| 1 |
Summary: Openswan IPsec implementation |
| 2 |
Name: openswan |
| 3 |
Version: 2.6.38 |
| 4 |
%{!?buildklips: %{expand: %%define buildklips 0}} |
| 5 |
%{!?buildxen: %{expand: %%define buildxen 0}} |
| 6 |
|
| 7 |
# nss build |
| 8 |
%{!?buildnss: %{expand: %%define buildnss 0}} |
| 9 |
|
| 10 |
# The default kernel version to build for is the latest of |
| 11 |
# the installed binary kernel |
| 12 |
# This can be overridden by "--define 'kversion x.x.x-y.y.y'" |
| 13 |
%define defkv %(rpm -q kernel kernel-smp| grep -v "not installed" | sed "s/kernel-smp-\\\(.\*\\\)$/\\1smp/"| sed "s/kernel-//"| sort | tail -1) |
| 14 |
%{!?kversion: %{expand: %%define kversion %defkv}} |
| 15 |
%define krelver %(echo %{kversion} | tr -s '-' '_') |
| 16 |
|
| 17 |
# Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia |
| 18 |
%define srcpkgver %(echo %{version} | tr -s '_' '-') |
| 19 |
%define ourrelease 2 |
| 20 |
Release: %{ourrelease}%{?dist} |
| 21 |
License: GPLv2, some BSD |
| 22 |
Url: http://www.openswan.org/ |
| 23 |
Source: openswan-%{srcpkgver}.tar.gz |
| 24 |
Group: System Environment/Daemons |
| 25 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
| 26 |
Summary: Openswan - An IPsec and IKE implementation |
| 27 |
Group: System Environment/Daemons |
| 28 |
BuildRequires: gmp-devel bison flex bind-devel redhat-rpm-config xmlto |
| 29 |
%if %{buildnss} |
| 30 |
BuildRequires: nss >= 3.12.6-2 |
| 31 |
%endif |
| 32 |
Requires: iproute >= 2.6.8 |
| 33 |
Requires(post): coreutils bash |
| 34 |
Requires(preun): initscripts chkconfig |
| 35 |
Requires(post): /sbin/chkconfig |
| 36 |
Requires(preun): /sbin/chkconfig |
| 37 |
Requires(preun): /sbin/service |
| 38 |
|
| 39 |
%description |
| 40 |
Openswan is a free implementation of IPsec & IKE for Linux. IPsec is |
| 41 |
the Internet Protocol Security and uses strong cryptography to provide |
| 42 |
both authentication and encryption services. These services allow you |
| 43 |
to build secure tunnels through untrusted networks. Everything passing |
| 44 |
through the untrusted net is encrypted by the ipsec gateway machine and |
| 45 |
decrypted by the gateway at the other end of the tunnel. The resulting |
| 46 |
tunnel is a virtual private network or VPN. |
| 47 |
|
| 48 |
This package contains Bluerose Openswan, which is a variant maintained |
| 49 |
by Michael Richardson <mcr@sandelman.ca>. No version information is provided |
| 50 |
with this package other than a year and week number. For a supported product |
| 51 |
contact sales@xelerance.com. |
| 52 |
|
| 53 |
This package contains the daemons and userland tools for setting up |
| 54 |
Openswan. It optionally also builds the Openswan KLIPS IPsec stack that |
| 55 |
is an alternative for the NETKEY/XFRM IPsec stack that exists in the |
| 56 |
default Linux kernel. |
| 57 |
|
| 58 |
Openswan 2.6.x also supports IKEv2 (RFC4309) |
| 59 |
|
| 60 |
%if %{buildklips} |
| 61 |
%package klips |
| 62 |
Summary: Openswan kernel module |
| 63 |
Group: System Environment/Kernel |
| 64 |
Release: %{krelver}_%{ourrelease} |
| 65 |
Requires: kernel = %{kversion}, %{name}-%{version} |
| 66 |
|
| 67 |
%description klips |
| 68 |
This package contains only the ipsec module for the RedHat/Fedora series of |
| 69 |
kernels. |
| 70 |
%endif |
| 71 |
|
| 72 |
%prep |
| 73 |
%setup -q -n openswan-%{srcpkgver} |
| 74 |
|
| 75 |
%build |
| 76 |
%{__make} \ |
| 77 |
USERCOMPILE="-g %{optflags} -fPIE -pie" \ |
| 78 |
USERLINK="-g -pie" \ |
| 79 |
HAVE_THREADS="true" \ |
| 80 |
%if %{buildnss} |
| 81 |
USE_LIBNSS="true" \ |
| 82 |
USE_FIPSCHECK="true" \ |
| 83 |
USE_LIBCAP_NG="true" \ |
| 84 |
%endif |
| 85 |
USE_DYNAMICDNS="true" \ |
| 86 |
USE_LWRES="true" \ |
| 87 |
INC_USRLOCAL=%{_prefix} \ |
| 88 |
FINALLIBDIR=%{_libdir}/ipsec \ |
| 89 |
MANTREE=%{_mandir} \ |
| 90 |
INC_RCDEFAULT=%{_initrddir} \ |
| 91 |
programs |
| 92 |
FS=$(pwd) |
| 93 |
|
| 94 |
%if %{buildklips} |
| 95 |
mkdir -p BUILD.%{_target_cpu} |
| 96 |
|
| 97 |
cd packaging/fedora |
| 98 |
# rpm doesn't know we're compiling kernel code. optflags will give us -m64 |
| 99 |
%{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu} \ |
| 100 |
OPENSWANSRCDIR=$FS \ |
| 101 |
KLIPSCOMPILE="%{optflags}" \ |
| 102 |
KERNELSRC=/lib/modules/%{kversion}/build \ |
| 103 |
%if %{buildxen} |
| 104 |
ARCH=xen \ |
| 105 |
%else |
| 106 |
ARCH=%{_arch} \ |
| 107 |
%endif |
| 108 |
MODULE_DEF_INCLUDE=$FS/packaging/centos5/config-%{_target_cpu}.h \ |
| 109 |
MODULE_EXTRA_INCLUDE=$FS/packaging/centos5/extra_%{krelver}.h \ |
| 110 |
include module |
| 111 |
%endif |
| 112 |
|
| 113 |
%install |
| 114 |
rm -rf ${RPM_BUILD_ROOT} |
| 115 |
%{__make} \ |
| 116 |
DESTDIR=%{buildroot} \ |
| 117 |
INC_USRLOCAL=%{_prefix} \ |
| 118 |
FINALLIBDIR=%{_libdir}/ipsec \ |
| 119 |
MANTREE=%{buildroot}%{_mandir} \ |
| 120 |
INC_RCDEFAULT=%{_initrddir} \ |
| 121 |
USE_LWRES="true" \ |
| 122 |
install |
| 123 |
FS=$(pwd) |
| 124 |
rm -rf %{buildroot}/usr/share/doc/openswan |
| 125 |
rm -rf %{buildroot}/%{_initrddir}/setup |
| 126 |
rm -rf %{buildroot}/etc/ipsec.d/examples |
| 127 |
find %{buildroot}%{_mandir} -type f | xargs chmod a-x |
| 128 |
|
| 129 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto |
| 130 |
# used when setting --perpeerlog without --perpeerlogbase |
| 131 |
install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer |
| 132 |
install -d %{buildroot}%{_sbindir} |
| 133 |
|
| 134 |
%if %{buildklips} |
| 135 |
mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec |
| 136 |
for i in $FS/BUILD.%{_target_cpu}/ipsec.ko $FS/modobj/ipsec.o |
| 137 |
do |
| 138 |
if [ -f $i ] |
| 139 |
then |
| 140 |
cp $i %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec |
| 141 |
fi |
| 142 |
done |
| 143 |
%endif |
| 144 |
|
| 145 |
%clean |
| 146 |
rm -rf ${RPM_BUILD_ROOT} |
| 147 |
|
| 148 |
%files |
| 149 |
%defattr(-,root,root) |
| 150 |
%doc BUGS CHANGES COPYING CREDITS README LICENSE |
| 151 |
%doc OBJ.linux.*/programs/examples/*.conf |
| 152 |
#%doc doc/manpage.d/* |
| 153 |
# /usr/share/doc/openswan/* |
| 154 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf |
| 155 |
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d |
| 156 |
%attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer |
| 157 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/* |
| 158 |
%{_localstatedir}/run/pluto |
| 159 |
%{_initrddir}/ipsec |
| 160 |
%{_libdir}/ipsec |
| 161 |
%{_sbindir}/ipsec |
| 162 |
%{_libexecdir}/ipsec |
| 163 |
%doc %{_mandir}/*/* |
| 164 |
|
| 165 |
%if %{buildklips} |
| 166 |
%files klips |
| 167 |
%defattr (-,root,root) |
| 168 |
/lib/modules/%{kversion}/kernel/net/ipsec |
| 169 |
%endif |
| 170 |
|
| 171 |
%preun |
| 172 |
if [ $1 -eq 0 ]; then |
| 173 |
/sbin/service ipsec stop > /dev/null 2>&1 |
| 174 |
/sbin/chkconfig --del ipsec |
| 175 |
fi |
| 176 |
|
| 177 |
%postun |
| 178 |
if [ $1 -ge 1 ] ; then |
| 179 |
/sbin/service ipsec condrestart 2>&1 >/dev/null |
| 180 |
fi |
| 181 |
|
| 182 |
%if %{buildklips} |
| 183 |
%postun klips |
| 184 |
/sbin/depmod -ae %{kversion} |
| 185 |
%post klips |
| 186 |
/sbin/depmod -ae %{kversion} |
| 187 |
%endif |
| 188 |
|
| 189 |
%post |
| 190 |
/sbin/chkconfig --add ipsec |
| 191 |
|
| 192 |
%changelog |
| 193 |
* Tue Mar 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> - 2.6.03-2 |
| 194 |
- import for SME8 |
| 195 |
|
| 196 |
* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.03-1 |
| 197 |
- Applied patch by RedHat to allow building with debug package |
| 198 |
* Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.01-1 |
| 199 |
- Work around for warnings in BIND related code |
| 200 |
- Remove bogus file /etc/init.d/setup at install |
| 201 |
- Cleaned up spec file |
| 202 |
|
| 203 |
* Mon Oct 10 2005 Paul Wouters <paul@xelerance.com> |
| 204 |
- Updated for klips on xen |
| 205 |
- added ldconfig for post klips to obtain ipsec module dependancies |
| 206 |
- Run 'make include' since on FC4 kernel source does not have the links yet. |
| 207 |
|
| 208 |
* Wed Jan 5 2005 Paul Wouters <paul@xelerance.com> |
| 209 |
- Updated for x86_64 and klips on 2.6 |
| 210 |
|
| 211 |
* Sun Sep 5 2004 Paul Wouters <paul@xelerance.com> |
| 212 |
- Updated for openswan |
| 213 |
|
| 214 |
* Fri Aug 22 2003 Sam Sgro <sam@freeswan.org> |
| 215 |
- Juggling release/source package names to allow for |
| 216 |
-pre/-rc releases to build. |
| 217 |
|
| 218 |
* Thu Aug 14 2003 Sam Sgro <sam@freeswan.org> |
| 219 |
- Reverting back to pre-x.509 version, cosmetic changes. |
| 220 |
|
| 221 |
* Tue May 20 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_2es |
| 222 |
- Add "Obsoletes: freeswan" to userland RPM. |
| 223 |
|
| 224 |
* Fri May 16 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_1es |
| 225 |
- Add version 1.3.2 of the x509 patch. |
| 226 |
- Add missing /usr/libexec/ipsec dir and files. |
| 227 |
- Minor tidy up of spec file. |
| 228 |
|
| 229 |
* Thu May 15 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-1es |
| 230 |
- Based on work by Paul Lahaie of Steamballoon, Michael |
| 231 |
Richardson of freeS/WAN team and Tuomo Soini <tis@foobar.fi>. |
| 232 |
- Build freeswan RPMs from a single source RPM, for RedHat, but |
| 233 |
should work on any RPM based system. |
Parent Directory
| 
Revision Log
| 
Revision Graph
