openswan/contribs8/openswan-2.6.38.spec

Summary: Openswan IPsec implementation
Name: openswan
Version: 2.6.38
%{!?buildklips: %{expand: %%define buildklips 0}}
%{!?buildxen: %{expand: %%define buildxen 0}}

# nss build
%{!?buildnss: %{expand: %%define buildnss 0}}

# The default kernel version to build for is the latest of
# the installed binary kernel
# This can be overridden by "--define 'kversion x.x.x-y.y.y'"
%define defkv %(rpm -q kernel kernel-smp| grep -v "not installed" | sed "s/kernel-smp-\\\(.\*\\\)$/\\1smp/"| sed "s/kernel-//"| sort | tail -1)
%{!?kversion: %{expand: %%define kversion %defkv}}
%define krelver %(echo %{kversion} | tr -s '-' '_')

# Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
%define srcpkgver %(echo %{version} | tr -s '_' '-')
%define ourrelease 1
Release: %{ourrelease}
License: GPLv2, some BSD
Url: http://www.openswan.org/
Source: openswan-%{srcpkgver}.tar.gz
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Summary: Openswan - An IPsec and IKE implementation
Group: System Environment/Daemons
BuildRequires: gmp-devel bison flex bind-devel redhat-rpm-config xmlto
%if %{buildnss}
BuildRequires: nss >= 3.12.6-2
%endif
Requires: iproute >= 2.6.8
Requires(post): coreutils bash
Requires(preun): initscripts chkconfig
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service

%description
Openswan is a free implementation of IPsec & IKE for Linux.  IPsec is 
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and 
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains Bluerose Openswan, which is a variant maintained
by Michael Richardson <mcr@sandelman.ca>.  No version information is provided
with this package other than a year and week number. For a supported product
contact sales@xelerance.com.

This package contains the daemons and userland tools for setting up
Openswan. It optionally also builds the Openswan KLIPS IPsec stack that
is an alternative for the NETKEY/XFRM IPsec stack that exists in the
default Linux kernel.

Openswan 2.6.x also supports IKEv2 (RFC4309)

%if %{buildklips}
%package klips
Summary: Openswan kernel module
Group:  System Environment/Kernel
Release: %{krelver}_%{ourrelease}
Requires: kernel = %{kversion}, %{name}-%{version}

%description klips
This package contains only the ipsec module for the RedHat/Fedora series of
kernels.
%endif

%prep
%setup -q -n openswan-%{srcpkgver}

%build
%{__make} \
  USERCOMPILE="-g %{optflags} -fPIE -pie" \
  USERLINK="-g -pie" \
  HAVE_THREADS="true" \
%if %{buildnss}
  USE_LIBNSS="true" \
  USE_FIPSCHECK="true" \
  USE_LIBCAP_NG="true" \
%endif
  USE_DYNAMICDNS="true" \
  USE_LWRES="true" \
  INC_USRLOCAL=%{_prefix} \
  FINALLIBDIR=%{_libdir}/ipsec \
  MANTREE=%{_mandir} \
  INC_RCDEFAULT=%{_initrddir} \
  programs
FS=$(pwd)

%if %{buildklips}
mkdir -p BUILD.%{_target_cpu}

cd packaging/fedora
# rpm doesn't know we're compiling kernel code. optflags will give us -m64
%{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu} \
    OPENSWANSRCDIR=$FS \
    KLIPSCOMPILE="%{optflags}" \
    KERNELSRC=/lib/modules/%{kversion}/build \
%if %{buildxen}
    ARCH=xen \
%else
    ARCH=%{_arch} \
%endif
    MODULE_DEF_INCLUDE=$FS/packaging/centos5/config-%{_target_cpu}.h \
    MODULE_EXTRA_INCLUDE=$FS/packaging/centos5/extra_%{krelver}.h \
    include module
%endif

%install
rm -rf ${RPM_BUILD_ROOT}
%{__make} \
  DESTDIR=%{buildroot} \
  INC_USRLOCAL=%{_prefix} \
  FINALLIBDIR=%{_libdir}/ipsec \
  MANTREE=%{buildroot}%{_mandir} \
  INC_RCDEFAULT=%{_initrddir} \
  USE_LWRES="true" \
  install
FS=$(pwd)
rm -rf %{buildroot}/usr/share/doc/openswan
rm -rf %{buildroot}/%{_initrddir}/setup
rm -rf %{buildroot}/etc/ipsec.d/examples
find %{buildroot}%{_mandir}  -type f | xargs chmod a-x

install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
# used when setting --perpeerlog without --perpeerlogbase 
install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
install -d %{buildroot}%{_sbindir}

%if %{buildklips}
mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
for i in $FS/BUILD.%{_target_cpu}/ipsec.ko  $FS/modobj/ipsec.o
do
  if [ -f $i ]
  then
    cp $i %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec 
  fi
done
%endif

%clean
rm -rf ${RPM_BUILD_ROOT}

%files 
%defattr(-,root,root)
%doc BUGS CHANGES COPYING CREDITS README LICENSE
%doc OBJ.linux.*/programs/examples/*.conf
#%doc doc/manpage.d/*
# /usr/share/doc/openswan/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%{_localstatedir}/run/pluto
%{_initrddir}/ipsec
%{_libdir}/ipsec
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
%doc %{_mandir}/*/*

%if %{buildklips}
%files klips
%defattr (-,root,root)
/lib/modules/%{kversion}/kernel/net/ipsec
%endif

%preun
if [ $1 -eq 0 ]; then
        /sbin/service ipsec stop > /dev/null 2>&1
        /sbin/chkconfig --del ipsec
fi

%postun
if [ $1 -ge 1 ] ; then
 /sbin/service ipsec condrestart 2>&1 >/dev/null
fi

%if %{buildklips}
%postun klips
/sbin/depmod -ae %{kversion}
%post klips
/sbin/depmod -ae %{kversion}
%endif

%post 
/sbin/chkconfig --add ipsec

%changelog
* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.03-1
- Applied patch by RedHat to allow building with debug package
* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.01-1
- Work around for warnings in BIND related code
- Remove bogus file /etc/init.d/setup at install
- Cleaned up spec file

* Mon Oct 10 2005 Paul Wouters <paul@xelerance.com>
- Updated for klips on xen 
- added ldconfig for post klips to obtain ipsec module dependancies
- Run 'make include' since on FC4 kernel source does not have the links yet.

* Wed Jan  5 2005 Paul Wouters <paul@xelerance.com>
- Updated for x86_64 and klips on 2.6

* Sun Sep  5 2004 Paul Wouters <paul@xelerance.com>
- Updated for openswan

* Fri Aug 22 2003 Sam Sgro <sam@freeswan.org>
- Juggling release/source package names to allow for 
  -pre/-rc releases to build.

* Thu Aug 14 2003 Sam Sgro <sam@freeswan.org>
- Reverting back to pre-x.509 version, cosmetic changes.

* Tue May 20 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_2es
- Add "Obsoletes: freeswan" to userland RPM.

* Fri May 16 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_1es
- Add version 1.3.2 of the x509 patch.
- Add missing /usr/libexec/ipsec dir and files.
- Minor tidy up of spec file.

* Thu May 15 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-1es
- Based on work by Paul Lahaie of Steamballoon, Michael
  Richardson of freeS/WAN team and Tuomo Soini <tis@foobar.fi>.
- Build freeswan RPMs from a single source RPM, for RedHat, but
  should work on any RPM based system.
1	unnilennium	1.1	Summary: Openswan IPsec implementation
2			Name: openswan
3			Version: 2.6.38
4			%{!?buildklips: %{expand: %%define buildklips 0}}
5			%{!?buildxen: %{expand: %%define buildxen 0}}
6
7			# nss build
8			%{!?buildnss: %{expand: %%define buildnss 0}}
9
10			# The default kernel version to build for is the latest of
11			# the installed binary kernel
12			# This can be overridden by "--define 'kversion x.x.x-y.y.y'"
13			%define defkv %(rpm -q kernel kernel-smp\| grep -v "not installed" \| sed "s/kernel-smp-\\\(.\*\\\)$/\\1smp/"\| sed "s/kernel-//"\| sort \| tail -1)
14			%{!?kversion: %{expand: %%define kversion %defkv}}
15			%define krelver %(echo %{kversion} \| tr -s '-' '_')
16
17			# Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
18			%define srcpkgver %(echo %{version} \| tr -s '_' '-')
19			%define ourrelease 1
20			Release: %{ourrelease}
21			License: GPLv2, some BSD
22			Url: http://www.openswan.org/
23			Source: openswan-%{srcpkgver}.tar.gz
24			Group: System Environment/Daemons
25			BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
26			Summary: Openswan - An IPsec and IKE implementation
27			Group: System Environment/Daemons
28			BuildRequires: gmp-devel bison flex bind-devel redhat-rpm-config xmlto
29			%if %{buildnss}
30			BuildRequires: nss >= 3.12.6-2
31			%endif
32			Requires: iproute >= 2.6.8
33			Requires(post): coreutils bash
34			Requires(preun): initscripts chkconfig
35			Requires(post): /sbin/chkconfig
36			Requires(preun): /sbin/chkconfig
37			Requires(preun): /sbin/service
38
39			%description
40			Openswan is a free implementation of IPsec & IKE for Linux. IPsec is
41			the Internet Protocol Security and uses strong cryptography to provide
42			both authentication and encryption services. These services allow you
43			to build secure tunnels through untrusted networks. Everything passing
44			through the untrusted net is encrypted by the ipsec gateway machine and
45			decrypted by the gateway at the other end of the tunnel. The resulting
46			tunnel is a virtual private network or VPN.
47
48			This package contains Bluerose Openswan, which is a variant maintained
49			by Michael Richardson <mcr@sandelman.ca>. No version information is provided
50			with this package other than a year and week number. For a supported product
51			contact sales@xelerance.com.
52
53			This package contains the daemons and userland tools for setting up
54			Openswan. It optionally also builds the Openswan KLIPS IPsec stack that
55			is an alternative for the NETKEY/XFRM IPsec stack that exists in the
56			default Linux kernel.
57
58			Openswan 2.6.x also supports IKEv2 (RFC4309)
59
60			%if %{buildklips}
61			%package klips
62			Summary: Openswan kernel module
63			Group: System Environment/Kernel
64			Release: %{krelver}_%{ourrelease}
65			Requires: kernel = %{kversion}, %{name}-%{version}
66
67			%description klips
68			This package contains only the ipsec module for the RedHat/Fedora series of
69			kernels.
70			%endif
71
72			%prep
73			%setup -q -n openswan-%{srcpkgver}
74
75			%build
76			%{__make} \
77			USERCOMPILE="-g %{optflags} -fPIE -pie" \
78			USERLINK="-g -pie" \
79			HAVE_THREADS="true" \
80			%if %{buildnss}
81			USE_LIBNSS="true" \
82			USE_FIPSCHECK="true" \
83			USE_LIBCAP_NG="true" \
84			%endif
85			USE_DYNAMICDNS="true" \
86			USE_LWRES="true" \
87			INC_USRLOCAL=%{_prefix} \
88			FINALLIBDIR=%{_libdir}/ipsec \
89			MANTREE=%{_mandir} \
90			INC_RCDEFAULT=%{_initrddir} \
91			programs
92			FS=$(pwd)
93
94			%if %{buildklips}
95			mkdir -p BUILD.%{_target_cpu}
96
97			cd packaging/fedora
98			# rpm doesn't know we're compiling kernel code. optflags will give us -m64
99			%{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu} \
100			OPENSWANSRCDIR=$FS \
101			KLIPSCOMPILE="%{optflags}" \
102			KERNELSRC=/lib/modules/%{kversion}/build \
103			%if %{buildxen}
104			ARCH=xen \
105			%else
106			ARCH=%{_arch} \
107			%endif
108			MODULE_DEF_INCLUDE=$FS/packaging/centos5/config-%{_target_cpu}.h \
109			MODULE_EXTRA_INCLUDE=$FS/packaging/centos5/extra_%{krelver}.h \
110			include module
111			%endif
112
113			%install
114			rm -rf ${RPM_BUILD_ROOT}
115			%{__make} \
116			DESTDIR=%{buildroot} \
117			INC_USRLOCAL=%{_prefix} \
118			FINALLIBDIR=%{_libdir}/ipsec \
119			MANTREE=%{buildroot}%{_mandir} \
120			INC_RCDEFAULT=%{_initrddir} \
121			USE_LWRES="true" \
122			install
123			FS=$(pwd)
124			rm -rf %{buildroot}/usr/share/doc/openswan
125			rm -rf %{buildroot}/%{_initrddir}/setup
126			rm -rf %{buildroot}/etc/ipsec.d/examples
127			find %{buildroot}%{_mandir} -type f \| xargs chmod a-x
128
129			install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
130			# used when setting --perpeerlog without --perpeerlogbase
131			install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
132			install -d %{buildroot}%{_sbindir}
133
134			%if %{buildklips}
135			mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
136			for i in $FS/BUILD.%{_target_cpu}/ipsec.ko $FS/modobj/ipsec.o
137			do
138			if [ -f $i ]
139			then
140			cp $i %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
141			fi
142			done
143			%endif
144
145			%clean
146			rm -rf ${RPM_BUILD_ROOT}
147
148			%files
149			%defattr(-,root,root)
150			%doc BUGS CHANGES COPYING CREDITS README LICENSE
151			%doc OBJ.linux./programs/examples/.conf
152			#%doc doc/manpage.d/*
153			# /usr/share/doc/openswan/*
154			%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
155			%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
156			%attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
157			%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
158			%{_localstatedir}/run/pluto
159			%{_initrddir}/ipsec
160			%{_libdir}/ipsec
161			%{_sbindir}/ipsec
162			%{_libexecdir}/ipsec
163			%doc %{_mandir}//
164
165			%if %{buildklips}
166			%files klips
167			%defattr (-,root,root)
168			/lib/modules/%{kversion}/kernel/net/ipsec
169			%endif
170
171			%preun
172			if [ $1 -eq 0 ]; then
173			/sbin/service ipsec stop > /dev/null 2>&1
174			/sbin/chkconfig --del ipsec
175			fi
176
177			%postun
178			if [ $1 -ge 1 ] ; then
179			/sbin/service ipsec condrestart 2>&1 >/dev/null
180			fi
181
182			%if %{buildklips}
183			%postun klips
184			/sbin/depmod -ae %{kversion}
185			%post klips
186			/sbin/depmod -ae %{kversion}
187			%endif
188
189			%post
190			/sbin/chkconfig --add ipsec
191
192			%changelog
193			* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.03-1
194			- Applied patch by RedHat to allow building with debug package
195			* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.01-1
196			- Work around for warnings in BIND related code
197			- Remove bogus file /etc/init.d/setup at install
198			- Cleaned up spec file
199
200			* Mon Oct 10 2005 Paul Wouters <paul@xelerance.com>
201			- Updated for klips on xen
202			- added ldconfig for post klips to obtain ipsec module dependancies
203			- Run 'make include' since on FC4 kernel source does not have the links yet.
204
205			* Wed Jan 5 2005 Paul Wouters <paul@xelerance.com>
206			- Updated for x86_64 and klips on 2.6
207
208			* Sun Sep 5 2004 Paul Wouters <paul@xelerance.com>
209			- Updated for openswan
210
211			* Fri Aug 22 2003 Sam Sgro <sam@freeswan.org>
212			- Juggling release/source package names to allow for
213			-pre/-rc releases to build.
214
215			* Thu Aug 14 2003 Sam Sgro <sam@freeswan.org>
216			- Reverting back to pre-x.509 version, cosmetic changes.
217
218			* Tue May 20 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_2es
219			- Add "Obsoletes: freeswan" to userland RPM.
220
221			* Fri May 16 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_1es
222			- Add version 1.3.2 of the x509 patch.
223			- Add missing /usr/libexec/ipsec dir and files.
224			- Minor tidy up of spec file.
225
226			* Thu May 15 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-1es
227			- Based on work by Paul Lahaie of Steamballoon, Michael
228			Richardson of freeS/WAN team and Tuomo Soini <tis@foobar.fi>.
229			- Build freeswan RPMs from a single source RPM, for RedHat, but
230			should work on any RPM based system.