net-vpn/libreswan: set INITSYSTEM correctly

INITSYSTEM was hardcoded to always be openrc. This was ignored in libreswan 3.x where runtime detection was used, but in 4.x the INITSYSTEM is hardcoded in the setup script at installation time. Set INITSYSTEM based on the systemd USE flag instead. Closes: https://bugs.gentoo.org/756121 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff@gentoo.org>
author: Hans de Graaff <graaff@gentoo.org> 2021-05-01 09:12:11 +0200
committer: Hans de Graaff <graaff@gentoo.org> 2021-05-01 09:12:11 +0200
commit: b5c7c9a782224f592c9f2521d766cf31322656c7 (patch)
tree: a38795c5f90e7612e1ce7cf3cf64cc443b0e9619 /net-vpn/libreswan
parent: dev-lang/ruby: fix build during bootstrap (diff)
download: gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.tar.gz
gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.tar.bz2
gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.zip
1 files changed, 120 insertions, 0 deletions
diff --git a/net-vpn/libreswan/libreswan-4.4-r1.ebuild b/net-vpn/libreswan/libreswan-4.4-r1.ebuild
new file mode 100644
index 000000000000..6932991bf6a4
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-4.4-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/"
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/gmp:0=
+	dev-libs/libevent:0=
+	dev-libs/nspr
+	>=dev-libs/nss-3.42
+	>=sys-kernel/linux-headers-4.19
+	caps? ( sys-libs/libcap-ng )
+	curl? ( net-misc/curl )
+	dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )
+	ldap? ( net-nds/openldap )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	systemd? ( sys-apps/systemd:0= )
+"
+BDEPEND="
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/xmlto
+	dev-libs/nss
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	test? ( dev-python/setproctitle )
+"
+RDEPEND="${DEPEND}
+	dev-libs/nss[utils(+)]
+	sys-apps/iproute2
+	!net-vpn/strongswan
+	selinux? ( sec-policy/selinux-ipsec )
+"
+
+usetf() {
+	usex "$1" true false
+}
+
+PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" )
+
+src_prepare() {
+	sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
+	sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
+	default
+}
+
+src_configure() {
+	tc-export AR CC
+	export PREFIX=/usr
+	export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+	export FINALDOCDIR=/usr/share/doc/${PF}/html
+	export INITSYSTEM=$(usex systemd systemd openrc)
+	export INITDDIRS=
+	export INITDDIR_DEFAULT=/etc/init.d
+	export USERCOMPILE=${CFLAGS}
+	export USERLINK=${LDFLAGS}
+	export USE_DNSSEC=$(usetf dnssec)
+	export USE_LABELED_IPSEC=$(usetf selinux)
+	export USE_LIBCAP_NG=$(usetf caps)
+	export USE_LIBCURL=$(usetf curl)
+	export USE_LINUX_AUDIT=$(usetf selinux)
+	export USE_LDAP=$(usetf ldap)
+	export USE_NM=$(usetf networkmanager)
+	export USE_SECCOMP=$(usetf seccomp)
+	export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+	export SD_WATCHDOGSEC=$(usex systemd 200 0)
+	export USE_AUTHPAM=$(usetf pam)
+	export DEBUG_CFLAGS=
+	export OPTIMIZE_CFLAGS=
+	export WERROR_CFLAGS=
+}
+
+src_compile() {
+	emake all
+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all
+}
+
+src_test() {
+	: # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+	default
+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install
+
+	echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+	fperms 0600 /etc/ipsec.secrets
+
+	keepdir /var/lib/ipsec/nss
+	fperms 0700 /var/lib/ipsec/nss
+
+	dodoc -r docs
+
+	find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+	local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss
+	if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
+		ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
+		certutil -N -d "${IPSEC_CONFDIR}" --empty-password
+		eend $?
+		einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
+	fi
+}
author	Hans de Graaff <graaff@gentoo.org>	2021-05-01 09:12:11 +0200
committer	Hans de Graaff <graaff@gentoo.org>	2021-05-01 09:12:11 +0200
commit	b5c7c9a782224f592c9f2521d766cf31322656c7 (patch)
tree	a38795c5f90e7612e1ce7cf3cf64cc443b0e9619 /net-vpn/libreswan
parent	dev-lang/ruby: fix build during bootstrap (diff)
download	gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.tar.gz gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.tar.bz2 gentoo-b5c7c9a782224f592c9f2521d766cf31322656c7.zip