Revive openvpn-devel port and pass maintainership to Eric F. Christ.

NOTE that the port is more of a development snapshot than it used to be, so it should be used SOLELY for testing and development, NOT IN PRODUCTION. PR: ports/144115 Approved by: mandree@ (previous maintainer) Approved by: garga@ (mentor) Feature safe: yes
svn path=/head/; revision=250225
2025-01-03 06:04:53 +00:00 · 2010-02-23 12:22:28 +00:00 · 2010-02-23 12:22:28 +00:00 · e6c2dbc0e6 · 2021-03-31 03:12:20 +00:00
commit e6c2dbc0e6
parent 489b2ee681
9 changed files with 385 additions and 1 deletions
--- a/1
+++ b/1
@ -4245,7 +4245,6 @@ databases/p5-DBD-mysql54|databases/p5-DBD-mysql55|2010-01-04|Updated to mileston
 misc/sword15|misc/sword|2010-01-06|Has expired: use misc/sword
 misc/bibletime-kde3|misc/bibletime|2010-01-06|Has expired: use misc/bibletime
 mail/squirrelmail-devel|mail/squirrelmail|2010-01-06|Has expired: use mail/squirrelmail
-security/openvpn-devel||2010-01-07|base port updated, use security/openvpn instead
 lang/drscheme|lang/plt-scheme|2010-01-07|superceded by lang/plt-scheme
 databases/mysql60-client||2010-01-10|Has expired: no longer under development
 databases/mysql60-server||2010-01-10|Has expired: no longer under development
--- a/security/Makefile
+++ b/security/Makefile
@ -342,6 +342,7 @@
    SUBDIR += openvpn
    SUBDIR += openvpn-admin
    SUBDIR += openvpn-auth-ldap
+    SUBDIR += openvpn-devel
    SUBDIR += openvpn20
    SUBDIR += ophcrack
    SUBDIR += opieprint
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@ -0,0 +1,119 @@
+# New ports collection makefile for:	openvpn
+# Date created:		2010-02-19
+# Whom:			Eric F Crist <ecrist@secure-computing.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	openvpn
+DISTVERSION=	201007
+CATEGORIES=	security net
+MASTER_SITES=	ftp://ftp.secure-computing.net/pub/FreeBSD/ports/openvpn-devel/ \
+		ftp://ftp2.secure-computing.net/pub/FreeBSD/ports/openvpn-devel/
+PKGNAMESUFFIX=	-devel
+
+MAINTAINER=	ecrist@secure-computing.net
+COMMENT=	Secure IP/Ethernet tunnel daemon
+
+WRKSRC=		${WRKDIR}/${PORTNAME}${PKGNAMESUFFIX}
+
+CONFLICTS=	openvpn-[0-9]*
+
+GNU_CONFIGURE=	yes
+USE_OPENSSL=	yes
+CONFIGURE_ARGS=	--with-lzo-lib=${LOCALBASE}/lib \
+		--with-lzo-headers=${LOCALBASE}/include
+INSTALL_TARGET=	install mandir=${MANPREFIX}/man
+
+MAN8=		openvpn.8
+
+OPTIONS=	PW_SAVE "Interactive passwords may be read from a file" off \
+		PKCS11  "Use security/pkcs11-helper" off
+
+USE_RC_SUBR=	openvpn.sh
+USE_LDCONFIG=	${PREFIX}/lib
+
+SUB_FILES=	pkg-message pkg-req
+SUB_LIST+=	OSVERSION=${OSVERSION}
+
+.include <bsd.port.pre.mk>
+
+SUB_LIST+=	RCSFX=${RC_SUBR_SUFFIX}
+
+.ifdef (LOG_OPENVPN)
+CFLAGS+=	-DLOG_OPENVPN=${LOG_OPENVPN}
+.endif
+
+pre-fetch:
+.ifdef (LOG_OPENVPN)
+	@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
+.else
+	@${ECHO} ""
+	@${ECHO} "You may use the following build options:"
+	@${ECHO} ""
+	@${ECHO} "      LOG_OPENVPN={Valid syslog facility}"
+	@${ECHO} "      EXAMPLE:  make LOG_OPENVPN=LOG_DAEMON"
+	@${ECHO} ""
+.endif
+
+# NOTE: there is no way to explicitly specify the LZO version to OpenVPN,
+# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
+# So depend on LZO1 only if it's already there and LZO2 isn't.
+# PACKAGE_BUILDING will also force LZO2.
+.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING)
+LIB_DEPENDS+=	lzo2.2:${PORTSDIR}/archivers/lzo2
+.else
+LIB_DEPENDS+=	lzo.1:${PORTSDIR}/archivers/lzo
+.endif
+
+.if defined(WITH_PW_SAVE)
+CONFIGURE_ARGS+=	--enable-password-save
+.endif
+
+.if defined(WITH_PKCS11)
+LIB_DEPENDS+=	pkcs11-helper.1:${PORTSDIR}/security/pkcs11-helper
+.else
+CONFIGURE_ARGS+=	--disable-pkcs11
+.endif
+
+post-patch:
+	@${FIND} ${WRKSRC} -name \*.orig -delete
+	@${FIND} ${WRKSRC} -name \*.bak -delete
+
+post-build:
+	cd ${WRKSRC}/plugin/down-root && ${MAKE}
+	cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam
+	@# self-tests here
+.if !defined(WITHOUT_CHECK)
+	cd ${WRKSRC} && ${MAKE} check
+.endif
+
+pre-install:
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGREQ} ${PKGNAME} INSTALL
+
+post-install:
+	${MKDIR} ${PREFIX}/lib
+	${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/
+	${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root
+	${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam
+.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \
+	PORTS README
+	${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/
+.endfor
+.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files
+	${MKDIR} ${DOCSDIR}/${dir}
+	${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \;
+.endfor
+.for dir in sample-scripts
+	${MKDIR} ${DOCSDIR}/${dir}
+	${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \;
+.endfor
+.else
+	-@${RMDIR} ${DOCSDIR}
+.endif
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@ -0,0 +1,3 @@
+MD5 (openvpn-201007.tar.gz) = b8eba6e56e90442c03a133d7a3a3378f
+SHA256 (openvpn-201007.tar.gz) = 0294d3a0c002a25553b8353aadcb3b54907c078502223828d34c23271b16112a
+SIZE (openvpn-201007.tar.gz) = 1015619
--- a/security/openvpn-devel/files/openvpn.sh.in
+++ b/security/openvpn-devel/files/openvpn.sh.in
@ -0,0 +1,129 @@
+#!/bin/sh
+#
+# openvpn.sh - load tun/tap driver and start OpenVPN daemon
+#
+# (C) Copyright 2005 - 2008 by Matthias Andree
+# based on suggestions by Matthias Grimm and Dirk Gouders
+# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
+# and Vasil Dimov
+#
+# $FreeBSD$
+# 
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
+# Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# PROVIDE: openvpn
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# -----------------------------------------------------------------------------
+#
+# This script supports running multiple instances of openvpn.
+# To run additional instance link this script to something like
+# % ln -s openvpn openvpn_foo
+# and define additional openvpn_foo_* variables in one of
+# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
+#
+# Below NAME should be substituted with the name of this script. By default
+# it is openvpn, so read as openvpn_enable. If you linked the script to
+# openvpn_foo, then read as openvpn_foo_enable etc.
+#
+# The following variables are supported (defaults are shown).
+# You can place them in any of
+# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
+#
+# NAME_enable="NO"	# set to YES to enable openvpn
+# NAME_if=""		# driver(s) to load, set to "tun", "tap" or "tun tap"
+#
+# # optional:
+# NAME_flags=""				# additional command line arguments
+# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf"	# --config file
+# NAME_dir="%%PREFIX%%/etc/openvpn"	# --cd directory
+#
+# You also need to set NAME_configfile and NAME_dir, if the configuration
+# file and directory where keys and certificates reside differ from the above
+# settings.
+#
+# Note that we deliberately refrain from unloading drivers.
+#
+# For further documentation, please see openvpn(8).
+#
+
+. %%RC_SUBR%%
+
+case "$0" in
+/etc/rc*)
+	# during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
+	# so get the name of the script from $_file
+	name=$(basename "$_file" .sh)
+	;;
+*)
+	name=$(basename "$0" .sh)
+	;;
+esac
+
+rcvar=$(set_rcvar)
+
+openvpn_precmd()
+{
+	for i in $interfaces ; do
+		# FreeBSD <= 5.4 does not know kldstat's -m option
+		# FreeBSD >= 6.0 does not add debug.* sysctl information
+		# in the default build - we check both to keep things simple
+		if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \
+			&& ! kldstat -m if_${i} >/dev/null 2>&1 ; then
+			if ! kldload if_${i} ; then
+				warn "Could not load $i module."
+				return 1
+			fi
+		fi
+	done
+	return 0
+}
+
+stop_postcmd()
+{
+	rm -f "$pidfile" || warn "Could not remove $pidfile."
+}
+
+# support SIGHUP to reparse configuration file
+extra_commands="reload"
+
+# pidfile
+pidfile="/var/run/${name}.pid"
+
+# command and arguments
+command="%%PREFIX%%/sbin/openvpn"
+
+# run this first
+start_precmd="openvpn_precmd"
+# and this last
+stop_postcmd="stop_postcmd"
+
+load_rc_config ${name}
+
+eval ": \${${name}_enable:=\"NO\"}"
+eval ": \${${name}_flags:=\"\"}"
+eval ": \${${name}_if:=\"\"}"
+eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
+eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"
+
+configfile="$(eval echo \${${name}_configfile})"
+dir="$(eval echo \${${name}_dir})"
+interfaces="$(eval echo \${${name}_if})"
+
+required_files=${configfile}
+command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}"
+
+run_rc_command "$1"
--- a/security/openvpn-devel/files/pkg-message.in
+++ b/security/openvpn-devel/files/pkg-message.in
@ -0,0 +1,12 @@
+### ------------------------------------------------------------------------
+###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
+###  startup. See %%PREFIX%%/etc/rc.d/openvpn%%RCSFX%% for details.
+### ------------------------------------------------------------------------
+###  For compatibility notes when interoperating with older OpenVPN
+###  versions, please, see <http://openvpn.net/relnotes.html>
+### ------------------------------------------------------------------------
+###  If you want to donate to OpenVPN: <http://openvpn.net/donate.html>
+### ------------------------------------------------------------------------
+###  NOTE THIS IS AN UNSTABLE VERSION UNDER DEVELOPMENT!
+###  It may or may not be suitable for production. Use at your own risk.
+### ------------------------------------------------------------------------
--- a/security/openvpn-devel/files/pkg-req.in
+++ b/security/openvpn-devel/files/pkg-req.in
@ -0,0 +1,29 @@
+set -e
+
+rcvers() {
+	# determine if we have "old" or "new" (rcorder integration) scheme
+	# for %%PREFIX%%/etc/rc.d/* files
+	if test $1 -ge 700007 || test $1 -lt 700000 -a $1 -ge 600101 ; then
+		echo 2
+	else
+		echo 1
+	fi
+}
+
+if [ "$2" = INSTALL ] ; then
+	# check if the base system is new enough for us,
+	# which should only matter for package installs.
+	buildrc=$(rcvers %%OSVERSION%%)
+	execrc=$(rcvers $(sysctl -n kern.osreldate) )
+	if test $buildrc -gt $execrc ; then
+		cat <<EOF
+
+Error:   this package, $1, was compiled for a newer FreeBSD
+======   version that uses different boot scripts.
+         Therefore, the rc.d script WILL NOT WORK.
+         Please update your ports tree and install security/openvpn from there.
+
+EOF
+		exit 1
+	fi
+fi
--- a/security/openvpn-devel/pkg-descr
+++ b/security/openvpn-devel/pkg-descr
@ -0,0 +1,13 @@
+OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
+Network) daemon which can be used to securely link two or more private networks
+using an encrypted tunnel over the internet. It can operate over UDP or TCP,
+can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
+server can handle many clients.
+
+This development port is updated frequently and is likely NOT STABLE.  This is
+an untested tar of the source tree.  We attempt to omit inoperable states, but
+there is a good chance this program will not run.
+
+DO NOT USE IN PRODUCTION WITHOUT CAUTION
+
+WWW: http://openvpn.net/
--- a/security/openvpn-devel/pkg-plist
+++ b/security/openvpn-devel/pkg-plist
@ -0,0 +1,79 @@
+sbin/openvpn
+lib/openvpn-auth-pam.so
+lib/openvpn-down-root.so
+%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
+%%PORTDOCS%%%%DOCSDIR%%/COPYING
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
+%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%PORTDOCS%%%%DOCSDIR%%/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/PORTS
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-auth-pam
+%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-down-root
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/README
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-ca
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-dh
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-server
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/make-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-crt
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-full
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/sign-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/Makefile
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.6.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/whichopensslcnf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/home.up
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-client
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-server
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/office.up
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-shutdown.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-startup.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/server.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-home.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-office.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-home.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-office.conf
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-client-config
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-server-config
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/ucn.pl
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/1.0
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
+%%PORTDOCS%%@dirrm %%DOCSDIR%%