PKGBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

# Maintainer: Cedric Roijakkers <cedric [the at sign goes here] roijakkers [the dot sign goes here] be>.
# Based on previous work from the following people:
# Contributor: Chris Severance aur.severach aATt spamgourmet dott com
# Contributor: Gomasy <nyan@gomasy.jp>
# Contributor: Alexandre BIQUE <bique.alexandre@gmail.com>
# Contributor: Patrick Burroughs (Celti) <celti@celti.name>

set -u
pkgname='libreswan'
#pkgname+='-git'
pkgver='4.15'
pkgrel='1'
pkgdesc='IPsec implementation with IKEv1 and IKEv2 keying protocols'
arch=('i686' 'x86_64')
arch+=('aarch64') # yjun naumovitch
url='https://libreswan.org/'
license=('GPL' 'MPL')
depends=('systemd' 'unbound' 'nss' 'libcap-ng' 'curl' 'inetutils')
depends+=('python3')
optdepends=(
  'networkmanager-libreswan: NetworkManager support'
  'networkmanager-l2tp: L2TP support for NetworkManager using libreswan for IPSec'
)
makedepends=('docbook-xsl' 'xmlto' 'flex' 'bison')
conflicts=('freeswan' 'openswan' 'strongswan' 'ipsec-tools')
backup=('etc/ipsec.conf' 'etc/ipsec.secrets' 'etc/pam.d/pluto')
install="${pkgname}.install"
_srcdir="${pkgname}-${pkgver}"
source=(
  "https://download.libreswan.org/${pkgname}-${pkgver%%.r*}.tar.gz"
  'tmpfiles.conf'
)
md5sums=('ded0c06c31790be39e8881174b40ce04'
         '77399a739ee99f8bc54837684d7c39d5')
sha256sums=('fe60d7db398c8ee225055db365ec968a24aebcbc5c35061131fcffdad1be04af'
            '78265c690d58228c3bcc1a8793456172c39d493d268e9d9b1816288d0a47f573')

if [ "${pkgname%-git}" != "${pkgname}" ]; then
  _srcdir="${pkgname}"
  source[0]="${_srcdir}::git://github.com/libreswan/libreswan.git"
  #source[0]+="#branch=release-${pkgver%%.r*}"
  makedepends+=('git')
  md5sums[0]='SKIP'
  sha256sums[0]='SKIP'
  provides=("${pkgname%-*}=${pkgver%%.r*}")
  conflicts=("${pkgname%-*}")
pkgver() {
  set -u
  cd "${_srcdir}"
  git describe --long | sed -e 's/\([^-]*-g\)/r\1/' -e 's/-/./g' -e 's:^v::g'
  set +u
}
elif [ "${pkgver%%.r*}" != "${pkgver}" ]; then
pkgver() {
  printf '%s' "${pkgver%.r*}"
}
fi

# https://git.centos.org/rpms/libreswan/blob/c8s/f/SPECS/libreswan.spec
_bargs=(
  FINALLIBEXECDIR='/usr/lib/ipsec'
  #INC_MANDIR='/usr/share/man'
  FINALMANDIR='/usr/share/man'
  FINALSBINDIR='/usr/bin'
  #INC_USRLOCAL='/usr' # required by 3.32 for /usr/share/doc
  PREFIX='/usr'
  USE_DNSSEC=false
  USE_LABELED_IPSEC=false
  USE_LIBCAP_NG=true
  USE_DH2=true # insecure modp1024

  USE_LEAK_DETECTIVE=false
  USE_XAUTH=true
)

prepare() {
  set -u
  bash -n "${startdir}/${install}"
  set +u
}

build() {
  set -u
  cd "${_srcdir}"

  # Disable preprocessor warnings, because the build failed with GCC 13.2
  local _cf=(
    -Wp,-w
  )

  CFLAGS="${CFLAGS} ${_cf[*]}" \
  nice make -s "${_bargs[@]}" programs
  set +u
}

package() {
  set -u
  cd "${_srcdir}"

  make -j1 DESTDIR="${pkgdir}/" "${_bargs[@]}" install

  #sed -e '1s|python\b|python2|' -i "${pkgdir}/usr/lib/ipsec"/{verify,show}
  install -Dpm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/libreswan.conf"
  rm -rf "${pkgdir}/var"

  install -Dpm644 <(cat << EOF
# Automatically generated by ${pkgname}-${pkgver} PKGBUILD from Arch Linux AUR
# https://aur.archlinux.org/

# Disable redirects for ipsec tunnels

net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
EOF
  ) "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf"
  sed -e 's: = 0: = 1:g' "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf" > "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf.revert"

  if [ "$(vercmp "${pkgver}" '4.0')" -ge 0 ]; then
    install -dm700 "${pkgdir}/var/lib/ipsec/nss"
  fi
  set +u
}
set +u
# vim:set ts=2 sw=2 et: