blob: afcdff2391420b8e30775d009c9eb88c60729099 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# Created by: Matthias Andree <mandree@FreeBSD.org>
# $FreeBSD$
PORTNAME= openvpn
DISTVERSION= 202035
CATEGORIES= security net net-vpn
MASTER_SITES= https://secure-computing.net/files/openvpn/
PKGNAMESUFFIX= -devel
MAINTAINER= ecrist@secure-computing.net
# let's use ?= in spite of portlint WARNings because this might become
# security/openvpn one day which would then have a slave port:
COMMENT?= Secure IP/Ethernet tunnel daemon
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL
IGNORE_SSL= libressl libressl-devel
USES= cpe libtool pkgconfig shebangfix tar:xz
CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
GNU_CONFIGURE= yes
WRKSRC= ${WRKDIR}/${PORTNAME}${PKGNAMESUFFIX}
SHEBANG_FILES= sample/sample-scripts/verify-cn \
sample/sample-scripts/auth-pam.pl \
sample/sample-scripts/ucn.pl
CONFIGURE_ARGS+= --enable-strict
# set PLUGIN_LIBDIR so that unqualified plugin paths are found:
CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
# let OpenVPN's configure script pick up the requisite libraries,
# but do not break the plugin build if an older version is installed
CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
OPTIONS_DEFINE= PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \
TEST LZ4 SMALL TUNNELBLICK
OPTIONS_DEFAULT= EASYRSA OPENSSL TEST LZ4
OPTIONS_SINGLE= SSL
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
PKCS11_DESC= Use security/pkcs11-helper
EASYRSA_DESC= Install security/easy-rsa RSA helper package
MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
SMALL_DESC= Build a smaller executable with fewer features
EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa
PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper
PKCS11_CONFIGURE_ENABLE= pkcs11
PKCS11_PREVENTS= MBEDTLS
PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. Disable PKCS11, or use OpenSSL instead
TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch
X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username
X509ALTUSERNAME_PREVENTS= MBEDTLS
X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead
OPENSSL_USES= ssl
OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl
LZ4_CONFIGURE_OFF= --disable-lz4
SMALL_CONFIGURE_ON= --enable-small
MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls
MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls
USE_RC_SUBR= openvpn
SUB_FILES= pkg-message openvpn-client
.ifdef (LOG_OPENVPN)
CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
.endif
BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \
rst2man:textproc/py-docutils
LIB_DEPENDS+= liblzo2.so:archivers/lzo2
LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4
PORTDOCS= *
PORTEXAMPLES= *
TEST_ALL_TARGET= check
TEST_TEST_TARGET_OFF= check
pre-configure:
.ifdef (LOG_OPENVPN)
@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
.else
@${ECHO} ""
@${ECHO} "You may use the following build options:"
@${ECHO} ""
@${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}"
@${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6"
@${ECHO} ""
.endif
post-configure:
${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \
${WRKSRC}/src/plugins/auth-pam/Makefile \
${WRKSRC}/src/plugins/down-root/Makefile
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MMBEDTLS}
_tlslibs=libmbedtls libmbedx509 libmbedcrypto
.else
# OpenSSL
_tlslibs=libssl libcrypto
.endif
# sanity check that we don't inherit incompatible SSL libs through,
# for instance, pkcs11-helper:
post-build:
@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
@${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
${MKDIR} ${STAGEDIR}${PREFIX}/include
post-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}/
.for i in AUTHORS ChangeLog PORTS
${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/
.endfor
post-install-EXAMPLES-on:
(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
.include <bsd.port.mk>
|
