| 1 |
%define name smeserver-libreswan |
| 2 |
%define version 0.5 |
| 3 |
%define release 22 |
| 4 |
Summary: Plugin to enable IPSEC connections |
| 5 |
Name: %{name} |
| 6 |
Version: %{version} |
| 7 |
Release: %{release}%{?dist} |
| 8 |
License: GNU GPL version 2 |
| 9 |
URL: http://libreswan.org/ |
| 10 |
Group: SMEserver/addon |
| 11 |
Source: %{name}-%{version}.tar.gz |
| 12 |
Patch1: smeserver-libreswan-fix-masq-templates.patch |
| 13 |
Patch2: smeserver-libreswan-move-logfile.patch |
| 14 |
Patch3: smeserver-libreswan-add-debug-key.patch |
| 15 |
Patch4: smeserver-libreswan-fix-rsa-id.patch |
| 16 |
Patch5: smeserver-libreswan-fix-createlinks.patch |
| 17 |
Patch6: smeserver-libreswan-ikev2-logrotate.patch |
| 18 |
|
| 19 |
|
| 20 |
BuildRoot: /var/tmp/%{name}-%{version} |
| 21 |
BuildArchitectures: noarch |
| 22 |
BuildRequires: e-smith-devtools |
| 23 |
Requires: e-smith-release >= 9.0 |
| 24 |
Requires: libreswan >= 3.16 |
| 25 |
AutoReqProv: no |
| 26 |
|
| 27 |
%description |
| 28 |
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE") |
| 29 |
|
| 30 |
%changelog |
| 31 |
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme |
| 32 |
- update logrotate completely now I realise it is symlinked |
| 33 |
- remove UPDPort and add UPDPorts due to ipsec v2 |
| 34 |
|
| 35 |
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme |
| 36 |
- add more variations for ike v1/2 |
| 37 |
- remove logrotate template |
| 38 |
- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log |
| 39 |
- Fix some log noise when first installed and still disabled |
| 40 |
|
| 41 |
* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme |
| 42 |
- Fix typo in createlinks for sysctl.conf |
| 43 |
|
| 44 |
* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme |
| 45 |
- Fix ID in ipsec.secrets if ID is set |
| 46 |
|
| 47 |
* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme |
| 48 |
- Add debug db key to /etc/ipsec.conf |
| 49 |
- Remove setting public/private keys as they won't affect unless templates are re-expanded |
| 50 |
- Set xfrm_larval_drop drop correctly |
| 51 |
|
| 52 |
* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme |
| 53 |
- Move pluto.log to /var/log/pluto |
| 54 |
- bump libreswan requires version to 3.16 |
| 55 |
- regenerate masq template on ipsec-update |
| 56 |
- change wiki location page |
| 57 |
- add sysctl.conf template |
| 58 |
- modify masq templates for ipsec status enabled/disabled |
| 59 |
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf |
| 60 |
|
| 61 |
* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme |
| 62 |
- Fix masq templates for missing db entries on install |
| 63 |
|
| 64 |
* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme |
| 65 |
- first import in SME buildsys |
| 66 |
|
| 67 |
* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13 |
| 68 |
- Fix small typo in readme |
| 69 |
|
| 70 |
* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12 |
| 71 |
- Add keyingtries |
| 72 |
- Finally fix add issues using asynchronous |
| 73 |
|
| 74 |
* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11 |
| 75 |
- Determine host IPtype - static or dynamic IP |
| 76 |
- auto --up changed to exec |
| 77 |
- Add checks for Left/Right ID in secrets file |
| 78 |
|
| 79 |
* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10 |
| 80 |
- Allow dynamic addresses |
| 81 |
- Add iptype |
| 82 |
- disallow " in PSK passwords |
| 83 |
- Revised logging messages |
| 84 |
|
| 85 |
* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9 |
| 86 |
- Amended templates to allow for rsasig. Early cert settings removed |
| 87 |
|
| 88 |
* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8 |
| 89 |
- Revised masq templates - disable on ipsec disable |
| 90 |
- Template ipsec.secrets so Terry won't break it again |
| 91 |
- Set requires e-smith >=9 and libreswan >=3.14 |
| 92 |
|
| 93 |
* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7 |
| 94 |
- add 90adjustESP |
| 95 |
|
| 96 |
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6 |
| 97 |
- more update to masq firewalls - change -p 50 to -p ESP |
| 98 |
|
| 99 |
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5 |
| 100 |
- update masq firewall rules |
| 101 |
- document clean up |
| 102 |
|
| 103 |
* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4 |
| 104 |
- set dpd actions off if ipsec is 'add' |
| 105 |
- add salifetime key and rename ikelifetime and keylife |
| 106 |
- change defaults for salifetime and ikelifetime |
| 107 |
- add in rsasig support |
| 108 |
|
| 109 |
* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3 |
| 110 |
- change default ike from aes-sha to aes-sha1 |
| 111 |
|
| 112 |
* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2 |
| 113 |
- More minor fixes - should work OK with xl2tpd |
| 114 |
|
| 115 |
* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1 |
| 116 |
- Remove templates2expand and added to createlinks |
| 117 |
- modified ipsec.secret template |
| 118 |
- various other fixes |
| 119 |
|
| 120 |
* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5 |
| 121 |
- Big changes again - now have PreviousState to detect changes |
| 122 |
- Createlinks to S10 to run after expand-templates |
| 123 |
|
| 124 |
* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4 |
| 125 |
- Changed lots. Removed sysctl.conf template |
| 126 |
- Changed firewall template |
| 127 |
|
| 128 |
* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3 |
| 129 |
- Load of code tidying and prep from xl2tpd |
| 130 |
|
| 131 |
* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2 |
| 132 |
- Update action script and allow for system not in gateway mode |
| 133 |
- add ike and phase2alg db settings |
| 134 |
|
| 135 |
* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1 |
| 136 |
- New ipsec-action script |
| 137 |
- Numerous template changes |
| 138 |
|
| 139 |
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1 |
| 140 |
- remove debugging lines |
| 141 |
- remove expand templates from spec file |
| 142 |
- add status check for ipsec.conf |
| 143 |
- add comment to masq template |
| 144 |
- updated db defaults |
| 145 |
- ipsec.conf not expanded on install |
| 146 |
- missed auto=start |
| 147 |
|
| 148 |
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1 |
| 149 |
- remove rc.local modifications |
| 150 |
- add /etc/sysctl.conf patches |
| 151 |
|
| 152 |
* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1 |
| 153 |
- initial release |
| 154 |
|
| 155 |
%prep |
| 156 |
%setup |
| 157 |
%patch1 -p1 |
| 158 |
%patch2 -p1 |
| 159 |
%patch3 -p1 |
| 160 |
%patch4 -p1 |
| 161 |
%patch5 -p1 |
| 162 |
%patch6 -p1 |
| 163 |
|
| 164 |
|
| 165 |
%build |
| 166 |
perl createlinks |
| 167 |
|
| 168 |
%install |
| 169 |
rm -rf $RPM_BUILD_ROOT |
| 170 |
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) |
| 171 |
rm -f %{name}-%{version}-filelist |
| 172 |
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist |
| 173 |
echo "%doc COPYING" >> %{name}-%{version}-filelist |
| 174 |
|
| 175 |
|
| 176 |
%clean |
| 177 |
cd .. |
| 178 |
rm -rf %{name}-%{version} |
| 179 |
|
| 180 |
%files -f %{name}-%{version}-filelist |
| 181 |
%defattr(-,root,root) |
| 182 |
|
| 183 |
%pre |
| 184 |
%preun |
| 185 |
%post |
| 186 |
|
| 187 |
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq |
| 188 |
/sbin/e-smith/expand-template /etc/inittab |
| 189 |
/sbin/init q |
| 190 |
|
| 191 |
|
| 192 |
echo "see http://wiki.contribs.org/VPN" |
| 193 |
|
| 194 |
%postun |
| 195 |
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq |
| 196 |
/sbin/e-smith/expand-template /etc/inittab |
| 197 |
/sbin/init q |
Parent Directory
| 
Revision Log
| 
Revision Graph
