Date: Thu, 27 May 2021 10:45:11 GMT From: Olivier Cochard <olivier@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 2e5a5b07e2bb - main - security/openiked-portable: New port for OpenBSD portable version of OpenIKED Message-ID: <202105271045.14RAjBwY086917@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by olivier: URL: https://cgit.FreeBSD.org/ports/commit/?id=2e5a5b07e2bb28a3f0321c1550da6025317bd2bd commit 2e5a5b07e2bb28a3f0321c1550da6025317bd2bd Author: Olivier Cochard <olivier@FreeBSD.org> AuthorDate: 2021-05-27 10:40:26 +0000 Commit: Olivier Cochard <olivier@FreeBSD.org> CommitDate: 2021-05-27 10:44:57 +0000 security/openiked-portable: New port for OpenBSD portable version of OpenIKED PR: 256009 Reported by: David Marec <david@lapinbilly.eu> --- security/Makefile | 1 + security/openiked-portable/Makefile | 31 ++++++++++++++ security/openiked-portable/distinfo | 3 ++ security/openiked-portable/files/iked.in | 69 ++++++++++++++++++++++++++++++++ security/openiked-portable/pkg-descr | 10 +++++ security/openiked-portable/pkg-plist | 14 +++++++ security/openiked/Makefile | 2 + 7 files changed, 130 insertions(+) diff --git a/security/Makefile b/security/Makefile index ce92287f6e4d..1c9313c89a51 100644 --- a/security/Makefile +++ b/security/Makefile @@ -405,6 +405,7 @@ SUBDIR += openct SUBDIR += openfortivpn SUBDIR += openiked + SUBDIR += openiked-portable SUBDIR += opensaml SUBDIR += opensc SUBDIR += openscep diff --git a/security/openiked-portable/Makefile b/security/openiked-portable/Makefile new file mode 100644 index 000000000000..4d37a5ebfead --- /dev/null +++ b/security/openiked-portable/Makefile @@ -0,0 +1,31 @@ +PORTNAME= openiked +PORTVERSION= 6.9.0 +CATEGORIES= security net +MASTER_SITES= OPENBSD/OpenIKED +PKGNAMESUFFIX= -portable + +MAINTAINER= david@lapinbilly.eu +COMMENT= IKEv2 daemon + +LICENSE= ISCL + +LIB_DEPENDS= libevent.so:devel/libevent + +CONFLICTS_INSTALL= openiked-[0-9]* +USES= cmake ssl + +USE_RC_SUBR= iked +USERS= _iked +GROUPS= _iked + +.include <bsd.port.pre.mk> + +.if ${OSREL:R} < 12 && ${SSL_DEFAULT} == "base" +BROKEN= requires OpenSSL 1.1.1, upgrade to FreeBSD 12.x/13.x or add DEFAULT_VERSIONS+=ssl=[openssl|libressl*] to /etc/make.conf +.endif + +post-install: + ${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \ + ${STAGEDIR}${PREFIX}/etc/iked.conf.sample + +.include <bsd.port.post.mk> diff --git a/security/openiked-portable/distinfo b/security/openiked-portable/distinfo new file mode 100644 index 000000000000..3cbaa5e62443 --- /dev/null +++ b/security/openiked-portable/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1621459617 +SHA256 (openiked-6.9.0.tar.gz) = f8a9a376c27a53b9d22a948a8245aa296f0c24fe5a40933d77b752b5e98ffa5d +SIZE (openiked-6.9.0.tar.gz) = 289696 diff --git a/security/openiked-portable/files/iked.in b/security/openiked-portable/files/iked.in new file mode 100644 index 000000000000..850c44287707 --- /dev/null +++ b/security/openiked-portable/files/iked.in @@ -0,0 +1,69 @@ +#!/bin/sh + +# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $ +# +# PROVIDE: iked +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# iked_enable (bool): Set to NO by default. +# Set it to YES to enable iked. +# iked_ramdisk (bool): Set to NO by default. See below. +# +# When iked_ramdisk is set to YES, the rc.d script will make sure +# all directories exist, but will not generate a key pair if none +# exists. The daemon is not started when the key pair no config +# files are missing. It is assumed the ramdisk is not populated +# completely. When iked_ramdisk is NO, key pairs are created as +# needed and thr daemon is started unconditionally. + +. /etc/rc.subr + +name=iked +desc="IKEv2 daemon" +rcvar=iked_enable + +load_rc_config $name + +: ${iked_enable:=NO} +: ${iked_ramdisk=NO} + +command=%%PREFIX%%/sbin/iked +start_precmd=iked_precmd + +iked_config=%%PREFIX%%/etc/iked.conf +iked_rootdir=%%PREFIX%%/etc/iked +iked_privkey=${iked_rootdir}/private/local.key +iked_pubkey=${iked_rootdir}/local.pub + +iked_precmd() +{ + + if checkyesno iked_ramdisk; then + # Make sure we have our directory hierarchy. + for D in ca certs crls export private pubkeys \ + pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do + mkdir -p %%PREFIX%%/etc/iked/$D + done + chmod 700 %%PREFIX%%/etc/iked/private + else + # Create a key pair if not already present. + if test ! -f $iked_privkey; then + /usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey" + /bin/chmod 600 "$iked_privkey" + /usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey" + fi + fi + + # We must have a private key and a configuration file. + # Don't start iked when those are missing. + if test ! \( -f $iked_privkey -a -f $iked_config \); then + # Be quiet about it; it must be intentional. + exit 1 + fi +} + +run_rc_command "$1" diff --git a/security/openiked-portable/pkg-descr b/security/openiked-portable/pkg-descr new file mode 100644 index 000000000000..8ebd0d5fe978 --- /dev/null +++ b/security/openiked-portable/pkg-descr @@ -0,0 +1,10 @@ +OpenIKED is a free, permissively licensed Internet Key Exchange +(IKEv2) implementation, developed as part of the OpenBSD project. +It is intended to be a lean, secure and interoperable daemon that +allows for easy setup and management of IPsec VPNs. + +The portable versions take the OpenBSD based source code and add +compatibility functions and build infrastructure for other operating +systems. + +WWW: https://github.com/openiked/openiked-portable diff --git a/security/openiked-portable/pkg-plist b/security/openiked-portable/pkg-plist new file mode 100644 index 000000000000..0fd28cb6125e --- /dev/null +++ b/security/openiked-portable/pkg-plist @@ -0,0 +1,14 @@ +@sample(,,600) etc/iked.conf.sample +sbin/ikectl +sbin/iked +man/man5/iked.conf.5.gz +man/man8/ikectl.8.gz +man/man8/iked.8.gz +@dir etc/iked/ca +@dir etc/iked/certs +@dir etc/iked/crls +@dir(,,700) etc/iked/private +@dir etc/iked/pubkeys/fqdn +@dir etc/iked/pubkeys/ipv4 +@dir etc/iked/pubkeys/ipv6 +@dir etc/iked/pubkeys/ufqdn diff --git a/security/openiked/Makefile b/security/openiked/Makefile index 43b7b90fa1d6..99c58821f745 100644 --- a/security/openiked/Makefile +++ b/security/openiked/Makefile @@ -11,6 +11,8 @@ LIB_DEPENDS= libevent.so:devel/libevent USES= autoreconf libtool ssl +CONFLICTS_INSTALL= openiked-portable[0-9]* + USE_GITHUB= yes GH_ACCOUNT= xcllnt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105271045.14RAjBwY086917>