git: 2e5a5b07e2bb - main - security/openiked-portable: New port for OpenBSD portable version of OpenIKED

Olivier Cochard olivier at FreeBSD.org
Thu May 27 10:45:12 UTC 2021 

The branch main has been updated by olivier:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2e5a5b07e2bb28a3f0321c1550da6025317bd2bd

commit 2e5a5b07e2bb28a3f0321c1550da6025317bd2bd
Author:     Olivier Cochard <olivier at FreeBSD.org>
AuthorDate: 2021-05-27 10:40:26 +0000
Commit:     Olivier Cochard <olivier at FreeBSD.org>
CommitDate: 2021-05-27 10:44:57 +0000

    security/openiked-portable: New port for OpenBSD portable version of OpenIKED
    
    PR:             256009
    Reported by:    David Marec <david at lapinbilly.eu>
---
 security/Makefile                        |  1 +
 security/openiked-portable/Makefile      | 31 ++++++++++++++
 security/openiked-portable/distinfo      |  3 ++
 security/openiked-portable/files/iked.in | 69 ++++++++++++++++++++++++++++++++
 security/openiked-portable/pkg-descr     | 10 +++++
 security/openiked-portable/pkg-plist     | 14 +++++++
 security/openiked/Makefile               |  2 +
 7 files changed, 130 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index ce92287f6e4d..1c9313c89a51 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -405,6 +405,7 @@
     SUBDIR += openct
     SUBDIR += openfortivpn
     SUBDIR += openiked
+    SUBDIR += openiked-portable
     SUBDIR += opensaml
     SUBDIR += opensc
     SUBDIR += openscep
diff --git a/security/openiked-portable/Makefile b/security/openiked-portable/Makefile
new file mode 100644
index 000000000000..4d37a5ebfead
--- /dev/null
+++ b/security/openiked-portable/Makefile
@@ -0,0 +1,31 @@
+PORTNAME=	openiked
+PORTVERSION=	6.9.0
+CATEGORIES=	security net
+MASTER_SITES=	OPENBSD/OpenIKED
+PKGNAMESUFFIX=	-portable
+
+MAINTAINER=	david at lapinbilly.eu
+COMMENT=	IKEv2 daemon
+
+LICENSE=	ISCL
+
+LIB_DEPENDS=	libevent.so:devel/libevent
+
+CONFLICTS_INSTALL=	openiked-[0-9]*
+USES=			cmake ssl
+
+USE_RC_SUBR=	iked
+USERS=		_iked
+GROUPS=		_iked
+
+.include <bsd.port.pre.mk>
+
+.if ${OSREL:R} < 12 && ${SSL_DEFAULT} == "base"
+BROKEN=	requires OpenSSL 1.1.1, upgrade to FreeBSD 12.x/13.x or add DEFAULT_VERSIONS+=ssl=[openssl|libressl*] to /etc/make.conf
+.endif
+
+post-install:
+	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
+	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
+
+.include <bsd.port.post.mk>
diff --git a/security/openiked-portable/distinfo b/security/openiked-portable/distinfo
new file mode 100644
index 000000000000..3cbaa5e62443
--- /dev/null
+++ b/security/openiked-portable/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1621459617
+SHA256 (openiked-6.9.0.tar.gz) = f8a9a376c27a53b9d22a948a8245aa296f0c24fe5a40933d77b752b5e98ffa5d
+SIZE (openiked-6.9.0.tar.gz) = 289696
diff --git a/security/openiked-portable/files/iked.in b/security/openiked-portable/files/iked.in
new file mode 100644
index 000000000000..850c44287707
--- /dev/null
+++ b/security/openiked-portable/files/iked.in
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
+#
+# PROVIDE: iked
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iked_enable (bool):	Set to NO by default.
+#			Set it to YES to enable iked.
+# iked_ramdisk (bool):	Set to NO by default. See below.
+#
+# When iked_ramdisk is set to YES, the rc.d script will make sure
+# all directories exist, but will not generate a key pair if none
+# exists.  The daemon is not started when the key pair no config
+# files are missing.  It is assumed the ramdisk is not populated
+# completely.  When iked_ramdisk is NO, key pairs are created as
+# needed and thr daemon is started unconditionally.
+
+. /etc/rc.subr
+
+name=iked
+desc="IKEv2 daemon"
+rcvar=iked_enable
+
+load_rc_config $name
+
+: ${iked_enable:=NO}
+: ${iked_ramdisk=NO}
+
+command=%%PREFIX%%/sbin/iked
+start_precmd=iked_precmd
+
+iked_config=%%PREFIX%%/etc/iked.conf
+iked_rootdir=%%PREFIX%%/etc/iked
+iked_privkey=${iked_rootdir}/private/local.key
+iked_pubkey=${iked_rootdir}/local.pub
+
+iked_precmd()
+{
+
+	if checkyesno iked_ramdisk; then
+		# Make sure we have our directory hierarchy.
+		for D in ca certs crls export private pubkeys \
+		    pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
+			mkdir -p %%PREFIX%%/etc/iked/$D
+		done
+		chmod 700 %%PREFIX%%/etc/iked/private
+	else
+		# Create a key pair if not already present.
+		if test ! -f $iked_privkey; then
+			/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
+			/bin/chmod 600 "$iked_privkey"
+			/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
+		fi
+	fi
+
+	# We must have a private key and a configuration file.
+	# Don't start iked when those are missing.
+	if test ! \( -f $iked_privkey -a -f $iked_config \); then
+		# Be quiet about it; it must be intentional.
+		exit 1
+	fi
+}
+
+run_rc_command "$1"
diff --git a/security/openiked-portable/pkg-descr b/security/openiked-portable/pkg-descr
new file mode 100644
index 000000000000..8ebd0d5fe978
--- /dev/null
+++ b/security/openiked-portable/pkg-descr
@@ -0,0 +1,10 @@
+OpenIKED is a free, permissively licensed Internet Key Exchange
+(IKEv2) implementation, developed as part of the OpenBSD project.
+It is intended to be a lean, secure and interoperable daemon that
+allows for easy setup and management of IPsec VPNs.
+
+The portable versions take the OpenBSD based source code and add
+compatibility functions and build infrastructure for other operating
+systems.
+
+WWW: https://github.com/openiked/openiked-portable
diff --git a/security/openiked-portable/pkg-plist b/security/openiked-portable/pkg-plist
new file mode 100644
index 000000000000..0fd28cb6125e
--- /dev/null
+++ b/security/openiked-portable/pkg-plist
@@ -0,0 +1,14 @@
+ at sample(,,600) etc/iked.conf.sample
+sbin/ikectl
+sbin/iked
+man/man5/iked.conf.5.gz
+man/man8/ikectl.8.gz
+man/man8/iked.8.gz
+ at dir etc/iked/ca
+ at dir etc/iked/certs
+ at dir etc/iked/crls
+ at dir(,,700) etc/iked/private
+ at dir etc/iked/pubkeys/fqdn
+ at dir etc/iked/pubkeys/ipv4
+ at dir etc/iked/pubkeys/ipv6
+ at dir etc/iked/pubkeys/ufqdn
diff --git a/security/openiked/Makefile b/security/openiked/Makefile
index 43b7b90fa1d6..99c58821f745 100644
--- a/security/openiked/Makefile
+++ b/security/openiked/Makefile
@@ -11,6 +11,8 @@ LIB_DEPENDS=	libevent.so:devel/libevent
 
 USES=		autoreconf libtool ssl
 
+CONFLICTS_INSTALL=		openiked-portable[0-9]*
+
 USE_GITHUB=	yes
 GH_ACCOUNT=	xcllnt

More information about the dev-commits-ports-all mailing list