smeserver-libreswan/contribs9/smeserver-libreswan.spec

%define name smeserver-libreswan
%define version 0.5
%define release 24
Summary: Plugin to enable IPSEC connections
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://libreswan.org/
Group: SMEserver/addon
Source: %{name}-%{version}.tar.gz
Patch1: smeserver-libreswan-fix-masq-templates.patch
Patch2: smeserver-libreswan-move-logfile.patch
Patch3: smeserver-libreswan-add-debug-key.patch
Patch4: smeserver-libreswan-fix-rsa-id.patch
Patch5: smeserver-libreswan-fix-createlinks.patch
Patch6: smeserver-libreswan-ikev2-logrotate.patch
Patch7: smeserver-libreswan-add-certificates.patch
Patch8: smeserver-libreswan-modify-identifiers.patch


BuildRoot: /var/tmp/%{name}-%{version}
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires:  e-smith-release >= 9.0
Requires:  libreswan >= 3.16
AutoReqProv: no

%description
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")

%changelog
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
 - remove automatic \@ in IDs - Fixes [SME: 9729]
 - fix swapped left/right IDs in password file

* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
- lots of code tidying

* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
- update logrotate completely now I realise it is symlinked
- remove UPDPort and add UPDPorts due to ipsec v2

* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
- add more variations for ike v1/2
- remove logrotate template
- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
- Fix some log noise when first installed and still disabled

* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
- Fix typo in createlinks for sysctl.conf

* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
- Fix ID in ipsec.secrets if ID is set

* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
- Add debug db key to /etc/ipsec.conf
- Remove setting public/private keys as they won't affect unless templates are re-expanded
- Set xfrm_larval_drop drop correctly

* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
- Move pluto.log to /var/log/pluto
- bump libreswan requires version to 3.16
- regenerate masq template on ipsec-update
- change wiki location page
- add sysctl.conf template
- modify masq templates for ipsec status enabled/disabled
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf

* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
- Fix masq templates for missing db entries on install

* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
- first import in SME buildsys

* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
- Fix small typo in readme

* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
- Add keyingtries
- Finally fix add issues using asynchronous

* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
- Determine host IPtype - static or dynamic IP
- auto --up changed to exec
- Add checks for Left/Right ID in secrets file

* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
- Allow dynamic addresses
- Add iptype
- disallow " in PSK passwords
- Revised logging messages

* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
- Amended templates to allow for rsasig. Early cert settings removed

* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
- Revised masq templates - disable on ipsec disable
- Template ipsec.secrets so Terry won't break it again
- Set requires e-smith >=9 and libreswan >=3.14

* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
- add 90adjustESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
- more update to masq firewalls - change -p 50 to -p ESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
- update masq firewall rules
- document clean up

* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
- set dpd actions off if ipsec is 'add'
- add salifetime key and rename ikelifetime and keylife
- change defaults for salifetime and ikelifetime
- add in rsasig support

* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
- change default ike from aes-sha to aes-sha1

* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
- More minor fixes - should work OK with xl2tpd

* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
- Remove templates2expand and added to createlinks
- modified ipsec.secret template
- various other fixes

* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
- Big changes again - now have PreviousState to detect changes
- Createlinks to S10 to run after expand-templates

* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
- Changed lots. Removed sysctl.conf template
- Changed firewall template

* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
- Load of code tidying and prep from xl2tpd

* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
- Update action script and allow for system not in gateway mode
- add ike and phase2alg db settings

* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
- New ipsec-action script
- Numerous template changes

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
- remove debugging lines
- remove expand templates from spec file
- add status check for ipsec.conf
- add comment to masq template
- updated db defaults
- ipsec.conf not expanded on install
- missed auto=start

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
- remove rc.local modifications
- add /etc/sysctl.conf patches

* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
- initial release

%prep
%setup
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1

%build
perl createlinks

%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
echo "%doc COPYING" >> %{name}-%{version}-filelist


%clean
cd ..
rm -rf %{name}-%{version}

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%pre
%preun
%post

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q


echo "see https://wiki.contribs.org/Libreswan"

%postun
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q
1	%define name smeserver-libreswan
2	%define version 0.5
3	%define release 24
4	Summary: Plugin to enable IPSEC connections
5	Name: %{name}
6	Version: %{version}
7	Release: %{release}%{?dist}
8	License: GNU GPL version 2
9	URL: http://libreswan.org/
10	Group: SMEserver/addon
11	Source: %{name}-%{version}.tar.gz
12	Patch1: smeserver-libreswan-fix-masq-templates.patch
13	Patch2: smeserver-libreswan-move-logfile.patch
14	Patch3: smeserver-libreswan-add-debug-key.patch
15	Patch4: smeserver-libreswan-fix-rsa-id.patch
16	Patch5: smeserver-libreswan-fix-createlinks.patch
17	Patch6: smeserver-libreswan-ikev2-logrotate.patch
18	Patch7: smeserver-libreswan-add-certificates.patch
19	Patch8: smeserver-libreswan-modify-identifiers.patch
20
21
22	BuildRoot: /var/tmp/%{name}-%{version}
23	BuildArchitectures: noarch
24	BuildRequires: e-smith-devtools
25	Requires: e-smith-release >= 9.0
26	Requires: libreswan >= 3.16
27	AutoReqProv: no
28
29	%description
30	Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")
31
32	%changelog
33	* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
34	- remove automatic \@ in IDs - Fixes [SME: 9729]
35	- fix swapped left/right IDs in password file
36
37	* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
38	- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
39	- lots of code tidying
40
41	* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
42	- update logrotate completely now I realise it is symlinked
43	- remove UPDPort and add UPDPorts due to ipsec v2
44
45	* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
46	- add more variations for ike v1/2
47	- remove logrotate template
48	- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
49	- Fix some log noise when first installed and still disabled
50
51	* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
52	- Fix typo in createlinks for sysctl.conf
53
54	* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
55	- Fix ID in ipsec.secrets if ID is set
56
57	* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
58	- Add debug db key to /etc/ipsec.conf
59	- Remove setting public/private keys as they won't affect unless templates are re-expanded
60	- Set xfrm_larval_drop drop correctly
61
62	* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
63	- Move pluto.log to /var/log/pluto
64	- bump libreswan requires version to 3.16
65	- regenerate masq template on ipsec-update
66	- change wiki location page
67	- add sysctl.conf template
68	- modify masq templates for ipsec status enabled/disabled
69	- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf
70
71	* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
72	- Fix masq templates for missing db entries on install
73
74	* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
75	- first import in SME buildsys
76
77	* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
78	- Fix small typo in readme
79
80	* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
81	- Add keyingtries
82	- Finally fix add issues using asynchronous
83
84	* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
85	- Determine host IPtype - static or dynamic IP
86	- auto --up changed to exec
87	- Add checks for Left/Right ID in secrets file
88
89	* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
90	- Allow dynamic addresses
91	- Add iptype
92	- disallow " in PSK passwords
93	- Revised logging messages
94
95	* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
96	- Amended templates to allow for rsasig. Early cert settings removed
97
98	* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
99	- Revised masq templates - disable on ipsec disable
100	- Template ipsec.secrets so Terry won't break it again
101	- Set requires e-smith >=9 and libreswan >=3.14
102
103	* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
104	- add 90adjustESP
105
106	* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
107	- more update to masq firewalls - change -p 50 to -p ESP
108
109	* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
110	- update masq firewall rules
111	- document clean up
112
113	* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
114	- set dpd actions off if ipsec is 'add'
115	- add salifetime key and rename ikelifetime and keylife
116	- change defaults for salifetime and ikelifetime
117	- add in rsasig support
118
119	* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
120	- change default ike from aes-sha to aes-sha1
121
122	* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
123	- More minor fixes - should work OK with xl2tpd
124
125	* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
126	- Remove templates2expand and added to createlinks
127	- modified ipsec.secret template
128	- various other fixes
129
130	* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
131	- Big changes again - now have PreviousState to detect changes
132	- Createlinks to S10 to run after expand-templates
133
134	* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
135	- Changed lots. Removed sysctl.conf template
136	- Changed firewall template
137
138	* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
139	- Load of code tidying and prep from xl2tpd
140
141	* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
142	- Update action script and allow for system not in gateway mode
143	- add ike and phase2alg db settings
144
145	* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
146	- New ipsec-action script
147	- Numerous template changes
148
149	* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
150	- remove debugging lines
151	- remove expand templates from spec file
152	- add status check for ipsec.conf
153	- add comment to masq template
154	- updated db defaults
155	- ipsec.conf not expanded on install
156	- missed auto=start
157
158	* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
159	- remove rc.local modifications
160	- add /etc/sysctl.conf patches
161
162	* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
163	- initial release
164
165	%prep
166	%setup
167	%patch1 -p1
168	%patch2 -p1
169	%patch3 -p1
170	%patch4 -p1
171	%patch5 -p1
172	%patch6 -p1
173	%patch7 -p1
174	%patch8 -p1
175
176	%build
177	perl createlinks
178
179	%install
180	rm -rf $RPM_BUILD_ROOT
181	(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
182	rm -f %{name}-%{version}-filelist
183	/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
184	echo "%doc COPYING" >> %{name}-%{version}-filelist
185
186
187	%clean
188	cd ..
189	rm -rf %{name}-%{version}
190
191	%files -f %{name}-%{version}-filelist
192	%defattr(-,root,root)
193
194	%pre
195	%preun
196	%post
197
198	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
199	/sbin/e-smith/expand-template /etc/inittab
200	/sbin/init q
201
202
203	echo "see https://wiki.contribs.org/Libreswan"
204
205	%postun
206	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
207	/sbin/e-smith/expand-template /etc/inittab
208	/sbin/init q