summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/ipsec-tools/Makefile137
-rw-r--r--security/ipsec-tools/files/patch-configure77
-rw-r--r--security/ipsec-tools/files/racoon.sh.in16
-rw-r--r--security/ipsec-tools/pkg-descr3
-rw-r--r--security/ipsec-tools/pkg-plist8
5 files changed, 221 insertions, 20 deletions
diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile
index 8c338af..dd8c96c 100644
--- a/security/ipsec-tools/Makefile
+++ b/security/ipsec-tools/Makefile
@@ -4,15 +4,14 @@
#
# $FreeBSD$
-# TODO: - configurable --enable-xxx
-# - libipsec issue ?
+# TODO: - libipsec issue ?
# - cleanup...
# - SYSCONFDIR
# - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey
PORTNAME= ipsec-tools
PORTVERSION= 0.6.5
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ipsec-tools
@@ -26,22 +25,142 @@ USE_RC_SUBR= racoon.sh
USE_OPENSSL= yes
USE_BZIP2= yes
-WRKSRC= ${WRKDIR}/${DISTNAME}
GNU_CONFIGURE= yes
INSTALLS_SHLIB= yes
-LDFLAGS= -L${LOCALBASE}/lib
CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
-CONFIGURE_ARGS= --enable-debug --enable-dpd --enable-natt=kernel \
- --enable-frag --enable-ipv6 --enable-shared \
- --sysconfdir=${PREFIX}/etc/racoon \
+CONFIGURE_ARGS= --enable-shared --sysconfdir=${PREFIX}/etc/racoon \
+ --localstatedir=${STATEDIR:S/\/racoon//} \
--with-pkgversion=freebsd-${PORTVERSION}
+STATEDIR= ${DESTDIR}/var/db/racoon
+SUB_LIST+= STATEDIR=${STATEDIR}
+PLIST_SUB+= STATEDIR=${STATEDIR}
+
+OPTIONS= DEBUG "enable Debug support" on \
+ IPV6 "enable IPV6 support" on \
+ ADMINPORT "enable Admin port" off \
+ STATS "enable Statistics logging function" off \
+ DPD "enable Dead Peer Detection" on \
+ NATT "enable NAT-Traversal (kernel-patch required)" on \
+ FRAG "enable IKE fragmentation payload support" on \
+ HYBRID "enable Hybrid Mode-cfg and Xauth support" off \
+ PAM "enable PAM authentication" off \
+ GSSAPI "enable GSS-API authentication" off \
+ RADIUS "enable Radius authentication" off \
+ SAUNSPEC "enable Unspecified SA mode" off \
+ RC5 "enable RC5 encryption (patented)" off \
+ IDEA "enable IDEA encryption (patented)" off
+
MAN3= ipsec_set_policy.3 ipsec_strerror.3
MAN5= racoon.conf.5
MAN8= racoon.8 racoonctl.8 setkey.8 plainrsa-gen.8
PORTDOCS= *
+.include <bsd.port.pre.mk>
+
+.ifdef(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-debug
+.else
+CONFIGURE_ARGS+= --disable-debug
+.endif
+
+.ifdef(WITH_IPV6)
+CONFIGURE_ARGS+= --enable-ipv6
+.else
+CONFIGURE_ARGS+= --disable-ipv6
+.endif
+
+.ifdef(WITH_ADMINPORT)
+CONFIGURE_ARGS+= --enable-adminport
+.else
+CONFIGURE_ARGS+= --disable-adminport
+.endif
+
+.ifdef(WITH_STATS)
+CONFIGURE_ARGS+= --enable-stats
+.else
+CONFIGURE_ARGS+= --disable-stats
+.endif
+
+.ifdef(WITH_DPD)
+CONFIGURE_ARGS+= --enable-dpd
+.else
+CONFIGURE_ARGS+= --disable-dpd
+.endif
+
+.ifdef(WITH_NATT)
+CONFIGURE_ARGS+= --enable-natt=kernel
+.else
+CONFIGURE_ARGS+= --disable-natt
+.endif
+
+.ifdef(WITH_FRAG)
+CONFIGURE_ARGS+= --enable-frag
+.else
+CONFIGURE_ARGS+= --disable-frag
+.endif
+
+.ifdef(WITH_HYBRID)
+CONFIGURE_ARGS+= --enable-hybrid
+.else
+CONFIGURE_ARGS+= --disable-hybrid
+.endif
+
+.ifdef(WITH_PAM)
+CONFIGURE_ARGS+= --with-libpam
+.else
+CONFIGURE_ARGS+= --without-libpam
+.endif
+
+.ifdef(WITH_GSSAPI)
+USE_ICONV= yes
+CFLAGS+= -I${LOCALBASE}/include
+LDFLAGS+= -L${LOCALBASE}/lib
+CONFIGURE_ARGS+= --enable-gssapi
+.else
+CONFIGURE_ARGS+= --disable-gssapi
+.endif
+
+.ifdef(WITH_RADIUS)
+CONFIGURE_ARGS+= --with-libradius
+.else
+CONFIGURE_ARGS+= --without-libradius
+.endif
+
+.ifdef(WITH_SAUNSPEC)
+CONFIGURE_ARGS+= --enable-samode-unspec
+.else
+CONFIGURE_ARGS+= --disable-samode-unspec
+.endif
+
+.ifdef(WITH_RC5)
+CONFIGURE_ARGS+= --enable-rc5
+.else
+CONFIGURE_ARGS+= --disable-rc5
+.endif
+
+.ifdef(WITH_IDEA)
+CONFIGURE_ARGS+= --enable-idea
+.else
+CONFIGURE_ARGS+= --disable-idea
+.endif
+
+.ifdef(WITH_NATT)
+pre-configure:
+ @${ECHO_MSG} "===> -------------------------------------------------------------------------"
+ @${ECHO_MSG} "===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality!"
+ @${ECHO_MSG} "===> You can download the patch here:"
+. if ${OSVERSION} < 500000
+ @${ECHO_MSG} "===> http://ipsec-tools.sf.net/freebsd_nat-t.diff"
+. else
+ @${ECHO_MSG} "===> http://ipsec-tools.sf.net/freebsd6-natt.diff"
+. endif
+ @${ECHO_MSG} "===> You might possibly have to do some steps manually if it fails to apply."
+ @${ECHO_MSG} "===> -------------------------------------------------------------------------"
+ @sleep 3
+.endif
+
post-install:
@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \
${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
@@ -55,4 +174,4 @@ post-install:
@${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${DOCSDIR}
.endif
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff --git a/security/ipsec-tools/files/patch-configure b/security/ipsec-tools/files/patch-configure
new file mode 100644
index 0000000..ce675f9
--- /dev/null
+++ b/security/ipsec-tools/files/patch-configure
@@ -0,0 +1,77 @@
+--- configure.orig Wed Apr 26 15:28:47 2006
++++ configure Wed Apr 26 15:28:56 2006
+@@ -25122,6 +25122,74 @@
+ fi
+
+
++ echo "$as_me:$LINENO: checking for iconv_open in -liconv" >&5
++echo $ECHO_N "checking for iconv_open in -liconv... $ECHO_C" >&6
++if test "${ac_cv_lib_iconv_iconv_open+set}" = set; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ ac_check_lib_save_LIBS=$LIBS
++LIBS="-liconv $LIBS"
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++
++/* Override any gcc2 internal prototype to avoid an error. */
++#ifdef __cplusplus
++extern "C"
++#endif
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char iconv_open ();
++int
++main ()
++{
++iconv_open ();
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
++ (eval $ac_link) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; } &&
++ { ac_try='test -s conftest$ac_exeext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ ac_cv_lib_iconv_iconv_open=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ac_cv_lib_iconv_iconv_open=no
++fi
++rm -f conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++echo "$as_me:$LINENO: result: $ac_cv_lib_iconv_iconv_open" >&5
++echo "${ECHO_T}$ac_cv_lib_iconv_iconv_open" >&6
++if test $ac_cv_lib_iconv_iconv_open = yes; then
++ LIBS="$LIBS -liconv"
++fi
++
+ echo "$as_me:$LINENO: checking if iconv second argument needs const" >&5
+ echo $ECHO_N "checking if iconv second argument needs const... $ECHO_C" >&6
+ saved_CFLAGS=$CFLAGS
diff --git a/security/ipsec-tools/files/racoon.sh.in b/security/ipsec-tools/files/racoon.sh.in
index c97d1bb..7940c2d 100644
--- a/security/ipsec-tools/files/racoon.sh.in
+++ b/security/ipsec-tools/files/racoon.sh.in
@@ -29,13 +29,17 @@ prefix=%%PREFIX%%
name="racoon"
rcvar=`set_rcvar`
-command="${prefix}/sbin/racoon"
-pidfile="/var/run/racoon.pid"
-required_files="${prefix}/etc/racoon/racoon.conf"
-stop_postcmd="racoon_poststop"
-
-racoon_poststop() {
+command="${prefix}/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+socketfile="%%STATEDIR%%/${name}.sock"
+required_files="${prefix}/etc/${name}/${name}.conf"
+required_dirs="%%STATEDIR%%"
+start_precmd="racoon_cleanup"
+stop_postcmd="racoon_cleanup"
+
+racoon_cleanup() {
/bin/rm -f ${pidfile}
+ /bin/rm -f ${socketfile}
}
load_rc_config $name
diff --git a/security/ipsec-tools/pkg-descr b/security/ipsec-tools/pkg-descr
index aa93b1a..ce207c8 100644
--- a/security/ipsec-tools/pkg-descr
+++ b/security/ipsec-tools/pkg-descr
@@ -4,8 +4,7 @@ establish security association with other hosts.
This is the IPSec-tools version of racoon.
Enchancements:
-- Support of NAT-T.
-- Support of IKE fragmentation.
+- Support of NAT-T and IKE fragmentation.
- Support of many authentication algorithms.
- Tons of bugfixes.
diff --git a/security/ipsec-tools/pkg-plist b/security/ipsec-tools/pkg-plist
index 509a5c8..30a492b 100644
--- a/security/ipsec-tools/pkg-plist
+++ b/security/ipsec-tools/pkg-plist
@@ -1,4 +1,6 @@
+sbin/plainrsa-gen
sbin/racoon
+sbin/racoonctl
sbin/setkey
include/libipsec/libpfkey.h
include/racoon/admin.h
@@ -24,8 +26,6 @@ lib/libracoon.a
lib/libracoon.la
lib/libracoon.so
lib/libracoon.so.0
-sbin/plainrsa-gen
-sbin/racoonctl
%%EXAMPLESDIR%%/psk.txt
%%EXAMPLESDIR%%/psk.txt.sample
%%EXAMPLESDIR%%/racoon.conf
@@ -47,4 +47,6 @@ sbin/racoonctl
@dirrm %%EXAMPLESDIR%%/roadwarrior/client
@dirrm %%EXAMPLESDIR%%/roadwarrior
@dirrm %%EXAMPLESDIR%%
-@dirrmtry var/racoon
+@cwd /
+@exec mkdir -p %%STATEDIR%%
+@dirrmtry %%STATEDIR%%
OpenPOWER on IntegriCloud