diff options
-rw-r--r-- | security/ipsec-tools/Makefile | 137 | ||||
-rw-r--r-- | security/ipsec-tools/files/patch-configure | 77 | ||||
-rw-r--r-- | security/ipsec-tools/files/racoon.sh.in | 16 | ||||
-rw-r--r-- | security/ipsec-tools/pkg-descr | 3 | ||||
-rw-r--r-- | security/ipsec-tools/pkg-plist | 8 |
5 files changed, 221 insertions, 20 deletions
diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile index 8c338af..dd8c96c 100644 --- a/security/ipsec-tools/Makefile +++ b/security/ipsec-tools/Makefile @@ -4,15 +4,14 @@ # # $FreeBSD$ -# TODO: - configurable --enable-xxx -# - libipsec issue ? +# TODO: - libipsec issue ? # - cleanup... # - SYSCONFDIR # - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey PORTNAME= ipsec-tools PORTVERSION= 0.6.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ipsec-tools @@ -26,22 +25,142 @@ USE_RC_SUBR= racoon.sh USE_OPENSSL= yes USE_BZIP2= yes -WRKSRC= ${WRKDIR}/${DISTNAME} GNU_CONFIGURE= yes INSTALLS_SHLIB= yes -LDFLAGS= -L${LOCALBASE}/lib CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} -CONFIGURE_ARGS= --enable-debug --enable-dpd --enable-natt=kernel \ - --enable-frag --enable-ipv6 --enable-shared \ - --sysconfdir=${PREFIX}/etc/racoon \ +CONFIGURE_ARGS= --enable-shared --sysconfdir=${PREFIX}/etc/racoon \ + --localstatedir=${STATEDIR:S/\/racoon//} \ --with-pkgversion=freebsd-${PORTVERSION} +STATEDIR= ${DESTDIR}/var/db/racoon +SUB_LIST+= STATEDIR=${STATEDIR} +PLIST_SUB+= STATEDIR=${STATEDIR} + +OPTIONS= DEBUG "enable Debug support" on \ + IPV6 "enable IPV6 support" on \ + ADMINPORT "enable Admin port" off \ + STATS "enable Statistics logging function" off \ + DPD "enable Dead Peer Detection" on \ + NATT "enable NAT-Traversal (kernel-patch required)" on \ + FRAG "enable IKE fragmentation payload support" on \ + HYBRID "enable Hybrid Mode-cfg and Xauth support" off \ + PAM "enable PAM authentication" off \ + GSSAPI "enable GSS-API authentication" off \ + RADIUS "enable Radius authentication" off \ + SAUNSPEC "enable Unspecified SA mode" off \ + RC5 "enable RC5 encryption (patented)" off \ + IDEA "enable IDEA encryption (patented)" off + MAN3= ipsec_set_policy.3 ipsec_strerror.3 MAN5= racoon.conf.5 MAN8= racoon.8 racoonctl.8 setkey.8 plainrsa-gen.8 PORTDOCS= * +.include <bsd.port.pre.mk> + +.ifdef(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-debug +.else +CONFIGURE_ARGS+= --disable-debug +.endif + +.ifdef(WITH_IPV6) +CONFIGURE_ARGS+= --enable-ipv6 +.else +CONFIGURE_ARGS+= --disable-ipv6 +.endif + +.ifdef(WITH_ADMINPORT) +CONFIGURE_ARGS+= --enable-adminport +.else +CONFIGURE_ARGS+= --disable-adminport +.endif + +.ifdef(WITH_STATS) +CONFIGURE_ARGS+= --enable-stats +.else +CONFIGURE_ARGS+= --disable-stats +.endif + +.ifdef(WITH_DPD) +CONFIGURE_ARGS+= --enable-dpd +.else +CONFIGURE_ARGS+= --disable-dpd +.endif + +.ifdef(WITH_NATT) +CONFIGURE_ARGS+= --enable-natt=kernel +.else +CONFIGURE_ARGS+= --disable-natt +.endif + +.ifdef(WITH_FRAG) +CONFIGURE_ARGS+= --enable-frag +.else +CONFIGURE_ARGS+= --disable-frag +.endif + +.ifdef(WITH_HYBRID) +CONFIGURE_ARGS+= --enable-hybrid +.else +CONFIGURE_ARGS+= --disable-hybrid +.endif + +.ifdef(WITH_PAM) +CONFIGURE_ARGS+= --with-libpam +.else +CONFIGURE_ARGS+= --without-libpam +.endif + +.ifdef(WITH_GSSAPI) +USE_ICONV= yes +CFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= -L${LOCALBASE}/lib +CONFIGURE_ARGS+= --enable-gssapi +.else +CONFIGURE_ARGS+= --disable-gssapi +.endif + +.ifdef(WITH_RADIUS) +CONFIGURE_ARGS+= --with-libradius +.else +CONFIGURE_ARGS+= --without-libradius +.endif + +.ifdef(WITH_SAUNSPEC) +CONFIGURE_ARGS+= --enable-samode-unspec +.else +CONFIGURE_ARGS+= --disable-samode-unspec +.endif + +.ifdef(WITH_RC5) +CONFIGURE_ARGS+= --enable-rc5 +.else +CONFIGURE_ARGS+= --disable-rc5 +.endif + +.ifdef(WITH_IDEA) +CONFIGURE_ARGS+= --enable-idea +.else +CONFIGURE_ARGS+= --disable-idea +.endif + +.ifdef(WITH_NATT) +pre-configure: + @${ECHO_MSG} "===> -------------------------------------------------------------------------" + @${ECHO_MSG} "===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality!" + @${ECHO_MSG} "===> You can download the patch here:" +. if ${OSVERSION} < 500000 + @${ECHO_MSG} "===> http://ipsec-tools.sf.net/freebsd_nat-t.diff" +. else + @${ECHO_MSG} "===> http://ipsec-tools.sf.net/freebsd6-natt.diff" +. endif + @${ECHO_MSG} "===> You might possibly have to do some steps manually if it fails to apply." + @${ECHO_MSG} "===> -------------------------------------------------------------------------" + @sleep 3 +.endif + post-install: @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \ ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \ @@ -55,4 +174,4 @@ post-install: @${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${DOCSDIR} .endif -.include <bsd.port.mk> +.include <bsd.port.post.mk> diff --git a/security/ipsec-tools/files/patch-configure b/security/ipsec-tools/files/patch-configure new file mode 100644 index 0000000..ce675f9 --- /dev/null +++ b/security/ipsec-tools/files/patch-configure @@ -0,0 +1,77 @@ +--- configure.orig Wed Apr 26 15:28:47 2006 ++++ configure Wed Apr 26 15:28:56 2006 +@@ -25122,6 +25122,74 @@ + fi + + ++ echo "$as_me:$LINENO: checking for iconv_open in -liconv" >&5 ++echo $ECHO_N "checking for iconv_open in -liconv... $ECHO_C" >&6 ++if test "${ac_cv_lib_iconv_iconv_open+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ac_check_lib_save_LIBS=$LIBS ++LIBS="-liconv $LIBS" ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++ ++/* Override any gcc2 internal prototype to avoid an error. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char iconv_open (); ++int ++main () ++{ ++iconv_open (); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ ac_cv_lib_iconv_iconv_open=yes ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ac_cv_lib_iconv_iconv_open=no ++fi ++rm -f conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++LIBS=$ac_check_lib_save_LIBS ++fi ++echo "$as_me:$LINENO: result: $ac_cv_lib_iconv_iconv_open" >&5 ++echo "${ECHO_T}$ac_cv_lib_iconv_iconv_open" >&6 ++if test $ac_cv_lib_iconv_iconv_open = yes; then ++ LIBS="$LIBS -liconv" ++fi ++ + echo "$as_me:$LINENO: checking if iconv second argument needs const" >&5 + echo $ECHO_N "checking if iconv second argument needs const... $ECHO_C" >&6 + saved_CFLAGS=$CFLAGS diff --git a/security/ipsec-tools/files/racoon.sh.in b/security/ipsec-tools/files/racoon.sh.in index c97d1bb..7940c2d 100644 --- a/security/ipsec-tools/files/racoon.sh.in +++ b/security/ipsec-tools/files/racoon.sh.in @@ -29,13 +29,17 @@ prefix=%%PREFIX%% name="racoon" rcvar=`set_rcvar` -command="${prefix}/sbin/racoon" -pidfile="/var/run/racoon.pid" -required_files="${prefix}/etc/racoon/racoon.conf" -stop_postcmd="racoon_poststop" - -racoon_poststop() { +command="${prefix}/sbin/${name}" +pidfile="/var/run/${name}.pid" +socketfile="%%STATEDIR%%/${name}.sock" +required_files="${prefix}/etc/${name}/${name}.conf" +required_dirs="%%STATEDIR%%" +start_precmd="racoon_cleanup" +stop_postcmd="racoon_cleanup" + +racoon_cleanup() { /bin/rm -f ${pidfile} + /bin/rm -f ${socketfile} } load_rc_config $name diff --git a/security/ipsec-tools/pkg-descr b/security/ipsec-tools/pkg-descr index aa93b1a..ce207c8 100644 --- a/security/ipsec-tools/pkg-descr +++ b/security/ipsec-tools/pkg-descr @@ -4,8 +4,7 @@ establish security association with other hosts. This is the IPSec-tools version of racoon. Enchancements: -- Support of NAT-T. -- Support of IKE fragmentation. +- Support of NAT-T and IKE fragmentation. - Support of many authentication algorithms. - Tons of bugfixes. diff --git a/security/ipsec-tools/pkg-plist b/security/ipsec-tools/pkg-plist index 509a5c8..30a492b 100644 --- a/security/ipsec-tools/pkg-plist +++ b/security/ipsec-tools/pkg-plist @@ -1,4 +1,6 @@ +sbin/plainrsa-gen sbin/racoon +sbin/racoonctl sbin/setkey include/libipsec/libpfkey.h include/racoon/admin.h @@ -24,8 +26,6 @@ lib/libracoon.a lib/libracoon.la lib/libracoon.so lib/libracoon.so.0 -sbin/plainrsa-gen -sbin/racoonctl %%EXAMPLESDIR%%/psk.txt %%EXAMPLESDIR%%/psk.txt.sample %%EXAMPLESDIR%%/racoon.conf @@ -47,4 +47,6 @@ sbin/racoonctl @dirrm %%EXAMPLESDIR%%/roadwarrior/client @dirrm %%EXAMPLESDIR%%/roadwarrior @dirrm %%EXAMPLESDIR%% -@dirrmtry var/racoon +@cwd / +@exec mkdir -p %%STATEDIR%% +@dirrmtry %%STATEDIR%% |