summaryrefslogtreecommitdiff
path: root/security/openvpn-devel/Makefile
blob: acb8539bca052edfe4f9f5a630b180c09e0e7aa1 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# Created by: Matthias Andree <mandree@FreeBSD.org>

PORTNAME=	openvpn
DISTVERSION=	g20210603
PORTEPOCH=	1
CATEGORIES=	security net net-vpn
PKGNAMESUFFIX=	-devel

MAINTAINER=	gert@greenie.muc.de
# let's use ?= in spite of portlint WARNings because this might become
# security/openvpn one day which would then have a slave port:
COMMENT?=	Secure IP/Ethernet tunnel daemon

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/COPYRIGHT.GPL

BUILD_DEPENDS+=	cmocka>=0:sysutils/cmocka \
		rst2man:textproc/py-docutils
LIB_DEPENDS+=	liblzo2.so:archivers/lzo2

USES=		autoreconf cpe libtool pkgconfig shebangfix tar:xz
IGNORE_SSL=	libressl libressl-devel
USE_GITLAB=	yes
GL_COMMIT=	0033811e0215af76f469d78912c95a2f59813454
USE_RC_SUBR=	openvpn

SHEBANG_FILES=	sample/sample-scripts/auth-pam.pl sample/sample-scripts/ucn.pl \
		sample/sample-scripts/verify-cn

GNU_CONFIGURE=		yes
CONFIGURE_ARGS+=	--enable-strict
# set PLUGIN_LIBDIR so that unqualified plugin paths are found:
CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"

# let OpenVPN's configure script pick up the requisite libraries,
# but do not break the plugin build if an older version is installed
.ifdef (LOG_OPENVPN)
CFLAGS+=	-DLOG_OPENVPN=${LOG_OPENVPN}
.endif

CPPFLAGS+=	-I${WRKSRC}/include -I${LOCALBASE}/include -DCONFIGURE_GIT_REVISION='\"${GL_COMMIT}\"' -DCONFIGURE_GIT_FLAGS=
LDFLAGS+=	-L${LOCALBASE}/lib

CONFLICTS_INSTALL?=	openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* \
			openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*

SUB_FILES=	openvpn-client pkg-message

PORTDOCS=	*
PORTEXAMPLES=	*

OPTIONS_DEFINE=		DOCS EASYRSA EXAMPLES LZ4 PKCS11 SMALL TEST TUNNELBLICK \
			X509ALTUSERNAME
OPTIONS_DEFAULT=	EASYRSA LZ4 OPENSSL TEST
OPTIONS_SINGLE=		SSL
OPTIONS_SINGLE_SSL=	MBEDTLS OPENSSL

# option descriptions and interdependencies

EASYRSA_DESC=			Install security/easy-rsa RSA helper package
MBEDTLS_DESC=			SSL/TLS via mbedTLS (lacks TLS v1.3)
PKCS11_DESC=			Use security/pkcs11-helper
PKCS11_PREVENTS=		MBEDTLS
PKCS11_PREVENTS_MSG=		OpenVPN cannot use pkcs11-helper with mbedTLS. \
				Disable PKCS11, or use OpenSSL instead
SMALL_DESC=			Build a smaller executable with fewer features
TUNNELBLICK_DESC=		Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC=		Enable --x509-username-field (OpenSSL only)
X509ALTUSERNAME_PREVENTS=	MBEDTLS
X509ALTUSERNAME_PREVENTS_MSG=	OpenVPN ${DISTVERSION} cannot use \
				--x509-username-field with mbedTLS. Disable \
				X509ALTUSERNAME, or use OpenSSL instead

# option implementations

EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa

LZ4_LIB_DEPENDS+=	liblz4.so:archivers/liblz4
LZ4_CONFIGURE_OFF=	--disable-lz4

MBEDTLS_LIB_DEPENDS=	libmbedtls.so:security/mbedtls
MBEDTLS_CONFIGURE_ON=	--with-crypto-library=mbedtls

OPENSSL_USES=		ssl
OPENSSL_CONFIGURE_ON=	--with-crypto-library=openssl

PKCS11_LIB_DEPENDS=		libpkcs11-helper.so:security/pkcs11-helper
PKCS11_CONFIGURE_ENABLE=	pkcs11

SMALL_CONFIGURE_ON=	--enable-small

TEST_ALL_TARGET=	check
TEST_TEST_TARGET_OFF=	check

TUNNELBLICK_EXTRA_PATCHES=	${FILESDIR}/extra-tunnelblick-openvpn_xorpatch

X509ALTUSERNAME_CONFIGURE_ENABLE=	x509-alt-username

pre-configure:
.ifdef (LOG_OPENVPN)
	@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
.else
	@${ECHO} ""
	@${ECHO} "You may use the following build options:"
	@${ECHO} ""
	@${ECHO} "      LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}"
	@${ECHO} "      EXAMPLE:  make LOG_OPENVPN=LOG_LOCAL6"
	@${ECHO} ""
.endif

post-configure:
	${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \
	    ${WRKSRC}/src/plugins/auth-pam/Makefile \
	    ${WRKSRC}/src/plugins/down-root/Makefile

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MMBEDTLS}
_tlslibs=	libmbedtls libmbedx509 libmbedcrypto
.else
# OpenSSL
_tlslibs=	libssl libcrypto
.endif

# sanity check that we don't inherit incompatible SSL libs through,
# for instance, pkcs11-helper:
post-build:
	@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
	|	${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
	if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi

post-install:
	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
	@${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
	${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
	${MKDIR} ${STAGEDIR}${PREFIX}/include

post-install-DOCS-on:
	${MKDIR} ${STAGEDIR}${DOCSDIR}/
.for i in AUTHORS ChangeLog PORTS
	${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/
.endfor

post-install-EXAMPLES-on:
	(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
	${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
	${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig

.include <bsd.port.mk>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 19:57:33 +0000