Page MenuHomeFreeBSD
Files F131571112

D8417.id21905.diff
No OneTemporary
Actions

D8417.id21905.diff
View Options

Index: GIDs
===================================================================
--- GIDs
+++ GIDs
@@ -104,7 +104,7 @@
_ypldap:*:160:
solr:*:161:
octoprint:*:162:
-# free: 163
+_iked:*:163:
# free: 164
# free: 165
# free: 166
Index: UIDs
===================================================================
--- UIDs
+++ UIDs
@@ -109,7 +109,7 @@
_ypldap:*:160:160::0:0:YP Ldap unprivileged user:/var/empty:/usr/sbin/nologin
solr:*:161:161::0:0:Apache Solr System:/var/db/solr:/usr/sbin/nologin
octoprint:*:162:162::0:0:OctoPrint Daemon:/usr/local/octoprint:/usr/sbin/nologin
-# free: 163
+_iked:*:163:163::0:0:IKEv2 Daemon:/var/empty:/usr/sbin/nologin
# free: 164
# free: 165
# free: 166
Index: security/openiked/Makefile
===================================================================
--- security/openiked/Makefile
+++ security/openiked/Makefile
@@ -0,0 +1,34 @@
+# $FreeBSD$
+
+PORTNAME= openiked
+PORTVERSION= 1.0
+CATEGORIES= security net ipv6
+MASTER_SITES= GH
+
+MAINTAINER= marcel@FreeBSD.org
+COMMENT= IKEv2 daemon
+
+LICENSE= ISCL
+
+LIB_DEPENDS= libevent.so:devel/libevent2
+
+USE_GITHUB= yes
+GH_ACCOUNT= xcllnt
+
+USE_RC_SUBR= iked
+USERS= _iked
+GROUPS= _iked
+
+USES= autoreconf
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --with-libevent-dir=${PREFIX}
+
+post-install:
+ ${MV} ${STAGEDIR}/etc/ssl/ikeca.cnf \
+ ${STAGEDIR}${PREFIX}/etc/ikeca.cnf.sample
+ ${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
+ ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/ikectl
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/iked
+
+.include <bsd.port.mk>
Index: security/openiked/distinfo
===================================================================
--- security/openiked/distinfo
+++ security/openiked/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1477960722
+SHA256 (xcllnt-openiked-1.0_GH0.tar.gz) = 675835edb34ebbfa096eb5e16014ec3a3ba25a3b9468ca7fa063ebaf81e3cb02
+SIZE (xcllnt-openiked-1.0_GH0.tar.gz) = 224063
Index: security/openiked/files/iked.in
===================================================================
--- security/openiked/files/iked.in
+++ security/openiked/files/iked.in
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: iked
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iked_enable (bool): Set to NO by default.
+# Set it to YES to enable iked.
+# iked_ramdisk (bool): Set to NO by default. See below.
+#
+# When iked_ramdisk is set to YES, the rc.d script will make sure
+# all directories exist, but will not generate a key pair if none
+# exists. The daemon is not started when the key pair no config
+# files are missing. It is assumed the ramdisk is not populated
+# completely. When iked_ramdisk is NO, key pairs are created as
+# needed and thr daemon is started unconditionally.
+
+. /etc/rc.subr
+
+name=iked
+desc="IKEv2 daemon"
+rcvar=iked_enable
+
+load_rc_config $name
+
+: ${iked_enable:=NO}
+: ${iked_ramdisk=NO}
+
+command=%%PREFIX%%/sbin/iked
+start_precmd=iked_precmd
+
+iked_config=%%PREFIX%%/etc/iked.conf
+iked_rootdir=%%PREFIX%%/etc/iked
+iked_privkey=${iked_rootdir}/private/local.key
+iked_pubkey=${iked_rootdir}/local.pub
+
+required_files="$iked_privkey $iked_config"
+
+iked_precmd()
+{
+
+ if checkyesno iked_ramdisk; then
+ # Make sure we have our directory hierarchy.
+ for D in ca certs crls export private pubkeys \
+ pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
+ mkdir -p %%PREFIX%%/etc/iked/$D
+ done
+ chmod 700 %%PREFIX%%/etc/iked/private
+ else
+ # Create a key pair if not already present.
+ if test ! -f $iked_privkey; then
+ /usr/bin/openssl genrsa -out $iked_privkey 2048
+ /bin/chmod 600 $iked_privkey
+ /usr/bin/openssl rsa -out $iked_pubkey \
+ -in $iked_privkey -pubout
+ fi
+ fi
+}
+
+run_rc_command "$1"
Index: security/openiked/pkg-descr
===================================================================
--- security/openiked/pkg-descr
+++ security/openiked/pkg-descr
@@ -0,0 +1,7 @@
+OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs
+mutual authentication and which establishes and maintains IPsec VPN
+flows and security associations (SAs) between the two peers.
+
+This version of OpenIKED is derived from OpenIKED's iked, but changed
+to support transport mode IPSec and lazy creation of associations,
+among many other improvements.
Index: security/openiked/pkg-plist
===================================================================
--- security/openiked/pkg-plist
+++ security/openiked/pkg-plist
@@ -0,0 +1,17 @@
+@dir etc/iked/
+@dir etc/iked/ca/
+@dir etc/iked/certs/
+@dir etc/iked/crls/
+@dir etc/iked/private/
+@dir etc/iked/pubkeys/
+@dir etc/iked/pubkeys/fqdn/
+@dir etc/iked/pubkeys/ipv4/
+@dir etc/iked/pubkeys/ipv6/
+@dir etc/iked/pubkeys/ufqdn/
+@sample etc/ikeca.cnf.sample
+@sample etc/iked.conf.sample
+man/man5/iked.conf.5.gz
+man/man8/ikectl.8.gz
+man/man8/iked.8.gz
+sbin/ikectl
+sbin/iked

File Metadata

Mime Type
text/plain
Expires
Fri, Oct 10, 9:13 AM (1 h, 18 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
23526235
Default Alt Text
D8417.id21905.diff (4 KB)

Event Timeline