libreswan: import version 5.0pre0.20230808

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: libreswan: import version 5.0pre0.20230808
From: Andrew Cagney <andrew.cagney%gmail.com@localhost>
Date: Tue, 08 Aug 2023 20:12:11 +0000
Module Name:	pkgsrc-wip
Committed By:	Andrew Cagney <andrew.cagney%gmail.com@localhost>
Pushed By:	cagney
Date:		Tue Aug 8 20:12:11 2023 +0000
Changeset:	f55b1a587b32e7ae260f5c32e8d9fce55dbaa441

Added Files:
	libreswan-git/COMMIT_MSG
	libreswan-git/DESCR
	libreswan-git/Makefile
	libreswan-git/PLIST
	libreswan-git/TODO
	libreswan-git/distinfo

Log Message:
libreswan: import version 5.0pre0.20230808

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=f55b1a587b32e7ae260f5c32e8d9fce55dbaa441

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libreswan-git/COMMIT_MSG | 14 +++++++++
 libreswan-git/DESCR      | 11 +++++++
 libreswan-git/Makefile   | 76 ++++++++++++++++++++++++++++++++++++++++++++++++
 libreswan-git/PLIST      | 72 +++++++++++++++++++++++++++++++++++++++++++++
 libreswan-git/TODO       | 19 ++++++++++++
 libreswan-git/distinfo   |  5 ++++
 6 files changed, 197 insertions(+)

diffs:
diff --git a/libreswan-git/COMMIT_MSG b/libreswan-git/COMMIT_MSG
new file mode 100644
index 0000000000..47fe032ca9
--- /dev/null
+++ b/libreswan-git/COMMIT_MSG
@@ -0,0 +1,14 @@
+Libreswan: import version 5.0pre0.20230808
+
+Libreswan is an Internet Key Exchange (IKE) daemon for managing IPsec.
+
+Libreswan supports IKEv1 and IKEv2 and has support for most of the
+extensions (RFC + IETF drafts) related to IPsec, including IKEv2,
+X.509 Digital Certificates, NAT Traversal, and many others.
+
+On NetBSD and FreeBSD, Libreswan uses the PF_KEY_V2 IPsec stack.  On
+Linux, Libreswan uses the XFRM IPsec stack.
+
+Libreswan was forked from Openswan 2.6.38, which was forked from
+FreeS/WAN 2.04. See the CREDITS files for contributor acknowledgments.
+
diff --git a/libreswan-git/DESCR b/libreswan-git/DESCR
new file mode 100644
index 0000000000..461ef667ee
--- /dev/null
+++ b/libreswan-git/DESCR
@@ -0,0 +1,11 @@
+Libreswan is an Internet Key Exchange (IKE) daemon for managing IPsec.
+
+Libreswan supports IKEv1 and IKEv2 and has support for most of the
+extensions (RFC + IETF drafts) related to IPsec, including IKEv2,
+X.509 Digital Certificates, NAT Traversal, and many others.
+
+On NetBSD and FreeBSD, Libreswan uses the PF_KEY_V2 IPsec stack.  On
+Linux, Libreswan uses the XFRM IPsec stack.
+
+Libreswan was forked from Openswan 2.6.38, which was forked from
+FreeS/WAN 2.04. See the CREDITS files for contributor acknowledgments.
diff --git a/libreswan-git/Makefile b/libreswan-git/Makefile
new file mode 100644
index 0000000000..6569d0c711
--- /dev/null
+++ b/libreswan-git/Makefile
@@ -0,0 +1,76 @@
+# $NetBSD$
+
+# Libreswan is built using GNU Make.  It does not use autoconf.
+#
+# Configuration parameters can be found in mk/config.mk and OS
+# specific overides in mk/default/*.mk (for instance,
+# mk/default/netbsd.mk).
+
+DISTNAME=	libreswan-5.0pre0.20230808
+GITHUB_PROJECT=	libreswan
+GITHUB_TAG=	08dc9d0da33e3f5e88c836c8d2eacbb32a27275b
+MASTER_SITES=	${MASTER_SITE_GITHUB:=${GITHUB_PROJECT}/}
+DIST_SUBDIR=	${GITHUB_PROJECT}
+
+CATEGORIES=	security
+MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=	https://libreswan.org/
+# Libreswan is an ...
+COMMENT=	Internet Key Exchange Daemon for managing IPsec
+LICENSE=	gnu-gpl-v2
+
+USE_TOOLS+=	pkg-config
+USE_TOOLS+=	gmake
+USE_TOOLS+=	flex
+USE_TOOLS+=	bison
+#default is: USE_LANGUAGES+=	c
+
+EGDIR=		${PREFIX}/share/examples/libreswan
+
+# Config files: stop libreswan 4.10+ scribbling into /etc
+MAKE_FLAGS+=	INSTALL_CONFIGS=false
+
+# Init scripts aka rc.d: stop libreswan 4.10+ scribbing into /etc
+MAKE_FLAGS+=	INSTALL_INITSYSTEM=false
+FILESDIR=	${DESTDIR}${EGDIR}/rc.d
+post-install:
+	mv $(FILESDIR)/pluto $(FILESDIR)/pluto.sh
+#RCD_SCRIPTS=	pluto
+#CONF_FILES+=	${EGDIR}/rc.d/ipsec ${PKG_SYSCONFDIR}/rc.d/ipsec
+
+# populate /etc
+PERMS=$(REAL_ROOT_USER) $(REAL_ROOT_GROUP) 0700
+MAKE_DIRS_PERMS+=	${PKG_SYSCONFDIR}/ipsec.d $(PERMS)
+MAKE_DIRS_PERMS+=	${PKG_SYSCONFDIR}/ipsec.d/policies $(PERMS)
+CONF_FILES_PERMS+=	${EGDIR}/ipsec.secrets-sample ${PKG_SYSCONFDIR}/ipsec.secrets $(PERMS)
+CONF_FILES_PERMS+=	${EGDIR}/ipsec.conf-sample ${PKG_SYSCONFDIR}/ipsec.conf $(PERMS)
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/portexcludes.conf ${PKG_SYSCONFDIR}/ipsec.d/policies/portexcludes.conf
+# needs a for loop
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/block ${PKG_SYSCONFDIR}/ipsec.d/policies/block
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/clear ${PKG_SYSCONFDIR}/ipsec.d/policies/clear
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/clear-or-private ${PKG_SYSCONFDIR}/ipsec.d/policies/clear-or-private
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/private ${PKG_SYSCONFDIR}/ipsec.d/policies/private
+CONF_FILES+=		${EGDIR}/ipsec.d/policies/private-or-clear ${PKG_SYSCONFDIR}/ipsec.d/policies/private-or-clear
+
+# Always install pam.d!?
+MAKE_DIRS+=	${PKG_SYSCONFDIR}/pam.d
+CONF_FILES+=	${EGDIR}/pam.d/pluto ${PKG_SYSCONFDIR}/pam.d/pluto
+
+# Alway install logrotate!?!
+MAKE_DIRS+=	${PKG_SYSCONFDIR}/logrotate.d
+CONF_FILES+=	${EGDIR}/logrotate.d/libreswan ${PKG_SYSCONFDIR}/logrotate.d/libreswan
+
+CHECK_PORTABILITY_SKIP=	mk/docker-targets.mk
+
+# code not clean enough; XXX: why?
+#BUILDLINK_TRANSFORM+=	rm:-Werror
+
+# some stuff uses .include, some does not
+DEPENDS+=	xmlto-[0-9]*:../../textproc/xmlto
+
+# libevent?
+.include "../../net/unbound/buildlink3.mk"
+.include "../../www/curl/buildlink3.mk"
+.include "../../devel/nss/buildlink3.mk"
+.include "../../net/ldns/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/libreswan-git/PLIST b/libreswan-git/PLIST
new file mode 100644
index 0000000000..81d1e8b899
--- /dev/null
+++ b/libreswan-git/PLIST
@@ -0,0 +1,72 @@
+@comment $NetBSD$
+libexec/ipsec/_import_crl
+libexec/ipsec/_plutorun
+libexec/ipsec/_realsetup
+libexec/ipsec/_secretcensor
+libexec/ipsec/_unbound-hook
+libexec/ipsec/_updown
+libexec/ipsec/_updown.bsd
+libexec/ipsec/addconn
+libexec/ipsec/algparse
+libexec/ipsec/asn1check
+libexec/ipsec/auto
+libexec/ipsec/barf
+libexec/ipsec/cavp
+libexec/ipsec/dncheck
+libexec/ipsec/ecdsasigkey
+libexec/ipsec/enumcheck
+libexec/ipsec/hunkcheck
+libexec/ipsec/ipcheck
+libexec/ipsec/jambufcheck
+libexec/ipsec/keyidcheck
+libexec/ipsec/letsencrypt
+libexec/ipsec/newhostkey
+libexec/ipsec/pluto
+libexec/ipsec/readwriteconf
+libexec/ipsec/rsasigkey
+libexec/ipsec/setup
+libexec/ipsec/showhostkey
+libexec/ipsec/showroute
+libexec/ipsec/timecheck
+libexec/ipsec/vendoridcheck
+libexec/ipsec/whack
+man/man5/ipsec.conf.5
+man/man5/ipsec.secrets.5
+man/man8/ipsec.8
+man/man8/ipsec__import_crl.8
+man/man8/ipsec__plutorun.8
+man/man8/ipsec__realsetup.8
+man/man8/ipsec__secretcensor.8
+man/man8/ipsec__unbound-hook.8
+man/man8/ipsec__updown.8
+man/man8/ipsec__updown.bsdkame.8
+man/man8/ipsec_addconn.8
+man/man8/ipsec_auto.8
+man/man8/ipsec_barf.8
+man/man8/ipsec_checknss.8
+man/man8/ipsec_ecdsasigkey.8
+man/man8/ipsec_import.8
+man/man8/ipsec_initnss.8
+man/man8/ipsec_letsencrypt.8
+man/man8/ipsec_newhostkey.8
+man/man8/ipsec_pluto.8
+man/man8/ipsec_readwriteconf.8
+man/man8/ipsec_rsasigkey.8
+man/man8/ipsec_setup.8
+man/man8/ipsec_showhostkey.8
+man/man8/ipsec_showroute.8
+man/man8/ipsec_vendorid.8
+man/man8/ipsec_whack.8
+man/man8/pluto.8
+sbin/ipsec
+share/examples/libreswan/ipsec.conf-sample
+share/examples/libreswan/ipsec.d/policies/block
+share/examples/libreswan/ipsec.d/policies/clear
+share/examples/libreswan/ipsec.d/policies/clear-or-private
+share/examples/libreswan/ipsec.d/policies/portexcludes.conf
+share/examples/libreswan/ipsec.d/policies/private
+share/examples/libreswan/ipsec.d/policies/private-or-clear
+share/examples/libreswan/ipsec.secrets-sample
+share/examples/libreswan/logrotate.d/libreswan
+share/examples/libreswan/pam.d/pluto
+share/examples/libreswan/rc.d/pluto.sh
diff --git a/libreswan-git/TODO b/libreswan-git/TODO
new file mode 100644
index 0000000000..119ea5fdfd
--- /dev/null
+++ b/libreswan-git/TODO
@@ -0,0 +1,19 @@
+- platforms other than NetBSD (Linux, and FreeBSD)?
+
+  PFKEYV2 and XFRM are pretty esoteric.
+
+- /etc/ipsec*
+
+  ipsec.conf, ipsec.secrets and ipsec.d/*
+
+- logrotate https://github.com/libreswan/libreswan/issues/767
+
+  It's a weak dependency / suggested package.  If libreswan is
+  using syslog, say, it isn't needed.
+
+  During install, libreswan creates logrotate.d and then installs
+  a logrotate file.  It doesn't install the file in examples
+  (which begs the question where).
+
+- fix handling of config files - install into share/examples/libreswan
+  and use CONF_FILES
diff --git a/libreswan-git/distinfo b/libreswan-git/distinfo
new file mode 100644
index 0000000000..f1abd6af8e
--- /dev/null
+++ b/libreswan-git/distinfo
@@ -0,0 +1,5 @@
+$NetBSD$
+
+BLAKE2s (libreswan/libreswan-5.0pre0.20230808-08dc9d0da33e3f5e88c836c8d2eacbb32a27275b.tar.gz) = e960d14f5a4890c125465e85d0b7e0de503837bf8a3abe0ec53e6d6dba9084f1
+SHA512 (libreswan/libreswan-5.0pre0.20230808-08dc9d0da33e3f5e88c836c8d2eacbb32a27275b.tar.gz) = b554982dff64001749bd0ed64213b0bc3b7390699c1fff25594b240970da7aa35eefac680a124f7f4ebfdee3e0c4d0e7420e3c14648d2fea17903084181d05a1
+Size (libreswan/libreswan-5.0pre0.20230808-08dc9d0da33e3f5e88c836c8d2eacbb32a27275b.tar.gz) = 3789528 bytes
Prev by Date: libreswan: (again) remove mistaken CVEs in TODO
Next by Date: flnews-devel: Update to 1.2.1pre2
Previous by Thread: libreswan: (again) remove mistaken CVEs in TODO
Next by Thread: flnews-devel: Update to 1.2.1pre2
Indexes:
Home | Main Index | Thread Index | Old Index