5 files changed, 51 insertions, 10 deletions

diff --git a/security/openiked/Makefile b/security/openiked/Makefile
index 44481558e8fa..2a9230deae95 100644
--- a/security/openiked/Makefile
+++ b/security/openiked/Makefile
@@ -1,10 +1,11 @@
 PORTNAME=	openiked
 DISTVERSION=	7.4
+PORTREVISION=	1
 CATEGORIES=	security net
-MASTER_SITES=	https://cdn.openbsd.org/pub/OpenBSD/OpenIKED/ \
+MASTER_SITES=	OPENBSD/OpenIKED \
 		https://github.com/${PORTNAME}/${PORTNAME}-portable/releases/download/v${DISTVERSION}/
 
-MAINTAINER=	marcel@FreeBSD.org
+MAINTAINER=	david.marec@proton.me
 COMMENT=	IKEv2 daemon
 WWW=		https://www.openiked.org
 
@@ -19,7 +20,8 @@ USE_RC_SUBR=	iked
 USERS=		_iked
 GROUPS=		_iked
 
-CMAKE_ARGS=	-DCMAKE_INSTALL_MANDIR=${PREFIX}/share/man
+CMAKE_ARGS=	-DCADIR=${PREFIX}/etc/ssl \
+		-DCMAKE_INSTALL_MANDIR=${PREFIX}/share/man
 
 post-install:
 	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
diff --git a/security/openiked/files/patch-ikectl_CMakeLists.txt b/security/openiked/files/patch-ikectl_CMakeLists.txt
new file mode 100644
index 000000000000..de79da698eb5
--- /dev/null
+++ b/security/openiked/files/patch-ikectl_CMakeLists.txt
@@ -0,0 +1,13 @@
+--- ikectl/CMakeLists.txt.orig	2025-04-09 19:47:21 UTC
++++ ikectl/CMakeLists.txt
+@@ -42,7 +42,9 @@ list(APPEND CFLAGS
+ 	-Wsign-compare
+ 	"$<$<CONFIG:DEBUG>:-O0;-g>"
+ )
+-
++if(DEFINED CADIR)
++	add_definitions( -DCADIR="${CADIR}" )
++endif()
+ target_compile_options(ikectl PRIVATE ${CFLAGS})
+ if(HAVE_LD_Z)
+ 	target_link_options(ikectl PRIVATE "LINKER:-z,relro,-z,now")
diff --git a/security/openiked/files/patch-ikectl_ikeca.c b/security/openiked/files/patch-ikectl_ikeca.c
new file mode 100644
index 000000000000..4db8e1ce4744
--- /dev/null
+++ b/security/openiked/files/patch-ikectl_ikeca.c
@@ -0,0 +1,25 @@
+--- ikectl/ikeca.c.orig	2025-04-09 19:47:21 UTC
++++ ikectl/ikeca.c
+@@ -47,8 +47,11 @@
+ #define SSLDIR		PREFIX "/etc/ssl"
+ #endif
+ #define SSL_CNF		SSLDIR "/openssl.cnf"
+-#define X509_CNF	SSLDIR "/ikex509v3.cnf"
+-#define IKECA_CNF	SSLDIR "/ikeca.cnf"
++#ifndef CADIR
++#define CADIR       SSLDIR
++#endif
++#define X509_CNF	CADIR "/ikex509v3.cnf"
++#define IKECA_CNF	CADIR "/ikeca.cnf"
+ #define KEYBASE		PREFIX "/etc/iked"
+ #ifndef EXPDIR
+ #define EXPDIR		PREFIX "/usr/share/iked"
+@@ -1118,7 +1121,7 @@ ca_setup(char *caname, int create, int quiet, char *pa
+ 		err(1, "calloc");
+ 
+ 	ca->caname = strdup(caname);
+-	len = snprintf(ca->sslpath, sizeof(ca->sslpath), SSLDIR "/%s", caname);
++	len = snprintf(ca->sslpath, sizeof(ca->sslpath), CADIR "/%s", caname);
+ 	if (len < 0 || (size_t)len >= sizeof(ca->sslpath))
+ 		err(1, "%s: snprintf", __func__);
+ 
diff --git a/security/openiked/pkg-descr b/security/openiked/pkg-descr
index ffa195819a97..cd2f05da0925 100644
--- a/security/openiked/pkg-descr
+++ b/security/openiked/pkg-descr
@@ -1,7 +1,8 @@
-OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs
-mutual authentication and which establishes and maintains IPsec VPN
-flows and security associations (SAs) between the two peers.
+OpenIKED is a free, permissively licensed Internet Key Exchange
+(IKEv2) implementation, developed as part of the OpenBSD project.
+It is intended to be a lean, secure and interoperable daemon that
+allows for easy setup and management of IPsec VPNs.
 
-This version of OpenIKED is derived from OpenIKED's iked, but changed
-to support transport mode IPSec and lazy creation of associations,
-among many other improvements.
+The portable versions take the OpenBSD based source code and add
+compatibility functions and build infrastructure for other operating
+systems.
diff --git a/security/openiked/pkg-plist b/security/openiked/pkg-plist
index 1260cf64689d..8ada1a3bc27b 100644
--- a/security/openiked/pkg-plist
+++ b/security/openiked/pkg-plist
@@ -1,4 +1,4 @@
-@sample etc/iked.conf.sample
+@sample(,,600) etc/iked.conf.sample
 @sample etc/ssl/ikeca.cnf.sample
 @sample etc/ssl/ikex509v3.cnf.sample
 sbin/ikectl