security/openiked-portable: New port for OpenBSD portable version of …

…OpenIKED

PR:		256009
Reported by:	David Marec <david@lapinbilly.eu>

security/Makefile

@@ -405,6 +405,7 @@
     SUBDIR += openct
     SUBDIR += openfortivpn
     SUBDIR += openiked
+    SUBDIR += openiked-portable
     SUBDIR += opensaml
     SUBDIR += opensc
     SUBDIR += openscep

security/openiked-portable/Makefile

@@ -0,0 +1,31 @@
+PORTNAME=	openiked
+PORTVERSION=	6.9.0
+CATEGORIES=	security net
+MASTER_SITES=	OPENBSD/OpenIKED
+PKGNAMESUFFIX=	-portable
+
+MAINTAINER=	david@lapinbilly.eu
+COMMENT=	IKEv2 daemon
+
+LICENSE=	ISCL
+
+LIB_DEPENDS=	libevent.so:devel/libevent
+
+CONFLICTS_INSTALL=	openiked-[0-9]*
+USES=			cmake ssl
+
+USE_RC_SUBR=	iked
+USERS=		_iked
+GROUPS=		_iked
+
+.include <bsd.port.pre.mk>
+
+.if ${OSREL:R} < 12 && ${SSL_DEFAULT} == "base"
+BROKEN=	requires OpenSSL 1.1.1, upgrade to FreeBSD 12.x/13.x or add DEFAULT_VERSIONS+=ssl=[openssl|libressl*] to /etc/make.conf
+.endif
+
+post-install:
+	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
+	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
+
+.include <bsd.port.post.mk>

security/openiked-portable/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1621459617
+SHA256 (openiked-6.9.0.tar.gz) = f8a9a376c27a53b9d22a948a8245aa296f0c24fe5a40933d77b752b5e98ffa5d
+SIZE (openiked-6.9.0.tar.gz) = 289696

security/openiked-portable/files/iked.in

@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
+#
+# PROVIDE: iked
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iked_enable (bool):	Set to NO by default.
+#			Set it to YES to enable iked.
+# iked_ramdisk (bool):	Set to NO by default. See below.
+#
+# When iked_ramdisk is set to YES, the rc.d script will make sure
+# all directories exist, but will not generate a key pair if none
+# exists.  The daemon is not started when the key pair no config
+# files are missing.  It is assumed the ramdisk is not populated
+# completely.  When iked_ramdisk is NO, key pairs are created as
+# needed and thr daemon is started unconditionally.
+
+. /etc/rc.subr
+
+name=iked
+desc="IKEv2 daemon"
+rcvar=iked_enable
+
+load_rc_config $name
+
+: ${iked_enable:=NO}
+: ${iked_ramdisk=NO}
+
+command=%%PREFIX%%/sbin/iked
+start_precmd=iked_precmd
+
+iked_config=%%PREFIX%%/etc/iked.conf
+iked_rootdir=%%PREFIX%%/etc/iked
+iked_privkey=${iked_rootdir}/private/local.key
+iked_pubkey=${iked_rootdir}/local.pub
+
+iked_precmd()
+{
+
+	if checkyesno iked_ramdisk; then
+		# Make sure we have our directory hierarchy.
+		for D in ca certs crls export private pubkeys \
+		    pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
+			mkdir -p %%PREFIX%%/etc/iked/$D
+		done
+		chmod 700 %%PREFIX%%/etc/iked/private
+	else
+		# Create a key pair if not already present.
+		if test ! -f $iked_privkey; then
+			/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
+			/bin/chmod 600 "$iked_privkey"
+			/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
+		fi
+	fi
+
+	# We must have a private key and a configuration file.
+	# Don't start iked when those are missing.
+	if test ! \( -f $iked_privkey -a -f $iked_config \); then
+		# Be quiet about it; it must be intentional.
+		exit 1
+	fi
+}
+
+run_rc_command "$1"

security/openiked-portable/pkg-descr

@@ -0,0 +1,10 @@
+OpenIKED is a free, permissively licensed Internet Key Exchange
+(IKEv2) implementation, developed as part of the OpenBSD project.
+It is intended to be a lean, secure and interoperable daemon that
+allows for easy setup and management of IPsec VPNs.
+
+The portable versions take the OpenBSD based source code and add
+compatibility functions and build infrastructure for other operating
+systems.
+
+WWW: https://github.com/openiked/openiked-portable

security/openiked-portable/pkg-plist

@@ -0,0 +1,14 @@
+@sample(,,600) etc/iked.conf.sample
+sbin/ikectl
+sbin/iked
+man/man5/iked.conf.5.gz
+man/man8/ikectl.8.gz
+man/man8/iked.8.gz
+@dir etc/iked/ca
+@dir etc/iked/certs
+@dir etc/iked/crls
+@dir(,,700) etc/iked/private
+@dir etc/iked/pubkeys/fqdn
+@dir etc/iked/pubkeys/ipv4
+@dir etc/iked/pubkeys/ipv6
+@dir etc/iked/pubkeys/ufqdn

security/openiked/Makefile

@@ -11,6 +11,8 @@ LIB_DEPENDS=	libevent.so:devel/libevent
 
 USES=		autoreconf libtool ssl
 
+CONFLICTS_INSTALL=		openiked-portable[0-9]*
+
 USE_GITHUB=	yes
 GH_ACCOUNT=	xcllnt