Move VPN packages into net-vpn/

5 files changed, 280 insertions, 0 deletions

diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest
new file mode 100644
index 000000000000..726997c48e06
--- /dev/null
+++ b/net-vpn/wireguard/Manifest
@@ -0,0 +1 @@
+DIST WireGuard-0.0.20170223.tar.xz 132064 SHA256 6d2c8cd29c4f9fb404546a4749ec050739a26b4a49b5864f1dec531377c3c50d SHA512 273ef6463d447cb04b608a0379cce5c0ed4065f988b3f449995593592b42f2fc269fc249a8e3c22c28bfa682430ee20b5b7a46a96803c9c67d1b6fed7b800455 WHIRLPOOL b08e38f791bd7c60b004b3524f411801139be09f9c091c1aead9289f430594c5cd5c80bcc8da69649b9f5ba8efc83228a42e7f54ade3dc3a312fb58175e31743
diff --git a/net-vpn/wireguard/files/wireguard-openrc.sh b/net-vpn/wireguard/files/wireguard-openrc.sh
new file mode 100644
index 000000000000..9c53ef0ffa72
--- /dev/null
+++ b/net-vpn/wireguard/files/wireguard-openrc.sh
@@ -0,0 +1,45 @@
+# Copyright (c) 2016 Gentoo Foundation
+# All rights reserved. Released under the 2-clause BSD license.
+
+wireguard_depend()
+{
+	program /usr/bin/wg
+	after interface
+	before dhcp
+}
+
+wireguard_pre_start()
+{
+	[[ $IFACE == wg* ]] || return 0
+	ip link delete dev "$IFACE" type wireguard 2>/dev/null
+	ebegin "Creating WireGuard interface $IFACE"
+	if ! ip link add dev "$IFACE" type wireguard; then
+		eend $?
+		return $?
+	fi
+	eend 0
+
+	ebegin "Configuring WireGuard interface $IFACE"
+	set -- $(_get_array "wireguard_$IFVAR")
+	if [[ -f $1 && $# -eq 1 ]]; then
+		/usr/bin/wg setconf "$IFACE" "$1"
+	else
+		eval /usr/bin/wg set "$IFACE" "$@"
+	fi
+	if [ $? -eq 0 ]; then
+		_up
+		eend 0
+		return
+	fi
+	e=$?
+	ip link delete dev "$IFACE" type wireguard 2>/dev/null
+	eend $e
+}
+
+wireguard_post_stop()
+{
+	[[ $IFACE == wg* ]] || return 0
+	ebegin "Removing WireGuard interface $IFACE"
+	ip link delete dev "$IFACE" type wireguard
+	eend $?
+}
diff --git a/net-vpn/wireguard/metadata.xml b/net-vpn/wireguard/metadata.xml
new file mode 100644
index 000000000000..d5c30b1930c0
--- /dev/null
+++ b/net-vpn/wireguard/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>zx2c4@gentoo.org</email>
+		<name>Jason A. Donenfeld</name>
+	</maintainer>
+	<use>
+		<flag name="tools">Compile the wg(8) tool and related helpers. You probably want this enabled.</flag>
+		<flag name="module">Compile the actual WireGuard kernel module. Most certainly you want this enabled, unless you're doing something strange.</flag>
+		<flag name="module-src">Install the module source code to /usr/src, in case you like building kernel modules yourself.</flag>
+		<flag name="debug">Enable verbose debug reporting in dmesg of various WireGuard peer and device information.</flag>
+	</use>
+</pkgmetadata>
diff --git a/net-vpn/wireguard/wireguard-0.0.20170223.ebuild b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild
new file mode 100644
index 000000000000..e19eabcaa9ce
--- /dev/null
+++ b/net-vpn/wireguard/wireguard-0.0.20170223.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit linux-mod bash-completion-r1
+
+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."
+HOMEPAGE="https://www.wireguard.io/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/WireGuard"
+	KEYWORDS=""
+else
+	SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
+	S="${WORKDIR}/WireGuard-${PV}"
+	KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug +module +tools module-src"
+
+DEPEND="tools? ( net-libs/libmnl )"
+RDEPEND="${DEPEND}"
+
+MODULE_NAMES="wireguard(net:src)"
+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1"
+BUILD_TARGETS="module"
+CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES"
+WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto."
+WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert."
+
+pkg_setup() {
+	if use module; then
+		linux-mod_pkg_setup
+		kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1"
+	fi
+}
+
+src_compile() {
+	use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"
+	use module && linux-mod_src_compile
+	use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools
+}
+
+src_install() {
+	use module && linux-mod_src_install
+	if use tools; then
+		dodoc README.md
+		dodoc -r contrib/examples
+		emake \
+			WITH_BASHCOMPLETION=yes \
+			WITH_SYSTEMDUNITS=yes \
+			WITH_WGQUICK=yes \
+			DESTDIR="${D}" \
+			BASHCOMPDIR="$(get_bashcompdir)" \
+			PREFIX="${EPREFIX}/usr" \
+			-C src/tools install
+		insinto /$(get_libdir)/netifrc/net
+		newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh
+	fi
+	use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install
+}
+
+pkg_postinst() {
+	if use module-src && ! use module; then
+		einfo
+		einfo "You have enabled the module-src USE flag without the module USE"
+		einfo "flag. This means that sources are installed to"
+		einfo "${ROOT}usr/src/wireguard instead of having the"
+		einfo "kernel module compiled. You will need to compile the module"
+		einfo "yourself. Most likely, you don't want this USE flag, and should"
+		einfo "rather use USE=module"
+		einfo
+	fi
+	use module && linux-mod_pkg_postinst
+
+	ewarn
+	ewarn "This software is experimental and has not yet been released."
+	ewarn "As such, it may contain significant issues. Please do not file"
+	ewarn "bug reports with Gentoo, but rather direct them upstream to:"
+	ewarn
+	ewarn "    team@wireguard.io    security@wireguard.io"
+	ewarn
+
+	if use tools; then
+		einfo
+		einfo "After installing WireGuard, if you'd like to try sending some packets through"
+		einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
+		einfo "test example script:"
+		einfo
+		einfo "  \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -"
+		einfo
+		einfo "This will automatically setup interface wg0, through a very insecure transport"
+		einfo "that is only suitable for demonstration purposes. You can then try loading the"
+		einfo "hidden website or sending pings:"
+		einfo
+		einfo "  \$ chromium http://192.168.4.1"
+		einfo "  \$ ping 192.168.4.1"
+		einfo
+		einfo "If you'd like to redirect your internet traffic, you can run it with the"
+		einfo "\"default-route\" argument. You may not use this server for any abusive or illegal"
+		einfo "purposes. It is for quick testing only."
+		einfo
+		einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/"
+		einfo
+	fi
+}
diff --git a/net-vpn/wireguard/wireguard-9999.ebuild b/net-vpn/wireguard/wireguard-9999.ebuild
new file mode 100644
index 000000000000..e19eabcaa9ce
--- /dev/null
+++ b/net-vpn/wireguard/wireguard-9999.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit linux-mod bash-completion-r1
+
+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."
+HOMEPAGE="https://www.wireguard.io/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/WireGuard"
+	KEYWORDS=""
+else
+	SRC_URI="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${PV}.tar.xz"
+	S="${WORKDIR}/WireGuard-${PV}"
+	KEYWORDS="~amd64 ~x86 ~mips ~arm ~arm64"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug +module +tools module-src"
+
+DEPEND="tools? ( net-libs/libmnl )"
+RDEPEND="${DEPEND}"
+
+MODULE_NAMES="wireguard(net:src)"
+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1"
+BUILD_TARGETS="module"
+CONFIG_CHECK="NET INET NET_UDP_TUNNEL NF_CONNTRACK NETFILTER_XT_MATCH_HASHLIMIT CRYPTO_BLKCIPHER ~PADATA ~IP6_NF_IPTABLES"
+WARNING_PADATA="If you're running a multicore system you likely should enable CONFIG_PADATA for improved performance and parallel crypto."
+WARNING_IP6_NF_IPTABLES="If your kernel has CONFIG_IPV6, you need CONFIG_IP6_NF_IPTABLES; otherwise WireGuard will not insert."
+
+pkg_setup() {
+	if use module; then
+		linux-mod_pkg_setup
+		kernel_is -lt 4 1 0 && die "This version of ${PN} requires Linux >= 4.1"
+	fi
+}
+
+src_compile() {
+	use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"
+	use module && linux-mod_src_compile
+	use tools && emake RUNSTATEDIR="${EPREFIX}/run" -C src/tools
+}
+
+src_install() {
+	use module && linux-mod_src_install
+	if use tools; then
+		dodoc README.md
+		dodoc -r contrib/examples
+		emake \
+			WITH_BASHCOMPLETION=yes \
+			WITH_SYSTEMDUNITS=yes \
+			WITH_WGQUICK=yes \
+			DESTDIR="${D}" \
+			BASHCOMPDIR="$(get_bashcompdir)" \
+			PREFIX="${EPREFIX}/usr" \
+			-C src/tools install
+		insinto /$(get_libdir)/netifrc/net
+		newins "${FILESDIR}"/wireguard-openrc.sh wireguard.sh
+	fi
+	use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install
+}
+
+pkg_postinst() {
+	if use module-src && ! use module; then
+		einfo
+		einfo "You have enabled the module-src USE flag without the module USE"
+		einfo "flag. This means that sources are installed to"
+		einfo "${ROOT}usr/src/wireguard instead of having the"
+		einfo "kernel module compiled. You will need to compile the module"
+		einfo "yourself. Most likely, you don't want this USE flag, and should"
+		einfo "rather use USE=module"
+		einfo
+	fi
+	use module && linux-mod_pkg_postinst
+
+	ewarn
+	ewarn "This software is experimental and has not yet been released."
+	ewarn "As such, it may contain significant issues. Please do not file"
+	ewarn "bug reports with Gentoo, but rather direct them upstream to:"
+	ewarn
+	ewarn "    team@wireguard.io    security@wireguard.io"
+	ewarn
+
+	if use tools; then
+		einfo
+		einfo "After installing WireGuard, if you'd like to try sending some packets through"
+		einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
+		einfo "test example script:"
+		einfo
+		einfo "  \$ bzcat ${ROOT}usr/share/doc/${PF}/examples/ncat-client-server/client.sh.bz2 | sudo bash -"
+		einfo
+		einfo "This will automatically setup interface wg0, through a very insecure transport"
+		einfo "that is only suitable for demonstration purposes. You can then try loading the"
+		einfo "hidden website or sending pings:"
+		einfo
+		einfo "  \$ chromium http://192.168.4.1"
+		einfo "  \$ ping 192.168.4.1"
+		einfo
+		einfo "If you'd like to redirect your internet traffic, you can run it with the"
+		einfo "\"default-route\" argument. You may not use this server for any abusive or illegal"
+		einfo "purposes. It is for quick testing only."
+		einfo
+		einfo "More info on getting started can be found at: https://www.wireguard.io/quickstart/"
+		einfo
+	fi
+}