Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-vpn
diff options
context:
space:
mode:
Diffstat (limited to 'net-vpn')
-rw-r--r--net-vpn/openconnect/files/README.OpenRC30
-rw-r--r--net-vpn/openconnect/files/openconnect.initd.8.10105
-rw-r--r--net-vpn/openconnect/openconnect-8.10-r1.ebuild153
3 files changed, 288 insertions, 0 deletions
diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC
new file mode 100644
index 000000000000..baa617d94eaa
--- /dev/null
+++ b/net-vpn/openconnect/files/README.OpenRC
@@ -0,0 +1,30 @@
+The service script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in
+/etc/init.d for each tunnel instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+Also, create a configuration file for the tunnel in /etc/openconnect. To
+follow this example, the configuration file would be called
+/etc/openconnect/vpn0.conf. See man openconnect for the options that can
+go in this file.
+
+You can then start the vpn tunnel like this:
+
+rc-service openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*
diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10
new file mode 100644
index 000000000000..cec5350e17ce
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.initd.8.10
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNCONF=/etc/openconnect/${VPN}.conf
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+ before netmount
+}
+
+checkconfig() {
+ if [ $VPN = "openconnect" ]; then
+ eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+ eerror
+ eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+ eerror
+ eerror "And then call it instead:"
+ eerror
+ eerror "/etc/init.d/openconnect.vpn0 start"
+ return 1
+ fi
+ if [ ! -f "${VPNCONF}" ]; then
+ ewarn "The configuration file for ${VPN} does not exist."
+ ewarn "Please create ${VPNCONF}"
+ ewarn "This will become a fatal error in a future release."
+ fi
+ local server vpnopts password
+ eval server=\$server_${VPN}
+ eval vpnopts=\$vpnopts_${VPN}
+ eval password=\$password_${VPN}
+ if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then
+ ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated"
+ ewarn"Please move them to the appropriate settings in ${VPNCONF}"
+ ewarn "They will be ignored in the future."
+ fi
+ return 0
+}
+
+checktuntap() {
+ if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+ if ! modprobe tun ; then
+ eerror "TUN/TAP support is not available in this kernel"
+ return 1
+ fi
+ fi
+}
+
+run_hook() {
+ if [ -x "$1" ]; then
+ "$@"
+ fi
+}
+
+start_pre() {
+ checkconfig || return
+ checktuntap || return
+ checkpath -d "${VPNLOG}" || return
+ checkpath -d /run/openconnect || return
+ run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+ local server vpnopts password
+ eval server=\$server_${VPN}
+ eval vpnopts=\$vpnopts_${VPN}
+ eval password=\$password_${VPN}
+
+ ebegin "Starting ${name}"
+ start-stop-daemon --start --exec "${command}" -- \
+ --background \
+ --config="${VPNCONF:-/dev/null}" \
+ --interface="${VPN}" \
+ --pid-file="${pidfile}" \
+ ${vpnopts} \
+ "${server}" \
+ >> "${VPNLOGFILE}" \
+ 2>> "${VPNERRFILE}" \
+ <<EOF
+${password}
+EOF
+ eend $?
+}
+
+start_post() {
+ run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+ checkconfig || return
+ run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+ run_hook "${VPNDIR}/postdown.sh"
+}
diff --git a/net-vpn/openconnect/openconnect-8.10-r1.ebuild b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
new file mode 100644
index 000000000000..e4c566efb121
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
@@ -0,0 +1,153 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} )
+PYTHON_REQ_USE="xml"
+
+inherit linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
+ inherit git-r3 autotools
+else
+ ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+fi
+VPNC_VER=20200930
+SRC_URI="${ARCHIVE_URI}
+ ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/libxml2
+ sys-libs/zlib
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h:0=
+ )
+ gnutls? (
+ app-crypt/trousers
+ app-misc/ca-certificates
+ dev-libs/nettle
+ >=net-libs/gnutls-3.6.13:0=
+ dev-libs/libtasn1:0=
+ app-crypt/tpm2-tss
+ )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ lz4? ( app-arch/lz4:= )
+ nls? ( virtual/libintl )
+ smartcard? ( sys-apps/pcsc-lite:0= )
+ stoken? ( app-crypt/stoken )
+"
+RDEPEND="${DEPEND}
+ sys-apps/iproute2
+"
+BDEPEND="
+ virtual/pkgconfig
+ doc? ( ${PYTHON_DEPS} sys-apps/groff )
+ nls? ( sys-devel/gettext )
+ test? (
+ net-libs/socket_wrapper
+ net-vpn/ocserv
+ sys-libs/uid_wrapper
+ )
+"
+
+CONFIG_CHECK="~TUN"
+
+pkg_pretend() {
+ check_extra_config
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]]; then
+ git-r3_src_unpack
+ fi
+ default
+}
+
+src_prepare() {
+ default
+ if [[ ${PV} == 9999 ]]; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ if use doc; then
+ python_setup
+ else
+ export ac_cv_path_PYTHON=
+ fi
+
+ # Used by tests if userpriv is disabled
+ addwrite /run/netns
+
+ local myconf=(
+ --disable-dsa-tests
+ $(use_enable nls)
+ --disable-static
+ $(use_with !gnutls openssl)
+ $(use_with gnutls)
+ $(use_with libproxy)
+ $(use_with lz4)
+ $(use_with gssapi)
+ $(use_with smartcard libpcsclite)
+ $(use_with stoken)
+ --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
+ --without-java
+ )
+
+ econf "${myconf[@]}"
+}
+
+src_test() {
+ local charset
+ for charset in UTF-8 ISO8859-2; do
+ if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
+ # If we don't have valid cs_CZ locale data, auth-nonascii will fail.
+ # Force a test skip by exiting with status 77.
+ sed -i -e '2i exit 77' tests/auth-nonascii || die
+ break
+ fi
+ done
+ default
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+
+ exeinto /etc/openconnect
+ newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
+ newinitd "${FILESDIR}"/openconnect.initd.${PV} openconnect
+ dodoc "${FILESDIR}"/README.OpenRC
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/openconnect.logrotate openconnect
+
+ keepdir /var/log/openconnect
+}
+
+pkg_postinst() {
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ ver_test $v -ge 8.10-r1 && continue
+ ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d"
+ ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf"
+ ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC"
+ done
+}