File openswan.spec of Package openswan
#
# spec file for package openswan (Version 2.6.16)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: openswan
Version: 2.6.16
Release: 1.<RELEASE49>
%define irel 2.6.16
License: GPL v2 or later
Group: Productivity/Networking/Security
Summary: IPsec Implementation which Allows Building of VPNs
Url: http://www.openswan.org/
Provides: pluto klips ipsec VPN freeswan
Obsoletes: freeswan
PreReq: gmp %insserv_prereq %fillup_prereq perl
Requires: ipsec-tools iproute2
AutoReqProv: on
Source: http://www.openswan.org/download/%{name}-%{irel}.tar.gz
Source1: http://www.openswan.org/download/%{name}-%{irel}.tar.gz.asc
Source10: openswan.README.SUSE
Source30: openswan.ipsec_1_to_2.pl
#
Patch0: openswan_00_features.dif
Patch1: openswan_01_build-paths.dif
Patch2: openswan_02_build-flags.dif
Patch3: openswan_03_build-groff.dif
Patch4: openswan_04_build_fixes.dif
Patch10: openswan_10_install-perms.dif
Patch30: openswan_30_rcscript.dif
Patch31: openswan_31_config.dif
Patch50: openswan-2.6.16-dpd_null_state.patch
Patch51: openswan-2.6.x-asn1.patch
Patch52: openswan-2.6.x-asn1_length.patch
#
Prefix: /usr
BuildRequires: bison flex gmp-devel libcurl-devel libpcap-devel
BuildRequires: groff xmlto
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
OpenS/WAN is the successor of FreeS/WAN.
OpenS/WAN is an IPsec implementation which allows building Virtual
Private Networks (VPNs). A typical VPN setup consists of two trusted
networks connected over an insecure network, typically the Internet.
OpenS/WAN allows you to create an encrypted tunnel through the insecure
area. Unlike CIPE, it is interoperable with other operating systems or
even router IPsec implementations
Authors:
--------
John Gilmore <gnu@toad.com>
Henry Spencer <henry@spsystems.net>
Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
Hugh Redelmeier <hugh@mimosa.com>
Sandy Harris <sandy.harris@sympatico.ca>
Hugh Daniels <hugh@toad.com>
%package doc
License: GPL v2 or later
Summary: OpenSWAN documentation
Group: Productivity/Networking/Security
%description doc
This package provides OpenSWAN HTML documentation and development
(section 3) manual pages.
Authors:
--------
John Gilmore <gnu@toad.com>
Henry Spencer <henry@spsystems.net>
Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
Hugh Redelmeier <hugh@mimosa.com>
Sandy Harris <sandy.harris@sympatico.ca>
Hugh Daniels <hugh@toad.com>
%prep
%setup -q -n %{name}-%{irel}
%patch0
%patch1
%patch2
%patch3
%patch4
%patch10
%patch30
%patch31
%patch50
%patch51 -p1
%patch52 -p1
%build
make programs prefix=%{prefix} LIBD=%{_lib} USERCOMPILE="$RPM_OPT_FLAGS -W"
ls -1 OBJ.linux.*/programs/pluto/pluto
%install
install -d -m 755 %{buildroot}/usr/lib
make install prefix=%{prefix} LIBD=%{_lib} DESTDIR=$RPM_BUILD_ROOT
rm -f ${RPM_BUILD_ROOT}/etc/init.d/setup
ln -sf /etc/init.d/ipsec ${RPM_BUILD_ROOT}%{prefix}/sbin/rcipsec
touch $RPM_BUILD_ROOT/etc/ipsec.secrets
#
install -m 755 %{SOURCE30} ${RPM_BUILD_ROOT}%{_libdir}/ipsec/ipsec_1_to_2.pl
install -m 644 %SOURCE10 %{buildroot}/%{_docdir}/%{name}/README.SUSE
install -m 644 programs/_confread/README.conf.V2 %{buildroot}/%{_docdir}/%{name}/
install -m 644 BUGS CHANGES CREDITS README %{buildroot}%{_docdir}/%{name}/
install -m 644 COPYING LICENSE %{buildroot}%{_docdir}/%{name}/
install -m 644 docs/debugging-tcpdump.txt %{buildroot}%{_docdir}/%{name}/
install -m 644 docs/KNOWN_BUGS*.txt %{buildroot}%{_docdir}/%{name}/
install -m 644 docs/RELEASE-NOTES.txt %{buildroot}%{_docdir}/%{name}/
rm -f %{buildroot}%{_docdir}/%{name}/GOING-AWAY
rm -f %{buildroot}%{_docdir}/%{name}/doxygen.cfg
rm -f %{buildroot}%{_docdir}/%{name}/impl.notes
mv -f %{buildroot}/etc/ipsec.d/examples %{buildroot}%{_docdir}/%{name}/
rm -f %{buildroot}/etc/rc?.d/[KS]*ipsec
%if "%{_lib}" != "lib"
# this is a 64 bit binary
mv %{buildroot}/usr/lib/ipsec/_copyright %{buildroot}/usr/%{_lib}/ipsec/
ln -sf ../../%{_lib}/ipsec/_copyright %{buildroot}/usr/lib/ipsec/_copyright
%endif
rm -f %{buildroot}/usr/lib*/ipsec/_updown.*.old
rm -f %{buildroot}/usr/lib*/ipsec/_startklips.old
#
base="%{buildroot}%{_mandir}"
rm -f ${base}/man5/pf_key.5*
rm -f ${base}/man8/ipsec_ipsec.8*
rm -f ${base}/man5/ipsec_ipsec.conf.5*
rm -f ${base}/man5/ipsec_ipsec.secrets.5*
rm -f ${base}/man5/ipsec_showpolicy.8*
ln -sf ipsec__updown.8 ${base}/man8/ipsec__updown.mast.8
ln -sf ipsec__updown.8 ${base}/man8/ipsec__updown.bsdkame.8
ln -sf ipsec__updown.netkey.8 ${base}/man8/ipsec__updown.klips.8
#
base="%{buildroot}%{_docdir}/%{name}"
ln -sf ipsec_version.3.html ${base}/ipsec_version_code.3.html
ln -sf ipsec_version.3.html ${base}/ipsec_version_string.3.html
ln -sf ipsec_initsubnet.3.html ${base}/ipsec_addrtosubnet.3.html
ln -sf ipsec_initsubnet.3.html ${base}/ipsec_maskof.3.html
ln -sf ipsec_initsubnet.3.html ${base}/ipsec_networkof.3.html
ln -sf ipsec_initsubnet.3.html ${base}/ipsec_masktocount.3.html
ln -sf ipsec_initaddr.3.html ${base}/ipsec_addrlenof.3.html
ln -sf ipsec_initaddr.3.html ${base}/ipsec_addrbytesptr.3.html
ln -sf ipsec_initaddr.3.html ${base}/ipsec_addrbytesof.3.html
ln -sf ipsec_initaddr.3.html ${base}/ipsec_addrtypeof.3.html
ln -sf ipsec_atoaddr.3.html ${base}/ipsec_addrtoa.3.html
ln -sf ipsec_atoaddr.3.html ${base}/ipsec_atosubnet.3.html
ln -sf ipsec_bitstomask.3.html ${base}/ipsec_goodmask.3.html
ln -sf ipsec_bitstomask.3.html ${base}/ipsec_masktobits.3.html
ln -sf ipsec__updown.8.html ${base}/ipsec__updown.mast.8.html
ln -sf ipsec__updown.netkey.8.html ${base}/ipsec__updown.klips.8.html
ln -sf ipsec_ttoul.3.html ${base}/ipsec_ultot.3.html
ln -sf ipsec_ttoaddr.3.html ${base}/ipsec_ttosubnet.3.html
ln -sf ipsec_ttoaddr.3.html ${base}/ipsec_tnatoaddr.3.html
ln -sf ipsec_ttoaddr.3.html ${base}/ipsec_subnettot.3.html
ln -sf ipsec_prng.3.html ${base}/ipsec_prng_bytes.3.html
ln -sf ipsec_prng.3.html ${base}/ipsec_prng_init.3.html
ln -sf ipsec_prng.3.html ${base}/ipsec_prng_final.3.html
ln -sf ipsec_hostof.3.html ${base}/ipsec_broadcastof.3.html
ln -sf ipsec_samesaid.3.html ${base}/ipsec_sameaddr.3.html
ln -sf ipsec_samesaid.3.html ${base}/ipsec_sameaddrtype.3.html
ln -sf ipsec_samesaid.3.html ${base}/ipsec_samesubnettype.3.html
ln -sf ipsec_samesaid.3.html ${base}/ipsec_samesubnet.3.html
ln -sf ipsec_samesaid.3.html ${base}/ipsec_subnetinsubnet.3.html
ln -sf ipsec_addrcmp.3.html ${base}/ipsec_addrinsubnet.3.html
ln -sf ipsec_isunspecaddr.3.html ${base}/ipsec_isanyaddr.3.html
ln -sf ipsec_isunspecaddr.3.html ${base}/ipsec_loopbackaddr.3.html
ln -sf ipsec_isunspecaddr.3.html ${base}/ipsec_isloopbackaddr.3.html
ln -sf ipsec_subnetinsubnet.3.html ${base}/ipsec_subnetishost.3.html
ln -sf ipsec_sockaddrof.3.html ${base}/ipsec_sockaddrlenof.3.html
ln -sf ipsec_sockaddrof.3.html ${base}/ipsec_setportof.3.html
#
find "%{buildroot}%{_docdir}/%{name}" -type f -exec chmod a-x,go-w \{\} \;
# remove moot livetest tool completely... CVE-2008-4190
find "%{buildroot}/" -name "*livetest*" -exec rm -vf \{\} \;
%files
%defattr(-,root,root)
/usr/sbin/ipsec
/usr/sbin/rcipsec
/usr/lib/ipsec
%if "%{_lib}" != "lib"
/usr/%{_lib}/ipsec/
%endif
%config /etc/init.d/ipsec
%config(noreplace) /etc/ipsec.conf
%ghost %attr(600,root,root) %config(noreplace) /etc/ipsec.secrets
%dir /etc/ipsec.d/
%dir /etc/ipsec.d/cacerts
%dir /etc/ipsec.d/certs
%dir /etc/ipsec.d/crls
/etc/ipsec.d/policies
%dir %attr(700,root,root) /etc/ipsec.d/private
%doc %{_mandir}/man8/ipsec*
%doc %{_mandir}/man5/ipsec*
%dir %doc %{_docdir}/%{name}
%doc %{_docdir}/%{name}/BUGS
%doc %{_docdir}/%{name}/CHANGES
%doc %{_docdir}/%{name}/CREDITS
%doc %{_docdir}/%{name}/COPYING
%doc %{_docdir}/%{name}/LICENSE
%doc %{_docdir}/%{name}/README*
%doc %{_docdir}/%{name}/ipsec.conf-sample
%files doc
%defattr(-,root,root)
%dir %doc %{_docdir}/%{name}
%doc %{_docdir}/%{name}/examples
%doc %{_docdir}/%{name}/KNOWN_BUGS.txt
%doc %{_docdir}/%{name}/KNOWN_BUGS_NETKEY.txt
%doc %{_docdir}/%{name}/RELEASE-NOTES.txt
%doc %{_docdir}/%{name}/debugging-tcpdump.txt
%doc %{_docdir}/%{name}/*.html
%doc %{_mandir}/man3/ipsec*
%clean
#test -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" || rm -rf $RPM_BUILD_ROOT
%post
%{fillup_and_insserv ipsec}
if test ! -s etc/ipsec.secrets; then
cat >etc/ipsec.secrets << EOF
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
#
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
# Generate pem certificates using "yast2 ca_mgm" module or plain RSA keys
# using the "ipsec newhostkey --output /etc/ipsec.secrets" command.
#
EOF
fi
if ! grep -q "version[ ]*2\.0" /etc/ipsec.conf; then
echo "Migrate config to v2.0 ..."
mv --backup=numbered /etc/ipsec.conf /etc/ipsec.conf.v1
/usr/lib/ipsec/ipsec_1_to_2.pl </etc/ipsec.conf.v1 >/etc/ipsec.conf
PEMS=/etc/ipsec.d/*.pem
if test "$PEMS" != "/etc/ipsec.d/*.pem"; then
cp -p --backup=numbered $PEMS /etc/ipsec/certs/
echo -e "The certificates\n$PEMS\nhave been copied to /etc/ipsec/certs/" \
>>/var/adm/notify/messages/openswan
echo "You may want to remove the old copies as soon as you stopped" \
>>/var/adm/notify/messages/openswan
echo -e "using OpenSwan-2.6.x\n" >>/var/adm/notify/messages/openswan
fi
fi
%preun
%{stop_on_removal ipsec}
# Some people expect to not loose their secrets even after multiple rpm -e.
if test -s etc/ipsec.secrets.rpmsave; then
cp -p --backup=numbered etc/ipsec.secrets.rpmsave etc/ipsec.secrets.rpmsave.old
fi
exit 0
%postun
%{restart_on_update ipsec}
%{insserv_cleanup}
%changelog
