File strongswan.spec of Package strongswan
#
# spec file for package strongswan (Version 4.3.4)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: strongswan
%define upstream_version 4.3.4
%define strongswan_docdir %{_docdir}/%{name}
Version: 4.3.4
Release: 4.<RELEASE4>
License: GPLv2+
Group: Productivity/Networking/Security
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Url: http://www.strongswan.org/
PreReq: gmp grep %insserv_prereq %fillup_prereq
Requires: iproute2
Provides: pluto klips ipsec VPN freeswan
Obsoletes: freeswan
Conflicts: openswan
AutoReqProv: on
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}-4.3.4-load_secrets-lock-fix.diff
Patch3: %{name}-4.3.4-load_secrets-dbgmsg-fix.diff
Patch4: %{name}-4.3.4-snprintf-fix.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel
BuildRequires: libgcrypt-devel
BuildRequires: openldap2-devel
BuildRequires: curl-devel
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec)
kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange
protocols
* NEW: Fully tested support of IPv6 IPsec tunnel connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC
4555)
* Fast connection startup and periodic update using ipsec starter
* Automatic insertion and deletion of IPsec policy based firewall
rules
* Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Static Virtual IPs and IKE Mode Config Pull and Push modes
* XAUTH server and client functionality on top of IKE Main Mode
authentication
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first
strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via
HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF
2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates ( RFC 3281)
* Optional storage of RSA private keys and certificates on a
smartcard
* Smartcard access via standardized PKCS #11 interface
* PKCS #11 proxy function offering RSA decryption services via whack
* NEW: strongSwan Manager - a graphical management interface for IKEv2
Authors:
--------
Andreas Steffen
and others
%package doc
License: GPLv2+
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
%description doc
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the StrongSwan documentation.
Authors:
--------
Andreas Steffen
and others
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p1
%patch3 -p1
%patch4 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
%build
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing"
export RPM_OPT_FLAGS CFLAGS
libtoolize --force
%{?suse_update_config:%{suse_update_config -f}}
autoreconf
%configure \
--enable-integrity-test \
--with-capabilities=libcap \
--with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \
--enable-smartcard \
--with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
--enable-cisco-quirks \
--enable-openssl \
--enable-gcrypt \
--enable-ldap \
--enable-curl
make %{?_smp_mflags:%_smp_mflags}
%install
export RPM_BUILD_ROOT
install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
#
make install DESTDIR="$RPM_BUILD_ROOT"
#
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
# This file holds the RSA private keys or the PSK preshared secrets for
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
#
EOT
#
rm -f $RPM_BUILD_ROOT%{_libdir}/libstrongswan.{so,a,la}
find $RPM_BUILD_ROOT%{_libexecdir}/ipsec \
-name "*.a" -o -name "*.la" | xargs -r rm -f
#
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m644 TODO NEWS README COPYING CREDITS \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan
%post
%{run_ldconfig}
%{fillup_and_insserv ipsec}
%preun
%{stop_on_removal ipsec}
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old
fi
if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old
fi
%postun
%{run_ldconfig}
%{insserv_cleanup}
%files
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
%dir %{_sysconfdir}/ipsec.d/certs
%dir %{_sysconfdir}/ipsec.d/acerts
%dir %{_sysconfdir}/ipsec.d/aacerts
%dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
%{_libdir}/libstrongswan.*
%{_mandir}/man5/ipsec.conf.5*
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man8/ipsec.8*
%dir %{_localstatedir}/run/strongswan
%files doc
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/TODO
%{strongswan_docdir}/NEWS
%{strongswan_docdir}/README
%{strongswan_docdir}/COPYING
%{strongswan_docdir}/CREDITS
%{_mandir}/man3/anyaddr.3*
%{_mandir}/man3/atoaddr.3*
%{_mandir}/man3/atoasr.3*
%{_mandir}/man3/atosa.3*
%{_mandir}/man3/atoul.3*
%{_mandir}/man3/goodmask.3*
%{_mandir}/man3/initaddr.3*
%{_mandir}/man3/initsubnet.3*
%{_mandir}/man3/keyblobtoid.3*
%{_mandir}/man3/portof.3*
%{_mandir}/man3/prng.3*
%{_mandir}/man3/rangetosubnet.3*
%{_mandir}/man3/sameaddr.3*
%{_mandir}/man3/subnetof.3*
%{_mandir}/man3/ttoaddr.3*
%{_mandir}/man3/ttodata.3*
%{_mandir}/man3/ttosa.3*
%{_mandir}/man3/ttoul.3*
%{_mandir}/man8/_copyright.8*
%{_mandir}/man8/_updown.8*
%{_mandir}/man8/_updown_espmark.8*
%{_mandir}/man8/openac.8*
%{_mandir}/man8/pluto.8*
%{_mandir}/man8/scepclient.8*
%{_mandir}/man8/starter.8*
%changelog
