summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans de Graaff <graaff@gentoo.org>2018-02-16 09:59:16 +0100
committerHans de Graaff <graaff@gentoo.org>2018-02-16 09:59:35 +0100
commit7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97 (patch)
treee86090823c9b46bf06c4cec8a8da5ed42e388738
parent3e39d2d249c1dd97f63c9291160384a3a2844036 (diff)
downloadgentoo-7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97.tar.gz
gentoo-7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97.tar.xz
net-vpn/libreswan: fix glibc/kernel incompatibility, bug 647198
Apply upstream patch to support newer glibc and kernel combinations. Not applied upstream yet because they also need to support old distributions. This patch works with current stable glibc 2.25. Closes: https://bugs.gentoo.org/647198 Package-Manager: Portage-2.3.19, Repoman-2.3.6
-rw-r--r--net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch15
-rw-r--r--net-vpn/libreswan/libreswan-3.23-r1.ebuild114
2 files changed, 129 insertions, 0 deletions
diff --git a/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
new file mode 100644
index 00000000000..5dedfeb34c7
--- /dev/null
+++ b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
@@ -0,0 +1,15 @@
+diff --git a/programs/pluto/kernel_netlink.c
+b/programs/pluto/kernel_netlink.c
+index 8cec3a2..a2500f4 100644
+--- a/programs/pluto/kernel_netlink.c
++++ b/programs/pluto/kernel_netlink.c
+@@ -51,8 +51,8 @@
+ #include <linux/if_addr.h>
+ #include <linux/if_link.h>
+
+-#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
+ #include "linux/xfrm.h" /* local (if configured) or system copy */
++#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
+
+ #include "libreswan/pfkeyv2.h"
+ #include "libreswan/pfkey.h"
diff --git a/net-vpn/libreswan/libreswan-3.23-r1.ebuild b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
new file mode 100644
index 00000000000..3a6e2002c93
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/"
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
+
+COMMON_DEPEND="
+ dev-libs/gmp:0=
+ dev-libs/libevent:0=
+ dev-libs/nspr
+ caps? ( sys-libs/libcap-ng )
+ curl? ( net-misc/curl )
+ dnssec? ( net-dns/unbound net-libs/ldns )
+ ldap? ( net-nds/openldap )
+ pam? ( sys-libs/pam )
+ seccomp? ( sys-libs/libseccomp )
+ selinux? ( sys-libs/libselinux )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${COMMON_DEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ dev-libs/nss
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ test? ( dev-python/setproctitle )
+"
+RDEPEND="${COMMON_DEPEND}
+ dev-libs/nss[utils(+)]
+ sys-apps/iproute2
+ !net-misc/openswan
+ !net-vpn/strongswan
+ selinux? ( sec-policy/selinux-ipsec )
+"
+
+PATCHES=( "${FILESDIR}/${P}-modern-kernels.patch" )
+
+usetf() {
+ usex "$1" true false
+}
+
+src_prepare() {
+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
+ sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
+ default
+}
+
+src_configure() {
+ tc-export AR CC
+ export INC_USRLOCAL=/usr
+ export INC_MANDIR=share/man
+ export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+ export FINALDOCDIR=/usr/share/doc/${PF}/html
+ export INITSYSTEM=openrc
+ export INC_RCDIRS=
+ export INC_RCDEFAULT=/etc/init.d
+ export USERCOMPILE=
+ export USERLINK=
+ export USE_DNSSEC=$(usetf dnssec)
+ export USE_LABELED_IPSEC=$(usetf selinux)
+ export USE_LIBCAP_NG=$(usetf caps)
+ export USE_LIBCURL=$(usetf curl)
+ export USE_LINUX_AUDIT=$(usetf selinux)
+ export USE_LDAP=$(usetf ldap)
+ export USE_SECCOMP=$(usetf seccomp)
+ export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+ export SD_WATCHDOGSEC=$(usex systemd 200 0)
+ export USE_XAUTHPAM=$(usetf pam)
+ export DEBUG_CFLAGS=
+ export OPTIMIZE_CFLAGS=
+ export WERROR_CFLAGS=
+}
+
+src_compile() {
+ emake all
+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all
+}
+
+src_test() {
+ : # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+ default
+ emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install
+
+ echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+ fperms 0600 /etc/ipsec.secrets
+
+ dodoc -r docs
+
+ find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+ local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d
+ if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then
+ ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"
+ certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)
+ eend $?
+ fi
+}