diff options
author | Aric Belsito <lluixhi@gmail.com> | 2017-03-17 11:46:18 -0700 |
---|---|---|
committer | Aric Belsito <lluixhi@gmail.com> | 2017-03-17 11:46:18 -0700 |
commit | dcda666425fb287aea66724dfd5e52514e9099e7 (patch) | |
tree | 0eb12181d24fea17408001882d90fda05e54f389 /net-vpn | |
parent | Revert "media-video/ffmpeg: change openssl USE to ssl" (diff) | |
download | libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.gz libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.bz2 libressl-dcda666425fb287aea66724dfd5e52514e9099e7.zip |
net-misc/openconnect: move to net-vpn
Diffstat (limited to 'net-vpn')
-rw-r--r-- | net-vpn/openconnect/Manifest | 2 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect-7.08-libressl251.patch | 14 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.conf.in | 26 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.init.in-r4 | 88 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.logrotate | 8 | ||||
-rw-r--r-- | net-vpn/openconnect/metadata.xml | 24 | ||||
-rw-r--r-- | net-vpn/openconnect/openconnect-7.08.ebuild | 166 |
7 files changed, 328 insertions, 0 deletions
diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest new file mode 100644 index 0000000..7332ae6 --- /dev/null +++ b/net-vpn/openconnect/Manifest @@ -0,0 +1,2 @@ +DIST openconnect-7.08.tar.gz 1686133 SHA256 1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03 SHA512 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 WHIRLPOOL 0f3e9f2435be11915de1e73075454f6be45dc4752df7d27b69a186dc7d8c9a6ce49d0a55510b3e836b26bced78eaa792f78ce9be5c51cff4212cd5c799e3ad70 +DIST vpnc-scripts-20160829.tar.gz 20297 SHA256 b737cbfbd2a0c9339ad108f8f2f02269981f0236ff350ce675b0391a08f861bc SHA512 0edd0e5184ac4a705f213a87fa8afa2e2cd54c9bd1aa01955a3a5107c42da8eae7b639896daceecc556a63b0663ee47e25fc21e77f0f74774330d546584fd2c1 WHIRLPOOL 0afe6e9ec1fb952bdad319d65f2353e7a8812e3301bc94ad3c472081ec9673506c9a52d8c4bd4f1035cfacca9f30494b9822034a6d468ce4357277ede2330d1e diff --git a/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch b/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch new file mode 100644 index 0000000..ba0b894 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch @@ -0,0 +1,14 @@ +diff -Naur openconnect-7.08.orig/openssl-dtls.c openconnect-7.08/openssl-dtls.c +--- openconnect-7.08.orig/openssl-dtls.c 2016-12-06 05:03:51.000000000 -0800 ++++ openconnect-7.08/openssl-dtls.c 2017-02-01 13:35:52.315398332 -0800 +@@ -100,8 +100,8 @@ + } + #else + /* OpenSSL <= 1.0.2 only supports CBC ciphers with PSK */ +- ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_write_ctx)); +- maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->write_hash); ++ ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_read_ctx)); ++ maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->read_hash); + blocksize = ivlen; + pad = 1; + #endif diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in new file mode 100644 index 0000000..53b14e6 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.conf.in @@ -0,0 +1,26 @@ +# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel: +# +# server_vpnname +# password_vpnname +# vpnopts_vpnname +# +# The tunnel will need to be started with a symbolic link to openconnect: +# +# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname +# +# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you +# need to create executable scripts in a directory with the same name as +# the vpn tunnel (vpn0 can be replaced with the vpn name): +# +# mkdir /etc/openconnect/vpn0 +# cd /etc/openconnect/vpn0" +# echo '#!/bin/sh' > preup.sh" +# cp preup.sh predown.sh" +# cp preup.sh postup.sh" +# cp preup.sh postdown.sh" +# chmod 755 /etc/openconnect/vpn0/*" + +server_vpn0="vpn.server.tld" +password_vpn0="YOUR_PASSWORD" +# Any OPENCONNECT options my go here (see openconnect --help) +vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh" diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4 new file mode 100644 index 0000000..040edc7 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.init.in-r4 @@ -0,0 +1,88 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPN="${RC_SVCNAME#*.}" +VPNDIR="/etc/openconnect/${VPN}" +VPNLOG="/var/log/openconnect/${VPN}" +VPNLOGFILE="${VPNLOG}/openconnect.log" +VPNERRFILE="${VPNLOG}/openconnect.err" + +command="/usr/sbin/openconnect" +name="OpenConnect: ${VPN}" +pidfile="/run/openconnect/${VPN}.pid" +stopsig="SIGINT" + +depend() { + before netmount +} + +checkconfig() { + if [ $VPN = "openconnect" ]; then + eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" + eerror + eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" + eerror + eerror "And then call it instead:" + eerror + eerror "/etc/init.d/openconnect.vpn0 start" + return 1 + fi +} + +checktuntap() { + if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi +} + +run_hook() { + if [ -x "$1" ]; then + "$@" + fi +} + +start_pre() { + checkconfig || return + checktuntap || return + checkpath -d "${VPNLOG}" || return + checkpath -d /run/openconnect || return + run_hook "${VPNDIR}/preup.sh" +} + +start() { + local server vpnopts password + eval server=\$server_${VPN} + eval vpnopts=\$vpnopts_${VPN} + eval password=\$password_${VPN} + + ebegin "Starting ${name}" + start-stop-daemon --start --exec "${command}" -- \ + --background \ + --interface="${VPN}" \ + --pid-file="${pidfile}" \ + ${vpnopts} \ + "${server}" \ + >> "${VPNLOGFILE}" \ + 2>> "${VPNERRFILE}" \ + <<EOF +${password} +EOF + eend $? +} + +start_post() { + run_hook "${VPNDIR}/postup.sh" +} + +stop_pre() { + checkconfig || return + run_hook "${VPNDIR}/predown.sh" +} + +stop_post() { + run_hook "${VPNDIR}/postdown.sh" +} diff --git a/net-vpn/openconnect/files/openconnect.logrotate b/net-vpn/openconnect/files/openconnect.logrotate new file mode 100644 index 0000000..0455e68 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.logrotate @@ -0,0 +1,8 @@ +# openconnect logrotate snipet for Gentoo Linux +# +/var/log/openconnect/*/* { + missingok + size 5M + notifempty +} + diff --git a/net-vpn/openconnect/metadata.xml b/net-vpn/openconnect/metadata.xml new file mode 100644 index 0000000..392587d --- /dev/null +++ b/net-vpn/openconnect/metadata.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>floppym@gentoo.org</email> + <name>Mike Gilbert</name> + </maintainer> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <name>William Hubbs</name> + </maintainer> + <maintainer type="person"> + <email>mattsch@gmail.com</email> + <name>Matthew Schultz</name> + <description>Proxied maintainer. Copy on bugs.</description> + </maintainer> + <use> + <flag name="gssapi">Build GSSAPI support</flag> + <flag name="java">Build JNI bindings using jni.h</flag> + <flag name="libproxy">Enable proxy support</flag> + <flag name="lz4">Enable support for lz4 compression</flag> + <flag name="stoken">Enable stoken support</flag> + </use> +</pkgmetadata> diff --git a/net-vpn/openconnect/openconnect-7.08.ebuild b/net-vpn/openconnect/openconnect-7.08.ebuild new file mode 100644 index 0000000..9a90c33 --- /dev/null +++ b/net-vpn/openconnect/openconnect-7.08.ebuild @@ -0,0 +1,166 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="xml" + +inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" + inherit git-r3 autotools +else + ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +fi +VPNC_VER=20160829 +SRC_URI="${ARCHIVE_URI} + ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" + +DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" +HOMEPAGE="http://www.infradead.org/openconnect.html" + +LICENSE="LGPL-2.1 GPL-2" +SLOT="0/5" +IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken" + +DEPEND=" + dev-libs/libxml2 + sys-libs/zlib + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] ) + libressl? ( dev-libs/libressl:0=[static-libs?] ) + ) + gnutls? ( + app-misc/ca-certificates + dev-libs/nettle + >=net-libs/gnutls-3:0=[static-libs?] + ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + lz4? ( app-arch/lz4:= ) + nls? ( virtual/libintl ) + smartcard? ( sys-apps/pcsc-lite:0= ) + stoken? ( app-crypt/stoken )" +RDEPEND="${DEPEND} + sys-apps/iproute2 + !<sys-apps/openrc-0.13" +DEPEND="${DEPEND} + virtual/pkgconfig + doc? ( ${PYTHON_DEPS} sys-apps/groff ) + java? ( >=virtual/jdk-1.6 ) + nls? ( sys-devel/gettext )" + +CONFIG_CHECK="~TUN" + +PATCHES=( + "${FILESDIR}"/${P}-libressl251.patch +) + +pkg_pretend() { + check_extra_config +} + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + +src_configure() { + if [[ ${LINGUAS+set} == set ]]; then + strip-linguas -u po + echo "${LINGUAS}" > po/LINGUAS || die + fi + + if use doc; then + python_setup + else + export PYTHON=/bin/false + fi + + local myconf=( + --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" + --without-openssl-version-check + $(use_enable static-libs static) + $(use_enable nls) + $(use_with !gnutls openssl) + $(use_with gnutls) + $(use_with libproxy) + $(use_with lz4) + $(use_with gssapi) + $(use_with smartcard libpcsclite) + $(use_with stoken) + $(use_with java) + ) + + econf "${myconf[@]}" +} + +DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. + +You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d +instead of calling it directly: + +ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 + +You can then start the vpn tunnel like this: + +/etc/init.d/openconnect.vpn0 start + +If you would like to run preup, postup, predown, and/or postdown scripts, +You need to create a directory in /etc/openconnect with the name of the vpn: + +mkdir /etc/openconnect/vpn0 + +Then add executable shell files: + +mkdir /etc/openconnect/vpn0 +cd /etc/openconnect/vpn0 +echo '#!/bin/sh' > preup.sh +cp preup.sh predown.sh +cp preup.sh postup.sh +cp preup.sh postdown.sh +chmod 755 /etc/openconnect/vpn0/* +" + +src_install() { + default + + newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect + dodir /etc/openconnect + insinto /etc/openconnect + newconfd "${FILESDIR}"/openconnect.conf.in openconnect + exeinto /etc/openconnect + newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh + insinto /etc/logrotate.d + newins "${FILESDIR}"/openconnect.logrotate openconnect + keepdir /var/log/openconnect + + prune_libtool_files + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may want to consider installing the following optional packages." + optfeature "resolvconf support" net-dns/openresolv + fi +} |