blob: 7a78f272dc72ea9cfbf92cc7198d8b6f3d2798e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# Maintainer: Cedric Roijakkers <cedric [the at sign goes here] roijakkers [the dot sign goes here] be>.
# Based on previous work from the following people:
# Contributor: Chris Severance aur.severach aATt spamgourmet dott com
# Contributor: Gomasy <nyan@gomasy.jp>
# Contributor: Alexandre BIQUE <bique.alexandre@gmail.com>
# Contributor: Patrick Burroughs (Celti) <celti@celti.name>
set -u
pkgname='libreswan'
#pkgname+='-git'
pkgver='4.12'
pkgrel='2'
pkgdesc='IPsec implementation with IKEv1 and IKEv2 keying protocols'
arch=('i686' 'x86_64')
arch+=('aarch64') # yjun naumovitch
url='https://libreswan.org/'
license=('GPL' 'MPL')
depends=('systemd' 'unbound' 'nss' 'libcap-ng' 'curl' 'inetutils')
depends+=('python3')
optdepends=(
'networkmanager-libreswan: NetworkManager support'
'networkmanager-l2tp: L2TP support for NetworkManager using libreswan for IPSec'
)
makedepends=('docbook-xsl' 'xmlto' 'flex' 'bison')
conflicts=('freeswan' 'openswan' 'strongswan' 'ipsec-tools')
backup=('etc/ipsec.conf' 'etc/ipsec.secrets' 'etc/pam.d/pluto')
install="${pkgname}.install"
_srcdir="${pkgname}-${pkgver}"
source=(
"https://download.libreswan.org/${pkgname}-${pkgver%%.r*}.tar.gz"
'tmpfiles.conf'
)
md5sums=('a8dea4d464e1cc58a25cb00fa0298fc4'
'77399a739ee99f8bc54837684d7c39d5')
sha256sums=('ae85abe415f7becf4b6a2b9897e1712f27e5aac9c35dfbdddbcce0ad7dfd99f7'
'78265c690d58228c3bcc1a8793456172c39d493d268e9d9b1816288d0a47f573')
if [ "${pkgname%-git}" != "${pkgname}" ]; then
_srcdir="${pkgname}"
source[0]="${_srcdir}::git://github.com/libreswan/libreswan.git"
#source[0]+="#branch=release-${pkgver%%.r*}"
makedepends+=('git')
md5sums[0]='SKIP'
sha256sums[0]='SKIP'
provides=("${pkgname%-*}=${pkgver%%.r*}")
conflicts=("${pkgname%-*}")
pkgver() {
set -u
cd "${_srcdir}"
git describe --long | sed -e 's/\([^-]*-g\)/r\1/' -e 's/-/./g' -e 's:^v::g'
set +u
}
elif [ "${pkgver%%.r*}" != "${pkgver}" ]; then
pkgver() {
printf '%s' "${pkgver%.r*}"
}
fi
# https://git.centos.org/rpms/libreswan/blob/c8s/f/SPECS/libreswan.spec
_bargs=(
FINALLIBEXECDIR='/usr/lib/ipsec'
#INC_MANDIR='/usr/share/man'
FINALMANDIR='/usr/share/man'
FINALSBINDIR='/usr/bin'
#INC_USRLOCAL='/usr' # required by 3.32 for /usr/share/doc
PREFIX='/usr'
USE_DNSSEC=false
USE_LABELED_IPSEC=false
USE_LIBCAP_NG=true
USE_DH2=true # insecure modp1024
USE_LEAK_DETECTIVE=false
USE_XAUTH=true
)
prepare() {
set -u
bash -n "${startdir}/${install}"
set +u
}
build() {
set -u
cd "${_srcdir}"
# Disable new warning introduced with GCC 6 (-Wunused-const-variable=)
local _cf=(
#-Wno-error=sign-compare
#-Wno-error=unused-const-variable
#-Wno-error=implicit-fallthrough
#-Wno-error=maybe-uninitialized
#-Wno-error=pointer-compare
#-Wno-error=format-truncation
#-DNSS_PKCS11_2_0_COMPAT=1 # nss 3.52 https://github.com/libreswan/libreswan/issues/342
-Wno-error=unused-result
)
CFLAGS="${CFLAGS} ${_cf[*]}" \
nice make -s "${_bargs[@]}" programs
set +u
}
package() {
set -u
cd "${_srcdir}"
make -j1 DESTDIR="${pkgdir}/" "${_bargs[@]}" install
#sed -e '1s|python\b|python2|' -i "${pkgdir}/usr/lib/ipsec"/{verify,show}
install -Dpm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/libreswan.conf"
rm -rf "${pkgdir}/var"
install -Dpm644 <(cat << EOF
# Automatically generated by ${pkgname}-${pkgver} PKGBUILD from Arch Linux AUR
# https://aur.archlinux.org/
# Disable redirects for ipsec tunnels
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
EOF
) "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf"
sed -e 's: = 0: = 1:g' "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf" > "${pkgdir}/usr/lib/sysctl.d/${pkgname}-icmp-redirects.conf.revert"
if [ "$(vercmp "${pkgver}" '4.0')" -ge 0 ]; then
install -dm700 "${pkgdir}/var/lib/ipsec/nss"
fi
set +u
}
set +u
# vim:set ts=2 sw=2 et:
|