strongswan ebuild with networkmanager plugin ebuild

git-svn-id: http://piczu-overlay.googlecode.com/svn/trunk@73 0805d722-a2c2-11dd-9b86-41075523de00

5 files changed, 208 insertions, 0 deletions

diff --git a/net-misc/networkmanager-strongswan/Manifest b/net-misc/networkmanager-strongswan/Manifest
new file mode 100644
index 0000000..6bccd45
--- /dev/null
+++ b/net-misc/networkmanager-strongswan/Manifest
@@ -0,0 +1,2 @@
+DIST NetworkManager-strongswan-1.1.2.tar.bz2 261081 RMD160 ba24dab25c26d435bebaa9f187868c91b9e6aaeb SHA1 53fb53805444d4bb97de6f5de327e2bac93fc71a SHA256 c18c96ea463ac8aeb21759a6b29a94150f6cd30cf6a967e4d0c30ce214238c93
+EBUILD networkmanager-strongswan-1.1.2.ebuild 911 RMD160 82368d2ab6f6f86b10b664d082df38559f26561a SHA1 f5e3b14984f227d632ba6860793e2187ed77af7b SHA256 c5db029e5a0172ff872bfccc1099f1a065f17b556ce46151caf34c6d30dcbf35
diff --git a/net-misc/networkmanager-strongswan/networkmanager-strongswan-1.1.2.ebuild b/net-misc/networkmanager-strongswan/networkmanager-strongswan-1.1.2.ebuild
new file mode 100644
index 0000000..d761d48
--- /dev/null
+++ b/net-misc/networkmanager-strongswan/networkmanager-strongswan-1.1.2.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=2
+inherit eutils versionator
+
+# NetworkManager likes itself with capital letters
+MY_P=${P/networkmanager/NetworkManager}
+MYPV_MINOR=$(get_version_component_range 1-2)
+
+DESCRIPTION="NetworkManager StrongSwan plugin."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/NetworkManager/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~arm ~amd64 ~ppc ~x86"
+IUSE=""
+
+RDEPEND="
+	>=net-misc/networkmanager-0.7
+	>=net-misc/strongswan-4.3.3[networkmanager]"
+
+DEPEND="${RDEPEND}
+	dev-util/intltool
+	dev-util/pkgconfig"
+
+S=${WORKDIR}/${MY_P}
+
+src_configure() {
+	ECONF="--disable-more-warnings \
+	       --with-charon=/usr/libexec/ipsec/charon"
+
+	econf ${ECONF}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc NEWS || die "dodoc failed"
+}
diff --git a/net-misc/strongswan/Manifest b/net-misc/strongswan/Manifest
new file mode 100644
index 0000000..86631c1
--- /dev/null
+++ b/net-misc/strongswan/Manifest
@@ -0,0 +1,3 @@
+AUX ipsec 445 RMD160 9240cf2699984634fae9b0f45c813742fd05e047 SHA1 efcc1bedfbeae8a5b85f85e4926472edbca37be0 SHA256 5ba492de6d612d7def1cb7ceacadf8397e50f8433b91c4f2f09bf216eed34da6
+DIST strongswan-4.3.6.tar.bz2 2831944 RMD160 9cef4ba83e19c17693d09a512e91cdadee1e3beb SHA1 f38c237047f9d81d1af6277eb27f94101188d3bb SHA256 39a311c62f4f2474faf239c0edf6518a14a953b9c2092bbfa473cd34dcb8f5e7
+EBUILD strongswan-4.3.6-r1.ebuild 3810 RMD160 0b506c9b6070bf159353dc4c43643ac6d1f68f27 SHA1 4a737125083d3087a1d07f25e86621b5822ca8b6 SHA256 9439dc98481b36d225c67bed74d53791afb5f3ec8e38118876342edcd3b2c7a1
diff --git a/net-misc/strongswan/files/ipsec b/net-misc/strongswan/files/ipsec
new file mode 100644
index 0000000..42cde4f
--- /dev/null
+++ b/net-misc/strongswan/files/ipsec
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need logger net
+}
+
+start() {
+	ebegin "Starting ${IPSECD}"
+	ipsec start
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${IPSECD}"
+	ipsec stop
+	eend $?
+}
+
+restart() {
+	ebegin "Restarting ${IPSECD}"
+	svc_stop
+	sleep 2
+	svc_start
+	eend $?
+}
+
+status() {
+	ebegin "${IPSECD} Status (verbose):"
+	ipsec statusall
+	eend $?
+}
diff --git a/net-misc/strongswan/strongswan-4.3.6-r1.ebuild b/net-misc/strongswan/strongswan-4.3.6-r1.ebuild
new file mode 100644
index 0000000..0d44531
--- /dev/null
+++ b/net-misc/strongswan/strongswan-4.3.6-r1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.6.ebuild,v 1.2 2010/02/27 22:43:10 ulm Exp $
+
+EAPI=2
+inherit eutils linux-info
+
+UGID="ipsec"
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"
+SLOT="0"
+KEYWORDS="~ppc ~sparc ~x86 ~amd64"
+IUSE="caps cisco curl debug ldap nat networkmanager smartcard static xml"
+
+COMMON_DEPEND="!net-misc/openswan
+	dev-libs/gmp
+	dev-libs/libgcrypt
+	caps? ( sys-libs/libcap )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	smartcard? ( dev-libs/opensc )
+	xml? ( dev-libs/libxml2 )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	sys-kernel/linux-headers"
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+#src_prepare() {
+#	epatch "${FILESDIR}"/${PN}-4.3.3-install.patch
+#	eautoreconf
+#}
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	elog "Linux kernel is version ${KV_FULL}"
+
+	if kernel_is 2 6; then
+		elog "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+	else
+		eerror "Sorry, no support for your kernel version ${KV_FULL}."
+		die "Install an IPsec enabled 2.6 kernel."
+	fi
+
+	if use caps; then
+		# change to an unprivileged user if libcaps support is requested
+		enewgroup ${UGID}
+		enewuser ${UGID} -1 -1 -1 ${UGID}
+	fi
+}
+
+src_configure() {
+	local myconf=""
+
+	if use caps; then
+		# change to an unprivileged user if libcaps support is requested
+		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+	fi
+
+	# strongswan enables both by default; switch to the user's wish
+	if use static; then
+		myconf="${myconf} --enable-static --disable-shared"
+	else
+		myconf="${myconf} --disable-static --enable-shared"
+	fi
+
+	# TODO: Review new configure options such as networkmanager
+	econf \
+		$(use_with caps capabilities libcap) \
+		$(use_enable curl) \
+		$(use_enable ldap) \
+		$(use_enable xml smp) \
+		$(use_enable smartcard) \
+		$(use_enable cisco cisco-quirks) \
+		$(use_enable debug leak-detective) \
+		$(use_enable networkmanager nm) \
+		$(use_enable nat nat-transport) \
+		${myconf} \
+		|| die "econf failed"
+}
+
+src_install() {
+	einstall || die "einstall failed."
+
+	doinitd "${FILESDIR}"/ipsec
+
+	if use caps; then
+		fowners ipsec:ipsec /etc/ipsec.conf
+	fi
+}
+
+pkg_postinst() {
+	if use caps; then
+		echo
+		elog "strongSwan has been installed without superuser privileges as"
+		elog "requested (USE=caps). There are certain restrictions and"
+		elog "issues regarding non-root operation, so please have a look at:"
+		elog "  http://wiki.strongswan.org/wiki/nonRoot"
+		echo
+		elog "Please be aware that with dropped privileges most leftupdown and"
+		elog "rightupdown scripts will no longer run if they require root privileges."
+		elog "You might want to use sudo to allow the user \"ipsec\" to run"
+		elog "the ipsec helper script (/usr/sbin/ipsec) as root."
+		elog "Example for /etc/sudoers:"
+		elog "  Defaults:ipsec always_set_home,!env_reset"
+		elog "  ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
+		elog "Example for a connection block in /etc/ipsec.conf:"
+		elog "  leftupdown=\"sudo ipsec _updown\""
+		echo
+#		elog "And please do not forget to add CAP_NET_ADMIN capabilities to"
+#		elog "your charon and pluto binaries each time you emerge this ebuild."
+#		echo
+#		elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/pluto"
+#		elog "setcap -v cap_net_admin=ep /usr/libexec/ipsec/charon"
+#		echo
+#		elog "For more information reagrding POSIX capabilities support please"
+#		elog "have a look at http://www.friedhoff.org/posixfilecaps.html"
+#		echo
+	fi
+	elog "The up-to-date manual is available online at:"
+	elog "  http://wiki.strongswan.org/"
+	echo
+}