11 files changed, 1032 insertions, 0 deletions
diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest
new file mode 100644
index 000000000000..8a6afbca8a5d
--- /dev/null
+++ b/net-vpn/openvpn/Manifest
@@ -0,0 +1,13 @@
+AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e
+AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5
+AUX openvpn-2.1.init 4187 SHA256 89f69bcd627868830c421bc6270f08a1c3edf1a1e5fbdedf33c7a7d530bdfccf SHA512 2d97a41b3998c196c440dcaf43ad8992eae27c5356c94b24f4cc4b20169350f3d6c8d65bb9c2517415ee15637fa60298d9cd8252ad9aa3eec6ae3a847ede0611 WHIRLPOOL e7ae9750f0b7fc811bbd1a51dccba1e9d8c8a581bf7ff296bfcd6bfed7b747d1d4307a6c68dda7e4e29e017151c7d1b21c971cc677b838c0feffcd902e29be5c
+AUX openvpn-external-cmocka.patch 2083 SHA256 8deebd932ba2fa529f10f0f1d41c3606997b428666c95c3aad61e5b1e4002861 SHA512 6c34518f626992031735f6433861fafd44e3cf35e95668cf5945aee7b341a049e3b6a73dd9937a0f287e4a750a2415532ae49aac11011767e0c7a3355f8ff6ca WHIRLPOOL 7914fd96994e27e3d87ba7664ea0b70a7523727dac7bd7345971db4c482df3d678940a492f7ad9a45cce28cfd7561efe5f6117e68394275fb0c9114dead17263
+AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51
+DIST mock_msg.h 1356 SHA256 d6c56a423753c0b938a5dc32c978984eebb97243a2671a1652440093f67d61fb SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea WHIRLPOOL 4cce848abc141e9d39cca1f8a0c9d11c0819d8a6e640c541968df491d2a6c3c0746233742418ee43c8bbc6ef19028a41159efae2922bcc719bd86442da05df86
+DIST openvpn-2.4.3.tar.gz 1422692 SHA256 cee3d3ca462960a50a67c0ebd186e01b6d13db70275205663695152c9aca8579 SHA512 1d1f9afa6d0858fa32f73b2a51ed7652beac52ef974b104b51b521e6d8e872b8f5659c55ec1ef442fed3b6c6b058627b0af73e765a1261871b1cd96c8acd657e WHIRLPOOL ba2e878f7a12082c60e2a25b4b83d6293f56307d0dac48b068e4edbf06583b85a4698431937086427fba7db6b364ee6a074eae269a3efd782cf3c1658b8fcd1b
+DIST openvpn-2.4.4.tar.gz 1390194 SHA256 1ae883d9522c9fa6d189e5e4aaa058a93edd3d0b897e3c2664107c4785099fc3 SHA512 3c3cb77397569e21c5af52b065b081714ce53e2dd0b890c881de8e57220dc23d97cd61eaf5a6bf8e5e89186414c4c93da22a3ab65f4b61f80b04d862b4116e76 WHIRLPOOL d9ed3e499a6e2baf9c74d7ee11931c21744a3d1a5d50c48504247f118a35560409bd53302c2d2482b105847485aff3426f55e6ec0a5dfd9a4f79186b40014c7a
+EBUILD openvpn-2.4.3-r1.ebuild 4689 SHA256 d8a3a1ef1843b6ade6a7a748079e86b4b8aa79d5e843205cab283ea7c2a31e26 SHA512 fb0d83acce76eb3602332df7a618c5073765055819341d1372ed034d4f31b93abbca0615767ae50c2064e3210c9e5d6fa51ca727328b403cab63fa2c9792b83e WHIRLPOOL d3efe27a6e7a1f2f82d662d4f14fd37411cc59b38a78c8f270106f42ebed05ae2da5379f5228c6e24a18b6700500ba211110b85e73e986c1ba3cb4631c86d4a5
+EBUILD openvpn-2.4.3.ebuild 4611 SHA256 152ea1894e39b9a290affe877510113b53c1e8e51e6e8d03851b2489ea7c76a8 SHA512 3a7b7c93df95922eb9d6deb383a63521a5daea9490e90285dc5bd419af0afa484b55c836a41d528462b7301698d7c6c2cfe63b3eea7bfffcf990b7308dd43d17 WHIRLPOOL 29b21e8a81c91b83677906fc3879c24b2ce89e0697a17e2a25969d39401cdb337662d8d4eb5da70cf82bea0edce2896e6ee0e428ef0191402e8ed73e778bbcb0
+EBUILD openvpn-2.4.4.ebuild 4683 SHA256 b886728b4bffe1cd046d0e1bda93b7a9a8027f8cdb6e9803ef22177af6178a48 SHA512 2556b160f91642357bd39b7f7e53f7baa96b5513bccac53a0344386521367279087918d07054bd8cab81be4171568f783249abff4a9d80c888502f052d9562c9 WHIRLPOOL 15205d0d1ad7924f44ece0c200c7a9fc8af70fd1aeb1c3647f3ac37af40027aa7582ccef117eecd99f89e4cb3b5ce56e36b20c3f3cbbd2af7f168c949ba58f23
+EBUILD openvpn-9999.ebuild 4473 SHA256 83ed9e44b86ae9200406ee251d76f36493e7cfaec4c051bfbc2c95f8367b2135 SHA512 700392c91522915cb00d9282eb7f53f237b40d78c3d5702dfccd6255e86b7b1a86355fdc45902fcba572cbcbf5ee87239b0b4197557934413884b633b7fdc4fa WHIRLPOOL 89643cd3ffe5111e7dbf52839adffd87cd1a6c5cc90d26c0809c51f9ae2fc2fda9f2c0637c8f3fbf961317d90d1415a5a6e5d4bf7f526848f3116e4d700a9e0b
+MISC metadata.xml 1157 SHA256 667929a10db854b014d33be01fead67aa94176400e35b035db5aaa2859a693e0 SHA512 1408231f0a3d66a762af5482d3e67a2d9e950fd4ef456d9dce45943e21b34eb8178c8085d198fa3ea726f0718c4b1a2a0f94798ee9ef51958807dc305e65c882 WHIRLPOOL 81cd37f460b8295bb6d050f4ecf363378d4434c88c32ffa4919db5b5fe906962887d08744def990dc63882a7486221e378cd54d5d57379868076dcf47aa62ba0
diff --git a/net-vpn/openvpn/files/down.sh b/net-vpn/openvpn/files/down.sh
new file mode 100644
index 000000000000..1c70db0ec653
--- /dev/null
+++ b/net-vpn/openvpn/files/down.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# If we have a service specific script, run this now
+if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
+	/etc/openvpn/"${SVCNAME}"-down.sh "$@"
+fi
+
+# Restore resolv.conf to how it was
+if [ "${PEER_DNS}" != "no" ]; then
+	if [ -x /sbin/resolvconf ] ; then
+		/sbin/resolvconf -d "${dev}"
+	elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
+		# Important that we copy instead of move incase resolv.conf is
+		# a symlink and not an actual file
+		cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
+		rm -f /etc/resolv.conf-"${dev}".sv
+	fi
+fi
+
+if [ -n "${SVCNAME}" ]; then
+	# Re-enter the init script to start any dependant services
+	if /etc/init.d/"${SVCNAME}" --quiet status ; then
+		export IN_BACKGROUND=true
+		/etc/init.d/"${SVCNAME}" --quiet stop
+	fi
+fi
+
+exit 0
+
+# vim: ts=4 :
diff --git a/net-vpn/openvpn/files/openvpn-2.1.conf b/net-vpn/openvpn/files/openvpn-2.1.conf
new file mode 100644
index 000000000000..72510c34aed3
--- /dev/null
+++ b/net-vpn/openvpn/files/openvpn-2.1.conf
@@ -0,0 +1,18 @@
+# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
+# resolvconf) if given DNS information by the OpenVPN server.
+# Set PEER_DNS="no" to stop this.
+PEER_DNS="yes"
+
+# OpenVPN can run in many modes. Most people will want the init script
+# to automatically detect the mode and try and apply a good default
+# configuration and setup scripts. However, there are cases where the
+# OpenVPN configuration looks like a client, but it's really a peer or
+# something else. DETECT_CLIENT controls this behaviour.
+DETECT_CLIENT="yes"
+
+# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
+# init script (ie, it first becomes "inactive" and the script then starts the
+# script again to make it "started") then you can state this below.
+# In other words, unless you understand service dependencies and are a
+# competent shell scripter, don't set this.
+RE_ENTER="no"
diff --git a/net-vpn/openvpn/files/openvpn-2.1.init b/net-vpn/openvpn/files/openvpn-2.1.init
new file mode 100644
index 000000000000..b42aa13d20de
--- /dev/null
+++ b/net-vpn/openvpn/files/openvpn-2.1.init
@@ -0,0 +1,133 @@
+#!/sbin/openrc-run
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPNDIR=${VPNDIR:-/etc/openvpn}
+VPN=${SVCNAME#*.}
+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
+	VPNPID="/var/run/openvpn.${VPN}.pid"
+else
+	VPNPID="/var/run/openvpn.pid"
+fi
+VPNCONF="${VPNDIR}/${VPN}.conf"
+
+depend() {
+	need localmount net
+	use dns
+	after bootmisc
+}
+
+checkconfig() {
+	# Linux has good dynamic tun/tap creation
+	if [ $(uname -s) = "Linux" ] ; then
+		if [ ! -e /dev/net/tun ]; then
+			if ! modprobe tun ; then
+				eerror "TUN/TAP support is not available" \
+					"in this kernel"
+				return 1
+			fi
+		fi
+		if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
+			ebegin "Detected broken /dev/net/tun symlink, fixing..."
+			rm -f /dev/net/tun
+			ln -s /dev/misc/net/tun /dev/net/tun
+			eend $?
+		fi
+		return 0
+	fi
+
+	# Other OS's don't, so we rely on a pre-configured interface
+	# per vpn instance
+	local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
+	if [ -z ${ifname} ] ; then
+		eerror "You need to specify the interface that this openvpn" \
+			"instance should use" \
+			"by using the dev option in ${VPNCONF}"
+		return 1
+	fi
+
+	if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+		# Try and create it
+		echo > /dev/"${ifname}" >/dev/null
+	fi
+	if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+		eerror "${VPNCONF} requires interface ${ifname}" \
+			"but that does not exist"
+		return 1
+	fi
+}
+
+start() {
+	# If we are re-called by the openvpn gentoo-up.sh script
+	# then we don't actually want to start openvpn
+	[ "${IN_BACKGROUND}" = "true" ] && return 0
+	
+	ebegin "Starting ${SVCNAME}"
+
+	checkconfig || return 1
+
+	local args="" reenter=${RE_ENTER:-no}
+	# If the config file does not specify the cd option, we do
+	# But if we specify it, we override the config option which we do not want
+	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
+		args="${args} --cd ${VPNDIR}"
+	fi
+	
+	# We mark the service as inactive and then start it.
+	# When we get an authenticated packet from the peer then we run our script
+	# which configures our DNS if any and marks us as up.
+	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
+	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
+		reenter="yes"
+		args="${args} --up-delay --up-restart"
+		args="${args} --script-security 2"
+		args="${args} --up /etc/openvpn/up.sh"
+		args="${args} --down-pre --down /etc/openvpn/down.sh"
+
+		# Warn about setting scripts as we override them
+		if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
+			ewarn "WARNING: You have defined your own up/down scripts"
+			ewarn "As you're running as a client, we now force Gentoo specific"
+			ewarn "scripts to be run for up and down events."
+			ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
+			ewarn "where you can put your own code."
+		fi
+
+		# Warn about the inability to change ip/route/dns information when
+		# dropping privs
+		if grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" ; then
+			ewarn "WARNING: You are dropping root privileges!"
+			ewarn "As such openvpn may not be able to change ip, routing"
+			ewarn "or DNS configuration."
+		fi
+	else
+		# So we're a server. Run as openvpn unless otherwise specified
+		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args="${args} --user openvpn"
+		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args="${args} --group openvpn"
+	fi
+
+	# Ensure that our scripts get the PEER_DNS variable
+	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
+
+	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
+	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
+		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
+		--setenv SVCNAME "${SVCNAME}" ${args}
+	eend $? "Check your logs to see why startup failed"
+}
+
+stop() {
+	# If we are re-called by the openvpn gentoo-down.sh script
+	# then we don't actually want to stop openvpn
+	if [ "${IN_BACKGROUND}" = "true" ] ; then
+		mark_service_inactive "${SVCNAME}"
+		return 0
+	fi
+
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --quiet \
+		--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
+	eend $?
+}
+
+# vim: set ts=4 :
diff --git a/net-vpn/openvpn/files/openvpn-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-external-cmocka.patch
new file mode 100644
index 000000000000..eecc5076b4e8
--- /dev/null
+++ b/net-vpn/openvpn/files/openvpn-external-cmocka.patch
@@ -0,0 +1,62 @@
+diff --git a/configure.ac b/configure.ac
+index f4073d0..9afcc90 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1211,6 +1211,21 @@ if test "${enable_async_push}" = "yes"; then
+ 	)
+ fi
+ 
++AC_ARG_ENABLE(
++	[tests],
++	AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@])
++)
++
++if test "${enable_tests}" = "yes"; then
++	PKG_CHECK_MODULES([CMOCKA], [cmocka])
++	TEST_CFLAGS="${CMOCKA_CFLAGS}"
++	TEST_LDFLAGS="${CMOCKA_LIBS}"
++	AC_SUBST([TEST_CFLAGS])
++	AC_SUBST([TEST_LDFLAGS])
++fi
++AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"])
++AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
++
+ CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+ 
+@@ -1257,28 +1272,6 @@ AC_SUBST([VENDOR_SRC_ROOT])
+ AC_SUBST([VENDOR_BUILD_ROOT])
+ AC_SUBST([VENDOR_DIST_ROOT])
+ 
+-TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
+-TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
+-
+-AC_SUBST([TEST_LDFLAGS])
+-AC_SUBST([TEST_CFLAGS])
+-
+-# Check if cmake is available and cmocka git submodule is initialized,
+-# needed for unit testing
+-AC_CHECK_PROGS([CMAKE], [cmake])
+-if test -n "${CMAKE}"; then
+-   if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
+-      AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
+-   else
+-      AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
+-      AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated.  Unit testing cannot be performed.])
+-   fi
+-else
+-   AC_MSG_RESULT([!! WARNING !! CMake is NOT available.  Unit testing cannot be performed.])
+-   AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
+-fi
+-
+-
+ AC_CONFIG_FILES([
+ 	version.sh
+ 	Makefile
+diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am
+index 31d37b8..4b7fb41 100644
+--- a/tests/unit_tests/Makefile.am
++++ b/tests/unit_tests/Makefile.am
+@@ -3 +3 @@ AUTOMAKE_OPTIONS = foreign
+-if CMOCKA_INITIALIZED
++if ENABLE_TESTS
diff --git a/net-vpn/openvpn/files/up.sh b/net-vpn/openvpn/files/up.sh
new file mode 100644
index 000000000000..6ce82d6113cd
--- /dev/null
+++ b/net-vpn/openvpn/files/up.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# Setup our resolv.conf
+# Vitally important that we use the domain entry in resolv.conf so we
+# can setup the nameservers are for the domain ONLY in resolvconf if
+# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
+# nscd/libc users will get the VPN nameservers before their other ones
+# and will use the first one that responds - maybe the LAN ones?
+# non resolvconf users just the the VPN resolv.conf
+
+# FIXME:- if we have >1 domain, then we have to use search :/
+# We need to add a flag to resolvconf to say
+# "these nameservers should only be used for the listed search domains
+#  if other global nameservers are present on other interfaces"
+# This however, will break compatibility with Debians resolvconf
+# A possible workaround would be to just list multiple domain lines
+# and try and let resolvconf handle it
+
+min_route() {
+	local n=1
+	local m
+	local r
+
+	eval m="\$route_metric_$n"
+	while [ -n "${m}" ]; do
+		if [ -z "$r" ] || [ "$r" -gt "$m" ]; then
+			r="$m"
+		fi
+		n="$(($n+1))"
+		eval m="\$route_metric_$n"
+	done
+
+	echo "$r"
+}
+
+if [ "${PEER_DNS}" != "no" ]; then
+	NS=
+	DOMAIN=
+	SEARCH=
+	i=1
+	while true ; do
+		eval opt=\$foreign_option_${i}
+		[ -z "${opt}" ] && break
+		if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
+			if [ -z "${DOMAIN}" ] ; then
+				DOMAIN="${opt#dhcp-option DOMAIN *}"
+			else
+				SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
+			fi
+		elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
+			NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
+		fi
+		i=$((${i} + 1))
+	done
+
+	if [ -n "${NS}" ] ; then
+		DNS="# Generated by openvpn for interface ${dev}\n"
+		if [ -n "${SEARCH}" ] ; then
+			DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
+		elif [ -n "${DOMAIN}" ]; then
+			DNS="${DNS}domain ${DOMAIN}\n"
+		fi
+		DNS="${DNS}${NS}"
+		if [ -x /sbin/resolvconf ] ; then
+			metric="$(min_route)"
+			printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}}
+		else
+			# Preserve the existing resolv.conf
+			if [ -e /etc/resolv.conf ] ; then
+				cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
+			fi
+			printf "${DNS}" > /etc/resolv.conf
+			chmod 644 /etc/resolv.conf
+		fi
+	fi
+fi
+
+# Below section is Gentoo specific
+# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
+# as we could have >1 openvpn service
+
+if [ -n "${SVCNAME}" ]; then
+	# If we have a service specific script, run this now
+	if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
+		/etc/openvpn/"${SVCNAME}"-up.sh "$@"
+	fi
+
+	# Re-enter the init script to start any dependant services
+	if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
+		export IN_BACKGROUND=true
+		/etc/init.d/${SVCNAME} --quiet start
+	fi
+fi
+
+exit 0
+
+# vim: ts=4 :
diff --git a/net-vpn/openvpn/metadata.xml b/net-vpn/openvpn/metadata.xml
new file mode 100644
index 000000000000..ca1e9a1139e7
--- /dev/null
+++ b/net-vpn/openvpn/metadata.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>mrueg@gentoo.org</email>
+    <name>Manuel Rüger</name>
+  </maintainer>
+  <maintainer type="person">
+    <email>chutzpah@gentoo.org</email>
+    <name>Patrick McLean</name>
+  </maintainer>
+  <maintainer type="person">
+    <email>williamh@gentoo.org</email>
+    <name>William Hubbs</name>
+  </maintainer>
+  <longdescription>OpenVPN is an easy-to-use, robust and highly
+configurable VPN daemon which can be used to securely link two or more
+networks using an encrypted tunnel.</longdescription>
+  <use>
+    <flag name="down-root">Enable the down-root plugin</flag>
+    <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag>
+    <flag name="lz4">Enable LZ4 support</flag>
+    <flag name="mbedtls">Use mbed TLS instead of OpenSSL</flag>
+    <flag name="pkcs11">Enable PKCS#11 smartcard support</flag>
+    <flag name="plugins">Enable the OpenVPN plugin system</flag>
+  </use>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:openvpn:openvpn</remote-id>
+  </upstream>
+</pkgmetadata>
diff --git a/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild
new file mode 100644
index 000000000000..798c6c354ac3
--- /dev/null
+++ b/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic user systemd linux-info
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz
+	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos"
+
+IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
+IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+	mbedtls? ( ssl !libressl )
+	pkcs11? ( ssl )
+	!plugins? ( !pam !down-root )
+	inotify? ( plugins )"
+
+CDEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] )
+		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
+	)
+	pam? ( virtual/pam )
+	ssl? (
+		!mbedtls? (
+			!libressl? ( >=dev-libs/openssl-0.9.8:* )
+			libressl? ( dev-libs/libressl )
+		)
+		mbedtls? ( net-libs/mbedtls )
+	)
+	lz4? ( app-arch/lz4 )
+	lzo? ( >=dev-libs/lzo-1.07 )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )"
+DEPEND="${CDEPEND}
+	test? ( dev-util/cmocka )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-openvpn )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-external-cmocka.patch"
+)
+
+pkg_setup()  {
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+
+	if use test; then
+		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
+	fi
+}
+
+src_configure() {
+	use static && append-ldflags -Xcompiler -static
+	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
+	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
+	IFCONFIG=/bin/ifconfig \
+	ROUTE=/bin/route \
+	econf \
+		$(usex mbedtls '--with-crypto-library=mbedtls' '') \
+		$(use_enable inotify async-push) \
+		$(use_enable ssl crypto) \
+		$(use_enable lz4) \
+		$(use_enable lzo) \
+		$(use_enable pkcs11) \
+		$(use_enable plugins) \
+		$(use_enable iproute2) \
+		$(use_enable pam plugin-auth-pam) \
+		$(use_enable down-root plugin-down-root) \
+		$(use_enable test tests) \
+		$(use_enable systemd)
+}
+
+src_test() {
+	make check || die "top-level tests failed"
+	pushd tests/unit_tests > /dev/null || die
+	make check || die "unit tests failed"
+	popd > /dev/null || die
+}
+
+src_install() {
+	default
+	find "${ED}/usr" -name '*.la' -delete
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# dodoc does not supportly support directory traversal, #15193
+		insinto /usr/share/doc/${PF}/examples
+		doins -r sample contrib
+	fi
+}
+
+pkg_postinst() {
+	# Add openvpn user so openvpn servers can drop privs
+	# Clients should run as root so they can change ip addresses,
+	# dns information and other such things.
+	enewgroup openvpn
+	enewuser openvpn "" "" "" openvpn
+
+	if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then
+		ewarn "WARNING: The openvpn init script has changed"
+		ewarn ""
+	fi
+
+	if use x64-macos; then
+		elog "You might want to install tuntaposx for TAP interface support:"
+		elog "http://tuntaposx.sourceforge.net"
+	fi
+
+	elog "The openvpn init script expects to find the configuration file"
+	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+	elog ""
+	elog "To create more VPNs, simply create a new .conf file for it and"
+	elog "then create a symlink to the openvpn init script from a link called"
+	elog "openvpn.newconfname - like so"
+	elog "   cd /etc/openvpn"
+	elog "   ${EDITOR##*/} foo.conf"
+	elog "   cd /etc/init.d"
+	elog "   ln -s openvpn openvpn.foo"
+	elog ""
+	elog "You can then treat openvpn.foo as any other service, so you can"
+	elog "stop one vpn and start another if you need to."
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
+	fi
+}
diff --git a/net-vpn/openvpn/openvpn-2.4.3.ebuild b/net-vpn/openvpn/openvpn-2.4.3.ebuild
new file mode 100644
index 000000000000..a15364807f9f
--- /dev/null
+++ b/net-vpn/openvpn/openvpn-2.4.3.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic user systemd linux-info
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz
+	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos"
+
+IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
+IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+	mbedtls? ( ssl !libressl )
+	pkcs11? ( ssl )
+	!plugins? ( !pam !down-root )
+	inotify? ( plugins )"
+
+CDEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] )
+		!iproute2? ( sys-apps/net-tools )
+	)
+	pam? ( virtual/pam )
+	ssl? (
+		!mbedtls? (
+			!libressl? ( >=dev-libs/openssl-0.9.8:* )
+			libressl? ( dev-libs/libressl )
+		)
+		mbedtls? ( net-libs/mbedtls )
+	)
+	lz4? ( app-arch/lz4 )
+	lzo? ( >=dev-libs/lzo-1.07 )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )"
+DEPEND="${CDEPEND}
+	test? ( dev-util/cmocka )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-openvpn )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-external-cmocka.patch"
+)
+
+pkg_setup()  {
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+
+	if use test; then
+		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
+	fi
+}
+
+src_configure() {
+	use static && append-ldflags -Xcompiler -static
+	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
+	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
+	econf \
+		$(usex mbedtls '--with-crypto-library=mbedtls' '') \
+		$(use_enable inotify async-push) \
+		$(use_enable ssl crypto) \
+		$(use_enable lz4) \
+		$(use_enable lzo) \
+		$(use_enable pkcs11) \
+		$(use_enable plugins) \
+		$(use_enable iproute2) \
+		$(use_enable pam plugin-auth-pam) \
+		$(use_enable down-root plugin-down-root) \
+		$(use_enable test tests) \
+		$(use_enable systemd)
+}
+
+src_test() {
+	make check || die "top-level tests failed"
+	pushd tests/unit_tests > /dev/null || die
+	make check || die "unit tests failed"
+	popd > /dev/null || die
+}
+
+src_install() {
+	default
+	find "${ED}/usr" -name '*.la' -delete
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# dodoc does not supportly support directory traversal, #15193
+		insinto /usr/share/doc/${PF}/examples
+		doins -r sample contrib
+	fi
+}
+
+pkg_postinst() {
+	# Add openvpn user so openvpn servers can drop privs
+	# Clients should run as root so they can change ip addresses,
+	# dns information and other such things.
+	enewgroup openvpn
+	enewuser openvpn "" "" "" openvpn
+
+	if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then
+		ewarn "WARNING: The openvpn init script has changed"
+		ewarn ""
+	fi
+
+	if use x64-macos; then
+		elog "You might want to install tuntaposx for TAP interface support:"
+		elog "http://tuntaposx.sourceforge.net"
+	fi
+
+	elog "The openvpn init script expects to find the configuration file"
+	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+	elog ""
+	elog "To create more VPNs, simply create a new .conf file for it and"
+	elog "then create a symlink to the openvpn init script from a link called"
+	elog "openvpn.newconfname - like so"
+	elog "   cd /etc/openvpn"
+	elog "   ${EDITOR##*/} foo.conf"
+	elog "   cd /etc/init.d"
+	elog "   ln -s openvpn openvpn.foo"
+	elog ""
+	elog "You can then treat openvpn.foo as any other service, so you can"
+	elog "stop one vpn and start another if you need to."
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
+	fi
+}
diff --git a/net-vpn/openvpn/openvpn-2.4.4.ebuild b/net-vpn/openvpn/openvpn-2.4.4.ebuild
new file mode 100644
index 000000000000..74cf0f22fd79
--- /dev/null
+++ b/net-vpn/openvpn/openvpn-2.4.4.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic user systemd linux-info
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz
+	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x86-macos"
+
+IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
+IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+	mbedtls? ( ssl !libressl )
+	pkcs11? ( ssl )
+	!plugins? ( !pam !down-root )
+	inotify? ( plugins )"
+
+CDEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] )
+		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
+	)
+	pam? ( virtual/pam )
+	ssl? (
+		!mbedtls? (
+			!libressl? ( >=dev-libs/openssl-0.9.8:* )
+			libressl? ( dev-libs/libressl )
+		)
+		mbedtls? ( net-libs/mbedtls )
+	)
+	lz4? ( app-arch/lz4 )
+	lzo? ( >=dev-libs/lzo-1.07 )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )"
+DEPEND="${CDEPEND}
+	test? ( dev-util/cmocka )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-openvpn )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-external-cmocka.patch"
+)
+
+pkg_setup()  {
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+
+	if use test; then
+		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
+	fi
+}
+
+src_configure() {
+	use static && append-ldflags -Xcompiler -static
+	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
+	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
+	IFCONFIG=/bin/ifconfig \
+	ROUTE=/bin/route \
+	econf \
+		$(usex mbedtls '--with-crypto-library=mbedtls' '') \
+		$(use_enable inotify async-push) \
+		$(use_enable ssl crypto) \
+		$(use_enable lz4) \
+		$(use_enable lzo) \
+		$(use_enable pkcs11) \
+		$(use_enable plugins) \
+		$(use_enable iproute2) \
+		$(use_enable pam plugin-auth-pam) \
+		$(use_enable down-root plugin-down-root) \
+		$(use_enable test tests) \
+		$(use_enable systemd)
+}
+
+src_test() {
+	make check || die "top-level tests failed"
+	pushd tests/unit_tests > /dev/null || die
+	make check || die "unit tests failed"
+	popd > /dev/null || die
+}
+
+src_install() {
+	default
+	find "${ED}/usr" -name '*.la' -delete
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# dodoc does not supportly support directory traversal, #15193
+		insinto /usr/share/doc/${PF}/examples
+		doins -r sample contrib
+	fi
+}
+
+pkg_postinst() {
+	# Add openvpn user so openvpn servers can drop privs
+	# Clients should run as root so they can change ip addresses,
+	# dns information and other such things.
+	enewgroup openvpn
+	enewuser openvpn "" "" "" openvpn
+
+	if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then
+		ewarn "WARNING: The openvpn init script has changed"
+		ewarn ""
+	fi
+
+	if use x64-macos; then
+		elog "You might want to install tuntaposx for TAP interface support:"
+		elog "http://tuntaposx.sourceforge.net"
+	fi
+
+	elog "The openvpn init script expects to find the configuration file"
+	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+	elog ""
+	elog "To create more VPNs, simply create a new .conf file for it and"
+	elog "then create a symlink to the openvpn init script from a link called"
+	elog "openvpn.newconfname - like so"
+	elog "   cd /etc/openvpn"
+	elog "   ${EDITOR##*/} foo.conf"
+	elog "   cd /etc/init.d"
+	elog "   ln -s openvpn openvpn.foo"
+	elog ""
+	elog "You can then treat openvpn.foo as any other service, so you can"
+	elog "stop one vpn and start another if you need to."
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
+	fi
+}
diff --git a/net-vpn/openvpn/openvpn-9999.ebuild b/net-vpn/openvpn/openvpn-9999.ebuild
new file mode 100644
index 000000000000..8a34713832c5
--- /dev/null
+++ b/net-vpn/openvpn/openvpn-9999.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic user systemd linux-info git-r3
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git"
+EGIT_SUBMODULES=(-cmocka)
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS=""
+
+IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
+IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+	lzo? ( !lz4 )
+	pkcs11? ( ssl )
+	mbedtls? ( ssl !libressl )
+	pkcs11? ( ssl )
+	!plugins? ( !pam !down-root )
+	inotify? ( plugins )"
+
+CDEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] )
+		!iproute2? ( sys-apps/net-tools )
+	)
+	pam? ( virtual/pam )
+	ssl? (
+		!mbedtls? (
+			!libressl? ( >=dev-libs/openssl-0.9.8:* )
+			libressl? ( dev-libs/libressl )
+		)
+		mbedtls? ( net-libs/mbedtls )
+	)
+	lz4? ( app-arch/lz4 )
+	lzo? ( >=dev-libs/lzo-1.07 )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )"
+DEPEND="${CDEPEND}
+	test? ( dev-util/cmocka )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-openvpn )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-external-cmocka.patch"
+)
+
+pkg_setup()  {
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	use static && append-ldflags -Xcompiler -static
+	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
+	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
+	econf \
+		--with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \
+		$(usex mbedtls 'with-crypto-library' 'mbedtls' '' '') \
+		$(use_enable inotify async-push) \
+		$(use_enable ssl crypto) \
+		$(use_enable lz4) \
+		$(use_enable lzo) \
+		$(use_enable pkcs11) \
+		$(use_enable plugins) \
+		$(use_enable iproute2) \
+		$(use_enable pam plugin-auth-pam) \
+		$(use_enable down-root plugin-down-root) \
+		$(use_enable test tests) \
+		$(use_enable systemd)
+}
+
+src_test() {
+	make check || die "top-level tests failed"
+	pushd tests/unit_tests > /dev/null || die
+	make check || die "unit tests failed"
+	popd > /dev/null || die
+}
+
+src_install() {
+	default
+	find "${ED}/usr" -name '*.la' -delete
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# dodoc does not supportly support directory traversal, #15193
+		insinto /usr/share/doc/${PF}/examples
+		doins -r sample contrib
+	fi
+}
+
+pkg_postinst() {
+	# Add openvpn user so openvpn servers can drop privs
+	# Clients should run as root so they can change ip addresses,
+	# dns information and other such things.
+	enewgroup openvpn
+	enewuser openvpn "" "" "" openvpn
+
+	if path_exists -o "${EROOT%/}"/etc/openvpn/*/local.conf ; then
+		ewarn "WARNING: The openvpn init script has changed"
+		ewarn ""
+	fi
+
+	elog "The openvpn init script expects to find the configuration file"
+	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+	elog ""
+	elog "To create more VPNs, simply create a new .conf file for it and"
+	elog "then create a symlink to the openvpn init script from a link called"
+	elog "openvpn.newconfname - like so"
+	elog "   cd /etc/openvpn"
+	elog "   ${EDITOR##*/} foo.conf"
+	elog "   cd /etc/init.d"
+	elog "   ln -s openvpn openvpn.foo"
+	elog ""
+	elog "You can then treat openvpn.foo as any other service, so you can"
+	elog "stop one vpn and start another if you need to."
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
+	fi
+
+	ewarn ""
+	ewarn "You are using a live ebuild building from the sources of openvpn"
+	ewarn "repository from http://openvpn.git.sourceforge.net. For reporting"
+	ewarn "bugs please contact: openvpn-devel@lists.sourceforge.net."
+}