diff options
Diffstat (limited to 'net-vpn')
128 files changed, 6884 insertions, 0 deletions
diff --git a/net-vpn/badvpn/Manifest b/net-vpn/badvpn/Manifest new file mode 100644 index 000000000000..7e8dc8fbecf9 --- /dev/null +++ b/net-vpn/badvpn/Manifest @@ -0,0 +1,5 @@ +DIST badvpn-1.999.126.tar.bz2 936233 SHA256 188440a6d2fa575162f65baf4b8a2645d6fda71ef1a20794ec0be42a3053f2ff SHA512 3d0bbe3c8f91a3cb758b78a0fce4fd111f93fa0578ce06f0a8db5cc575d02f52248b37e7fa097447589257e47084a607a9df7078448ef44ae9fb66eb59e8b9e2 WHIRLPOOL 6767bc359c92d85d91f7b32d15c17bd0f33dcaa36716d8cc3b87eb59a110d7d26d91b38145e9f47cce3950f49470756ade29c6768b956f27108fff143248ac79 +DIST badvpn-1.999.127.tar.bz2 962224 SHA256 d20c79d69a7aa9eac1e0bf9a52fb9c9cdca78be123b6d17d59ff277f282e7943 SHA512 7484a817795392a52b44d3bf68765652739029aae8c16965b433bbfb4ca67ea70048f76376ba445196aac07a8f19f97696917ad24fe2bcb34025adda1f18a9fb WHIRLPOOL a3030691d50add2f76854b3a4c3cd1a66c3d3c53b0780c592e0a7337907c7d253a4ea552c57c26e03abc0adf5c4d2f416b18a3e74bc3a6af9b9182927cd721f5 +DIST badvpn-1.999.128.tar.bz2 1000636 SHA256 d6b28d5d566470dd1b0584b14b7ffab8159e4f604c1facbf9ef3a3ddbc0c9bfc SHA512 7d59e8365c10e7164c6c74b95d5f212ae0c480870bea31a6fb4ed25883f28bb6365e09a9271a9ecedccccd886e5f5e50a6f6df406ee3c40fad40031bbd3f049b WHIRLPOOL 5541a8d91a48f69fb5646451c276d0dd8844e508f9a33d553f08c5aabbe2c6d5bab8bd6073829641facec861d507cfce7c346497bc3f321033dd46c036f719d9 +DIST badvpn-1.999.129.tar.gz 1327123 SHA256 f4fd6fef72203acee10af7d7a6198f6f5fdfc00d9607f0924f6ebae84d570f1d SHA512 7a305198d7b4aaa31e567ff1f1bf23e0a65070d8eae78e7ed6be1a3a3b7bce7fcba32c0eb8ae549ef1851a61675afc1770f52dedf131658036b7b6414fdd4e4e WHIRLPOOL 821a4228ff1f3e2fbc5af7db07536ffeeed7c35ad6a9238948f3c9b350ddf556fbc69e036ce08ed2bc9c7c805b653ff1532c336b37b67acb40ccf41e7bacb6a2 +DIST badvpn-1.999.130.tar.gz 1340372 SHA256 bfd4bbfebd7274bcec792558c9a2fd60e39cd92e04673825ade5d04154766109 SHA512 958d6f3b7a8074fa7ba2f26812c9b2c39272b75d762a12a821ad2d0db9cdc9b9307338d77ca0dcadcf57b81fa4632362e67524de4246d01829951e8924a89770 WHIRLPOOL 77bf158eb4624301a7ecc3f17583faf3525d8ff165478535d6f9d33b42d4e50906ede42a8dea4454bb06b6845a20aa3127649ba0ceaf08e0e04fe9839de7184c diff --git a/net-vpn/badvpn/badvpn-1.999.126.ebuild b/net-vpn/badvpn/badvpn-1.999.126.ebuild new file mode 100644 index 000000000000..56e19578c566 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.126.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.127.ebuild b/net-vpn/badvpn/badvpn-1.999.127.ebuild new file mode 100644 index 000000000000..f8b68ce72105 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.127.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="amd64 arm x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${P}-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.128.ebuild b/net-vpn/badvpn/badvpn-1.999.128.ebuild new file mode 100644 index 000000000000..879722ef31ba --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.128.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://code.google.com/p/badvpn/" +SRC_URI="https://badvpn.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.129.ebuild b/net-vpn/badvpn/badvpn-1.999.129.ebuild new file mode 100644 index 000000000000..6183228f2ab0 --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.129.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://github.com/ambrop72/badvpn https://code.google.com/p/badvpn/" +SRC_URI="https://github.com/ambrop72/badvpn/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +KEYWORDS="amd64 ~arm x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl + ) + ncd? ( + dev-libs/openssl + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_prepare() { + # allow user to easily apply patches + epatch_user +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/badvpn-1.999.130.ebuild b/net-vpn/badvpn/badvpn-1.999.130.ebuild new file mode 100644 index 000000000000..8fc6bb47aa1e --- /dev/null +++ b/net-vpn/badvpn/badvpn-1.999.130.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils cmake-utils user toolchain-funcs systemd + +MY_P=${PN}-${PV/_rc/rc} +DESCRIPTION="Peer-to-peer VPN, NCD scripting language, tun2socks proxifier" +HOMEPAGE="https://github.com/ambrop72/badvpn https://code.google.com/p/badvpn/" +SRC_URI="https://github.com/ambrop72/badvpn/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +KEYWORDS="~amd64 ~arm ~x86" +SLOT="0" +TARGETS="+client +ncd +server +tun2socks +udpgw" +IUSE="${TARGETS} debug" +# tests are only ncd related +RESTRICT="!ncd? ( test )" + +COMMON_DEPEND=" + client? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:0 + ) + server? ( + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:0 + )" +RDEPEND="${COMMON_DEPEND} + ncd? ( + sys-apps/iproute2 + >=virtual/udev-171 + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig" +# we need at least one target +REQUIRED_USE="|| ( ${TARGETS//+/} )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewuser ${PN} +} + +src_configure() { + local mycmakeargs=( + -DBUILD_NOTHING_BY_DEFAULT=1 + $(cmake-utils_use_build client CLIENT) + $(cmake-utils_use_build server SERVER) + $(cmake-utils_use_build ncd NCD) + $(cmake-utils_use_build tun2socks TUN2SOCKS) + $(cmake-utils_use_build udpgw UDPGW) + ) + + cmake-utils_src_configure +} + +src_test() { + # OOHMSA: do this on portage level? + tc-is-cross-compiler && die "these tests do not work when cross compiling!" + + einfo "Running NCD tests" + cd "${S}"/ncd/tests || die + bash ./run_tests "${CMAKE_BUILD_DIR}/ncd/badvpn-ncd" \ + || die "one or more tests failed" +} + +src_install() { + cmake-utils_src_install + dodoc ChangeLog + + if use server; then + newinitd "${FILESDIR}"/${PN}-server.init ${PN}-server + newconfd "${FILESDIR}"/${PN}-server.conf ${PN}-server + fi + + if use ncd; then + newinitd "${FILESDIR}"/${PN}-1.999.127-ncd.init ${PN}-ncd + newconfd "${FILESDIR}"/${PN}-ncd.conf ${PN}-ncd + systemd_dounit "${FILESDIR}"/badvpn-ncd.service + fi +} diff --git a/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init b/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init new file mode 100644 index 000000000000..69f7ba45992a --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-1.999.127-ncd.init @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${ncd_exec:-"/usr/bin/badvpn-ncd"}" +command_args="${ncd_args} --config-file ${ncd_config:-/etc/ncd.conf}" +command_background="YES" +description="Network Configuration Daemon" +pidfile="/var/run/${RC_SVCNAME}.pid" + +depend() { + need localmount + after bootmisc + before netmount +} + +start_pre() { + if yesno "${ncd_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${ncd_syslog_ident:-${RC_SVCNAME}}\" + --channel-loglevel ncd_log_msg info" + fi +} diff --git a/net-vpn/badvpn/files/badvpn-ncd.conf b/net-vpn/badvpn/files/badvpn-ncd.conf new file mode 100644 index 000000000000..ad34c66f7ca3 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.conf @@ -0,0 +1,11 @@ +# NCD program file. +#ncd_config="/etc/ncd.conf" + +# enable or disable syslog. +#ncd_syslog="NO" + +# Syslog identification. +#ncd_syslog_ident="ncd" + +# Additional arguments. +#ncd_args="" diff --git a/net-vpn/badvpn/files/badvpn-ncd.init b/net-vpn/badvpn/files/badvpn-ncd.init new file mode 100644 index 000000000000..e408075128a4 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.init @@ -0,0 +1,48 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${ncd_exec:-"/usr/bin/badvpn-ncd"}" +command_args="${ncd_args} --config-file ${ncd_config:-/etc/ncd.conf}" +command_background="YES" +description="Network Configuration Daemon" +pidfile="/var/run/${RC_SVCNAME}.pid" + +depend() { + need localmount + after bootmisc + before netmount + if yesno "${ncd_syslog:-NO}"; then + use logger + fi +} + +start_pre() { + if yesno "${ncd_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${ncd_syslog_ident:-${RC_SVCNAME}}\"" + fi +} + +start() +{ + [ -n "$command" ] || return 0 + local _background= + ebegin "Starting ${name:-$RC_SVCNAME}" + if yesno "${command_background}"; then + if [ -z "${pidfile}" ]; then + eend 1 "command_background option used but no pidfile specified" + return 1 + fi + _background="--background --make-pidfile" + fi + eval start-stop-daemon --start \ + --exec $command \ + ${procname:+--name} $procname \ + ${pidfile:+--pidfile} $pidfile \ + $_background $start_stop_daemon_args \ + -- $command_args + eend $? "Failed to start $RC_SVCNAME" + return $? +} diff --git a/net-vpn/badvpn/files/badvpn-ncd.service b/net-vpn/badvpn/files/badvpn-ncd.service new file mode 100644 index 000000000000..6ca7aa515e00 --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-ncd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Configuation Daemon +After=syslog.target + +[Service] +ExecStart=/usr/bin/badvpn-ncd --logger syslog --syslog-ident ncd --loglevel warning --channel-loglevel ncd_log_msg info /etc/ncd.conf +Restart=always + +[Install] +WantedBy=multi-user.target + diff --git a/net-vpn/badvpn/files/badvpn-server.conf b/net-vpn/badvpn/files/badvpn-server.conf new file mode 100644 index 000000000000..ed5103d3d0ef --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-server.conf @@ -0,0 +1,11 @@ +# User account to run server as. +#vpn_user="badvpn" + +# Enable or disable syslog. +#vpn_syslog="NO" + +# Syslog identification. +#vpn_syslog_ident="badvpn-server" + +# Arguments to badvpn-server. +vpn_args="--listen-addr 0.0.0.0:7179" diff --git a/net-vpn/badvpn/files/badvpn-server.init b/net-vpn/badvpn/files/badvpn-server.init new file mode 100644 index 000000000000..32ee7fefe33e --- /dev/null +++ b/net-vpn/badvpn/files/badvpn-server.init @@ -0,0 +1,48 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Released under the 3-clause BSD license. + +command="${vpn_exec:-/usr/bin/badvpn-server}" +command_args="${vpn_args}" +command_background="YES" +description="BadVPN server" +pidfile="/var/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="--user \"${vpn_user:-badvpn}\"" + +depend() { + need localmount + after bootmisc + if yesno "${vpn_syslog:-NO}"; then + use logger + fi +} + +start_pre() { + if yesno "${vpn_syslog:-NO}"; then + command_args="${command_args} + --logger syslog + --syslog-ident \"${vpn_syslog_ident:-${RC_SVCNAME}}\"" + fi +} + +start() +{ + [ -n "$command" ] || return 0 + local _background= + ebegin "Starting ${name:-$RC_SVCNAME}" + if yesno "${command_background}"; then + if [ -z "${pidfile}" ]; then + eend 1 "command_background option used but no pidfile specified" + return 1 + fi + _background="--background --make-pidfile" + fi + eval start-stop-daemon --start \ + --exec $command \ + ${procname:+--name} $procname \ + ${pidfile:+--pidfile} $pidfile \ + $_background $start_stop_daemon_args \ + -- $command_args + eend $? "Failed to start $RC_SVCNAME" + return $? +} diff --git a/net-vpn/badvpn/metadata.xml b/net-vpn/badvpn/metadata.xml new file mode 100644 index 000000000000..e2a7803599c3 --- /dev/null +++ b/net-vpn/badvpn/metadata.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <description>backup Maintainer, CC him on bugs</description> + </maintainer> + <upstream> + <maintainer status="active"> + <email>ambrop7@gmail.com</email> + <name>Ambroz Bizjak</name> + </maintainer> + <doc lang="en">https://code.google.com/p/badvpn/w/list</doc> + <bugs-to>https://github.com/ambrop72/badvpn/issues</bugs-to> + <remote-id type="github">ambrop72/badvpn</remote-id> + <remote-id type="google-code">badvpn</remote-id> + </upstream> + <use> + <flag name="client">Build the badvpn-client program, a daemon that + runs on endpoints of the VPN.</flag> + <flag name="server">Build the badvpn-server program, a central + server that manages the VPN network.</flag> + <flag name="ncd">Build NCD, a lightweight scripting language + especially suited for network configurations.</flag> + <flag name="tun2socks">Build tun2socks, a program which implements + a TUN device that forwards TCP traffic through a SOCKS5 + server.</flag> + <flag name="udpgw">Build udpgw, a small daemon which allows tun2socks to forward UDP traffic.</flag> </use> + <longdescription lang="en"> + BadVPN is an open-source peer-to-peer VPN system. It provides a + Layer 2 (Ethernet) network between the peers (VPN nodes). The peers + connect to a central server which acts as a chat server for them to + establish direct connections between each other (data connections). + These connections are used for transferring network data (Ethernet + frames), and can be secured with a multitude of mechanisms. + + The BadVPN package also includes other network-related software, + like tun2socks and NCD. + </longdescription> +</pkgmetadata> diff --git a/net-vpn/freelan/Manifest b/net-vpn/freelan/Manifest new file mode 100644 index 000000000000..ea577c9f03db --- /dev/null +++ b/net-vpn/freelan/Manifest @@ -0,0 +1 @@ +DIST freelan-2.0.tar.gz 4330112 SHA256 02fa5b4806655ca7ad24bdb265a7b79e2e8b900797dca1c87a157e76ec85f529 SHA512 72e5381fdad4d413f4f85c4789ad78c38360a300da6f49a3e8119fe2cacb7a7b05ce16ddcbfcdc008e1c2848c535648967e92f082338fdfb2c1b8e43f53291cc WHIRLPOOL ba51350692c510a689772cb75a03f0607d58898581d85d3c58f78191df72bb2a762ee14a6fcb0c49745170ddf015a49b090a679613dfc1d2b478dc35e2d9a7d8 diff --git a/net-vpn/freelan/files/boost158.patch b/net-vpn/freelan/files/boost158.patch new file mode 100644 index 000000000000..7d5bb740f7bd --- /dev/null +++ b/net-vpn/freelan/files/boost158.patch @@ -0,0 +1,41 @@ +commit 68d18a5a7dd7fad8638409d46d144d33a30b54ce +Author: Mihai Bişog <mihai.bisog@gmail.com> +Date: Sat Aug 1 15:18:35 2015 +0300 + + Fixed compilation errors when compiling against boost 1.58 + +diff --git a/libs/asiotap/include/asiotap/types/endpoint.hpp b/libs/asiotap/include/asiotap/types/endpoint.hpp +index 125e1b4..318b7e6 100644 +--- a/libs/asiotap/include/asiotap/types/endpoint.hpp ++++ b/libs/asiotap/include/asiotap/types/endpoint.hpp +@@ -350,6 +350,9 @@ namespace asiotap + */ + std::istream& operator>>(std::istream& is, endpoint& value); + ++// Note: this operator is defined in boost variant as of version 1.58. Keeping it around will ++// introduce overload resolution ambiguity. ++#if BOOST_VERSION < 105800 + /** + * \brief Compare two endpoints. + * \param lhs The left argument. +@@ -360,6 +363,7 @@ namespace asiotap + { + return !(lhs == rhs); + } ++#endif + + /** + * \brief Get an endpoint with a default port. +diff --git a/libs/freelan/src/curl.cpp b/libs/freelan/src/curl.cpp +index 342bb79..392d734 100644 +--- a/libs/freelan/src/curl.cpp ++++ b/libs/freelan/src/curl.cpp +@@ -146,7 +146,7 @@ namespace freelan + + void curl::set_proxy(const asiotap::endpoint& proxy) + { +- if (proxy != asiotap::hostname_endpoint::null()) ++ if (proxy != asiotap::endpoint(asiotap::hostname_endpoint::null())) + { + set_option(CURLOPT_PROXY, static_cast<const void*>(boost::lexical_cast<std::string>(proxy).c_str())); + } diff --git a/net-vpn/freelan/files/boost163.patch b/net-vpn/freelan/files/boost163.patch new file mode 100644 index 000000000000..33636ef0d0b1 --- /dev/null +++ b/net-vpn/freelan/files/boost163.patch @@ -0,0 +1,24 @@ +Index: freelan-2.0/libs/freelan/src/core.cpp +=================================================================== +--- freelan-2.0.orig/libs/freelan/src/core.cpp ++++ freelan-2.0/libs/freelan/src/core.cpp +@@ -1766,7 +1766,8 @@ namespace freelan + { + m_logger(fscp::log_level::information) << "IPv4 address: " << m_configuration.tap_adapter.ipv4_address_prefix_length; + +- tap_config.ipv4.network_address = { m_configuration.tap_adapter.ipv4_address_prefix_length.address(), m_configuration.tap_adapter.ipv4_address_prefix_length.prefix_length() }; ++ asiotap::base_ip_network_address<boost::asio::ip::address_v4> a(m_configuration.tap_adapter.ipv4_address_prefix_length.address(), m_configuration.tap_adapter.ipv4_address_prefix_length.prefix_length()); ++ tap_config.ipv4.network_address = a; + } + else + { +@@ -1778,7 +1779,8 @@ namespace freelan + { + m_logger(fscp::log_level::information) << "IPv6 address: " << m_configuration.tap_adapter.ipv6_address_prefix_length; + +- tap_config.ipv6.network_address = { m_configuration.tap_adapter.ipv6_address_prefix_length.address(), m_configuration.tap_adapter.ipv6_address_prefix_length.prefix_length() }; ++ asiotap::base_ip_network_address<boost::asio::ip::address_v6> a(m_configuration.tap_adapter.ipv6_address_prefix_length.address(), m_configuration.tap_adapter.ipv6_address_prefix_length.prefix_length()); ++ tap_config.ipv6.network_address = a; + } + else + { diff --git a/net-vpn/freelan/files/mf.patch b/net-vpn/freelan/files/mf.patch new file mode 100644 index 000000000000..c7e169f4e8a7 --- /dev/null +++ b/net-vpn/freelan/files/mf.patch @@ -0,0 +1,33 @@ +commit 4109bb053906f45b545a6cca4399734b91bca425 +Author: Julien Kauffmann <julien.kauffmann@freelan.org> +Date: Sat May 9 16:55:51 2015 -0400 + + Fixed Makefile + +diff --git a/Makefile b/Makefile +index d6bcd59..20b5ea1 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,14 +1,15 @@ + PRODUCT_NAME:=freelan +-PRODUCT_VERSION:=$(shell git describe) ++PRODUCT_VERSION:=$(shell cat VERSION | tr -d '\r\n') ++PRODUCT_PREFIX=/usr + +-default: install +- +-install: +- # Install the files to ${DESTDIR} (defaults to /) +- scons install prefix=/ ++default: build + + build: +- scons all samples ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} ++ ++install: ++ # Install the files to $(DESTDIR) (defaults to /) ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} + + package: + git archive HEAD --prefix=${PRODUCT_NAME}-${PRODUCT_VERSION}/ | gzip > ${PRODUCT_NAME}-${PRODUCT_VERSION}.tar.gz diff --git a/net-vpn/freelan/files/openrc/freelan.initd b/net-vpn/freelan/files/openrc/freelan.initd new file mode 100755 index 000000000000..bab116d3db06 --- /dev/null +++ b/net-vpn/freelan/files/openrc/freelan.initd @@ -0,0 +1,12 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/freelan" +command_args="-s -p /var/run/freelan.pid" +pidfile="/var/run/freelan.pid" + +depend() { + need net + use logger +} diff --git a/net-vpn/freelan/files/prefix.patch b/net-vpn/freelan/files/prefix.patch new file mode 100644 index 000000000000..ac75e87fb1d1 --- /dev/null +++ b/net-vpn/freelan/files/prefix.patch @@ -0,0 +1,81 @@ +commit d782a42eaeecdce9b4377a7b41dc60b9fecca31c +Author: Julien Kauffmann <julien.kauffmann@freelan.org> +Date: Sat May 9 19:30:11 2015 -0400 + + Added support for a different binary prefix + +diff --git a/Makefile b/Makefile +index 20b5ea1..b009d2c 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,15 +1,16 @@ + PRODUCT_NAME:=freelan + PRODUCT_VERSION:=$(shell cat VERSION | tr -d '\r\n') +-PRODUCT_PREFIX=/usr ++PRODUCT_BIN_PREFIX=/usr ++PRODUCT_PREFIX=/ + + default: build + + build: +- FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} scons --mode=release apps prefix=${PRODUCT_PREFIX} bin_prefix=${PRODUCT_BIN_PREFIX} + + install: + # Install the files to $(DESTDIR) (defaults to /) +- FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} ++ FREELAN_NO_GIT=1 FREELAN_NO_GIT_VERSION=${PRODUCT_VERSION} DESTDIR=$(DESTDIR) scons --mode=release install prefix=${PRODUCT_PREFIX} bin_prefix=${PRODUCT_BIN_PREFIX} + + package: + git archive HEAD --prefix=${PRODUCT_NAME}-${PRODUCT_VERSION}/ | gzip > ${PRODUCT_NAME}-${PRODUCT_VERSION}.tar.gz +diff --git a/SConstruct b/SConstruct +index 32a9915..bc68b71 100644 +--- a/SConstruct ++++ b/SConstruct +@@ -28,7 +28,7 @@ class FreelanEnvironment(Environment): + A freelan specific environment class. + """ + +- def __init__(self, mode, prefix, **kwargs): ++ def __init__(self, mode, prefix, bin_prefix=None, **kwargs): + """ + Initialize the environment. + +@@ -66,14 +66,19 @@ class FreelanEnvironment(Environment): + + self.mode = mode + self.prefix = prefix ++ self.bin_prefix = bin_prefix if bin_prefix else prefix + self.destdir = self['ENV'].get('DESTDIR', '') + + if self.destdir: + self.install_prefix = os.path.normpath( + os.path.abspath(self.destdir), + ) + self.prefix ++ self.bin_install_prefix = os.path.normpath( ++ os.path.abspath(self.destdir), ++ ) + self.bin_prefix + else: + self.install_prefix = self.prefix ++ self.bin_install_prefix = self.bin_prefix + + if os.path.basename(self['CXX']) == 'clang++': + self.Append(CXXFLAGS=['-Qunused-arguments']) +@@ -147,10 +152,15 @@ class FreelanEnvironment(Environment): + mode = GetOption('mode') + prefix = os.path.normpath(os.path.abspath(ARGUMENTS.get('prefix', './install'))) + ++if 'bin_prefix' in ARGUMENTS: ++ bin_prefix = os.path.normpath(os.path.abspath(ARGUMENTS['bin_prefix'])) ++else: ++ bin_prefix = None ++ + if mode in ('all', 'release'): +- env = FreelanEnvironment(mode='release', prefix=prefix) ++ env = FreelanEnvironment(mode='release', prefix=prefix, bin_prefix=bin_prefix) + libraries, includes, apps, samples, configurations = SConscript('SConscript', exports='env', variant_dir=os.path.join('build', env.mode)) +- install = env.Install(os.path.join(env.install_prefix, 'bin'), apps) ++ install = env.Install(os.path.join(env.bin_install_prefix, 'bin'), apps) + install.extend(env.Install(os.path.join(env.install_prefix, 'etc', 'freelan'), configurations)) + + Alias('install', install) diff --git a/net-vpn/freelan/freelan-2.0.ebuild b/net-vpn/freelan/freelan-2.0.ebuild new file mode 100644 index 000000000000..477b6f862c32 --- /dev/null +++ b/net-vpn/freelan/freelan-2.0.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit scons-utils toolchain-funcs eutils + +DESCRIPTION="Peer-to-peer VPN software that abstracts a LAN over the Internet" +HOMEPAGE="http://www.freelan.org/" +SRC_URI="https://github.com/freelan-developers/freelan/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="debug" + +DEPEND=" + dev-libs/boost:=[threads] + dev-libs/openssl:0= + net-misc/curl:= + virtual/libiconv +" +RDEPEND="${DEPEND}" + +FREELAN_NO_GIT=1 +FREELAN_NO_GIT_VERSION=${PV} + +src_prepare() { + epatch \ + "${FILESDIR}/boost158.patch" \ + "${FILESDIR}/mf.patch" \ + "${FILESDIR}/prefix.patch" \ + "${FILESDIR}/boost163.patch" + + sed -e "s/CXXFLAGS='-O3'/CXXFLAGS=''/" \ + -e "s/CXXFLAGS=\['-Werror'\]/CXXFLAGS=[]/" \ + -e "s/CXXFLAGS=\['-pedantic'\]/CXXFLAGS=[]/" \ + -i SConstruct || die + epatch_user +} + +src_compile() { + tc-export CXX CC AR + export LINK="$(tc-getCXX)" + + local MYSCONS=( + "--mode=$(usex debug debug release)" + prefix="${EPREFIX:-/}" + bin_prefix="/usr" + apps + ) + escons "${MYSCONS[@]}" +} + +src_install() { + DESTDIR="${D}" escons --mode=release prefix="${EPREFIX:-/}" bin_prefix="/usr" install + dodoc CONTRIBUTING.md README.md + + newinitd "${FILESDIR}/openrc/freelan.initd" freelan +} diff --git a/net-vpn/freelan/metadata.xml b/net-vpn/freelan/metadata.xml new file mode 100644 index 000000000000..d8d5cc720330 --- /dev/null +++ b/net-vpn/freelan/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>aballier@gentoo.org</email> + <name>Alexis Ballier</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/ipsec-tools/Manifest b/net-vpn/ipsec-tools/Manifest new file mode 100644 index 000000000000..4d3d873ae56b --- /dev/null +++ b/net-vpn/ipsec-tools/Manifest @@ -0,0 +1 @@ +DIST ipsec-tools-0.8.2.tar.bz2 866465 SHA256 8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d SHA512 2b7d0efa908d3a699be7ef8b2b126a3809956cb7add50e8efb1cfdfc2d9b70c39ef517379cb9a4fad9e5f0c25937e98535b06c32bd3e729f5129da4ab133e30f WHIRLPOOL 16452a98d6c179913fc7acf8d92f8e9e6f5614c2ac0b798158c218bfb4f6c5228ffea426fe0b26774242b4f29477323de5a4e31a623d94d82b90184a6664c2ce diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch new file mode 100644 index 000000000000..5c69bbb2fa61 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch @@ -0,0 +1,22 @@ +https://bugs.gentoo.org/425770 + +--- a/src/racoon/pfkey.c ++++ b/src/racoon/pfkey.c +@@ -59,7 +59,6 @@ + #include <sys/param.h> + #include <sys/socket.h> + #include <sys/queue.h> +-#include <sys/sysctl.h> + + #include <net/route.h> + #include <net/pfkeyv2.h> +--- a/src/setkey/setkey.c ++++ b/src/setkey/setkey.c +@@ -40,7 +40,6 @@ + #include <sys/socket.h> + #include <sys/time.h> + #include <sys/stat.h> +-#include <sys/sysctl.h> + #include <err.h> + #include <netinet/in.h> + #include <net/pfkeyv2.h> diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch new file mode 100644 index 000000000000..58f72e109c40 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch @@ -0,0 +1,16 @@ +See: https://bugs.gentoo.org/show_bug.cgi?id=550118 + +--- ./src/racoon/gssapi.c 9 Sep 2006 16:22:09 -0000 1.4 ++++ ./src/racoon/gssapi.c 19 May 2015 15:16:00 -0000 1.6 +@@ -192,6 +192,11 @@ + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch new file mode 100644 index 000000000000..f351860a84e9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-def-psk.patch @@ -0,0 +1,25 @@ +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200 +@@ -2498,8 +2498,21 @@ + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the pskey for %s.\n", + saddrwop2str(iph1->remote)); ++ } ++ } ++ if (iph1->authstr == NULL) { ++ /* ++ * If we could not locate a psk above try and locate ++ * the default psk, ie, "*". ++ */ ++ iph1->authstr = privsep_getpsk("*", 1); ++ if (iph1->authstr == NULL) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "couldn't find the the default pskey either.\n"); + goto end; + } ++ plog(LLV_NOTIFY, LOCATION, iph1->remote, ++ "Using default PSK.\n"); + } + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); + /* should be secret PSK */ diff --git a/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch new file mode 100644 index 000000000000..2e22c82db478 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools-include-vendoridh.patch @@ -0,0 +1,11 @@ +diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c +--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500 ++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500 +@@ -87,6 +87,7 @@ + #ifdef HAVE_GSSAPI + #include <iconv.h> + #include "gssapi.h" ++#include "vendorid.h" + #ifdef HAVE_ICONV_2ND_CONST + #define __iconv_const const + #else diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.conf b/net-vpn/ipsec-tools/files/ipsec-tools.conf new file mode 100644 index 000000000000..bfff04af069a --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools.conf @@ -0,0 +1,26 @@ +#!/usr/sbin/setkey -f +# +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +flush; +spdflush; + +# +# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; diff --git a/net-vpn/ipsec-tools/files/ipsec-tools.service b/net-vpn/ipsec-tools/files/ipsec-tools.service new file mode 100644 index 000000000000..0341aa7e4ed9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/ipsec-tools.service @@ -0,0 +1,12 @@ +[Unit] +Description=Load IPSec Security Policy Database +After=syslog.target network.target + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/sbin/setkey -k -f /etc/ipsec-tools.conf +ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/ipsec-tools/files/psk.txt b/net-vpn/ipsec-tools/files/psk.txt new file mode 100644 index 000000000000..97f5180f5ae5 --- /dev/null +++ b/net-vpn/ipsec-tools/files/psk.txt @@ -0,0 +1,10 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +# Peer IP/FQDN Secret +# 192.168.3.25 sample +192.168.3.21 sample diff --git a/net-vpn/ipsec-tools/files/racoon.conf b/net-vpn/ipsec-tools/files/racoon.conf new file mode 100644 index 000000000000..2e9206db9506 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.conf @@ -0,0 +1,33 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +path pre_shared_key "/etc/racoon/psk.txt"; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#remote 192.168.3.25 +remote 192.168.3.21 +{ + exchange_mode main; + proposal { + encryption_algorithm 3des; + hash_algorithm md5; + authentication_method pre_shared_key; + dh_group modp1024; + } +} + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#sainfo address 192.168.3.21 any address 192.168.3.25 any +sainfo address 192.168.3.25 any address 192.168.3.21 any +{ + pfs_group modp768; + encryption_algorithm 3des; + authentication_algorithm hmac_md5; + compression_algorithm deflate; +} diff --git a/net-vpn/ipsec-tools/files/racoon.conf.d-r2 b/net-vpn/ipsec-tools/files/racoon.conf.d-r2 new file mode 100644 index 000000000000..c592d3584967 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.conf.d-r2 @@ -0,0 +1,29 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Config file for /etc/init.d/racoon + +# See the man page or run `racoon --help` for valid command-line options +# RACOON_OPTS="-d" + +RACOON_CONF="/etc/racoon/racoon.conf" +RACOON_PSK_FILE="/etc/racoon/psk.txt" + +# The amount of time in ms for start-stop-daemon to wait before a timeout +# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. + +RACOON_WAIT="1000" + +# The setkey config file. Don't name it ipsec.conf as this clashes +# with strongswan. We'll follow debian's naming. Bug #436144. + +SETKEY_CONF="/etc/ipsec-tools.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES="true" + +# If you need to set custom options to the setkey command when loading rules, use this +# more info in the setkey mangage (example below sets kernel mode instead of RFC mode): +#SETKEY_OPTS="-k" diff --git a/net-vpn/ipsec-tools/files/racoon.init.d-r3 b/net-vpn/ipsec-tools/files/racoon.init.d-r3 new file mode 100644 index 000000000000..66e10bb84d42 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.init.d-r3 @@ -0,0 +1,57 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +command=/usr/sbin/racoon +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" +pidfile=/var/run/racoon.pid +start_stop_daemon_args="--wait ${RACOON_WAIT}" + +start_pre() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey ${SETKEY_OPTS} -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi +} + +stop_post() { + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-vpn/ipsec-tools/files/racoon.pam.d b/net-vpn/ipsec-tools/files/racoon.pam.d new file mode 100644 index 000000000000..b801aaafa0f9 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.pam.d @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-vpn/ipsec-tools/files/racoon.service b/net-vpn/ipsec-tools/files/racoon.service new file mode 100644 index 000000000000..df7f1bb8f8c0 --- /dev/null +++ b/net-vpn/ipsec-tools/files/racoon.service @@ -0,0 +1,11 @@ +[Unit] +Description=Racoon IKEv1 key management daemon for IPSEC +After=syslog.target network.target +Requires=ipsec-tools.service + +[Service] +Type=forking +ExecStart=/usr/sbin/racoon -f /etc/racoon/racoon.conf + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild new file mode 100644 index 000000000000..1fd2ccbcc73f --- /dev/null +++ b/net-vpn/ipsec-tools/ipsec-tools-0.8.2-r5.ebuild @@ -0,0 +1,282 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic autotools linux-info pam systemd + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~ia64 ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap libressl nat pam rc5 readline selinux stats" + +CDEPEND=" + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline:0= ) + selinux? ( sys-libs/libselinux )" + +DEPEND="${CDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ipsec ) +" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-vpn/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-vpn/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-vpn/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-vpn/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + eapply "${FILESDIR}/${PN}-def-psk.patch" + eapply "${FILESDIR}/${PN}-include-vendoridh.patch" + eapply "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 + eapply "${FILESDIR}"/${PN}-CVE-2015-4047.patch + + AT_M4DIR="${S}" eautoreconf + + eapply_user +} + +src_configure() { + #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon + newinitd "${FILESDIR}"/racoon.init.d-r3 racoon + systemd_dounit "${FILESDIR}/ipsec-tools.service" + systemd_dounit "${FILESDIR}/racoon.service" + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-vpn/ipsec-tools/metadata.xml b/net-vpn/ipsec-tools/metadata.xml new file mode 100644 index 000000000000..b9c2c832a41d --- /dev/null +++ b/net-vpn/ipsec-tools/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + </maintainer> + <use> + <flag name="hybrid">Makes available both mode-cfg and xauth support</flag> + <flag name="idea">Enable support for the IDEA algorithm</flag> + <flag name="nat">Enable NAT-Traversal</flag> + <flag name="rc5">Enable support for the patented RC5 algorithm</flag> + <flag name="stats">Enable statistics reporting</flag> + </use> + <upstream> + <remote-id type="sourceforge">ipsec-tools</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/kvpnc/Manifest b/net-vpn/kvpnc/Manifest new file mode 100644 index 000000000000..ec31aecf928d --- /dev/null +++ b/net-vpn/kvpnc/Manifest @@ -0,0 +1,2 @@ +DIST kvpnc-0.9.6-kde4-locale.tar.bz2 2020192 SHA256 a675f9ed3d66e7fa94a0fd530fa60521d0ef739043bcfe2702be77b0299a47c7 SHA512 a2e5c7f465ec77e61f882cb2a45da7da3c868de164e8cdefe2a987d9040e1762ebd6f3e089f008dfcc7f7fad47b9847c059d615c94a995805af0ca3f1fd4d209 WHIRLPOOL 03b5a49027d024cb2645ea481735223f1551d65fed027690619f75ed38c05ecdc3b31b73e4e1d4309450088b709e35535081c614e4a9136d2da8fc954d739a15 +DIST kvpnc-0.9.6a-kde4.tar.bz2 579425 SHA256 6bf8c1f13f8d54f73f7ebb4102f912a5ebc01697ea36975977de8e57c97771f3 SHA512 e30e3fcb9729a378c84d636c7efe0e45ce7d15bcfab2f5f6cd4e37951de1db10c343e5e14dc13aafc4d540058ebc2ca0c2ad30c555fd78f0de552107d13d2467 WHIRLPOOL 8dadbf4fa0ba3790d8545a05cf9db5e462ba1d5a72c898faeee556d7e071c71e2cfaf81a07b5ff17a790399f044b87d1dc56f43799c7f58df049cf43829896cf diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch new file mode 100644 index 000000000000..db59b5baaf86 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-gcc47.patch @@ -0,0 +1,11 @@ +diff -ruN kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp kvpnc-0.9.6a-kde4/src/kvpnc.cpp +--- kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp 2012-06-25 22:16:25.395420711 +0200 ++++ kvpnc-0.9.6a-kde4/src/kvpnc.cpp 2012-06-25 22:17:41.598424971 +0200 +@@ -75,6 +75,7 @@ + #include <cstdlib> + #include <ctime> + #include <iomanip> ++#include <unistd.h> + + #include "ui_mainviewbase4.h" + #include "ciscocertificateenrollment.h" diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch new file mode 100644 index 000000000000..1413bccc97e1 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-ifconfig.patch @@ -0,0 +1,38 @@ +diff -ruN kvpnc-0.9.6a-kde4/src/kvpncconfig.cpp kvpnc-0.9.6a-kde4-patched/src/kvpncconfig.cpp +--- kvpnc-0.9.6a-kde4/src/kvpncconfig.cpp 2010-03-08 05:26:33.000000000 -0500 ++++ kvpnc-0.9.6a-kde4-patched/src/kvpncconfig.cpp 2013-05-23 10:36:35.536865224 -0400 +@@ -58,8 +58,8 @@ + pathToPing = ""; + pathToOpenvpn = "/usr/sbin/openvpn"; + pathToIp = "/sbin/ip"; +- pathToIfconfig = "/sbin/ifconfig"; +- pathToRoute = "/sbin/route"; ++ pathToIfconfig = "/bin/ifconfig"; ++ pathToRoute = "/bin/route"; + pathToNetstat = "/bin/netstat"; + pathToL2tpd = "/usr/sbin/l2tpd"; + pathToPkcs11Tool = "/usr/bin/pkcs11-tool"; +@@ -874,8 +874,8 @@ + pathToOpenssl = configgroup.readEntry("Path to openssl", "/usr/bin/openssl"); + pathToIpsec = configgroup.readEntry("Path to freeswan", "/usr/sbin/ipsec"); + pathToIp = configgroup.readEntry("Path to iputility", "/sbin/ip"); +- pathToIfconfig = configgroup.readEntry("Path to ifconfig", "/sbin/ifconfig"); +- pathToRoute = configgroup.readEntry("Path to route", "/sbin/route"); ++ pathToIfconfig = configgroup.readEntry("Path to ifconfig", "/bin/ifconfig"); ++ pathToRoute = configgroup.readEntry("Path to route", "/bin/route"); + pathToNetstat = configgroup.readEntry("Path to netstat", "/bin/netstat"); + pathToPppd = configgroup.readEntry("Path to pppd", "/usr/sbin/pppd"); + pathToPptp = configgroup.readEntry("Path to pptp", "/usr/sbin/pptp"); +@@ -1516,10 +1516,10 @@ + pathToIp = "/sbin/ip"; + + if (pathToIfconfig.isEmpty()) +- pathToIfconfig = "/sbin/ifconfig"; ++ pathToIfconfig = "/bin/ifconfig"; + + if (pathToRoute.isEmpty()) +- pathToRoute = "/sbin/route"; ++ pathToRoute = "/bin/route"; + + if (pathToNetstat.isEmpty()) + pathToNetstat = "/bin/netstat"; diff --git a/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch b/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch new file mode 100644 index 000000000000..4e8b4d6d92b7 --- /dev/null +++ b/net-vpn/kvpnc/files/kvpnc-0.9.6a-scriptsec.patch @@ -0,0 +1,15 @@ +diff -ruN kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp kvpnc-0.9.6a-kde4/src/kvpnc.cpp +--- kvpnc-0.9.6a-kde4.orig/src/kvpnc.cpp 2010-03-08 11:26:33.000000000 +0100 ++++ kvpnc-0.9.6a-kde4/src/kvpnc.cpp 2012-06-25 22:12:51.454408816 +0200 +@@ -6030,7 +6030,10 @@ + } + + +- if (GlobalConfig->OpenvpnNeedSecurityParameter || (OpenvpnMajor == 2 && OpenvpnMinor == 1 && OpenvpnExtraVer > 8 && OpenvpnExtra == "rc")|| ( OpenvpnMajor == 2 && OpenvpnMinor == 1 ) || (OpenvpnMajor > 2 && OpenvpnMinor >= 2)) { ++ if (GlobalConfig->OpenvpnNeedSecurityParameter || ++ (OpenvpnMajor == 2 && OpenvpnMinor == 1 && OpenvpnExtraVer > 8 && OpenvpnExtra == "rc")|| ++ (OpenvpnMajor == 2 && OpenvpnMinor >= 1 ) || ++ (OpenvpnMajor > 2)) { + if (GlobalConfig->KvpncDebugLevel > 3) + GlobalConfig->appendLogEntry(i18n("OpenVPN >= 2.1-rc9 detected, adding script security parameter to config."), KVpncEnum::info); + diff --git a/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild b/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild new file mode 100644 index 000000000000..88172fb18463 --- /dev/null +++ b/net-vpn/kvpnc/kvpnc-0.9.6a-r2.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +KDE_LINGUAS="ar br cs da de el en_GB eo es et eu fr ga gl hi hne it ja ka lt +ms nb nds nl nn pa pl pt pt_BR ro ru sv tr uk zh_CN zh_TW" +inherit kde4-base + +DESCRIPTION="KDE frontend for various VPN clients" +HOMEPAGE="http://home.gna.org/kvpnc/" +SRC_URI="http://download.gna.org/kvpnc/${P}-kde4.tar.bz2 + http://download.gna.org/kvpnc/${P/a}-kde4-locale.tar.bz2" + +LICENSE="GPL-2" +SLOT="4" +KEYWORDS="amd64 x86" +IUSE="debug" + +RDEPEND=" + dev-libs/libgcrypt:0 +" +DEPEND="${RDEPEND} + sys-devel/gettext +" + +S=${WORKDIR}/${P}-kde4 + +PATCHES=( + "${FILESDIR}/${P}-scriptsec.patch" + "${FILESDIR}/${P}-gcc47.patch" + "${FILESDIR}/${P}-ifconfig.patch" +) + +src_prepare() { + mv -vf "${WORKDIR}"/${P/a}-kde4-locale/po . || die + + echo "find_package ( Msgfmt REQUIRED )" >> CMakeLists.txt || die + echo "find_package ( Gettext REQUIRED )" >> CMakeLists.txt || die + echo "add_subdirectory ( po )" >> CMakeLists.txt || die + + sed -i \ + -e "s:0.9.2-svn:${PV}:" \ + CMakeLists.txt || die + + kde4-base_src_prepare +} + +src_configure() { + mycmakeargs=( "-DWITH_libgcrypt=ON" ) + kde4-base_src_configure +} diff --git a/net-vpn/kvpnc/metadata.xml b/net-vpn/kvpnc/metadata.xml new file mode 100644 index 000000000000..bddd8b4a2053 --- /dev/null +++ b/net-vpn/kvpnc/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>kde@gentoo.org</email> + <name>Gentoo KDE Project</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest new file mode 100644 index 000000000000..39cc9c8a0701 --- /dev/null +++ b/net-vpn/libreswan/Manifest @@ -0,0 +1 @@ +DIST libreswan-3.18.tar.gz 8766228 SHA256 2ff61178913287567ed2736287df47e7f9a822ddcded967f3af5f03e95b5f17d SHA512 dfc831ae82814a26cac2eb7c8bef4385d8aebb1e62c63f31e0997d49fc6bbcc6e4e2bcd0e07d5c0c1347e5eaca5f6eb1fba98395bc882ab0fddb804a524b57f8 WHIRLPOOL 73ce41988d62d6702837d9ba6c2e123aad678b6d983711e6e5d3a60046bdbf2a37d8f650a8e4ffff24c551a27d50ecbef322bc40a083b852a142b2a5bcda2726 diff --git a/net-vpn/libreswan/libreswan-3.18.ebuild b/net-vpn/libreswan/libreswan-3.18.ebuild new file mode 100644 index 000000000000..c7115661250f --- /dev/null +++ b/net-vpn/libreswan/libreswan-3.18.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://download.libreswan.org/${P}.tar.gz" + KEYWORDS="amd64 ~ppc x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/libreswan/libreswan.git" +fi + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam systemd" + +COMMON_DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( net-dns/unbound net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" +RDEPEND="${COMMON_DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-misc/openswan + !net-vpn/strongswan +" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LDAP=$(usetf ldap) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" + certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + eend $? + fi +} diff --git a/net-vpn/libreswan/libreswan-9999.ebuild b/net-vpn/libreswan/libreswan-9999.ebuild new file mode 100644 index 000000000000..ac095ad3197a --- /dev/null +++ b/net-vpn/libreswan/libreswan-9999.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://download.libreswan.org/${P}.tar.gz" + KEYWORDS="~amd64 ~ppc ~x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/libreswan/libreswan.git" +fi + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/" + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +IUSE="caps curl dnssec ldap pam systemd" + +COMMON_DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( net-dns/unbound net-libs/ldns ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" +RDEPEND="${COMMON_DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-misc/openswan + !net-vpn/strongswan +" + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + default +} + +src_configure() { + tc-export AR CC + export INC_USRLOCAL=/usr + export INC_MANDIR=share/man + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export FINALDOCDIR=/usr/share/doc/${PF}/html + export INITSYSTEM=openrc + export INC_RCDIRS= + export INC_RCDEFAULT=/etc/init.d + export USERCOMPILE= + export USERLINK= + export USE_DNSSEC=$(usetf dnssec) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LDAP=$(usetf ldap) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_XAUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all +} + +src_install() { + default + emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR}" + certutil -N -d "${IPSEC_CONFDIR}" -f <(echo) + eend $? + fi +} diff --git a/net-vpn/libreswan/metadata.xml b/net-vpn/libreswan/metadata.xml new file mode 100644 index 000000000000..258e65f32b14 --- /dev/null +++ b/net-vpn/libreswan/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>floppym@gentoo.org</email> + <name>Mike Gilbert</name> + </maintainer> + <use> + <flag name="dnssec">Use DNSSEC resolver (requires <pkg>net-dns/unbound</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-vpn/logmein-hamachi/Manifest b/net-vpn/logmein-hamachi/Manifest new file mode 100644 index 000000000000..8c17adedb56f --- /dev/null +++ b/net-vpn/logmein-hamachi/Manifest @@ -0,0 +1,4 @@ +DIST logmein-hamachi-2.1.0.139-x64.tgz 1329615 SHA256 2eda310852e09f34439e8afeeba1614e62a1e91e5aa3947ba530de7c8b5a3ac9 SHA512 e4c0a3de2361f707dfbe168bfa90543f139082624c04b121f3186ecb10aa56a9e9e942989cd1148d6a4fcabedba172bb1196206c14a1124b32d20154ee4be177 WHIRLPOOL f2e890945ccdf48ef409a145037de8a08e310928183c6cf7a2fb1c0f80f6143c4d4e98f88cdf54e754bea27dd1f1fd1fda844a33e702cf4171a2eacaeef08dbc +DIST logmein-hamachi-2.1.0.139-x86.tgz 1254911 SHA256 103de9c76aceff78ce039dd48e7a71f43a627d833e58b63317e75ab1e2331d80 SHA512 49e5b57563e1599a71bc543c81bb1355b210d432a1daaf3975a1625aafd1cd46233fe8a1914d9309d8116d597abc42cd8cfd75e0729eed4bc379eaab30c808e4 WHIRLPOOL bb014a77f272589a93caadbf162696326849fa8b2398a4a768ab0adf685678debffada0db5a5dbd037afc0141cf771eff15ef13c7c4e91616c1c64df8b5306d5 +DIST logmein-hamachi-2.1.0.174-x64.tgz 1367599 SHA256 43922be24a3eeb311d7ac277d355d886e6033d506df820bfd95b49985d783d04 SHA512 d1d81a15f209361f66636035f7fd8a010657dbc0712a56ae240e102f083e9b04629c852cbd4259229166c297a1cd116da07e5bdeac63795cacba8fd7e3021050 WHIRLPOOL da490120e478e1a0977d46d183b810ba4cf26543029d0ff9c9fb6e3fb560cf75c1d5c8ccf07af8c8361c9495bcea388d9c6ea76838dd72d7e7d5801ac82619de +DIST logmein-hamachi-2.1.0.174-x86.tgz 1290587 SHA256 c230cb43d1ed8a75396a5fce34f0e1bbcf1f5610f9baf3814ba9ce14764fb40e SHA512 0f8da40d6508dab71680a74065649d51288c345849f74c7e2682040b720536f5324d142690aa879f9c5e8f1717654ab93357f4b960a567f5b584609bd814e82f WHIRLPOOL 54fad0e09ba06e28fd487eb99de8364ef7432140f5c217384b85c44d72a332f7431148c0fc7a10700093e4964cc46c156223c9e972fea8fe04c6dbd2c59f3857 diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.confd b/net-vpn/logmein-hamachi/files/logmein-hamachi.confd new file mode 100644 index 000000000000..73523ee3e3de --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.confd @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# /etc/conf.d/logmein-hamachi +# Config file for logmein-hamachi control script + +# Location of config, identity and log files +CONFDIR="/var/lib/logmein-hamachi" + +# Your nickname +# Set it to enable auto-login when starting the service +NICKNAME="" + +# Seconds to wait before auto-login (if enabled) +WAIT="2" diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.initd b/net-vpn/logmein-hamachi/files/logmein-hamachi.initd new file mode 100644 index 000000000000..4bff7452ebcc --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.initd @@ -0,0 +1,77 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/opt/logmein-hamachi/bin/hamachid +PIDFILE=/var/run/logmein-hamachi/hamachid.pid + +depend() { + need net +} + +checktun() { + [ $(uname -s) = "Linux" ] || return 0 + [ -e /dev/net/tun ] && return 0 + modprobe tun && return 0 + + eerror "TUN/TAP support is not available in the running kernel" + return 1 +} + +start_pre() { + checkpath -d /var/run/logmein-hamachi +} + +start() +{ + # returns + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + checktun || return 2 + + ebegin "Starting hamachi" + + start-stop-daemon --quiet --start --exec "${DAEMON}" \ + --pidfile "${PIDFILE}" -- -c "${CONFDIR}" + result=$? + + if [ ${result} -eq 0 ] && [ -n "${NICKNAME}" ]; then + # it fails logging in immediately + sleep ${WAIT} + /usr/bin/hamachi login + if [ -z "$(/usr/bin/hamachi | grep 'logged in')" ]; then + start-stop-daemon --quiet --stop \ + --exec "${DAEMON}" --pidfile "${PIDFILE}" + result=1 + else + /usr/bin/hamachi set-nick "${NICKNAME}" + fi + fi + + eend ${result} +} + +stop() +{ + # returns + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + ebegin "Stopping hamachi" + + /usr/bin/hamachi logout + start-stop-daemon --quiet --stop --exec "${DAEMON}" \ + --pidfile "${PIDFILE}" + + eend $? +} + +status() { + service_started "${SVCNAME}" || return 1 + /usr/bin/hamachi + /usr/bin/hamachi list +} diff --git a/net-vpn/logmein-hamachi/files/logmein-hamachi.service b/net-vpn/logmein-hamachi/files/logmein-hamachi.service new file mode 100644 index 000000000000..609447e16373 --- /dev/null +++ b/net-vpn/logmein-hamachi/files/logmein-hamachi.service @@ -0,0 +1,10 @@ +[Unit] +Description=LogMeIn Hamachi daemon +After=local-fs.target network.target + +[Service] +ExecStart=/opt/logmein-hamachi/bin/hamachid +Type=forking + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild new file mode 100644 index 000000000000..719f37c44aae --- /dev/null +++ b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.139.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd + +DESCRIPTION="LogMeIn Hamachi VPN tunneling engine" +HOMEPAGE="https://secure.logmein.com/products/hamachi" +SRC_URI="x86? ( https://secure.logmein.com/labs/${P}-x86.tgz ) + amd64? ( https://secure.logmein.com/labs/${P}-x64.tgz )" + +LICENSE="LogMeIn" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="" + +RDEPEND="!net-misc/hamachi" + +RESTRICT="mirror" + +QA_PREBUILT="/opt/${PN}/bin/hamachid" +QA_PRESTRIPPED="/opt/${PN}/bin/hamachid" +QA_WX_LOAD="/opt/${PN}/bin/hamachid" + +pkg_setup() { + einfo "Checking your kernel configuration for TUN/TAP support." + CONFIG_CHECK="~TUN" + check_extra_config +} + +src_unpack() { + unpack ${A} + mv "${P}-$(use x86 && echo x86 || echo x64)" "${S}" || die +} + +src_install() { + into /opt/${PN} + dobin hamachid dnsup dnsdown + dosym /opt/${PN}/bin/hamachid /usr/bin/hamachi + + # Config and log directory + dodir /var/lib/${PN} + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + + dodoc CHANGES README +} + +pkg_postinst() { + elog "LogMeIn Hamachi2 is installed." + elog "Consult the README file on how to configure your client." + elog "You can run the client 'hamachi' as root," + elog "or as a user if you add a newline terminated line:" + elog "Ipc.User <login name>" + elog "to the file '/var/lib/${PN}/h2-engine-override.cfg'" + elog "and restart the daemon with" + elog "/etc/init.d/${PN} restart" + elog "or:" + elog "systemctl restart ${PN}" + elog "To enable auto-login when the service starts set a nickname in" + elog "/etc/conf.d/${PN} (only supported using openRC)" +} diff --git a/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild new file mode 100644 index 000000000000..d340b702289f --- /dev/null +++ b/net-vpn/logmein-hamachi/logmein-hamachi-2.1.0.174.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info systemd + +DESCRIPTION="LogMeIn Hamachi VPN tunneling engine" +HOMEPAGE="https://www.vpn.net/" +SRC_URI="x86? ( https://www.vpn.net/installers/${P}-x86.tgz ) + amd64? ( https://www.vpn.net/installers/${P}-x64.tgz )" + +LICENSE="LogMeIn" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="" + +RDEPEND="!net-misc/hamachi" + +RESTRICT="mirror" + +QA_PREBUILT="/opt/${PN}/bin/hamachid" +QA_PRESTRIPPED="/opt/${PN}/bin/hamachid" +QA_WX_LOAD="/opt/${PN}/bin/hamachid" + +pkg_setup() { + einfo "Checking your kernel configuration for TUN/TAP support." + CONFIG_CHECK="~TUN" + check_extra_config +} + +src_unpack() { + unpack ${A} + mv "${P}-$(use x86 && echo x86 || echo x64)" "${S}" || die +} + +src_install() { + into /opt/${PN} + dobin hamachid dnsup dnsdown + dosym /opt/${PN}/bin/hamachid /usr/bin/hamachi + + # Config and log directory + dodir /var/lib/${PN} + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + + dodoc CHANGES README +} + +pkg_postinst() { + elog "LogMeIn Hamachi2 is installed." + elog "Consult the README file on how to configure your client." + elog "You can run the client 'hamachi' as root," + elog "or as a user if you add a newline terminated line:" + elog "Ipc.User <login name>" + elog "to the file '/var/lib/${PN}/h2-engine-override.cfg'" + elog "and restart the daemon with" + elog "/etc/init.d/${PN} restart" + elog "or:" + elog "systemctl restart ${PN}" + elog "To enable auto-login when the service starts set a nickname in" + elog "/etc/conf.d/${PN} (only supported using openRC)" +} diff --git a/net-vpn/logmein-hamachi/metadata.xml b/net-vpn/logmein-hamachi/metadata.xml new file mode 100644 index 000000000000..14dde2333ec1 --- /dev/null +++ b/net-vpn/logmein-hamachi/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>nonno.cicala@libero.it</email> + <name>Simone Scanzoni</name> + </maintainer> +<maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/metadata.xml b/net-vpn/metadata.xml new file mode 100644 index 000000000000..b5449d0bcb22 --- /dev/null +++ b/net-vpn/metadata.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<catmetadata> + <longdescription lang="en"> + The net-vpn category contains packages related to virtual private + networks and tunneling utilities. + </longdescription> +</catmetadata> + diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest new file mode 100644 index 000000000000..5a16aa54f257 --- /dev/null +++ b/net-vpn/openconnect/Manifest @@ -0,0 +1,6 @@ +DIST openconnect-7.06.tar.gz 1343870 SHA256 facf695368dc4537a6a30e2147be90b1d77ee3cb2d269eaef070b6d9ddab70f2 SHA512 d1af9efe4ac1f6671dc6b92db0df981e8cae3f2f50b8b4c35a112b42a76517b7c8ea9fd5da93352445dd61da3012bf34fdbcc3add9d8727cbaad7d311e516108 WHIRLPOOL b1b98bf8d900714eb7c7ab82bbd4371050f307b7872bd70b4b9c31f72bb15670842f41c381cbe31aad7e5e98bccbe0663e49b988d5c321c706719b8fa19a2654 +DIST openconnect-7.06_p20160614.tar.gz 2332148 SHA256 dcba2a087d66e0cf27c087c74ee64ae6b747b2191dfbf5fa2729ec2b156aee4a SHA512 7832251180e9c738c84ee89d0ad35144318f90cc9ede48e0cdb73747e64b2a3fbf4ad8175d0d755cb5629fbfc37c76a131a1b54a03c4249727102b572cbdfd66 WHIRLPOOL 2f25ef9a09c1efb88f5439a8f55b05d68adf868d108c7378e7a4d2889e092838b245ac2660ffc6234846a34a320971fce99ce1f0519be1426a8b2c3be371fbf4 +DIST openconnect-7.07.tar.gz 1557283 SHA256 f3ecfcd487dcd916748db38b4138c1e72c86347d6328b11dfe1d0af2821b8366 SHA512 fcce82419a058f5210f8b6167a10e52eb572c93cda3ec941bf11e5bfcf8395ce2f816cba4f5f9a02920eb023fe7dfbd8192d5664ce5bab29bf88506b67ec34e3 WHIRLPOOL 188d5117c1b669e1ab6c11d4d66431e3c59e50b21b39db5e6e9df3d3e3f1905c75be46e101e10483f4de2547a40e894b474eef35e001744bfdeb4a7f4c128dd1 +DIST openconnect-7.08.tar.gz 1686133 SHA256 1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03 SHA512 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 WHIRLPOOL 0f3e9f2435be11915de1e73075454f6be45dc4752df7d27b69a186dc7d8c9a6ce49d0a55510b3e836b26bced78eaa792f78ce9be5c51cff4212cd5c799e3ad70 +DIST vpnc-scripts-20140806.tar.gz 20070 SHA256 1f61a6c5ec8a2dab7d5f12c9b438d931e41c6c1c258801ee978d5ed460f4d35f SHA512 bfa230d6eb2db0696a23228cef6e742dcf5e609c25de725c23e2c7bee96d00045ea656d6c7025cdf7785f70baeb8a8d79af6aec93d7285bcb3c029dc744e5380 WHIRLPOOL 78d0c5e23f408167904639a7804859a1d6b89668feab6834a589a3d9f7abf4f9d1da984553a8871b6a16af39a03e5a6f3f6506dd77f7f960c7fcdd56f0683e27 +DIST vpnc-scripts-20160829.tar.gz 20297 SHA256 b737cbfbd2a0c9339ad108f8f2f02269981f0236ff350ce675b0391a08f861bc SHA512 0edd0e5184ac4a705f213a87fa8afa2e2cd54c9bd1aa01955a3a5107c42da8eae7b639896daceecc556a63b0663ee47e25fc21e77f0f74774330d546584fd2c1 WHIRLPOOL 0afe6e9ec1fb952bdad319d65f2353e7a8812e3301bc94ad3c472081ec9673506c9a52d8c4bd4f1035cfacca9f30494b9822034a6d468ce4357277ede2330d1e diff --git a/net-vpn/openconnect/files/openconnect-7.07-libressl.patch b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch new file mode 100644 index 000000000000..4f9d34bceee1 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch @@ -0,0 +1,77 @@ +From d4a8afc2e8693628f2de554e717458e08bcc2fcf Mon Sep 17 00:00:00 2001 +From: Aric Belsito <lluixhi@gmail.com> +Date: Thu, 3 Nov 2016 11:37:23 -0700 +Subject: [PATCH] Fix LibreSSL Build. + +From Voidlinux: + +From d51ab5615e11af4a2c160b2b8240e5d9f3c15422 Mon Sep 17 00:00:00 2001 +From: Duncaen <duncaen@voidlinux.eu> +Date: Wed, 13 Jul 2016 15:21:16 +0200 +Subject: [PATCH] openconnect: update to 7.07. +--- + openssl-esp.c | 4 ++-- + openssl.c | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/openssl-esp.c b/openssl-esp.c +index 2c1aa49..bd4dce3 100644 +--- a/openssl-esp.c ++++ b/openssl-esp.c +@@ -27,7 +27,7 @@ + #include <openssl/evp.h> + #include <openssl/rand.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + #define EVP_CIPHER_CTX_free(c) do { \ + EVP_CIPHER_CTX_cleanup(c); \ +@@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp, + } + EVP_CIPHER_CTX_set_padding(esp->cipher, 0); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + esp->hmac = malloc(sizeof(*esp->hmac)); + esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac)); + if (!esp->hmac || &esp->pkt_hmac) { +diff --git a/openssl.c b/openssl.c +index 785fd2a..6007cef 100644 +--- a/openssl.c ++++ b/openssl.c +@@ -36,11 +36,11 @@ + #include <openssl/ui.h> + #include <openssl/rsa.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain) +@@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo) + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + static int match_hostname_elem(const char *hostname, int helem_len, + const char *match, int melem_len) + { +@@ -1653,7 +1653,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2 + * cd6bd5ffda616822b52104fee0c4c7d623fd4f53 + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10001070 ++#if OPENSSL_VERSION_NUMBER >= 0x10001070 || defined(LIBRESSL_VERSION_NUMBER) + if (string_is_hostname(vpninfo->hostname)) + SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname); + #endif +-- +2.10.2 + diff --git a/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch new file mode 100644 index 000000000000..5cfeca6ec52d --- /dev/null +++ b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch @@ -0,0 +1,38 @@ +From 4ce9c9241f5707917e87e93a055f757cea5fb84d Mon Sep 17 00:00:00 2001 +From: Jon DeVree <nuxi@vault24.org> +Date: Mon, 19 Sep 2016 21:00:18 -0400 +Subject: [PATCH] Add Content-Length header to mimic official pulse client + +The official pulse client sends in a fixed "Content-Length: 256" header +with these two HTTP requests. Some versions of the VPN server will +reject requests with an HTTP 400 error if they do not have this header. + +Signed-off-by: Jon DeVree <nuxi@vault24.org> +Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> +--- + oncp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/oncp.c b/oncp.c +index cc9a223..2bf1571 100644 +--- a/oncp.c ++++ b/oncp.c +@@ -562,6 +562,7 @@ int oncp_connect(struct openconnect_info *vpninfo) + + buf_append(reqbuf, "POST /dana/js?prot=1&svc=1 HTTP/1.1\r\n"); + oncp_common_headers(vpninfo, reqbuf); ++ buf_append(reqbuf, "Content-Length: 256\r\n"); + buf_append(reqbuf, "\r\n"); + + if (buf_error(reqbuf)) { +@@ -606,6 +607,7 @@ int oncp_connect(struct openconnect_info *vpninfo) + buf_truncate(reqbuf); + buf_append(reqbuf, "POST /dana/js?prot=1&svc=4 HTTP/1.1\r\n"); + oncp_common_headers(vpninfo, reqbuf); ++ buf_append(reqbuf, "Content-Length: 256\r\n"); + buf_append(reqbuf, "\r\n"); + + if (buf_error(reqbuf)) { +-- +2.7.3 + diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in new file mode 100644 index 000000000000..53b14e61378e --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.conf.in @@ -0,0 +1,26 @@ +# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel: +# +# server_vpnname +# password_vpnname +# vpnopts_vpnname +# +# The tunnel will need to be started with a symbolic link to openconnect: +# +# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname +# +# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you +# need to create executable scripts in a directory with the same name as +# the vpn tunnel (vpn0 can be replaced with the vpn name): +# +# mkdir /etc/openconnect/vpn0 +# cd /etc/openconnect/vpn0" +# echo '#!/bin/sh' > preup.sh" +# cp preup.sh predown.sh" +# cp preup.sh postup.sh" +# cp preup.sh postdown.sh" +# chmod 755 /etc/openconnect/vpn0/*" + +server_vpn0="vpn.server.tld" +password_vpn0="YOUR_PASSWORD" +# Any OPENCONNECT options my go here (see openconnect --help) +vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh" diff --git a/net-vpn/openconnect/files/openconnect.init.in b/net-vpn/openconnect/files/openconnect.init.in new file mode 100644 index 000000000000..c4497956d8a3 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.init.in @@ -0,0 +1,122 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" +VPNPID="/run/openconnect/${VPN}.pid" +VPNDIR="/etc/openconnect/${VPN}" +PREUPSCRIPT="${VPNDIR}/preup.sh" +PREDOWNSCRIPT="${VPNDIR}/predown.sh" +POSTUPSCRIPT="${VPNDIR}/postup.sh" +POSTDOWNSCRIPT="${VPNDIR}/postdown.sh" +SERVER="server_${VPN}" +PASSWORD="password_${VPN}" +VPNOPTS="vpnopts_${VPN}" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + echo + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + echo + eerror "And then call it instead:" + echo + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi +} + +checktuntap() { + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + fi +} + +start() { + ebegin "Starting OpenConnect: ${VPN}" + + checkconfig || return 1 + + checktuntap || return 1 + + if [ "${!SERVER}" == "vpn.server.tld" ]; then + eend 1 "${VPN} not configured" + return 1 + fi + + if [ ! -e "${VPNLOG}" ]; then + mkdir -p "${VPNLOG}" + fi + + local piddir="${VPNPID%/*}" + if [ ! -d "$piddir" ] ; then + mkdir -p "$piddir" + if [ $? -ne 0 ]; then + eerror "Directory $piddir for pidfile does not exist and cannot be created" + return 1 + fi + fi + + if [ -x "${PREUPSCRIPT}" ] ; then + "${PREUPSCRIPT}" + fi + + start-stop-daemon --start --make-pidfile --pidfile "${VPNPID}" --stderr "${VPNERRFILE}" --stdout "${VPNLOGFILE}" --background \ + --exec /usr/sbin/openconnect \ + -- --pid-file="${VPNPID}" ${!VPNOPTS} ${!SERVER} <<< ${!PASSWORD} + + local retval=$? + + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + if [ -x "${POSTUPSCRIPT}" ] ; then + "${POSTUPSCRIPT}" + fi + + eend $? +} + +stop() { + ebegin "Stopping OpenConnect: ${VPN}" + + checkconfig || return 1 + + if [ -x "${PREDOWNSCRIPT}" ] ; then + "${PREDOWNSCRIPT}" + fi + + start-stop-daemon --pidfile "${VPNPID}" --stop /usr/sbin/openconnect + local retval=$? + + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + + if [ -x "${POSTDOWNSCRIPT}" ] ; then + "${POSTDOWNSCRIPT}" + fi + eend $? +} diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4 new file mode 100644 index 000000000000..040edc76f637 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.init.in-r4 @@ -0,0 +1,88 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNDIR="/etc/openconnect/${VPN}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" + +command="/usr/sbin/openconnect" +name="OpenConnect: ${VPN}" +pidfile="/run/openconnect/${VPN}.pid" +stopsig="SIGINT" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + eerror + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + eerror + eerror "And then call it instead:" + eerror + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi +} + +checktuntap() { + if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi +} + +run_hook() { + if [ -x "$1" ]; then + "$@" + fi +} + +start_pre() { + checkconfig || return + checktuntap || return + checkpath -d "${VPNLOG}" || return + checkpath -d /run/openconnect || return + run_hook "${VPNDIR}/preup.sh" +} + +start() { + local server vpnopts password + eval server=\$server_${VPN} + eval vpnopts=\$vpnopts_${VPN} + eval password=\$password_${VPN} + + ebegin "Starting ${name}" + start-stop-daemon --start --exec "${command}" -- \ + --background \ + --interface="${VPN}" \ + --pid-file="${pidfile}" \ + ${vpnopts} \ + "${server}" \ + >> "${VPNLOGFILE}" \ + 2>> "${VPNERRFILE}" \ + <<EOF +${password} +EOF + eend $? +} + +start_post() { + run_hook "${VPNDIR}/postup.sh" +} + +stop_pre() { + checkconfig || return + run_hook "${VPNDIR}/predown.sh" +} + +stop_post() { + run_hook "${VPNDIR}/postdown.sh" +} diff --git a/net-vpn/openconnect/files/openconnect.logrotate b/net-vpn/openconnect/files/openconnect.logrotate new file mode 100644 index 000000000000..0455e6845b28 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.logrotate @@ -0,0 +1,8 @@ +# openconnect logrotate snipet for Gentoo Linux +# +/var/log/openconnect/*/* { + missingok + size 5M + notifempty +} + diff --git a/net-vpn/openconnect/metadata.xml b/net-vpn/openconnect/metadata.xml new file mode 100644 index 000000000000..392587d6e70e --- /dev/null +++ b/net-vpn/openconnect/metadata.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>floppym@gentoo.org</email> + <name>Mike Gilbert</name> + </maintainer> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <name>William Hubbs</name> + </maintainer> + <maintainer type="person"> + <email>mattsch@gmail.com</email> + <name>Matthew Schultz</name> + <description>Proxied maintainer. Copy on bugs.</description> + </maintainer> + <use> + <flag name="gssapi">Build GSSAPI support</flag> + <flag name="java">Build JNI bindings using jni.h</flag> + <flag name="libproxy">Enable proxy support</flag> + <flag name="lz4">Enable support for lz4 compression</flag> + <flag name="stoken">Enable stoken support</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/openconnect/openconnect-7.06-r1.ebuild b/net-vpn/openconnect/openconnect-7.06-r1.ebuild new file mode 100644 index 000000000000..05a2ee85629a --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06-r1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" +VPNC_VER=20140806 +SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +KEYWORDS="amd64 arm ~arm64 ppc64 x86" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs" +ILINGUAS="ar cs de el en_GB en_US es eu fi fr gl id lt nl pa pl pt pt_BR sk sl tg ug uk zh_CN zh_TW" +for lang in $ILINGUAS; do + IUSE="${IUSE} linguas_${lang}" +done + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup + + if use doc; then + python-any-r1_pkg_setup + fi +} + +src_configure() { + strip-linguas $ILINGUAS + echo ${LINGUAS} > po/LINGUAS + if ! use doc; then + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # stoken and liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + --without-stoken \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.06-r4.ebuild b/net-vpn/openconnect/openconnect-7.06-r4.ebuild new file mode 100644 index 000000000000..8e558096c0e6 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06-r4.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" +VPNC_VER=20140806 +SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="doc +gnutls gssapi java libproxy libressl nls smartcard static-libs stoken" +ILINGUAS="ar cs de el en_GB en_US es eu fi fr gl id lt nl pa pl pt pt_BR sk sl tg ug uk zh_CN zh_TW" +for lang in $ILINGUAS; do + IUSE="${IUSE} linguas_${lang}" +done + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup + + if use doc; then + python-any-r1_pkg_setup + fi +} + +src_configure() { + strip-linguas $ILINGUAS + echo ${LINGUAS} > po/LINGUAS + if ! use doc; then + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild b/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild new file mode 100644 index 000000000000..8702eba983c5 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.06_p20160614.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + inherit autotools + ARCHIVE_URI="https://dev.gentoo.org/~williamh/dist/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20140806 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r1.ebuild b/net-vpn/openconnect/openconnect-7.07-r1.ebuild new file mode 100644 index 000000000000..fac6e34d7ead --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r1.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r2.ebuild b/net-vpn/openconnect/openconnect-7.07-r2.ebuild new file mode 100644 index 000000000000..5c8982b1bca5 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r2.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="amd64 arm ~arm64 ppc64 x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy lz4 nls smartcard static-libs stoken" + +DEPEND="dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + >=dev-libs/openssl-1.0.1h:0[static-libs?] + ) + gnutls? ( + >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle + app-misc/ca-certificates + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}"/${P}-mimic-pulse-client.patch +) + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with lz4) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.07-r3.ebuild b/net-vpn/openconnect/openconnect-7.07-r3.ebuild new file mode 100644 index 000000000000..f0b04fd6c339 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.07-r3.ebuild @@ -0,0 +1,167 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}"/${P}-mimic-pulse-client.patch + "${FILESDIR}"/${P}-libressl.patch +) + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + # If the python cannot be found, the docs will not build + sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die + fi + + # liboath not in portage + econf \ + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ + $(use_enable static-libs static) \ + $(use_enable nls ) \ + $(use_with !gnutls openssl) \ + $(use_with gnutls ) \ + $(use_with libproxy) \ + $(use_with lz4) \ + $(use_with gssapi) \ + $(use_with smartcard libpcsclite) \ + $(use_with stoken) \ + $(use_with java) +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS TODO + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + # Remove useless .la files + prune_libtool_files --all + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-7.08.ebuild b/net-vpn/openconnect/openconnect-7.08.ebuild new file mode 100644 index 000000000000..bb489f015356 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.08.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + export PYTHON=/bin/false + fi + + local myconf=( + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-openssl-version-check + $(use_enable static-libs static) + $(use_enable nls) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + $(use_with java) + ) + + econf "${myconf[@]}" +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + default + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + prune_libtool_files + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild new file mode 100644 index 000000000000..bb489f015356 --- /dev/null +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + export PYTHON=/bin/false + fi + + local myconf=( + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-openssl-version-check + $(use_enable static-libs static) + $(use_enable nls) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + $(use_with java) + ) + + econf "${myconf[@]}" +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + default + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + prune_libtool_files + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest new file mode 100644 index 000000000000..0777d3289094 --- /dev/null +++ b/net-vpn/openfortivpn/Manifest @@ -0,0 +1 @@ +DIST openfortivpn-1.3.0.tar.gz 48414 SHA256 a7dee87a9ef56c5d5a5d7288ae047f51f29472b2156e7d59bf9301aad6ac44ce SHA512 cedcb5677c03981cb255475113ebd06392edcbf4a57538515ff616db22334f4bef2e379d11eaa5a02f5d6a380ddf4b13bb6718269d01dea91a1ba25833dee107 WHIRLPOOL 164a44416db29acc2ebd9208a08ff9cb9578404739f1e6c5630eeede344a2dd15ae630437a417e382358b8dc44e6c73c431e94ae56f1ec844f96ca43a42965e7 diff --git a/net-vpn/openfortivpn/metadata.xml b/net-vpn/openfortivpn/metadata.xml new file mode 100644 index 000000000000..b7fa921dff8f --- /dev/null +++ b/net-vpn/openfortivpn/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>mathy@vanvoorden.be</email> + <name>Mathy Vanvoorden</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata> diff --git a/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild b/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild new file mode 100644 index 000000000000..0027219ec510 --- /dev/null +++ b/net-vpn/openfortivpn/openfortivpn-1.3.0.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools linux-info + +DESCRIPTION="A Fortinet compatible VPN client" +HOMEPAGE="https://github.com/adrienverge/openfortivpn" +SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3-with-openssl-exception openssl" +SLOT="0" +KEYWORDS="~amd64" +IUSE="libressl" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + net-dialup/ppp +" +RDEPEND="${DEPEND}" + +CONFIG_CHECK="~PPP ~PPP_ASYNC" + +src_prepare() { + default + + sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am" + + eautoreconf +} + +src_install() { + default + + keepdir /etc/openfortivpn +} diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest new file mode 100644 index 000000000000..e7602758a309 --- /dev/null +++ b/net-vpn/openvpn/Manifest @@ -0,0 +1,4 @@ +DIST mock_msg.h 1356 SHA256 d6c56a423753c0b938a5dc32c978984eebb97243a2671a1652440093f67d61fb SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea WHIRLPOOL 4cce848abc141e9d39cca1f8a0c9d11c0819d8a6e640c541968df491d2a6c3c0746233742418ee43c8bbc6ef19028a41159efae2922bcc719bd86442da05df86 +DIST openvpn-2.3.12.tar.gz 1235262 SHA256 f5d39b8c55f75b0aab943059b20571452b494146d997b12d48ce9bd753c01cff SHA512 8de40e9177268cce64906915ddc0d23381b4040ed00e6eefe4784b04d48f50d5c5ce9e99886eb18fe45d22c5c047478b9aa942e4c4eeaf115cc443a1d3ebe631 WHIRLPOOL 4adeb0da83a4fbff27bc90a3941b593f97dfdc3f50c3ccf10c113293bb0e4f85ead680b53645a2a078f907026549c8dbf068dcc64c9f89b6a967b3eb919f2c8c +DIST openvpn-2.3.14.tar.gz 1241145 SHA256 2b55b93424e489ab8b78d0ed75e8f992ab34052cd666bc4d6a41441919143b97 SHA512 0ec9483be5b1b7ea6c670c724369c5bed799a9f81375c0c4b3f34fa1ebcd4bff60e37668bbbcab6f1d6d66a807da719e44ee11c2c12f2eb7a3277936549f7bd1 WHIRLPOOL f5d1bc8dc316b3ee4c8b1d183f42fd9b4f02606e7d2c4b7afe42330e892b664ee1b4f516ba653cf6b6a197a8e7f1be8f2a29f9c39a0a450e071b855f2f1dbc3a +DIST openvpn-2.4.0.tar.gz 1409019 SHA256 f21db525b3c03a9bbd0a7ab6d0e4fbaf8902f238bf53b8bc4e04f834e4e7caa4 SHA512 4996a52cb912f2ad60a90f32420541f0636c03cc250c2c6687dc5594fe77d6629dc59c13dd2c52e09c9ff4eb39c6afbbb381204b6b5a7c8b27ac3c8b711dd2ad WHIRLPOOL 3ffa0874c1167101f002f4049e7a7b37d59fb2bb2fff931d05c66c783136eecad4f88a24fc889b14a5ce0e0bd7211f70c5d94ddbd368da38b669530c634bf9d5 diff --git a/net-vpn/openvpn/files/down.sh b/net-vpn/openvpn/files/down.sh new file mode 100644 index 000000000000..1c70db0ec653 --- /dev/null +++ b/net-vpn/openvpn/files/down.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberlord@gentoo.org) + +# If we have a service specific script, run this now +if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then + /etc/openvpn/"${SVCNAME}"-down.sh "$@" +fi + +# Restore resolv.conf to how it was +if [ "${PEER_DNS}" != "no" ]; then + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d "${dev}" + elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then + # Important that we copy instead of move incase resolv.conf is + # a symlink and not an actual file + cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf + rm -f /etc/resolv.conf-"${dev}".sv + fi +fi + +if [ -n "${SVCNAME}" ]; then + # Re-enter the init script to start any dependant services + if /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/"${SVCNAME}" --quiet stop + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-vpn/openvpn/files/openvpn-2.1.conf b/net-vpn/openvpn/files/openvpn-2.1.conf new file mode 100644 index 000000000000..72510c34aed3 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-2.1.conf @@ -0,0 +1,18 @@ +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to +# resolvconf) if given DNS information by the OpenVPN server. +# Set PEER_DNS="no" to stop this. +PEER_DNS="yes" + +# OpenVPN can run in many modes. Most people will want the init script +# to automatically detect the mode and try and apply a good default +# configuration and setup scripts. However, there are cases where the +# OpenVPN configuration looks like a client, but it's really a peer or +# something else. DETECT_CLIENT controls this behaviour. +DETECT_CLIENT="yes" + +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn +# init script (ie, it first becomes "inactive" and the script then starts the +# script again to make it "started") then you can state this below. +# In other words, unless you understand service dependencies and are a +# competent shell scripter, don't set this. +RE_ENTER="no" diff --git a/net-vpn/openvpn/files/openvpn-2.1.init b/net-vpn/openvpn/files/openvpn-2.1.init new file mode 100644 index 000000000000..b42aa13d20de --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-2.1.init @@ -0,0 +1,133 @@ +#!/sbin/openrc-run +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR=${VPNDIR:-/etc/openvpn} +VPN=${SVCNAME#*.} +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then + VPNPID="/var/run/openvpn.${VPN}.pid" +else + VPNPID="/var/run/openvpn.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" + +depend() { + need localmount net + use dns + after bootmisc +} + +checkconfig() { + # Linux has good dynamic tun/tap creation + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available" \ + "in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + return 0 + fi + + # Other OS's don't, so we rely on a pre-configured interface + # per vpn instance + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") + if [ -z ${ifname} ] ; then + eerror "You need to specify the interface that this openvpn" \ + "instance should use" \ + "by using the dev option in ${VPNCONF}" + return 1 + fi + + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + # Try and create it + echo > /dev/"${ifname}" >/dev/null + fi + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + eerror "${VPNCONF} requires interface ${ifname}" \ + "but that does not exist" + return 1 + fi +} + +start() { + # If we are re-called by the openvpn gentoo-up.sh script + # then we don't actually want to start openvpn + [ "${IN_BACKGROUND}" = "true" ] && return 0 + + ebegin "Starting ${SVCNAME}" + + checkconfig || return 1 + + local args="" reenter=${RE_ENTER:-no} + # If the config file does not specify the cd option, we do + # But if we specify it, we override the config option which we do not want + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then + args="${args} --cd ${VPNDIR}" + fi + + # We mark the service as inactive and then start it. + # When we get an authenticated packet from the peer then we run our script + # which configures our DNS if any and marks us as up. + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then + reenter="yes" + args="${args} --up-delay --up-restart" + args="${args} --script-security 2" + args="${args} --up /etc/openvpn/up.sh" + args="${args} --down-pre --down /etc/openvpn/down.sh" + + # Warn about setting scripts as we override them + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You have defined your own up/down scripts" + ewarn "As you're running as a client, we now force Gentoo specific" + ewarn "scripts to be run for up and down events." + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" + ewarn "where you can put your own code." + fi + + # Warn about the inability to change ip/route/dns information when + # dropping privs + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You are dropping root privileges!" + ewarn "As such openvpn may not be able to change ip, routing" + ewarn "or DNS configuration." + fi + else + # So we're a server. Run as openvpn unless otherwise specified + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" + fi + + # Ensure that our scripts get the PEER_DNS variable + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" + + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ + --setenv SVCNAME "${SVCNAME}" ${args} + eend $? "Check your logs to see why startup failed" +} + +stop() { + # If we are re-called by the openvpn gentoo-down.sh script + # then we don't actually want to stop openvpn + if [ "${IN_BACKGROUND}" = "true" ] ; then + mark_service_inactive "${SVCNAME}" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet \ + --exec /usr/sbin/openvpn --pidfile "${VPNPID}" + eend $? +} + +# vim: set ts=4 : diff --git a/net-vpn/openvpn/files/openvpn-2.4.0-fix-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.0-fix-libressl.patch new file mode 100644 index 000000000000..4c3aca5d5a92 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-2.4.0-fix-libressl.patch @@ -0,0 +1,21 @@ +diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c +index 8266595..a889332 100644 +--- a/src/openvpn/ssl_openssl.c ++++ b/src/openvpn/ssl_openssl.c +@@ -508,10 +508,13 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name + const EC_GROUP *ecgrp = NULL; + EVP_PKEY *pkey = NULL; + +- /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */ +- SSL ssl; +- ssl.cert = ctx->ctx->cert; +- pkey = SSL_get_privatekey(&ssl); ++ SSL *ssl = SSL_new(ctx->ctx); ++ if (!ssl) ++ { ++ crypto_msg(M_FATAL, "SSL_new failed"); ++ } ++ pkey = SSL_get_privatekey(ssl); ++ SSL_free(ssl); + + msg(D_TLS_DEBUG, "Extracting ECDH curve from private key"); diff --git a/net-vpn/openvpn/files/openvpn-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-external-cmocka.patch new file mode 100644 index 000000000000..eecc5076b4e8 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn-external-cmocka.patch @@ -0,0 +1,62 @@ +diff --git a/configure.ac b/configure.ac +index f4073d0..9afcc90 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1211,6 +1211,21 @@ if test "${enable_async_push}" = "yes"; then + ) + fi + ++AC_ARG_ENABLE( ++ [tests], ++ AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@]) ++) ++ ++if test "${enable_tests}" = "yes"; then ++ PKG_CHECK_MODULES([CMOCKA], [cmocka]) ++ TEST_CFLAGS="${CMOCKA_CFLAGS}" ++ TEST_LDFLAGS="${CMOCKA_LIBS}" ++ AC_SUBST([TEST_CFLAGS]) ++ AC_SUBST([TEST_LDFLAGS]) ++fi ++AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"]) ++AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) ++ + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" + AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) + +@@ -1257,28 +1272,6 @@ AC_SUBST([VENDOR_SRC_ROOT]) + AC_SUBST([VENDOR_BUILD_ROOT]) + AC_SUBST([VENDOR_DIST_ROOT]) + +-TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib" +-TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include" +- +-AC_SUBST([TEST_LDFLAGS]) +-AC_SUBST([TEST_CFLAGS]) +- +-# Check if cmake is available and cmocka git submodule is initialized, +-# needed for unit testing +-AC_CHECK_PROGS([CMAKE], [cmake]) +-if test -n "${CMAKE}"; then +- if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [true]) +- else +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) +- AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.]) +- fi +-else +- AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.]) +- AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) +-fi +- +- + AC_CONFIG_FILES([ + version.sh + Makefile +diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am +index 31d37b8..4b7fb41 100644 +--- a/tests/unit_tests/Makefile.am ++++ b/tests/unit_tests/Makefile.am +@@ -3 +3 @@ AUTOMAKE_OPTIONS = foreign +-if CMOCKA_INITIALIZED ++if ENABLE_TESTS diff --git a/net-vpn/openvpn/files/openvpn.tmpfile b/net-vpn/openvpn/files/openvpn.tmpfile new file mode 100644 index 000000000000..d5fca71a00a0 --- /dev/null +++ b/net-vpn/openvpn/files/openvpn.tmpfile @@ -0,0 +1 @@ +D /var/run/openvpn 0710 root openvpn - diff --git a/net-vpn/openvpn/files/up.sh b/net-vpn/openvpn/files/up.sh new file mode 100644 index 000000000000..6ce82d6113cd --- /dev/null +++ b/net-vpn/openvpn/files/up.sh @@ -0,0 +1,100 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberlord@gentoo.org) + +# Setup our resolv.conf +# Vitally important that we use the domain entry in resolv.conf so we +# can setup the nameservers are for the domain ONLY in resolvconf if +# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc. +# nscd/libc users will get the VPN nameservers before their other ones +# and will use the first one that responds - maybe the LAN ones? +# non resolvconf users just the the VPN resolv.conf + +# FIXME:- if we have >1 domain, then we have to use search :/ +# We need to add a flag to resolvconf to say +# "these nameservers should only be used for the listed search domains +# if other global nameservers are present on other interfaces" +# This however, will break compatibility with Debians resolvconf +# A possible workaround would be to just list multiple domain lines +# and try and let resolvconf handle it + +min_route() { + local n=1 + local m + local r + + eval m="\$route_metric_$n" + while [ -n "${m}" ]; do + if [ -z "$r" ] || [ "$r" -gt "$m" ]; then + r="$m" + fi + n="$(($n+1))" + eval m="\$route_metric_$n" + done + + echo "$r" +} + +if [ "${PEER_DNS}" != "no" ]; then + NS= + DOMAIN= + SEARCH= + i=1 + while true ; do + eval opt=\$foreign_option_${i} + [ -z "${opt}" ] && break + if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then + if [ -z "${DOMAIN}" ] ; then + DOMAIN="${opt#dhcp-option DOMAIN *}" + else + SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}" + fi + elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then + NS="${NS}nameserver ${opt#dhcp-option DNS *}\n" + fi + i=$((${i} + 1)) + done + + if [ -n "${NS}" ] ; then + DNS="# Generated by openvpn for interface ${dev}\n" + if [ -n "${SEARCH}" ] ; then + DNS="${DNS}search ${DOMAIN} ${SEARCH}\n" + elif [ -n "${DOMAIN}" ]; then + DNS="${DNS}domain ${DOMAIN}\n" + fi + DNS="${DNS}${NS}" + if [ -x /sbin/resolvconf ] ; then + metric="$(min_route)" + printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}} + else + # Preserve the existing resolv.conf + if [ -e /etc/resolv.conf ] ; then + cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv + fi + printf "${DNS}" > /etc/resolv.conf + chmod 644 /etc/resolv.conf + fi + fi +fi + +# Below section is Gentoo specific +# Quick summary - our init scripts are re-entrant and set the SVCNAME env var +# as we could have >1 openvpn service + +if [ -n "${SVCNAME}" ]; then + # If we have a service specific script, run this now + if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then + /etc/openvpn/"${SVCNAME}"-up.sh "$@" + fi + + # Re-enter the init script to start any dependant services + if ! /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/${SVCNAME} --quiet start + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-vpn/openvpn/metadata.xml b/net-vpn/openvpn/metadata.xml new file mode 100644 index 000000000000..d6c211a689c5 --- /dev/null +++ b/net-vpn/openvpn/metadata.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>mrueg@gentoo.org</email> + <name>Manuel Rüger</name> + </maintainer> + <maintainer type="person"> + <email>chutzpah@gentoo.org</email> + <name>Patrick McLean</name> + </maintainer> + <longdescription>OpenVPN is an easy-to-use, robust and highly +configurable VPN daemon which can be used to securely link two or more +networks using an encrypted tunnel.</longdescription> + <use> + <flag name="down-root">Enable the down-root plugin</flag> + <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag> + <flag name="lz4">Enable LZ4 support</flag> + <flag name="mbedtls">Use mbed TLS instead of OpenSSL</flag> + <flag name="polarssl">Use PolarSSL instead of OpenSSL</flag> + <flag name="pkcs11">Enable PKCS#11 smartcard support</flag> + <flag name="plugins">Enable the OpenVPN plugin system</flag> + <flag name="socks">Enable socks support</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:openvpn:openvpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/openvpn/openvpn-2.3.12.ebuild b/net-vpn/openvpn/openvpn-2.3.12.ebuild new file mode 100644 index 000000000000..a537ed2b3032 --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.3.12.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit multilib flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="examples down-root iproute2 libressl +lzo pam pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + polarssl? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root )" + +DEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !polarssl? ( + !libressl? ( >=dev-libs/openssl-0.9.7:* ) + libressl? ( dev-libs/libressl ) + ) + polarssl? ( >=net-libs/polarssl-1.3.8 ) + ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-openvpn ) +" + +CONFIG_CHECK="~TUN" + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + use static && LDFLAGS="${LDFLAGS} -Xcompiler -static" + local myconf + use polarssl && myconf="--with-crypto-library=polarssl" + econf \ + ${myconf} \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(use_enable ssl) \ + $(use_enable ssl crypto) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable socks) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable systemd) +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + einfo "" + einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities." + einfo "They can now be emerged via app-crypt/easy-rsa." +} diff --git a/net-vpn/openvpn/openvpn-2.3.14.ebuild b/net-vpn/openvpn/openvpn-2.3.14.ebuild new file mode 100644 index 000000000000..479a497b5f49 --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.3.14.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit multilib flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="examples down-root iproute2 libressl +lzo pam pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + polarssl? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root )" + +DEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !polarssl? ( + !libressl? ( >=dev-libs/openssl-0.9.7:* ) + libressl? ( dev-libs/libressl ) + ) + polarssl? ( >=net-libs/polarssl-1.3.8 ) + ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-openvpn ) +" + +CONFIG_CHECK="~TUN" + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + use static && LDFLAGS="${LDFLAGS} -Xcompiler -static" + local myconf + use polarssl && myconf="--with-crypto-library=polarssl" + econf \ + ${myconf} \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(use_enable ssl) \ + $(use_enable ssl crypto) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable socks) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable systemd) +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + einfo "" + einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities." + einfo "They can now be emerged via app-crypt/easy-rsa." +} diff --git a/net-vpn/openvpn/openvpn-2.4.0-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.0-r1.ebuild new file mode 100644 index 000000000000..74666528ab2b --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.4.0-r1.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz + test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins polarssl selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + lzo? ( !lz4 ) + pkcs11? ( ssl ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" + "${FILESDIR}/${PN}-2.4.0-fix-libressl.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf + + if use test; then + cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die + fi +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + econf \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(usex mbedtls '--with-crypto-library=mbedtls' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi +} diff --git a/net-vpn/openvpn/openvpn-2.4.0.ebuild b/net-vpn/openvpn/openvpn-2.4.0.ebuild new file mode 100644 index 000000000000..2e088f6891d6 --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.4.0.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz + test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins polarssl selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + lzo? ( !lz4 ) + pkcs11? ( ssl ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf + + if use test; then + cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die + fi +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + econf \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(usex mbedtls 'with-crypto-library' 'mbedtls' '' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi +} diff --git a/net-vpn/openvpn/openvpn-9999.ebuild b/net-vpn/openvpn/openvpn-9999.ebuild new file mode 100644 index 000000000000..398cf8fad2ad --- /dev/null +++ b/net-vpn/openvpn/openvpn-9999.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools flag-o-matic user systemd linux-info git-r3 + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" +EGIT_SUBMODULES=(-cmocka) +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="" + +IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" +IUSE+=" pkcs11 +plugins polarssl selinux +ssl static systemd test userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + lzo? ( !lz4 ) + pkcs11? ( ssl ) + mbedtls? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root ) + inotify? ( plugins )" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !mbedtls? ( + !libressl? ( >=dev-libs/openssl-0.9.8:* ) + libressl? ( dev-libs/libressl ) + ) + mbedtls? ( net-libs/mbedtls ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +DEPEND="${CDEPEND} + test? ( dev-util/cmocka )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-openvpn )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}/${PN}-external-cmocka.patch" +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + use static && append-ldflags -Xcompiler -static + econf \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(usex mbedtls 'with-crypto-library' 'mbedtls' '' '') \ + $(use_enable inotify async-push) \ + $(use_enable ssl crypto) \ + $(use_enable lz4) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable test tests) \ + $(use_enable systemd) +} + +src_test() { + make check || die "top-level tests failed" + pushd tests/unit_tests > /dev/null || die + make check || die "unit tests failed" + popd > /dev/null || die +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + ewarn "" + ewarn "You are using a live ebuild building from the sources of openvpn" + ewarn "repository from http://openvpn.git.sourceforge.net. For reporting" + ewarn "bugs please contact: openvpn-devel@lists.sourceforge.net." +} diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest new file mode 100644 index 000000000000..0f3a680efa4f --- /dev/null +++ b/net-vpn/peervpn/Manifest @@ -0,0 +1 @@ +DIST peervpn-0.044.tar.gz 81948 SHA256 9d2afc4b5b2b456dee386c80c5d37c32cd7c91d72c3a784d6d99f3d0f28d21d8 SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba WHIRLPOOL 7935a7826ec632d0b378099fccce6bf5cb08bc5a8d3ce5d3e102075bc81eed963386f823f42a67b175d7df393a7dd5c0136807f6a5b580371d96fdbee0723bd7 diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd new file mode 100644 index 000000000000..b02458ae16ca --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.initd @@ -0,0 +1,26 @@ +#!/sbin/openrc-run +# Copyright 2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="peervpn server" +pidfile=${pidfile:-"/run/${SVCNAME}/${SVCNAME}.pid"} +logfile=${logfile:-"/var/log/${SVCNAME}/${SVCNAME}.log"} +user=${SVCNAME} +group=${SVCNAME} + +command="/usr/sbin/${SVCNAME}" +command_args="${command_args:-/etc/peervpn/peervpn.conf}" +command_background="true" +# peervpn will drop privileges based on user and group config file settings +start_stop_daemon_args=" + --stdout ${logfile} + --stderr ${logfile}" + +depend() { + need net + after net +} + +start_pre() { + checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}" +} diff --git a/net-vpn/peervpn/files/peervpn.logrotated b/net-vpn/peervpn/files/peervpn.logrotated new file mode 100644 index 000000000000..e99669c91358 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.logrotated @@ -0,0 +1,7 @@ +/var/log/peervpn/peervpn.log { + missingok + size 5M + rotate 3 + compress + copytruncate +} diff --git a/net-vpn/peervpn/files/peervpn.service b/net-vpn/peervpn/files/peervpn.service new file mode 100644 index 000000000000..13c5310f517b --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.service @@ -0,0 +1,12 @@ +[Unit] +Description=peervpn server +Requires=network-online.target +After=network-online.target + +[Service] +Environment=PEERVPN_OPTS="/etc/peervpn/peervpn.conf" +ExecStart=/usr/sbin/peervpn $PEERVPN_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/peervpn/metadata.xml b/net-vpn/peervpn/metadata.xml new file mode 100644 index 000000000000..d4216eaa7140 --- /dev/null +++ b/net-vpn/peervpn/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zmedico@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="github">peervpn/peervpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/peervpn/peervpn-0.044-r2.ebuild b/net-vpn/peervpn/peervpn-0.044-r2.ebuild new file mode 100644 index 000000000000..47b338de404b --- /dev/null +++ b/net-vpn/peervpn/peervpn-0.044-r2.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs user + +DESCRIPTION="P2P mesh VPN" +HOMEPAGE="https://github.com/peervpn/peervpn" +EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc" +SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" +RDEPEND="dev-libs/openssl:0=" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${PN}-${EGIT_COMMIT} + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 -1 ${PN} +} + +src_prepare() { + default + sed -e 's|^CFLAGS+=-O2||' -i Makefile || die +} + +src_compile() { + emake CC=$(tc-getCC) || die +} + +src_install() { + dosbin ${PN} + + insinto /etc/${PN} + newins peervpn.conf peervpn.conf.example + fowners ${PN}:${PN} /etc/${PN} + fperms 0700 /etc/${PN} + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + systemd_dounit "${FILESDIR}/${PN}.service" + + keepdir /var/log/${PN} + insinto /etc/logrotate.d + newins "${FILESDIR}/${PN}.logrotated" "${PN}" +} diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest new file mode 100644 index 000000000000..a5dbdc5ac99f --- /dev/null +++ b/net-vpn/strongswan/Manifest @@ -0,0 +1,2 @@ +DIST strongswan-5.3.4.tar.bz2 4418300 SHA256 938ad1f7b612e039f1d32333f4865160be70f9fb3c207a31127d0168116459aa SHA512 2ab1c9a5d285c7f85b130a827b9525dd238a6d2b4c0c0e15a38a5e09dbb58228bfe4a6ab6c57ba6781f5d0d7f565cbb82e0ee2feac758c8033894c969acb8155 WHIRLPOOL f7ffbefd62cc8eb4325b38392dbf84ea17b5e27b0917f75a31517ee9e864820faf6b30de4beb28ff17fb88fa16d4f042f698e2304542d01cba3e2392f63bb26f +DIST strongswan-5.5.1.tar.bz2 4636854 SHA256 720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 SHA512 051352a941a02ae227f3a7d4ee9d6d5651daa0fb4d01b7086c3bb18815ea94f63b5f94f29e6ef46ef3360666f7c95936cbfde9393d6a0c677de64850056519b9 WHIRLPOOL 9a95a12964ba9c17b9e2e61800932e9b7d7fb6810680ffdee8f20f14fc2cc376bd27e103491a0911e7d127734e29d5a471f6fd5c68884ce95a829c797273b6bf diff --git a/net-vpn/strongswan/files/ipsec b/net-vpn/strongswan/files/ipsec new file mode 100644 index 000000000000..ac942a926366 --- /dev/null +++ b/net-vpn/strongswan/files/ipsec @@ -0,0 +1,34 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net + use logger +} + +start() { + ebegin "Starting ${IPSECD}" + ipsec start + eend $? +} + +stop() { + ebegin "Stopping ${IPSECD}" + ipsec stop + eend $? +} + +restart() { + ebegin "Restarting ${IPSECD}" + svc_stop + sleep 2 + svc_start + eend $? +} + +status() { + ebegin "${IPSECD} Status (verbose):" + ipsec statusall + eend $? +} diff --git a/net-vpn/strongswan/metadata.xml b/net-vpn/strongswan/metadata.xml new file mode 100644 index 000000000000..9e6793b9791f --- /dev/null +++ b/net-vpn/strongswan/metadata.xml @@ -0,0 +1,109 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>patrick@gentoo.org</email> + <name>Patrick Lauer</name> + </maintainer> + <maintainer type="person"> + <email>gurligebis@gentoo.org</email> + <name>Bjarke Istrup Pedersen</name> + </maintainer> + <longdescription lang="en"> + StrongSwan is direct descendant of the discontinued FreeS/WAN project. + As an IPsec based VPN solution which is focused on security and ease of + use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal + via UDP encapsulation (incl. port floating) and Dead Peer Detection. It + also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on + Smartcards and virtual IP address pools. + </longdescription> + <use> + <flag name="constraints"> + Enable advanced X.509 constraint checking plugin. + </flag> + <flag name="dhcp"> + Enable server support for querying virtual IP addresses for clients + from a DHCP server. (IKEv2 only) + </flag> + <flag name="eap"> + Enable support for the different EAP modules that is supported. + </flag> + <flag name="farp"> + Enable faking of ARP responses for virtual IP addresses assigned to + clients. (IKEv2 only) + </flag> + <flag name="gcrypt"> + Enable <pkg>dev-libs/libgcrypt</pkg> plugin which provides 3DES, AES, + Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with + MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and + 22-24(4.4+). Also includes a software random number generator. + </flag> + <flag name="non-root"> + Force IKEv1/IKEv2 daemons to normal user privileges. This might impose + some restrictions mainly to the IKEv1 daemon. Disable only if you really + require superuser privileges. + </flag> + <flag name="openssl"> + Enable <pkg>dev-libs/openssl</pkg> plugin which is required for Elliptic + Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, + AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, + MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and + 22-24(4.4+) + <pkg>dev-libs/openssl</pkg> has to be compiled with USE="-bindist". + </flag> + <flag name="pkcs11"> + Enable pkcs11 support. + </flag> + <flag name="strongswan_plugins_led"> + Enable support for the led plugin. + </flag> + <flag name="strongswan_plugins_lookip"> + Enable support for the lookip plugin. + </flag> + <flag name="strongswan_plugins_systime-fix"> + Enable support for the systime-fix plugin. + </flag> + <flag name="strongswan_plugins_unity"> + Enable support for the unity plugin. + </flag> + <flag name="strongswan_plugins_vici"> + Enable support for the vici plugin. + </flag> + <flag name="strongswan_plugins_blowfish"> + Enable support for the blowfish plugin. + </flag> + <flag name="strongswan_plugins_ccm"> + Enable support for the ccm plugin. + </flag> + <flag name="strongswan_plugins_ctr"> + Enable support for the ctr plugin. + </flag> + <flag name="strongswan_plugins_gcm"> + Enable support for the gcm plugin. + </flag> + <flag name="strongswan_plugins_ha"> + Enable support for the ha plugin. + </flag> + <flag name="strongswan_plugins_ipseckey"> + Enable support for the ipseckey plugin. + </flag> + <flag name="strongswan_plugins_ntru"> + Enable support for the ntru plugin. + </flag> + <flag name="strongswan_plugins_padlock"> + Enable support for the padlock plugin. + </flag> + <flag name="strongswan_plugins_rdrand"> + Enable support for the rdrand plugin. + </flag> + <flag name="strongswan_plugins_unbound"> + Enable support for the unbound plugin. + </flag> + <flag name="strongswan_plugins_whitelist"> + Enable support for the whitelist plugin. + </flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:strongswan:strongswan</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/strongswan/strongswan-5.3.4.ebuild b/net-vpn/strongswan/strongswan-5.3.4.ebuild new file mode 100644 index 000000000000..0007796d7ebb --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.3.4.ebuild @@ -0,0 +1,302 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="amd64 arm ppc ~ppc64 x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( virtual/mysql ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_prepare() { + epatch_user +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap xauth-eap) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + "$(systemd_with_unitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO || die + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/strongswan/strongswan-5.5.1.ebuild b/net-vpn/strongswan/strongswan-5.5.1.ebuild new file mode 100644 index 000000000000..0b27b2034d3a --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.5.1.ebuild @@ -0,0 +1,302 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-info systemd user + +DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite pam pkcs11" + +STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT="blowfish ccm ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="!net-misc/openswan + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:0 ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] ) + mysql? ( virtual/mysql ) + sqlite? ( >=dev-db/sqlite-3.3.1 ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound net-libs/ldns )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi + + if use non-root; then + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} + fi +} + +src_prepare() { + epatch_user +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap xauth-eap) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + "$(systemd_with_unitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO || die + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" + elog "but also a few to the IKEv2 daemon 'charon'." + elog + elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" + elog + elog "pluto uses a helper script by default to insert/remove routing and" + elog "policy rules upon connection start/stop which requires superuser" + elog "privileges. charon in contrast does this internally and can do so" + elog "even with reduced (user) privileges." + elog + elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" + elog "script to pluto or charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " http://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/tinc/Manifest b/net-vpn/tinc/Manifest new file mode 100644 index 000000000000..c760c97d47a8 --- /dev/null +++ b/net-vpn/tinc/Manifest @@ -0,0 +1,5 @@ +DIST tinc-1.0.29.tar.gz 493335 SHA256 0357017c6ffbbe1b2088c28fa684d2b119afa1086f363c503d06e8f6faa72a78 SHA512 230f3ff4c86d9ebed6e350f3ec92e931d83f94e6b9c4821bec745dddc2d33997e776bf3cd2a8b9e261b2f0b2df2ed8b5406bfa40bae08696304f650de9f34ef3 WHIRLPOOL 9825337a4622bd9461c027767e701b3934ef422beb10a06b801e005549b7b2ff944d4609591667efc994d14b002db937658209a8eb9f363a868373ebfdd0603e +DIST tinc-1.0.30.tar.gz 494699 SHA256 abc17e25afc1b9e74423c78fef586b11d503cbbbe5e4a2ed323870f4a82faa73 SHA512 2e98658eeb77ceaf2973f3b77cac0c31beecd1382dc6976461da55cf22e27469d30cf6b35d5b3ce489a1809f38e82635b24a86956d62ef34e28ec43b8d09d1e6 WHIRLPOOL bd37aa99b915e6075b0ec95589f11c3f63a6d6600b566c855735bda8312a0a7957224e4f11a6fb897308b540dd5a9ccd10a13d1d07d11a51200bbf833c823b5f +DIST tinc-1.0.31.tar.gz 494877 SHA256 d3cbc82e6e07975a2ccc0b369d07e30fc3324e71e240dca8781ce9a4f629519b SHA512 ac694d4ceec19bddebd3d5b9f37eb703a4701b93f65a7bbcdbc0b364f2a4f8b116c85748d06ec7821474de5c4d434caf5448109a0846e15c4a96adb92a0fc622 WHIRLPOOL aec84cd59ca80ca806171003447f946073c8f99fd872eaef1e7fea9d423cd4905d554964920be802e0862f5ab8de7d9d7094792c30403af8b62abca12286e2b1 +DIST tinc-1.1-upstream-patches-1.tar.xz 17316 SHA256 2358b51678381a76ccc283eb04f14ad1ec426bbf2703d73f566f94dc52d17a9c SHA512 db71787e2edbfa8ca6288818536a36ee8fa158b400639ca9650d2d17a66b3968ab36d088e6dcbbf9524f3322166254ad1aad87db78b00dc64e0dc2a49ea7b44f WHIRLPOOL ed28917111cd0553ef75048c2b48b0499559e5a6ace77f49efb7d6d15743ba0d426477eeed9364bea6fba6e434442cf17d71ffb224acdd7da3b49792ff59bc09 +DIST tinc-1.1pre14.tar.gz 696109 SHA256 e349e78f0e0d10899b8ab51c285bdb96c5ee322e847dfcf6ac9e21036286221f SHA512 dfc54a91fd40826b108e9cbae43da42462eb51bb7ad16ac040cb1b262b5510eb6884b1f1dbe0541a3b1631213f70cc678593d1ba51ebdf150c3f6968030b9291 WHIRLPOOL 63c8229c667e461ad20c118d233a2abfe598cc95698b8c83e5f8b598657ca298ea0cdc20432ab2d084fd4a06129a5884e91eb445f4c7204be3798d1fb4dec2f8 diff --git a/net-vpn/tinc/files/tinc-1.1-fix-paths.patch b/net-vpn/tinc/files/tinc-1.1-fix-paths.patch new file mode 100644 index 000000000000..519677dd5034 --- /dev/null +++ b/net-vpn/tinc/files/tinc-1.1-fix-paths.patch @@ -0,0 +1,44 @@ +diff -Naur tinc-1.1pre14.orig/src/names.c tinc-1.1pre14/src/names.c +--- tinc-1.1pre14.orig/src/names.c 2016-04-17 12:08:41.000000000 -0400 ++++ tinc-1.1pre14/src/names.c 2016-10-15 07:37:51.147064396 -0400 +@@ -86,36 +86,11 @@ + if(!pidfilename) + xasprintf(&pidfilename, "%s" SLASH "pid", confbase); + #else +- bool fallback = false; +- if(daemon) { +- if(access(LOCALSTATEDIR, R_OK | W_OK | X_OK)) +- fallback = true; +- } else { +- char fname[PATH_MAX]; +- snprintf(fname, sizeof fname, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname); +- if(access(fname, R_OK)) { +- snprintf(fname, sizeof fname, "%s" SLASH "pid", confbase); +- if(!access(fname, R_OK)) +- fallback = true; +- } +- } ++ if(!logfilename) ++ xasprintf(&logfilename, "/var/log" SLASH "%s.log", identname); + +- if(!fallback) { +- if(!logfilename) +- xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname); +- +- if(!pidfilename) +- xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname); +- } else { +- if(!logfilename) +- xasprintf(&logfilename, "%s" SLASH "log", confbase); +- +- if(!pidfilename) { +- if(daemon) +- logger(DEBUG_ALWAYS, LOG_WARNING, "Could not access " LOCALSTATEDIR SLASH " (%s), storing pid and socket files in %s" SLASH, strerror(errno), confbase); +- xasprintf(&pidfilename, "%s" SLASH "pid", confbase); +- } +- } ++ if(!pidfilename) ++ xasprintf(&pidfilename, "/run" SLASH "%s.pid", identname); + #endif + + if(!unixsocketname) { diff --git a/net-vpn/tinc/files/tinc.networks b/net-vpn/tinc/files/tinc.networks new file mode 100644 index 000000000000..e1844ce2ba24 --- /dev/null +++ b/net-vpn/tinc/files/tinc.networks @@ -0,0 +1,13 @@ +# file: /etc/conf.d/tinc.networks for /etc/init.d/tincd + +# In this file you define the tinc networks you want to connect to + +# USAGE: +# you add a network to the init script by defining: +# NETWORK: your_network_name +# +# if you want to connect to multiple VPN's just set them behind each other. e.g. +# NETWORK: foo +# NETWORK: bar +# +# this would join the network foo and the network bar. diff --git a/net-vpn/tinc/files/tincd-r1 b/net-vpn/tinc/files/tincd-r1 new file mode 100644 index 000000000000..ecfb24a6a64f --- /dev/null +++ b/net-vpn/tinc/files/tincd-r1 @@ -0,0 +1,78 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" + +NETS="/etc/conf.d/tinc.networks" +DAEMON="/usr/sbin/tincd" + +depend() { + use logger dns + need net +} + +checkconfig() { + if [ "${RC_SVCNAME}" = "tincd" ] ; then + ALL_NETNAME="$(awk '/^ *NETWORK:/ { print $2 }' "${NETS}")" + else + ALL_NETNAME="${RC_SVCNAME#*.}" + fi + # warn this if still not found + if [ -z "${ALL_NETNAME}" ] ; then + eerror "No VPN networks configured in ${NETS}" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + CONFIG="/etc/tinc/${NETNAME}/tinc.conf" + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ ! -f "${CONFIG}" ]; then + eerror "Cannot start network ${NETNAME}." + eerror "Please set up ${CONFIG} !" + else + ebegin "Starting tinc network ${NETNAME}" + if [ "${SYSLOG}" = "yes" ]; then + LOG="" + else + LOG="--logfile=/var/log/tinc.${NETNAME}.log" + fi + start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" --debug="${DEBUG_LEVEL}" ${EXTRA_OPTS} + eend $? + fi + done +} + +stop() { + ebegin "Stopping tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Stopping tinc network ${NETNAME}" + start-stop-daemon --stop --pidfile "${PIDFILE}" + eend $? + fi + done +} + +reload() { + ebegin "Reloading configuration for tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Reloading tinc network ${NETNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? + fi + done +} diff --git a/net-vpn/tinc/files/tincd-r2 b/net-vpn/tinc/files/tincd-r2 new file mode 100644 index 000000000000..55728bec2c78 --- /dev/null +++ b/net-vpn/tinc/files/tincd-r2 @@ -0,0 +1,78 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" + +NETS="/etc/conf.d/tinc.networks" +DAEMON="/usr/sbin/tincd" + +depend() { + use logger dns + need net +} + +checkconfig() { + if [ "${RC_SVCNAME}" = "tincd" ] ; then + ALL_NETNAME="$(awk '/^ *NETWORK:/ { print $2 }' "${NETS}")" + else + ALL_NETNAME="${RC_SVCNAME#*.}" + fi + # warn this if still not found + if [ -z "${ALL_NETNAME}" ] ; then + eerror "No VPN networks configured in ${NETS}" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + CONFIG="/etc/tinc/${NETNAME}/tinc.conf" + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ ! -f "${CONFIG}" ]; then + eerror "Cannot start network ${NETNAME}." + eerror "Please set up ${CONFIG} !" + else + ebegin "Starting tinc network ${NETNAME}" + if [ "${SYSLOG}" = "yes" ]; then + LOG="" + else + LOG="--logfile=/var/log/tinc.${NETNAME}.log" + fi + start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" --debug="${DEBUG_LEVEL}" ${EXTRA_OPTS} + eend $? + fi + done +} + +stop() { + ebegin "Stopping tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Stopping tinc network ${NETNAME}" + start-stop-daemon --stop --pidfile "${PIDFILE}" + eend $? + fi + done +} + +reload() { + ebegin "Reloading configuration for tinc VPN networks" + checkconfig || return 1 + for NETNAME in ${ALL_NETNAME} + do + PIDFILE="/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Reloading tinc network ${NETNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? + fi + done +} diff --git a/net-vpn/tinc/files/tincd.conf b/net-vpn/tinc/files/tincd.conf new file mode 100644 index 000000000000..cedca60c42ad --- /dev/null +++ b/net-vpn/tinc/files/tincd.conf @@ -0,0 +1,20 @@ +#rc_need="net.net" + +#If you want tincd to log to syslog, then set this to "yes" +#Anything else and tincd will log to /var/log/tinc.NETNAME.log. +SYSLOG="yes" + +#Set debug level, useful for error probe +# 0 Quiet mode, only show starting/stopping of the daemon +# 1 Show (dis)connects of other tinc daemons via TCP +# 2 Show error messages received from other hosts +# 2 Show status messages received from other hosts +# 3 Show the requests that are sent/received +# 4 Show contents of every request that is sent/received +# 5 Show network traffic information +# 6 Show contents of each packet that is being sent/received +# 10 You have been warned +DEBUG_LEVEL="0" + +#Extra Options, if you want addtional customization +EXTRA_OPTS="" diff --git a/net-vpn/tinc/files/tincd_at.service b/net-vpn/tinc/files/tincd_at.service new file mode 100644 index 000000000000..71f358a39d95 --- /dev/null +++ b/net-vpn/tinc/files/tincd_at.service @@ -0,0 +1,10 @@ +[Unit] +Description=Tinc daemon for network %i +After=network.target + +[Service] +ExecStart=/usr/sbin/tincd -D --pidfile /run/tinc.%i.pid -n %i +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tinc/metadata.xml b/net-vpn/tinc/metadata.xml new file mode 100644 index 000000000000..02dd537c6e68 --- /dev/null +++ b/net-vpn/tinc/metadata.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <maintainer type="person"> + <email>dlan@gentoo.org</email> + <name>Yixun Lan</name> + </maintainer> + <longdescription>tinc is an easy to configure VPN implementation.</longdescription> + <use> + <!-- + <flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag> + --> + <flag name="gui">Add GUI support, using <pkg>dev-python/wxpython</pkg></flag> + <flag name="uml"> Enable support for User Mode Linux Sockets</flag> + <flag name="vde"> Enable Virtual Distributed Ethernet (VDE) based networking</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/tinc/tinc-1.0.29.ebuild b/net-vpn/tinc/tinc-1.0.29.ebuild new file mode 100644 index 000000000000..3a34c96cb985 --- /dev/null +++ b/net-vpn/tinc/tinc-1.0.29.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +inherit systemd + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" +SRC_URI="http://www.tinc-vpn.org/packages/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="libressl +lzo uml vde +zlib" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-tunemu \ + $(use_enable lzo) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r1 tincd + systemd_newunit "${FILESDIR}"/tincd_at.service "tincd@.service" +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tinc/tinc-1.0.30.ebuild b/net-vpn/tinc/tinc-1.0.30.ebuild new file mode 100644 index 000000000000..3a34c96cb985 --- /dev/null +++ b/net-vpn/tinc/tinc-1.0.30.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +inherit systemd + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" +SRC_URI="http://www.tinc-vpn.org/packages/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="libressl +lzo uml vde +zlib" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-tunemu \ + $(use_enable lzo) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r1 tincd + systemd_newunit "${FILESDIR}"/tincd_at.service "tincd@.service" +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tinc/tinc-1.0.31.ebuild b/net-vpn/tinc/tinc-1.0.31.ebuild new file mode 100644 index 000000000000..c8adaa0c7d3e --- /dev/null +++ b/net-vpn/tinc/tinc-1.0.31.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +inherit systemd + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" +SRC_URI="http://www.tinc-vpn.org/packages/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="libressl +lzo uml vde +zlib" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + lzo? ( dev-libs/lzo:2 ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde )" + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-tunemu \ + $(use_enable lzo) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r1 tincd + systemd_newunit "${FILESDIR}"/tincd_at.service "tincd@.service" +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/tinc/tinc-1.1_pre14-r3.ebuild b/net-vpn/tinc/tinc-1.1_pre14-r3.ebuild new file mode 100644 index 000000000000..ccc843d8305a --- /dev/null +++ b/net-vpn/tinc/tinc-1.1_pre14-r3.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +MY_PV=${PV/_/} +MY_P=${PN}-${MY_PV} + +PYTHON_COMPAT=( python2_7 ) +inherit eutils multilib python-any-r1 + +DESCRIPTION="tinc is an easy to configure VPN implementation" +HOMEPAGE="http://www.tinc-vpn.org/" + +UPSTREAM_VER=1 + +[[ -n ${UPSTREAM_VER} ]] && \ + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-1.1-upstream-patches-${UPSTREAM_VER}.tar.xz" + +SRC_URI="http://www.tinc-vpn.org/packages/${MY_P}.tar.gz + ${UPSTREAM_PATCHSET_URI}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="+lzo +ncurses gui libressl +readline +ssl uml vde upnp +zlib" + +DEPEND=" + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + lzo? ( dev-libs/lzo:2 ) + ncurses? ( sys-libs/ncurses:= ) + readline? ( sys-libs/readline:= ) + upnp? ( net-libs/miniupnpc ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + vde? ( net-misc/vde ) + ${PYTHON_DEPS} + gui? ( $(python_gen_any_dep ' + dev-python/wxpython[${PYTHON_USEDEP}] + ') )" + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + # Upstream's patchset + if [[ -n ${UPSTREAM_VER} ]]; then + einfo "Try to apply Tinc Upstream patch set" + EPATCH_SUFFIX="patch" \ + EPATCH_FORCE="yes" \ + EPATCH_OPTS="-p1" \ + epatch "${WORKDIR}"/patches-upstream + fi + + eapply "${FILESDIR}"/tinc-1.1-fix-paths.patch #560528 + eapply_user +} + +src_configure() { + econf \ + --enable-jumbograms \ + --disable-silent-rules \ + --enable-legacy-protocol \ + --disable-tunemu \ + --with-systemd=/usr/$(get_libdir)/systemd/system \ + $(use_enable lzo) \ + $(use_enable ncurses curses) \ + $(use_enable readline) \ + $(use_enable uml) \ + $(use_enable vde) \ + $(use_enable zlib) \ + $(use_enable upnp miniupnpc) \ + $(use_with ssl openssl) + #--without-libgcrypt \ +} + +src_install() { + emake DESTDIR="${D}" install + dodir /etc/tinc + dodoc AUTHORS NEWS README THANKS + doconfd "${FILESDIR}"/tinc.networks + newconfd "${FILESDIR}"/tincd.conf tincd + newinitd "${FILESDIR}"/tincd-r2 tincd + + if use gui; then + python_fix_shebang "${ED}"/usr/bin/tinc-gui + else + rm -f "${ED}"/usr/bin/tinc-gui || die + fi +} + +pkg_postinst() { + elog "This package requires the tun/tap kernel device." + elog "Look at http://www.tinc-vpn.org/ for how to configure tinc" +} diff --git a/net-vpn/vpnc/Manifest b/net-vpn/vpnc/Manifest new file mode 100644 index 000000000000..36e1f433dacd --- /dev/null +++ b/net-vpn/vpnc/Manifest @@ -0,0 +1 @@ +DIST vpnc-0.5.3_p550.tar.xz 101860 SHA256 5d7582eb3d7ead3cb0732a404ce10f471a65c48d0bb4cb2dd5c525273bf0f4b5 SHA512 95150c743c61a962c36591bb874c77f2c28f341c0a1290dba4e878a460d22d762dd88f7cfc0aa9d17ace71a8b826d9fd13554c23b5123dee6009e9fffcd2de55 WHIRLPOOL 8194e0dcf2c0bd1910b4b110dd475024d5cc351d86dec58b33811c37f9bcbc2702c4fede861a6318c54dfb7d19ff2d2265da86d573181a02f433e131184b9bd3 diff --git a/net-vpn/vpnc/files/vpnc-3.init b/net-vpn/vpnc/files/vpnc-3.init new file mode 100644 index 000000000000..f76538f1630e --- /dev/null +++ b/net-vpn/vpnc/files/vpnc-3.init @@ -0,0 +1,102 @@ +#!/sbin/openrc-run + +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR="/etc/vpnc" +VPN="${SVCNAME#*.}" +if [ -n ${VPN} ] && [ ${SVCNAME} != "vpnc" ]; then + mkdir -p /var/run/vpnc + VPNPID="/var/run/vpnc/${VPN}.pid" +else + VPNPID="/var/run/vpnc.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" +VPNSCRIPTDIR="${VPNDIR}/scripts.d" +PREUPSCRIPT="${VPNSCRIPTDIR}/${VPN}-preup.sh" +PREDOWNSCRIPT="${VPNSCRIPTDIR}/${VPN}-predown.sh" +POSTUPSCRIPT="${VPNSCRIPTDIR}/${VPN}-postup.sh" +POSTDOWNSCRIPT="${VPNSCRIPTDIR}/${VPN}-postdown.sh" +# We should source this file to avoid problems when init script +# name differs from the default name +. /etc/conf.d/vpnc + +depend() { + need net + before netmount +} + +checktundevice() { + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi +} + +screenoutput() { + if [ "${VPNCOUTPUT}" = "yes" ]; then + export SCREEN_OUTPUT="/dev/stdout" + else + export SCREEN_OUTPUT="/dev/null" + fi +} + +start() { + ebegin "Starting VPNC: ${VPN}" + + checktundevice || return 1 + screenoutput + + if [ ! -e "${VPNCONF}" ]; then + eend 1 "${VPNCONF} does not exist" + return 1 + fi + + local args="" + + if [ -x "${PREUPSCRIPT}" ] ; then + "${PREUPSCRIPT}" > ${SCREEN_OUTPUT} + fi + + start-stop-daemon --start --pidfile "${VPNPID}" --exec /usr/sbin/vpnc \ + -- --pid-file "${VPNPID}" "${VPNCONF}" > ${SCREEN_OUTPUT} + local retval=$? + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + if [ -x "${POSTUPSCRIPT}" ] ; then + "${POSTUPSCRIPT}" > ${SCREEN_OUTPUT} + fi + eend $? +} + +stop() { + ebegin "Stopping VPNC: ${VPN}" + screenoutput + if [ -x "${PREDOWNSCRIPT}" ] ; then + "${PREDOWNSCRIPT}" > ${SCREEN_OUTPUT} + fi + + start-stop-daemon --stop --pidfile "${VPNPID}" + local retval=$? + if [ ! ${retval} -eq 0 ]; then + eend ${retval} + return ${retval} + fi + + + if [ -x "${POSTDOWNSCRIPT}" ] ; then + "${POSTDOWNSCRIPT}" > ${SCREEN_OUTPUT} + fi + eend $? +} diff --git a/net-vpn/vpnc/files/vpnc-tmpfiles.conf b/net-vpn/vpnc/files/vpnc-tmpfiles.conf new file mode 100644 index 000000000000..67224ac3ef2d --- /dev/null +++ b/net-vpn/vpnc/files/vpnc-tmpfiles.conf @@ -0,0 +1 @@ +D /run/vpnc 0755 root root - diff --git a/net-vpn/vpnc/files/vpnc.confd b/net-vpn/vpnc/files/vpnc.confd new file mode 100644 index 000000000000..62789bd407ec --- /dev/null +++ b/net-vpn/vpnc/files/vpnc.confd @@ -0,0 +1,4 @@ +# If you wish to see the output made by vpnc, for example the password +# prompt, set this variable to yes + +VPNCOUTPUT="no" diff --git a/net-vpn/vpnc/files/vpnc.service b/net-vpn/vpnc/files/vpnc.service new file mode 100644 index 000000000000..ce1e3683f4ec --- /dev/null +++ b/net-vpn/vpnc/files/vpnc.service @@ -0,0 +1,20 @@ +[Unit] +Description=Free Cisco VPN connection to %i +Documentation=man:vpnc(8) http://www.unix-ag.uni-kl.de/~massar/vpnc/ +Requires=network.target +After=network.target +ConditionPathExists=/dev/net/tun + +[Service] +Type=forking +EnvironmentFile=/etc/vpnc/%i.conf +PIDFile=/run/vpnc/%i.pid + +ExecStartPre=-/etc/vpnc/scripts.d/%i-preup.sh +ExecStart=/usr/sbin/vpnc --pid-file /run/vpnc/%i.pid +ExecStartPost=-/etc/vpnc/scripts.d/%i-postup.sh + +ExecStopPost=-/etc/vpnc/scripts.d/%i-postdown.sh + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/vpnc/metadata.xml b/net-vpn/vpnc/metadata.xml new file mode 100644 index 000000000000..2bec55dcc3ff --- /dev/null +++ b/net-vpn/vpnc/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>lorand.jakab@schweiz.ch</email> + <name>Lorand Jakab</name> + </maintainer> + <maintainer type="person"> + <email>mmokrejs@gmail.com</email> + <name>Martin Mokrejs</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="resolvconf">Enable support for DNS managing framework <pkg>net-dns/openresolv</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild new file mode 100644 index 000000000000..7b4fb313fd26 --- /dev/null +++ b/net-vpn/vpnc/vpnc-0.5.3_p550.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils linux-info systemd toolchain-funcs + +DESCRIPTION="Free client for Cisco VPN routing software" +HOMEPAGE="http://www.unix-ag.uni-kl.de/~massar/vpnc/" +SRC_URI="https://dev.gentoo.org/~jlec/distfiles/${P}.tar.xz" + +LICENSE="GPL-2 BSD" +SLOT="0" +KEYWORDS="amd64 arm ppc ppc64 sparc x86" +IUSE="resolvconf +gnutls selinux" + +DEPEND=" + dev-lang/perl + dev-libs/libgcrypt:0= + >=sys-apps/iproute2-2.6.19.20061214[-minimal] + gnutls? ( net-libs/gnutls ) + !gnutls? ( dev-libs/openssl:0= )" +RDEPEND="${DEPEND} + resolvconf? ( net-dns/openresolv ) + selinux? ( sec-policy/selinux-vpn ) +" + +RESTRICT="!gnutls? ( bindist )" + +CONFIG_CHECK="~TUN" + +src_prepare() { + if use gnutls; then + elog "Will build with GnuTLS (default) instead of OpenSSL so you may even redistribute binaries." + elog "See the Makefile itself and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440318" + else + sed -i -e '/^#OPENSSL_GPL_VIOLATION/s:#::g' "${S}"/Makefile || die + ewarn "Building SSL support with OpenSSL instead of GnuTLS. This means that" + ewarn "you are not allowed to re-distibute the binaries due to conflicts between BSD license and GPL," + ewarn "see the vpnc Makefile and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440318" + fi + + sed -e 's:test/cert0.pem::g' -i Makefile || die + + tc-export CC + + sed \ + -e 's:/var/run:/run:g' \ + -i ChangeLog config.c TODO || die +} + +src_install() { + emake PREFIX="/usr" DESTDIR="${D}" install + dodoc README TODO VERSION + keepdir /etc/vpnc/scripts.d + newinitd "${FILESDIR}/vpnc-3.init" vpnc + newconfd "${FILESDIR}/vpnc.confd" vpnc + sed -e "s:/usr/local:/usr:" -i "${ED}"/etc/vpnc/vpnc-script || die + + systemd_dotmpfilesd "${FILESDIR}"/vpnc-tmpfiles.conf + systemd_newunit "${FILESDIR}"/vpnc.service vpnc@.service + + # COPYING file resides here, should not be installed + rm -rf "${ED}"/usr/share/doc/vpnc/ || die +} + +pkg_postinst() { + elog "You can generate a configuration file from the original Cisco profiles of your" + elog "connection by using /usr/bin/pcf2vpnc to convert the .pcf file" + elog "A guide is available at https://wiki.gentoo.org/wiki/Vpnc" +} diff --git a/net-vpn/vpncwatch/Manifest b/net-vpn/vpncwatch/Manifest new file mode 100644 index 000000000000..b9db5ef429b6 --- /dev/null +++ b/net-vpn/vpncwatch/Manifest @@ -0,0 +1,2 @@ +DIST vpncwatch-1.8.1.tar.gz 17420 SHA256 fb69cfc17abacc1c1ccb56f42ebdf5fafe20f7971eb917a90863daed69b72562 SHA512 f5f5f68e2644ee3748a811505025155e77a7d3e345ddfc2f847674aa5d7e9e8be86d10708aeefc521ac747744e4f7edc3853ff230022aee7b098e8d0a35db5c2 WHIRLPOOL 3e5edd96d791aeb57a8ac96542fe200acd6d4d0fcff33b9576636bbccab957e5f168cd27fe52a61afce8cc5a55b940e22471243023d78e1e6c637883f31fc0ac +DIST vpncwatch-1.8.tar.gz 16356 SHA256 bc5ea19ef4020ed7ecdff3a7c4bdf981590c1a7c62e1c92170e8360782a89626 SHA512 33771af327995be170e98169e4f5594a8298a613b865f1fb3157b0bccb8218e81a4bb26c7d9783d2f7d0963dafa04d21100889c5c710166b4a1e1487f945dceb WHIRLPOOL de524723042357674520c68034c9ecaadbfac94b299c42401565ea284bbc5f794bdd38f2c5a9bda1ed5ed1102febbf191ff325f3ec6b18103612ca67846c6014 diff --git a/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch b/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch new file mode 100644 index 000000000000..cab556c95352 --- /dev/null +++ b/net-vpn/vpncwatch/files/vpncwatch-1.8-Makefile.patch @@ -0,0 +1,23 @@ + Makefile | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 901e0ae..599499a 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,13 +10,13 @@ OBJS = vpncwatch.o proc.o net.o + DISTFILES = AUTHORS COPYING README Makefile $(SRCS) $(HDRS) vpnc-watch.py + + CC ?= gcc +-CFLAGS = -D_GNU_SOURCE -O2 -Wall -Werror ++CFLAGS += -D_GNU_SOURCE -Wall + + # Update version in vpncwatch.h as well + TAG = vpncwatch-1.8 + + vpncwatch: $(OBJS) +- $(CC) $(CFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) + + .c.o: + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch b/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch new file mode 100644 index 000000000000..1f982ee76a3f --- /dev/null +++ b/net-vpn/vpncwatch/files/vpncwatch-1.8.1-Makefile.patch @@ -0,0 +1,23 @@ + Makefile | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 901e0ae..599499a 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,13 +10,13 @@ OBJS = vpncwatch.o proc.o net.o + DISTFILES = AUTHORS COPYING README Makefile $(SRCS) $(HDRS) vpnc-watch.py + + CC ?= gcc +-CFLAGS = -D_GNU_SOURCE -O2 -Wall -Werror ++CFLAGS += -D_GNU_SOURCE -Wall + + # Update version in vpncwatch.h as well + TAG = vpncwatch-1.8.1 + + vpncwatch: $(OBJS) +- $(CC) $(CFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) + + .c.o: + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/net-vpn/vpncwatch/metadata.xml b/net-vpn/vpncwatch/metadata.xml new file mode 100644 index 000000000000..f126bf28f5b5 --- /dev/null +++ b/net-vpn/vpncwatch/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>jlec@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="github">downloads/dcantrell</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild b/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild new file mode 100644 index 000000000000..fc293fa8e4e3 --- /dev/null +++ b/net-vpn/vpncwatch/vpncwatch-1.8.1.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils toolchain-funcs + +DESCRIPTION="Keepalive daemon for vpnc on Linux systems" +HOMEPAGE="https://github.com/dcantrell/vpncwatch/" +SRC_URI="https://github.com/downloads/dcantrell/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +RDEPEND="net-vpn/vpnc" + +src_prepare() { + epatch \ + "${FILESDIR}/${P}-Makefile.patch" + tc-export CC +} + +src_install() { + dobin ${PN} + dodoc README ChangeLog AUTHORS +} diff --git a/net-vpn/vpncwatch/vpncwatch-1.8.ebuild b/net-vpn/vpncwatch/vpncwatch-1.8.ebuild new file mode 100644 index 000000000000..d758a74b4f85 --- /dev/null +++ b/net-vpn/vpncwatch/vpncwatch-1.8.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="A keepalive daemon for vpnc on Linux systems" +HOMEPAGE="https://github.com/dcantrell/vpncwatch/" +SRC_URI="https://github.com/downloads/dcantrell/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +RDEPEND="net-vpn/vpnc" + +src_prepare() { + epatch \ + "${FILESDIR}/${P}-Makefile.patch" + tc-export CC +} + +src_install() { + dobin ${PN} + dodoc README ChangeLog AUTHORS +} diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest new file mode 100644 index 000000000000..726997c48e06 --- /dev/null +++ b/net-vpn/wireguard/Manifest @@ -0,0 +1 @@ +DIST WireGuard-0.0.20170223.tar.xz 132064 SHA256 6d2c8cd29c4f9fb404546a4749ec050739a26b4a49b5864f1dec531377c3c50d SHA512 273ef6463d447cb04b608a0379cce5c0ed4065f988b3f449995593592b42f2fc269fc249a8e3c22c28bfa682430ee20b5b7a46a96803c9c67d1b6fed7b800455 WHIRLPOOL b08e38f791bd7c60b004b3524f411801139be09f9c091c1aead9289f430594c5cd5c80bcc8da69649b9f5ba8efc83228a42e7f54ade3dc3a312fb58175e31743 diff --git a/net-vpn/wireguard/files/wireguard-openrc.sh b/net-vpn/wireguard/files/wireguard-openrc.sh new file mode 100644 index 000000000000..9c53ef0ffa72 --- /dev/null +++ b/net-vpn/wireguard/files/wireguard-openrc.sh @@ -0,0 +1,45 @@ +# Copyright (c) 2016 Gentoo Foundation +# All rights reserved. Released under the 2-clause BSD license. + +wireguard_depend() +{ + program /usr/bin/wg + after interface + before dhcp +} + +wireguard_pre_start() +{ + [[ $IFACE == wg* ]] || return 0 + ip link delete dev "$IFACE" type wireguard 2>/dev/null + ebegin "Creating WireGuard interface $IFACE" + if ! ip link add dev "$IFACE" type wireguard; then + eend $? + return $? + fi + eend 0 + + ebegin "Configuring WireGuard interface $IFACE" + set -- $(_get_array "wireguard_$IFVAR") + if [[ -f $1 && $# -eq 1 ]]; then + /usr/bin/wg setconf "$IFACE" "$1" + else + eval /usr/bin/wg set "$IFACE" "$@" + fi + if [ $? -eq 0 ]; then + _up + eend 0 + return + fi + e=$? + ip link delete dev "$IFACE" type wireguard 2>/dev/null + eend $e +} + +wireguard_post_stop() +{ + [[ $IFACE == wg* ]] || return 0 + ebegin "Removing WireGuard interface $IFACE" + ip link delete dev "$IFACE" type wireguard + eend $? +} diff --git a/net-vpn/wireguard/metadata.xml b/net-vpn/wireguard/metadata.xml new file mode 100644 index 000000000000..d5c30b1930c0 --- /dev/null +++ b/net-vpn/wireguard/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zx2c4@gentoo.org</email> + <name>Jason A. Donenfeld</name> + </maintainer> + <use> + <flag name="tools">Compile the wg(8) tool and related helpers. You probably want this enabled.</flag> + <flag name="module">Compile the actual WireGuard kernel module. Most certainly you want this enabled, unless you're doing something strange.</flag> + <flag name="module-src">Install the module source code to /usr/src, in case you like building kernel modules yourself.</flag> + <flag name="debug">Enable verbose debug reporting in dmesg of various WireGuard peer and device information.</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/wireguard/wireguard-0.0.20170223.ebuild b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild new file mode 100644 index 000000000000..e19eabcaa9ce --- /dev/null +++ b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.io/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(net:src)" +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES" +WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto." +WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert." + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1" + fi +} + +src_compile() { + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + ewarn + ewarn "This software is experimental and has not yet been released." + ewarn "As such, it may contain significant issues. Please do not file" + ewarn "bug reports with Gentoo, but rather direct them upstream to:" + ewarn + ewarn " team@wireguard.io security@wireguard.io" + ewarn + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/" + einfo + fi +} diff --git a/net-vpn/wireguard/wireguard-9999.ebuild b/net-vpn/wireguard/wireguard-9999.ebuild new file mode 100644 index 000000000000..e19eabcaa9ce --- /dev/null +++ b/net-vpn/wireguard/wireguard-9999.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-mod bash-completion-r1 + +DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography." +HOMEPAGE="https://www.wireguard.io/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.zx2c4.com/WireGuard" + KEYWORDS="" +else + SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz" + S="${WORKDIR}/WireGuard-${PV}" + KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug +module +tools module-src" + +DEPEND="tools? ( net-libs/libmnl )" +RDEPEND="${DEPEND}" + +MODULE_NAMES="wireguard(net:src)" +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" +BUILD_TARGETS="module" +CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES" +WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto." +WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert." + +pkg_setup() { + if use module; then + linux-mod_pkg_setup + kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1" + fi +} + +src_compile() { + use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" + use module && linux-mod_src_compile + use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools +} + +src_install() { + use module && linux-mod_src_install + if use tools; then + dodoc README.md + dodoc -r contrib/examples + emake \ + WITH_BASHCOMPLETION=yes \ + WITH_SYSTEMDUNITS=yes \ + WITH_WGQUICK=yes \ + DESTDIR="${D}" \ + BASHCOMPDIR="$(get_bashcompdir)" \ + PREFIX="${EPREFIX}/usr" \ + -C src/tools install + insinto /$(get_libdir)/netifrc/net + newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh + fi + use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install +} + +pkg_postinst() { + if use module-src && ! use module; then + einfo + einfo "You have enabled the module-src USE flag without the module USE" + einfo "flag. This means that sources are installed to" + einfo "${ROOT}usr/src/wireguard instead of having the" + einfo "kernel module compiled. You will need to compile the module" + einfo "yourself. Most likely, you don't want this USE flag, and should" + einfo "rather use USE=module" + einfo + fi + use module && linux-mod_pkg_postinst + + ewarn + ewarn "This software is experimental and has not yet been released." + ewarn "As such, it may contain significant issues. Please do not file" + ewarn "bug reports with Gentoo, but rather direct them upstream to:" + ewarn + ewarn " team@wireguard.io security@wireguard.io" + ewarn + + if use tools; then + einfo + einfo "After installing WireGuard, if you'd like to try sending some packets through" + einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh" + einfo "test example script:" + einfo + einfo " \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -" + einfo + einfo "This will automatically setup interface wg0, through a very insecure transport" + einfo "that is only suitable for demonstration purposes. You can then try loading the" + einfo "hidden website or sending pings:" + einfo + einfo " \$ chromium http://192.168.4.1" + einfo " \$ ping 192.168.4.1" + einfo + einfo "If you'd like to redirect your internet traffic, you can run it with the" + einfo "\"default-route\" argument. You may not use this server for any abusive or illegal" + einfo "purposes. It is for quick testing only." + einfo + einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/" + einfo + fi +} |