net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0.ebuild,v 1.1 2012/02/09 20:47:18 blueness Exp $

EAPI="4"

inherit eutils flag-o-matic autotools linux-info

DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"
HOMEPAGE="http://ipsec-tools.sourceforge.net/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"

LICENSE="BSD"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="rc5 idea kerberos stats ipv6 nat selinux readline pam hybrid ldap"

RDEPEND="
	kerberos? ( virtual/krb5 )
	selinux? (
		sys-libs/libselinux
		sec-policy/selinux-ipsec-tools
	)
	readline? ( sys-libs/readline )
	pam? ( sys-libs/pam )
	ldap? ( net-nds/openldap )
	dev-libs/openssl
	virtual/libiconv"
#	iconv? ( virtual/libiconv )
#	radius? ( net-dialup/gnuradius )

DEPEND="${RDEPEND}
	>=sys-kernel/linux-headers-2.6.30"

pkg_setup() {
	get_version
	if kernel_is -ge 2 6 19 ; then
		einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"

		if use nat; then
			CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
			export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
		fi

		for i in XFRM_USER NET_KEY; do
			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
			eval "export WARNING_${i}='No tunnels will be available at all'"
		done

		for i in INET_IPCOMP INET_AH INET_ESP \
			INET_XFRM_MODE_TRANSPORT \
			INET_XFRM_MODE_TUNNEL \
			INET_XFRM_MODE_BEET ; do
			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
			eval "export WARNING_${i}='IPv4 tunnels will not be available'"
		done

		for i in INET6_IPCOMP INET6_AH INET6_ESP \
			INET6_XFRM_MODE_TRANSPORT \
			INET6_XFRM_MODE_TUNNEL \
			INET6_XFRM_MODE_BEET ; do
			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
			eval "export WARNING_${i}='IPv6 tunnels will not be available'"
		done

		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
		export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
		export CONFIG_CHECK

		check_extra_config
	else
		eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
		eerror "Building now, assuming that you will run on a different kernel"
	fi
}

src_prepare() {
	# fix for bug #76741
	sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c || die
	# fix for bug #124813
	sed -i 's:-Werror::g' "${S}"/configure.ac || die
	# fix for building with gcc-4.6
	sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die

	AT_M4DIR="${S}" eautoreconf
	epunt_cxx
}

src_configure() {
	# fix for bug #61025
	filter-flags -march=c3

	local myconf
	myconf="--with-kernel-headers=/usr/include \
			--enable-adminport \
			--enable-frag \
			--enable-dpd \
			--enable-dependency-tracking \
			$(use_enable rc5) \
			$(use_enable idea) \
			$(use_enable kerberos gssapi) \
			$(use_enable stats) \
			$(use_enable ipv6) \
			$(use_enable nat natt) \
			$(use_enable selinux security-context) \
			$(use_with readline) \
			$(use_with pam libpam) \
			$(use_with ldap libldap)"

	use nat && myconf="${myconf} --enable-natt-versions=yes"

	# enable mode-cfg and xauth support
	if use pam; then
		myconf="${myconf} --enable-hybrid"
	else
		myconf="${myconf} $(use_enable hybrid)"
	fi

	# dev-libs/libiconv is hard masked
	#use iconv && myconf="${myconf} $(use_with iconv libiconv)"

	# the default (/usr/include/openssl/) is OK for Gentoo, leave it
	# myconf="${myconf} $(use_with ssl openssl )"

	# No way to get it compiling with freeradius or gnuradius
	# We would need libradius which only exists on FreeBSD

	# See bug #77369
	#myconf="${myconf} --enable-samode-unspec"

	econf ${myconf}
}

src_install() {
	emake DESTDIR="${D}" install
	keepdir /var/lib/racoon
	newconfd "${FILESDIR}"/racoon.conf.d racoon
	newinitd "${FILESDIR}"/racoon.init.d racoon

	dodoc ChangeLog README NEWS
	dodoc -r src/racoon/samples
	dodoc -r src/racoon/doc

	docinto setkey
	dodoc src/setkey/sample.cf

	dodir /etc/racoon

	# RFC are only available from CVS for the moment, see einfo below
	#docinto "rfc"
	#dodoc ${S}/src/racoon/rfc/*
}

pkg_postinst() {
	if use nat; then
		elog
		elog "You have enabled the nat traversal functionnality."
		elog "Nat versions wich are enabled by default are 00,02,rfc"
		elog "you can find those drafts in the CVS repository:"
		elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools"
		elog
		elog "If you feel brave enough and you know what you are"
		elog "doing, you can consider emerging this ebuild with"
		elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\""
		elog
	fi

	if use ldap; then
		elog
		elog "You have enabled ldap support with {$PN}."
		elog "The man page does NOT contain any information on it yet."
		elog "Consider using a more recent version or CVS."
		elog
	fi

	elog
	elog "Please have a look in /usr/share/doc/${P} and visit"
	elog "http://www.netbsd.org/Documentation/network/ipsec/"
	elog "to find more information on how to configure this tool."
	elog
}