File ipsec-tools.spec of Package ipsec-tools.3300

# spec file for package ipsec-tools
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

Name:           ipsec-tools
Summary:        IPsec Utilities
License:        BSD-3-Clause
Group:          Productivity/Networking/Security
Version:        0.8.0
Release:        0
Source2:        sysconfig.racoon
Source3:        setkey.conf.sample
Source4:        racoon.pam
Source5:        racoon.service
Source6:        racoon-setkey.service

Patch0:         racoon.conf_macros.patch
Patch1:         racoon.psk.patch
Patch2:         ipsec-tools-0.7.3-linkerflag.patch
Patch3:         ipsec-tools-0.8.0-nodevel.patch
Patch4:         ipsec-tools-0.8.0-certasn1txtbroken.patch
Patch5:         racoon-no-md5.patch
Patch6:         racoon-fips-rsa.patch
Patch7:         fix-gssapi-null-dereference.patch
Patch8:         fix_plog_initialization.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
PreReq:         %insserv_prereq %fillup_prereq
BuildRequires:  bison
BuildRequires:  flex
BuildRequires:  krb5-devel
BuildRequires:  libtool
BuildRequires:  linux-glibc-devel
BuildRequires:  openldap2-devel
BuildRequires:  openssl-devel
BuildRequires:  pam
BuildRequires:  pam-devel
BuildRequires:  readline-devel
BuildRequires:  pkgconfig(systemd)

%if 0%{?suse_version} >= 1100
BuildRequires:  fdupes
BuildRequires:  libselinux-devel
Provides:       racoon
This is the IPsec-Tools package.  This package is needed to really make
use of the IPsec functionality in the version 2.5 and 2.6 Linux
kernels.  This package builds:

- libipsec, a PFKeyV2 library

- setkey, a program to directly manipulate policies and SAs

- racoon, an IKEv1 keying daemon

These sources can be found at the IPsec-Tools home page at:

%setup -q
%patch0 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
sed -i 's|-Werror||g' configure

export PATH=$PATH:/usr/lib/mit/bin
%configure \
	--disable-shared \
	--libexecdir=%{_libdir} \
	--sysconfdir=/etc/racoon \
	--sharedstatedir=/run \
	--localstatedir=/run \
        --with-kernel-headers="/usr/include" \
	--enable-dpd \
	--enable-hybrid \
	--enable-frag \
	--enable-natt=yes \
	--enable-gssapi=yes \
	--enable-stats=yes \
	--enable-adminport \
	--with-libpam \
%if 0%{?suse_version} >= 1100
	--enable-security-context=yes \
	--enable-security-context=no \

make check

mkdir -p $RPM_BUILD_ROOT/etc/pam.d
install -m 0644 %{S:4} $RPM_BUILD_ROOT/etc/pam.d/racoon
%{__install} -d $RPM_BUILD_ROOT/etc/racoon/cert
# unify the permissions of psk.txt - fdupes is sensitive on permissions now (bnc#784670)
chmod 0600 src/racoon/samples/psk.txt
install -m 0600 src/racoon/samples/psk.txt $RPM_BUILD_ROOT/etc/racoon/
install -m 0644 src/racoon/samples/racoon.conf $RPM_BUILD_ROOT/etc/racoon/
cp -v $RPM_SOURCE_DIR/setkey.conf.sample $RPM_BUILD_ROOT/etc/racoon/setkey.conf
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 $RPM_SOURCE_DIR/sysconfig.racoon $RPM_BUILD_ROOT/var/adm/fillup-templates/
# manage doc
mkdir -p $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/examples/{setkey,racoon}
cp -rv src/racoon/samples $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/examples/racoon
cp -v src/setkey/sample* $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/examples/setkey
for i in ChangeLog NEWS README; do
	install -D -m 0644 $i $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
#some rpmlint stuff
%if 0%{?suse_version} >= 1100
%fdupes -s $RPM_BUILD_ROOT/

install -d %{buildroot}%{_tmpfilesdir}
echo 'd /run/racoon 0700 root root -' > %{buildroot}%{_tmpfilesdir}/racoon.conf
install -D -m 0644 %{S:5} %{buildroot}%{_unitdir}/racoon.service
install -D -m 0644 %{S:6} %{buildroot}%{_unitdir}/racoon-setkey.service

%service_add_pre racoon.service racoon-setkey.service

%{fillup_only -n racoon}

# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
%{!?_tmpfilesdir: %global _tmpfilesdir %{_libexecdir}/tmpfiles.d }

# Use %%tmpfiles_create when 13.2 is oldest in support scope
/usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/racoon.conf || :

%service_add_post racoon.service racoon-setkey.service

%service_del_preun racoon.service racoon-setkey.service

%service_del_postun racoon.service racoon-setkey.service 

%doc /usr/share/doc/packages/%{name}/
%config(noreplace) /etc/racoon/psk.txt
%config(noreplace) /etc/racoon/racoon.conf
%config(noreplace) /etc/racoon/setkey.conf
%config /etc/pam.d/racoon
%dir /etc/racoon
%dir /etc/racoon/cert

openSUSE Build Service is sponsored by