Resurrect the old racoon2 port as racoon2-legacy. Christos' fork only

works with OpenSSL 1.1.1 and newer. This port should be retired when FreeBSD 11 is EOL. A subsequent commit will ensure this.
svn path=/head/; revision=487941
2018-12-21 03:34:56 +00:00 · 2018-12-21 03:34:56 +00:00 · e6f8483bbf · 2021-03-31 03:12:20 +00:00
commit e6f8483bbf
parent 5c2319b816
18 changed files with 356 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -366,6 +366,7 @@
    SUBDIR += libsparkcrypto
    SUBDIR += libssh
    SUBDIR += libssh2
+    SUBDIR += libssh2-devel
    SUBDIR += libtasn1
    SUBDIR += libtomcrypt
    SUBDIR += libu2f-host
@ -1080,6 +1081,7 @@
    SUBDIR += quantis
    SUBDIR += quantis-kmod
    SUBDIR += racoon2
+    SUBDIR += racoon2-legacy
    SUBDIR += radamsa
    SUBDIR += ranpwd
    SUBDIR += ratproxy
--- a/security/racoon2-legacy/Makefile
+++ b/security/racoon2-legacy/Makefile
@ -0,0 +1,96 @@
+# Created by: sumikawa
+# $FreeBSD$
+
+PORTNAME=	racoon2
+PORTVERSION=	20100526a
+PORTREVISION=	13
+CATEGORIES=	security net ipv6
+MASTER_SITES=	ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/
+
+MAINTAINER=	cy@FreeBSD.org
+COMMENT=	Racoon2 IPsec daemon
+
+USES=		perl5 tar:tgz ssl
+CONFIGURE_ARGS+=	--disable-kinkd
+PLIST_SUB+=	KINK="@comment "
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ENV=	YACC=/usr/bin/yacc perl_bindir=${LOCALBASE}/bin/perl5
+
+OPTIONS_DEFINE=	DOCS
+OPTIONS_RADIO=	KERBEROS
+OPTIONS_RADIO_KERBEROS=	KRB5 KRB5_114 \
+		HEIMDAL_PORTS HEIMDAL_BASE
+KRB5_DESC=	Build with Kerberos (security/krb5)
+KRB5_114_DESC=	Build with Kerberos (security/krb5-114)
+HEIM_AL_PORTS_DESC=	Build with Heimdal in ports (security/heimdal)
+HEIMDAL_BASE_DESC=	Build with Heimdal in base
+
+KRB5_USES=		gssapi:mit
+KRB5_CONFIGURE_ON=	--enable-kinkd
+KRB5_MAKE_ENV=	WITH_KINK=yes
+KRB5_PLIST_SUB=		KINK=""
+KRB5_LIB_DEPENDS=	libkrb5support.so:security/krb5
+KRB5_RUN_DEPENDS=	kinit:security/krb5
+KRB5_VARS=		KINK=yes
+
+KRB5_114_USES=		gssapi:mit
+KRB5_114_CONFIGURE_ON=	--enable-kinkd
+KRB5_114_MAKE_ENV=	WITH_KINK=yes
+KRB5_114_PLIST_SUB=	KINK=""
+KRB5_114_LIB_DEPENDS=	libkrb5support.so:security/krb5-114
+KRB5_114_RUN_DEPENDS=	kinit:security/krb5-114
+KRB5_114_VARS=		KINK=yes
+
+HEIMDAL_PORT_USES=	gssapi:heimdal
+HEIMDAL_PORTS_CONFIGURE_ON=	--enable-kinkd
+HEIMDAL_PORTS_MAKE_ENV=	WITH_KINK=yes
+HEIMDAL_PORT_PLIST_SUB=	KINK=""
+HEIMDAL_PORT_VARS=	KINK=yes
+
+HEIMDAL_BASE_USES=	gssapi:base
+HEIMDAL_BASE_CONFIGURE_ON=	--enable-kinkd
+HEIMDAL_BASE_MAKE_ENV=	WITH_KINK=yes
+HEIMDAL_BASE_PLIST_SUB=	KINK=""
+HEIMDAL_BASE_VARS=	KINK=yes
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MDOCS}
+PORTDOCS+=	INSTALL USAGE config-usage.ja.txt config-usage.txt
+PORTDOCS+=	iked-memo.ja.txt libracoon.ja.txt specification.ja.txt
+PORTDOCS+=	spmif.txt style.txt system-message.ja.txt
+.if defined(KINK)
+PORTDOCS+=	kinkd-data-struct.obj kinkd-impl.ja.txt
+PORTDOCS+=	kinkd-install.ja.txt kinkd-state-txn.obj
+.endif
+.endif
+
+post-patch:
+	@${FIND} ${WRKSRC} -name Makefile.in -exec ${REINPLACE_CMD} \
+		-e '/INSTALL/s|\$$([a-z0-9]*dir)|$$(DESTDIR)&|' \
+		-e '/INSTALL/s|\$$(prefix)|$$(DESTDIR)&|' {} +
+	@${REINPLACE_CMD} 's|/var/run/racoon2|$$(DESTDIR)&|' \
+		${WRKSRC}/samples/Makefile.in
+
+post-patch-DOCS-on:
+.for FILE in ${PORTDOCS}
+	@${REINPLACE_CMD} -e 's|/usr/local/racoon2|${PREFIX}|' ${WRKSRC}/doc/${FILE}
+.endfor
+
+post-install:
+	@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && echo ipsec` ]; then \
+	    ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
+	    ${ECHO_MSG} "         You must build the kernel if you want to run racoon on the host"; \
+	fi ;
+
+post-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT.jp ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+.for FILE in ${PORTDOCS}
+	${INSTALL_DATA} ${WRKSRC}/doc/${FILE} ${STAGEDIR}${DOCSDIR}
+.endfor
+
+.include <bsd.port.mk>
--- a/security/racoon2-legacy/distinfo
+++ b/security/racoon2-legacy/distinfo
@ -0,0 +1,2 @@
+SHA256 (racoon2-20100526a.tgz) = f23773e4d97cec823ec634085b5e60a7884a13467ff1bffc17daac14d02f9caa
+SIZE (racoon2-20100526a.tgz) = 1017077
--- a/security/racoon2-legacy/files/patch-configure
+++ b/security/racoon2-legacy/files/patch-configure
@ -0,0 +1,19 @@
+--- configure.orig	2008-07-06 02:41:34 UTC
+++ configure
+@@ -785,7 +785,7 @@ if test x"$enable_startup_scripts" = xyes; then
+ 	netbsd*1.[56]*|netbsd*[2-9].*)
+ 		startup_scripts=rc-d
+ 		;;
+-	freebsd[5-9].*)
+	freebsd[5-9].*|freebsd[1-4][0-9].*)
+ 		startup_scripts=rc-d
+ 		;;
+ 	*)
+@@ -1126,6 +1126,7 @@ rm -fr confdefs* $ac_clean_files
+ test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
+ 
+ if test "$no_recursion" != yes; then
+ac_given_INSTALL="$INSTALL"
+ 
+   # Remove --cache-file and --srcdir arguments so they do not pile up.
+   ac_sub_configure_args=
--- a/security/racoon2-legacy/files/patch-iked__ikev2_child.c
+++ b/security/racoon2-legacy/files/patch-iked__ikev2_child.c
@ -0,0 +1,11 @@
+--- iked/ikev2_child.c.orig	2008-09-10 01:30:58.000000000 -0700
+++ iked/ikev2_child.c	2014-10-22 23:33:18.140601874 -0700
+@@ -1171,7 +1171,7 @@
+ 	 * used to do update or add.
+ 	 */
+ 	param->flags = 0;
+-	if (child_sa->is_initiator)
+	if (child_sa->is_initiator && child_sa->preceding_satype == 0)
+ 		param->flags |= PFK_FLAG_NOPORTS;
+ 
+ 	param->wsize = ikev2_ipsec_window_size;
--- a/security/racoon2-legacy/files/patch-kinkd-Makefile.in
+++ b/security/racoon2-legacy/files/patch-kinkd-Makefile.in
@ -0,0 +1,10 @@
+--- kinkd/Makefile.in~	2006-01-11 11:38:55.000000000 +0900
+++ kinkd/Makefile.in	2009-11-22 10:39:25.000000000 +0900
+@@ -68,3 +68,7 @@
+ 
+ .PHONY: .depend
+ @IF_GMAKE@-include .depend
+
+# override default .c.o rule in case it doesn't include CPPFLAGS (FreeBSD)
+.c.o:
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) -o $@ $<
--- a/security/racoon2-legacy/files/patch-kinkd-configure
+++ b/security/racoon2-legacy/files/patch-kinkd-configure
@ -0,0 +1,11 @@
+--- kinkd/configure-	2009-11-22 10:28:45.000000000 +0900
+++ kinkd/configure	2009-11-22 10:28:56.000000000 +0900
+@@ -2055,7 +2055,7 @@
+ 
+ else
+   echo "$ac_t""no" 1>&6
+-LIBS="$LIBS -ldes"; cat >> confdefs.h <<\EOF
+LIBS="$LIBS -lhx509"; cat >> confdefs.h <<\EOF
+ #define HAVE_LIBDES 1
+ EOF
+ 
--- a/security/racoon2-legacy/files/patch-lib-cfparse.y
+++ b/security/racoon2-legacy/files/patch-lib-cfparse.y
@ -0,0 +1,11 @@
+--- lib/cfparse.y-	2013-12-21 11:29:53.328819029 +0900
+++ lib/cfparse.y	2013-12-21 11:30:25.058283579 +0900
+@@ -1712,7 +1712,7 @@
+ 	int n;
+ 	char *bp;
+ 	struct cf_list *new;
+-	rcf_t type;
+	rc_type type;
+ 
+ 	n = strtoll(str, &bp, 10);
+ 
--- a/security/racoon2-legacy/files/patch-lib-cftoken.l
+++ b/security/racoon2-legacy/files/patch-lib-cftoken.l
@ -0,0 +1,20 @@
+--- lib/cftoken.l-	2013-12-21 11:31:18.701191439 +0900
+++ lib/cftoken.l	2013-12-21 11:33:51.653300338 +0900
+@@ -53,7 +53,7 @@
+ extern int yyget_lineno (void);
+ extern FILE *yyget_in (void);
+ extern FILE *yyget_out (void);
+-extern int yyget_leng (void);
+extern yy_size_t yyget_leng (void);
+ extern char *yyget_text (void);
+ extern void yyset_lineno (int);
+ extern void yyset_in (FILE *);
+@@ -78,7 +78,7 @@
+ 	if (cf_debug) { \
+ 		fprintf(CF_ERRDEV, "%s:%d:%d[%s] len=%d\n", \
+ 		    rcf_istk[rcf_istkp].path, rcf_istk[rcf_istkp].lineno, \
+-		    yy_start, yytext, yyleng); \
+		    yy_start, yytext, (int)yyleng); \
+ 	}
+ #else
+ #define DP
--- a/security/racoon2-legacy/files/patch-pskgen-Makefile.in
+++ b/security/racoon2-legacy/files/patch-pskgen-Makefile.in
@ -0,0 +1,10 @@
+--- pskgen/Makefile.in.orig	2007-12-11 23:12:22.000000000 -0800
+++ pskgen/Makefile.in	2014-07-04 13:38:23.919692384 -0700
+@@ -21,7 +21,6 @@
+ 	$(INSTALL_SCRIPT) $(PROG) $(sbindir)
+ 	$(INSTALL_DATA) $(PROG).8 $(mandir)/man8
+ 	$(INSTALL) -d $(prefix)/etc/racoon2
+-	sh ./autogen.spmd.pwd
+ 
+ depend:
+ 
--- a/security/racoon2-legacy/files/patch-pskgen-pskgen.in
+++ b/security/racoon2-legacy/files/patch-pskgen-pskgen.in
@ -0,0 +1,13 @@
+--- pskgen/pskgen.in.orig	2005-09-15 23:52:20.000000000 -0700
+++ pskgen/pskgen.in	2016-07-18 12:59:05.207263000 -0700
+@@ -59,8 +59,8 @@
+ 	exit 0;
+ }
+ 
+-require 'getopts.pl';
+-do Getopts('rs:o:di:he:d');
+use Getopt::Std;
+getopts('rs:o:di:he:d') or &usage;
+ $output = '-';
+ $output = $opt_o if ($opt_o);
+ 
--- a/security/racoon2-legacy/files/patch-samples-Makefile.in
+++ b/security/racoon2-legacy/files/patch-samples-Makefile.in
@ -0,0 +1,19 @@
+--- samples/Makefile.in.orig	2007-12-27 10:08:52.000000000 +0900
+++ samples/Makefile.in	2008-04-17 19:06:11.000000000 +0900
+@@ -29,11 +29,11 @@
+ 	$(INSTALL) -d -m 700 $(sysconfdir)/cert
+ 
+ install-startup-rc-d:
+-	$(INSTALL) -d $(sysconfdir)/rc.d
+-	$(INSTALL_SCRIPT) rc.d-iked $(sysconfdir)/rc.d/iked
+-	$(INSTALL_SCRIPT) rc.d-kinkd $(sysconfdir)/rc.d/kinkd
+-	$(INSTALL_SCRIPT) rc.d-spmd $(sysconfdir)/rc.d/spmd
+-	$(INSTALL_SCRIPT) rc.d-racoon2 $(sysconfdir)/rc.d/racoon2
+	$(INSTALL_SCRIPT) rc.d-iked $(prefix)/etc/rc.d/iked
+.if defined (WITH_KINK)
+	$(INSTALL_SCRIPT) rc.d-kinkd $(prefix)/etc/rc.d/kinkd
+.endif
+	$(INSTALL_SCRIPT) rc.d-spmd $(prefix)/etc/rc.d/spmd
+ 
+ install-startup-init-d:
+ 	$(INSTALL) -d $(sysconfdir)/init.d
--- a/security/racoon2-legacy/files/patch-samples-rc.d-iked.in
+++ b/security/racoon2-legacy/files/patch-samples-rc.d-iked.in
@ -0,0 +1,21 @@
+--- samples/rc.d-iked.in.orig	2005-10-28 06:33:16 UTC
+++ samples/rc.d-iked.in
+@@ -10,14 +10,16 @@
+ 
+ . /etc/rc.subr
+ 
+: ${iked_enable="NO"}
+
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ 
+ name="iked"
+-rcvar=$name
+rcvar=iked_enable
+ command="@sbindir@/${name}"
+ extra_commands="reload"
+-required_vars="spmd"
+required_vars="spmd_enable"
+ pidfile="/var/run/${name}.pid"
+ required_files="@sysconfdir@/racoon2.conf"
+ reload_cmd="iked_reload"
--- a/security/racoon2-legacy/files/patch-samples-rc.d-kinkd.in
+++ b/security/racoon2-legacy/files/patch-samples-rc.d-kinkd.in
@ -0,0 +1,15 @@
+--- samples/rc.d-kinkd.in.orig	2005-10-28 15:33:16.000000000 +0900
+++ samples/rc.d-kinkd.in	2008-04-17 15:11:55.000000000 +0900
+@@ -14,10 +14,10 @@
+ exec_prefix=@exec_prefix@
+ 
+ name="kinkd"
+-rcvar=$name
+rcvar=kinkd_enable
+ command="@sbindir@/${name}"
+ extra_commands="reload"
+-required_vars="spmd"
+required_vars="spmd_enable"
+ pidfile="/var/run/${name}.pid"
+ required_files="@sysconfdir@/racoon2.conf"
+ 
--- a/security/racoon2-legacy/files/patch-samples-rc.d-spmd.in
+++ b/security/racoon2-legacy/files/patch-samples-rc.d-spmd.in
@ -0,0 +1,17 @@
+--- samples/rc.d-spmd.in.orig	2007-07-11 00:59:30 UTC
+++ samples/rc.d-spmd.in
+@@ -9,11 +9,13 @@
+ 
+ . /etc/rc.subr
+ 
+: ${spmd_enable="NO"}
+
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ 
+ name="spmd"
+-rcvar=$name
+rcvar=spmd_enable
+ command="@sbindir@/${name}"
+ extra_commands="reload"
+ pidfile="/var/run/${name}.pid"
--- a/security/racoon2-legacy/files/patch-spmd-spmd_internal.h
+++ b/security/racoon2-legacy/files/patch-spmd-spmd_internal.h
@ -0,0 +1,11 @@
+--- spmd/spmd_internal.h.orig	2008-07-06 11:41:36.000000000 +0900
+++ spmd/spmd_internal.h	2009-03-30 13:35:24.000000000 +0900
+@@ -35,7 +35,7 @@
+ 
+ extern int spmd_foreground;
+ 
+-#define RACOON2_CONFIG_FILE SYSCONFDIR"/racoon2.conf"
+#define RACOON2_CONFIG_FILE RACOON_CONF
+ 
+ #if defined(HAVE_NSSWITCH_CONF)
+ # define NSSWITCH_CONF_FILE "/etc/nsswitch.conf"
--- a/security/racoon2-legacy/pkg-descr
+++ b/security/racoon2-legacy/pkg-descr
@ -0,0 +1,18 @@
+"racoon2" is a system to exchange and to install security parameters
+for the IPsec.
+
+Currently the system supports the following specification:
+
+	Internet Key Exchange (IKEv2) Protocol
+	draft-ietf-ipsec-ikev2-17.txt
+
+	Kerberized Internet Negotiation of Keys (KINK)
+	draft-ietf-kink-kink-06.txt
+
+	PF_KEY Key Management API, Version 2
+	RFC2367
+
+	The Internet Key Exchange (IKE)
+	RFC2409
+
+WWW: http://www.racoon2.wide.ad.jp/
--- a/security/racoon2-legacy/pkg-plist
+++ b/security/racoon2-legacy/pkg-plist
@ -0,0 +1,50 @@
+sbin/iked
+%%KINK%%sbin/kinkd
+sbin/spmd
+sbin/spmdctl
+sbin/pskgen
+etc/racoon2/default.conf.sample
+etc/racoon2/local-test.conf.sample
+etc/racoon2/racoon2.conf.sample
+etc/racoon2/transport_ike.conf.sample
+etc/racoon2/transport_kink.conf.sample
+etc/racoon2/tunnel_ike.conf.sample
+etc/racoon2/tunnel_ike_natt.conf.sample
+etc/racoon2/tunnel_kink.conf.sample
+etc/racoon2/vals.conf.sample
+etc/racoon2/hook/functions
+etc/racoon2/hook/ikesa-up.d/00ikesaup_sample
+etc/racoon2/hook/ikesa-up
+etc/racoon2/hook/ikesa-down
+etc/racoon2/hook/ikesa-rekey
+etc/racoon2/hook/child-up.d/00childup_sample
+etc/racoon2/hook/child-up
+etc/racoon2/hook/child-down
+etc/racoon2/hook/child-rekey
+etc/racoon2/hook/migration
+etc/racoon2/hook/ph1-up
+etc/racoon2/hook/ph1-down
+etc/rc.d/iked
+etc/rc.d/spmd
+%%KINK%%etc/rc.d/kinkd
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.jp
+%%PORTDOCS%%%%DOCSDIR%%/README
+man/man8/spmd.8.gz
+man/man8/spmdctl.8.gz
+man/man8/pskgen.8.gz
+man/man8/iked.8.gz
+%%KINK%%man/man8/kinkd.8.gz
+@dir etc/racoon2/psk
+@dir etc/racoon2/hook/ph1-up.d
+@dir etc/racoon2/hook/ph1-down.d
+@dir etc/racoon2/hook/migration.d
+@dir etc/racoon2/hook/ikesa-rekey.d
+@dir etc/racoon2/hook/ikesa-down.d
+@dir etc/racoon2/hook/child-rekey.d
+@dir etc/racoon2/hook/child-down.d
+@dir etc/racoon2/cert
+@postexec [ ! -e %D/%%ETCDIR%%/spmd.pwd ] || mv %D/%%ETCDIR%%/spmd.pwd %D/%%ETCDIR%%/spmd.pwd.bak
+@postexec %D/sbin/pskgen -r -o %D/%%ETCDIR%%/spmd.pwd
+@rmtry %%ETCDIR%%/spmd.pwd
+@dir(root,wheel,700) /var/run/racoon2