aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorjpaetzel <jpaetzel@FreeBSD.org>2010-08-14 23:48:51 +0800
committerjpaetzel <jpaetzel@FreeBSD.org>2010-08-14 23:48:51 +0800
commit7071c463c6b5ca58c90d0f21c73e7710c3544286 (patch)
treee44fb6f3be883404f8134b0b923e4a3a62656ce5 /security
parentd44cb7e8092e580aaffc4bb9e38a9b6b02ce4c3b (diff)
downloadfreebsd-ports-gnome-7071c463c6b5ca58c90d0f21c73e7710c3544286.tar.gz
freebsd-ports-gnome-7071c463c6b5ca58c90d0f21c73e7710c3544286.tar.zst
freebsd-ports-gnome-7071c463c6b5ca58c90d0f21c73e7710c3544286.zip
Add openvpn-beta , secure IP/Ethernet tunnel daemon.
PR: ports/149620 Submitted by: Eric F Crist <ecrist at secure-computing.net>
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/openvpn-beta/Makefile114
-rw-r--r--security/openvpn-beta/distinfo3
-rw-r--r--security/openvpn-beta/files/openvpn.sh.in137
-rw-r--r--security/openvpn-beta/files/pkg-message.in10
-rw-r--r--security/openvpn-beta/files/pkg-req.in30
-rw-r--r--security/openvpn-beta/pkg-descr14
-rw-r--r--security/openvpn-beta/pkg-plist79
8 files changed, 388 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index d18f6f8a1223..7e266d3297d6 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -349,6 +349,7 @@
SUBDIR += openvpn
SUBDIR += openvpn-admin
SUBDIR += openvpn-auth-ldap
+ SUBDIR += openvpn-beta
SUBDIR += openvpn-devel
SUBDIR += openvpn20
SUBDIR += ophcrack
diff --git a/security/openvpn-beta/Makefile b/security/openvpn-beta/Makefile
new file mode 100644
index 000000000000..6238ebee5ae7
--- /dev/null
+++ b/security/openvpn-beta/Makefile
@@ -0,0 +1,114 @@
+# New ports collection makefile for: openvpn
+# Date created: 2010-08-13
+# Whom: Eric F Crist <ecrist@secure-computing.net>
+#
+# $FreeBSD$
+
+PORTNAME= openvpn
+DISTVERSION= 2.2-beta1
+CATEGORIES= security net
+MASTER_SITES= http://build.openvpn.net/downloads/releases/
+PKGNAMESUFFIX= -beta
+
+MAINTAINER= ecrist@secure-computing.net
+COMMENT= Secure IP/Ethernet tunnel daemon
+
+CONFLICTS= openvpn-*
+
+GNU_CONFIGURE= yes
+USE_OPENSSL= yes
+CONFIGURE_ARGS= --with-lzo-lib=${LOCALBASE}/lib \
+ --with-lzo-headers=${LOCALBASE}/include \
+ --disable-depr-random-resolv
+INSTALL_TARGET= install mandir=${MANPREFIX}/man
+
+MAN8= openvpn.8
+
+OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off \
+ PKCS11 "Use security/pkcs11-helper" off
+
+USE_RC_SUBR= openvpn.sh
+USE_LDCONFIG= ${PREFIX}/lib
+
+SUB_FILES= pkg-message pkg-req
+SUB_LIST+= OSVERSION=${OSVERSION}
+
+.include <bsd.port.pre.mk>
+
+.ifdef (LOG_OPENVPN)
+CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
+.endif
+
+pre-fetch:
+.ifdef (LOG_OPENVPN)
+ @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
+.else
+ @${ECHO} ""
+ @${ECHO} "You may use the following build options:"
+ @${ECHO} ""
+ @${ECHO} " LOG_OPENVPN={Valid syslog facility}"
+ @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_DAEMON"
+ @${ECHO} ""
+.endif
+
+# NOTE: there is no way to explicitly specify the LZO version to OpenVPN,
+# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
+# So depend on LZO1 only if it's already there and LZO2 isn't.
+# PACKAGE_BUILDING will also force LZO2.
+.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING)
+LIB_DEPENDS+= lzo2.2:${PORTSDIR}/archivers/lzo2
+.else
+LIB_DEPENDS+= lzo.1:${PORTSDIR}/archivers/lzo
+.endif
+
+.if defined(WITH_PW_SAVE)
+CONFIGURE_ARGS+= --enable-password-save
+.endif
+
+.if defined(WITH_PKCS11)
+LIB_DEPENDS+= pkcs11-helper.1:${PORTSDIR}/security/pkcs11-helper
+.else
+CONFIGURE_ARGS+= --disable-pkcs11
+.endif
+
+post-patch:
+ @${FIND} ${WRKSRC} -name \*.orig -delete
+ @${FIND} ${WRKSRC} -name \*.bak -delete
+
+post-build:
+ cd ${WRKSRC}/plugin/down-root && ${MAKE}
+ cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam
+ @# self-tests here
+.if !defined(WITHOUT_CHECK)
+ cd ${WRKSRC} && ${MAKE} check
+.endif
+
+pre-install:
+ PKG_PREFIX=${PREFIX} ${SH} ${PKGREQ} ${PKGNAME} INSTALL
+
+post-install:
+ ${MKDIR} ${PREFIX}/lib
+ ${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/
+ ${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/
+.if !defined(NOPORTDOCS)
+ ${MKDIR} ${DOCSDIR}
+ ${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root
+ ${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam
+.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \
+ PORTS README
+ ${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/
+.endfor
+.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files
+ ${MKDIR} ${DOCSDIR}/${dir}
+ ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \;
+.endfor
+.for dir in sample-scripts
+ ${MKDIR} ${DOCSDIR}/${dir}
+ ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \;
+.endfor
+.else
+ -@${RMDIR} ${DOCSDIR}
+.endif
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/openvpn-beta/distinfo b/security/openvpn-beta/distinfo
new file mode 100644
index 000000000000..5756df612f2b
--- /dev/null
+++ b/security/openvpn-beta/distinfo
@@ -0,0 +1,3 @@
+MD5 (openvpn-2.2-beta1.tar.gz) = 69fdfdc3ee6e21d2887bde4030c8b150
+SHA256 (openvpn-2.2-beta1.tar.gz) = e114f05b3f5bb66e17cdad77e77481f9aab9e4c70a62c631a67c5cfc33f4e340
+SIZE (openvpn-2.2-beta1.tar.gz) = 862178
diff --git a/security/openvpn-beta/files/openvpn.sh.in b/security/openvpn-beta/files/openvpn.sh.in
new file mode 100644
index 000000000000..8fa3bace8823
--- /dev/null
+++ b/security/openvpn-beta/files/openvpn.sh.in
@@ -0,0 +1,137 @@
+#!/bin/sh
+#
+# openvpn.sh - load tun/tap driver and start OpenVPN daemon
+#
+# (C) Copyright 2005 - 2008 by Matthias Andree
+# based on suggestions by Matthias Grimm and Dirk Gouders
+# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
+# and Vasil Dimov
+#
+# $FreeBSD$
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
+# Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# PROVIDE: openvpn
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# -----------------------------------------------------------------------------
+#
+# This script supports running multiple instances of openvpn.
+# To run additional instance link this script to something like
+# % ln -s openvpn openvpn_foo
+# and define additional openvpn_foo_* variables in one of
+# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
+#
+# Below NAME should be substituted with the name of this script. By default
+# it is openvpn, so read as openvpn_enable. If you linked the script to
+# openvpn_foo, then read as openvpn_foo_enable etc.
+#
+# The following variables are supported (defaults are shown).
+# You can place them in any of
+# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
+#
+# NAME_enable="NO" # set to YES to enable openvpn
+# NAME_if="" # driver(s) to load, set to "tun", "tap" or "tun tap"
+#
+# # optional:
+# NAME_flags="" # additional command line arguments
+# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file
+# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory
+#
+# You also need to set NAME_configfile and NAME_dir, if the configuration
+# file and directory where keys and certificates reside differ from the above
+# settings.
+#
+# Note that we deliberately refrain from unloading drivers.
+#
+# For further documentation, please see openvpn(8).
+#
+
+. /etc/rc.subr
+
+case "$0" in
+/etc/rc*)
+ # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
+ # so get the name of the script from $_file
+ name=$(basename "$_file" .sh)
+ ;;
+*)
+ name=$(basename "$0" .sh)
+ ;;
+esac
+
+rcvar=$(set_rcvar)
+
+openvpn_precmd()
+{
+ for i in $interfaces ; do
+ # FreeBSD <= 5.4 does not know kldstat's -m option
+ # FreeBSD >= 6.0 does not add debug.* sysctl information
+ # in the default build - we check both to keep things simple
+ if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \
+ && ! kldstat -m if_${i} >/dev/null 2>&1 ; then
+ if ! kldload if_${i} ; then
+ warn "Could not load $i module."
+ return 1
+ fi
+ fi
+ done
+ return 0
+}
+
+stop_postcmd()
+{
+ rm -f "$pidfile" || warn "Could not remove $pidfile."
+}
+
+softrestart()
+{
+ sig_reload=USR1 run_rc_command reload
+ exit $?
+}
+
+# reload: support SIGHUP to reparse configuration file
+# softrestart: support SIGUSR1 to reconnect without privileges
+extra_commands="reload softrestart"
+softrestart_cmd="softrestart"
+
+# pidfile
+pidfile="/var/run/${name}.pid"
+
+# command and arguments
+command="%%PREFIX%%/sbin/openvpn"
+
+# run this first
+start_precmd="openvpn_precmd"
+# and this last
+stop_postcmd="stop_postcmd"
+
+load_rc_config ${name}
+
+eval ": \${${name}_enable:=\"NO\"}"
+eval ": \${${name}_flags:=\"\"}"
+eval ": \${${name}_if:=\"\"}"
+eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
+eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"
+
+configfile="$(eval echo \${${name}_configfile})"
+dir="$(eval echo \${${name}_dir})"
+interfaces="$(eval echo \${${name}_if})"
+
+required_files=${configfile}
+command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}"
+
+run_rc_command "$1"
diff --git a/security/openvpn-beta/files/pkg-message.in b/security/openvpn-beta/files/pkg-message.in
new file mode 100644
index 000000000000..44f3fa616845
--- /dev/null
+++ b/security/openvpn-beta/files/pkg-message.in
@@ -0,0 +1,10 @@
+### ------------------------------------------------------------------------
+### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
+### startup. See %%PREFIX%%/etc/rc.d/openvpn for details.
+### ------------------------------------------------------------------------
+### For compatibility notes when interoperating with older OpenVPN
+### versions, please, see <http://openvpn.net/relnotes.html>
+### ------------------------------------------------------------------------
+### NOTE THIS IS AN UNSTABLE BETA VERSION UNDER DEVELOPMENT!
+### It may or may not be suitable for production. Use at your own risk.
+### ------------------------------------------------------------------------
diff --git a/security/openvpn-beta/files/pkg-req.in b/security/openvpn-beta/files/pkg-req.in
new file mode 100644
index 000000000000..7ecaaa576ff1
--- /dev/null
+++ b/security/openvpn-beta/files/pkg-req.in
@@ -0,0 +1,30 @@
+set -e
+
+rcvers() {
+ # determine if we have "old" or "new" (rcorder integration) scheme
+ # for %%PREFIX%%/etc/rc.d/* files
+ if test $1 -ge 700007 || test $1 -lt 700000 -a $1 -ge 600101 ; then
+ echo 2
+ else
+ echo 1
+ fi
+}
+
+if [ "$2" = INSTALL ] ; then
+ # check if the base system is new enough for us,
+ # which should only matter for package installs.
+ buildrc=$(rcvers %%OSVERSION%%)
+ execrc=$(rcvers $(sysctl -n kern.osreldate) )
+ if test $buildrc -gt $execrc ; then
+ cat <<EOF
+
+Error: this package, $1, was compiled for a newer FreeBSD
+====== version that uses different boot scripts.
+ Therefore, the rc.d script WILL NOT WORK.
+ Please update your ports tree and install security/openvpn-devel
+ from there.
+
+EOF
+ exit 1
+ fi
+fi
diff --git a/security/openvpn-beta/pkg-descr b/security/openvpn-beta/pkg-descr
new file mode 100644
index 000000000000..ed9fa4ae2146
--- /dev/null
+++ b/security/openvpn-beta/pkg-descr
@@ -0,0 +1,14 @@
+This is a BETA build for OpenVPN. This means that this port may not function
+properly in a production environment, but we've made strong efforts toward
+making this as releasble as possible. Please use this port to aid OpenVPN
+to test and make this next release as stable as possible.
+
+OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
+Network) daemon which can be used to securely link two or more private networks
+using an encrypted tunnel over the internet. It can operate over UDP or TCP,
+can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
+server can handle many clients.
+
+DO NOT USE IN PRODUCTION WITHOUT CAUTION
+
+WWW: http://openvpn.net/
diff --git a/security/openvpn-beta/pkg-plist b/security/openvpn-beta/pkg-plist
new file mode 100644
index 000000000000..dbec65c3f248
--- /dev/null
+++ b/security/openvpn-beta/pkg-plist
@@ -0,0 +1,79 @@
+sbin/openvpn
+lib/openvpn-auth-pam.so
+lib/openvpn-down-root.so
+%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
+%%PORTDOCS%%%%DOCSDIR%%/COPYING
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
+%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%PORTDOCS%%%%DOCSDIR%%/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/PORTS
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-auth-pam
+%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-down-root
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/README
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-ca
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-dh
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-server
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/make-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-crt
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-full
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/sign-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/Makefile
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.6.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/whichopensslcnf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/home.up
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-client
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-server
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/office.up
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-shutdown.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-startup.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/server.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-home.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-office.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-home.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-office.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-client-config
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-server-config
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/ucn.pl
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/1.0
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
+%%PORTDOCS%%@dirrm %%DOCSDIR%%