diff options
Diffstat (limited to 'net-vpn')
106 files changed, 3960 insertions, 1387 deletions
diff --git a/net-vpn/headscale/Manifest b/net-vpn/headscale/Manifest index 90ab2fca7de4..3d4f3d80371f 100644 --- a/net-vpn/headscale/Manifest +++ b/net-vpn/headscale/Manifest @@ -1,4 +1,2 @@ -DIST headscale-0.16.2-deps.tar.xz 246778024 BLAKE2B 7c2beff2b18ca87aa4d496332d6b521f31d7b496227950204d9efe35f8259fdf1f3519fce951827f3698b5c166148db3ef69225acf16ce2e659b70017ac9e0f2 SHA512 5bc9b1b6bf1c3c70a7e033c2820c9fc05df45d19855e8050687072f0394920d77416640eb9af100027a96646df285b5a3d09bab4c959d4475e8b2b304f01a4ef -DIST headscale-0.16.2.tar.gz 391683 BLAKE2B c75835e7f15847236b357988cdb66c65c3e2cb6ac2328e4fb5cb07da9c132b664afe69fcaf3fa9f6a70951e76a91ddf8fda2ea74c1af9055daca30f3efb593ab SHA512 bad885866855211d43b45dcc7b958595967241af4c2a1b370532fef7c751b85002138cd3742e4046603af383c123b66afd7de9aba59e8eee600d7ffdd70ff12c -DIST headscale-0.20.0-deps.tar.xz 199890824 BLAKE2B 4b96f22d2cd1c4156bb730cc476dbf65b969b64b857cbdc0d91714b031ca8df4993327a2e31bf8dec51b5309790bf8e606117b7c49a96654914551a9081df3cf SHA512 2394e5e995d8fae72b9561e98c1d2576309a37583441a42eee1d74fd123340dba8615c78beb581633aea15b234d213cbfcd97701c8cbf6dc85381d7dca4252a7 -DIST headscale-0.20.0.tar.gz 581431 BLAKE2B 07def2a4e6509759a1b7a18c8faa426e420a17b42290e3162540c8115316012cc83a5cbd9e8918940244591ebfca4a9225e5a0475554e52f54bd791904d6407e SHA512 e201c63f3646501229b114b48c3603945272b79390f4ab8d3f9bc557cdf02b1c404cd18ba85aaf1a5038ec41361746177278a51d6075db5944d3edf1efdcc4be +DIST headscale-0.22.3-deps.tar.xz 210358828 BLAKE2B d9c1afb1f32084a5ed062de2d9857fc6fe1a901d0a46f9966c714a7578160308461125f42c26a5c4522a0b9ee9e8f4e29e9bf4eaa34dbbea29f61ed093528301 SHA512 4643772ab7e742effba2a66aaa3cf8a155efb90e1a0b9fe5406b7feb4f224c26367bcfb15b98af69ce0f950c26cf102302a519ae770f0d4b7775464900abc737 +DIST headscale-0.22.3.tar.gz 589745 BLAKE2B a7f6798b2cb32518818e92c8f1d190e83c7e2681d812a40a75dc4cef4941970d8a27caf3cf8bc60d0e3dac963145154231f845e75640d60cf09de71e3a36c94a SHA512 c3ce7ae023dd0bd5c52e00ec2564b68eb87074a804a9982a3eb6f1e64335621a312cbb650d79571e89bef3f0d8e6d602b732156aa8851b67dfd455ac1156b311 diff --git a/net-vpn/headscale/files/config-socket.patch b/net-vpn/headscale/files/config-socket.patch deleted file mode 100644 index 73de6b6578d1..000000000000 --- a/net-vpn/headscale/files/config-socket.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/config-example.yaml b/config-example.yaml -index d3d155e..a070c22 100644 ---- a/config-example.yaml -+++ b/config-example.yaml -@@ -208,7 +208,7 @@ dns_config: - # Unix socket used for the CLI to connect without authentication - # Note: for local development, you probably want to change this to: - # unix_socket: ./headscale.sock --unix_socket: /var/run/headscale.sock -+unix_socket: /run/headscale/headscale.sock - unix_socket_permission: "0770" - # - # headscale supports experimental OpenID connect support, diff --git a/net-vpn/headscale/headscale-0.16.2.ebuild b/net-vpn/headscale/headscale-0.16.2.ebuild deleted file mode 100644 index 494f2589a5c2..000000000000 --- a/net-vpn/headscale/headscale-0.16.2.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit go-module systemd - -DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server" -HOMEPAGE="https://github.com/juanfont/headscale" -DEPS_URIS=( https://dev.gentoo.org/~{dlan,jsmolic}/distfiles/net-vpn/headscale/${P}-deps.tar.xz ) -SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz - ${DEPS_URIS[@]}" - -LICENSE="BSD Apache-2.0 MIT" -SLOT="0" -KEYWORDS="~amd64 ~riscv" - -DEPEND=" - acct-group/headscale - acct-user/headscale -" -RDEPEND=" - ${DEPEND} - net-firewall/iptables -" - -PATCHES=( - "${FILESDIR}"/config-socket.patch -) - -src_compile() { - emake version=v${PV} -} - -src_install() { - dobin headscale - dodoc -r docs/* config-example.yaml - keepdir /etc/headscale /var/lib/headscale - systemd_dounit "${FILESDIR}"/headscale.service - newconfd "${FILESDIR}"/headscale.confd headscale - newinitd "${FILESDIR}"/headscale.initd headscale - fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale -} - -pkg_postinst() { - [[ -f "${EROOT}"/etc/headscale/config.yaml ]] && return - elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service" - elog "An example is in ${EROOT}/usr/share/doc/${PV}/config-example.yaml" -} diff --git a/net-vpn/headscale/headscale-0.20.0.ebuild b/net-vpn/headscale/headscale-0.22.3.ebuild index 12d3cfd3a6af..2379c7f4ee4e 100644 --- a/net-vpn/headscale/headscale-0.20.0.ebuild +++ b/net-vpn/headscale/headscale-0.22.3.ebuild @@ -7,9 +7,9 @@ inherit go-module systemd DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server" HOMEPAGE="https://github.com/juanfont/headscale" -DEPS_URIS=( https://github.com/slchris/gentoo-go-deps/releases/download/headscale-0.20.0/${P}-deps.tar.xz ) +DEPS_URIS=( "https://github.com/antonfischl1980/gentoo-go-deps/releases/download/${P}/${P}-deps.tar.xz" ) SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz - ${DEPS_URIS}" + ${DEPS_URIS[*]}" LICENSE="BSD Apache-2.0 MIT" SLOT="0" @@ -26,7 +26,7 @@ RDEPEND=" src_compile() { export -n GOCACHE XDG_CACHE_HOME - go build -o ./bin/${PN} ./cmd/${PN} || die + go build -o "./bin/${PN}" "./cmd/${PN}" || die } src_install() { @@ -36,7 +36,7 @@ src_install() { systemd_dounit "${FILESDIR}"/headscale.service newconfd "${FILESDIR}"/headscale.confd headscale newinitd "${FILESDIR}"/headscale.initd headscale - fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale + fowners -R "${PN}":"${PN}" /etc/headscale /var/lib/headscale } pkg_postinst() { diff --git a/net-vpn/i2p/Manifest b/net-vpn/i2p/Manifest index e215485a9156..522c9fe54104 100644 --- a/net-vpn/i2p/Manifest +++ b/net-vpn/i2p/Manifest @@ -1 +1 @@ -DIST i2psource_1.7.0.tar.bz2 33300522 BLAKE2B dcb83477f6d066b707632f8db44bc811558b0bc52368ce992aaf14d0d21acc1fb9bce1dfa8171fca8cf3819765f0b7993ae4a2566a6f65786cca84c02ea4336a SHA512 a27c448246538f152355ecfdf781e39bf9e57b5d0f7ea139ce06d800ce3eed7fa4e375210e6545da2a75245b45282bc8d8e7453d96729f940c34daa75bdc588f +DIST i2psource_2.3.0.tar.bz2 33379569 BLAKE2B 56002ad57725216730c6a92eed4c4eb569bfe03e4fcbd811577610f8adf212e9db56e6761f5873933d101e513093b61e296871a122a2e2042945c1fe906bc372 SHA512 dc38174683e2388c0e766db71526e98252fc38c52255bd4529684862edfa05ba25204df97cf09a6084f9833507a0d4ea96e112d1138d9c97d2dd582ef98f9301 diff --git a/net-vpn/i2p/files/fix-junit-classpath.patch b/net-vpn/i2p/files/fix-junit-classpath.patch new file mode 100644 index 000000000000..15a87e2681f6 --- /dev/null +++ b/net-vpn/i2p/files/fix-junit-classpath.patch @@ -0,0 +1,112 @@ +--- a/apps/i2ptunnel/java/build.xml ++++ b/apps/i2ptunnel/java/build.xml +@@ -465,7 +465,7 @@ + <target name="test" depends="clean, compileTest"> + <junit printsummary="on" fork="yes"> + <classpath> +- <pathelement path="${classpath}" /> ++ <pathelement path="${gentoo.classpath}" /> + <pathelement location="./build/obj" /> + <pathelement location="../../../core/java/build/i2p.jar" /> + </classpath> +--- a/apps/ministreaming/java/build.xml ++++ b/apps/ministreaming/java/build.xml +@@ -310,22 +310,12 @@ + <junit printsummary="withOutAndErr" fork="yes" showoutput="yes" > + <sysproperty key="net.sourceforge.cobertura.datafile" file="./cobertura.ser" /> + <classpath> +- <pathelement path="${javac.classpath}" /> +- <pathelement location="${hamcrest.home}/hamcrest-core.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-library.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-integration.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-all.jar" /> +- <pathelement location="${mockito.home}/byte-buddy.jar" /> +- <pathelement location="${mockito.home}/objenesis.jar" /> +- <pathelement location="${mockito.home}/mockito-core.jar" /> +- <pathelement location="${junit.home}/junit4.jar" /> ++ <pathelement path="${gentoo.classpath}" /> + <pathelement location="./build/obj_cobertura" /> + <pathelement location="./build/obj" /> + <pathelement location="../../../core/java/build/i2ptest.jar" /> + <pathelement location="../../../core/java/build/i2p.jar" /> + <pathelement location="../../build/jbigi.jar" /> +- <pathelement location="${with.clover}" /> +- <pathelement location="${with.cobertura}" /> + </classpath> + <batchtest todir="../../../reports/ministreaming/junit/"> + <fileset dir="./test/junit"> +--- a/apps/streaming/java/build.xml ++++ b/apps/streaming/java/build.xml +@@ -126,23 +126,13 @@ + <junit printsummary="withOutAndErr" fork="yes" showoutput="yes" > + <sysproperty key="net.sourceforge.cobertura.datafile" file="./cobertura.ser" /> + <classpath> +- <pathelement path="${javac.classpath}" /> +- <pathelement location="${hamcrest.home}/hamcrest-core.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-library.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-integration.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-all.jar" /> +- <pathelement location="${mockito.home}/byte-buddy.jar" /> +- <pathelement location="${mockito.home}/objenesis.jar" /> +- <pathelement location="${mockito.home}/mockito-core.jar" /> +- <pathelement location="${junit.home}/junit4.jar" /> ++ <pathelement path="${gentoo.classpath}" /> + <pathelement location="./build/obj_cobertura" /> + <pathelement location="./build/obj" /> + <pathelement location="../../../core/java/build/i2ptest.jar" /> + <pathelement location="../../../core/java/build/i2p.jar" /> + <pathelement location="../../ministreaming/java/build/mstreaming.jar" /> + <pathelement location="../../build/jbigi.jar" /> +- <pathelement location="${with.clover}" /> +- <pathelement location="${with.cobertura}" /> + </classpath> + <batchtest todir="../../../reports/streaming/junit/"> + <fileset dir="./test/junit"> +--- a/core/java/build.xml ++++ b/core/java/build.xml +@@ -469,22 +469,12 @@ + <junit printsummary="withOutAndErr" fork="yes" maxmemory="384m" showoutput="yes" > + <sysproperty key="net.sourceforge.cobertura.datafile" file="./cobertura.ser" /> + <classpath> ++ <pathelement path="${gentoo.classpath}" /> + <pathelement location="../../installer/resources/" /> +- <pathelement path="${javac.classpath.mod}" /> +- <pathelement location="${hamcrest.home}/hamcrest-core.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-library.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-integration.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-all.jar" /> +- <pathelement location="${mockito.home}/byte-buddy.jar" /> +- <pathelement location="${mockito.home}/objenesis.jar" /> +- <pathelement location="${mockito.home}/mockito-core.jar" /> +- <pathelement location="${junit.home}/junit4.jar" /> + <pathelement location="./build/obj_cobertura" /> + <pathelement location="./build/obj" /> + <pathelement location="./test/resources" /> + <pathelement location="../../build/jbigi.jar" /> +- <pathelement location="${with.clover}" /> +- <pathelement location="${with.cobertura}" /> + </classpath> + <batchtest todir="../../reports/core/junit/"> + <fileset dir="./test/junit/"> +--- a/router/java/build.xml ++++ b/router/java/build.xml +@@ -419,18 +419,11 @@ + <junit printsummary="withOutAndErr" fork="yes" showoutput="yes" > + <sysproperty key="net.sourceforge.cobertura.datafile" file="./cobertura.ser" /> + <classpath> +- <pathelement path="${javac.classpath}" /> +- <pathelement location="${hamcrest.home}/hamcrest-core.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-library.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-integration.jar" /> +- <pathelement location="${hamcrest.home}/hamcrest-all.jar" /> +- <pathelement location="${junit.home}/junit4.jar" /> ++ <pathelement path="${gentoo.classpath}" /> + <pathelement location="./build/obj_cobertura" /> + <pathelement location="./build/obj" /> + <pathelement location="../../core/java/build/i2ptest.jar" /> + <pathelement location="../../build/jbigi.jar" /> +- <pathelement location="${with.clover}" /> +- <pathelement location="${with.cobertura}" /> + </classpath> + <batchtest todir="../../reports/router/junit/"> + <fileset dir="./test/junit"> diff --git a/net-vpn/i2p/files/i2p.init b/net-vpn/i2p/files/i2p.init index d59899b899e9..5115c14bb1a9 100644 --- a/net-vpn/i2p/files/i2p.init +++ b/net-vpn/i2p/files/i2p.init @@ -6,12 +6,10 @@ depend() { need net } -readonly WRAPPER_CONF="/usr/share/i2p/wrapper.config" - -command=wrapper -command_args="$WRAPPER_CONF wrapper.syslog.ident=i2p" +command=i2prouter +pidfile=/var/run/i2p.pid command_background=true command_progress=true command_user=i2p -pidfile=/var/run/i2p.pid -retry='SIGTERM/20 SIGKILL/20' +stopsig=SIGHUP +retry=20 diff --git a/net-vpn/i2p/files/i2p.service b/net-vpn/i2p/files/i2p.service index 87c218075a1c..e7c525e695eb 100644 --- a/net-vpn/i2p/files/i2p.service +++ b/net-vpn/i2p/files/i2p.service @@ -4,7 +4,8 @@ After=network.target [Service] User=i2p -ExecStart=/usr/bin/wrapper /usr/share/i2p/wrapper.config wrapper.syslog.ident=i2p wrapper.logfile=/var/lib/i2p/.i2p/wrapper.log +ExecStart=/usr/bin/i2prouter +KillSignal=SIGHUP [Install] WantedBy=multi-user.target diff --git a/net-vpn/i2p/i2p-1.7.0.ebuild b/net-vpn/i2p/i2p-1.7.0.ebuild deleted file mode 100644 index 5914fa6ea733..000000000000 --- a/net-vpn/i2p/i2p-1.7.0.ebuild +++ /dev/null @@ -1,145 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit java-pkg-2 java-ant-2 systemd - -DESCRIPTION="A privacy-centric, anonymous network" -HOMEPAGE="https://geti2p.net" -SRC_URI="https://files.i2p-projekt.de/${PV}/i2psource_${PV}.tar.bz2" - -LICENSE="Apache-2.0 Artistic BSD CC-BY-2.5 CC-BY-3.0 CC-BY-SA-3.0 EPL-1.0 GPL-2 GPL-3 LGPL-2.1 LGPL-3 MIT public-domain WTFPL-2" -SLOT="0" - -# Until the deps reach other arches -KEYWORDS="amd64 ~arm ~arm64 ~x86" -IUSE="nls test" -RESTRICT="!test? ( test )" - -# dev-java/ant-core is automatically added due to java-ant-2.eclass -CP_DEPEND="dev-java/java-service-wrapper:0" - -DEPEND="${CP_DEPEND} - || ( - virtual/jdk:1.8 - virtual/jdk:11 - ) - nls? ( >=sys-devel/gettext-0.19 ) - test? ( - dev-java/ant-junit4:0 - dev-java/hamcrest-core:1.3 - dev-java/hamcrest-library:1.3 - dev-java/junit:4 - dev-java/mockito:4 - ) -" - -RDEPEND="${CP_DEPEND} - acct-user/i2p - acct-group/i2p - net-libs/nativebiginteger:0 - || ( - virtual/jre:1.8 - virtual/jre:11 - ) -" - -EANT_BUILD_TARGET="pkg" -# no scala as depending on antlib.xml not installed by dev-lang/scala -EANT_TEST_TARGET="junit.test" -JAVA_ANT_ENCODING="UTF-8" - -src_prepare() { - # as early as possible to allow generic patches to be applied - default - - java-ant_rewrite-classpath - - java-pkg-2_src_prepare - - # We're on GNU/Linux, we don't need .exe files - echo "noExe=true" > override.properties || die - if ! use nls; then - echo "require.gettext=false" >> override.properties || die - fi - - # avoid auto starting browser - sed -i "s|clientApp.4.startOnLoad=true|clientApp.4.startOnLoad=false|" \ - installer/resources/clients.config || die - - # generate wrapper classpath, keeping the default to be replaced later - i2p_cp="" # global forced by java-pkg_gen-cp - java-pkg_gen-cp i2p_cp - local lib i=2 - local classpath="wrapper.java.classpath.1=${EPREFIX}/usr/share/i2p/lib/*\n" - for lib in ${i2p_cp//,/ } - do - classpath+="wrapper.java.classpath.$((i++))=$(java-pkg_getjars ${lib})\n" - done - - # add generated classpath, hardcode system VM, setting system's conf - sed -e "s|\(wrapper\.java\.classpath\.1\)=.*|${classpath}|" \ - -e "s|\(wrapper\.java\.command\)=.*|\1=/etc/java-config-2/current-system-vm/bin/java|" \ - -e "s|\(wrapper\.java\.library\.path\.1\)=.*|\1=/usr/$(get_libdir)/java-service-wrapper|" \ - -e "s|\(wrapper\.java\.library\.path\)\.2=.*|\1.2=${EPREFIX}/usr/share/i2p/lib\n\1.3=/usr/$(get_libdir)|" \ - -e "s|\(wrapper\.java\.additional\.1=-DloggerFilenameOverride\)=.*|\1=${EPREFIX}/var/log/i2p/router-@|" \ - -e "s|\(wrapper\.logfile\)=.*|\1=${EPREFIX}/var/log/i2p/wrapper|" \ - -e "/wrapper\.java\.additional\.2\(\.stripquote\|\)/d" \ - -i installer/resources/wrapper.config || - die "unable to apply gentoo config" - local prop i=2 - for prop in \ - "i2p.dir.base=${EPREFIX}/usr/share/i2p" \ - "i2p.dir.app=${EPREFIX}/var/lib/i2p/app" \ - "i2p.dir.config=${EPREFIX}/var/lib/i2p/config" \ - "i2p.dir.router=${EPREFIX}/var/lib/i2p/router" \ - "i2p.dir.log=${EPREFIX}/var/log/i2p" \ - "i2p.dir.pid=${EPREFIX}/tmp" \ - "i2p.dir.temp=${EPREFIX}/tmp" - do - echo "wrapper.java.additional.$((i++))=-D$prop" >> installer/resources/wrapper.config || - die "unable to apply gentoo config" - done -} - -src_test() { - # generate test classpath - local classpath="$(java-pkg_getjars --build-only junit-4,hamcrest-core-1.3,hamcrest-library-1.3,mockito-4)" - EANT_TEST_EXTRA_ARGS="-Djavac.classpath=${classpath}" java-pkg-2_src_test -} - -src_install() { - # cd into pkg-temp. - cd "${S}/pkg-temp" || die - - # we remove system installed jar and install the others - rm lib/wrapper.jar || \ - die "unable to remove locally built jar already found in system" - java-pkg_dojar lib/*.jar - - # create own launcher - java-pkg_dolauncher eepget --main net.i2p.util.EepGet --jar i2p.jar - - # Install main files and basic documentation - insinto "/usr/share/i2p" - doins blocklist.txt hosts.txt *.config - dodoc history.txt INSTALL-headless.txt LICENSE.txt - doman man/* - - # Install other directories - doins -r certificates docs eepsite geoip scripts - java-pkg_dowar webapps/*.war - - # Install daemon files - newinitd "${FILESDIR}/i2p.init" i2p - systemd_dounit "${FILESDIR}/i2p.service" - - # setup log - keepdir /var/log/i2p - fowners i2p:i2p /var/log/i2p - - # setup user - keepdir /var/lib/i2p - fowners i2p:i2p /var/lib/i2p -} diff --git a/net-vpn/i2p/i2p-2.3.0.ebuild b/net-vpn/i2p/i2p-2.3.0.ebuild new file mode 100644 index 000000000000..18618900dcbb --- /dev/null +++ b/net-vpn/i2p/i2p-2.3.0.ebuild @@ -0,0 +1,266 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +JAVA_PKG_IUSE="test" + +inherit java-pkg-2 java-ant-2 systemd toolchain-funcs + +DESCRIPTION="A privacy-centric, anonymous network" +HOMEPAGE="https://geti2p.net" +SRC_URI="https://files.i2p-projekt.de/${PV}/i2psource_${PV}.tar.bz2" + +LICENSE="Apache-2.0 Artistic BSD CC-BY-2.5 CC-BY-3.0 CC-BY-SA-3.0 EPL-1.0 GPL-2 GPL-3 LGPL-2.1 LGPL-3 MIT public-domain WTFPL-2" +SLOT="0" + +KEYWORDS="amd64 ~arm ~arm64 ~x86" +LANGS=( + ar az bg ca cs da de el en es es-AR et fa fi fr gl he hi hr hu id it ja ko ku mg nb nl nn pl pt pt-BR ro ru sk sl sq + sr sv tk tr uk vi zh zh-TW +) +IUSE="${LANGS[@]/#/l10n_}" + +CP_DEPEND=" + dev-java/bcprov:0 + dev-java/hashcash:1 + dev-java/httpcomponents-client:4 + dev-java/identicon:1 + dev-java/java-getopt:1 + dev-java/java-service-wrapper:0 + dev-java/jbcrypt:0 + dev-java/json-simple:2.3 + dev-java/json-smart:1 + dev-java/jsonrpc2-base:1 + dev-java/jsonrpc2-server:1 + dev-java/jstl:0 + dev-java/jstl-api:0 + dev-java/minidns-core:1 + dev-java/zxing-core:3 + dev-java/zxing-javase:3 + sys-devel/gettext:0[java] + www-servers/tomcat:9 +" +DEPEND=" + dev-libs/gmp:0= + ${CP_DEPEND} + >=virtual/jdk-1.8:* + test? ( + dev-java/ant-junit4:0 + dev-java/hamcrest:0 + dev-java/junit:4 + dev-java/mockito:4 + ) +" +RDEPEND=" + ${CP_DEPEND} + acct-user/i2p + acct-group/i2p + >=virtual/jre-1.8:* +" + +PATCHES=( + "${FILESDIR}/fix-junit-classpath.patch" +) + +EANT_BUILD_TARGET="preppkg-base" +# no scala as depending on antlib.xml not installed by dev-lang/scala +EANT_TEST_TARGET="junit.test" +JAVA_ANT_ENCODING="UTF-8" +JAVA_ANT_CLASSPATH_TAGS="javac java" +# built locally +EANT_GENTOO_CLASSPATH_EXTRA="${S}/core/java/build/i2p.jar" +EANT_GENTOO_CLASSPATH_EXTRA+=":${S}/router/java/build/router.jar" +EANT_GENTOO_CLASSPATH_EXTRA+=":${S}/apps/ministreaming/java/build/mstreaming.jar" + +DOCS=( README.md history.txt ) + +pkg_pretend() { + # see https://bugs.gentoo.org/831290 + if [[ "`java-config --show-active-vm`" = *-8 ]] && + [[ "`java-config --query MERGE_VM --package=ant-core`" != *-8 ]] + then + eerror "dev-java/ant-core was emerged with a newer version of the JDK." + eerror "It will fail to build with virtual/jdk:1.8 due to #831290." + eerror "Please switch to a newer JDK" + eerror " eselect java-vm set system ..." + eerror "Or remerge dev-java/ant-core with virtual/jdk:1.8" + eerror " emerge dev-java/ant-core" + die 'bad JDK for ant-core' + fi +} + +src_prepare() { + default # apply PATCHES + java-pkg-2_src_prepare + + # add our classpath + for f in `find -name build.xml` + do + java-ant_rewrite-classpath "$f" + done + + # remove most bundled + # apps/addressbook/java/src/net/metanotion too much code drift + # apps/i2psnark/java/src/org/klomp/snark too much code drift + # apps/jrobin need rrd4j ebuild + # apps/routerconsole/java/src/{com,edu} too much code drift + # {core,router}/java/src/com/southernstorm/noise use internal symbols + # core/java/src/freenet too much code drift + # core/java/src/gnu/crypto too much code drift + # router/java/src/com/maxmind changed interface + # router/java/src/org/cybergarage unable to find version 3 + # router/java/src/org/freenetproject too big to pull + # router/java/src/org/xlattice changed interface + java-pkg_clean ! \ + -path "./apps/jetty/jetty-distribution-*" # need to package jetty + ( cat >> override.properties || die 'set unbundled properties' ) <<- EOF + require.gettext=true + with-libgetopt-java=true + with-libjakarta-taglibs-standard-java=true + with-libjson-simple-java=true + with-libtomcat9-java=true + with-gettext-base=true + # with-geoip-database=true need std geoip use + # with-libjetty9-java=true needs a jetty ebuild + EOF + + # bcprov + rm -r core/java/src/net/i2p/crypto/elgamal || die 'unbundle bcprov' + sed -e 's,net\.i2p\.crypto\.elgamal\.impl,org.bouncycastle.jce.provider,' \ + -e 's,net\.i2p\.crypto\.elgamal\.spec,org.bouncycastle.jce.spec,' \ + -i core/java/src/net/i2p/crypto/{provider/I2PProvider,CryptoConstants}.java || + die 'redirect imports of bcprov' + # getopt, gettext + rm -r core/java/src/gnu/{getopt,gettext} || die 'unbundle GNU code' + # httpcomponents-client + rm -r core/java/src/net/i2p/apache || die 'unbundle httpcomponents-client' + sed -e 's,net\.i2p\.apache,org.apache,' \ + -i core/java/src/net/i2p/util/{Addresses,I2PSSLSocketFactory}.java \ + apps/i2pcontrol/java/net/i2p/i2pcontrol/HostCheckHandler.java || + die 'redirect imports of httpcomponents-client' + # identicon, zxing + rm -r apps/imagegen/{identicon,zxing} || die 'unbundle identicon & zxing' + sed -e '/LICENSE-Identicon.txt/d' -i build.xml && + sed -E '/dir="[^"]*(identicon|zxing)/d' -i apps/imagegen{/imagegen,}/build.xml && + sed -E '/(todir="build\/WEB-INF\/classes"|<\/copy>)/d' -i apps/imagegen/imagegen/build.xml || + die 'do not depend on unbundled' + # hashcash + rm core/java/src/com/nettgryppa/security/HashCash.java || + die 'unbundle hashcash' + # jbcrypt, jsonrpc2-* + rm -r apps/i2pcontrol/java/{com,org} || die 'unbundle jbcrypt & jsonrpc2-*' + # jstl* + sed -E '/"apps\/susidns\/src\/lib\/(jstl|standard).jar"/d' -i build.xml || + die 'unbundle jstl*' + # minidns-core, json-simple + rm -r core/java/src/org || die 'unbundle minidns-core & json-simple' + + # keep only enabled locales + local lang + for lang in ${LANGS[@]} + do + if ! use "l10n_${lang}" + then + find -regextype egrep \ + -regex ".*[_\\./]${lang/-/_}.(html|po|1)" \ + -delete || die "unbundling ${lang} translations" + fi + done + + # fix some locale names + find -name '*_in.*' -exec rename --no-overwrite _in. _id. {} \; && + find -name '*_iw.*' -exec rename --no-overwrite _iw. _he. {} \; || + die 'fix some locale names' +} + +src_configure() { + java-ant-2_src_configure + + # deamon shouldn't start GUI + sed -i 's|\(clientApp.4.startOnLoad\)=true|\1=false|' \ + installer/resources/clients.config || + die 'avoid auto starting browser' + + # yep, that's us + echo "build.built-by=Gentoo" >> override.properties || + die 'bragging failed' +} + +src_compile() { + java-pkg-2_src_compile + + local compile_lib + compile_lib() { + local name="${1}" + local file="${2}" + shift 2 + + "$(tc-getCC)" "${@}" ${CFLAGS} $(java-pkg_get-jni-cflags) \ + ${LDFLAGS} -shared -fPIC "-Wl,-soname,lib${name}.so" \ + "${file}" -o "lib${name}.so" + } + + cd "${S}/core/c/jbigi/jbigi" || die "unable to cd to jbigi" + compile_lib jbigi src/jbigi.c -Iinclude -lgmp || + die "unable to build jbigi" + + if use amd64 || use x86; then + cd "${S}/core/c/jcpuid" || die "unable to cd to jcpuid" + compile_lib jcpuid src/jcpuid.c -Iinclude || + die "unable to build jcpuid" + fi +} + +src_test() { + # avoid rebuilding + sed -e '/<delete dir=".\/build" \/>/d' -i core/java/build.xml || + die 'avoid building twice' + + # halt on error + find -name build.xml \ + -execdir sed -e 's/<junit /\0haltonerror="yes" /' -i {} + || + die 'ensure test failures propagate' + + EANT_GENTOO_CLASSPATH+=",hamcrest,junit-4,mockito-4" + java-pkg-2_src_test +} + +src_install() { + # install basic documentation + einstalldocs + doman installer/resources/man/eepget.* + + # install main files + java-pkg_doso core/c/jbigi/jbigi/libjbigi.so + if use amd64 || use x86; then + java-pkg_doso core/c/jcpuid/libjcpuid.so + fi + cd "${S}/pkg-temp" || die 'unable to change dir to built artifacts' + java-pkg_dojar lib/*.jar + java-pkg_dowar webapps/*.war + + # install shared + insinto /usr/share/i2p + doins blocklist.txt hosts.txt {clients,i2p*}.config + doins -r certificates docs eepsite geoip scripts + + # install daemons + newinitd "${FILESDIR}/i2p.init" i2p + systemd_dounit "${FILESDIR}/i2p.service" + + # setup dirs + keepdir /var/log/i2p /var/lib/i2p + fowners i2p:i2p /var/lib/i2p /var/log/i2p + + # create own launchers + java-pkg_dolauncher i2prouter --main net.i2p.router.Router --jar i2p.jar \ + --pwd "${EPREFIX}/usr/share/i2p" \ + --java_args "\ + -Di2p.dir.app=${EPREFIX}/var/lib/i2p/app \ + -Di2p.dir.config=${EPREFIX}/var/lib/i2p/config \ + -Di2p.dir.router=${EPREFIX}/var/lib/i2p/router \ + -Di2p.dir.log=${EPREFIX}/var/log/i2p \ + -DloggerFilenameOverride=${EPREFIX}/var/log/i2p/router-@" + java-pkg_dolauncher eepget --main net.i2p.util.EepGet --jar i2p.jar +} diff --git a/net-vpn/i2p/metadata.xml b/net-vpn/i2p/metadata.xml index 4897b7bf0281..fa444480afee 100644 --- a/net-vpn/i2p/metadata.xml +++ b/net-vpn/i2p/metadata.xml @@ -14,9 +14,6 @@ <name>Proxy Maintainers</name> </maintainer> <longdescription>I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.</longdescription> - <use> - <flag name="nls">Adds Native Language Support using GNU gettext.</flag> - </use> <upstream> <remote-id type="github">i2p/i2p.i2p</remote-id> </upstream> diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest index 1fe4d86c2db8..d451b0c14315 100644 --- a/net-vpn/i2pd/Manifest +++ b/net-vpn/i2pd/Manifest @@ -1,3 +1,3 @@ -DIST i2pd-2.43.0.tar.gz 638031 BLAKE2B 5e954fb62198a229fc8de9ca48655a67e8e9a0eabfa7f31dcaaaf42149239565968f16825eb25b202b6a5754938ce82d28cd2631e085dfa358bcd27ced089bd5 SHA512 7247850cd47cccc540346b4a1becc6dba5f40bcb333cd722e9fc59fd8b0beddee700376829d29add05cea6b84bb34303ed37e01914a1a41cf8cd94fe5c826e4a -DIST i2pd-2.44.0.tar.gz 648523 BLAKE2B f9b29da82c943d070c09ed3ee78ceb7759c015da8a2da19c24cbf2d9841c7869920cbafd6212ada2e285b8b263d1a719220ba9dabb20807ccb78d2576383d167 SHA512 8760fb8a501ee75ede0ec29d3e9f39efec3bc91490810b39ac4879dbc073239e779e179c0f44bc43ba31fa0b786fd652d8b6feda415731e8fc3f4c0781400e1e -DIST i2pd-2.46.1.tar.gz 644777 BLAKE2B 4973f595a162adb5d26d5c47f5b290476147e7159c6409648a501377a52823d49581f36d620502beaf741086df9f52d543dd1b173690d2ed24b327c53037ced5 SHA512 31fc39cd506775ed1e16ec0ab7dd21cf2a54575ccf797c3edb34b59733ee5d9eeaa34efd86e088040a7ccdb2e13917630e5a6aa4cbe3906786200b42ce763fa9 +DIST i2pd-2.47.0.tar.gz 650284 BLAKE2B 93ba2c43b75384cba009a48f77d8e4677c3603993a94c8843cdec8db41770bf0da41e9e09e8a7defbcdefbb56eb5ea3f069bc512fd612a30806246197c0412fe SHA512 f469115b8c0a2d4e803b09e1a0c670779912915b93822d2a04df7b71e32ec566695f6270c2c6bf615545a7fb474ce1dda2e935e88336d7614829176643e6bbf8 +DIST i2pd-2.48.0.tar.gz 654495 BLAKE2B c16e27cf46266b346ab490140cf491e8866ad1df97f0a60a81c1902f5f9cb932b1c73fb52e1c4f1164ddc2813a9be0381d46405650b06c2e00eafc6073b0c869 SHA512 51c2057e96ec87ec0885cc6de4f4ff1d4d898ce0785f58c1a028677247743d44fa1980aa13b7746a0af76d600f2b4cc3bf3408bd199c82efcb432242f5b24b80 +DIST i2pd-2.49.0.tar.gz 654406 BLAKE2B 93b1bba73d308a7a6163b0b51ea59a3e11ea2d635d7275d71338ecd06d8d1dfb430e3e177aad0b3ae35f7e0e0bd95acb4e7750cbba70a4ded97fcc7596a1912b SHA512 f2461bf6e1ec2f1b581c8528de57c92350133642cd34ed9a6b2f4c8e8199aa9e5b9ff76d967c60350606f1ab5359f8a7dbbcaa58284e8769cdfa7e0a29a384af diff --git a/net-vpn/i2pd/i2pd-2.46.1.ebuild b/net-vpn/i2pd/i2pd-2.47.0.ebuild index 24596def6c50..24596def6c50 100644 --- a/net-vpn/i2pd/i2pd-2.46.1.ebuild +++ b/net-vpn/i2pd/i2pd-2.47.0.ebuild diff --git a/net-vpn/i2pd/i2pd-2.43.0.ebuild b/net-vpn/i2pd/i2pd-2.48.0.ebuild index 034085adece1..07752940c7e2 100644 --- a/net-vpn/i2pd/i2pd-2.43.0.ebuild +++ b/net-vpn/i2pd/i2pd-2.48.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 diff --git a/net-vpn/i2pd/i2pd-2.44.0.ebuild b/net-vpn/i2pd/i2pd-2.49.0.ebuild index c60616e944bc..dba3d53329cd 100644 --- a/net-vpn/i2pd/i2pd-2.44.0.ebuild +++ b/net-vpn/i2pd/i2pd-2.49.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,7 +12,7 @@ SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" -IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening +upnp" +IUSE="cpu_flags_x86_aes i2p-hardening +upnp" RDEPEND=" acct-user/i2pd diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest index 8a7f0e916382..0c6b6baded71 100644 --- a/net-vpn/libreswan/Manifest +++ b/net-vpn/libreswan/Manifest @@ -1,3 +1 @@ -DIST libreswan-4.10.tar.gz 3709767 BLAKE2B 0b2ef7c99d77e175425fbd2cfd1a42a2e1f080d0af35833b9bddf9ba26fc3fa1649d8d1c653f58e27b21e869581e861ed27f6c2a81ee0590b7f3866ea8f2403a SHA512 757cf38dcc46541d2f9d35b3368d0fcbd254dd0440718d053ce693f7d4295d7223e4c77166cd353e7c461516b319a921fa961d1c5bbaf49cf249e4167abc7240 -DIST libreswan-4.7.tar.gz 3684167 BLAKE2B bf55be53d1034ab7706b183a7c5c3556f361ffd9453df41b03c0b03ff256ed81541365af7c7fdb2dd3d8740fe594b34b4df5301a704138b43290c601183b45aa SHA512 aea958be5512e08ea809145021695edd4e7df4487a0f3ba94c4d0165113647195c1c1599cd5fbbbfae8f6a2bebf39d7514a694f86297c29c543b1a63646ca44e -DIST libreswan-4.9.tar.gz 3706966 BLAKE2B 970d546a5840c8f97cda49e9ae78dc86467afe6250ddb17a118688de6301d8fc6a809b7a3b2d78ec0d1ae6cf58aa871388fd8c6853f58b19f80b9a4a0e28886c SHA512 4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5 +DIST libreswan-4.12.tar.gz 3718440 BLAKE2B f17b79b3ae51d8d2823ace258b899a1c6a40b9967bcf343872dc31be68ef1dede4a9195617149e895e3f11fe62d27dabab3e01c0ad2adcb668540a1c4cbc02d3 SHA512 3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0 diff --git a/net-vpn/libreswan/libreswan-4.10.ebuild b/net-vpn/libreswan/libreswan-4.12.ebuild index 7aa4c707da5a..1c5bdf2445c6 100644 --- a/net-vpn/libreswan/libreswan-4.10.ebuild +++ b/net-vpn/libreswan/libreswan-4.12.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://download.libreswan.org/${P}.tar.gz" LICENSE="GPL-2 BSD-4 RSA DES" SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~x86" +KEYWORDS="amd64 ~arm ~ppc x86" IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" RESTRICT="!test? ( test )" @@ -24,7 +24,7 @@ DEPEND=" virtual/libcrypt:= caps? ( sys-libs/libcap-ng ) curl? ( net-misc/curl ) - dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= net-dns/dnssec-root ) ldap? ( net-nds/openldap:= ) pam? ( sys-libs/pam ) seccomp? ( sys-libs/libseccomp ) @@ -66,6 +66,7 @@ src_configure() { use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS export PREFIX=/usr + export DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/dnssec/icannbundle.pem export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} export FINALDOCDIR=/usr/share/doc/${PF}/html export INITSYSTEM=$(usex systemd systemd openrc) @@ -91,7 +92,11 @@ src_configure() { src_compile() { emake all - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + all } src_test() { @@ -100,7 +105,12 @@ src_test() { src_install() { default - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + DESTDIR="${D}" \ + install echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets fperms 0600 /etc/ipsec.secrets diff --git a/net-vpn/libreswan/libreswan-4.7.ebuild b/net-vpn/libreswan/libreswan-4.7.ebuild deleted file mode 100644 index 4c117ce716a9..000000000000 --- a/net-vpn/libreswan/libreswan-4.7.ebuild +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit systemd flag-o-matic toolchain-funcs tmpfiles - -DESCRIPTION="IPsec implementation for Linux, fork of Openswan" -HOMEPAGE="https://libreswan.org/" -SRC_URI="https://download.libreswan.org/${P}.tar.gz" - -LICENSE="GPL-2 BSD-4 RSA DES" -SLOT="0" -KEYWORDS="amd64 ~arm ~ppc x86" -IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" -RESTRICT="!test? ( test )" - -DEPEND=" - dev-libs/gmp:0= - dev-libs/libevent:0= - dev-libs/nspr - >=dev-libs/nss-3.42 - >=sys-kernel/linux-headers-4.19 - virtual/libcrypt:= - caps? ( sys-libs/libcap-ng ) - curl? ( net-misc/curl ) - dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= ) - ldap? ( net-nds/openldap:= ) - pam? ( sys-libs/pam ) - seccomp? ( sys-libs/libseccomp ) - selinux? ( sys-libs/libselinux ) - systemd? ( sys-apps/systemd:0= ) -" -BDEPEND=" - app-text/docbook-xml-dtd:4.1.2 - app-text/xmlto - dev-libs/nss - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - test? ( dev-python/setproctitle ) -" -RDEPEND="${DEPEND} - dev-libs/nss[utils(+)] - sys-apps/iproute2 - !net-vpn/strongswan - selinux? ( sec-policy/selinux-ipsec ) -" -DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" - -usetf() { - usex "$1" true false -} - -PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" ) - -src_prepare() { - sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die - sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die - default -} - -src_configure() { - tc-export AR CC - - use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS - - export PREFIX=/usr - export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} - export FINALDOCDIR=/usr/share/doc/${PF}/html - export INITSYSTEM=$(usex systemd systemd openrc) - export INITDDIRS= - export INITDDIR_DEFAULT=/etc/init.d - export USERCOMPILE=${CFLAGS} - export USERLINK=${LDFLAGS} - export USE_DNSSEC=$(usetf dnssec) - export USE_LABELED_IPSEC=$(usetf selinux) - export USE_LIBCAP_NG=$(usetf caps) - export USE_LIBCURL=$(usetf curl) - export USE_LINUX_AUDIT=$(usetf selinux) - export USE_LDAP=$(usetf ldap) - export USE_NM=$(usetf networkmanager) - export USE_SECCOMP=$(usetf seccomp) - export USE_SYSTEMD_WATCHDOG=$(usetf systemd) - export SD_WATCHDOGSEC=$(usex systemd 200 0) - export USE_AUTHPAM=$(usetf pam) - export DEBUG_CFLAGS= - export OPTIMIZE_CFLAGS= - export WERROR_CFLAGS= -} - -src_compile() { - emake all - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all -} - -src_test() { - : # integration tests only that require set of kvms to be set up -} - -src_install() { - default - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install - - echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets - fperms 0600 /etc/ipsec.secrets - - keepdir /var/lib/ipsec/nss - fperms 0700 /var/lib/ipsec/nss - - dodoc -r docs - - find "${D}" -type d -empty -delete || die -} - -pkg_postinst() { - tmpfiles_process libreswan.conf - - local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss - if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then - ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" - certutil -N -d "${IPSEC_CONFDIR}" --empty-password - eend $? - einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" - fi -} diff --git a/net-vpn/libreswan/libreswan-4.9.ebuild b/net-vpn/libreswan/libreswan-4.9.ebuild deleted file mode 100644 index 66ad39f4df47..000000000000 --- a/net-vpn/libreswan/libreswan-4.9.ebuild +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit systemd flag-o-matic toolchain-funcs tmpfiles - -DESCRIPTION="IPsec implementation for Linux, fork of Openswan" -HOMEPAGE="https://libreswan.org/" -SRC_URI="https://download.libreswan.org/${P}.tar.gz" - -LICENSE="GPL-2 BSD-4 RSA DES" -SLOT="0" -KEYWORDS="~amd64 ~arm ~ppc ~x86" -IUSE="caps curl dnssec ldap networkmanager pam seccomp selinux systemd test" -RESTRICT="!test? ( test )" - -DEPEND=" - dev-libs/gmp:0= - dev-libs/libevent:0= - dev-libs/nspr - >=dev-libs/nss-3.42 - >=sys-kernel/linux-headers-4.19 - virtual/libcrypt:= - caps? ( sys-libs/libcap-ng ) - curl? ( net-misc/curl ) - dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= ) - ldap? ( net-nds/openldap:= ) - pam? ( sys-libs/pam ) - seccomp? ( sys-libs/libseccomp ) - selinux? ( sys-libs/libselinux ) - systemd? ( sys-apps/systemd:0= ) -" -BDEPEND=" - app-text/docbook-xml-dtd:4.1.2 - app-text/xmlto - dev-libs/nss - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - test? ( dev-python/setproctitle ) -" -RDEPEND="${DEPEND} - dev-libs/nss[utils(+)] - sys-apps/iproute2 - !net-vpn/strongswan - selinux? ( sec-policy/selinux-ipsec ) -" -DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" - -usetf() { - usex "$1" true false -} - -PATCHES=( "${FILESDIR}/${PN}-4.2-ip-path.patch" ) - -src_prepare() { - sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die - sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die - default -} - -src_configure() { - tc-export AR CC - - use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS - - export PREFIX=/usr - export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} - export FINALDOCDIR=/usr/share/doc/${PF}/html - export INITSYSTEM=$(usex systemd systemd openrc) - export INITDDIRS= - export INITDDIR_DEFAULT=/etc/init.d - export USERCOMPILE=${CFLAGS} - export USERLINK=${LDFLAGS} - export USE_DNSSEC=$(usetf dnssec) - export USE_LABELED_IPSEC=$(usetf selinux) - export USE_LIBCAP_NG=$(usetf caps) - export USE_LIBCURL=$(usetf curl) - export USE_LINUX_AUDIT=$(usetf selinux) - export USE_LDAP=$(usetf ldap) - export USE_NM=$(usetf networkmanager) - export USE_SECCOMP=$(usetf seccomp) - export USE_SYSTEMD_WATCHDOG=$(usetf systemd) - export SD_WATCHDOGSEC=$(usex systemd 200 0) - export USE_AUTHPAM=$(usetf pam) - export DEBUG_CFLAGS= - export OPTIMIZE_CFLAGS= - export WERROR_CFLAGS= -} - -src_compile() { - emake all - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all -} - -src_test() { - : # integration tests only that require set of kvms to be set up -} - -src_install() { - default - emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install - - echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets - fperms 0600 /etc/ipsec.secrets - - keepdir /var/lib/ipsec/nss - fperms 0700 /var/lib/ipsec/nss - - dodoc -r docs - - find "${D}" -type d -empty -delete || die -} - -pkg_postinst() { - tmpfiles_process libreswan.conf - - local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss - if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then - ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" - certutil -N -d "${IPSEC_CONFDIR}" --empty-password - eend $? - einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" - fi -} diff --git a/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-1.patch b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-1.patch new file mode 100644 index 000000000000..15d26822b71c --- /dev/null +++ b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-1.patch @@ -0,0 +1,307 @@ +https://bugs.gentoo.org/904842 +https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/commit/084ef529c5fb816927ca54866f66b340265aa9f6 + +From 084ef529c5fb816927ca54866f66b340265aa9f6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Sat, 4 Mar 2023 21:20:43 +0000 +Subject: [PATCH] Adding support for compiling against pppd-2.5.0 (or master + branch) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Eivind Næss <eivnaes@yahoo.com> +--- + Makefile.am | 5 +- + configure.ac | 37 +++++++- + src/nm-fortisslvpn-pppd-compat.h | 93 +++++++++++++++++++ + src/nm-fortisslvpn-pppd-plugin.c | 24 ++--- + ...-status.h => nm-fortisslvpn-pppd-status.h} | 0 + src/nm-fortisslvpn-service.c | 2 +- + 6 files changed, 145 insertions(+), 16 deletions(-) + create mode 100644 src/nm-fortisslvpn-pppd-compat.h + rename src/{nm-ppp-status.h => nm-fortisslvpn-pppd-status.h} (100%) + +diff --git a/Makefile.am b/Makefile.am +index b2e5533..e1e5ec9 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -81,7 +81,7 @@ libexec_PROGRAMS += src/nm-fortisslvpn-service + src_nm_fortisslvpn_service_SOURCES = \ + shared/nm-utils/nm-shared-utils.c \ + shared/nm-utils/nm-shared-utils.h \ +- src/nm-ppp-status.h \ ++ src/nm-fortisslvpn-pppd-status.h \ + src/nm-fortisslvpn-service.h \ + src/nm-fortisslvpn-service.c \ + shared/nm-fortissl-properties.c \ +@@ -106,7 +106,8 @@ src_nm_fortisslvpn_pppd_plugin_la_SOURCES = \ + shared/nm-utils/nm-shared-utils.c \ + shared/nm-utils/nm-shared-utils.h \ + src/nm-fortisslvpn-pppd-plugin.c \ +- src/nm-ppp-status.h ++ src/nm-fortisslvpn-pppd-compat.h \ ++ src/nm-fortisslvpn-pppd-status.h + nodist_src_nm_fortisslvpn_pppd_plugin_la_SOURCES = \ + src/nm-fortisslvpn-pppd-service-dbus.h + src_nm_fortisslvpn_pppd_plugin_la_CPPFLAGS = $(src_cppflags) +diff --git a/configure.ac b/configure.ac +index a998707..877493e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -19,7 +19,10 @@ AC_PROG_CC + AM_PROG_CC_C_O + AC_PROG_INSTALL + AC_PROG_LIBTOOL ++AC_PROG_CPP ++AC_PROG_EGREP + AC_PATH_PROG(GLIB_COMPILE_RESOURCES, glib-compile-resources) ++PKG_PROG_PKG_CONFIG() + + AC_GNU_SOURCE + +@@ -37,20 +40,50 @@ dnl + dnl Required headers + dnl + AC_HEADER_STDC +-AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h) ++AC_CHECK_HEADERS(fcntl.h paths.h stdarg.h stdbool.h sys/ioctl.h sys/time.h syslog.h unistd.h) + + AC_CHECK_HEADERS(pppd/pppd.h,, + AC_MSG_ERROR(couldn't find pppd.h. pppd development headers are required.)) + ++dnl ++dnl Check the presense of other pppd/*.h files ++AC_CHECK_HEADERS([ ++ pppd/chap.h ++ pppd/chap-new.h ++ pppd/chap_ms.h ++ ]) ++ ++dnl ++dnl Versions >= 2.5.0 will have pkg-config support ++PKG_CHECK_EXISTS([pppd], ++ [AS_VAR_SET([pppd_pkgconfig_support],[yes])]) ++ ++dnl ++dnl Get the version of pppd using pkg-config, assume 2.4.9 if not present ++PPPD_VERSION=2.4.5 ++if test x"$pppd_pkgconfig_support" = xyes; then ++ PPPD_VERSION=`$PKG_CONFIG --modversion pppd` ++fi ++ ++ + AC_ARG_WITH([pppd-plugin-dir], AS_HELP_STRING([--with-pppd-plugin-dir=DIR], [path to the pppd plugins directory])) + + if test -n "$with_pppd_plugin_dir" ; then + PPPD_PLUGIN_DIR="$with_pppd_plugin_dir" + else +- PPPD_PLUGIN_DIR="${libdir}/pppd/2.4.5" ++ PPPD_PLUGIN_DIR="${libdir}/pppd/$PPPD_VERSION" + fi + AC_SUBST(PPPD_PLUGIN_DIR) + ++dnl The version of pppd dictates what code can be included, i.e. enable use of ++dnl #if WITH_PPP_VERSION >= PPP_VERSION(2,5,0) in the code ++AC_DEFINE_UNQUOTED([PPP_VERSION(x,y,z)], ++ [((x & 0xFF) << 16 | (y & 0xFF) << 8 | (z & 0xFF) << 0)], ++ [Macro to help determine the particular version of pppd]) ++PPP_VERSION=$(echo $PPPD_VERSION | sed -e "s/\./\,/g") ++AC_DEFINE_UNQUOTED(WITH_PPP_VERSION, PPP_VERSION($PPP_VERSION), ++ [The real version of pppd represented as an int]) ++ + dnl + dnl Checks for typedefs, structures, and compiler characteristics. + dnl +diff --git a/src/nm-fortisslvpn-pppd-compat.h b/src/nm-fortisslvpn-pppd-compat.h +new file mode 100644 +index 0000000..9a02908 +--- /dev/null ++++ b/src/nm-fortisslvpn-pppd-compat.h +@@ -0,0 +1,93 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* nm-sstp-service - sstp (and other pppd) integration with NetworkManager ++ * ++ * Copyright (C) Eivind Næss, eivnaes@yahoo.com ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ */ ++ ++#ifndef __NM_FORTISSLVPN_PPPD_COMPAT_H__ ++#define __NM_FORTISSLVPN_PPPD_COMPAT_H__ ++ ++#define INET6 1 ++ ++// PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. ++// this silly macro magic is to work around that. ++ ++#undef VERSION ++#include <pppd/pppd.h> ++ ++#ifndef PPPD_VERSION ++#define PPPD_VERSION VERSION ++#endif ++ ++#include <pppd/fsm.h> ++#include <pppd/ccp.h> ++#include <pppd/eui64.h> ++#include <pppd/ipcp.h> ++#include <pppd/ipv6cp.h> ++#include <pppd/eap.h> ++#include <pppd/upap.h> ++ ++#ifdef HAVE_PPPD_CHAP_H ++ #include <pppd/chap.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_NEW_H ++ #include <pppd/chap-new.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_MS_H ++ #include <pppd/chap_ms.h> ++#endif ++ ++#ifndef PPP_PROTO_CHAP ++#define PPP_PROTO_CHAP 0xc223 ++#endif ++ ++#ifndef PPP_PROTO_EAP ++#define PPP_PROTO_EAP 0xc227 ++#endif ++ ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++ ++static inline bool debug_on(void) ++{ ++ return debug; ++} ++ ++static inline const char *ppp_ipparam(void) ++{ ++ return ipparam; ++} ++ ++static inline int ppp_ifunit(void) ++{ ++ return ifunit; ++} ++ ++static inline const char *ppp_ifname(void) ++{ ++ return ifname; ++} ++ ++static inline int ppp_get_mtu(int idx) ++{ ++ return netif_get_mtu(idx); ++} ++ ++#endif // #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++#endif // #ifdef __NM_FORTISSLVPN_PPPD_COMPAT_H__ +diff --git a/src/nm-fortisslvpn-pppd-plugin.c b/src/nm-fortisslvpn-pppd-plugin.c +index f2ad262..c2efb9a 100644 +--- a/src/nm-fortisslvpn-pppd-plugin.c ++++ b/src/nm-fortisslvpn-pppd-plugin.c +@@ -23,12 +23,6 @@ + #define ___CONFIG_H__ + #include <config.h> + +-#include <pppd/pppd.h> +-#include <pppd/fsm.h> +-#include <pppd/ipcp.h> +- +-#include "nm-default.h" +- + #include <sys/types.h> + #include <string.h> + #include <sys/socket.h> +@@ -42,10 +36,12 @@ + #include <grp.h> + #include <glib/gstdio.h> + ++#include "nm-fortisslvpn-pppd-status.h" ++#include "nm-fortisslvpn-pppd-compat.h" + #include "nm-fortisslvpn-pppd-service-dbus.h" +-#include "nm-fortisslvpn-service.h" +-#include "nm-ppp-status.h" + ++#include "nm-default.h" ++#include "nm-fortisslvpn-service.h" + #include "nm-utils/nm-shared-utils.h" + #include "nm-utils/nm-vpn-plugin-macros.h" + +@@ -80,7 +76,7 @@ static struct { + + int plugin_init (void); + +-char pppd_version[] = VERSION; ++char pppd_version[] = PPPD_VERSION; + + static void + chroot_sandbox (void) +@@ -296,7 +292,7 @@ get_ip4_routes (in_addr_t ouraddr) + static void + nm_ip_up (void *data, int arg) + { +- guint32 pppd_made_up_address = htonl (0x0a404040 + ifunit); ++ guint32 pppd_made_up_address = htonl (0x0a404040 + ppp_ifunit()); + ipcp_options opts = ipcp_gotoptions[0]; + ipcp_options peer_opts = ipcp_hisoptions[0]; + GVariantBuilder builder; +@@ -317,7 +313,7 @@ nm_ip_up (void *data, int arg) + + g_variant_builder_add (&builder, "{sv}", + NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, +- g_variant_new_string (ifname)); ++ g_variant_new_string (ppp_ifname())); + + str = g_getenv ("VPN_GATEWAY"); + if (str) { +@@ -442,8 +438,14 @@ plugin_init (void) + return -1; + } + ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) + add_notifier (&phasechange, nm_phasechange, NULL); + add_notifier (&ip_up_notifier, nm_ip_up, NULL); + add_notifier (&exitnotify, nm_exit_notify, NULL); ++#else ++ ppp_add_notify (NF_PHASE_CHANGE, nm_phasechange, NULL); ++ ppp_add_notify (NF_IP_UP, nm_ip_up, NULL); ++ ppp_add_notify (NF_EXIT, nm_exit_notify, NULL); ++#endif + return 0; + } +diff --git a/src/nm-ppp-status.h b/src/nm-fortisslvpn-pppd-status.h +similarity index 100% +rename from src/nm-ppp-status.h +rename to src/nm-fortisslvpn-pppd-status.h +diff --git a/src/nm-fortisslvpn-service.c b/src/nm-fortisslvpn-service.c +index 6c340d0..a8483c2 100644 +--- a/src/nm-fortisslvpn-service.c ++++ b/src/nm-fortisslvpn-service.c +@@ -40,7 +40,7 @@ + #include <glib/gstdio.h> + + #include "nm-fortissl-properties.h" +-#include "nm-ppp-status.h" ++#include "nm-fortisslvpn-pppd-status.h" + #include "nm-fortisslvpn-pppd-service-dbus.h" + #include "nm-utils/nm-shared-utils.h" + #include "nm-utils/nm-vpn-plugin-macros.h" +-- +GitLab diff --git a/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-2.patch b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-2.patch new file mode 100644 index 000000000000..d322ba4bfe9f --- /dev/null +++ b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-2.patch @@ -0,0 +1,35 @@ +https://bugs.gentoo.org/904842 +https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/commit/8773f772d39f8eee6edc1fd2e5437c754ed41e1e + +From 8773f772d39f8eee6edc1fd2e5437c754ed41e1e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Sat, 4 Mar 2023 21:29:54 +0000 +Subject: [PATCH] Fixing configure.ac from previous change +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Eivind Næss <eivnaes@yahoo.com> +--- + configure.ac | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 877493e..a5b4abb 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -47,11 +47,7 @@ AC_CHECK_HEADERS(pppd/pppd.h,, + + dnl + dnl Check the presense of other pppd/*.h files +-AC_CHECK_HEADERS([ +- pppd/chap.h +- pppd/chap-new.h +- pppd/chap_ms.h +- ]) ++AC_CHECK_HEADERS(pppd/chap.h pppd/chap-new.h pppd/chap_ms.h) + + dnl + dnl Versions >= 2.5.0 will have pkg-config support +-- +GitLab diff --git a/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-3.patch b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-3.patch new file mode 100644 index 000000000000..441b8e103398 --- /dev/null +++ b/net-vpn/networkmanager-fortisslvpn/files/networkmanager-fortisslvpn-1.4.0-ppp-2.5.0-3.patch @@ -0,0 +1,200 @@ +https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/merge_requests/27 +https://bugs.gentoo.org/904842 + +From d59819b5d26db44f51bfbb76be3b373c419e408d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Wed, 8 Mar 2023 04:30:13 +0000 +Subject: [PATCH] Improve compatibility with pppd-2.5.0 release + +This allows compiling against the older pppd 2.4 series while still +using the new API in the plugin code. It does so by adding a static +inline function ppp_add_notify(). + +Additional formatting changes to the nm-fortisslvpn-pppd-compat.h based +on review from Lubomir. +--- + src/nm-fortisslvpn-pppd-compat.h | 112 ++++++++++++++++++++----------- + src/nm-fortisslvpn-pppd-plugin.c | 6 -- + 2 files changed, 71 insertions(+), 47 deletions(-) + +diff --git a/src/nm-fortisslvpn-pppd-compat.h b/src/nm-fortisslvpn-pppd-compat.h +index 9a02908..5d2d02a 100644 +--- a/src/nm-fortisslvpn-pppd-compat.h ++++ b/src/nm-fortisslvpn-pppd-compat.h +@@ -1,32 +1,15 @@ +-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +-/* nm-sstp-service - sstp (and other pppd) integration with NetworkManager +- * +- * Copyright (C) Eivind Næss, eivnaes@yahoo.com +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; either version 2 of the License, or +- * (at your option) any later version. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License along +- * with this program; if not, write to the Free Software Foundation, Inc., +- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- */ ++/* Copyright (C) 2023 Eivind Naess, eivnaes@yahoo.com */ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ + + #ifndef __NM_FORTISSLVPN_PPPD_COMPAT_H__ + #define __NM_FORTISSLVPN_PPPD_COMPAT_H__ + +-#define INET6 1 +- +-// PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. +-// this silly macro magic is to work around that. ++/* Define INET6 to compile with IPv6 support against older pppd headers, ++ * pppd >= 2.5.0 use WITH_PPP_IPV6 and is defined in pppdconf.h */ ++#define INET6 1 + ++/* PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. ++ * this silly macro magic is to work around that. */ + #undef VERSION + #include <pppd/pppd.h> + +@@ -43,51 +26,98 @@ + #include <pppd/upap.h> + + #ifdef HAVE_PPPD_CHAP_H +- #include <pppd/chap.h> ++#include <pppd/chap.h> + #endif + + #ifdef HAVE_PPPD_CHAP_NEW_H +- #include <pppd/chap-new.h> ++#include <pppd/chap-new.h> + #endif + + #ifdef HAVE_PPPD_CHAP_MS_H +- #include <pppd/chap_ms.h> ++#include <pppd/chap_ms.h> + #endif + + #ifndef PPP_PROTO_CHAP +-#define PPP_PROTO_CHAP 0xc223 ++#define PPP_PROTO_CHAP 0xc223 + #endif + + #ifndef PPP_PROTO_EAP +-#define PPP_PROTO_EAP 0xc227 ++#define PPP_PROTO_EAP 0xc227 + #endif + ++ + #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) + +-static inline bool debug_on(void) ++static inline bool ++debug_on (void) ++{ ++ return debug; ++} ++ ++static inline const char ++*ppp_ipparam (void) + { +- return debug; ++ return ipparam; + } + +-static inline const char *ppp_ipparam(void) ++static inline int ++ppp_ifunit (void) + { +- return ipparam; ++ return ifunit; + } + +-static inline int ppp_ifunit(void) ++static inline const char * ++ppp_ifname (void) + { +- return ifunit; ++ return ifname; + } + +-static inline const char *ppp_ifname(void) ++static inline int ++ppp_get_mtu (int idx) + { +- return ifname; ++ return netif_get_mtu(idx); + } + +-static inline int ppp_get_mtu(int idx) ++typedef enum ppp_notify ++{ ++ NF_PID_CHANGE, ++ NF_PHASE_CHANGE, ++ NF_EXIT, ++ NF_SIGNALED, ++ NF_IP_UP, ++ NF_IP_DOWN, ++ NF_IPV6_UP, ++ NF_IPV6_DOWN, ++ NF_AUTH_UP, ++ NF_LINK_DOWN, ++ NF_FORK, ++ NF_MAX_NOTIFY ++} ppp_notify_t; ++ ++typedef void (ppp_notify_fn) (void *ctx, int arg); ++ ++static inline void ++ppp_add_notify (ppp_notify_t type, ppp_notify_fn *func, void *ctx) + { +- return netif_get_mtu(idx); ++ struct notifier **list[NF_MAX_NOTIFY] = { ++ [NF_PID_CHANGE ] = &pidchange, ++ [NF_PHASE_CHANGE] = &phasechange, ++ [NF_EXIT ] = &exitnotify, ++ [NF_SIGNALED ] = &sigreceived, ++ [NF_IP_UP ] = &ip_up_notifier, ++ [NF_IP_DOWN ] = &ip_down_notifier, ++ [NF_IPV6_UP ] = &ipv6_up_notifier, ++ [NF_IPV6_DOWN ] = &ipv6_down_notifier, ++ [NF_AUTH_UP ] = &auth_up_notifier, ++ [NF_LINK_DOWN ] = &link_down_notifier, ++ [NF_FORK ] = &fork_notifier, ++ }; ++ ++ struct notifier **notify = list[type]; ++ if (notify) { ++ add_notifier(notify, func, ctx); ++ } + } + +-#endif // #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) +-#endif // #ifdef __NM_FORTISSLVPN_PPPD_COMPAT_H__ ++#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */ ++#endif /* #ifdef __NM_FORTISSLVPN_PPPD_COMPAT_H__ */ +diff --git a/src/nm-fortisslvpn-pppd-plugin.c b/src/nm-fortisslvpn-pppd-plugin.c +index c2efb9a..0f1c687 100644 +--- a/src/nm-fortisslvpn-pppd-plugin.c ++++ b/src/nm-fortisslvpn-pppd-plugin.c +@@ -438,14 +438,8 @@ plugin_init (void) + return -1; + } + +-#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) +- add_notifier (&phasechange, nm_phasechange, NULL); +- add_notifier (&ip_up_notifier, nm_ip_up, NULL); +- add_notifier (&exitnotify, nm_exit_notify, NULL); +-#else + ppp_add_notify (NF_PHASE_CHANGE, nm_phasechange, NULL); + ppp_add_notify (NF_IP_UP, nm_ip_up, NULL); + ppp_add_notify (NF_EXIT, nm_exit_notify, NULL); +-#endif + return 0; + } +-- +GitLab diff --git a/net-vpn/networkmanager-fortisslvpn/metadata.xml b/net-vpn/networkmanager-fortisslvpn/metadata.xml index 69d7525227bc..503689e25054 100644 --- a/net-vpn/networkmanager-fortisslvpn/metadata.xml +++ b/net-vpn/networkmanager-fortisslvpn/metadata.xml @@ -1,12 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person" proxied="yes"> - <email>mathy@vanvoorden.be</email> - <name>Mathy Vanvoorden</name> - </maintainer> - <maintainer type="project" proxied="proxy"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> - </maintainer> + <!-- maintainer-needed --> + <upstream> + <remote-id type="gnome-gitlab">GNOME/NetworkManager-fortisslvpn</remote-id> + </upstream> </pkgmetadata> diff --git a/net-vpn/networkmanager-fortisslvpn/networkmanager-fortisslvpn-1.4.0-r2.ebuild b/net-vpn/networkmanager-fortisslvpn/networkmanager-fortisslvpn-1.4.0-r2.ebuild new file mode 100644 index 000000000000..b04563c83a64 --- /dev/null +++ b/net-vpn/networkmanager-fortisslvpn/networkmanager-fortisslvpn-1.4.0-r2.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +GNOME_ORG_MODULE="NetworkManager-${PN##*-}" +GNOME2_LA_PUNT="yes" +GNOME2_EAUTORECONF="yes" + +inherit gnome2 + +DESCRIPTION="NetworkManager Fortinet SSLVPN compatible plugin" +HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64" +IUSE="gtk" + +DEPEND=" + >=dev-libs/glib-2.32:2 + >=net-misc/networkmanager-1.2:= + gtk? ( + >=app-crypt/libsecret-0.18 + gui-libs/gtk:4 + media-libs/harfbuzz + >=net-libs/libnma-1.2.0 + x11-libs/cairo + x11-libs/gdk-pixbuf + x11-libs/pango + ) +" +RDEPEND="${RDEPEND} + net-dialup/ppp:= + >=net-vpn/openfortivpn-1.2.0" +BDEPEND="dev-util/gdbus-codegen + >=sys-devel/gettext-0.19 + virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.0-ppp-2.5.0-{1,2,3}.patch +) + +src_prepare() { + # Fix deprecated location, #709450 + sed -i 's|/appdata|/metainfo|g' Makefile.{in,am} || die + + gnome2_src_prepare +} + +src_configure() { + CONFIG_SHELL="${BROOT}"/bin/bash gnome2_src_configure \ + --disable-static \ + --with-dist-version=Gentoo \ + --localstatedir=/var \ + $(use_with gtk gnome) \ + $(use_with gtk gtk4) \ + --without-libnm-glib +} diff --git a/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-bashism-configure.patch b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-bashism-configure.patch new file mode 100644 index 000000000000..d4a672815cd3 --- /dev/null +++ b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-bashism-configure.patch @@ -0,0 +1,35 @@ +https://github.com/nm-l2tp/NetworkManager-l2tp/pull/208 + +From bf46aec299c58321703f5431ebafcce561a98cef Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sun, 23 Apr 2023 09:16:24 +0100 +Subject: [PATCH] configure.ac: fix bashisms in configure.ac + +configure scripts need to be runnable with a POSIX-compliant /bin/sh. + +On many (but not all!) systems, /bin/sh is provided by Bash, so errors +like this aren't spotted. Notably Debian defaults to /bin/sh provided +by dash which doesn't tolerate such bashisms as '=='. + +This retains compatibility with bash. +--- a/configure.ac ++++ b/configure.ac +@@ -197,7 +197,7 @@ fi + AM_CONDITIONAL(WITH_GNOME, test "$with_gnome" != no) + + AC_ARG_WITH(gtk4, AS_HELP_STRING([--with-gtk4], [Build NetworkManager-l2tp with libnma-gtk4 support]), [], [with_gtk4_specified=no]) +-if test "$with_gtk4_specified" == no; then ++if test "$with_gtk4_specified" = no; then + with_gtk4=no + fi + if test "$with_gtk4" != yes; then +@@ -256,7 +256,7 @@ NM_LD_GC + + NM_PLUGIN_DIR="$libdir/NetworkManager" + AC_SUBST(NM_PLUGIN_DIR) +-if test x"$enable_absolute_paths" == x"yes"; then ++if test x"$enable_absolute_paths" = x"yes"; then + NM_PLUGIN_DIR_NAME_FILE="$NM_PLUGIN_DIR/" + else + enable_absolute_paths=no + diff --git a/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-1.patch b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-1.patch new file mode 100644 index 000000000000..215ee2e10465 --- /dev/null +++ b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-1.patch @@ -0,0 +1,170 @@ +https://bugs.gentoo.org/904843 +https://github.com/nm-l2tp/NetworkManager-l2tp/commit/e6860eb957208a932fb565dd7b5e79fe5a4df662 + +From e6860eb957208a932fb565dd7b5e79fe5a4df662 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Fri, 3 Mar 2023 05:22:13 +0000 +Subject: [PATCH] Adding support for compiling against pppd-2.5.0 (current + master) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Eivind Næss <eivnaes@yahoo.com> +--- + configure.ac | 46 +++++++++++++++++++++++++++++++++++++-- + src/nm-l2tp-pppd-plugin.c | 20 +++++++++-------- + 2 files changed, 55 insertions(+), 11 deletions(-) + +diff --git a/configure.ac b/configure.ac +index baf8d44..b925eb0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -33,7 +33,10 @@ dnl + AC_PROG_CC + AM_PROG_CC_C_O + AC_PROG_INSTALL ++AC_PROG_CPP ++AC_PROG_EGREP + AC_PATH_PROG(GLIB_COMPILE_RESOURCES, glib-compile-resources) ++PKG_PROG_PKG_CONFIG() + + AC_CHECK_PROG([has_file], file, yes, no) + if test x$has_file = xno ; then +@@ -49,24 +52,63 @@ dnl + dnl Required headers + dnl + AC_HEADER_STDC +-AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h) ++AC_CHECK_HEADERS([ ++ fcntl.h ++ paths.h ++ stdarg.h ++ stdbool.h ++ sys/ioctl.h ++ sys/time.h ++ syslog.h ++ unistd.h ++ ]) + + AC_CHECK_HEADERS(pppd/pppd.h,, + AC_MSG_ERROR(couldn't find pppd.h. pppd development headers are required.)) + ++dnl ++dnl Check the presense of other pppd/*.h files ++AC_CHECK_HEADERS([ ++ pppd/chap.h ++ pppd/chap-new.h ++ pppd/chap_ms.h ++ ]) ++ ++dnl ++dnl Versions >= 2.5.0 will have pkg-config support ++PKG_CHECK_EXISTS([pppd], ++ [AS_VAR_SET([pppd_pkgconfig_support],[yes])]) ++ ++dnl ++dnl Get the version of pppd using pkg-config, assume 2.4.9 if not present ++PPPD_VERSION=2.4.9 ++if test x"$pppd_pkgconfig_support" = xyes; then ++ PPPD_VERSION=`$PKG_CONFIG --modversion pppd` ++fi ++ + AC_ARG_WITH([pppd-plugin-dir], AS_HELP_STRING([--with-pppd-plugin-dir=DIR], [path to the pppd plugins directory])) + + if test -n "$with_pppd_plugin_dir" ; then + PPPD_PLUGIN_DIR="$with_pppd_plugin_dir" + else +- PPPD_PLUGIN_DIR="${libdir}/pppd/2.4.9" ++ PPPD_PLUGIN_DIR="${libdir}/pppd/$PPPD_VERSION" + fi + AC_SUBST(PPPD_PLUGIN_DIR) + ++dnl The version of pppd dictates what code can be included, i.e. enable use of ++dnl #if WITH_PPP_VERSION >= PPP_VERSION(2,5,0) in the code ++AC_DEFINE_UNQUOTED([PPP_VERSION(x,y,z)], ++ [((x & 0xFF) << 16 | (y & 0xFF) << 8 | (z & 0xFF) << 0)], ++ [Macro to help determine the particular version of pppd]) ++PPP_VERSION=$(echo $PPPD_VERSION | sed -e "s/\./\,/g") ++AC_DEFINE_UNQUOTED(WITH_PPP_VERSION, PPP_VERSION($PPP_VERSION), ++ [The real version of pppd represented as an int]) ++ + AC_MSG_CHECKING(whether EAP-TLS patch has been applied to pppd) + AC_EGREP_CPP(eaptls_passwd_hook, [ + #define USE_EAPTLS + #include <pppd/pppd.h> ++#include <pppd/eap.h> + ], [have_eap_tls=yes] , [have_eap_tls=no]) + + if test "x${have_eap_tls}" = "xno"; then +diff --git a/src/nm-l2tp-pppd-plugin.c b/src/nm-l2tp-pppd-plugin.c +index 71a7878..dd752a1 100644 +--- a/src/nm-l2tp-pppd-plugin.c ++++ b/src/nm-l2tp-pppd-plugin.c +@@ -9,11 +9,6 @@ + #include <config.h> + #define ___CONFIG_H__ + +-/* pppd headers *sigh* */ +-#include <pppd/pppd.h> +-#include <pppd/fsm.h> +-#include <pppd/ipcp.h> +- + #include "nm-default.h" + + #include <string.h> +@@ -25,13 +20,14 @@ + + #include "nm-l2tp-service.h" + #include "nm-ppp-status.h" ++#include "nm-l2tp-pppd-compat.h" + + #include "nm-utils/nm-shared-utils.h" + #include "nm-utils/nm-vpn-plugin-macros.h" + + int plugin_init(void); + +-char pppd_version[] = VERSION; ++char pppd_version[] = PPPD_VERSION; + + /*****************************************************************************/ + +@@ -146,7 +142,7 @@ nm_phasechange(void *data, int arg) + static void + nm_ip_up(void *data, int arg) + { +- guint32 pppd_made_up_address = htonl (0x0a404040 + ifunit); ++ guint32 pppd_made_up_address = htonl (0x0a404040 + ppp_ifunit()); + ipcp_options opts = ipcp_gotoptions[0]; + ipcp_options peer_opts = ipcp_hisoptions[0]; + GVariantBuilder builder; +@@ -166,7 +162,7 @@ nm_ip_up(void *data, int arg) + g_variant_builder_add(&builder, + "{sv}", + NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, +- g_variant_new_string(ifname)); ++ g_variant_new_string(ppp_ifname())); + + g_variant_builder_add(&builder, + "{sv}", +@@ -343,12 +339,18 @@ plugin_init(void) + chap_check_hook = get_chap_check; + pap_passwd_hook = get_credentials; + pap_check_hook = get_pap_check; +-#ifdef USE_EAPTLS ++#if defined(USE_EAPTLS) || defined(PPP_WITH_EAPTLS) + eaptls_passwd_hook = get_credentials; + #endif + ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) + add_notifier(&phasechange, nm_phasechange, NULL); + add_notifier(&ip_up_notifier, nm_ip_up, NULL); + add_notifier(&exitnotify, nm_exit_notify, NULL); ++#else ++ ppp_add_notify(NF_PHASE_CHANGE, nm_phasechange, NULL); ++ ppp_add_notify(NF_IP_UP, nm_ip_up, NULL); ++ ppp_add_notify(NF_EXIT, nm_exit_notify, NULL); ++#endif + return 0; + } + diff --git a/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-2.patch b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-2.patch new file mode 100644 index 000000000000..e0a83350af44 --- /dev/null +++ b/net-vpn/networkmanager-l2tp/files/networkmanager-l2tp-1.20.8-ppp-2.5.0-2.patch @@ -0,0 +1,190 @@ +https://bugs.gentoo.org/904843 +https://github.com/nm-l2tp/NetworkManager-l2tp/commit/36a427c316a8ccd3168606f6e7fd6c8ae2b9bebf + +From 36a427c316a8ccd3168606f6e7fd6c8ae2b9bebf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Fri, 3 Mar 2023 05:22:13 +0000 +Subject: [PATCH] Adding support for compiling against pppd-2.5.0 (current + master) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Eivind Næss <eivnaes@yahoo.com> +--- + Makefile.am | 5 +- + src/nm-l2tp-pppd-compat.h | 93 +++++++++++++++++++ + src/nm-l2tp-pppd-plugin.c | 7 +- + ...{nm-ppp-status.h => nm-l2tp-pppd-status.h} | 0 + src/nm-l2tp-service.c | 2 +- + 5 files changed, 100 insertions(+), 7 deletions(-) + create mode 100644 src/nm-l2tp-pppd-compat.h + rename src/{nm-ppp-status.h => nm-l2tp-pppd-status.h} (100%) + +diff --git a/Makefile.am b/Makefile.am +index 8201ca7..1feb9be 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -99,7 +99,7 @@ src_nm_l2tp_service_SOURCES = \ + shared/nm-l2tp-crypto-nss.c \ + shared/utils.h \ + shared/utils.c \ +- src/nm-ppp-status.h \ ++ src/nm-l2tp-pppd-status.h \ + src/nm-l2tp-service.h \ + src/nm-l2tp-service.c + src_nm_l2tp_service_CPPFLAGS = $(src_cppflags) $(NSS_CFLAGS) $(OPENSSL_CFLAGS) +@@ -118,7 +118,8 @@ pppd_plugin_LTLIBRARIES = src/nm-l2tp-pppd-plugin.la + src_nm_l2tp_pppd_plugin_la_SOURCES = \ + $(shared_sources) \ + src/nm-l2tp-pppd-plugin.c \ +- src/nm-ppp-status.h ++ src/nm-l2tp-pppd-compat.h \ ++ src/nm-l2tp-pppd-status.h + src_nm_l2tp_pppd_plugin_la_CPPFLAGS = $(src_cppflags) + src_nm_l2tp_pppd_plugin_la_LDFLAGS = \ + -module -avoid-version +diff --git a/src/nm-l2tp-pppd-compat.h b/src/nm-l2tp-pppd-compat.h +new file mode 100644 +index 0000000..80e2891 +--- /dev/null ++++ b/src/nm-l2tp-pppd-compat.h +@@ -0,0 +1,93 @@ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* nm-sstp-service - sstp (and other pppd) integration with NetworkManager ++ * ++ * Copyright (C) 2023 Eivind Naess, eivnaes@yahoo.com ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ */ ++ ++#ifndef __NM_L2TP_PPPD_COMPAT_H__ ++#define __NM_L2TP_PPPD_COMPAT_H__ ++ ++// PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. ++// this silly macro magic is to work around that. ++ ++#define INET6 1 ++ ++#undef VERSION ++#include <pppd/pppd.h> ++#ifndef PPPD_VERSION ++#define PPPD_VERSION VERSION ++#endif ++ ++#include <pppd/fsm.h> ++#include <pppd/ccp.h> ++#include <pppd/eui64.h> ++#include <pppd/ipcp.h> ++#include <pppd/ipv6cp.h> ++#include <pppd/eap.h> ++#include <pppd/upap.h> ++ ++#ifdef HAVE_PPPD_CHAP_H ++ #include <pppd/chap.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_NEW_H ++ #include <pppd/chap-new.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_MS_H ++ #include <pppd/chap_ms.h> ++#endif ++ ++#ifndef PPP_PROTO_CHAP ++#define PPP_PROTO_CHAP 0xc223 ++#endif ++ ++#ifndef PPP_PROTO_EAP ++#define PPP_PROTO_EAP 0xc227 ++#endif ++ ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++ ++static inline bool debug_on(void) ++{ ++ return debug; ++} ++ ++static inline const char *ppp_ipparam(void) ++{ ++ return ipparam; ++} ++ ++static inline int ppp_ifunit(void) ++{ ++ return ifunit; ++} ++ ++static inline const char *ppp_ifname(void) ++{ ++ return ifname; ++} ++ ++static inline int ppp_get_mtu(int idx) ++{ ++ return netif_get_mtu(idx); ++} ++ ++#endif // #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++#endif // #ifdef __NM_L2TP_PPPD_COMPAT_H__ +diff --git a/src/nm-l2tp-pppd-plugin.c b/src/nm-l2tp-pppd-plugin.c +index dd752a1..f1d588e 100644 +--- a/src/nm-l2tp-pppd-plugin.c ++++ b/src/nm-l2tp-pppd-plugin.c +@@ -9,8 +9,6 @@ + #include <config.h> + #define ___CONFIG_H__ + +-#include "nm-default.h" +- + #include <string.h> + #include <stdlib.h> + #include <sys/socket.h> +@@ -18,10 +16,11 @@ + #include <arpa/inet.h> + #include <dlfcn.h> + +-#include "nm-l2tp-service.h" +-#include "nm-ppp-status.h" ++#include "nm-l2tp-pppd-status.h" + #include "nm-l2tp-pppd-compat.h" + ++#include "nm-default.h" ++#include "nm-l2tp-service.h" + #include "nm-utils/nm-shared-utils.h" + #include "nm-utils/nm-vpn-plugin-macros.h" + +diff --git a/src/nm-ppp-status.h b/src/nm-l2tp-pppd-status.h +similarity index 100% +rename from src/nm-ppp-status.h +rename to src/nm-l2tp-pppd-status.h +diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c +index 55f9542..629923c 100644 +--- a/src/nm-l2tp-service.c ++++ b/src/nm-l2tp-service.c +@@ -36,7 +36,7 @@ + #include <arpa/inet.h> + #include <netdb.h> + +-#include "nm-ppp-status.h" ++#include "nm-l2tp-pppd-status.h" + #include "nm-l2tp-pppd-service-dbus.h" + #include "nm-utils/nm-shared-utils.h" + #include "nm-utils/nm-secret-utils.h" + diff --git a/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8-r3.ebuild b/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8-r3.ebuild new file mode 100644 index 000000000000..a8dc957d7e74 --- /dev/null +++ b/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8-r3.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_PN="NetworkManager-l2tp" +MY_P="${MY_PN}-${PV}" +inherit autotools gnome.org + +DESCRIPTION="NetworkManager L2TP plugin" +HOMEPAGE="https://github.com/nm-l2tp/NetworkManager-l2tp" +SRC_URI="https://github.com/nm-l2tp/${MY_PN}/releases/download/${PV}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="gtk" + +COMMON_DEPEND="dev-libs/glib:2 + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:= + net-dialup/ppp:=[eap-tls(+)] + net-dialup/xl2tpd + >=net-misc/networkmanager-1.20[ppp] + || ( + net-vpn/strongswan + net-vpn/libreswan + ) + gtk? ( + app-crypt/libsecret + gnome-extra/nm-applet + media-libs/harfbuzz:= + net-libs/libnma + x11-libs/cairo + x11-libs/gdk-pixbuf:2 + x11-libs/gtk+:3 + x11-libs/pango + )" +DEPEND="${COMMON_DEPEND} + x11-base/xorg-proto" +RDEPEND="${COMMON_DEPEND} + dev-libs/dbus-glib" +BDEPEND="dev-util/gdbus-codegen + dev-util/intltool + sys-devel/gettext + virtual/pkgconfig" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}"/${P}-ppp-2.5.0-{1,2}.patch + "${FILESDIR}"/${PN}-1.20.8-bashism-configure.patch +) + +src_prepare() { + default + + # For ppp-2.5.0 patch & bashism patch + eautoreconf +} + +src_configure() { + local PPPD_VER=$(best_version net-dialup/ppp) + PPPD_VER=${PPPD_VER#*/*-} # reduce it to ${PV}-${PR} + PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision + + local myeconfargs=( + --localstatedir=/var + --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} + $(use_with gtk gnome) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} diff --git a/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8.ebuild b/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8.ebuild index cfc6b1c20e10..c4c3ee77c566 100644 --- a/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8.ebuild +++ b/net-vpn/networkmanager-l2tp/networkmanager-l2tp-1.20.8.ebuild @@ -21,7 +21,7 @@ COMMON_DEPEND="dev-libs/glib:2 dev-libs/nspr dev-libs/nss dev-libs/openssl:= - net-dialup/ppp:=[eap-tls] + net-dialup/ppp:=[eap-tls(+)] net-dialup/xl2tpd >=net-misc/networkmanager-1.20[ppp] || ( diff --git a/net-vpn/networkmanager-openconnect/Manifest b/net-vpn/networkmanager-openconnect/Manifest index 8c98402037bf..0db49170f4c4 100644 --- a/net-vpn/networkmanager-openconnect/Manifest +++ b/net-vpn/networkmanager-openconnect/Manifest @@ -1 +1 @@ -DIST NetworkManager-openconnect-1.2.8.tar.xz 857808 BLAKE2B b9dd1f75eb34b3149b1d8520fa34caec9547c581affd8065116376f5ee9b0332dc8791af63a88b918445b17b9fd5655b5c154a32c150da62a015ae94221c4634 SHA512 5209fb15ce22511f9b9ccde5e19c86136c3236490c4793afcc2d4081ad87dc4c5fde7f6335db1f50cbbb674b1afc7c42a8c89a6d046ba3945691b2dfb3691d38 +DIST NetworkManager-openconnect-1.2.10.tar.xz 920560 BLAKE2B 8e631bacf7ac99bf3abec6eeea9bfda070dfeac4572280b74771746942bf9700f8d943501fc63933052bf07735751f5353fcc6ccd6654b57a893ed87a442650f SHA512 c61f5edee04475b013afbb91ba11e102cf4c925a0b2e16477473e0de9528d793121c1324f2c4d5ae03e0c8fb00dd9de444130c22e681f7a3408bc9a179ad7509 diff --git a/net-vpn/networkmanager-openconnect/files/networkmanager-openconnect-1.2.10-check-webkit-if-gtk.patch b/net-vpn/networkmanager-openconnect/files/networkmanager-openconnect-1.2.10-check-webkit-if-gtk.patch new file mode 100644 index 000000000000..5f9c8578d9d7 --- /dev/null +++ b/net-vpn/networkmanager-openconnect/files/networkmanager-openconnect-1.2.10-check-webkit-if-gtk.patch @@ -0,0 +1,26 @@ +# https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/99 +# diff --git a/configure.ac b/configure.ac +--- a/configure.ac 2023-05-21 14:05:26.029361118 -0300 ++++ b/configure.ac 2023-05-21 14:07:12.505617426 -0300 +@@ -145,10 +145,6 @@ + PKG_CHECK_MODULES(LIBNMA_GTK4, libnma-gtk4 >= 1.8.33) + fi + +-PKG_CHECK_MODULES(WEBKIT, webkit2gtk-4.1, [wekbit=4.1], +- [PKG_CHECK_MODULES(WEBKIT, webkit2gtk-4.0, +- [webkit=4.0], AC_MSG_ERROR(Neither webkit2gtk-4.0 nor wekit2gtk-4.1 found))]) +- + PKG_CHECK_MODULES(LIBNM, libnm >= 1.2.0) + LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MIN_REQUIRED=NM_VERSION_1_2" + LIBNM_CFLAGS="$LIBNM_CFLAGS -DNM_VERSION_MAX_ALLOWED=NM_VERSION_1_4" +@@ -166,6 +162,10 @@ + fi + if test x"$with_authdlg" != xno; then + PKG_CHECK_MODULES(OPENCONNECT, openconnect >= 3.02) ++ PKG_CHECK_MODULES(WEBKIT, webkit2gtk-4.1, [wekbit=4.1], ++ [PKG_CHECK_MODULES(WEBKIT, webkit2gtk-4.0, ++ [webkit=4.0], AC_MSG_ERROR(Neither webkit2gtk-4.0 nor wekit2gtk-4.1 found))]) ++ + fi + AM_CONDITIONAL(WITH_AUTHDLG, test x"$with_authdlg" != xno) + diff --git a/net-vpn/networkmanager-openconnect/networkmanager-openconnect-1.2.8-r1.ebuild b/net-vpn/networkmanager-openconnect/networkmanager-openconnect-1.2.10-r1.ebuild index e6cd875366c5..8ca5c646e8ab 100644 --- a/net-vpn/networkmanager-openconnect/networkmanager-openconnect-1.2.8-r1.ebuild +++ b/net-vpn/networkmanager-openconnect/networkmanager-openconnect-1.2.10-r1.ebuild @@ -1,8 +1,9 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 +GNOME2_EAUTORECONF=yes GNOME_ORG_MODULE="NetworkManager-${PN##*-}" inherit gnome2 @@ -20,6 +21,7 @@ DEPEND=" >=dev-libs/glib-2.34:2 >=dev-libs/dbus-glib-0.74 dev-libs/libxml2:2 + dev-libs/glib:2 >=net-vpn/openconnect-3.02:= gtk? ( >=app-crypt/libsecret-0.18 @@ -29,6 +31,7 @@ DEPEND=" >=gui-libs/gtk-4.0:4 >=net-libs/libnma-1.8.36 + net-libs/webkit-gtk:4.1 ) " @@ -44,19 +47,19 @@ BDEPEND=" virtual/pkgconfig " -src_prepare() { - # Bug #830257 - sed -i 's|/appdata|/metainfo|g' Makefile.{in,am} || die - - gnome2_src_prepare -} +PATCHES=( + "${FILESDIR}"/${P}-check-webkit-if-gtk.patch +) src_configure() { - gnome2_src_configure \ - --disable-more-warnings \ - --disable-static \ - --without-libnm-glib \ - $(use_with gtk gnome) \ - $(use_with gtk authdlg) \ + local myconf=( + --disable-more-warnings + --disable-static + --without-libnm-glib + $(use_with gtk gnome) + $(use_with gtk authdlg) $(use_with gtk gtk4) + ) + + gnome2_src_configure "${myconf[@]}" } diff --git a/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch new file mode 100644 index 000000000000..2b8774b412e8 --- /dev/null +++ b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/909361 +https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a790374f4c2e9e1657cbb8470357d72d4bd87916 + +From a790374f4c2e9e1657cbb8470357d72d4bd87916 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani <bgalvani@redhat.com> +Date: Mon, 28 Nov 2022 17:31:38 +0100 +Subject: [PATCH] Revert "service: automatically add the "cipher" to the + "data-ciphers"" + +`--data-ciphers` has a default value of `AES-256-GCM:AES-128-GCM`. If +we overwrite it with the value of `--cipher` we are diverging from +openvpn behavior and this can cause authentication problems. + +https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/112 + +This reverts commit 020ab0c4b872fa5415ed1a5e682acb3343c7b9f3. +--- a/src/nm-openvpn-service.c ++++ b/src/nm-openvpn-service.c +@@ -1676,22 +1676,6 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + + args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS, "--data-ciphers"); + +- if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER) && +- !nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS) && +- openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version) >= +- nmovpn_version_encode (2, 5, 0)) { +- /* Since 2.5, openvpn will warn if "cipher" is set but "data-ciphers" doesn't +- * contain the cipher. It still used to automatically add the cipher. +- * Since 2.6, the cipher is no longer automatically added, which is unlikely +- * what the user wants. +- * +- * We automatically add it, so if the user only sets cipher (e.g. when +- * having an old profile or targeting 2.4) it still works. So ciphers +- * means something slightly different for the plugin, unless you set +- * data-ciphers to anything. */ +- args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_CIPHER, "--data-ciphers"); +- } +- + args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_TLS_CIPHER, "--tls-cipher"); + + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE); +-- +GitLab diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild index c05945d34a29..271b81e750a1 100644 --- a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2.ebuild +++ b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -42,6 +42,10 @@ BDEPEND=" virtual/pkgconfig " +PATCHES=( + "${FILESDIR}"/${P}-openvpn-2.6-compat.patch +) + src_configure() { # --localstatedir=/var needed per bug #536248 gnome2_src_configure \ diff --git a/net-vpn/networkmanager-pptp/Manifest b/net-vpn/networkmanager-pptp/Manifest index 4edb6e05169f..25914b53d4e4 100644 --- a/net-vpn/networkmanager-pptp/Manifest +++ b/net-vpn/networkmanager-pptp/Manifest @@ -1,2 +1 @@ -DIST NetworkManager-pptp-1.2.10.tar.xz 400760 BLAKE2B 47fe1da3f173f91a7b4b0993e59feb20db10707c119e4270b51730b9e171431025d428f5dd76db66eee0df76f4509d2cd3b44d69af3c8b89a4d07e02ef028410 SHA512 712f6f79642d82b729eaf6a6d03ea62c0c09e0b151af01f02dfca1dfa142aadefd84ab16bb04424e85698ed69f1674520a50620dbf9e49f52e67822b476db9a3 DIST NetworkManager-pptp-1.2.12.tar.xz 452116 BLAKE2B b2453c154ab6d9a027e2585b8439d99e12ea1e0066a59cab257e6c771c96448484e1922fafa6d6a5db0833660ee69cea9bfe632c53c59cb63e7b745669e0c79f SHA512 da6619ba637dd38dda6584c2bd0ed03763ceedcc573f5730517a2c1013a2e0a83d743c1ad332cd42fe658b6bcd601bd4c3bed2d54d5a64bebb16528d73a3f00b diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.10.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.10.ebuild deleted file mode 100644 index 0ca0e5404f62..000000000000 --- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.10.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -GNOME_ORG_MODULE="NetworkManager-${PN##*-}" - -inherit gnome2 - -DESCRIPTION="NetworkManager PPTP VPN plugin" -HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 ~arm x86" -IUSE="gtk" - -RDEPEND=" - >=net-misc/networkmanager-1.2.0:= - >=dev-libs/dbus-glib-0.74 - >=dev-libs/glib-2.34:2 - net-dialup/ppp:= - net-dialup/pptpclient - gtk? ( - >=x11-libs/gtk+-3.4:3 - - >=app-crypt/libsecret-0.18 - - >=gui-libs/gtk-4.0:4 - >=net-libs/libnma-1.8.36 - ) -" -# libxml2 required for glib-compile-resources -DEPEND="${RDEPEND} - sys-devel/gettext - dev-libs/libxml2:2 - dev-util/gdbus-codegen - dev-util/intltool - virtual/pkgconfig -" - -src_configure() { - local myconf - # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 - local PPPD_VER=`best_version net-dialup/ppp` - PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} - PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision - myconf="${myconf} --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER}" - - gnome2_src_configure \ - --disable-more-warnings \ - --disable-static \ - --with-dist-version=Gentoo \ - $(use_with gtk gnome) \ - $(use_with gtk gtk4) \ - --without-libnm-glib \ - ${myconf} -} diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.12.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.12.ebuild index 415ed210e03b..95c56af9ce00 100644 --- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.12.ebuild +++ b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.12.ebuild @@ -12,7 +12,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" +KEYWORDS="amd64 ~arm x86" IUSE="gtk" RDEPEND=" diff --git a/net-vpn/networkmanager-sstp/Manifest b/net-vpn/networkmanager-sstp/Manifest index bf82371c62e3..a738245b131b 100644 --- a/net-vpn/networkmanager-sstp/Manifest +++ b/net-vpn/networkmanager-sstp/Manifest @@ -1 +1,3 @@ DIST NetworkManager-sstp-1.3.0.tar.bz2 548907 BLAKE2B 97248268a781033bc960f930c5a55102e9fa76efa4be6477ffd277fd334649625b6c88418f00d678afa4412fb088cd201ef6711ef6f48b516daaa38fac02caa9 SHA512 9a26c737601990b913d9506ecaac957c4f6d2a4c64a3a0eb8beaf93eaef797ed134b2ddfe2421006a7ffe0dbd18800d49501836f3671f798132a1df707da138a +DIST NetworkManager-sstp-1.3.1.tar.xz 508392 BLAKE2B 1ead40fa9c8f5bb48b8f7d6d7f6593812849cc26778c531c17a247f60969dbb8d72f477057e4ec7ec838425c3bd21a922b1a65235b72da0bee813f75540a928b SHA512 10247931a2b951b1126a6d7b9bd396fe2eab58d575888c409430f311baeaab85468f23a6c5b6afb7bef90bf73d1e2dbc2f5750cfb126dd365db23b3f79dd7ca6 +DIST networkmanager-sstp-1.3.1-ppp-2.5.0-patches.tar.xz 6792 BLAKE2B 58470f9e04be67029ad57cb2bddb3c80dd503ac5bfc2916683e7d6b4a9332aedb58883bc364a2317c31a8d871888662dbf6431c92753b6fd20b6ae873e45d96e SHA512 ee41eb9aba27e457ba5a8cba9ba27a98991f33750b8202c42ce8be2227bd6c1491bf8861b9e05cc1b3f97ea1bf93d60f5b5f83db3eefbed82ef8aff104ecba95 diff --git a/net-vpn/networkmanager-sstp/files/networkmanager-sstp-1.3.1-ppp-2.4.9.patch b/net-vpn/networkmanager-sstp/files/networkmanager-sstp-1.3.1-ppp-2.4.9.patch new file mode 100644 index 000000000000..a504b60ce008 --- /dev/null +++ b/net-vpn/networkmanager-sstp/files/networkmanager-sstp-1.3.1-ppp-2.4.9.patch @@ -0,0 +1,30 @@ +https://bugs.gentoo.org/906254 +https://gitlab.gnome.org/GNOME/network-manager-sstp/-/merge_requests/54 + +From f4feed7431b1cf884bd3c1c10df795efaf8d149d Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Sat, 13 May 2023 12:19:44 -0400 +Subject: [PATCH] Compile nm-sstp-pppd-mppe.c when !WITH_PPP_MPPE_KEYS + +Bug: https://bugs.gentoo.org/906254 +Fixes: 4cd0ec66174011925c93aa04edccca92b4d1387f +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 3be01b6..770fc59 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -120,7 +120,7 @@ src_nm_sstp_pppd_plugin_la_SOURCES = \ + src/nm-sstp-pppd-status.h + if !WITH_PPP_MPPE_KEYS + src_nm_sstp_pppd_plugin_la_SOURCES += \ +- src/nm-sstp-pppd-mppe.h ++ src/nm-sstp-pppd-mppe.c + endif + src_nm_sstp_pppd_plugin_la_CPPFLAGS = \ + $(src_cppflags) +-- +GitLab + diff --git a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.3.1-r2.ebuild b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.3.1-r2.ebuild new file mode 100644 index 000000000000..f6a37a57f8f8 --- /dev/null +++ b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.3.1-r2.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_PN="NetworkManager-sstp" +MY_P="${MY_PN}-${PV}" + +inherit autotools + +DESCRIPTION="Client for the proprietary Microsoft Secure Socket Tunneling Protocol(SSTP)" +HOMEPAGE="https://gitlab.gnome.org/GNOME/network-manager-sstp https://sourceforge.net/projects/sstp-client/" +SRC_URI="https://gitlab.gnome.org/GNOME/network-manager-sstp/-/releases/release-${PV}/downloads/dist/${MY_P}.tar.xz" +SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-ppp-2.5.0-patches.tar.xz" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="gui gtk4" + +# As of 1.3.0, if want GUI support, GTK 3 is always needed, even with GTK 4. +# atk/graphene/harfbuzz/cairo/gdk-pixbuf/pango are all standard "dragged in by gtk/glib" +# deps. +RDEPEND=" + >=dev-libs/glib-2.32:2 + net-misc/sstp-client + >=net-misc/networkmanager-1.1.0 + net-dialup/ppp:= + net-libs/gnutls:= + gui? ( + >=net-libs/libnma-1.2.0 + >=app-crypt/libsecret-0.18 + >=x11-libs/gtk+-3.4:3 + + gtk4? ( + >=app-accessibility/at-spi2-core-2.46.0 + media-libs/graphene + media-libs/harfbuzz:= + x11-libs/cairo + x11-libs/gdk-pixbuf:2 + x11-libs/pango + + gui-libs/gtk:4 + ) + )" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-util/gdbus-codegen + sys-apps/file + sys-devel/gettext + virtual/pkgconfig +" + +PATCHES=( + "${WORKDIR}"/${P}-ppp-2.5.0-patches + "${FILESDIR}"/networkmanager-sstp-1.3.1-ppp-2.4.9.patch +) + +src_prepare() { + default + + # Bug #741108 + sed -i 's|/appdata|/metainfo|g' Makefile.{in,am} || die + + eautoreconf +} + +src_configure() { + local PPPD_VER="$(best_version net-dialup/ppp)" + # Reduce it to ${PV}-${PR} + PPPD_VER=${PPPD_VER#*/*-} + # Main version without beta/pre/patch/revision + PPPD_VER=${PPPD_VER%%[_-]*} + + econf \ + --disable-more-warnings \ + --with-dist-version=Gentoo \ + --with-pppd-plugin-dir="${EPREFIX}/usr/$(get_libdir)/pppd/${PPPD_VER}" \ + $(use_with gui gnome) \ + $(use_with gtk4) \ + --without-libnm-glib +} + +src_install() { + default + + find "${ED}" -type f -name '*.la' -delete || die +} diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.6.0.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.6.0.ebuild index 72f1817ebf23..b0816b68f156 100644 --- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.6.0.ebuild +++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.6.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_P}" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 x86" +KEYWORDS="amd64 ~arm64 x86" IUSE="gtk4" RDEPEND=" diff --git a/net-vpn/ocserv/Manifest b/net-vpn/ocserv/Manifest index 6ecf2f227674..78a9512b8446 100644 --- a/net-vpn/ocserv/Manifest +++ b/net-vpn/ocserv/Manifest @@ -1,3 +1,4 @@ -DIST ocserv-1.0.1.tar.xz 787800 BLAKE2B 655a2a6e1434a5b31b157e0f73df3d6d04011c06fd5a1f39f1152752abdc837974c739bc0694a804a1e96b4e219c78c5cf1a58040bbcdcad3e326d0c9e584c7b SHA512 953e1b6084f68f8627b5383e28b5fcde987881e66feac645a40fa37d895f0711b171c9029c3703773dfbd5432d747f92c71af9240c2df3381599902a7d5fe880 -DIST ocserv-1.1.3.tar.xz 833320 BLAKE2B bdf92683df55cd26bc102327b233703eefd58ea18ef71ccfc383e06b7fdd78ca59d605ef3517f430f3a20e8d4ab2c3f8abf2684cedd2eb0aeefe10c688faab15 SHA512 1138bd530e41f215f75e967aa293e80504a0ffc3384184832910b7bf8dc2049a637c1d8bef0221b6abb3e6510e51fba3c45d43901c0d2e4c0f180e72c0804628 DIST ocserv-1.1.6.tar.xz 839744 BLAKE2B 3b3591588d9a5be4e723df739a5d8b4c33d78d536ecb169263c83cf8bedfdaab1a3d06e6dc11544acbede135626d37d98f2bc26b95ff80abb3f0e99f4688b7f6 SHA512 d1c5e5cf0e84aab168ed51516534df8b2968194dd1421f33563c61b3e47d5d79ebe9e6ffbf7cbcc9ff1242fae05151024f70ef586d063bec0b3eec00050bfdfa +DIST ocserv-1.1.6.tar.xz.sig 442 BLAKE2B d24c46783f273bd329267cb3ba4effe0280655867e619bf0a3e4191386fa8851541fcd8768b0b1068e594caaf510ceeccfc30641169679ec394706fdf1ebe319 SHA512 2a87768ad63d40053732fa011bbeb3532c9673296b9be299bf8f7d8dd3dd35571eee96c0b4fa9bf5a30633b4c844337ab3d562d6ea2b6ad8efca084eb5e6f502 +DIST ocserv-1.1.7.tar.xz 844140 BLAKE2B 0b89937ce74fcf83d6423458462b3a419f9604407c80e2fc4a732b3e481dfd98cc76f062e112bf93ee392b3f4cdf5fdd271997c878bbe4165f11fa282852ff90 SHA512 5b6182b98c0406a27dae7121ec0d8771b158e0d8ce2056bd35451c8ed087a8b7f7d40035f9db5c19aa9a9a3b2c6b07be8f0bad4b6b96569584815a5358202ba4 +DIST ocserv-1.1.7.tar.xz.sig 442 BLAKE2B f5c40ef16f3bd4fb3dadff0459a6ecf8fadae01733a3d718ec00f35980b08860f7947c04a99386209a391185590edaedc349e9cb6684159178cd91caaf2f11fd SHA512 96d2562fdf918f2b6ea829d747330a3be2e015ab25897e01bd0d387cb69ef3592aacabbeec9612e95eca1fbce6178a176dbf76d553b7626c09d453d216ddd63d diff --git a/net-vpn/ocserv/ocserv-1.0.1-r1.ebuild b/net-vpn/ocserv/ocserv-1.0.1-r1.ebuild deleted file mode 100644 index 30ecafc2b9cc..000000000000 --- a/net-vpn/ocserv/ocserv-1.0.1-r1.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 2019-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd - -DESCRIPTION="Openconnect SSL VPN server" -HOMEPAGE="https://ocserv.gitlab.io/www/index.html" -SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ppc64 x86" -IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" -RESTRICT="!test? ( test )" - -BDEPEND=" - virtual/pkgconfig - test? ( - net-libs/gnutls[tools(+)] - net-libs/socket_wrapper - net-vpn/openconnect - sys-libs/nss_wrapper - sys-libs/uid_wrapper - ) -" -DEPEND=" - dev-libs/libnl:3= - dev-libs/libev:0= - >=dev-libs/nettle-2.7:0= - dev-libs/pcl:0= - dev-libs/protobuf-c:0= - >=net-libs/gnutls-3.3.0:0= - net-libs/http-parser:0= - sys-libs/readline:0= - sys-libs/talloc:0= - virtual/libcrypt:= - geoip? ( dev-libs/geoip:0= ) - kerberos? ( virtual/krb5 ) - lz4? ( app-arch/lz4:0= ) - otp? ( sys-auth/oath-toolkit:0= ) - pam? ( sys-libs/pam:0= ) - radius? ( net-dialup/freeradius-client:0= ) - seccomp? ( sys-libs/libseccomp:0= ) - systemd? ( sys-apps/systemd:0= ) - tcpd? ( sys-apps/tcp-wrappers:0= ) -" -RDEPEND="${DEPEND}" - -src_configure() { - local myconf=( - --without-root-tests - --without-docker-tests - --without-nuttcp-tests - - $(use_enable seccomp) - $(use_enable systemd) - - $(use_with geoip) - $(use_with kerberos gssapi) - $(use_with lz4) - $(use_with otp liboath) - $(use_with radius) - $(use_with tcpd libwrap) - ) - econf "${myconf[@]}" -} - -src_install() { - default - - dodoc doc/sample.{config,passwd} - use otp && dodoc doc/sample.otp - - doinitd "${FILESDIR}"/ocserv - - if use systemd; then - systemd_dounit doc/systemd/socket-activated/ocserv.{service,socket} - else - systemd_dounit doc/systemd/standalone/ocserv.service - fi -} diff --git a/net-vpn/ocserv/ocserv-1.1.6.ebuild b/net-vpn/ocserv/ocserv-1.1.6.ebuild index 85c409912412..7b41838cadc2 100644 --- a/net-vpn/ocserv/ocserv-1.1.6.ebuild +++ b/net-vpn/ocserv/ocserv-1.1.6.ebuild @@ -1,4 +1,4 @@ -# Copyright 2019-2022 Gentoo Authors +# Copyright 2019-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,7 +9,11 @@ if [[ ${PV} == 9999 ]]; then inherit autotools git-r3 EGIT_REPO_URI="https://gitlab.com/openconnect/ocserv.git" else - SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" + inherit verify-sig + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/ocserv.asc" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-ocserv )" + SRC_URI="https://www.infradead.org/ocserv/download/${P}.tar.xz + verify-sig? ( https://www.infradead.org/ocserv/download/${P}.tar.xz.sig )" KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" fi @@ -21,7 +25,7 @@ SLOT="0" IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" RESTRICT="!test? ( test )" -BDEPEND=" +BDEPEND+=" virtual/pkgconfig test? ( net-libs/gnutls[tools(+)] diff --git a/net-vpn/ocserv/ocserv-1.1.3.ebuild b/net-vpn/ocserv/ocserv-1.1.7.ebuild index 459da4219219..06f0edf60a0d 100644 --- a/net-vpn/ocserv/ocserv-1.1.3.ebuild +++ b/net-vpn/ocserv/ocserv-1.1.7.ebuild @@ -1,21 +1,31 @@ -# Copyright 2019-2021 Gentoo Authors +# Copyright 2019-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit systemd +if [[ ${PV} == 9999 ]]; then + inherit autotools git-r3 + EGIT_REPO_URI="https://gitlab.com/openconnect/ocserv.git" +else + inherit verify-sig + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/ocserv.asc" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-ocserv )" + SRC_URI="https://www.infradead.org/ocserv/download/${P}.tar.xz + verify-sig? ( https://www.infradead.org/ocserv/download/${P}.tar.xz.sig )" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +fi + DESCRIPTION="Openconnect SSL VPN server" HOMEPAGE="https://ocserv.gitlab.io/www/index.html" -SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" RESTRICT="!test? ( test )" -BDEPEND=" +BDEPEND+=" virtual/pkgconfig test? ( net-libs/gnutls[tools(+)] @@ -23,6 +33,7 @@ BDEPEND=" net-vpn/openconnect sys-libs/nss_wrapper sys-libs/uid_wrapper + pam? ( sys-libs/pam_wrapper ) ) " DEPEND=" @@ -48,6 +59,13 @@ DEPEND=" " RDEPEND="${DEPEND}" +src_prepare() { + default + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi +} + src_configure() { local myconf=( --without-root-tests @@ -66,6 +84,11 @@ src_configure() { econf "${myconf[@]}" } +src_test() { + addwrite /proc + default +} + src_install() { default diff --git a/net-vpn/ocserv/ocserv-9999.ebuild b/net-vpn/ocserv/ocserv-9999.ebuild index b28feddc1b05..f2240dd6718d 100644 --- a/net-vpn/ocserv/ocserv-9999.ebuild +++ b/net-vpn/ocserv/ocserv-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 2019-2022 Gentoo Authors +# Copyright 2019-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,7 +9,11 @@ if [[ ${PV} == 9999 ]]; then inherit autotools git-r3 EGIT_REPO_URI="https://gitlab.com/openconnect/ocserv.git" else - SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz" + inherit verify-sig + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/ocserv.asc" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-ocserv )" + SRC_URI="https://www.infradead.org/ocserv/download/${P}.tar.xz + verify-sig? ( https://www.infradead.org/ocserv/download/${P}.tar.xz.sig )" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" fi @@ -21,7 +25,7 @@ SLOT="0" IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test" RESTRICT="!test? ( test )" -BDEPEND=" +BDEPEND+=" virtual/pkgconfig test? ( net-libs/gnutls[tools(+)] diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest index a855a2300764..24ba24e5dd3f 100644 --- a/net-vpn/openconnect/Manifest +++ b/net-vpn/openconnect/Manifest @@ -1 +1,2 @@ -DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34 +DIST openconnect-9.12.tar.gz 2843115 BLAKE2B cd5f65ae0d67bece3e5aacdfb4c5c73c893d45d756554a1b6e39e66af5c6a171735d535ca7b16ed94244d02798d3c43a45b252ba05ddb0f3505f1fafc2ec0de9 SHA512 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e +DIST openconnect-9.12.tar.gz.asc 833 BLAKE2B c974439cef74eea9698a0b565c0d49c6026a0afe322739d5adfee2d484279d7366c6c3c703019ff2492eb3d5725de8e0fe4505d9e3a0e5b6d36201974d20a223 SHA512 ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c diff --git a/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch b/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch deleted file mode 100644 index c9b28913ce9f..000000000000 --- a/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c0775e6cd46fb5df6c6aab52314e3038c44d2152 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Fri, 19 Aug 2022 11:55:42 -0400 -Subject: [PATCH] jsondump.c: include <inttypes.h> for PRId64 - -Fixes a build failure with gnutls and a json-parser snapshot taken on -2021-12-08. - -Building with openssl or with the bundled copy of json-parser causes -inttypes.h to be included indirectly. - -Bug: https://bugs.gentoo.org/865797 -Signed-off-by: Mike Gilbert <floppym@gentoo.org> ---- - jsondump.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jsondump.c b/jsondump.c -index a18780b5..2b097e8a 100644 ---- a/jsondump.c -+++ b/jsondump.c -@@ -24,6 +24,7 @@ - #include <string.h> - #include <ctype.h> - #include <errno.h> -+#include <inttypes.h> - - /* - * Copyright (C) 2015 Mirko Pasqualetti All rights reserved. --- -GitLab - diff --git a/net-vpn/openconnect/openconnect-9.01.ebuild b/net-vpn/openconnect/openconnect-9.01.ebuild deleted file mode 100644 index d7f9969df415..000000000000 --- a/net-vpn/openconnect/openconnect-9.01.ebuild +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright 2011-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..10} ) -PYTHON_REQ_USE="xml(+)" - -inherit linux-info python-any-r1 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" - inherit git-r3 autotools -else - SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" -fi - -DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" -HOMEPAGE="https://www.infradead.org/openconnect/" - -LICENSE="LGPL-2.1 GPL-2" -SLOT="0/5" -IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - dev-libs/libxml2 - sys-libs/zlib - app-crypt/p11-kit - !gnutls? ( - >=dev-libs/openssl-1.0.1h:0= - dev-libs/libp11 - ) - gnutls? ( - app-crypt/trousers - app-misc/ca-certificates - dev-libs/nettle - >=net-libs/gnutls-3.6.13:0= - dev-libs/libtasn1:0= - app-crypt/tpm2-tss:= - ) - gssapi? ( virtual/krb5 ) - libproxy? ( net-libs/libproxy ) - lz4? ( app-arch/lz4:= ) - nls? ( virtual/libintl ) - pskc? ( sys-auth/oath-toolkit[pskc] ) - smartcard? ( sys-apps/pcsc-lite:0= ) - stoken? ( app-crypt/stoken ) -" -DEPEND="${COMMON_DEPEND} - test? ( - net-libs/socket_wrapper - sys-libs/uid_wrapper - !gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] ) - ) -" -RDEPEND="${COMMON_DEPEND} - sys-apps/iproute2 - >=net-vpn/vpnc-scripts-20210402-r1 - selinux? ( sec-policy/selinux-vpn ) -" -BDEPEND=" - virtual/pkgconfig - doc? ( ${PYTHON_DEPS} sys-apps/groff ) - nls? ( sys-devel/gettext ) - test? ( net-vpn/ocserv ) -" - -CONFIG_CHECK="~TUN" - -pkg_pretend() { - check_extra_config -} - -pkg_setup() { - : -} - -src_unpack() { - if [[ ${PV} == 9999 ]]; then - git-r3_src_unpack - fi - default -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/openconnect-9.01-inttypes.patch" - ) - default - if [[ ${PV} == 9999 ]]; then - eautoreconf - fi -} - -src_configure() { - if use doc; then - python_setup - else - export ac_cv_path_PYTHON= - fi - - # Used by tests if userpriv is disabled - addwrite /run/netns - - local myconf=( - --disable-dsa-tests - $(use_enable nls) - --disable-static - $(use_with !gnutls openssl) - $(use_with gnutls) - $(use_with libproxy) - $(use_with lz4) - $(use_with gssapi) - $(use_with pskc libpskc) - $(use_with smartcard libpcsclite) - $(use_with stoken) - --with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script" - --with-builtin-json - --without-java - ) - - econf "${myconf[@]}" -} - -src_test() { - local charset - for charset in UTF-8 ISO-8859-2; do - if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then - # If we don't have valid cs_CZ locale data, auth-nonascii will fail. - # Force a test skip by exiting with status 77. - sed -i -e '2i exit 77' tests/auth-nonascii || die - break - fi - done - default -} - -src_install() { - default - find "${ED}" -name '*.la' -delete || die - - dodoc "${FILESDIR}"/README.OpenRC - - newconfd "${FILESDIR}"/openconnect.confd openconnect - newinitd "${FILESDIR}"/openconnect.initd openconnect - - insinto /etc/logrotate.d - newins "${FILESDIR}"/openconnect.logrotate openconnect - - keepdir /var/log/openconnect -} diff --git a/net-vpn/openconnect/openconnect-9.01-r1.ebuild b/net-vpn/openconnect/openconnect-9.12.ebuild index d057ec1baeba..52dfc9e65b7f 100644 --- a/net-vpn/openconnect/openconnect-9.01-r1.ebuild +++ b/net-vpn/openconnect/openconnect-9.12.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) PYTHON_REQ_USE="xml(+)" inherit linux-info python-any-r1 @@ -12,8 +12,10 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" inherit git-r3 autotools else - SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" + inherit verify-sig + SRC_URI="https://www.infradead.org/openconnect/download/${P}.tar.gz + verify-sig? ( https://www.infradead.org/openconnect/download/${P}.tar.gz.asc )" + KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" fi DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" @@ -45,7 +47,7 @@ COMMON_DEPEND=" libproxy? ( net-libs/libproxy ) lz4? ( app-arch/lz4:= ) nls? ( virtual/libintl ) - pskc? ( sys-auth/oath-toolkit[pskc] ) + pskc? ( sys-auth/oath-toolkit[pskc(+)] ) smartcard? ( sys-apps/pcsc-lite:0= ) stoken? ( app-crypt/stoken ) " @@ -68,6 +70,11 @@ BDEPEND=" test? ( net-vpn/ocserv ) " +if [[ ${PV} != 9999 ]]; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-dwmw2 )" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/dwmw2@kernel.org.key" +fi + CONFIG_CHECK="~TUN" pkg_pretend() { @@ -78,17 +85,7 @@ pkg_setup() { : } -src_unpack() { - if [[ ${PV} == 9999 ]]; then - git-r3_src_unpack - fi - default -} - src_prepare() { - local PATCHES=( - "${FILESDIR}/openconnect-9.01-inttypes.patch" - ) default if [[ ${PV} == 9999 ]]; then eautoreconf @@ -135,6 +132,7 @@ src_test() { break fi done + addwrite /proc default } diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild index 1cee385ebd45..27ee9b53a66c 100644 --- a/net-vpn/openconnect/openconnect-9999.ebuild +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{9..11} ) PYTHON_REQ_USE="xml(+)" inherit linux-info python-any-r1 @@ -12,8 +12,10 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" inherit git-r3 autotools else - SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" - KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" + inherit verify-sig + SRC_URI="https://www.infradead.org/openconnect/download/${P}.tar.gz + verify-sig? ( https://www.infradead.org/openconnect/download/${P}.tar.gz.asc )" + KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" fi DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" @@ -45,7 +47,7 @@ COMMON_DEPEND=" libproxy? ( net-libs/libproxy ) lz4? ( app-arch/lz4:= ) nls? ( virtual/libintl ) - pskc? ( sys-auth/oath-toolkit[pskc] ) + pskc? ( sys-auth/oath-toolkit[pskc(+)] ) smartcard? ( sys-apps/pcsc-lite:0= ) stoken? ( app-crypt/stoken ) " @@ -68,6 +70,11 @@ BDEPEND=" test? ( net-vpn/ocserv ) " +if [[ ${PV} != 9999 ]]; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-dwmw2 )" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/dwmw2@kernel.org.key" +fi + CONFIG_CHECK="~TUN" pkg_pretend() { @@ -78,13 +85,6 @@ pkg_setup() { : } -src_unpack() { - if [[ ${PV} == 9999 ]]; then - git-r3_src_unpack - fi - default -} - src_prepare() { default if [[ ${PV} == 9999 ]]; then @@ -132,6 +132,7 @@ src_test() { break fi done + addwrite /proc default } diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest index 674cf4fbac1c..b88e7b43c9a1 100644 --- a/net-vpn/openfortivpn/Manifest +++ b/net-vpn/openfortivpn/Manifest @@ -1 +1,3 @@ DIST openfortivpn-1.19.0.tar.gz 168962 BLAKE2B f2cff6f89a0662aca5911f6c3ef5953181383d4a66a41df83916c551338f07364436a174de39874cb654d6538955ac5d0a57a875facf2cc9b8c8a27a48df7fbf SHA512 4f4179178cbf2fc03ddebdfd4197c03a7108ecfa5216d5f11d80b2e3b840816f0a9a59714f58ecdcf966b76eb9b459e0bf78901940120ed1aa1cf69021385a53 +DIST openfortivpn-1.20.2.tar.gz 167680 BLAKE2B fec9ef5f38af6cf32283cb281d0871115c3ddface35bbbe5fb96cd132cf2f586bd21ddaf55424bc902ea3984472109ec40ee4fd16706d10cc1795b4d68216b1d SHA512 e3ad8e74f7ba05f61df464af8a6ff6ba41e0c73ad52fbb9eaa9485814788a4636800b91cdd88f88caecbc9e305b2759a628b02fbe2eaf12d33c7912bb3ce065b +DIST openfortivpn-1.20.3.tar.gz 168568 BLAKE2B ef6132c354c0348d09584675d7fe0213bf67f78df6ef36434f7e7d5166e6a7ec2dd4352613271f208a72b7666a6259642156bd297485714f9bc53f09fd2dce17 SHA512 38a1b208c2cbba1b1f723d6f8a2e178970b8fd384dbb424c38654821d56fc1652bae27b7593cd6af3c08d7c9b8cf97550185905b690e6eae7222b31aea266f01 diff --git a/net-vpn/openfortivpn/files/openfortivpn-1.02.3-systemd_substitute_bin_and_sysconfig_dirs.patch b/net-vpn/openfortivpn/files/openfortivpn-1.02.3-systemd_substitute_bin_and_sysconfig_dirs.patch new file mode 100644 index 000000000000..e9435f3054ed --- /dev/null +++ b/net-vpn/openfortivpn/files/openfortivpn-1.02.3-systemd_substitute_bin_and_sysconfig_dirs.patch @@ -0,0 +1,11 @@ +--- a/lib/systemd/system/openfortivpn@.service.in ++++ b/lib/systemd/system/openfortivpn@.service.in +@@ -9,7 +9,7 @@ Documentation=https://github.com/adrienverge/openfortivpn/wiki + [Service] + Type=notify + PrivateTmp=true +-ExecStart=@BINDIR@/openfortivpn -c @SYSCONFDIR@/openfortivpn/%I.conf ++ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf + Restart=on-failure + OOMScoreAdjust=-100 + diff --git a/net-vpn/openfortivpn/files/openfortivpn-1.20.3-pppd-ipcp-accept-remote.patch b/net-vpn/openfortivpn/files/openfortivpn-1.20.3-pppd-ipcp-accept-remote.patch new file mode 100644 index 000000000000..d7bffeb28971 --- /dev/null +++ b/net-vpn/openfortivpn/files/openfortivpn-1.20.3-pppd-ipcp-accept-remote.patch @@ -0,0 +1,33 @@ +https://github.com/adrienverge/openfortivpn/pull/1111 +https://bugs.gentoo.org/907404 + +From 3b54df0a84b755fc8d35e8081b2fc6152b006a5b Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Tue, 30 May 2023 16:28:52 -0400 +Subject: [PATCH] Pass ipcp-accept-remote to pppd + +Since https://github.com/ppp-project/ppp/commit/9fe8923419a954fedf8b6d1a6cc07b45f165c1ab, +pppd refuses to accept a different remote IP if we explictly pass one on +the command line. This results in an error like: + +pppd: Peer refused to agree to his IP address + +Passing ipcp-accept-remote disables this behavior. + +Bug: https://bugs.gentoo.org/907404 +--- + src/tunnel.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tunnel.c b/src/tunnel.c +index 2b063edd..30a09597 100644 +--- a/src/tunnel.c ++++ b/src/tunnel.c +@@ -236,6 +236,7 @@ static int pppd_run(struct tunnel *tunnel) + ":169.254.2.1", // <local_IP_address>:<remote_IP_address> + "noipdefault", + "ipcp-accept-local", ++ "ipcp-accept-remote", + "noaccomp", + "noauth", + "default-asyncmap", diff --git a/net-vpn/openfortivpn/openfortivpn-1.20.2.ebuild b/net-vpn/openfortivpn/openfortivpn-1.20.2.ebuild new file mode 100644 index 000000000000..ad5cd7e9678b --- /dev/null +++ b/net-vpn/openfortivpn/openfortivpn-1.20.2.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools linux-info + +DESCRIPTION="Fortinet compatible VPN client" +HOMEPAGE="https://github.com/adrienverge/openfortivpn" +SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3-with-openssl-exception openssl" +SLOT="0" +KEYWORDS="amd64" + +DEPEND=" + dev-libs/openssl:0= + <net-dialup/ppp-2.5.0 +" +RDEPEND="${DEPEND}" + +CONFIG_CHECK="~PPP ~PPP_ASYNC" + +PATCHES=( + "${FILESDIR}/systemd_substitute_bin_and_sysconfig_dirs.patch" +) + +src_prepare() { + default + + sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am" + + eautoreconf +} + +src_install() { + default + + keepdir /etc/openfortivpn +} diff --git a/net-vpn/openfortivpn/openfortivpn-1.20.3-r2.ebuild b/net-vpn/openfortivpn/openfortivpn-1.20.3-r2.ebuild new file mode 100644 index 000000000000..d1eab994abc1 --- /dev/null +++ b/net-vpn/openfortivpn/openfortivpn-1.20.3-r2.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools linux-info + +DESCRIPTION="Fortinet compatible VPN client" +HOMEPAGE="https://github.com/adrienverge/openfortivpn" +SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3-with-openssl-exception openssl" +SLOT="0" +KEYWORDS="amd64" + +DEPEND=" + dev-libs/openssl:= + net-dialup/ppp +" +RDEPEND="${DEPEND}" + +CONFIG_CHECK="~PPP ~PPP_ASYNC" + +PATCHES=( + "${FILESDIR}"/${PN}-1.02.3-systemd_substitute_bin_and_sysconfig_dirs.patch + "${FILESDIR}"/openfortivpn-1.20.3-pppd-ipcp-accept-remote.patch +) + +src_prepare() { + default + + sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am" + + eautoreconf +} + +src_install() { + default + + keepdir /etc/openfortivpn +} diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest index a9466b552aa3..00d142186b29 100644 --- a/net-vpn/openvpn/Manifest +++ b/net-vpn/openvpn/Manifest @@ -1,3 +1,4 @@ DIST openvpn-2.5.2.tar.xz 1134644 BLAKE2B 59aa0c540894de4cfb37ad4c3139eb69a35d317e3de490f71b185a979989c1253221091a30bfb2ee5243fcfae190605e9787051de079eee79e57bd63392c42d5 SHA512 ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0 DIST openvpn-2.5.6.tar.xz 1150352 BLAKE2B 509821eca9d40c5579700e05e560b906ddee5abb0c51a9a210e2e998cdd9606f734d43d3bec8c473cc4f0aaa1e265e7f05202aa606247ebde8844c0243165fac SHA512 f0f0600df013431af804ace70ea86ac064917acdeaad3759b5d5eaa4a8dc3738d6da6df4c16bbb23443e3493487541cb8b10b89f9f0b40a17caa6e6fc46e0adb DIST openvpn-2.5.7.tar.xz 1150476 BLAKE2B e8d24a8be8ff97072ef3b76dbec15cd6e7097ebe99f680d759f213cb5643d7b4a29664d2a96e6efe1d6ee858a6d6b3f23c6d12cf74f202fbe8cc48642f18dba6 SHA512 9a3234b479f5bab12b8c3af7691f175f8cd32f2929dd27efc16e96e14dbb8e07421e623869ad5ffc2d7e65f2266817d1583723033f3646b9913b10ec6d014b44 +DIST openvpn-2.6.4.tar.gz 1861178 BLAKE2B 584fc3950732d6a1db417811f6e330a154537207f6c9543ab03b1c1a886a98a0aee7d1649055a9f7944555ae8865602be15fd8e23b67258917f1adebde050099 SHA512 903ac41691c26e8e4ad65c9b6fb5e75db2caf2e4079d3c4cb61a44e51be9991508f53a1dd8b4b863b4ac86088ad1a705d22131df1e25612560c9f4276d8190ec diff --git a/net-vpn/openvpn/metadata.xml b/net-vpn/openvpn/metadata.xml index 8e2bb32b6432..f3e8394e706a 100644 --- a/net-vpn/openvpn/metadata.xml +++ b/net-vpn/openvpn/metadata.xml @@ -13,6 +13,7 @@ configurable VPN daemon which can be used to securely link two or more networks using an encrypted tunnel.</longdescription> <use> + <flag name="dco">Enable support for kernel data channel offload</flag> <flag name="down-root">Enable the down-root plugin</flag> <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag> <flag name="mbedtls">Use mbed TLS as the backend crypto library</flag> diff --git a/net-vpn/openvpn/openvpn-2.5.2-r3.ebuild b/net-vpn/openvpn/openvpn-2.5.2-r3.ebuild index de73a33181b3..e44ea7ef4373 100644 --- a/net-vpn/openvpn/openvpn-2.5.2-r3.ebuild +++ b/net-vpn/openvpn/openvpn-2.5.2-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ if [[ ${PV} == "9999" ]]; then inherit git-r3 else SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86" fi LICENSE="GPL-2" diff --git a/net-vpn/openvpn/openvpn-2.5.6-r1.ebuild b/net-vpn/openvpn/openvpn-2.5.6-r1.ebuild index 3942cd63a328..3636e8880907 100644 --- a/net-vpn/openvpn/openvpn-2.5.6-r1.ebuild +++ b/net-vpn/openvpn/openvpn-2.5.6-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ if [[ ${PV} == "9999" ]]; then inherit git-r3 else SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86" fi LICENSE="GPL-2" diff --git a/net-vpn/openvpn/openvpn-2.5.7-r1.ebuild b/net-vpn/openvpn/openvpn-2.5.7-r1.ebuild index 54dbaa5b93e0..d4f1ab61a2e6 100644 --- a/net-vpn/openvpn/openvpn-2.5.7-r1.ebuild +++ b/net-vpn/openvpn/openvpn-2.5.7-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ if [[ ${PV} == "9999" ]]; then inherit git-r3 else SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~sparc x86" fi LICENSE="GPL-2" diff --git a/net-vpn/openvpn/openvpn-2.6.4.ebuild b/net-vpn/openvpn/openvpn-2.6.4.ebuild new file mode 100644 index 000000000000..8106d2d58fba --- /dev/null +++ b/net-vpn/openvpn/openvpn-2.6.4.ebuild @@ -0,0 +1,195 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools systemd linux-info tmpfiles + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +HOMEPAGE="https://openvpn.net/" + +if [[ ${PV} == "9999" ]]; then + EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" + inherit git-r3 +else + SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~loong ~ppc ppc64 ~riscv x86" +fi + +LICENSE="GPL-2" +SLOT="0" + +IUSE="dco down-root examples inotify iproute2 +lz4 +lzo mbedtls +openssl" +IUSE+=" pam pkcs11 +plugins selinux systemd test" + +RESTRICT="!test? ( test )" +REQUIRED_USE=" + ^^ ( openssl mbedtls ) + pkcs11? ( !mbedtls ) + !plugins? ( !pam !down-root ) + inotify? ( plugins ) + dco? ( !iproute2 ) +" + +CDEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) + ) + lz4? ( app-arch/lz4 ) + lzo? ( >=dev-libs/lzo-1.07 ) + mbedtls? ( net-libs/mbedtls:= ) + openssl? ( >=dev-libs/openssl-1.0.2:0= ) + pam? ( sys-libs/pam ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd ) + dco? ( >=net-vpn/ovpn-dco-0.2 >=dev-libs/libnl-3.2.29:= ) + sys-libs/libcap-ng:= +" + +BDEPEND="virtual/pkgconfig" + +DEPEND="${CDEPEND} + test? ( dev-util/cmocka ) +" +RDEPEND="${CDEPEND} + acct-group/openvpn + acct-user/openvpn + selinux? ( sec-policy/selinux-openvpn ) +" + +if [[ ${PV} = "9999" ]]; then + BDEPEND+=" dev-python/docutils" +fi + +pkg_setup() { + local CONFIG_CHECK="~TUN" + linux-info_pkg_setup +} + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + local -a myeconfargs + + if ! use mbedtls; then + myeconfargs+=( + $(use_enable pkcs11) + ) + fi + + myeconfargs+=( + $(use_enable inotify async-push) + --with-crypto-library=$(usex mbedtls mbedtls openssl) + $(use_enable lz4) + $(use_enable lzo) + $(use_enable plugins) + $(use_enable iproute2) + $(use_enable pam plugin-auth-pam) + $(use_enable down-root plugin-down-root) + $(use_enable systemd) + $(use_enable dco) + ) + + SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ + TMPFILES_DIR="/usr/lib/tmpfiles.d" \ + IPROUTE=$(usex iproute2 '/bin/ip' '') \ + econf "${myeconfargs[@]}" +} + +src_test() { + local -x RUN_SUDO=false + + elog "Running top-level tests" + emake check + + pushd tests/unit_tests &>/dev/null || die + elog "Running unit tests" + emake check + popd &>/dev/null || die +} + +src_install() { + default + + find "${ED}/usr" -name '*.la' -delete || die + + # install documentation + dodoc AUTHORS ChangeLog PORTS README + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # (is the below comment relevant anymore?) + ## dodoc does not supportly support directory traversal, #15193 + docinto examples + dodoc -r sample contrib + fi + + # https://bugs.gentoo.org/755680#c3 + doman doc/openvpn.8 +} + +pkg_postinst() { + tmpfiles_process openvpn.conf + + if use x64-macos ; then + elog "You might want to install tuntaposx for TAP interface support:" + elog "http://tuntaposx.sourceforge.net" + fi + + if systemd_is_booted || has_version sys-apps/systemd ; then + elog "In order to use OpenVPN with systemd please use the correct systemd service file." + elog "" + elog "server:" + elog "" + elog "- Place your server configuration file in /etc/openvpn/server" + elog "- Use the openvpn-server@.service like so" + elog "systemctl start openvpn-server@{Server-config}" + elog "" + elog "client:" + elog "" + elog "- Place your client configuration file in /etc/openvpn/client" + elog "- Use the openvpn-client@.service like so:" + elog "systemctl start openvpn-client@{Client-config}" + else + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + fi + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" + fi +} diff --git a/net-vpn/openvpn/openvpn-9999.ebuild b/net-vpn/openvpn/openvpn-9999.ebuild index b8189f16f79b..957b6246fb6c 100644 --- a/net-vpn/openvpn/openvpn-9999.ebuild +++ b/net-vpn/openvpn/openvpn-9999.ebuild @@ -1,27 +1,25 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools flag-o-matic systemd linux-info tmpfiles +inherit autotools systemd linux-info tmpfiles DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" HOMEPAGE="https://openvpn.net/" if [[ ${PV} == "9999" ]]; then EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" - EGIT_SUBMODULES=(-cmocka) - inherit git-r3 else - SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" + SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" fi LICENSE="GPL-2" SLOT="0" -IUSE="down-root examples inotify iproute2 +lz4 +lzo mbedtls +openssl" +IUSE="dco down-root examples inotify iproute2 +lz4 +lzo mbedtls +openssl" IUSE+=" pam pkcs11 +plugins selinux systemd test" RESTRICT="!test? ( test )" @@ -30,6 +28,7 @@ REQUIRED_USE=" pkcs11? ( !mbedtls ) !plugins? ( !pam !down-root ) inotify? ( plugins ) + dco? ( !iproute2 ) " CDEPEND=" @@ -39,10 +38,12 @@ CDEPEND=" lz4? ( app-arch/lz4 ) lzo? ( >=dev-libs/lzo-1.07 ) mbedtls? ( net-libs/mbedtls:= ) - openssl? ( >=dev-libs/openssl-0.9.8:0= ) + openssl? ( >=dev-libs/openssl-1.0.2:0= ) pam? ( sys-libs/pam ) pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) systemd? ( sys-apps/systemd ) + dco? ( >=net-vpn/ovpn-dco-0.2 >=dev-libs/libnl-3.2.29:= ) + sys-libs/libcap-ng:= " BDEPEND="virtual/pkgconfig" @@ -60,11 +61,6 @@ if [[ ${PV} = "9999" ]]; then BDEPEND+=" dev-python/docutils" fi -PATCHES=( - "${FILESDIR}"/openvpn-2.5.0-auth-pam-missing-header.patch - "${FILESDIR}"/openvpn-2.5.2-detect-python-rst2man.patch -) - pkg_setup() { local CONFIG_CHECK="~TUN" linux-info_pkg_setup @@ -95,6 +91,7 @@ src_configure() { $(use_enable pam plugin-auth-pam) $(use_enable down-root plugin-down-root) $(use_enable systemd) + $(use_enable dco) ) SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ @@ -121,7 +118,7 @@ src_install() { find "${ED}/usr" -name '*.la' -delete || die # install documentation - dodoc AUTHORS ChangeLog PORTS README README.IPv6 + dodoc AUTHORS ChangeLog PORTS README # Install some helper scripts keepdir /etc/openvpn diff --git a/net-vpn/ovpn-dco/Manifest b/net-vpn/ovpn-dco/Manifest new file mode 100644 index 000000000000..0bf39dfae04a --- /dev/null +++ b/net-vpn/ovpn-dco/Manifest @@ -0,0 +1 @@ +DIST ovpn-dco-0.2.20230426.tar.gz 70341 BLAKE2B 95d468212a161f13659185d7e96b11afac63a8dd40aaf42a41463927a7f75b1d1ab2388bab5749c0127a07a8bf5d4a5a97626c0d782595f3d0561be4063d931c SHA512 929333fd0668008be77b57b3a0955c260770d91402e02d93a460569b8b17763ebe23eb6159bfefe04fa16fad2672d6a6c76e2f3c2e6b864593bef59ef3cfa29f diff --git a/net-vpn/ovpn-dco/files/0001-ovpn-dco-include-new-GSO-header-file.patch b/net-vpn/ovpn-dco/files/0001-ovpn-dco-include-new-GSO-header-file.patch new file mode 100644 index 000000000000..50e748cb5f0d --- /dev/null +++ b/net-vpn/ovpn-dco/files/0001-ovpn-dco-include-new-GSO-header-file.patch @@ -0,0 +1,76 @@ +From dba96d203f960356b477291d6a58d30fc096fbe4 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli <antonio@openvpn.net> +Date: Wed, 16 Aug 2023 22:15:01 +0200 +Subject: [PATCH] ovpn-dco: include new GSO header file + +GSO code has ben moved to its own files, therefore a new header +needs to be included accordingly. + +This patch also provides some compat files so that ovpn-dco can +continue to compile also on older kernels. + +Fixes: https://github.com/OpenVPN/ovpn-dco/issues/42 +Signed-off-by: Antonio Quartulli <antonio@openvpn.net> +--- + Makefile | 4 ++-- + compat-include/net/gso.h | 20 ++++++++++++++++++++ + drivers/net/ovpn-dco/ovpn.c | 1 + + 3 files changed, 23 insertions(+), 2 deletions(-) + create mode 100644 compat-include/net/gso.h + +diff --git a/Makefile b/Makefile +index a36a4d2..fe535e2 100644 +--- a/Makefile ++++ b/Makefile +@@ -34,8 +34,8 @@ ELFLAG := $(EL8FLAG) $(EL9FLAG) + NOSTDINC_FLAGS += \ + -I$(PWD)/include/ \ + $(CFLAGS) $(ELFLAG) \ +- -include $(PWD)/linux-compat.h +-# -I$(PWD)/compat-include/ ++ -include $(PWD)/linux-compat.h \ ++ -I$(PWD)/compat-include/ + + ifneq ($(REVISION),) + NOSTDINC_FLAGS += -DOVPN_DCO_VERSION=\"$(REVISION)\" +diff --git a/compat-include/net/gso.h b/compat-include/net/gso.h +new file mode 100644 +index 0000000..2e41c8b +--- /dev/null ++++ b/compat-include/net/gso.h +@@ -0,0 +1,20 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++/* OpenVPN data channel accelerator ++ * ++ * Copyright (C) 2023 OpenVPN, Inc. ++ * ++ * Author: Antonio Quartulli <antonio@openvpn.net> ++ */ ++ ++#ifndef _NET_OVPN_COMPAT_NET_GSO_H ++#define _NET_OVPN_COMPAT_NET_GSO_H ++ ++#include <linux/version.h> ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 10) ++#include_next <net/gso.h> ++#else ++#include <linux/netdevice.h> ++#endif ++ ++#endif /* _NET_OVPN_COMPAT_NET_GSO_H */ +diff --git a/drivers/net/ovpn-dco/ovpn.c b/drivers/net/ovpn-dco/ovpn.c +index 772a34b..82e9f94 100644 +--- a/drivers/net/ovpn-dco/ovpn.c ++++ b/drivers/net/ovpn-dco/ovpn.c +@@ -22,6 +22,7 @@ + #include "udp.h" + + #include <linux/workqueue.h> ++#include <net/gso.h> + #include <uapi/linux/if_ether.h> + + static const unsigned char ovpn_keepalive_message[] = { +-- +2.41.0 + diff --git a/net-vpn/ovpn-dco/metadata.xml b/net-vpn/ovpn-dco/metadata.xml new file mode 100644 index 000000000000..747c7bc21234 --- /dev/null +++ b/net-vpn/ovpn-dco/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>williamh@gentoo.org</email> + <name>William Hubbs</name> + </maintainer> + <longdescription>This kernel module allows OpenVPN to offload any data plane management to the +linux kernel, thus allowing it to exploit any Linux low level API, while avoiding +expensive and slow payload transfer between kernel space and user space.</longdescription> + <use> + <flag name="debug">Enable debug output in dmesg</flag> + </use> + <upstream> + <remote-id type="github">OpenVPN/ovpn-dco</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/ovpn-dco/ovpn-dco-0.2.20230426.ebuild b/net-vpn/ovpn-dco/ovpn-dco-0.2.20230426.ebuild new file mode 100644 index 000000000000..b5ed651bbd09 --- /dev/null +++ b/net-vpn/ovpn-dco/ovpn-dco-0.2.20230426.ebuild @@ -0,0 +1,62 @@ +# Copyright 2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic linux-mod-r1 + +DESCRIPTION="OpenVPN Data Channel Offload in the linux kernel" +HOMEPAGE="https://github.com/OpenVPN/ovpn-dco" + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/OpenVPN/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~loong ~ppc ppc64 ~riscv x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug" + +PATCHES=( + "${FILESDIR}"/0001-ovpn-dco-include-new-GSO-header-file.patch +) + +pkg_setup() { + CONFIG_CHECK=" + INET + NET + NET_UDP_TUNNEL + DST_CACHE + CRYPTO + CRYPTO_AES + CRYPTO_GCM + CRYPTO_CHACHA20POLY1305" + + linux-mod-r1_pkg_setup +} + +src_configure() { + # Causes build failures because it builds with -pg, + # bug #907744 + filter-flags -fomit-frame-pointer + default +} + +src_compile() { + local modlist=( "ovpn-dco-v2=updates:.:drivers/net/ovpn-dco" ) + local modargs=( KERNEL_SRC="${KERNEL_DIR}" ) + [[ ${PV} != 9999 ]] && modargs+=( REVISION="${PV}" ) + use debug && modargs+=( DEBUG=1 ) + + linux-mod-r1_src_compile +} + +src_install() { + linux-mod-r1_src_install + + insinto /usr/share/${PN} + doins -r include +} diff --git a/net-vpn/ovpn-dco/ovpn-dco-9999.ebuild b/net-vpn/ovpn-dco/ovpn-dco-9999.ebuild new file mode 100644 index 000000000000..3d07f86aeabc --- /dev/null +++ b/net-vpn/ovpn-dco/ovpn-dco-9999.ebuild @@ -0,0 +1,58 @@ +# Copyright 2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic linux-mod-r1 + +DESCRIPTION="OpenVPN Data Channel Offload in the linux kernel" +HOMEPAGE="https://github.com/OpenVPN/ovpn-dco" + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/OpenVPN/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug" + +pkg_setup() { + CONFIG_CHECK=" + INET + NET + NET_UDP_TUNNEL + DST_CACHE + CRYPTO + CRYPTO_AES + CRYPTO_GCM + CRYPTO_CHACHA20POLY1305" + + linux-mod-r1_pkg_setup +} + +src_configure() { + # Causes build failures because it builds with -pg, + # bug #907744 + filter-flags -fomit-frame-pointer + default +} + +src_compile() { + local modlist=( "ovpn-dco-v2=updates:.:drivers/net/ovpn-dco" ) + local modargs=( KERNEL_SRC="${KERNEL_DIR}" ) + [[ ${PV} != 9999 ]] && modargs+=( REVISION="${PV}" ) + use debug && modargs+=( DEBUG=1 ) + + linux-mod-r1_src_compile +} + +src_install() { + linux-mod-r1_src_install + + insinto /usr/share/${PN} + doins -r include +} diff --git a/net-vpn/pptpd/files/pptpd-1.4.0-ppp-2.5.0.patch b/net-vpn/pptpd/files/pptpd-1.4.0-ppp-2.5.0.patch new file mode 100644 index 000000000000..b3525052a873 --- /dev/null +++ b/net-vpn/pptpd/files/pptpd-1.4.0-ppp-2.5.0.patch @@ -0,0 +1,83 @@ +https://bugs.gentoo.org/904877 + +From ea207b89c61e3a201155b973307ee45413f0d058 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Fri, 28 Apr 2023 16:37:44 -0400 +Subject: [PATCH] pptp-logwtmp: update for ppp-2.5.0 + +Signed-off-by: Mike Gilbert <floppym@gentoo.org> +--- + plugins/pptpd-logwtmp.c | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +diff --git a/plugins/pptpd-logwtmp.c b/plugins/pptpd-logwtmp.c +index ac5ecc2..457bbce 100644 +--- a/plugins/pptpd-logwtmp.c ++++ b/plugins/pptpd-logwtmp.c +@@ -12,14 +12,16 @@ + #include <unistd.h> + #include <utmp.h> + #include <string.h> ++#include <limits.h> + #include <pppd/pppd.h> ++#include <pppd/options.h> + +-char pppd_version[] = VERSION; ++char pppd_version[] = PPPD_VERSION; + + static char pptpd_original_ip[PATH_MAX+1]; + static bool pptpd_logwtmp_strip_domain = 0; + +-static option_t options[] = { ++static struct option options[] = { + { "pptpd-original-ip", o_string, pptpd_original_ip, + "Original IP address of the PPTP connection", + OPT_STATIC, NULL, PATH_MAX }, +@@ -28,7 +30,7 @@ static option_t options[] = { + { NULL } + }; + +-static char *reduce(char *user) ++static const char *reduce(const char *user) + { + char *sep; + if (!pptpd_logwtmp_strip_domain) return user; +@@ -42,8 +44,10 @@ static char *reduce(char *user) + + static void ip_up(void *opaque, int arg) + { +- char *user = reduce(peer_authname); +- if (debug) ++ const char *peer_authname = ppp_peer_authname(NULL, 0); ++ const char *user = reduce(peer_authname); ++ const char *ifname = ppp_ifname(); ++ if (debug_on()) + notice("pptpd-logwtmp.so ip-up %s %s %s", ifname, user, + pptpd_original_ip); + logwtmp(ifname, user, pptpd_original_ip); +@@ -51,16 +55,17 @@ static void ip_up(void *opaque, int arg) + + static void ip_down(void *opaque, int arg) + { +- if (debug) ++ const char *ifname = ppp_ifname(); ++ if (debug_on()) + notice("pptpd-logwtmp.so ip-down %s", ifname); + logwtmp(ifname, "", ""); + } + + void plugin_init(void) + { +- add_options(options); +- add_notifier(&ip_up_notifier, ip_up, NULL); +- add_notifier(&ip_down_notifier, ip_down, NULL); +- if (debug) ++ ppp_add_options(options); ++ ppp_add_notify(NF_IP_UP, ip_up, NULL); ++ ppp_add_notify(NF_IP_DOWN, ip_down, NULL); ++ if (debug_on()) + notice("pptpd-logwtmp: $Version$"); + } +-- +2.40.1 + diff --git a/net-vpn/pptpd/pptpd-1.4.0-r3.ebuild b/net-vpn/pptpd/pptpd-1.4.0-r3.ebuild index 3a01c176e448..3a013c769e13 100644 --- a/net-vpn/pptpd/pptpd-1.4.0-r3.ebuild +++ b/net-vpn/pptpd/pptpd-1.4.0-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -21,21 +21,7 @@ DEPEND="${RDEPEND} DOCS=( AUTHORS ChangeLog NEWS README TODO ) -PATCHES=( - "${FILESDIR}/${P}-gentoo.patch" - "${FILESDIR}/${P}-sandbox-fix.patch" - "${FILESDIR}/${P}-pidfile.patch" - "${FILESDIR}/${P}-libdir.patch" - "${FILESDIR}/${P}-musl.patch" -) - src_prepare() { - # Match pptpd-logwtmp.so's version with pppd's version (#89895) - local PPPD_VER=$(best_version net-dialup/ppp) - PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} - PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision - sed -i -e "s:\\(#define[ \\t]*VERSION[ \\t]*\\)\".*\":\\1\"${PPPD_VER}\":" plugins/patchlevel.h || die - # configure.in is actually configure.ac mv configure.in configure.ac || die @@ -48,6 +34,19 @@ src_prepare() { # respect compiler, bug #461722 tc-export CC + local PATCHES=( + "${FILESDIR}/${P}-gentoo.patch" + "${FILESDIR}/${P}-sandbox-fix.patch" + "${FILESDIR}/${P}-pidfile.patch" + "${FILESDIR}/${P}-libdir.patch" + "${FILESDIR}/${P}-musl.patch" + ) + + if has_version -d ">=net-dialup/ppp-2.5.0"; then + # https://bugs.gentoo.org/904877 + PATCHES+=( "${FILESDIR}/${P}-ppp-2.5.0.patch" ) + fi + # Call to default src_prepare to apply patches default diff --git a/net-vpn/protonvpn-cli/metadata.xml b/net-vpn/protonvpn-cli/metadata.xml index 329a95502564..abdc7d2169b8 100644 --- a/net-vpn/protonvpn-cli/metadata.xml +++ b/net-vpn/protonvpn-cli/metadata.xml @@ -8,4 +8,7 @@ <email>proxy-maint@gentoo.org</email> <name>Proxy Maintainers</name> </maintainer> + <upstream> + <remote-id type="github">ProtonVPN/protonvpn-cli-ng</remote-id> + </upstream> </pkgmetadata> diff --git a/net-vpn/protonvpn-cli/protonvpn-cli-2.2.11-r1.ebuild b/net-vpn/protonvpn-cli/protonvpn-cli-2.2.11-r2.ebuild index bc5bc6946a88..14149fe874e3 100644 --- a/net-vpn/protonvpn-cli/protonvpn-cli-2.2.11-r1.ebuild +++ b/net-vpn/protonvpn-cli/protonvpn-cli-2.2.11-r2.ebuild @@ -4,7 +4,7 @@ EAPI=8 DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{9..10} ) +PYTHON_COMPAT=( python3_{10..11} ) inherit distutils-r1 @@ -13,14 +13,17 @@ HOMEPAGE="https://protonvpn.com https://github.com/ProtonVPN/protonvpn-cli-ng" SRC_URI="https://github.com/ProtonVPN/linux-cli-community/archive/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="GPL-3" -KEYWORDS="~amd64 ~riscv" SLOT="0" +KEYWORDS="~amd64 ~riscv" -RDEPEND="dev-python/docopt[${PYTHON_USEDEP}] - dev-python/requests[${PYTHON_USEDEP}] - dev-python/pythondialog:0[${PYTHON_USEDEP}] +RDEPEND=" + dev-python/docopt[${PYTHON_USEDEP}] dev-python/distro[${PYTHON_USEDEP}] - net-vpn/openvpn" + dev-python/pythondialog:0[${PYTHON_USEDEP}] + dev-python/jinja[${PYTHON_USEDEP}] + dev-python/requests[${PYTHON_USEDEP}] + net-vpn/openvpn +" DEPEND="${RDEPEND}" S="${WORKDIR}/linux-cli-community-${PV}" diff --git a/net-vpn/riseup-vpn/Manifest b/net-vpn/riseup-vpn/Manifest index e204652a89e5..31d4a840b6bc 100644 --- a/net-vpn/riseup-vpn/Manifest +++ b/net-vpn/riseup-vpn/Manifest @@ -2,3 +2,5 @@ DIST riseup-vpn-0.21.11-deps.tar.xz 180372544 BLAKE2B 3679347cb3bc83850b78d42906 DIST riseup-vpn-0.21.11.tar.gz 7595837 BLAKE2B a1cd09741f044d03577128ab88ba6e6d9961a1a39c0e6488d79e73ec9c94b7a0fa44463a07d2e2130fe4adf986d86a693cb3114bae99e4a4bb55d23b90f2c871 SHA512 b4fa6f57f97bfba364c7aa9b2a4fc08561c7753d5471424534884a3279e5ff2bd102cc254c4e15a99f6fa47ef16abf1c691d3d174eda27bbfdac61d192f6fbb1 DIST riseup-vpn-0.21.11_p20221113-deps.tar.xz 1628980 BLAKE2B 5af75fb2cd71da2fd949f89d1c768c001a268cc7fab0d26a621a02136eaddb8466e4cd1346954b785a5ac695bb816dd791b006b226359204670c47d4a47d25b8 SHA512 f0a8a657ac1aeefcf3d83b970157b600247ef228072c93c5aa1dfe062b8a9f81a4e13c44f51dc9c289f2b76de4eff516b045d3a145a905034b5a3ee263dbd68d DIST riseup-vpn-0.21.11_p20221113.tar.gz 7696220 BLAKE2B ba4c968e7b185c98e8995b300ab25ec79103473cafbd647c262d51308c173ba1a48f69b42b8dad2356791711137688a6a9a3a47e68294579be51ecd77b04bac4 SHA512 44157eebd266b99d146f29f621576c181a012d5965c4172fddb93232230f42f128958342891d8137bdedfb3236f132a1c73a9f45cad803b29d520393eb7d8cb4 +DIST riseup-vpn-0.21.11_p20230412-deps.tar.xz 29805564 BLAKE2B 4105bc0461d542b7f87890a50db26fa96302088070f0477c0f8d0707994efecc8f4bc91b5316e1834f98f9890793eea9df9041de78af6785f68e480c0d384124 SHA512 f8a3bd099a1e3733577de892a4939a223f851e949275afea8f5a77b38a529dbf7b9b161bbb4e1518530e97027c612ae352895a79275d287c31cb41ab2477aaca +DIST riseup-vpn-0.21.11_p20230412.tar.gz 7701340 BLAKE2B 42564c1a3a3401c909f41e2db3f232ed06617630a4f96a28a3d946e6e3c53337cde8401e8a89b0e83824cfb4fe8a670f4aec03eb09cc6c9b1b4e94111e0a04ff SHA512 966b64a8071ebe56d1ec8b43b36c7b168600b445ca6039fa7fc6696329e8eb825c0d3f20e4ff509128acf1b962676eb4dfea5aa6890afc394a0aa218799eb61d diff --git a/net-vpn/riseup-vpn/riseup-vpn-0.21.11_p20230412.ebuild b/net-vpn/riseup-vpn/riseup-vpn-0.21.11_p20230412.ebuild new file mode 100644 index 000000000000..a98d4dc91b7a --- /dev/null +++ b/net-vpn/riseup-vpn/riseup-vpn-0.21.11_p20230412.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit desktop python-single-r1 go-module qmake-utils virtualx xdg + +COMMIT="ec3f27147f2f72cebedf12ae0cc40277b78e998e" + +DESCRIPTION="Anonymous encrypted VPN client powered by Bitmask" +HOMEPAGE="https://riseup.net/en/vpn https://0xacab.org/leap/bitmask-vpn https://bitmask.net" +SRC_URI=" + https://0xacab.org/leap/bitmask-vpn/-/archive/${COMMIT}.tar.gz -> ${P}.tar.gz + https://dev.gentoo.org/~andrewammerlaan/${P}-deps.tar.xz +" +S="${WORKDIR}/bitmask-vpn-${COMMIT}" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" +IUSE="test" +PROPERTIES="test_network" +RESTRICT="test" +# The tests require internet access to connect to Riseup Networks + +# Generated with dev-go/golicense +LICENSE="GPL-3 BSD-2 CC0-1.0 MIT BSD" +KEYWORDS="~amd64" +SLOT="0" + +BDEPEND=" + virtual/pkgconfig + dev-qt/linguist-tools + test? ( dev-qt/qttest:5 ) +" + +DEPEND=" + dev-qt/qtcore:5 + dev-qt/qtdeclarative:5[widgets] + dev-qt/qtquickcontrols:5[widgets] + dev-qt/qtquickcontrols2:5[widgets] + dev-qt/qtsvg:5 +" + +RDEPEND="${DEPEND} + ${PYTHON_DEPS} + net-vpn/openvpn + sys-auth/polkit +" + +PATCHES=( + "${FILESDIR}/${PN}-0.21.11_p20221113-revert-data-cipher-arg-to-cipher.patch" +) + +src_prepare() { + default + + # do not pre-strip + sed -i -e '/strip $RELEASE\/$TARGET/d' gui/build.sh || die + + # We need qmake and lrelease from qt5 bin dir + export PATH="${PATH}:$(qt5_get_bindir)" || die +} + +src_compile() { + emake build +} + +src_test() { + emake test + virtx emake test_ui +} + +src_install() { + einstalldocs + + dobin "build/qt/release/riseup-vpn" + + python_scriptinto /usr/sbin + python_doscript "pkg/pickle/helpers/bitmask-root" + + insinto /usr/share/polkit-1/actions + newins "pkg/pickle/helpers/se.leap.bitmask.policy" se.leap.bitmask.riseupvpn.policy + + newicon -s scalable "providers/riseup/assets/icon.svg" riseup.svg + make_desktop_entry "${PN}" RiseupVPN riseup Network + + dodoc -r docs/* +} diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest index 0d022dbe3b3f..4c4b95eee71a 100644 --- a/net-vpn/strongswan/Manifest +++ b/net-vpn/strongswan/Manifest @@ -1,3 +1,4 @@ DIST strongswan-5.9.10.tar.bz2 4765407 BLAKE2B 757d55aa0c623356c5d8bf0360df63990ec18294d06f50b6dd475273b75a883354ea8723708e4856a8f0acc4d3237ac6bcf5adc40346fded7051d78375b2bcc9 SHA512 cf1d4a79ec02ac0502494ce6bfcab7399ddff151e2bc39bd4fbb9562bae7d0c66cf8d1e387b3c36a35e4387d597889fd7519e7bce07d3a7f764b1b73bd8a4667 +DIST strongswan-5.9.11.tar.bz2 4786552 BLAKE2B e8e84d79d1530b9a968ce8429fec0e7b3fcf19b75fdbd4371a38763d8564d5b37d012769006330b5c94cff3e914acb1b1a3e2829749effb8c35f9e5d775be491 SHA512 d500523215f5ec5c5550c4d2c49060b350ae396d8c60170792c46775d04fc7a132aa70a6242145477753668351d26ed957e08903683ecc340aa8d84fb2ae5498 DIST strongswan-5.9.8.tar.bz2 4747096 BLAKE2B 2a7e346931f909aefa17a7e2f4a2d5b491979dd21519eaffa5d14ac0e54d86207009526aed903bfadbec2d4d449a23077f391106ed9ac02851a081b563c72eb0 SHA512 16d3afc80704f896f3f97addf452b4bb29fc1911c54e980f76ac48bdbe2340ce3bd4e79024848cb7961bbe9ad5458d93389343878ca042af658d51b11219666b DIST strongswan-5.9.9.tar.bz2 4764675 BLAKE2B 9cbc73192527254a2d20b28295e7583a0d9ec81e4d6eb1b7d78e54b30ba8e5304a33e813145d8a47b2b4319d7b49762cd35cdbdaf1d41161d7746d68d3cef1b5 SHA512 7f5d94527193ce7716292f30db75303a0594169647e41e8c9530a7dedd914ad7fecf94885356738fd54d3781a066fa591c621d531923b20780b1fca76ad7bd46 diff --git a/net-vpn/strongswan/strongswan-5.9.10.ebuild b/net-vpn/strongswan/strongswan-5.9.10.ebuild index 057c1e8f3e05..7737209cacb8 100644 --- a/net-vpn/strongswan/strongswan-5.9.10.ebuild +++ b/net-vpn/strongswan/strongswan-5.9.10.ebuild @@ -10,7 +10,7 @@ SRC_URI="https://download.strongswan.org/${P}.tar.bz2" LICENSE="GPL-2 RSA DES" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86" +KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv x86" IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" STRONGSWAN_PLUGINS_STD="gcm led lookip systime-fix unity vici" diff --git a/net-vpn/strongswan/strongswan-5.9.11.ebuild b/net-vpn/strongswan/strongswan-5.9.11.ebuild new file mode 100644 index 000000000000..057c1e8f3e05 --- /dev/null +++ b/net-vpn/strongswan/strongswan-5.9.11.ebuild @@ -0,0 +1,318 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" +inherit linux-info systemd + +DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" +HOMEPAGE="https://www.strongswan.org/" +SRC_URI="https://download.strongswan.org/${P}.tar.bz2" + +LICENSE="GPL-2 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86" +IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11" + +STRONGSWAN_PLUGINS_STD="gcm led lookip systime-fix unity vici" +STRONGSWAN_PLUGINS_OPT_DISABLE="kdf" +STRONGSWAN_PLUGINS_OPT="addrblock aesni blowfish bypass-lan ccm chapoly ctr error-notify forecast +ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist +xauth-noauth" +for mod in $STRONGSWAN_PLUGINS_STD; do + IUSE="${IUSE} +strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT_DISABLE; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +for mod in $STRONGSWAN_PLUGINS_OPT; do + IUSE="${IUSE} strongswan_plugins_${mod}" +done + +COMMON_DEPEND="non-root? ( + acct-user/ipsec + acct-group/ipsec + ) + dev-libs/glib:2 + gmp? ( >=dev-libs/gmp-4.1.5:= ) + gcrypt? ( dev-libs/libgcrypt:= ) + caps? ( sys-libs/libcap ) + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap:= ) + openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist(-)] ) + mysql? ( dev-db/mysql-connector-c:= ) + sqlite? ( >=dev-db/sqlite-3.3.1:3 ) + systemd? ( sys-apps/systemd ) + networkmanager? ( net-misc/networkmanager ) + pam? ( sys-libs/pam ) + strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns:= )" + +DEPEND="${COMMON_DEPEND} + virtual/linux-sources + sys-kernel/linux-headers" + +RDEPEND="${COMMON_DEPEND} + virtual/logger + sys-apps/iproute2 + !net-vpn/libreswan + selinux? ( sec-policy/selinux-ipsec )" + +UGID="ipsec" + +pkg_setup() { + linux-info_pkg_setup + + elog "Linux kernel version: ${KV_FULL}" + + if ! kernel_is -ge 2 6 16; then + eerror + eerror "This ebuild currently only supports ${PN} with the" + eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." + eerror + fi + + if kernel_is -lt 2 6 34; then + ewarn + ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." + ewarn + + if kernel_is -lt 2 6 29; then + ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" + ewarn "include all required IPv6 modules even if you just intend" + ewarn "to run on IPv4 only." + ewarn + ewarn "This has been fixed with kernels >= 2.6.29." + ewarn + fi + + if kernel_is -lt 2 6 33; then + ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" + ewarn "compliant implementation for SHA-2 HMAC support in ESP and" + ewarn "miss SHA384 and SHA512 HMAC support altogether." + ewarn + ewarn "If you need any of those features, please use kernel >= 2.6.33." + ewarn + fi + + if kernel_is -lt 2 6 34; then + ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" + ewarn "ESP cipher is only included in kernels >= 2.6.34." + ewarn + ewarn "If you need it, please use kernel >= 2.6.34." + ewarn + fi + fi +} + +src_configure() { + local myconf="" + + if use non-root; then + myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" + fi + + # If a user has already enabled db support, those plugins will + # most likely be desired as well. Besides they don't impose new + # dependencies and come at no cost (except for space). + if use mysql || use sqlite; then + myconf="${myconf} --enable-attr-sql --enable-sql" + fi + + # strongSwan builds and installs static libs by default which are + # useless to the user (and to strongSwan for that matter) because no + # header files or alike get installed... so disabling them is safe. + if use pam && use eap; then + myconf="${myconf} --enable-eap-gtc" + else + myconf="${myconf} --disable-eap-gtc" + fi + + for mod in $STRONGSWAN_PLUGINS_STD; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT_DISABLE; do + if ! use strongswan_plugins_${mod}; then + myconf+=" --disable-${mod}" + fi + done + + for mod in $STRONGSWAN_PLUGINS_OPT; do + if use strongswan_plugins_${mod}; then + myconf+=" --enable-${mod}" + fi + done + + econf \ + --disable-static \ + --enable-ikev1 \ + --enable-ikev2 \ + --enable-swanctl \ + --enable-socket-dynamic \ + --enable-cmd \ + $(use_enable curl) \ + $(use_enable constraints) \ + $(use_enable ldap) \ + $(use_enable debug leak-detective) \ + $(use_enable dhcp) \ + $(use_enable eap eap-sim) \ + $(use_enable eap eap-sim-file) \ + $(use_enable eap eap-simaka-sql) \ + $(use_enable eap eap-simaka-pseudonym) \ + $(use_enable eap eap-simaka-reauth) \ + $(use_enable eap eap-identity) \ + $(use_enable eap eap-md5) \ + $(use_enable eap eap-aka) \ + $(use_enable eap eap-aka-3gpp2) \ + $(use_enable eap md4) \ + $(use_enable eap eap-mschapv2) \ + $(use_enable eap eap-radius) \ + $(use_enable eap eap-tls) \ + $(use_enable eap eap-ttls) \ + $(use_enable eap xauth-eap) \ + $(use_enable eap eap-dynamic) \ + $(use_enable farp) \ + $(use_enable gmp) \ + $(use_enable gcrypt) \ + $(use_enable mysql) \ + $(use_enable networkmanager nm) \ + $(use_enable openssl) \ + $(use_enable pam xauth-pam) \ + $(use_enable pkcs11) \ + $(use_enable sqlite) \ + $(use_enable systemd) \ + $(use_with caps capabilities libcap) \ + --with-piddir=/run \ + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + + if ! use systemd; then + rm -rf "${ED}"/lib/systemd || die "Failed removing systemd lib." + fi + + doinitd "${FILESDIR}"/ipsec + + local dir_ugid + if use non-root; then + fowners ${UGID}:${UGID} \ + /etc/ipsec.conf \ + /etc/strongswan.conf + + dir_ugid="${UGID}" + else + dir_ugid="root" + fi + + diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} + dodir /etc/ipsec.d \ + /etc/ipsec.d/aacerts \ + /etc/ipsec.d/acerts \ + /etc/ipsec.d/cacerts \ + /etc/ipsec.d/certs \ + /etc/ipsec.d/crls \ + /etc/ipsec.d/ocspcerts \ + /etc/ipsec.d/private \ + /etc/ipsec.d/reqs + + dodoc NEWS README TODO + + # shared libs are used only internally and there are no static libs, + # so it's safe to get rid of the .la files + find "${D}" -name '*.la' -delete || die "Failed to remove .la files." +} + +pkg_preinst() { + has_version "<net-vpn/strongswan-4.3.6-r1" + upgrade_from_leq_4_3_6=$(( !$? )) + + has_version "<net-vpn/strongswan-4.3.6-r1[-caps]" + previous_4_3_6_with_caps=$(( !$? )) +} + +pkg_postinst() { + if ! use openssl && ! use gcrypt; then + elog + elog "${PN} has been compiled without both OpenSSL and libgcrypt support." + elog "Please note that this might effect availability and speed of some" + elog "cryptographic features. You are advised to enable the OpenSSL plugin." + elif ! use openssl; then + elog + elog "${PN} has been compiled without the OpenSSL plugin. This might effect" + elog "availability and speed of some cryptographic features. There will be" + elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21," + elog "25, 26) and ECDSA." + fi + + if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then + chmod 0750 "${ROOT}"/etc/ipsec.d \ + "${ROOT}"/etc/ipsec.d/aacerts \ + "${ROOT}"/etc/ipsec.d/acerts \ + "${ROOT}"/etc/ipsec.d/cacerts \ + "${ROOT}"/etc/ipsec.d/certs \ + "${ROOT}"/etc/ipsec.d/crls \ + "${ROOT}"/etc/ipsec.d/ocspcerts \ + "${ROOT}"/etc/ipsec.d/private \ + "${ROOT}"/etc/ipsec.d/reqs + + ewarn + ewarn "The default permissions for /etc/ipsec.d/* have been tightened for" + ewarn "security reasons. Your system installed directories have been" + ewarn "updated accordingly. Please check if necessary." + ewarn + + if [[ $previous_4_3_6_with_caps == 1 ]]; then + if ! use non-root; then + ewarn + ewarn "IMPORTANT: You previously had ${PN} installed without root" + ewarn "privileges because it was implied by the 'caps' USE flag." + ewarn "This has been changed. If you want ${PN} with user privileges," + ewarn "you have to re-emerge it with the 'non-root' USE flag enabled." + ewarn + fi + fi + fi + if ! use caps && ! use non-root; then + ewarn + ewarn "You have decided to run ${PN} with root privileges and built it" + ewarn "without support for POSIX capability dropping. It is generally" + ewarn "strongly suggested that you reconsider- especially if you intend" + ewarn "to run ${PN} as server with a public ip address." + ewarn + ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled." + ewarn + fi + if use non-root; then + elog + elog "${PN} has been installed without superuser privileges (USE=non-root)." + elog "This imposes a few limitations mainly to the daemon 'charon' in" + elog "regards of the use of iptables." + elog + elog "Please carefully read: http://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges" + elog + elog "Thus if you require to specify a custom updown" + elog "script to charon which requires superuser privileges, you" + elog "can work around this limitation by using sudo to grant the" + elog "user \"ipsec\" the appropriate rights." + elog "For example (the default case):" + elog "/etc/sudoers:" + elog " ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec" + elog "Under the specific connection block in /etc/ipsec.conf:" + elog " leftupdown=\"sudo -E ipsec _updown iptables\"" + elog + fi + elog + elog "Make sure you have _all_ required kernel modules available including" + elog "the appropriate cryptographic algorithms. A list is available at:" + elog " https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules" + elog + elog "The up-to-date manual is available online at:" + elog " https://wiki.strongswan.org/" + elog +} diff --git a/net-vpn/tailscale/Manifest b/net-vpn/tailscale/Manifest index 2f2442ff540e..236948aaef8c 100644 --- a/net-vpn/tailscale/Manifest +++ b/net-vpn/tailscale/Manifest @@ -1,2 +1,6 @@ DIST tailscale-1.36.2-deps.tar.xz 251788056 BLAKE2B 341fbf98fb6f59337e17e79688c6a0695973c219e64b1d7d8259ad37f2647a92cae1bb0a5c6851c3a442fd6cacbf176ca0d1e28d01f7d9f0e8f65ae98988edfa SHA512 f062a35927750b199bde17440384094d886372dccd6780d17ff5e02350be26b49105af6e545e064ba6060d1e55a9d98109c93df53f9f1118b02aa4f5ec280143 DIST tailscale-1.36.2.tar.gz 1539770 BLAKE2B f1533f1dfdf1806a235892e988db401da76954858cd10baa8aa89e14330c7c627b5bafc682fb4a100cc89ff14b2dc2f3093b0d24e9ee754a0f24930a7578dc76 SHA512 bb3abfc370f24534748b877fcf51e57bd575843d35fcde4653544f82f1437dbccd489dcf73b37e4ec194a1ea1d42e3397937b239db95512d701af8f078cc80fd +DIST tailscale-1.38.4-deps.tar.xz 252299404 BLAKE2B aa500af08c64dd07dc04b4f96d8c6c99f7aa8a85aec673f2ef3603be3c2ca63b476aac2c575f2378f8964ce8365d4d295dfbce9080d24c1136d57009e3f1ce2b SHA512 392916e4ed041d976bf21c6aac66155d040274032d5ec683badf57bbdc8f6735b6ebe84f4d683ad0f412145b22cc1d17be51f058440790bb94d12f3dc59c2624 +DIST tailscale-1.38.4.tar.gz 1644918 BLAKE2B e61c32513afe8715b99e5ee14ee572849fd1b92c31744894af4d028ab599685d2e38c5fb6eb9e8d40e0638d427065499089152ae002ef7dc947d3957f0fdc785 SHA512 f077217d9333263f3883d766abfb8a9adef3cf9c06544cca28bca41e6f51bf06991a0d31ff2ec0dbf01e80cbc04c903bb5b55cdcd871269d3b659664ce24d011 +DIST tailscale-1.46.1-deps.tar.xz 370535596 BLAKE2B 84c37e83f6ced653132c9a3639ad652cf258ab232d7f32fd5fbe8d2303aaae87c169bc6948c602be435f88c05373c6908d2120b16b83fc3795230fd633a62add SHA512 358a91bdff4df7933660a31f0c967e090c8b10b42abf3e6497bf163e93bf86e4b98b5defadf5dba87815c941361310bfde6060927da73eac0bb55f56c80dace2 +DIST tailscale-1.46.1.tar.gz 1817180 BLAKE2B b5ace1aa3fa98b14be53bbf55ec271cbbaf4c28a095300963961dd8bc5ee308091d46807af3b82f8ecb88070763a245292304706ab29e74d6f1e56ff495c2c51 SHA512 cecaa216b1f451b65e826856f630e5dd8ef9bbd85684602450e71f0f46b6b1b97bf20a0b7c401a72c354a5a9404386d6bd03350da2a65fb4e358320763d93ab4 diff --git a/net-vpn/tailscale/tailscale-1.38.4.ebuild b/net-vpn/tailscale/tailscale-1.38.4.ebuild new file mode 100644 index 000000000000..6aaf803a8252 --- /dev/null +++ b/net-vpn/tailscale/tailscale-1.38.4.ebuild @@ -0,0 +1,59 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module systemd tmpfiles + +# These settings are obtained by running ./build_dist.sh shellvars` in +# the upstream repo. +VERSION_MINOR="38" +VERSION_SHORT="1.38.4" +VERSION_LONG="1.38.4-t043a34500" +VERSION_GIT_HASH="043a34500dd2bb07c34e3b28a56cdbc8b5434454" + +DESCRIPTION="Tailscale vpn client" +HOMEPAGE="https://tailscale.com" +SRC_URI="https://github.com/tailscale/tailscale/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86" + +RDEPEND="net-firewall/iptables" + +RESTRICT="test" + +# This translates the build command from upstream's build_dist.sh to an +# ebuild equivalent. +build_dist() { + ego build -tags xversion -ldflags " + -X tailscale.com/version.Long=${VERSION_LONG} + -X tailscale.com/version.Short=${VERSION_SHORT} + -X tailscale.com/version.GitCommit=${VERSION_GIT_HASH}" "$@" +} + +src_compile() { + build_dist ./cmd/tailscale + build_dist ./cmd/tailscaled +} + +src_install() { + dosbin tailscaled + dobin tailscale + + systemd_dounit cmd/tailscaled/tailscaled.service + insinto /etc/default + newins cmd/tailscaled/tailscaled.defaults tailscaled + keepdir /var/lib/${PN} + fperms 0750 /var/lib/${PN} + + newtmpfiles "${FILESDIR}/${PN}.tmpfiles" ${PN}.conf + + newinitd "${FILESDIR}/${PN}d.initd" ${PN} + newconfd "${FILESDIR}/${PN}d.confd" ${PN} +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf +} diff --git a/net-vpn/tailscale/tailscale-1.46.1.ebuild b/net-vpn/tailscale/tailscale-1.46.1.ebuild new file mode 100644 index 000000000000..4115c2796858 --- /dev/null +++ b/net-vpn/tailscale/tailscale-1.46.1.ebuild @@ -0,0 +1,59 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module systemd tmpfiles + +# These settings are obtained by running ./build_dist.sh shellvars` in +# the upstream repo. +VERSION_MINOR="46" +VERSION_SHORT="1.46.1" +VERSION_LONG="1.46.1-t2d3223f55" +VERSION_GIT_HASH="2d3223f557924d408b5d67b80440d6fba264a0fd" + +DESCRIPTION="Tailscale vpn client" +HOMEPAGE="https://tailscale.com" +SRC_URI="https://github.com/tailscale/tailscale/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86" + +RDEPEND="net-firewall/iptables" + +RESTRICT="test" + +# This translates the build command from upstream's build_dist.sh to an +# ebuild equivalent. +build_dist() { + ego build -tags xversion -ldflags " + -X tailscale.com/version.Long=${VERSION_LONG} + -X tailscale.com/version.Short=${VERSION_SHORT} + -X tailscale.com/version.GitCommit=${VERSION_GIT_HASH}" "$@" +} + +src_compile() { + build_dist ./cmd/tailscale + build_dist ./cmd/tailscaled +} + +src_install() { + dosbin tailscaled + dobin tailscale + + systemd_dounit cmd/tailscaled/tailscaled.service + insinto /etc/default + newins cmd/tailscaled/tailscaled.defaults tailscaled + keepdir /var/lib/${PN} + fperms 0750 /var/lib/${PN} + + newtmpfiles "${FILESDIR}/${PN}.tmpfiles" ${PN}.conf + + newinitd "${FILESDIR}/${PN}d.initd" ${PN} + newconfd "${FILESDIR}/${PN}d.confd" ${PN} +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf +} diff --git a/net-vpn/tinc/tinc-1.1_pre18.ebuild b/net-vpn/tinc/tinc-1.1_pre18.ebuild index 58f8b912f8d8..a1f6b4969f72 100644 --- a/net-vpn/tinc/tinc-1.1_pre18.ebuild +++ b/net-vpn/tinc/tinc-1.1_pre18.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -38,13 +38,14 @@ PATCHES+=( src_prepare() { default - eautoreconf # Fix the static (failing UNKNOWN) version in the autoconf # NOTE: When updating the ebuild, make sure to check that this # line number hasn't changed in the upstream sources. - sed -i "6d" configure.ac - sed -i "6iAC_INIT([tinc], ${PVR})" configure.ac + sed -i "6d" configure.ac || die + sed -i "6iAC_INIT([tinc], ${PVR})" configure.ac || die + + eautoreconf } src_configure() { diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 05ebc39baa78..8a45ff050187 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -1,3 +1,12 @@ DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0 DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc +DIST tor-0.4.7.14.tar.gz 8220496 BLAKE2B 909bf9bbff68179f4aa66a875cd42b1ecebe2767c1789f46c0cc9cb67eaeb6777d1f42d68caa89cfad424069f50953c57461d39edbd776dfed453226f6e2250f SHA512 3c11ae3f765351122984675401dd7d2015914e15257a2308020937d394d6375bf532a080bb2c4274ac068484edcd688c24c2264e206a28ef3d4d1161eca15436 +DIST tor-0.4.7.14.tar.gz.sha256sum 86 BLAKE2B 41e0ceb68f7de77dcd74b7c48b733e18f2a452d82e588425a1fb25c92017208dd5c2dca588d32910ca13a6366ae1d1f76f758b76bf217e8bdad37f24a63436f3 SHA512 cf54d1021948ca11e240e31c64942e15683eea3df043d26d3293f92fef08a09253cad56120c2198c5099fcb5ae5ce8fc0bbd864d3cab869c885cfdc2af014b36 +DIST tor-0.4.7.14.tar.gz.sha256sum.asc 1321 BLAKE2B 0ed3a4ab5c119f097367c2f2b88bd4f688382a7922ddac62aae5e6c128f017aaf5863b2214198bd217d6266e2d3d04e0f7ab06201fa183bd93841e37bfebac2a SHA512 61f56c43c043a1b83fcb0252e0b6fb2cca29e39eb5041ac0b6337560839851bcd515ab314bd25e25d77c51408228cf5f39e5065d928ab73ee5851b86c3d46162 +DIST tor-0.4.7.15.tar.gz 8105409 BLAKE2B 78015056d3ed6b836f18a050e084e083da9668b709949a1bfebb4eacb5a56848886fb76f02ec31e38f54324b3c673ff42ceaa00eae0638e0a636505e4d7c628e SHA512 84996d4a5b0609092b8258585d947fb8f56f87ceda03160399f3ec23c9a418c2f54676b561655269a5e8bf0d297732418d73588f7299c0ac415cde14ee62fb72 +DIST tor-0.4.7.15.tar.gz.sha256sum 86 BLAKE2B a8b307304de39206fac4c1b37820aaec69eb345521e72303f0e9849cc176b166fda3ac7e63918658f1daeec4b956729635dd6265ec9d27ead7194df1d7bd8cb5 SHA512 df3bbef088ed1ffe10efdfa95cfb7f8abeb8219c1bafe6e7f1dad3f6e89725df2672a07f13c47bb7f4ef2cd7688c2afd04e4c839516396d5668eb657e746370b +DIST tor-0.4.7.15.tar.gz.sha256sum.asc 716 BLAKE2B dfb488fe30ac57b1db93f534cee4c1c3206596f50982671b03a629c37a018ba65c85f32a74b92f432211200e95acbb90e629ec8924e98931bb93c270673f7690 SHA512 be8b82e79cefead487b7dd636e706c8a28256938c585bb435fc307a127510698b347e366094a7ed0c4ed7d4bae5ba59db91dae60a7c3fd5e7201a65b996b8cd5 +DIST tor-0.4.8.6.tar.gz 8246788 BLAKE2B e26b802d42be24361362bd74dd24b54a336516b58cd717c08864c9a5db54bb591849145156693f4968a8b671be23421d957cd814834a2605b8ae8e46b3264eb4 SHA512 dcaed1ce0df62b02fd3feb991c890d36ca89b7ab66301b170d1ffc6ae7835102c11266a674434b8a75d235777da67c9acb1c1127f27fd8a1b3890b0256750ba0 +DIST tor-0.4.8.6.tar.gz.sha256sum 85 BLAKE2B 0baac2f492c9046273a18161e3d2f102c2d94764cb3a57d6c8ed78562fe33a411e869cb631526ffa13f33fe74d15d835c636f9836f7cc210df8eca74384e1905 SHA512 68a15a12ae75d9cdf2c05431af5d9801510e64da59600b874e0e64fe405e0c986427892800d234affcd7978d5c8ab6bdad73de59d456eb15c776669951e2cf59 +DIST tor-0.4.8.6.tar.gz.sha256sum.asc 716 BLAKE2B 9a26c070f23d3e89467105ed195bc7cbe9fd7e2b55961066905312bd620dae509c1900ef8f7a04154739442a6430393151ef034214211feec8e50c7ab5754ae1 SHA512 65e96f899e20c0619944044438564398a8d17157206a5406b3c41776950d062f34ab98df45bbfcda48a86489945fb5077d16a97f815ff1b9892df252af8b5431 diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch new file mode 100644 index 000000000000..bba0c45f3fc3 --- /dev/null +++ b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch @@ -0,0 +1,202 @@ +Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598 +Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692 +Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/713 +Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/9850dc59c0db5cbcadc314be8d324a992880fce1 + +From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001 +From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> +Date: Tue, 5 Jul 2022 11:37:30 -0400 +Subject: [PATCH 1/2] LibreSSL 3.5 compatibility + +LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to +https://undeadly.org/cgi?action=article;sid=20220116121253, this is the +intention of OpenBSD developers. + +According to #40630, many special cases are needed to compile Tor against +LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a +small number of #defines are required when using OpenSSL 1.1 compatibility +mode. One additional workaround is required for LibreSSL 3.4 compatibility. + +Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1. +--- + configure.ac | 2 +- + src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++--------- + src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +-- + src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++--- + 4 files changed, 20 insertions(+), 15 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8baae007cf..6ab7903010 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + AC_MSG_CHECKING([for OpenSSL < 1.0.1]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include <openssl/opensslv.h> +-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL ++#if OPENSSL_VERSION_NUMBER < 0x1000100fL + #error "too old" + #endif + ]], [[]])], +diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h +index 0f56f338b5..c5eccdb015 100644 +--- a/src/lib/crypt_ops/compat_openssl.h ++++ b/src/lib/crypt_ops/compat_openssl.h +@@ -20,32 +20,36 @@ + * \brief compatibility definitions for working with different openssl forks + **/ + +-#if !defined(LIBRESSL_VERSION_NUMBER) && \ +- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) ++#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) + #error "We require OpenSSL >= 1.0.1" + #endif + +-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \ +- ! defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + /* We define this macro if we're trying to build with the majorly refactored + * API in OpenSSL 1.1 */ + #define OPENSSL_1_1_API + #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ + +-#ifndef OPENSSL_1_1_API +-#define OpenSSL_version(v) SSLeay_version(v) +-#define tor_OpenSSL_version_num() SSLeay() ++/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */ ++#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + #define RAND_OpenSSL() RAND_SSLeay() + #define STATE_IS_SW_SERVER_HELLO(st) \ + (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ + ((st) == SSL3_ST_SW_SRVR_HELLO_B)) + #define OSSL_HANDSHAKE_STATE int + #define CONST_IF_OPENSSL_1_1_API +-#else /* defined(OPENSSL_1_1_API) */ +-#define tor_OpenSSL_version_num() OpenSSL_version_num() ++#else + #define STATE_IS_SW_SERVER_HELLO(st) \ + ((st) == TLS_ST_SW_SRVR_HELLO) + #define CONST_IF_OPENSSL_1_1_API const ++#endif ++ ++/* OpenSSL 1.1 and LibreSSL both have these APIs */ ++#ifndef OPENSSL_1_1_API ++#define OpenSSL_version(v) SSLeay_version(v) ++#define tor_OpenSSL_version_num() SSLeay() ++#else /* defined(OPENSSL_1_1_API) */ ++#define tor_OpenSSL_version_num() OpenSSL_version_num() + #endif /* !defined(OPENSSL_1_1_API) */ + + #endif /* defined(ENABLE_OPENSSL) */ +diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h +index c6f63ffa08..96a37721dd 100644 +--- a/src/lib/crypt_ops/crypto_openssl_mgt.h ++++ b/src/lib/crypt_ops/crypto_openssl_mgt.h +@@ -54,8 +54,7 @@ + #define DISABLE_ENGINES + #endif + +-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \ +- !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) + /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require + * setting up various callbacks. + * +diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c +index a21c4a65cf..544d72e6ca 100644 +--- a/src/lib/crypt_ops/crypto_rsa_openssl.c ++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c +@@ -572,7 +572,9 @@ static bool + rsa_private_key_too_long(RSA *rsa, int max_bits) + { + const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) && \ ++ (!defined(LIBRESSL_VERSION_NUMBER) || \ ++ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0)) + + #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) + n = RSA_get0_n(rsa); +@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) + + if (RSA_bits(rsa) > max_bits) + return true; +-#else /* !defined(OPENSSL_1_1_API) */ ++#else /* !defined(OPENSSL_1_1_API) && ... */ + n = rsa->n; + e = rsa->e; + p = rsa->p; +@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) + dmp1 = rsa->dmp1; + dmq1 = rsa->dmq1; + iqmp = rsa->iqmp; +-#endif /* defined(OPENSSL_1_1_API) */ ++#endif /* defined(OPENSSL_1_1_API) && ... */ + + if (n && BN_num_bits(n) > max_bits) + return true; +-- +GitLab + + +From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001 +From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> +Date: Tue, 19 Jul 2022 16:18:29 -0400 +Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility) + +--- + changes/issue40630 | 3 +++ + 1 file changed, 3 insertions(+) + create mode 100644 changes/issue40630 + +diff --git a/changes/issue40630 b/changes/issue40630 +new file mode 100644 +index 0000000000..faf04941b6 +--- /dev/null ++++ b/changes/issue40630 +@@ -0,0 +1,3 @@ ++ o Minor features (portability, compilation): ++ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility. ++ Fixes issue 40630; patch by Alex Xu (Hello71). +-- +GitLab + +From 9850dc59c0db5cbcadc314be8d324a992880fce1 Mon Sep 17 00:00:00 2001 +From: orbea <orbea@riseup.net> +Date: Mon, 29 May 2023 12:56:37 -0700 +Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0 + +Skip a warning using EC_GFp_nist_method() which was removed in LibreSSL +3.8. + +Based on a patch from OpenBSD. + +https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16 + +These functions are deprecated since OpenSSL 3.0. + +https://www.openssl.org/docs/man3.1/man3/EC_GFp_nist_method.html +--- + src/lib/tls/tortls_openssl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c +index 12260c09d3..c0a89ac272 100644 +--- a/src/lib/tls/tortls_openssl.c ++++ b/src/lib/tls/tortls_openssl.c +@@ -340,8 +340,10 @@ tor_tls_init(void) + SSL_load_error_strings(); + #endif /* defined(OPENSSL_1_1_API) */ + +-#if (SIZEOF_VOID_P >= 8 && \ +- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) ++#if (SIZEOF_VOID_P >= 8 && \ ++ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \ ++ (!defined(LIBRESSL_VERSION_NUMBER) || \ ++ LIBRESSL_VERSION_NUMBER < 0x3080000fL)) + long version = tor_OpenSSL_version_num(); + + /* LCOV_EXCL_START : we can't test these lines on the same machine */ +-- +GitLab + diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild index 8333b20dfdbc..30be52af48d2 100644 --- a/net-vpn/tor/tor-0.4.7.13-r1.ebuild +++ b/net-vpn/tor/tor-0.4.7.13-r1.ebuild @@ -3,9 +3,9 @@ EAPI=8 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..12} ) VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc -inherit python-any-r1 readme.gentoo-r1 systemd verify-sig +inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig MY_PV="$(ver_rs 4 -)" MY_PF="${PN}-${MY_PV}" @@ -59,6 +59,7 @@ DOCS=() PATCHES=( "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch + "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch ) pkg_setup() { @@ -82,6 +83,9 @@ src_prepare() { # Running shellcheck automagically isn't useful for ebuild testing. echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + # Only needed for libressl patch + eautoreconf } src_configure() { @@ -102,7 +106,15 @@ src_configure() { --disable-module-dirauth --enable-pic --disable-restart-debugging + + # This option is enabled by default upstream w/ zstd, surprisingly. + # zstd upstream says this shouldn't be relied upon and it may + # break API & ABI at any point, so Tor tries to fake static-linking + # to make it work, but then requires a rebuild on any new zstd version + # even when its standard ABI hasn't changed. + # See bug #727406 and bug #905708. --disable-zstd-advanced-apis + $(use_enable man asciidoc) $(use_enable man manpage) $(use_enable lzma) diff --git a/net-vpn/tor/tor-0.4.7.14.ebuild b/net-vpn/tor/tor-0.4.7.14.ebuild new file mode 100644 index 000000000000..aeb7f67c091d --- /dev/null +++ b/net-vpn/tor/tor-0.4.7.14.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc +inherit python-any-r1 readme.gentoo-r1 systemd verify-sig + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" + inherit autotools git-r3 +else + SRC_URI=" + https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz + verify-sig? ( + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc + ) + " + + S="${WORKDIR}/${MY_PF}" + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then + KEYWORDS="amd64 ~arm ~arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos" + fi + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" +fi + +LICENSE="BSD GPL-2" +SLOT="0" +IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/libevent-2.1.12-r1:=[ssl] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + dev-libs/openssl:=[-bindist(-)] + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd ) +" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor ) +" +DEPEND+=" + test? ( + ${DEPEND} + ${PYTHON_DEPS} + ) +" + +DOCS=() + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + if use verify-sig; then + cd "${DISTDIR}" || die + verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} + verify-sig_verify_unsigned_checksums \ + ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz + cd "${WORKDIR}" || die + fi + + default + fi +} + +src_prepare() { + default + + # Running shellcheck automagically isn't useful for ebuild testing. + echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + if [[ ${PV} == 9999 ]] ; then + eautoreconf + fi +} + +src_configure() { + use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) + + export ac_cv_lib_cap_cap_init=$(usex caps) + export tor_cv_PYTHON="${EPYTHON}" + + local myeconfargs=( + --localstatedir="${EPREFIX}/var" + --disable-all-bugs-are-fatal + --enable-system-torrc + --disable-android + --disable-coverage + --disable-html-manual + --disable-libfuzzer + --enable-missing-doc-warnings + --disable-module-dirauth + --enable-pic + --disable-restart-debugging + + # This option is enabled by default upstream w/ zstd, surprisingly. + # zstd upstream says this shouldn't be relied upon and it may + # break API & ABI at any point, so Tor tries to fake static-linking + # to make it work, but then requires a rebuild on any new zstd version + # even when its standard ABI hasn't changed. + # See bug #727406 and bug #905708. + --disable-zstd-advanced-apis + + $(use_enable man asciidoc) + $(use_enable man manpage) + $(use_enable lzma) + $(use_enable scrypt libscrypt) + $(use_enable seccomp) + $(use_enable server module-relay) + $(use_enable systemd) + $(use_enable tor-hardening gcc-hardening) + $(use_enable tor-hardening linker-hardening) + $(use_enable test unittests) + $(use_enable zstd) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/tor/tor-0.4.7.15.ebuild b/net-vpn/tor/tor-0.4.7.15.ebuild new file mode 100644 index 000000000000..1f41cdd21e52 --- /dev/null +++ b/net-vpn/tor/tor-0.4.7.15.ebuild @@ -0,0 +1,167 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc +inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" + inherit autotools git-r3 +else + SRC_URI=" + https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz + verify-sig? ( + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc + ) + " + + S="${WORKDIR}/${MY_PF}" + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos" + fi + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" +fi + +LICENSE="BSD GPL-2" +SLOT="0" +IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/libevent-2.1.12-r1:=[ssl] + dev-libs/openssl:=[-bindist(-)] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd:= ) + zstd? ( app-arch/zstd:= ) +" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor ) +" +DEPEND+=" + test? ( + ${DEPEND} + ${PYTHON_DEPS} + ) +" + +DOCS=() + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + if use verify-sig; then + cd "${DISTDIR}" || die + verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} + verify-sig_verify_unsigned_checksums \ + ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz + cd "${WORKDIR}" || die + fi + + default + fi +} + +src_prepare() { + default + + # Running shellcheck automagically isn't useful for ebuild testing. + echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + if [[ ${PV} == 9999 ]] ; then + eautoreconf + fi +} + +src_configure() { + use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) + + export ac_cv_lib_cap_cap_init=$(usex caps) + export tor_cv_PYTHON="${EPYTHON}" + + local myeconfargs=( + --localstatedir="${EPREFIX}/var" + --disable-all-bugs-are-fatal + --enable-system-torrc + --disable-android + --disable-coverage + --disable-html-manual + --disable-libfuzzer + --enable-missing-doc-warnings + --disable-module-dirauth + --enable-pic + --disable-restart-debugging + + $(use_enable man asciidoc) + $(use_enable man manpage) + $(use_enable lzma) + $(use_enable scrypt libscrypt) + $(use_enable seccomp) + $(use_enable server module-relay) + $(use_enable systemd) + $(use_enable tor-hardening gcc-hardening) + $(use_enable tor-hardening linker-hardening) + $(use_enable test unittests) + $(use_enable zstd) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + local skip_tests=( + # Fails in sandbox + :sandbox/open_filename + :sandbox/openat_filename + ) + + # The makefile runs these by parallel by chunking them with a script + # but that means we lose verbosity and can't skip individual tests easily + # either. + edo ./src/test/test --verbose "${skip_tests[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/tor/tor-0.4.8.6.ebuild b/net-vpn/tor/tor-0.4.8.6.ebuild new file mode 100644 index 000000000000..f63f5411e924 --- /dev/null +++ b/net-vpn/tor/tor-0.4.8.6.ebuild @@ -0,0 +1,177 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc +inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" + inherit autotools git-r3 +else + SRC_URI=" + https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz + verify-sig? ( + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc + ) + " + + S="${WORKDIR}/${MY_PF}" + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos" + fi + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" +fi + +# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version) +# We also already had GPL-2 listed here for the init script, but obviously +# that's different from the actual binary. +LICENSE="BSD GPL-2 GPL-3" +SLOT="0" +IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/libevent-2.1.12-r1:=[ssl] + dev-libs/openssl:=[-bindist(-)] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd:= ) + zstd? ( app-arch/zstd:= ) +" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor ) +" +DEPEND+=" + test? ( + ${DEPEND} + ${PYTHON_DEPS} + ) +" + +DOCS=() + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + if use verify-sig; then + cd "${DISTDIR}" || die + verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} + verify-sig_verify_unsigned_checksums \ + ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz + cd "${WORKDIR}" || die + fi + + default + fi +} + +src_prepare() { + default + + # Running shellcheck automagically isn't useful for ebuild testing. + echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + if [[ ${PV} == 9999 ]] ; then + eautoreconf + fi +} + +src_configure() { + use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) + + export ac_cv_lib_cap_cap_init=$(usex caps) + export tor_cv_PYTHON="${EPYTHON}" + + local myeconfargs=( + --localstatedir="${EPREFIX}/var" + --disable-all-bugs-are-fatal + --enable-system-torrc + --disable-android + --disable-coverage + --disable-html-manual + --disable-libfuzzer + --enable-missing-doc-warnings + --disable-module-dirauth + --enable-pic + --disable-restart-debugging + + # Unless someone asks & has a compelling reason, just always + # build in GPL mode for pow, given we don't want yet another USE + # flag combination to have to test just for the sake of it. + # (PoW requires GPL.) + --enable-gpl + --enable-module-pow + + $(use_enable man asciidoc) + $(use_enable man manpage) + $(use_enable lzma) + $(use_enable scrypt libscrypt) + $(use_enable seccomp) + $(use_enable server module-relay) + $(use_enable systemd) + $(use_enable tor-hardening gcc-hardening) + $(use_enable tor-hardening linker-hardening) + $(use_enable test unittests) + $(use_enable zstd) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + local skip_tests=( + # Fails in sandbox + :sandbox/open_filename + :sandbox/openat_filename + ) + + # The makefile runs these by parallel by chunking them with a script + # but that means we lose verbosity and can't skip individual tests easily + # either. + edo ./src/test/test --verbose "${skip_tests[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/tor/tor-9999.ebuild b/net-vpn/tor/tor-9999.ebuild new file mode 100644 index 000000000000..f63f5411e924 --- /dev/null +++ b/net-vpn/tor/tor-9999.ebuild @@ -0,0 +1,177 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc +inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" + inherit autotools git-r3 +else + SRC_URI=" + https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz + verify-sig? ( + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc + ) + " + + S="${WORKDIR}/${MY_PF}" + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos" + fi + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" +fi + +# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version) +# We also already had GPL-2 listed here for the init script, but obviously +# that's different from the actual binary. +LICENSE="BSD GPL-2 GPL-3" +SLOT="0" +IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/libevent-2.1.12-r1:=[ssl] + dev-libs/openssl:=[-bindist(-)] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd:= ) + zstd? ( app-arch/zstd:= ) +" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor ) +" +DEPEND+=" + test? ( + ${DEPEND} + ${PYTHON_DEPS} + ) +" + +DOCS=() + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + if use verify-sig; then + cd "${DISTDIR}" || die + verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} + verify-sig_verify_unsigned_checksums \ + ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz + cd "${WORKDIR}" || die + fi + + default + fi +} + +src_prepare() { + default + + # Running shellcheck automagically isn't useful for ebuild testing. + echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + if [[ ${PV} == 9999 ]] ; then + eautoreconf + fi +} + +src_configure() { + use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) + + export ac_cv_lib_cap_cap_init=$(usex caps) + export tor_cv_PYTHON="${EPYTHON}" + + local myeconfargs=( + --localstatedir="${EPREFIX}/var" + --disable-all-bugs-are-fatal + --enable-system-torrc + --disable-android + --disable-coverage + --disable-html-manual + --disable-libfuzzer + --enable-missing-doc-warnings + --disable-module-dirauth + --enable-pic + --disable-restart-debugging + + # Unless someone asks & has a compelling reason, just always + # build in GPL mode for pow, given we don't want yet another USE + # flag combination to have to test just for the sake of it. + # (PoW requires GPL.) + --enable-gpl + --enable-module-pow + + $(use_enable man asciidoc) + $(use_enable man manpage) + $(use_enable lzma) + $(use_enable scrypt libscrypt) + $(use_enable seccomp) + $(use_enable server module-relay) + $(use_enable systemd) + $(use_enable tor-hardening gcc-hardening) + $(use_enable tor-hardening linker-hardening) + $(use_enable test unittests) + $(use_enable zstd) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + local skip_tests=( + # Fails in sandbox + :sandbox/open_filename + :sandbox/openat_filename + ) + + # The makefile runs these by parallel by chunking them with a script + # but that means we lose verbosity and can't skip individual tests easily + # either. + edo ./src/test/test --verbose "${skip_tests[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/vpnc-scripts/Manifest b/net-vpn/vpnc-scripts/Manifest index 241b6ae9bbe1..d7ee2cdfca79 100644 --- a/net-vpn/vpnc-scripts/Manifest +++ b/net-vpn/vpnc-scripts/Manifest @@ -1,2 +1 @@ -DIST vpnc-scripts-20210402.tar.gz 39925 BLAKE2B 2bc8a274773e51ba48e402588fdf5b51d20360f610afe5608f91dfe2466644b68d891a60c27e4c6938b4ed5da1f193ddb7a8ac955c8f02e6bf91437dc5c47620 SHA512 5f9fc5ab1a5a2607f807700536c4a8e71c551052e72979c1cdd02b15906615be33a297b873b0806f269e51645f10f1c02a7acfed2501148bfa2797250582920d DIST vpnc-scripts-20220510.tar.gz 44155 BLAKE2B c52a1680d25882776c76fc52d8df7f482fe157c7f52ab1c6b14ef6291801a94d5655e6284d55af9d09871e57003e4b434a5453a986ea0e28cd7764c348614bc8 SHA512 c391048b60e739e21954b22b9c4bb764a55c71f8fe6d4e263293efae1bd8d1229ca6b841c2cdd4352c36641d5143c2bca023bff65fa5b8ae8ea151d77b5231cf diff --git a/net-vpn/vpnc-scripts/metadata.xml b/net-vpn/vpnc-scripts/metadata.xml index 077cdb6aa203..81420ec2657a 100644 --- a/net-vpn/vpnc-scripts/metadata.xml +++ b/net-vpn/vpnc-scripts/metadata.xml @@ -5,4 +5,8 @@ <email>floppym@gentoo.org</email> <name>Mike Gilbert</name> </maintainer> + <stabilize-allarches/> + <upstream> + <remote-id type="gitlab">openconnect/vpnc-scripts</remote-id> + </upstream> </pkgmetadata> diff --git a/net-vpn/vpnc-scripts/vpnc-scripts-20210402-r1.ebuild b/net-vpn/vpnc-scripts/vpnc-scripts-20210402-r1.ebuild deleted file mode 100644 index ebab1afc4cac..000000000000 --- a/net-vpn/vpnc-scripts/vpnc-scripts-20210402-r1.ebuild +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -if [[ ${PV} == 99999999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://gitlab.com/openconnect/vpnc-scripts.git" -else - SRC_URI="ftp://ftp.infradead.org/pub/vpnc-scripts/${P}.tar.gz" - KEYWORDS="amd64 arm arm64 ppc ppc64 ~riscv sparc x86" -fi - -DESCRIPTION="Connect scripts for use with vpnc and openconnect (and similar clients)" -HOMEPAGE="https://gitlab.com/openconnect/vpnc-scripts" - -LICENSE="GPL-2+" -SLOT="0" - -RDEPEND="!<net-vpn/vpnc-0.5.3_p550-r3" - -src_install() { - exeinto /etc/vpnc - doexe vpnc-script{,-{ptrtd,sshd}} -} diff --git a/net-vpn/vpnc-scripts/vpnc-scripts-20220510.ebuild b/net-vpn/vpnc-scripts/vpnc-scripts-20220510.ebuild index 96a352ef8bf0..06b4e4bc9ccb 100644 --- a/net-vpn/vpnc-scripts/vpnc-scripts-20220510.ebuild +++ b/net-vpn/vpnc-scripts/vpnc-scripts-20220510.ebuild @@ -1,4 +1,4 @@ -# Copyright 2021-2022 Gentoo Authors +# Copyright 2021-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -8,7 +8,7 @@ if [[ ${PV} == 99999999 ]]; then EGIT_REPO_URI="https://gitlab.com/openconnect/vpnc-scripts.git" else SRC_URI="ftp://ftp.infradead.org/pub/vpnc-scripts/${P}.tar.gz" - KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" + KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv sparc x86" fi DESCRIPTION="Connect scripts for use with vpnc and openconnect (and similar clients)" diff --git a/net-vpn/vpncloud/vpncloud-2.3.0.ebuild b/net-vpn/vpncloud/vpncloud-2.3.0.ebuild index 6419ba5719fb..cd37dd4074a6 100644 --- a/net-vpn/vpncloud/vpncloud-2.3.0.ebuild +++ b/net-vpn/vpncloud/vpncloud-2.3.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 2017-2022 Gentoo Authors +# Copyright 2017-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # Auto-Generated by cargo-ebuild 0.3.1 @@ -159,9 +159,7 @@ HOMEPAGE="https://vpncloud.ddswd.de/" SRC_URI="https://github.com/dswd/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz $(cargo_crate_uris ${CRATES})" RESTRICT="mirror" -# License set may be more restrictive as OR is not respected -# use cargo-license for a more accurate license picture -LICENSE="Apache-2.0 Apache-2.0 BSL-1.1 GPL-3 ISC MIT MPL-2.0 Unlicense ZLIB" +LICENSE="GPL-3+ ISC MIT MPL-2.0 openssl || ( Apache-2.0 Boost-1.0 ) || ( Apache-2.0 MIT ) || ( Apache-2.0 MIT ZLIB ) || ( MIT Unlicense )" SLOT="0" KEYWORDS="~amd64" IUSE="man" diff --git a/net-vpn/vpncwatch/Manifest b/net-vpn/vpncwatch/Manifest index 6536700c185b..3d402cafbf2a 100644 --- a/net-vpn/vpncwatch/Manifest +++ b/net-vpn/vpncwatch/Manifest @@ -1 +1 @@ -DIST vpncwatch-1.8.1.tar.gz 17420 BLAKE2B 3055121017b0a8af17efd14055d62c1cd11eacdefbdfee26b374bc538dc06a13c8a16b4162876ec6993175d1b66a8312f124d2cac896382c4be861e711bf037e SHA512 f5f5f68e2644ee3748a811505025155e77a7d3e345ddfc2f847674aa5d7e9e8be86d10708aeefc521ac747744e4f7edc3853ff230022aee7b098e8d0a35db5c2 +DIST vpncwatch-1.8.1.gh.tar.gz 14870 BLAKE2B 4a822ce784a059aaf3e5c267385547b98db579750c533b91d32063758e5a8d606ec1773a856ced961d3e3b0fc16d40e40522cee466bc68572a394c06b71872a9 SHA512 1f5b151c158061cc5879c2e3b6efa6b7a239f590d47e553bb349f842f0b7daf79a1719b912a7e239d9323ba98686ad4e095dd1bee90dd379ba0bdbd75b6bb6c6 diff --git a/net-vpn/vpncwatch/vpncwatch-1.8.1-r1.ebuild b/net-vpn/vpncwatch/vpncwatch-1.8.1-r1.ebuild index 5f271c07ccee..cac70876627e 100644 --- a/net-vpn/vpncwatch/vpncwatch-1.8.1-r1.ebuild +++ b/net-vpn/vpncwatch/vpncwatch-1.8.1-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,7 +7,8 @@ inherit toolchain-funcs DESCRIPTION="Keepalive daemon for vpnc on Linux systems" HOMEPAGE="https://github.com/dcantrell/vpncwatch/" -SRC_URI="https://github.com/downloads/dcantrell/${PN}/${P}.tar.gz" +SRC_URI="https://github.com/dcantrell/vpncwatch/archive/refs/tags/${P}.tar.gz -> ${P}.gh.tar.gz" +S="${WORKDIR}"/${PN}-${P} LICENSE="GPL-2" SLOT="0" diff --git a/net-vpn/vtun/Manifest b/net-vpn/vtun/Manifest index 69aacb9b0565..92748306cddb 100644 --- a/net-vpn/vtun/Manifest +++ b/net-vpn/vtun/Manifest @@ -1,2 +1 @@ -DIST vtun-3.0.3.tar.gz 130051 BLAKE2B 9bbc11724fb75acd024fda8b4e84af425c5377b3d8a938f7e789ecb1c2cdb95f109a1edc59f3fcbd2c5898bd17be76054060e8e36a1fb4355b40b61cc64adaad SHA512 5fa789d08b556f97492b89515a89c2322c4b0a8fa95bd1035f5ed19061b3654a6a36a9911792096ac872ae9ae5451848cab87d0343dc0ffc064affea1f7d0d54 DIST vtun-3.0.4.tar.gz 132691 BLAKE2B 040c3c66074a1ebdd8a2f32c988b7f4d9423d248ad1259456cd8cdbe0b9adbbaca4cd1e1a4e8c4e6a936a221a9443c099d5d8a219f830925f220bc09e5e7feae SHA512 b1bb7294bd745c2ca888704e2b0f8e05447b5e01bec0f921648afe363d61a19508dea9e26663993cd69c506aa92621e76f36045bddf7c3723d13a72741ca6781 diff --git a/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch b/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch deleted file mode 100644 index c2d9e7d999a7..000000000000 --- a/net-vpn/vtun/files/vtun-3.0.2-remove-config-presence-check.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/Makefile.in -+++ b/Makefile.in -@@ -86,9 +86,7 @@ - - install_config: - $(INSTALL) -d -m 755 $(INSTALL_OWNER) $(DESTDIR)$(ETC_DIR) -- if [ ! -f $(ETC_DIR)/vtund.conf ]; then \ -- $(INSTALL) -m 600 $(INSTALL_OWNER) vtund.conf $(DESTDIR)$(ETC_DIR); \ -- fi -+ $(INSTALL) -m 600 $(INSTALL_OWNER) vtund.conf $(DESTDIR)$(ETC_DIR); \ - - install: vtund install_config install_man - $(INSTALL) -d -m 755 $(INSTALL_OWNER) $(DESTDIR)$(VAR_DIR)/run diff --git a/net-vpn/vtun/files/vtun-3.0.3-C99-inline.patch b/net-vpn/vtun/files/vtun-3.0.3-C99-inline.patch deleted file mode 100644 index 0e7c68be8f13..000000000000 --- a/net-vpn/vtun/files/vtun-3.0.3-C99-inline.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- a/lfd_shaper.c -+++ b/lfd_shaper.c -@@ -69,7 +69,7 @@ int shaper_counter(int len, char *in, char **out) - } - - /* Convert tv struct to milisec */ --unsigned long inline tv2ms(struct timeval tv) -+unsigned long tv2ms(struct timeval tv) - { - register unsigned long ms = (tv.tv_sec * 1000)+(tv.tv_usec / 1000); - return ms ? ms : 1; ---- a/linkfd.c -+++ b/linkfd.c -@@ -105,7 +105,7 @@ int lfd_free_mod(void) - } - - /* Run modules down (from head to tail) */ --inline int lfd_run_down(int len, char *in, char **out) -+int lfd_run_down(int len, char *in, char **out) - { - register struct lfd_mod *mod; - -@@ -119,7 +119,7 @@ inline int lfd_run_down(int len, char *in, char **out) - } - - /* Run modules up (from tail to head) */ --inline int lfd_run_up(int len, char *in, char **out) -+int lfd_run_up(int len, char *in, char **out) - { - register struct lfd_mod *mod; - -@@ -133,7 +133,7 @@ inline int lfd_run_up(int len, char *in, char **out) - } - - /* Check if modules are accepting the data(down) */ --inline int lfd_check_down(void) -+int lfd_check_down(void) - { - register struct lfd_mod *mod; - int err = 1; -@@ -145,7 +145,7 @@ inline int lfd_check_down(void) - } - - /* Check if modules are accepting the data(up) */ --inline int lfd_check_up(void) -+int lfd_check_up(void) - { - register struct lfd_mod *mod; - int err = 1; diff --git a/net-vpn/vtun/files/vtun-3.0.3-fno-common.patch b/net-vpn/vtun/files/vtun-3.0.3-fno-common.patch deleted file mode 100644 index 2dd6dd2e3348..000000000000 --- a/net-vpn/vtun/files/vtun-3.0.3-fno-common.patch +++ /dev/null @@ -1,25 +0,0 @@ -https://bugs.gentoo.org/708372 ---- a/auth.c -+++ b/auth.c -@@ -70,7 +70,7 @@ void gen_chal(char *buf) - void encrypt_chal(char *chal, char *pwd) - { - register int i; -- BF_KEY key; -+ extern BF_KEY key; - - BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); - ---- a/lfd_encrypt.c -+++ b/lfd_encrypt.c -@@ -64,8 +64,8 @@ - #define ENC_BUF_SIZE VTUN_FRAME_SIZE + 128 - #define ENC_KEY_SIZE 16 - --BF_KEY key; --char * enc_buf; -+extern BF_KEY key; -+extern char * enc_buf; - char * dec_buf; - - #define CIPHER_INIT 0 diff --git a/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch b/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch deleted file mode 100644 index 8270f7a4d9ed..000000000000 --- a/net-vpn/vtun/files/vtun-3.0.3-gcc5.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/cfg_file.y -+++ b/cfg_file.y -@@ -624,7 +624,7 @@ int clear_nat_hack_client(void *d, void - } - - /* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */ --inline void clear_nat_hack_flags(int svr) -+extern inline void clear_nat_hack_flags(int svr) - { - if (svr) - llist_trav(&host_list,clear_nat_hack_server,NULL); diff --git a/net-vpn/vtun/files/vtun-3.0.3-includes.patch b/net-vpn/vtun/files/vtun-3.0.3-includes.patch deleted file mode 100644 index 517ddf3cbb9c..000000000000 --- a/net-vpn/vtun/files/vtun-3.0.3-includes.patch +++ /dev/null @@ -1,72 +0,0 @@ ---- a/lfd_encrypt.c -+++ b/lfd_encrypt.c -@@ -44,6 +44,7 @@ - #include <strings.h> - #include <string.h> - #include <time.h> -+#include <arpa/inet.h> /* htonl() */ - - #include "vtun.h" - #include "linkfd.h" ---- a/lib.c -+++ b/lib.c -@@ -34,6 +34,7 @@ - #include <sys/wait.h> - #include <syslog.h> - #include <errno.h> -+#include <time.h> /* nanosleep() */ - - #include "vtun.h" - #include "linkfd.h" ---- a/lib.h -+++ b/lib.h -@@ -26,6 +26,8 @@ - #include <sys/types.h> - #include <signal.h> - #include <errno.h> -+#include <unistd.h> /* read(), write() */ -+#include <bsd/unistd.h> /* setproctitle(), see man libbsd(7) */ - - #ifdef HAVE_LIBUTIL_H - #include <libutil.h> -@@ -35,7 +37,7 @@ - void init_title(int argc,char *argv[],char *env[], char *name); - void set_title(const char *ftm, ...); - #else -- #define init_title( a... ) -+ #define init_title(argc, argv, env, name) setproctitle_init(argc, argv, env) - #define set_title setproctitle - #endif /* HAVE_SETPROC_TITLE */ - ---- a/vtun.h -+++ b/vtun.h -@@ -232,5 +232,9 @@ - int read_config(char *file); - struct vtun_host * find_host(char *host); - inline void clear_nat_hack_flags(int svr); -+int send_msg(int len, char *in, char **out); -+int send_ib_mesg(int *len, char **in); -+int recv_msg(int len, char *in, char **out); -+int recv_ib_mesg(int *len, char **in); - - #endif ---- a/lock.c -+++ b/lock.c -@@ -32,6 +32,7 @@ - #include <sys/types.h> - #include <signal.h> - #include <errno.h> -+#include <time.h> /* nanosleep() */ - - #include "vtun.h" - #include "linkfd.h" ---- a/lfd_shaper.c -+++ b/lfd_shaper.c -@@ -27,6 +27,7 @@ - #include <stdlib.h> - #include <sys/time.h> - #include <syslog.h> -+#include <time.h> /* nanosleep() */ - - #include "vtun.h" - #include "linkfd.h" diff --git a/net-vpn/vtun/files/vtun-3.0.4-use-bison-for-yacc.patch b/net-vpn/vtun/files/vtun-3.0.4-use-bison-for-yacc.patch new file mode 100644 index 000000000000..70a28befe486 --- /dev/null +++ b/net-vpn/vtun/files/vtun-3.0.4-use-bison-for-yacc.patch @@ -0,0 +1,41 @@ +https://bugs.gentoo.org/907988 +--- a/configure.in 2016-10-01 23:46:01.000000000 +0200 ++++ b/configure.in 2023-06-10 22:44:20.873592074 +0200 +@@ -82,11 +82,14 @@ + AC_CANONICAL_SYSTEM + + dnl Check for programs. +-AC_PROG_YACC + AC_PROG_LEX + AC_PROG_CC + AC_PROG_INSTALL + ++AC_ARG_VAR([BISON], [bison command for yacc parsing]) ++AC_CHECK_PROG([BISON], [bison -y], [bison -y], [no]) ++AS_IF([test "x$BISON" = "xno"], [AC_MSG_ERROR([bison not found])]) ++ + dnl Checks for typedefs, structures, and compiler characteristics. + AC_C_CONST + AC_C_INLINE +--- a/Makefile.in 2016-10-01 23:46:00.000000000 +0200 ++++ b/Makefile.in 2023-06-10 23:00:25.278904190 +0200 +@@ -21,8 +21,8 @@ + CFLAGS = @CFLAGS@ @CPPFLAGS@ + LDFLAGS = @LDFLAGS@ @LIBS@ + +-YACC = @YACC@ +-YACCFLAGS = -d ++BISON = @BISON@ ++BISONFLAGS = -d + + LEX = @LEX@ + LEXFLAGS = -t +@@ -62,7 +62,7 @@ + $(CC) $(CFLAGS) -o vtund $(OBJS) $(LFD_OBJS) $(LDFLAGS) + + cfg_file.tab.h: +- $(YACC) $(YACCFLAGS) -b cfg_file cfg_file.y ++ $(BISON) $(BISONFLAGS) -b cfg_file cfg_file.y + + cfg_file.tab.c: cfg_file.y cfg_kwords.h config.h cfg_file.tab.h + diff --git a/net-vpn/vtun/files/vtun-libssl-1.1.patch b/net-vpn/vtun/files/vtun-libssl-1.1.patch deleted file mode 100644 index f2bf0c1fa82b..000000000000 --- a/net-vpn/vtun/files/vtun-libssl-1.1.patch +++ /dev/null @@ -1,229 +0,0 @@ ---- a/lfd_encrypt.c -+++ b/lfd_encrypt.c -@@ -96,11 +96,11 @@ unsigned long sequence_num; - char * pkey; - char * iv_buf; - --EVP_CIPHER_CTX ctx_enc; /* encrypt */ --EVP_CIPHER_CTX ctx_dec; /* decrypt */ -+EVP_CIPHER_CTX *ctx_enc; /* encrypt */ -+EVP_CIPHER_CTX *ctx_dec; /* decrypt */ - --EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ --EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ -+EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */ -+EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */ - - int prep_key(char **key, int size, struct vtun_host *host) - { -@@ -151,6 +151,11 @@ int alloc_encrypt(struct vtun_host *host) - char cipher_name[32]; - EVP_CIPHER_CTX *pctx_enc; - EVP_CIPHER_CTX *pctx_dec; -+ -+ ctx_enc = EVP_CIPHER_CTX_new(); -+ ctx_dec = EVP_CIPHER_CTX_new(); -+ ctx_enc_ecb = EVP_CIPHER_CTX_new(); -+ ctx_dec_ecb = EVP_CIPHER_CTX_new(); - - enc_init_first_time = 1; - dec_init_first_time = 1; -@@ -178,15 +183,15 @@ int alloc_encrypt(struct vtun_host *host) - keysize = 32; - sb_init = 1; - cipher_type = EVP_aes_256_ecb(); -- pctx_enc = &ctx_enc_ecb; -- pctx_dec = &ctx_dec_ecb; -+ pctx_enc = ctx_enc_ecb; -+ pctx_dec = ctx_dec_ecb; - break; - - case VTUN_ENC_AES256ECB: - blocksize = 16; - keysize = 32; -- pctx_enc = &ctx_enc; -- pctx_dec = &ctx_dec; -+ pctx_enc = ctx_enc; -+ pctx_dec = ctx_dec; - cipher_type = EVP_aes_256_ecb(); - strcpy(cipher_name,"AES-256-ECB"); - break; -@@ -197,14 +202,14 @@ int alloc_encrypt(struct vtun_host *host) - keysize = 16; - sb_init=1; - cipher_type = EVP_aes_128_ecb(); -- pctx_enc = &ctx_enc_ecb; -- pctx_dec = &ctx_dec_ecb; -+ pctx_enc = ctx_enc_ecb; -+ pctx_dec = ctx_dec_ecb; - break; - case VTUN_ENC_AES128ECB: - blocksize = 16; - keysize = 16; -- pctx_enc = &ctx_enc; -- pctx_dec = &ctx_dec; -+ pctx_enc = ctx_enc; -+ pctx_dec = ctx_dec; - cipher_type = EVP_aes_128_ecb(); - strcpy(cipher_name,"AES-128-ECB"); - break; -@@ -217,16 +222,16 @@ int alloc_encrypt(struct vtun_host *host) - var_key = 1; - sb_init = 1; - cipher_type = EVP_bf_ecb(); -- pctx_enc = &ctx_enc_ecb; -- pctx_dec = &ctx_dec_ecb; -+ pctx_enc = ctx_enc_ecb; -+ pctx_dec = ctx_dec_ecb; - break; - - case VTUN_ENC_BF256ECB: - blocksize = 8; - keysize = 32; - var_key = 1; -- pctx_enc = &ctx_enc; -- pctx_dec = &ctx_dec; -+ pctx_enc = ctx_enc; -+ pctx_dec = ctx_dec; - cipher_type = EVP_bf_ecb(); - strcpy(cipher_name,"Blowfish-256-ECB"); - break; -@@ -239,16 +244,16 @@ int alloc_encrypt(struct vtun_host *host) - var_key = 1; - sb_init = 1; - cipher_type = EVP_bf_ecb(); -- pctx_enc = &ctx_enc_ecb; -- pctx_dec = &ctx_dec_ecb; -+ pctx_enc = ctx_enc_ecb; -+ pctx_dec = ctx_dec_ecb; - break; - case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ - default: - blocksize = 8; - keysize = 16; - var_key = 1; -- pctx_enc = &ctx_enc; -- pctx_dec = &ctx_dec; -+ pctx_enc = ctx_enc; -+ pctx_dec = ctx_dec; - cipher_type = EVP_bf_ecb(); - strcpy(cipher_name,"Blowfish-128-ECB"); - break; -@@ -290,10 +295,10 @@ int free_encrypt() - lfd_free(enc_buf); enc_buf = NULL; - lfd_free(dec_buf); dec_buf = NULL; - -- EVP_CIPHER_CTX_cleanup(&ctx_enc); -- EVP_CIPHER_CTX_cleanup(&ctx_dec); -- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb); -- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb); -+ EVP_CIPHER_CTX_cleanup(ctx_enc); -+ EVP_CIPHER_CTX_cleanup(ctx_dec); -+ EVP_CIPHER_CTX_cleanup(ctx_enc_ecb); -+ EVP_CIPHER_CTX_cleanup(ctx_dec_ecb); - - return 0; - } -@@ -319,7 +324,7 @@ int encrypt_buf(int len, char *in, char **out) - outlen=len+pad; - if (pad == blocksize) - RAND_bytes(in_ptr+len, blocksize-1); -- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); -+ EVP_EncryptUpdate(&ctx_enc, out_ptr, outlen, in_ptr, len+pad); - *out = enc_buf; - - sequence_num++; -@@ -339,7 +344,7 @@ int decrypt_buf(int len, char *in, char **out) - - outlen=len; - if (!len) return 0; -- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); -+ EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len); - recv_ib_mesg(&outlen, &out_ptr); - if (!outlen) return 0; - tmp_ptr = out_ptr + outlen; tmp_ptr--; -@@ -427,13 +432,13 @@ int cipher_enc_init(char * iv) - break; - } /* switch(cipher) */ - -- EVP_CIPHER_CTX_init(&ctx_enc); -- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); -+ EVP_CIPHER_CTX_init(ctx_enc); -+ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL); - if (var_key) -- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); -- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); -- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); -- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); -+ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize); -+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL); -+ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv); -+ EVP_CIPHER_CTX_set_padding(ctx_enc, 0); - if (enc_init_first_time) - { - sprintf(tmpstr,"%s encryption initialized", cipher_name); -@@ -517,13 +522,13 @@ int cipher_dec_init(char * iv) - break; - } /* switch(cipher) */ - -- EVP_CIPHER_CTX_init(&ctx_dec); -- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); -+ EVP_CIPHER_CTX_init(ctx_dec); -+ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL); - if (var_key) -- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); -- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); -- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); -- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); -+ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize); -+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL); -+ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv); -+ EVP_CIPHER_CTX_set_padding(ctx_dec, 0); - if (dec_init_first_time) - { - sprintf(tmpstr,"%s decryption initialized", cipher_name); -@@ -555,7 +560,7 @@ int send_msg(int len, char *in, char **out) - - in_ptr = in - blocksize*2; - outlen = blocksize*2; -- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, -+ EVP_EncryptUpdate(ctx_enc_ecb, in_ptr, - &outlen, in_ptr, blocksize*2); - *out = in_ptr; - len = outlen; -@@ -582,7 +587,7 @@ int recv_msg(int len, char *in, char **out) - in_ptr = in; - iv = malloc(blocksize); - outlen = blocksize*2; -- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); -+ EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); - - if ( !strncmp(in_ptr, "ivec", 4) ) - { -@@ -625,7 +630,7 @@ int recv_msg(int len, char *in, char **out) - if (cipher_enc_state != CIPHER_INIT) - { - cipher_enc_state = CIPHER_INIT; -- EVP_CIPHER_CTX_cleanup(&ctx_enc); -+ EVP_CIPHER_CTX_cleanup(ctx_enc); - #ifdef LFD_ENCRYPT_DEBUG - vtun_syslog(LOG_INFO, - "Forcing local encryptor re-init"); -@@ -706,7 +711,7 @@ int recv_ib_mesg(int *len, char **in) - if (cipher_enc_state != CIPHER_INIT) - { - cipher_enc_state = CIPHER_INIT; -- EVP_CIPHER_CTX_cleanup(&ctx_enc); -+ EVP_CIPHER_CTX_cleanup(ctx_enc); - } - #ifdef LFD_ENCRYPT_DEBUG - vtun_syslog(LOG_INFO, "Remote requests encryptor re-init"); -@@ -720,7 +725,7 @@ int recv_ib_mesg(int *len, char **in) - cipher_enc_state != CIPHER_REQ_INIT && - cipher_enc_state != CIPHER_INIT) - { -- EVP_CIPHER_CTX_cleanup (&ctx_dec); -+ EVP_CIPHER_CTX_cleanup (ctx_dec); - cipher_dec_state = CIPHER_INIT; - cipher_enc_state = CIPHER_REQ_INIT; - } diff --git a/net-vpn/vtun/vtun-3.0.4-r2.ebuild b/net-vpn/vtun/vtun-3.0.4-r3.ebuild index 6f2661a261b8..8d889a7404e6 100644 --- a/net-vpn/vtun/vtun-3.0.4-r2.ebuild +++ b/net-vpn/vtun/vtun-3.0.4-r3.ebuild @@ -3,7 +3,7 @@ EAPI=8 -inherit linux-info +inherit linux-info autotools DESCRIPTION="Create tunnels over TCP/IP networks with shaping, encryption, and compression" SRC_URI="https://sourceforge.net/projects/vtun/files/${PN}/${PV}/${P}.tar.gz" @@ -38,6 +38,7 @@ PATCHES=( src_prepare() { default + eautoreconf sed -i -e '/^LDFLAGS/s|=|+=|g' Makefile.in || die sed -i 's:$(BIN_DIR)/strip $(DESTDIR)$(SBIN_DIR)/vtund::' Makefile.in || die } diff --git a/net-vpn/vtun/vtun-3.0.3-r4.ebuild b/net-vpn/vtun/vtun-3.0.4-r4.ebuild index aeebc636d14f..bf3f14e1e39a 100644 --- a/net-vpn/vtun/vtun-3.0.3-r4.ebuild +++ b/net-vpn/vtun/vtun-3.0.4-r4.ebuild @@ -1,13 +1,13 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit linux-info +inherit linux-info autotools DESCRIPTION="Create tunnels over TCP/IP networks with shaping, encryption, and compression" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" -HOMEPAGE="http://vtun.sourceforge.net/" +SRC_URI="https://sourceforge.net/projects/vtun/files/${PN}/${PV}/${P}.tar.gz" +HOMEPAGE="https://vtun.sourceforge.net/" LICENSE="GPL-2" SLOT="0" @@ -21,25 +21,25 @@ RDEPEND=" zlib? ( sys-libs/zlib ) dev-libs/libbsd" DEPEND="${RDEPEND}" -BDEPEND="sys-devel/bison" +BDEPEND=" + app-alternatives/lex + sys-devel/bison +" DOCS=( ChangeLog Credits FAQ README README.Setup README.Shaper TODO ) CONFIG_CHECK="~TUN" PATCHES=( + "${FILESDIR}"/${P}-libssl-ctx.patch "${FILESDIR}"/${P}-includes.patch - # remove unneeded checking for /etc/vtund.conf - "${FILESDIR}"/${PN}-3.0.2-remove-config-presence-check.patch - # GCC 5 compatibility, patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778164 - "${FILESDIR}"/${P}-gcc5.patch - # openssl 1.1 compatibility, bug 674280 - "${FILESDIR}"/${PN}-libssl-1.1.patch - "${FILESDIR}"/${P}-fno-common.patch - "${FILESDIR}"/${P}-C99-inline.patch + "${FILESDIR}"/${P}-naughty-inlines.patch + "${FILESDIR}"/${P}-autoconf-fork-not-working.patch + "${FILESDIR}"/${P}-use-bison-for-yacc.patch ) src_prepare() { default + eautoreconf sed -i -e '/^LDFLAGS/s|=|+=|g' Makefile.in || die sed -i 's:$(BIN_DIR)/strip $(DESTDIR)$(SBIN_DIR)/vtund::' Makefile.in || die } diff --git a/net-vpn/wireguard-modules/wireguard-modules-1.0.20220627.ebuild b/net-vpn/wireguard-modules/wireguard-modules-1.0.20220627.ebuild index f34efa9c6ce2..220aa7209ada 100644 --- a/net-vpn/wireguard-modules/wireguard-modules-1.0.20220627.ebuild +++ b/net-vpn/wireguard-modules/wireguard-modules-1.0.20220627.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -23,9 +23,6 @@ LICENSE="GPL-2" SLOT="0" IUSE="debug +module module-src" -DEPEND="" -RDEPEND="${DEPEND}" - MODULE_NAMES="wireguard(kernel/drivers/net:src)" BUILD_TARGETS="module" CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_ALGAPI" |