commit: f83aa51c4fb2550cea90bfd6c13915ece86a5f1c Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Sat Mar 1 07:51:28 2025 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Sat Mar 1 07:53:19 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f83aa51c
net-vpn/libreswan: add 5.2 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> net-vpn/libreswan/Manifest | 1 + net-vpn/libreswan/libreswan-5.2.ebuild | 135 +++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index cfd375ca01fe..85c3894cce4b 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -1,3 +1,4 @@ DIST libreswan-4.15.tar.gz 3728498 BLAKE2B f2fd0955c73fb7278f4b2dbce3c1fa483406502c12340746426c77faa39143252e9b5f0b2c0cb60e238a962789b22b1f5b33a5bf5a42e79bb7e513fb2f12855f SHA512 49a60688bb4a5241dbd791bdde0c71ae80cfb7383bb841ea0788a9d0237569d7ad79e59985c700526e3807817ddae77ebd57521897526fbb8fb93ffbea631efe DIST libreswan-5.0.tar.gz 3957806 BLAKE2B c7ff493c332ac63d416651e9a85254bfe3c749dc812ff682b8aa99c35887cc6976d23fb5a5013196e0973681a2d7054167d06d29b33ca6d93809e35a130e4bb0 SHA512 b1c7cebe1ffc21aeaae76f2562764195d535ff5d51fb6ad570046678df19387df68f2d52586eb290844019cbdc17e6192773f9110531a26cf1583e2c016289c6 DIST libreswan-5.1.tar.gz 4031106 BLAKE2B fa2e4b5ed93bfedd1bbbcc7b2fcd585178f02951aaf719bf5f600258a085e084ea15b60061d3f380e52062be57a5823952ff96297cf4990343413f395e1c9188 SHA512 9ee8b071be414737c61529420af22b789d8968e99e376250afe42e1a5890d864dc2697ecfeb33a6c50de38a361bddf125852a8eb86318e544fc2f162f8ff6522 +DIST libreswan-5.2.tar.gz 4132199 BLAKE2B c726b12ab7bdd5a1de13a33b9afe76b640e18155e231d9a375e9f242cfa313465d70b494151a111343aad23d4d6c07978dc57894e15e4d4be31b934e8c936fb4 SHA512 5c87edc879914158ba9c4c2a0edcd6fac0787b16d3c6a50c268cbd675c51cdec94e509031bc226680c0d40bd3375d73007cae5ee0588c136292e3f34cb759694 diff --git a/net-vpn/libreswan/libreswan-5.2.ebuild b/net-vpn/libreswan/libreswan-5.2.ebuild new file mode 100644 index 000000000000..1de7cbc707c2 --- /dev/null +++ b/net-vpn/libreswan/libreswan-5.2.ebuild @@ -0,0 +1,135 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd flag-o-matic toolchain-funcs tmpfiles + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/"; +SRC_URI="https://download.libreswan.org/${P}.tar.gz"; + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="caps curl dnssec +ikev1 ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + virtual/libcrypt:= + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= net-dns/dnssec-root ) + ldap? ( net-nds/openldap:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" +DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + + use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS + + export PREFIX=/usr + export DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/dnssec/icannbundle.pem + export EXAMPLE_IPSEC_SYSCONFDIR=/usr/share/doc/${PF} + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export INITSYSTEM=$(usex systemd systemd openrc) + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_IKEV1=$(usetf ikev1) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_AUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + DESTDIR="${D}" \ + install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + keepdir /var/lib/ipsec/nss + fperms 0700 /var/lib/ipsec/nss + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + tmpfiles_process libreswan.conf + + local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +}
