blob: 87592cb61643a27228fa59ee68762e7993f6139e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# Maintainer: Cedric Roijakkers <cedric [the at sign goes here] roijakkers [the dot sign goes here] be>.
# Based on previous work from the following people:
# Contributor: Chris Severance aur.severach aATt spamgourmet dott com
# Contributor: Gomasy <nyan@gomasy.jp>
# Contributor: Alexandre BIQUE <bique.alexandre@gmail.com>
# Contributor: Patrick Burroughs (Celti) <celti@celti.name>
set -u
pkgname='libreswan'
#pkgname+='-git'
pkgver='5.0'
pkgrel='1'
pkgdesc='IPsec implementation with IKEv1 and IKEv2 keying protocols'
arch=('i686' 'x86_64')
arch+=('aarch64') # yjun naumovitch
url='https://libreswan.org/'
license=('GPL' 'MPL')
depends=('systemd' 'unbound' 'nss' 'libcap-ng' 'curl' 'inetutils')
depends+=('python3')
optdepends=(
'networkmanager-libreswan: NetworkManager support'
'networkmanager-l2tp: L2TP support for NetworkManager using libreswan for IPSec'
)
makedepends=('docbook-xsl' 'xmlto' 'flex' 'bison')
conflicts=('freeswan' 'openswan' 'strongswan' 'ipsec-tools')
backup=('etc/ipsec.conf' 'etc/ipsec.secrets' 'etc/pam.d/pluto')
install="${pkgname}.install"
_srcdir="${pkgname}-${pkgver}"
source=(
"https://download.libreswan.org/${pkgname}-${pkgver%%.r*}.tar.gz"
'tmpfiles.conf'
)
md5sums=('185392cd6037bcc2eb9fde75423e550d'
'77399a739ee99f8bc54837684d7c39d5')
sha256sums=('10bc0adc90b9e981a30dfefba7daff200841ecb9910f9d671f137ffc1414286a'
'78265c690d58228c3bcc1a8793456172c39d493d268e9d9b1816288d0a47f573')
if [ "${pkgname%-git}" != "${pkgname}" ]; then
_srcdir="${pkgname}"
source[0]="${_srcdir}::git://github.com/libreswan/libreswan.git"
#source[0]+="#branch=release-${pkgver%%.r*}"
makedepends+=('git')
md5sums[0]='SKIP'
sha256sums[0]='SKIP'
provides=("${pkgname%-*}=${pkgver%%.r*}")
conflicts=("${pkgname%-*}")
pkgver() {
set -u
cd "${_srcdir}"
git describe --long | sed -e 's/\([^-]*-g\)/r\1/' -e 's/-/./g' -e 's:^v::g'
set +u
}
elif [ "${pkgver%%.r*}" != "${pkgver}" ]; then
pkgver() {
printf '%s' "${pkgver%.r*}"
}
fi
# https://git.centos.org/rpms/libreswan/blob/c8s/f/SPECS/libreswan.spec
_bargs=(
LIBEXECDIR='/usr/lib/ipsec'
#INC_MANDIR='/usr/share/man'
MANDIR='/usr/share/man'
SBINDIR='/usr/bin'
#INC_USRLOCAL='/usr' # required by 3.32 for /usr/share/doc
PREFIX='/usr'
USE_DNSSEC=false
USE_LABELED_IPSEC=false
USE_LIBCAP_NG=true
USE_DH2=true # insecure modp1024
USE_LEAK_DETECTIVE=false
USE_XAUTH=true
)
prepare() {
set -u
bash -n "${startdir}/${install}"
set +u
}
build() {
set -u
cd "${_srcdir}"
# Disable preprocessor warnings, because the build failed with GCC 13.2
local _cf=(
-Wp,-w
)
CFLAGS="${CFLAGS} ${_cf[*]}" \
nice make -s "${_bargs[@]}" programs
set +u
}
package() {
set -u
cd "${_srcdir}"
make -j1 DESTDIR="${pkgdir}/" "${_bargs[@]}" install
#sed -e '1s|python\b|python2|' -i "${pkgdir}/usr/lib/ipsec"/{verify,show}
install -Dpm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/libreswan.conf"
rm -rf "${pkgdir}/var"
install -Dpm644 <(cat << EOF
# Automatically generated by ${pkgname}-${pkgver} PKGBUILD from Arch Linux AUR
# https://aur.archlinux.org/
# Disable redirects for ipsec tunnels
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
EOF
) "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf"
sed -e 's: = 0: = 1:g' "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf" > "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf.revert"
if [ "$(vercmp "${pkgver}" '4.0')" -ge 0 ]; then
install -dm700 "${pkgdir}/var/lib/ipsec/nss"
fi
set +u
}
set +u
# vim:set ts=2 sw=2 et:
|