net-vpn/strongswan/strongswan-5.7.2.ebuild - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI="6"
 inherit linux-info systemd user

 DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
 HOMEPAGE="https://www.strongswan.org/"
 SRC_URI="https://download.strongswan.org/${P}.tar.bz2"

 LICENSE="GPL-2 RSA DES"
 SLOT="0"
 KEYWORDS="*"
 IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"

 STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
 STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
 for mod in $STRONGSWAN_PLUGINS_STD; do
 	IUSE="${IUSE} +strongswan_plugins_${mod}"
 done

 for mod in $STRONGSWAN_PLUGINS_OPT; do
 	IUSE="${IUSE} strongswan_plugins_${mod}"
 done

 COMMON_DEPEND="!net-misc/openswan
 	gmp? ( >=dev-libs/gmp-4.1.5:= )
 	gcrypt? ( dev-libs/libgcrypt:0 )
 	caps? ( sys-libs/libcap )
 	curl? ( net-misc/curl )
 	ldap? ( net-nds/openldap )
 	openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
 	mysql? ( dev-db/mysql-connector-c:= )
 	sqlite? ( >=dev-db/sqlite-3.3.1 )
 	systemd? ( sys-apps/systemd )
 	networkmanager? ( net-misc/networkmanager )
 	pam? ( sys-libs/pam )
 	strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
 DEPEND="${COMMON_DEPEND}
 	virtual/linux-sources
 	sys-kernel/linux-headers"
 RDEPEND="${COMMON_DEPEND}
 	virtual/logger
 	sys-apps/iproute2
 	!net-vpn/libreswan
 	selinux? ( sec-policy/selinux-ipsec )"

 UGID="vpn"

 pkg_setup() {
 	linux-info_pkg_setup

 	elog "Linux kernel version: ${KV_FULL}"

 	if ! kernel_is -ge 2 6 16; then
 		eerror
 		eerror "This ebuild currently only supports ${PN} with the"
 		eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
 		eerror
 	fi

 	if kernel_is -lt 2 6 34; then
 		ewarn
 		ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
 		ewarn

 		if kernel_is -lt 2 6 29; then
 			ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
 			ewarn "include all required IPv6 modules even if you just intend"
 			ewarn "to run on IPv4 only."
 			ewarn
 			ewarn "This has been fixed with kernels >= 2.6.29."
 			ewarn
 		fi

 		if kernel_is -lt 2 6 33; then
 			ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
 			ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
 			ewarn "miss SHA384 and SHA512 HMAC support altogether."
 			ewarn
 			ewarn "If you need any of those features, please use kernel >= 2.6.33."
 			ewarn
 		fi

 		if kernel_is -lt 2 6 34; then
 			ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
 			ewarn "ESP cipher is only included in kernels >= 2.6.34."
 			ewarn
 			ewarn "If you need it, please use kernel >= 2.6.34."
 			ewarn
 		fi
 	fi

 	if use non-root; then
 		enewgroup ${UGID}
 		enewuser ${UGID} -1 -1 -1 ${UGID}
 	fi
 }

 src_configure() {
 	append-flags "-DSTARTER_ALLOW_NON_ROOT" "-DSKIP_KERNEL_IPSEC_MODPROBES"
 	local myconf=""

 	if use non-root; then
 		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
 		myconf="${myconf} --with-piddir=/run/ipsec"
 	fi

 	# If a user has already enabled db support, those plugins will
 	# most likely be desired as well. Besides they don't impose new
 	# dependencies and come at no cost (except for space).
 	if use mysql || use sqlite; then
 		myconf="${myconf} --enable-attr-sql --enable-sql"
 	fi

 	# strongSwan builds and installs static libs by default which are
 	# useless to the user (and to strongSwan for that matter) because no
 	# header files or alike get installed... so disabling them is safe.
 	if use pam && use eap; then
 		myconf="${myconf} --enable-eap-gtc"
 	else
 		myconf="${myconf} --disable-eap-gtc"
 	fi

 	for mod in $STRONGSWAN_PLUGINS_STD; do
 		if use strongswan_plugins_${mod}; then
 			myconf+=" --enable-${mod}"
 		fi
 	done

 	for mod in $STRONGSWAN_PLUGINS_OPT; do
 		if use strongswan_plugins_${mod}; then
 			myconf+=" --enable-${mod}"
 		fi
 	done

 	econf \
 		--disable-static \
 		--enable-ikev1 \
 		--enable-ikev2 \
 		--enable-swanctl \
 		--enable-socket-dynamic \
 		$(use_enable curl) \
 		$(use_enable constraints) \
 		$(use_enable ldap) \
 		$(use_enable debug leak-detective) \
 		$(use_enable dhcp) \
 		$(use_enable eap eap-sim) \
 		$(use_enable eap eap-sim-file) \
 		$(use_enable eap eap-simaka-sql) \
 		$(use_enable eap eap-simaka-pseudonym) \
 		$(use_enable eap eap-simaka-reauth) \
 		$(use_enable eap eap-identity) \
 		$(use_enable eap eap-md5) \
 		$(use_enable eap eap-aka) \
 		$(use_enable eap eap-aka-3gpp2) \
 		$(use_enable eap md4) \
 		$(use_enable eap eap-mschapv2) \
 		$(use_enable eap eap-radius) \
 		$(use_enable eap eap-tls) \
 		$(use_enable eap eap-ttls) \
 		$(use_enable eap xauth-eap) \
 		$(use_enable eap eap-dynamic) \
 		$(use_enable farp) \
 		$(use_enable gmp) \
 		$(use_enable gcrypt) \
 		$(use_enable mysql) \
 		$(use_enable networkmanager nm) \
 		$(use_enable openssl) \
 		$(use_enable pam xauth-pam) \
 		$(use_enable pkcs11) \
 		$(use_enable sqlite) \
 		$(use_enable systemd) \
 		$(use_with caps capabilities libcap) \
 		--with-piddir=/run \
 		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
 		${myconf}
 }

 src_install() {
 	emake DESTDIR="${D}" install

 	doinitd "${FILESDIR}"/ipsec

 	local dir_ugid
 	if use non-root; then
 		fowners ${UGID}:${UGID} \
 			/etc/ipsec.conf \
 			/etc/strongswan.conf

 		dir_ugid="${UGID}"
 	else
 		dir_ugid="root"
 	fi

 	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
 	dodir /etc/ipsec.d \
 		/etc/ipsec.d/aacerts \
 		/etc/ipsec.d/acerts \
 		/etc/ipsec.d/cacerts \
 		/etc/ipsec.d/certs \
 		/etc/ipsec.d/crls \
 		/etc/ipsec.d/ocspcerts \
 		/etc/ipsec.d/private \
 		/etc/ipsec.d/reqs

 	# Replace various IPsec files with symbolic links to runtime generated
 	# files (by l2tpipsec_vpn) in /run on Chromium OS.
 	local link_path=/run/l2tpipsec_vpn/current
 	for cfg_file in \
 		/etc/ipsec.conf \
 		/etc/ipsec.secrets \
 		/etc/ipsec.d/cacerts/cacert.der \
 		/etc/strongswan.conf; do
 		rm -f "${D}${cfg_file}"
 		dosym "${link_path}/$(basename $cfg_file)" "${cfg_file}"
 	done

 	dodoc NEWS README TODO || die

 	# shared libs are used only internally and there are no static libs,
 	# so it's safe to get rid of the .la files
 	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
 }
	# Copyright 1999-2019 Gentoo Authors
	# Distributed under the terms of the GNU General Public License v2

	EAPI="6"
	inherit linux-info systemd user

	DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
	HOMEPAGE="https://www.strongswan.org/"
	SRC_URI="https://download.strongswan.org/${P}.tar.bz2"

	LICENSE="GPL-2 RSA DES"
	SLOT="0"
	KEYWORDS="*"
	IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"

	STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
	STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
	for mod in $STRONGSWAN_PLUGINS_STD; do
	IUSE="${IUSE} +strongswan_plugins_${mod}"
	done

	for mod in $STRONGSWAN_PLUGINS_OPT; do
	IUSE="${IUSE} strongswan_plugins_${mod}"
	done

	COMMON_DEPEND="!net-misc/openswan
	gmp? ( >=dev-libs/gmp-4.1.5:= )
	gcrypt? ( dev-libs/libgcrypt:0 )
	caps? ( sys-libs/libcap )
	curl? ( net-misc/curl )
	ldap? ( net-nds/openldap )
	openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
	mysql? ( dev-db/mysql-connector-c:= )
	sqlite? ( >=dev-db/sqlite-3.3.1 )
	systemd? ( sys-apps/systemd )
	networkmanager? ( net-misc/networkmanager )
	pam? ( sys-libs/pam )
	strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
	DEPEND="${COMMON_DEPEND}
	virtual/linux-sources
	sys-kernel/linux-headers"
	RDEPEND="${COMMON_DEPEND}
	virtual/logger
	sys-apps/iproute2
	!net-vpn/libreswan
	selinux? ( sec-policy/selinux-ipsec )"

	UGID="vpn"

	pkg_setup() {
	linux-info_pkg_setup

	elog "Linux kernel version: ${KV_FULL}"

	if ! kernel_is -ge 2 6 16; then
	eerror
	eerror "This ebuild currently only supports ${PN} with the"
	eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
	eerror
	fi

	if kernel_is -lt 2 6 34; then
	ewarn
	ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
	ewarn

	if kernel_is -lt 2 6 29; then
	ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
	ewarn "include all required IPv6 modules even if you just intend"
	ewarn "to run on IPv4 only."
	ewarn
	ewarn "This has been fixed with kernels >= 2.6.29."
	ewarn
	fi

	if kernel_is -lt 2 6 33; then
	ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
	ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
	ewarn "miss SHA384 and SHA512 HMAC support altogether."
	ewarn
	ewarn "If you need any of those features, please use kernel >= 2.6.33."
	ewarn
	fi

	if kernel_is -lt 2 6 34; then
	ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
	ewarn "ESP cipher is only included in kernels >= 2.6.34."
	ewarn
	ewarn "If you need it, please use kernel >= 2.6.34."
	ewarn
	fi
	fi

	if use non-root; then
	enewgroup ${UGID}
	enewuser ${UGID} -1 -1 -1 ${UGID}
	fi
	}

	src_configure() {
	append-flags "-DSTARTER_ALLOW_NON_ROOT" "-DSKIP_KERNEL_IPSEC_MODPROBES"
	local myconf=""

	if use non-root; then
	myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
	myconf="${myconf} --with-piddir=/run/ipsec"
	fi

	# If a user has already enabled db support, those plugins will
	# most likely be desired as well. Besides they don't impose new
	# dependencies and come at no cost (except for space).
	if use mysql \|\| use sqlite; then
	myconf="${myconf} --enable-attr-sql --enable-sql"
	fi

	# strongSwan builds and installs static libs by default which are
	# useless to the user (and to strongSwan for that matter) because no
	# header files or alike get installed... so disabling them is safe.
	if use pam && use eap; then
	myconf="${myconf} --enable-eap-gtc"
	else
	myconf="${myconf} --disable-eap-gtc"
	fi

	for mod in $STRONGSWAN_PLUGINS_STD; do
	if use strongswan_plugins_${mod}; then
	myconf+=" --enable-${mod}"
	fi
	done

	for mod in $STRONGSWAN_PLUGINS_OPT; do
	if use strongswan_plugins_${mod}; then
	myconf+=" --enable-${mod}"
	fi
	done

	econf \
	--disable-static \
	--enable-ikev1 \
	--enable-ikev2 \
	--enable-swanctl \
	--enable-socket-dynamic \
	$(use_enable curl) \
	$(use_enable constraints) \
	$(use_enable ldap) \
	$(use_enable debug leak-detective) \
	$(use_enable dhcp) \
	$(use_enable eap eap-sim) \
	$(use_enable eap eap-sim-file) \
	$(use_enable eap eap-simaka-sql) \
	$(use_enable eap eap-simaka-pseudonym) \
	$(use_enable eap eap-simaka-reauth) \
	$(use_enable eap eap-identity) \
	$(use_enable eap eap-md5) \
	$(use_enable eap eap-aka) \
	$(use_enable eap eap-aka-3gpp2) \
	$(use_enable eap md4) \
	$(use_enable eap eap-mschapv2) \
	$(use_enable eap eap-radius) \
	$(use_enable eap eap-tls) \
	$(use_enable eap eap-ttls) \
	$(use_enable eap xauth-eap) \
	$(use_enable eap eap-dynamic) \
	$(use_enable farp) \
	$(use_enable gmp) \
	$(use_enable gcrypt) \
	$(use_enable mysql) \
	$(use_enable networkmanager nm) \
	$(use_enable openssl) \
	$(use_enable pam xauth-pam) \
	$(use_enable pkcs11) \
	$(use_enable sqlite) \
	$(use_enable systemd) \
	$(use_with caps capabilities libcap) \
	--with-piddir=/run \
	--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
	${myconf}
	}

	src_install() {
	emake DESTDIR="${D}" install

	doinitd "${FILESDIR}"/ipsec

	local dir_ugid
	if use non-root; then
	fowners ${UGID}:${UGID} \
	/etc/ipsec.conf \
	/etc/strongswan.conf

	dir_ugid="${UGID}"
	else
	dir_ugid="root"
	fi

	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
	dodir /etc/ipsec.d \
	/etc/ipsec.d/aacerts \
	/etc/ipsec.d/acerts \
	/etc/ipsec.d/cacerts \
	/etc/ipsec.d/certs \
	/etc/ipsec.d/crls \
	/etc/ipsec.d/ocspcerts \
	/etc/ipsec.d/private \
	/etc/ipsec.d/reqs

	# Replace various IPsec files with symbolic links to runtime generated
	# files (by l2tpipsec_vpn) in /run on Chromium OS.
	local link_path=/run/l2tpipsec_vpn/current
	for cfg_file in \
	/etc/ipsec.conf \
	/etc/ipsec.secrets \
	/etc/ipsec.d/cacerts/cacert.der \
	/etc/strongswan.conf; do
	rm -f "${D}${cfg_file}"
	dosym "${link_path}/$(basename $cfg_file)" "${cfg_file}"
	done

	dodoc NEWS README TODO \|\| die

	# shared libs are used only internally and there are no static libs,
	# so it's safe to get rid of the .la files
	find "${D}" -name '*.la' -delete \|\| die "Failed to remove .la files."
	}