From 47d2d579cd7a9587c0ba39645e23e6cb1b76c54b Mon Sep 17 00:00:00 2001
From: David Marec <DavidMarec@users.noreply.github.com>
Date: Thu, 21 Jan 2021 23:11:32 +0100
Subject: [PATCH] Review rc script according to setup_config.sh Append
 configuration file as a sample creation directory tree

---
 Makefile                        | 13 ++++++++-----
 distinfo                        |  6 +++---
 files/iked.in                   |  7 +++----
 files/patch-CMakelists_txt      | 26 ++++++++++++++++++++++++++
 files/patch-iked_CMakelists_txt | 15 +++++++++++++++
 pkg-plist                       |  9 +++++++++
 6 files changed, 64 insertions(+), 12 deletions(-)
 create mode 100644 files/patch-CMakelists_txt
 create mode 100644 files/patch-iked_CMakelists_txt

diff --git a/Makefile b/Makefile
index 4e5250c..ee28a40 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
-# $FreeBSD: head/security/openiked/Makefile david@lapinbilly.eu $
+# $FreeBSD: head/security/openiked-portable/Makefile david@lapinbilly.eu
 
-PORTNAME=	openiked-portable
+PORTNAME=openiked-portable
 CATEGORIES=	security net
 
 MAINTAINER=	portmgr@FreeBSD.org
@@ -12,13 +12,16 @@ LIB_DEPENDS=	libevent.so:devel/libevent
 
 USES=		cmake
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	openiked
-GH_TAGNAME=		45352722b7320ed97c6abe3bd961bea5acccf43d
+USE_GITHUB=		yes
+GH_ACCOUNT=		openiked
+GH_TAGNAME=		7efaa952cabc5fa6441392677147b5702d1bfbb8
 DISTVERSION=	g20210119
 
 USE_RC_SUBR= iked
 USERS=		_iked
 GROUPS=		_iked
 
+post-install:
+	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
+	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
 .include <bsd.port.mk>
diff --git a/distinfo b/distinfo
index 2c3c7a2..7040d70 100644
--- a/distinfo
+++ b/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1611090438
-SHA256 (openiked-openiked-portable-g20210119-45352722b7320ed97c6abe3bd961bea5acccf43d_GH0.tar.gz) = 66d7aedb9f2c2a5e9fe8f0c161188017ecc859009f59cbd8346095ae3333013a
-SIZE (openiked-openiked-portable-g20210119-45352722b7320ed97c6abe3bd961bea5acccf43d_GH0.tar.gz) = 271269
+TIMESTAMP = 1611258184
+SHA256 (openiked-openiked-portable-g20210119-7efaa952cabc5fa6441392677147b5702d1bfbb8_GH0.tar.gz) = d2300f1055a77f7dfe928de59f995af2ac56709b7ca5bab5581a9955aca76351
+SIZE (openiked-openiked-portable-g20210119-7efaa952cabc5fa6441392677147b5702d1bfbb8_GH0.tar.gz) = 275522
diff --git a/files/iked.in b/files/iked.in
index d9a4bac..e9a257b 100644
--- a/files/iked.in
+++ b/files/iked.in
@@ -52,10 +52,9 @@ iked_precmd()
 	else
 		# Create a key pair if not already present.
 		if test ! -f $iked_privkey; then
-			/usr/bin/openssl genrsa -out $iked_privkey 2048
-			/bin/chmod 600 $iked_privkey
-			/usr/bin/openssl rsa -out $iked_pubkey \
-			    -in $iked_privkey -pubout
+			/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
+			/bin/chmod 600 "$iked_privkey"
+			openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
 		fi
 	fi
 
diff --git a/files/patch-CMakelists_txt b/files/patch-CMakelists_txt
new file mode 100644
index 0000000..401c30f
--- /dev/null
+++ b/files/patch-CMakelists_txt
@@ -0,0 +1,26 @@
+--- CMakeLists.txt.ori
++++ CMakeLists.txt
+@@ -24,6 +24,12 @@ include(CheckIncludeFiles)
+ include_directories("/usr/local/include")
+ link_directories("/usr/local/lib")
+ 
++
++if (NOT DEFINED CMAKE_INSTALL_SYSCONFDIR )
++	set (CMAKE_INSTALL_SYSCONFDIR ${CMAKE_INSTALL_PREFIX}/etc)
++endif()
++set (SYSCONFDIR ${CMAKE_INSTALL_SYSCONFDIR}/iked)
++
+ if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
+ 	include_directories("/usr/local/opt/openssl@1.1/include")
+ 	link_directories("/usr/local/opt/openssl@1.1/lib")
+@@ -32,8 +38,8 @@ elseif(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
+ 	add_definitions(-DHAVE_ATTRIBUTE__DEAD__)
+ 	add_definitions(-DHAVE_SOCKADDR_SA_LEN)
+ elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
+-	add_definitions(-DIKED_CONFIG="/usr/local/etc/iked.conf")
+-	add_definitions(-DIKED_CA="/usr/local/etc/iked/")
++	add_definitions(-DIKED_CONFIG="${CMAKE_INSTALL_SYSCONFDIR}/iked.conf")
++	add_definitions(-DIKED_CA="${SYSCONFDIR}")
+ elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
+ 	add_definitions(-D_GNU_SOURCE)
+ 	add_definitions(-D_DEFAULT_SOURCE)
diff --git a/files/patch-iked_CMakelists_txt b/files/patch-iked_CMakelists_txt
new file mode 100644
index 0000000..fd00275
--- /dev/null
+++ b/files/patch-iked_CMakelists_txt
@@ -0,0 +1,15 @@
+--- iked/CMakeLists.txt.ori
++++ iked/CMakeLists.txt
+@@ -194,3 +194,12 @@ add_custom_command(
+ )
+ 
+ install(TARGETS iked RUNTIME DESTINATION sbin)
++install(FILES ${CMAKE_SOURCE_DIR}/iked.conf DESTINATION ${CMAKE_INSTALL_SYSCONFDIR})
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/ca)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/certs)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/crls)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/private)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/pubkeys/ipv4)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/pubkeys/ipv6)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/pubkeys/fqdn)
++install(DIRECTORY DESTINATION ${SYSCONFDIR}/pubkeys/ufqdn)
diff --git a/pkg-plist b/pkg-plist
index 9c3e482..c620c54 100644
--- a/pkg-plist
+++ b/pkg-plist
@@ -1,3 +1,12 @@
+@sample etc/iked.conf.sample
 etc/rc.d/iked
 sbin/ikectl
 sbin/iked
+@dir etc/iked/ca
+@dir etc/iked/certs
+@dir etc/iked/crls
+@dir(,,700) etc/iked/private
+@dir etc/iked/pubkeys/fqdn
+@dir etc/iked/pubkeys/ipv4
+@dir etc/iked/pubkeys/ipv6
+@dir etc/iked/pubkeys/ufqdn
-- 
2.44.0