diff options
Diffstat (limited to 'net-vpn')
20 files changed, 161 insertions, 1065 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 1a3e75715dbf..70c3549aaa86 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest index 9d604c789e95..d1f7578be410 100644 --- a/net-vpn/i2pd/Manifest +++ b/net-vpn/i2pd/Manifest @@ -8,8 +8,10 @@ DIST i2pd-2.19.0.tar.gz 1982459 BLAKE2B b05f7a3018091e9c0008ca7037e44b6f5a4416be DIST i2pd-2.20.0.tar.gz 1991174 BLAKE2B 37b85dc37299cd6d2f64050eb096ecc11d75ccdcdba845f34c908e6467cbcb9fa7cea9243415bafd7c9167f5e8ea06c8729bcb885e78f45e37680f8001b69237 SHA512 affade889d32fdf20fc0bc4c7bb809fb511794421a80a93334707e26c72eecc83715d756d79ce7924d43ef44dc9f655925de860b5b392b6c4fe815eb873c1864 DIST i2pd-2.21.0.tar.gz 1993520 BLAKE2B 616f4938d547e6a5d27292bec1741fa28131c37ad12b0f7c564e24ff0fd3b0a01974989ac6f337cd58cc1a618980fd171692c0164d22c3e97080540318e5df89 SHA512 a9c2f4bb1ec6459e7f8f48b74a48dd192af0962876fc6dcf998febe342918f98a21ae421cf48402d5e0c4570641eb3112d85522230dad34cabe6c4f367d6d8ab DIST i2pd-2.21.1.tar.gz 1993853 BLAKE2B 8686acf12464f892cb116ba6c14b67fc56af45315feec25b4c165c7b38238f48b7e1ca227f8b2b53dabcb4d9f46555e1528f4f11e675fbfc63aa3fad062280b6 SHA512 e73c0c1f624b468a4a30996de77b27f5a2166d16b57724ec58647e5630f9e988052b11962fa47f318403ccd4c675a8d7c8b0ddcaa79666cea9743a6437fc4fd2 +DIST i2pd-2.22.0.tar.gz 2263033 BLAKE2B b8b7fa0a1fc4e333824eed8c6bd5fbfe40b83b7a0dbf5db8001144ca1b672c6e33996ad5218ef53cca15e56738fd8447f1c10a90c109d86a2364ef7646cc1377 SHA512 da8187a5d68bf09962419da91eeeb12534eaa2b519139784afb5faf6f1c40e7b344181f987461614d0f7b6563d0a872c8180ecc8a122ed08688130de3d13b0e8 EBUILD i2pd-2.19.0.ebuild 3100 BLAKE2B 27284f8510bfdf37c3d576fa1f4718134d5f948ee1f614272ae86b94cb2f68acb3f9ad59898f8a2b94280c3aa40e1f4c9410dd20d4ebd02e379099fbbad9db52 SHA512 809418d598459849a6d42322b1fa749f5eabcef3f0f3731ce44d74d5744716b5f3fdf979b1288f88b7667fe4e5aea5c83e73bdf5ff769e22b4d3dfb68306cbf6 EBUILD i2pd-2.20.0.ebuild 3166 BLAKE2B 5a62ee83bd80beca39b265a8a6806c733d047066d204afe101ded329795b4f053af6dd13e93914bb22ab307729eda6ed72073a6cd0bd5699ed6f350b4ae136cf SHA512 24098b0bf0e114bbcda5eaa821906f7b7c4387b4202220526bf177c109979f6a0b65d0449a7e13bcc2d134a90cf9e8ca0fc2cd7db04620e1ad5a3115de36a017 EBUILD i2pd-2.21.0.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3 EBUILD i2pd-2.21.1.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3 +EBUILD i2pd-2.22.0.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3 MISC metadata.xml 742 BLAKE2B 81ae213b17776466f9d33a4798bff20494ab8c09872d1a65fcb0ab4d05cbf2a0858c1c7538a205bbefa491a21d0b3deb613a362d7e5493e5c6ac074b1dacbe53 SHA512 ca6b5eea5aeb685632ed742144cf8a3fc19e7b0b1c213ea6fdf62a07a4f7727e8f001189e09daa201563bfbb79539cee0050c739a23320baa4b4d95a4279b553 diff --git a/net-vpn/i2pd/i2pd-2.22.0.ebuild b/net-vpn/i2pd/i2pd-2.22.0.ebuild new file mode 100644 index 000000000000..9b28206e7582 --- /dev/null +++ b/net-vpn/i2pd/i2pd-2.22.0.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit systemd user cmake-utils eapi7-ver toolchain-funcs + +DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" +HOMEPAGE="https://github.com/PurpleI2P/i2pd" +SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86" +IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening libressl static +upnp websocket" + +# if using libressl, require >=boost-1.65, see #597798 +RDEPEND=" + !static? ( + dev-libs/boost[threads] + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( + dev-libs/libressl:0 + >=dev-libs/boost-1.65 + ) + upnp? ( net-libs/miniupnpc ) + )" +DEPEND="${RDEPEND} + static? ( + dev-libs/boost[static-libs,threads] + !libressl? ( dev-libs/openssl:0[static-libs] ) + libressl? ( + dev-libs/libressl:0[static-libs] + >=dev-libs/boost-1.65 + ) + sys-libs/zlib[static-libs] + upnp? ( net-libs/miniupnpc[static-libs] ) + ) + websocket? ( dev-cpp/websocketpp )" + +I2PD_USER=i2pd +I2PD_GROUP=i2pd + +CMAKE_USE_DIR="${S}/build" + +DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf ) + +PATCHES=( "${FILESDIR}/${PN}-2.14.0-fix_installed_components.patch" ) + +pkg_pretend() { + if tc-is-gcc && ! ver_test "$(gcc-version)" -ge "4.7"; then + die "At least gcc 4.7 is required" + fi + if use i2p-hardening && ! tc-is-gcc; then + die "i2p-hardening requires gcc" + fi +} + +src_configure() { + mycmakeargs=( + -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF) + -DWITH_AVX=$(usex cpu_flags_x86_avx ON OFF) + -DWITH_HARDENING=$(usex i2p-hardening ON OFF) + -DWITH_PCH=OFF + -DWITH_STATIC=$(usex static ON OFF) + -DWITH_UPNP=$(usex upnp ON OFF) + -DWITH_WEBSOCKETS=$(usex websocket ON OFF) + -DWITH_LIBRARY=ON + -DWITH_BINARY=ON + ) + cmake-utils_src_configure +} + +src_install() { + cmake-utils_src_install + + # config + insinto /etc/i2pd + doins contrib/i2pd.conf + doins contrib/tunnels.conf + + # grant i2pd group read and write access to config files + fowners "root:${I2PD_GROUP}" \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + fperms 660 \ + /etc/i2pd/i2pd.conf \ + /etc/i2pd/tunnels.conf + + # working directory + keepdir /var/lib/i2pd + insinto /var/lib/i2pd + doins -r contrib/certificates + fowners "${I2PD_USER}:${I2PD_GROUP}" /var/lib/i2pd/ + fperms 700 /var/lib/i2pd/ + + # add /var/lib/i2pd/certificates to CONFIG_PROTECT + doenvd "${FILESDIR}/99i2pd" + + # openrc and systemd daemon routines + newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd + newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd + systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service + + # logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}/i2pd-2.6.0-r3.logrotate" i2pd +} + +pkg_setup() { + enewgroup "${I2PD_GROUP}" + enewuser "${I2PD_USER}" -1 -1 /var/lib/run/i2pd "${I2PD_GROUP}" +} + +pkg_postinst() { + if [[ -f ${EROOT%/}/etc/i2pd/subscriptions.txt ]]; then + ewarn + ewarn "Configuration of the subscriptions has been moved from" + ewarn "subscriptions.txt to i2pd.conf. We recommend updating" + ewarn "i2pd.conf accordingly and deleting subscriptions.txt." + fi +} diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index 9ba80e26a9e2..3fbe8034c117 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -2,12 +2,9 @@ AUX libreswan-3.23-modern-kernels.patch 525 BLAKE2B 5c1353932dddd0febf60ae0b8c03 AUX libreswan-3.25-no-curl.patch 706 BLAKE2B 2d1f74b6b1d65f2e3ddad8646e2e5ea8a4aa98b4eee617521255c7bec35f53f1cde6254cd82f731e6ad5701f16cceaba907653e1c490ef97b2648f9d066e0328 SHA512 e03b17bc647f0d817cacfee2c96c37c50615d8ad53fdfb0be7095bf79fe3317d66092f006aeaf1ea4d67841ccdba29ab4a6e1ce181459b41d16dedcee5cb73d3 AUX libreswan-3.26-nss-link.patch 719 BLAKE2B 80a98e3e4b4773245ebdb005535603879df9b54ed7f8cec8864059af0fed51379c6311f1f7f52a99467e989a9f56c6d80b8919f2e72ade32fab52d9dd241b861 SHA512 1b55612b634fdd48829854e0c7a4eba5b19080dc75d1f5b8e1c59c4988bd45cb043ef6669172bf0d8dd4ba914fd924d47ff3bb5712cde4c09fea5141933e01b3 AUX libreswan-3.26-nss.patch 853 BLAKE2B 487afd48208223030aa5a4fc434f1bc5d817d9ed78392399ef98db09f22a2d975510134a9ae55875b7e15c0fef221393d6648fb00cd208b4aab140aa0c142318 SHA512 118609fd2ed7e9c35333106b6896ce3a9c463cd3dda7f0bce31e2cccf91f88080f34ec39f8f3b5f3453eedea520f2e1b031b6771502d8c74831e20883a162d6e -DIST libreswan-3.22.tar.gz 6910418 BLAKE2B c06134fa2d1096231797f1ea93de8ed61121472b10ae30ee9a843250dce4ef9f21e7d3bf63f38daf53fbfd8d1e435cfdc704743d0fdcbde8ecac137d9becac48 SHA512 93868327394527750590e1297443d3eb1c9a528d680348098fd2913123dac52c9fecd73b855ee00586c2516b8aa00f7f0d158d8e9b19d7487b5fb26432b86aff DIST libreswan-3.25.tar.gz 3988630 BLAKE2B 8479b5b0d7d49055b7dcefa6c3b2f469b0aa60005e05446d5c1c6f73a32c904835422248c6ead2a1c2dc83b63794fd50f7461fd22c4206414b5890c01b99b722 SHA512 246649cb5bef1d0690217d1080f3f6f175a0d7a5f27e5a7affdf291b2f418a11937e96b64716a33e6312530409a2c1b10b90e2fa5ec339a27c94c990d86ed517 -DIST libreswan-3.26.tar.gz 3706205 BLAKE2B e54e6d3a0163f0b6812c53400e7f57e01319d7cf64a5d9e84d5002bbab24d5de1b6461c6bba02d60630017a50c23ecb1a095f3da1a36a4e6fc64e90cf08fd798 SHA512 10965a23197ef5d21a66dc0838066ceb620b2653f64471553284e0043fbc993584e497742b498e0be410427aeed3d8ce5bfdc6dfab59b8a1a1ba9a363473c4a4 DIST libreswan-3.27.tar.gz 3720103 BLAKE2B 51ee792cd3fb8330a9cfee0b1a27e48c9a8c8fd3346e8c06fe0a911c813c400ef62d68b1d06bb849695aad5f4d5a496dc444b2543aa9ffbc59d373081c0b85e5 SHA512 b92ecfd08b9d19dc801032176eff3dd07f625223d4f0dd07ff10f639644573430a55f7aebfcc8b9d2424e194ca9d06b17ad5a13dad5dc6f659d19bc5d32520f5 -EBUILD libreswan-3.22.ebuild 2814 BLAKE2B 566683ee612fd84a0fe4cf49cd90bb2c8f67e9aa151461c0c0e68a9179ce5741203764ac520f9f434d8f02d0a30129d3e39059329ca5f991bed74437be4c117a SHA512 e337d3895fd3fe3a803b7e137407dff4ee5e6c4e9928c157715c1f87a6c877f2be4498d884254379c03d63b95f75e71df01a2d839535bb75bcbee7c770956654 EBUILD libreswan-3.25.ebuild 2856 BLAKE2B 0e2573d71d4f96d6cf271e6d71ad7efffd336877ede43f5ed2f7e35103d8cd67194df195c7bab7d9be513c2ee85c869af8778a8f9fefaf2087e0114b4d052a90 SHA512 be841c666376e6b410b9bd5f15d84c23f3bfa5848ea382b29108ce104cdb22627af145bdaa9b5d5447560705859cc5726643562a109b8b9d126967251c8e0db8 -EBUILD libreswan-3.26.ebuild 2896 BLAKE2B 6887a7656d51395835ad41605b4ed9e9d915e0996cc2c6612a48abdc4c7a6071f3de69089bbc96212c39bcfba8076e2d857042aef1c7d172a0b29a06eb4afbe5 SHA512 cd803735a9b396205ba3e382befbd63b40cf7e8532de299ee8a1736208b7c2ca079fa4e083b272115fb53ecd8e1194003675110a50dc9313b4f06b45a101d844 -EBUILD libreswan-3.27.ebuild 2813 BLAKE2B 23c1d768e88dd76262c0dacdd412d5ce2565c86dfe9a216a44defea8e16430e9659fe695123e9e12255e71b769c82c2abd45654e8fa39466f495fb582af67fc2 SHA512 ad9325ee407f85a0ebf0bbe740b8c36c3c0078bdf9023ca6ec03b5e430ca0b3d4eee3ff590ee76b0c8729e7923e95966ae3ae44bfca543a7741e1efd1bace956 +EBUILD libreswan-3.27-r1.ebuild 2939 BLAKE2B bbceef07aaefbf8323a2342bf8479ae47ef9824581095d065a5d61ffc9e3c6434f8217b88221c421f2d1f377cf8f50c3e31661b7627abbc81a51ad7e2fc9a759 SHA512 6de7bbf1962589cfd1b4cdb4d9b3db2fec2d997a5e7c46dbfd35330521a3c42915adf36a6214736da5173f851fd3f659f89d23782a197d72a5d33be29e42b093 +EBUILD libreswan-3.27.ebuild 2811 BLAKE2B 04ac4dc887783fcadd8aaa444ec59c71b9221b4f968d6ab13305866d26f5025208c806307b63874607de8617ad64e69fce54b7a08d3e958b20e5331531048f94 SHA512 e3b7a8b50f17f426cdab73fc237ef555e8d0d89d06546a60d0c38d01001620e9b03ec4e8e933aa587561019057aa71ee80250b8c3ae6aac502a93e5c6a5cd77b MISC metadata.xml 319 BLAKE2B 6bae0756e29efeb1cf77d60f7e38fe62ffa5f24c3745e07900e6ef5f65194c50f6a479d97fdcc24804ccdcfefd9707b12f08dffe613fcf798afc421826de36e4 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865 diff --git a/net-vpn/libreswan/libreswan-3.22.ebuild b/net-vpn/libreswan/libreswan-3.22.ebuild deleted file mode 100644 index 5b4e7f960e6e..000000000000 --- a/net-vpn/libreswan/libreswan-3.22.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit systemd toolchain-funcs - -SRC_URI="https://download.libreswan.org/${P}.tar.gz" -KEYWORDS="amd64 ~ppc x86" - -DESCRIPTION="IPsec implementation for Linux, fork of Openswan" -HOMEPAGE="https://libreswan.org/" - -LICENSE="GPL-2 BSD-4 RSA DES" -SLOT="0" -IUSE="caps curl dnssec ldap pam seccomp selinux systemd test" - -COMMON_DEPEND=" - dev-libs/gmp:0= - dev-libs/libevent:0= - dev-libs/nspr - caps? ( sys-libs/libcap-ng ) - curl? ( net-misc/curl ) - dnssec? ( net-dns/unbound:= net-libs/ldns ) - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - seccomp? ( sys-libs/libseccomp ) - selinux? ( sys-libs/libselinux ) - systemd? ( sys-apps/systemd:0= ) -" -DEPEND="${COMMON_DEPEND} - app-text/docbook-xml-dtd:4.1.2 - app-text/xmlto - dev-libs/nss - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - test? ( dev-python/setproctitle ) -" -RDEPEND="${COMMON_DEPEND} - dev-libs/nss[utils(+)] - sys-apps/iproute2 - !net-misc/openswan - !net-vpn/strongswan - selinux? ( sec-policy/selinux-ipsec ) -" - -usetf() { - usex "$1" true false -} - -src_prepare() { - sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die - sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die - default -} - -src_configure() { - tc-export AR CC - export INC_USRLOCAL=/usr - export INC_MANDIR=share/man - export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} - export FINALDOCDIR=/usr/share/doc/${PF}/html - export INITSYSTEM=openrc - export INC_RCDIRS= - export INC_RCDEFAULT=/etc/init.d - export USERCOMPILE= - export USERLINK= - export USE_DNSSEC=$(usetf dnssec) - export USE_LABELED_IPSEC=$(usetf selinux) - export USE_LIBCAP_NG=$(usetf caps) - export USE_LIBCURL=$(usetf curl) - export USE_LINUX_AUDIT=$(usetf selinux) - export USE_LDAP=$(usetf ldap) - export USE_SECCOMP=$(usetf seccomp) - export USE_SYSTEMD_WATCHDOG=$(usetf systemd) - export SD_WATCHDOGSEC=$(usex systemd 200 0) - export USE_XAUTHPAM=$(usetf pam) - export DEBUG_CFLAGS= - export OPTIMIZE_CFLAGS= - export WERROR_CFLAGS= -} - -src_compile() { - emake all - emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all -} - -src_test() { - : # integration tests only that require set of kvms to be set up -} - -src_install() { - default - emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install - - echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets - fperms 0600 /etc/ipsec.secrets - - dodoc -r docs - - find "${D}" -type d -empty -delete || die -} - -pkg_postinst() { - local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d - if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then - ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" - certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) - eend $? - fi -} diff --git a/net-vpn/libreswan/libreswan-3.26.ebuild b/net-vpn/libreswan/libreswan-3.27-r1.ebuild index 7c3de3ac0b86..aa0e463073df 100644 --- a/net-vpn/libreswan/libreswan-3.26.ebuild +++ b/net-vpn/libreswan/libreswan-3.27-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -50,9 +50,6 @@ usetf() { } src_prepare() { - eapply "${FILESDIR}/${P}-nss.patch" - eapply "${FILESDIR}/${P}-nss-link.patch" - sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die default @@ -107,9 +104,10 @@ src_install() { pkg_postinst() { local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d - if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then - ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" - certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" fi } diff --git a/net-vpn/libreswan/libreswan-3.27.ebuild b/net-vpn/libreswan/libreswan-3.27.ebuild index 736e805196d8..7d8d9507ce45 100644 --- a/net-vpn/libreswan/libreswan-3.27.ebuild +++ b/net-vpn/libreswan/libreswan-3.27.ebuild @@ -6,7 +6,7 @@ EAPI=6 inherit systemd toolchain-funcs SRC_URI="https://download.libreswan.org/${P}.tar.gz" -KEYWORDS="~amd64 ~ppc ~x86" +KEYWORDS="amd64 ~ppc x86" DESCRIPTION="IPsec implementation for Linux, fork of Openswan" HOMEPAGE="https://libreswan.org/" diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index c89a1d587ad4..f2fcf9d1e77d 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -1,10 +1,4 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c -DIST strongswan-5.6.0.tar.bz2 4850722 BLAKE2B edb9f2b277cd8bccf886a824e4b3fb3c06af7510d9e21283fcb8d8ba9cf234f38182fcd1ca0c350b4039945ab10888406986d9a0b8edac24fe09faf0b8967fb2 SHA512 9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649 -DIST strongswan-5.6.2.tar.bz2 4977859 BLAKE2B 83943ec95e6b95724e9fc130a09f7c7364147d0ce50528ac8b64452db53516b143e92c7dcb746c0c25aaac9182dda14d55e5c267fbdcd5bb9a63cbf48801274b SHA512 cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52 -DIST strongswan-5.6.3.tar.bz2 4961579 BLAKE2B 177d9ca9a730c8ccb3293c9f1c1397429879177aef60c90a3561fffed64cd4fe18cdf1c74bd52956c576e061ce33935b7dc34864576edeac7d4824841b0ee3e0 SHA512 080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078141232ac62abfacef892c493f6824948b3165d54d72b4e436ed564fd2609 DIST strongswan-5.7.1.tar.bz2 4967533 BLAKE2B e438d1b44a997eb0e012586b18604bd35ac6f53cce1c34ff89192a760bbd0d6a9aaa7b90b389ff1a5e7c6d2356ff5cc74b40daad1d6579fa5026f4878489bf66 SHA512 43102814434bee7c27a5956be59099cc4ffb9bb5b0d6382ce4c6a80d1d82ed6639f698f5f5544b9ca563554a344638c953525b0e2d39bc6b71b19055c80e07fc -EBUILD strongswan-5.6.0-r1.ebuild 9316 BLAKE2B de030a9ae26d83c6f2aa2bdfadf3c6f29acebaa53b4e3b88389398c0ec8552f9107828afa0a5639471885e83cdf5b982373e9975ecb2567fb79adf3f3b9c6f7a SHA512 d2e6b7a8ce68033203d854429234e5a4600501d3d17db4b3f0b2e7f6c428aac5acbd74b48a88583464a5936467e180f126f269b5b046ebac047c547fa791222e -EBUILD strongswan-5.6.2.ebuild 9320 BLAKE2B 3d760c087b443d75046c6db3e6dc079d401592588308379716781e25d5310844ec10464ba7791381fa7a6009a8af9217b6f64b442322320fb7cdd2b51ef87c3a SHA512 398534ef23686b54751f238c45a81d53990076eb3e7ff6c4591d5ddaadfb83808c0ad58d0ed46b467562f3c72693a414f4ad9645f51e9129758fcf8d255df8d9 -EBUILD strongswan-5.6.3.ebuild 9420 BLAKE2B b05e471c1a11f2a258a3f062c26a80a8a8426f798f09604c78926b2475ea63fc496da910286d94c1989330c7930680efc3cea8a0b97d484532d7e2acb79cbabb SHA512 6f2af391b174d5466e0d315a78884ea642aab521c3ddf1265acbdf28e802eb4c57695ecd612a6ea7f285e7e4245f2498d567079e949373d59db0979b3c54445e -EBUILD strongswan-5.7.1.ebuild 9427 BLAKE2B 719516ab5dd2ad2ab90a644ba4bd86507bb0d388e229d247b4cf83e9d99e8610f595d7a8236f7d8bab6f228ba1a4e70c0b48950947be37005bfa283fe6659b08 SHA512 ca742d9115007bc94627be19b90b32d6c8b0fe21fda8fca48d8973e080175d917ea586494f718cd4180b439a97f513299a4f279057b89251e02cef5e54ea803a +EBUILD strongswan-5.7.1.ebuild 9426 BLAKE2B 48d770e14d7e08bd9baf7294fa3b8ffbdaff26347918a2b411dd2b958a71fdc20379d8659fee066d9d01a3680dbd040fa9421d9483a542b3c690792b12e70964 SHA512 412a269f27723601813d8145bbc2263bf627298197e8c50a76368e07530c04799c6149976c424ceddd6ccd48eee8b39ae845c8bec1100598c1a40b4bff9c478b MISC metadata.xml 4135 BLAKE2B 13739675c455765d7ce73df9744779636d36d3f93eee4567c931fb40e528e56d34912e26a82bd35e377fbd34613c0b7044841ff6c2dc26694187d0de355f8b86 SHA512 e09ef1afdf5002dab542312753cbce56e830b906aa5c5ac8fd5c7b57cbaf021eb0c466241cf810f446693b8dedd90f185f3e2c7a53a0b9a43e14913dcdd83b23 diff --git a/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild b/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild deleted file mode 100644 index 7682afd92ad3..000000000000 --- a/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild +++ /dev/null @@ -1,303 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="http://www.strongswan.org/" -SRC_URI="http://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="amd64 arm ppc ~ppc64 x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( virtual/mysql ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_prepare() { - epatch_user -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_with caps capabilities libcap) \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - "$(systemd_with_unitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO || die - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.6.2.ebuild b/net-vpn/strongswan/strongswan-5.6.2.ebuild deleted file mode 100644 index c7dbeeac3bec..000000000000 --- a/net-vpn/strongswan/strongswan-5.6.2.ebuild +++ /dev/null @@ -1,303 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="http://www.strongswan.org/" -SRC_URI="http://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( virtual/mysql ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_prepare() { - epatch_user -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_with caps capabilities libcap) \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - "$(systemd_with_unitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO || die - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.6.3.ebuild b/net-vpn/strongswan/strongswan-5.6.3.ebuild deleted file mode 100644 index a9486f5cba78..000000000000 --- a/net-vpn/strongswan/strongswan-5.6.3.ebuild +++ /dev/null @@ -1,303 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -inherit linux-info systemd user - -DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="https://www.strongswan.org/" -SRC_URI="https://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA DES" -SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" -IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" - -STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" -STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist" -for mod in $STRONGSWAN_PLUGINS_STD; do - IUSE="${IUSE} +strongswan_plugins_${mod}" -done - -for mod in $STRONGSWAN_PLUGINS_OPT; do - IUSE="${IUSE} strongswan_plugins_${mod}" -done - -COMMON_DEPEND="!net-misc/openswan - gmp? ( >=dev-libs/gmp-4.1.5:= ) - gcrypt? ( dev-libs/libgcrypt:0 ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) - mysql? ( virtual/mysql ) - sqlite? ( >=dev-db/sqlite-3.3.1 ) - systemd? ( sys-apps/systemd ) - networkmanager? ( net-misc/networkmanager ) - pam? ( sys-libs/pam ) - strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger - sys-apps/iproute2 - !net-vpn/libreswan - selinux? ( sec-policy/selinux-ipsec )" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - if use pam && use eap; then - myconf="${myconf} --enable-eap-gtc" - else - myconf="${myconf} --disable-eap-gtc" - fi - - for mod in $STRONGSWAN_PLUGINS_STD; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - for mod in $STRONGSWAN_PLUGINS_OPT; do - if use strongswan_plugins_${mod}; then - myconf+=" --enable-${mod}" - fi - done - - econf \ - --disable-static \ - --enable-ikev1 \ - --enable-ikev2 \ - --enable-swanctl \ - --enable-socket-dynamic \ - $(use_enable curl) \ - $(use_enable constraints) \ - $(use_enable ldap) \ - $(use_enable debug leak-detective) \ - $(use_enable dhcp) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap md4) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable eap eap-tls) \ - $(use_enable eap eap-ttls) \ - $(use_enable eap xauth-eap) \ - $(use_enable eap eap-dynamic) \ - $(use_enable farp) \ - $(use_enable gmp) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable networkmanager nm) \ - $(use_enable openssl) \ - $(use_enable pam xauth-pam) \ - $(use_enable pkcs11) \ - $(use_enable sqlite) \ - $(use_enable systemd) \ - $(use_with caps capabilities libcap) \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc NEWS README TODO || die - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "<net-vpn/strongswan-4.3.6-r1" - upgrade_from_leq_4_3_6=$(( !$? )) - - has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" - previous_4_3_6_with_caps=$(( !$? )) -} - -pkg_postinst() { - if ! use openssl && ! use gcrypt; then - elog - elog "${PN} has been compiled without both OpenSSL and libgcrypt support." - elog "Please note that this might effect availability and speed of some" - elog "cryptographic features. You are advised to enable the OpenSSL plugin." - elif ! use openssl; then - elog - elog "${PN} has been compiled without the OpenSSL plugin. This might effect" - elog "availability and speed of some cryptographic features. There will be" - elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," - elog "25, 26) and ECDSA." - fi - - if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then - chmod 0750 "${ROOT}"/etc/ipsec.d \ - "${ROOT}"/etc/ipsec.d/aacerts \ - "${ROOT}"/etc/ipsec.d/acerts \ - "${ROOT}"/etc/ipsec.d/cacerts \ - "${ROOT}"/etc/ipsec.d/certs \ - "${ROOT}"/etc/ipsec.d/crls \ - "${ROOT}"/etc/ipsec.d/ocspcerts \ - "${ROOT}"/etc/ipsec.d/private \ - "${ROOT}"/etc/ipsec.d/reqs - - ewarn - ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" - ewarn "security reasons. Your system installed directories have been" - ewarn "updated accordingly. Please check if necessary." - ewarn - - if [[ $previous_4_3_6_with_caps == 1 ]]; then - if ! use non-root; then - ewarn - ewarn "IMPORTANT: You previously had ${PN} installed without root" - ewarn "privileges because it was implied by the 'caps' USE flag." - ewarn "This has been changed. If you want ${PN} with user privileges," - ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." - ewarn - fi - fi - fi - if ! use caps && ! use non-root; then - ewarn - ewarn "You have decided to run ${PN} with root privileges and built it" - ewarn "without support for POSIX capability dropping. It is generally" - ewarn "strongly suggested that you reconsider- especially if you intend" - ewarn "to run ${PN} as server with a public ip address." - ewarn - ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." - ewarn - fi - if use non-root; then - elog - elog "${PN} has been installed without superuser privileges (USE=non-root)." - elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" - elog "but also a few to the IKEv2 daemon 'charon'." - elog - elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" - elog - elog "pluto uses a helper script by default to insert/remove routing and" - elog "policy rules upon connection start/stop which requires superuser" - elog "privileges. charon in contrast does this internally and can do so" - elog "even with reduced (user) privileges." - elog - elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" - elog "script to pluto or charon which requires superuser privileges, you" - elog "can work around this limitation by using sudo to grant the" - elog "user \"ipsec\" the appropriate rights." - elog "For example (the default case):" - elog "/etc/sudoers:" - elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" - elog "Under the specific connection block in /etc/ipsec.conf:" - elog " leftupdown=\"sudo -E ipsec _updown iptables\"" - elog - fi - elog - elog "Make sure you have _all_ required kernel modules available including" - elog "the appropriate cryptographic algorithms. A list is available at:" - elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" - elog - elog "The up-to-date manual is available online at:" - elog " http://wiki.strongswan.org/" - elog -} diff --git a/net-vpn/strongswan/strongswan-5.7.1.ebuild b/net-vpn/strongswan/strongswan-5.7.1.ebuild index 66abae1e8a4b..b536b1a8534f 100644 --- a/net-vpn/strongswan/strongswan-5.7.1.ebuild +++ b/net-vpn/strongswan/strongswan-5.7.1.ebuild @@ -10,7 +10,7 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA DES" SLOT="0" -KEYWORDS="amd64 arm ~ppc ~ppc64 x86" +KEYWORDS="amd64 arm ppc ~ppc64 x86" IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 32ae3cb42043..d2605c8e2724 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -4,14 +4,14 @@ AUX tor-0.3.3.2-alpha-tor.service.in.patch 305 BLAKE2B 6ed92587a7f4ba3e40837e911 AUX tor.confd 44 BLAKE2B 70df86a361c7b735283c5699e4d8d8a054a84629c749adb4dc57c196d49df4492471cb8b21dde43d668b31171ee2dfae81562a70367c72801ae60046908b022e SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660 AUX tor.initd-r8 953 BLAKE2B 7af04f23c95b7edd90bfb6989741973cb63a846ad8a34be9a07e347308523caad1a1e0255e5597bdfb818257ab6db03da0f07622707ff60c62926f91d9d7d6e8 SHA512 4b690a721311a310131041ab962c571f1898f884f55fedf91b842e5190ce58399cccf59d34b4716d5dc15df4183f994d84c7c39f8458cb5f5da870ddc2db1730 AUX torrc-r1 140 BLAKE2B 4b7e0795c09e737c5dda014c2b87811757bb8d68d581ece49f5002a2c42ee29c64899c635daf27b3465194a73ca5fd21a3a7ca655682fa5f5ffc7f4b2360b125 SHA512 6e3c481b34f2cb6f48bf87fe10565daded00415cc233332d43e18206d46eb7b32f92c55035584b5992e7a056e79e862124a573a9724f7762f76d4c4f0824de82 -DIST tor-0.3.1.10.tar.gz 6192183 BLAKE2B 4c1b57a3b19d18d735bb7362a08e4c2330350f2e31d52a8eb6d837cebc45ad6e64f3364e368f72d59bb8f51f652d4029a3e237a26efe580551811f5812e8dac4 SHA512 92af34a96bea2a99ab51d766d932da697409e404da4318ba6b3360ff0c2e9369b9afa652445a1651940f5a0502f4137141cc87cff14eba180539ea81be0c21a3 DIST tor-0.3.4.7-rc.tar.gz 6668322 BLAKE2B 863d24d04ba7919d08b3c69bca2edf3ee46af6aa074812f76067199670b17bb8538233c7631cb17e1cada4b2b4527b0db4b3b7a7b945ae7ca7a03e52685fce00 SHA512 664211ffd6adcdb325cf669fed9fb7c70b1416da3df046c35622b5104a4b63d9a3123eb40744bc070d29ff97472adf31b1aaecea5b91c07059d0cdad79569b58 DIST tor-0.3.4.8.tar.gz 6679385 BLAKE2B 9cb65442effd1cfceb34f3483a0e96de5e59e9ce1bd2241533dd8eb62e4428a6c0f9decd816dda49515fc92acd8c77e69f7d39133a67fb5053a858dc78464791 SHA512 bfedc29253cb8fdbe1864ea5992ad33184577d88ab806a249a544f3b3142a7bc1453892955df335185aff72508095fb2a2a07ac6b96c99668e5e8d593d7aea6d DIST tor-0.3.4.9.tar.gz 6695931 BLAKE2B ebfe0f49ae923e63b0bd8a7cafc453d7b0775cbfd167463b364490faf9bbf61decd28906d8f5bb08bfa9a5a10b371d9188a5019314c0de5ace15cc379347f88e SHA512 cc254a2cc2f21b4511e9cb215ba5f05fefc4dceffcf46a402efa2d3540872a4ed8e0095245df0802ea12c1367451bc16ca60c0aea6a77e2139580f3c5ba8c02f -DIST tor-0.3.5.3-alpha.tar.gz 6862572 BLAKE2B c4832828042bbecaf7c34bcb8999873cb4a5314598b2731cba02b2335c09fd8685588c52b15345821288cc94c9ab731c150b5010dee27d2dce1a15914ee31a6d SHA512 fdbbf5a69f9c0708afa4bb9e4925db4f7384997d7f497f1298d0106b76944c060c858fd061aa292310384e7b35f0ac41570cd89bb8c7e8208c832908fa3288af -EBUILD tor-0.3.1.10.ebuild 2018 BLAKE2B 5c001ed0ad1fd3f0d6a3dee6bcc53bc3590a90a5c0aa931c0e67e0cbceb000ef710fa33fe11b06fc08798c6286ffa877376ef6ebf2cbd426e7a26c94311e19c2 SHA512 65f6054ac7b50c46679d88ed1a5b556f5e3c40fe44e784e6b4de324bd317e3d118a8d0d4574ac62bcd17131412c3ad1cbdd0c27f4afd53568091ce400b171244 +DIST tor-0.3.5.4-alpha.tar.gz 6867919 BLAKE2B 0b9ecb02c4399df80a641825d955ca39c6d8712e8706db63d9946698adf77cf4af0d947077e6150da60e38a41accf6e6894bd29e54c1fc590a38fbc9003220bc SHA512 8bb6c72295fb6d92301fc59159368960d1b12c3c24cbca8620efe20121192d3307fd0e44d91c5cf69bbc27486ad31ec87db04ff732a7eef36b0b5d81898d3cda +DIST tor-0.3.5.5-alpha.tar.gz 6893528 BLAKE2B 36d3ac98cd535046110ef24f8e388481ecfac2cd01f52b8fe1f0a88e0639ee5bbf620b50b256c954f1bc37da5c99bc8bf74a29315c3def9f21e4ab845a213153 SHA512 963aeb6ecdf8c772670261a49e273a89b5a5ac4296aec445fecf42996059a1aecaadba198a495c665afab02fc55d2572f0e66a7ebfc775512d029d53c3fd6575 EBUILD tor-0.3.4.7_rc.ebuild 2232 BLAKE2B 3932f94eadda82099130eea978fcb76a88ba5b60bc62942f40b53b1e1d3d47f6ba94d056159bb6ea7d13c4f36eee7ac74b2a1ea6c60a351f38a3dc246ad0ea63 SHA512 0550f1a625ff99adf97ff4dfccc4874596a32ae6ffbc550493acd29f3f8377c7029c142c2b9c4ecc201ab72914ccb26e583b4bd0f51cf5e590155daa870c4989 EBUILD tor-0.3.4.8.ebuild 2237 BLAKE2B 2d21116f6249afbc98dc16881219fe689fec38c392e253d0b9661edf28d0fffb357c10c04fcf259368b66d0a25b7e2e558134cee404040b3bab78104985afad0 SHA512 64ed20c1dcd0486883729a8f90f89e80e9be5b499f17d3309313ea5aeaf29027ea82db0aa4ae00c107c3af123d4f1de5af003fbbee25cd188c2ea7cae398cb80 -EBUILD tor-0.3.4.9.ebuild 2203 BLAKE2B 86e026d6aae4bb772a64cffaa9ab28683befae6e8813e66b6f6a6f6582a591015296099346b3895beb7d8f76cc3c59eaef545d86260d48d6a336e26362983d2e SHA512 446bb80734d11b7858b6d6b5aa219816240a235bcbc2ac2c98a370f006d81194650dbf1df6533a7428f546eddfbbcb578e831633006f0b4884c2685cf5b69849 -EBUILD tor-0.3.5.3_alpha.ebuild 2215 BLAKE2B 33b04c74ef81f1ed3d18c84a0a5bf52db92d42037444d432f181cb36eef2b0cf056f79f642e9023758b6e2706253c122c43fe8e065e38865f555fc6d51263bc6 SHA512 bb2c831146afe5a57e4607c0cdaacc57b0b57667d514e63b31ba3d3468916b98836a96fffdf251ae41d9d52c92352174ece6c4e4eb069dafb9a677fa8fa7943f +EBUILD tor-0.3.4.9.ebuild 2202 BLAKE2B a0ae4ad979a126c4f78b4f32b7749ac425a0a51d32dbb54508973a91295074132f53935dec0840cf46a19f88eeea9f780bd65b9fd56ff65e112a642f1cd7e02c SHA512 b747e90b10303417487e3314141f26bfa8aafe12fa37b8c4c705932880d8b9620938f02c754365fdb39d78b9b322985f3bdb8b73a25ed3bf0c5193dbff5f8482 +EBUILD tor-0.3.5.4_alpha.ebuild 2181 BLAKE2B e65939c84bf205ea13500ee921724db11064a4aade605a9a6fd71ff4294927bceac1d2148eb77821a678c369318f6ce03666ec5b503aabaf87108dc8fd01704b SHA512 4a1e55cc587658858d4156181336a3962904a1ee5f89e8e31dec37eacf6d9217f604c5221c05d756213c5e31fa34957c452bdce8993379558b21045a45e1d61c +EBUILD tor-0.3.5.5_alpha.ebuild 2181 BLAKE2B e65939c84bf205ea13500ee921724db11064a4aade605a9a6fd71ff4294927bceac1d2148eb77821a678c369318f6ce03666ec5b503aabaf87108dc8fd01704b SHA512 4a1e55cc587658858d4156181336a3962904a1ee5f89e8e31dec37eacf6d9217f604c5221c05d756213c5e31fa34957c452bdce8993379558b21045a45e1d61c MISC metadata.xml 594 BLAKE2B 006e1ebc9876f83cb7cc3dcb7cea9ff0dfc763e9eb47c025e38b7588e1e4fef7c26ab130c61cdd3200b8d3d9be886b3aab377585972be178c93b758aff48c4c3 SHA512 011f77654a507d13c0542e6983df8ec86c5f2cff7cd1408f99c9d4da9d00ffb4b432317b2fd21500e62131e6f7c9bc60235cf55f2b8082391b9fe3bcf924ab2b diff --git a/net-vpn/tor/tor-0.3.4.9.ebuild b/net-vpn/tor/tor-0.3.4.9.ebuild index 3e64c44d21ed..b411030684bd 100644 --- a/net-vpn/tor/tor-0.3.4.9.ebuild +++ b/net-vpn/tor/tor-0.3.4.9.ebuild @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_PF}" LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 x86 ~ppc-macos" IUSE="caps libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd" DEPEND=" diff --git a/net-vpn/tor/tor-0.3.5.3_alpha.ebuild b/net-vpn/tor/tor-0.3.5.4_alpha.ebuild index eec218e6109b..c6f1f5f1020a 100644 --- a/net-vpn/tor/tor-0.3.5.3_alpha.ebuild +++ b/net-vpn/tor/tor-0.3.5.4_alpha.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="6" +EAPI="7" -inherit flag-o-matic readme.gentoo-r1 systemd versionator user +inherit flag-o-matic readme.gentoo-r1 systemd user -MY_PV="$(replace_version_separator 4 -)" +MY_PV="$(ver_rs 4 -)" MY_PF="${PN}-${MY_PV}" DESCRIPTION="Anonymizing overlay network for TCP" HOMEPAGE="http://www.torproject.org/" diff --git a/net-vpn/tor/tor-0.3.1.10.ebuild b/net-vpn/tor/tor-0.3.5.5_alpha.ebuild index eda70f132ce5..c6f1f5f1020a 100644 --- a/net-vpn/tor/tor-0.3.1.10.ebuild +++ b/net-vpn/tor/tor-0.3.5.5_alpha.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="6" +EAPI="7" -inherit flag-o-matic readme.gentoo-r1 systemd versionator user +inherit flag-o-matic readme.gentoo-r1 systemd user -MY_PV="$(replace_version_separator 4 -)" +MY_PV="$(ver_rs 4 -)" MY_PF="${PN}-${MY_PV}" DESCRIPTION="Anonymizing overlay network for TCP" HOMEPAGE="http://www.torproject.org/" @@ -15,14 +15,14 @@ S="${WORKDIR}/${MY_PF}" LICENSE="BSD GPL-2" SLOT="0" -# We need to keyword app-arch/zstd -KEYWORDS="amd64 arm ~mips ppc ppc64 x86 ~ppc-macos" -IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +IUSE="caps libressl lzma scrypt seccomp selinux systemd tor-hardening test zstd" DEPEND=" app-text/asciidoc dev-libs/libevent[ssl] sys-libs/zlib + caps? ( sys-libs/libcap ) !libressl? ( dev-libs/openssl:0=[-bindist] ) libressl? ( dev-libs/libressl:0= ) lzma? ( app-arch/xz-utils ) @@ -35,6 +35,7 @@ RDEPEND="${DEPEND} PATCHES=( "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch + "${FILESDIR}"/${PN}-0.3.3.2-alpha-tor.service.in.patch ) DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) @@ -45,19 +46,24 @@ pkg_setup() { } src_configure() { + export ac_cv_lib_cap_cap_init=$(usex caps) econf \ --localstatedir="${EPREFIX}/var" \ --enable-system-torrc \ --enable-asciidoc \ + --disable-android \ --disable-libfuzzer \ + --disable-module-dirauth \ + --enable-pic \ --disable-rust \ + --disable-restart-debugging \ + --disable-zstd-advanced-apis \ $(use_enable lzma) \ $(use_enable scrypt libscrypt) \ $(use_enable seccomp) \ $(use_enable systemd) \ $(use_enable tor-hardening gcc-hardening) \ $(use_enable tor-hardening linker-hardening) \ - $(use_enable web tor2web-mode) \ $(use_enable test unittests) \ $(use_enable test coverage) \ $(use_enable zstd) diff --git a/net-vpn/vpnc/Manifest b/net-vpn/vpnc/Manifest index 9e25f94f44fc..ab52550864e5 100644 --- a/net-vpn/vpnc/Manifest +++ b/net-vpn/vpnc/Manifest @@ -3,5 +3,5 @@ AUX vpnc-tmpfiles.conf 29 BLAKE2B cc5cf7d24be2117a95c339667771121df32d813680a32c AUX vpnc.confd 123 BLAKE2B 313d5999586f56b3b88f8473d1f6f07e69994c620ddf3d8cfb9e263fc27c60500a3e6da59f1e905611aec39a62dfcc3c4b746a580a8a106fc6be9384d716955d SHA512 1254f687dcd9822becfcccabbb34d8343d715d70247dbf4b5e018835fff24b33f5272368f77199d697c8d11d913182b1f756d5e08a46b2057849779f09b19633 AUX vpnc.service 517 BLAKE2B 3fa2eaeea6a28fdf8826d936e1fe93dccade383411df395d69971312c9e062299af8b9f7514875a79a7d4e916efa4b4cf83ab0fb29eedbf52da31af3bc0fff63 SHA512 d580ad4fadbe6ea733f42eda53516e1766ba028f610653c62ba211d4a9ee05a6bf1d8676405a7a3ffede3432d75f9c4dcc72d1fab2a9215150f41a74269850c5 DIST vpnc-0.5.3_p550.tar.xz 101860 BLAKE2B 9800ab0704108cd70450dcfe314eba7c09ca1bb329fa6b9f2946dbb6ee6407e5f6bc3d17d8be782e9103d94a12895777125acdad070f39ea1b96a946ba7d2302 SHA512 95150c743c61a962c36591bb874c77f2c28f341c0a1290dba4e878a460d22d762dd88f7cfc0aa9d17ace71a8b826d9fd13554c23b5123dee6009e9fffcd2de55 -EBUILD vpnc-0.5.3_p550.ebuild 2210 BLAKE2B 3e67d670fd25d11b9e6ac82334cd07d024742f775dca2279fcd303491d29b1d757a95916fc4bd05dc8b357557be934332aa2eeda2af52710683e0057a3841e15 SHA512 55526b17c362ca72dbc87abccf4347e1dcb051a1dd4ff4c6c3b046e6149bbf608b0e38abe7ce25100176b70bf33c476b741b82a202cbc0ab1bce1488a8c69a2a +EBUILD vpnc-0.5.3_p550.ebuild 2207 BLAKE2B 44b6d215c5f84b5a8169271947848cc3774667d49db53d3ab0808f22f78445632effdf759fac5ec0e4e0e5135ec906ebc77918149e4f94b0afff5545200416ea SHA512 601b4af1fea80cd07af4f866498ab448976614a59e9706b7341f53f2f6b2c69322637499efe0a60df26b827eaca45ef901fbb42fcff1ae96407b4aa73f8fb102 MISC metadata.xml 619 BLAKE2B 4220231734bec7412dee8240013773a3bbd3025b9b715747e41a7a0be63b6727b6b9ae7bd2459d93ebc8743e094498543abbfff9a3013e0d62c5f55e68f29d08 SHA512 42ea3785e2491f38f726d54e7e02fce1722eea39899175c873c138ee7d4aa23a9366678a88f044851a45b4ecc394738bfa44e5bb3850dd1fdb2c9780ae929432 diff --git a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild index b3b6de8c2872..34d8bd70511f 100644 --- a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild +++ b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -21,7 +21,7 @@ DEPEND=" gnutls? ( net-libs/gnutls ) !gnutls? ( dev-libs/openssl:0= )" RDEPEND="${DEPEND} - resolvconf? ( net-dns/openresolv ) + resolvconf? ( virtual/resolvconf ) selinux? ( sec-policy/selinux-vpn ) " diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest index 551e35cf10b5..608c55c89d4d 100644 --- a/net-vpn/wireguard/Manifest +++ b/net-vpn/wireguard/Manifest @@ -1,4 +1,4 @@ -DIST WireGuard-0.0.20181018.tar.xz 299432 BLAKE2B 05869b7a421761581445b8e383119a893d65ec9ff7b53551bede6022ee7609e9bc2c8081392ac5eba382ae817a281390f1fcfb35cd7c9a8b32794eb25878e541 SHA512 ab9f42bdae1b12a95faaf51d5b9e17a8635c67386feefaaa40e0395d78c3258b9afa8a1d2f64010fac4867fa0d229a4ed850fab8a24678d6c8aa2ab6e30ae1b3 -EBUILD wireguard-0.0.20181018.ebuild 5142 BLAKE2B 9741b00e97a85fe032de77fe709e403b0ab26c2a7a722eb2b84fe02b73070271f4b6a9e0703e5b2cbdb1918e88a7e7b810f686af80dc8b59f5285a7cc68bbcfd SHA512 e6755ac3095ab7e059ae036f7548ed25ce933e5f5170852993574f60a3ce73667592a8b31a8cae26f95190825395b86ad40542e4833bc3fb3b2b712b9caecafe +DIST WireGuard-0.0.20181115.tar.xz 329932 BLAKE2B 5f0b73982e9befdf768607110cc743d3d8ec6bad6467dfae6e5b6d2974b74db78d9ee6ed2518cf04ecc86fb6f92e1dd55ed12d2e68a7f9201779492f170d4da4 SHA512 622de8d9274e3689debabf122e4569ae7d747f625ff5161779006b3c583b08b7b3a270aba1abf3d56c4390f809aacbf70bed6964b476f5ac72fb2f51923f3b3d +EBUILD wireguard-0.0.20181115.ebuild 5142 BLAKE2B 9741b00e97a85fe032de77fe709e403b0ab26c2a7a722eb2b84fe02b73070271f4b6a9e0703e5b2cbdb1918e88a7e7b810f686af80dc8b59f5285a7cc68bbcfd SHA512 e6755ac3095ab7e059ae036f7548ed25ce933e5f5170852993574f60a3ce73667592a8b31a8cae26f95190825395b86ad40542e4833bc3fb3b2b712b9caecafe EBUILD wireguard-9999.ebuild 4720 BLAKE2B 4de715d72ccd551ee68eeab051ff9905323fe57d475e6c17ad39542c3c50416d0ff6cfa27c994afe1edf6277bdbd6bab9b3351d74cfcae5921f24c2c93f0cb36 SHA512 e71251e953b6046149d69b1168af47e20ae705c3822f8c80542388571e8677ddfe299eb46808ec462c8a13764fc939eafe7f51dcfa0d7e3aca7c6e153ba14c7b MISC metadata.xml 765 BLAKE2B 4b3a03aea5271da19dddddfc4f7fa180c4b3b846bbe434786c3b3e7bbfb51424cf3be55877cf6b2af60559a456978946ed68354600e43fbb461d2000bd655b70 SHA512 794ffdecbc09f27080cade3a5753e0d1e9021edb400282ee6db7099d4583ab4d4ed28a343e2b8c2227ab39b8bc4182938d6c82ae4a4f7e9980f21348d8d8c805 diff --git a/net-vpn/wireguard/wireguard-0.0.20181018.ebuild b/net-vpn/wireguard/wireguard-0.0.20181115.ebuild index 035320b20fd3..035320b20fd3 100644 --- a/net-vpn/wireguard/wireguard-0.0.20181018.ebuild +++ b/net-vpn/wireguard/wireguard-0.0.20181115.ebuild |