aboutsummaryrefslogtreecommitdiffstats
path: root/security/stunnel/Makefile
blob: e452b5b878514490d35a7b6621f91e5f04893a17 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# New ports collection makefile for:    stunnel
# Date created:     Mon Jan 11 11:53:54 EET 1999
# Whom:         Martti Kuparinen <martti.kuparinen@ericsson.com>
#
# $FreeBSD$
#

PORTNAME=   stunnel
PORTVERSION=    4.11
CATEGORIES= security
MASTER_SITES=   http://www.stunnel.org/download/stunnel/src/ \
        ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
        ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/

MAINTAINER= roam@FreeBSD.org
COMMENT=    SSL encryption wrapper for standard network daemons

USE_OPENSSL=    YES
USE_REINPLACE=  YES
USE_LIBTOOL_VER=    15
USE_RC_SUBR=    YES

GNU_CONFIGURE=  yes
CONFIGURE_TARGET=   --target=${MACHINE_ARCH}-portbld-freebsd${OSREL}
CONFIGURE_ARGS= --localstatedir=/var/tmp --with-pem-dir=${PEM_DIR} \
        --enable-static

.if !defined(NOPORTDOCS)
MAN8=       stunnel.8 stunnel.fr.8 stunnel.pl.8
.endif

PEM_DIR?=   ${PREFIX}/etc

OPTIONS=    FORK    "use the fork(3) threading model"   off \
        PTHREAD "use the pthread(3) threading model (default)"  on \
        UCONTEXT    "use the ucontext(3) threading model"   off \
        IPV6    "enable IPv6 support" off

.include <bsd.port.pre.mk>

.if defined(WITH_IPV6)
CONFIGURE_ARGS+=    --enable-ipv6
.endif

.if defined(WITH_UCONTEXT) && defined(WITH_FORK) || defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) || defined(WITH_FORK) && defined(WITH_PTHREAD)
BROKEN= 'The WITH_UCONTEXT, WITH_FORK and WITH_PTHREAD options are mutually exclusive - please specify at most one of them, the default is WITH_PTHREAD'
.endif

.if defined(WITH_UCONTEXT)
.if ${OSVERSION} < 500112
BROKEN= 'The ucontext model is only supported on FreeBSD 5.x and 6.x'
.endif
CONFIGURE_ARGS+=--with-threads=ucontext
CONFIGURE_ENV=  CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
.elif defined(WITH_FORK)
CONFIGURE_ARGS+=--with-threads=fork
.else
CONFIGURE_ARGS+=--with-threads=pthread
CONFIGURE_ENV=  CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
.endif

post-patch:
# place files under /var/tmp so that this can be run by an unprivileged user
# user stunnel and group stunnel
    @${REINPLACE_CMD} -E -e 's|\@prefix\@/var/run/stunnel/|/var/tmp/stunnel|; \
        s|nobody|stunnel|;s|nogroup|stunnel|' \
        ${WRKSRC}/tools/stunnel.conf-sample.in
    @${REINPLACE_CMD} -E -e 's|localstatedir/run/stunnel.pid|localstatedir/stunnel.pid|' \
        ${WRKSRC}/configure.ac ${WRKSRC}/configure
    @${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,'
.ifdef(NOPORTDOCS)
    @${REINPLACE_CMD} -E -e 's/ install-docDATA/ /; s/^(SUBDIRS.+)doc/\1/' \
        ${WRKSRC}/Makefile.in
.endif

post-install:
    ${SED} "s+!!PREFIX!!+${PREFIX}+g; s+!!RC_SUBR!!+${RC_SUBR}+g" \
        < ${FILESDIR}/stunnel.sh > ${WRKDIR}/stunnel.sh
    ${INSTALL_SCRIPT} ${WRKDIR}/stunnel.sh ${PREFIX}/etc/rc.d/
    @${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
        ${PKGINSTALL} ${PKGNAME} POST-INSTALL
    @${ECHO} ""
    @${ECHO} "**************************************************************************"
    @${ECHO} "To create and install a new certificate, type \"make cert\""
    @${ECHO} ""
    @${ECHO} "And don't forget to check out the FAQ at http://www.stunnel.org/"
    @${ECHO} "**************************************************************************"
    @${ECHO} ""
    @${ECHO} "*********************** WARNING! WARNING! WARNING! ***********************"
    @${ECHO} "The stunnel startup script has been converted to rc_subr"
    @${ECHO} "format now.  You have to set at least the stunnel_enable"
    @${ECHO} "variable, and maybe also stunnel_config and stunnel_pidfile,"
    @${ECHO} "if you want stunnel to be started automatically at boot time!"
    @${ECHO} "**************************************************************************"
    @${ECHO} ""

cert:
    @${ECHO} ""
    @${ECHO} "**************************************************************************"
    @${ECHO} "The new certificate will be saved into ${PREFIX}/etc/stunnel.pem"
    @${ECHO} "**************************************************************************"
    @${ECHO} ""
    @(cd ${WRKSRC}/tools/; make stunnel.pem)
    ${INSTALL} -m 600 ${WRKSRC}/tools/stunnel.pem ${PEM_DIR}/

.if ${OSVERSION} > 500000
.if !defined(WITH_STUNNEL_SSL_ENGINE)
EXTRA_PATCHES=  ${FILESDIR}/ssl-noengine.patch
pre-patch:
    @${ECHO} "*************************************************************************"
    @${ECHO} "Note: you have to explicitly define WITH_STUNNEL_SSL_ENGINE to activate"
    @${ECHO} "the OpenSSL ENGINE code on FreeBSD 5.x or 6.x."
    @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
    @${ECHO} "code, so you are advised not to enable it."
    @${ECHO} "*************************************************************************"
.else
pre-patch:
    @${ECHO} "*************************************************************************"
    @${ECHO} "Note: you have defined WITH_STUNNEL_SSL_ENGINE.  Now stunnel will activate"
    @${ECHO} "the OpenSSL ENGINE code even on FreeBSD 5.x."
    @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
    @${ECHO} "code.  You have enabled it at your own risk."
    @${ECHO} "*************************************************************************"
.endif
.endif

.include <bsd.port.post.mk>