summaryrefslogtreecommitdiff
path: root/net-vpn
diff options
context:
space:
mode:
Diffstat (limited to 'net-vpn')
-rw-r--r--net-vpn/Manifest.gzbin4532 -> 4532 bytes
-rw-r--r--net-vpn/i2pd/Manifest2
-rw-r--r--net-vpn/i2pd/i2pd-2.22.0.ebuild120
-rw-r--r--net-vpn/libreswan/Manifest7
-rw-r--r--net-vpn/libreswan/libreswan-3.22.ebuild112
-rw-r--r--net-vpn/libreswan/libreswan-3.27-r1.ebuild (renamed from net-vpn/libreswan/libreswan-3.26.ebuild)12
-rw-r--r--net-vpn/libreswan/libreswan-3.27.ebuild2
-rw-r--r--net-vpn/strongswan/Manifest8
-rw-r--r--net-vpn/strongswan/strongswan-5.6.0-r1.ebuild303
-rw-r--r--net-vpn/strongswan/strongswan-5.6.2.ebuild303
-rw-r--r--net-vpn/strongswan/strongswan-5.6.3.ebuild303
-rw-r--r--net-vpn/strongswan/strongswan-5.7.1.ebuild2
-rw-r--r--net-vpn/tor/Manifest10
-rw-r--r--net-vpn/tor/tor-0.3.4.9.ebuild2
-rw-r--r--net-vpn/tor/tor-0.3.5.4_alpha.ebuild (renamed from net-vpn/tor/tor-0.3.5.3_alpha.ebuild)8
-rw-r--r--net-vpn/tor/tor-0.3.5.5_alpha.ebuild (renamed from net-vpn/tor/tor-0.3.1.10.ebuild)22
-rw-r--r--net-vpn/vpnc/Manifest2
-rw-r--r--net-vpn/vpnc/vpnc-0.5.3_p550.ebuild4
-rw-r--r--net-vpn/wireguard/Manifest4
-rw-r--r--net-vpn/wireguard/wireguard-0.0.20181115.ebuild (renamed from net-vpn/wireguard/wireguard-0.0.20181018.ebuild)0
20 files changed, 161 insertions, 1065 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz
index 1a3e75715dbf..70c3549aaa86 100644
--- a/net-vpn/Manifest.gz
+++ b/net-vpn/Manifest.gz
Binary files differ
diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest
index 9d604c789e95..d1f7578be410 100644
--- a/net-vpn/i2pd/Manifest
+++ b/net-vpn/i2pd/Manifest
@@ -8,8 +8,10 @@ DIST i2pd-2.19.0.tar.gz 1982459 BLAKE2B b05f7a3018091e9c0008ca7037e44b6f5a4416be
DIST i2pd-2.20.0.tar.gz 1991174 BLAKE2B 37b85dc37299cd6d2f64050eb096ecc11d75ccdcdba845f34c908e6467cbcb9fa7cea9243415bafd7c9167f5e8ea06c8729bcb885e78f45e37680f8001b69237 SHA512 affade889d32fdf20fc0bc4c7bb809fb511794421a80a93334707e26c72eecc83715d756d79ce7924d43ef44dc9f655925de860b5b392b6c4fe815eb873c1864
DIST i2pd-2.21.0.tar.gz 1993520 BLAKE2B 616f4938d547e6a5d27292bec1741fa28131c37ad12b0f7c564e24ff0fd3b0a01974989ac6f337cd58cc1a618980fd171692c0164d22c3e97080540318e5df89 SHA512 a9c2f4bb1ec6459e7f8f48b74a48dd192af0962876fc6dcf998febe342918f98a21ae421cf48402d5e0c4570641eb3112d85522230dad34cabe6c4f367d6d8ab
DIST i2pd-2.21.1.tar.gz 1993853 BLAKE2B 8686acf12464f892cb116ba6c14b67fc56af45315feec25b4c165c7b38238f48b7e1ca227f8b2b53dabcb4d9f46555e1528f4f11e675fbfc63aa3fad062280b6 SHA512 e73c0c1f624b468a4a30996de77b27f5a2166d16b57724ec58647e5630f9e988052b11962fa47f318403ccd4c675a8d7c8b0ddcaa79666cea9743a6437fc4fd2
+DIST i2pd-2.22.0.tar.gz 2263033 BLAKE2B b8b7fa0a1fc4e333824eed8c6bd5fbfe40b83b7a0dbf5db8001144ca1b672c6e33996ad5218ef53cca15e56738fd8447f1c10a90c109d86a2364ef7646cc1377 SHA512 da8187a5d68bf09962419da91eeeb12534eaa2b519139784afb5faf6f1c40e7b344181f987461614d0f7b6563d0a872c8180ecc8a122ed08688130de3d13b0e8
EBUILD i2pd-2.19.0.ebuild 3100 BLAKE2B 27284f8510bfdf37c3d576fa1f4718134d5f948ee1f614272ae86b94cb2f68acb3f9ad59898f8a2b94280c3aa40e1f4c9410dd20d4ebd02e379099fbbad9db52 SHA512 809418d598459849a6d42322b1fa749f5eabcef3f0f3731ce44d74d5744716b5f3fdf979b1288f88b7667fe4e5aea5c83e73bdf5ff769e22b4d3dfb68306cbf6
EBUILD i2pd-2.20.0.ebuild 3166 BLAKE2B 5a62ee83bd80beca39b265a8a6806c733d047066d204afe101ded329795b4f053af6dd13e93914bb22ab307729eda6ed72073a6cd0bd5699ed6f350b4ae136cf SHA512 24098b0bf0e114bbcda5eaa821906f7b7c4387b4202220526bf177c109979f6a0b65d0449a7e13bcc2d134a90cf9e8ca0fc2cd7db04620e1ad5a3115de36a017
EBUILD i2pd-2.21.0.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3
EBUILD i2pd-2.21.1.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3
+EBUILD i2pd-2.22.0.ebuild 3140 BLAKE2B 62e6f83535bb2067918b2a331b62a69a4b0138bde9e59abb6270759aa3d1fef08574ef5d02765bafb9bc9beaa3600ab82aa3acc134f97c245f494d585cd52107 SHA512 ed9c1091fe233788a5e73d9e5afe194e57cd3801cb2c71054ad3ad14f68d9b880163e75eb7d94512a7022303f92471bf444076c0e20e2ae6f54b1d6e5f56a8e3
MISC metadata.xml 742 BLAKE2B 81ae213b17776466f9d33a4798bff20494ab8c09872d1a65fcb0ab4d05cbf2a0858c1c7538a205bbefa491a21d0b3deb613a362d7e5493e5c6ac074b1dacbe53 SHA512 ca6b5eea5aeb685632ed742144cf8a3fc19e7b0b1c213ea6fdf62a07a4f7727e8f001189e09daa201563bfbb79539cee0050c739a23320baa4b4d95a4279b553
diff --git a/net-vpn/i2pd/i2pd-2.22.0.ebuild b/net-vpn/i2pd/i2pd-2.22.0.ebuild
new file mode 100644
index 000000000000..9b28206e7582
--- /dev/null
+++ b/net-vpn/i2pd/i2pd-2.22.0.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit systemd user cmake-utils eapi7-ver toolchain-funcs
+
+DESCRIPTION="A C++ daemon for accessing the I2P anonymous network"
+HOMEPAGE="https://github.com/PurpleI2P/i2pd"
+SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening libressl static +upnp websocket"
+
+# if using libressl, require >=boost-1.65, see #597798
+RDEPEND="
+ !static? (
+ dev-libs/boost[threads]
+ !libressl? ( dev-libs/openssl:0[-bindist] )
+ libressl? (
+ dev-libs/libressl:0
+ >=dev-libs/boost-1.65
+ )
+ upnp? ( net-libs/miniupnpc )
+ )"
+DEPEND="${RDEPEND}
+ static? (
+ dev-libs/boost[static-libs,threads]
+ !libressl? ( dev-libs/openssl:0[static-libs] )
+ libressl? (
+ dev-libs/libressl:0[static-libs]
+ >=dev-libs/boost-1.65
+ )
+ sys-libs/zlib[static-libs]
+ upnp? ( net-libs/miniupnpc[static-libs] )
+ )
+ websocket? ( dev-cpp/websocketpp )"
+
+I2PD_USER=i2pd
+I2PD_GROUP=i2pd
+
+CMAKE_USE_DIR="${S}/build"
+
+DOCS=( README.md contrib/i2pd.conf contrib/tunnels.conf )
+
+PATCHES=( "${FILESDIR}/${PN}-2.14.0-fix_installed_components.patch" )
+
+pkg_pretend() {
+ if tc-is-gcc && ! ver_test "$(gcc-version)" -ge "4.7"; then
+ die "At least gcc 4.7 is required"
+ fi
+ if use i2p-hardening && ! tc-is-gcc; then
+ die "i2p-hardening requires gcc"
+ fi
+}
+
+src_configure() {
+ mycmakeargs=(
+ -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF)
+ -DWITH_AVX=$(usex cpu_flags_x86_avx ON OFF)
+ -DWITH_HARDENING=$(usex i2p-hardening ON OFF)
+ -DWITH_PCH=OFF
+ -DWITH_STATIC=$(usex static ON OFF)
+ -DWITH_UPNP=$(usex upnp ON OFF)
+ -DWITH_WEBSOCKETS=$(usex websocket ON OFF)
+ -DWITH_LIBRARY=ON
+ -DWITH_BINARY=ON
+ )
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ # config
+ insinto /etc/i2pd
+ doins contrib/i2pd.conf
+ doins contrib/tunnels.conf
+
+ # grant i2pd group read and write access to config files
+ fowners "root:${I2PD_GROUP}" \
+ /etc/i2pd/i2pd.conf \
+ /etc/i2pd/tunnels.conf
+ fperms 660 \
+ /etc/i2pd/i2pd.conf \
+ /etc/i2pd/tunnels.conf
+
+ # working directory
+ keepdir /var/lib/i2pd
+ insinto /var/lib/i2pd
+ doins -r contrib/certificates
+ fowners "${I2PD_USER}:${I2PD_GROUP}" /var/lib/i2pd/
+ fperms 700 /var/lib/i2pd/
+
+ # add /var/lib/i2pd/certificates to CONFIG_PROTECT
+ doenvd "${FILESDIR}/99i2pd"
+
+ # openrc and systemd daemon routines
+ newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd
+ newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd
+ systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/i2pd-2.6.0-r3.logrotate" i2pd
+}
+
+pkg_setup() {
+ enewgroup "${I2PD_GROUP}"
+ enewuser "${I2PD_USER}" -1 -1 /var/lib/run/i2pd "${I2PD_GROUP}"
+}
+
+pkg_postinst() {
+ if [[ -f ${EROOT%/}/etc/i2pd/subscriptions.txt ]]; then
+ ewarn
+ ewarn "Configuration of the subscriptions has been moved from"
+ ewarn "subscriptions.txt to i2pd.conf. We recommend updating"
+ ewarn "i2pd.conf accordingly and deleting subscriptions.txt."
+ fi
+}
diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest
index 9ba80e26a9e2..3fbe8034c117 100644
--- a/net-vpn/libreswan/Manifest
+++ b/net-vpn/libreswan/Manifest
@@ -2,12 +2,9 @@ AUX libreswan-3.23-modern-kernels.patch 525 BLAKE2B 5c1353932dddd0febf60ae0b8c03
AUX libreswan-3.25-no-curl.patch 706 BLAKE2B 2d1f74b6b1d65f2e3ddad8646e2e5ea8a4aa98b4eee617521255c7bec35f53f1cde6254cd82f731e6ad5701f16cceaba907653e1c490ef97b2648f9d066e0328 SHA512 e03b17bc647f0d817cacfee2c96c37c50615d8ad53fdfb0be7095bf79fe3317d66092f006aeaf1ea4d67841ccdba29ab4a6e1ce181459b41d16dedcee5cb73d3
AUX libreswan-3.26-nss-link.patch 719 BLAKE2B 80a98e3e4b4773245ebdb005535603879df9b54ed7f8cec8864059af0fed51379c6311f1f7f52a99467e989a9f56c6d80b8919f2e72ade32fab52d9dd241b861 SHA512 1b55612b634fdd48829854e0c7a4eba5b19080dc75d1f5b8e1c59c4988bd45cb043ef6669172bf0d8dd4ba914fd924d47ff3bb5712cde4c09fea5141933e01b3
AUX libreswan-3.26-nss.patch 853 BLAKE2B 487afd48208223030aa5a4fc434f1bc5d817d9ed78392399ef98db09f22a2d975510134a9ae55875b7e15c0fef221393d6648fb00cd208b4aab140aa0c142318 SHA512 118609fd2ed7e9c35333106b6896ce3a9c463cd3dda7f0bce31e2cccf91f88080f34ec39f8f3b5f3453eedea520f2e1b031b6771502d8c74831e20883a162d6e
-DIST libreswan-3.22.tar.gz 6910418 BLAKE2B c06134fa2d1096231797f1ea93de8ed61121472b10ae30ee9a843250dce4ef9f21e7d3bf63f38daf53fbfd8d1e435cfdc704743d0fdcbde8ecac137d9becac48 SHA512 93868327394527750590e1297443d3eb1c9a528d680348098fd2913123dac52c9fecd73b855ee00586c2516b8aa00f7f0d158d8e9b19d7487b5fb26432b86aff
DIST libreswan-3.25.tar.gz 3988630 BLAKE2B 8479b5b0d7d49055b7dcefa6c3b2f469b0aa60005e05446d5c1c6f73a32c904835422248c6ead2a1c2dc83b63794fd50f7461fd22c4206414b5890c01b99b722 SHA512 246649cb5bef1d0690217d1080f3f6f175a0d7a5f27e5a7affdf291b2f418a11937e96b64716a33e6312530409a2c1b10b90e2fa5ec339a27c94c990d86ed517
-DIST libreswan-3.26.tar.gz 3706205 BLAKE2B e54e6d3a0163f0b6812c53400e7f57e01319d7cf64a5d9e84d5002bbab24d5de1b6461c6bba02d60630017a50c23ecb1a095f3da1a36a4e6fc64e90cf08fd798 SHA512 10965a23197ef5d21a66dc0838066ceb620b2653f64471553284e0043fbc993584e497742b498e0be410427aeed3d8ce5bfdc6dfab59b8a1a1ba9a363473c4a4
DIST libreswan-3.27.tar.gz 3720103 BLAKE2B 51ee792cd3fb8330a9cfee0b1a27e48c9a8c8fd3346e8c06fe0a911c813c400ef62d68b1d06bb849695aad5f4d5a496dc444b2543aa9ffbc59d373081c0b85e5 SHA512 b92ecfd08b9d19dc801032176eff3dd07f625223d4f0dd07ff10f639644573430a55f7aebfcc8b9d2424e194ca9d06b17ad5a13dad5dc6f659d19bc5d32520f5
-EBUILD libreswan-3.22.ebuild 2814 BLAKE2B 566683ee612fd84a0fe4cf49cd90bb2c8f67e9aa151461c0c0e68a9179ce5741203764ac520f9f434d8f02d0a30129d3e39059329ca5f991bed74437be4c117a SHA512 e337d3895fd3fe3a803b7e137407dff4ee5e6c4e9928c157715c1f87a6c877f2be4498d884254379c03d63b95f75e71df01a2d839535bb75bcbee7c770956654
EBUILD libreswan-3.25.ebuild 2856 BLAKE2B 0e2573d71d4f96d6cf271e6d71ad7efffd336877ede43f5ed2f7e35103d8cd67194df195c7bab7d9be513c2ee85c869af8778a8f9fefaf2087e0114b4d052a90 SHA512 be841c666376e6b410b9bd5f15d84c23f3bfa5848ea382b29108ce104cdb22627af145bdaa9b5d5447560705859cc5726643562a109b8b9d126967251c8e0db8
-EBUILD libreswan-3.26.ebuild 2896 BLAKE2B 6887a7656d51395835ad41605b4ed9e9d915e0996cc2c6612a48abdc4c7a6071f3de69089bbc96212c39bcfba8076e2d857042aef1c7d172a0b29a06eb4afbe5 SHA512 cd803735a9b396205ba3e382befbd63b40cf7e8532de299ee8a1736208b7c2ca079fa4e083b272115fb53ecd8e1194003675110a50dc9313b4f06b45a101d844
-EBUILD libreswan-3.27.ebuild 2813 BLAKE2B 23c1d768e88dd76262c0dacdd412d5ce2565c86dfe9a216a44defea8e16430e9659fe695123e9e12255e71b769c82c2abd45654e8fa39466f495fb582af67fc2 SHA512 ad9325ee407f85a0ebf0bbe740b8c36c3c0078bdf9023ca6ec03b5e430ca0b3d4eee3ff590ee76b0c8729e7923e95966ae3ae44bfca543a7741e1efd1bace956
+EBUILD libreswan-3.27-r1.ebuild 2939 BLAKE2B bbceef07aaefbf8323a2342bf8479ae47ef9824581095d065a5d61ffc9e3c6434f8217b88221c421f2d1f377cf8f50c3e31661b7627abbc81a51ad7e2fc9a759 SHA512 6de7bbf1962589cfd1b4cdb4d9b3db2fec2d997a5e7c46dbfd35330521a3c42915adf36a6214736da5173f851fd3f659f89d23782a197d72a5d33be29e42b093
+EBUILD libreswan-3.27.ebuild 2811 BLAKE2B 04ac4dc887783fcadd8aaa444ec59c71b9221b4f968d6ab13305866d26f5025208c806307b63874607de8617ad64e69fce54b7a08d3e958b20e5331531048f94 SHA512 e3b7a8b50f17f426cdab73fc237ef555e8d0d89d06546a60d0c38d01001620e9b03ec4e8e933aa587561019057aa71ee80250b8c3ae6aac502a93e5c6a5cd77b
MISC metadata.xml 319 BLAKE2B 6bae0756e29efeb1cf77d60f7e38fe62ffa5f24c3745e07900e6ef5f65194c50f6a479d97fdcc24804ccdcfefd9707b12f08dffe613fcf798afc421826de36e4 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865
diff --git a/net-vpn/libreswan/libreswan-3.22.ebuild b/net-vpn/libreswan/libreswan-3.22.ebuild
deleted file mode 100644
index 5b4e7f960e6e..000000000000
--- a/net-vpn/libreswan/libreswan-3.22.ebuild
+++ /dev/null
@@ -1,112 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit systemd toolchain-funcs
-
-SRC_URI="https://download.libreswan.org/${P}.tar.gz"
-KEYWORDS="amd64 ~ppc x86"
-
-DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
-HOMEPAGE="https://libreswan.org/"
-
-LICENSE="GPL-2 BSD-4 RSA DES"
-SLOT="0"
-IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
-
-COMMON_DEPEND="
- dev-libs/gmp:0=
- dev-libs/libevent:0=
- dev-libs/nspr
- caps? ( sys-libs/libcap-ng )
- curl? ( net-misc/curl )
- dnssec? ( net-dns/unbound:= net-libs/ldns )
- ldap? ( net-nds/openldap )
- pam? ( sys-libs/pam )
- seccomp? ( sys-libs/libseccomp )
- selinux? ( sys-libs/libselinux )
- systemd? ( sys-apps/systemd:0= )
-"
-DEPEND="${COMMON_DEPEND}
- app-text/docbook-xml-dtd:4.1.2
- app-text/xmlto
- dev-libs/nss
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- test? ( dev-python/setproctitle )
-"
-RDEPEND="${COMMON_DEPEND}
- dev-libs/nss[utils(+)]
- sys-apps/iproute2
- !net-misc/openswan
- !net-vpn/strongswan
- selinux? ( sec-policy/selinux-ipsec )
-"
-
-usetf() {
- usex "$1" true false
-}
-
-src_prepare() {
- sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
- sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
- default
-}
-
-src_configure() {
- tc-export AR CC
- export INC_USRLOCAL=/usr
- export INC_MANDIR=share/man
- export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
- export FINALDOCDIR=/usr/share/doc/${PF}/html
- export INITSYSTEM=openrc
- export INC_RCDIRS=
- export INC_RCDEFAULT=/etc/init.d
- export USERCOMPILE=
- export USERLINK=
- export USE_DNSSEC=$(usetf dnssec)
- export USE_LABELED_IPSEC=$(usetf selinux)
- export USE_LIBCAP_NG=$(usetf caps)
- export USE_LIBCURL=$(usetf curl)
- export USE_LINUX_AUDIT=$(usetf selinux)
- export USE_LDAP=$(usetf ldap)
- export USE_SECCOMP=$(usetf seccomp)
- export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
- export SD_WATCHDOGSEC=$(usex systemd 200 0)
- export USE_XAUTHPAM=$(usetf pam)
- export DEBUG_CFLAGS=
- export OPTIMIZE_CFLAGS=
- export WERROR_CFLAGS=
-}
-
-src_compile() {
- emake all
- emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all
-}
-
-src_test() {
- : # integration tests only that require set of kvms to be set up
-}
-
-src_install() {
- default
- emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install
-
- echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
- fperms 0600 /etc/ipsec.secrets
-
- dodoc -r docs
-
- find "${D}" -type d -empty -delete || die
-}
-
-pkg_postinst() {
- local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d
- if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then
- ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"
- certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)
- eend $?
- fi
-}
diff --git a/net-vpn/libreswan/libreswan-3.26.ebuild b/net-vpn/libreswan/libreswan-3.27-r1.ebuild
index 7c3de3ac0b86..aa0e463073df 100644
--- a/net-vpn/libreswan/libreswan-3.26.ebuild
+++ b/net-vpn/libreswan/libreswan-3.27-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -50,9 +50,6 @@ usetf() {
}
src_prepare() {
- eapply "${FILESDIR}/${P}-nss.patch"
- eapply "${FILESDIR}/${P}-nss-link.patch"
-
sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
default
@@ -107,9 +104,10 @@ src_install() {
pkg_postinst() {
local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d
- if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then
- ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"
- certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)
+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
+ certutil -N -d "${IPSEC_CONFDIR}" --empty-password
eend $?
+ einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
fi
}
diff --git a/net-vpn/libreswan/libreswan-3.27.ebuild b/net-vpn/libreswan/libreswan-3.27.ebuild
index 736e805196d8..7d8d9507ce45 100644
--- a/net-vpn/libreswan/libreswan-3.27.ebuild
+++ b/net-vpn/libreswan/libreswan-3.27.ebuild
@@ -6,7 +6,7 @@ EAPI=6
inherit systemd toolchain-funcs
SRC_URI="https://download.libreswan.org/${P}.tar.gz"
-KEYWORDS="~amd64 ~ppc ~x86"
+KEYWORDS="amd64 ~ppc x86"
DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
HOMEPAGE="https://libreswan.org/"
diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest
index c89a1d587ad4..f2fcf9d1e77d 100644
--- a/net-vpn/strongswan/Manifest
+++ b/net-vpn/strongswan/Manifest
@@ -1,10 +1,4 @@
AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c
-DIST strongswan-5.6.0.tar.bz2 4850722 BLAKE2B edb9f2b277cd8bccf886a824e4b3fb3c06af7510d9e21283fcb8d8ba9cf234f38182fcd1ca0c350b4039945ab10888406986d9a0b8edac24fe09faf0b8967fb2 SHA512 9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649
-DIST strongswan-5.6.2.tar.bz2 4977859 BLAKE2B 83943ec95e6b95724e9fc130a09f7c7364147d0ce50528ac8b64452db53516b143e92c7dcb746c0c25aaac9182dda14d55e5c267fbdcd5bb9a63cbf48801274b SHA512 cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52
-DIST strongswan-5.6.3.tar.bz2 4961579 BLAKE2B 177d9ca9a730c8ccb3293c9f1c1397429879177aef60c90a3561fffed64cd4fe18cdf1c74bd52956c576e061ce33935b7dc34864576edeac7d4824841b0ee3e0 SHA512 080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078141232ac62abfacef892c493f6824948b3165d54d72b4e436ed564fd2609
DIST strongswan-5.7.1.tar.bz2 4967533 BLAKE2B e438d1b44a997eb0e012586b18604bd35ac6f53cce1c34ff89192a760bbd0d6a9aaa7b90b389ff1a5e7c6d2356ff5cc74b40daad1d6579fa5026f4878489bf66 SHA512 43102814434bee7c27a5956be59099cc4ffb9bb5b0d6382ce4c6a80d1d82ed6639f698f5f5544b9ca563554a344638c953525b0e2d39bc6b71b19055c80e07fc
-EBUILD strongswan-5.6.0-r1.ebuild 9316 BLAKE2B de030a9ae26d83c6f2aa2bdfadf3c6f29acebaa53b4e3b88389398c0ec8552f9107828afa0a5639471885e83cdf5b982373e9975ecb2567fb79adf3f3b9c6f7a SHA512 d2e6b7a8ce68033203d854429234e5a4600501d3d17db4b3f0b2e7f6c428aac5acbd74b48a88583464a5936467e180f126f269b5b046ebac047c547fa791222e
-EBUILD strongswan-5.6.2.ebuild 9320 BLAKE2B 3d760c087b443d75046c6db3e6dc079d401592588308379716781e25d5310844ec10464ba7791381fa7a6009a8af9217b6f64b442322320fb7cdd2b51ef87c3a SHA512 398534ef23686b54751f238c45a81d53990076eb3e7ff6c4591d5ddaadfb83808c0ad58d0ed46b467562f3c72693a414f4ad9645f51e9129758fcf8d255df8d9
-EBUILD strongswan-5.6.3.ebuild 9420 BLAKE2B b05e471c1a11f2a258a3f062c26a80a8a8426f798f09604c78926b2475ea63fc496da910286d94c1989330c7930680efc3cea8a0b97d484532d7e2acb79cbabb SHA512 6f2af391b174d5466e0d315a78884ea642aab521c3ddf1265acbdf28e802eb4c57695ecd612a6ea7f285e7e4245f2498d567079e949373d59db0979b3c54445e
-EBUILD strongswan-5.7.1.ebuild 9427 BLAKE2B 719516ab5dd2ad2ab90a644ba4bd86507bb0d388e229d247b4cf83e9d99e8610f595d7a8236f7d8bab6f228ba1a4e70c0b48950947be37005bfa283fe6659b08 SHA512 ca742d9115007bc94627be19b90b32d6c8b0fe21fda8fca48d8973e080175d917ea586494f718cd4180b439a97f513299a4f279057b89251e02cef5e54ea803a
+EBUILD strongswan-5.7.1.ebuild 9426 BLAKE2B 48d770e14d7e08bd9baf7294fa3b8ffbdaff26347918a2b411dd2b958a71fdc20379d8659fee066d9d01a3680dbd040fa9421d9483a542b3c690792b12e70964 SHA512 412a269f27723601813d8145bbc2263bf627298197e8c50a76368e07530c04799c6149976c424ceddd6ccd48eee8b39ae845c8bec1100598c1a40b4bff9c478b
MISC metadata.xml 4135 BLAKE2B 13739675c455765d7ce73df9744779636d36d3f93eee4567c931fb40e528e56d34912e26a82bd35e377fbd34613c0b7044841ff6c2dc26694187d0de355f8b86 SHA512 e09ef1afdf5002dab542312753cbce56e830b906aa5c5ac8fd5c7b57cbaf021eb0c466241cf810f446693b8dedd90f185f3e2c7a53a0b9a43e14913dcdd83b23
diff --git a/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild b/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild
deleted file mode 100644
index 7682afd92ad3..000000000000
--- a/net-vpn/strongswan/strongswan-5.6.0-r1.ebuild
+++ /dev/null
@@ -1,303 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit eutils linux-info systemd user
-
-DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
-HOMEPAGE="http://www.strongswan.org/"
-SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
-
-LICENSE="GPL-2 RSA DES"
-SLOT="0"
-KEYWORDS="amd64 arm ppc ~ppc64 x86"
-IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11"
-
-STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
-STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist"
-for mod in $STRONGSWAN_PLUGINS_STD; do
- IUSE="${IUSE} +strongswan_plugins_${mod}"
-done
-
-for mod in $STRONGSWAN_PLUGINS_OPT; do
- IUSE="${IUSE} strongswan_plugins_${mod}"
-done
-
-COMMON_DEPEND="!net-misc/openswan
- gmp? ( >=dev-libs/gmp-4.1.5:= )
- gcrypt? ( dev-libs/libgcrypt:0 )
- caps? ( sys-libs/libcap )
- curl? ( net-misc/curl )
- ldap? ( net-nds/openldap )
- openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
- mysql? ( virtual/mysql )
- sqlite? ( >=dev-db/sqlite-3.3.1 )
- networkmanager? ( net-misc/networkmanager )
- pam? ( sys-libs/pam )
- strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
-DEPEND="${COMMON_DEPEND}
- virtual/linux-sources
- sys-kernel/linux-headers"
-RDEPEND="${COMMON_DEPEND}
- virtual/logger
- sys-apps/iproute2
- !net-vpn/libreswan
- selinux? ( sec-policy/selinux-ipsec )"
-
-UGID="ipsec"
-
-pkg_setup() {
- linux-info_pkg_setup
- elog "Linux kernel version: ${KV_FULL}"
-
- if ! kernel_is -ge 2 6 16; then
- eerror
- eerror "This ebuild currently only supports ${PN} with the"
- eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
- eerror
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn
- ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
- ewarn
-
- if kernel_is -lt 2 6 29; then
- ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
- ewarn "include all required IPv6 modules even if you just intend"
- ewarn "to run on IPv4 only."
- ewarn
- ewarn "This has been fixed with kernels >= 2.6.29."
- ewarn
- fi
-
- if kernel_is -lt 2 6 33; then
- ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
- ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
- ewarn "miss SHA384 and SHA512 HMAC support altogether."
- ewarn
- ewarn "If you need any of those features, please use kernel >= 2.6.33."
- ewarn
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
- ewarn "ESP cipher is only included in kernels >= 2.6.34."
- ewarn
- ewarn "If you need it, please use kernel >= 2.6.34."
- ewarn
- fi
- fi
-
- if use non-root; then
- enewgroup ${UGID}
- enewuser ${UGID} -1 -1 -1 ${UGID}
- fi
-}
-
-src_prepare() {
- epatch_user
-}
-
-src_configure() {
- local myconf=""
-
- if use non-root; then
- myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
- fi
-
- # If a user has already enabled db support, those plugins will
- # most likely be desired as well. Besides they don't impose new
- # dependencies and come at no cost (except for space).
- if use mysql || use sqlite; then
- myconf="${myconf} --enable-attr-sql --enable-sql"
- fi
-
- # strongSwan builds and installs static libs by default which are
- # useless to the user (and to strongSwan for that matter) because no
- # header files or alike get installed... so disabling them is safe.
- if use pam && use eap; then
- myconf="${myconf} --enable-eap-gtc"
- else
- myconf="${myconf} --disable-eap-gtc"
- fi
-
- for mod in $STRONGSWAN_PLUGINS_STD; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- for mod in $STRONGSWAN_PLUGINS_OPT; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- econf \
- --disable-static \
- --enable-ikev1 \
- --enable-ikev2 \
- --enable-swanctl \
- --enable-socket-dynamic \
- $(use_with caps capabilities libcap) \
- $(use_enable curl) \
- $(use_enable constraints) \
- $(use_enable ldap) \
- $(use_enable debug leak-detective) \
- $(use_enable dhcp) \
- $(use_enable eap eap-sim) \
- $(use_enable eap eap-sim-file) \
- $(use_enable eap eap-simaka-sql) \
- $(use_enable eap eap-simaka-pseudonym) \
- $(use_enable eap eap-simaka-reauth) \
- $(use_enable eap eap-identity) \
- $(use_enable eap eap-md5) \
- $(use_enable eap eap-aka) \
- $(use_enable eap eap-aka-3gpp2) \
- $(use_enable eap md4) \
- $(use_enable eap eap-mschapv2) \
- $(use_enable eap eap-radius) \
- $(use_enable eap eap-tls) \
- $(use_enable eap xauth-eap) \
- $(use_enable eap eap-dynamic) \
- $(use_enable farp) \
- $(use_enable gmp) \
- $(use_enable gcrypt) \
- $(use_enable mysql) \
- $(use_enable networkmanager nm) \
- $(use_enable openssl) \
- $(use_enable pam xauth-pam) \
- $(use_enable pkcs11) \
- $(use_enable sqlite) \
- "$(systemd_with_unitdir)" \
- ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- doinitd "${FILESDIR}"/ipsec
-
- local dir_ugid
- if use non-root; then
- fowners ${UGID}:${UGID} \
- /etc/ipsec.conf \
- /etc/strongswan.conf
-
- dir_ugid="${UGID}"
- else
- dir_ugid="root"
- fi
-
- diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
- dodir /etc/ipsec.d \
- /etc/ipsec.d/aacerts \
- /etc/ipsec.d/acerts \
- /etc/ipsec.d/cacerts \
- /etc/ipsec.d/certs \
- /etc/ipsec.d/crls \
- /etc/ipsec.d/ocspcerts \
- /etc/ipsec.d/private \
- /etc/ipsec.d/reqs
-
- dodoc NEWS README TODO || die
-
- # shared libs are used only internally and there are no static libs,
- # so it's safe to get rid of the .la files
- find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
-}
-
-pkg_preinst() {
- has_version "<net-vpn/strongswan-4.3.6-r1"
- upgrade_from_leq_4_3_6=$(( !$? ))
-
- has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
- previous_4_3_6_with_caps=$(( !$? ))
-}
-
-pkg_postinst() {
- if ! use openssl && ! use gcrypt; then
- elog
- elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
- elog "Please note that this might effect availability and speed of some"
- elog "cryptographic features. You are advised to enable the OpenSSL plugin."
- elif ! use openssl; then
- elog
- elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
- elog "availability and speed of some cryptographic features. There will be"
- elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
- elog "25, 26) and ECDSA."
- fi
-
- if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
- chmod 0750 "${ROOT}"/etc/ipsec.d \
- "${ROOT}"/etc/ipsec.d/aacerts \
- "${ROOT}"/etc/ipsec.d/acerts \
- "${ROOT}"/etc/ipsec.d/cacerts \
- "${ROOT}"/etc/ipsec.d/certs \
- "${ROOT}"/etc/ipsec.d/crls \
- "${ROOT}"/etc/ipsec.d/ocspcerts \
- "${ROOT}"/etc/ipsec.d/private \
- "${ROOT}"/etc/ipsec.d/reqs
-
- ewarn
- ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
- ewarn "security reasons. Your system installed directories have been"
- ewarn "updated accordingly. Please check if necessary."
- ewarn
-
- if [[ $previous_4_3_6_with_caps == 1 ]]; then
- if ! use non-root; then
- ewarn
- ewarn "IMPORTANT: You previously had ${PN} installed without root"
- ewarn "privileges because it was implied by the 'caps' USE flag."
- ewarn "This has been changed. If you want ${PN} with user privileges,"
- ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
- ewarn
- fi
- fi
- fi
- if ! use caps && ! use non-root; then
- ewarn
- ewarn "You have decided to run ${PN} with root privileges and built it"
- ewarn "without support for POSIX capability dropping. It is generally"
- ewarn "strongly suggested that you reconsider- especially if you intend"
- ewarn "to run ${PN} as server with a public ip address."
- ewarn
- ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
- ewarn
- fi
- if use non-root; then
- elog
- elog "${PN} has been installed without superuser privileges (USE=non-root)."
- elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
- elog "but also a few to the IKEv2 daemon 'charon'."
- elog
- elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
- elog
- elog "pluto uses a helper script by default to insert/remove routing and"
- elog "policy rules upon connection start/stop which requires superuser"
- elog "privileges. charon in contrast does this internally and can do so"
- elog "even with reduced (user) privileges."
- elog
- elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
- elog "script to pluto or charon which requires superuser privileges, you"
- elog "can work around this limitation by using sudo to grant the"
- elog "user \"ipsec\" the appropriate rights."
- elog "For example (the default case):"
- elog "/etc/sudoers:"
- elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
- elog "Under the specific connection block in /etc/ipsec.conf:"
- elog " leftupdown=\"sudo -E ipsec _updown iptables\""
- elog
- fi
- elog
- elog "Make sure you have _all_ required kernel modules available including"
- elog "the appropriate cryptographic algorithms. A list is available at:"
- elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
- elog
- elog "The up-to-date manual is available online at:"
- elog " http://wiki.strongswan.org/"
- elog
-}
diff --git a/net-vpn/strongswan/strongswan-5.6.2.ebuild b/net-vpn/strongswan/strongswan-5.6.2.ebuild
deleted file mode 100644
index c7dbeeac3bec..000000000000
--- a/net-vpn/strongswan/strongswan-5.6.2.ebuild
+++ /dev/null
@@ -1,303 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit eutils linux-info systemd user
-
-DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
-HOMEPAGE="http://www.strongswan.org/"
-SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
-
-LICENSE="GPL-2 RSA DES"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
-IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11"
-
-STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
-STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist"
-for mod in $STRONGSWAN_PLUGINS_STD; do
- IUSE="${IUSE} +strongswan_plugins_${mod}"
-done
-
-for mod in $STRONGSWAN_PLUGINS_OPT; do
- IUSE="${IUSE} strongswan_plugins_${mod}"
-done
-
-COMMON_DEPEND="!net-misc/openswan
- gmp? ( >=dev-libs/gmp-4.1.5:= )
- gcrypt? ( dev-libs/libgcrypt:0 )
- caps? ( sys-libs/libcap )
- curl? ( net-misc/curl )
- ldap? ( net-nds/openldap )
- openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
- mysql? ( virtual/mysql )
- sqlite? ( >=dev-db/sqlite-3.3.1 )
- networkmanager? ( net-misc/networkmanager )
- pam? ( sys-libs/pam )
- strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
-DEPEND="${COMMON_DEPEND}
- virtual/linux-sources
- sys-kernel/linux-headers"
-RDEPEND="${COMMON_DEPEND}
- virtual/logger
- sys-apps/iproute2
- !net-vpn/libreswan
- selinux? ( sec-policy/selinux-ipsec )"
-
-UGID="ipsec"
-
-pkg_setup() {
- linux-info_pkg_setup
- elog "Linux kernel version: ${KV_FULL}"
-
- if ! kernel_is -ge 2 6 16; then
- eerror
- eerror "This ebuild currently only supports ${PN} with the"
- eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
- eerror
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn
- ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
- ewarn
-
- if kernel_is -lt 2 6 29; then
- ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
- ewarn "include all required IPv6 modules even if you just intend"
- ewarn "to run on IPv4 only."
- ewarn
- ewarn "This has been fixed with kernels >= 2.6.29."
- ewarn
- fi
-
- if kernel_is -lt 2 6 33; then
- ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
- ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
- ewarn "miss SHA384 and SHA512 HMAC support altogether."
- ewarn
- ewarn "If you need any of those features, please use kernel >= 2.6.33."
- ewarn
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
- ewarn "ESP cipher is only included in kernels >= 2.6.34."
- ewarn
- ewarn "If you need it, please use kernel >= 2.6.34."
- ewarn
- fi
- fi
-
- if use non-root; then
- enewgroup ${UGID}
- enewuser ${UGID} -1 -1 -1 ${UGID}
- fi
-}
-
-src_prepare() {
- epatch_user
-}
-
-src_configure() {
- local myconf=""
-
- if use non-root; then
- myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
- fi
-
- # If a user has already enabled db support, those plugins will
- # most likely be desired as well. Besides they don't impose new
- # dependencies and come at no cost (except for space).
- if use mysql || use sqlite; then
- myconf="${myconf} --enable-attr-sql --enable-sql"
- fi
-
- # strongSwan builds and installs static libs by default which are
- # useless to the user (and to strongSwan for that matter) because no
- # header files or alike get installed... so disabling them is safe.
- if use pam && use eap; then
- myconf="${myconf} --enable-eap-gtc"
- else
- myconf="${myconf} --disable-eap-gtc"
- fi
-
- for mod in $STRONGSWAN_PLUGINS_STD; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- for mod in $STRONGSWAN_PLUGINS_OPT; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- econf \
- --disable-static \
- --enable-ikev1 \
- --enable-ikev2 \
- --enable-swanctl \
- --enable-socket-dynamic \
- $(use_with caps capabilities libcap) \
- $(use_enable curl) \
- $(use_enable constraints) \
- $(use_enable ldap) \
- $(use_enable debug leak-detective) \
- $(use_enable dhcp) \
- $(use_enable eap eap-sim) \
- $(use_enable eap eap-sim-file) \
- $(use_enable eap eap-simaka-sql) \
- $(use_enable eap eap-simaka-pseudonym) \
- $(use_enable eap eap-simaka-reauth) \
- $(use_enable eap eap-identity) \
- $(use_enable eap eap-md5) \
- $(use_enable eap eap-aka) \
- $(use_enable eap eap-aka-3gpp2) \
- $(use_enable eap md4) \
- $(use_enable eap eap-mschapv2) \
- $(use_enable eap eap-radius) \
- $(use_enable eap eap-tls) \
- $(use_enable eap xauth-eap) \
- $(use_enable eap eap-dynamic) \
- $(use_enable farp) \
- $(use_enable gmp) \
- $(use_enable gcrypt) \
- $(use_enable mysql) \
- $(use_enable networkmanager nm) \
- $(use_enable openssl) \
- $(use_enable pam xauth-pam) \
- $(use_enable pkcs11) \
- $(use_enable sqlite) \
- "$(systemd_with_unitdir)" \
- ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- doinitd "${FILESDIR}"/ipsec
-
- local dir_ugid
- if use non-root; then
- fowners ${UGID}:${UGID} \
- /etc/ipsec.conf \
- /etc/strongswan.conf
-
- dir_ugid="${UGID}"
- else
- dir_ugid="root"
- fi
-
- diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
- dodir /etc/ipsec.d \
- /etc/ipsec.d/aacerts \
- /etc/ipsec.d/acerts \
- /etc/ipsec.d/cacerts \
- /etc/ipsec.d/certs \
- /etc/ipsec.d/crls \
- /etc/ipsec.d/ocspcerts \
- /etc/ipsec.d/private \
- /etc/ipsec.d/reqs
-
- dodoc NEWS README TODO || die
-
- # shared libs are used only internally and there are no static libs,
- # so it's safe to get rid of the .la files
- find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
-}
-
-pkg_preinst() {
- has_version "<net-vpn/strongswan-4.3.6-r1"
- upgrade_from_leq_4_3_6=$(( !$? ))
-
- has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
- previous_4_3_6_with_caps=$(( !$? ))
-}
-
-pkg_postinst() {
- if ! use openssl && ! use gcrypt; then
- elog
- elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
- elog "Please note that this might effect availability and speed of some"
- elog "cryptographic features. You are advised to enable the OpenSSL plugin."
- elif ! use openssl; then
- elog
- elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
- elog "availability and speed of some cryptographic features. There will be"
- elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
- elog "25, 26) and ECDSA."
- fi
-
- if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
- chmod 0750 "${ROOT}"/etc/ipsec.d \
- "${ROOT}"/etc/ipsec.d/aacerts \
- "${ROOT}"/etc/ipsec.d/acerts \
- "${ROOT}"/etc/ipsec.d/cacerts \
- "${ROOT}"/etc/ipsec.d/certs \
- "${ROOT}"/etc/ipsec.d/crls \
- "${ROOT}"/etc/ipsec.d/ocspcerts \
- "${ROOT}"/etc/ipsec.d/private \
- "${ROOT}"/etc/ipsec.d/reqs
-
- ewarn
- ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
- ewarn "security reasons. Your system installed directories have been"
- ewarn "updated accordingly. Please check if necessary."
- ewarn
-
- if [[ $previous_4_3_6_with_caps == 1 ]]; then
- if ! use non-root; then
- ewarn
- ewarn "IMPORTANT: You previously had ${PN} installed without root"
- ewarn "privileges because it was implied by the 'caps' USE flag."
- ewarn "This has been changed. If you want ${PN} with user privileges,"
- ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
- ewarn
- fi
- fi
- fi
- if ! use caps && ! use non-root; then
- ewarn
- ewarn "You have decided to run ${PN} with root privileges and built it"
- ewarn "without support for POSIX capability dropping. It is generally"
- ewarn "strongly suggested that you reconsider- especially if you intend"
- ewarn "to run ${PN} as server with a public ip address."
- ewarn
- ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
- ewarn
- fi
- if use non-root; then
- elog
- elog "${PN} has been installed without superuser privileges (USE=non-root)."
- elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
- elog "but also a few to the IKEv2 daemon 'charon'."
- elog
- elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
- elog
- elog "pluto uses a helper script by default to insert/remove routing and"
- elog "policy rules upon connection start/stop which requires superuser"
- elog "privileges. charon in contrast does this internally and can do so"
- elog "even with reduced (user) privileges."
- elog
- elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
- elog "script to pluto or charon which requires superuser privileges, you"
- elog "can work around this limitation by using sudo to grant the"
- elog "user \"ipsec\" the appropriate rights."
- elog "For example (the default case):"
- elog "/etc/sudoers:"
- elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
- elog "Under the specific connection block in /etc/ipsec.conf:"
- elog " leftupdown=\"sudo -E ipsec _updown iptables\""
- elog
- fi
- elog
- elog "Make sure you have _all_ required kernel modules available including"
- elog "the appropriate cryptographic algorithms. A list is available at:"
- elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
- elog
- elog "The up-to-date manual is available online at:"
- elog " http://wiki.strongswan.org/"
- elog
-}
diff --git a/net-vpn/strongswan/strongswan-5.6.3.ebuild b/net-vpn/strongswan/strongswan-5.6.3.ebuild
deleted file mode 100644
index a9486f5cba78..000000000000
--- a/net-vpn/strongswan/strongswan-5.6.3.ebuild
+++ /dev/null
@@ -1,303 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-inherit linux-info systemd user
-
-DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
-HOMEPAGE="https://www.strongswan.org/"
-SRC_URI="https://download.strongswan.org/${P}.tar.bz2"
-
-LICENSE="GPL-2 RSA DES"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
-IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"
-
-STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
-STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
-for mod in $STRONGSWAN_PLUGINS_STD; do
- IUSE="${IUSE} +strongswan_plugins_${mod}"
-done
-
-for mod in $STRONGSWAN_PLUGINS_OPT; do
- IUSE="${IUSE} strongswan_plugins_${mod}"
-done
-
-COMMON_DEPEND="!net-misc/openswan
- gmp? ( >=dev-libs/gmp-4.1.5:= )
- gcrypt? ( dev-libs/libgcrypt:0 )
- caps? ( sys-libs/libcap )
- curl? ( net-misc/curl )
- ldap? ( net-nds/openldap )
- openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
- mysql? ( virtual/mysql )
- sqlite? ( >=dev-db/sqlite-3.3.1 )
- systemd? ( sys-apps/systemd )
- networkmanager? ( net-misc/networkmanager )
- pam? ( sys-libs/pam )
- strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
-DEPEND="${COMMON_DEPEND}
- virtual/linux-sources
- sys-kernel/linux-headers"
-RDEPEND="${COMMON_DEPEND}
- virtual/logger
- sys-apps/iproute2
- !net-vpn/libreswan
- selinux? ( sec-policy/selinux-ipsec )"
-
-UGID="ipsec"
-
-pkg_setup() {
- linux-info_pkg_setup
-
- elog "Linux kernel version: ${KV_FULL}"
-
- if ! kernel_is -ge 2 6 16; then
- eerror
- eerror "This ebuild currently only supports ${PN} with the"
- eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
- eerror
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn
- ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
- ewarn
-
- if kernel_is -lt 2 6 29; then
- ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
- ewarn "include all required IPv6 modules even if you just intend"
- ewarn "to run on IPv4 only."
- ewarn
- ewarn "This has been fixed with kernels >= 2.6.29."
- ewarn
- fi
-
- if kernel_is -lt 2 6 33; then
- ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
- ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
- ewarn "miss SHA384 and SHA512 HMAC support altogether."
- ewarn
- ewarn "If you need any of those features, please use kernel >= 2.6.33."
- ewarn
- fi
-
- if kernel_is -lt 2 6 34; then
- ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
- ewarn "ESP cipher is only included in kernels >= 2.6.34."
- ewarn
- ewarn "If you need it, please use kernel >= 2.6.34."
- ewarn
- fi
- fi
-
- if use non-root; then
- enewgroup ${UGID}
- enewuser ${UGID} -1 -1 -1 ${UGID}
- fi
-}
-
-src_configure() {
- local myconf=""
-
- if use non-root; then
- myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
- fi
-
- # If a user has already enabled db support, those plugins will
- # most likely be desired as well. Besides they don't impose new
- # dependencies and come at no cost (except for space).
- if use mysql || use sqlite; then
- myconf="${myconf} --enable-attr-sql --enable-sql"
- fi
-
- # strongSwan builds and installs static libs by default which are
- # useless to the user (and to strongSwan for that matter) because no
- # header files or alike get installed... so disabling them is safe.
- if use pam && use eap; then
- myconf="${myconf} --enable-eap-gtc"
- else
- myconf="${myconf} --disable-eap-gtc"
- fi
-
- for mod in $STRONGSWAN_PLUGINS_STD; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- for mod in $STRONGSWAN_PLUGINS_OPT; do
- if use strongswan_plugins_${mod}; then
- myconf+=" --enable-${mod}"
- fi
- done
-
- econf \
- --disable-static \
- --enable-ikev1 \
- --enable-ikev2 \
- --enable-swanctl \
- --enable-socket-dynamic \
- $(use_enable curl) \
- $(use_enable constraints) \
- $(use_enable ldap) \
- $(use_enable debug leak-detective) \
- $(use_enable dhcp) \
- $(use_enable eap eap-sim) \
- $(use_enable eap eap-sim-file) \
- $(use_enable eap eap-simaka-sql) \
- $(use_enable eap eap-simaka-pseudonym) \
- $(use_enable eap eap-simaka-reauth) \
- $(use_enable eap eap-identity) \
- $(use_enable eap eap-md5) \
- $(use_enable eap eap-aka) \
- $(use_enable eap eap-aka-3gpp2) \
- $(use_enable eap md4) \
- $(use_enable eap eap-mschapv2) \
- $(use_enable eap eap-radius) \
- $(use_enable eap eap-tls) \
- $(use_enable eap eap-ttls) \
- $(use_enable eap xauth-eap) \
- $(use_enable eap eap-dynamic) \
- $(use_enable farp) \
- $(use_enable gmp) \
- $(use_enable gcrypt) \
- $(use_enable mysql) \
- $(use_enable networkmanager nm) \
- $(use_enable openssl) \
- $(use_enable pam xauth-pam) \
- $(use_enable pkcs11) \
- $(use_enable sqlite) \
- $(use_enable systemd) \
- $(use_with caps capabilities libcap) \
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
- ${myconf}
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- doinitd "${FILESDIR}"/ipsec
-
- local dir_ugid
- if use non-root; then
- fowners ${UGID}:${UGID} \
- /etc/ipsec.conf \
- /etc/strongswan.conf
-
- dir_ugid="${UGID}"
- else
- dir_ugid="root"
- fi
-
- diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
- dodir /etc/ipsec.d \
- /etc/ipsec.d/aacerts \
- /etc/ipsec.d/acerts \
- /etc/ipsec.d/cacerts \
- /etc/ipsec.d/certs \
- /etc/ipsec.d/crls \
- /etc/ipsec.d/ocspcerts \
- /etc/ipsec.d/private \
- /etc/ipsec.d/reqs
-
- dodoc NEWS README TODO || die
-
- # shared libs are used only internally and there are no static libs,
- # so it's safe to get rid of the .la files
- find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
-}
-
-pkg_preinst() {
- has_version "<net-vpn/strongswan-4.3.6-r1"
- upgrade_from_leq_4_3_6=$(( !$? ))
-
- has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
- previous_4_3_6_with_caps=$(( !$? ))
-}
-
-pkg_postinst() {
- if ! use openssl && ! use gcrypt; then
- elog
- elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
- elog "Please note that this might effect availability and speed of some"
- elog "cryptographic features. You are advised to enable the OpenSSL plugin."
- elif ! use openssl; then
- elog
- elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
- elog "availability and speed of some cryptographic features. There will be"
- elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
- elog "25, 26) and ECDSA."
- fi
-
- if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
- chmod 0750 "${ROOT}"/etc/ipsec.d \
- "${ROOT}"/etc/ipsec.d/aacerts \
- "${ROOT}"/etc/ipsec.d/acerts \
- "${ROOT}"/etc/ipsec.d/cacerts \
- "${ROOT}"/etc/ipsec.d/certs \
- "${ROOT}"/etc/ipsec.d/crls \
- "${ROOT}"/etc/ipsec.d/ocspcerts \
- "${ROOT}"/etc/ipsec.d/private \
- "${ROOT}"/etc/ipsec.d/reqs
-
- ewarn
- ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
- ewarn "security reasons. Your system installed directories have been"
- ewarn "updated accordingly. Please check if necessary."
- ewarn
-
- if [[ $previous_4_3_6_with_caps == 1 ]]; then
- if ! use non-root; then
- ewarn
- ewarn "IMPORTANT: You previously had ${PN} installed without root"
- ewarn "privileges because it was implied by the 'caps' USE flag."
- ewarn "This has been changed. If you want ${PN} with user privileges,"
- ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
- ewarn
- fi
- fi
- fi
- if ! use caps && ! use non-root; then
- ewarn
- ewarn "You have decided to run ${PN} with root privileges and built it"
- ewarn "without support for POSIX capability dropping. It is generally"
- ewarn "strongly suggested that you reconsider- especially if you intend"
- ewarn "to run ${PN} as server with a public ip address."
- ewarn
- ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
- ewarn
- fi
- if use non-root; then
- elog
- elog "${PN} has been installed without superuser privileges (USE=non-root)."
- elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
- elog "but also a few to the IKEv2 daemon 'charon'."
- elog
- elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
- elog
- elog "pluto uses a helper script by default to insert/remove routing and"
- elog "policy rules upon connection start/stop which requires superuser"
- elog "privileges. charon in contrast does this internally and can do so"
- elog "even with reduced (user) privileges."
- elog
- elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
- elog "script to pluto or charon which requires superuser privileges, you"
- elog "can work around this limitation by using sudo to grant the"
- elog "user \"ipsec\" the appropriate rights."
- elog "For example (the default case):"
- elog "/etc/sudoers:"
- elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
- elog "Under the specific connection block in /etc/ipsec.conf:"
- elog " leftupdown=\"sudo -E ipsec _updown iptables\""
- elog
- fi
- elog
- elog "Make sure you have _all_ required kernel modules available including"
- elog "the appropriate cryptographic algorithms. A list is available at:"
- elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
- elog
- elog "The up-to-date manual is available online at:"
- elog " http://wiki.strongswan.org/"
- elog
-}
diff --git a/net-vpn/strongswan/strongswan-5.7.1.ebuild b/net-vpn/strongswan/strongswan-5.7.1.ebuild
index 66abae1e8a4b..b536b1a8534f 100644
--- a/net-vpn/strongswan/strongswan-5.7.1.ebuild
+++ b/net-vpn/strongswan/strongswan-5.7.1.ebuild
@@ -10,7 +10,7 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2"
LICENSE="GPL-2 RSA DES"
SLOT="0"
-KEYWORDS="amd64 arm ~ppc ~ppc64 x86"
+KEYWORDS="amd64 arm ppc ~ppc64 x86"
IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"
STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 32ae3cb42043..d2605c8e2724 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -4,14 +4,14 @@ AUX tor-0.3.3.2-alpha-tor.service.in.patch 305 BLAKE2B 6ed92587a7f4ba3e40837e911
AUX tor.confd 44 BLAKE2B 70df86a361c7b735283c5699e4d8d8a054a84629c749adb4dc57c196d49df4492471cb8b21dde43d668b31171ee2dfae81562a70367c72801ae60046908b022e SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660
AUX tor.initd-r8 953 BLAKE2B 7af04f23c95b7edd90bfb6989741973cb63a846ad8a34be9a07e347308523caad1a1e0255e5597bdfb818257ab6db03da0f07622707ff60c62926f91d9d7d6e8 SHA512 4b690a721311a310131041ab962c571f1898f884f55fedf91b842e5190ce58399cccf59d34b4716d5dc15df4183f994d84c7c39f8458cb5f5da870ddc2db1730
AUX torrc-r1 140 BLAKE2B 4b7e0795c09e737c5dda014c2b87811757bb8d68d581ece49f5002a2c42ee29c64899c635daf27b3465194a73ca5fd21a3a7ca655682fa5f5ffc7f4b2360b125 SHA512 6e3c481b34f2cb6f48bf87fe10565daded00415cc233332d43e18206d46eb7b32f92c55035584b5992e7a056e79e862124a573a9724f7762f76d4c4f0824de82
-DIST tor-0.3.1.10.tar.gz 6192183 BLAKE2B 4c1b57a3b19d18d735bb7362a08e4c2330350f2e31d52a8eb6d837cebc45ad6e64f3364e368f72d59bb8f51f652d4029a3e237a26efe580551811f5812e8dac4 SHA512 92af34a96bea2a99ab51d766d932da697409e404da4318ba6b3360ff0c2e9369b9afa652445a1651940f5a0502f4137141cc87cff14eba180539ea81be0c21a3
DIST tor-0.3.4.7-rc.tar.gz 6668322 BLAKE2B 863d24d04ba7919d08b3c69bca2edf3ee46af6aa074812f76067199670b17bb8538233c7631cb17e1cada4b2b4527b0db4b3b7a7b945ae7ca7a03e52685fce00 SHA512 664211ffd6adcdb325cf669fed9fb7c70b1416da3df046c35622b5104a4b63d9a3123eb40744bc070d29ff97472adf31b1aaecea5b91c07059d0cdad79569b58
DIST tor-0.3.4.8.tar.gz 6679385 BLAKE2B 9cb65442effd1cfceb34f3483a0e96de5e59e9ce1bd2241533dd8eb62e4428a6c0f9decd816dda49515fc92acd8c77e69f7d39133a67fb5053a858dc78464791 SHA512 bfedc29253cb8fdbe1864ea5992ad33184577d88ab806a249a544f3b3142a7bc1453892955df335185aff72508095fb2a2a07ac6b96c99668e5e8d593d7aea6d
DIST tor-0.3.4.9.tar.gz 6695931 BLAKE2B ebfe0f49ae923e63b0bd8a7cafc453d7b0775cbfd167463b364490faf9bbf61decd28906d8f5bb08bfa9a5a10b371d9188a5019314c0de5ace15cc379347f88e SHA512 cc254a2cc2f21b4511e9cb215ba5f05fefc4dceffcf46a402efa2d3540872a4ed8e0095245df0802ea12c1367451bc16ca60c0aea6a77e2139580f3c5ba8c02f
-DIST tor-0.3.5.3-alpha.tar.gz 6862572 BLAKE2B c4832828042bbecaf7c34bcb8999873cb4a5314598b2731cba02b2335c09fd8685588c52b15345821288cc94c9ab731c150b5010dee27d2dce1a15914ee31a6d SHA512 fdbbf5a69f9c0708afa4bb9e4925db4f7384997d7f497f1298d0106b76944c060c858fd061aa292310384e7b35f0ac41570cd89bb8c7e8208c832908fa3288af
-EBUILD tor-0.3.1.10.ebuild 2018 BLAKE2B 5c001ed0ad1fd3f0d6a3dee6bcc53bc3590a90a5c0aa931c0e67e0cbceb000ef710fa33fe11b06fc08798c6286ffa877376ef6ebf2cbd426e7a26c94311e19c2 SHA512 65f6054ac7b50c46679d88ed1a5b556f5e3c40fe44e784e6b4de324bd317e3d118a8d0d4574ac62bcd17131412c3ad1cbdd0c27f4afd53568091ce400b171244
+DIST tor-0.3.5.4-alpha.tar.gz 6867919 BLAKE2B 0b9ecb02c4399df80a641825d955ca39c6d8712e8706db63d9946698adf77cf4af0d947077e6150da60e38a41accf6e6894bd29e54c1fc590a38fbc9003220bc SHA512 8bb6c72295fb6d92301fc59159368960d1b12c3c24cbca8620efe20121192d3307fd0e44d91c5cf69bbc27486ad31ec87db04ff732a7eef36b0b5d81898d3cda
+DIST tor-0.3.5.5-alpha.tar.gz 6893528 BLAKE2B 36d3ac98cd535046110ef24f8e388481ecfac2cd01f52b8fe1f0a88e0639ee5bbf620b50b256c954f1bc37da5c99bc8bf74a29315c3def9f21e4ab845a213153 SHA512 963aeb6ecdf8c772670261a49e273a89b5a5ac4296aec445fecf42996059a1aecaadba198a495c665afab02fc55d2572f0e66a7ebfc775512d029d53c3fd6575
EBUILD tor-0.3.4.7_rc.ebuild 2232 BLAKE2B 3932f94eadda82099130eea978fcb76a88ba5b60bc62942f40b53b1e1d3d47f6ba94d056159bb6ea7d13c4f36eee7ac74b2a1ea6c60a351f38a3dc246ad0ea63 SHA512 0550f1a625ff99adf97ff4dfccc4874596a32ae6ffbc550493acd29f3f8377c7029c142c2b9c4ecc201ab72914ccb26e583b4bd0f51cf5e590155daa870c4989
EBUILD tor-0.3.4.8.ebuild 2237 BLAKE2B 2d21116f6249afbc98dc16881219fe689fec38c392e253d0b9661edf28d0fffb357c10c04fcf259368b66d0a25b7e2e558134cee404040b3bab78104985afad0 SHA512 64ed20c1dcd0486883729a8f90f89e80e9be5b499f17d3309313ea5aeaf29027ea82db0aa4ae00c107c3af123d4f1de5af003fbbee25cd188c2ea7cae398cb80
-EBUILD tor-0.3.4.9.ebuild 2203 BLAKE2B 86e026d6aae4bb772a64cffaa9ab28683befae6e8813e66b6f6a6f6582a591015296099346b3895beb7d8f76cc3c59eaef545d86260d48d6a336e26362983d2e SHA512 446bb80734d11b7858b6d6b5aa219816240a235bcbc2ac2c98a370f006d81194650dbf1df6533a7428f546eddfbbcb578e831633006f0b4884c2685cf5b69849
-EBUILD tor-0.3.5.3_alpha.ebuild 2215 BLAKE2B 33b04c74ef81f1ed3d18c84a0a5bf52db92d42037444d432f181cb36eef2b0cf056f79f642e9023758b6e2706253c122c43fe8e065e38865f555fc6d51263bc6 SHA512 bb2c831146afe5a57e4607c0cdaacc57b0b57667d514e63b31ba3d3468916b98836a96fffdf251ae41d9d52c92352174ece6c4e4eb069dafb9a677fa8fa7943f
+EBUILD tor-0.3.4.9.ebuild 2202 BLAKE2B a0ae4ad979a126c4f78b4f32b7749ac425a0a51d32dbb54508973a91295074132f53935dec0840cf46a19f88eeea9f780bd65b9fd56ff65e112a642f1cd7e02c SHA512 b747e90b10303417487e3314141f26bfa8aafe12fa37b8c4c705932880d8b9620938f02c754365fdb39d78b9b322985f3bdb8b73a25ed3bf0c5193dbff5f8482
+EBUILD tor-0.3.5.4_alpha.ebuild 2181 BLAKE2B e65939c84bf205ea13500ee921724db11064a4aade605a9a6fd71ff4294927bceac1d2148eb77821a678c369318f6ce03666ec5b503aabaf87108dc8fd01704b SHA512 4a1e55cc587658858d4156181336a3962904a1ee5f89e8e31dec37eacf6d9217f604c5221c05d756213c5e31fa34957c452bdce8993379558b21045a45e1d61c
+EBUILD tor-0.3.5.5_alpha.ebuild 2181 BLAKE2B e65939c84bf205ea13500ee921724db11064a4aade605a9a6fd71ff4294927bceac1d2148eb77821a678c369318f6ce03666ec5b503aabaf87108dc8fd01704b SHA512 4a1e55cc587658858d4156181336a3962904a1ee5f89e8e31dec37eacf6d9217f604c5221c05d756213c5e31fa34957c452bdce8993379558b21045a45e1d61c
MISC metadata.xml 594 BLAKE2B 006e1ebc9876f83cb7cc3dcb7cea9ff0dfc763e9eb47c025e38b7588e1e4fef7c26ab130c61cdd3200b8d3d9be886b3aab377585972be178c93b758aff48c4c3 SHA512 011f77654a507d13c0542e6983df8ec86c5f2cff7cd1408f99c9d4da9d00ffb4b432317b2fd21500e62131e6f7c9bc60235cf55f2b8082391b9fe3bcf924ab2b
diff --git a/net-vpn/tor/tor-0.3.4.9.ebuild b/net-vpn/tor/tor-0.3.4.9.ebuild
index 3e64c44d21ed..b411030684bd 100644
--- a/net-vpn/tor/tor-0.3.4.9.ebuild
+++ b/net-vpn/tor/tor-0.3.4.9.ebuild
@@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_PF}"
LICENSE="BSD GPL-2"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos"
+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 x86 ~ppc-macos"
IUSE="caps libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd"
DEPEND="
diff --git a/net-vpn/tor/tor-0.3.5.3_alpha.ebuild b/net-vpn/tor/tor-0.3.5.4_alpha.ebuild
index eec218e6109b..c6f1f5f1020a 100644
--- a/net-vpn/tor/tor-0.3.5.3_alpha.ebuild
+++ b/net-vpn/tor/tor-0.3.5.4_alpha.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="6"
+EAPI="7"
-inherit flag-o-matic readme.gentoo-r1 systemd versionator user
+inherit flag-o-matic readme.gentoo-r1 systemd user
-MY_PV="$(replace_version_separator 4 -)"
+MY_PV="$(ver_rs 4 -)"
MY_PF="${PN}-${MY_PV}"
DESCRIPTION="Anonymizing overlay network for TCP"
HOMEPAGE="http://www.torproject.org/"
diff --git a/net-vpn/tor/tor-0.3.1.10.ebuild b/net-vpn/tor/tor-0.3.5.5_alpha.ebuild
index eda70f132ce5..c6f1f5f1020a 100644
--- a/net-vpn/tor/tor-0.3.1.10.ebuild
+++ b/net-vpn/tor/tor-0.3.5.5_alpha.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="6"
+EAPI="7"
-inherit flag-o-matic readme.gentoo-r1 systemd versionator user
+inherit flag-o-matic readme.gentoo-r1 systemd user
-MY_PV="$(replace_version_separator 4 -)"
+MY_PV="$(ver_rs 4 -)"
MY_PF="${PN}-${MY_PV}"
DESCRIPTION="Anonymizing overlay network for TCP"
HOMEPAGE="http://www.torproject.org/"
@@ -15,14 +15,14 @@ S="${WORKDIR}/${MY_PF}"
LICENSE="BSD GPL-2"
SLOT="0"
-# We need to keyword app-arch/zstd
-KEYWORDS="amd64 arm ~mips ppc ppc64 x86 ~ppc-macos"
-IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd"
+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos"
+IUSE="caps libressl lzma scrypt seccomp selinux systemd tor-hardening test zstd"
DEPEND="
app-text/asciidoc
dev-libs/libevent[ssl]
sys-libs/zlib
+ caps? ( sys-libs/libcap )
!libressl? ( dev-libs/openssl:0=[-bindist] )
libressl? ( dev-libs/libressl:0= )
lzma? ( app-arch/xz-utils )
@@ -35,6 +35,7 @@ RDEPEND="${DEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.3.3.2-alpha-tor.service.in.patch
)
DOCS=( README ChangeLog ReleaseNotes doc/HACKING )
@@ -45,19 +46,24 @@ pkg_setup() {
}
src_configure() {
+ export ac_cv_lib_cap_cap_init=$(usex caps)
econf \
--localstatedir="${EPREFIX}/var" \
--enable-system-torrc \
--enable-asciidoc \
+ --disable-android \
--disable-libfuzzer \
+ --disable-module-dirauth \
+ --enable-pic \
--disable-rust \
+ --disable-restart-debugging \
+ --disable-zstd-advanced-apis \
$(use_enable lzma) \
$(use_enable scrypt libscrypt) \
$(use_enable seccomp) \
$(use_enable systemd) \
$(use_enable tor-hardening gcc-hardening) \
$(use_enable tor-hardening linker-hardening) \
- $(use_enable web tor2web-mode) \
$(use_enable test unittests) \
$(use_enable test coverage) \
$(use_enable zstd)
diff --git a/net-vpn/vpnc/Manifest b/net-vpn/vpnc/Manifest
index 9e25f94f44fc..ab52550864e5 100644
--- a/net-vpn/vpnc/Manifest
+++ b/net-vpn/vpnc/Manifest
@@ -3,5 +3,5 @@ AUX vpnc-tmpfiles.conf 29 BLAKE2B cc5cf7d24be2117a95c339667771121df32d813680a32c
AUX vpnc.confd 123 BLAKE2B 313d5999586f56b3b88f8473d1f6f07e69994c620ddf3d8cfb9e263fc27c60500a3e6da59f1e905611aec39a62dfcc3c4b746a580a8a106fc6be9384d716955d SHA512 1254f687dcd9822becfcccabbb34d8343d715d70247dbf4b5e018835fff24b33f5272368f77199d697c8d11d913182b1f756d5e08a46b2057849779f09b19633
AUX vpnc.service 517 BLAKE2B 3fa2eaeea6a28fdf8826d936e1fe93dccade383411df395d69971312c9e062299af8b9f7514875a79a7d4e916efa4b4cf83ab0fb29eedbf52da31af3bc0fff63 SHA512 d580ad4fadbe6ea733f42eda53516e1766ba028f610653c62ba211d4a9ee05a6bf1d8676405a7a3ffede3432d75f9c4dcc72d1fab2a9215150f41a74269850c5
DIST vpnc-0.5.3_p550.tar.xz 101860 BLAKE2B 9800ab0704108cd70450dcfe314eba7c09ca1bb329fa6b9f2946dbb6ee6407e5f6bc3d17d8be782e9103d94a12895777125acdad070f39ea1b96a946ba7d2302 SHA512 95150c743c61a962c36591bb874c77f2c28f341c0a1290dba4e878a460d22d762dd88f7cfc0aa9d17ace71a8b826d9fd13554c23b5123dee6009e9fffcd2de55
-EBUILD vpnc-0.5.3_p550.ebuild 2210 BLAKE2B 3e67d670fd25d11b9e6ac82334cd07d024742f775dca2279fcd303491d29b1d757a95916fc4bd05dc8b357557be934332aa2eeda2af52710683e0057a3841e15 SHA512 55526b17c362ca72dbc87abccf4347e1dcb051a1dd4ff4c6c3b046e6149bbf608b0e38abe7ce25100176b70bf33c476b741b82a202cbc0ab1bce1488a8c69a2a
+EBUILD vpnc-0.5.3_p550.ebuild 2207 BLAKE2B 44b6d215c5f84b5a8169271947848cc3774667d49db53d3ab0808f22f78445632effdf759fac5ec0e4e0e5135ec906ebc77918149e4f94b0afff5545200416ea SHA512 601b4af1fea80cd07af4f866498ab448976614a59e9706b7341f53f2f6b2c69322637499efe0a60df26b827eaca45ef901fbb42fcff1ae96407b4aa73f8fb102
MISC metadata.xml 619 BLAKE2B 4220231734bec7412dee8240013773a3bbd3025b9b715747e41a7a0be63b6727b6b9ae7bd2459d93ebc8743e094498543abbfff9a3013e0d62c5f55e68f29d08 SHA512 42ea3785e2491f38f726d54e7e02fce1722eea39899175c873c138ee7d4aa23a9366678a88f044851a45b4ecc394738bfa44e5bb3850dd1fdb2c9780ae929432
diff --git a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild
index b3b6de8c2872..34d8bd70511f 100644
--- a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild
+++ b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=5
@@ -21,7 +21,7 @@ DEPEND="
gnutls? ( net-libs/gnutls )
!gnutls? ( dev-libs/openssl:0= )"
RDEPEND="${DEPEND}
- resolvconf? ( net-dns/openresolv )
+ resolvconf? ( virtual/resolvconf )
selinux? ( sec-policy/selinux-vpn )
"
diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest
index 551e35cf10b5..608c55c89d4d 100644
--- a/net-vpn/wireguard/Manifest
+++ b/net-vpn/wireguard/Manifest
@@ -1,4 +1,4 @@
-DIST WireGuard-0.0.20181018.tar.xz 299432 BLAKE2B 05869b7a421761581445b8e383119a893d65ec9ff7b53551bede6022ee7609e9bc2c8081392ac5eba382ae817a281390f1fcfb35cd7c9a8b32794eb25878e541 SHA512 ab9f42bdae1b12a95faaf51d5b9e17a8635c67386feefaaa40e0395d78c3258b9afa8a1d2f64010fac4867fa0d229a4ed850fab8a24678d6c8aa2ab6e30ae1b3
-EBUILD wireguard-0.0.20181018.ebuild 5142 BLAKE2B 9741b00e97a85fe032de77fe709e403b0ab26c2a7a722eb2b84fe02b73070271f4b6a9e0703e5b2cbdb1918e88a7e7b810f686af80dc8b59f5285a7cc68bbcfd SHA512 e6755ac3095ab7e059ae036f7548ed25ce933e5f5170852993574f60a3ce73667592a8b31a8cae26f95190825395b86ad40542e4833bc3fb3b2b712b9caecafe
+DIST WireGuard-0.0.20181115.tar.xz 329932 BLAKE2B 5f0b73982e9befdf768607110cc743d3d8ec6bad6467dfae6e5b6d2974b74db78d9ee6ed2518cf04ecc86fb6f92e1dd55ed12d2e68a7f9201779492f170d4da4 SHA512 622de8d9274e3689debabf122e4569ae7d747f625ff5161779006b3c583b08b7b3a270aba1abf3d56c4390f809aacbf70bed6964b476f5ac72fb2f51923f3b3d
+EBUILD wireguard-0.0.20181115.ebuild 5142 BLAKE2B 9741b00e97a85fe032de77fe709e403b0ab26c2a7a722eb2b84fe02b73070271f4b6a9e0703e5b2cbdb1918e88a7e7b810f686af80dc8b59f5285a7cc68bbcfd SHA512 e6755ac3095ab7e059ae036f7548ed25ce933e5f5170852993574f60a3ce73667592a8b31a8cae26f95190825395b86ad40542e4833bc3fb3b2b712b9caecafe
EBUILD wireguard-9999.ebuild 4720 BLAKE2B 4de715d72ccd551ee68eeab051ff9905323fe57d475e6c17ad39542c3c50416d0ff6cfa27c994afe1edf6277bdbd6bab9b3351d74cfcae5921f24c2c93f0cb36 SHA512 e71251e953b6046149d69b1168af47e20ae705c3822f8c80542388571e8677ddfe299eb46808ec462c8a13764fc939eafe7f51dcfa0d7e3aca7c6e153ba14c7b
MISC metadata.xml 765 BLAKE2B 4b3a03aea5271da19dddddfc4f7fa180c4b3b846bbe434786c3b3e7bbfb51424cf3be55877cf6b2af60559a456978946ed68354600e43fbb461d2000bd655b70 SHA512 794ffdecbc09f27080cade3a5753e0d1e9021edb400282ee6db7099d4583ab4d4ed28a343e2b8c2227ab39b8bc4182938d6c82ae4a4f7e9980f21348d8d8c805
diff --git a/net-vpn/wireguard/wireguard-0.0.20181018.ebuild b/net-vpn/wireguard/wireguard-0.0.20181115.ebuild
index 035320b20fd3..035320b20fd3 100644
--- a/net-vpn/wireguard/wireguard-0.0.20181018.ebuild
+++ b/net-vpn/wireguard/wireguard-0.0.20181115.ebuild