Improved ebuild, thanks to Matthias Dahl. Proxymaintaining with Matthias now. Fixes #308101

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64

4 files changed, 233 insertions, 14 deletions

diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog
index faac47c65389..138b73578047 100644
--- a/net-misc/strongswan/ChangeLog
+++ b/net-misc/strongswan/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-misc/strongswan
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.79 2010/02/27 22:43:10 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.80 2010/03/16 18:37:21 patrick Exp $
+
+*strongswan-4.3.6-r1 (16 Mar 2010)
+
+  16 Mar 2010; Patrick Lauer <patrick@gentoo.org>
+  +strongswan-4.3.6-r1.ebuild, metadata.xml:
+  Improved ebuild, thanks to Matthias Dahl. Proxymaintaining with Matthias
+  now. Fixes #308101
 
   27 Feb 2010; Ulrich Mueller <ulm@gentoo.org> strongswan-4.3.3.ebuild,
   strongswan-4.3.4.ebuild, strongswan-4.3.5.ebuild, strongswan-4.3.6.ebuild:
diff --git a/net-misc/strongswan/Manifest b/net-misc/strongswan/Manifest
index 830a25a9aea7..9a554312c819 100644
--- a/net-misc/strongswan/Manifest
+++ b/net-misc/strongswan/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 AUX ipsec 445 RMD160 9240cf2699984634fae9b0f45c813742fd05e047 SHA1 efcc1bedfbeae8a5b85f85e4926472edbca37be0 SHA256 5ba492de6d612d7def1cb7ceacadf8397e50f8433b91c4f2f09bf216eed34da6
 AUX strongswan-4.2.7-install.patch 1070 RMD160 fa5815d1de4d4bba5674832def181f139a66ae7e SHA1 4adc2f9e704553dabf744667d74d8c6ed6ae9c59 SHA256 0ea8ba27ba6ad5a4f90ad4f233fd05ec431dccdb1c08b794e2f7ee72ea4fc87a
 AUX strongswan-4.3.3-install.patch 1070 RMD160 1a9e97eba9e7e9bd4718f601754b62a7e31c48cc SHA1 eaffc515f9373513ada676799d78413aa96411cf SHA256 60d440ff105efbd45c0a11d8df3a5b2f3b733b04b91239c6d70f19b4988e31b7
@@ -13,13 +10,7 @@ EBUILD strongswan-4.2.17.ebuild 2812 RMD160 29491eb031f13c780eacc38f3231d0bb476f
 EBUILD strongswan-4.3.3.ebuild 2750 RMD160 50ea7a0e30dcf598f889a1365db8ec7805cec856 SHA1 9e98e2eb6bb26b1927d7ad4ff789fc04935e997c SHA256 f6fb07f907578eea9028368659a776248eabdba3869ebd04a8f4b08b9f0a809a
 EBUILD strongswan-4.3.4.ebuild 3765 RMD160 1f94475dc6ecc8e30be2457d85a671ee6027cced SHA1 14ac5ce3c1babece2969537eab4259c371912c19 SHA256 307caf1edb75110743a3bf56619271d9493f755fcaeb817cb599d31246a5edb1
 EBUILD strongswan-4.3.5.ebuild 3759 RMD160 473a22ef91a31529f646cc5d5249957c1bdf71d2 SHA1 a424e03d679785c229e3714d8166792eb50531be SHA256 36e27c266d192aeb54d404b84bf609e4faa9825733617a2a3734ec14c1d70b60
+EBUILD strongswan-4.3.6-r1.ebuild 6526 RMD160 f5155ee5dfe6076e9c95824760159ffa3596131a SHA1 833ab6955c9b69070c091ac59dc3bc49de7bf741 SHA256 9493ea2c6d2d8e6c681306c469d3a0ea300b1f993d6619605e1a08210df642b3
 EBUILD strongswan-4.3.6.ebuild 3759 RMD160 c6a07a383cd5ad553a539f4794c88ed167ae5415 SHA1 67427e4382b8c68a2ee272630b801ec3e13f0ce7 SHA256 182fe06c642242c6048815c86ebfe77c1574746bffd429714bbabff263ae6951
-MISC ChangeLog 14087 RMD160 1a1955bec79c28eed4c3922bc4dbbec1b8270b85 SHA1 6c6e80153f7150ecfa49bf5d2b4d9b4d5d606853 SHA256 5b909171390dd9c254003ec0ca6d2fbf139eafecfd73b6434ae81f9a12943678
-MISC metadata.xml 790 RMD160 e0f60060a1dfe7281928b16c9418fbe1a8dafbe2 SHA1 ea2e94902df1eb340433f998afceff59642b3ab6 SHA256 99878b2ebdb19513074de656e8e27afd79c272fef8be6128c6af61451615e256
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iEYEARECAAYFAkuJoBcACgkQOeoy/oIi7ux+DACgoVGl0yNIvEvX5A9mk5ABlOiO
-wXcAoIH9QWX6l6OZlwfUvBB4hIHkzM5+
-=CqfZ
------END PGP SIGNATURE-----
+MISC ChangeLog 14319 RMD160 a46c59c8ac4369854ae5589dd0ef6be544c2c11d SHA1 5efd9d3dc3cb59443b762de0449ef38c43661d1b SHA256 fb3e939545881be85d83cb536314a9d505254c4ea3d3f3428e121d3953eca35f
+MISC metadata.xml 1276 RMD160 0fb9ce53d85de2cbd5b640f77c7742ceb19bec11 SHA1 961790fed6e1189c26671b8ce1aef2e2d0328699 SHA256 2a4b623e516b5e9d820dbc53e3c7bc1b76946d7a20deb2fca21f5a92e2e0679c
diff --git a/net-misc/strongswan/metadata.xml b/net-misc/strongswan/metadata.xml
index 45ec82f9915c..572b05153ec4 100644
--- a/net-misc/strongswan/metadata.xml
+++ b/net-misc/strongswan/metadata.xml
@@ -2,7 +2,15 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
   <herd>no-herd</herd>
-  <maintainer><email>maintainer-needed@gentoo.org</email></maintainer>
+        <maintainer>
+                <email>patrick@gentoo.org</email>
+                <name>Patrick Lauer</name>
+        </maintainer>
+        <maintainer>
+                <email>ua_bugz_gentoo@mortal-soul.de</email>
+                <name>Matthias Dahl </name>
+        </maintainer>
+
   <longdescription lang="en">
 		strongSwan is an OpenSource IPsec implementation for the Linux
 		operating system. It is based on the discontinued FreeS/WAN project and
@@ -13,5 +21,10 @@
   <use>
     <flag name="cisco">Enable support of Cisco VPN client</flag>
     <flag name="nat">Enable NAT traversal with IPsec transport mode</flag>
+    <flag name="gcrypt">Enable gcrypt support</flag>
+    <flag name="ikev1">Enable ikev1 protocol</flag>
+    <flag name="ikev2">Enable ikev2 protocol</flag>
+    <flag name="openssl">Enable openssl support</flag>
+    <flag name="non-root">Enable running as non-root</flag>
   </use>
 </pkgmetadata>
diff --git a/net-misc/strongswan/strongswan-4.3.6-r1.ebuild b/net-misc/strongswan/strongswan-4.3.6-r1.ebuild
new file mode 100644
index 000000000000..ab3767e304fe
--- /dev/null
+++ b/net-misc/strongswan/strongswan-4.3.6-r1.ebuild
@@ -0,0 +1,208 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.6-r1.ebuild,v 1.1 2010/03/16 18:37:21 patrick Exp $
+
+EAPI=2
+
+inherit eutils linux-info
+
+DESCRIPTION="Open Source IPsec based VPN solution with a strong focus on security. Fully supports IKEv1/IKEv2, MOBIKE and the Linux 2.6 IPsec stack."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES"
+SLOT="0"
+KEYWORDS="~ppc ~sparc ~x86 ~amd64"
+IUSE="+caps cisco curl debug gcrypt ldap +ikev1 +ikev2 mysql nat +non-root +openssl smartcard sqlite"
+
+COMMON_DEPEND="!net-misc/openswan
+	dev-libs/gmp
+	gcrypt? ( dev-libs/libgcrypt )
+	caps? ( sys-libs/libcap )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	smartcard? ( dev-libs/opensc )
+	openssl? ( >=dev-libs/openssl-0.9.8 )
+	mysql? ( virtual/mysql )
+	sqlite? ( >=dev-db/sqlite-3.3.1 )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	sys-kernel/linux-headers"
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+UGID="ipsec"
+
+pkg_setup() {
+	linux-info_pkg_setup
+	elog "Linux kernel version: ${KV_FULL}"
+
+	if kernel_is 2 6; then
+		elog "Using native Linux 2.6 IPsec stack."
+	else
+		eerror
+		eerror "This ebuild currently only supports ${PN} with the"
+		eerror "native Linux 2.6 IPsec stack."
+		eerror
+		die "Please install a recent 2.6 kernel."
+	fi
+
+	if use non-root; then
+		enewgroup ${UGID}
+		enewuser ${UGID} -1 -1 -1 ${UGID}
+	fi
+}
+
+src_configure() {
+	local myconf=""
+
+	if use non-root; then
+		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+	fi
+
+	# If a user has already enabled db support, those plugins will
+	# most likely be desired as well. Besides they don't impose new
+	# dependencies and come at no cost (except for space).
+	if use mysql || use sqlite; then
+		myconf="${myconf} --enable-attr-sql --enable-sql"
+	fi
+
+	# strongSwan builds and installs static libs by default which are
+	# useless to the user (and to strongSwan for that matter) because no
+	# header files or alike get installed... so disabling them is safe.
+	econf \
+		--disable-static \
+		$(use_with caps capabilities libcap) \
+		$(use_enable curl) \
+		$(use_enable ldap) \
+		$(use_enable smartcard) \
+		$(use_enable cisco cisco-quirks) \
+		$(use_enable debug leak-detective) \
+		$(use_enable nat nat-transport) \
+		$(use_enable openssl) \
+		$(use_enable gcrypt) \
+		$(use_enable mysql) \
+		$(use_enable sqlite) \
+		$(use_enable ikev1 pluto) \
+		$(use_enable ikev2 charon) \
+		${myconf} \
+		|| die "econf failed"
+}
+
+src_install() {
+	einstall || die "einstall failed."
+
+	doinitd "${FILESDIR}"/ipsec
+
+	diropts -m 0750
+	dodir /etc/ipsec.d \
+		/etc/ipsec.d/aacerts \
+		/etc/ipsec.d/acerts \
+		/etc/ipsec.d/cacerts \
+		/etc/ipsec.d/certs \
+		/etc/ipsec.d/crls \
+		/etc/ipsec.d/ocspcerts \
+		/etc/ipsec.d/private \
+		/etc/ipsec.d/reqs
+
+	if use caps; then
+		fowners ${UGID}:${UGID} \
+			/etc/ipsec.conf \
+			/etc/ipsec.secrets \
+			/etc/strongswan.conf
+	fi
+
+	# shared libs are used only internally and there are no static libs,
+	# so it's safe to get rid of the .la files
+	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
+}
+
+pkg_preinst() {
+	has_version "<net-misc/strongswan-4.3.6-r1"
+	upgrade_from_leq_4_3_6=$?
+	if [[ $upgrade_from_leq_4_3_6 == 0 ]]; then
+		built_with_use net-misc/strongswan caps
+		previous_4_3_6_with_caps=$?
+	fi
+}
+
+pkg_postinst() {
+	if ! use openssl ; then
+		elog
+		elog "${PN} has been compiled without OpenSSL support."
+		elog "Please note that (among other things), support for"
+		elog "ECDSA authentification and several ECP Diffie-Hellman groups"
+		elog "is missing."
+		elog "If you require any of the above functionality, please re-emerge"
+		elog "with the \"openssl\" USE flag enabled."
+		elog
+	fi
+	if [[ $upgrade_from_leq_4_3_6 == 0 ]]; then
+		chmod 0750 "${ROOT}"/etc/ipsec.d \
+			"${ROOT}"/etc/ipsec.d/aacerts \
+			"${ROOT}"/etc/ipsec.d/acerts \
+			"${ROOT}"/etc/ipsec.d/cacerts \
+			"${ROOT}"/etc/ipsec.d/certs \
+			"${ROOT}"/etc/ipsec.d/crls \
+			"${ROOT}"/etc/ipsec.d/ocspcerts \
+			"${ROOT}"/etc/ipsec.d/private \
+			"${ROOT}"/etc/ipsec.d/reqs
+
+		ewarn
+		ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
+		ewarn "security reasons. Your system installed directories have been"
+		ewarn "updated accordingly. Please check if necessary."
+		ewarn
+
+		if [[ $previous_4_3_6_with_caps == 0 ]]; then
+			if ! use non-root; then
+				ewarn
+				ewarn "IMPORTANT: You previously had ${PN} installed without root"
+				ewarn "priviledges because it was implied by the 'caps' USE flag."
+				ewarn "This has been changed. If you want ${PN} with user priviledges,"
+				ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
+				ewarn
+			fi
+		fi
+	fi
+	if ! use caps && ! use non-root; then
+		ewarn
+		ewarn "You have decided to run ${PN} with root priviledges and built it"
+		ewarn "without support for POSIX capability dropping. It is generally"
+		ewarn "strongly suggested that you reconsider- especially if you intend"
+		ewarn "to run ${PN} as server with a public ip address."
+		ewarn
+		ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
+		ewarn
+	fi
+	if use non-root; then
+		elog
+		elog "${PN} has been installed without superuser priviledges (USE=non-root)."
+		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
+		elog "but also a few to the IKEv2 daemon 'charon'."
+		elog
+		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
+		elog
+		elog "pluto uses a helper script by default to insert/remove routing and"
+		elog "policy rules upon connection start/stop which requires superuser"
+		elog "priviledges. charon in contrast does this internally and can do so"
+		elog "even with reduced (user) priviledges."
+		elog
+		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
+		elog "script to pluto or charon which requires superuser priviledges, you"
+		elog "can work around this limitation by using sudo to grant the"
+		elog "user \"ipsec\" the appropriate rights."
+		elog "For example (the default case):"
+		elog "/etc/sudoers:"
+		elog "  Defaults:ipsec always_set_home,!env_reset"
+		elog "  ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
+		elog "Under the specific connection block in /etc/ipsec.conf:"
+		elog "  leftupdown=\"sudo ipsec _updown\""
+		elog 
+	fi
+	elog
+	elog "The up-to-date manual is available online at:"
+	elog "  http://wiki.strongswan.org/"
+	elog
+}