Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Aug 2005 20:32:04 GMT
From:      VANHULLEBUS Yvan <vanhu@netasq.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/85544: New port: security/ipsec-tools
Message-ID:  <200508312032.j7VKW4IN021544@www.freebsd.org>
Resent-Message-ID: <200508312040.j7VKe5Gj098365@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         85544
>Category:       ports
>Synopsis:       New port: security/ipsec-tools
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 31 20:40:05 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     VANHULLEBUS Yvan
>Release:        FreeBSD6
>Organization:
NETASQ
>Environment:
--
>Description:
IPSec tools port: ipsec-tools is the new "official" version of racoon, is the only one which is maintained and have lots of new features.
>How-To-Repeat:
--      
>Fix:
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	ipsec-tools
#	ipsec-tools/files
#	ipsec-tools/files/racoon.sh
#	ipsec-tools/pkg-descr
#	ipsec-tools/pkg-plist
#	ipsec-tools/distinfo
#	ipsec-tools/Makefile
#
echo c - ipsec-tools
mkdir -p ipsec-tools > /dev/null 2>&1
echo c - ipsec-tools/files
mkdir -p ipsec-tools/files > /dev/null 2>&1
echo x - ipsec-tools/files/racoon.sh
sed 's/^X//' >ipsec-tools/files/racoon.sh << 'END-of-ipsec-tools/files/racoon.sh'
X#!/bin/sh
X
X# Start or stop racoon
X# $FreeBSD: ports/security/racoon/files/racoon.sh,v 1.2 2004/01/06 15:31:09 sumikawa Exp $
X
X# PROVIDE: racoon
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X#
X# NOTE for FreeBSD 5.0+:
X# If you want this script to start with the base rc scripts
X# move racoon.sh to /etc/rc.d/racoon
X
Xprefix=%%PREFIX%%
X
X# Define these racoon_* variables in one of these files:
X#	/etc/rc.conf
X#	/etc/rc.conf.local
X#	/etc/rc.conf.d/racoon
X#
X# DO NOT CHANGE THESE DEFAULT VALUES HERE
X#
X[ -z "$racoon_enable" ] && racoon_enable="YES"	# Enable racoon
X#racoon_program="${prefix}/sbin/racoon"		# Location of racoon
X#racoon_flags=""				# Flags to racoon program
X
X. %%RC_SUBR%%
X
Xname="racoon"
Xrcvar=`set_rcvar`
Xcommand="${prefix}/sbin/racoon"
Xpidfile="/var/run/racoon.pid"
Xrequired_files="${prefix}/etc/racoon/racoon.conf"
Xstop_postcmd="racoon_poststop"
X
Xracoon_poststop() {
X	/bin/rm -f ${pidfile}
X}
X
Xload_rc_config $name
Xrun_rc_command "$1"
END-of-ipsec-tools/files/racoon.sh
echo x - ipsec-tools/pkg-descr
sed 's/^X//' >ipsec-tools/pkg-descr << 'END-of-ipsec-tools/pkg-descr'
Xracoon speaks IKE (ISAKMP/Oakley) key management protocol, to
Xestablish security association with other hosts.
X
XThis is the IPSec-tools version of racoon.
X
XKnown issues:
X- Too many use of dynamic memory allocation, which leads to memory leak.
X- Non-threaded implementation.  Simultaneous key negotiation performance
X  should be improved.
X- Cannot negotiate keys for per-socket policy.
X- Cryptic configuration syntax - blame IPsec specification too...
X- Needs more documentation.
X
XDesign choice, not a bug:
X- racoon negotiate IPsec keys only.  It does not negotiate policy.  Policy must
X  be configured into the kernel separately from racoon.  If you want to
X  support roaming clients, you may need to have a mechanism to put policy
X  for the roaming client after phase 1 finishes.
X
XWWW: http://www.kame.net/ and http://ipsec-tools.sf.net
END-of-ipsec-tools/pkg-descr
echo x - ipsec-tools/pkg-plist
sed 's/^X//' >ipsec-tools/pkg-plist << 'END-of-ipsec-tools/pkg-plist'
Xetc/rc.d/racoon.sh
Xinclude/libipsec/libpfkey.h
Xinclude/racoon/admin.h
Xinclude/racoon/evt.h
Xinclude/racoon/gcmalloc.h
Xinclude/racoon/ipsec_doi.h
Xinclude/racoon/isakmp.h
Xinclude/racoon/isakmp_cfg.h
Xinclude/racoon/isakmp_unity.h
Xinclude/racoon/isakmp_var.h
Xinclude/racoon/isakmp_xauth.h
Xinclude/racoon/misc.h
Xinclude/racoon/racoonctl.h
Xinclude/racoon/schedule.h
Xinclude/racoon/sockmisc.h
Xinclude/racoon/var.h
Xinclude/racoon/vmbuf.h
Xlib/libipsec.a
Xlib/libipsec.la
Xlib/libipsec.so
Xlib/libipsec.so.0
Xlib/libracoon.a
Xlib/libracoon.la
Xlib/libracoon.so
Xlib/libracoon.so.0
Xman/man3/ipsec_set_policy.3
Xman/man3/ipsec_strerror.3
Xman/man5/racoon.conf.5.gz
Xman/man8/plainrsa-gen.8
Xman/man8/racoon.8.gz
Xman/man8/racoonctl.8
Xman/man8/setkey.8
Xsbin/plainrsa-gen
Xsbin/racoon
Xsbin/racoonctl
Xsbin/setkey
X@dirrm var/racoon
X@dirrm var
X@dirrm share/nls/en_US.US-ASCII
X@dirrm share/nls/POSIX
X@dirrm include/racoon
X@dirrm include/libipsec
END-of-ipsec-tools/pkg-plist
echo x - ipsec-tools/distinfo
sed 's/^X//' >ipsec-tools/distinfo << 'END-of-ipsec-tools/distinfo'
XMD5 (ipsec-tools-0.6.tar.bz2) = 0487458fe95defb609faa6b05cd9b0af
XSIZE (ipsec-tools-0.6.tar.bz2) = 660938
END-of-ipsec-tools/distinfo
echo x - ipsec-tools/Makefile
sed 's/^X//' >ipsec-tools/Makefile << 'END-of-ipsec-tools/Makefile'
X# New ports collection makefile for:	ipsec-tools
X# Date created:		20 dec 2004
X# Whom:			vanhu
X#
X
X# TODO: - better list of master sites
X#       - configurable --enable-xxx 
X#       - libipsec issue ?
X#       - cleanup...
X#       - SYSCONFDIR
X#       - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey
X
X
XPORTNAME=	ipsec-tools
XPORTVERSION=	0.6
XCATEGORIES=	security net
XMASTER_SITES=	http://switch.dl.sourceforge.net/sourceforge/ipsec-tools/ \
X	http://ovh.dl.sourceforge.net/sourceforge/ipsec-tools/
XUSE_BZIP2= yes
X
XMAINTAINER=	vanhu@netasq.com
XCOMMENT=	KAME racoon IKE daemon, ipsec-tools version
X
XUSE_RC_SUBR=	YES
XUSE_OPENSSL=	YES
X
XWRKSRC=		${WRKDIR}/${DISTNAME}
XGNU_CONFIGURE=	yes
XLDFLAGS+=	-L${LOCALBASE}/lib
XCONFIGURE_ARGS+=--enable-debug
XCONFIGURE_ARGS+=--enable-dpd
XCONFIGURE_ARGS+=--enable-natt=kernel
XCONFIGURE_ARGS+=--enable-frag
XCONFIGURE_ARGS+=--enable-ipv6
XCONFIGURE_ARGS+=--enable-shared
XCONFIGURE_ARGS+=--sysconfdir=${LOCALBASE}/etc
XCONFIGURE_ARGS+=--with-pkgversion=freebsd-${PORTVERSION}
X
XMAN5=		racoon.conf.5
XMAN8=		racoon.8
X
XRC_SCRIPTS_SUB=	PREFIX=${PREFIX} \
X		RC_SUBR=${RC_SUBR}
X
Xpre-patch:
X#	${MV} ${WRKSRC}/racoon.8 ${WRKSRC}/racoon.8.in
X
X
Xpost-install:
X	@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
X		${FILESDIR}/racoon.sh > ${PREFIX}/etc/rc.d/racoon.sh
X	@${CHMOD} +x ${PREFIX}/etc/rc.d/racoon.sh
X	@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && echo ipsec` ]; then \
X	    ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
X	    ${ECHO_MSG} "         You must build the kernel if you want to run racoon on the host"; \
X	fi ;
X
X.include <bsd.port.mk>
END-of-ipsec-tools/Makefile
exit


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508312032.j7VKW4IN021544>