3 files changed, 90 insertions, 33 deletions
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
index 48e606c6cab6..7bd807b4ed06 100644
--- a/net-firewall/ipsec-tools/ChangeLog
+++ b/net-firewall/ipsec-tools/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for net-firewall/ipsec-tools
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.83 2012/03/04 03:55:25 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.84 2012/03/04 18:18:27 blueness Exp $
+
+  04 Mar 2012; Anthony G. Basile <blueness@gentoo.org>
+  ipsec-tools-0.8.0-r1.ebuild:
+  Make linux-info output easy to interpret, bug #335510
 
   04 Mar 2012; Anthony G. Basile <blueness@gentoo.org>
   ipsec-tools-0.8.0-r1.ebuild:
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
index 5558c32c034c..1127c1576a01 100644
--- a/net-firewall/ipsec-tools/Manifest
+++ b/net-firewall/ipsec-tools/Manifest
@@ -11,14 +11,14 @@ DIST ipsec-tools-0.7.3.tar.bz2 776096 RMD160 e0ff32f0daa845934ac868ad5f36d58b259
 DIST ipsec-tools-0.8.0.tar.bz2 809297 RMD160 8715d97c52ef4de771e50df579e5e9241d5bf966 SHA1 d44a955a00cdfcd771fb1eca8267421bd47bc46e SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
 EBUILD ipsec-tools-0.7.3-r1.ebuild 5504 RMD160 c80cca70aec3efa13f87c3c66bec051cc581a6da SHA1 afd5f1d981ab75cb640aa3825b3c377a8403eefd SHA256 fb8f045eb7bde9e20eb9c634337e1b23caf64128ff84aa81af4faed2cdc16fed
 EBUILD ipsec-tools-0.7.3.ebuild 8375 RMD160 990aa70c71acc7f3c523aaa1abcfef4f8999e7c7 SHA1 f65d04115cce6277297953cfbac91ce89a3ce83b SHA256 fb7cd6ae897526e409bb9799c9594955577894f87cf79fef27fe8f673d4eaafd
-EBUILD ipsec-tools-0.8.0-r1.ebuild 5081 RMD160 347457f97a86543c2fc1767c71ed2e0af638d1cb SHA1 6cfe2d4e6497a3157bb70ac76b1ab2a50f09f810 SHA256 87007be7d31ab24a10100f7166c6d5cbbd24127aa929cab58f653371a85553f6
+EBUILD ipsec-tools-0.8.0-r1.ebuild 6059 RMD160 8362f600f68800c907e177a5566e1356377c470f SHA1 1cc992a2e39073e89fae48278c36ada363d0d366 SHA256 b0908292a9bd960f988009ed9a7a9f3be073243838c7b4f3ea7715695e8b48fa
 EBUILD ipsec-tools-0.8.0.ebuild 5039 RMD160 0844c4087ebf39eb2b95a5fcb7ee910b4cf1cc0d SHA1 e7a982d311f583a246ea3904f7d5f807347792ad SHA256 9f4374e05e08ef0c0c88951a63b9dab0ab2f2edc5b7675b5f4864654078936b6
-MISC ChangeLog 13651 RMD160 f522f84f86944ad7cdb5863c9bcf66ad04c7ef96 SHA1 c661cfbdd1d01ee82635cbe2589a4af211246986 SHA256 d45969fde284295498c68da66e32e86e756250f063dd1f6598b78fd66e91dad0
+MISC ChangeLog 13794 RMD160 94d9c41db46100a0d8c5149268acf314f446dc10 SHA1 5f0185480c29b0386bd38609542803c028600911 SHA256 d0b356d1fd80a9ddf90ac751cb9698fa6ce17dca6aed214e23a1acc2fdbf1554
 MISC metadata.xml 537 RMD160 41f7f604e33d56879ee9dd0d5a18c7f8fcc0910e SHA1 0fdf06aa17efa68aa50f04db0277e0dc4f4be590 SHA256 12de55d6d62b8e91c8996422e33462b5637f9720a5096025752b93906bcbdc40
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEAREIAAYFAk9S57gACgkQl5yvQNBFVTVdSACeM3HRO+xX4KuOnPUJQuA7PoFY
-e8kAmwRCNF5ntZtGp1YPyoPHuKySSO3e
-=rrj1
+iEYEAREIAAYFAk9Tsf0ACgkQl5yvQNBFVTXFMwCcDTLMuQiklW1D3yjv2TixxM2a
+H3MAnRVUfLVEStpfEL1bLa4g7+YpvEXT
+=A0S4
 -----END PGP SIGNATURE-----
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
index b146cd5f7359..2ce4153210c8 100644
--- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild,v 1.2 2012/03/04 03:55:25 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r1.ebuild,v 1.3 2012/03/04 18:18:27 blueness Exp $
 
 EAPI="4"
 
@@ -33,44 +33,97 @@ DEPEND="${RDEPEND}
 	>=sys-kernel/linux-headers-2.6.30"
 
 pkg_setup() {
-	get_version
-	if kernel_is -ge 2 6 19 ; then
-		einfo "Checking for suitable kernel configuration (Networking | Networking support | Networking options)"
+	linux-info_pkg_setup
 
-		if use nat; then
-			CONFIG_CHECK="${CONFIG_CHECK} ~NETFILTER_XT_MATCH_POLICY"
-			export WARNING_NETFILTER_XT_MATCH_POLICY="NAT support may fail weirdly unless you enable this option in your kernel"
-		fi
+	get_version
 
+	if linux_config_exists && kernel_is -ge 2 6 19; then
+		ewarn
+		ewarn "\033[1;33m**************************************************\033[1;33m"
+		ewarn
+		ewarn "Checking kernel configuration in /usr/src/linux or"
+		ewarn "or /proc/config.gz for compatibility with ${PN}."
+		ewarn
+		ewarn "WARNING: If your *configured* and *running* kernel"
+		ewarn "differ either now or in the future, then these checks"
+		ewarn "may lead to misleading results."
+
+		# Check options for all flavors of IPSec
+		local msg=""
 		for i in XFRM_USER NET_KEY; do
-			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
-			eval "export WARNING_${i}='No tunnels will be available at all'"
+			if ! linux_chkconfig_present ${i}; then
+				msg="${msg} ${i}"
+			fi
 		done
+		if [[ ! -z "$msg" ]]; then
+			ewarn
+			ewarn "ALL IPSec may fail. CHECK:"
+			ewarn "${msg}"
+		fi
+
+		# Check unencrypted IPSec
+		if ! linux_chkconfig_present CRYPTO_NULL; then
+			ewarn
+			ewarn "Unencrypted IPSec may fail. CHECK:"
+			ewarn " CRYPTO_NULL"
+		fi
 
-		for i in INET_IPCOMP INET_AH INET_ESP \
+		# Check IPv4 IPSec
+		msg=""
+		for i in \
+			INET_IPCOMP INET_AH INET_ESP \
 			INET_XFRM_MODE_TRANSPORT \
 			INET_XFRM_MODE_TUNNEL \
-			INET_XFRM_MODE_BEET ; do
-			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
-			eval "export WARNING_${i}='IPv4 tunnels will not be available'"
+			INET_XFRM_MODE_BEET
+		do
+			if ! linux_chkconfig_present ${i}; then
+				msg="${msg} ${i}"
+			fi
 		done
+		if [[ ! -z "$msg" ]]; then
+			ewarn
+			ewarn "IPv4 IPSec may fail. CHECK:"
+			ewarn "${msg}"
+		fi
 
-		for i in INET6_IPCOMP INET6_AH INET6_ESP \
-			INET6_XFRM_MODE_TRANSPORT \
-			INET6_XFRM_MODE_TUNNEL \
-			INET6_XFRM_MODE_BEET ; do
-			CONFIG_CHECK="${CONFIG_CHECK} ~${i}"
-			eval "export WARNING_${i}='IPv6 tunnels will not be available'"
-		done
+		# Check IPv6 IPSec
+		if use ipv6; then
+			msg=""
+			for i in INET6_IPCOMP INET6_AH INET6_ESP \
+				INET6_XFRM_MODE_TRANSPORT \
+				INET6_XFRM_MODE_TUNNEL \
+				INET6_XFRM_MODE_BEET
+			do
+				if ! linux_chkconfig_present ${i}; then
+					msg="${msg} ${i}"
+				fi
+			done
+			if [[ ! -z "$msg" ]]; then
+				ewarn
+				ewarn "IPv6 IPSec may fail. CHECK:"
+				ewarn "${msg}"
+			fi
+		fi
 
-		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_NULL"
-		export WARNING_CRYPTO_NULL="Unencrypted tunnels will not be available"
-		export CONFIG_CHECK
+		# Check IPSec behind NAT
+		if use nat; then
+			if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then
+				ewarn
+				ewarn "IPSec behind NAT may fail.  CHECK:"
+				ewarn " NETFILTER_XT_MATCH_POLICY"
+			fi
+		fi
 
-		check_extra_config
+		ewarn
+		ewarn "\033[1;33m**************************************************\033[1;33m"
+		ewarn
 	else
-		eerror "You must have a kernel >=2.6.19 to run ipsec-tools."
-		eerror "Building now, assuming that you will run on a different kernel"
+		eerror
+		eerror "\033[1;31m**************************************************\033[1;31m"
+		eerror "Make sure that your *running* kernel is/will be >=2.6.19."
+		eerror "Building ${PN} now, assuming that you know what you're doing."
+		eerror "\033[1;31m**************************************************\033[1;31m"
+		eerror
 	fi
 }