smeserver-libreswan/contribs9/smeserver-libreswan.spec

%define name smeserver-libreswan
%define version 0.5
%define release 28
Summary: Plugin to enable IPSEC connections
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://libreswan.org/
Group: SMEserver/addon
Source: %{name}-%{version}.tar.gz
Patch1: smeserver-libreswan-fix-masq-templates.patch
Patch2: smeserver-libreswan-move-logfile.patch
Patch3: smeserver-libreswan-add-debug-key.patch
Patch4: smeserver-libreswan-fix-rsa-id.patch
Patch5: smeserver-libreswan-fix-createlinks.patch
Patch6: smeserver-libreswan-ikev2-logrotate.patch
Patch7: smeserver-libreswan-add-certificates.patch
Patch8: smeserver-libreswan-modify-identifiers.patch
Patch9: smeserver-libreswan-modify-identifiers1.patch
Patch10: smeserver-libreswan-forceencaps-l2tpd.patch
Patch11: smeserver-libreswan-variable-network-interfaces.patch
Patch12: smeserver-libreswan-remove-obsoletes.patch

BuildRoot: /var/tmp/%{name}-%{version}
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires:  e-smith-release >= 9.2
Requires:  libreswan >= 3.23
AutoReqProv: no

%description
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")

%changelog
* Thu Jun 21 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-28.sme
- Bump required Libreswan to 3.23
- Chamge forceencaps to encapsulation
- Remove obsolete nat_traversal
- Modify ipsec.conf for no rightsubnet in xl2tpd

* Tue Sep 19 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-27.sme
- Allow variable network interface names - Stefano Zamboni

* Thu Jun 15 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-26.sme
- add keep-alive option in main ipsec.conf
- add forceencaps option overall default and per connection
- small code tidy
- Add support for L2TPD

* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-25.sme
 - Fix the ipsec.conf as well
 - remove automatic \@ in IDs - Fixes [SME: 9729]
 
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
 - remove automatic \@ in IDs - Fixes [SME: 9729]
 - fix swapped left/right IDs in password file

* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
- lots of code tidying

* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
- update logrotate completely now I realise it is symlinked
- remove UPDPort and add UPDPorts due to ipsec v2

* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
- add more variations for ike v1/2
- remove logrotate template
- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
- Fix some log noise when first installed and still disabled

* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
- Fix typo in createlinks for sysctl.conf

* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
- Fix ID in ipsec.secrets if ID is set

* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
- Add debug db key to /etc/ipsec.conf
- Remove setting public/private keys as they won't affect unless templates are re-expanded
- Set xfrm_larval_drop drop correctly

* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
- Move pluto.log to /var/log/pluto
- bump libreswan requires version to 3.16
- regenerate masq template on ipsec-update
- change wiki location page
- add sysctl.conf template
- modify masq templates for ipsec status enabled/disabled
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf

* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
- Fix masq templates for missing db entries on install

* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
- first import in SME buildsys

* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
- Fix small typo in readme

* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
- Add keyingtries
- Finally fix add issues using asynchronous

* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
- Determine host IPtype - static or dynamic IP
- auto --up changed to exec
- Add checks for Left/Right ID in secrets file

* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
- Allow dynamic addresses
- Add iptype
- disallow " in PSK passwords
- Revised logging messages

* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
- Amended templates to allow for rsasig. Early cert settings removed

* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
- Revised masq templates - disable on ipsec disable
- Template ipsec.secrets so Terry won't break it again
- Set requires e-smith >=9 and libreswan >=3.14

* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
- add 90adjustESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
- more update to masq firewalls - change -p 50 to -p ESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
- update masq firewall rules
- document clean up

* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
- set dpd actions off if ipsec is 'add'
- add salifetime key and rename ikelifetime and keylife
- change defaults for salifetime and ikelifetime
- add in rsasig support

* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
- change default ike from aes-sha to aes-sha1

* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
- More minor fixes - should work OK with xl2tpd

* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
- Remove templates2expand and added to createlinks
- modified ipsec.secret template
- various other fixes

* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
- Big changes again - now have PreviousState to detect changes
- Createlinks to S10 to run after expand-templates

* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
- Changed lots. Removed sysctl.conf template
- Changed firewall template

* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
- Load of code tidying and prep from xl2tpd

* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
- Update action script and allow for system not in gateway mode
- add ike and phase2alg db settings

* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
- New ipsec-action script
- Numerous template changes

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
- remove debugging lines
- remove expand templates from spec file
- add status check for ipsec.conf
- add comment to masq template
- updated db defaults
- ipsec.conf not expanded on install
- missed auto=start

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
- remove rc.local modifications
- add /etc/sysctl.conf patches

* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
- initial release

%prep
%setup
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1

%build
perl createlinks

%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
echo "%doc COPYING" >> %{name}-%{version}-filelist


%clean
cd ..
rm -rf %{name}-%{version}

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%pre
%preun
%post

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q


echo "see https://wiki.contribs.org/Libreswan"

%postun
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q
1	unnilennium	1.1	%define name smeserver-libreswan
2			%define version 0.5
3	jcrisp	1.15	%define release 28
4	unnilennium	1.1	Summary: Plugin to enable IPSEC connections
5			Name: %{name}
6			Version: %{version}
7	unnilennium	1.3	Release: %{release}%{?dist}
8	unnilennium	1.1	License: GNU GPL version 2
9			URL: http://libreswan.org/
10			Group: SMEserver/addon
11			Source: %{name}-%{version}.tar.gz
12	reetspetit	1.4	Patch1: smeserver-libreswan-fix-masq-templates.patch
13	reetspetit	1.5	Patch2: smeserver-libreswan-move-logfile.patch
14	reetspetit	1.6	Patch3: smeserver-libreswan-add-debug-key.patch
15	reetspetit	1.7	Patch4: smeserver-libreswan-fix-rsa-id.patch
16	reetspetit	1.8	Patch5: smeserver-libreswan-fix-createlinks.patch
17	reetspetit	1.9	Patch6: smeserver-libreswan-ikev2-logrotate.patch
18	reetspetit	1.10	Patch7: smeserver-libreswan-add-certificates.patch
19	reetspetit	1.11	Patch8: smeserver-libreswan-modify-identifiers.patch
20	reetspetit	1.12	Patch9: smeserver-libreswan-modify-identifiers1.patch
21	reetspetit	1.13	Patch10: smeserver-libreswan-forceencaps-l2tpd.patch
22	reetspetit	1.14	Patch11: smeserver-libreswan-variable-network-interfaces.patch
23	jcrisp	1.15	Patch12: smeserver-libreswan-remove-obsoletes.patch
24	reetspetit	1.9
25	unnilennium	1.1	BuildRoot: /var/tmp/%{name}-%{version}
26			BuildArchitectures: noarch
27			BuildRequires: e-smith-devtools
28	jcrisp	1.15	Requires: e-smith-release >= 9.2
29			Requires: libreswan >= 3.23
30	unnilennium	1.1	AutoReqProv: no
31
32			%description
33			Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")
34
35			%changelog
36	jcrisp	1.15	* Thu Jun 21 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-28.sme
37			- Bump required Libreswan to 3.23
38			- Chamge forceencaps to encapsulation
39			- Remove obsolete nat_traversal
40			- Modify ipsec.conf for no rightsubnet in xl2tpd
41
42	reetspetit	1.14	* Tue Sep 19 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-27.sme
43			- Allow variable network interface names - Stefano Zamboni
44	reetspetit	1.13
45			* Thu Jun 15 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-26.sme
46			- add keep-alive option in main ipsec.conf
47			- add forceencaps option overall default and per connection
48			- small code tidy
49			- Add support for L2TPD
50
51	reetspetit	1.12	* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-25.sme
52			- Fix the ipsec.conf as well
53			- remove automatic \@ in IDs - Fixes [SME: 9729]
54
55	reetspetit	1.11	* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
56			- remove automatic \@ in IDs - Fixes [SME: 9729]
57			- fix swapped left/right IDs in password file
58
59	reetspetit	1.10	* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
60			- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
61			- lots of code tidying
62
63	reetspetit	1.9	* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
64			- update logrotate completely now I realise it is symlinked
65			- remove UPDPort and add UPDPorts due to ipsec v2
66
67			* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
68			- add more variations for ike v1/2
69			- remove logrotate template
70			- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
71			- Fix some log noise when first installed and still disabled
72
73	reetspetit	1.8	* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
74			- Fix typo in createlinks for sysctl.conf
75	reetspetit	1.7
76			* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
77			- Fix ID in ipsec.secrets if ID is set
78
79	reetspetit	1.6	* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
80			- Add debug db key to /etc/ipsec.conf
81			- Remove setting public/private keys as they won't affect unless templates are re-expanded
82	reetspetit	1.7	- Set xfrm_larval_drop drop correctly
83	reetspetit	1.6
84	reetspetit	1.5	* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
85			- Move pluto.log to /var/log/pluto
86			- bump libreswan requires version to 3.16
87			- regenerate masq template on ipsec-update
88			- change wiki location page
89			- add sysctl.conf template
90			- modify masq templates for ipsec status enabled/disabled
91			- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf
92
93	reetspetit	1.4	* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
94			- Fix masq templates for missing db entries on install
95
96	unnilennium	1.3	* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
97	unnilennium	1.2	- first import in SME buildsys
98
99	unnilennium	1.1	* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
100			- Fix small typo in readme
101
102			* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
103			- Add keyingtries
104			- Finally fix add issues using asynchronous
105
106			* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
107			- Determine host IPtype - static or dynamic IP
108			- auto --up changed to exec
109			- Add checks for Left/Right ID in secrets file
110
111			* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
112			- Allow dynamic addresses
113			- Add iptype
114			- disallow " in PSK passwords
115			- Revised logging messages
116
117			* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
118			- Amended templates to allow for rsasig. Early cert settings removed
119
120			* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
121			- Revised masq templates - disable on ipsec disable
122			- Template ipsec.secrets so Terry won't break it again
123			- Set requires e-smith >=9 and libreswan >=3.14
124
125			* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
126			- add 90adjustESP
127
128			* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
129			- more update to masq firewalls - change -p 50 to -p ESP
130
131			* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
132			- update masq firewall rules
133			- document clean up
134
135			* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
136			- set dpd actions off if ipsec is 'add'
137			- add salifetime key and rename ikelifetime and keylife
138			- change defaults for salifetime and ikelifetime
139			- add in rsasig support
140
141			* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
142			- change default ike from aes-sha to aes-sha1
143
144			* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
145			- More minor fixes - should work OK with xl2tpd
146
147			* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
148			- Remove templates2expand and added to createlinks
149			- modified ipsec.secret template
150			- various other fixes
151
152			* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
153			- Big changes again - now have PreviousState to detect changes
154			- Createlinks to S10 to run after expand-templates
155
156			* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
157			- Changed lots. Removed sysctl.conf template
158			- Changed firewall template
159
160			* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
161			- Load of code tidying and prep from xl2tpd
162
163			* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
164			- Update action script and allow for system not in gateway mode
165			- add ike and phase2alg db settings
166
167			* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
168			- New ipsec-action script
169			- Numerous template changes
170
171			* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
172			- remove debugging lines
173			- remove expand templates from spec file
174			- add status check for ipsec.conf
175			- add comment to masq template
176			- updated db defaults
177			- ipsec.conf not expanded on install
178			- missed auto=start
179
180			* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
181			- remove rc.local modifications
182			- add /etc/sysctl.conf patches
183
184			* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
185			- initial release
186
187			%prep
188			%setup
189	reetspetit	1.4	%patch1 -p1
190	reetspetit	1.5	%patch2 -p1
191	reetspetit	1.6	%patch3 -p1
192	reetspetit	1.7	%patch4 -p1
193	reetspetit	1.8	%patch5 -p1
194	reetspetit	1.9	%patch6 -p1
195	reetspetit	1.10	%patch7 -p1
196	reetspetit	1.11	%patch8 -p1
197	reetspetit	1.12	%patch9 -p1
198	reetspetit	1.13	%patch10 -p1
199	reetspetit	1.14	%patch11 -p1
200	jcrisp	1.15	%patch12 -p1
201	unnilennium	1.1
202			%build
203			perl createlinks
204
205			%install
206			rm -rf $RPM_BUILD_ROOT
207			(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
208			rm -f %{name}-%{version}-filelist
209			/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
210			echo "%doc COPYING" >> %{name}-%{version}-filelist
211
212
213			%clean
214			cd ..
215			rm -rf %{name}-%{version}
216
217			%files -f %{name}-%{version}-filelist
218			%defattr(-,root,root)
219
220			%pre
221			%preun
222			%post
223	reetspetit	1.6
224	unnilennium	1.1	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
225			/sbin/e-smith/expand-template /etc/inittab
226			/sbin/init q
227
228
229	reetspetit	1.11	echo "see https://wiki.contribs.org/Libreswan"
230	unnilennium	1.1
231			%postun
232			/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
233			/sbin/e-smith/expand-template /etc/inittab
234			/sbin/init q