diff options
| author |   Robert Buchholz <rbu@gentoo.org> | 2009-06-07 15:04:06 +0000 |
|---|---|---|
| committer | Robert Buchholz <rbu@gentoo.org> | 2009-06-07 15:04:06 +0000 |
| commit | 89d7df01e656d9f362bdc5ef0b2fd2cffdfa3ee0 (patch) | |
| tree | 26001b9a93e2ea0986bf40fc06b5ae4fe65a73a0 /net-misc | |
| parent | sparc stable wrt #272733 (diff) | |
| download | gentoo-2-89d7df01e656d9f362bdc5ef0b2fd2cffdfa3ee0.tar.gz gentoo-2-89d7df01e656d9f362bdc5ef0b2fd2cffdfa3ee0.tar.bz2 gentoo-2-89d7df01e656d9f362bdc5ef0b2fd2cffdfa3ee0.zip | |
Version bump, fixes security bug 264346 and 272276. Remove old warning in the code, fix dependencies and configure options. Comment in user and group specification again. Added some TODOs.
(Portage version: 2.1.6.13/cvs/Linux x86_64)
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/strongswan/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/strongswan/strongswan-4.2.15.ebuild | 101 |
2 files changed, 109 insertions, 1 deletions
diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog index d74e8a2b4732..116db05cc5bb 100644 --- a/net-misc/strongswan/ChangeLog +++ b/net-misc/strongswan/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/strongswan # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.68 2009/01/21 18:15:54 mr_bones_ Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.69 2009/06/07 15:04:06 rbu Exp $ + +*strongswan-4.2.15 (07 Jun 2009) + + 07 Jun 2009; Robert Buchholz <rbu@gentoo.org> +strongswan-4.2.15.ebuild: + Version bump, fixes security bug 264346 and 272276. Remove old warning in + the code, fix dependencies and configure options. Comment in user and group + specification again. Added some TODOs. 21 Jan 2009; Michael Sterrett <mr_bones_@gentoo.org> -files/ipsec-path-2.8.3.patch.bz2, -files/ipsec-path-2.8.4.patch.bz2, diff --git a/net-misc/strongswan/strongswan-4.2.15.ebuild b/net-misc/strongswan/strongswan-4.2.15.ebuild new file mode 100644 index 000000000000..eb458f544643 --- /dev/null +++ b/net-misc/strongswan/strongswan-4.2.15.ebuild @@ -0,0 +1,101 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.2.15.ebuild,v 1.1 2009/06/07 15:04:06 rbu Exp $ + +EAPI=2 +inherit eutils linux-info autotools + +UGID="ipsec" + +DESCRIPTION="Open Source implementation of IPsec for the Linux operating system." +HOMEPAGE="http://www.strongswan.org/" +SRC_URI="http://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES" +SLOT="0" +KEYWORDS="~ppc ~sparc ~x86 ~amd64" +IUSE="caps cisco curl debug ldap nat smartcard static xml" + +COMMON_DEPEND="!net-misc/openswan + dev-libs/gmp + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + smartcard? ( dev-libs/opensc ) + xml? ( dev-libs/libxml2 )" +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-4.2.7-install.patch + eautoreconf +} + +pkg_setup() { + linux-info_pkg_setup + + einfo "Linux kernel is version ${KV_FULL}" + + if kernel_is 2 6; then + einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)." + else + eerror "Sorry, no support for your kernel version ${KV_FULL}." + die "Install an IPsec enabled 2.6 kernel." + fi + + # change to an unprivileged user by default + enewgroup ${UGID} + enewuser ${UGID} -1 -1 -1 ${UGID} +} + +src_configure() { + local myconf="" + + # change to an unprivileged user by default + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + # strongswan enables both by default; switch to the user's wish + if use static; then + myconf="${myconf} --enable-static --disable-shared" + else + myconf="${myconf} --disable-static --enable-shared" + fi + + # TODO: Review new configure options such as networkmanager + econf \ + $(use_with caps capabilities libcap) \ + $(use_enable curl) \ + $(use_enable ldap) \ + $(use_enable xml smp) \ + $(use_enable smartcard) \ + $(use_enable cisco cisco-quirks) \ + $(use_enable debug leak-detective) \ + $(use_enable nat nat-transport) \ + ${myconf} \ + || die "econf failed" +} + +src_install() { + einstall || die "einstall failed." + + doinitd "${FILESDIR}"/ipsec + + fowners ipsec:ipsec /etc/ipsec.conf +} + +pkg_postinst() { + echo + einfo "For your own security we install strongSwan without superuser" + einfo "privileges. If you use iptables, you might want to change that" + einfo "setting. See http://wiki.strongswan.org/wiki/nonRoot for more" + einfo "information." + # TODO: Should we recommend this sudoers line to users? + # %ipsec ALL = NOPASSWD: /sbin/iptables + echo + einfo "The up-to-date configuration manual is available online at" + einfo "http://www.strongswan.org/docs/readme42.htm" + echo +} |