Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
The new version of ipsec tools is available. You will find the changing ebuild on attachment.
Created an attachment (id=100573) [edit] New ebuild for ipsec-tool 0.6.6
no reason to keep this secret ;-)
I've learned that it's better to use the CVS version of IPSEC tools. There are a lot of functionnalities and corrected buggs in more in racoon and setkey. Do you confirm it ? If yes, perhaps it will be better to make a CVS ebuild. I've done it. If you want i can post it. Cause i'm not an expert in. So you will have a base for working on this.
Created an attachment (id=100667) [edit] New ebuild for ipsec-tools 0.6.6 This ebuild have some use flag add : dpd fastquit frag gssapi hybrid idea ldap natt pam rc5 readline security-context stats ipv6 and a check functionnality of kernel flags
The ssl flag is not supported with this version. It is from the CVS version. Then it will. Radius is not supported by Gentoo with libradius library. As i understood, we have to use pam ... strange
In the compil, i didn't success to have some option flag up : checking kernel NAT-Traversal support... yes checking whether to support NAT-T... no checking which NAT-T versions to support... none checking whether we support FWD policy... no checking for ipsec_policy_t... no or checking openssl/camellia.h usability... no checking openssl/camellia.h presence... no I don't know if it's relevant or not. And an other point is iconv seems to need the new libiconv which is hard masked for the moment.
Created an attachment (id=100673) [edit] New ebuild for ipsec-tools 0.6.6 Use flags in more : adminport pic shared static I have corrected a dependancy beetween pam and hybrid flag. inherited linux-mod replaced by linux-info.
(From update of attachment 100673 [edit]) natt flag is not taking in account
Created an attachment (id=100822) [edit] New ebuild for ipsec-tool 0.6.6 Natt flag is corrected ssl flag is not needed anymore. It was a mistake.
TODO : There is two mode for the forwarding policy : Kernel and RFC It's not taking in account for the moment. Normally, only the RFC is done. security-context depends of some options of kernel. i'll try to find them.
Created an attachment (id=100858) [edit] New ebuild for ipsec-tool 0.6.6 In fact security context is searching for the lsm kernel module wich seems to be present systematically in 2.6. Then nothing to do :-) The kernel mode is used when you do a "setkey -k" Then nothing to do :-) The camelia cipher algorithm is too much recent. See http://www.ntt.co.jp/news/news06e/0604/060413a.html Then nothing to do :-) The ldap functionnality is not documented in this version. But the doc exist in the recent CVS version. Then a warning is raised. Kernel includes repertory have been added in the compil params. With Nat traversal, there is more options which could be choosed. So a warning is raised. Could other gentoouser test it please ?
I am adding this, temporarily to asylumware-portage. I will be testing it on various systems. BTW: What is this ebuild an octet-stream? That makes no sense.
Created an attachment (id=100926) [edit] New ebuild for ipsec-tool 0.6.6 Right, octet-stream takes no sense.i've selected plain text. I've added the use flag "broken-natt", all the documentation in /usr/share/doc and so commentary to drive users. i've definetely suppress ssl flag. Thanks for your help.
Created an attachment (id=100934) [edit] New ebuild for ipsec-tools 0.6.6 Just to add the dodoc for FAQ and others text info files which are not in the same repertory than the samples Does it will take a long time before it will be on unstable gentoo portage ?
Created an attachment (id=101029) [edit] New ebuild for ipsec-tools 0.6.6 This version corrects the doc installation (was buggy). An explaination about sa mode unspec presence was added.
Hello Peter, Do you think it could be added to gentoo unstable portage in this state ?
I use this version since one week now and all seem to go to the right way. Do you know when it will be include in the portage tree ?
*** Bug 158860 has been marked as a duplicate of this bug. ***
Attachment 101029 [edit] (from 2006-11-02) give the following warings: * Running eautoreconf in '/var/tmp/portage/ipsec-tools-0.6.6-r1/work/ipsec-tools-0.6.6' ... * QA Notice: ${WANT_AUTOCONF} variable unset. Please report on http://bugs.gentoo.org/ * QA Notice: ${WANT_AUTOMAKE} variable unset. Please report on http://bugs.gentoo.org/ * Running aclocal -I /var/tmp/portage/ipsec-tools-0.6.6-r1/work/ipsec-tools-0.6.6 . [ ok ] So I'm reporting this. :) Also this version does not compile for me with the same error from Bug #158860: if x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I./../libipsec -D_GNU_SOURCE -include ./src/include-glibc/glibc-bugs.h -I./src/include-glibc -I./src/include-glibc -I./../../src/racoon/missing -D_GNU_SOURCE -include ../../src/include-glibc/glibc-bugs.h -I../../src/include-glibc -I../../src/include-glibc -DSYSCONFDIR=\"/etc\" -DADMINPORTDIR=\"/var/lib/racoon\" -O3 -pipe -fomit-frame-pointer -march=athlon64 -Wall -Wno-unused -MT grabmyaddr.o -MD -MP -MF ".deps/grabmyaddr.Tpo" -c -o grabmyaddr.o grabmyaddr.c; \ then mv -f ".deps/grabmyaddr.Tpo" ".deps/grabmyaddr.Po"; else rm -f ".deps/grabmyaddr.Tpo"; exit 1; fi grabmyaddr.c: In function 'recvaddrs': grabmyaddr.c:126: error: 'IFA_MAX' undeclared (first use in this function) grabmyaddr.c:126: error: (Each undeclared identifier is reported only once grabmyaddr.c:126: error: for each function it appears in.) grabmyaddr.c:167: error: dereferencing pointer to incomplete type grabmyaddr.c:168: error: dereferencing pointer to incomplete type grabmyaddr.c:171: error: dereferencing pointer to incomplete type grabmyaddr.c:171: error: 'IFA_F_TENTATIVE' undeclared (first use in this function) grabmyaddr.c:175: warning: implicit declaration of function 'IFA_RTA' grabmyaddr.c:175: error: dereferencing pointer to incomplete type grabmyaddr.c:175: warning: passing argument 3 of 'parse_rtattr' makes pointer from integer without a cast grabmyaddr.c:177: error: 'IFA_LOCAL' undeclared (first use in this function) grabmyaddr.c:178: error: 'IFA_ADDRESS' undeclared (first use in this function) grabmyaddr.c:187: error: dereferencing pointer to incomplete type grabmyaddr.c:189: error: dereferencing pointer to incomplete type grabmyaddr.c:190: error: dereferencing pointer to incomplete type make[3]: *** [grabmyaddr.o] Error 1 make[3]: Leaving directory `/var/tmp/portage/ipsec-tools-0.6.6-r1/work/ipsec-tools-0.6.6/src/racoon' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/ipsec-tools-0.6.6-r1/work/ipsec-tools-0.6.6/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/ipsec-tools-0.6.6-r1/work/ipsec-tools-0.6.6' make: *** [all] Error 2 That error was also mentioned in Bug #146478 in comment 16 , but neither 0.6.5 nor the 0.6.6 fix it for me. I am using kernel 2.6.18-mm2, but also have 2.6.19-rc5-mm1 installed.
Mmh... works now with 2.6.20-rc2-mm1...
Great :-)
Created an attachment (id=105913) [edit] net-firewall/ipsec-tools-0.6.6.ebuild (new ebuild, clean-up) Hmm, this seems VERY bad when run through repoman... several hundred errors (mostly whitespace). Had a look at it and tried to fix it... Difficult. Here's what I did: Initial import of ipsec-tools-0.6.6-r1.ebuild from bug #152971 Making repoman happy :-) Updating most of the text to be consistent with linux-2.6.19.1 fixing nasty bug line 124 in the original: INET_XFRM_MODE_TRANSPORT was checked twice adding BEET mode (not sure if it is used yet though) Lots of whitespace changes (space-to-tabs, EOL space) Adding WANT_AUTOMAKE, WANT_AUTOCONF Trying to fix bad English in the comments. The comment about ipsec_set_policy man page seems outdated, removing. The new ebuild is available in my overlay at http://rsync.tar.bz/net-firewall/ipsec-tools/ (see http://rsync.tar.bz/README.txt on howto use with repoman) This ebuild contains many useflags, not tested with all. Please report any test results here.
Created an attachment (id=106324) [edit] ipsec-tools-0.6.6.ebuild.patch This is a patch to apply to the ebuild in attachment #105913 [edit] of this bug. The full ebuild can be found in my overlay, here: https://svn.tar.bz/repos/pkalin/trunk/net-firewall/ipsec-tools/ipsec-tools-0.6.6.ebuild ChangLog: ------------------------------------------------------------------------ r166 | Kalin.KOZHUHAROV | 2007-01-10 18:02:43 +0900 (Wed, 10 Jan 2007) | 16 lines Update the ebuild and send to https://bugs.gentoo.org/show_bug.cgi?id=152971 1. Mostly port code from my patch in bug# 121219 (http://bugs.gentoo.org/attachment.cgi?id=79082&action=diff) 2. Improve DESCRIPTION (make it shorter) 3. Run repoman and try to make it happy 4. Add references to Bugzilla for the one-line-patchers 5. linux_chkconfig_present is not needed in src_compile() as it is checked by kernel_check() 6. Remove comments about patented algorithms (they are present in /usr/portage/profiles/use*) 7. Improve comment for --enable-samode-unspec 8. s/ewarn/einfo/g throughout pkg_postinst() and improve the texts TODO: * Find the way to include sparc arch * Link all ipsec-tools in Bugzilla as dependencies * Shout on dev if nobody takes action
(In reply to comment #23) > TODO: > * Shout on dev if nobody takes action Since it's been over 30 days since the last activity on this bug, would you mind shouting on -dev, Kalin? :) Additionally, I noticed that the upstream ipsec-tools-0.6.6 tarball compiles and works fine for me on x86 and amd64 if I copy and rename ipsec-tools-0.6.5.ebuild to ipsec-tools-0.6.6.ebuild . Are the devs nervous about jumping to a new ebuild with ipsec-tools-0.6.6 ? If so, then perhaps we could "just" copy the exisitng 0.6.5.ebuild to a 0.6.6.ebuild and then introduce a new ebuild later as (say) ipsec-tools-0.6.6-r1.ebuild ?
It should also be noted that ipsec-tools 0.6.7 has just been released to fix a DoS problem.
(In reply to comment #25) > It should also be noted that ipsec-tools 0.6.7 has just been released to fix a > DoS problem. > ref bug 173219 - doing that now. > Are the devs nervous about jumping to a new ebuild with ipsec-tools-0.6.6 ? If > so, then perhaps we could "just" copy the exisitng 0.6.5.ebuild to a > 0.6.6.ebuild and then introduce a new ebuild later as (say) > ipsec-tools-0.6.6-r1.ebuild ? The USE flags looks a little extreme. Slowness is probably the grasp of real life taking hold. I'm working on something for it now for bug #173219
Kalin and others. I've added ipsec-tools-0.6.7 largely based of Kalins clean patch. Can you please do a rough test on it to see if i've done anything dumb. I'd like to get this right before getting it stable (bug 173219). I dropped most USE flags as they didn't change the functionality or bring in dependencies. If i'm wrong on either statement please tell me.
