Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/openiked-portable: New port for OpenBSD portable version of …
…OpenIKED PR: 256009 Reported by: David Marec <david@lapinbilly.eu>
- Loading branch information
Showing
7 changed files
with
130 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
PORTNAME= openiked | ||
PORTVERSION= 6.9.0 | ||
CATEGORIES= security net | ||
MASTER_SITES= OPENBSD/OpenIKED | ||
PKGNAMESUFFIX= -portable | ||
|
||
MAINTAINER= david@lapinbilly.eu | ||
COMMENT= IKEv2 daemon | ||
|
||
LICENSE= ISCL | ||
|
||
LIB_DEPENDS= libevent.so:devel/libevent | ||
|
||
CONFLICTS_INSTALL= openiked-[0-9]* | ||
USES= cmake ssl | ||
|
||
USE_RC_SUBR= iked | ||
USERS= _iked | ||
GROUPS= _iked | ||
|
||
.include <bsd.port.pre.mk> | ||
|
||
.if ${OSREL:R} < 12 && ${SSL_DEFAULT} == "base" | ||
BROKEN= requires OpenSSL 1.1.1, upgrade to FreeBSD 12.x/13.x or add DEFAULT_VERSIONS+=ssl=[openssl|libressl*] to /etc/make.conf | ||
.endif | ||
|
||
post-install: | ||
${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \ | ||
${STAGEDIR}${PREFIX}/etc/iked.conf.sample | ||
|
||
.include <bsd.port.post.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
TIMESTAMP = 1621459617 | ||
SHA256 (openiked-6.9.0.tar.gz) = f8a9a376c27a53b9d22a948a8245aa296f0c24fe5a40933d77b752b5e98ffa5d | ||
SIZE (openiked-6.9.0.tar.gz) = 289696 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
#!/bin/sh | ||
|
||
# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $ | ||
# | ||
# PROVIDE: iked | ||
# REQUIRE: LOGIN | ||
# KEYWORD: shutdown | ||
# | ||
# Add these lines to /etc/rc.conf.local or /etc/rc.conf | ||
# to enable this service: | ||
# | ||
# iked_enable (bool): Set to NO by default. | ||
# Set it to YES to enable iked. | ||
# iked_ramdisk (bool): Set to NO by default. See below. | ||
# | ||
# When iked_ramdisk is set to YES, the rc.d script will make sure | ||
# all directories exist, but will not generate a key pair if none | ||
# exists. The daemon is not started when the key pair no config | ||
# files are missing. It is assumed the ramdisk is not populated | ||
# completely. When iked_ramdisk is NO, key pairs are created as | ||
# needed and thr daemon is started unconditionally. | ||
|
||
. /etc/rc.subr | ||
|
||
name=iked | ||
desc="IKEv2 daemon" | ||
rcvar=iked_enable | ||
|
||
load_rc_config $name | ||
|
||
: ${iked_enable:=NO} | ||
: ${iked_ramdisk=NO} | ||
|
||
command=%%PREFIX%%/sbin/iked | ||
start_precmd=iked_precmd | ||
|
||
iked_config=%%PREFIX%%/etc/iked.conf | ||
iked_rootdir=%%PREFIX%%/etc/iked | ||
iked_privkey=${iked_rootdir}/private/local.key | ||
iked_pubkey=${iked_rootdir}/local.pub | ||
|
||
iked_precmd() | ||
{ | ||
|
||
if checkyesno iked_ramdisk; then | ||
# Make sure we have our directory hierarchy. | ||
for D in ca certs crls export private pubkeys \ | ||
pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do | ||
mkdir -p %%PREFIX%%/etc/iked/$D | ||
done | ||
chmod 700 %%PREFIX%%/etc/iked/private | ||
else | ||
# Create a key pair if not already present. | ||
if test ! -f $iked_privkey; then | ||
/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey" | ||
/bin/chmod 600 "$iked_privkey" | ||
/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey" | ||
fi | ||
fi | ||
|
||
# We must have a private key and a configuration file. | ||
# Don't start iked when those are missing. | ||
if test ! \( -f $iked_privkey -a -f $iked_config \); then | ||
# Be quiet about it; it must be intentional. | ||
exit 1 | ||
fi | ||
} | ||
|
||
run_rc_command "$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
OpenIKED is a free, permissively licensed Internet Key Exchange | ||
(IKEv2) implementation, developed as part of the OpenBSD project. | ||
It is intended to be a lean, secure and interoperable daemon that | ||
allows for easy setup and management of IPsec VPNs. | ||
|
||
The portable versions take the OpenBSD based source code and add | ||
compatibility functions and build infrastructure for other operating | ||
systems. | ||
|
||
WWW: https://github.com/openiked/openiked-portable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
@sample(,,600) etc/iked.conf.sample | ||
sbin/ikectl | ||
sbin/iked | ||
man/man5/iked.conf.5.gz | ||
man/man8/ikectl.8.gz | ||
man/man8/iked.8.gz | ||
@dir etc/iked/ca | ||
@dir etc/iked/certs | ||
@dir etc/iked/crls | ||
@dir(,,700) etc/iked/private | ||
@dir etc/iked/pubkeys/fqdn | ||
@dir etc/iked/pubkeys/ipv4 | ||
@dir etc/iked/pubkeys/ipv6 | ||
@dir etc/iked/pubkeys/ufqdn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters