smeserver-openswan/contribs8/smeserver-openswan.spec

%define name smeserver-openswan
%define version 0.6
%define release 5
Summary: Plugin to enable IPSEC connections
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://libreswan.org/
Group: SMEserver/addon
Source: %{name}-%{version}.tar.gz
Patch1: smeserver-openswan-fix-masq-templates.patch
Patch2: smeserver-openswan-move-logfile.patch
Patch3: smeserver-openswan-add-debug-key.patch

BuildRoot: /var/tmp/%{name}-%{version}
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires:  e-smith-release >= 8.0
Requires:  openswan >= 2.6.38
AutoReqProv: no

%description
Openswan is a free software implementation of the most widely supported and standarised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")

%changelog
* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-5.sme
- Add debug db key to /etc/ipsec.conf
- Remove setting public/private keys as they won't affect unless templates are re-expanded
- Set xfrm_larval_drop drop correctly
- minor formatting

* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-4.sme
- split patch file to match libreswan

* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-3.sme
- Fix masq templates for missing db keys on install
- Move pluto.log to /var/log/pluto
- regenerate masq template on ipsec-update
- change wiki location page
- add sysctl.conf template
- modify masq templates for ipsec status enabled/disabled
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf

* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.6-2.sme
- first import in SME buildsys

* Sat Dec 05 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-1
- New Branch for openswan on v8

* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
- Copied code to openswan contrib as libreswan contrib is now LibreSwan specific

* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
- Revised masq templates - disable on ipsec disable
- Template ipsec.secrets so Terry won't break it again
- Set requires e-smith >=9 and libreswan >=3.14

* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
- add 90adjustESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
- more update to masq firewalls - change -p 50 to -p ESP

* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
- update masq firewall rules
- document clean up

* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
- set dpd actions off if ipsec is 'add'
- add salifetime key and rename ikelifetime and keylife
- change defaults for salifetime and ikelifetime
- add in rsasig support

* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
- change default ike from aes-sha to aes-sha1

* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
- More minor fixes - should work OK with xl2tpd

* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
- Remove templates2expand and added to createlinks
- modified ipsec.secret template
- various other fixes

* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
- Big changes again - now have PreviousState to detect changes
- Createlinks to S10 to run after expand-templates

* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
- Changed lots. Removed sysctl.conf template
- Changed firewall template

* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
- Load of code tidying and prep from xl2tpd

* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
- Update action script and allow for system not in gateway mode
- add ike and phase2alg db settings

* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
- New ipsec-action script
- Numerous template changes

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
- remove debugging lines
- remove expand templates from spec file
- add status check for ipsec.conf
- add comment to masq template
- updated db defaults
- ipsec.conf not expanded on install
- missed auto=start

* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
- remove rc.local modifications
- add /etc/sysctl.conf patches

* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
- initial release

%prep
%setup
%patch1 -p1
%patch2 -p1
%patch3 -p1

%build
perl createlinks

%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
echo "%doc COPYING" >> %{name}-%{version}-filelist


%clean
cd ..
rm -rf %{name}-%{version}

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%pre
%preun
%post

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q


echo "see http://wiki.contribs.org/VPN"

%postun
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q
1	%define name smeserver-openswan
2	%define version 0.6
3	%define release 5
4	Summary: Plugin to enable IPSEC connections
5	Name: %{name}
6	Version: %{version}
7	Release: %{release}%{?dist}
8	License: GNU GPL version 2
9	URL: http://libreswan.org/
10	Group: SMEserver/addon
11	Source: %{name}-%{version}.tar.gz
12	Patch1: smeserver-openswan-fix-masq-templates.patch
13	Patch2: smeserver-openswan-move-logfile.patch
14	Patch3: smeserver-openswan-add-debug-key.patch
15
16	BuildRoot: /var/tmp/%{name}-%{version}
17	BuildArchitectures: noarch
18	BuildRequires: e-smith-devtools
19	Requires: e-smith-release >= 8.0
20	Requires: openswan >= 2.6.38
21	AutoReqProv: no
22
23	%description
24	Openswan is a free software implementation of the most widely supported and standarised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")
25
26	%changelog
27	* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-5.sme
28	- Add debug db key to /etc/ipsec.conf
29	- Remove setting public/private keys as they won't affect unless templates are re-expanded
30	- Set xfrm_larval_drop drop correctly
31	- minor formatting
32
33	* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-4.sme
34	- split patch file to match libreswan
35
36	* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-3.sme
37	- Fix masq templates for missing db keys on install
38	- Move pluto.log to /var/log/pluto
39	- regenerate masq template on ipsec-update
40	- change wiki location page
41	- add sysctl.conf template
42	- modify masq templates for ipsec status enabled/disabled
43	- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf
44
45	* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.6-2.sme
46	- first import in SME buildsys
47
48	* Sat Dec 05 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6-1
49	- New Branch for openswan on v8
50
51	* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
52	- Copied code to openswan contrib as libreswan contrib is now LibreSwan specific
53
54	* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
55	- Revised masq templates - disable on ipsec disable
56	- Template ipsec.secrets so Terry won't break it again
57	- Set requires e-smith >=9 and libreswan >=3.14
58
59	* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
60	- add 90adjustESP
61
62	* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
63	- more update to masq firewalls - change -p 50 to -p ESP
64
65	* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
66	- update masq firewall rules
67	- document clean up
68
69	* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
70	- set dpd actions off if ipsec is 'add'
71	- add salifetime key and rename ikelifetime and keylife
72	- change defaults for salifetime and ikelifetime
73	- add in rsasig support
74
75	* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
76	- change default ike from aes-sha to aes-sha1
77
78	* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
79	- More minor fixes - should work OK with xl2tpd
80
81	* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
82	- Remove templates2expand and added to createlinks
83	- modified ipsec.secret template
84	- various other fixes
85
86	* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
87	- Big changes again - now have PreviousState to detect changes
88	- Createlinks to S10 to run after expand-templates
89
90	* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
91	- Changed lots. Removed sysctl.conf template
92	- Changed firewall template
93
94	* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
95	- Load of code tidying and prep from xl2tpd
96
97	* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
98	- Update action script and allow for system not in gateway mode
99	- add ike and phase2alg db settings
100
101	* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
102	- New ipsec-action script
103	- Numerous template changes
104
105	* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
106	- remove debugging lines
107	- remove expand templates from spec file
108	- add status check for ipsec.conf
109	- add comment to masq template
110	- updated db defaults
111	- ipsec.conf not expanded on install
112	- missed auto=start
113
114	* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
115	- remove rc.local modifications
116	- add /etc/sysctl.conf patches
117
118	* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
119	- initial release
120
121	%prep
122	%setup
123	%patch1 -p1
124	%patch2 -p1
125	%patch3 -p1
126
127	%build
128	perl createlinks
129
130	%install
131	rm -rf $RPM_BUILD_ROOT
132	(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
133	rm -f %{name}-%{version}-filelist
134	/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
135	echo "%doc COPYING" >> %{name}-%{version}-filelist
136
137
138	%clean
139	cd ..
140	rm -rf %{name}-%{version}
141
142	%files -f %{name}-%{version}-filelist
143	%defattr(-,root,root)
144
145	%pre
146	%preun
147	%post
148
149	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
150	/sbin/e-smith/expand-template /etc/inittab
151	/sbin/init q
152
153
154	echo "see http://wiki.contribs.org/VPN"
155
156	%postun
157	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
158	/sbin/e-smith/expand-template /etc/inittab
159	/sbin/init q