Just dropping here a few notes for which I should be providing an ebuild diff at some point, but I'd prefer having some comments about them first:
openssl[-bindist] dependency: as of 4.5.1 there is OPENSSL_NO_EC to disable elliptic curve support, which allows strongswan to be bindist, so I'd suggest something like this:
- add a bindist USE flag to strongswan
- require !bindist? ( openssl[bindist] )
- use bindist && append-cppflags -DOPENSSL_NO_EC
this way EC is only used if -bindist is set, and you can build against openssl[bindist just fine].
USE=smartcard and opensc dependency: this looks mostly bogus; strongswan uses a PKCS#11 provider for sure, but you can use a number of alternative software rather than OpenSC, including Mozilla's NSS. You can see the whole mess in my blog posts on the topic:
The smartcard comment applies to openswan as well.
And I should check better if I'm looking at the latest version of a package next time.
Wouldn't it be colliding with this?
openssl? ( >=dev-libs/openssl-0.9.8[-bindist] )
Also, how would you suggest changing the smartcard part?
The idea is to replace the openssl[-bindist] requirement so that you can use a binary version of OpenSSL just fine, and at the same time you can build a binary redistributable version of strongswan (that does not require or employ the Elliptic Curve feature).
As for the smartcard issue, I'm not sure. Maybe we could use a virtual/pkcs11 but I'm not really sure if it makes sense; I'd probably just replace smartcard USE flag with pkcs11 to enable/disable the use of PKCS#11 API, USE flag is already common:
/media/repos/portage/yamato/profiles/use.local.desc:app-crypt/tpm-tools:pkcs11 - Build Token data management utilities based on OpenCryptoki's (dev-libs/opencryptoki) PKCS#11 implementation.
/media/repos/portage/yamato/profiles/use.local.desc:net-libs/neon:pkcs11 - Add support for PKCS#11 using dev-libs/pakchois
/media/repos/portage/yamato/profiles/use.local.desc:net-misc/openvpn:pkcs11 - Enable PKCS#11 smartcard support
/media/repos/portage/yamato/profiles/use.local.desc:sys-fs/ecryptfs-utils:pkcs11 - Enable PKCS#11 (Smartcards) key module