From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1003865-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 1A0CA1381F1
	for <garchives@archives.gentoo.org>; Fri, 16 Feb 2018 08:59:49 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 43B22E0933;
	Fri, 16 Feb 2018 08:59:48 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 11995E0933
	for <gentoo-commits@lists.gentoo.org>; Fri, 16 Feb 2018 08:59:47 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id CD145335C2E
	for <gentoo-commits@lists.gentoo.org>; Fri, 16 Feb 2018 08:59:46 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id EF83B78
	for <gentoo-commits@lists.gentoo.org>; Fri, 16 Feb 2018 08:59:44 +0000 (UTC)
From: "Hans de Graaff" <graaff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Hans de Graaff" <graaff@gentoo.org>
Message-ID: <1518771575.7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97.graaff@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-vpn/libreswan/files/, net-vpn/libreswan/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch net-vpn/libreswan/libreswan-3.23-r1.ebuild
X-VCS-Directories: net-vpn/libreswan/files/ net-vpn/libreswan/
X-VCS-Committer: graaff
X-VCS-Committer-Name: Hans de Graaff
X-VCS-Revision: 7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97
X-VCS-Branch: master
Date: Fri, 16 Feb 2018 08:59:44 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: ec2382f0-05e7-4797-9838-5d89c44cd66c
X-Archives-Hash: 5d0e9290597b83cede9fe1ea8884217a

commit:     7dd4310aac4f0a15fa98a4bdbb379d7d4882ce97
Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 16 08:59:16 2018 +0000
Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Fri Feb 16 08:59:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dd4310a

net-vpn/libreswan: fix glibc/kernel incompatibility, bug 647198

Apply upstream patch to support newer glibc and kernel combinations.
Not applied upstream yet because they also need to support old
distributions. This patch works with current stable glibc 2.25.

Closes: https://bugs.gentoo.org/647198
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../files/libreswan-3.23-modern-kernels.patch      |  15 +++
 net-vpn/libreswan/libreswan-3.23-r1.ebuild         | 114 +++++++++++++++++++++
 2 files changed, 129 insertions(+)

diff --git a/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
new file mode 100644
index 00000000000..5dedfeb34c7
--- /dev/null
+++ b/net-vpn/libreswan/files/libreswan-3.23-modern-kernels.patch
@@ -0,0 +1,15 @@
+diff --git a/programs/pluto/kernel_netlink.c
+b/programs/pluto/kernel_netlink.c
+index 8cec3a2..a2500f4 100644
+--- a/programs/pluto/kernel_netlink.c
++++ b/programs/pluto/kernel_netlink.c
+@@ -51,8 +51,8 @@
+ #include <linux/if_addr.h>
+ #include <linux/if_link.h>
+
+-#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
+ #include "linux/xfrm.h" /* local (if configured) or system copy */
++#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
+
+ #include "libreswan/pfkeyv2.h"
+ #include "libreswan/pfkey.h"

diff --git a/net-vpn/libreswan/libreswan-3.23-r1.ebuild b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
new file mode 100644
index 00000000000..3a6e2002c93
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-3.23-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/"
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
+
+COMMON_DEPEND="
+	dev-libs/gmp:0=
+	dev-libs/libevent:0=
+	dev-libs/nspr
+	caps? ( sys-libs/libcap-ng )
+	curl? ( net-misc/curl )
+	dnssec? ( net-dns/unbound net-libs/ldns )
+	ldap? ( net-nds/openldap )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${COMMON_DEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/xmlto
+	dev-libs/nss
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	test? ( dev-python/setproctitle )
+"
+RDEPEND="${COMMON_DEPEND}
+	dev-libs/nss[utils(+)]
+	sys-apps/iproute2
+	!net-misc/openswan
+	!net-vpn/strongswan
+	selinux? ( sec-policy/selinux-ipsec )
+"
+
+PATCHES=( "${FILESDIR}/${P}-modern-kernels.patch" )
+
+usetf() {
+	usex "$1" true false
+}
+
+src_prepare() {
+	sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
+	sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
+	default
+}
+
+src_configure() {
+	tc-export AR CC
+	export INC_USRLOCAL=/usr
+	export INC_MANDIR=share/man
+	export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+	export FINALDOCDIR=/usr/share/doc/${PF}/html
+	export INITSYSTEM=openrc
+	export INC_RCDIRS=
+	export INC_RCDEFAULT=/etc/init.d
+	export USERCOMPILE=
+	export USERLINK=
+	export USE_DNSSEC=$(usetf dnssec)
+	export USE_LABELED_IPSEC=$(usetf selinux)
+	export USE_LIBCAP_NG=$(usetf caps)
+	export USE_LIBCURL=$(usetf curl)
+	export USE_LINUX_AUDIT=$(usetf selinux)
+	export USE_LDAP=$(usetf ldap)
+	export USE_SECCOMP=$(usetf seccomp)
+	export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+	export SD_WATCHDOGSEC=$(usex systemd 200 0)
+	export USE_XAUTHPAM=$(usetf pam)
+	export DEBUG_CFLAGS=
+	export OPTIMIZE_CFLAGS=
+	export WERROR_CFLAGS=
+}
+
+src_compile() {
+	emake all
+	emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" all
+}
+
+src_test() {
+	: # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+	default
+	emake -C initsystems INITSYSTEM=systemd UNITDIR="$(systemd_get_systemunitdir)" DESTDIR="${D}" install
+
+	echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+	fperms 0600 /etc/ipsec.secrets
+
+	dodoc -r docs
+
+	find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+	local IPSEC_CONFDIR=${ROOT%/}/etc/ipsec.d
+	if [[ ! -f ${IPSEC_CONFDIR}/cert8.db ]]; then
+		ebegin "Setting up NSS database in ${IPSEC_CONFDIR}"
+		certutil -N -d "${IPSEC_CONFDIR}" -f <(echo)
+		eend $?
+	fi
+}