blob: c06292894782770a12ca8fb58bd9db8de75e763b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit systemd flag-o-matic toolchain-funcs tmpfiles
DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
HOMEPAGE="https://libreswan.org/"
SRC_URI="https://download.libreswan.org/${P}.tar.gz"
LICENSE="GPL-2 BSD-4 RSA DES"
SLOT="0"
KEYWORDS="amd64 ~arm ~arm64 ~ppc x86"
IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test"
RESTRICT="!test? ( test )"
DEPEND="
dev-libs/gmp:0=
dev-libs/libevent:0=
dev-libs/nspr
>=dev-libs/nss-3.42
>=sys-kernel/linux-headers-4.19
virtual/libcrypt:=
caps? ( sys-libs/libcap-ng )
curl? ( net-misc/curl )
dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= net-dns/dnssec-root )
ldap? ( net-nds/openldap:= )
pam? ( sys-libs/pam )
seccomp? ( sys-libs/libseccomp )
selinux? ( sys-libs/libselinux )
systemd? ( sys-apps/systemd:0= )
"
BDEPEND="
app-text/docbook-xml-dtd:4.1.2
app-text/xmlto
dev-libs/nss
sys-devel/bison
sys-devel/flex
virtual/pkgconfig
test? ( dev-python/setproctitle )
"
RDEPEND="${DEPEND}
dev-libs/nss[utils(+)]
sys-apps/iproute2
!net-vpn/strongswan
selinux? ( sec-policy/selinux-ipsec )
"
DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )"
usetf() {
usex "$1" true false
}
PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" )
src_prepare() {
sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
default
}
src_configure() {
tc-export AR CC
use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS
export PREFIX=/usr
export DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/dnssec/icannbundle.pem
export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
export FINALDOCDIR=/usr/share/doc/${PF}/html
export INITSYSTEM=$(usex systemd systemd openrc)
export INITDDIRS=
export INITDDIR_DEFAULT=/etc/init.d
export USERCOMPILE=${CFLAGS}
export USERLINK=${LDFLAGS}
export USE_DNSSEC=$(usetf dnssec)
export USE_LABELED_IPSEC=$(usetf selinux)
export USE_LIBCAP_NG=$(usetf caps)
export USE_LIBCURL=$(usetf curl)
export USE_LINUX_AUDIT=$(usetf selinux)
export USE_LDAP=$(usetf ldap)
export USE_NM=$(usetf networkmanager)
export USE_SECCOMP=$(usetf seccomp)
export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
export SD_WATCHDOGSEC=$(usex systemd 200 0)
export USE_AUTHPAM=$(usetf pam)
export DEBUG_CFLAGS=
export OPTIMIZE_CFLAGS=
export WERROR_CFLAGS=
}
src_compile() {
emake all
emake -C initsystems \
INITSYSTEM=systemd \
SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \
SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \
all
}
src_test() {
: # integration tests only that require set of kvms to be set up
}
src_install() {
default
emake -C initsystems \
INITSYSTEM=systemd \
SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \
SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \
DESTDIR="${D}" \
install
echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
fperms 0600 /etc/ipsec.secrets
keepdir /var/lib/ipsec/nss
fperms 0700 /var/lib/ipsec/nss
dodoc -r docs
find "${D}" -type d -empty -delete || die
}
pkg_postinst() {
tmpfiles_process libreswan.conf
local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss
if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
certutil -N -d "${IPSEC_CONFDIR}" --empty-password
eend $?
einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
fi
}
|