Attachment #225100 for bug #256009




PORTNAME=			openiked-portable
PORTVERSION=		6.9.0
CATEGORIES=			security net
MASTER_SITES=		OPENBSD/OpenIKED
DISTNAME=			openiked-${PORTVERSION}

MAINTAINER=	david@lapinbilly.eu
COMMENT=	IKEv2 daemon

LICENSE=	ISCL

LIB_DEPENDS=	libevent.so:devel/libevent

CONFLICTS_INSTALL=		openiked-[0-9]*
USES=		cmake ssl

USE_RC_SUBR=	iked
USERS=			_iked
GROUPS=			_iked

post-install:
	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample

.include <bsd.port.mk>

Added Link Here

(-)b/security/openiked-portable/distinfo (+3 lines)
1	TIMESTAMP = 1621459617
2	SHA256 (openiked-6.9.0.tar.gz) = f8a9a376c27a53b9d22a948a8245aa296f0c24fe5a40933d77b752b5e98ffa5d
3	SIZE (openiked-6.9.0.tar.gz) = 289696




#!/bin/sh

# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
#
# PROVIDE: iked
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# iked_enable (bool):	Set to NO by default.
#			Set it to YES to enable iked.
# iked_ramdisk (bool):	Set to NO by default. See below.
#
# When iked_ramdisk is set to YES, the rc.d script will make sure
# all directories exist, but will not generate a key pair if none
# exists.  The daemon is not started when the key pair no config
# files are missing.  It is assumed the ramdisk is not populated
# completely.  When iked_ramdisk is NO, key pairs are created as
# needed and thr daemon is started unconditionally.

. /etc/rc.subr

name=iked
desc="IKEv2 daemon"
rcvar=iked_enable

load_rc_config $name

: ${iked_enable:=NO}
: ${iked_ramdisk=NO}

command=%%PREFIX%%/sbin/iked
start_precmd=iked_precmd

iked_config=%%PREFIX%%/etc/iked.conf
iked_rootdir=%%PREFIX%%/etc/iked
iked_privkey=${iked_rootdir}/private/local.key
iked_pubkey=${iked_rootdir}/local.pub

iked_precmd()
{

	if checkyesno iked_ramdisk; then
		# Make sure we have our directory hierarchy.
		for D in ca certs crls export private pubkeys \
		    pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
			mkdir -p %%PREFIX%%/etc/iked/$D
		done
		chmod 700 %%PREFIX%%/etc/iked/private
	else
		# Create a key pair if not already present.
		if test ! -f $iked_privkey; then
			/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
			/bin/chmod 600 "$iked_privkey"
			/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
		fi
	fi

	# We must have a private key and a configuration file.
	# Don't start iked when those are missing.
	if test ! \( -f $iked_privkey -a -f $iked_config \); then
		# Be quiet about it; it must be intentional.
		exit 1
	fi
}

run_rc_command "$1"

Added Link Here

(-)b/security/openiked-portable/pkg-descr (+10 lines)
1	OpenIKED is a free, permissively licensed Internet Key Exchange
2	(IKEv2) implementation, developed as part of the OpenBSD project.
3	It is intended to be a lean, secure and interoperable daemon that
4	allows for easy setup and management of IPsec VPNs.
5
6	The portable versions take
7	the OpenBSD based source code and add compatibility functions and
8	build infrastructure for other operating systems.
9
10	WWW: https://github.com/openiked/openiked-portable




@sample(,,600) etc/iked.conf.sample
sbin/ikectl
sbin/iked
man/man5/iked.conf.5.gz
man/man8/ikectl.8.gz
man/man8/iked.8.gz
@dir etc/iked/ca
@dir etc/iked/certs
@dir etc/iked/crls
@dir(,,700) etc/iked/private
@dir etc/iked/pubkeys/fqdn
@dir etc/iked/pubkeys/ipv4
@dir etc/iked/pubkeys/ipv6
@dir etc/iked/pubkeys/ufqdn

Lines 7-12 COMMENT= IKEv2 daemon Link Here

(-)b/security/openiked/Makefile (+1 lines)
7		7
8	LICENSE= ISCL	8	LICENSE= ISCL
9		9
		10	CONFLICTS_INSTALL= openiked-portable[0-9]*
10	LIB_DEPENDS= libevent.so:devel/libevent	11	LIB_DEPENDS= libevent.so:devel/libevent
11		12
12	USES= autoreconf libtool ssl	13	USES= autoreconf libtool ssl

Return to bug 256009

Added Link Here

(-)b/security/openiked-portable/Makefile (+25 lines)
1	PORTNAME= openiked-portable
2	PORTVERSION= 6.9.0
3	CATEGORIES= security net
4	MASTER_SITES= OPENBSD/OpenIKED
5	DISTNAME= openiked-${PORTVERSION}
6
7	MAINTAINER= david@lapinbilly.eu
8	COMMENT= IKEv2 daemon
9
10	LICENSE= ISCL
11
12	LIB_DEPENDS= libevent.so:devel/libevent
13
14	CONFLICTS_INSTALL= openiked-[0-9]*
15	USES= cmake ssl
16
17	USE_RC_SUBR= iked
18	USERS= _iked
19	GROUPS= _iked
20
21	post-install:
22	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
23	${STAGEDIR}${PREFIX}/etc/iked.conf.sample
24
25	.include <bsd.port.mk>

Added Link Here

(-)b/security/openiked-portable/files/iked.in (+69 lines)
1	#!/bin/sh
2
3	# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
4	#
5	# PROVIDE: iked
6	# REQUIRE: LOGIN
7	# KEYWORD: shutdown
8	#
9	# Add these lines to /etc/rc.conf.local or /etc/rc.conf
10	# to enable this service:
11	#
12	# iked_enable (bool): Set to NO by default.
13	# Set it to YES to enable iked.
14	# iked_ramdisk (bool): Set to NO by default. See below.
15	#
16	# When iked_ramdisk is set to YES, the rc.d script will make sure
17	# all directories exist, but will not generate a key pair if none
18	# exists. The daemon is not started when the key pair no config
19	# files are missing. It is assumed the ramdisk is not populated
20	# completely. When iked_ramdisk is NO, key pairs are created as
21	# needed and thr daemon is started unconditionally.
22
23	. /etc/rc.subr
24
25	name=iked
26	desc="IKEv2 daemon"
27	rcvar=iked_enable
28
29	load_rc_config $name
30
31	: ${iked_enable:=NO}
32	: ${iked_ramdisk=NO}
33
34	command=%%PREFIX%%/sbin/iked
35	start_precmd=iked_precmd
36
37	iked_config=%%PREFIX%%/etc/iked.conf
38	iked_rootdir=%%PREFIX%%/etc/iked
39	iked_privkey=${iked_rootdir}/private/local.key
40	iked_pubkey=${iked_rootdir}/local.pub
41
42	iked_precmd()
43	{
44
45	if checkyesno iked_ramdisk; then
46	# Make sure we have our directory hierarchy.
47	for D in ca certs crls export private pubkeys \
48	pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
49	mkdir -p %%PREFIX%%/etc/iked/$D
50	done
51	chmod 700 %%PREFIX%%/etc/iked/private
52	else
53	# Create a key pair if not already present.
54	if test ! -f $iked_privkey; then
55	/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
56	/bin/chmod 600 "$iked_privkey"
57	/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
58	fi
59	fi
60
61	# We must have a private key and a configuration file.
62	# Don't start iked when those are missing.
63	if test ! \( -f $iked_privkey -a -f $iked_config \); then
64	# Be quiet about it; it must be intentional.
65	exit 1
66	fi
67	}
68
69	run_rc_command "$1"

Added Link Here

(-)b/security/openiked-portable/pkg-plist (+14 lines)
1	@sample(,,600) etc/iked.conf.sample
2	sbin/ikectl
3	sbin/iked
4	man/man5/iked.conf.5.gz
5	man/man8/ikectl.8.gz
6	man/man8/iked.8.gz
7	@dir etc/iked/ca
8	@dir etc/iked/certs
9	@dir etc/iked/crls
10	@dir(,,700) etc/iked/private
11	@dir etc/iked/pubkeys/fqdn
12	@dir etc/iked/pubkeys/ipv4
13	@dir etc/iked/pubkeys/ipv6
14	@dir etc/iked/pubkeys/ufqdn