev/null +++ b/net-vpn/httptunnel/httptunnel-3.3-r2.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="httptunnel can create IP tunnels through firewalls/proxies using HTTP" +HOMEPAGE="http://www.nocrew.org/software/httptunnel.html" +SRC_URI="http://www.nocrew.org/software/${PN}/${P}.tar.gz" +LICENSE="GPL-2" +KEYWORDS="amd64 ppc x86 ~x86-fbsd" +IUSE="" +SLOT="0" + +DEPEND="" +RDEPEND="" + +src_prepare() { + epatch "${FILESDIR}"/${P}-fix_write_stdin.patch + tc-export CC +} + +src_configure() { + ./configure \ + --host=${CHOST} \ + --prefix=/usr \ + --infodir=/usr/share/info \ + --mandir=/usr/share/man || die +} diff --git a/net-vpn/httptunnel/metadata.xml b/net-vpn/httptunnel/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-vpn/httptunnel/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-vpn/htun/Manifest b/net-vpn/htun/Manifest new file mode 100644 index 000000000000..561b3452bdfb --- /dev/null +++ b/net-vpn/htun/Manifest @@ -0,0 +1,6 @@ +AUX README.gentoo 139 SHA256 2a1188f8e84e6eb39a2f70dddb2e881d9f7e4a8a415f21648d7fdcb040fff6a0 SHA512 11965b27b2ae85b499c83452b4c459810c9a921a8d30814bee3da2d942146082390d32baf06993c50fe3bc46fb7d3f2621a82b15d1df2b0b9db76144a53c0f5a WHIRLPOOL db91f6bdce37a998ce012ffa07847db20078ec4169107401d0cb38af994cd66f3cdfe9b681f1408bf0627cd6aed339de23ffcf8f4c459e3dffbad2bb019e14cb +AUX htun-0.9.6-glibc.patch 258 SHA256 83b3fcf83d82c9f4d5f5c9c3887c2beaa5f05564ff6b00365992cca6f5dc75f4 SHA512 cafee1ea1f882ccf7d6caf02c1ba8edb29047c9a3d60dd0f302817ef0b36008411996955f096db6ce34f75403a65273c264fa34f1c0d3dd909d264331ca8e805 WHIRLPOOL ebdca8e6128b279dabad4b72d14dca1e1df90e54cd0a8a2ed6f0d87a9746d889b5d7c045a11a2ca9e6b3752b8fbeb242c77ba1f981f1293c5ce02129776b341c +AUX htun-0.9.6-makefile.patch 904 SHA256 836d4e04fb6f9e5e432444b79e8af85ac471732ce21ad4f08d94eb2fcf4d862f SHA512 10251ad9a5244554797138a96a83d23f44c97b55a3839a2c90fdcc0fc00f0d03f621806e371e0578eb57155c8d07de4f65430734a4a7dc0c1ece4769b08436f1 WHIRLPOOL 199f7c98d2f2e89f8953d5888d106500e65bc25be15ae233c3434768d0b37ad1ce598f6e26ec41cc9c83ed72bdb0b4415e068c96d74730898d59f34478724451 +DIST htun-0.9.6.tar.gz 63745 SHA256 acf330a37f1ac676dcb82160f43f12e0b266263f8bf918d9990f1e17e57ed83f SHA512 d709e9b6a809df5711b3c3c61c207a0ce72a054904fbe0a39bb9c60f174b19eb5fe183e3218100f45941035f72c5212fcbd716858631d1f117e6f88608f8ea0d WHIRLPOOL 3ce553377c2107814455f9d421d5bf2cbfdb40b68e371fc3f078b2a32bfe486861d4d8a683b427238952873651606184186f9e425f22f57d34a0295c0f105a36 +EBUILD htun-0.9.6.ebuild 947 SHA256 bb697bbe86e100994332cf5c03127ee2ed11157e2a1155452388a35acaa199df SHA512 7f22c59c6027ec125d0c8b9c1bcbc124c088b2d76d3331c33f37a996bf66ab42d22df0d9cbf689f38c97e355429e12d6b237e356ad63bbe6289acf89fa9ebd43 WHIRLPOOL 268949761275e57744371639c13f67de09f653924242e3a36c0186bca8db66bfa6e88f183653ef2558efceac3d6edaed4c5e224c05f876ddea59e037ff9842b8 +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-vpn/htun/files/README.gentoo b/net-vpn/htun/files/README.gentoo new file mode 100644 index 000000000000..1710c726723a --- /dev/null +++ b/net-vpn/htun/files/README.gentoo @@ -0,0 +1,3 @@ +NOTE: HTun requires the Universal TUN/TAP module +available in the Linux kernel. Make sure you have +compiled the tun.o driver as a module! diff --git a/net-vpn/htun/files/htun-0.9.6-glibc.patch b/net-vpn/htun/files/htun-0.9.6-glibc.patch new file mode 100644 index 000000000000..3f281c526388 --- /dev/null +++ b/net-vpn/htun/files/htun-0.9.6-glibc.patch @@ -0,0 +1,14 @@ +get things building with glibc-2.8 + +http://bugs.gentoo.org/248100 + +--- a/include/common.h ++++ b/include/common.h +@@ -23,6 +23,7 @@ + #ifndef __COMMON_H + #define __COMMON_H + ++#include <limits.h> + #include <netinet/in.h> + #include <time.h> + #include "queue.h" diff --git a/net-vpn/htun/files/htun-0.9.6-makefile.patch b/net-vpn/htun/files/htun-0.9.6-makefile.patch new file mode 100644 index 000000000000..c1f0b76bfa14 --- /dev/null +++ b/net-vpn/htun/files/htun-0.9.6-makefile.patch @@ -0,0 +1,34 @@ +* Fix build system to not hardcode CC +* Fix build system to respect user flags + +--- a/src/Makefile ++++ b/src/Makefile +@@ -20,16 +20,14 @@ + + # $Id: Makefile,v 2.16 2002/08/11 15:57:07 jehsom Exp $ + +- +-CFLAGS = -I../include -I. -O -W -Wall -g -D_REENTRANT #-pg -a +-LDFLAGS = -lfl -lpthread # -flex for linux, solaris ? +-LEX_CFLAGS = -I../include -I. -g -D_REENTRANT #-pg -a ++CFLAGS := $(CFLAGS) -I../include -I. -O -W -Wall -D_REENTRANT ++LDFLAGS := $(LDFLAGS) -lfl -lpthread ++LEX_CFLAGS = -I../include -I. -D_REENTRANT + + # in Linux, LFLAGS is empty. In Solaris, LFLAGS = -lnsl -lsocket + #LFLAGS = -lnsl -lsocket + + VPATH = .:../include +-CC := gcc + LEX = flex + YACC = yacc + INCLUDE := $(wildcard ../include/*.h) +@@ -52,7 +50,7 @@ + $(OBJS): $(INCLUDE) + + $(CONFOBS): $(CONFSRC) +- $(CC) $(LEX_CFLAGS) -c $(@:.o=.c) ++ $(CC) $(CFLAGS) $(LEX_CFLAGS) -c $(@:.o=.c) + + lex.yy.c: parse.l + $(LEX) $^ diff --git a/net-vpn/htun/htun-0.9.6.ebuild b/net-vpn/htun/htun-0.9.6.ebuild new file mode 100644 index 000000000000..a04679b6af39 --- /dev/null +++ b/net-vpn/htun/htun-0.9.6.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic readme.gentoo-r1 toolchain-funcs + +DESCRIPTION="Project to tunnel IP traffic over HTTP" +HOMEPAGE="http://linux.softpedia.com/get/System/Networking/HTun-14751.shtml" +SRC_URI="http://www.sourcefiles.org/Networking/Tools/Proxy/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +# should not be replaced by virtual/yacc +# at least failed with dev-util/bison +DEPEND="dev-util/yacc" +RDEPEND="" + +PATCHES=( + "${FILESDIR}"/${P}-glibc.patch #248100 + "${FILESDIR}"/${P}-makefile.patch +) + +src_configure() { + # Fix multiple symbol definitions due to + # C99/C11 inline semantics, bug 571458 + append-cflags -std=gnu89 +} + +src_compile() { + emake -C src CC="$(tc-getCC)" +} + +src_install() { + dosbin src/htund + + insinto /etc + doins doc/htund.conf + + local DOCS=( doc/. README ) + einstalldocs + readme.gentoo_create_doc +} diff --git a/net-vpn/htun/metadata.xml b/net-vpn/htun/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-vpn/htun/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-vpn/i2p/Manifest b/net-vpn/i2p/Manifest new file mode 100644 index 000000000000..530ff8e96220 --- /dev/null +++ b/net-vpn/i2p/Manifest @@ -0,0 +1,12 @@ +AUX i2p-0.9.30-add_libs.patch 1129 SHA256 7147530fa63d0f1234cc30c7136a8e258a088b89b60731855bc57b1e7f728a7b SHA512 d5f746c5f249f81e39dc4f845bdbb8c6791efa681d8446a3ce2ff01f0febbfc93b4519b47b33ba0a63acf7788fb44e7cdfe100af4136956aeb19b162c015e247 WHIRLPOOL b59ee38a58733fe37b4109aee6c814033ceb8c43bdf1c1913ccb9eb07c845b19ed612f854af87d45a44b5c0721d2ccb292f8a3002cb0fb91181f971974cfcf97 +AUX i2p-0.9.30.initd 1165 SHA256 a62fadcd543a737487eba9e52005bdb7bc3103f2c468eac0fd15c79562edc201 SHA512 1a18ab066ccb0ce190d7d26b8928fab260e8e76333145f1e5099bdc09891c517f6ae46c4f93b9559bce8427022698e56a8333360572a398fba2bd582ac3a77a8 WHIRLPOOL 8867cd1c1cd4815a1eeac19c4ef44c42f7d72cb14658ccc1fc2e37f13b78a17a5ef5f8acb6ee54a3cb059f35cc65022bb66ae93c863dce0b35df148da3aac3f6 +AUX i2p-0.9.30.service 244 SHA256 62b078c9cb011474fd1e73f29995a3e9106f6e48c90fff6e46010908676c4086 SHA512 409438616aa655630e0e3256052fee831a8f68728b67eef077f5ea303d6dcccb06bbb549af5ee1023ef60ee6fa264d0170d991dbbdc0cc70335b030c73a7e6c8 WHIRLPOOL fa51dde6b4dfa51881736fe3f85507f9d0f86f1b7889c485dafa099fe5af94a289a5274c7f197af8d838b829a838344eb7652d006ae09b898b00c14786e5636d +AUX i2p-0.9.31-add_libs.patch 1129 SHA256 7147530fa63d0f1234cc30c7136a8e258a088b89b60731855bc57b1e7f728a7b SHA512 d5f746c5f249f81e39dc4f845bdbb8c6791efa681d8446a3ce2ff01f0febbfc93b4519b47b33ba0a63acf7788fb44e7cdfe100af4136956aeb19b162c015e247 WHIRLPOOL b59ee38a58733fe37b4109aee6c814033ceb8c43bdf1c1913ccb9eb07c845b19ed612f854af87d45a44b5c0721d2ccb292f8a3002cb0fb91181f971974cfcf97 +AUX i2p-0.9.31.initd 1107 SHA256 f9d3c4926e1e9c6c2a9ba22dfa1881da3734e544e7e0f52145ffcd53126ee30c SHA512 78d68722d274f59b79423b2e7ca9f541c18ee0f23a9e4c8e15bec6f84fcad5fb4af3fb3b0708b38d5e0accb304e2302793bbbc667f6bfd84d5488dade560d55f WHIRLPOOL 6929ff8746c8abc4cf736fd8c2000d67370712e5d1dcb54dca0c9efef5e1bd81f6c021072fa565fd7386feaf03ff784e0afa7ade40dd33791af526256ed77074 +AUX i2p-0.9.31.service 244 SHA256 62b078c9cb011474fd1e73f29995a3e9106f6e48c90fff6e46010908676c4086 SHA512 409438616aa655630e0e3256052fee831a8f68728b67eef077f5ea303d6dcccb06bbb549af5ee1023ef60ee6fa264d0170d991dbbdc0cc70335b030c73a7e6c8 WHIRLPOOL fa51dde6b4dfa51881736fe3f85507f9d0f86f1b7889c485dafa099fe5af94a289a5274c7f197af8d838b829a838344eb7652d006ae09b898b00c14786e5636d +DIST i2psource_0.9.30.tar.bz2 28035272 SHA256 fa18a31c56ce9dbce492d800fda8c947612199427f64f544b81e290dde1fce8f SHA512 59819125fd6aca9fd5ae25a424e78f25bd2e8f9ba995256f9bf7c1fb2a99cebf26a1dcaf1f202276f5656b4582c4b86fdcf9d23011f809b99764b0023fd243f8 WHIRLPOOL bfedf05b58b929d27f408c33048f2de4f355fe2427d1b36a6ef8db147b5df8d1ab62c69ecb42bbdc4cd51d93e64a2ae39a66f607a724156ee2ebb215600a054c +DIST i2psource_0.9.31.tar.bz2 28745769 SHA256 94867fc8ac91eb561598736f6d51773375110db546f8b057c29758b0045931d8 SHA512 ffeb74d02c783febc122580b64561722de04c903e2d33fdeaf74bf3b7d725b8b7ce6556f53a12f0ae0d6c6deb413839e222bc2b8093952e5ecaf1bf96f0d1103 WHIRLPOOL 891eb0100cf44a90b674e8786655b225339fbd0dc53ca57831a1997886a0f434d0ebd1a420d612435540eebd683a7027d6cb33d989066e9a0616d9729e68855d +EBUILD i2p-0.9.30-r1.ebuild 4295 SHA256 6868dbfa9eb5ea3d3002cc60f8655461e3fb8d6eab3da791e10d94ca07fb2af6 SHA512 ed0a65a028e644884a52cb6928365795cd43f00e8a5bcbc8efd8ecf913717d649895f30153527b8c5a6038b379ae8a08846f2de049dbefa3e9b6fcdb90fbc39e WHIRLPOOL 483d7fc9af6fa2d8fa7ae1503c560737a2d6d4c02090b5554367c584fb50d9ada29fd3f955e70044a65e17c8afb2c52bb5cdf0229ddc74aa75ac5722219debc6 +EBUILD i2p-0.9.30.ebuild 4382 SHA256 cc1e94491630a3275673afc890c58769115417a8332a1b96c1b1fe2288ccfc0a SHA512 6be64c8d438ae098909040b9b7ce0fe4dde588cc11e091731459f0c761240e23981bc7ffdb91b89296cccc2cb50f686e5bf1a70f3384ffc895055f2029d637be WHIRLPOOL da4065574d794034861aa335fc637021d321c8692e39f4808c2fa7977703e3405eb846dc176d176ebfdcbf7ddb161426a8e1d52186ae93647287ddd8f422fe10 +EBUILD i2p-0.9.31.ebuild 4295 SHA256 6868dbfa9eb5ea3d3002cc60f8655461e3fb8d6eab3da791e10d94ca07fb2af6 SHA512 ed0a65a028e644884a52cb6928365795cd43f00e8a5bcbc8efd8ecf913717d649895f30153527b8c5a6038b379ae8a08846f2de049dbefa3e9b6fcdb90fbc39e WHIRLPOOL 483d7fc9af6fa2d8fa7ae1503c560737a2d6d4c02090b5554367c584fb50d9ada29fd3f955e70044a65e17c8afb2c52bb5cdf0229ddc74aa75ac5722219debc6 +MISC metadata.xml 1127 SHA256 1bcd0cf3024873641a50e308e88eb1d5524e04145c14d6c59ed0c37d538efa19 SHA512 48784b15c3ff3b0e53a99353724c2a2e4c4cb8b7632aa9a117cc72a32a3827152b47eb0ce8798210fb023133bc01326ded7f0733cf10975ab8fcb7023e0b0cd0 WHIRLPOOL e478f80879bece99f22dfcdb65795c2ce73bbff90634543d8885c8ba3517a895542419f1fbc701a5872ffd34be743fc75acdf44b0cbcfb63fbc97a6fa12fb2d7 diff --git a/net-vpn/i2p/files/i2p-0.9.30-add_libs.patch b/net-vpn/i2p/files/i2p-0.9.30-add_libs.patch new file mode 100644 index 000000000000..0ea3149a3628 --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.30-add_libs.patch @@ -0,0 +1,22 @@ +diff -Naur a/installer/resources/wrapper.config b/installer/resources/wrapper.config +--- a/installer/resources/wrapper.config 2016-11-07 11:42:42.503030002 +0100 ++++ b/installer/resources/wrapper.config 2016-11-07 11:43:11.873031594 +0100 +@@ -61,12 +61,18 @@ + # Be sure there are no other duplicate classes. + # + wrapper.java.classpath.1=$INSTALL_PATH/lib/*.jar ++wrapper.java.classpath.2=/usr/share/tomcat-jstl-impl/lib/*.jar ++wrapper.java.classpath.3=/usr/share/tomcat-jstl-spec/lib/*.jar ++wrapper.java.classpath.4=/usr/share/java-service-wrapper/lib/*.jar ++wrapper.java.classpath.5=/usr/share/bcprov-1.50/lib/*.jar ++wrapper.java.classpath.6=/usr/share/jrobin/lib/*.jar + # uncomment this to use the system classpath as well (e.g. to get tools.jar) + # wrapper.java.classpath.2=%CLASSPATH% + + # Java Library Path (location of Wrapper.DLL or libwrapper.so) + wrapper.java.library.path.1=$INSTALL_PATH + wrapper.java.library.path.2=$INSTALL_PATH/lib ++wrapper.java.library.path.3=/usr/lib/java-service-wrapper + + # Java Bits. On applicable platforms, tells the JVM to run in 32 or 64-bit mode. + wrapper.java.additional.auto_bits=TRUE diff --git a/net-vpn/i2p/files/i2p-0.9.30.initd b/net-vpn/i2p/files/i2p-0.9.30.initd new file mode 100644 index 000000000000..216d19474cb8 --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.30.initd @@ -0,0 +1,35 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +HOME="/var/lib/i2p" +USER_HOME="$HOME" +JAVABINARY="/etc/java-config-2/current-system-vm/bin/java" +INSTALL_PATH="/usr/share/i2p" +I2P="$INSTALL_PATH" +I2P_CONFIG_DIR="$USER_HOME/.i2p" +SYSTEM_java_io_tmpdir="$I2P_CONFIG_DIR" +I2PTEMP="$SYSTEM_java_io_tmpdir" +LOGFILE="$I2P_CONFIG_DIR/wrapper.log" +PIDFILE="/var/run/i2p.pid" +WRAPPER_CMD="$I2P/i2psvc" +WRAPPER_CONF="$I2P/wrapper.config" + +start() { + ebegin "Starting I2P" + start-stop-daemon --start -b -m -u i2p --pidfile "$PIDFILE" --quiet --exec $WRAPPER_CMD -- -c $WRAPPER_CONF wrapper.daemonize=FALSE wrapper.syslog.ident=i2p wrapper.java.command="$JAVABINARY" wrapper.name=i2p wrapper.displayname="I2P Service" wrapper.statusfile="$I2P_CONFIG_DIR/i2p.status" wrapper.java.statusfile="$I2P_CONFIG_DIR/i2p.java.status" wrapper.logfile="$LOGFILE" + sleep 1 + [ -e "$PIDFILE" -a -e /proc/$(cat "$PIDFILE") ] + eend $? +} + +stop() { + ebegin "Stopping I2P" + start-stop-daemon --stop -u i2p --pidfile "$PIDFILE" --quiet --exec $WRAPPER_CMD -R SIGTERM/20 SIGKILL/20 -P + eend $? +} + diff --git a/net-vpn/i2p/files/i2p-0.9.30.service b/net-vpn/i2p/files/i2p-0.9.30.service new file mode 100644 index 000000000000..ccbadbd4d167 --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.30.service @@ -0,0 +1,13 @@ +[Unit] +Description=Invisible Internet Project +After=network.target + +[Service] +User=i2p +Type=forking +ExecReload=/usr/bin/i2prouter restart +ExecStart=/usr/bin/i2prouter start +ExecStop=/usr/bin/i2prouter stop + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/i2p/files/i2p-0.9.31-add_libs.patch b/net-vpn/i2p/files/i2p-0.9.31-add_libs.patch new file mode 100644 index 000000000000..0ea3149a3628 --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.31-add_libs.patch @@ -0,0 +1,22 @@ +diff -Naur a/installer/resources/wrapper.config b/installer/resources/wrapper.config +--- a/installer/resources/wrapper.config 2016-11-07 11:42:42.503030002 +0100 ++++ b/installer/resources/wrapper.config 2016-11-07 11:43:11.873031594 +0100 +@@ -61,12 +61,18 @@ + # Be sure there are no other duplicate classes. + # + wrapper.java.classpath.1=$INSTALL_PATH/lib/*.jar ++wrapper.java.classpath.2=/usr/share/tomcat-jstl-impl/lib/*.jar ++wrapper.java.classpath.3=/usr/share/tomcat-jstl-spec/lib/*.jar ++wrapper.java.classpath.4=/usr/share/java-service-wrapper/lib/*.jar ++wrapper.java.classpath.5=/usr/share/bcprov-1.50/lib/*.jar ++wrapper.java.classpath.6=/usr/share/jrobin/lib/*.jar + # uncomment this to use the system classpath as well (e.g. to get tools.jar) + # wrapper.java.classpath.2=%CLASSPATH% + + # Java Library Path (location of Wrapper.DLL or libwrapper.so) + wrapper.java.library.path.1=$INSTALL_PATH + wrapper.java.library.path.2=$INSTALL_PATH/lib ++wrapper.java.library.path.3=/usr/lib/java-service-wrapper + + # Java Bits. On applicable platforms, tells the JVM to run in 32 or 64-bit mode. + wrapper.java.additional.auto_bits=TRUE diff --git a/net-vpn/i2p/files/i2p-0.9.31.initd b/net-vpn/i2p/files/i2p-0.9.31.initd new file mode 100644 index 000000000000..122d64f4919e --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.31.initd @@ -0,0 +1,33 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +HOME="/var/lib/i2p" +USER_HOME="$HOME" +JAVABINARY="/etc/java-config-2/current-system-vm/bin/java" +INSTALL_PATH="/usr/share/i2p" +I2P="$INSTALL_PATH" +I2P_CONFIG_DIR="$USER_HOME/.i2p" +SYSTEM_java_io_tmpdir="$I2P_CONFIG_DIR" +I2PTEMP="$SYSTEM_java_io_tmpdir" +LOGFILE="$I2P_CONFIG_DIR/wrapper.log" +PIDFILE="/var/run/i2p.pid" +WRAPPER_CMD="$I2P/i2psvc" +WRAPPER_CONF="$I2P/wrapper.config" + +start() { + ebegin "Starting I2P" + start-stop-daemon --start -b -m -u i2p --pidfile "$PIDFILE" --quiet --exec $WRAPPER_CMD -- -c $WRAPPER_CONF wrapper.daemonize=FALSE wrapper.syslog.ident=i2p wrapper.java.command="$JAVABINARY" wrapper.name=i2p wrapper.displayname="I2P Service" wrapper.statusfile="$I2P_CONFIG_DIR/i2p.status" wrapper.java.statusfile="$I2P_CONFIG_DIR/i2p.java.status" wrapper.logfile="$LOGFILE" + eend $? +} + +stop() { + ebegin "Stopping I2P" + start-stop-daemon --stop -u i2p --pidfile "$PIDFILE" --quiet --exec $WRAPPER_CMD -R SIGTERM/20 SIGKILL/20 -P + eend $? +} + diff --git a/net-vpn/i2p/files/i2p-0.9.31.service b/net-vpn/i2p/files/i2p-0.9.31.service new file mode 100644 index 000000000000..ccbadbd4d167 --- /dev/null +++ b/net-vpn/i2p/files/i2p-0.9.31.service @@ -0,0 +1,13 @@ +[Unit] +Description=Invisible Internet Project +After=network.target + +[Service] +User=i2p +Type=forking +ExecReload=/usr/bin/i2prouter restart +ExecStart=/usr/bin/i2prouter start +ExecStop=/usr/bin/i2prouter stop + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/i2p/i2p-0.9.30-r1.ebuild b/net-vpn/i2p/i2p-0.9.30-r1.ebuild new file mode 100644 index 000000000000..d64a1c13eda1 --- /dev/null +++ b/net-vpn/i2p/i2p-0.9.30-r1.ebuild @@ -0,0 +1,152 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils java-pkg-2 java-ant-2 systemd user + +DESCRIPTION="A privacy-centric, anonymous network." +HOMEPAGE="https://geti2p.net" +SRC_URI="https://download.i2p2.de/releases/${PV}/i2psource_${PV}.tar.bz2" + +LICENSE="Apache-2.0 Artistic BSD CC-BY-2.5 CC-BY-3.0 CC-BY-SA-3.0 EPL-1.0 GPL-2 GPL-3 LGPL-2.1 LGPL-3 MIT public-domain WTFPL-2" +SLOT="0" + +# Until the deps reach other arches +KEYWORDS="~amd64 ~x86" +IUSE="+ecdsa nls" + +# dev-java/ant-core is automatically added due to java-ant-2.eclass +CP_DEPEND="dev-java/bcprov:1.50 + dev-java/jrobin:0 + dev-java/slf4j-api:0 + dev-java/tomcat-jstl-impl:0 + dev-java/tomcat-jstl-spec:0 + dev-java/java-service-wrapper:0" + +DEPEND="${CP_DEPEND} + dev-java/eclipse-ecj:* + dev-libs/gmp:0 + nls? ( >=sys-devel/gettext-0.19 ) + >=virtual/jdk-1.7" + +RDEPEND="${CP_DEPEND} + ecdsa? ( + || ( + dev-java/icedtea:7[-sunec] + dev-java/icedtea:8[-sunec] + dev-java/icedtea-bin:7 + dev-java/icedtea-bin:8 + dev-java/oracle-jre-bin + dev-java/oracle-jdk-bin + ) + ) + !ecdsa? ( >=virtual/jre-1.7 )" + +EANT_BUILD_TARGET="pkg" +JAVA_ANT_ENCODING="UTF-8" + +I2P_ROOT='/usr/share/i2p' +I2P_CONFIG_HOME='/var/lib/i2p' +I2P_CONFIG_DIR="${I2P_CONFIG_HOME}/.i2p" + +RES_DIR='installer/resources' + +PATCHES=( + "${FILESDIR}/${P}-add_libs.patch" +) + +pkg_setup() { + java-pkg-2_pkg_setup + + enewgroup i2p + enewuser i2p -1 -1 "${I2P_CONFIG_HOME}" i2p +} + +src_unpack() { + unpack ${A} + cd "${S}" || die + java-ant_rewrite-classpath +} + +src_prepare() { + java-pkg-2_src_prepare + + # We're on GNU/Linux, we don't need .exe files + echo "noExe=true" > override.properties || die + if ! use nls; then + echo "require.gettext=false" >> override.properties || die + fi + + # avoid auto starting browser + sed -i 's|clientApp.4.startOnLoad=true|clientApp.4.startOnLoad=false|' \ + "${RES_DIR}/clients.config" || die + + # we do it now so we can resolve path after + default + + # replace paths as the installer would + sed -i "s|%INSTALL_PATH|${I2P_ROOT}|" \ + "${RES_DIR}/"{eepget,i2prouter,runplain.sh} || die + sed -i "s|\$INSTALL_PATH|${I2P_ROOT}|" "${RES_DIR}/wrapper.config" || die + sed -i "s|%SYSTEM_java_io_tmpdir|${I2P_CONFIG_DIR}|" \ + "${RES_DIR}/"{i2prouter,runplain.sh} || die + sed -i "s|%USER_HOME|${I2P_CONFIG_HOME}|" "${RES_DIR}/i2prouter" || die +} + +src_install() { + # cd into pkg-temp. + cd "${S}/pkg-temp" || die + + # This is ugly, but to satisfy all non-system .jar dependencies, jetty + # would need to be packaged. It would be too large a task + # for an unseasoned developer. This seems to be the most pragmatic solution + java-pkg_jarinto "${I2P_ROOT}/lib" + local i + for i in BOB commons-el commons-logging i2p i2psnark i2ptunnel \ + jasper-compiler jasper-runtime javax.servlet jbigi jetty* mstreaming org.mortbay.* router* \ + sam standard streaming systray addressbook; do + java-pkg_dojar lib/${i}.jar + done + + # Set up symlinks for binaries + dosym /usr/bin/wrapper "${I2P_ROOT}/i2psvc" + dosym "${I2P_ROOT}/i2prouter" /usr/bin/i2prouter + dosym "${I2P_ROOT}/eepget" /usr/bin/eepget + + # Install main files and basic documentation + exeinto "${I2P_ROOT}" + insinto "${I2P_ROOT}" + doins blocklist.txt hosts.txt *.config + doexe eepget i2prouter runplain.sh + dodoc history.txt INSTALL-headless.txt LICENSE.txt + doman man/* + + # Install other directories + doins -r certificates docs eepsite geoip scripts + dodoc -r licenses + java-pkg_dowar webapps/*.war + + # Install daemon files + newinitd "${FILESDIR}/${P}.initd" i2p + systemd_newunit "${FILESDIR}/${P}.service" i2p.service + + # setup user + keepdir "${I2P_CONFIG_DIR}" + fowners -R i2p:i2p "${I2P_CONFIG_DIR}" +} + +pkg_postinst() { + elog "Custom configuration belongs in ${I2P_CONFIG_DIR} to avoid being overwritten." + elog 'I2P can be configured through the web interface at http://localhost:7657/console' + + if use !ecdsa + then + ewarn 'Currently, the i2p team does not enforce to use ECDSA keys. But it is more and' + ewarn 'more pushed. To help the network, you are recommended to have the ecdsa USE.' + ewarn + ewarn "This is purely a run-time issue. You're free to build i2p with any JDK, as long as" + ewarn 'the JVM you run it with is one of the above listed and from the same or a newer generation' + ewarn 'as the one you built with.' + fi +} diff --git a/net-vpn/i2p/i2p-0.9.30.ebuild b/net-vpn/i2p/i2p-0.9.30.ebuild new file mode 100644 index 000000000000..54eab04b7fe1 --- /dev/null +++ b/net-vpn/i2p/i2p-0.9.30.ebuild @@ -0,0 +1,149 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils java-pkg-2 java-ant-2 systemd user + +DESCRIPTION="A privacy-centric, anonymous network." +HOMEPAGE="https://geti2p.net" +SRC_URI="https://download.i2p2.de/releases/${PV}/i2psource_${PV}.tar.bz2" + +LICENSE="Apache-2.0 Artistic BSD CC-BY-2.5 CC-BY-3.0 CC-BY-SA-3.0 EPL-1.0 GPL-2 GPL-3 LGPL-2.1 LGPL-3 MIT public-domain WTFPL-2" +SLOT="0" + +# Until the deps reach other arches +KEYWORDS="~amd64 ~x86" +IUSE="nls" + +# dev-java/ant-core is automatically added due to java-ant-2.eclass +CP_DEPEND="dev-java/bcprov:1.50 + dev-java/jrobin:0 + dev-java/slf4j-api:0 + dev-java/tomcat-jstl-impl:0 + dev-java/tomcat-jstl-spec:0 + dev-java/java-service-wrapper:0" + +DEPEND="${CP_DEPEND} + dev-java/eclipse-ecj:* + dev-libs/gmp:0 + nls? ( >=sys-devel/gettext-0.19 ) + >=virtual/jdk-1.7" + +RDEPEND="${CP_DEPEND} + || ( + dev-java/icedtea:7[-sunec] + dev-java/icedtea:8[-sunec] + dev-java/icedtea-bin:7 + dev-java/icedtea-bin:8 + dev-java/oracle-jre-bin + dev-java/oracle-jdk-bin + )" + +EANT_BUILD_TARGET="pkg" +JAVA_ANT_ENCODING="UTF-8" + +I2P_ROOT='/usr/share/i2p' +I2P_CONFIG_HOME='/var/lib/i2p' +I2P_CONFIG_DIR="${I2P_CONFIG_HOME}/.i2p" + +RES_DIR='installer/resources' + +PATCHES=( + "${FILESDIR}/${P}-add_libs.patch" +) + +pkg_setup() { + java-pkg-2_pkg_setup + + enewgroup i2p + enewuser i2p -1 -1 "${I2P_CONFIG_HOME}" i2p +} + +src_unpack() { + unpack ${A} + cd "${S}" || die + java-ant_rewrite-classpath +} + +src_prepare() { + java-pkg-2_src_prepare + + # We're on GNU/Linux, we don't need .exe files + echo "noExe=true" > override.properties || die + if ! use nls; then + echo "require.gettext=false" >> override.properties || die + fi + + # avoid auto starting browser + sed -i 's|clientApp.4.startOnLoad=true|clientApp.4.startOnLoad=false|' \ + "${RES_DIR}/clients.config" || die + + # we do it now so we can resolve path after + default + + # replace paths as the installer would + sed -i "s|%INSTALL_PATH|${I2P_ROOT}|" \ + "${RES_DIR}/"{eepget,i2prouter,runplain.sh} || die + sed -i "s|\$INSTALL_PATH|${I2P_ROOT}|" "${RES_DIR}/wrapper.config" || die + sed -i "s|%SYSTEM_java_io_tmpdir|${I2P_CONFIG_DIR}|" \ + "${RES_DIR}/"{i2prouter,runplain.sh} || die + sed -i "s|%USER_HOME|${I2P_CONFIG_HOME}|" "${RES_DIR}/i2prouter" || die +} + +src_install() { + # cd into pkg-temp. + cd "${S}/pkg-temp" || die + + # This is ugly, but to satisfy all non-system .jar dependencies, jetty + # would need to be packaged. It would be too large a task + # for an unseasoned developer. This seems to be the most pragmatic solution + java-pkg_jarinto "${I2P_ROOT}/lib" + local i + for i in BOB commons-el commons-logging i2p i2psnark i2ptunnel \ + jasper-compiler jasper-runtime javax.servlet jbigi jetty* mstreaming org.mortbay.* router* \ + sam standard streaming systray; do + java-pkg_dojar lib/${i}.jar + done + + # Set up symlinks for binaries + dosym /usr/bin/wrapper "${I2P_ROOT}/i2psvc" + dosym "${I2P_ROOT}/i2prouter" /usr/bin/i2prouter + dosym "${I2P_ROOT}/eepget" /usr/bin/eepget + + # Install main files and basic documentation + exeinto "${I2P_ROOT}" + insinto "${I2P_ROOT}" + doins blocklist.txt hosts.txt *.config + doexe eepget i2prouter runplain.sh + dodoc history.txt INSTALL-headless.txt LICENSE.txt + doman man/* + + # Install other directories + doins -r certificates docs eepsite geoip scripts + dodoc -r licenses + java-pkg_dowar webapps/*.war + + # Install daemon files + newinitd "${FILESDIR}/${P}.initd" i2p + systemd_newunit "${FILESDIR}/${P}.service" i2p.service + + # setup user + keepdir "${I2P_CONFIG_DIR}" + fowners -R i2p:i2p "${I2P_CONFIG_DIR}" +} + +pkg_postinst() { + elog "Custom configuration belongs in ${I2P_CONFIG_DIR} to avoid being overwritten." + elog 'I2P can be configured through the web interface at http://localhost:7657/console' + elog + + ewarn "The router will migrate the jetty.xml for each Jetty website to the new Jetty 9 setup during startup." + ewarn "This should work for recent, unmodified configurations but may not work for modified or" + ewarn "very old setups. Verify that your Jetty website works after upgrading, and contact i2p" + ewarn "developers on IRC if you need assistance" + ewarn + ewarn "Several plugins are not compatible with Jetty 9 and must be updated if you use them." + ewarn "New updated version avaliable: i2pbote 0.4.6, zzzot 0.15.0." + ewarn "No new version so far: BwSchedule 0.0.36, i2pcontrol 0.11." +} diff --git a/net-vpn/i2p/i2p-0.9.31.ebuild b/net-vpn/i2p/i2p-0.9.31.ebuild new file mode 100644 index 000000000000..d64a1c13eda1 --- /dev/null +++ b/net-vpn/i2p/i2p-0.9.31.ebuild @@ -0,0 +1,152 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils java-pkg-2 java-ant-2 systemd user + +DESCRIPTION="A privacy-centric, anonymous network." +HOMEPAGE="https://geti2p.net" +SRC_URI="https://download.i2p2.de/releases/${PV}/i2psource_${PV}.tar.bz2" + +LICENSE="Apache-2.0 Artistic BSD CC-BY-2.5 CC-BY-3.0 CC-BY-SA-3.0 EPL-1.0 GPL-2 GPL-3 LGPL-2.1 LGPL-3 MIT public-domain WTFPL-2" +SLOT="0" + +# Until the deps reach other arches +KEYWORDS="~amd64 ~x86" +IUSE="+ecdsa nls" + +# dev-java/ant-core is automatically added due to java-ant-2.eclass +CP_DEPEND="dev-java/bcprov:1.50 + dev-java/jrobin:0 + dev-java/slf4j-api:0 + dev-java/tomcat-jstl-impl:0 + dev-java/tomcat-jstl-spec:0 + dev-java/java-service-wrapper:0" + +DEPEND="${CP_DEPEND} + dev-java/eclipse-ecj:* + dev-libs/gmp:0 + nls? ( >=sys-devel/gettext-0.19 ) + >=virtual/jdk-1.7" + +RDEPEND="${CP_DEPEND} + ecdsa? ( + || ( + dev-java/icedtea:7[-sunec] + dev-java/icedtea:8[-sunec] + dev-java/icedtea-bin:7 + dev-java/icedtea-bin:8 + dev-java/oracle-jre-bin + dev-java/oracle-jdk-bin + ) + ) + !ecdsa? ( >=virtual/jre-1.7 )" + +EANT_BUILD_TARGET="pkg" +JAVA_ANT_ENCODING="UTF-8" + +I2P_ROOT='/usr/share/i2p' +I2P_CONFIG_HOME='/var/lib/i2p' +I2P_CONFIG_DIR="${I2P_CONFIG_HOME}/.i2p" + +RES_DIR='installer/resources' + +PATCHES=( + "${FILESDIR}/${P}-add_libs.patch" +) + +pkg_setup() { + java-pkg-2_pkg_setup + + enewgroup i2p + enewuser i2p -1 -1 "${I2P_CONFIG_HOME}" i2p +} + +src_unpack() { + unpack ${A} + cd "${S}" || die + java-ant_rewrite-classpath +} + +src_prepare() { + java-pkg-2_src_prepare + + # We're on GNU/Linux, we don't need .exe files + echo "noExe=true" > override.properties || die + if ! use nls; then + echo "require.gettext=false" >> override.properties || die + fi + + # avoid auto starting browser + sed -i 's|clientApp.4.startOnLoad=true|clientApp.4.startOnLoad=false|' \ + "${RES_DIR}/clients.config" || die + + # we do it now so we can resolve path after + default + + # replace paths as the installer would + sed -i "s|%INSTALL_PATH|${I2P_ROOT}|" \ + "${RES_DIR}/"{eepget,i2prouter,runplain.sh} || die + sed -i "s|\$INSTALL_PATH|${I2P_ROOT}|" "${RES_DIR}/wrapper.config" || die + sed -i "s|%SYSTEM_java_io_tmpdir|${I2P_CONFIG_DIR}|" \ + "${RES_DIR}/"{i2prouter,runplain.sh} || die + sed -i "s|%USER_HOME|${I2P_CONFIG_HOME}|" "${RES_DIR}/i2prouter" || die +} + +src_install() { + # cd into pkg-temp. + cd "${S}/pkg-temp" || die + + # This is ugly, but to satisfy all non-system .jar dependencies, jetty + # would need to be packaged. It would be too large a task + # for an unseasoned developer. This seems to be the most pragmatic solution + java-pkg_jarinto "${I2P_ROOT}/lib" + local i + for i in BOB commons-el commons-logging i2p i2psnark i2ptunnel \ + jasper-compiler jasper-runtime javax.servlet jbigi jetty* mstreaming org.mortbay.* router* \ + sam standard streaming systray addressbook; do + java-pkg_dojar lib/${i}.jar + done + + # Set up symlinks for binaries + dosym /usr/bin/wrapper "${I2P_ROOT}/i2psvc" + dosym "${I2P_ROOT}/i2prouter" /usr/bin/i2prouter + dosym "${I2P_ROOT}/eepget" /usr/bin/eepget + + # Install main files and basic documentation + exeinto "${I2P_ROOT}" + insinto "${I2P_ROOT}" + doins blocklist.txt hosts.txt *.config + doexe eepget i2prouter runplain.sh + dodoc history.txt INSTALL-headless.txt LICENSE.txt + doman man/* + + # Install other directories + doins -r certificates docs eepsite geoip scripts + dodoc -r licenses + java-pkg_dowar webapps/*.war + + # Install daemon files + newinitd "${FILESDIR}/${P}.initd" i2p + systemd_newunit "${FILESDIR}/${P}.service" i2p.service + + # setup user + keepdir "${I2P_CONFIG_DIR}" + fowners -R i2p:i2p "${I2P_CONFIG_DIR}" +} + +pkg_postinst() { + elog "Custom configuration belongs in ${I2P_CONFIG_DIR} to avoid being overwritten." + elog 'I2P can be configured through the web interface at http://localhost:7657/console' + + if use !ecdsa + then + ewarn 'Currently, the i2p team does not enforce to use ECDSA keys. But it is more and' + ewarn 'more pushed. To help the network, you are recommended to have the ecdsa USE.' + ewarn + ewarn "This is purely a run-time issue. You're free to build i2p with any JDK, as long as" + ewarn 'the JVM you run it with is one of the above listed and from the same or a newer generation' + ewarn 'as the one you built with.' + fi +} diff --git a/net-vpn/i2p/metadata.xml b/net-vpn/i2p/metadata.xml new file mode 100644 index 000000000000..52ff64217713 --- /dev/null +++ b/net-vpn/i2p/metadata.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>tharvik@gmail.com</email> + <name>Tharvik</name> + <description>Proxy-maintainer; add or CC them for bugs</description> +</maintainer> +<maintainer type="person"> + <email>tomboy64@sina.cn</email> + <name>M.B.</name> + <description>Proxy-maintainer; add or CC them for bugs</description> +</maintainer> +<maintainer type="project"> + <email>java@gentoo.org</email> + <name>Java</name> +</maintainer> +<maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> +</maintainer> +<longdescription>I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.</longdescription> +<use> + <flag name="ecdsa">Enables additional checks to make sure a setup is available that is capable of using I2Ps ECDSA provisions. I2P will work without it, but you will likely see warnings.</flag> + <flag name="nls">Adds Native Language Support using GNU gettext.</flag> +</use> +</pkgmetadata> diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest new file mode 100644 index 000000000000..45f03974f682 --- /dev/null +++ b/net-vpn/i2pd/Manifest @@ -0,0 +1,14 @@ +AUX 99i2pd 44 SHA256 ecc85329d663182165bf6b5f672237a9f4f129f39f168d38c876345f3b83d765 SHA512 0bd08ff5b1b2ad8d91572efee848a760e2fb46d9c1a5ead3fbdde91d679d832d985905952b393eb523ec9d8f1815bf1512ae61fbc059d10f0773991ac097c23f WHIRLPOOL 08404eab764fa25ae0f5cbda5fa38deabcae913baf3e0d4e151ae34a0fb3383994d0ab4db15e60827a3fc18ebaf4e4f541163cc3825b3baf3c75533a08d4c94e +AUX i2pd-2.14.0-fix_installed_components.patch 1033 SHA256 ca441afc8782660a4638eb7dc730304dc78a8255411b5a24e87f6ec2073158db SHA512 b4d91487657d1d0b89b8a43eb962e7f87dfb56fdb40fd7e10f4818d1d87cd814833f72c823e808756545c580517b7ce8bf1e11e55d15addd84abc343587f9d66 WHIRLPOOL 8a6c3b5f65dc643da08a0cfe7fb3b990f66c706399c932a6a8aae9d5030ccccec8ba36361e565ef0926a09542ed1a0776a5f8a73d195d6458c8900c370b583ff +AUX i2pd-2.5.1-fix_installed_components.patch 930 SHA256 82ca45cb7a9836bafabd1c9a36b45e6ac4f0f7d36ebeeb53ed7ee9acca1d8c89 SHA512 974fa4ab13b55cb6d88eb87c94ebf883531c1b0ea87defda350088e917e5ba293c00c3aff17fe6714cbb7fd1179561b4f0c63ccd584ca93ad3d2c64f6f04069b WHIRLPOOL 78fc32e19a83df48ad8a0726a42bbbd2402d82e7d9370eb4dc2eb3907678ee8ba547dd0ec5512ed966136d76e8f01b56ef211c75402c0949f0f7ed2d81fff109 +AUX i2pd-2.6.0-r3.confd 322 SHA256 7418efe4fa996231485039c9c23244f892d6fdf51e9c9941e64459e42d779e35 SHA512 083f4c860d7556bd14f2765b098743c25f996ef16de3982430ff27ac7711051738d48709654441099ea8c755b6d9a6e25b52286f7e8c928d3f39f1207a9517a9 WHIRLPOOL 910beb68c933e0ad180b2c40a675871c345322bb8902566a4ea0eb1d983b8c8a86e1ebd53af8b47a1060bc176678cf172b43356cec8f96b544ca02402bc47007 +AUX i2pd-2.6.0-r3.initd 1386 SHA256 65df95b69c72d4ea37bea3465aab8cdc3ee814ce756bd0a1eeeb85a7c54cbd2f SHA512 8c894dc2c0dcc5318fe9551d2b314412509542f4b7784966ae69744eca8f9ccd3650ccb63321de67cf2b9dfe456295866e3d05d54e718e0e9c0c22ecfd5c2f5e WHIRLPOOL 6aec2b9351455d8081b857d7b9e31a66bbc7468b2bff56a94a209fa3f26744882f9f52027ab860a1080e8ee020551db29608f8447a495b445b21696b50bcb505 +AUX i2pd-2.6.0-r3.logrotate 215 SHA256 1e0a53c5d6997513c02a3530e5bbec2c866b5afbc0f7861943d7ea79c30f8e33 SHA512 e6080b719cb1616a96b4e4e9ff7074881f88dc699147fd5a201861c5836cf4807a00767a2c370f36e847b0d4ddb2129d8c3c3fc8043325fb8f3d0bc27feca2a3 WHIRLPOOL a52c160d313c9c66c48f9bbe6c7c91e08202b92bd708d7fca043bfb48e1089638a11e942836aa0ae8718b714315ce6aaa8e2c87523ebe6c937614b0dec84de22 +AUX i2pd-2.6.0-r3.service 638 SHA256 4281eeb7a174798d2dc419fe52f3e0c84053802e540e362d7601f609aff4bc8e SHA512 8e35123ea30325e9f1de3d488d96a35b6e983e006084e983ab116aa5febd64feacb7643f3d9c3c7c7865375518e1acef060b4b02e9b052036f8d42f9dcc47a87 WHIRLPOOL e3c4d0148527a0764a260d97f295d98a6fbd20d08ff2fdaef3e38e359a8a3233ba7989986031f1554f2f7c5c7fe350769bf5cf4dcd0a77c03d5d2329ca11d685 +DIST i2pd-2.13.0.tar.gz 3131893 SHA256 9fbf9750503dd565ba5b31b16e1de959bda59530f088d40b14618d3ef238b065 SHA512 146e68559f44bcc8447857a0deb8be4a59d1b8032826af368355f9e9309b619a3575f99fed2b45071784c728a2265cb6446e816baf797b71aeffa09d1cbdd004 WHIRLPOOL 62b65f1b0cd8f9bf04bbaae61604e664f1b7f6f8eea30b9b41227659f6237e2739d3943ad91852462b229b0b4a718213b96aed63758680af135598224ca2d50f +DIST i2pd-2.14.0.tar.gz 1906272 SHA256 3cb5751d9584449721e2f3ae878411b652863fa7093994f1d8cce1fd3b40bf71 SHA512 39e6cc0ed0456b93c9a7462e5630d7be87c3dda91887bef7aec50b404212f1cef02b94488ded1918eaf4264d9be5da767dab4652cf2b8470fadfa89886e42e7b WHIRLPOOL fcfb403889f33a0cce4ed9d9508b59c5deeade85230aec4929b0ee3a00ec57d9c3bf9644e13796e158bd1cd893f69b0cb9f86dba25543e0348ed743188dd3d2c +DIST i2pd-2.15.0.tar.gz 1834673 SHA256 87649a1963b1d1b8f9424c0bccbdf6bbde0bb87db8dcf0b5c61f4c7f13181b86 SHA512 78f3b14ef7c4896528c6bd54adfcd251f3a94a0e9315924e8a9b58e3e6d0cc2c9334026d2faa9bff9da5dd3c4195e84473161ed7911c5e0155a79f456033f077 WHIRLPOOL 69c69fde4db194ee8a932a955b7e8088370a39782e96db9e730efabf4cf904b9a01ada732ce043064b8e950b1b9e995909da31889ebdb9a141d6a9e1a366d2a0 +EBUILD i2pd-2.13.0.ebuild 2712 SHA256 819410a3c4f13370a3e310b93694d89b64d8adf0964b2d9bc48108682527ef87 SHA512 527249a7351584a7c3b050a77a08f8d40f7cd48e3dd0f3cee880f5380c16d9fbe1751c7d5e84fd41ec79a3639d8d2688f63b5ce53a41d96f8a1a6eeae35366f5 WHIRLPOOL f5db35bf36d59256fac6244f58ba1a6c52b8947bc0a8220e6fa32efc714e4ebd41d03b777616a47677d8e5f4c5dd4ca033d4708a7f09020564cde0caa99bf22c +EBUILD i2pd-2.14.0.ebuild 2713 SHA256 67b89965e81cefba6658e62cef21299c9485ad44454805bbfcf125ea9c546873 SHA512 6dab357df919d88107ebf0490e4fd7f3f0986ad6a26b452a25e4e8f7f85c5c17da8f48262a02ba6f09cc31f9fde7e09b27f01353d2de3c9093439ff2a7bbc04d WHIRLPOOL bc62172d52fd6eecd10c20f2d9b8c8c4df7653c49b7d262d30547d619c387b4cf551213eab5197a9114ffd54896672732e9f2978fcc2a01f7fd0ffd1c340c7f0 +EBUILD i2pd-2.15.0.ebuild 2787 SHA256 8cc1a39d1d88e1362f4d718b7aa8e4f439e6161107a41755b8704eb90e964a12 SHA512 f90d7fa0780b31e923e37daf0b453a80277d532c61cdeff3970be0d2c148715ddc707673ae66ef0691c6d574fb6e0d04a56a751956bbc8156f48a08aa368f8cf WHIRLPOOL 67e94951cac39a5b9ad5b5fc55f53c4f1edc46093bf73dc398c362ee534ee3db7216708be729a037eaf5233156b130cb599aaffa33a26ef79342486eb39c877f +MISC metadata.xml 878 SHA256 bdbbcda7e96f504a10142047e6ff580a2d3a67aafac8d69a18402d0c001668dd SHA512 9aa7d6f8b88b8432c0e2b4df77292471fb6254622031fead20ea0c8eee0dfcf0bd9bda19a309d6526c30d412c45093dd2e9898c9a8270e6ada3f723dbb665c76 WHIRLPOOL e1431581efe813cf99cafe0307980da74236c39d8bfeac82f9c55dd752b9aacd2cee3db0885114d7676167f5fa36d7ba2ce4811137fd6b41a096a84eabdad3b8 diff --git a/net-vpn/i2pd/files/99i2pd b/net-vpn/i2pd/files/99i2pd new file mode 100644 index 000000000000..3cf3b46797c4 --- /dev/null +++ b/net-vpn/i2pd/files/99i2pd @@ -0,0 +1 @@ +CONFIG_PROTECT="/var/lib/i2pd/certificates" diff --git a/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch b/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch new file mode 100644 index 000000000000..fe7bdcc4083f --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.14.0-fix_installed_components.patch @@ -0,0 +1,31 @@ +--- a/build/CMakeLists.txt ++++ b/build/CMakeLists.txt +@@ -455,20 +455,7 @@ if (WITH_BINARY) + endif () + endif () + +-install(FILES ../LICENSE +- DESTINATION . +- COMPONENT Runtime +- ) +-# Take a copy on Appveyor +-install(FILES "C:/projects/openssl-$ENV{OPENSSL}/LICENSE" +- DESTINATION . +- COMPONENT Runtime +- RENAME LICENSE_OPENSSL +- OPTIONAL # for local builds only! +- ) +- + file(GLOB_RECURSE I2PD_SOURCES "../libi2pd/*.cpp" "../libi2pd_client/*.cpp" "../daemon/*.cpp" "../build" "../Win32" "../Makefile*") +-install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONENT Source) + # install(DIRECTORY ../ DESTINATION src/ + # # OPTIONAL + # COMPONENT Source FILES_MATCHING +@@ -477,7 +464,6 @@ install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONENT Source) + # ) + + file(GLOB I2PD_HEADERS "../libi2pd/*.h" "../libi2pd_client/*.h" "../daemon/*.h") +-install(FILES ${I2PD_HEADERS} DESTINATION src/ COMPONENT Headers) + # install(DIRECTORY ../ DESTINATION src/ + # # OPTIONAL + # COMPONENT Headers FILES_MATCHING diff --git a/net-vpn/i2pd/files/i2pd-2.5.1-fix_installed_components.patch b/net-vpn/i2pd/files/i2pd-2.5.1-fix_installed_components.patch new file mode 100644 index 000000000000..0416901117c5 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.5.1-fix_installed_components.patch @@ -0,0 +1,30 @@ +--- a/build/CMakeLists.txt.old 2016-02-04 21:30:50.954251000 +0100 ++++ b/build/CMakeLists.txt 2016-02-04 21:34:50.457793484 +0100 +@@ -356,10 +356,6 @@ + endif () + endif () + +-install(FILES ../LICENSE +- DESTINATION . +- COMPONENT Runtime +- ) + # Take a copy on Appveyor + install(FILES "C:/projects/openssl-$ENV{OPENSSL}/LICENSE" + DESTINATION . +@@ -369,7 +365,6 @@ + ) + + file(GLOB_RECURSE I2PD_SOURCES "../*.cpp" "../build" "../Win32" "../Makefile*") +-install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONENT Source) + # install(DIRECTORY ../ DESTINATION src/ + # # OPTIONAL + # COMPONENT Source FILES_MATCHING +@@ -378,7 +373,7 @@ + # ) + + file(GLOB I2PD_HEADERS "../*.h") +-install(FILES ${I2PD_HEADERS} DESTINATION src/ COMPONENT Headers) ++install(FILES ${I2PD_HEADERS} DESTINATION "include/${PROJECT_NAME}" COMPONENT Headers) + # install(DIRECTORY ../ DESTINATION src/ + # # OPTIONAL + # COMPONENT Headers FILES_MATCHING diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd new file mode 100644 index 000000000000..d2ef16b0f61c --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd @@ -0,0 +1,12 @@ +I2PD_USER=i2pd +I2PD_GROUP=i2pd +I2PD_LOG=/var/log/i2pd.log +I2PD_PID=/run/i2pd/i2pd.pid + +# max number of open files (for floodfill) +rc_ulimit="-n 4096" + +# Options to i2pd +I2PD_OPTIONS="--daemon --service --pidfile=${I2PD_PID} \ +--log=file --logfile=${I2PD_LOG} \ +--conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf" diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.initd b/net-vpn/i2pd/files/i2pd-2.6.0-r3.initd new file mode 100644 index 000000000000..09c83927b206 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.initd @@ -0,0 +1,45 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="C++ daemon for accessing the I2P network" +description_graceful="Graceful shutdown, takes 10 minutes" + +command="/usr/bin/i2pd" +command_args="${I2PD_OPTIONS}" +user="${I2PD_USER}:${I2PD_GROUP}" +start_stop_daemon_args=" + --user \"${user}\" + --pidfile \"${I2PD_PID}\" + --progress --retry 'SIGTERM/20/SIGKILL/20' +" +I2PD_PID_DIR=$(dirname "${I2PD_PID}") + +extra_started_commands="graceful" + +depend() { + use dns logger netmount +} + +start_pre() { + if [ -z "${I2PD_USER}" ] || \ + [ -z "${I2PD_GROUP}" ] || \ + [ -z "${I2PD_PID}" ] || \ + [ -z "${I2PD_LOG}" ] || \ + [ -z "${I2PD_OPTIONS}" ] ; then + eerror "Not all variables I2PD_USER, I2PD_GROUP, I2PD_PID, I2PD_OPTIONS, I2PD_LOG are defined." + eerror "Check your /etc/conf.d/i2pd." + return 1 + fi + checkpath -f -o "${user}" "${I2PD_LOG}" + checkpath -d -m 0750 -o "${user}" "${I2PD_PID_DIR}" +} + +graceful() { + # on SIGINT, i2pd stops accepting tunnels and shuts down in 600 seconds + ebegin "Gracefully stopping i2pd, this takes 10 minutes" + mark_service_stopping + eval start-stop-daemon --stop ${start_stop_daemon_args} \ + --exec "${command}" --retry 'SIGINT/620/SIGTERM/20/SIGKILL/20' + eend $? && mark_service_stopped +} diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.logrotate b/net-vpn/i2pd/files/i2pd-2.6.0-r3.logrotate new file mode 100644 index 000000000000..251128b7be78 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.logrotate @@ -0,0 +1,11 @@ +/var/log/i2pd.log { + rotate 4 + weekly + missingok + notifempty + create 640 i2pd i2pd + postrotate + /bin/kill -HUP $(cat /run/i2pd/i2pd.pid) + endscript +} + diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.service b/net-vpn/i2pd/files/i2pd-2.6.0-r3.service new file mode 100644 index 000000000000..6821a00552df --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.service @@ -0,0 +1,21 @@ +[Unit] +Description=C++ daemon for accessing the I2P network +After=network.target + +[Service] +Type=forking +Restart=on-abnormal +PIDFile=/run/i2pd/i2pd.pid +User=i2pd +Group=i2pd +LimitNOFILE=4096 +PermissionsStartOnly=yes +ExecStartPre=/bin/mkdir -p /run/i2pd +ExecStartPre=/bin/chown i2pd:i2pd /run/i2pd +ExecStartPre=/bin/touch /run/i2pd/i2pd.pid /var/log/i2pd.log +ExecStartPre=/bin/chown i2pd:i2pd /run/i2pd/i2pd.pid /var/log/i2pd.log +ExecStart=/usr/bin/i2pd --daemon --service --pidfile=/run/i2pd/i2pd.pid --log=file --logfile=/var/log/i2pd.log --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf + +[Install] +WantedBy=multi-user.target + diff --git a/net-vpn/i2pd/i2pd-2.13.0.ebuild b/net-vpn/i2pd/i2pd-2.13.0.ebuild new file mode 100644 index 000000000000..d4c839774f70 --- /dev/null +++ b/net-vpn/i2pd/i2pd-2.13.0.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit eutils systemd user cmake-utils + +DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" +HOMEPAGE="https://github.com/PurpleI2P/i2pd" +SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="cpu_flags_x86_aes i2p-hardening libressl pch static +upnp" + +RDEPEND="!static? ( >=dev-libs/boost-1.49[threads] + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + upnp? ( net-libs/miniupnpc ) + )" +DEPEND="${RDEPEND} + static? ( >=dev-libs/boost-1.49[static-libs,threads] + !libressl? ( dev-libs/openssl:0[static-libs] ) + libressl? ( dev-libs/libressl[static-libs] ) + upnp? ( net-libs/miniupnpc[static-libs] ) ) + i2p-hardening? ( >=sys-devel/gcc-4.7 ) + || ( >=sys-devel/gcc-4.7 >=sys-devel/clang-3.3 )" + +I2PD_USER=i2pd +I2PD_GROUP=i2pd + +CMAKE_USE_DIR="${S}/build" + +DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf ) + +PATCHES=( "${FILESDIR}/${PN}-2.5.1-fix_installed_components.patch" ) + +src_configure() { + mycmakeargs=( + -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF) + -DWITH_HARDENING=$(usex i2p-hardening ON OFF) + -DWITH_PCH=$(usex pch ON OFF) + -DWITH_STATIC=$(usex static ON OFF) + -DWITH_UPNP=$(usex upnp ON OFF) + -DWITH_LIBRARY=ON + -DWITH_BINARY=ON + ) + cmake-utils_src_configure +} + +src_install() { + cmake-utils_src_install + + # config + insinto /etc/i2pd + doins contrib/i2pd.conf + doins contrib/tunnels.conf + + # grant i2pd group read and write access to config files + fowners "root:${I2PD_GROUP}" \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + fperms 660 \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + + # working directory + keepdir /var/lib/i2pd + insinto /var/lib/i2pd + doins -r contrib/certificates + fowners "${I2PD_USER}:${I2PD_GROUP}" /var/lib/i2pd/ + fperms 700 /var/lib/i2pd/ + + # add /var/lib/i2pd/certificates to CONFIG_PROTECT + doenvd "${FILESDIR}/99i2pd" + + # openrc and systemd daemon routines + newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd + newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd + systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service + + # logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}/i2pd-2.6.0-r3.logrotate" i2pd +} + +pkg_setup() { + enewgroup "${I2PD_GROUP}" + enewuser "${I2PD_USER}" -1 -1 /var/lib/run/i2pd "${I2PD_GROUP}" +} + +pkg_postinst() { + if [[ -f ${EROOT%/}/etc/i2pd/subscriptions.txt ]]; then + ewarn + ewarn "Configuration of the subscriptions has been moved from" + ewarn "subscriptions.txt to i2pd.conf. We recommend updating" + ewarn "i2pd.conf accordingly and deleting subscriptions.txt." + fi +} diff --git a/net-vpn/i2pd/i2pd-2.14.0.ebuild b/net-vpn/i2pd/i2pd-2.14.0.ebuild new file mode 100644 index 000000000000..752102811a0f --- /dev/null +++ b/net-vpn/i2pd/i2pd-2.14.0.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit eutils systemd user cmake-utils + +DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" +HOMEPAGE="https://github.com/PurpleI2P/i2pd" +SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="cpu_flags_x86_aes i2p-hardening libressl pch static +upnp" + +RDEPEND="!static? ( >=dev-libs/boost-1.49[threads] + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + upnp? ( net-libs/miniupnpc ) + )" +DEPEND="${RDEPEND} + static? ( >=dev-libs/boost-1.49[static-libs,threads] + !libressl? ( dev-libs/openssl:0[static-libs] ) + libressl? ( dev-libs/libressl[static-libs] ) + upnp? ( net-libs/miniupnpc[static-libs] ) ) + i2p-hardening? ( >=sys-devel/gcc-4.7 ) + || ( >=sys-devel/gcc-4.7 >=sys-devel/clang-3.3 )" + +I2PD_USER=i2pd +I2PD_GROUP=i2pd + +CMAKE_USE_DIR="${S}/build" + +DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf ) + +PATCHES=( "${FILESDIR}/${PN}-2.14.0-fix_installed_components.patch" ) + +src_configure() { + mycmakeargs=( + -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF) + -DWITH_HARDENING=$(usex i2p-hardening ON OFF) + -DWITH_PCH=$(usex pch ON OFF) + -DWITH_STATIC=$(usex static ON OFF) + -DWITH_UPNP=$(usex upnp ON OFF) + -DWITH_LIBRARY=ON + -DWITH_BINARY=ON + ) + cmake-utils_src_configure +} + +src_install() { + cmake-utils_src_install + + # config + insinto /etc/i2pd + doins contrib/i2pd.conf + doins contrib/tunnels.conf + + # grant i2pd group read and write access to config files + fowners "root:${I2PD_GROUP}" \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + fperms 660 \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + + # working directory + keepdir /var/lib/i2pd + insinto /var/lib/i2pd + doins -r contrib/certificates + fowners "${I2PD_USER}:${I2PD_GROUP}" /var/lib/i2pd/ + fperms 700 /var/lib/i2pd/ + + # add /var/lib/i2pd/certificates to CONFIG_PROTECT + doenvd "${FILESDIR}/99i2pd" + + # openrc and systemd daemon routines + newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd + newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd + systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service + + # logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}/i2pd-2.6.0-r3.logrotate" i2pd +} + +pkg_setup() { + enewgroup "${I2PD_GROUP}" + enewuser "${I2PD_USER}" -1 -1 /var/lib/run/i2pd "${I2PD_GROUP}" +} + +pkg_postinst() { + if [[ -f ${EROOT%/}/etc/i2pd/subscriptions.txt ]]; then + ewarn + ewarn "Configuration of the subscriptions has been moved from" + ewarn "subscriptions.txt to i2pd.conf. We recommend updating" + ewarn "i2pd.conf accordingly and deleting subscriptions.txt." + fi +} diff --git a/net-vpn/i2pd/i2pd-2.15.0.ebuild b/net-vpn/i2pd/i2pd-2.15.0.ebuild new file mode 100644 index 000000000000..4dbcc37bd004 --- /dev/null +++ b/net-vpn/i2pd/i2pd-2.15.0.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit eutils systemd user cmake-utils + +DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" +HOMEPAGE="https://github.com/PurpleI2P/i2pd" +SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="cpu_flags_x86_aes i2p-hardening libressl static +upnp websocket" + +RDEPEND="!static? ( >=dev-libs/boost-1.49[threads] + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + upnp? ( net-libs/miniupnpc ) + websocket? ( dev-cpp/websocketpp ) + )" +DEPEND="${RDEPEND} + static? ( >=dev-libs/boost-1.49[static-libs,threads] + !libressl? ( dev-libs/openssl:0[static-libs] ) + libressl? ( dev-libs/libressl[static-libs] ) + upnp? ( net-libs/miniupnpc[static-libs] ) ) + i2p-hardening? ( >=sys-devel/gcc-4.7 ) + || ( >=sys-devel/gcc-4.7 >=sys-devel/clang-3.3 )" + +I2PD_USER=i2pd +I2PD_GROUP=i2pd + +CMAKE_USE_DIR="${S}/build" + +DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf ) + +PATCHES=( "${FILESDIR}/${PN}-2.14.0-fix_installed_components.patch" ) + +src_configure() { + mycmakeargs=( + -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF) + -DWITH_HARDENING=$(usex i2p-hardening ON OFF) + -DWITH_PCH=OFF + -DWITH_STATIC=$(usex static ON OFF) + -DWITH_UPNP=$(usex upnp ON OFF) + -DWITH_WEBSOCKETS=$(usex websocket ON OFF) + -DWITH_LIBRARY=ON + -DWITH_BINARY=ON + ) + cmake-utils_src_configure +} + +src_install() { + cmake-utils_src_install + + # config + insinto /etc/i2pd + doins contrib/i2pd.conf + doins contrib/tunnels.conf + + # grant i2pd group read and write access to config files + fowners "root:${I2PD_GROUP}" \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + fperms 660 \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + + # working directory + keepdir /var/lib/i2pd + insinto /var/lib/i2pd + doins -r contrib/certificates + fowners "${I2PD_USER}:${I2PD_GROUP}" /var/lib/i2pd/ + fperms 700 /var/lib/i2pd/ + + # add /var/lib/i2pd/certificates to CONFIG_PROTECT + doenvd "${FILESDIR}/99i2pd" + + # openrc and systemd daemon routines + newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd + newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd + systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service + + # logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}/i2pd-2.6.0-r3.logrotate" i2pd +} + +pkg_setup() { + enewgroup "${I2PD_GROUP}" + enewuser "${I2PD_USER}" -1 -1 /var/lib/run/i2pd "${I2PD_GROUP}" +} + +pkg_postinst() { + if [[ -f ${EROOT%/}/etc/i2pd/subscriptions.txt ]]; then + ewarn + ewarn "Configuration of the subscriptions has been moved from" + ewarn "subscriptions.txt to i2pd.conf. We recommend updating" + ewarn "i2pd.conf accordingly and deleting subscriptions.txt." + fi +} diff --git a/net-vpn/i2pd/metadata.xml b/net-vpn/i2pd/metadata.xml new file mode 100644 index 000000000000..3c324dceacc1 --- /dev/null +++ b/net-vpn/i2pd/metadata.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>kaikaikai@yandex.ru</email> + <name>Alexey Korepanov</name> + </maintainer> + <maintainer type="person"> + <email>klondike@gentoo.org</email> + <name>Francisco Blas Izquierdo Riera</name> + </maintainer> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <maintainer type="person"> + <email>tomboy64@sina.cn</email> + <name>Proxy maintainer. Please subscribe to bugs.</name> + </maintainer> + <use> + <flag name="i2p-hardening"> + Compile with hardening on vanilla compilers/linkers + </flag> + <flag name="websocket"> + Enable websocket server + </flag> + </use> + <upstream> + <remote-id type="github">PurpleI2P/i2pd</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/iodine/Manifest b/net-vpn/iodine/Manifest new file mode 100644 index 000000000000..cbb9b5a82406 --- /dev/null +++ b/net-vpn/iodine/Manifest @@ -0,0 +1,7 @@ +AUX iodine-0.7.0-TestMessage.patch 350 SHA256 f815fdd15c705a08cfe0bfc6acfe364a3d2ddb87ce58425fc324ce7a846454be SHA512 cdc482fdab22fc5ee612416161b2a93d4967211a47f9688a57737eef06bb48896c753f57df6bb3e8f826d78ac17955ce93d518e231e3e6ef507b53e050e47dca WHIRLPOOL 1274243a38b8d5e7b7792cf6bb6af902f456decef0877c533ab919b3b4c79e68b2268fc20358d442e6bf052fccccffdaf30d7662c6eaf8e86f39f34b4e7f0df3 +AUX iodine-0.7.0-new-systemd.patch 440 SHA256 200c21bdc6614868c9048650649822bbceba587a889b314e2364ae814063a948 SHA512 ec2f0402ad332278382328ea9278832e09afc99aeee75167be854e73e46a4980c347b1119e2f198f8ad85af5deecb811be0061b00d6874fc86c60313d8cfbb4b WHIRLPOOL 96571fc9e0d2c76232ad84afe144280cd749b8a43b0a9f8fb084b649b6bda96ee8af2da146f943fd90ab8ba7413e7a5835ed9be153d71b0c357dbb2581af00f3 +AUX iodined-1.init 1422 SHA256 28e4ebcd546ba1dfd61eef9d517813f6bbd084d18a243d2e80111c699bd41ccb SHA512 c146c16f10574a16971d81010ab51f6fa68ebbd3275e50f18bfeb4dde5976ab97a9817d26bbe7d2b8cce3c4a8624a7627674528b30a4e958b4523cee03d6e1c9 WHIRLPOOL e72c6f6388998dbf3a200d63e9538eeb059c7f7ab73f3cb2625727cd44b357860d7df5a0eb9b53770fd16abc0ed6a1613d479f9fa35ecf6fec778e147e32663d +AUX iodined.conf 1547 SHA256 01860664e8121308d0efb17258374a8a248293c4ed375a5b6f50d6568ceb8750 SHA512 3aab274be5670e4dc59fbf4fa9b5d6bfb1363ea081a8cf5c3d881007ca6d54a725038edd3b06f0aa24fb71756c4a54e96374867063ac1310ef9ce3a2ff25943d WHIRLPOOL 4be58489794458d4f208757445f0e8b2f07811e38889fbc41a446a4944289cc52ec1a1d31ca7da6eb771a6022c7cbdb13f151ec4946d90984f9046b1434106b4 +DIST iodine-0.7.0.tar.gz 96181 SHA256 ad2b40acf1421316ec15800dcde0f587ab31d7d6f891fa8b9967c4ded93c013e SHA512 49fe4f0cf614d3400cbfdade84eb4f50430f8f92004f663a08acc1514e8ff342443a8c3f855828bbca1864a3fafe419b5256f8a80fc4024b364d4c8c953fc0ec WHIRLPOOL ac098f9a409c75768b6b2da0f755560ea932a97855df32aefe860237a28ebf1ef1b576860378575522221214d9dc65c26f0297fafe628ea770e4449217c5d593 +EBUILD iodine-0.7.0-r2.ebuild 1110 SHA256 30fadcacf5fc913489b21a344005b46b13b105054108798bf689cde048ab4537 SHA512 1d2da5558a9389e73231c2425f931ffc1599436efe6a711bbdcde9589904999a55ab558c9b14d3aa82fc9e68c903c35b966c19b53e8c49612a96f97b10f531ec WHIRLPOOL 36eb1b8f15d140cd68cc3d52f2d544292dfd7605561c5eaaff9f9479e333ae15006ff1cf6cc280d326405cb768510e2d19901f0612b19ea3dc0013aa0611aaf5 +MISC metadata.xml 665 SHA256 95f6f6f4b9020dcf0bb89ead1cefef957ddeca069ef7b4d25cb94a1609ce6239 SHA512 aba04b987caa1922dc375984544cf614b3bc4f43441a17dcd1e1488b237371be21edecb22043fdd6a4648c2fca360ecc2855d70d8d9f85bed53f6e837b07776f WHIRLPOOL d886632417d588f7340c9ded78aa074477040091a67b7677b8fc4f519394bb34d98fe3e8575be15581fa35794fac51b8b7b07755944bb946991760ae548a14f8 diff --git a/net-vpn/iodine/files/iodine-0.7.0-TestMessage.patch b/net-vpn/iodine/files/iodine-0.7.0-TestMessage.patch new file mode 100644 index 000000000000..6b814b6f2d74 --- /dev/null +++ b/net-vpn/iodine/files/iodine-0.7.0-TestMessage.patch @@ -0,0 +1,12 @@ +--- iodine-0.7.0/Makefile ++++ iodine-0.7.0/Makefile +@@ -35,8 +35,7 @@ + $(RM) $(RM_FLAGS) $(DESTDIR)$(mandir)/man8/iodine.8 + + test: all +- @echo "!! The check library is required for compiling and running the tests" +- @echo "!! Get it at http://check.sf.net" ++ @echo "Executing tests target" + @(cd tests; $(MAKE) TARGETOS=$(TARGETOS) all) + + clean: diff --git a/net-vpn/iodine/files/iodine-0.7.0-new-systemd.patch b/net-vpn/iodine/files/iodine-0.7.0-new-systemd.patch new file mode 100644 index 000000000000..e18b64a086fe --- /dev/null +++ b/net-vpn/iodine/files/iodine-0.7.0-new-systemd.patch @@ -0,0 +1,16 @@ +diff --git a/src/osflags b/src/osflags +index 9eda8f0..0f8a26c 100755 +--- a/src/osflags ++++ b/src/osflags +@@ -19,7 +19,7 @@ link) + Linux) + FLAGS=""; + [ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -lselinux"; +- [ -e /usr/include/systemd/sd-daemon.h ] && FLAGS="$FLAGS -lsystemd-daemon"; ++ [ -e /usr/include/systemd/sd-daemon.h ] && FLAGS="$FLAGS $(pkg-config --libs libsystemd)"; + echo $FLAGS; + ;; + esac +-- +1.9.3 + diff --git a/net-vpn/iodine/files/iodined-1.init b/net-vpn/iodine/files/iodined-1.init new file mode 100644 index 000000000000..edee6c6ac31a --- /dev/null +++ b/net-vpn/iodine/files/iodined-1.init @@ -0,0 +1,61 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +PID_FILE="/run/iodined.pid" + +depend() { + need net +} + +start() { + ebegin "Starting iodined" + ARGS="" + if [ "$IODINED_USER" ]; then + ARGS="$ARGS -u $IODINED_USER" + fi + if [ "$IODINED_CHROOT" ]; then + ARGS="$ARGS -t $IODINED_CHROOT" + fi + if [ "$IODINED_MTU" ]; then + ARGS="$ARGS -m $IODINED_MTU" + fi + if [ "$IODINED_LISTENPORT" ]; then + ARGS="$ARGS -p $IODINED_LISTENPORT" + fi + if [ "$IODINED_EXTERN_IP" ]; then + ARGS="$ARGS -n $IODINED_EXTERN_IP" + fi + if [ "$IODINED_LOCAL_DNS_PORT" ]; then + ARGS="$ARGS -b $IODINED_LOCAL_DNS_PORT" + fi + if [ "$IODINED_LISTENIP" ]; then + ARGS="$ARGS -l $IODINED_LISTENIP" + fi + if [ "$IODINED_PASSWD" ]; then + ARGS="$ARGS -P $IODINED_PASSWD" + else + eerror "Please set a password (IODINED_PASSWD) in /etc/conf.d/iodined!" + return 1 + fi + if [ "$IODINED_IP" ]; then + ARGS="$ARGS $IODINED_IP" + else + eerror "Please set an IP (IODINED_IP) in /etc/conf.d/iodined!" + return 1 + fi + if [ "$IODINED_DOMAIN" ]; then + ARGS="$ARGS $IODINED_DOMAIN" + else + eerror "Please set a domain (IODINED_DOMAIN) in /etc/conf.d/iodined!" + return 1 + fi + start-stop-daemon --start --exec /usr/sbin/iodined --pidfile $PID_FILE -- -F $PID_FILE $ARGS + eend $? +} + +stop() { + ebegin "Stopping iodined" + start-stop-daemon --stop --exec /usr/sbin/iodined --pidfile $PID_FILE + eend $? +} diff --git a/net-vpn/iodine/files/iodined.conf b/net-vpn/iodine/files/iodined.conf new file mode 100644 index 000000000000..7889b0892eea --- /dev/null +++ b/net-vpn/iodine/files/iodined.conf @@ -0,0 +1,44 @@ +# /etc/conf.d/iodined: config file for /etc/init.d/iodined + +# Drop privileges to this user after startup +# This is used by the -u argument. Comment out to keep running as root. +IODINED_USER="nobody" + +# Chroot to this directory after startup +# This is used by the -t argument. Comment out to avoid chroot. +IODINED_CHROOT="/var/empty" + +# This password needs to be used in all clients when they connect +# This is used by the -P argument +IODINED_PASSWD="" + +# This is the MTU (Max Transmit Unit) used in the tunnel. +# You probably dont need this field at all, downstream data will +# now be fragmented. This is used by the -m argument +#IODINED_MTU=1020 + +# The server port to listen on. You should normally not change this. +# See man page. This is used by the -p argument +#IODINED_LISTENPORT=53 + +# The IP address to return as reply to NS queries. If not set, it will +# be the destination address of the query. Used by the -n argument +#IODINED_EXTERN_IP=1.1.1.1 + +# The port used by a "real" DNS server on localhost. Queries for +# domains not handled by iodined will be forwarded to this port, +# and answers will be routed back. Used by the -b argument +#IODINED_LOCAL_DNS_PORT=5353 + +# The IP number to listen on. +# This is used by the -l argument +#IODINED_LISTENIP=127.0.0.1 + +# This IP number will be used by the local tun device. +IODINED_IP="172.28.0.1" + +# Use subdomains to this domain for network tunneling +# If a real domain is used, it should be delegated to this server with +# a NS entry in the domain zone (see man page) +IODINED_DOMAIN="blah.abc" + diff --git a/net-vpn/iodine/iodine-0.7.0-r2.ebuild b/net-vpn/iodine/iodine-0.7.0-r2.ebuild new file mode 100644 index 000000000000..a45c117fe2a1 --- /dev/null +++ b/net-vpn/iodine/iodine-0.7.0-r2.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit linux-info eutils toolchain-funcs + +DESCRIPTION="IP over DNS tunnel" +HOMEPAGE="http://code.kryo.se/iodine/" +SRC_URI="http://code.kryo.se/${PN}/${P}.tar.gz" + +CONFIG_CHECK="~TUN" + +LICENSE="ISC GPL-2" #GPL-2 for init script bug #426060 +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="test" + +RDEPEND="sys-libs/zlib" +DEPEND="${RDEPEND} + test? ( dev-libs/check )" + +src_prepare(){ + epatch "${FILESDIR}"/${P}-TestMessage.patch + epatch "${FILESDIR}"/${P}-new-systemd.patch + + sed -e '/^\s@echo \(CC\|LD\)/d' \ + -e 's:^\(\s\)@:\1:' \ + -i {,src/}Makefile || die + + tc-export CC +} + +src_compile() { + #shipped ./Makefiles doesn't pass -j<n> to submake + emake -C src TARGETOS=Linux all +} + +src_install() { + #don't re-run submake + sed -e '/^install:/s: all: :' \ + -i Makefile || die + emake prefix="${EPREFIX}"usr DESTDIR="${D}" install + + dodoc CHANGELOG README TODO + + newinitd "${FILESDIR}"/iodined-1.init iodined + newconfd "${FILESDIR}"/iodined.conf iodined + keepdir /var/empty + fperms 600 /etc/conf.d/iodined +} diff --git a/net-vpn/iodine/metadata.xml b/net-vpn/iodine/metadata.xml new file mode 100644 index 000000000000..073848fe4147 --- /dev/null +++ b/net-vpn/iodine/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>root@kryo.se</email> + <name>Erik Ekman</name> + </maintainer> + <maintainer type="person"> + <email>zx2c4@gentoo.org</email> + <name>Jason A. Donenfeld</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription>iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed</longdescription> +</pkgmetadata> diff --git a/net-vpn/ipsec-tools/Manifest b/net-vpn/ipsec-tools/Manifest new file mode 100644 index 000000000000..0ae22deb53f0 --- /dev/null +++ b/net-vpn/ipsec-tools/Manifest @@ -0,0 +1,15 @@ +AUX ipsec-tools-0.8.0-sysctl.patch 485 SHA256 eb94a1f77ac9c194e51c2f64b65d9c8f70ff109fdfe77f72801449277b7312f4 SHA512 a2a96cea5c2b451665d54572e471a6c2b4fb72382dcd90bda536aaabf78cdd36d630d5c1fa56372b95066dc7dffd56480d3402fdbe2d56825a017b2cc075ac66 WHIRLPOOL 54c8f99ef2881e0fdf1e1aaf7c7908e9fac31326da9a15df160f81f4b9a8bb7a4db738ebd8c888c9a0bfae7e558c48231cb6413e1e953309a658ad12bfb9e106 +AUX ipsec-tools-CVE-2015-4047.patch 517 SHA256 75c155d74b478538ecf83047d992242671af76b396e49645da882f32ab4d134f SHA512 1dfda43a9d5919fbf274a28addbf798083f48094c65b88426d471a56e5339b72c9438c36efc6d6a3d74b4a084103c2fd4d1f974cbe494ee1228b2dbcaa304b49 WHIRLPOOL 2fb9feb8d7a802c646ed7ffa2aec5eb42794f555692c27107e28ad4db3f274e32a83429be012be64619683787d2f9dd12dcac7593e43e224415ffe3a6b1ca39b +AUX ipsec-tools-def-psk.patch 907 SHA256 15da775a7da892b7e99f0a6e531bdb9f37cc9d81c004f8a439152445f960f656 SHA512 683f168fac390df602ece1608db7f65370749c291e837497fa68fe4f39ddab907d10d67d4c80d583d7f12a1ea0bf02ba98d228e7c6e9267b49a1a8a7e57e99c4 WHIRLPOOL cfe93bc7e71aa627b973b416acfcdf9f9346ef5237726a079a0da3a383f949bb780624482f1f17b93cc43fc786711c4d8d3abc173f600f05d8790639cbed911a +AUX ipsec-tools-include-vendoridh.patch 434 SHA256 be0fd6ec217405a6f1ab97231568297e705d995d0f5fa8a6ebae896e1b2e910c SHA512 fc39e09dd7b1a2d3b6cdfbfad9f4978ab5d070ae2435cf77fe2283b566bea1d58cd26dbf6cafb563587200724c9602a32ce737fd163b757872e8a6d2c8007d5c WHIRLPOOL 1507b428ab919b0e45125ec4901af6b3a764a33c98cae6e2df0c061432414cb61e980606d24f55054d4433203f5eca3a123d4dd6dfd74645d7bc222f66cab1bd +AUX ipsec-tools.conf 1209 SHA256 a9a6cbf1bd42aaefdb637814bc6198079bab84e37888e1b705f938f590978816 SHA512 727297a06b75b883a7bd730d84f7a7cec04f81b51df71a6d2419602d835abe3c958d27aac176e29e2463421792843517bda802b3437b306ab43e94d178593bfa WHIRLPOOL 9c8f70c3c117e5cc4a1793637a101920ffd9126e02373db4e68b9eba4588a385cbc08fc81a0b5bf3ae0bff3d9de20a5a14b020e6d62effb97bce790ce4e74437 +AUX ipsec-tools.service 282 SHA256 a94517631d39f4883ab7b3ae394274bd60c45eb4f2edddab4a92a43dc3645d72 SHA512 71a6accf8a77a837107c627843363aa63cecfb94f3d853a9bae22ed3bd796a0f0dfdae6794fcd74a76d0583b8128e273e07b707451297273fc141f43461222e3 WHIRLPOOL 43c2c9133bf489a92c406d950e2fda2e2b427d0a42a6cb2165814c76e2b2f3def2adc9e491a024619d313861b8ac518c99e40dca9725889d2bbca24e92ad51f2 +AUX psk.txt 293 SHA256 d34b142b4566712f87382caf0a64bcc070bbde17f16e2ee49d5dde26cb1bbe08 SHA512 ed09588bcbf9b16e4e18315c7b9a7667788b4ab26cd962376430c316cfb0ee5a30ff26910190731b287c1a1b5927951a79f71a096071e73d67dc867a455b14cf WHIRLPOOL fe1aadd94612e742029d6e0be7401f2994c9fed4fec899f3fc09c90cb134aca710c41a083164d6cece46b331652ddb3b76720c60bc40b837243b329db7eb60db +AUX racoon.conf 772 SHA256 e00cea25741fa16aa985d80ce49f2a59af0c98a44707a047193e936644b497a3 SHA512 8876920331b4003fd096f1997e1266a12783120e390cea55ca283a8fd6485552b54e87f60e75f33409a4cdb99171d2358953287edd47ddeac8bda6da0cc8becc WHIRLPOOL 12c55b1f5e67592483c2602040454f7c0e511c4867b0ed1e7acb593d3ffd0b2b2bfe7a5defb900eb8759006b4382d8c3d891ace2472d772e223e68eb99bd72cc +AUX racoon.conf.d-r2 978 SHA256 bce22c09926666d8af73996d16c5fb8d72abc5ab5c782f8cd56df1ee85d3918f SHA512 28c011831276df27384bc97978c6e88c4b88f98bccd7f578c40881b0544488047ad8fcb83f0654e99dbfe38a979606ceef87973d566e9bfded941cbfe882ecd3 WHIRLPOOL 11dac837c5750afd9aa28f2520323d08a47999eaef301f583bba561b2a6cb07930812c877390bf653d11bcbee685f5c1cd73d70d2d80ecc99fa84ea5de0de283 +AUX racoon.init.d-r3 1295 SHA256 5a62b7ce09fd0da852abff295da7a737a1625988ab597a07882982cc0e6cc6e6 SHA512 4e52d86237204134a5cc5726d8639d96723fab58dba6f6ddc1e3c1ed2e1e453c644037f65e118fdd6ca0b25eac4de83e78675dd072e095d9f4ef2dfa4f965475 WHIRLPOOL 7cce1f142faae5814602713d4709d5cab806ae233d5260297788455739835ce73852b48cc1688d5be4adaf65d8c0ef3ee3dac6989b3e1e627138a7d892e1d8b8 +AUX racoon.pam.d 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b +AUX racoon.service 244 SHA256 bdd3337431223f9dba68c602a7cf5478d02f485cf82c9d73a282bc0cbfa08906 SHA512 56d84f36b307e1ea93f3cdc9fbb7b459f4b3b65ea2bb765f61def10d06a3ff09d61b8d53b21796a55022279e791d751f3bc1ccf0d0f85799a743371390930567 WHIRLPOOL d676d757db2b0b0d4713d5abea5aca26f9bf6e7bda35576b4c2249f97a2f4b21fecac3156cda846968fcd8a0310388af5e97587bf30e3e14b8404cb389336430 +DIST ipsec-tools-0.8.2.tar.bz2 866465 SHA256 8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d SHA512 2b7d0efa908d3a699be7ef8b2b126a3809956cb7add50e8efb1cfdfc2d9b70c39ef517379cb9a4fad9e5f0c25937e98535b06c32bd3e729f5129da4ab133e30f WHIRLPOOL 16452a98d6c179913fc7acf8d92f8e9e6f5614c2ac0b798158c218bfb4f6c5228ffea426fe0b26774242b4f29477323de5a4e31a623d94d82b90184a6664c2ce +EBUILD ipsec-tools-0.8.2-r5.ebuild 7851 SHA256 272e921e2692dee8c00037161f7e5b233d3d0182ee2363b340b402d9f5297564 SHA512 0362d6dfe3da7263836369cd8d49e64f3a1e9cfc99d81b8a97b5744d857daff71f28108bad53022893966957ea2026b918592b0af13b41309363411be30d3b4b WHIRLPOOL 0aee04c5b8a06e977e76e26c6368d5a422cd599779e8689229a43826e367676d6e437ec15322db312b0a9cea8d362140b99a3c7e5318c2fb3c75a0458d47ff48 +MISC metadata.xml 632 SHA256 06a24cfd3b397474627bb3aadb67d3e8f575d1f98fff57fa2a667c2a4f77b150 SHA512 7636e9dd2ed9069933b2215829660c3d7c1b43d9c4ad3303cf8889618bd659f68a27994ae520ec7e327060337a196e8b720140e5b32fc6830158be0f0fff1eb8 WHIRLPOOL c80c64cbfe49819b83d35304fbeed2d2efcb7f6ff3dda2319f575dbf45f5a7d0a9ac16e61dc414dda356dca7aab89ee6afa1db66db62a2918d7900b703d6d36d diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch new file mode 100644 index 000000000000..5c69bbb2fa61 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch @@ -0,0 +1,22 @@ +https://bugs.gentoo.org/425770 + +--- a/src/racoon/pfkey.c ++++ b/src/racoon/pfkey.c +@@ -59,7 +59,6 @@ + #include <sys/param.h> + #include <sys/socket.h> + #include <sys/queue.h> +-#include <sys/sysctl.h> + + #include <net/route.h> + #include <net/pfkeyv2.h> +--- a/src/setkey/setkey.c ++++ b/src/setkey/setkey.c +@@ -40,7 +40,6 @@ + #include <sys/socket.h> + #include <sys/time.h> + #include <sys/stat.h> +-#include <sys/sysctl.h> + #include <err.h> + #include <netinet/in.h> + #include <net/pfkeyv2.h> diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch new file mode 100644 index 000000000000..58f72e109c40 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch @@ -0,0 +1,16 @@ +See: https://bugs.gentoo.org/show_bug.cgi?id=550118 + +--- ./src/racoon/gssapi.c 9 Sep 2006 16:22:09 -0000 1.4 ++++ ./src/racoon/gssapi.c 19 May 2015 15:16:00 -0000 1.6 +@@ -192,6 +192,11 @@ + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch new file mode 100644 index 000000000000..f351860a84e9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch @@ -0,0 +1,25 @@ +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200 +@@ -2498,8 +2498,21 @@ + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the pskey for %s.\n", + saddrwop2str(iph1->remote)); ++ } ++ } ++ if (iph1->authstr == NULL) { ++ /* ++ * If we could not locate a psk above try and locate ++ * the default psk, ie, "*". ++ */ ++ iph1->authstr = privsep_getpsk("*", 1); ++ if (iph1->authstr == NULL) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "couldn't find the the default pskey either.\n"); + goto end; + } ++ plog(LLV_NOTIFY, LOCATION, iph1->remote, ++ "Using default PSK.\n"); + } + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); + /* should be secret PSK */ diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch new file mode 100644 index 000000000000..2e22c82db478 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch @@ -0,0 +1,11 @@ +diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c +--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500 ++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500 +@@ -87,6 +87,7 @@ + #ifdef HAVE_GSSAPI + #include <iconv.h> + #include "gssapi.h" ++#include "vendorid.h" + #ifdef HAVE_ICONV_2ND_CONST + #define __iconv_const const + #else diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.conf b/net-vpn/ipsec-tools/files/ipsec-tools.conf new file mode 100644 index 000000000000..bfff04af069a --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools.conf @@ -0,0 +1,26 @@ +#!/usr/sbin/setkey -f +# +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +flush; +spdflush; + +# +# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.service b/net-vpn/ipsec-tools/files/ipsec-tools.service new file mode 100644 index 000000000000..0341aa7e4ed9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools.service @@ -0,0 +1,12 @@ +[Unit] +Description=Load IPSec Security Policy Database +After=syslog.target network.target + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/sbin/setkey -k -f /etc/ipsec-tools.conf +ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/ipsec-tools/files/psk.txt b/net-vpn/ipsec-tools/files/psk.txt new file mode 100644 index 000000000000..97f5180f5ae5 --- /dev/null +++ b/net-vpn/ipsec-tools/files/psk.txt @@ -0,0 +1,10 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +# Peer IP/FQDN Secret +# 192.168.3.25 sample +192.168.3.21 sample diff --git a/net-vpn/ipsec-tools/files/racoon.conf b/net-vpn/ipsec-tools/files/racoon.conf new file mode 100644 index 000000000000..2e9206db9506 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.conf @@ -0,0 +1,33 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +path pre_shared_key "/etc/racoon/psk.txt"; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#remote 192.168.3.25 +remote 192.168.3.21 +{ + exchange_mode main; + proposal { + encryption_algorithm 3des; + hash_algorithm md5; + authentication_method pre_shared_key; + dh_group modp1024; + } +} + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#sainfo address 192.168.3.21 any address 192.168.3.25 any +sainfo address 192.168.3.25 any address 192.168.3.21 any +{ + pfs_group modp768; + encryption_algorithm 3des; + authentication_algorithm hmac_md5; + compression_algorithm deflate; +} diff --git a/net-vpn/ipsec-tools/files/racoon.conf.d-r2 b/net-vpn/ipsec-tools/files/racoon.conf.d-r2 new file mode 100644 index 000000000000..c592d3584967 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.conf.d-r2 @@ -0,0 +1,29 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Config file for /etc/init.d/racoon + +# See the man page or run `racoon --help` for valid command-line options +# RACOON_OPTS="-d" + +RACOON_CONF="/etc/racoon/racoon.conf" +RACOON_PSK_FILE="/etc/racoon/psk.txt" + +# The amount of time in ms for start-stop-daemon to wait before a timeout +# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. + +RACOON_WAIT="1000" + +# The setkey config file. Don't name it ipsec.conf as this clashes +# with strongswan. We'll follow debian's naming. Bug #436144. + +SETKEY_CONF="/etc/ipsec-tools.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES="true" + +# If you need to set custom options to the setkey command when loading rules, use this +# more info in the setkey mangage (example below sets kernel mode instead of RFC mode): +#SETKEY_OPTS="-k" diff --git a/net-vpn/ipsec-tools/files/racoon.init.d-r3 b/net-vpn/ipsec-tools/files/racoon.init.d-r3 new file mode 100644 index 000000000000..66e10bb84d42 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.init.d-r3 @@ -0,0 +1,57 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +command=/usr/sbin/racoon +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" +pidfile=/var/run/racoon.pid +start_stop_daemon_args="--wait ${RACOON_WAIT}" + +start_pre() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey ${SETKEY_OPTS} -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi +} + +stop_post() { + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-vpn/ipsec-tools/files/racoon.pam.d b/net-vpn/ipsec-tools/files/racoon.pam.d new file mode 100644 index 000000000000..b801aaafa0f9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.pam.d @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-vpn/ipsec-tools/files/racoon.service b/net-vpn/ipsec-tools/files/racoon.service new file mode 100644 index 000000000000..df7f1bb8f8c0 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.service @@ -0,0 +1,11 @@ +[Unit] +Description=Racoon IKEv1 key management daemon for IPSEC +After=syslog.target network.target +Requires=ipsec-tools.service + +[Service] +Type=forking +ExecStart=/usr/sbin/racoon -f /etc/racoon/racoon.conf + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild new file mode 100644 index 000000000000..1fd2ccbcc73f --- /dev/null +++ b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild @@ -0,0 +1,282 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic autotools linux-info pam systemd + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~ia64 ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap libressl nat pam rc5 readline selinux stats" + +CDEPEND=" + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline:0= ) + selinux? ( sys-libs/libselinux )" + +DEPEND="${CDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ipsec ) +" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-vpn/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-vpn/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-vpn/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-vpn/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + eapply "${FILESDIR}/${PN}-def-psk.patch" + eapply "${FILESDIR}/${PN}-include-vendoridh.patch" + eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 + eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch + + AT_M4DIR="${S}" eautoreconf + + eapply_user +} + +src_configure() { + #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon + newinitd "${FILESDIR}"/racoon.init.d-r3 racoon + systemd_dounit "${FILESDIR}/ipsec-tools.service" + systemd_dounit "${FILESDIR}/racoon.service" + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-vpn/ipsec-tools/metadata.xml b/net-vpn/ipsec-tools/metadata.xml new file mode 100644 index 000000000000..b9c2c832a41d --- /dev/null +++ b/net-vpn/ipsec-tools/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + </maintainer> + <use> + <flag name="hybrid">Makes available both mode-cfg and xauth support</flag> + <flag name="idea">Enable support for the IDEA algorithm</flag> + <flag name="nat">Enable NAT-Traversal</flag> + <flag name="rc5">Enable support for the patented RC5 algorithm</flag> + <flag name="stats">Enable statistics reporting</flag> + </use> + <upstream> + <remote-id type="sourceforge">ipsec-tools</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/isatapd/Manifest b/net-vpn/isatapd/Manifest new file mode 100644 index 000000000000..136328d81df6 --- /dev/null +++ b/net-vpn/isatapd/Manifest @@ -0,0 +1,5 @@ +AUX isatapd.service-r2 336 SHA256 01159d7abd3a08fd6cfc3dcd0473b197fe18e3e536389ed231a1b61522d527ec SHA512 e7e002163ca6c780ec7f3df5cb60923ecb2631628d9ec65c97a60e0071145ce46c4bbef282ebdb322a82bc81cda15b7e256ae9122993df8b1f625c3fcd26c5f9 WHIRLPOOL b8a1a3f48c02b87c99d38ba60d0108c0a3386ae4e3b8a27122df5090f28426fdee6f5e381c884dd745acc42a80f9483688dcbdac4fced7707b8d5583dd585082 +AUX isatapd.service.conf 1026 SHA256 a3c5999d739c50850ef7ead2e932703556c5db3036f14eafc95fbd2f5087428f SHA512 d87ace4cb331d561e817c9dd7fce1ab4b9df60016bba40bfc53728f6c8ee418b17ae71753f6caa0e1647f569037b59d93a3a9778c4f7dcdf543eee702be95c76 WHIRLPOOL 138b0285746b849c09f0536367496e1d965aa62f2d6e05274aba6f3116ef65907e91f681b5af8f743f446d8be6b1233bd0741ccfc235b63abe6ce08228751089 +DIST isatapd-0.9.7.tar.gz 111524 SHA256 927e1bb5fff4582723c642b41561c5ee6d57b15d05c19ea00c589168898897fa SHA512 3ddfc8385b666ec8c0552c7b46841f2b5e8ebb5d9aa3119a9a6d4cacea728cb81dced802d51b7c98da4bbb839de6fe68ef1bc5f62914b48638b6f168fc06100a WHIRLPOOL 8f5cde92cf61ef2cd1c0027802a18ec0aba8e8c0935be30650c62a22f011e03e255976e4858a7490844ab55afee6e83303f616e95fb72c13c61db8ad8e7895a4 +EBUILD isatapd-0.9.7-r2.ebuild 802 SHA256 f3f05ab4fff855166f3cf80308e6f559529764b5321407beebeabd58e7c891c1 SHA512 5b10c17c03d278d9c4b7eb5b043d8d5e7c8cce84757643be967902766a2f8908ad13c66abd55c944659eeee3358e7ca8c7cf500f86e5320db6d5bd93eb2f8cdc WHIRLPOOL ddfcb309b909d43164a09d5fede7616fc3919ba20e1d3a10bbba885cd487a13bf6f601dfc9941cd145af7a60573a8a7423d0f90d4ddefb9e2fba7e5e04f01d33 +MISC metadata.xml 237 SHA256 ffb571839c57797d282263369646d2bba2662601a45f7bb3251bb97f716554a6 SHA512 ae2360aa6b1b00c67e0acea4935c02b64585b9a15e126fec9d5d99637021c542c0a495e5116205f3da287def46fa5b19cb1a7f3042c12c5f7a78d66d92fcb03f WHIRLPOOL 60d6da846c983457e038ea5ba3c0bf48f939c9586610985a14cac9772fd1d45d781a643abc16482f232f3028e44fe99fe1a382deaebf6589602fc244a4460e3f diff --git a/net-vpn/isatapd/files/isatapd.service-r2 b/net-vpn/isatapd/files/isatapd.service-r2 new file mode 100644 index 000000000000..8d695eda35ca --- /dev/null +++ b/net-vpn/isatapd/files/isatapd.service-r2 @@ -0,0 +1,15 @@ +[Unit] +Description=ISATAP Client for Linux +After=network.target nss-lookup.target + +[Service] +ExecStart=/usr/sbin/isatapd ${DAEMON_OPTS} \ + --interval ${ISATAP_INTERVAL} \ + --name ${ISATAP_NAME} \ + --link ${ISATAP_LINK} \ + --mtu ${ISATAP_MTU} \ + --check-dns ${ISATAP_CHECK_DNS} \ + ${ISATAP_ROUTERS} + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/isatapd/files/isatapd.service.conf b/net-vpn/isatapd/files/isatapd.service.conf new file mode 100644 index 000000000000..87fe0be4a23d --- /dev/null +++ b/net-vpn/isatapd/files/isatapd.service.conf @@ -0,0 +1,30 @@ +[Service] +# A space separated list of one or more hostnames/IPv4 addresses to use as +# potential routers. +# The default is the unqualified hostname 'isatap' +Environment="ISATAP_ROUTERS=isatap" + +# Interval in seconds to send router solicitations. +# Default (unset): 'auto' +Environment="ISATAP_INTERVAL=auto" + +# Interval in seconds to check for DNS changes. Set to 0 to disable. +# Default: 3600 +Environment="ISATAP_CHECK_DNS=3600" + +# Link tunnel to device +# Default (unset): automatically find outgoing device +Environment="ISATAP_LINK=auto" + +# The name of the ISATAP tunnel device +# Default is 'is0' if ISATAP_LINK is unset and 'is_${ISATAP_LINK}' otherwise. +Environment="ISATAP_NAME=auto" + +# IPv6 MTU of the created ISATAP tunnel interface. The IPv4 path to +# the ISATAP router and all other ISATAP clients should be able to +# handle at least MTU+20 bytes. +# The minimum IPv6 MTU (1280 Bytes) is the safest choice here +Environment="ISATAP_MTU=1280" + +# Additional options, see isatapd(8) for details +Environment="DAEMON_OPTS=" diff --git a/net-vpn/isatapd/isatapd-0.9.7-r2.ebuild b/net-vpn/isatapd/isatapd-0.9.7-r2.ebuild new file mode 100644 index 000000000000..9474bf9461e8 --- /dev/null +++ b/net-vpn/isatapd/isatapd-0.9.7-r2.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit linux-info systemd + +DESCRIPTION="creates and maintains an ISATAP tunnel (rfc5214)" +HOMEPAGE="http://www.saschahlusiak.de/linux/isatap.htm" +SRC_URI="http://www.saschahlusiak.de/linux/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" + +DEPEND="" +RDEPEND="" + +CONFIG_CHECK="~TUN" +ERROR_TUN="CONFIG_TUN is needed for isatapd to work" + +src_prepare() { + sed -e '/^opts/s:opts:extra_started_commands:' \ + -i openrc/isatapd.init.d || die +} + +src_install() { + default + + newinitd openrc/isatapd.init.d isatapd + newconfd openrc/isatapd.conf.d isatapd + systemd_newunit "${FILESDIR}"/${PN}.service-r2 ${PN}.service + systemd_install_serviced "${FILESDIR}"/${PN}.service.conf +} diff --git a/net-vpn/isatapd/metadata.xml b/net-vpn/isatapd/metadata.xml new file mode 100644 index 000000000000..a535b8852829 --- /dev/null +++ b/net-vpn/isatapd/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> +<email>xmw@gentoo.org</email> +<name>Michael Weber</name> +</maintainer> +</pkgmetadata> diff --git a/net-vpn/kvpnc/Manifest b/net-vpn/kvpnc/Manifest new file mode 100644 index 000000000000..d74351556f47 --- /dev/null +++ b/net-vpn/kvpnc/Manifest @@ -0,0 +1,10 @@ +AUX kvpnc-0.9.6a-gcc47.patch 399 SHA256 d40fd7dd4f1970d780fdd27459cb3bfe86702f499995ec716516630e54ef8f8b SHA512 0c3850b0dcccaf57d39110a91c22e9f21931153b4978608f02f0cbda98533bdba56cdc2f7a0fc6554d15a042e9362f54d5cb4dfca9ab719df51a476aef22d1ce WHIRLPOOL dc3680b4230f459e5b46f6de1a564129d67500b2b2fba22e341258c86e25de50473374693e343c656481357eeafa292c3991b0e4de41bda4a2e1f7b69a963619 +AUX kvpnc-0.9.6a-gcc6.patch 1870 SHA256 990fff27c4bedaf3c04c89439f71ea560bdfe8e13a959b1e3a29f0afe91b9291 SHA512 759de3b77c46106473830907bdd346b455110b3fe6fb5a6b0abf4279b9674a82007b968083347e2de56ed9fc4643710f2846f8d6652e6febcc0680be9d0db493 WHIRLPOOL 52883b210019ff02209271ba8440a23fd67c675f29e9262c103e2262c7e429270ccaa5d8feaf1efc2d0675b210012a5240699c81b3ac607bf9f3633f2a34609f +AUX kvpnc-0.9.6a-ifconfig.patch 1800 SHA256 551feb4d3728b37ca98b55c53de54883bbcee6b3edeb17a59c77dd312bc06b4e SHA512 9bb42e100e79f29d1f070f744c1b522d3ea367e810da1c1fece092ca2e740a9fd6d8d975291884dea0b168de3e82e399e1daff979ad89069dc00ab703c03818f WHIRLPOOL fc93ffe698e220691dcffa616bcdf58c2e783dfb6b4be856bfaecdbf3152b43d9936f5a08596856dfbfb0bedbebf5ab89c65497e6b4822d61f6a8df8c788b717 +AUX kvpnc-0.9.6a-kicon.patch 2273 SHA256 aa61c6ed39662c5257c2af875bdab8180cd4e217295fc09640a8099725b54cad SHA512 37b5cf6699ef29f016913e2cb41eb974a527e1386df6b7077412abbcbfa78c37a4bafe83766fa722b5b7ecefc6b58afdb25bd619044f7c0d49fa6f23181c5694 WHIRLPOOL 12ad2d65fa77940565bae25feb815dddf824f67833a7d02de905ef87667fd312548423c4a87e533da2bd07d6fd6d54f1bb424f49851204638e87532cc250f66f +AUX kvpnc-0.9.6a-scriptsec.patch 1017 SHA256 4219c7bbc86e2e7546e1b5c79b173d54fb562d5e532f7a6a08ae1e3a77dd8f5f SHA512 517d69e5f4b2911f3ef3fc165eb242b11075b46ef7e25d7f0b311da20bfdb14ebb56d91fa2a052330ee928a04e2299a4a01020a5eac270f31d020f2ca0672595 WHIRLPOOL 448908a67ffa2cacc081906e8f6c9d2256dd389983182867e438072a62e88c5c6af9e563546ac705e88187160cd39162e4aa8515abfa0e8cb4df5b6b9731746e +DIST kvpnc-0.9.6-kde4-locale.tar.bz2 2020192 SHA256 a675f9ed3d66e7fa94a0fd530fa60521d0ef739043bcfe2702be77b0299a47c7 SHA512 a2e5c7f465ec77e61f882cb2a45da7da3c868de164e8cdefe2a987d9040e1762ebd6f3e089f008dfcc7f7fad47b9847c059d615c94a995805af0ca3f1fd4d209 WHIRLPOOL 03b5a49027d024cb2645ea481735223f1551d65fed027690619f75ed38c05ecdc3b31b73e4e1d4309450088b709e35535081c614e4a9136d2da8fc954d739a15 +DIST kvpnc-0.9.6a-kde4.tar.bz2 579425 SHA256 6bf8c1f13f8d54f73f7ebb4102f912a5ebc01697ea36975977de8e57c97771f3 SHA512 e30e3fcb9729a378c84d636c7efe0e45ce7d15bcfab2f5f6cd4e37951de1db10c343e5e14dc13aafc4d540058ebc2ca0c2ad30c555fd78f0de552107d13d2467 WHIRLPOOL 8dadbf4fa0ba3790d8545a05cf9db5e462ba1d5a72c898faeee556d7e071c71e2cfaf81a07b5ff17a790399f044b87d1dc56f43799c7f58df049cf43829896cf +EBUILD kvpnc-0.9.6a-r2.ebuild 1189 SHA256 b8001af073b906f2ffab74b52fb414af6ce5b71c2faf684211be0bf26123257f SHA512 4bd09a81923bfd53ca4b4b120f3bc823258556f11407c23537ade2a31dd6fdd806ed175f286bdcd639282e002ac89e3c5af31bd354611c781cdb4a97926e187e WHIRLPOOL ee197670f6d6960e4c0da9c3c4cf3e41eb6f68fb04771b4b8c8f16e7fb6aeca1578f46e79b64ff7cade811445d6da7f934ae6b1dc457f6d4ee9aad37e22818e9 +EBUILD kvpnc-0.9.6a-r3.ebuild 1299 SHA256 0730c578af10cce46e024abd4176bb9f295af0cf4784a33d3d470fb09e7b5ed6 SHA512 8f937093bb1b52431851411ce45d962dce070b3973f7a9e045408548ae79a4df04fb704e980db1ba82ed10b4b897eebe5883f7c0b630405017bfa12a7f92ebd9 WHIRLPOOL 3ce07bca888869dd6545c18cc6cf41629837fadca285c912c0289c8dd9c57ec8b7a355b4c15c809a6c2977348551d5e66988817480edfe417affed437d00d40e +MISC metadata.xml 255 SHA256 129c40b6bbc7ae3de67b33141bfb7bd3d0145918b6f3a6b3eea31e85d094e0b1 SHA512 8b2fdb47579200da9614f4dd4397bfbbf59c42fb6fc0509a1875f32458a67650d7a54e5bc621acc0accf7c17c1973941719284dff783208448abd61527d644c1 WHIRLPOOL 5f6cba6fd18443ff4df7c4a036d335adae5980b208a4259a360565bed527673781e92a2e4a0153f9838998c3777b86b807581f6fa828777acd43e59629a7b10b diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch new file mode 100644 index 000000000000..db59b5baaf86 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch @@ -0,0 +1,11 @@ +diff -ruN kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp kvpnc-0.9.6a-kde4/src/kvpnc.cpp +--- kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp 2012-06-25 22:16:25.395420711 +0200 ++++ kvpnc-0.9.6a-kde4/src/kvpnc.cpp 2012-06-25 22:17:41.598424971 +0200 +@@ -75,6 +75,7 @@ + #include <cstdlib> + #include <ctime> + #include <iomanip> ++#include <unistd.h> + + #include "ui_mainviewbase4.h" + #include "ciscocertificateenrollment.h" diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc6.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc6.patch new file mode 100644 index 000000000000..ba086a6337cc --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc6.patch @@ -0,0 +1,53 @@ +Author: Pino Toscano <pino@kde.org> +Description: remove extra bool parameter for KConfigGroup::deleteEntry() + unneeded, and it does not match any of the actual signatures of the + function +Bug-Debian: https://bugs.debian.org/811679 +Applied-Upstream: commit:1452683 + +--- a/src/kvpncconfig.cpp ++++ b/src/kvpncconfig.cpp +@@ -4305,7 +4305,7 @@ + appPointer->processEvents(); + + if (useKwallet && KWallet::Wallet::isEnabled()) +- configgroup.deleteEntry("First use of Kwallet", false); ++ configgroup.deleteEntry("First use of Kwallet"); + + + /* = user data = */ +Author: Pino Toscano <pino@kde.org> +Description: do not return bool for QString + GCC 6 cannot convert them +Bug-Debian: https://bugs.debian.org/811679 +Applied-Upstream: commit:1452682 + +--- a/src/utils.cpp ++++ b/src/utils.cpp +@@ -914,7 +914,7 @@ + NameAndPidOfProgramListenProcess->start(proc, args); + if (!NameAndPidOfProgramListenProcess->waitForStarted()) { + kError() << "netstat fails!" << endl; +- return false; ++ return ""; + } else { + NameAndPidOfProgramListenProcess->waitForFinished(); + +@@ -946,7 +946,7 @@ + GetEmailAddressOfCertProcess->start(proc, args); + if (!GetEmailAddressOfCertProcess->waitForStarted()) { + kError() << "GetEmailAddressOfCertProcess" << endl; +- return false; ++ return ""; + } else { + GetEmailAddressOfCertProcess->waitForFinished(); + disconnect(GetEmailAddressOfCertProcess, SIGNAL(readyReadStandardOutput()), this, SLOT(readOutGetEmailAddressOfCert())); +@@ -1159,7 +1159,7 @@ + GetHostnameProcess->start(proc, args); + if (!GetHostnameProcess->waitForStarted()) { + kError() << "Unable to start getHostname process!" << endl; +- return false; ++ return ""; + } else { + GetHostnameProcess->waitForFinished(); + return Hostname; diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch new file mode 100644 index 000000000000..1413bccc97e1 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch @@ -0,0 +1,38 @@ +diff -ruN kvpnc-0.9.6a-kde4/src/kvpncconfig.cpp kvpnc-0.9.6a-kde4-patched/src/kvpncconfig.cpp +--- kvpnc-0.9.6a-kde4/src/kvpncconfig.cpp 2010-03-08 05:26:33.000000000 -0500 ++++ kvpnc-0.9.6a-kde4-patched/src/kvpncconfig.cpp 2013-05-23 10:36:35.536865224 -0400 +@@ -58,8 +58,8 @@ + pathToPing = ""; + pathToOpenvpn = "/usr/sbin/openvpn"; + pathToIp = "/sbin/ip"; +- pathToIfconfig = "/sbin/ifconfig"; +- pathToRoute = "/sbin/route"; ++ pathToIfconfig = "/bin/ifconfig"; ++ pathToRoute = "/bin/route"; + pathToNetstat = "/bin/netstat"; + pathToL2tpd = "/usr/sbin/l2tpd"; + pathToPkcs11Tool = "/usr/bin/pkcs11-tool"; +@@ -874,8 +874,8 @@ + pathToOpenssl = configgroup.readEntry("Path to openssl", "/usr/bin/openssl"); + pathToIpsec = configgroup.readEntry("Path to freeswan", "/usr/sbin/ipsec"); + pathToIp = configgroup.readEntry("Path to iputility", "/sbin/ip"); +- pathToIfconfig = configgroup.readEntry("Path to ifconfig", "/sbin/ifconfig"); +- pathToRoute = configgroup.readEntry("Path to route", "/sbin/route"); ++ pathToIfconfig = configgroup.readEntry("Path to ifconfig", "/bin/ifconfig"); ++ pathToRoute = configgroup.readEntry("Path to route", "/bin/route"); + pathToNetstat = configgroup.readEntry("Path to netstat", "/bin/netstat"); + pathToPppd = configgroup.readEntry("Path to pppd", "/usr/sbin/pppd"); + pathToPptp = configgroup.readEntry("Path to pptp", "/usr/sbin/pptp"); +@@ -1516,10 +1516,10 @@ + pathToIp = "/sbin/ip"; + + if (pathToIfconfig.isEmpty()) +- pathToIfconfig = "/sbin/ifconfig"; ++ pathToIfconfig = "/bin/ifconfig"; + + if (pathToRoute.isEmpty()) +- pathToRoute = "/sbin/route"; ++ pathToRoute = "/bin/route"; + + if (pathToNetstat.isEmpty()) + pathToNetstat = "/bin/netstat"; diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-kicon.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-kicon.patch new file mode 100644 index 000000000000..d898dafbaba2 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-kicon.patch @@ -0,0 +1,59 @@ +Author: Christoph Feck <cfeck@kde.org> +Description: Use KIcon to set window icons +Bug: https://bugs.kde.org/show_bug.cgi?id=246016 +Bug-Debian: https://bugs.debian.org/599094 +Applied-Upstream: commit:1180094 + +--- a/src/kvpnc.cpp ++++ b/src/kvpnc.cpp +@@ -320,10 +320,7 @@ KVpnc::~KVpnc() + + void KVpnc::initAction() + { +- disconnectedIcon = KIconLoader::global()->loadIcon("disconnected", KIconLoader::NoGroup); +- connectedIcon = KIconLoader::global()->loadIcon("connected", KIconLoader::NoGroup); +- connectingIcon = KIconLoader::global()->loadIcon("connecting" , KIconLoader::NoGroup); +- setWindowIcon(disconnectedIcon); ++ setWindowIcon(KIcon("disconnected")); + + (void*) KStandardAction::quit(this, SLOT(quitCalled()), actionCollection()); + +@@ -17449,7 +17446,7 @@ void KVpnc::setGuiStatus(int status) + QString ConnectionStatus = i18n("unknown"); + QString Username = ""; + if (status == KVpncEnum::connected) { +- setWindowIcon(connectedIcon); ++ setWindowIcon(KIcon("connected")); + + durationString = (i18n("%1:%2:%3" , QString().sprintf("%02u", hour) , QString().sprintf("%02u", min) , QString().sprintf("%02u", sec))); + QString ConnectMsg = ""; +@@ -17502,7 +17499,7 @@ void KVpnc::setGuiStatus(int status) + + } + else if (status == KVpncEnum::connecting) { +- setWindowIcon(connectingIcon); ++ setWindowIcon(KIcon("connecting")); + mw->buttonConnect->setEnabled(false); + mw->buttonDisconnect->setEnabled(true); + mw->SessionCombo->setEnabled(false); +@@ -17531,7 +17528,7 @@ void KVpnc::setGuiStatus(int status) + connectClicked(); + + } else if (status == KVpncEnum::disconnected) { +- setWindowIcon(disconnectedIcon); ++ setWindowIcon(KIcon("disconnected")); + mw->buttonConnect->setEnabled(true); + mw->buttonDisconnect->setEnabled(false); + DisconnectAction->setEnabled(false); +--- a/src/kvpnc.h ++++ b/src/kvpnc.h +@@ -286,9 +286,6 @@ private: + + int TimeOutProcess; //< for timeout + int ConnectingProcess; //< for killing process +- QPixmap connectedIcon; +- QPixmap disconnectedIcon; +- QPixmap connectingIcon; + QPixmap connectingStatusPixmap; + QPixmap disconnectedStatusPixmap; + QPixmap connectedStatusPixmap; diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch new file mode 100644 index 000000000000..4e8b4d6d92b7 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch @@ -0,0 +1,15 @@ +diff -ruN kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp kvpnc-0.9.6a-kde4/src/kvpnc.cpp +--- kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp 2010-03-08 11:26:33.000000000 +0100 ++++ kvpnc-0.9.6a-kde4/src/kvpnc.cpp 2012-06-25 22:12:51.454408816 +0200 +@@ -6030,7 +6030,10 @@ + } + + +- if (GlobalConfig->OpenvpnNeedSecurityParameter || (OpenvpnMajor == 2 && OpenvpnMinor == 1 && OpenvpnExtraVer > 8 && OpenvpnExtra == "rc")|| ( OpenvpnMajor == 2 && OpenvpnMinor == 1 ) || (OpenvpnMajor > 2 && OpenvpnMinor >= 2)) { ++ if (GlobalConfig->OpenvpnNeedSecurityParameter || ++ (OpenvpnMajor == 2 && OpenvpnMinor == 1 && OpenvpnExtraVer > 8 && OpenvpnExtra == "rc")|| ++ (OpenvpnMajor == 2 && OpenvpnMinor >= 1 ) || ++ (OpenvpnMajor > 2)) { + if (GlobalConfig->KvpncDebugLevel > 3) + GlobalConfig->appendLogEntry(i18n("OpenVPN >= 2.1-rc9 detected, adding script security parameter to config."), KVpncEnum::info); + diff --git a/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild b/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild new file mode 100644 index 000000000000..4b9e050da5a2 --- /dev/null +++ b/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +KDE_LINGUAS="ar br cs da de el en_GB eo es et eu fr ga gl hi hne it ja ka lt +ms nb nds nl nn pa pl pt pt_BR ro ru sv tr uk zh_CN zh_TW" +inherit kde4-base + +DESCRIPTION="KDE frontend for various VPN clients" +HOMEPAGE="https://userbase.kde.org/KVpnc" +SRC_URI="http://download.gna.org/kvpnc/${P}-kde4.tar.bz2 + http://download.gna.org/kvpnc/${P/a}-kde4-locale.tar.bz2" + +LICENSE="GPL-2" +SLOT="4" +KEYWORDS="amd64 x86" +IUSE="debug" + +RDEPEND=" + dev-libs/libgcrypt:0 +" +DEPEND="${RDEPEND} + sys-devel/gettext +" + +S=${WORKDIR}/${P}-kde4 + +PATCHES=( + "${FILESDIR}/${P}-scriptsec.patch" + "${FILESDIR}/${P}-gcc47.patch" + "${FILESDIR}/${P}-ifconfig.patch" +) + +src_prepare() { + mv -vf "${WORKDIR}"/${P/a}-kde4-locale/po . || die + + echo "find_package ( Msgfmt REQUIRED )" >> CMakeLists.txt || die + echo "find_package ( Gettext REQUIRED )" >> CMakeLists.txt || die + echo "add_subdirectory ( po )" >> CMakeLists.txt || die + + sed -i \ + -e "s:0.9.2-svn:${PV}:" \ + CMakeLists.txt || die + + kde4-base_src_prepare +} + +src_configure() { + mycmakeargs=( "-DWITH_libgcrypt=ON" ) + kde4-base_src_configure +} diff --git a/net-vpn/kvpnc/kvpnc-0.9.6a-r3.ebuild b/net-vpn/kvpnc/kvpnc-0.9.6a-r3.ebuild new file mode 100644 index 000000000000..05326c98d5be --- /dev/null +++ b/net-vpn/kvpnc/kvpnc-0.9.6a-r3.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +QT3SUPPORT_REQUIRED="true" +KDE_LINGUAS="ar br cs da de el en_GB eo es et eu fr ga gl hi hne it ja ka lt +ms nb nds nl nn pa pl pt pt_BR ro ru sv tr uk zh_CN zh_TW" +inherit kde4-base + +DESCRIPTION="KDELibs4-based frontend for various VPN clients" +HOMEPAGE="https://userbase.kde.org/KVpnc" +SRC_URI="http://download.gna.org/kvpnc/${P}-kde4.tar.bz2 + http://download.gna.org/kvpnc/${P/a}-kde4-locale.tar.bz2" + +LICENSE="GPL-2" +SLOT="4" +KEYWORDS="~amd64 ~x86" +IUSE="debug" + +RDEPEND=" + dev-libs/libgcrypt:0 +" +DEPEND="${RDEPEND} + sys-devel/gettext +" + +S=${WORKDIR}/${P}-kde4 + +PATCHES=( + "${FILESDIR}/${P}-scriptsec.patch" + "${FILESDIR}/${P}-gcc47.patch" + "${FILESDIR}/${P}-ifconfig.patch" + "${FILESDIR}/${P}-gcc6.patch" + "${FILESDIR}/${P}-kicon.patch" +) + +src_prepare() { + mv -vf "${WORKDIR}"/${P/a}-kde4-locale/po . || die + + echo "find_package ( Msgfmt REQUIRED )" >> CMakeLists.txt || die + echo "find_package ( Gettext REQUIRED )" >> CMakeLists.txt || die + echo "add_subdirectory ( po )" >> CMakeLists.txt || die + + sed -i \ + -e "s:0.9.2-svn:${PV}:" \ + CMakeLists.txt || die + + kde4-base_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DWITH_libgcrypt=ON + ) + kde4-base_src_configure +} diff --git a/net-vpn/kvpnc/metadata.xml b/net-vpn/kvpnc/metadata.xml new file mode 100644 index 000000000000..bddd8b4a2053 --- /dev/null +++ b/net-vpn/kvpnc/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>kde@gentoo.org</email> + <name>Gentoo KDE Project</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest new file mode 100644 index 000000000000..c467920a9012 --- /dev/null +++ b/net-vpn/libreswan/Manifest @@ -0,0 +1,7 @@ +DIST libreswan-3.18.tar.gz 8766228 SHA256 2ff61178913287567ed2736287df47e7f9a822ddcded967f3af5f03e95b5f17d SHA512 dfc831ae82814a26cac2eb7c8bef4385d8aebb1e62c63f31e0997d49fc6bbcc6e4e2bcd0e07d5c0c1347e5eaca5f6eb1fba98395bc882ab0fddb804a524b57f8 WHIRLPOOL 73ce41988d62d6702837d9ba6c2e123aad678b6d983711e6e5d3a60046bdbf2a37d8f650a8e4ffff24c551a27d50ecbef322bc40a083b852a142b2a5bcda2726 +DIST libreswan-3.20.tar.gz 8898915 SHA256 2f0931c11ea0b9303ce1e4ee76ffe9db6f3bd70ceead51fe4ec11e2f40a9ae2e SHA512 89f562412d03e0e9af1bceeda18ab73a749046c37e05dab719468cb537e16803a3b270781de9de88416b2d63b7b0fd85df0c593ca59c30ba3d681526f272fc93 WHIRLPOOL d5ad79f73cbeab90c1ef68a20e1f5205ecc94b37c64e681856fcec4b67aecf6b95733410c2f859410c876c162280f6ea5cb1b264d484861655a38dce51323c18 +DIST libreswan-3.21.tar.gz 8945666 SHA256 80d09792d27951fb8ba04e41542d4bc3b31d7a15c2b185f2c48f79a454b30d7c SHA512 f1ef002b3e0869920edfebfc8efd73d9a9f84f64a77ad4832f46b12dfdd3c31cdf48c1473522b63f155058592c46af05995756af5440ca3e9c0fa5207436e0fc WHIRLPOOL b5b081121b296ab7381670491d9a35ca5ef1ba456e830b3207f717a86e2ea89ff1c8ee32dfec7618efbb8b19dbd9059309fcec3a9d59c9080086ec826c420b44 +EBUILD libreswan-3.18.ebuild 2451 SHA256 0a53e2d6f4ba6acbff55075f71a8bd6d83ca50e4a1091fcfb40879fbea743bc0 SHA512 775adf6b6c2ade388cdb2882ca6069448ee57888992c3234b1f4be9c3b8b5e653f77fdc38a1b63f2066ce386b5a762464fbff1ff1d06a70ec42abfaf840bac1d WHIRLPOOL 457929ff0424c02be83e11fa4c5864db70c65caa4aaed4656b8b9030b34474563cb95bd44b05cc098ad1c90b07b4a745f9e39471e5012fa6b51535e052ec8a60 +EBUILD libreswan-3.20.ebuild 2336 SHA256 f589c8cfd86154d958a9c748296d786c57e64312431b0526bd6292b2dd8beceb SHA512 4c6ecfb7ebcf4d7e27edab37079a84ae0a39b0bf5a6f0b44b194e960c98caccc52d54f51e1a36a39899ea1ce5295561d1f6aa4a66c416c220d1c4e9d083e740d WHIRLPOOL eee80a13cc61f13f7764ec7045ef9d37dda12f0e70139c9d72a3c28cbcbe863a5de594c73af1a918052e54e71f182905054d9adfec84390525b6c47d73551e0b +EBUILD libreswan-3.21.ebuild 2570 SHA256 45b159f5391ae053f19ec3436a3c534d371781047e670295c900eaac7e3de102 SHA512 0b646ff5e9658ff114ced0eb168eaf30039ece88e2570e82de4943ccf6414f84170617bfe7127e5187e557139167088cb7d7c8d825349a839092eac6d7eade44 WHIRLPOOL 1db495528fb63d602da63be45856dc0268bef792810d64e3a7d8ba238a17652fd60dad0777ea5da726b308cf6b0dddec661bb9980173b70fae41b680bcb00884 +MISC metadata.xml 319 SHA256 f9f78f03580a597eedf2de4f220ee6b1e052a536359463b6dbd75836f82ba926 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865 WHIRLPOOL d67152030c351a145afe67484854ced512c7c2aba2a6474a88b0aa67ab0fe6c0c316c29544f295c8b22ef001acc2c61a3fa9fb57e08b06cfb144afcff04f75a0 diff --git a/net-vpn/libreswan/libreswan-3.18.ebuild b/net-vpn/libreswan/libreswan-3.18.ebuild new file mode 100644 index 000000000000..c7115661250f --- /dev/null +++ b/net-vpn/libreswan/libreswan-3.18.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://download.libreswan.org/${P}.tar.gz" + KEYWORDS="amd64 ~ppc x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/libreswan/libreswan.git" +fi + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam systemd" + +COMMON_DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( net-dns/unbound net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" +RDEPEND="${COMMON_DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-misc/openswan + !net-vpn/strongswan +" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LDAP=$(usetf ldap) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" + certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + eend $? + fi +} diff --git a/net-vpn/libreswan/libreswan-3.20.ebuild b/net-vpn/libreswan/libreswan-3.20.ebuild new file mode 100644 index 000000000000..11837d0212da --- /dev/null +++ b/net-vpn/libreswan/libreswan-3.20.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="amd64 ~ppc x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam systemd" + +COMMON_DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( net-dns/unbound net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" +RDEPEND="${COMMON_DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-misc/openswan + !net-vpn/strongswan +" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LDAP=$(usetf ldap) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" + certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + eend $? + fi +} diff --git a/net-vpn/libreswan/libreswan-3.21.ebuild b/net-vpn/libreswan/libreswan-3.21.ebuild new file mode 100644 index 000000000000..66417665826a --- /dev/null +++ b/net-vpn/libreswan/libreswan-3.21.ebuild @@ -0,0 +1,106 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs + +SRC_URI="https://download.libreswan.org/${P}.tar.gz" +KEYWORDS="~amd64 ~ppc ~x86" + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam systemd test" + +COMMON_DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( net-dns/unbound net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${COMMON_DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-misc/openswan + !net-vpn/strongswan +" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LDAP=$(usetf ldap) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" + certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + eend $? + fi +} diff --git a/net-vpn/libreswan/metadata.xml b/net-vpn/libreswan/metadata.xml new file mode 100644 index 000000000000..f1ed6626800e --- /dev/null +++ b/net-vpn/libreswan/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>graaff@gentoo.org</email> + </maintainer> + <use> + <flag name="dnssec">Use DNSSEC resolver (requires <pkg>net-dns/unbound</pkg>)</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/logmein-hamachi/Manifest b/net-vpn/logmein-hamachi/Manifest new file mode 100644 index 000000000000..f68ea3df096b --- /dev/null +++ b/net-vpn/logmein-hamachi/Manifest @@ -0,0 +1,10 @@ +AUX logmein-hamachi.confd 412 SHA256 2e1183bdc402aa7d46d4574737824f94e9b50b510bba1c449090359932e8b036 SHA512 b1f654eee311edc9436d80f1b2edef0ce6ff4f7258cdf84cf7abbb211ddd9cc177f974d60a80592ecfb284ecd7ffd6ff32e5e976b07655beaee530b7605c140e WHIRLPOOL 1542813a5b59f305c33b4016b9d0a775d3443fe9172b2392d10dcb8c3b3c2cd029dd119dd71c6145a080631fe2c0b3a433689aeb8932f14dbf734bbdd8ad8e6c +AUX logmein-hamachi.initd 1583 SHA256 79c8b4f9b09330487e6f9534e544e11019b9bfddf390007e6bc2b0192556e4f9 SHA512 9c366c76c5cce88127cb7c2ef2128b34c84b77f15e840163a7c5452787ea02e41c297ee79a7f8db3fe9ac1efd9673fa7cb8f0a2493b3b1c359a99806976c8496 WHIRLPOOL 26a03536319700392fbfbcc7f28559203b8b4484caf8b431ab867bc5d042c279db98c019cda31c1633f2c7353e67f21a05033ae893e0b720ebd5ca8dfd147da5 +AUX logmein-hamachi.service 185 SHA256 b32e32f2c98519b469a660f7459eeb12f454767bcec0f5edf8ae6bd89eef3dba SHA512 cdd5b2f2f2c7df88322c22eec7c050eb5fb2495b57a47526063f0f529d9cc51fffac7ecd19fa9c20ff3da95741008f4ea583d87b45f4267bb204b0342e8eee90 WHIRLPOOL 108b6737580a2c92916abd67b0efd34786685264c466d565217c09d02a649e18431a86415e341de4929eb42f69eeed85cb025c796b4ef563d1ca207f6d4ebbc3 +DIST logmein-hamachi-2.1.0.139-x64.tgz 1329615 SHA256 2eda310852e09f34439e8afeeba1614e62a1e91e5aa3947ba530de7c8b5a3ac9 SHA512 e4c0a3de2361f707dfbe168bfa90543f139082624c04b121f3186ecb10aa56a9e9e942989cd1148d6a4fcabedba172bb1196206c14a1124b32d20154ee4be177 WHIRLPOOL f2e890945ccdf48ef409a145037de8a08e310928183c6cf7a2fb1c0f80f6143c4d4e98f88cdf54e754bea27dd1f1fd1fda844a33e702cf4171a2eacaeef08dbc +DIST logmein-hamachi-2.1.0.139-x86.tgz 1254911 SHA256 103de9c76aceff78ce039dd48e7a71f43a627d833e58b63317e75ab1e2331d80 SHA512 49e5b57563e1599a71bc543c81bb1355b210d432a1daaf3975a1625aafd1cd46233fe8a1914d9309d8116d597abc42cd8cfd75e0729eed4bc379eaab30c808e4 WHIRLPOOL bb014a77f272589a93caadbf162696326849fa8b2398a4a768ab0adf685678debffada0db5a5dbd037afc0141cf771eff15ef13c7c4e91616c1c64df8b5306d5 +DIST logmein-hamachi-2.1.0.174-x64.tgz 1367599 SHA256 43922be24a3eeb311d7ac277d355d886e6033d506df820bfd95b49985d783d04 SHA512 d1d81a15f209361f66636035f7fd8a010657dbc0712a56ae240e102f083e9b04629c852cbd4259229166c297a1cd116da07e5bdeac63795cacba8fd7e3021050 WHIRLPOOL da490120e478e1a0977d46d183b810ba4cf26543029d0ff9c9fb6e3fb560cf75c1d5c8ccf07af8c8361c9495bcea388d9c6ea76838dd72d7e7d5801ac82619de +DIST logmein-hamachi-2.1.0.174-x86.tgz 1290587 SHA256 c230cb43d1ed8a75396a5fce34f0e1bbcf1f5610f9baf3814ba9ce14764fb40e SHA512 0f8da40d6508dab71680a74065649d51288c345849f74c7e2682040b720536f5324d142690aa879f9c5e8f1717654ab93357f4b960a567f5b584609bd814e82f WHIRLPOOL 54fad0e09ba06e28fd487eb99de8364ef7432140f5c217384b85c44d72a332f7431148c0fc7a10700093e4964cc46c156223c9e972fea8fe04c6dbd2c59f3857 +EBUILD logmein-hamachi-2.1.0.139.ebuild 1704 SHA256 36f12a5783d64e6715461b54af4e048b232ec58b153fba13c2a68f7cbaa017d6 SHA512 123a0f120c6ad3a5f94acd262df6b208f4c3688123178225e1ee2f274a3e495a71f5cc1ac05f7fc4376ba9773899830cdcf43f24d959f6af73aa2f2082eaa7c0 WHIRLPOOL 7502050423ea80492b7b42b96eaa00d2298071b02913e029f5df936802d59ecea9d00b60eb53cab22efcf57a02b3f81fc5ea72820f8a470353a1a8fc58d35021 +EBUILD logmein-hamachi-2.1.0.174.ebuild 1672 SHA256 2febf3358a31938def96ead10c4d690240785c0d0c39afd3a1982589b835ef47 SHA512 1055dd53f94b07df445e8c728abea0c26ea242c49104b9706e7b7896cbabe4037d54312cfe932ae5142380cf4accbe438fe85d22512dfef234a60bc4d554fec2 WHIRLPOOL e0927e4f8eff25a93c9c4b74ff1079bfc8a7c22563c8cd9ecd6a678803f59db031dada281eef8e6b8d4c975970c4fe8a995ba2f14cc5236a20b1fda9ee63ad70 +MISC metadata.xml 369 SHA256 c9e828246054c2e247670c17e150f734c5e259d9b322b3026891c3699ee37254 SHA512 4fb68bdec268ebddb8fe16a71631f9e42c1ff45ee77e658840e5a336284f72b8dc4c0cc9ea3fc7157dcf9f78a5d5ddc885caaf5f549a699629aef42796a529f3 WHIRLPOOL df1bd6f9ac89ee08656dc9b5dbb3326c44c7406e8d89ea19caf06f3bed3136237e82f687d467799f101a9d54bc76f581f22c1bb51249323096af1c95ef192107 diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.confd b/net-vpn/logmein-hamachi/files/logmein-hamachi.confd new file mode 100644 index 000000000000..73523ee3e3de --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.confd @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# /etc/conf.d/logmein-hamachi +# Config file for logmein-hamachi control script + +# Location of config, identity and log files +CONFDIR="/var/lib/logmein-hamachi" + +# Your nickname +# Set it to enable auto-login when starting the service +NICKNAME="" + +# Seconds to wait before auto-login (if enabled) +WAIT="2" diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.initd b/net-vpn/logmein-hamachi/files/logmein-hamachi.initd new file mode 100644 index 000000000000..4bff7452ebcc --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.initd @@ -0,0 +1,77 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/opt/logmein-hamachi/bin/hamachid +PIDFILE=/var/run/logmein-hamachi/hamachid.pid + +depend() { + need net +} + +checktun() { + [ $(uname -s) = "Linux" ] || return 0 + [ -e /dev/net/tun ] && return 0 + modprobe tun && return 0 + + eerror "TUN/TAP support is not available in the running kernel" + return 1 +} + +start_pre() { + checkpath -d /var/run/logmein-hamachi +} + +start() +{ + # returns + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + checktun || return 2 + + ebegin "Starting hamachi" + + start-stop-daemon --quiet --start --exec "${DAEMON}" \ + --pidfile "${PIDFILE}" -- -c "${CONFDIR}" + result=$? + + if [ ${result} -eq 0 ] && [ -n "${NICKNAME}" ]; then + # it fails logging in immediately + sleep ${WAIT} + /usr/bin/hamachi login + if [ -z "$(/usr/bin/hamachi | grep 'logged in')" ]; then + start-stop-daemon --quiet --stop \ + --exec "${DAEMON}" --pidfile "${PIDFILE}" + result=1 + else + /usr/bin/hamachi set-nick "${NICKNAME}" + fi + fi + + eend ${result} +} + +stop() +{ + # returns + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + ebegin "Stopping hamachi" + + /usr/bin/hamachi logout + start-stop-daemon --quiet --stop --exec "${DAEMON}" \ + --pidfile "${PIDFILE}" + + eend $? +} + +status() { + service_started "${SVCNAME}" || return 1 + /usr/bin/hamachi + /usr/bin/hamachi list +} diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.service b/net-vpn/logmein-hamachi/files/logmein-hamachi.service new file mode 100644 index 000000000000..609447e16373 --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.service @@ -0,0 +1,10 @@ +[Unit] +Description=LogMeIn Hamachi daemon +After=local-fs.target network.target + +[Service] +ExecStart=/opt/logmein-hamachi/bin/hamachid +Type=forking + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild new file mode 100644 index 000000000000..719f37c44aae --- /dev/null +++ b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd + +DESCRIPTION="LogMeIn Hamachi VPN tunneling engine" +HOMEPAGE="https://secure.logmein.com/products/hamachi" +SRC_URI="x86? ( https://secure.logmein.com/labs/${P}-x86.tgz ) + amd64? ( https://secure.logmein.com/labs/${P}-x64.tgz )" + +LICENSE="LogMeIn" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="" + +RDEPEND="!net-misc/hamachi" + +RESTRICT="mirror" + +QA_PREBUILT="/opt/${PN}/bin/hamachid" +QA_PRESTRIPPED="/opt/${PN}/bin/hamachid" +QA_WX_LOAD="/opt/${PN}/bin/hamachid" + +pkg_setup() { + einfo "Checking your kernel configuration for TUN/TAP support." + CONFIG_CHECK="~TUN" + check_extra_config +} + +src_unpack() { + unpack ${A} + mv "${P}-$(use x86 && echo x86 || echo x64)" "${S}" || die +} + +src_install() { + into /opt/${PN} + dobin hamachid dnsup dnsdown + dosym /opt/${PN}/bin/hamachid /usr/bin/hamachi + + # Config and log directory + dodir /var/lib/${PN} + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + + dodoc CHANGES README +} + +pkg_postinst() { + elog "LogMeIn Hamachi2 is installed." + elog "Consult the README file on how to configure your client." + elog "You can run the client 'hamachi' as root," + elog "or as a user if you add a newline terminated line:" + elog "Ipc.User <login name>" + elog "to the file '/var/lib/${PN}/h2-engine-override.cfg'" + elog "and restart the daemon with" + elog "/etc/init.d/${PN} restart" + elog "or:" + elog "systemctl restart ${PN}" + elog "To enable auto-login when the service starts set a nickname in" + elog "/etc/conf.d/${PN} (only supported using openRC)" +} diff --git a/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild new file mode 100644 index 000000000000..d340b702289f --- /dev/null +++ b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info systemd + +DESCRIPTION="LogMeIn Hamachi VPN tunneling engine" +HOMEPAGE="https://www.vpn.net/" +SRC_URI="x86? ( https://www.vpn.net/installers/${P}-x86.tgz ) + amd64? ( https://www.vpn.net/installers/${P}-x64.tgz )" + +LICENSE="LogMeIn" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="" + +RDEPEND="!net-misc/hamachi" + +RESTRICT="mirror" + +QA_PREBUILT="/opt/${PN}/bin/hamachid" +QA_PRESTRIPPED="/opt/${PN}/bin/hamachid" +QA_WX_LOAD="/opt/${PN}/bin/hamachid" + +pkg_setup() { + einfo "Checking your kernel configuration for TUN/TAP support." + CONFIG_CHECK="~TUN" + check_extra_config +} + +src_unpack() { + unpack ${A} + mv "${P}-$(use x86 && echo x86 || echo x64)" "${S}" || die +} + +src_install() { + into /opt/${PN} + dobin hamachid dnsup dnsdown + dosym /opt/${PN}/bin/hamachid /usr/bin/hamachi + + # Config and log directory + dodir /var/lib/${PN} + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + + dodoc CHANGES README +} + +pkg_postinst() { + elog "LogMeIn Hamachi2 is installed." + elog "Consult the README file on how to configure your client." + elog "You can run the client 'hamachi' as root," + elog "or as a user if you add a newline terminated line:" + elog "Ipc.User <login name>" + elog "to the file '/var/lib/${PN}/h2-engine-override.cfg'" + elog "and restart the daemon with" + elog "/etc/init.d/${PN} restart" + elog "or:" + elog "systemctl restart ${PN}" + elog "To enable auto-login when the service starts set a nickname in" + elog "/etc/conf.d/${PN} (only supported using openRC)" +} diff --git a/net-vpn/logmein-hamachi/metadata.xml b/net-vpn/logmein-hamachi/metadata.xml new file mode 100644 index 000000000000..14dde2333ec1 --- /dev/null +++ b/net-vpn/logmein-hamachi/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>nonno.cicala@libero.it</email> + <name>Simone Scanzoni</name> + </maintainer> +<maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/metadata.xml b/net-vpn/metadata.xml new file mode 100644 index 000000000000..b5449d0bcb22 --- /dev/null +++ b/net-vpn/metadata.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<catmetadata> + <longdescription lang="en"> + The net-vpn category contains packages related to virtual private + networks and tunneling utilities. + </longdescription> +</catmetadata> + diff --git a/net-vpn/miredo/Manifest b/net-vpn/miredo/Manifest new file mode 100644 index 000000000000..83e758388b91 --- /dev/null +++ b/net-vpn/miredo/Manifest @@ -0,0 +1,9 @@ +AUX miredo-1.2.5-configure-libcap.diff 918 SHA256 0e78e9311d3e493b290e21550d1cf9d3227a591d79714b41797d1f8b8f936eca SHA512 151a5edc97c021b8d54dfb4664321c1774ce703bf9eaebb0079ba04100e5af1f632218172f674b781f8d1df64993761435c78a26cb0c4158929cdf9e0ba27523 WHIRLPOOL 92dcd4cf531a0c6db2029ddfcd12a194c9e6d7bcc0d61ac4303ae180c2651e2e5646d3489f7be79d9b9d462dec986e81f832e06e7a2ef747486089c774f575d4 +AUX miredo-1.2.5-ip-path.patch 802 SHA256 67a7cb33b45613b587d94e620e179b988525143164f3f131cdaed1296630189b SHA512 dba30cebdc245f623b75cfcf018508af31619eeb3f1830bb767cd4d6d5aeeb8988948f57d454cc96bcbaae793374e83645dbb4782c717b60ab3738cfd4e804ab WHIRLPOOL 32e983df3544539d7c0c0df0c903207afbeda6145d5ab2748460151afea22250c110941d05ef218340bda71f3cfa7ee6d59d3cbcea7fb7f033cf921a5e6d6a63 +AUX miredo.conf.2 46 SHA256 4ddee52d16bf7510b5eae619507a0d4a2039a5c91d55ca35f1aed54a977a6058 SHA512 a0257aee71f0aa476bc5876854e1a08387812ea7b5048a8f5d67d4202d27e8d76c0826720b8a84f4bbaed3ed209e94bf723123b8dcfc8a953fc6abdb831235c3 WHIRLPOOL 89c1083f127122f079a54d7a8d2a6da7d73ff9482f13ee082a1bdfde2f72b34fa6e3ab2c28e4f26b74587235c014badb7d7cbf4e14919c3d4c642abf17c20573 +AUX miredo.rc.2 284 SHA256 c40f26c42c5ceb316b102070a697464be40b1eef97f8942fe3552e07b4ae4577 SHA512 f4bcb55570edddf9ca1346687287f89d35d0240098f561a8415f2bdf4a2b3f3806be17be9f09223535bbda2cb77478c64c1b973f2e80384a70a947e07538ce89 WHIRLPOOL c0e488e9f6b4da0ef0f3d77d5f3cc8d03dc936490276fa3c830d295b1331aadd9c1ebeac1fceb53761662f12e2c872603e645d3e00a6c4264ce9a19ff5f456f8 +DIST miredo-1.2.5.tar.xz 474236 SHA256 9d6c6aacfbde0e152481273cda4dc9a62f8724c4c941fa8e0806e89ab9992262 SHA512 94bc71b7093783ad103a0aceb95ad3de1739e4ec1d763b3c6cea9bb1768f55359448957f623ee3f966955c555bb9f71ff0216d9d4e8d2ff244bb058731702c70 WHIRLPOOL 45b38f19fc50bb5661dcc51166c721c507d70b29072c7a2c3195c093ec91259dfbcdc40e3889f5242af79cf2f04fb7fdb3e48f7bd2cc15d6262813891fa9624c +DIST miredo-1.2.6.tar.xz 477668 SHA256 fa26d2f4a405415833669e2e2e22677b225d8f83600844645d5683535ea43149 SHA512 9cbc604aecde566f921834a220be7675981e1c603cbcc81c3e2e9c58fdcdae2e78ec6ffc180939d5b8f6d7598ba3967270532b2c0c04de8b688a86c436719caf WHIRLPOOL 5b2723568e1cc583e15b32dbb578c12438ba30802bc1e11a912829c010d655d8a867f8070e1b9a4a2c1c910ca4abc1ef6109d87372f382e8787d4514d035d513 +EBUILD miredo-1.2.5-r2.ebuild 1263 SHA256 bb70210595c8d7db2d7cdf9599a1c5efc0e65544c6e094930a9672acfdc59df4 SHA512 f140c1a01dee2c164464cfc27fa724800e502e399b2d7f3224dab76ae1db30a7a15e87054ab38126a1913869e66d79f98f0bea55eec348e356d09b855f09d863 WHIRLPOOL f7c66cb5e77c9cf516e09d7f149c307cb0e1e9d3d484aaab7377f161e427305bbd96fd2c588ed8146ae5fcbebc1f45dcb958ed373336fa460d637ab8f6aa40a9 +EBUILD miredo-1.2.6.ebuild 1277 SHA256 14cecd3eb71841c6df33f7f1f126cea921792ea4e4dd59adef072145a77807b7 SHA512 1a89d26cbcdeda906044d65683643fa82c6b220b26cdab22e7ae948c6e7a10eddb8660496262d9814a379dd52249e47354c9b286fdff5f336af1c7ffaa3bd332 WHIRLPOOL 4f16b0a41d758b9f4fe30fe7e6de8d1f31e21aa48808c5d5ee12bf2b0061be8eec1084834c5e326cadb407e3ca77d18e7f9883f7d45c5617a3751415b67511b8 +MISC metadata.xml 573 SHA256 5aeb5c472888636400dfe9b5fda8026fbb6c5cab1983b9b6b31858d041c23eb3 SHA512 892d41bc3f167540f3e8d6df838386b6e6a63ac1104c45be0aced34d4bebbc7a07b4f420709adbf94bfdb52e74b25df686b65ac1303f0fee3cefe89e622c1911 WHIRLPOOL 0c903d413acaed6ccc2d076d0005ab92c397316daca66a843a4e9864a9ce7ddb180ed939c18c720ef570b0162e2e2590a332170b2dd2967d5c9af29ba1e7fb0a diff --git a/net-vpn/miredo/files/miredo-1.2.5-configure-libcap.diff b/net-vpn/miredo/files/miredo-1.2.5-configure-libcap.diff new file mode 100644 index 000000000000..cffdbf1e562e --- /dev/null +++ b/net-vpn/miredo/files/miredo-1.2.5-configure-libcap.diff @@ -0,0 +1,33 @@ +--- configure.ac.ori 2012-06-14 21:55:13.756603416 +0200 ++++ configure.ac 2012-06-14 23:12:01.425399836 +0200 +@@ -150,16 +150,23 @@ + + # POSIX capabilities + LIBCAP="" +-AC_CHECK_HEADERS([sys/capability.h], [ +- AC_CHECK_LIB(cap, cap_set_proc, [ +- LIBCAP="-lcap" +- AC_DEFINE(HAVE_LIBCAP, 1, +- [Define to 1 if you have the `cap' library (-lcap).]) +- ]) ++AC_ARG_WITH(libcap, ++ AS_HELP_STRING([--with-libcap], [enable POSIX 1003.1e capabilities]), ++ with_libcap=$withval, ++ with_libcap=auto) ++AC_MSG_CHECKING([whether to enable POSIX 1003.1e capabilities]) ++AC_MSG_RESULT($with_libcap) ++ ++AS_IF([test "x$with_libcap" != "xno"], [ ++ AC_CHECK_HEADERS([sys/capability.h]) ++ AC_CHECK_LIB(cap, cap_set_proc, [ ++ LIBCAP="-lcap" ++ AC_DEFINE(HAVE_LIBCAP, 1, ++ [Define to 1 if you have the cap library (-lcap).]) ++ ]) + ]) + AC_SUBST(LIBCAP) + +- + # Judy + AC_ARG_WITH(Judy, + [AS_HELP_STRING(--with-Judy, diff --git a/net-vpn/miredo/files/miredo-1.2.5-ip-path.patch b/net-vpn/miredo/files/miredo-1.2.5-ip-path.patch new file mode 100644 index 000000000000..1d7b0fc39f6e --- /dev/null +++ b/net-vpn/miredo/files/miredo-1.2.5-ip-path.patch @@ -0,0 +1,28 @@ +Index: miredo-1.2.5/misc/client-hook.iproute +=================================================================== +--- miredo-1.2.5.orig/misc/client-hook.iproute ++++ miredo-1.2.5/misc/client-hook.iproute +@@ -5,7 +5,10 @@ + # Distributed under the terms of the GNU General Public License version 2. + + # Linux iproute2 path: +-IP="/sbin/ip" ++IP="ip" ++ ++test -x "/sbin/ip" && IP=/sbin/ip ++test -x "/bin/ip" && IP=/bin/ip + + # Linux default route default metric is 1024 + # (we put 1029 so that Teredo is used as a last resort): +@@ -23,11 +26,6 @@ PRIO=32765 + # (default: specified by the Teredo server, or 1280) + #MTU=1400 + +-if ! test -x "$IP"; then +- echo "$0: iproute2 is required! Please install it." >&2 +- exit 1 +-fi +- + # Nothing to do with destroy event + if test "$STATE" = "destroy"; then exit 0; fi + diff --git a/net-vpn/miredo/files/miredo.conf.2 b/net-vpn/miredo/files/miredo.conf.2 new file mode 100644 index 000000000000..f4ef08a23112 --- /dev/null +++ b/net-vpn/miredo/files/miredo.conf.2 @@ -0,0 +1,2 @@ +# Options to pass to the daemon +EXTRA_OPTS="" diff --git a/net-vpn/miredo/files/miredo.rc.2 b/net-vpn/miredo/files/miredo.rc.2 new file mode 100644 index 000000000000..c0ae6d0d1495 --- /dev/null +++ b/net-vpn/miredo/files/miredo.rc.2 @@ -0,0 +1,13 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after net modules + use dns logger +} + +command=/usr/sbin/${SVCNAME} +command_args="${MIREDO_OPTS}" +pidfile=/var/run/${SVCNAME}.pid diff --git a/net-vpn/miredo/metadata.xml b/net-vpn/miredo/metadata.xml new file mode 100644 index 000000000000..52ee8970cb99 --- /dev/null +++ b/net-vpn/miredo/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>xmw@gentoo.org</email> + <name>Michael Weber</name> +</maintainer> +<longdescription lang="en"> +Miredo is an open-source Teredo IPv6 tunneling software, for Linux and the +BSD operating systems. It includes functional implementations of all +components of the Teredo specification (client, relay and server). It is +meant to provide IPv6 connectivity even from behind NAT devices. +</longdescription> +</pkgmetadata> diff --git a/net-vpn/miredo/miredo-1.2.5-r2.ebuild b/net-vpn/miredo/miredo-1.2.5-r2.ebuild new file mode 100644 index 000000000000..74773d853de8 --- /dev/null +++ b/net-vpn/miredo/miredo-1.2.5-r2.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit autotools eutils linux-info user + +DESCRIPTION="Miredo is an open-source Teredo IPv6 tunneling software" +HOMEPAGE="http://www.remlab.net/miredo/" +SRC_URI="http://www.remlab.net/files/${PN}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="+caps" + +RDEPEND="sys-apps/iproute2 + dev-libs/judy + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND} + app-arch/xz-utils" + +CONFIG_CHECK="~IPV6" #318777 + +#tries to connect to external networks (#339180) +RESTRICT="test" + +DOCS=( AUTHORS ChangeLog NEWS README TODO THANKS ) + +src_prepare() { + epatch "${FILESDIR}"/${P}-configure-libcap.diff + epatch "${FILESDIR}"/${P}-ip-path.patch + eautoreconf +} + +src_configure() { + econf \ + --disable-static \ + --enable-miredo-user \ + --localstatedir=/var \ + $(use_with caps libcap) +} + +src_install() { + default + prune_libtool_files + + newinitd "${FILESDIR}"/miredo.rc.2 miredo + newconfd "${FILESDIR}"/miredo.conf.2 miredo + newinitd "${FILESDIR}"/miredo.rc.2 miredo-server + newconfd "${FILESDIR}"/miredo.conf.2 miredo-server + + insinto /etc/miredo + doins misc/miredo-server.conf +} + +pkg_preinst() { + enewgroup miredo + enewuser miredo -1 -1 /var/empty miredo +} diff --git a/net-vpn/miredo/miredo-1.2.6.ebuild b/net-vpn/miredo/miredo-1.2.6.ebuild new file mode 100644 index 000000000000..63494b5abd31 --- /dev/null +++ b/net-vpn/miredo/miredo-1.2.6.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit autotools eutils linux-info user + +DESCRIPTION="Miredo is an open-source Teredo IPv6 tunneling software" +HOMEPAGE="http://www.remlab.net/miredo/" +SRC_URI="http://www.remlab.net/files/${PN}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="+caps" + +RDEPEND="sys-apps/iproute2 + dev-libs/judy + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND} + app-arch/xz-utils" + +CONFIG_CHECK="~IPV6" #318777 + +#tries to connect to external networks (#339180) +RESTRICT="test" + +DOCS=( AUTHORS ChangeLog NEWS README TODO THANKS ) + +src_prepare() { + epatch "${FILESDIR}"/${PN}-1.2.5-configure-libcap.diff + epatch "${FILESDIR}"/${PN}-1.2.5-ip-path.patch + eautoreconf +} + +src_configure() { + econf \ + --disable-static \ + --enable-miredo-user \ + --localstatedir=/var \ + $(use_with caps libcap) +} + +src_install() { + default + prune_libtool_files + + newinitd "${FILESDIR}"/miredo.rc.2 miredo + newconfd "${FILESDIR}"/miredo.conf.2 miredo + newinitd "${FILESDIR}"/miredo.rc.2 miredo-server + newconfd "${FILESDIR}"/miredo.conf.2 miredo-server + + insinto /etc/miredo + doins misc/miredo-server.conf +} + +pkg_preinst() { + enewgroup miredo + enewuser miredo -1 -1 /var/empty miredo +} diff --git a/net-vpn/nstx/Manifest b/net-vpn/nstx/Manifest new file mode 100644 index 000000000000..9d2ecea79a21 --- /dev/null +++ b/net-vpn/nstx/Manifest @@ -0,0 +1,14 @@ +AUX nstx-1.1_beta6_00-linux-tuntap.patch 13121 SHA256 8364704e63fc1ce6c0d4f2b88ec25d6d4b5484d0316dd3fd1ae69b9753a8c2d4 SHA512 34f4fae62bdb92718ec074183088bc7b0a8676c62edd421452ffd1f813e7f0b01c80aa567deb50f8efd97f6ac34d5b63191f659317e6b6ea3c252562b6ed532c WHIRLPOOL 21ad8589e8747898ed22cab84a660d9296dac4b49ef78d776771a628e813b0e798ad871b7985b05b333def0a8ddc8feec2e6257934bf23029c5c23e92a93a876 +AUX nstx-1.1_beta6_01-bind-interface-name.patch 4226 SHA256 1b2927fedb57314b5581db1f8cec837dc05eff5e3a0bd79769224c17667e80f7 SHA512 7e7db50de29c6333fcdf2b3d4b0fb96e1778aa3efc1f04235c42d286d54ae722e73995eaa41c26405a5c365e62368add3b5bc68e3e2445d6be7457dce20b97b3 WHIRLPOOL 8dde6596e6bee42f5cbcdf67b34d41f9786f7d33ba8032af715191e4afb45136b97e4a2473d909b8deafcaf50680ff1251ff56a3eef9b71be10adaddd905b056 +AUX nstx-1.1_beta6_02-warn-on-frag.patch 736 SHA256 278b1399afa22d2077650db3bb877a19bf56fe75f53f87b3104c6a04af7a9484 SHA512 f9e056e01af85773baa5e9bfd1a1fa5edbac4c257482c3e2e2028447902a47f44205e0775488eddb42093a7749b6082a998e6388f2b31e5df05f83ac2783ebc4 WHIRLPOOL ced0af1a6125100280c04db9df3a8e92cdd2e30b0e055bc56744e99d93c36581fc96dbe66600fe70c2734541ef5ff2d90573178bd0e665646a252c6d7282df0e +AUX nstx-1.1_beta6_03-delete-dwrite.patch 508 SHA256 77165b0575a72c054cb43d4133a11d6a555e685e4e4775c2baed25871d5f6acd SHA512 ede1d5443a1ed246e120baac6da7e7eb784c74b8df44ad50f1b1e5edc014f038841f8337bf492e7e655bc23666c802ad5cb3a64ba42541f451b4dd962fb355d8 WHIRLPOOL d77edaa624f4d477362fa0c02906c9901644d38b4a88790330ff7ac2fcb3531d8b0fc3cf7d0e71d95380c00aaeedd09b1d8ae32f18343b719d48a61bbff59000 +AUX nstx-1.1_beta6_04-delete-werror.patch 433 SHA256 362f07ae993e9480669673493055cfac4428a1fbe12e4ba88855794db5bf0a3e SHA512 0bff2ae9310f86e1e7714967dffe489afbd623f3342be9c98a0d0b053cc8d5e1cbba052caf25ba16d4a30785fa9f21b853c01d43efb0a1b2d074265eafe99133 WHIRLPOOL ccb8d525522a95c9b2977acd0e2c1b9d1baf40ae8871dad7785035f77e7cdb3ba9471461243504a81846b1657f450f6c269909859cca991d1ec1a8ce002ce5a9 +AUX nstx-1.1_beta6_05-respect-ldflags.patch 448 SHA256 30d0aad3e5c790d627de7472f23f0221855c5eb7828d35956197c33c2062f0e6 SHA512 6606d250c66574a867a9dd5d1a69fa35c14ad1ae88c2d835cc7d25ed7de4bd352b4c5330a3b115f8ce04034c31aef7cef438630dd515331a04b0da317572ce09 WHIRLPOOL a4b034a1e2e4a7ce987db1f44d1458f27e396392042648471cf79fda8375ea3133b523cc4117125c8bcac9369775ab248a1227d48f474906c231134cd6b51a5d +AUX nstxcd.conf 2237 SHA256 b5db1816444f44899820119fa7cb05bbea0b0c2d41f0151dd7c1afbaae78c089 SHA512 b0a58b2db6852fd8679b28ce0216caa7aa275790bb2204f3ef209bcd81d3c736a0482fd31be615dbfc49e79039ee190ae27b07382bfceabcb4aa5810da7bca72 WHIRLPOOL b86f3c29744c8c851498bb75c5e1c8e7e443c9ea85a260f60fdb103e7102f4f18045c9795d2663d6e37f4f3b53dd1bf2513e099abcc025c017802563ccf72139 +AUX nstxcd.init 2338 SHA256 12bac878ade18efa1be8fef9fccd38f0e75bae4a8d705b47f6f301231e153e66 SHA512 282694907db26d460ac15e5b3ca981f2bf327b8b033a467de1754273387a10c46d6eb57df45e4f588b0526e83c0c733c850f2e7edba06c7f8c2437c086ef7479 WHIRLPOOL 9df4ce06086618d40c18ac016e9c4b496dfa1deefe448ac2ccc82ed2fde75e5618cac55b199836748185e1f5ce00e2ea218aa6d25ea7bd96fe00e9f4f9d7ad97 +AUX nstxd.conf 1377 SHA256 eed0298b1a7866a3f9ef2469467b8e18156464b0de9906fc9815bce0ebe6fea0 SHA512 417f9b30ff54ffa4a9177d99f059eb11406a02d614b0cc1db59e385733ac763b81037a9047f84931f7373151ec674151a0a04784ae56c4bcf215efa91373f583 WHIRLPOOL ff00183f6a7772b7b3718989ecd293a8273424c3a234f33f1b13e3ab70786bb6899fb55c373f899284d0f8e91fa88a09aab495e3a913c8906888e747d5a87b1e +AUX nstxd.init 2287 SHA256 42fe14af2e727d908a70c803db3cadb8ae9b4633b6f697e67cb2b58c595dab9c SHA512 e04759a4b6695e1f6acfd60dae13045d6b789d6fd5bbce747c3ca792c6885412365578f02b6bdaea01dc58201a82c0a5544dbec2f1791df79704f112a0a81b1a WHIRLPOOL 485d81739012361481878897accdc076d25544b81cf2bdf75bbe3a1cfed020f7d860d8b4dc350ed6ede97fbd19f05f9bce68cef9349174c0c83d5856db4ba6ae +DIST nstx-1.1-beta6.tgz 20458 SHA256 57a1962a66e9cb64fe70839d852c56cd253092260eab589a8173740b75b21450 SHA512 93aa795446d1fe38239559c5a82e595ed59b37ab8ab674b1cb80c6a079ecb9e14bef87b670febe77920560239001206da4ce4875092ff5334770eb1f3447d45f WHIRLPOOL 058cda5a036446e6009250830b65929b4d22ad73507e874df2a84a72a2b595d4da54568e46545c1d7e476797e07ff3e9af9e78032751a4275cded81e28209036 +DIST nstx_1.1-beta6-5.diff.gz 10063 SHA256 ee301d0bee2a3e44f576a6c8cf1534878264f6d79a489eae5ca7237262cd0d32 SHA512 32cfada863154b83217195d3423ecb9367c7f6e56877feed197dc59fa6497fa295cbb76eeb694e658baa346beb2e288c3a45233dae9419a613d759025829a306 WHIRLPOOL 1b1dfdec95032488294b33ef1dfa39a2482ec7a6df2fb8c6c57ce84284f7e0789a74a8d7a06d31d31633acbbe3836e49bef9a91b96fe305face22b4bcc082050 +EBUILD nstx-1.1_beta6-r3.ebuild 1471 SHA256 dae1fcdfd190a35ca227867b9fbd865eacc5f8888bd7f298d9739ac4255f0a86 SHA512 8066090bbd459b363456fdad51178ea3a7360bbb90a714ab3d0390e87abf3bba1c21c818035900bf3eb74ffd24624692c149699c0bcd671c70081347d6ffa587 WHIRLPOOL fd7afb9087314d82a0ff7bca5172a446186d3a3a9002353a5c732fae0a67322a84a1c4b6b8fa0d53e91d7daa0c474e9a9d301e361720862f1f93dbe755de60ab +MISC metadata.xml 216 SHA256 f7475919f28a8a93ec8bd025c8f8bbab918f66d0d1737420c876f0480308fe6a SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd WHIRLPOOL 163285b60aa93e00993af659dc1e29a9eb245bd3415dd5ec75b284250596165f469028102b72fa0c344834443a44c1bbcf6272fe6a3f5211f721fc96e1c6ec16 diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch new file mode 100644 index 000000000000..524fd705a86e --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch @@ -0,0 +1,465 @@ +diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c +--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-16 22:45:28.000000000 +0000 +@@ -19,13 +19,15 @@ + + #ifdef linux + #include <linux/if_tun.h> +-#define TUNDEV "/dev/net/tun" ++#define TUNINT "tun0" ++#define TUNDEVNODE "/dev/net/tun" + #else + # include <net/if_tun.h> ++# define TUNINT "NULL?" + # if __FreeBSD_version < 500000 +-# define TUNDEV "/dev/tun2" ++# define TUNDEVNODE "/dev/tun2" + # else +-# define TUNDEV "/dev/tun" ++# define TUNDEVNODE "/dev/tun" + # endif + #endif + +@@ -33,127 +35,135 @@ + + #define MAXPKT 2000 + +-#define TAPDEV "/dev/tap0" ++#define TAPINT "tap0" ++#define TAPDEVNODE "/dev/net/tun" + + int tfd = -1, nfd = -1; + static char dev[IFNAMSIZ+1]; + +-static int tun_alloc (const char *path); ++static int tun_alloc (const char * interface, const char * device_node); ++static int tap_alloc (const char * interface, const char * device_node); ++ + #ifdef linux +-static int tap_alloc (const char *path); ++static int tuntap_alloc_linux(const char * interface, const char * device_node, ++ int mode); ++#else ++static int tun_alloc_bsd(const char * interface, const char * device_node); + #endif + + void +-open_tuntap(const char *device) ++open_tuntap(const char * interface, const char * device_node, int tun) + { +- int tunerr; +-#ifdef linux +- int taperr; +-#endif ++ int err; ++ ++ if (!interface) ++ interface = (tun ? TUNINT : TAPINT); ++ ++ if (!device_node) ++ device_node = (tun ? TUNDEVNODE : TAPDEVNODE); ++ ++ fprintf(stderr, "Opening %s interface %s at %s... ", tun ? "tun" : "tap", ++ interface, device_node); ++ ++ err = (tun ? tun_alloc(interface, device_node) : tap_alloc(interface, ++ device_node)); ++ ++ if (!err) { ++ fprintf(stderr, "using interface %s\n", dev); ++ ++ if (tun) ++ fprintf(stderr, "you will now need to assign an ip and routing to " ++ "this interface\n"); ++ else ++ fprintf(stderr, "you will now need to add bridging or other rules " ++ "to this interface\n"); ++ return; ++ } + +- fprintf(stderr, "Opening tun/tap-device... "); +- if ((tunerr = tun_alloc(device ? device : TUNDEV)) ++ fprintf(stderr, "failed! (%s)\n", strerror(err)); ++ ++ fprintf(stderr, "Diagnostics: "); ++ ++ if (err == EPERM) ++ fprintf(stderr, "you usually have to be root to use nstx.\n"); ++ else if (err == ENOENT) ++ fprintf(stderr, "maybe you need kernel support -- did you modprobe " ++ "tap?\n"); ++ else if (err == ENODEV) ++ fprintf(stderr, "maybe you need kernel support -- did you modprobe " ++ "tap?\n"); + #ifdef linux +- && (taperr = tap_alloc(device ? device : TAPDEV)) ++#else ++ else if ((err == EINVAL) && !tun) ++ fprintf(stderr, "tap support is only available under linux\n"); + #endif +- ) { +- fprintf(stderr, "failed!\n" +- "Diagnostics:\nTun ("TUNDEV"): "); +- switch (tunerr) { +- case EPERM: +- fprintf(stderr, "Permission denied. You usually have to " +- "be root to use nstx.\n"); +- break; +- case ENOENT: +- fprintf(stderr, TUNDEV " not found. Please create /dev/net/ and\n" +- " mknod /dev/net/tun c 10 200 to use the tun-device\n"); +- break; +- case ENODEV: +- fprintf(stderr, "Device not available. Make sure you have " +- "kernel-support\n for the tun-device. Under linux, you " +- "need tun.o (Universal tun/tap-device)\n"); +- break; +- default: +- perror("Unexpected error"); +- break; +- } +- fprintf(stderr, "Tap ("TAPDEV"):\n(only available under linux)\n"); ++ else ++ fprintf(stderr, "none, sorry\n"); ++ ++ exit(EXIT_FAILURE); ++} ++ ++int tun_alloc(const char * interface, const char * device_node) ++{ + #ifdef linux +- switch (taperr) { +- case EPERM: +- fprintf(stderr, "Permission denied. You generally have to " +- "be root to use nstx.\n"); +- break; +- case ENOENT: +- fprintf(stderr, TAPDEV " not found. Please\n" +- " mknod /dev/tap0 c 36 16 to use the tap-device\n"); +- break; +- case ENODEV: +- fprintf(stderr, "Device not available. Make sure you have kernel-support\n" +- " for the tap-device. Under linux, you need netlink_dev.o and ethertap.o\n"); +- break; +- default: +- fprintf(stderr, "Unexpected error: %s\n", strerror(taperr)); +- break; +- } ++ return tuntap_alloc_linux(interface, device_node, IFF_TUN); ++#else ++ return tun_alloc_bsd(interface, device_node); + #endif +- exit(EXIT_FAILURE); +- } +- +- fprintf(stderr, "using device %s\n" +- "Please configure this device appropriately (IP, routes, etc.)\n", dev); + } + +-int +-tun_alloc (const char *path) ++int tap_alloc(const char * interface, const char * device_node) + { + #ifdef linux +- struct ifreq ifr; ++ return tuntap_alloc_linux(interface, device_node, IFF_TAP); + #else +- struct stat st; ++ return EINVAL; + #endif +- +- if ((tfd = open(path, O_RDWR)) < 0) +- return errno; ++} + + #ifdef linux +- memset(&ifr, 0, sizeof(ifr)); ++ ++int tuntap_alloc_linux(const char * interface, const char * device_node, ++ int mode) ++{ ++ struct ifreq ifr; ++ ++ if ((tfd = open(device_node, O_RDWR)) < 0) ++ return errno; ++ ++ memset(&ifr, 0, sizeof(ifr)); + +- ifr.ifr_flags = IFF_TUN|IFF_NO_PI; ++ ifr.ifr_flags = mode | IFF_NO_PI; ++ strncpy(ifr.ifr_name, interface, sizeof(ifr.ifr_name)); ++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0; + +- if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0) +- { +- close(tfd); +- tfd = -1; +- return errno; +- } +- strncpy(dev, ifr.ifr_name, IFNAMSIZ+1); +-#else +- fstat(tfd, &st); +- strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1); +-#endif ++ if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0) { ++ close(tfd); ++ tfd = -1; ++ return errno; ++ } ++ ++ strncpy(dev, ifr.ifr_name, IFNAMSIZ+1); + +- return 0; ++ return 0; + } + ++#else /* bsd */ + +-#ifdef linux +-int +-tap_alloc(const char *path) ++int tun_alloc_bsd(const char * interface, const char * device_node) + { +- char *ptr; +- +- if ((tfd = open(path, O_RDWR)) < 0) ++ struct stat st; ++ ++ if ((tfd = open(device_node, O_RDWR)) < 0) + return errno; +- +- if ((ptr = strrchr(path, '/'))) +- strncpy(dev, ptr+1, IFNAMSIZ+1); +- else +- strncpy(dev, path, IFNAMSIZ+1); ++ ++ fstat(tfd, &st); ++ strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1); + + return 0; + } +-#endif ++ ++#endif /* linux/bsd */ + + void + open_ns(const char *ip) +diff -ru nstx-1.1-beta6.orig/nstxcd.8 nstx-1.1-beta6/nstxcd.8 +--- nstx-1.1-beta6.orig/nstxcd.8 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxcd.8 2009-03-16 23:16:21.000000000 +0000 +@@ -3,7 +3,7 @@ + nstxcd \- IP over DNS tunneling client + + .SH SYNOPSIS +-.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR" ++.B "nstxcd \fIOPTIONS\fR \fIDOMAIN\fR \fIIPADDRESS\fR" + + .SH DESCRIPTION + .B nstxcd +@@ -13,6 +13,14 @@ + .SH OPTIONS + .B nstxcd + takes the following options: ++.IP \-I tun/tap interface ++Use this tun/tap interface instead of the default (tun0/tap0) ++.IP \-d tun/tap device node ++Use this tun/tap device node instead of the default (/dev/net/tun on Linux) ++.IP \-t ++Tun mode (default) ++.IP \-T ++Tap mode + .IP "domain" + The domain that nstxcd will send requests to. This domain must be delegated + to a machine that is running nstxd. +@@ -22,9 +30,9 @@ + .SH USAGE + .Bnstxcd + should be run against a domain that has been delegated to a machine running +-nstxd. It will then take any packets that are sent to the tun0 interface and +-send them over DNS to the other tunnel endpoint. Responses will appear on +-the tun0 interface. ++nstxd. It will then take any packets that are sent to the tun/tap interface and ++send them over DNS to the other tunnel endpoint. Responses will appear on the ++tun/tap interface. + + .SH AUTHORS + +diff -ru nstx-1.1-beta6.orig/nstxcd.c nstx-1.1-beta6/nstxcd.c +--- nstx-1.1-beta6.orig/nstxcd.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxcd.c 2009-03-16 23:16:07.000000000 +0000 +@@ -55,25 +55,44 @@ + static void + usage(const char *prog, int code) + { +- fprintf(stderr, "Usage: %s [-d tun-device] <domainname> <dns-server>\n" +- "Example: %s tun.yomama.com 125.23.53.12\n", prog, prog); ++ fprintf(stderr, "Usage: %s [options] <domainname> <dns-server>\n" ++ "Where options are:\n" ++ "\t-d path (use this tun/tap device node instead of default)\n" ++ "\t-I interface (use this tun/tap interface instead of default)\n" ++#ifdef linux ++ "\t-t (tun mode, default)\n" ++ "\t-T (tap mode)\n" ++#endif ++ "example:\n" ++ "%s tun.yomama.com 125.23.53.12\n", prog, prog); + exit(code); + } + + int main (int argc, char * argv[]) { + struct nstxmsg *msg; +- const char *device = NULL; ++ const char *interface = NULL; ++ const char *device_node = NULL; + int ch; ++ int tun = 1; + + nsid = time(NULL); + + if (argc < 3) + usage(argv[0], EX_USAGE); + +- while ((ch = getopt(argc, argv, "hd:")) != -1) { ++ while ((ch = getopt(argc, argv, "hd:I:tT")) != -1) { + switch (ch) { ++ case 'I': ++ interface = optarg; ++ break; + case 'd': +- device = optarg; ++ device_node = optarg; ++ break; ++ case 't': ++ tun = 1; ++ break; ++ case 'T': ++ tun = 0; + break; + case 'h': + usage(argv[0], 0); +@@ -85,7 +104,7 @@ + dns_setsuffix(argv[optind]); + + qsettimeout(10); +- open_tuntap(device); ++ open_tuntap(interface, device_node, tun); + open_ns(argv[optind + 1]); + + for (;;) { +diff -ru nstx-1.1-beta6.orig/nstxd.8 nstx-1.1-beta6/nstxd.8 +--- nstx-1.1-beta6.orig/nstxd.8 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:16:32.000000000 +0000 +@@ -3,7 +3,7 @@ + nstxd \- IP over DNS tunneling daemon + + .SH SYNOPSIS +-.B "nstxd \fIOPTION\fR \fIDOMAIN\fR" ++.B "nstxd \fIOPTIONS\fR \fIDOMAIN\fR" + + .SH DESCRIPTION + .B nstxd +@@ -14,8 +14,14 @@ + .SH OPTIONS + .B nstxd + takes the following option: +-.IP \-d tun-device +-Use this tun device instead of tun0 ++.IP \-I tun/tap interface ++Use this tun/tap interface instead of the default (tun0/tap0) ++.IP \-d tun/tap device node ++Use this tun/tap device node instead of the default (/dev/net/tun on linux) ++.IP \-t ++Tun mode (default) ++.IP \-T ++Tap mode + .IP \-i ipaddr + Bind to this IP address rather than every available address + .IP \-C dir +@@ -33,9 +39,9 @@ + .SH USAGE + A domain should be delegated to the machine that will run nstxd. nstxd should + then be run giving that domain as the only argument. nstxd will then listen +-for requests and translate them into IP packets that will appear on the tun0 +-interface. Packets sent to the tun0 interface will be transferred back to +-the client as DNS answers. ++for requests and translate them into IP packets that will appear on the given ++tun/tap interface. Packets sent to the tun/tap interface will be transferred ++back to the client as DNS answers. + + .SH AUTHORS + +diff -ru nstx-1.1-beta6.orig/nstxd.c nstx-1.1-beta6/nstxd.c +--- nstx-1.1-beta6.orig/nstxd.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:15:30.000000000 +0000 +@@ -55,7 +55,12 @@ + { + fprintf (stderr, "usage: %s [options] <domainname>\n" + "Where options are:\n" +- "\t-d tun-device (use this tun/tap device instead of default\n" ++ "\t-d path (use this tun/tap device node instead of default)\n" ++ "\t-I interface (use this tun/tap interface instead of default)\n" ++#ifdef linux ++ "\t-t (tun mode, default)\n" ++ "\t-T (tap mode)\n" ++#endif + "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n" + "\t-C dir (chroot() to this directory after initialization)\n" + "\t-D (call daemon(3) to detach from terminal)\n" +@@ -68,13 +73,15 @@ + + int main (int argc, char *argv[]) { + signed char ch; +- const char *device = NULL, *dir = NULL; ++ const char *interface = NULL, *dir = NULL; ++ const char *device_node = NULL; + in_addr_t bindto = INADDR_ANY; + uid_t uid = 0; + int daemonize = 0; + int logmask = LOG_UPTO(LOG_INFO); ++ int tun = 1; + +- while ((ch = getopt(argc, argv, "gDC:u:hd:i:")) != -1) { ++ while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) { + switch(ch) { + case 'i': + bindto = inet_addr(optarg); +@@ -84,8 +91,17 @@ + exit(EX_USAGE); + } + break; ++ case 'I': ++ interface = optarg; ++ break; + case 'd': +- device = optarg; ++ device_node = optarg; ++ break; ++ case 't': ++ tun = 1; ++ break; ++ case 'T': ++ tun = 0; + break; + case 'D': + daemonize = 1; +@@ -121,7 +137,7 @@ + + dns_setsuffix(argv[optind]); + +- open_tuntap(device); ++ open_tuntap(interface, device_node, tun); + open_ns_bind(bindto); + + if (dir) { +diff -ru nstx-1.1-beta6.orig/nstxfun.h nstx-1.1-beta6/nstxfun.h +--- nstx-1.1-beta6.orig/nstxfun.h 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 22:40:44.000000000 +0000 +@@ -52,7 +52,7 @@ + + /* DNS */ + +-void open_tuntap (const char *device); ++void open_tuntap (const char * interface, const char * device_node, int tun); + void open_ns (const char *ip); + void open_ns_bind(in_addr_t ip); + diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch new file mode 100644 index 000000000000..0d65f0f6d68b --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch @@ -0,0 +1,134 @@ +diff -ru nstx-1.1-beta6.tuntap/Makefile nstx-1.1-beta6/Makefile +--- nstx-1.1-beta6.tuntap/Makefile 2009-03-16 23:22:11.000000000 +0000 ++++ nstx-1.1-beta6/Makefile 2009-03-16 23:27:09.000000000 +0000 +@@ -1,9 +1,9 @@ + CFLAGS += -ggdb -Wall -Werror -Wsign-compare + +-NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c ++NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c + NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} + +-NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c ++NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c nstx_util.c + NSTXCD_OBJS = ${NSTXCD_SRCS:.c=.o} + + PROGS = nstxd nstxcd +diff -ru nstx-1.1-beta6.tuntap/nstx_util.c nstx-1.1-beta6/nstx_util.c +--- nstx-1.1-beta6.tuntap/nstx_util.c 2004-06-27 21:43:34.000000000 +0000 ++++ nstx-1.1-beta6/nstx_util.c 2009-03-16 23:28:37.000000000 +0000 +@@ -27,6 +27,10 @@ + #include <stdio.h> + #include <sys/types.h> + #include <sys/socket.h> ++#include <net/if.h> ++#include <sys/ioctl.h> ++#include <arpa/inet.h> ++#include <errno.h> + + #include "nstxfun.h" + +@@ -48,6 +52,48 @@ + close(fd); + } + ++static int iface_addr(const char * name, in_addr_t * result) { ++ int r, s; ++ struct ifreq ifr; ++ struct sockaddr_in * sin; ++ ++ s = socket(AF_INET, SOCK_DGRAM, 0); ++ ++ if (s < 0) { ++ perror("socket"); ++ return s; ++ } ++ ++ strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0; ++ ++ r = ioctl(s, SIOCGIFADDR, &ifr); ++ ++ if (r < 0) { ++ perror("ioctl(SIOCGIFADDR)"); ++ return r; ++ } ++ ++ sin = (struct sockaddr_in *)&ifr.ifr_addr; ++ *result = sin->sin_addr.s_addr; ++ ++ if (*result == INADDR_ANY || *result == INADDR_NONE) { ++ fprintf(stderr, "interface %s has no assigned address\n", name); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++int addr_convert(const char * s, in_addr_t * result) { ++ *result = inet_addr(s); ++ ++ if (*result != INADDR_NONE) ++ return 0; ++ ++ return iface_addr(s, result); ++} ++ + #ifdef WITH_PKTDUMP + void + pktdump (const char *prefix, unsigned short id, const char *data, +diff -ru nstx-1.1-beta6.tuntap/nstxd.8 nstx-1.1-beta6/nstxd.8 +--- nstx-1.1-beta6.tuntap/nstxd.8 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:29:59.000000000 +0000 +@@ -22,8 +22,8 @@ + Tun mode (default) + .IP \-T + Tap mode +-.IP \-i ipaddr +-Bind to this IP address rather than every available address ++.IP \-i ipaddr|interface ++Bind to this IP address or interface rather than every available address + .IP \-C dir + Chroot to this directory on startup + .IP \-D +diff -ru nstx-1.1-beta6.tuntap/nstxd.c nstx-1.1-beta6/nstxd.c +--- nstx-1.1-beta6.tuntap/nstxd.c 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:32:45.000000000 +0000 +@@ -61,7 +61,7 @@ + "\t-t (tun mode, default)\n" + "\t-T (tap mode)\n" + #endif +- "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n" ++ "\t-i ip|interface (bind to port 53 on this IP/interface only)\n" + "\t-C dir (chroot() to this directory after initialization)\n" + "\t-D (call daemon(3) to detach from terminal)\n" + "\t-g (enable debug messages)\n" +@@ -80,14 +80,15 @@ + int daemonize = 0; + int logmask = LOG_UPTO(LOG_INFO); + int tun = 1; ++ int r; + + while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) { + switch(ch) { + case 'i': +- bindto = inet_addr(optarg); +- if (bindto == INADDR_NONE) { +- fprintf(stderr, "`%s' is not an IP-address\n", +- optarg); ++ r = addr_convert(optarg, &bindto); ++ if (r < 0) { ++ fprintf(stderr, "couldn't use interface %s: %s\n", optarg, ++ strerror(-r)); + exit(EX_USAGE); + } + break; +diff -ru nstx-1.1-beta6.tuntap/nstxfun.h nstx-1.1-beta6/nstxfun.h +--- nstx-1.1-beta6.tuntap/nstxfun.h 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 23:28:37.000000000 +0000 +@@ -102,4 +102,6 @@ + void pktdump (const char *, unsigned short, const char *, size_t, int); + #endif + ++int addr_convert(const char *, in_addr_t *); ++ + #endif /* _NSTXHDR_H */ diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch new file mode 100644 index 000000000000..251ad583150b --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch @@ -0,0 +1,22 @@ +Only in nstx-1.1-beta6.orig/: nstx_dns.o +Only in nstx-1.1-beta6.orig/: nstx_encode.o +Only in nstx-1.1-beta6.orig/: nstx_pstack.o +diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c +--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 23:56:02.000000000 +0000 ++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-17 00:06:00.000000000 +0000 +@@ -274,7 +274,13 @@ + sendtun(const char *data, size_t len) + { + // printf("Sent len %d, csum %d\n", len, checksum(data, len)); +- write(tfd, data, len); ++ size_t w = write(tfd, data, len); ++ ++ if (w < len) { ++ fprintf(stderr, "packet was descrutively fragmented! (len=%zd, " ++ "wrote=%zd)\n", ++ len, w); ++ } + } + + void +Only in nstx-1.1-beta6.orig/: nstxd.o diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch new file mode 100644 index 000000000000..e943fa106b73 --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch @@ -0,0 +1,18 @@ +diff -ru nstx-1.1-beta6.orig/nstx_util.c nstx-1.1-beta6/nstx_util.c +--- nstx-1.1-beta6.orig/nstx_util.c 2009-03-17 00:08:18.000000000 +0000 ++++ nstx-1.1-beta6/nstx_util.c 2009-03-17 00:08:37.000000000 +0000 +@@ -44,14 +44,6 @@ + return x; + } + +-void dwrite (char *path, char *buf, int len) { +- int fd; +- +- fd = open(path, O_RDWR|O_CREAT|O_TRUNC, 0600); +- write(fd, buf, len); +- close(fd); +-} +- + static int iface_addr(const char * name, in_addr_t * result) { + int r, s; + struct ifreq ifr; diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch new file mode 100644 index 000000000000..35f7d0199b9d --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch @@ -0,0 +1,9 @@ +diff -ru nstx-1.1-beta6.orig/Makefile nstx-1.1-beta6/Makefile +--- nstx-1.1-beta6.orig/Makefile 2009-03-17 03:29:43.000000000 +0000 ++++ nstx-1.1-beta6/Makefile 2009-03-17 03:29:53.000000000 +0000 +@@ -1,4 +1,4 @@ +-CFLAGS += -ggdb -Wall -Werror -Wsign-compare ++CFLAGS += -ggdb -Wall -Wsign-compare + + NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c + NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch new file mode 100644 index 000000000000..47edb029edb9 --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch @@ -0,0 +1,19 @@ +Respects LDFLAGS + +http://bugs.gentoo.org/show_bug.cgi?id=323919 + +--- nstx-1.1-beta6/Makefile ++++ nstx-1.1-beta6/Makefile +@@ -11,10 +11,10 @@ + all: $(PROGS) + + nstxd: $(NSTXD_OBJS) +- $(CC) $(CFLAGS) -o nstxd $(NSTXD_OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxd $(NSTXD_OBJS) + + nstxcd: $(NSTXCD_OBJS) +- $(CC) $(CFLAGS) -o nstxcd $(NSTXCD_OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxcd $(NSTXCD_OBJS) + + clean: + rm -f *.o $(PROGS) Makefile.bak *~ core diff --git a/net-vpn/nstx/files/nstxcd.conf b/net-vpn/nstx/files/nstxcd.conf new file mode 100644 index 000000000000..a04b9d09571e --- /dev/null +++ b/net-vpn/nstx/files/nstxcd.conf @@ -0,0 +1,46 @@ +# /etc/conf.d/nstxcd: config file for /etc/init.d/nstxcd + +# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must +# set up this domain such that its nameserver points to this machine. For +# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for +# example.com should have the following record: +# +# tunnelhere.example.com IN NS this.machine.example.com +#DOMAIN="tunnelhere.example.com" + +# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2) +# mode. You must use the same mode your server is using, or you will send and +# receive only garbage. +MODE="TUN" + +# This will be the virtual TUN/TAP interface created by nstxcd. If unset, +# defaults to tun0 or tap0. Note that no IP configuration will be supplied by +# nstxd -- you must do this yourself using net scripts. +#TUNTAP_INTERFACE=tun53 + +# The DNS server where nstxcd will send queries. This is not necessarily the +# same server as the one where the nstxd server is running. What constitutes a +# good choice here depends on your situation: if you can send DNS queries to an +# arbitrary address on the Internet, you could simply point straight to the +# instance of nstxd, if you know its IP address. If you don't, you might use a +# public DNS server, like one of the ones hosted by Level3 (4.2.2.1-4.2.2.6), +# although it is almost certainly better to set up your nstxd server instance +# with dynamic DNS so you can always find it. +# +# If you are constrained to sending DNS queries to a DHCP-provided server on +# your local LAN, your only choice is to point to that server. This will always +# work, but may yield limited performance relative to directly talking to nstxd +# or talking via a high-performance DNS server. +# +# If you leave DNS_SERVER unset, the init script will select the first +# nameserver from resolv.conf. This is the most fault-tolerant configuration. +#DNS_SERVER="" + +# This option contains a space-separated list of interfaces that should be up +# before we start. It's convenient to put your DHCP-facing address in here, so +# autodetection of DNS_SERVER from resolv.conf will work. +#NEED_INTERFACES="" + +# Other miscellaneous options to pass to nstxcd (man 7 nstxcd for details) +#NSTXCD_OPTS="" + diff --git a/net-vpn/nstx/files/nstxcd.init b/net-vpn/nstx/files/nstxcd.init new file mode 100644 index 000000000000..444358970731 --- /dev/null +++ b/net-vpn/nstx/files/nstxcd.init @@ -0,0 +1,103 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# (Written by Phillip Berndt <phillip.berndt at gmail dot com>) +# (Modified by Steven Brudenell <steven dot brudenell at gmail>) + +depend() { + local iface + + for iface in ${NEED_INTERFACES} ; do + need net.${iface} + done + + # If the user set TUNTAP_INTERFACE, they probably have a net script + # configuring that interface. nstxcd is responsible for actually creating + # the stupid thing, so we need to run before the config. + if [ ! -z ${TUNTAP_INTERFACE} ] ; then + if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then + before net.${TUNTAP_INTERFACE} + fi + fi +} + +loadtun() { + if [ ! -e /dev/net/tun ] + then + ebegin "Loading TUN/TAP kernel module" + modprobe -q tun + eend $? + fi + + if [ ! -e /dev/net/tun ] + then + eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)" + return 1 + fi + + return 0 +} + +checkconfig() { + if [ -z "${DOMAIN}" ] ; then + eerror "DOMAIN must be set" + return 1 + fi + + [ -z "${TUNTAP_INTERFACE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -I ${TUNTAP_INTERFACE}" + [ -z "${TUNTAP_DEVICE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -d ${TUNTAP_DEVICE}" + + case "${MODE}" in + TUN) + NSTXCD_OPTS="${NSTXCD_OPTS} -t" + ;; + TAP) + NSTXCD_OPTS="${NSTXCD_OPTS} -T" + ;; + *) + eerror "MODE must be either TUN or TAP" + return 1 + ;; + esac + + if [ -z "${DNS_SERVER}" ] ; then + DNS_SERVER=`awk '/^nameserver/{ print $2; exit; }' /etc/resolv.conf` + + if [ -z "${DNS_SERVER}" ] ; then + eerror "DNS_SERVER not set, and couldn't determine a nameserver from /etc/resolv.conf" + return 1 + fi + export DNS_SERVER + fi + + return 0 +} + +start() { + checkconfig || return 1 + + loadtun || return 1 + + ebegin "Starting nstxcd" + + start-stop-daemon \ + --start \ + --background \ + --make-pidfile \ + --exec /usr/sbin/nstxcd \ + --pidfile "/var/run/nstxcd.pid" \ + -- ${NSTXCD_OPTS} ${DOMAIN} ${DNS_SERVER} + + eend $? +} + +stop() { + ebegin "Stopping nstxcd" + + start-stop-daemon \ + --stop \ + --exec /usr/sbin/nstxcd \ + --pidfile "/var/run/nstxcd.pid" + + eend $? +} diff --git a/net-vpn/nstx/files/nstxd.conf b/net-vpn/nstx/files/nstxd.conf new file mode 100644 index 000000000000..4d3365a7142d --- /dev/null +++ b/net-vpn/nstx/files/nstxd.conf @@ -0,0 +1,35 @@ +# /etc/conf.d/nstxd: config file for /etc/init.d/nstxd + +# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must +# set up this domain such that its nameserver points to this machine. For +# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for +# example.com should have the following record: +# +# tunnelhere.example.com IN NS this.machine.example.com +#DOMAIN="tunnelhere.example.com" + +# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2) +# mode. Your clients must run in the same mode, or you will send and receive +# only garbage. +MODE="TUN" + +# This will be the virtual TUN/TAP interface created by nstxd. If unset, +# defaults to tun0 or tap0. Note that no IP configuration will be supplied by +# nstxd -- you must do this yourself using net scripts. +#TUNTAP_INTERFACE=tun53 + +# Interface to bind to, instead of binding to all available interfaces. You can +# supply either an interface name or IP address here. Useful if you run an +# internal DNS server but want to run NSTX on your external interface. Note that +# nstxd always binds to port 53. +#BIND_INTERFACE=eth1 +#BIND_INTERFACE=1.2.3.4 + +# Chroot to this directory after startup +#CHROOT=/dev/null + +# Drop privileges to this user after startup +#NSTXD_USER=nstxd + +# Other miscellaneous options to pass to nstxd (man 7 nstxd for details) +#NSTXD_OPTS="" diff --git a/net-vpn/nstx/files/nstxd.init b/net-vpn/nstx/files/nstxd.init new file mode 100644 index 000000000000..2bf2a4133251 --- /dev/null +++ b/net-vpn/nstx/files/nstxd.init @@ -0,0 +1,94 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# (Written by Phillip Berndt <phillip.berndt at gmail dot com>) +# (Modified by Steven Brudenell <steven dot brudenell at gmail>) + +depend() { + if [ ! -z "${BIND_INTERFACE}" ] ; then + if [ -x /etc/init.d/net.${BIND_INTERFACE} ] ; then + need net.${BIND_INTERFACE} + fi + fi + + # If the user set TUNTAP_INTERFACE, they probably have a net script + # configuring that interface. nstxcd is responsible for actually creating + # the stupid thing, so we need to run before the config. + if [ ! -z "${TUNTAP_INTERFACE}" ] ; then + if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then + before net.${TUNTAP_INTERFACE} + fi + fi +} + +loadtun() { + if [ ! -e /dev/net/tun ] + then + ebegin "Loading TUN/TAP kernel module" + modprobe -q tun + eend $? + fi + + if [ ! -e /dev/net/tun ] + then + eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)" + return 1 + fi + + return 0 +} + +checkconfig() { + if [ -z "${DOMAIN}" ] ; then + eerror "DOMAIN must be set" + return 1 + fi + + [ -z "${TUNTAP_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -I ${TUNTAP_INTERFACE}" + [ -z "${TUNTAP_DEVICE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -d ${TUNTAP_DEVICE}" + [ -z "${BIND_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -i ${BIND_INTERFACE}" + [ -z "${CHROOT}" ] || NSTXD_OPTS="${NSTXD_OPTS} -C ${CHROOT}" + [ -z "${NSTXD_USER}" ] || NSTXD_OPTS="${NSTXD_OPTS} -u ${NSTXD_USER}" + + case "${MODE}" in + TUN) + NSTXD_OPTS="${NSTXD_OPTS} -t" + ;; + TAP) + NSTXD_OPTS="${NSTXD_OPTS} -T" + ;; + *) + eerror "MODE must be either TUN or TAP" + return 1 + ;; + esac +} + +start() { + checkconfig || return 1 + + loadtun || return 1 + + ebegin "Starting nstxd" + + start-stop-daemon \ + --start \ + --background \ + --make-pidfile \ + --exec /usr/sbin/nstxd \ + --pidfile "/var/run/nstxd.pid" \ + -- ${NSTXD_OPTS} ${DOMAIN} + + eend $? +} + +stop() { + ebegin "Stopping nstxd" + + start-stop-daemon \ + --stop \ + --exec /usr/sbin/nstxd \ + --pidfile "/var/run/nstxd.pid" + + eend $? +} diff --git a/net-vpn/nstx/metadata.xml b/net-vpn/nstx/metadata.xml new file mode 100644 index 000000000000..79d462e85571 --- /dev/null +++ b/net-vpn/nstx/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>robbat2@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-vpn/nstx/nstx-1.1_beta6-r3.ebuild b/net-vpn/nstx/nstx-1.1_beta6-r3.ebuild new file mode 100644 index 000000000000..05ca76aca0d5 --- /dev/null +++ b/net-vpn/nstx/nstx-1.1_beta6-r3.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit versionator toolchain-funcs eutils linux-info + +MY_PV=$(replace_version_separator 2 - "${PV}") +MY_P="${PN}-${MY_PV}" +DEBIAN_PV="5" +DEBIAN_A="${PN}_${MY_PV}-${DEBIAN_PV}.diff.gz" + +DESCRIPTION="IP over DNS tunnel" +SRC_URI="http://dereference.de/nstx/${MY_P}.tgz + mirror://debian/pool/main/${PN:0:1}/${PN}/${DEBIAN_A}" +HOMEPAGE="http://dereference.de/nstx/" +DEPEND="virtual/os-headers" +KEYWORDS="amd64 x86" +IUSE="" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/${MY_P}" + +CONFIG_CHECK="~TUN" + +src_unpack() { + unpack "${MY_P}.tgz" + epatch "${DISTDIR}"/${DEBIAN_A} \ + "${FILESDIR}"/${PN}-1.1_beta6_00-linux-tuntap.patch \ + "${FILESDIR}"/${PN}-1.1_beta6_01-bind-interface-name.patch \ + "${FILESDIR}"/${PN}-1.1_beta6_02-warn-on-frag.patch \ + "${FILESDIR}"/${PN}-1.1_beta6_03-delete-dwrite.patch \ + "${FILESDIR}"/${PN}-1.1_beta6_04-delete-werror.patch \ + "${FILESDIR}"/${PN}-1.1_beta6_05-respect-ldflags.patch +} + +src_compile() { + emake CC="$(tc-getCC)" || die +} + +src_install() { + into /usr + dosbin nstxcd nstxd || die + dodoc README Changelog || die + doman *.8 || die + + newinitd "${FILESDIR}"/nstxd.init nstxd + newconfd "${FILESDIR}"/nstxd.conf nstxd + newinitd "${FILESDIR}"/nstxcd.init nstxcd + newconfd "${FILESDIR}"/nstxcd.conf nstxcd +} + +pkg_postinst() { + einfo "Please read the documentation provided in" + einfo " `find /usr/share/doc/${PF}/ -name 'README*'`" +} diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest new file mode 100644 index 000000000000..0a4160aa493a --- /dev/null +++ b/net-vpn/openconnect/Manifest @@ -0,0 +1,21 @@ +AUX openconnect-7.07-libressl.patch 2687 SHA256 3e4b5b857636e5108e128266f74f8c25fc741e32863bab152c237cc5d3f7a848 SHA512 e9e408eccb146004b308f6702750eab7ca764000f67db8c06f58394281f09e24ddb644699ce68c12463025e88c42e3cee81ed5285f0c23ba45bab17d5701f6e9 WHIRLPOOL a0f9c3fd1ebfabe357ca3d879c8e0be11c229f440e9a5f9a526243902b6ce1ae1f4310715d662d623435a50e50edee12b82f1aef97bf9d6174c4057604e954df +AUX openconnect-7.07-mimic-pulse-client.patch 1280 SHA256 e73300582da1ec15fba1436948d560d6fd09951c295e1635f187000319a466a8 SHA512 87d40d896197532a9c6369cec17fbcbc37a8d9d4a8f6a550e0269071d88db7dd457860746ec383c83de42b39af0f3c0657fdaae5ab6e392bd910437597785f01 WHIRLPOOL a2fd6bd02f0c48b8533795547fded6793af9e0daf6fd5e8afb1be0f0037e2fa28209a51cc015b220c87493c8af467073f6e4eae0fc7b2044345f0dda55243864 +AUX openconnect.conf.in 941 SHA256 d0fbfb0c93591415d93096310caff8550de06faf94c72dd52d9a8654a3c451aa SHA512 a689df7141621c80bca77fdd1e01397b98882c7fd8db79b2fe1495916656522234e3af739538002533c003e4243e9af4bf80cd73bae961e15568997ce89ef6d5 WHIRLPOOL 36caee584cad889a9f746046c9d41de755a27260e46b8886149343224452b07240bad770b0040ad7998043eefed847873cd580645bda83280901d069692384bd +AUX openconnect.init.in 2747 SHA256 205c2e8e66fec9f2e85e8b7912940a760795a12c319a8840fa88106bc169fb14 SHA512 5f0c4c195e6e0e8770a3b6a6f8890962984cff9487f037cf1ca9cc565cfca0cabf0509060a08f1cabcdb1d34356f33dd843b852298d7531312568b2617cc05bc WHIRLPOOL b74df1ef1cbe9406ec0fa561b0674ca9cc87767f9896ad5d271bb0ba42fd1763f06b8279133ceb6776e5f05be71edbe93b7ba0eb3d85144dca6aa9731f460315 +AUX openconnect.init.in-r4 1775 SHA256 1dd5fa8b6fe0c8f2ff7c684ff937fb2ef557880fd513514835c6f521879b6f73 SHA512 7b832550ef21ddb4b1c0eae7f3838b925745a5ebbdb74f1583fb8710b75175ebcbc7b1558ce95f59cd78542bec8bc01f7ab6d32ec4a5b168bb8a516a8907d362 WHIRLPOOL ce05c3894facc5ae523b7c67fdb8c39c2c4648d3f193615ed1cc8f59b88aa8a9ff365fa1fe888f2ae651afb0d55837cad0fa183f516654db0cbdba4cd3e7029a +AUX openconnect.logrotate 116 SHA256 19cca62003efb050832c05cbca5a5e9057b18cf28d1c3a445c2c6fe1cf7022a2 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077 WHIRLPOOL 7116069442a23d369913d455d7131b2d1b3884d378da6d6aa1da357bd2fb7057f9d84fd253da608be35252573052fb02c9cddab1a88516611c5e010324194064 +DIST openconnect-7.06.tar.gz 1343870 SHA256 facf695368dc4537a6a30e2147be90b1d77ee3cb2d269eaef070b6d9ddab70f2 SHA512 d1af9efe4ac1f6671dc6b92db0df981e8cae3f2f50b8b4c35a112b42a76517b7c8ea9fd5da93352445dd61da3012bf34fdbcc3add9d8727cbaad7d311e516108 WHIRLPOOL b1b98bf8d900714eb7c7ab82bbd4371050f307b7872bd70b4b9c31f72bb15670842f41c381cbe31aad7e5e98bccbe0663e49b988d5c321c706719b8fa19a2654 +DIST openconnect-7.06_p20160614.tar.gz 2332148 SHA256 dcba2a087d66e0cf27c087c74ee64ae6b747b2191dfbf5fa2729ec2b156aee4a SHA512 7832251180e9c738c84ee89d0ad35144318f90cc9ede48e0cdb73747e64b2a3fbf4ad8175d0d755cb5629fbfc37c76a131a1b54a03c4249727102b572cbdfd66 WHIRLPOOL 2f25ef9a09c1efb88f5439a8f55b05d68adf868d108c7378e7a4d2889e092838b245ac2660ffc6234846a34a320971fce99ce1f0519be1426a8b2c3be371fbf4 +DIST openconnect-7.07.tar.gz 1557283 SHA256 f3ecfcd487dcd916748db38b4138c1e72c86347d6328b11dfe1d0af2821b8366 SHA512 fcce82419a058f5210f8b6167a10e52eb572c93cda3ec941bf11e5bfcf8395ce2f816cba4f5f9a02920eb023fe7dfbd8192d5664ce5bab29bf88506b67ec34e3 WHIRLPOOL 188d5117c1b669e1ab6c11d4d66431e3c59e50b21b39db5e6e9df3d3e3f1905c75be46e101e10483f4de2547a40e894b474eef35e001744bfdeb4a7f4c128dd1 +DIST openconnect-7.08.tar.gz 1686133 SHA256 1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03 SHA512 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 WHIRLPOOL 0f3e9f2435be11915de1e73075454f6be45dc4752df7d27b69a186dc7d8c9a6ce49d0a55510b3e836b26bced78eaa792f78ce9be5c51cff4212cd5c799e3ad70 +DIST vpnc-scripts-20140806.tar.gz 20070 SHA256 1f61a6c5ec8a2dab7d5f12c9b438d931e41c6c1c258801ee978d5ed460f4d35f SHA512 bfa230d6eb2db0696a23228cef6e742dcf5e609c25de725c23e2c7bee96d00045ea656d6c7025cdf7785f70baeb8a8d79af6aec93d7285bcb3c029dc744e5380 WHIRLPOOL 78d0c5e23f408167904639a7804859a1d6b89668feab6834a589a3d9f7abf4f9d1da984553a8871b6a16af39a03e5a6f3f6506dd77f7f960c7fcdd56f0683e27 +DIST vpnc-scripts-20160829.tar.gz 20297 SHA256 b737cbfbd2a0c9339ad108f8f2f02269981f0236ff350ce675b0391a08f861bc SHA512 0edd0e5184ac4a705f213a87fa8afa2e2cd54c9bd1aa01955a3a5107c42da8eae7b639896daceecc556a63b0663ee47e25fc21e77f0f74774330d546584fd2c1 WHIRLPOOL 0afe6e9ec1fb952bdad319d65f2353e7a8812e3301bc94ad3c472081ec9673506c9a52d8c4bd4f1035cfacca9f30494b9822034a6d468ce4357277ede2330d1e +EBUILD openconnect-7.06-r1.ebuild 3540 SHA256 3c1c9d4feae8d19ec00fbb11a276d30474e90f097a654099ac87290baf221f9d SHA512 024642e5867bc0edbff5271fad698f0b3435f8645824ae3407237f79e158ef639ac540e3705cbef4b6a48e10dff970d7205ae62a3460e0a00b66cbe8c26899a1 WHIRLPOOL 48684e1c67848ed4fe0fa3b5c5740264dfd40d58ebd0a8e815ccd83ceaff18e15086d1772321f2ce8347a34377e1e6586239505964d52450d5337b36dd39f12e +EBUILD openconnect-7.06-r4.ebuild 3653 SHA256 da0da6f9075500aedae0b2bae89072d9dff8493e6a23d6b056ebb383e35f0359 SHA512 5764125f8df3f39128da03a9301e6b53901c18ce75aa93b9340e396acc6ec19e5c9032f95ff40c4c9ca5d3cb2b21204d8ff57e6266890e2eee8f7f20b28e9908 WHIRLPOOL aa7e4343d0af83728c84aaf34b77449358bc84b383b444ec34c627c8a6e96c990474b69209bba076d205f9b3078674c9f3033c4f5f9052ebe3aeaa0fb5331a5f +EBUILD openconnect-7.06_p20160614.ebuild 3735 SHA256 4aac09b47cebab1b22988b5a074a4965dd71a7e5593673f448e125adb8e8abce SHA512 0102c424e2acf55e886071fa3fa7b0102634e18177ffed6ab2be065c9749b3d10647ce775e877e6df6a14555817645ed2bb766bbe8b2c856fbaa68ddf875a31e WHIRLPOOL 92b1599a59404eebc71620cfb50de57b85bc0e721fab15852e1b6d28ba79630a109ba626d322e2fc6503fa6a0d833cb5cf9002d41fcb99a807541ad30c10faf6 +EBUILD openconnect-7.07-r1.ebuild 3746 SHA256 831d30f477b81a668043829aaa65bf9428cf1ef9c5f4bddf9479c089ec332ce9 SHA512 e1caea75bad3efb24f2461742b0203ceb34d931541133d922586fc5a40cb280868d1676cedcb9cea0c0487fee835340f8146afccc334146380b377a9c427afce WHIRLPOOL ed6016740839ecd757300579c08807cc3bf8d0316b6fa2aaab3fb8f8e01da00645e2f5952f1ffbff9f91dbd3fcb4f9da4346d7d20e1373224916bc767a832672 +EBUILD openconnect-7.07-r2.ebuild 3850 SHA256 e7ab989c4411497f5a7982cf0824c71d9757a86261b307472d7dc3a17acbb693 SHA512 e2a6699904d0da2251cad7b99f8490f606bc816e3d9ae762eaa8f4e5af6143cf9784d5a1bfa717f5cf323901b6be031c7d5ad76577e07c77ce186dd265e93628 WHIRLPOOL c7b8f388a878e3d4df36220a94fe40c2d9ac41f6dee4db1f2b7a6cc6695eac0715402fe90a2b17abfd6677f0a8836560a110ed9f2a6a958de883986c661e2b25 +EBUILD openconnect-7.07-r3.ebuild 3969 SHA256 2223e221558b7895d29b94025981949da7156f3bdf8358bbbbe963d25c41687d SHA512 09e12f6b2037e2cd7110fd81fdfe8b517d82712ac27e5c9079c73c3b107a8fb9c06c5a368bdabe496b3ed501acbc6d752197d033308a69471acd747e2949e19b WHIRLPOOL f0ef276c3427022a8e4cddcdfee13fe83bdfcfc9544e6ef5f07db25050d89c876b175a51a5b775b9fe0cc9bc14f59e007361654cf2f00d756dbd9573ea5a05d2 +EBUILD openconnect-7.08.ebuild 3724 SHA256 e66f84cb6ad41a91c6336828ad513a24d87edbdb0aacb1404d172580189e748c SHA512 64bac40b9d4caf55cb2a37a26ff292e8120c95d254beff1df9e85371eb2d97e90d1e7a00de30110431fa86f2f22130db43e1b5f02c367f083023a5e49b53665f WHIRLPOOL fce3fb9b684daa26bba4b0175bcb42ac7589af402b63206b5cc87fbd4fc9bfde5fbbaa5834bdb7b15bdac58db8aeab41e03a72cd65cbd72491599e213daa02b2 +EBUILD openconnect-9999.ebuild 3728 SHA256 0de10d94854abdf96679e6c53d33a9e966fbea1bd70a1ec6e3cbcb39c92edb17 SHA512 0a80340fd8dd2e01c132baccc9288a0f1ba85ceb522ab060b0a611deea9199b4a000d32563ab3d5efd0e8546e0e6f9b17c1455f2835d28c04f3d55919636eacc WHIRLPOOL f9f72d4324cd2aa8d57ea07e0f2a5362204d7f94d4648d3975a603aad63bb0714fa8e9569374ced9e80aac033df8a30c9e6a8aa8f2936a139d8fdb4a4a400318 +MISC metadata.xml 642 SHA256 1c9ae4e71b2ec87522efd2c1f7cf3c78a4e172a173f741df32813f191ff44f03 SHA512 3a6b08e9258161af07ff47a0c52fe294185a2dd41bb7786500bfc35d56a1c1e366d013979a3bba6a80d8350e5765cb06876e9f4270c1e504445224a308de185f WHIRLPOOL 3d3b9acfd4b76f1db77bf71c7071eb781257da588411a5fb8cd6acf3f8bc779a6699cbab3fe39e54e4e03874e65370d09fbee2182bde86ac4e10aaacf86d4099 diff --git a/net-vpn/openconnect/files/openconnect-7.07-libressl.patch b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch new file mode 100644 index 000000000000..4f9d34bceee1 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch @@ -0,0 +1,77 @@ +From d4a8afc2e8693628f2de554e717458e08bcc2fcf Mon Sep 17 00:00:00 2001 +From: Aric Belsito <lluixhi@gmail.com> +Date: Thu, 3 Nov 2016 11:37:23 -0700 +Subject: [PATCH] Fix LibreSSL Build. + +From Voidlinux: + +From d51ab5615e11af4a2c160b2b8240e5d9f3c15422 Mon Sep 17 00:00:00 2001 +From: Duncaen <duncaen@voidlinux.eu> +Date: Wed, 13 Jul 2016 15:21:16 +0200 +Subject: [PATCH] openconnect: update to 7.07. +--- + openssl-esp.c | 4 ++-- + openssl.c | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/openssl-esp.c b/openssl-esp.c +index 2c1aa49..bd4dce3 100644 +--- a/openssl-esp.c ++++ b/openssl-esp.c +@@ -27,7 +27,7 @@ + #include <openssl/evp.h> + #include <openssl/rand.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + #define EVP_CIPHER_CTX_free(c) do { \ + EVP_CIPHER_CTX_cleanup(c); \ +@@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp, + } + EVP_CIPHER_CTX_set_padding(esp->cipher, 0); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + esp->hmac = malloc(sizeof(*esp->hmac)); + esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac)); + if (!esp->hmac || &esp->pkt_hmac) { +diff --git a/openssl.c b/openssl.c +index 785fd2a..6007cef 100644 +--- a/openssl.c ++++ b/openssl.c +@@ -36,11 +36,11 @@ + #include <openssl/ui.h> + #include <openssl/rsa.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain) +@@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo) + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + static int match_hostname_elem(const char *hostname, int helem_len, + const char *match, int melem_len) + { +@@ -1653,7 +1653,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2 + * cd6bd5ffda616822b52104fee0c4c7d623fd4f53 + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10001070 ++#if OPENSSL_VERSION_NUMBER >= 0x10001070 || defined(LIBRESSL_VERSION_NUMBER) + if (string_is_hostname(vpninfo->hostname)) + SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname); + #endif +-- +2.10.2 + diff --git a/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch new file mode 100644 index 000000000000..5cfeca6ec52d --- /dev/null +++ b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch @@ -0,0 +1,38 @@ +From 4ce9c9241f5707917e87e93a055f757cea5fb84d Mon Sep 17 00:00:00 2001 +From: Jon DeVree <nuxi@vault24.org> +Date: Mon, 19 Sep 2016 21:00:18 -0400 +Subject: [PATCH] Add Content-Length header to mimic official pulse client + +The official pulse client sends in a fixed "Content-Length: 256" header +with these two HTTP requests. Some versions of the VPN server will +reject requests with an HTTP 400 error if they do not have this header. + +Signed-off-by: Jon DeVree <nuxi@vault24.org> +Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> +--- + oncp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/oncp.c b/oncp.c +index cc9a223..2bf1571 100644 +--- a/oncp.c ++++ b/oncp.c +@@ -562,6 +562,7 @@ int oncp_connect(struct openconnect_info *vpninfo) + + buf_append(reqbuf, "POST /dana/js?prot=1&svc=1 HTTP/1.1\r\n"); + oncp_common_headers(vpninfo, reqbuf); ++ buf_append(reqbuf, "Content-Length: 256\r\n"); + buf_append(reqbuf, "\r\n"); + + if (buf_error(reqbuf)) { +@@ -606,6 +607,7 @@ int oncp_connect(struct openconnect_info *vpninfo) + buf_truncate(reqbuf); + buf_append(reqbuf, "POST /dana/js?prot=1&svc=4 HTTP/1.1\r\n"); + oncp_common_headers(vpninfo, reqbuf); ++ buf_append(reqbuf, "Content-Length: 256\r\n"); + buf_append(reqbuf, "\r\n"); + + if (buf_error(reqbuf)) { +-- +2.7.3 + diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in new file mode 100644 index 000000000000..53b14e61378e --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.conf.in @@ -0,0 +1,26 @@ +# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel: +# +# server_vpnname +# password_vpnname +# vpnopts_vpnname +# +# The tunnel will need to be started with a symbolic link to openconnect: +# +# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname +# +# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you +# need to create executable scripts in a directory with the same name as +# the vpn tunnel (vpn0 can be replaced with the vpn name): +# +# mkdir /etc/openconnect/vpn0 +# cd /etc/openconnect/vpn0" +# echo '#!/bin/sh' > preup.sh" +# cp preup.sh predown.sh" +# cp preup.sh postup.sh" +# cp preup.sh postdown.sh" +# chmod 755 /etc/openconnect/vpn0/*" + +server_vpn0="vpn.server.tld" +password_vpn0="YOUR_PASSWORD" +# Any OPENCONNECT options my go here (see openconnect --help) +vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh" diff --git a/net-vpn/openconnect/files/openconnect.init.in b/net-vpn/openconnect/files/openconnect.init.in new file mode 100644 index 000000000000..c4497956d8a3 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.init.in @@ -0,0 +1,122 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" +VPNPID="/run/openconnect/${VPN}.pid" +VPNDIR="/etc/openconnect/${VPN}" +PREUPSCRIPT="${VPNDIR}/preup.sh" +PREDOWNSCRIPT="${VPNDIR}/predown.sh" +POSTUPSCRIPT="${VPNDIR}/postup.sh" +POSTDOWNSCRIPT="${VPNDIR}/postdown.sh" +SERVER="server_${VPN}" +PASSWORD="password_${VPN}" +VPNOPTS="vpnopts_${VPN}" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + echo + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + echo + eerror "And then call it instead:" + echo + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi +} + +checktuntap() { + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + fi +} + +start() { + ebegin "Starting OpenConnect: ${VPN}" + + checkconfig || return 1 + + checktuntap || return 1 + + if [ "${!SERVER}" == "vpn.server.tld" ]; then + eend 1 "${VPN} not configured" + return 1 + fi + + if [ ! -e "${VPNLOG}" ]; then + mkdir -p "${VPNLOG}" + fi + + local piddir="${VPNPID%/*}" + if [ ! -d "$piddir" ] ; then + mkdir -p "$piddir" + if [ $? -ne 0 ]; then + eerror "Directory $piddir for pidfile does not exist and cannot be created" + return 1 + fi + fi + + if [ -x "${PREUPSCRIPT}" ] ; then + "${PREUPSCRIPT}" + fi + + start-stop-daemon --start --make-pidfile --pidfile "${VPNPID}" --stderr "${VPNERRFILE}" --stdout "${VPNLOGFILE}" --background \ + --exec /usr/sbin/openconnect \ + -- --pid-file="${VPNPID}" ${!VPNOPTS} ${!SERVER} <<< ${!PASSWORD} + + local retval=$? + + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + if [ -x "${POSTUPSCRIPT}" ] ; then + "${POSTUPSCRIPT}" + fi + + eend $? +} + +stop() { + ebegin "Stopping OpenConnect: ${VPN}" + + checkconfig || return 1 + + if [ -x "${PREDOWNSCRIPT}" ] ; then + "${PREDOWNSCRIPT}" + fi + + start-stop-daemon --pidfile "${VPNPID}" --stop /usr/sbin/openconnect + local retval=$? + + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + + if [ -x "${POSTDOWNSCRIPT}" ] ; then + "${POSTDOWNSCRIPT}" + fi + eend $? +} diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4 new file mode 100644 index 000000000000..040edc76f637 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.init.in-r4 @@ -0,0 +1,88 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNDIR="/etc/openconnect/${VPN}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" + +command="/usr/sbin/openconnect" +name="OpenConnect: ${VPN}" +pidfile="/run/openconnect/${VPN}.pid" +stopsig="SIGINT" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + eerror + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + eerror + eerror "And then call it instead:" + eerror + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi +} + +checktuntap() { + if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi +} + +run_hook() { + if [ -x "$1" ]; then + "$@" + fi +} + +start_pre() { + checkconfig || return + checktuntap || return + checkpath -d "${VPNLOG}" || return + checkpath -d /run/openconnect || return + run_hook "${VPNDIR}/preup.sh" +} + +start() { + local server vpnopts password + eval server=\$server_${VPN} + eval vpnopts=\$vpnopts_${VPN} + eval password=\$password_${VPN} + + ebegin "Starting ${name}" + start-stop-daemon --start --exec "${command}" -- \ + --background \ + --interface="${VPN}" \ + --pid-file="${pidfile}" \ + ${vpnopts} \ + "${server}" \ + >> "${VPNLOGFILE}" \ + 2>> "${VPNERRFILE}" \ + <<EOF +${password} +EOF + eend $? +} + +start_post() { + run_hook "${VPNDIR}/postup.sh" +} + +stop_pre() { + checkconfig || return + run_hook "${VPNDIR}/predown.sh" +} + +stop_post() { + run_hook "${VPNDIR}/postdown.sh" +} diff --git a/net-vpn/openconnect/files/openconnect.logrotate b/net-vpn/openconnect/files/openconnect.logrotate new file mode 100644 index 000000000000..0455e6845b28 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.logrotate @@ -0,0 +1,8 @@ +# openconnect logrotate snipet for Gentoo Linux +# +/var/log/openconnect/*/* { + missingok + size 5M + notifempty +} + diff --git a/net-vpn/openconnect/metadata.xml b/net-vpn/openconnect/metadata.xml new file mode 100644 index 000000000000..aa05046a5fd4 --- /dev/null +++ b/net-vpn/openconnect/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>floppym@gentoo.org</email> + <name>Mike Gilbert</name> + </maintainer> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <name>William Hubbs</name> + </maintainer> + <use> + <flag name="gssapi">Build GSSAPI support</flag> + <flag name="java">Build JNI bindings using jni.h</flag> + <flag name="libproxy">Enable proxy support</flag> + <flag name="lz4">Enable support for lz4 compression</flag> + <flag name="stoken">Enable stoken support</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/openconnect/openconnect-7.06-r1.ebuild b/net-vpn/openconnect/openconnect-7.06-r1.ebuild new file mode 100644 index 000000000000..05a2ee85629a --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06-r1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" +VPNC_VER=20140806 +SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +KEYWORDS="amd64 arm ~arm64 ppc64 x86" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs" +ILINGUAS="ar cs de el en_GB en_US es eu fi fr gl id lt nl pa pl pt pt_BR sk sl tg ug uk zh_CN zh_TW" +for lang in $ILINGUAS; do + IUSE="${IUSE} linguas_${lang}" +done + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup + + if use doc; then + python-any-r1_pkg_setup + fi +} + +src_configure() { + strip-linguas $ILINGUAS + echo ${LINGUAS} > po/LINGUAS + if ! use doc; then + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # stoken and liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + --without-stoken \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.06-r4.ebuild b/net-vpn/openconnect/openconnect-7.06-r4.ebuild new file mode 100644 index 000000000000..8e558096c0e6 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06-r4.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" +VPNC_VER=20140806 +SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="doc +gnutls gssapi java libproxy libressl nls smartcard static-libs stoken" +ILINGUAS="ar cs de el en_GB en_US es eu fi fr gl id lt nl pa pl pt pt_BR sk sl tg ug uk zh_CN zh_TW" +for lang in $ILINGUAS; do + IUSE="${IUSE} linguas_${lang}" +done + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup + + if use doc; then + python-any-r1_pkg_setup + fi +} + +src_configure() { + strip-linguas $ILINGUAS + echo ${LINGUAS} > po/LINGUAS + if ! use doc; then + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild b/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild new file mode 100644 index 000000000000..8702eba983c5 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + inherit autotools + ARCHIVE_URI="https://dev.gentoo.org/~williamh/dist/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20140806 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r1.ebuild b/net-vpn/openconnect/openconnect-7.07-r1.ebuild new file mode 100644 index 000000000000..fac6e34d7ead --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r1.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r2.ebuild b/net-vpn/openconnect/openconnect-7.07-r2.ebuild new file mode 100644 index 000000000000..5c8982b1bca5 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r2.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 arm ~arm64 ppc64 x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy lz4 nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}"/${P}-mimic-pulse-client.patch +) + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with lz4) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r3.ebuild b/net-vpn/openconnect/openconnect-7.07-r3.ebuild new file mode 100644 index 000000000000..f0b04fd6c339 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r3.ebuild @@ -0,0 +1,167 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}"/${P}-mimic-pulse-client.patch + "${FILESDIR}"/${P}-libressl.patch +) + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with lz4) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.08.ebuild b/net-vpn/openconnect/openconnect-7.08.ebuild new file mode 100644 index 000000000000..e233f30d0203 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.08.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 arm ~arm64 ppc64 x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + export PYTHON=/bin/false + fi + + local myconf=( + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-openssl-version-check + $(use_enable static-libs static) + $(use_enable nls) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + $(use_with java) + ) + + econf "${myconf[@]}" +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + default + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + prune_libtool_files + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild new file mode 100644 index 000000000000..bb489f015356 --- /dev/null +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + export PYTHON=/bin/false + fi + + local myconf=( + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-openssl-version-check + $(use_enable static-libs static) + $(use_enable nls) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + $(use_with java) + ) + + econf "${myconf[@]}" +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + default + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + prune_libtool_files + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest new file mode 100644 index 000000000000..f3b6bd2b593c --- /dev/null +++ b/net-vpn/openfortivpn/Manifest @@ -0,0 +1,3 @@ +DIST openfortivpn-1.3.0.tar.gz 48414 SHA256 a7dee87a9ef56c5d5a5d7288ae047f51f29472b2156e7d59bf9301aad6ac44ce SHA512 cedcb5677c03981cb255475113ebd06392edcbf4a57538515ff616db22334f4bef2e379d11eaa5a02f5d6a380ddf4b13bb6718269d01dea91a1ba25833dee107 WHIRLPOOL 164a44416db29acc2ebd9208a08ff9cb9578404739f1e6c5630eeede344a2dd15ae630437a417e382358b8dc44e6c73c431e94ae56f1ec844f96ca43a42965e7 +EBUILD openfortivpn-1.3.0.ebuild 767 SHA256 fdc75ceb6f8a707f5a26ff6f3d2a23e2d620331833967fc878940f80291fc4e6 SHA512 b32b571035164d8f55f2e4c089db69f7f6237e9cec0c8f30e993941fba55db7810adc60e77d0c1eef837f7bfa2358e5cdf2eb4ea2fde9ba7b9e0ce289125aaa1 WHIRLPOOL 7e9a696f5f200c126cc4aa92428b11cb4918ce416645b886503ba30596829823f79982cc39bf93ade823825f765b8809e6a0f3568d50f2bd3f88dbd9aac8a955 +MISC metadata.xml 473 SHA256 d93b18450c7efa8600d83d274d2b851faca44785f7cb83132aae2d668edfce9c SHA512 d2807f01f5e74e765e1ee6fc23b917c78987f7f73672cfa019ab4e96c387105a5e8f90a53b1ffbf079f832a7bbaf74a9938cb2f9bb2fcc7a7deb76cf99b9469f WHIRLPOOL d86f340896eead83f149cf4810a3ace41b89775fb8bf4be44ff09bfca1622f49dc75739f08206fa5e137bcc8900629cdacf7d664d6c364a21d6056b910b9fb43 diff --git a/net-vpn/openfortivpn/metadata.xml b/net-vpn/openfortivpn/metadata.xml new file mode 100644 index 000000000000..f70327221315 --- /dev/null +++ b/net-vpn/openfortivpn/metadata.xml @@ -0,0 +1,15 @@ +<?xml version='1.0' encoding='UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>mathy@vanvoorden.be</email> + <name>Mathy Vanvoorden</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <upstream> + <remote-id type="github">adrienverge/openfortivpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild b/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild new file mode 100644 index 000000000000..0027219ec510 --- /dev/null +++ b/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools linux-info + +DESCRIPTION="A Fortinet compatible VPN client" +HOMEPAGE="https://github.com/adrienverge/openfortivpn" +SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3-with-openssl-exception openssl" +SLOT="0" +KEYWORDS="~amd64" +IUSE="libressl" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + net-dialup/ppp +" +RDEPEND="${DEPEND}" + +CONFIG_CHECK="~PPP ~PPP_ASYNC" + +src_prepare() { + default + + sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am" + + eautoreconf +} + +src_install() { + default + + keepdir /etc/openfortivpn +} diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest new file mode 100644 index 000000000000..8a6afbca8a5d --- /dev/null +++ b/net-vpn/openvpn/Manifest @@ -0,0 +1,13 @@ +AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e +AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5 +AUX openvpn-2.1.init 4187 SHA256 89f69bcd627868830c421bc6270f08a1c3edf1a1e5fbdedf33c7a7d530bdfccf SHA512 2d97a41b3998c196c440dcaf43ad8992eae27c5356c94b24f4cc4b20169350f3d6c8d65bb9c2517415ee15637fa60298d9cd8252ad9aa3eec6ae3a847ede0611 WHIRLPOOL e7ae9750f0b7fc811bbd1a51dccba1e9d8c8a581bf7ff296bfcd6bfed7b747d1d4307a6c68dda7e4e29e017151c7d1b21c971cc677b838c0feffcd902e29be5c +AUX openvpn-external-cmocka.patch 2083 SHA256 8deebd932ba2fa529f10f0f1d41c3606997b428666c95c3aad61e5b1e4002861 SHA512 6c34518f626992031735f6433861fafd44e3cf35e95668cf5945aee7b341a049e3b6a73dd9937a0f287e4a750a2415532ae49aac11011767e0c7a3355f8ff6ca WHIRLPOOL 7914fd96994e27e3d87ba7664ea0b70a7523727dac7bd7345971db4c482df3d678940a492f7ad9a45cce28cfd7561efe5f6117e68394275fb0c9114dead17263 +AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51 +DIST mock_msg.h 1356 SHA256 d6c56a423753c0b938a5dc32c978984eebb97243a2671a1652440093f67d61fb SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea WHIRLPOOL 4cce848abc141e9d39cca1f8a0c9d11c0819d8a6e640c541968df491d2a6c3c0746233742418ee43c8bbc6ef19028a41159efae2922bcc719bd86442da05df86 +DIST openvpn-2.4.3.tar.gz 1422692 SHA256 cee3d3ca462960a50a67c0ebd186e01b6d13db70275205663695152c9aca8579 SHA512 1d1f9afa6d0858fa32f73b2a51ed7652beac52ef974b104b51b521e6d8e872b8f5659c55ec1ef442fed3b6c6b058627b0af73e765a1261871b1cd96c8acd657e WHIRLPOOL ba2e878f7a12082c60e2a25b4b83d6293f56307d0dac48b068e4edbf06583b85a4698431937086427fba7db6b364ee6a074eae269a3efd782cf3c1658b8fcd1b +DIST openvpn-2.4.4.tar.gz 1390194 SHA256 1ae883d9522c9fa6d189e5e4aaa058a93edd3d0b897e3c2664107c4785099fc3 SHA512 3c3cb77397569e21c5af52b065b081714ce53e2dd0b890c881de8e57220dc23d97cd61eaf5a6bf8e5e89186414c4c93da22a3ab65f4b61f80b04d862b4116e76 WHIRLPOOL d9ed3e499a6e2baf9c74d7ee11931c21744a3d1a5d50c48504247f118a35560409bd53302c2d2482b105847485aff3426f55e6ec0a5dfd9a4f79186b40014c7a +EBUILD openvpn-2.4.3-r1.ebuild 4689 SHA256 d8a3a1ef1843b6ade6a7a748079e86b4b8aa79d5e843205cab283ea7c2a31e26 SHA512 fb0d83acce76eb3602332df7a618c5073765055819341d1372ed034d4f31b93abbca0615767ae50c2064e3210c9e5d6fa51ca727328b403cab63fa2c9792b83e WHIRLPOOL d3efe27a6e7a1f2f82d662d4f14fd37411cc59b38a78c8f270106f42ebed05ae2da5379f5228c6e24a18b6700500ba211110b85e73e986c1ba3cb4631c86d4a5 +EBUILD openvpn-2.4.3.ebuild 4611 SHA256 152ea1894e39b9a290affe877510113b53c1e8e51e6e8d03851b2489ea7c76a8 SHA512 3a7b7c93df95922eb9d6deb383a63521a5daea9490e90285dc5bd419af0afa484b55c836a41d528462b7301698d7c6c2cfe63b3eea7bfffcf990b7308dd43d17 WHIRLPOOL 29b21e8a81c91b83677906fc3879c24b2ce89e0697a17e2a25969d39401cdb337662d8d4eb5da70cf82bea0edce2896e6ee0e428ef0191402e8ed73e778bbcb0 +EBUILD openvpn-2.4.4.ebuild 4683 SHA256 b886728b4bffe1cd046d0e1bda93b7a9a8027f8cdb6e9803ef22177af6178a48 SHA512 2556b160f91642357bd39b7f7e53f7baa96b5513bccac53a0344386521367279087918d07054bd8cab81be4171568f783249abff4a9d80c888502f052d9562c9 WHIRLPOOL 15205d0d1ad7924f44ece0c200c7a9fc8af70fd1aeb1c3647f3ac37af40027aa7582ccef117eecd99f89e4cb3b5ce56e36b20c3f3cbbd2af7f168c949ba58f23 +EBUILD openvpn-9999.ebuild 4473 SHA256 83ed9e44b86ae9200406ee251d76f36493e7cfaec4c051bfbc2c95f8367b2135 SHA512 700392c91522915cb00d9282eb7f53f237b40d78c3d5702dfccd6255e86b7b1a86355fdc45902fcba572cbcbf5ee87239b0b4197557934413884b633b7fdc4fa WHIRLPOOL 89643cd3ffe5111e7dbf52839adffd87cd1a6c5cc90d26c0809c51f9ae2fc2fda9f2c0637c8f3fbf961317d90d1415a5a6e5d4bf7f526848f3116e4d700a9e0b +MISC metadata.xml 1157 SHA256 667929a10db854b014d33be01fead67aa94176400e35b035db5aaa2859a693e0 SHA512 1408231f0a3d66a762af5482d3e67a2d9e950fd4ef456d9dce45943e21b34eb8178c8085d198fa3ea726f0718c4b1a2a0f94798ee9ef51958807dc305e65c882 WHIRLPOOL 81cd37f460b8295bb6d050f4ecf363378d4434c88c32ffa4919db5b5fe906962887d08744def990dc63882a7486221e378cd54d5d57379868076dcf47aa62ba0 diff --git a/net-vpn/openvpn/files/down.sh b/net-vpn/openvpn/files/down.sh new file mode 100644 index 000000000000..1c70db0ec653 --- /dev/null +++ b/net-vpn/openvpn/files/down.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberlord@gentoo.org) + +# If we have a service specific script, run this now +if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then + /etc/openvpn/"${SVCNAME}"-down.sh "$@" +fi + +# Restore resolv.conf to how it was +if [ "${PEER_DNS}" != "no" ]; then + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d "${dev}" + elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then + # Important that we copy instead of move incase resolv.conf is + # a symlink and not an actual file + cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf + rm -f /etc/resolv.conf-"${dev}".sv + fi +fi + +if [ -n "${SVCNAME}" ]; then + # Re-enter the init script to start any dependant services + if /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/"${SVCNAME}" --quiet stop + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-vpn/openvpn/files/openvpn-2.1.conf b/net-vpn/openvpn/files/openvpn-2.1.conf new file mode 100644 index 000000000000..72510c34aed3 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-2.1.conf @@ -0,0 +1,18 @@ +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to +# resolvconf) if given DNS information by the OpenVPN server. +# Set PEER_DNS="no" to stop this. +PEER_DNS="yes" + +# OpenVPN can run in many modes. Most people will want the init script +# to automatically detect the mode and try and apply a good default +# configuration and setup scripts. However, there are cases where the +# OpenVPN configuration looks like a client, but it's really a peer or +# something else. DETECT_CLIENT controls this behaviour. +DETECT_CLIENT="yes" + +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn +# init script (ie, it first becomes "inactive" and the script then starts the +# script again to make it "started") then you can state this below. +# In other words, unless you understand service dependencies and are a +# competent shell scripter, don't set this. +RE_ENTER="no" diff --git a/net-vpn/openvpn/files/openvpn-2.1.init b/net-vpn/openvpn/files/openvpn-2.1.init new file mode 100644 index 000000000000..b42aa13d20de --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-2.1.init @@ -0,0 +1,133 @@ +#!/sbin/openrc-run +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR=${VPNDIR:-/etc/openvpn} +VPN=${SVCNAME#*.} +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then + VPNPID="/var/run/openvpn.${VPN}.pid" +else + VPNPID="/var/run/openvpn.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" + +depend() { + need localmount net + use dns + after bootmisc +} + +checkconfig() { + # Linux has good dynamic tun/tap creation + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available" \ + "in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + return 0 + fi + + # Other OS's don't, so we rely on a pre-configured interface + # per vpn instance + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") + if [ -z ${ifname} ] ; then + eerror "You need to specify the interface that this openvpn" \ + "instance should use" \ + "by using the dev option in ${VPNCONF}" + return 1 + fi + + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + # Try and create it + echo > /dev/"${ifname}" >/dev/null + fi + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + eerror "${VPNCONF} requires interface ${ifname}" \ + "but that does not exist" + return 1 + fi +} + +start() { + # If we are re-called by the openvpn gentoo-up.sh script + # then we don't actually want to start openvpn + [ "${IN_BACKGROUND}" = "true" ] && return 0 + + ebegin "Starting ${SVCNAME}" + + checkconfig || return 1 + + local args="" reenter=${RE_ENTER:-no} + # If the config file does not specify the cd option, we do + # But if we specify it, we override the config option which we do not want + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then + args="${args} --cd ${VPNDIR}" + fi + + # We mark the service as inactive and then start it. + # When we get an authenticated packet from the peer then we run our script + # which configures our DNS if any and marks us as up. + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then + reenter="yes" + args="${args} --up-delay --up-restart" + args="${args} --script-security 2" + args="${args} --up /etc/openvpn/up.sh" + args="${args} --down-pre --down /etc/openvpn/down.sh" + + # Warn about setting scripts as we override them + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You have defined your own up/down scripts" + ewarn "As you're running as a client, we now force Gentoo specific" + ewarn "scripts to be run for up and down events." + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" + ewarn "where you can put your own code." + fi + + # Warn about the inability to change ip/route/dns information when + # dropping privs + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You are dropping root privileges!" + ewarn "As such openvpn may not be able to change ip, routing" + ewarn "or DNS configuration." + fi + else + # So we're a server. Run as openvpn unless otherwise specified + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" + fi + + # Ensure that our scripts get the PEER_DNS variable + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" + + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ + --setenv SVCNAME "${SVCNAME}" ${args} + eend $? "Check your logs to see why startup failed" +} + +stop() { + # If we are re-called by the openvpn gentoo-down.sh script + # then we don't actually want to stop openvpn + if [ "${IN_BACKGROUND}" = "true" ] ; then + mark_service_inactive "${SVCNAME}" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet \ + --exec /usr/sbin/openvpn --pidfile "${VPNPID}" + eend $? +} + +# vim: set ts=4 : diff --git a/net-vpn/openvpn/files/openvpn-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-external-cmocka.patch new file mode 100644 index 000000000000..eecc5076b4e8 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-external-cmocka.patch @@ -0,0 +1,62 @@ +diff --git a/configure.ac b/configure.ac +index f4073d0..9afcc90 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1211,6 +1211,21 @@ if test "${enable_async_push}" = "yes"; then + ) + fi + ++AC_ARG_ENABLE( ++ [tests], ++ AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@]) ++) ++ ++if test "${enable_tests}" = "yes"; then ++ PKG_CHECK_MODULES([CMOCKA], [cmocka]) ++ TEST_CFLAGS="${CMOCKA_CFLAGS}" ++ TEST_LDFLAGS="${CMOCKA_LIBS}" ++ AC_SUBST([TEST_CFLAGS]) ++ AC_SUBST([TEST_LDFLAGS]) ++fi ++AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"]) ++AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) ++ + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" + AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) + +@@ -1257,28 +1272,6 @@ AC_SUBST([VENDOR_SRC_ROOT]) + AC_SUBST([VENDOR_BUILD_ROOT]) + AC_SUBST([VENDOR_DIST_ROOT]) + +-TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib" +-TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include" +- +-AC_SUBST([TEST_LDFLAGS]) +-AC_SUBST([TEST_CFLAGS]) +- +-# Check if cmake is available and cmocka git submodule is initialized, +-# needed for unit testing +-AC_CHECK_PROGS([CMAKE], [cmake]) +-if test -n "${CMAKE}"; then +- if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [true]) +- else +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) +- AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.]) +- fi +-else +- AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.]) +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) +-fi +- +- + AC_CONFIG_FILES([ + version.sh + Makefile +diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am +index 31d37b8..4b7fb41 100644 +--- a/tests/unit_tests/Makefile.am ++++ b/tests/unit_tests/Makefile.am +@@ -3 +3 @@ AUTOMAKE_OPTIONS = foreign +-if CMOCKA_INITIALIZED ++if ENABLE_TESTS diff --git a/net-vpn/openvpn/files/up.sh b/net-vpn/openvpn/files/up.sh new file mode 100644 index 000000000000..6ce82d6113cd --- /dev/null +++ b/net-vpn/openvpn/files/up.sh @@ -0,0 +1,100 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberlord@gentoo.org) + +# Setup our resolv.conf +# Vitally important that we use the domain entry in resolv.conf so we +# can setup the nameservers are for the domain ONLY in resolvconf if +# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc. +# nscd/libc users will get the VPN nameservers before their other ones +# and will use the first one that responds - maybe the LAN ones? +# non resolvconf users just the the VPN resolv.conf + +# FIXME:- if we have >1 domain, then we have to use search :/ +# We need to add a flag to resolvconf to say +# "these nameservers should only be used for the listed search domains +# if other global nameservers are present on other interfaces" +# This however, will break compatibility with Debians resolvconf +# A possible workaround would be to just list multiple domain lines +# and try and let resolvconf handle it + +min_route() { + local n=1 + local m + local r + + eval m="\$route_metric_$n" + while [ -n "${m}" ]; do + if [ -z "$r" ] || [ "$r" -gt "$m" ]; then + r="$m" + fi + n="$(($n+1))" + eval m="\$route_metric_$n" + done + + echo "$r" +} + +if [ "${PEER_DNS}" != "no" ]; then + NS= + DOMAIN= + SEARCH= + i=1 + while true ; do + eval opt=\$foreign_option_${i} + [ -z "${opt}" ] && break + if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then + if [ -z "${DOMAIN}" ] ; then + DOMAIN="${opt#dhcp-option DOMAIN *}" + else + SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}" + fi + elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then + NS="${NS}nameserver ${opt#dhcp-option DNS *}\n" + fi + i=$((${i} + 1)) + done + + if [ -n "${NS}" ] ; then + DNS="# Generated by openvpn for interface ${dev}\n" + if [ -n "${SEARCH}" ] ; then + DNS="${DNS}search ${DOMAIN} ${SEARCH}\n" + elif [ -n "${DOMAIN}" ]; then + DNS="${DNS}domain ${DOMAIN}\n" + fi + DNS="${DNS}${NS}" + if [ -x /sbin/resolvconf ] ; then + metric="$(min_route)" + printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}} + else + # Preserve the existing resolv.conf + if [ -e /etc/resolv.conf ] ; then + cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv + fi + printf "${DNS}" > /etc/resolv.conf + chmod 644 /etc/resolv.conf + fi + fi +fi + +# Below section is Gentoo specific +# Quick summary - our init scripts are re-entrant and set the SVCNAME env var +# as we could have >1 openvpn service + +if [ -n "${SVCNAME}" ]; then + # If we have a service specific script, run this now + if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then + /etc/openvpn/"${SVCNAME}"-up.sh "$@" + fi + + # Re-enter the init script to start any dependant services + if ! /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/${SVCNAME} --quiet start + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-vpn/openvpn/metadata.xml b/net-vpn/openvpn/metadata.xml new file mode 100644 index 000000000000..ca1e9a1139e7 --- /dev/null +++ b/net-vpn/openvpn/metadata.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>mrueg@gentoo.org</email> + <name>Manuel Rüger</name> + </maintainer> + <maintainer type="person"> + <email>chutzpah@gentoo.org</email> + <name>Patrick McLean</name> + </maintainer> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <name>William Hubbs</name> + </maintainer> + <longdescription>OpenVPN is an easy-to-use, robust and highly +configurable VPN daemon which can be used to securely link two or more +networks using an encrypted tunnel.</longdescription> + <use> + <flag name="down-root">Enable the down-root plugin</flag> + <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag> + <flag name="lz4">Enable LZ4 support</flag> + <flag name="mbedtls">Use mbed TLS instead of OpenSSL</flag> + <flag name="pkcs11">Enable PKCS#11 smartcard support</flag> + <flag name="plugins">Enable the OpenVPN plugin system</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:openvpn:openvpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild new file mode 100644 index 000000000000..798c6c354ac3 --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz + test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf + + if use test; then + cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die + fi +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + IFCONFIG=/bin/ifconfig \ + ROUTE=/bin/route \ + econf \ + $(usex mbedtls '--with-crypto-library=mbedtls' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + if use x64-macos; then + elog "You might want to install tuntaposx for TAP interface support:" + elog "http://tuntaposx.sourceforge.net" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" + fi +} diff --git a/net-vpn/openvpn/openvpn-2.4.3.ebuild b/net-vpn/openvpn/openvpn-2.4.3.ebuild new file mode 100644 index 000000000000..a15364807f9f --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.4.3.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz + test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf + + if use test; then + cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die + fi +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + econf \ + $(usex mbedtls '--with-crypto-library=mbedtls' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + if use x64-macos; then + elog "You might want to install tuntaposx for TAP interface support:" + elog "http://tuntaposx.sourceforge.net" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" + fi +} diff --git a/net-vpn/openvpn/openvpn-2.4.4.ebuild b/net-vpn/openvpn/openvpn-2.4.4.ebuild new file mode 100644 index 000000000000..74cf0f22fd79 --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.4.4.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz + test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf + + if use test; then + cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die + fi +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + IFCONFIG=/bin/ifconfig \ + ROUTE=/bin/route \ + econf \ + $(usex mbedtls '--with-crypto-library=mbedtls' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + if use x64-macos; then + elog "You might want to install tuntaposx for TAP interface support:" + elog "http://tuntaposx.sourceforge.net" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" + fi +} diff --git a/net-vpn/openvpn/openvpn-9999.ebuild b/net-vpn/openvpn/openvpn-9999.ebuild new file mode 100644 index 000000000000..8a34713832c5 --- /dev/null +++ b/net-vpn/openvpn/openvpn-9999.ebuild @@ -0,0 +1,159 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info git-r3 + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" +EGIT_SUBMODULES=(-cmocka) +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + lzo? ( !lz4 ) + pkcs11? ( ssl ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + econf \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(usex mbedtls 'with-crypto-library' 'mbedtls' '' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + ewarn "" + ewarn "You are using a live ebuild building from the sources of openvpn" + ewarn "repository from http://openvpn.git.sourceforge.net. For reporting" + ewarn "bugs please contact: openvpn-devel@lists.sourceforge.net." +} diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest new file mode 100644 index 000000000000..3cc3746fdea1 --- /dev/null +++ b/net-vpn/peervpn/Manifest @@ -0,0 +1,7 @@ +AUX peervpn-0.044-strncpy-null-terminator.patch 3556 SHA256 f655877a8071c55f430e0317044e0cb1ed06f9b3c33ab03d12964cff7632d3a7 SHA512 d09686271ead53a5433a60b7b6551fea23661d5a76f55f7c6c2d94b1c8946c83d51990388d5e77049ccce2ad64292ce8ab815ffec94eacb53738be34584370c6 WHIRLPOOL 3f5290f54d2d605a0240cc89ca3cffe1ce9e7a2f309df6b3d4e361ffcfc113a15dd22bc7c2111b44522d68ab27983e73313f24e4bee6fc5426e752d9c0337745 +AUX peervpn.initd 590 SHA256 0fa85626d4ed95f41ec19c03d358786d723313a1fa77fb328377a1be3d376175 SHA512 68ef4c4de590ff6be19135f86fb9cbac88f80dac7a5094d262281404d8fa3aac2b22f532f65834a6d2da95818d55eb2a451d4724e1c4c783be60fb410bfbaa33 WHIRLPOOL 67b18afe5bf2f34bd3ec811b4e304bc5ac058a6534cf84281c855bdcd122ad1b57db14db2e79256165961f5e2d26f9a0da4893ff4834c8e163a079318b7cabe5 +AUX peervpn.logrotated 87 SHA256 ab24b611fb91b1deafa420a796c48f3d479541d76c9fbbec278d51bcd7b5ade7 SHA512 474d2cd0c92786d5b7b45604a235a9102197e9e3520c812db86c1183bc0ab0963dbbb538ff684a44bc47184eb3e87d77e6b2ddab72c52fccca529cc16f56f515 WHIRLPOOL 3ccd8a8dc643b3d18b686d585b18b4f9c0966fa980ea198d4cd60361ddd4851adc4f2d10f85cab1a88e31648326b106ebd53fc23c6436ba80467a3e551bbd862 +AUX peervpn.service 256 SHA256 a9d8ec1d57833892040e03e95e62bea9d95493d8a2e27441cf9dadbd9b598b15 SHA512 d2d7336ed77324f30d3a4d83fe47b43bbafc3340525eac862bd7637e3a72a70dba1dc9ea21ed59e1606c8d1c03c3ee5ab9da73b49e71cf70e536369ae9ecf01c WHIRLPOOL 40080c5c89bd15fc5fc2d65920e1fe60ab91d3dfa2475b068e2af19315ef702844cfe96e72ff343c58b7f60061d3eecb429ffa1d4a437fefd684185322527cbb +DIST peervpn-0.044.tar.gz 81948 SHA256 9d2afc4b5b2b456dee386c80c5d37c32cd7c91d72c3a784d6d99f3d0f28d21d8 SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba WHIRLPOOL 7935a7826ec632d0b378099fccce6bf5cb08bc5a8d3ce5d3e102075bc81eed963386f823f42a67b175d7df393a7dd5c0136807f6a5b580371d96fdbee0723bd7 +EBUILD peervpn-0.044-r4.ebuild 1558 SHA256 c38166d6ba6c073e8e7534ea97145b3ce79f41d6abff8fc233ff010bbeda0393 SHA512 0e01fc7243e8e72bf0b5c5b302393f4f94df658ace1fdd3b30263a7d12ca2392264d8d4d89c3c8540a72cf71531156340e924ce65ee04c0a792d3fbf593854a8 WHIRLPOOL fe8310a1a3da9906d3c7a545e982e7e17e9e2ea4d412debf908cf5b08ef5bc0fe5401a5d57a393a51857b2a71823f16b2ee462fe13f2d9e0d263606de2e391f3 +MISC metadata.xml 306 SHA256 c67c4c3518c058ceb302f0e973691a6e0c9e53037c87430fe29bf0dd6b6eea50 SHA512 29286f5271bd2e6cb8aa39d626bc581cdfce7206e3a76e964418b460c20ab844e096a009db6c3ef1f3bc09f56622a2e388bce8aeeedd3be65d936e244915a7db WHIRLPOOL a39f8e3c13a00e416cf28568e53061cb59c9832b9e7cea62bc0d6ab2f04b0274e2224c011dc61e7366fe1a322e02a6aaa50dcb26703f51c07c83d38712a1f901 diff --git a/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch b/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch new file mode 100644 index 000000000000..e16d0ef80239 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch @@ -0,0 +1,91 @@ +From 5dda3477ed31888b86792ed05c17d80a77fe0b03 Mon Sep 17 00:00:00 2001 +From: Zac Medico <zmedico@gentoo.org> +Date: Thu, 30 Mar 2017 16:03:27 -0700 +Subject: [PATCH] config.ic: fix strncpy calls to copy null terminator for 512 + byte strings + +This problem caused a 512 byte psk setting to trigger authentication +failure, since the strlen call used to set password_len would return +an unpredictable result on each peer. + +https://github.com/peervpn/peervpn/pull/20 +--- + config.ic | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/config.ic b/config.ic +index e0eba35..405e9de 100644 +--- a/config.ic ++++ b/config.ic +@@ -147,55 +147,55 @@ static int parseConfigLine(char *line, int len, struct s_initconfig *cs) { + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"local",&vpos)) { +- strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"port",&vpos)) { +- strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"user",&vpos)) { +- strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"group",&vpos)) { +- strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"chroot",&vpos)) { +- strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"networkname",&vpos)) { +- strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"interface",&vpos)) { +- strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"ifconfig4",&vpos)) { +- strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"ifconfig6",&vpos)) { +- strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"upcmd",&vpos)) { +- strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"initpeers",&vpos)) { +- strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"engine",&vpos)) { +- strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"psk",&vpos)) { +- strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + cs->password_len = strlen(cs->password); + return 1; + } +-- +2.10.2 + diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd new file mode 100644 index 000000000000..77d98a9558b0 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 2016-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="peervpn server" +pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"} +logfile=${logfile:-"/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"} +user=${RC_SVCNAME} +group=${RC_SVCNAME} + +command="/usr/sbin/${RC_SVCNAME}" +command_args="${command_args:-/etc/peervpn/peervpn.conf}" +command_background="true" +# peervpn will drop privileges based on user and group config file settings +start_stop_daemon_args=" + --stdout ${logfile} + --stderr ${logfile}" + +depend() { + need net +} diff --git a/net-vpn/peervpn/files/peervpn.logrotated b/net-vpn/peervpn/files/peervpn.logrotated new file mode 100644 index 000000000000..e99669c91358 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.logrotated @@ -0,0 +1,7 @@ +/var/log/peervpn/peervpn.log { + missingok + size 5M + rotate 3 + compress + copytruncate +} diff --git a/net-vpn/peervpn/files/peervpn.service b/net-vpn/peervpn/files/peervpn.service new file mode 100644 index 000000000000..13c5310f517b --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.service @@ -0,0 +1,12 @@ +[Unit] +Description=peervpn server +Requires=network-online.target +After=network-online.target + +[Service] +Environment=PEERVPN_OPTS="/etc/peervpn/peervpn.conf" +ExecStart=/usr/sbin/peervpn $PEERVPN_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/peervpn/metadata.xml b/net-vpn/peervpn/metadata.xml new file mode 100644 index 000000000000..d4216eaa7140 --- /dev/null +++ b/net-vpn/peervpn/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zmedico@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="github">peervpn/peervpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild new file mode 100644 index 000000000000..27b19165e236 --- /dev/null +++ b/net-vpn/peervpn/peervpn-0.044-r4.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs user + +DESCRIPTION="P2P mesh VPN" +HOMEPAGE="https://github.com/peervpn/peervpn" +EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc" +SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" +RDEPEND="dev-libs/openssl:0=" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${PN}-${EGIT_COMMIT} + +PATCHES=( + "${FILESDIR}/${P}-strncpy-null-terminator.patch" +) + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 -1 ${PN} +} + +src_prepare() { + default + sed -e 's|^CFLAGS+=-O2||' -i Makefile || die +} + +src_compile() { + emake CC=$(tc-getCC) || die +} + +src_install() { + dosbin ${PN} + + insinto /etc/${PN} + newins peervpn.conf peervpn.conf.example + # read-only group access for bug 629418 + fowners root:${PN} /etc/${PN} + fperms 0750 /etc/${PN} + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + systemd_dounit "${FILESDIR}/${PN}.service" + + keepdir /var/log/${PN} + insinto /etc/logrotate.d + newins "${FILESDIR}/${PN}.logrotated" "${PN}" +} + +pkg_preinst() { + if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ + [[ -d ${EROOT}etc/${PN} && + $(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; then + ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418" + while read -r -d ''; do + chown root:${PN} "${REPLY}" || die + chmod g+rX-w,o-rwx "${REPLY}" || die + done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print0) + fi +} diff --git a/net-vpn/pptpd/Manifest b/net-vpn/pptpd/Manifest new file mode 100644 index 000000000000..e921c81c97a7 --- /dev/null +++ b/net-vpn/pptpd/Manifest @@ -0,0 +1,8 @@ +AUX pptpd-1.4.0-gentoo.patch 2360 SHA256 b84c7a17ff6ccb7560dd1fcfbe439dcde740724b52ef520f880fd4395f04b9d7 SHA512 ba89b3b9eacd19e7cf6173289e8cb5db2443b55b3ad86f053c58636ed4f65227c626678f052f2d0a3c4c22fe4e0487493d097cd9a5434101017b95605966fc5b WHIRLPOOL 058306023e0d1cd27126b638027fef00eddf99f5a0bdf177437f17bd45edb6556ed20dbcddb66f1ce4ccc5702cfbbda44269cfe4df59f987c7bc1d47c52bd022 +AUX pptpd-1.4.0-pidfile.patch 1348 SHA256 0e3b8da40751acead031c3a469695eb8741ff46a98357fb1494d248234a7199d SHA512 0d0e4df9cc1827345001ebfb88ec87bdce818792aa2243e92127643ffbf64a2c7d62cb5cd26930085d7533ae32135cbcc36da755adce3297bcad4abf764b3b6e WHIRLPOOL 557942f0c1bd8b6495fd53f078e1382617cd760ed3e78c347a76fa9381be1fd5cb8987bb8dc36a6850b59990daea6b6328a9d6ae3a79a9c9b220045faa2532c4 +AUX pptpd-1.4.0-sandbox-fix.patch 528 SHA256 6881a1f31fb56dbac032f715354eaad533d48d202d37045fe73328669023bead SHA512 7f80c66185207f4d14fd6163e41fed3acc7ffdeea91d3f62e000ab1fcbe6abd8f3bb6a1ea927a9fa29ef1b38b2c0ffe364625e155474c4145126de674cd7f2bb WHIRLPOOL 225703afe2f6c9e97f9e88c5ee405a980a9e06f7944d43b98edcf9296d2b31e6a84cc84583e1ea21600f472a31aaeb1f5652d441127b6e3fefb3b7e6573096dc +AUX pptpd-confd 131 SHA256 4d69da546e36439dc1a7cb5abb949ad48046155752c047babb5472decdfa1958 SHA512 59f118715cf6c36442687a58f46a54519fb5125383e85c4fa352a4c97f8a4e19f46c9715330550755eb9691e8174b70cdfab48fbd14c2707364e8083d6baa488 WHIRLPOOL a386723e4e0f660563aca44807bf7b2553caf99904a115587072925a49fd2d5cb8c2742cc832afefa16cec4bc85c3c03afc37b149b81c6426474f1f7032bf60e +AUX pptpd-init-r2 325 SHA256 5645695e84f2b4daa35a04db10861ef143818a586833654ce017397a1b4dc9ed SHA512 5eb0839310b6897aeb5ef067f3bbccc3f302f9d5375fea9c2cf405a6e823560a776a96fa0189b4c9adf1744651a35a41d4fcafc3f9e1ebf5ddeb5d88bece9678 WHIRLPOOL 2fb0b720e07b7b2b80aa973798bbf659e9b2c75457c8d5af6d1704ca6406dbdfdaea532a6bb7271cece6287cb40e638e93a1c06243b7ee8cdb2845c3f09b42bc +DIST pptpd-1.4.0.tar.gz 252167 SHA256 8fcd8b8a42de2af59e9fe8cbaa9f894045c977f4d038bbd6346a8522bb7f06c0 SHA512 cfb4caef3025c0721e7fabf8b7bf595739f2d3048555b30616cdadc37e70ba9e1c50561c25091dd617b5448da2816aeaf83aea0fc2ef6b0dd5e3fe35d9591484 WHIRLPOOL 8296818e05cb01339b83a68d149413fd5bd76b435cfa56c3e16a8136b531743468953279d44339fd0f8125fb25172a3ee9a10ec14bb9f801eb54133b665dab3b +EBUILD pptpd-1.4.0-r2.ebuild 1920 SHA256 fa68666064a48556beacf81be24d7880ebc66037e06e63e2d183502ceec2b1f4 SHA512 803829744f54b0d4f16866414c2196d02e064d15f2060e1ba61f9fccf86bb777b0fa9b5fd662975960cf8a95b9c94913db7acf35bfa3168350db0a13541358ba WHIRLPOOL 09a7927c30b8a1bbae57799d7ff330d7d66ecdeb626ba4ca7a3b6bdb7985f0bf6740f5cd4d87d68bd961be993537313880b613b7f4694655ed271feb0d5e7c41 +MISC metadata.xml 469 SHA256 2386aff6c06ec87707a5e2224f04488376ccdfac863062d5bdad89a5536452c9 SHA512 c4a5aa89a09126dd523bb230a29c8aec9816f734903da555ac8193a82e359d09a9237d1a82f0355a63daea56f7239919b61706c9d7e333bdba5f6e69cc007a04 WHIRLPOOL 57f97c50529b7f790d1292b32f4b86afb1b8a35d4cf100ca7f78628229102740d6b42eed90f9fdb7ce1d276fb8d8a2fc09012c61c3a50116a91ed291b9f97d33 diff --git a/net-vpn/pptpd/files/pptpd-1.4.0-gentoo.patch b/net-vpn/pptpd/files/pptpd-1.4.0-gentoo.patch new file mode 100644 index 000000000000..9e7db7ea3454 --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-1.4.0-gentoo.patch @@ -0,0 +1,59 @@ +diff -Naur pptpd-1.3.4.orig/Makefile.am pptpd-1.3.4/Makefile.am +--- pptpd-1.3.4.orig/Makefile.am 2007-04-16 04:53:53.000000000 +0400 ++++ pptpd-1.3.4/Makefile.am 2007-05-01 21:29:15.000000000 +0400 +@@ -11,7 +11,7 @@ + ## warning with -Wmissing-prototypes). + ## -Wmissing-prototypes removed (eg, Linux 2.2.6 headers + ## aren't up to it). +-CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"' ++CFLAGS += -fno-builtin -Wall -DSBINDIR='"$(sbindir)"' + #CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"' + #CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"' + +diff -Naur pptpd-1.3.4.orig/plugins/Makefile pptpd-1.3.4/plugins/Makefile +--- pptpd-1.3.4.orig/plugins/Makefile 2006-08-03 06:02:01.000000000 +0400 ++++ pptpd-1.3.4/plugins/Makefile 2007-05-01 21:29:15.000000000 +0400 +@@ -1,6 +1,5 @@ +-CC = gcc ++CC ?= gcc +-COPTS = -O2 -g +-CFLAGS = $(COPTS) -I.. -I../../include -fPIC ++CFLAGS += -I.. -I../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS += -shared + LDADD = -lutil + INSTALL = install -o root +diff -Naur pptpd-1.3.4.orig/pptpgre.c pptpd-1.3.4/pptpgre.c +--- pptpd-1.3.4.orig/pptpgre.c 2007-04-16 04:21:02.000000000 +0400 ++++ pptpd-1.3.4/pptpgre.c 2007-05-01 21:29:50.000000000 +0400 +@@ -326,9 +326,11 @@ + "GRE: timeout waiting for %d packets", + head->seq - gre.seq_recv - 1); + } ++#ifdef LOG_DEBUG_GRE_ACCEPTING_PACKET + if (pptpctrl_debug) + syslog(LOG_DEBUG, "GRE: accepting #%d from queue", + head->seq); ++#endif + gre.seq_recv = head->seq; + status = callback(cl, head->packet, head->packlen); + pqueue_del(head); +diff -Naur pptpd-1.3.4.orig/pqueue.c pptpd-1.3.4/pqueue.c +--- pptpd-1.3.4.orig/pqueue.c 2005-08-03 12:53:22.000000000 +0400 ++++ pptpd-1.3.4/pqueue.c 2007-05-01 21:29:15.000000000 +0400 +@@ -7,13 +7,11 @@ + #include "pqueue.h" + + #ifdef DEBUG_PQUEUE +-#define DEBUG_ON 1 ++# define DEBUG_CMD(_a) { _a } + #else +-#define DEBUG_ON 0 ++# define DEBUG_CMD(_a) + #endif + +-#define DEBUG_CMD(_a) if (DEBUG_ON) { _a } +- + #define MIN_CAPACITY 128 /* min allocated buffer for a packet */ + + static int pqueue_alloc (int seq, unsigned char *packet, int packlen, pqueue_t **new); diff --git a/net-vpn/pptpd/files/pptpd-1.4.0-pidfile.patch b/net-vpn/pptpd/files/pptpd-1.4.0-pidfile.patch new file mode 100644 index 000000000000..59bc4a43ecd9 --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-1.4.0-pidfile.patch @@ -0,0 +1,33 @@ +--- a/pptpd.c 2016-08-16 15:35:51.660000000 +0300 ++++ b/pptpd.c 2016-08-16 15:36:01.010000000 +0300 +@@ -115,7 +115,7 @@ + printf(" (default is /etc/ppp/options).\n"); + #endif + printf(" [-p] [--pidfile file] Specifies the file to write the process ID to\n"); +- printf(" (default is /var/run/pptpd.pid).\n"); ++ printf(" (default is /run/pptpd.pid).\n"); + #if !defined(BSDUSER_PPP) + printf(" [-s] [--speed baud] Specifies the baud speed for the PPP daemon\n"); + printf(" (default is 115200).\n"); +--- a/pptpd.8 2016-08-16 15:34:53.480000000 +0300 ++++ b/pptpd.8 2016-08-16 15:35:11.650000000 +0300 +@@ -72,7 +72,7 @@ + .TP + \fB-p\fR|\fB--pidfile \fIpid-file + specifies an alternate location to store the process ID file (default +-.IR /var/run/pptpd.pid ). ++.IR /run/pptpd.pid ). + + .TP + \fB-s\fR|\fB--speed \fIbaud +--- a/defaults.h 2016-08-16 15:35:01.050000000 +0300 ++++ b/defaults.h 2016-08-16 15:35:20.190000000 +0300 +@@ -43,7 +43,7 @@ + #else + #define PPTPD_CONFIG_FILE_DEFAULT "/etc/pptpd.conf" + #endif +-#define PIDFILE_DEFAULT "/var/run/pptpd.pid" ++#define PIDFILE_DEFAULT "/run/pptpd.pid" + + #define STIMEOUT_DEFAULT 10 /* seconds */ + diff --git a/net-vpn/pptpd/files/pptpd-1.4.0-sandbox-fix.patch b/net-vpn/pptpd/files/pptpd-1.4.0-sandbox-fix.patch new file mode 100644 index 000000000000..2162509d7d48 --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-1.4.0-sandbox-fix.patch @@ -0,0 +1,21 @@ +--- a/plugins/Makefile 2013-05-15 14:36:33.994231829 +0400 ++++ b/plugins/Makefile 2013-05-15 14:37:06.686234429 +0400 +@@ -17,14 +17,14 @@ + %.so: %.c + $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ $(LDADD) + +-LIBDIR ?= $(DESTDIR)$(prefix)/lib/pptpd ++LIBDIR ?= $(prefix)/lib/pptpd + + install: $(PLUGINS) +- $(INSTALL) -d $(LIBDIR) +- $(INSTALL) $? $(LIBDIR) ++ $(INSTALL) -d $(DESTDIR)$(LIBDIR) ++ $(INSTALL) $? $(DESTDIR)$(LIBDIR) + + uninstall: +- rm -f $(LIBDIR)$(PLUGINS) ++ rm -f $(DESTDIR)$(LIBDIR)$(PLUGINS) + + clean: + rm -f *.o *.so *.a diff --git a/net-vpn/pptpd/files/pptpd-confd b/net-vpn/pptpd/files/pptpd-confd new file mode 100644 index 000000000000..1169e57f1c7c --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-confd @@ -0,0 +1,5 @@ +# Config file for /etc/init.d/pptpd + +# Any extra options you want to pass to pptpd +# on start-up should be put here. +PPTPD_OPTS="" diff --git a/net-vpn/pptpd/files/pptpd-init-r2 b/net-vpn/pptpd/files/pptpd-init-r2 new file mode 100644 index 000000000000..6bbf9d68143e --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-init-r2 @@ -0,0 +1,19 @@ +#!/sbin/openrc-run + +depend() { + need net +} + +start() { + ebegin "Starting pptpd" + start-stop-daemon --start --quiet --exec /usr/sbin/pptpd -- ${PPTPD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping pptpd" + start-stop-daemon --stop --quiet --pidfile /run/pptpd.pid + result=$? + killall -SIGTERM pptpctrl &>/dev/null + eend $result +} diff --git a/net-vpn/pptpd/metadata.xml b/net-vpn/pptpd/metadata.xml new file mode 100644 index 000000000000..32a22c503fb9 --- /dev/null +++ b/net-vpn/pptpd/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> + <use> + <flag name="gre-extreme-debug">Log all GRE accepted packages when in debug + mode (required if you want upstream support)</flag> + </use> + <upstream> + <remote-id type="sourceforge">poptop</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/pptpd/pptpd-1.4.0-r2.ebuild b/net-vpn/pptpd/pptpd-1.4.0-r2.ebuild new file mode 100644 index 000000000000..95a0ffb046d6 --- /dev/null +++ b/net-vpn/pptpd/pptpd-1.4.0-r2.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools eutils flag-o-matic + +DESCRIPTION="Linux Point-to-Point Tunnelling Protocol Server" +HOMEPAGE="http://poptop.sourceforge.net/" +SRC_URI="mirror://sourceforge/poptop/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86" +IUSE="gre-extreme-debug tcpd" + +DEPEND="net-dialup/ppp:= + tcpd? ( sys-apps/tcp-wrappers )" +RDEPEND="${DEPEND}" + +DOCS=( AUTHORS ChangeLog NEWS README TODO ) + +PATCHES=( + "${FILESDIR}/${P}-gentoo.patch" + "${FILESDIR}/${P}-sandbox-fix.patch" + "${FILESDIR}/${P}-pidfile.patch" +) + +src_prepare() { + # Match pptpd-logwtmp.so's version with pppd's version (#89895) + local PPPD_VER=`best_version net-dialup/ppp` + PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} + PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision + sed -i -e "s:\\(#define[ \\t]*VERSION[ \\t]*\\)\".*\":\\1\"${PPPD_VER}\":" plugins/patchlevel.h || die + + # configure.in is actually configure.ac + mv configure.in configure.ac || die + + # Automake 1.13 compatibility, bug #469476 + sed -i -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADER/' configure.ac || die 'sed on configure.ac failed' + + # remove 'missing' script to prevent warnings + rm missing || die 'remove missing script failed' + + # respect compiler, bug #461722 + tc-export CC + + # Call to default src_prepare to apply patches + default + + eautoreconf +} + +src_configure() { + use gre-extreme-debug && append-cppflags "-DLOG_DEBUG_GRE_ACCEPTING_PACKET" + econf \ + --enable-bcrelay \ + $(use tcpd && echo "--with-libwrap") +} + +src_compile() { + emake COPTS="${CFLAGS}" +} + +src_install () { + default + + insinto /etc + doins samples/pptpd.conf + + insinto /etc/ppp + doins samples/options.pptpd + + newinitd "${FILESDIR}/pptpd-init-r2" pptpd + newconfd "${FILESDIR}/pptpd-confd" pptpd + + dodoc README.* + dodoc -r samples +} diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest new file mode 100644 index 000000000000..5ee787c6fcc0 --- /dev/null +++ b/net-vpn/strongswan/Manifest @@ -0,0 +1,7 @@ +AUX ipsec 451 SHA256 790b9650a7439dfb0d65d63a9b55782da26d6d2a3d79b0534afcb4e0bae88def SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c WHIRLPOOL 8eed325fb083e0e3eb055412e8daf4f2edbca728a5867a49b1f80c7b08fafc3d2a689b13dd90d3152f90eade6e40d8fc2f89f46a74b7e315e3442af63845cb72 +DIST strongswan-5.5.3.tar.bz2 4768820 SHA256 c5ea54b199174708de11af9b8f4ecf28b5b0743d4bc0e380e741f25b28c0f8d4 SHA512 0b0b25d2102c98cda54300dc8c3c3a49a55e64f7c695dda65a24f2194f19bce0b7aab9e4f7486c243b552f9d1a94867d6a8782ee504aad1c9973809706d599ac WHIRLPOOL 80bc68ed5afc46fa7585c806cc52713d47495664ea0c37746198918bad9814d14d261be921158b6c7a9cd5e8c84733b0b23b80b7c6338005adca38974241d7f1 +DIST strongswan-5.6.0.tar.bz2 4850722 SHA256 a14dc0d92634ed52730bfc76a76db30943a28ed3c65a560066e1e9f785827b13 SHA512 9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649 WHIRLPOOL 5aeb256c254aae7d5923984355bcdb106d8cae6e7780df2c7849aa1fd8d5a27d6ad9a47c6d926c7dee2dff605f56bd2697034d4055dacdde1aea57168d8672af +EBUILD strongswan-5.5.3.ebuild 9280 SHA256 948c225d650226c42d3813375d983c9f53ee0ee0dd1255e91ebc87cca82833c1 SHA512 0131f9d5a852379941bfae1259b3962eb6e1676510e798215b4859277deedc9c6adbce7c6aafc5e07cfc5546663cf036394c27c6a166b8cc098bb9afddc51bbf WHIRLPOOL 9be3ec96d3ac48195ce92c3cfbc1e023707504728892b44c512f198bac947158003874c05ad636158fdce0475ee120985893de3f104d6b6667a18919d146a7d5 +EBUILD strongswan-5.6.0-r1.ebuild 9318 SHA256 7d181dc8345c2aa93a2e2abc4c98cbe796521ecbdc032c2025e613b56b3b1066 SHA512 86d45c54b2cd5284466f43806bee421389eea5e93f9b241ee6ff90680feb179005f6ab6af733dd97fd830fb5a0822fca8616e6b53982debf8fc7c2080fa0dfa9 WHIRLPOOL 64dbcc12cb5dccb0d1eae41a9d888e729e79ecd17f769299a4bd7bd43b8e10b42839db7fdabae23f6bda008ab5f9d963aa52f20469427a46d12a6ee5706bc47f +EBUILD strongswan-5.6.0.ebuild 9284 SHA256 3f5e9f930178731f7a46db0b1b4a10870dbf8c47d7800c80b751b79e40828a98 SHA512 c3f51e481bd8df4fd5f573a54214a1cd5a9098c5432c8e5926ad371d6bd9105391d2c658d61237ecf651f356dc5dd5f46d6fb91af0e347419c66e9ac48ab4494 WHIRLPOOL 40475a9a5cd22abe98c6ef20d99fd37a6e8f67f798ab0136f87c5f54df73c03a3551c5a19639e7444973f3a6f2abaee68eaf84f31695efd93a25f567b6f23df5 +MISC metadata.xml 4110 SHA256 42b646394fa17d8cdc914838138548f7c56d7e98f4029f6ae12f968c72e59b15 SHA512 12b0701b187b1d722b59976b94f7745d29d83ec0316b3647f0e70522adbd6068957ef79e9cd485ccc00c10545e894e7e423059deea1387a3aa37696e566f692a WHIRLPOOL cce268b043cd80749fa895ca45fc24407f7b6d5fdefe486fb13ce3def5e09f18f74bf26000f7159fcb294040f695994a448396ab62efcbc70952fa0ae1bf8a79 diff --git a/net-vpn/strongswan/files/ipsec b/net-vpn/strongswan/files/ipsec new file mode 100644 index 000000000000..ac942a926366 --- /dev/null +++ b/net-vpn/strongswan/files/ipsec @@ -0,0 +1,34 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net + use logger +} + +start() { + ebegin "Starting ${IPSECD}" + ipsec start + eend $? +} + +stop() { + ebegin "Stopping ${IPSECD}" + ipsec stop + eend $? +} + +restart() { + ebegin "Restarting ${IPSECD}" + svc_stop + sleep 2 + svc_start + eend $? +} + +status() { + ebegin "${IPSECD} Status (verbose):" + ipsec statusall + eend $? +} diff --git a/net-vpn/strongswan/metadata.xml b/net-vpn/strongswan/metadata.xml new file mode 100644 index 000000000000..9e6793b9791f --- /dev/null +++ b/net-vpn/strongswan/metadata.xml @@ -0,0 +1,109 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>patrick@gentoo.org</email> + <name>Patrick Lauer</name> + </maintainer> + <maintainer type="person"> + <email>gurligebis@gentoo.org</email> + <name>Bjarke Istrup Pedersen</name> + </maintainer> + <longdescription lang="en"> + StrongSwan is direct descendant of the discontinued FreeS/WAN project. + As an IPsec based VPN solution which is focused on security and ease of + use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal + via UDP encapsulation (incl. port floating) and Dead Peer Detection. It + also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on + Smartcards and virtual IP address pools. + </longdescription> + <use> + <flag name="constraints"> + Enable advanced X.509 constraint checking plugin. + </flag> + <flag name="dhcp"> + Enable server support for querying virtual IP addresses for clients + from a DHCP server. (IKEv2 only) + </flag> + <flag name="eap"> + Enable support for the different EAP modules that is supported. + </flag> + <flag name="farp"> + Enable faking of ARP responses for virtual IP addresses assigned to + clients. (IKEv2 only) + </flag> + <flag name="gcrypt"> + Enable <pkg>dev-libs/libgcrypt</pkg> plugin which provides 3DES, AES, + Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with + MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and + 22-24(4.4+). Also includes a software random number generator. + </flag> + <flag name="non-root"> + Force IKEv1/IKEv2 daemons to normal user privileges. This might impose + some restrictions mainly to the IKEv1 daemon. Disable only if you really + require superuser privileges. + </flag> + <flag name="openssl"> + Enable <pkg>dev-libs/openssl</pkg> plugin which is required for Elliptic + Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, + AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, + MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and + 22-24(4.4+) + <pkg>dev-libs/openssl</pkg> has to be compiled with USE="-bindist". + </flag> + <flag name="pkcs11"> + Enable pkcs11 support. + </flag> + <flag name="strongswan_plugins_led"> + Enable support for the led plugin. + </flag> + <flag name="strongswan_plugins_lookip"> + Enable support for the lookip plugin. + </flag> + <flag name="strongswan_plugins_systime-fix"> + Enable support for the systime-fix plugin. + </flag> + <flag name="strongswan_plugins_unity"> + Enable support for the unity plugin. + </flag> + <flag name="strongswan_plugins_vici"> + Enable support for the vici plugin. + </flag> + <flag name="strongswan_plugins_blowfish"> + Enable support for the blowfish plugin. + </flag> + <flag name="strongswan_plugins_ccm"> + Enable support for the ccm plugin. + </flag> + <flag name="strongswan_plugins_ctr"> + Enable support for the ctr plugin. + </flag> + <flag name="strongswan_plugins_gcm"> + Enable support for the gcm plugin. + </flag> + <flag name="strongswan_plugins_ha"> + Enable support for the ha plugin. + </flag> + <flag name="strongswan_plugins_ipseckey"> + Enable support for the ipseckey plugin. + </flag> + <flag name="strongswan_plugins_ntru"> + Enable support for the ntru plugin. + </flag> + <flag name="strongswan_plugins_padlock"> + Enable support for the padlock plugin. + </flag> + <flag name="strongswan_plugins_rdrand"> + Enable support for the rdrand plugin. + </flag> + <flag name="strongswan_plugins_unbound"> + Enable support for the unbound plugin. + </flag> + <flag name="strongswan_plugins_whitelist"> + Enable support for the whitelist plugin. + </flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:strongswan:strongswan</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/strongswan/strongswan-5.5.3.ebuild b/net-vpn/strongswan/strongswan-5.5.3.ebuild new file mode 100644 index 000000000000..7ec9a3ae14f3 --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.5.3.ebuild @@ -0,0 +1,302 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="amd64 arm ppc ~ppc64 x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( virtual/mysql ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound net-libs/ldns )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_prepare() { + epatch_user +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap xauth-eap) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + "$(systemd_with_unitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO || die + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild b/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild new file mode 100644 index 000000000000..dc0518eb40a7 --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild @@ -0,0 +1,303 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( virtual/mysql ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound net-libs/ldns )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_prepare() { + epatch_user +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap xauth-eap) \ + $(use_enable eap eap-dynamic) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + "$(systemd_with_unitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO || die + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/strongswan/strongswan-5.6.0.ebuild b/net-vpn/strongswan/strongswan-5.6.0.ebuild new file mode 100644 index 000000000000..d7477edc1686 --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.6.0.ebuild @@ -0,0 +1,302 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( virtual/mysql ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound net-libs/ldns )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_prepare() { + epatch_user +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap xauth-eap) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + "$(systemd_with_unitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO || die + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/tinc/Manifest b/net-vpn/tinc/Manifest new file mode 100644 index 000000000000..a7a859577d3f --- /dev/null +++ b/net-vpn/tinc/Manifest @@ -0,0 +1,13 @@ +AUX tinc-1.1-fix-paths.patch 1469 SHA256 5635c904e9697d717ebb48ff9a0679cfdc6c489062d681d77ad7a1e350c7fc19 SHA512 55bd0e61a1d10a89d879d5113082f0cdb5ff6bf1d1fb3f618c459eb2658836bf602f72fe27ac03ec78746e300a3a5178db053eef6f08d3cb34b11410dbeb05de WHIRLPOOL 00d7fb075c1d377860bd8c1057e7d18f2ff85f6b4e17240fb06c5ee61ac32c4c74d0bff8ff3f8f0aeb423c39de0d6fae7eb2e423d9edf0460ac7ff06a9460eba +AUX tinc.networks 387 SHA256 7165721abd3706c95973118fbb503e18f9a008da6bdbf21a4ce35ecf7818d5ad SHA512 f7cb459c170898e51176bd92c642335386db90b7bca2abb3f6eb2514546efbd74e5fd2c8845060111dd48a0dd2cc1890717a03315c9b86185047c259cdc27135 WHIRLPOOL bd22edba993aac1aa180110af5636a4cedbd0706625f25fe1673afca4a9eaedb01d28b6ee13737b8376d512ea1633dada1333e8e223f84f1f071fba7c017483b +AUX tincd-r1 1842 SHA256 f3cb2f2e4c5b8588ef48d0e7dda6b99a82f8250b7eb8de7171abf33dbb78dfcd SHA512 1308d097487ef0f1fb1763ca99565edc1026c11159775a5d0c1e41905d8332b7df734460ccea5750a7b6dd5897ecffbe8e95cb721d94ffe5b7855ec4293dc360 WHIRLPOOL 6b789922ecc7530705d14f8b7451706679a1a863afb1ae5e926bd9b5982705fce7bfe04a30686511d4533b59ab542fb01b7fe76d09f07a738aaced2a3f600614 +AUX tincd-r2 1830 SHA256 ea35c58ffd33edf3cf8c682d653e2f6ea8eb62bee5ca2f1c61b04effb352b187 SHA512 59811c3e5241d08ebdfbd539556b7cee0dfaab89727ad503512c98f1a696fae143ecdf2682a652c5d71d077ed254ffe2e1c442b1c305c7e7ea94d9af9a1d385e WHIRLPOOL 6e6fc4fc1bfb1570d274b3b5a82bce99e723ee5def83ea6cca90cc7ddff79584b914d67b2986675ec7473d58ee7e670190401d5211e109fee901a278939a71c5 +AUX tincd.conf 728 SHA256 8f3d5ede142d71adb78455201d2af63523b5844a903b7e62f3b8a49a6bef3989 SHA512 f8d9354af5ebc07420ced98059262751bffef434b61c6333964338f327e2ac01ae676e375954efa794a1bccf8b939c78387b9fb7261f675f1237b0d946b529c9 WHIRLPOOL 0ad259ee175034166f67f31ada592668969850766fdd91a16027f9a2d9447e8b6426090b71ecb20cbc338b99b4d4699585b913573ccfa070d08ae2d1e186a851 +AUX tincd_at.service 197 SHA256 7c4d4309ee14dc3e7a5a51a9b982d5a7693d74210b45a4e35dafc6bcdb022557 SHA512 866f8adbc9c39cc6030e6046e4265a4f6e893960045df15abc0a1865599cf2576ac12468bd1a286df47248ebe2c6b16ba64a60f0ebeeb0212d850a9d7886c98a WHIRLPOOL 521982b219a290b27cd61c186ae6ec399f09c81f8b44924d20b8df7ba4ede8a474d8277cd7178df41c52cc626bff7a95345c606f83840b56ff7962be4f15633a +DIST tinc-1.0.31.tar.gz 494877 SHA256 d3cbc82e6e07975a2ccc0b369d07e30fc3324e71e240dca8781ce9a4f629519b SHA512 ac694d4ceec19bddebd3d5b9f37eb703a4701b93f65a7bbcdbc0b364f2a4f8b116c85748d06ec7821474de5c4d434caf5448109a0846e15c4a96adb92a0fc622 WHIRLPOOL aec84cd59ca80ca806171003447f946073c8f99fd872eaef1e7fea9d423cd4905d554964920be802e0862f5ab8de7d9d7094792c30403af8b62abca12286e2b1 +DIST tinc-1.0.32.tar.gz 496221 SHA256 4db24feaff8db4bbb7edb7a4b8f5f8edc39b26eb5feccc99e8e67a6960c05587 SHA512 1533305a062782ec788bcb59f4cbfac76ed401ccfe57b5cbd9a3fd9b76a238dbd0f612071c24b157fec4dfc409c79b1b4fbf6e176510b321dcdd79174632028c WHIRLPOOL 1d20dd365ea4c774555f809412befe0857fdd574dbbb92b8cf61764973dfaa67ebe95480913c594de663cc91845b3850b9fe541c006725d60c32d6f403cb6be0 +DIST tinc-1.1pre15.tar.gz 704145 SHA256 41dc3e40c5f8be497b779acd6f59ef4572e1430d0d0f0436f2de5cb21a59ef18 SHA512 29b109c84a89204a9fe298e3cfb092169a7c3cbb62e0cabdb7fe8eaa01b03343b7d48bf028525754af1a340781de209e0b9412669c256a30e7226a8a21412c17 WHIRLPOOL f258704dd6f2f4c5fd184a1f38da93a2bd8e655b07cfed47837e57a049c8be4e9b744f1a10b1932d020aab6c7c5bf043a83d7c9529755f5accca445f95355439 +EBUILD tinc-1.0.31.ebuild 1212 SHA256 0a9ac544573a67b8d42012f2e228ebeb2fb09ceb468a4a12c904f14bd44a69ff SHA512 9bb8c6d89dd3b0ecc0d9ab597ebdf1d02b952604426b89701ff0681395a20344b6d12a5b6fb30d47ca0fddb1a8263f7346bfa8d24c3bc62c32575a35f8b5ea3c WHIRLPOOL 79e9abab858f52bb9e45405c667fcb41a71f5696927c27a2b852eb95877595641a4f31a413afb7ec9b3d11b86514a013fe93fc246dcae9a463cb7e8b73ac2ea5 +EBUILD tinc-1.0.32.ebuild 1212 SHA256 0a9ac544573a67b8d42012f2e228ebeb2fb09ceb468a4a12c904f14bd44a69ff SHA512 9bb8c6d89dd3b0ecc0d9ab597ebdf1d02b952604426b89701ff0681395a20344b6d12a5b6fb30d47ca0fddb1a8263f7346bfa8d24c3bc62c32575a35f8b5ea3c WHIRLPOOL 79e9abab858f52bb9e45405c667fcb41a71f5696927c27a2b852eb95877595641a4f31a413afb7ec9b3d11b86514a013fe93fc246dcae9a463cb7e8b73ac2ea5 +EBUILD tinc-1.1_pre15.ebuild 2390 SHA256 adfbf1a777a471010cca616069aca893af7b305d6530567dacf7efb76a1fd178 SHA512 2b38b15c9450ec74e100478e835e6bca83b717bb3d2d434a99fe937e3e16934b8a3556b5b3c16e931e7a065b934eb26ad86c85099f2673e9ca5644ccfcf81c82 WHIRLPOOL 098c50c11663ec57cd8be3b0e29146319ee8a83a8ece8a44d186552a535a30a2157ef7e7e7ebbeb7f1d9178c92653ef49bb9f10c536c6261b954bf3ec36d855d +MISC metadata.xml 803 SHA256 1fef3e6abf294a8824fc8b88776406c6f0da99f7140274478dc113153501cf2a SHA512 23ccfff115ec3553356db3b2a16f436cee60f5471e4a240d032cf48d89a73ef350545bc91b3976b188ad3658ff83d0037ccc00a5f3f5864e2704d4616e1095ac WHIRLPOOL c77d2a29da29040e0c70ef1e706358724431a182e5e576c360e0c1bda0822cfedee933896ed112e13d5ac152b952c97ffc6f520d560b9b83f39e109fc4b25db2 diff --git a/net-vpn/tinc/files/tinc-1.1-fix-paths.patch b/net-vpn/tinc/files/tinc-1.1-fix-paths.patch new file mode 100644 index 000000000000..519677dd5034 --- /dev/null +++ b/net-vpn/tinc/files/tinc-1.1-fix-paths.patch @@ -0,0 +1,44 @@ +diff -Naur tinc-1.1pre14.orig/src/names.c tinc-1.1pre14/src/names.c +--- tinc-1.1pre14.orig/src/names.c 2016-04-17 12:08:41.000000000 -0400 ++++ tinc-1.1pre14/src/names.c 2016-10-15 07:37:51.147064396 -0400 +@@ -86,36 +86,11 @@ + if(!pidfilename) + xasprintf(&pidfilename, "%s" SLASH "pid", confbase); + #else +- bool fallback = false; +- if(daemon) { +- if(access(LOCALSTATEDIR, R_OK | W_OK | X_OK)) +- fallback = true; +- } else { +- char fname[PATH_MAX]; +- snprintf(fname, sizeof fname, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname); +- if(access(fname, R_OK)) { +- snprintf(fname, sizeof fname, "%s" SLASH "pid", confbase); +- if(!access(fname, R_OK)) +- fallback = true; +- } +- } ++ if(!logfilename) ++ xasprintf(&logfilename, "/var/log" SLASH "%s.log", identname); + +- if(!fallback) { +- if(!logfilename) +- xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname); +- +- if(!pidfilename) +- xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname); +- } else { +- if(!logfilename) +- xasprintf(&logfilename, "%s" SLASH "log", confbase); +- +- if(!pidfilename) { +- if(daemon) +- logger(DEBUG_ALWAYS, LOG_WARNING, "Could not access " LOCALSTATEDIR SLASH " (%s), storing pid and socket files in %s" SLASH, strerror(errno), confbase); +- xasprintf(&pidfilename, "%s" SLASH "pid", confbase); +- } +- } ++ if(!pidfilename) ++ xasprintf(&pidfilename, "/run" SLASH "%s.pid", identname); + #endif + + if(!unixsocketname) { diff --git a/net-vpn/tinc/files/tinc.networks b/net-vpn/tinc/files/tinc.networks new file mode 100644 index 000000000000..e1844ce2ba24 --- /dev/null +++ b/net-vpn/tinc/files/tinc.networks @@ -0,0 +1,13 @@ +# file: /etc/conf.d/tinc.networks for /etc/init.d/tincd + +# In this file you define the tinc networks you want to connect to + +# USAGE: +# you add a network to the init script by defining: +# NETWORK: your_network_name +# +# if you want to connect to multiple VPN's just set them behind each other. e.g. +# NETWORK: foo +# NETWORK: bar +# +# this would join the network foo and the network bar. diff --git a/net-vpn/tinc/files/tincd-r1 b/net-vpn/tinc/files/tincd-r1 new file mode 100644 index 000000000000..ecfb24a6a64f --- /dev/null +++ b/net-vpn/tinc/files/tincd-r1 @@ -0,0 +1,78 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" + +NETS="/etc/conf.d/tinc.networks" +DAEMON="/usr/sbin/tincd" + +depend() { + use logger dns + need net +} + +checkconfig() { + if [ "${RC_SVCNAME}" = "tincd" ] ; then + ALL_NETNAME="$(awk '/^ *NETWORK:/ { print $2 }' "${NETS}")" + else + ALL_NETNAME="${RC_SVCNAME#*.}" + fi + # warn this if still not found + if [ -z "${ALL_NETNAME}" ] ; then + eerror "No VPN networks configured in ${NETS}" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + CONFIG="/etc/tinc/${NETNAME}/tinc.conf" + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ ! -f "${CONFIG}" ]; then + eerror "Cannot start network ${NETNAME}." + eerror "Please set up ${CONFIG} !" + else + ebegin "Starting tinc network ${NETNAME}" + if [ "${SYSLOG}" = "yes" ]; then + LOG="" + else + LOG="--logfile=/var/log/tinc.${NETNAME}.log" + fi + start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" --debug="${DEBUG_LEVEL}" ${EXTRA_OPTS} + eend $? + fi + done +} + +stop() { + ebegin "Stopping tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Stopping tinc network ${NETNAME}" + start-stop-daemon --stop --pidfile "${PIDFILE}" + eend $? + fi + done +} + +reload() { + ebegin "Reloading configuration for tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Reloading tinc network ${NETNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? + fi + done +} diff --git a/net-vpn/tinc/files/tincd-r2 b/net-vpn/tinc/files/tincd-r2 new file mode 100644 index 000000000000..55728bec2c78 --- /dev/null +++ b/net-vpn/tinc/files/tincd-r2 @@ -0,0 +1,78 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" + +NETS="/etc/conf.d/tinc.networks" +DAEMON="/usr/sbin/tincd" + +depend() { + use logger dns + need net +} + +checkconfig() { + if [ "${RC_SVCNAME}" = "tincd" ] ; then + ALL_NETNAME="$(awk '/^ *NETWORK:/ { print $2 }' "${NETS}")" + else + ALL_NETNAME="${RC_SVCNAME#*.}" + fi + # warn this if still not found + if [ -z "${ALL_NETNAME}" ] ; then + eerror "No VPN networks configured in ${NETS}" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + CONFIG="/etc/tinc/${NETNAME}/tinc.conf" + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ ! -f "${CONFIG}" ]; then + eerror "Cannot start network ${NETNAME}." + eerror "Please set up ${CONFIG} !" + else + ebegin "Starting tinc network ${NETNAME}" + if [ "${SYSLOG}" = "yes" ]; then + LOG="" + else + LOG="--logfile=/var/log/tinc.${NETNAME}.log" + fi + start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" --debug="${DEBUG_LEVEL}" ${EXTRA_OPTS} + eend $? + fi + done +} + +stop() { + ebegin "Stopping tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Stopping tinc network ${NETNAME}" + start-stop-daemon --stop --pidfile "${PIDFILE}" + eend $? + fi + done +} + +reload() { + ebegin "Reloading configuration for tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Reloading tinc network ${NETNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? + fi + done +} diff --git a/net-vpn/tinc/files/tincd.conf b/net-vpn/tinc/files/tincd.conf new file mode 100644 index 000000000000..cedca60c42ad --- /dev/null +++ b/net-vpn/tinc/files/tincd.conf @@ -0,0 +1,20 @@ +#rc_need="net.net" + +#If you want tincd to log to syslog, then set this to "yes" +#Anything else and tincd will log to /var/log/tinc.NETNAME.log. +SYSLOG="yes" + +#Set debug level, useful for error probe +# 0 Quiet mode, only show starting/stopping of the daemon +# 1 Show (dis)connects of other tinc daemons via TCP +# 2 Show error messages received from other hosts +# 2 Show status messages received from other hosts +# 3 Show the requests that are sent/received +# 4 Show contents of every request that is sent/received +# 5 Show network traffic information +# 6 Show contents of each packet that is being sent/received +# 10 You have been warned +DEBUG_LEVEL="0" + +#Extra Options, if you want addtional customization +EXTRA_OPTS="" diff --git a/net-vpn/tinc/files/tincd_at.service b/net-vpn/tinc/files/tincd_at.service new file mode 100644 index 000000000000..71f358a39d95 --- /dev/null +++ b/net-vpn/tinc/files/tincd_at.service @@ -0,0 +1,10 @@ +[Unit] +Description=Tinc daemon for network %i +After=network.target + +[Service] +ExecStart=/usr/sbin/tincd -D --pidfile /run/tinc.%i.pid -n %i +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tinc/metadata.xml b/net-vpn/tinc/metadata.xml new file mode 100644 index 000000000000..02dd537c6e68 --- /dev/null +++ b/net-vpn/tinc/metadata.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <maintainer type="person"> + <email>dlan@gentoo.org</email> + <name>Yixun Lan</name> + </maintainer> + <longdescription>tinc is an easy to configure VPN implementation.</longdescription> + <use> + <!-- + <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> + --> + <flag name="gui">Add GUI support, using <pkg>dev-python/wxpython</pkg></flag> + <flag name="uml"> Enable support for User Mode Linux Sockets</flag> + <flag name="vde"> Enable Virtual Distributed Ethernet (VDE) based networking</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/tinc/tinc-1.0.31.ebuild b/net-vpn/tinc/tinc-1.0.31.ebuild new file mode 100644 index 000000000000..c8adaa0c7d3e --- /dev/null +++ b/net-vpn/tinc/tinc-1.0.31.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +inherit systemd + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" +SRC_URI="http://www.tinc-vpn.org/packages/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="libressl +lzo uml vde +zlib" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-tunemu \ + $(use_enable lzo) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r1 tincd + systemd_newunit "${FILESDIR}"/tincd_at.service "tincd@.service" +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tinc/tinc-1.0.32.ebuild b/net-vpn/tinc/tinc-1.0.32.ebuild new file mode 100644 index 000000000000..c8adaa0c7d3e --- /dev/null +++ b/net-vpn/tinc/tinc-1.0.32.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +inherit systemd + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" +SRC_URI="http://www.tinc-vpn.org/packages/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="libressl +lzo uml vde +zlib" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-tunemu \ + $(use_enable lzo) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r1 tincd + systemd_newunit "${FILESDIR}"/tincd_at.service "tincd@.service" +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tinc/tinc-1.1_pre15.ebuild b/net-vpn/tinc/tinc-1.1_pre15.ebuild new file mode 100644 index 000000000000..72c60c83b61f --- /dev/null +++ b/net-vpn/tinc/tinc-1.1_pre15.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +MY_PV=${PV/_/} +MY_P=${PN}-${MY_PV} + +PYTHON_COMPAT=( python2_7 ) + +inherit eutils multilib python-single-r1 + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" + +# UPSTREAM_VER=1 + +[[ -n ${UPSTREAM_VER} ]] && \ + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-1.1-upstream-patches-${UPSTREAM_VER}.tar.xz" + +SRC_URI="http://www.tinc-vpn.org/packages/${MY_P}.tar.gz + ${UPSTREAM_PATCHSET_URI}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="+lzo +ncurses gui libressl +readline +ssl uml vde upnp +zlib" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +DEPEND=" + ${PYTHON_DEPS} + gui? ( dev-python/wxpython:3.0[${PYTHON_USEDEP}] ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + lzo? ( dev-libs/lzo:2 ) + ncurses? ( sys-libs/ncurses:= ) + readline? ( sys-libs/readline:= ) + upnp? ( net-libs/miniupnpc ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + # Upstream's patchset + if [[ -n ${UPSTREAM_VER} ]]; then + einfo "Try to apply Tinc Upstream patch set" + EPATCH_SUFFIX="patch" \ + EPATCH_FORCE="yes" \ + EPATCH_OPTS="-p1" \ + epatch "${WORKDIR}"/patches-upstream + fi + + eapply "${FILESDIR}"/tinc-1.1-fix-paths.patch #560528 + eapply_user +} + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-silent-rules \ + --enable-legacy-protocol \ + --disable-tunemu \ + --with-systemd=/usr/$(get_libdir)/systemd/system \ + $(use_enable lzo) \ + $(use_enable ncurses curses) \ + $(use_enable readline) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) \ + $(use_enable upnp miniupnpc) \ + $(use_with ssl openssl) + #--without-libgcrypt \ +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r2 tincd + + if use gui; then + python_fix_shebang "${ED}"/usr/bin/tinc-gui + else + rm -f "${ED}"/usr/bin/tinc-gui || die + fi +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest new file mode 100644 index 000000000000..0e3b03c6d64a --- /dev/null +++ b/net-vpn/tor/Manifest @@ -0,0 +1,16 @@ +AUX README.gentoo 316 SHA256 bd1a5d6a0973d89d3c89e52d1046c202f52d59aa45ca60d2ee33551ac77de1b9 SHA512 6ca305c710562c0f9a3f0cba07760adf300ea166c8baa47e8872719190d779fb63d4dd6c9193fb60ddb51015138790aaa93935668423e0f861f05496d22ce660 WHIRLPOOL da7f4eaaccab8172dba2f8d264dc6d010b98fdb70ed60eff71175a24b423df3101c8a93d162b309b0a51441ca9b01dcf7257bbecc8fa83f1903a0577d28a47d6 +AUX tor-0.2.7.4-torrc.sample.patch 1345 SHA256 a4c668ac3d55f83896b496d47732b0aeec9109d9ec5821974846594ccf4fedf3 SHA512 7b49338ec86ed30d69b0d3b77bf45507139267a4e12c9810277a253287510d388a6d4026601552396ad76712c5d2970aa9f47d3ede9d16d82d5b68db8e0fff6a WHIRLPOOL c93efb3691501d673f10ea55b15640b509a62fa1b59adaa7f2f964a1f569b5346a208262e3aeaad31f11de035d559c513355676d87fdefec250cb00367c9f7c2 +AUX tor.conf 62 SHA256 809f5f09758c1eec5fd3cef94536ec83358dc380f3ece0bc4890b1c2e49f9293 SHA512 e81517218bc036b42559f2dee5b09ff8873d7944bdf8375b6721a842990a29a21da1a524fb6b8e912da57f3cc6d3330663d78be3458833fc77692ce30386fbbc WHIRLPOOL 88aea378baeeafb7a6b95de011fff58da40d9894245e3b001320cfeab176453ef5736e02805b09da2d28193beb2c14fe4b4e6bbd4bf90ed1a23e402eab1227ce +AUX tor.confd 44 SHA256 41d780f291847e19f632428bbf27c3f289414afd237546d2974da1b75384c25c SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660 WHIRLPOOL d3060208cf59c2de5839e7358fae37db883899f715a7411c7ba4c9e09926b6098aca7bfcaa269ea51b47b9f197ccd509f0c1e19909a87b1e087a88b30915a1cf +AUX tor.initd-r8 953 SHA256 b637006715ab1cb0b321dc9e703b1dcaf61878c13134669eabebe4b422da96d3 SHA512 4b690a721311a310131041ab962c571f1898f884f55fedf91b842e5190ce58399cccf59d34b4716d5dc15df4183f994d84c7c39f8458cb5f5da870ddc2db1730 WHIRLPOOL a9dd8be6db75e733bc49f6673d10672240303c80a63ec98193c4b43d54f2a42f24e388a04412d38c209d97f24cf7483dd46d530ad8592e8ee8ddf6fb7c6848ee +AUX tor.service 479 SHA256 647572301c444896c6958af4481f443e39f7232f0ad919e4a154a27733aae709 SHA512 5eab6d99bc9210546b750596e6b660904a098868a07d4df41e14e39586a12965cbed94e7bda2bf315472fd40b4df4f68f1a8393c12e085524b80e02e26de9c14 WHIRLPOOL bf23275b4a847e5a806d7052b17ac9bbbc6c16e23a9add351bc6f7ee3afde844914ed0505fcadd3b15bcf2519fc7a352cb09d2e46cebec19b88ba7ece3c3835d +AUX torrc-r1 140 SHA256 6766943a69e4784d02f173b5d74b8eb9345f878ef4eb36edab34bbf649ef2738 SHA512 6e3c481b34f2cb6f48bf87fe10565daded00415cc233332d43e18206d46eb7b32f92c55035584b5992e7a056e79e862124a573a9724f7762f76d4c4f0824de82 WHIRLPOOL 14a0e40219457b3ea26113fca561db338fb7324c20fee3b30287315974975001fab3cd3272932a1325e8dc9a227e0242bedf9fb424e2c5db755112f3fdeb815d +DIST tor-0.3.0.10.tar.gz 5845205 SHA256 9a8e6e49a1688dae64dca10f84a414ec9a4f393fb2256ae28e0c2e3239185ab1 SHA512 e39d56afb6a10194303483552f28f07e5d7b7c5d470de554d92723c8d3c0d5d5a98fc44d23aa9d51bfda51e7d7cbb48fc4d1e3ac82150aeb4ce3e1616695225a WHIRLPOOL 21a2fa2337a3e06a03413a38a593984e384fa4b56c77f7bf7674d5ffa82b158d7a6433349b974e4c0ce2146bc99a5ea332980eb21a8428057f575ac5b2a3db8c +DIST tor-0.3.0.11.tar.gz 5875170 SHA256 2a5c07140ed1b4692e6b5aa21e6ce56c6eb0baf86371d85a6c9e809ee7ec50c2 SHA512 af14e3dd4980803dc21537eee1a4b13360e13b3ba9fbaa18b0757746deced8cdb296a90d52cf0fbc883e81ddb034c8c08ed77808459c2e2a2f13f834b9b8afca WHIRLPOOL 4e4af96d8da6dae0a9aeebc1bfba9f35aad915dc23623f95c3797a2b0035281c3cb8f57fdfd46e62bdbbce4f5ee7ab1a46e0d041f47b18abb8c2a65a544f10c5 +DIST tor-0.3.1.7.tar.gz 6058284 SHA256 1df5dd4894bb2f5e0dc96c466955146353cf33ac50cd997cfc1b28ea3ed9c08f SHA512 a835526984187fad88cffc39ea8f6a4b61d5f8d2579b5a66425612607a22ff82e0f9da96e029e134e04d25ae0f59a1b4f771e9e8c19ebb563e1a0f5b3a3849e4 WHIRLPOOL 83aaf33aeaa41d165fd11937fea30fe9cd5a7191aa2a0d801b0dcb2533f6beaefa2fc47356127310d84e7eaf9990e0d264992726416b5129272bdce8cfb75714 +DIST tor-0.3.2.2-alpha.tar.gz 6257177 SHA256 948f82246370eadf2d52a5d1797fa8966e5238d28de5ec69120407f22d59e774 SHA512 07c8937115df16bf67c765e66920ea11ba222caa70897ab3a96db55f415a3d7bbc88acc3385ac4195a61ba902ae1ca86d8ddfaca652b44bfada5949f9620a665 WHIRLPOOL 65bac7bc9ccace3ab223b6011a404eccc730e7750e553362160ea9a8fe7cf6aabbe98afe33fe43c69af9de827812eb2f071366fd72e90260ce058653f6121784 +EBUILD tor-0.3.0.10.ebuild 1837 SHA256 844d165beced6f252ef18aec5a6d94daf00891d91d2562df8e25f4d52bc56467 SHA512 33826b8bfbafcacd58bd471ef7f6c23de461632cf6e3e1f6903755115c1952f90202045694b5fdf5dad6ca1f30359a95630ff3494382d8ce108aed611ec806e4 WHIRLPOOL e32dc9cb25853ca0bfb99caa88ed071a4257a04ec138e80622cb076d5ef53148c5bb7f58868a2c570afc0c512e7435245f488e2302d0008fd56e35ebc28c0504 +EBUILD tor-0.3.0.11.ebuild 1842 SHA256 c20b8200b67e8a355ffd33e6488881bc4206bb27ff8e6d5a131bec032537bf6a SHA512 3b7200a2ec7588b31e471785ef6699b38ed3ffba38b3c0322354b78f4d6401023cd9b5940cd8627800d66ba157729c8424b6d9cad224ab40eec737648bf4c629 WHIRLPOOL 837383956471040f4d979325c70ee93b9aa9afa04367f07e66d73f9500793be7ee9b6967d4c62a7303a3500f753f3314b24c4a0473a707b012f6b46299d8fbc0 +EBUILD tor-0.3.1.7.ebuild 2041 SHA256 47cdae19e73ad5241bc591fa4f3dfdef1363fb04c7db7d1de780a3104688f83d SHA512 e469dbd7ea61ce6f6d8ff78d54eb122ec26e8055e14a1ccd2e6515e1618e493a45169ea6a068f4b684ddbb851ad008bebb17403cecad8294f243e711ef0466a1 WHIRLPOOL 5d73bf6e5355f11ab07b55b313c174922829cadad27130de852e9478384d613325dd5e91248459bedef31f2b5c091b8ae25c8d6f0e2333e872875f372b97ad5b +EBUILD tor-0.3.2.2_alpha.ebuild 2042 SHA256 eb1ef06945a972812a5bb980c55500c5899c0b1ce9371539f0503f8d96cab828 SHA512 74e764c2eba7080ce341ed83a662b01d0cfc36f8966e37fb3e3b424f8c44b736db7f359386251ca8167d2958318f67d2eda2e1e4065a365f8723a3cf8752a1cf WHIRLPOOL 9456854515bd06434d6f4290e30ea4267da05930715b5e9525120ba306f768029341b3f804f20144e30c1a1f8f197a0297fec7c54854a9c558af99fcff5b1f92 +MISC metadata.xml 594 SHA256 43de427c78833193e0154a8072d904ab5b67bf7b1a664eb4ebb0081d51c9ceec SHA512 011f77654a507d13c0542e6983df8ec86c5f2cff7cd1408f99c9d4da9d00ffb4b432317b2fd21500e62131e6f7c9bc60235cf55f2b8082391b9fe3bcf924ab2b WHIRLPOOL 71b3006ef28544f47988f65ec05a1954b8c5d1ce5425e943db87fb69273e18bbc7894dc96e8398823dd0b9a092fded0b89892fca7d775c1382ee5d91853c165c diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo new file mode 100644 index 000000000000..35214ac6fbb5 --- /dev/null +++ b/net-vpn/tor/files/README.gentoo @@ -0,0 +1,8 @@ +We created a configuration file for tor, /etc/tor/torrc, but you can +change it according to your needs. Use the torrc.sample that is in +that directory as a guide. Also, to have privoxy work with tor +just add the following line + +forward-socks4a / localhost:9050 . + +to /etc/privoxy/config. Notice the . at the end! diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch new file mode 100644 index 000000000000..92eb03bb18ea --- /dev/null +++ b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch @@ -0,0 +1,31 @@ +diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in +--- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400 ++++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400 +@@ -12,6 +12,11 @@ + ## Tor will look for this file in various places based on your platform: + ## https://www.torproject.org/docs/faq#torrc + ++## Default username and group the server will run as ++User tor ++ ++PIDFile /var/run/tor/tor.pid ++ + ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't + ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only + ## as a relay, and not make any local application connections yourself. +@@ -42,6 +47,7 @@ + #Log notice syslog + ## To send all messages to stderr: + #Log debug stderr ++Log warn syslog + + ## Uncomment this to start the process in the background... or use + ## --runasdaemon 1 on the command line. This is ignored on Windows; +@@ -51,6 +57,7 @@ + ## The directory for keeping all the keys/etc. By default, we store + ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. + #DataDirectory @LOCALSTATEDIR@/lib/tor ++DataDirectory /var/lib/tor/data + + ## The port on which Tor will listen for local connections from Tor + ## controller applications, as documented in control-spec.txt. diff --git a/net-vpn/tor/files/tor.conf b/net-vpn/tor/files/tor.conf new file mode 100644 index 000000000000..188c041e5442 --- /dev/null +++ b/net-vpn/tor/files/tor.conf @@ -0,0 +1 @@ +d /var/run/tor 0775 tor tor - - diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd new file mode 100644 index 000000000000..4195bf3237b2 --- /dev/null +++ b/net-vpn/tor/files/tor.confd @@ -0,0 +1,3 @@ +# +# Set the file limit +rc_ulimit="-n 30000" diff --git a/net-vpn/tor/files/tor.initd-r8 b/net-vpn/tor/files/tor.initd-r8 new file mode 100644 index 000000000000..de9b66eb555b --- /dev/null +++ b/net-vpn/tor/files/tor.initd-r8 @@ -0,0 +1,37 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command=/usr/bin/tor +pidfile=/var/run/tor/tor.pid +command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\"" +retry=${GRACEFUL_TIMEOUT:-60} +stopsig=INT +command_progress=yes + +extra_commands="checkconfig" +extra_started_commands="reload" +description="Anonymizing overlay network for TCP" +description_checkconfig="Check for valid config file" +description_reload="Reload the configuration" + +checkconfig() { + ${command} --verify-config --hush > /dev/null 2>&1 + if [ $? -ne 0 ] ; then + eerror "Tor configuration (/etc/tor/torrc) is not valid." + eerror "Example is in /etc/tor/torrc.sample" + return 1 + fi +} + +start_pre() { + checkconfig || return 1 + checkpath -d -m 0755 -o tor:tor /var/run/tor +} + +reload() { + checkconfig || return 1 + ebegin "Reloading Tor configuration" + start-stop-daemon -s HUP --pidfile ${pidfile} + eend $? +} diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service new file mode 100644 index 000000000000..8fcc6740ed91 --- /dev/null +++ b/net-vpn/tor/files/tor.service @@ -0,0 +1,21 @@ +[Unit] +Description=The Onion Router + +[Service] +ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc +ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc +ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT +TimeoutStopSec=32 +LimitNOFILE=30000 + +# Hardening options: +CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE +PrivateTmp = yes +PrivateDevices = yes +ProtectHome = yes +ProtectSystem = full +NoNewPrivileges = yes + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tor/files/torrc-r1 b/net-vpn/tor/files/torrc-r1 new file mode 100644 index 000000000000..322a794aa1d5 --- /dev/null +++ b/net-vpn/tor/files/torrc-r1 @@ -0,0 +1,7 @@ +# +# Minimal torrc so tor will work out of the box +# +User tor +PIDFile /var/run/tor/tor.pid +Log notice syslog +DataDirectory /var/lib/tor/data diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml new file mode 100644 index 000000000000..00b3de70ab61 --- /dev/null +++ b/net-vpn/tor/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <use> + <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag> + <flag name="tor-hardening">Compile tor with hardening on vanilla compilers/linkers</flag> + <flag name="zstd">Use <pkg>app-arch/zstd</pkg> for compression</flag> + <flag name="web">Build a tor2web service instead of a tor client</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/tor/tor-0.3.0.10.ebuild b/net-vpn/tor/tor-0.3.0.10.ebuild new file mode 100644 index 000000000000..e6148d5d5b4a --- /dev/null +++ b/net-vpn/tor/tor-0.3.0.10.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic readme.gentoo-r1 systemd versionator user + +MY_PV="$(replace_version_separator 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/" +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz" +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~mips ppc ppc64 ~sparc x86 ~ppc-macos" +IUSE="libressl scrypt seccomp selinux systemd tor-hardening test web" + +DEPEND=" + app-text/asciidoc + dev-libs/libevent[ssl] + sys-libs/zlib + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) + +pkg_setup() { + enewgroup tor + enewuser tor -1 -1 /var/lib/tor tor +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}/var" \ + --enable-system-torrc \ + --enable-asciidoc \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable web tor2web-mode) \ + $(use_enable test unittests) \ + $(use_enable test coverage) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r8 tor + systemd_dounit contrib/dist/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r1 torrc +} diff --git a/net-vpn/tor/tor-0.3.0.11.ebuild b/net-vpn/tor/tor-0.3.0.11.ebuild new file mode 100644 index 000000000000..b103e82a8aed --- /dev/null +++ b/net-vpn/tor/tor-0.3.0.11.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic readme.gentoo-r1 systemd versionator user + +MY_PV="$(replace_version_separator 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/" +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz" +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos" +IUSE="libressl scrypt seccomp selinux systemd tor-hardening test web" + +DEPEND=" + app-text/asciidoc + dev-libs/libevent[ssl] + sys-libs/zlib + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) + +pkg_setup() { + enewgroup tor + enewuser tor -1 -1 /var/lib/tor tor +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}/var" \ + --enable-system-torrc \ + --enable-asciidoc \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable web tor2web-mode) \ + $(use_enable test unittests) \ + $(use_enable test coverage) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r8 tor + systemd_dounit contrib/dist/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r1 torrc +} diff --git a/net-vpn/tor/tor-0.3.1.7.ebuild b/net-vpn/tor/tor-0.3.1.7.ebuild new file mode 100644 index 000000000000..951f4688d2c2 --- /dev/null +++ b/net-vpn/tor/tor-0.3.1.7.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic readme.gentoo-r1 systemd versionator user + +MY_PV="$(replace_version_separator 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/" +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz" +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +# We need to keyword app-arch/zstd +#KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 x86 ~ppc-macos" +IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd" + +DEPEND=" + app-text/asciidoc + dev-libs/libevent[ssl] + sys-libs/zlib + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) + +pkg_setup() { + enewgroup tor + enewuser tor -1 -1 /var/lib/tor tor +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}/var" \ + --enable-system-torrc \ + --enable-asciidoc \ + --disable-libfuzzer \ + --disable-rust \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable web tor2web-mode) \ + $(use_enable test unittests) \ + $(use_enable test coverage) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r8 tor + systemd_dounit contrib/dist/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r1 torrc +} diff --git a/net-vpn/tor/tor-0.3.2.2_alpha.ebuild b/net-vpn/tor/tor-0.3.2.2_alpha.ebuild new file mode 100644 index 000000000000..2e54066d6ba5 --- /dev/null +++ b/net-vpn/tor/tor-0.3.2.2_alpha.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic readme.gentoo-r1 systemd versionator user + +MY_PV="$(replace_version_separator 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/" +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz" +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +# We need to keyword app-arch/zstd +#KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd" + +DEPEND=" + app-text/asciidoc + dev-libs/libevent[ssl] + sys-libs/zlib + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) + +pkg_setup() { + enewgroup tor + enewuser tor -1 -1 /var/lib/tor tor +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}/var" \ + --enable-system-torrc \ + --enable-asciidoc \ + --disable-libfuzzer \ + --disable-rust \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable web tor2web-mode) \ + $(use_enable test unittests) \ + $(use_enable test coverage) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r8 tor + systemd_dounit contrib/dist/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r1 torrc +} diff --git a/net-vpn/vpnc/Manifest b/net-vpn/vpnc/Manifest new file mode 100644 index 000000000000..a38245df6271 --- /dev/null +++ b/net-vpn/vpnc/Manifest @@ -0,0 +1,7 @@ +AUX vpnc-3.init 2197 SHA256 28beead453a87aeab04e39b290df12498bce02f59d88244fe003d37d34806498 SHA512 d05a362606f314c0c275b2354308431c9aa53d8c83172fa86d34c28573f0ea527b1aa9e2dcb8341f212600bd3a50ba8ea3038a05b494ac008297b03e528abd97 WHIRLPOOL 22ed36181612b29817c16e454b59c67d909a818b41751b4e2d93894e5bf1388eaa0ce952f7cac0d9f5a9834624781b9ae473a3c50de3619e2cc9ef4ba6054f8f +AUX vpnc-tmpfiles.conf 29 SHA256 6d235ab7174f9b4db4086e39bf7b2f273cfb55a736d20d2ada5664a9be161c80 SHA512 21635c67b89ca04880eca6c53e47b2b4ed27f992415d466d27a634af3393b1aa7a75cf09b8ad1a6a80cd2f93c508eb8cc6876ae20bfe3a1c66b7cd09f1e7661d WHIRLPOOL e6b08d375d8b35f4b8454cea018fa739cbd67b8392a19f1b23f18952b858ffa72a412c13e70079f8c75c02b943fd4623ee0a017a8fb80dd351d2fa2958877f97 +AUX vpnc.confd 123 SHA256 89a14f4d11b7fb156dd823e5d2c15edd0d5ca649bd16460ef6350cfe728b4a88 SHA512 1254f687dcd9822becfcccabbb34d8343d715d70247dbf4b5e018835fff24b33f5272368f77199d697c8d11d913182b1f756d5e08a46b2057849779f09b19633 WHIRLPOOL 69844dee15865aa62d4bf67761be847fe9df8a48b0eefc29dbc204f43b2b000ceb69bc71a325f4dbebfcbff974bd29e49f88a27b1b964c2072d257588e29da95 +AUX vpnc.service 517 SHA256 51ee186919591f490a92aa16524317f775d7b0b0a794e58ff75f0f58f5179421 SHA512 d580ad4fadbe6ea733f42eda53516e1766ba028f610653c62ba211d4a9ee05a6bf1d8676405a7a3ffede3432d75f9c4dcc72d1fab2a9215150f41a74269850c5 WHIRLPOOL ba3c121e1bdc77c9d05f7bd6c56c6dc866e12b95ce90841ffd26d419d0759a15e2fc4855585d30b8fff8edc541cea9b52897bef3e1007ebe8a9c80d63a5eccff +DIST vpnc-0.5.3_p550.tar.xz 101860 SHA256 5d7582eb3d7ead3cb0732a404ce10f471a65c48d0bb4cb2dd5c525273bf0f4b5 SHA512 95150c743c61a962c36591bb874c77f2c28f341c0a1290dba4e878a460d22d762dd88f7cfc0aa9d17ace71a8b826d9fd13554c23b5123dee6009e9fffcd2de55 WHIRLPOOL 8194e0dcf2c0bd1910b4b110dd475024d5cc351d86dec58b33811c37f9bcbc2702c4fede861a6318c54dfb7d19ff2d2265da86d573181a02f433e131184b9bd3 +EBUILD vpnc-0.5.3_p550.ebuild 2207 SHA256 55cba96becb76784951a78151c8891981a10fc7581857aece4eb2657f1c5e6c6 SHA512 9e577e0e35ef3a9f7d000b0e77883232078d7edc2943b7ad6ad55d18c5882a1ef647ebb67f4cfd80aa71bf92c738bdf85d4abeff5854289a85351a09d9aeaea9 WHIRLPOOL a34dc503c031444aa843a9633bdd7390fef018ebc6c75646ece2d38e120250023771bde62f498a3fa154263864974f526ba589a406dbe53d7ec9e3fada6c941c +MISC metadata.xml 619 SHA256 f6a28e6112785d735f50e51e38aafa8854db2d4eac9c78a0bba64f42f0315db3 SHA512 42ea3785e2491f38f726d54e7e02fce1722eea39899175c873c138ee7d4aa23a9366678a88f044851a45b4ecc394738bfa44e5bb3850dd1fdb2c9780ae929432 WHIRLPOOL 48af748bd3af5afd8dbccfa7fe0fe353f1e1b5b5b2f8e6858f0044e06b1fef0bf0b0869a5c6e747cf8c3bedf42a666303d5cd7c937253bc6fab2724cc7388f26 diff --git a/net-vpn/vpnc/files/vpnc-3.init b/net-vpn/vpnc/files/vpnc-3.init new file mode 100644 index 000000000000..f76538f1630e --- /dev/null +++ b/net-vpn/vpnc/files/vpnc-3.init @@ -0,0 +1,102 @@ +#!/sbin/openrc-run + +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR="/etc/vpnc" +VPN="${SVCNAME#*.}" +if [ -n ${VPN} ] && [ ${SVCNAME} != "vpnc" ]; then + mkdir -p /var/run/vpnc + VPNPID="/var/run/vpnc/${VPN}.pid" +else + VPNPID="/var/run/vpnc.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" +VPNSCRIPTDIR="${VPNDIR}/scripts.d" +PREUPSCRIPT="${VPNSCRIPTDIR}/${VPN}-preup.sh" +PREDOWNSCRIPT="${VPNSCRIPTDIR}/${VPN}-predown.sh" +POSTUPSCRIPT="${VPNSCRIPTDIR}/${VPN}-postup.sh" +POSTDOWNSCRIPT="${VPNSCRIPTDIR}/${VPN}-postdown.sh" +# We should source this file to avoid problems when init script +# name differs from the default name +. /etc/conf.d/vpnc + +depend() { + need net + before netmount +} + +checktundevice() { + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi +} + +screenoutput() { + if [ "${VPNCOUTPUT}" = "yes" ]; then + export SCREEN_OUTPUT="/dev/stdout" + else + export SCREEN_OUTPUT="/dev/null" + fi +} + +start() { + ebegin "Starting VPNC: ${VPN}" + + checktundevice || return 1 + screenoutput + + if [ ! -e "${VPNCONF}" ]; then + eend 1 "${VPNCONF} does not exist" + return 1 + fi + + local args="" + + if [ -x "${PREUPSCRIPT}" ] ; then + "${PREUPSCRIPT}" > ${SCREEN_OUTPUT} + fi + + start-stop-daemon --start --pidfile "${VPNPID}" --exec /usr/sbin/vpnc \ + -- --pid-file "${VPNPID}" "${VPNCONF}" > ${SCREEN_OUTPUT} + local retval=$? + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + if [ -x "${POSTUPSCRIPT}" ] ; then + "${POSTUPSCRIPT}" > ${SCREEN_OUTPUT} + fi + eend $? +} + +stop() { + ebegin "Stopping VPNC: ${VPN}" + screenoutput + if [ -x "${PREDOWNSCRIPT}" ] ; then + "${PREDOWNSCRIPT}" > ${SCREEN_OUTPUT} + fi + + start-stop-daemon --stop --pidfile "${VPNPID}" + local retval=$? + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + + if [ -x "${POSTDOWNSCRIPT}" ] ; then + "${POSTDOWNSCRIPT}" > ${SCREEN_OUTPUT} + fi + eend $? +} diff --git a/net-vpn/vpnc/files/vpnc-tmpfiles.conf b/net-vpn/vpnc/files/vpnc-tmpfiles.conf new file mode 100644 index 000000000000..67224ac3ef2d --- /dev/null +++ b/net-vpn/vpnc/files/vpnc-tmpfiles.conf @@ -0,0 +1 @@ +D /run/vpnc 0755 root root - diff --git a/net-vpn/vpnc/files/vpnc.confd b/net-vpn/vpnc/files/vpnc.confd new file mode 100644 index 000000000000..62789bd407ec --- /dev/null +++ b/net-vpn/vpnc/files/vpnc.confd @@ -0,0 +1,4 @@ +# If you wish to see the output made by vpnc, for example the password +# prompt, set this variable to yes + +VPNCOUTPUT="no" diff --git a/net-vpn/vpnc/files/vpnc.service b/net-vpn/vpnc/files/vpnc.service new file mode 100644 index 000000000000..ce1e3683f4ec --- /dev/null +++ b/net-vpn/vpnc/files/vpnc.service @@ -0,0 +1,20 @@ +[Unit] +Description=Free Cisco VPN connection to %i +Documentation=man:vpnc(8) http://www.unix-ag.uni-kl.de/~massar/vpnc/ +Requires=network.target +After=network.target +ConditionPathExists=/dev/net/tun + +[Service] +Type=forking +EnvironmentFile=/etc/vpnc/%i.conf +PIDFile=/run/vpnc/%i.pid + +ExecStartPre=-/etc/vpnc/scripts.d/%i-preup.sh +ExecStart=/usr/sbin/vpnc --pid-file /run/vpnc/%i.pid +ExecStartPost=-/etc/vpnc/scripts.d/%i-postup.sh + +ExecStopPost=-/etc/vpnc/scripts.d/%i-postdown.sh + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/vpnc/metadata.xml b/net-vpn/vpnc/metadata.xml new file mode 100644 index 000000000000..2bec55dcc3ff --- /dev/null +++ b/net-vpn/vpnc/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>lorand.jakab@schweiz.ch</email> + <name>Lorand Jakab</name> + </maintainer> + <maintainer type="person"> + <email>mmokrejs@gmail.com</email> + <name>Martin Mokrejs</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="resolvconf">Enable support for DNS managing framework <pkg>net-dns/openresolv</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild new file mode 100644 index 000000000000..3962719c2904 --- /dev/null +++ b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils linux-info systemd toolchain-funcs + +DESCRIPTION="Free client for Cisco VPN routing software" +HOMEPAGE="http://www.unix-ag.uni-kl.de/~massar/vpnc/" +SRC_URI="https://dev.gentoo.org/~jlec/distfiles/${P}.tar.xz" + +LICENSE="GPL-2 BSD" +SLOT="0" +KEYWORDS="amd64 arm ~arm64 ppc ppc64 sparc x86" +IUSE="resolvconf +gnutls selinux" + +DEPEND=" + dev-lang/perl + dev-libs/libgcrypt:0= + >=sys-apps/iproute2-2.6.19.20061214[-minimal] + gnutls? ( net-libs/gnutls ) + !gnutls? ( dev-libs/openssl:0= )" +RDEPEND="${DEPEND} + resolvconf? ( net-dns/openresolv ) + selinux? ( sec-policy/selinux-vpn ) +" + +RESTRICT="!gnutls? ( bindist )" + +CONFIG_CHECK="~TUN" + +src_prepare() { + if use gnutls; then + elog "Will build with GnuTLS (default) instead of OpenSSL so you may even redistribute binaries." + elog "See the Makefile itself and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440318" + else + sed -i -e '/^#OPENSSL_GPL_VIOLATION/s:#::g' "${S}"/Makefile || die + ewarn "Building SSL support with OpenSSL instead of GnuTLS. This means that" + ewarn "you are not allowed to re-distibute the binaries due to conflicts between BSD license and GPL," + ewarn "see the vpnc Makefile and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440318" + fi + + sed -e 's:test/cert0.pem::g' -i Makefile || die + + tc-export CC + + sed \ + -e 's:/var/run:/run:g' \ + -i ChangeLog config.c TODO || die +} + +src_install() { + emake PREFIX="/usr" DESTDIR="${D}" install + dodoc README TODO VERSION + keepdir /etc/vpnc/scripts.d + newinitd "${FILESDIR}/vpnc-3.init" vpnc + newconfd "${FILESDIR}/vpnc.confd" vpnc + sed -e "s:/usr/local:/usr:" -i "${ED}"/etc/vpnc/vpnc-script || die + + systemd_dotmpfilesd "${FILESDIR}"/vpnc-tmpfiles.conf + systemd_newunit "${FILESDIR}"/vpnc.service vpnc@.service + + # COPYING file resides here, should not be installed + rm -rf "${ED}"/usr/share/doc/vpnc/ || die +} + +pkg_postinst() { + elog "You can generate a configuration file from the original Cisco profiles of your" + elog "connection by using /usr/bin/pcf2vpnc to convert the .pcf file" + elog "A guide is available at https://wiki.gentoo.org/wiki/Vpnc" +} diff --git a/net-vpn/vpncwatch/Manifest b/net-vpn/vpncwatch/Manifest new file mode 100644 index 000000000000..bad0cea981fc --- /dev/null +++ b/net-vpn/vpncwatch/Manifest @@ -0,0 +1,7 @@ +AUX vpncwatch-1.8-Makefile.patch 586 SHA256 34a712318bfc91264464d900ad09f8b095d0281d0b3551dc31db6ef9b3edb50f SHA512 7d342755f5021a239de7564e4105bf4b1937f1ad5dc4b379b2fc487d70698e887100114dc7df5de0ba59427d7b875e484e91c9a7ef6100a4ac7711b9f568e3d7 WHIRLPOOL a5531a13b2e1662c5fe76784870fcea98bb1e25eee962f1e19cb37d32f5d438951b96616693af4c0e7b40a1839832fdeb4f939cdf041c1f82d93137b54437582 +AUX vpncwatch-1.8.1-Makefile.patch 588 SHA256 cf9c8cf6f4e3a5c7780c1880a5c5b7b8bf98cbcc1d74a6aec5a5ef2e411311c6 SHA512 2ff3521d270b416bf293665a3d82b70b05dee3f63cd7023dc41887751046d0388cd5149e81235aa9b151924848507566ad59f3a0709dd381390721d86b9bee25 WHIRLPOOL 90bbc830190e21f58e93ea70b44f76041510ca9bfda9946370711729faf8b4526ee1c9948f0ba4027e0a650dcb1629db2b4b55748b61672afe2676c19f704150 +DIST vpncwatch-1.8.1.tar.gz 17420 SHA256 fb69cfc17abacc1c1ccb56f42ebdf5fafe20f7971eb917a90863daed69b72562 SHA512 f5f5f68e2644ee3748a811505025155e77a7d3e345ddfc2f847674aa5d7e9e8be86d10708aeefc521ac747744e4f7edc3853ff230022aee7b098e8d0a35db5c2 WHIRLPOOL 3e5edd96d791aeb57a8ac96542fe200acd6d4d0fcff33b9576636bbccab957e5f168cd27fe52a61afce8cc5a55b940e22471243023d78e1e6c637883f31fc0ac +DIST vpncwatch-1.8.tar.gz 16356 SHA256 bc5ea19ef4020ed7ecdff3a7c4bdf981590c1a7c62e1c92170e8360782a89626 SHA512 33771af327995be170e98169e4f5594a8298a613b865f1fb3157b0bccb8218e81a4bb26c7d9783d2f7d0963dafa04d21100889c5c710166b4a1e1487f945dceb WHIRLPOOL de524723042357674520c68034c9ecaadbfac94b299c42401565ea284bbc5f794bdd38f2c5a9bda1ed5ed1102febbf191ff325f3ec6b18103612ca67846c6014 +EBUILD vpncwatch-1.8.1.ebuild 547 SHA256 0278111c69e6ad17aa1ff72806fd984f6e4be9c6e4e0941c183db06de7ef5d47 SHA512 7bf558be56841bb3502d20f3b7631a46e9cdbb12c298f18faa89bc6bca38a5d35a5e0a95973a061a8cd37a5970885fafa655bb8f5e9d09caa430d3296005e28d WHIRLPOOL 3453898ea43a6ab115818dd398a4067d132bc5dde3d51a470ffa52053e7b57ea858e3ec75e6179b48bc11fbd67bc2bafafd6e9012992f734157505de5869eaf4 +EBUILD vpncwatch-1.8.ebuild 549 SHA256 5ee9d489493a1575dbc77b783ad0f39964456e63da66943b676da6247bd37fe4 SHA512 584541c62ab0dfd0dd3a5cb9968d90169a03cef07520d611de148edd0dcb1190a7cce281e5881469b82565f296865afd01d7016254d60585338fc4c47f0bd937 WHIRLPOOL 268dac38db420c53d9236cf394acb4f9a57f66e2fa702b31d84074db5c29f4aa8b23d0473c0ef5b46b5832f61528e9fac8328fe8dd37129fbc39a3ffa56c8197 +MISC metadata.xml 307 SHA256 32b175461c4ac8d49372f6faa43c1df078e49917ce82ee1797494b70237e324a SHA512 10f6819e34543467e5f0c924a3bccbcd0584e4ad0b97a1233315d2dafc6913631a5594ae9075f81730141e76bd935063b432ed9bc0ddefbb322fe9a26d52c6b5 WHIRLPOOL cdefee1574e8d3f5ddd759e479937bdb7bd87279f985be2d88945d7ec7f835c959eac03b5510331cd8945afa7a6cd5a2e0d9e372a77d9f27f20b98d20aa3174e diff --git a/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch b/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch new file mode 100644 index 000000000000..cab556c95352 --- /dev/null +++ b/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch @@ -0,0 +1,23 @@ + Makefile | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 901e0ae..599499a 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,13 +10,13 @@ OBJS = vpncwatch.o proc.o net.o + DISTFILES = AUTHORS COPYING README Makefile $(SRCS) $(HDRS) vpnc-watch.py + + CC ?= gcc +-CFLAGS = -D_GNU_SOURCE -O2 -Wall -Werror ++CFLAGS += -D_GNU_SOURCE -Wall + + # Update version in vpncwatch.h as well + TAG = vpncwatch-1.8 + + vpncwatch: $(OBJS) +- $(CC) $(CFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) + + .c.o: + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch b/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch new file mode 100644 index 000000000000..1f982ee76a3f --- /dev/null +++ b/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch @@ -0,0 +1,23 @@ + Makefile | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 901e0ae..599499a 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,13 +10,13 @@ OBJS = vpncwatch.o proc.o net.o + DISTFILES = AUTHORS COPYING README Makefile $(SRCS) $(HDRS) vpnc-watch.py + + CC ?= gcc +-CFLAGS = -D_GNU_SOURCE -O2 -Wall -Werror ++CFLAGS += -D_GNU_SOURCE -Wall + + # Update version in vpncwatch.h as well + TAG = vpncwatch-1.8.1 + + vpncwatch: $(OBJS) +- $(CC) $(CFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) + + .c.o: + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/net-vpn/vpncwatch/metadata.xml b/net-vpn/vpncwatch/metadata.xml new file mode 100644 index 000000000000..f126bf28f5b5 --- /dev/null +++ b/net-vpn/vpncwatch/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>jlec@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="github">downloads/dcantrell</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild b/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild new file mode 100644 index 000000000000..fc293fa8e4e3 --- /dev/null +++ b/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils toolchain-funcs + +DESCRIPTION="Keepalive daemon for vpnc on Linux systems" +HOMEPAGE="https://github.com/dcantrell/vpncwatch/" +SRC_URI="https://github.com/downloads/dcantrell/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +RDEPEND="net-vpn/vpnc" + +src_prepare() { + epatch \ + "${FILESDIR}/${P}-Makefile.patch" + tc-export CC +} + +src_install() { + dobin ${PN} + dodoc README ChangeLog AUTHORS +} diff --git a/net-vpn/vpncwatch/vpncwatch-1.8.ebuild b/net-vpn/vpncwatch/vpncwatch-1.8.ebuild new file mode 100644 index 000000000000..d758a74b4f85 --- /dev/null +++ b/net-vpn/vpncwatch/vpncwatch-1.8.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="A keepalive daemon for vpnc on Linux systems" +HOMEPAGE="https://github.com/dcantrell/vpncwatch/" +SRC_URI="https://github.com/downloads/dcantrell/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +RDEPEND="net-vpn/vpnc" + +src_prepare() { + epatch \ + "${FILESDIR}/${P}-Makefile.patch" + tc-export CC +} + +src_install() { + dobin ${PN} + dodoc README ChangeLog AUTHORS +} diff --git a/net-vpn/vtun/Manifest b/net-vpn/vtun/Manifest new file mode 100644 index 000000000000..6d340c40bb3a --- /dev/null +++ b/net-vpn/vtun/Manifest @@ -0,0 +1,8 @@ +AUX vtun-3.0.2-remove-config-presence-check.patch 513 SHA256 12c14f8b556a262e908a0285475fc8fb84b282745332aedf3bff43b9654af91d SHA512 7e2f0e220801201080bbf256588d30790344aad44603012805bef39748636c2f599796289c6872251d926cc01e96f86203ddb40414e9ec77aac95423d3b8f9f9 WHIRLPOOL ec87507bd79049c060bc53e49168ecdd8f31cd294f8efb88aa064124a395ab4a695c40f7e51909664314ef59dfa2bbe2f3d870913b8871ba3c284f6552f6dd09 +AUX vtun-3.0.3-gcc5.patch 468 SHA256 e6d3e8f2437b154bd288fa75b657cf533813391727b3b1e10c08d5ea80cca013 SHA512 f907812408ec752e3aef9837d2830b908c424628973e4fd0f9e21d12eb42ce6b700f93be6755b3c8a8d03e97d767fdf246157e5a2e0792598aa07bc00e7736b4 WHIRLPOOL 8f8e0ece22fed00cd210eeac2fb4aa82c799363141ce70aa05c60d40b63321f9779cb6d25e7a62ee393eefa34142a5a6016334e6e65b0d74d543f603a90ca907 +AUX vtun-3.0.3-includes.patch 1748 SHA256 3335d65efe586fb12d48176999b5c5d30e863a79941e4cc47db968617a158bdc SHA512 4d6e1f80a9a5ed747f1c20f3fc0b12cf3093781ca01c9b9200f59da83139fdc09a7fe972358965ad3547103e3be143f26afa92d58f6224eaf0f570d3bfa85cc6 WHIRLPOOL e67d57c28b651cb7647fb985942f5d9609d013b6fdbd8448446d4aaf2d4726b78ca742bec8153fddd95e4d12c70e25fe3124db533786bbe095be9834e4790756 +AUX vtun.rc 669 SHA256 1b6d652b1b3ecb84969968023b89475baedf0ffee9dcf02b0fb79a8d32ffc647 SHA512 d5028e1ca0b01e9f746b273a54f9c82bdf393c22c4ba099b08fadec5086055c571242d6d1c13eeced9d8c7c27bc57a7559a91f05f8e25ff92a6629827d443ee4 WHIRLPOOL 7792621ca98a596d7f031497570122ead5e16e2fed799edd0e295eea3bdde8754e6eddf9a46596bd9c15caa5b29813611ce89d6d697bf9d81213c2f96076f021 +AUX vtund-start.conf 1174 SHA256 fce23e42500ac4b2135dfd4940388e4d05c117bba12446a7e1702c5a3342ab03 SHA512 7ec2a8f64380483b8e311bbefb78675a457e27088888e654f8c5fee5f14a77a72f1319b9c7e2dd38763c86728e4f44d6eb87c286103e547e19f329f1550e6710 WHIRLPOOL 92633cbe972453fdc757cf5a1da9fff6bc2cf24ce1029d6b1d8c77b8ef862b810ee9e9bc560360d0c16ae46582107710270c5a8c541bf680fa94ad5b35703028 +DIST vtun-3.0.3.tar.gz 130051 SHA256 69dcbe4f8c5ce7d91b4150a6309e536d03b61841169746ca5788413ac7edb9cb SHA512 5fa789d08b556f97492b89515a89c2322c4b0a8fa95bd1035f5ed19061b3654a6a36a9911792096ac872ae9ae5451848cab87d0343dc0ffc064affea1f7d0d54 WHIRLPOOL 8939c132622d4833a8780003548850103c8f35cabd25b38198a254200a80747b57edba327b4ab91b6af954542d2605a5f2d9dda42a64218a5e0a586fe5705475 +EBUILD vtun-3.0.3.ebuild 1450 SHA256 f046d152e4823ec7ba26de72606f453905eeea5d38cdad98be1a297ceae9c2ce SHA512 cfee3847a8925c5d37b6273896e759fc8cbd49302c31870d6124fe51d70b91d1d9414453c99345b09c6a308b6cde9151e8426d6524358d0ebb962b45260173a1 WHIRLPOOL 7fb57541a1c0e2f9a98831402448f206bdf0450b08d7ac52d8eaae9dccee06ed02ad08f6b85afbc4bacbfb0fd1e60c442e546ce5b1ffb31ecc777b1ec5e4f693 +MISC metadata.xml 321 SHA256 3b6cea27e0e85c076441e4b4558ef4bd05ae9b45d1990cef95d3d4f070c1807a SHA512 c5983cd105c9b0534371fae20648dc22d4d73440d2f1df3fdab3c84dc76d58fc951c31421cf9ac597fdef0067a53fcb54817a4a0c40b6cbf8c4dcfae8543c731 WHIRLPOOL 0ae173e9669caddfae5de364313368ed857b215b4494900e5d944cc2d32aea0a8389fc7f8cf252825e30b3ab790505bdcfccd803cf401ec347bcb6086cac64ee diff --git a/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch b/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch new file mode 100644 index 000000000000..15b3bf273c34 --- /dev/null +++ b/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch @@ -0,0 +1,13 @@ +--- Makefile.in.orig 2012-06-11 23:31:11.416075337 +0400 ++++ Makefile.in 2012-06-11 23:31:21.247324839 +0400 +@@ -86,9 +86,7 @@ + + install_config: + $(INSTALL) -d -m 755 $(INSTALL_OWNER) $(DESTDIR)$(ETC_DIR) +- if [ ! -f $(ETC_DIR)/vtund.conf ]; then \ +- $(INSTALL) -m 600 $(INSTALL_OWNER) vtund.conf $(DESTDIR)$(ETC_DIR); \ +- fi ++ $(INSTALL) -m 600 $(INSTALL_OWNER) vtund.conf $(DESTDIR)$(ETC_DIR); \ + + install: vtund install_config install_man + $(INSTALL) -d -m 755 $(INSTALL_OWNER) $(DESTDIR)$(VAR_DIR)/run diff --git a/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch b/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch new file mode 100644 index 000000000000..99c6531d7268 --- /dev/null +++ b/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch @@ -0,0 +1,13 @@ +Index: vtun-3.0.3/cfg_file.y +=================================================================== +--- vtun-3.0.3.orig/cfg_file.y ++++ vtun-3.0.3/cfg_file.y +@@ -624,7 +624,7 @@ int clear_nat_hack_client(void *d, void + } + + /* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */ +-inline void clear_nat_hack_flags(int svr) ++extern inline void clear_nat_hack_flags(int svr) + { + if (svr) + llist_trav(&host_list,clear_nat_hack_server,NULL); diff --git a/net-vpn/vtun/files/vtun-3.0.3-includes.patch b/net-vpn/vtun/files/vtun-3.0.3-includes.patch new file mode 100644 index 000000000000..cd7cf6a2a2ee --- /dev/null +++ b/net-vpn/vtun/files/vtun-3.0.3-includes.patch @@ -0,0 +1,62 @@ +--- a/lfd_encrypt.c 2008-01-07 23:35:32.000000000 +0100 ++++ b/lfd_encrypt.c 2010-09-18 04:53:31.000000000 +0200 +@@ -44,6 +44,7 @@ + #include <strings.h> + #include <string.h> + #include <time.h> ++#include <arpa/inet.h> /* htonl() */ + + #include "vtun.h" + #include "linkfd.h" +--- a/lib.c 2008-01-07 23:35:40.000000000 +0100 ++++ b/lib.c 2010-09-18 04:52:51.000000000 +0200 +@@ -34,6 +34,7 @@ + #include <sys/wait.h> + #include <syslog.h> + #include <errno.h> ++#include <time.h> /* nanosleep() */ + + #include "vtun.h" + #include "linkfd.h" +--- a/lib.h 2008-01-07 23:35:41.000000000 +0100 ++++ b/lib.h 2010-09-18 04:56:50.000000000 +0200 +@@ -26,6 +26,7 @@ + #include <sys/types.h> + #include <signal.h> + #include <errno.h> ++#include <unistd.h> /* read(), write() */ + + #ifdef HAVE_LIBUTIL_H + #include <libutil.h> +--- a/vtun.h 2008-01-07 23:36:07.000000000 +0100 ++++ b/vtun.h 2010-09-18 04:56:08.000000000 +0200 +@@ -232,5 +232,9 @@ + int read_config(char *file); + struct vtun_host * find_host(char *host); + inline void clear_nat_hack_flags(int svr); ++int send_msg(int len, char *in, char **out); ++int send_ib_mesg(int *len, char **in); ++int recv_msg(int len, char *in, char **out); ++int recv_ib_mesg(int *len, char **in); + + #endif +--- a/lock.c 2008-01-07 23:35:50.000000000 +0100 ++++ b/lock.c 2010-09-18 05:01:21.000000000 +0200 +@@ -32,6 +32,7 @@ + #include <sys/types.h> + #include <signal.h> + #include <errno.h> ++#include <time.h> /* nanosleep() */ + + #include "vtun.h" + #include "linkfd.h" +--- a/lfd_shaper.c 2008-01-07 23:35:36.000000000 +0100 ++++ b/lfd_shaper.c 2010-09-18 05:07:12.000000000 +0200 +@@ -27,6 +27,7 @@ + #include <stdlib.h> + #include <sys/time.h> + #include <syslog.h> ++#include <time.h> /* nanosleep() */ + + #include "vtun.h" + #include "linkfd.h" diff --git a/net-vpn/vtun/files/vtun.rc b/net-vpn/vtun/files/vtun.rc new file mode 100644 index 000000000000..7ef322985043 --- /dev/null +++ b/net-vpn/vtun/files/vtun.rc @@ -0,0 +1,32 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +start() { + IFS=$'\n' + for line in `grep -v '^[[:space:]]*#' /etc/vtund-start.conf | grep -v '^[[:space:]]*$'` + do + echo $line | + (IFS=" " + read host server args + if [ "$host" = "--server--" ]; then + ebegin "Starting vtund server" + /usr/sbin/vtund -s -P $server $args + eend $? + else + ebegin "Starting vtund client $host to $server" + /usr/sbin/vtund $args -- $host $server + eend $? + fi) + done +} + +stop() { + ebegin "Stopping all vtund servers and clients" + killall vtund + eend $? +} diff --git a/net-vpn/vtun/files/vtund-start.conf b/net-vpn/vtun/files/vtund-start.conf new file mode 100644 index 000000000000..01de38322f48 --- /dev/null +++ b/net-vpn/vtun/files/vtund-start.conf @@ -0,0 +1,33 @@ +### this file defines whether vtund is run as a client or a server +### +### format is "[host] [server] <args>" or "--server-- [portnumber] <args>". +### +### [host] is the hostname to use as a client +### +### [server] is the server to connect to +### +### [args] is optional for both server and client and contains any additional +### command line args for that instance of vtund. not needed by most people. +### +### --server-- is the literal string '--server--'. nothing more, nothing less. +### +### [portnumber] is the port number to run the server on. +### +### +### you can have more than one client "host server" line if required, +### and in theory, it should be possible to run as both a client and a +### server simultaneously, but i haven't tested that. + + +### examples: + +### to run as a client using hostname 'viper'. +#viper vtun-server.somewhere.com.au + +### to run a persistent client connection using hostname 'viper' +### connecting to a server on port 6000 and using /etc/vtun.viper.conf +### as the config file. +#viper vtun-server.somewhere.com.au -f /etc/vtun.viper.conf -s -P 6000 + +### to run vtund as a server on port 5000, uncomment the following line: +#--server-- 5000 diff --git a/net-vpn/vtun/metadata.xml b/net-vpn/vtun/metadata.xml new file mode 100644 index 000000000000..6c796b6d02c5 --- /dev/null +++ b/net-vpn/vtun/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">vtun</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/vtun/vtun-3.0.3.ebuild b/net-vpn/vtun/vtun-3.0.3.ebuild new file mode 100644 index 000000000000..153cff659a9f --- /dev/null +++ b/net-vpn/vtun/vtun-3.0.3.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils linux-info + +DESCRIPTION="Create tunnels over TCP/IP networks with shaping, encryption, and compression" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +HOMEPAGE="http://vtun.sourceforge.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ppc ~sparc x86" +IUSE="lzo socks5 ssl zlib" + +RDEPEND="ssl? ( dev-libs/openssl:0 ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib ) + socks5? ( net-proxy/dante )" +DEPEND="${RDEPEND} + sys-devel/bison" + +DOCS="ChangeLog Credits FAQ README README.Setup README.Shaper TODO" + +CONFIG_CHECK="~TUN" + +src_prepare() { + sed -i Makefile.in \ + -e '/^LDFLAGS/s|=|+=|g' \ + || die "sed Makefile" + epatch "${FILESDIR}"/${P}-includes.patch + # remove unneeded checking for /etc/vtund.conf + epatch "${FILESDIR}"/${PN}-3.0.2-remove-config-presence-check.patch + # GCC 5 compatibility, patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778164 + epatch "${FILESDIR}"/${P}-gcc5.patch + # portage takes care about striping binaries itself + sed -i 's:$(BIN_DIR)/strip $(DESTDIR)$(SBIN_DIR)/vtund::' Makefile.in || die + + epatch_user +} + +src_configure() { + econf \ + $(use_enable ssl) \ + $(use_enable zlib) \ + $(use_enable lzo) \ + $(use_enable socks5 socks) \ + --enable-shaper +} + +src_install() { + default + newinitd "${FILESDIR}"/vtun.rc vtun + insinto etc + doins "${FILESDIR}"/vtund-start.conf +} diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest new file mode 100644 index 000000000000..7212654a70c6 --- /dev/null +++ b/net-vpn/wireguard/Manifest @@ -0,0 +1,5 @@ +AUX wireguard-openrc.sh 915 SHA256 f425a60ef4ec42df025df182a474e4ce7157f9fa400ac22a813b33f8421c4d23 SHA512 dd21d8558b4c5ff0fb02a35b6996f1f89ea0e59c885523b9443aafdebcfb23cab3e60f248594d416245a5829b36103566a7a59f41183a9990451c35aa6933dcb WHIRLPOOL a7889f5429a658674a28b913bd1d629024403539fa9ba7742e5c4feaccf3878aaba9f5a062281ceaace163c51abd841edacc104f080cc481b41917135df19b06 +DIST WireGuard-0.0.20171005.tar.xz 167500 SHA256 832a3b7cbb510f6986fd0c3a6b2d86bc75fc9f23b6754d8f46bc58ea8e02d608 SHA512 c131351e1a5591d3aa1c9172d9c2dbc7c8d5ee3ca11e8efecfa32b51bfdb80939efe714b7d41f0e3ce5559d0de20a55675eb6af4f06d67811196682e6e9ed87d WHIRLPOOL be05c06b0b3d07584f20291b6ad97acbe60cd045e54416851ae11db21366804dae3d340d8914098c9e3953c06ebc99fd7571a304595ad5f46e7f72528e96bbc8 +EBUILD wireguard-0.0.20171005.ebuild 4779 SHA256 09ec1cc8c1b84396038b34b81ebd935d088c2119e04f417ae4d782bc7d9b7cec SHA512 4f64c13d75ddaa611c545b1a65b1b3d5aa61298ffbf32de436287b1c898b77e807ffb4da3949d3a1a073c38d9e2609df885954f9a2d57388e86babab85c9b80f WHIRLPOOL 69fbaff57cc11b87c321f07b49a817314bb778afc6e1edfd36310d768faa8503a8c2bd1404a3b322201cf3748ac9f04a538be3021ec397e2cbd995c9717f1475 +EBUILD wireguard-9999.ebuild 4779 SHA256 09ec1cc8c1b84396038b34b81ebd935d088c2119e04f417ae4d782bc7d9b7cec SHA512 4f64c13d75ddaa611c545b1a65b1b3d5aa61298ffbf32de436287b1c898b77e807ffb4da3949d3a1a073c38d9e2609df885954f9a2d57388e86babab85c9b80f WHIRLPOOL 69fbaff57cc11b87c321f07b49a817314bb778afc6e1edfd36310d768faa8503a8c2bd1404a3b322201cf3748ac9f04a538be3021ec397e2cbd995c9717f1475 +MISC metadata.xml 765 SHA256 b39a60fb08df46968b7200955f3568c1437afa566283c2962c7bb03e155392bf SHA512 794ffdecbc09f27080cade3a5753e0d1e9021edb400282ee6db7099d4583ab4d4ed28a343e2b8c2227ab39b8bc4182938d6c82ae4a4f7e9980f21348d8d8c805 WHIRLPOOL fd59215f63552e46f26cb7d7545f2ef3ee270433afe764e6408acd5dfc5f1bf88269cd02ea1fcd8bcf8b6857d83ae7558119cf6fa5c48dca00c48d11a63c78c7 diff --git a/net-vpn/wireguard/files/wireguard-openrc.sh b/net-vpn/wireguard/files/wireguard-openrc.sh new file mode 100644 index 000000000000..9c53ef0ffa72 --- /dev/null +++ b/net-vpn/wireguard/files/wireguard-openrc.sh @@ -0,0 +1,45 @@ +# Copyright (c) 2016 Gentoo Foundation +# All rights reserved. Released under the 2-clause BSD license. + +wireguard_depend() +{ + program /usr/bin/wg + after interface + before dhcp +} + +wireguard_pre_start() +{ + [[ $IFACE == wg* ]] || return 0 + ip link delete dev "$IFACE" type wireguard 2>/dev/null + ebegin "Creating WireGuard interface $IFACE" + if ! ip link add dev "$IFACE" type wireguard; then + eend $? + return $? + fi + eend 0 + + ebegin "Configuring WireGuard interface $IFACE" + set -- $(_get_array "wireguard_$IFVAR") + if [[ -f $1 && $# -eq 1 ]]; then + /usr/bin/wg setconf "$IFACE" "$1" + else + eval /usr/bin/wg set "$IFACE" "$@" + fi + if [ $? -eq 0 ]; then + _up + eend 0 + return + fi + e=$? + ip link delete dev "$IFACE" type wireguard 2>/dev/null + eend $e +} + +wireguard_post_stop() +{ + [[ $IFACE == wg* ]] || return 0 + ebegin "Removing WireGuard interface $IFACE" + ip link delete dev "$IFACE" type wireguard + eend $? +} diff --git a/net-vpn/wireguard/metadata.xml b/net-vpn/wireguard/metadata.xml new file mode 100644 index 000000000000..d5c30b1930c0 --- /dev/null +++ b/net-vpn/wireguard/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zx2c4@gentoo.org</email> + <name>Jason A. Donenfeld</name> + </maintainer> + <use> + <flag name="tools">Compile the wg(8) tool and related helpers. You probably want this enabled.</flag> + <flag name="module">Compile the actual WireGuard kernel module. Most certainly you want this enabled, unless you're doing something strange.</flag> + <flag name="module-src">Install the module source code to /usr/src, in case you like building kernel modules yourself.</flag> + <flag name="debug">Enable verbose debug reporting in dmesg of various WireGuard peer and device information.</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/wireguard/wireguard-0.0.20171005.ebuild b/net-vpn/wireguard/wireguard-0.0.20171005.ebuild new file mode 100644 index 000000000000..fdc71975143a --- /dev/null +++ b/net-vpn/wireguard/wireguard-0.0.20171005.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +MODULES_OPTIONAL_USE="module" +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.com/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(kernel/drivers/net:src)" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_BLKCIPHER" + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 3 10 0 && die "This version of ${PN} requires Linux >= 3.10" + fi +} + +src_compile() { + BUILD_PARAMS="KERNELDIR=${KERNEL_DIR}" + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + einfo + einfo "This software is experimental and has not yet been released." + einfo "As such, it may contain significant issues. Please do not file" + einfo "bug reports with Gentoo, but rather direct them upstream to:" + einfo + einfo " team@wireguard.com security@wireguard.com" + einfo + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/" + einfo + fi + if use module; then + local old new + if [[ $(uname -r) != "${KV_FULL}" ]]; then + ewarn + ewarn "You have just built WireGuard for kernel ${KV_FULL}, yet the currently running" + ewarn "kernel is $(uname -r). If you intend to use this WireGuard module on the currently" + ewarn "running machine, you will first need to reboot it into the kernel ${KV_FULL}, for" + ewarn "which this module was built." + ewarn + elif [[ -f /sys/module/wireguard/version ]] && \ + old="$(< /sys/module/wireguard/version)" && \ + new="$(modinfo -F version "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \ + [[ $old != "$new" ]]; then + ewarn + ewarn "You appear to have just upgraded WireGuard from version v$old to v$new." + ewarn "However, the old version is still running on your system. In order to use the" + ewarn "new version, you will need to remove the old module and load the new one. As" + ewarn "root, you can accomplish this with the following commands:" + ewarn + ewarn " # rmmod wireguard" + ewarn " # modprobe wireguard" + ewarn + ewarn "Do note that doing this will remove current WireGuard interfaces, so you may want" + ewarn "to gracefully remove them yourself prior." + ewarn + fi + fi +} diff --git a/net-vpn/wireguard/wireguard-9999.ebuild b/net-vpn/wireguard/wireguard-9999.ebuild new file mode 100644 index 000000000000..fdc71975143a --- /dev/null +++ b/net-vpn/wireguard/wireguard-9999.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +MODULES_OPTIONAL_USE="module" +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.com/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(kernel/drivers/net:src)" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_BLKCIPHER" + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 3 10 0 && die "This version of ${PN} requires Linux >= 3.10" + fi +} + +src_compile() { + BUILD_PARAMS="KERNELDIR=${KERNEL_DIR}" + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + einfo + einfo "This software is experimental and has not yet been released." + einfo "As such, it may contain significant issues. Please do not file" + einfo "bug reports with Gentoo, but rather direct them upstream to:" + einfo + einfo " team@wireguard.com security@wireguard.com" + einfo + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/" + einfo + fi + if use module; then + local old new + if [[ $(uname -r) != "${KV_FULL}" ]]; then + ewarn + ewarn "You have just built WireGuard for kernel ${KV_FULL}, yet the currently running" + ewarn "kernel is $(uname -r). If you intend to use this WireGuard module on the currently" + ewarn "running machine, you will first need to reboot it into the kernel ${KV_FULL}, for" + ewarn "which this module was built." + ewarn + elif [[ -f /sys/module/wireguard/version ]] && \ + old="$(< /sys/module/wireguard/version)" && \ + new="$(modinfo -F version "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \ + [[ $old != "$new" ]]; then + ewarn + ewarn "You appear to have just upgraded WireGuard from version v$old to v$new." + ewarn "However, the old version is still running on your system. In order to use the" + ewarn "new version, you will need to remove the old module and load the new one. As" + ewarn "root, you can accomplish this with the following commands:" + ewarn + ewarn " # rmmod wireguard" + ewarn " # modprobe wireguard" + ewarn + ewarn "Do note that doing this will remove current WireGuard interfaces, so you may want" + ewarn "to gracefully remove them yourself prior." + ewarn + fi + fi +} |