net-misc/openconnect: move to net-vpn

author: Aric Belsito <lluixhi@gmail.com> 2017-03-17 11:46:18 -0700
committer: Aric Belsito <lluixhi@gmail.com> 2017-03-17 11:46:18 -0700
commit: dcda666425fb287aea66724dfd5e52514e9099e7 (patch)
tree: 0eb12181d24fea17408001882d90fda05e54f389 /net-vpn
parent: Revert "media-video/ffmpeg: change openssl USE to ssl" (diff)
download: libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.gz
libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.bz2
libressl-dcda666425fb287aea66724dfd5e52514e9099e7.zip
7 files changed, 328 insertions, 0 deletions
diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
new file mode 100644
index 0000000..7332ae6
--- /dev/null
+++ b/net-vpn/openconnect/Manifest
@@ -0,0 +1,2 @@
+DIST openconnect-7.08.tar.gz 1686133 SHA256 1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03 SHA512 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 WHIRLPOOL 0f3e9f2435be11915de1e73075454f6be45dc4752df7d27b69a186dc7d8c9a6ce49d0a55510b3e836b26bced78eaa792f78ce9be5c51cff4212cd5c799e3ad70
+DIST vpnc-scripts-20160829.tar.gz 20297 SHA256 b737cbfbd2a0c9339ad108f8f2f02269981f0236ff350ce675b0391a08f861bc SHA512 0edd0e5184ac4a705f213a87fa8afa2e2cd54c9bd1aa01955a3a5107c42da8eae7b639896daceecc556a63b0663ee47e25fc21e77f0f74774330d546584fd2c1 WHIRLPOOL 0afe6e9ec1fb952bdad319d65f2353e7a8812e3301bc94ad3c472081ec9673506c9a52d8c4bd4f1035cfacca9f30494b9822034a6d468ce4357277ede2330d1e
diff --git a/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch b/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch
new file mode 100644
index 0000000..ba0b894
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect-7.08-libressl251.patch
@@ -0,0 +1,14 @@
+diff -Naur openconnect-7.08.orig/openssl-dtls.c openconnect-7.08/openssl-dtls.c
+--- openconnect-7.08.orig/openssl-dtls.c	2016-12-06 05:03:51.000000000 -0800
++++ openconnect-7.08/openssl-dtls.c	2017-02-01 13:35:52.315398332 -0800
+@@ -100,8 +100,8 @@
+ 	}
+ #else
+ 	/* OpenSSL <= 1.0.2 only supports CBC ciphers with PSK */
+-	ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_write_ctx));
+-	maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->write_hash);
++	ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_read_ctx));
++	maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->read_hash);
+ 	blocksize = ivlen;
+ 	pad = 1;
+ #endif
diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in
new file mode 100644
index 0000000..53b14e6
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.conf.in
@@ -0,0 +1,26 @@
+# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel:
+#
+# server_vpnname
+# password_vpnname
+# vpnopts_vpnname
+#
+# The tunnel will need to be started with a symbolic link to openconnect:
+#
+# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname
+#
+# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you
+# need to create executable scripts in a directory with the same name as
+# the vpn tunnel (vpn0 can be replaced with the vpn name):
+#
+# mkdir /etc/openconnect/vpn0
+# cd /etc/openconnect/vpn0"
+# echo '#!/bin/sh' > preup.sh"
+# cp preup.sh predown.sh"
+# cp preup.sh postup.sh"
+# cp preup.sh postdown.sh"
+# chmod 755 /etc/openconnect/vpn0/*"
+
+server_vpn0="vpn.server.tld"
+password_vpn0="YOUR_PASSWORD"
+# Any OPENCONNECT options my go here (see openconnect --help)
+vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh"
diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4
new file mode 100644
index 0000000..040edc7
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.init.in-r4
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+	before netmount
+}
+
+checkconfig() {
+	if [ $VPN = "openconnect" ]; then
+		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+		eerror
+		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+		eerror
+		eerror "And then call it instead:"
+		eerror
+		eerror "/etc/init.d/openconnect.vpn0 start"
+		return 1
+	fi
+}
+
+checktuntap() {
+	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+		if ! modprobe tun ; then
+			eerror "TUN/TAP support is not available in this kernel"
+			return 1
+		fi
+	fi
+}
+
+run_hook() {
+	if [ -x "$1" ]; then
+		"$@"
+	fi
+}
+
+start_pre() {
+	checkconfig || return
+	checktuntap || return
+	checkpath -d "${VPNLOG}" || return
+	checkpath -d /run/openconnect || return
+	run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+	local server vpnopts password
+	eval server=\$server_${VPN}
+	eval vpnopts=\$vpnopts_${VPN}
+	eval password=\$password_${VPN}
+
+	ebegin "Starting ${name}"
+	start-stop-daemon --start --exec "${command}" -- \
+		--background \
+		--interface="${VPN}" \
+		--pid-file="${pidfile}" \
+		${vpnopts} \
+		"${server}" \
+		>> "${VPNLOGFILE}" \
+		2>> "${VPNERRFILE}" \
+		<<EOF
+${password}
+EOF
+	eend $?
+}
+
+start_post() {
+	run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+	checkconfig || return
+	run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+	run_hook "${VPNDIR}/postdown.sh"
+}
diff --git a/net-vpn/openconnect/files/openconnect.logrotate b/net-vpn/openconnect/files/openconnect.logrotate
new file mode 100644
index 0000000..0455e68
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.logrotate
@@ -0,0 +1,8 @@
+# openconnect logrotate snipet for Gentoo Linux
+#
+/var/log/openconnect/*/*  {
+  missingok
+  size 5M
+  notifempty
+}
+
diff --git a/net-vpn/openconnect/metadata.xml b/net-vpn/openconnect/metadata.xml
new file mode 100644
index 0000000..392587d
--- /dev/null
+++ b/net-vpn/openconnect/metadata.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>floppym@gentoo.org</email>
+		<name>Mike Gilbert</name>
+	</maintainer>
+	<maintainer type="person">
+		<email>williamh@gentoo.org</email>
+		<name>William Hubbs</name>
+	</maintainer>
+	<maintainer type="person">
+		<email>mattsch@gmail.com</email>
+		<name>Matthew Schultz</name>
+		<description>Proxied maintainer. Copy on bugs.</description>
+	</maintainer>
+	<use>
+		<flag name="gssapi">Build GSSAPI support</flag>
+		<flag name="java">Build JNI bindings using jni.h</flag>
+		<flag name="libproxy">Enable proxy support</flag>
+		<flag name="lz4">Enable support for lz4 compression</flag>
+		<flag name="stoken">Enable stoken support</flag>
+	</use>
+</pkgmetadata>
diff --git a/net-vpn/openconnect/openconnect-7.08.ebuild b/net-vpn/openconnect/openconnect-7.08.ebuild
new file mode 100644
index 0000000..9a90c33
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-7.08.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git"
+	inherit git-r3 autotools
+else
+	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+fi
+VPNC_VER=20160829
+SRC_URI="${ARCHIVE_URI}
+	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken"
+
+DEPEND="
+	dev-libs/libxml2
+	sys-libs/zlib
+	!gnutls? (
+		!libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] )
+		libressl? ( dev-libs/libressl:0=[static-libs?] )
+	)
+	gnutls? (
+		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3:0=[static-libs?]
+	)
+	gssapi? ( virtual/krb5 )
+	libproxy? ( net-libs/libproxy )
+	lz4? ( app-arch/lz4:= )
+	nls? ( virtual/libintl )
+	smartcard? ( sys-apps/pcsc-lite:0= )
+	stoken? ( app-crypt/stoken )"
+RDEPEND="${DEPEND}
+	sys-apps/iproute2
+	!<sys-apps/openrc-0.13"
+DEPEND="${DEPEND}
+	virtual/pkgconfig
+	doc? ( ${PYTHON_DEPS} sys-apps/groff )
+	java? ( >=virtual/jdk-1.6 )
+	nls? ( sys-devel/gettext )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-libressl251.patch
+)
+
+pkg_pretend() {
+	check_extra_config
+}
+
+pkg_setup() {
+	java-pkg-opt-2_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]]; then
+		git-r3_src_unpack
+	fi
+	default
+}
+
+src_prepare() {
+	default
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	if [[ ${LINGUAS+set} == set ]]; then
+		strip-linguas -u po
+		echo "${LINGUAS}" > po/LINGUAS || die
+	fi
+
+	if use doc; then
+		python_setup
+	else
+		export PYTHON=/bin/false
+	fi
+
+	local myconf=(
+		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
+		--without-openssl-version-check
+		$(use_enable static-libs static)
+		$(use_enable nls)
+		$(use_with !gnutls openssl)
+		$(use_with gnutls)
+		$(use_with libproxy)
+		$(use_with lz4)
+		$(use_with gssapi)
+		$(use_with smartcard libpcsclite)
+		$(use_with stoken)
+		$(use_with java)
+	)
+
+	econf "${myconf[@]}"
+}
+
+DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
+instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+You can then start the vpn tunnel like this:
+
+/etc/init.d/openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*
+"
+
+src_install() {
+	default
+
+	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
+	dodir /etc/openconnect
+	insinto /etc/openconnect
+	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+	exeinto /etc/openconnect
+	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/openconnect.logrotate openconnect
+	keepdir /var/log/openconnect
+
+	prune_libtool_files
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		elog
+		elog "You may want to consider installing the following optional packages."
+		optfeature "resolvconf support" net-dns/openresolv
+	fi
+}
author	Aric Belsito <lluixhi@gmail.com>	2017-03-17 11:46:18 -0700
committer	Aric Belsito <lluixhi@gmail.com>	2017-03-17 11:46:18 -0700
commit	dcda666425fb287aea66724dfd5e52514e9099e7 (patch)
tree	0eb12181d24fea17408001882d90fda05e54f389 /net-vpn
parent	Revert "media-video/ffmpeg: change openssl USE to ssl" (diff)
download	libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.gz libressl-dcda666425fb287aea66724dfd5e52514e9099e7.tar.bz2 libressl-dcda666425fb287aea66724dfd5e52514e9099e7.zip