# Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.3.6.ebuild,v 1.2 2010/02/27 22:43:10 ulm Exp $ EAPI=2 inherit eutils linux-info DESCRIPTION="Open Source IPsec based VPN solution with a strong focus on security. Fully supports IKEv1/IKEv2, MOBIKE and the Linux 2.6 IPsec stack." HOMEPAGE="http://www.strongswan.org/" SRC_URI="http://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES" SLOT="0" KEYWORDS="~ppc ~sparc ~x86 ~amd64" IUSE="+caps cisco curl debug gcrypt ldap +ikev1 +ikev2 mysql nat +non-root +openssl smartcard sqlite" COMMON_DEPEND="!net-misc/openswan dev-libs/gmp gcrypt? ( dev-libs/libgcrypt ) caps? ( sys-libs/libcap ) curl? ( net-misc/curl ) ldap? ( net-nds/openldap ) smartcard? ( dev-libs/opensc ) openssl? ( >=dev-libs/openssl-0.9.8 ) mysql? ( virtual/mysql ) sqlite? ( >=dev-db/sqlite-3.3.1 )" DEPEND="${COMMON_DEPEND} virtual/linux-sources sys-kernel/linux-headers" RDEPEND="${COMMON_DEPEND} virtual/logger sys-apps/iproute2" UGID="ipsec" pkg_setup() { linux-info_pkg_setup elog "Linux kernel version: ${KV_FULL}" if kernel_is 2 6; then elog "Using native Linux 2.6 IPsec stack." else eerror eerror "This ebuild currently only supports ${PN} with the" eerror "native Linux 2.6 IPsec stack." eerror die "Please install a recent 2.6 kernel." fi if use non-root; then enewgroup ${UGID} enewuser ${UGID} -1 -1 -1 ${UGID} fi } src_configure() { local myconf="" if use non-root; then myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" fi # If a user has already enabled db support, those plugins will # most likely be desired as well. Besides they don't impose new # dependencies and come at no cost (except for space). if use mysql || use sqlite; then myconf="${myconf} --enable-attr-sql --enable-sql" fi # strongSwan builds and installs static libs by default which are # useless to the user (and to strongSwan for that matter) because no # header files or alike get installed... so disabling them is safe. econf \ --disable-static \ $(use_with caps capabilities libcap) \ $(use_enable curl) \ $(use_enable ldap) \ $(use_enable smartcard) \ $(use_enable cisco cisco-quirks) \ $(use_enable debug leak-detective) \ $(use_enable nat nat-transport) \ $(use_enable openssl) \ $(use_enable gcrypt) \ $(use_enable mysql) \ $(use_enable sqlite) \ $(use_enable ikev1 pluto) \ $(use_enable ikev2 charon) \ ${myconf} \ || die "econf failed" } src_install() { einstall || die "einstall failed." doinitd "${FILESDIR}"/ipsec diropts -m 0750 dodir /etc/ipsec.d \ /etc/ipsec.d/aacerts \ /etc/ipsec.d/acerts \ /etc/ipsec.d/cacerts \ /etc/ipsec.d/certs \ /etc/ipsec.d/crls \ /etc/ipsec.d/ocspcerts \ /etc/ipsec.d/private \ /etc/ipsec.d/reqs if use caps; then fowners ${UGID}:${UGID} \ /etc/ipsec.conf \ /etc/ipsec.secrets \ /etc/strongswan.conf fi # shared libs are used only internally and there are no static libs, # so it's safe to get rid of the .la files find "${D}" -name '*.la' -delete || die "Failed to remove .la files." } pkg_preinst() { has_version "