diff -ruN strongswan/Makefile port/Makefile --- strongswan/Makefile 2012-11-23 13:36:42.000000000 +0200 +++ port/Makefile 2012-11-23 14:26:36.000000000 +0200 @@ -2,42 +2,47 @@ # Date created: 30 May 2010 # Whom: # -# $FreeBSD: head/security/strongswan/Makefile 300897 2012-07-14 14:29:18Z beat $ +# $FreeBSD: ports/security/strongswan/Makefile,v 1.3 2011/04/29 12:24:55 culot Exp $ -PORTNAME= strongswan -PORTVERSION= 4.5.3 +PORTNAME= strongswan +PORTVERSION= 5.0.1 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ -MAINTAINER= riaank@gmail.com +MAINTAINER= strongswan@nanoteq.com COMMENT= Open Source IKEv2 IPsec-based VPN solution -OPTIONS= SQLITE "Enable SQLite" off \ - MYSQL "Enable MySQL" off \ - CURL "Enable CURL to fetch CRL/OCSP" off \ - EAPAKA3GPP2 "Enable EAP AKA with 3gpp2 backend" off \ - EAPSIMFILE "Enable EAP SIM with filebased backend" off +OPTIONS= IKEv1 "Enable IKEv1 support (Experimental)" off \ + LDAP "Enable LDAP" off \ + SQLITE "Enable SQLite" off \ + MYSQL "Enable MySQL" off \ + CURL "Enable CURL to fetch CRL/OCSP" off \ + EAPAKA3GPP2 "Enable EAP AKA with 3gpp2 backend" off \ + EAPSIMFILE "Enable EAP SIM with file backend" off -USE_RC_SUBR= strongswan +USE_RC_SUBR= strongswan.sh USE_BZIP2= yes USE_AUTOTOOLS= libtool GNU_CONFIGURE= yes USE_OPENSSL= yes USE_LDCONFIG= yes +LIB_DEPENDS+= execinfo:${PORTSDIR}/devel/libexecinfo + CONFIGURE_ARGS= --enable-kernel-pfkey \ --enable-kernel-pfroute \ --disable-kernel-netlink \ --disable-tools \ --disable-scripts \ - --disable-pluto \ --disable-gmp \ --enable-openssl \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-tls \ --enable-eap-mschapv2 \ + --enable-eap-peap \ + --enable-eap-ttls \ --enable-md4 \ --enable-blowfish \ --enable-addrblock \ @@ -46,11 +51,8 @@ --with-lib-prefix=${PREFIX} # Man pages with default install -MAN3= anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 \ - initsubnet.3 portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ - ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 -MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 -MAN8= ipsec.8 _updown.8 _updown_espmark.8 +MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +MAN8= ipsec.8 .include @@ -60,6 +62,21 @@ .endif # Extra options +.if defined(WITH_IKEv1) +PLIST_SUB+= IKEv1="" +.else +CONFIGURE_ARGS+= --disable-ikev1 +PLIST_SUB+= IKEv1="@comment " +.endif + +.if defined(WITH_LDAP) +USE_OPENLDAP= yes +CONFIGURE_ARGS+= --enable-ldap +PLIST_SUB+= LDAP="" +.else +PLIST_SUB+= LDAP="@comment " +.endif + .if defined(WITH_SQLITE) || defined (WITH_MYSQL) CONFIGURE_ARGS+= --enable-attr-sql CONFIGURE_ARGS+= --enable-sql @@ -70,7 +87,7 @@ .if defined(WITH_SQLITE) CONFIGURE_ARGS+= --enable-sqlite -LIB_DEPENDS += sqlite3.8:${PORTSDIR}/databases/sqlite3 +LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3 PLIST_SUB+= SQLITE="" .else PLIST_SUB+= SQLITE="@comment " @@ -86,7 +103,7 @@ .if defined(WITH_CURL) CONFIGURE_ARGS+= --enable-curl -LIB_DEPENDS+= curl.6:${PORTSDIR}/ftp/curl +LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl PLIST_SUB+= CURL="" .else PLIST_SUB+= CURL="@comment " @@ -103,11 +120,16 @@ .if defined(WITH_EAPAKA3GPP2) CONFIGURE_ARGS+= --enable-eap-aka CONFIGURE_ARGS+= --enable-eap-aka-3gpp2 -CONFIGURE_ARGS+= --enable-gmp -LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp +LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp PLIST_SUB+= EAPAKA3GPP2="" .else PLIST_SUB+= EAPAKA3GPP2="@comment " .endif +.if defined(WITH_EAPSIMFILE) || defined(WITH_EAPAKA3GPP2) +PLIST_SUB+=SIMAKA="" +.else +PLIST_SUB+=SIMAKA="@comment " +.endif + .include diff -ruN strongswan/distinfo port/distinfo --- strongswan/distinfo 2012-11-23 13:36:42.000000000 +0200 +++ port/distinfo 2012-11-23 14:26:36.000000000 +0200 @@ -1,2 +1,2 @@ -SHA256 (strongswan-4.5.3.tar.bz2) = a59fa0d9820fb06a3c848f4537b9256d2067265ad10e1b007b79f3b16279f1ff -SIZE (strongswan-4.5.3.tar.bz2) = 3299522 +SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 +SIZE (strongswan-5.0.1.tar.bz2) = 3146776 diff -ruN strongswan/files/patch-src__ipsec__ipsec.in port/files/patch-src__ipsec__ipsec.in --- strongswan/files/patch-src__ipsec__ipsec.in 2012-11-23 13:36:42.000000000 +0200 +++ port/files/patch-src__ipsec__ipsec.in 1970-01-01 02:00:00.000000000 +0200 @@ -1,20 +0,0 @@ -diff -ur srcold/ipsec/ipsec.in src/ipsec/ipsec.in ---- srcold/ipsec/ipsec.in 2011-09-22 08:39:26.589952124 +0200 -+++ src/ipsec/ipsec.in 2011-09-22 08:39:44.640945476 +0200 -@@ -19,6 +19,7 @@ - export PATH - - # name and version of the ipsec implementation -+OS_NAME=`uname -s` - IPSEC_NAME="@IPSEC_NAME@" - IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" - -@@ -378,7 +379,7 @@ - fi - ;; - version|--version) -- printf "Linux $IPSEC_NAME $IPSEC_VERSION\n" -+ printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n" - printf "$IPSEC_DISTRO\n" - printf "See 'ipsec --copyright' for copyright information.\n" - exit 0 diff -ruN strongswan/files/strongswan.in port/files/strongswan.in --- strongswan/files/strongswan.in 2012-11-23 13:36:42.000000000 +0200 +++ port/files/strongswan.in 1970-01-01 02:00:00.000000000 +0200 @@ -1,37 +0,0 @@ -#!/bin/sh - -# $FreeBSD: head/security/strongswan/files/strongswan.in 300897 2012-07-14 14:29:18Z beat $ - -# PROVIDE: strongswan -# REQUIRE: LOGIN -# KEYWORD: shutdown - -# Add the following lines to /etc/rc.conf.local or /etc/rc.conf -# to enable this service: -# -# strongswan_enable (bool): Set to NO by default. -# Set it to YES to enable strongswan. - -. /etc/rc.subr - -name="strongswan" -rcvar=strongswan_enable - -command="%%PREFIX%%/sbin/ipsec" -extra_commands="reload statusall" - -load_rc_config $name - -start_cmd="strongswan_command start" -stop_cmd="strongswan_command stop" -restart_cmd="strongswan_command restart" -status_cmd="strongswan_command status" -reload_cmd="strongswan_command reload" -statusall_cmd="strongswan_command statusall" - -strongswan_command() -{ - $command ${rc_arg} -} - -run_rc_command "$1" diff -ruN strongswan/files/strongswan.sh.in port/files/strongswan.sh.in --- strongswan/files/strongswan.sh.in 1970-01-01 02:00:00.000000000 +0200 +++ port/files/strongswan.sh.in 2012-11-23 14:26:36.000000000 +0200 @@ -0,0 +1,33 @@ +#!/bin/sh +# Start or stop strongswan +# $FreeBSD: $ + +# PROVIDE: strongswan +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +command="%%PREFIX%%/sbin/ipsec" +. /etc/rc.subr + +name="strongswan" +rcvar=`set_rcvar` +extra_commands="reload statusall" + +load_rc_config $name + +start_cmd="strongswan_command start" +stop_cmd="strongswan_command stop" +restart_cmd="strongswan_command restart" +status_cmd="strongswan_command status" +reload_cmd="strongswan_command reload" +statusall_cmd="strongswan_command statusall" + + +strongswan_command() +{ + $command ${rc_arg} +} + +run_rc_command "$1" + diff -ruN strongswan/pkg-plist port/pkg-plist --- strongswan/pkg-plist 2012-11-23 13:36:42.000000000 +0200 +++ port/pkg-plist 2012-11-23 14:46:51.000000000 +0200 @@ -12,6 +12,10 @@ lib/ipsec/libstrongswan.la lib/ipsec/libstrongswan.so lib/ipsec/libstrongswan.so.0 +lib/ipsec/libtls.a +lib/ipsec/libtls.la +lib/ipsec/libtls.so +lib/ipsec/libtls.so.0 lib/ipsec/plugins/libstrongswan-addrblock.a lib/ipsec/plugins/libstrongswan-addrblock.la lib/ipsec/plugins/libstrongswan-addrblock.so @@ -24,6 +28,9 @@ lib/ipsec/plugins/libstrongswan-blowfish.a lib/ipsec/plugins/libstrongswan-blowfish.la lib/ipsec/plugins/libstrongswan-blowfish.so +lib/ipsec/plugins/libstrongswan-cmac.a +lib/ipsec/plugins/libstrongswan-cmac.la +lib/ipsec/plugins/libstrongswan-cmac.so lib/ipsec/plugins/libstrongswan-constraints.a lib/ipsec/plugins/libstrongswan-constraints.la lib/ipsec/plugins/libstrongswan-constraints.so @@ -42,9 +49,15 @@ lib/ipsec/plugins/libstrongswan-eap-mschapv2.a lib/ipsec/plugins/libstrongswan-eap-mschapv2.la lib/ipsec/plugins/libstrongswan-eap-mschapv2.so +lib/ipsec/plugins/libstrongswan-eap-peap.a +lib/ipsec/plugins/libstrongswan-eap-peap.la +lib/ipsec/plugins/libstrongswan-eap-peap.so lib/ipsec/plugins/libstrongswan-eap-tls.a lib/ipsec/plugins/libstrongswan-eap-tls.la lib/ipsec/plugins/libstrongswan-eap-tls.so +lib/ipsec/plugins/libstrongswan-eap-ttls.a +lib/ipsec/plugins/libstrongswan-eap-ttls.la +lib/ipsec/plugins/libstrongswan-eap-ttls.so lib/ipsec/plugins/libstrongswan-fips-prf.a lib/ipsec/plugins/libstrongswan-fips-prf.la lib/ipsec/plugins/libstrongswan-fips-prf.so @@ -63,6 +76,9 @@ lib/ipsec/plugins/libstrongswan-md5.a lib/ipsec/plugins/libstrongswan-md5.la lib/ipsec/plugins/libstrongswan-md5.so +lib/ipsec/plugins/libstrongswan-nonce.a +lib/ipsec/plugins/libstrongswan-nonce.la +lib/ipsec/plugins/libstrongswan-nonce.so lib/ipsec/plugins/libstrongswan-openssl.a lib/ipsec/plugins/libstrongswan-openssl.la lib/ipsec/plugins/libstrongswan-openssl.so @@ -75,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pkcs1.a lib/ipsec/plugins/libstrongswan-pkcs1.la lib/ipsec/plugins/libstrongswan-pkcs1.so +lib/ipsec/plugins/libstrongswan-pkcs8.a +lib/ipsec/plugins/libstrongswan-pkcs8.la +lib/ipsec/plugins/libstrongswan-pkcs8.so lib/ipsec/plugins/libstrongswan-pubkey.a lib/ipsec/plugins/libstrongswan-pubkey.la lib/ipsec/plugins/libstrongswan-pubkey.so @@ -119,6 +138,10 @@ libexec/ipsec/stroke libexec/ipsec/whitelist sbin/ipsec +%%SIMAKA%%lib/ipsec/libsimaka.a +%%SIMAKA%%lib/ipsec/libsimaka.la +%%SIMAKA%%lib/ipsec/libsimaka.so +%%SIMAKA%%lib/ipsec/libsimaka.so.0 %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.a %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.la %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.so @@ -137,6 +160,12 @@ %%CURL%%lib/ipsec/plugins/libstrongswan-curl.a %%CURL%%lib/ipsec/plugins/libstrongswan-curl.la %%CURL%%lib/ipsec/plugins/libstrongswan-curl.so +%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a +%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la +%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so +%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a +%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la +%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so %%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.a %%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.la %%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.so @@ -162,6 +191,7 @@ @dirrm etc/ipsec.d/acerts @dirrm etc/ipsec.d/aacerts @dirrm etc/ipsec.d +@exec mkdir -p %D/etc/ipsec.d @exec mkdir -p %D/etc/ipsec.d/reqs @exec mkdir -p %D/etc/ipsec.d/private @exec mkdir -p %D/etc/ipsec.d/ocspcerts