From: David Marec Date: Wed, 20 Jan 2021 22:27:17 +0000 (+0100) Subject: first issue X-Git-Url: http://popeye.lapinbilly.eu/git/?p=openiked-portable.git;a=commitdiff_plain;h=8bf0d68ddd010c2f8e8a9505c845018dd06ecc2a first issue based on security/openiked-portable --- 8bf0d68ddd010c2f8e8a9505c845018dd06ecc2a diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ee3e43c --- /dev/null +++ b/Makefile @@ -0,0 +1,24 @@ +# $FreeBSD: head/security/openiked/Makefile 547543 2020-09-04 14:33:16Z swills $ + +PORTNAME=openiked-portable +CATEGORIES= security net + +MAINTAINER= portmgr@FreeBSD.org +COMMENT= IKEv2 daemon + +LICENSE= ISCL + +LIB_DEPENDS= libevent.so:devel/libevent + +USES= cmake + +USE_GITHUB= yes +GH_ACCOUNT= openiked +GH_TAGNAME=45352722b7320ed97c6abe3bd961bea5acccf43d +DISTVERSION= g20210119 + +USE_RC_SUBR= iked +USERS= _iked +GROUPS= _iked + +.include diff --git a/distinfo b/distinfo new file mode 100644 index 0000000..2c3c7a2 --- /dev/null +++ b/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1611090438 +SHA256 (openiked-openiked-portable-g20210119-45352722b7320ed97c6abe3bd961bea5acccf43d_GH0.tar.gz) = 66d7aedb9f2c2a5e9fe8f0c161188017ecc859009f59cbd8346095ae3333013a +SIZE (openiked-openiked-portable-g20210119-45352722b7320ed97c6abe3bd961bea5acccf43d_GH0.tar.gz) = 271269 diff --git a/files/iked.in b/files/iked.in new file mode 100644 index 0000000..d9a4bac --- /dev/null +++ b/files/iked.in @@ -0,0 +1,70 @@ +#!/bin/sh + +# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $ +# +# PROVIDE: iked +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# iked_enable (bool): Set to NO by default. +# Set it to YES to enable iked. +# iked_ramdisk (bool): Set to NO by default. See below. +# +# When iked_ramdisk is set to YES, the rc.d script will make sure +# all directories exist, but will not generate a key pair if none +# exists. The daemon is not started when the key pair no config +# files are missing. It is assumed the ramdisk is not populated +# completely. When iked_ramdisk is NO, key pairs are created as +# needed and thr daemon is started unconditionally. + +. /etc/rc.subr + +name=iked +desc="IKEv2 daemon" +rcvar=iked_enable + +load_rc_config $name + +: ${iked_enable:=NO} +: ${iked_ramdisk=NO} + +command=%%PREFIX%%/sbin/iked +start_precmd=iked_precmd + +iked_config=%%PREFIX%%/etc/iked.conf +iked_rootdir=%%PREFIX%%/etc/iked +iked_privkey=${iked_rootdir}/private/local.key +iked_pubkey=${iked_rootdir}/local.pub + +iked_precmd() +{ + + if checkyesno iked_ramdisk; then + # Make sure we have our directory hierarchy. + for D in ca certs crls export private pubkeys \ + pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do + mkdir -p %%PREFIX%%/etc/iked/$D + done + chmod 700 %%PREFIX%%/etc/iked/private + else + # Create a key pair if not already present. + if test ! -f $iked_privkey; then + /usr/bin/openssl genrsa -out $iked_privkey 2048 + /bin/chmod 600 $iked_privkey + /usr/bin/openssl rsa -out $iked_pubkey \ + -in $iked_privkey -pubout + fi + fi + + # We must have a private key and a configuration file. + # Don't start iked when those are missing. + if test ! \( -f $iked_privkey -a -f $iked_config \); then + # Be quiet about it; it must be intentional. + exit 1 + fi +} + +run_rc_command "$1" diff --git a/pkg-descr b/pkg-descr new file mode 100644 index 0000000..f924268 --- /dev/null +++ b/pkg-descr @@ -0,0 +1,9 @@ +OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs +mutual authentication and which establishes and maintains IPsec VPN +flows and security associations (SAs) between the two peers. + +This version of OpenIKED is derived from OpenIKED's iked, but changed +to support transport mode IPSec and lazy creation of associations, +among many other improvements. + +WWW: https://github.com/xcllnt/openiked diff --git a/pkg-plist b/pkg-plist new file mode 100644 index 0000000..9c3e482 --- /dev/null +++ b/pkg-plist @@ -0,0 +1,3 @@ +etc/rc.d/iked +sbin/ikectl +sbin/iked