--- ike-2.1.5+dfsg.orig/source/iked/iked.8 +++ ike-2.1.5+dfsg/source/iked/iked.8 @@ -79,7 +79,7 @@ The command exits with 0 on success, and non-zero on errors. .Sh FILES The default configuration file is -.Pa /usr/local/etc/iked.conf +.Pa /etc/iked.conf .Sh SEE ALSO .Xr ikea 1 , .Xr ikec 1 , --- ike-2.1.5+dfsg.orig/source/iked/iked.conf.5 +++ ike-2.1.5+dfsg/source/iked/iked.conf.5 @@ -662,7 +662,7 @@ nbns4 10.1.1.1; dns_suffix "foo.com"; dns_list "foo.com" "bar.com"; - banner "/usr/local/etc/iked.motd"; + banner "/etc/iked.motd"; pfs_group 2; } --- ike-2.1.5+dfsg.orig/debian/copyright +++ ike-2.1.5+dfsg/debian/copyright @@ -0,0 +1,81 @@ +This package was debianized by Nicolas Deschildre on +Sun, 25 May 2008 15:08:07 +0200. + +It was downloaded from http://www.shrew.net/?page=download&prod=ike + +The archive was repacked using get-orig-source : the RFCs files in +the /doc directory are deleted because they do not follow the Debian +Free Software Guidelines (section 3). + +Upstream Author: Matthew Grooms + +Copyright: 2007, Shrew Soft Inc. + +License: + +The OSI-approved sleepycat license + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Redistributions in any form must be accompanied by information on + how to obtain complete source code for the software and any + accompanying software that uses the software. The source code + must either be included in the distribution or be available for no + more than the cost of distribution plus a nominal fee, and must be + freely redistributable under reasonable conditions. For an + executable file, complete source code means the source code for all + modules it contains. It does not include source code for modules or + files that typically accompany the major components of the operating + system on which the executable file runs. + +THIS SOFTWARE IS PROVIDED BY SHREW SOFT INC ``AS IS'' AND ANY EXPRESS +OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR +NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL SHREW SOFT INC +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +THE POSSIBILITY OF SUCH DAMAGE. + + +Legal notice (as shown on upstream website): + +This software uses strong cryptography provided by the freely available +OpenSSL Toolkit ( http://www.openssl.org ). For this reason, please read +the legal notices below. The second notice is a reproduction of the notice +posted on the OpenSSL download page. + +SHREW SOFT INC WILL NOT BE HELD LIABLE FOR THE VIOLATION OF ANY LAW THAT +GOVERNS THE IMPORT/EXPORT OF STRONG CRYPTOGRAPHY SOFTWARE. IT IS YOUR +RESPONSIBILITY TO DETERMINE WHICH OF THESE LAWS MAY APPLY TO YOU BEFORE +OBTAINING ANY SOFTWARE FROM THIS WEBSITE. + +OpenSSL legal notice + +This software package uses strong cryptography, so even if it is created, +maintained and distributed from liberal countries in Europe (where it is +legal to do this), it falls under certain export/import and/or use +restrictions in some other parts of the world. + +PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY +SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING +TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS +OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, +RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS +OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY +ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS +WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY +VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. + + +The Debian packaging is (C) 2008, Nicolas Deschildre and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. --- ike-2.1.5+dfsg.orig/debian/ike.postrm +++ ike-2.1.5+dfsg/debian/ike.postrm @@ -0,0 +1,11 @@ +#!/bin/sh +# See /usr/share/debhelper/dh_make/debian/postrm.ex +set -e + +ike_error() { + echo $? +} + +#DEBHELPER# + +exit 0 --- ike-2.1.5+dfsg.orig/debian/ike.dirs +++ ike-2.1.5+dfsg/debian/ike.dirs @@ -0,0 +1,2 @@ +etc/init.d +usr/lib/ike --- ike-2.1.5+dfsg.orig/debian/ike.prerm +++ ike-2.1.5+dfsg/debian/ike.prerm @@ -0,0 +1,11 @@ +#!/bin/sh +# See /usr/share/debhelper/dh_make/debian/prerm.ex +set -e + +ike_error() { + echo $? +} + +#DEBHELPER# + +exit 0 --- ike-2.1.5+dfsg.orig/debian/changelog +++ ike-2.1.5+dfsg/debian/changelog @@ -0,0 +1,74 @@ +ike (2.1.5+dfsg-1) unstable; urgency=low + + * New upstream version. + * debian/rules: update download-location. + + -- Philipp Matthias Hahn Sun, 06 Dec 2009 09:09:25 +0100 + +ike (2.1.4+dfsg-4) unstable; urgency=low + + * debian/watch: Chaneg to new location + http://www.shrew.net/download/ike/ike-(.*)-release.tgz + + -- Philipp Matthias Hahn Tue, 06 Oct 2009 10:46:53 +0200 + +ike (2.1.4+dfsg-3) unstable; urgency=low + + * Fix incorrect init.d dependencies and runlevel in script/iked. + (Closes: #545893) Thanks to Petter Reinholdtsen. + * debian/ike.{pre,post}{inst,rm}: Fix "package installation fails" by + ignoring errors during start on install. (Closes: #486656) + * debian/control: + - Standards-Version: 3.8.3: no changes required. + - ike: Add reference to other IKEv1 daemons. + * debian/rules: drop deprecated call of dh_desktop. + + -- Philipp Matthias Hahn Tue, 06 Oct 2009 10:29:12 +0200 + +ike (2.1.4+dfsg-2) unstable; urgency=low + + * Fix circular dependency with iked.h & conf.token.hpp. (Closes: #521951) + * debian/control: Standards-Version: 3.8.1 + - Fix script/iked to not start iked.real multiple times. + + -- Philipp Matthias Hahn Tue, 07 Apr 2009 23:50:32 +0200 + +ike (2.1.4+dfsg-1) unstable; urgency=low + + * New upstream version. + * debian/watch: Fix download location. + + -- Philipp Matthias Hahn Thu, 13 Nov 2008 19:50:14 +0100 + +ike (2.1.3+dfsg-1) unstable; urgency=low + + * New upstream version. (Closes: #500139) + - bug in check of remote IPv4 address (Closes: #500027) + * debian/rules: + - "dh_makeshlibs -n" because libraries are not public + - Remove ${misc:Depends} from Depends-lines + - add source/ikea/conflict.h, source/iked/etkey to FILESTOCLEAN + * debian/wrapper/* + - Do exec instead of forking + * debian/control: + - Bump Standards-Version to 3.8.0: no changes required + - Adopt package on Nicolas request. Thanks for previous maintenance. + * debian/{control,copyright,init.d,rules} + - Strip trailing white spaces: s/\s\+$// + * source/iked/iked.{8,conf.5} + - Remove path-prefix /usr/local + * Use script/iked instead of debian/ike.init + + -- Philipp Matthias Hahn Wed, 22 Oct 2008 23:42:59 +0200 + +ike (2.1.0+dfsg-1) unstable; urgency=low + + * New upstream version. + + -- Nicolas Deschildre Wed, 28 May 2008 00:07:17 +0200 + +ike (2.0.3+dfsg-1) unstable; urgency=low + + * Initial release (Closes: #482589) + + -- Nicolas Deschildre Tue, 27 May 2008 19:45:32 +0200 --- ike-2.1.5+dfsg.orig/debian/rules +++ ike-2.1.5+dfsg/debian/rules @@ -0,0 +1,114 @@ +#!/usr/bin/make -f + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +CONFIGURE = cmake + +# Files to delete when cleaning +FILESREGEXTOCLEAN = *.so *.so.* *.a *.cxx cmake_install.cmake *.hh *.o CMakeFiles Makefile +FILESTOCLEAN += CMakeCache.txt +FILESTOCLEAN += cmake.check_cache +FILESTOCLEAN += CMakeOutput.log +FILESTOCLEAN += config.log +FILESTOCLEAN += install_manifest.txt +FILESTOCLEAN += warning.log +FILESTOCLEAN += source/ikea/about.h +FILESTOCLEAN += source/ikea/conflict.h +FILESTOCLEAN += source/ikea/ikea +FILESTOCLEAN += source/ikea/root.h +FILESTOCLEAN += source/ikea/site.h +FILESTOCLEAN += source/ikea/topology.h +FILESTOCLEAN += source/ikec/banner.h +FILESTOCLEAN += source/ikec/filepass.h +FILESTOCLEAN += source/ikec/ikec +FILESTOCLEAN += source/ikec/root.h +FILESTOCLEAN += source/iked/conf.parse.cpp +FILESTOCLEAN += source/iked/conf.parse.hpp +FILESTOCLEAN += source/iked/conf.token.cpp +FILESTOCLEAN += source/iked/etkey +FILESTOCLEAN += source/iked/iked + +# Files to delete from the source archive to be in accordance with the Debian free software guidelines +DFSG_FILESTOCLEAN = ike/docs/* + +VERSION:=$(shell dpkg-parsechangelog | grep '^Version' | sed 's/Version: //' | sed -e 's/+[^+]*$$//') +URL = http://www.shrew.net/download/ike/ike-$(VERSION)-release.tgz + +get-orig-source: + wget -O ike.tar.gz "$(URL)" + tar zxvf ike.tar.gz + $(RM) $(DFSG_FILESTOCLEAN) + mkdir tmp + mv ike tmp/ike-$(VERSION)+dfsg + cd tmp && tar cvf ike_$(VERSION)+dfsg.orig.tar ike-$(VERSION)+dfsg + cd tmp && gzip -9 ike_$(VERSION)+dfsg.orig.tar + mv tmp/ike_$(VERSION)+dfsg.orig.tar.gz . + $(RM) -R tmp + $(RM) ike.tar.gz + +configure: configure-stamp +configure-stamp: + dh_testdir + + $(CONFIGURE) -DQTGUI=YES -DNATT=YES -DCMAKE_INSTALL_PREFIX:PATH=/usr -DETCDIR:PATH=/etc -DMANDIR:PATH=/usr/share/man -DDEBUG=YES + + touch configure-stamp + +#Architecture +build: build-arch + +build-arch: build-arch-stamp +build-arch-stamp: configure-stamp + $(MAKE) + touch $@ + +clean: + dh_testdir + dh_testroot + $(RM) build-arch-stamp configure-stamp +# Cmake does not provide clean target. I have to do it manually. + $(RM) $(FILESTOCLEAN) + $(RM) -R $(foreach regex, $(FILESREGEXTOCLEAN), $(shell find . -name $(regex) -print)) + dh_clean + +install: install-arch + +install-arch: + dh_testdir + dh_testroot + dh_clean -k -s + dh_installdirs -s + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + +# Rename the executables files + mv debian/tmp/usr/bin/ikea debian/tmp/usr/bin/ikea.real + mv debian/tmp/usr/bin/ikec debian/tmp/usr/bin/ikec.real + mv debian/tmp/usr/sbin/iked debian/tmp/usr/sbin/iked.real + dh_install -s + mv debian/ike/etc/init.d/iked debian/ike/etc/init.d/ike + +# Build architecture dependant packages using the common target. +binary-arch: build-arch install-arch + dh_testdir + dh_testroot + dh_installchangelogs TODO.TXT + dh_installdocs + dh_installinit -p ike --onlyscripts --error-handler=ike_error + dh_installman + dh_lintian + dh_strip + dh_compress + dh_fixperms + dh_makeshlibs -n + dh_installdeb + dh_shlibdeps -l/usr/lib/ike + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure get-orig-source --- ike-2.1.5+dfsg.orig/debian/ike.desktop +++ ike-2.1.5+dfsg/debian/ike.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Name=Shrew Soft VPN Access Manager +Name[en_CA]=Shrew Soft VPN Access Manager +Name[de]=Shrew Soft VPN Zugangsverwaltung +Comment=Application to manage remote site configurations +Comment[en_CA]=Application to manage remote site configurations +Comment[de]=Anwendung zum Verwalten der VPN-konfigurationen +Exec=/usr/bin/ikea +Icon=ikea +Terminal=false +Type=Application +Categories=Network --- ike-2.1.5+dfsg.orig/debian/iked.conf +++ ike-2.1.5+dfsg/debian/iked.conf @@ -0,0 +1,24 @@ +# +# sample client iked.conf file +# + +daemon +{ + # bind to ports + + socket ike 500; + socket natt 4500; + + # log output + + log_level error; + + log_file "/var/log/iked.log"; + #pcap_ike "/var/log/ike.pcap"; + #pcap_pub "/var/log/pub.pcap"; + + # retry settings + + retry_delay 10; + retry_count 2; +} --- ike-2.1.5+dfsg.orig/debian/ike.lintian-overrides +++ ike-2.1.5+dfsg/debian/ike.lintian-overrides @@ -0,0 +1 @@ +ike: possible-gpl-code-linked-with-openssl --- ike-2.1.5+dfsg.orig/debian/ike-qtgui.docs +++ ike-2.1.5+dfsg/debian/ike-qtgui.docs @@ -0,0 +1 @@ +README.TXT --- ike-2.1.5+dfsg.orig/debian/ike.manpages +++ ike-2.1.5+dfsg/debian/ike.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man5/iked.conf.5 +debian/tmp/usr/share/man/man8/iked.8 --- ike-2.1.5+dfsg.orig/debian/ike.install +++ ike-2.1.5+dfsg/debian/ike.install @@ -0,0 +1,5 @@ +debian/iked.conf etc/ +debian/wrappers/iked usr/sbin/ +debian/tmp/usr/sbin/iked.real usr/lib/ike/ +debian/tmp/usr/lib/lib*.so.* usr/lib/ike/ +script/iked etc/init.d/ --- ike-2.1.5+dfsg.orig/debian/ike-qtgui.dirs +++ ike-2.1.5+dfsg/debian/ike-qtgui.dirs @@ -0,0 +1,5 @@ +usr/bin +usr/share/man/man1/ +usr/lib/ike/ +usr/share/applications/ +usr/share/pixmaps/ --- ike-2.1.5+dfsg.orig/debian/compat +++ ike-2.1.5+dfsg/debian/compat @@ -0,0 +1 @@ +6 --- ike-2.1.5+dfsg.orig/debian/ike-qtgui.manpages +++ ike-2.1.5+dfsg/debian/ike-qtgui.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man1/ikea.1 +debian/tmp/usr/share/man/man1/ikec.1 --- ike-2.1.5+dfsg.orig/debian/watch +++ ike-2.1.5+dfsg/debian/watch @@ -0,0 +1,7 @@ +# See uscan(1) for format + +# Compulsory line, this is a version 3 file +version=3 + +opts=dversionmangle=s/\+dfsg$// \ + http://www.shrew.net/download/ike /download/ike/ike-(.*)-release.tgz --- ike-2.1.5+dfsg.orig/debian/README.Debian +++ ike-2.1.5+dfsg/debian/README.Debian @@ -0,0 +1,10 @@ +ike for Debian +-------------- + +IKE-daemons normally use well-known UDP port 500, thus installing ike in +parallel to racoon,freeswan,strongswan,openswan,isakmpad,... which also provide +an IKE-daemon listening on UDP port 500 will fail during the configuration +stage. You either need to disable or uninstall the other IKE daemons, or you +must change the "socket ike" setting in /etc/iked.conf to some other free port. + + -- Philipp Matthias Hahn Tue, 06 Oct 2009 08:59:41 +0200 --- ike-2.1.5+dfsg.orig/debian/ike.docs +++ ike-2.1.5+dfsg/debian/ike.docs @@ -0,0 +1 @@ +README.TXT --- ike-2.1.5+dfsg.orig/debian/control +++ ike-2.1.5+dfsg/debian/control @@ -0,0 +1,37 @@ +Source: ike +Section: net +Priority: extra +Maintainer: Philipp Matthias Hahn +Build-Depends: debhelper (>= 6.0.7~), flex, bison (>= 2.3), libqt3-mt-dev (>= 3.3), libssl-dev (>= 0.9), cmake (>= 2.4) +Standards-Version: 3.8.3 +Homepage: http://www.shrew.net/ + +Package: ike +Architecture: any +Depends: ${shlibs:Depends} +Recommends: ike-qtgui +Provides: ike-server +Description:Shrew Soft VPN client - Daemon and libraries + The Shrew Soft VPN client is a free IPsec VPN Client for FreeBSD, NetBSD, + Linux and Windows operating systems. This product can be used to communicate + with Open Source VPN servers (e.g. ipsec-tools) as well as some commercial + VPN servers. + . + This package provides a IKEv1 (ipsec key exchange) daemon and librairies used + to maintain a IPSec VPN connection. It provides similar functionality as + racoon, OpenSwan, FreeSwan, StrongSwan, IsaKmpD but is more user-interactive. + . + Note: You should install the ike-qtgui package to have a graphical + user interface to configure and use VPN connections. + +Package: ike-qtgui +Architecture: any +Depends: ${shlibs:Depends} +Description:Shrew Soft VPN client - Connection manager + The Shrew Soft VPN Client is a free IPsec VPN Client for FreeBSD, NetBSD, + Linux and Windows operating systems. This product can be used to communicate + with Open Source VPN servers (e.g. ipsec-tools) as well as some commercial + VPN servers. + . + This package provides the connection manager program, which allows one + to create, manage and use VPN connections. --- ike-2.1.5+dfsg.orig/debian/ike.postinst +++ ike-2.1.5+dfsg/debian/ike.postinst @@ -0,0 +1,11 @@ +#!/bin/sh +# See /usr/share/debhelper/dh_make/debian/postinst.ex +set -e + +ike_error() { + true +} + +#DEBHELPER# + +exit 0 --- ike-2.1.5+dfsg.orig/debian/ike-qtgui.install +++ ike-2.1.5+dfsg/debian/ike-qtgui.install @@ -0,0 +1,6 @@ +debian/wrappers/ikea usr/bin/ +debian/wrappers/ikec usr/bin/ +debian/tmp/usr/bin/ikea.real usr/lib/ike/ +debian/tmp/usr/bin/ikec.real usr/lib/ike/ +source/ikea/png/ikea.png usr/share/pixmaps/ +debian/ike.desktop usr/share/applications/ --- ike-2.1.5+dfsg.orig/debian/wrappers/ikec +++ ike-2.1.5+dfsg/debian/wrappers/ikec @@ -0,0 +1,4 @@ +#!/bin/bash + +# Link to private shared libs +LD_LIBRARY_PATH=/usr/lib/ike:$LD_LIBRARY_PATH exec /usr/lib/ike/ikec.real "$@" --- ike-2.1.5+dfsg.orig/debian/wrappers/iked +++ ike-2.1.5+dfsg/debian/wrappers/iked @@ -0,0 +1,4 @@ +#!/bin/bash + +# Link to private shared libs +LD_LIBRARY_PATH=/usr/lib/ike:$LD_LIBRARY_PATH exec /usr/lib/ike/iked.real "$@" --- ike-2.1.5+dfsg.orig/debian/wrappers/ikea +++ ike-2.1.5+dfsg/debian/wrappers/ikea @@ -0,0 +1,4 @@ +#!/bin/bash + +# Link to private shared libs +LD_LIBRARY_PATH=/usr/lib/ike:$LD_LIBRARY_PATH exec /usr/lib/ike/ikea.real "$@" --- ike-2.1.5+dfsg.orig/script/iked +++ ike-2.1.5+dfsg/script/iked @@ -1,5 +1,14 @@ #! /bin/sh -set -e +### BEGIN INIT INFO +# Provides: ike +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the Shrew VPN daemon. +# Description: The Shrew VPN client requires the ike daemon +# to run before being able to connect. +### END INIT INFO # /etc/init.d/iked: start and stop the Shrew Soft IKE daemon @@ -7,24 +16,24 @@ . /lib/lsb/init-functions -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" +PATH=/sbin:/bin:/usr/sbin:/usr/bin case "$1" in start) log_begin_msg "Starting Shrew Soft IKE daemon..." - start-stop-daemon --start --quiet --exec /usr/sbin/iked || log_end_msg 1 + start-stop-daemon --start --quiet --oknodo --exec /usr/lib/ike/iked.real --startas /usr/sbin/iked || log_end_msg 1 log_end_msg 0 ;; stop) log_begin_msg "Stopping Shrew Soft IKE daemon..." - start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/iked || log_end_msg 1 + start-stop-daemon --stop --quiet --oknodo --exec /usr/lib/ike/iked.real || log_end_msg 1 log_end_msg 0 ;; - restart) + restart|reload|force-reload) log_begin_msg "Restarting Shrew Soft IKE daemon..." - start-stop-daemon --stop --quiet --oknodo --retry 30 --exec /usr/sbin/iked || log_end_msg 1 - start-stop-daemon --start --quiet --exec /usr/sbin/iked || log_end_msg 1 + start-stop-daemon --stop --quiet --oknodo --retry 30 --exec /usr/lib/ike/iked.real || log_end_msg 1 + start-stop-daemon --start --quiet --exec /usr/lib/ike/iked.real --startas /usr/sbin/iked || log_end_msg 1 log_end_msg 0 ;;