Add openswan-2.6.29 with multilib fix

6 files changed, 516 insertions, 0 deletions

diff --git a/net-misc/openswan/Manifest b/net-misc/openswan/Manifest
new file mode 100644
index 0000000..cdc8d23
--- /dev/null
+++ b/net-misc/openswan/Manifest
@@ -0,0 +1,6 @@
+AUX ipsec-initd 487 RMD160 23d9d7be6000fb95fdb142bc948964d6050b7864 SHA1 55a4c3ab2523f265e314c9048c0552699564fc4d SHA256 e86140b6e596a0b0d6e52ca521adb891eb3b9cc4ad8e6f28041fb773f9f60347
+AUX openswan-2.6-allow-ms-bad-proposal.patch 551 RMD160 3fda2ba360cb5d3427af56c12f32526c78465c7e SHA1 6649779a6ae76773c78db5d646927a7e698ce825 SHA256 3c84444f6181c0b7f7749c828db790e20f637d93d9dacec8e120709cce8adcc0
+AUX openswan-2.6.29-gentoo.patch 9948 RMD160 64739ea37c197ddd073ff4269d1e3e3a889d0b7f SHA1 c16a8855065ace7ae372c5278144a4e484616a56 SHA256 d2b7bece815701d0e04c80a2f6d3f583e8eb28a1ccd27bb2033326ec5de2d791
+DIST openswan-2.6.29.tar.gz 11663568 RMD160 aeb2463dfd07b68678ca94a1f48878b4eb005937 SHA1 bb9c3ece6c6cf9a7902b82b16e1d7d73bf11ba08 SHA256 03345e7090d0e1d4b844b1205c1444db067c6e2f7c423342e052f44cf6fa12e4
+EBUILD openswan-2.6.29.ebuild 5283 RMD160 7d5019e1897fcdc2c2ac21a0558833f4a5cc4f48 SHA1 4dd83eb229acc8268f3df3bf831effe517fa6095 SHA256 d419d3410c476c42be575d31fd781a0819429ab079fd8f4317c1c6d1cf2263e5
+MISC metadata.xml 1337 RMD160 3611ffb76802ca7b6861f0270516797855fc8b42 SHA1 3302ad08d5eaeae76ea442961a098be0c0f1ca3b SHA256 2ff2ae007cebac56757fb8cd302d72181461d7056d9045810ee05250439c6545
diff --git a/net-misc/openswan/files/ipsec-initd b/net-misc/openswan/files/ipsec-initd
new file mode 100644
index 0000000..28d5eb9
--- /dev/null
+++ b/net-misc/openswan/files/ipsec-initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/files/ipsec-initd,v 1.1 2008/09/21 12:42:32 mrness Exp $
+
+depend() {
+	need net logger
+	after dns
+}
+
+start() {
+	ebegin "Starting IPSec"
+	ipsec setup --start
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping IPSec"
+	ipsec setup --stop
+	eend $?
+}
+
+status() {
+	if [ "$RC_QUIET" != "yes" ]; then
+		ipsec setup --status
+	fi
+}
diff --git a/net-misc/openswan/files/openswan-2.6-allow-ms-bad-proposal.patch b/net-misc/openswan/files/openswan-2.6-allow-ms-bad-proposal.patch
new file mode 100644
index 0000000..1a12189
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6-allow-ms-bad-proposal.patch
@@ -0,0 +1,11 @@
+diff -Nru openswan-2.6.23.orig/programs/pluto/Makefile openswan-2.6.23/programs/pluto/Makefile
+--- openswan-2.6.23.orig/programs/pluto/Makefile	2009-09-09 02:42:54.000000000 +0200
++++ openswan-2.6.23/programs/pluto/Makefile	2009-09-11 19:27:47.000000000 +0200
+@@ -43,6 +43,7 @@
+ # End of configuration coping options.
+ 
+ CPPFLAGS = $(HDRDIRS) $(DEFINES) \
++	-DALLOW_MICROSOFT_BAD_PROPOSAL \
+ 	-DSHARED_SECRETS_FILE=\"${FINALCONFDIR}/ipsec.secrets\" \
+ 	-DPOLICYGROUPSDIR=\"${FINALCONFDDIR}/policies\" \
+ 	-DPERPEERLOGDIR=\"${FINALLOGDIR}/pluto/peer\"
diff --git a/net-misc/openswan/files/openswan-2.6.29-gentoo.patch b/net-misc/openswan/files/openswan-2.6.29-gentoo.patch
new file mode 100644
index 0000000..e6074a4
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.6.29-gentoo.patch
@@ -0,0 +1,254 @@
+diff -Nru openswan-2.6.29.orig/lib/libcrypto/libmd5/Makefile openswan-2.6.29/lib/libcrypto/libmd5/Makefile
+--- openswan-2.6.29.orig/lib/libcrypto/libmd5/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libcrypto/libmd5/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -12,7 +12,7 @@
+ 
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS
+-CFLAGS+=-I/usr/include/nspr4 -I/usr/include/nss3
++CFLAGS+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ include ${srcdir}../../Makefile.library
+diff -Nru openswan-2.6.29.orig/lib/libcrypto/libsha1/Makefile openswan-2.6.29/lib/libcrypto/libsha1/Makefile
+--- openswan-2.6.29.orig/lib/libcrypto/libsha1/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libcrypto/libsha1/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -12,7 +12,7 @@
+ 
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS  
+-CFLAGS+=-I/usr/include/nspr4 -I/usr/include/nss3
++CFLAGS+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ 
+diff -Nru openswan-2.6.29.orig/lib/libcrypto/libsha2/Makefile openswan-2.6.29/lib/libcrypto/libsha2/Makefile
+--- openswan-2.6.29.orig/lib/libcrypto/libsha2/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libcrypto/libsha2/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -15,5 +15,5 @@
+ 
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS
+-INCLUDES+=-I/usr/include/nspr4 -I/usr/include/nss3
++INCLUDES+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+diff -Nru openswan-2.6.29.orig/lib/libdns/Makefile openswan-2.6.29/lib/libdns/Makefile
+--- openswan-2.6.29.orig/lib/libdns/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libdns/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -30,8 +30,8 @@
+ 		-I${srcdir}../libisc/nothreads/include \
+ 		-I. -I./include -I${srcdir}include \
+ 		-I${srcdir}../libisc/include
+-CDEFINES = -g ${USERCOMPILE} ${PORTINCLUDE}
+-CWARNINGS = -Werror
++CDEFINES = ${USERCOMPILE} ${PORTINCLUDE}
++CWARNINGS = 
+ 
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ 
+diff -Nru openswan-2.6.29.orig/lib/libipsecconf/Makefile openswan-2.6.29/lib/libipsecconf/Makefile
+--- openswan-2.6.29.orig/lib/libipsecconf/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libipsecconf/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -33,7 +33,7 @@
+ #CFLAGS+=-DFIPS_CHECK
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS
+-CFLAGS+=-I/usr/include/nspr4 -I/usr/include/nss3
++CFLAGS+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ ifeq ($(USE_NM),true)
+diff -Nru openswan-2.6.29.orig/lib/libisc/Makefile openswan-2.6.29/lib/libisc/Makefile
+--- openswan-2.6.29.orig/lib/libisc/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libisc/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -22,8 +22,8 @@
+ 		-I${srcdir}nothreads/include \
+ 		-I. -I./include -I${srcdir}include \
+ 		$(PORTINCLUDE) -I${OPENSWANSRCDIR}/include
+-CDEFINES = -g -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE}
+-# CWARNINGS = -Werror
++CDEFINES = -DHAVE_STRERROR ${USERCOMPILE} ${PORTINCLUDE}
++# CWARNINGS = 
+ 
+ CFLAGS+=${CINCLUDES} ${CDEFINES} ${CWARNINGS}
+ 
+diff -Nru openswan-2.6.29.orig/lib/liblwres/Makefile openswan-2.6.29/lib/liblwres/Makefile
+--- openswan-2.6.29.orig/lib/liblwres/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/liblwres/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -22,8 +22,8 @@
+ 		-I${srcdir}../libisc/${ISCARCH}/include \
+ 		-I${srcdir}../libisc/include \
+ 		-I. -I./include -I${srcdir}include 
+-CDEFINES = -g
+-CWARNINGS = -Werror
++CDEFINES = 
++CWARNINGS = 
+ 
+ CFLAGS+=${USERCOMPILE} ${PORTINCLUDE} ${CINCLUDES} ${CDEFINES} ${CWARNINGS} 
+ 
+diff -Nru openswan-2.6.29.orig/lib/libopenswan/Makefile openswan-2.6.29/lib/libopenswan/Makefile
+--- openswan-2.6.29.orig/lib/libopenswan/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/lib/libopenswan/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -100,7 +100,7 @@
+ 
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS
+-CFLAGS+=-I/usr/include/nspr4 -I/usr/include/nss3
++CFLAGS+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ ifeq ($(USE_MODP_RFC5114),true)
+diff -Nru openswan-2.6.29.orig/Makefile.inc openswan-2.6.29/Makefile.inc
+--- openswan-2.6.29.orig/Makefile.inc	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/Makefile.inc	2010-09-30 00:31:01.000000000 +0200
+@@ -49,7 +49,7 @@
+ DESTDIR?=
+ 
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL?=/usr
+ 
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -94,7 +94,7 @@
+ 
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
++FINALEXAMPLECONFDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+ 
+ FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan
+diff -Nru openswan-2.6.29.orig/programs/Makefile.program openswan-2.6.29/programs/Makefile.program
+--- openswan-2.6.29.orig/programs/Makefile.program	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/programs/Makefile.program	2010-09-30 00:31:01.000000000 +0200
+@@ -53,7 +53,6 @@
+ WERROR:= -Werror
+ endif
+ 
+-CFLAGS+= ${WERROR}
+ 
+ ifneq ($(LD_LIBRARY_PATH),)
+ LDFLAGS=-L$(LD_LIBRARY_PATH)
+@@ -104,8 +103,6 @@
+ ifneq ($(NOINSTALL),true)
+ 
+ doinstall:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES)
+-	# remove any old vendor file installed previously
+-	@rm -f $(FINALLIBEXECDIR)/vendor
+ 	@mkdir -p $(PROGRAMDIR) $(MANDIR8) $(MANDIR5) $(LIBDIR) $(CONFDIR) $(CONFDDIR) $(CONFDDIR)/$(CONFDSUBDIR) $(EXAMPLECONFDIR)
+ 	@if [ -n "$(PROGRAM)" ]; then $(INSTALL) $(INSTBINFLAGS) $(PROGRAM) $(PROGRAMDIR); fi
+ 	@$(foreach f, $(addsuffix .8, $(PROGRAM)), \
+@@ -180,6 +177,7 @@
+ LDLIBS=${LIBS} ${USERLINK} ${LIBS} ${EXTRALIBS} -lgmp
+ else
+ LDLIBS=${LIBS} ${USERLINK} ${LIBS} ${EXTRALIBS} -lgmp -lnspr4 -lnss3
++LDFLAGS+=-L/usr/lib/nspr -L/usr/lib/nss
+ endif
+ 
+ 
+diff -Nru openswan-2.6.29.orig/programs/pluto/Makefile.options openswan-2.6.29/programs/pluto/Makefile.options
+--- openswan-2.6.29.orig/programs/pluto/Makefile.options	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/programs/pluto/Makefile.options	2010-09-30 00:31:01.000000000 +0200
+@@ -54,7 +54,7 @@
+ 
+ # Use LIBNSS
+ ifeq ($(USE_LIBNSS),true)
+-HDRDIRS+= -I/usr/include/nspr4 -I/usr/include/nss3	
++HDRDIRS+= -I/usr/include/nspr -I/usr/include/nss	
+ endif
+ 
+ # BYTE_ORDER = -DBIG_ENDIAN=4321 -DLITTLE_ENDIAN=1234 -DBYTE_ORDER=BIG_ENDIAN
+@@ -309,6 +309,7 @@
+ DEFINES+=-DHAVE_LIBNSS
+ LIBSPLUTO+= -lnspr4
+ LIBSPLUTO+= -lnss3
++LDFLAGS+=-L/usr/lib/nspr -L/usr/lib/nss
+ # For avoiding implicit DSO linking
+ LIBSPLUTO+= -lpthread
+ ifeq ($(USE_FIPSCHECK),true)
+diff -Nru openswan-2.6.29.orig/programs/rsasigkey/Makefile openswan-2.6.29/programs/rsasigkey/Makefile
+--- openswan-2.6.29.orig/programs/rsasigkey/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/programs/rsasigkey/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -21,13 +21,14 @@
+ FIPS_CHECK=1
+ CFLAGS+=-DFIPS_CHECK
+ endif
+-INCLUDES+=-I/usr/include/nspr4 -I/usr/include/nss3
++INCLUDES+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ PROGRAM=rsasigkey
+ LIBS=${OPENSWANLIB} -lgmp
+ ifeq ($(USE_LIBNSS),true)
+ LIBS+= -lnspr4 -lnss3 -lplc4
++LDFLAGS+=-L/usr/lib/nspr -L/usr/lib/nss
+ ifeq ($(USE_FIPSCHECK),true)
+ LIBS+=  -lfipscheck
+ endif
+diff -Nru openswan-2.6.29.orig/programs/setup/Makefile openswan-2.6.29/programs/setup/Makefile
+--- openswan-2.6.29.orig/programs/setup/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/programs/setup/Makefile	2010-09-30 00:31:49.000000000 +0200
+@@ -18,7 +18,6 @@
+ 
+ # this dance is because setup has to get installed as /etc/rc.d/init.d/ipsec
+ # not as /etc/rc.d/init.d/setup.
+-PROGRAMDIR=$(RCDIR)
+ PROGRAM=setup
+ EXTRA8MAN=setup.8
+ 
+@@ -29,30 +28,4 @@
+ # into the $BINDIR.
+ #
+ # the priorities match those in setup's chkconfig line
+-doinstall:: setup
+-	@rm -f $(BINDIR)/setup
+-	@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+-	@ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+-	-@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+-	-@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+-
+-install_file_list::
+-	@echo $(RCDIR)/ipsec
+-	@echo $(BINDIR)/setup
+-	@echo $(RCDIR)/../rc0.d/K76ipsec
+-	@echo $(RCDIR)/../rc1.d/K76ipsec
+-	@echo $(RCDIR)/../rc2.d/S47ipsec
+-	@echo $(RCDIR)/../rc3.d/S47ipsec
+-	@echo $(RCDIR)/../rc4.d/S47ipsec
+-	@echo $(RCDIR)/../rc5.d/S47ipsec
+-	@echo $(RCDIR)/../rc6.d/K76ipsec
+-
+-cleanall::
+-	@rm -f setup
+ 
+diff -Nru openswan-2.6.29.orig/programs/showhostkey/Makefile openswan-2.6.29/programs/showhostkey/Makefile
+--- openswan-2.6.29.orig/programs/showhostkey/Makefile	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/programs/showhostkey/Makefile	2010-09-30 00:31:01.000000000 +0200
+@@ -16,7 +16,7 @@
+ include ${OPENSWANSRCDIR}/Makefile.inc
+ ifeq ($(USE_LIBNSS),true)
+ CFLAGS+=-DHAVE_LIBNSS
+-INCLUDES+=-I/usr/include/nspr4 -I/usr/include/nss3
++INCLUDES+=-I/usr/include/nspr -I/usr/include/nss
+ endif
+ 
+ PROGRAM=showhostkey
+diff -Nru openswan-2.6.29.orig/testing/utils/make-uml.sh openswan-2.6.29/testing/utils/make-uml.sh
+--- openswan-2.6.29.orig/testing/utils/make-uml.sh	2010-09-27 18:40:32.000000000 +0200
++++ openswan-2.6.29/testing/utils/make-uml.sh	2010-09-30 00:31:01.000000000 +0200
+@@ -262,7 +262,7 @@
+ 
+ cd $OPENSWANSRCDIR || exit 1
+ 
+-make WERROR=-Werror USE_OBJDIR=true programs
++make USE_OBJDIR=true programs
+ 
+ # now, execute the Makefile that we have created!
+ cd $POOLSPACE && make $OPENSWANHOSTS 
diff --git a/net-misc/openswan/metadata.xml b/net-misc/openswan/metadata.xml
new file mode 100644
index 0000000..b7cbea8
--- /dev/null
+++ b/net-misc/openswan/metadata.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>no-herd</herd>
+  <maintainer>
+    <email>mrness@gentoo.org</email>
+    <name>Alin Năstac</name>
+    <description>Backup maintainer</description>
+  </maintainer>
+  <longdescription>From the Openswan web site: Openswan is an Open Source 
+implementation of IPsec for the Linux operating system. Is it a code fork 
+of the FreeS/WAN project, started by a few of the developers who were 
+growing frustrated with the politics surrounding the FreeS/WAN project.</longdescription>
+  <use>
+    <flag name="curl">Include curl support (used for fetching CRLs)</flag>
+    <flag name="ldap">Include LDAP support (used for fetching CRLs)</flag>
+    <flag name="extra-algorithms">Include additional strong algorithms
+    (Blowfish, Twofish, Serpent and SHA2)</flag>
+    <flag name="weak-algorithms">Include weak algorithms (DH1)</flag>
+    <flag name="nocrypto-algorithms">Include algorithms that don't even encrypt
+    (1DES)</flag>
+    <flag name="ms-bad-proposal">Allow bad IP address proposal offered by an
+    Microsoft L2TP/IPSec servers</flag>
+    <flag name="nss">Include libnss support (adds smartcard support)</flag>
+    <flag name="ssl">Use OpenSSL libraries for BIGNUM support</flag>
+  </use>
+</pkgmetadata>
diff --git a/net-misc/openswan/openswan-2.6.29.ebuild b/net-misc/openswan/openswan-2.6.29.ebuild
new file mode 100644
index 0000000..4a65e15
--- /dev/null
+++ b/net-misc/openswan/openswan-2.6.29.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.6.29.ebuild,v 1.1 2010/09/29 22:54:58 mrness Exp $
+
+EAPI="2"
+
+inherit eutils linux-info toolchain-funcs flag-o-matic
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+HOMEPAGE="http://www.openswan.org/"
+SRC_URI="http://www.openswan.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="caps curl ldap pam ssl extra-algorithms weak-algorithms nocrypto-algorithms ms-bad-proposal nss"
+
+COMMON_DEPEND="!net-misc/strongswan
+	dev-libs/gmp
+	dev-lang/perl
+	caps? ( sys-libs/libcap-ng )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	nss? ( dev-libs/nss )
+	ssl? ( dev-libs/openssl )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	app-text/xmlto
+	app-text/docbook-xml-dtd:4.1.2" # see bug 237132
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2"
+
+pkg_setup() {
+	if use nocrypto-algorithms && ! use weak-algorithms; then
+		ewarn "Enabling nocrypto-algorithms USE flag has no effect when"
+		ewarn "weak-algorithms USE flag is disabled"
+	fi
+
+	linux-info_pkg_setup
+
+	if kernel_is 2 6; then
+		einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+		einfo "KLIPS will not be compiled/installed."
+		MYMAKE="programs"
+
+	elif kernel_is 2 4; then
+		if ! [[ -d "${KERNEL_DIR}/net/ipsec" ]]; then
+			eerror "You need to have an IPsec enabled 2.4.x kernel."
+			eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+			die
+		fi
+
+		einfo "Using patched-in IPsec code for kernel 2.4"
+		einfo "Your kernel only supports KLIPS for kernel level IPsec."
+		MYMAKE="confcheck programs"
+
+	else
+		die "Unsupported kernel version"
+	fi
+
+	# most code is OK, but programs/pluto code breaks strict aliasing
+	append-cflags -fno-strict-aliasing
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+	use ms-bad-proposal && epatch "${FILESDIR}"/${PN}-${PV%.*}-allow-ms-bad-proposal.patch
+
+	find . -type f -regex '.*[.]\([1-8]\|html\|xml\)' -exec sed -i \
+	    -e s:/usr/local:/usr:g '{}' \; ||
+	    die "failed to replace text in docs"
+}
+
+get_make_options() {
+	echo KERNELSRC=\"${KERNEL_DIR}\"\
+		FINALEXAMPLECONFDIR=/usr/share/doc/${PF}\
+		INC_RCDEFAULT=/etc/init.d\
+		INC_USRLOCAL=/usr\
+		INC_MANDIR=share/man\
+		FINALDOCDIR=/usr/share/doc/${PF}/html\
+		FINALLIBDIR=/usr/$(get_libdir)/ipsec\
+		DESTDIR=\"${D}\"\
+		USERCOMPILE=\"${CFLAGS}\"\
+		CC=\"$(tc-getCC)\"
+
+	use caps\
+		&& echo USE_LIBCAP_NG=true\
+		|| echo USE_LIBCAP_NG=false
+
+	use curl\
+		&& echo USE_LIBCURL=true\
+		|| echo USE_LIBCURL=false
+
+	use ldap\
+		&& echo USE_LDAP=true\
+		|| echo USE_LDAP=false
+
+	echo USE_XAUTH=true
+	use pam\
+		&& echo USE_XAUTHPAM=true\
+		|| echo USE_XAUTHPAM=false
+
+	use nss\
+		&& echo USE_LIBNSS=true\
+		|| echo USE_LIBNSS=false
+
+	use ssl\
+		&& echo HAVE_OPENSSL=true\
+		|| echo HAVE_OPENSSL=false
+
+	use extra-algorithms\
+		&& echo USE_EXTRACRYPTO=true\
+		|| echo USE_EXTRACRYPTO=false
+	if use weak-algorithms ; then
+		echo USE_WEAKSTUFF=true
+		if use nocrypto-algorithms; then
+			echo USE_NOCRYPTO=true
+		fi
+	else
+		echo USE_WEAKSTUFF=false
+	fi
+
+	echo USE_LWRES=false # needs bind9 with lwres support
+	if use curl || use ldap || use pam; then
+		echo HAVE_THREADS=true
+	else
+		echo HAVE_THREADS=false
+	fi
+}
+
+src_compile() {
+	eval set -- $(get_make_options)
+	emake "$@" ${MYMAKE} || die "emake failed"
+}
+
+src_install() {
+	eval set -- $(get_make_options)
+	emake "$@" install || die "emake install failed"
+
+	dodoc docs/{KNOWN_BUGS*,RELEASE-NOTES*,PATENTS*,debugging*}
+	dohtml doc/*.html
+	docinto quickstarts
+	dodoc doc/quickstarts/*
+
+	newinitd "${FILESDIR}"/ipsec-initd ipsec || die "failed to install init script"
+
+	keepdir /var/run/pluto
+}
+
+pkg_preinst() {
+	if has_version "<net-misc/openswan-2.6.14" && pushd "${ROOT}etc/ipsec"; then
+		ewarn "Following files and directories were moved from '${ROOT}etc/ipsec' to '${ROOT}etc':"
+		local i err=0
+		if [ -h "../ipsec.d" ]; then
+			rm "../ipsec.d" || die "failed to remove ../ipsec.d symlink"
+		fi
+		for i in *; do
+			if [ -e "../$i" ]; then
+				eerror "  $i NOT MOVED, ../$i already exists!"
+				err=1
+			elif [ -d "$i" ]; then
+				mv "$i" .. || die "failed to move $i directory"
+				ewarn "  directory $i"
+			elif [ -f "$i" ]; then
+				sed -i -e 's:/etc/ipsec/:/etc/:g' "$i" && \
+					mv "$i" .. && ewarn "  file $i" || \
+					die "failed to move $i file"
+			else
+				eerror "  $i NOT MOVED, it is not a file nor a directory!"
+				err=1
+			fi
+		done
+		popd
+		if [ $err -eq 0 ]; then
+			rmdir "${ROOT}etc/ipsec" || eerror "Failed to remove ${ROOT}etc/ipsec"
+		else
+			ewarn "${ROOT}etc/ipsec is not empty, you will have to remove it yourself"
+		fi
+	fi
+}
+
+pkg_postinst() {
+	if kernel_is 2 6; then
+		CONFIG_CHECK="~NET_KEY ~INET_XFRM_MODE_TRANSPORT ~INET_XFRM_MODE_TUNNEL ~INET_AH ~INET_ESP ~INET_IPCOMP"
+		WARNING_INET_AH="CONFIG_INET_AH:\tmissing IPsec AH support (needed if you want only authentication)"
+		WARNING_INET_ESP="CONFIG_INET_ESP:\tmissing IPsec ESP support (needed if you want authentication and encryption)"
+		WARNING_INET_IPCOMP="CONFIG_INET_IPCOMP:\tmissing IPsec Payload Compression (required for compress=yes)"
+		check_extra_config
+	fi
+}