1 |
%define name smeserver-libreswan |
2 |
%define version 0.5 |
3 |
%define release 18 |
4 |
Summary: Plugin to enable IPSEC connections |
5 |
Name: %{name} |
6 |
Version: %{version} |
7 |
Release: %{release}%{?dist} |
8 |
License: GNU GPL version 2 |
9 |
URL: http://libreswan.org/ |
10 |
Group: SMEserver/addon |
11 |
Source: %{name}-%{version}.tar.gz |
12 |
Patch1: smeserver-libreswan-fix-masq-templates.patch |
13 |
Patch2: smeserver-libreswan-move-logfile.patch |
14 |
Patch3: smeserver-libreswan-add-debug-key.patch |
15 |
BuildRoot: /var/tmp/%{name}-%{version} |
16 |
BuildArchitectures: noarch |
17 |
BuildRequires: e-smith-devtools |
18 |
Requires: e-smith-release >= 9.0 |
19 |
Requires: libreswan >= 3.16 |
20 |
AutoReqProv: no |
21 |
|
22 |
%description |
23 |
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE") |
24 |
|
25 |
%changelog |
26 |
* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme |
27 |
- Add debug db key to /etc/ipsec.conf |
28 |
- Remove setting public/private keys as they won't affect unless templates are re-expanded |
29 |
- Set xfrm_larval_drop correctly |
30 |
|
31 |
* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme |
32 |
- Move pluto.log to /var/log/pluto |
33 |
- bump libreswan requires version to 3.16 |
34 |
- regenerate masq template on ipsec-update |
35 |
- change wiki location page |
36 |
- add sysctl.conf template |
37 |
- modify masq templates for ipsec status enabled/disabled |
38 |
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf |
39 |
|
40 |
* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme |
41 |
- Fix masq templates for missing db entries on install |
42 |
|
43 |
* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme |
44 |
- first import in SME buildsys |
45 |
|
46 |
* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13 |
47 |
- Fix small typo in readme |
48 |
|
49 |
* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12 |
50 |
- Add keyingtries |
51 |
- Finally fix add issues using asynchronous |
52 |
|
53 |
* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11 |
54 |
- Determine host IPtype - static or dynamic IP |
55 |
- auto --up changed to exec |
56 |
- Add checks for Left/Right ID in secrets file |
57 |
|
58 |
* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10 |
59 |
- Allow dynamic addresses |
60 |
- Add iptype |
61 |
- disallow " in PSK passwords |
62 |
- Revised logging messages |
63 |
|
64 |
* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9 |
65 |
- Amended templates to allow for rsasig. Early cert settings removed |
66 |
|
67 |
* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8 |
68 |
- Revised masq templates - disable on ipsec disable |
69 |
- Template ipsec.secrets so Terry won't break it again |
70 |
- Set requires e-smith >=9 and libreswan >=3.14 |
71 |
|
72 |
* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7 |
73 |
- add 90adjustESP |
74 |
|
75 |
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6 |
76 |
- more update to masq firewalls - change -p 50 to -p ESP |
77 |
|
78 |
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5 |
79 |
- update masq firewall rules |
80 |
- document clean up |
81 |
|
82 |
* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4 |
83 |
- set dpd actions off if ipsec is 'add' |
84 |
- add salifetime key and rename ikelifetime and keylife |
85 |
- change defaults for salifetime and ikelifetime |
86 |
- add in rsasig support |
87 |
|
88 |
* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3 |
89 |
- change default ike from aes-sha to aes-sha1 |
90 |
|
91 |
* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2 |
92 |
- More minor fixes - should work OK with xl2tpd |
93 |
|
94 |
* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1 |
95 |
- Remove templates2expand and added to createlinks |
96 |
- modified ipsec.secret template |
97 |
- various other fixes |
98 |
|
99 |
* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5 |
100 |
- Big changes again - now have PreviousState to detect changes |
101 |
- Createlinks to S10 to run after expand-templates |
102 |
|
103 |
* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4 |
104 |
- Changed lots. Removed sysctl.conf template |
105 |
- Changed firewall template |
106 |
|
107 |
* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3 |
108 |
- Load of code tidying and prep from xl2tpd |
109 |
|
110 |
* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2 |
111 |
- Update action script and allow for system not in gateway mode |
112 |
- add ike and phase2alg db settings |
113 |
|
114 |
* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1 |
115 |
- New ipsec-action script |
116 |
- Numerous template changes |
117 |
|
118 |
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1 |
119 |
- remove debugging lines |
120 |
- remove expand templates from spec file |
121 |
- add status check for ipsec.conf |
122 |
- add comment to masq template |
123 |
- updated db defaults |
124 |
- ipsec.conf not expanded on install |
125 |
- missed auto=start |
126 |
|
127 |
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1 |
128 |
- remove rc.local modifications |
129 |
- add /etc/sysctl.conf patches |
130 |
|
131 |
* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1 |
132 |
- initial release |
133 |
|
134 |
%prep |
135 |
%setup |
136 |
%patch1 -p1 |
137 |
%patch2 -p1 |
138 |
%patch3 -p1 |
139 |
|
140 |
%build |
141 |
perl createlinks |
142 |
|
143 |
%install |
144 |
rm -rf $RPM_BUILD_ROOT |
145 |
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) |
146 |
rm -f %{name}-%{version}-filelist |
147 |
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist |
148 |
echo "%doc COPYING" >> %{name}-%{version}-filelist |
149 |
|
150 |
|
151 |
%clean |
152 |
cd .. |
153 |
rm -rf %{name}-%{version} |
154 |
|
155 |
%files -f %{name}-%{version}-filelist |
156 |
%defattr(-,root,root) |
157 |
|
158 |
%pre |
159 |
%preun |
160 |
%post |
161 |
|
162 |
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq |
163 |
/sbin/e-smith/expand-template /etc/inittab |
164 |
/sbin/init q |
165 |
|
166 |
|
167 |
echo "see http://wiki.contribs.org/VPN" |
168 |
|
169 |
%postun |
170 |
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq |
171 |
/sbin/e-smith/expand-template /etc/inittab |
172 |
/sbin/init q |