security/openvpn-devel: switch to Gitlab and new maintainer

The previous maintainer asked that the port be removed, but we seem to have found a better solution. Gert Doering volunteered to take over the port and reference Git directly. Import security/openvpn fix for leftover .orig files. PR: 256209 Maintainer change implicitly Approved by: ecrist@secure-computing.net (removal request) New contents reviewed and Approved by: gert@greenie.muc.de (new maintainer, by IRC/mail)
2024-12-22 04:17:44 +00:00 · 2021-05-29 11:48:46 +02:00 · 2021-05-29 11:48:46 +02:00 · 9364842b3b
commit 9364842b3b
parent 47b8cdb140
3 changed files with 71 additions and 83 deletions
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@ -1,12 +1,12 @@
 # Created by: Matthias Andree <mandree@FreeBSD.org>

 PORTNAME=	openvpn
-DISTVERSION=		202113
+DISTVERSION=	g20210527
+PORTEPOCH=	1
 CATEGORIES=	security net net-vpn
-MASTER_SITES=		https://secure-computing.net/files/openvpn/
 PKGNAMESUFFIX=	-devel

-MAINTAINER=		ecrist@secure-computing.net
+MAINTAINER=	gert@greenie.muc.de
 # let's use ?= in spite of portlint WARNings because this might become
 # security/openvpn one day which would then have a slave port:
 COMMENT?=	Secure IP/Ethernet tunnel daemon
@ -14,81 +14,88 @@ COMMENT?=		Secure IP/Ethernet tunnel daemon
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT.GPL

+BUILD_DEPENDS+=	cmocka>=0:sysutils/cmocka \
+		rst2man:textproc/py-docutils
+LIB_DEPENDS+=	liblzo2.so:archivers/lzo2
+
+USES=		autoreconf cpe libtool pkgconfig shebangfix tar:xz
 IGNORE_SSL=	libressl libressl-devel
+USE_GITLAB=	yes
+GL_COMMIT=	890225c1783d0f11b2092495ff902a46d7d0d4cd
+USE_RC_SUBR=	openvpn

-USES=			cpe libtool pkgconfig shebangfix tar:xz
+SHEBANG_FILES=	sample/sample-scripts/auth-pam.pl sample/sample-scripts/ucn.pl \
+		sample/sample-scripts/verify-cn

-CONFLICTS_INSTALL?=	openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
 GNU_CONFIGURE=		yes
-WRKSRC=			${WRKDIR}/${PORTNAME}${PKGNAMESUFFIX}
-SHEBANG_FILES=		sample/sample-scripts/verify-cn \
-			sample/sample-scripts/auth-pam.pl \
-			sample/sample-scripts/ucn.pl
 CONFIGURE_ARGS+=	--enable-strict
 # set PLUGIN_LIBDIR so that unqualified plugin paths are found:
 CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"

 # let OpenVPN's configure script pick up the requisite libraries,
 # but do not break the plugin build if an older version is installed
-CPPFLAGS+=		-I${WRKSRC}/include -I${LOCALBASE}/include
-LDFLAGS+=		-L${LOCALBASE}/lib
-
-OPTIONS_DEFINE=		PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \
-			TEST LZ4 SMALL TUNNELBLICK
-OPTIONS_DEFAULT=	EASYRSA OPENSSL TEST LZ4
-OPTIONS_SINGLE=		SSL
-OPTIONS_SINGLE_SSL=	OPENSSL MBEDTLS
-PKCS11_DESC=		Use security/pkcs11-helper
-EASYRSA_DESC=		Install security/easy-rsa RSA helper package
-MBEDTLS_DESC=		SSL/TLS via mbedTLS (lacks TLS v1.3)
-TUNNELBLICK_DESC=	Tunnelblick XOR scramble patch (READ HELP!)
-X509ALTUSERNAME_DESC=	Enable --x509-username-field (OpenSSL only)
-SMALL_DESC=		Build a smaller executable with fewer features
-
-EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa
-
-PKCS11_LIB_DEPENDS=	libpkcs11-helper.so:security/pkcs11-helper
-PKCS11_CONFIGURE_ENABLE=	pkcs11
-PKCS11_PREVENTS=	MBEDTLS
-PKCS11_PREVENTS_MSG=	OpenVPN cannot use pkcs11-helper with mbedTLS. Disable PKCS11, or use OpenSSL instead
-
-TUNNELBLICK_EXTRA_PATCHES=	${FILESDIR}/extra-tunnelblick-openvpn_xorpatch
-
-X509ALTUSERNAME_CONFIGURE_ENABLE=	x509-alt-username
-
-X509ALTUSERNAME_PREVENTS=	MBEDTLS
-X509ALTUSERNAME_PREVENTS_MSG=	OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead
-
-OPENSSL_USES=		ssl
-OPENSSL_CONFIGURE_ON=	--with-crypto-library=openssl
-
-LZ4_CONFIGURE_OFF=	--disable-lz4
-
-SMALL_CONFIGURE_ON=	--enable-small
-
-MBEDTLS_LIB_DEPENDS=	libmbedtls.so:security/mbedtls
-MBEDTLS_CONFIGURE_ON=	--with-crypto-library=mbedtls
-
-USE_RC_SUBR=		openvpn
-
-SUB_FILES=		pkg-message openvpn-client
-
 .ifdef (LOG_OPENVPN)
 CFLAGS+=	-DLOG_OPENVPN=${LOG_OPENVPN}
 .endif

-BUILD_DEPENDS+=		cmocka>=0:sysutils/cmocka \
-			rst2man:textproc/py-docutils
-LIB_DEPENDS+=		liblzo2.so:archivers/lzo2
+CPPFLAGS+=	-I${WRKSRC}/include -I${LOCALBASE}/include -DCONFIGURE_GIT_REVISION='\"${GL_COMMIT}\"' -DCONFIGURE_GIT_FLAGS=
+LDFLAGS+=	-L${LOCALBASE}/lib

-LZ4_LIB_DEPENDS+=	liblz4.so:archivers/liblz4
+CONFLICTS_INSTALL?=	openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* \
+			openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
+
+SUB_FILES=	openvpn-client pkg-message

 PORTDOCS=	*
 PORTEXAMPLES=	*

+OPTIONS_DEFINE=		DOCS EASYRSA EXAMPLES LZ4 PKCS11 SMALL TEST TUNNELBLICK \
+			X509ALTUSERNAME
+OPTIONS_DEFAULT=	EASYRSA LZ4 OPENSSL TEST
+OPTIONS_SINGLE=		SSL
+OPTIONS_SINGLE_SSL=	MBEDTLS OPENSSL
+
+# option descriptions and interdependencies
+
+EASYRSA_DESC=			Install security/easy-rsa RSA helper package
+MBEDTLS_DESC=			SSL/TLS via mbedTLS (lacks TLS v1.3)
+PKCS11_DESC=			Use security/pkcs11-helper
+PKCS11_PREVENTS=		MBEDTLS
+PKCS11_PREVENTS_MSG=		OpenVPN cannot use pkcs11-helper with mbedTLS. \
+				Disable PKCS11, or use OpenSSL instead
+SMALL_DESC=			Build a smaller executable with fewer features
+TUNNELBLICK_DESC=		Tunnelblick XOR scramble patch (READ HELP!)
+X509ALTUSERNAME_DESC=		Enable --x509-username-field (OpenSSL only)
+X509ALTUSERNAME_PREVENTS=	MBEDTLS
+X509ALTUSERNAME_PREVENTS_MSG=	OpenVPN ${DISTVERSION} cannot use \
+				--x509-username-field with mbedTLS. Disable \
+				X509ALTUSERNAME, or use OpenSSL instead
+
+# option implementations
+
+EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa
+
+LZ4_LIB_DEPENDS+=	liblz4.so:archivers/liblz4
+LZ4_CONFIGURE_OFF=	--disable-lz4
+
+MBEDTLS_LIB_DEPENDS=	libmbedtls.so:security/mbedtls
+MBEDTLS_CONFIGURE_ON=	--with-crypto-library=mbedtls
+
+OPENSSL_USES=		ssl
+OPENSSL_CONFIGURE_ON=	--with-crypto-library=openssl
+
+PKCS11_LIB_DEPENDS=		libpkcs11-helper.so:security/pkcs11-helper
+PKCS11_CONFIGURE_ENABLE=	pkcs11
+
+SMALL_CONFIGURE_ON=	--enable-small
+
 TEST_ALL_TARGET=	check
 TEST_TEST_TARGET_OFF=	check

+TUNNELBLICK_EXTRA_PATCHES=	${FILESDIR}/extra-tunnelblick-openvpn_xorpatch
+
+X509ALTUSERNAME_CONFIGURE_ENABLE=	x509-alt-username
+
 pre-configure:
 .ifdef (LOG_OPENVPN)
 	@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
@ -140,5 +147,6 @@ post-install-DOCS-on:
 post-install-EXAMPLES-on:
 	(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
 	${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
+	${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig

 .include <bsd.port.mk>
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1617626192
-SHA256 (openvpn-202113.tar.xz) = 54e5b6870855138fdc92e19354fb03665dde4dd7b899b1672a8fbd85d9b926e5
-SIZE (openvpn-202113.tar.xz) = 1065804
+TIMESTAMP = 1622278095
+SHA256 (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 0677e95122f96634ad8b8215052f5cd51ccd554bbd70ab53a05f33c157b27554
+SIZE (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 1133002
--- a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h
+++ b/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h
@ -1,20 +0,0 @@
--- src/openvpn/openssl_compat.h.orig	2019-02-20 12:28:23 UTC
-+++ src/openvpn/openssl_compat.h
-@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
- }
- #endif /* SSL_CTX_get_max_proto_version */
- 
-#ifndef SSL_CTX_set_min_proto_version
-+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
-@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
- }
- #endif /* SSL_CTX_set_min_proto_version */
- 
-#ifndef SSL_CTX_set_max_proto_version
-+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)