From 7071c463c6b5ca58c90d0f21c73e7710c3544286 Mon Sep 17 00:00:00 2001 From: jpaetzel Date: Sat, 14 Aug 2010 15:48:51 +0000 Subject: Add openvpn-beta , secure IP/Ethernet tunnel daemon. PR: ports/149620 Submitted by: Eric F Crist --- security/Makefile | 1 + security/openvpn-beta/Makefile | 114 ++++++++++++++++++++++++ security/openvpn-beta/distinfo | 3 + security/openvpn-beta/files/openvpn.sh.in | 137 +++++++++++++++++++++++++++++ security/openvpn-beta/files/pkg-message.in | 10 +++ security/openvpn-beta/files/pkg-req.in | 30 +++++++ security/openvpn-beta/pkg-descr | 14 +++ security/openvpn-beta/pkg-plist | 79 +++++++++++++++++ 8 files changed, 388 insertions(+) create mode 100644 security/openvpn-beta/Makefile create mode 100644 security/openvpn-beta/distinfo create mode 100644 security/openvpn-beta/files/openvpn.sh.in create mode 100644 security/openvpn-beta/files/pkg-message.in create mode 100644 security/openvpn-beta/files/pkg-req.in create mode 100644 security/openvpn-beta/pkg-descr create mode 100644 security/openvpn-beta/pkg-plist (limited to 'security') diff --git a/security/Makefile b/security/Makefile index d18f6f8a1223..7e266d3297d6 100644 --- a/security/Makefile +++ b/security/Makefile @@ -349,6 +349,7 @@ SUBDIR += openvpn SUBDIR += openvpn-admin SUBDIR += openvpn-auth-ldap + SUBDIR += openvpn-beta SUBDIR += openvpn-devel SUBDIR += openvpn20 SUBDIR += ophcrack diff --git a/security/openvpn-beta/Makefile b/security/openvpn-beta/Makefile new file mode 100644 index 000000000000..6238ebee5ae7 --- /dev/null +++ b/security/openvpn-beta/Makefile @@ -0,0 +1,114 @@ +# New ports collection makefile for: openvpn +# Date created: 2010-08-13 +# Whom: Eric F Crist +# +# $FreeBSD$ + +PORTNAME= openvpn +DISTVERSION= 2.2-beta1 +CATEGORIES= security net +MASTER_SITES= http://build.openvpn.net/downloads/releases/ +PKGNAMESUFFIX= -beta + +MAINTAINER= ecrist@secure-computing.net +COMMENT= Secure IP/Ethernet tunnel daemon + +CONFLICTS= openvpn-* + +GNU_CONFIGURE= yes +USE_OPENSSL= yes +CONFIGURE_ARGS= --with-lzo-lib=${LOCALBASE}/lib \ + --with-lzo-headers=${LOCALBASE}/include \ + --disable-depr-random-resolv +INSTALL_TARGET= install mandir=${MANPREFIX}/man + +MAN8= openvpn.8 + +OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off \ + PKCS11 "Use security/pkcs11-helper" off + +USE_RC_SUBR= openvpn.sh +USE_LDCONFIG= ${PREFIX}/lib + +SUB_FILES= pkg-message pkg-req +SUB_LIST+= OSVERSION=${OSVERSION} + +.include + +.ifdef (LOG_OPENVPN) +CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} +.endif + +pre-fetch: +.ifdef (LOG_OPENVPN) + @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" +.else + @${ECHO} "" + @${ECHO} "You may use the following build options:" + @${ECHO} "" + @${ECHO} " LOG_OPENVPN={Valid syslog facility}" + @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_DAEMON" + @${ECHO} "" +.endif + +# NOTE: there is no way to explicitly specify the LZO version to OpenVPN, +# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2. +# So depend on LZO1 only if it's already there and LZO2 isn't. +# PACKAGE_BUILDING will also force LZO2. +.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING) +LIB_DEPENDS+= lzo2.2:${PORTSDIR}/archivers/lzo2 +.else +LIB_DEPENDS+= lzo.1:${PORTSDIR}/archivers/lzo +.endif + +.if defined(WITH_PW_SAVE) +CONFIGURE_ARGS+= --enable-password-save +.endif + +.if defined(WITH_PKCS11) +LIB_DEPENDS+= pkcs11-helper.1:${PORTSDIR}/security/pkcs11-helper +.else +CONFIGURE_ARGS+= --disable-pkcs11 +.endif + +post-patch: + @${FIND} ${WRKSRC} -name \*.orig -delete + @${FIND} ${WRKSRC} -name \*.bak -delete + +post-build: + cd ${WRKSRC}/plugin/down-root && ${MAKE} + cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam + @# self-tests here +.if !defined(WITHOUT_CHECK) + cd ${WRKSRC} && ${MAKE} check +.endif + +pre-install: + PKG_PREFIX=${PREFIX} ${SH} ${PKGREQ} ${PKGNAME} INSTALL + +post-install: + ${MKDIR} ${PREFIX}/lib + ${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/ + ${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/ +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root + ${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam +.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \ + PORTS README + ${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/ +.endfor +.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files + ${MKDIR} ${DOCSDIR}/${dir} + ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \; +.endfor +.for dir in sample-scripts + ${MKDIR} ${DOCSDIR}/${dir} + ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \; +.endfor +.else + -@${RMDIR} ${DOCSDIR} +.endif + @${CAT} ${PKGMESSAGE} + +.include diff --git a/security/openvpn-beta/distinfo b/security/openvpn-beta/distinfo new file mode 100644 index 000000000000..5756df612f2b --- /dev/null +++ b/security/openvpn-beta/distinfo @@ -0,0 +1,3 @@ +MD5 (openvpn-2.2-beta1.tar.gz) = 69fdfdc3ee6e21d2887bde4030c8b150 +SHA256 (openvpn-2.2-beta1.tar.gz) = e114f05b3f5bb66e17cdad77e77481f9aab9e4c70a62c631a67c5cfc33f4e340 +SIZE (openvpn-2.2-beta1.tar.gz) = 862178 diff --git a/security/openvpn-beta/files/openvpn.sh.in b/security/openvpn-beta/files/openvpn.sh.in new file mode 100644 index 000000000000..8fa3bace8823 --- /dev/null +++ b/security/openvpn-beta/files/openvpn.sh.in @@ -0,0 +1,137 @@ +#!/bin/sh +# +# openvpn.sh - load tun/tap driver and start OpenVPN daemon +# +# (C) Copyright 2005 - 2008 by Matthias Andree +# based on suggestions by Matthias Grimm and Dirk Gouders +# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev +# and Vasil Dimov +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: openvpn +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# ----------------------------------------------------------------------------- +# +# This script supports running multiple instances of openvpn. +# To run additional instance link this script to something like +# % ln -s openvpn openvpn_foo +# and define additional openvpn_foo_* variables in one of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo +# +# Below NAME should be substituted with the name of this script. By default +# it is openvpn, so read as openvpn_enable. If you linked the script to +# openvpn_foo, then read as openvpn_foo_enable etc. +# +# The following variables are supported (defaults are shown). +# You can place them in any of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME +# +# NAME_enable="NO" # set to YES to enable openvpn +# NAME_if="" # driver(s) to load, set to "tun", "tap" or "tun tap" +# +# # optional: +# NAME_flags="" # additional command line arguments +# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file +# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory +# +# You also need to set NAME_configfile and NAME_dir, if the configuration +# file and directory where keys and certificates reside differ from the above +# settings. +# +# Note that we deliberately refrain from unloading drivers. +# +# For further documentation, please see openvpn(8). +# + +. /etc/rc.subr + +case "$0" in +/etc/rc*) + # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown), + # so get the name of the script from $_file + name=$(basename "$_file" .sh) + ;; +*) + name=$(basename "$0" .sh) + ;; +esac + +rcvar=$(set_rcvar) + +openvpn_precmd() +{ + for i in $interfaces ; do + # FreeBSD <= 5.4 does not know kldstat's -m option + # FreeBSD >= 6.0 does not add debug.* sysctl information + # in the default build - we check both to keep things simple + if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \ + && ! kldstat -m if_${i} >/dev/null 2>&1 ; then + if ! kldload if_${i} ; then + warn "Could not load $i module." + return 1 + fi + fi + done + return 0 +} + +stop_postcmd() +{ + rm -f "$pidfile" || warn "Could not remove $pidfile." +} + +softrestart() +{ + sig_reload=USR1 run_rc_command reload + exit $? +} + +# reload: support SIGHUP to reparse configuration file +# softrestart: support SIGUSR1 to reconnect without privileges +extra_commands="reload softrestart" +softrestart_cmd="softrestart" + +# pidfile +pidfile="/var/run/${name}.pid" + +# command and arguments +command="%%PREFIX%%/sbin/openvpn" + +# run this first +start_precmd="openvpn_precmd" +# and this last +stop_postcmd="stop_postcmd" + +load_rc_config ${name} + +eval ": \${${name}_enable:=\"NO\"}" +eval ": \${${name}_flags:=\"\"}" +eval ": \${${name}_if:=\"\"}" +eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}" +eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}" + +configfile="$(eval echo \${${name}_configfile})" +dir="$(eval echo \${${name}_dir})" +interfaces="$(eval echo \${${name}_if})" + +required_files=${configfile} +command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}" + +run_rc_command "$1" diff --git a/security/openvpn-beta/files/pkg-message.in b/security/openvpn-beta/files/pkg-message.in new file mode 100644 index 000000000000..44f3fa616845 --- /dev/null +++ b/security/openvpn-beta/files/pkg-message.in @@ -0,0 +1,10 @@ +### ------------------------------------------------------------------------ +### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system +### startup. See %%PREFIX%%/etc/rc.d/openvpn for details. +### ------------------------------------------------------------------------ +### For compatibility notes when interoperating with older OpenVPN +### versions, please, see +### ------------------------------------------------------------------------ +### NOTE THIS IS AN UNSTABLE BETA VERSION UNDER DEVELOPMENT! +### It may or may not be suitable for production. Use at your own risk. +### ------------------------------------------------------------------------ diff --git a/security/openvpn-beta/files/pkg-req.in b/security/openvpn-beta/files/pkg-req.in new file mode 100644 index 000000000000..7ecaaa576ff1 --- /dev/null +++ b/security/openvpn-beta/files/pkg-req.in @@ -0,0 +1,30 @@ +set -e + +rcvers() { + # determine if we have "old" or "new" (rcorder integration) scheme + # for %%PREFIX%%/etc/rc.d/* files + if test $1 -ge 700007 || test $1 -lt 700000 -a $1 -ge 600101 ; then + echo 2 + else + echo 1 + fi +} + +if [ "$2" = INSTALL ] ; then + # check if the base system is new enough for us, + # which should only matter for package installs. + buildrc=$(rcvers %%OSVERSION%%) + execrc=$(rcvers $(sysctl -n kern.osreldate) ) + if test $buildrc -gt $execrc ; then + cat <