commit: 14b24fe29d3814b63fb22a6faa25d3109eface9d Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Mon Nov 11 09:25:03 2024 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Mon Nov 11 09:29:48 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14b24fe2
net-vpn/libreswan: fix building without curl Backport upstream patch to allow building without curl support. Closes: https://bugs.gentoo.org/941388 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> .../files/libreswan-5.1-without-libcurl.patch | 72 +++++++++++ net-vpn/libreswan/libreswan-5.1-r1.ebuild | 137 +++++++++++++++++++++ 2 files changed, 209 insertions(+) diff --git a/net-vpn/libreswan/files/libreswan-5.1-without-libcurl.patch b/net-vpn/libreswan/files/libreswan-5.1-without-libcurl.patch new file mode 100644 index 000000000000..e83683324e83 --- /dev/null +++ b/net-vpn/libreswan/files/libreswan-5.1-without-libcurl.patch @@ -0,0 +1,72 @@ +From 9f0336036caa92eb5f82841d200027c95991fd13 Mon Sep 17 00:00:00 2001 +From: Andrew Cagney <[email protected]> +Date: Mon, 14 Oct 2024 11:09:17 -0400 +Subject: [PATCH] building: fix USE_LIBCURL=false + +close #1845 Libreswan 5.1 no longer compiles without libcurl support +--- + programs/pluto/fetch.c | 13 ++++--------- + programs/pluto/rcv_whack.c | 2 -- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/programs/pluto/fetch.c b/programs/pluto/fetch.c +index 299b7ff405..9bc60b9801 100644 +--- a/programs/pluto/fetch.c ++++ b/programs/pluto/fetch.c +@@ -19,8 +19,6 @@ + * + */ + +-#if defined(LIBCURL) || defined(LIBLDAP) /* essentially whole body of file */ +- + #include <pthread.h> /* Must be the first include file */ + #include <stdlib.h> + #include <errno.h> +@@ -30,7 +28,6 @@ + #include <cert.h> + #include <certdb.h> + +- + #include "constants.h" + #include "defs.h" + #include "log.h" +@@ -153,9 +150,11 @@ static err_t fetch_curl(const char *url, chunk_t *blob, struct logger *logger) + + #else /* LIBCURL */ + +-static err_t fetch_curl(const char *url UNUSED, +- chunk_t *blob UNUSED) ++static err_t fetch_curl(const char *url, ++ chunk_t *blob, ++ struct logger *logger) + { ++ ldbg(logger, "%s() ignoring %s %p", __func__, url, blob->ptr); + return "not compiled with libcurl support"; + } + +@@ -578,7 +577,3 @@ void free_crl_fetch(void) + } + #endif + } +- +-#else /* defined(LIBCURL) || defined(LIBLDAP) */ +-/* we'll just ignore for now - this is all going away anyway */ +-#endif +diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c +index 7959e9ec1f..a7f811f319 100644 +--- a/programs/pluto/rcv_whack.c ++++ b/programs/pluto/rcv_whack.c +@@ -522,13 +522,11 @@ static void whack_process(const struct whack_message *const m, struct show *s) + dbg_whack(s, "purgeocsp: stop:"); + } + +-#if defined(LIBCURL) || defined(LIBLDAP) + if (m->whack_fetchcrls) { + dbg_whack(s, "fetchcrls: start:"); + whack_fetchcrls(s); + dbg_whack(s, "fetchcrls: stop:"); + } +-#endif + + if (m->whack_rereadcerts) { + dbg_whack(s, "rereadcerts: start:"); diff --git a/net-vpn/libreswan/libreswan-5.1-r1.ebuild b/net-vpn/libreswan/libreswan-5.1-r1.ebuild new file mode 100644 index 000000000000..1e8b49a3595c --- /dev/null +++ b/net-vpn/libreswan/libreswan-5.1-r1.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd flag-o-matic toolchain-funcs tmpfiles + +DESCRIPTION="IPsec implementation for Linux, fork of Openswan" +HOMEPAGE="https://libreswan.org/"; +SRC_URI="https://download.libreswan.org/${P}.tar.gz"; + +LICENSE="GPL-2 BSD-4 RSA DES" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="caps curl dnssec +ikev1 ldap networkmanager pam seccomp selinux systemd test" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/gmp:0= + dev-libs/libevent:0= + dev-libs/nspr + >=dev-libs/nss-3.42 + >=sys-kernel/linux-headers-4.19 + virtual/libcrypt:= + caps? ( sys-libs/libcap-ng ) + curl? ( net-misc/curl ) + dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns:= net-dns/dnssec-root ) + ldap? ( net-nds/openldap:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + systemd? ( sys-apps/systemd:0= ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + dev-libs/nss + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-python/setproctitle ) +" +RDEPEND="${DEPEND} + dev-libs/nss[utils(+)] + sys-apps/iproute2 + !net-vpn/strongswan + selinux? ( sec-policy/selinux-ipsec ) +" +DEPEND+=" elibc_musl? ( sys-libs/queue-standalone )" + +PATCHES=( "${FILESDIR}/${P}-without-libcurl.patch" ) + +usetf() { + usex "$1" true false +} + +src_prepare() { + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die + sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die + default +} + +src_configure() { + tc-export AR CC + + use elibc_musl && append-cflags -DGLIBC_KERN_FLIP_HEADERS + + export PREFIX=/usr + export DEFAULT_DNSSEC_ROOTKEY_FILE=/etc/dnssec/icannbundle.pem + export EXAMPLE_IPSEC_SYSCONFDIR=/usr/share/doc/${PF} + export FINALEXAMPLECONFDIR=/usr/share/doc/${PF} + export INITSYSTEM=$(usex systemd systemd openrc) + export INITDDIRS= + export INITDDIR_DEFAULT=/etc/init.d + export USERCOMPILE=${CFLAGS} + export USERLINK=${LDFLAGS} + export USE_DNSSEC=$(usetf dnssec) + export USE_IKEV1=$(usetf ikev1) + export USE_LABELED_IPSEC=$(usetf selinux) + export USE_LIBCAP_NG=$(usetf caps) + export USE_LIBCURL=$(usetf curl) + export USE_LINUX_AUDIT=$(usetf selinux) + export USE_LDAP=$(usetf ldap) + export USE_NM=$(usetf networkmanager) + export USE_SECCOMP=$(usetf seccomp) + export USE_SYSTEMD_WATCHDOG=$(usetf systemd) + export SD_WATCHDOGSEC=$(usex systemd 200 0) + export USE_AUTHPAM=$(usetf pam) + export DEBUG_CFLAGS= + export OPTIMIZE_CFLAGS= + export WERROR_CFLAGS= +} + +src_compile() { + emake all + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + all +} + +src_test() { + : # integration tests only that require set of kvms to be set up +} + +src_install() { + default + emake -C initsystems \ + INITSYSTEM=systemd \ + SYSTEMUNITDIR="$(systemd_get_systemunitdir)" \ + SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" \ + DESTDIR="${D}" \ + install + + echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets + fperms 0600 /etc/ipsec.secrets + + keepdir /var/lib/ipsec/nss + fperms 0700 /var/lib/ipsec/nss + + dodoc -r docs + + find "${D}" -type d -empty -delete || die +} + +pkg_postinst() { + tmpfiles_process libreswan.conf + + local IPSEC_CONFDIR=${ROOT}/var/lib/ipsec/nss + if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then + ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password" + certutil -N -d "${IPSEC_CONFDIR}" --empty-password + eend $? + einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}" + fi +}
