[packages/freeswan.git] / freeswan.spec

# Conditional builds
%bcond_with	NAT		# with NAT-Traversal
%bcond_without	x509		# without x509 support
%bcond_without	dist_kernel	# without sources of distribution kernel
%bcond_without	modules		# build only library+programs, no kernel modules
#
%define x509ver		x509-1.4.8
%define nat_tr_ver	0.6
%define _25x_ver	20030825
%define	_rel	0.1
Summary:	Free IPSEC implemetation
Summary(pl.UTF-8):	Publicznie dostępna implementacja IPSEC
Name:		freeswan
Version:	2.04
Release:	%{_rel}
License:	GPL
Group:		Networking/Daemons
Source0:	ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
# Source0-md5:	37a15f760ca43317fe7c5d6e6859689c
Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
# Source1-md5:	6bd0b509015a2795cfb895aaab0bbc55
Source2:	http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
# Source2-md5:	d5ff93ed3dc33afcc3ab5d00ca11008b
Source3:	http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
# Source3-md5:	6858a8535aa2611769d17e86e6735db2
Patch0:		%{name}-showhostkey.patch
Patch1:		%{name}-init.patch
Patch2:		%{name}-paths.patch
Patch3:		%{name}-confread.patch
URL:		http://www.freeswan.org/
BuildRequires:	gmp-devel
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-doc}}
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-headers}}
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-source}}
BuildRequires:	rpmbuild(macros) >= 1.118
# for useful lndir
%{?with_modules:BuildRequires:	xorg-util-lndir}
Requires(post,preun):	/sbin/chkconfig
Requires:	gawk
Requires:	gmp
Requires:	rc-scripts
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
free implementation of the IPsec protocol for Linux. It allows to
build secure tunnels through untrusted networks. The basic idea of
IPsec is to provide security functions (authentication and encryption)
at the IP (Internet Protocol) level.

%description -l pl.UTF-8
Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną
implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie
bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na
poziomie IP.

%package -n kernel-net-ipsec
Summary:	Kernel module for Linux IPSEC
Summary(pl.UTF-8):	Moduł jądra dla IPSEC
Release:	%{_rel}@%{_kernel_ver_str}
Group:		Base/Kernel
%{?with_dist_kernel:%requires_releq_kernel_up}
Requires(post,postun):	/sbin/depmod
Requires:	%{name} = %{version}-%{release}
Requires:	modutils >= 2.4.6-4
Conflicts:	kernel <= 2.4.20-9

%description -n kernel-net-ipsec
Kernel module for FreeS/WAN.

%description -n kernel-net-ipsec -l pl.UTF-8
Moduł jądra wykorzystywany przez FreeS/WAN.

%package -n kernel-smp-net-ipsec
Summary:	SMP kernel module for Linux IPSEC
Summary(pl.UTF-8):	Moduł jądra SMP dla IPSEC
Release:	%{_rel}@%{_kernel_ver_str}
Group:		Base/Kernel
%{?with_dist_kernel:%requires_releq_kernel_up}
Requires(post,postun):	/sbin/depmod
Requires:	%{name} = %{version}-%{release}
Requires:	modutils >= 2.4.6-4
Conflicts:	kernel-smp <= 2.4.20-9

%description -n kernel-smp-net-ipsec
SMP kernel module for FreeS/WAN.

%description -n kernel-smp-net-ipsec -l pl.UTF-8
Moduł jądra SMP wykorzystywany przez FreeS/WAN.

%prep
%setup -q -a2 -a3
%patch0 -p1
%patch1 -p1
%{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
%patch3 -p1
%{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}

%build
%define	_kver	`echo "%{_kernel_ver}" |awk -F. '{print $2}'`

%if %{with modules}
install -d kernelsrc
lndir -silent %{_kernelsrcdir} kernelsrc
mv kernelsrc/.config kernelsrc/.config.old
cp kernelsrc/.config.old kernelsrc/.config

%if %{with dist_kernel}
rm -rf kernelsrc/include/asm
cd kernelsrc
patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
cd ..
rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
cp kernelsrc/config-up kernelsrc/.config
%endif

echo "CONFIG_IPSEC=m" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
%endif

USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
CC="%{__cc}"; export CC


%if %{with modules}
%{__make} precheck verset kpatch ocf confcheck module \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"

install linux/net/ipsec/ipsec.o .

%if %{with smp}
rm -rf kernelsrc
install -d kernelsrc
lndir -silent %{_kernelsrcdir} kernelsrc
mv kernelsrc/.config kernelsrc/.config.old
cp kernelsrc/.config.old kernelsrc/.config

%if %{with dist_kernel}
rm -rf kernelsrc/include/asm
cd kernelsrc
patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
cd ..
rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
cp kernelsrc/config-smp kernelsrc/.config
%endif

echo "CONFIG_IPSEC=m" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
%{__make} precheck verset kpatch ocf confcheck module \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"
%endif

%endif

%{__make} programs \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}

%{__make} install \
	BIND9STATICLIBDIR=%{_libdir} \
	DESTDIR="$RPM_BUILD_ROOT" \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man


%if %{with x509}
install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
for i in crls cacerts private policies; do
	install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
done
for i in CHANGES README; do
	install  %{x509ver}-%{name}-%{version}/$i $i.x509 ;
done
%endif

bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}

%if %{with modules}
install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc

%if %{with smp}
install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
%endif

%endif

%clean
rm -rf $RPM_BUILD_ROOT

%post
# generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
# not already exist
if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
then
	echo generate RSA private key...
	/usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
	chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
fi

/sbin/chkconfig --add ipsec
if [ -f /var/lock/subsys/ipsec ]; then
	/etc/rc.d/init.d/ipsec restart >&2
else
	echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
fi

%preun
if [ "$1" = "0" ]; then
	if [ -f /var/lock/subsys/ipsec ]; then
		/etc/rc.d/init.d/ipsec stop >&2
	fi
	/sbin/chkconfig --del ipsec >&2
fi

%post	-n kernel-net-ipsec
%depmod %{_kernel_ver}

%postun -n kernel-net-ipsec
%depmod %{_kernel_ver}

%post	-n kernel-smp-net-ipsec
%depmod %{_kernel_ver}

%postun -n kernel-smp-net-ipsec
%depmod %{_kernel_ver}

%files
%defattr(644,root,root,755)
%doc README CREDITS CHANGES BUGS
%doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
%{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
%{?with_x509:%doc CHANGES.x509 README.x509}
%{_mandir}/man*/*
%lang(pl) %{_mandir}/pl/man*/*
%attr(755,root,root) %{_sbindir}/*
%attr(754,root,root) /etc/rc.d/init.d/*
%dir %{_libdir}/ipsec
%attr(755,root,root) %{_libdir}/ipsec/*
%attr(751,root,root) %dir %{_sysconfdir}/ipsec
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
%if %{with x509}
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
%endif

%if %{with modules}
%files -n kernel-net-ipsec
%defattr(644,root,root,755)
/lib/modules/%{_kernel_ver}/misc/ipsec*
%if %{with smp}
%files -n kernel-smp-net-ipsec
%defattr(644,root,root,755)
/lib/modules/%{_kernel_ver}smp/misc/ipsec*
%endif
%endif
Commit	Line	Data
	1	# Conditional builds
	2	%bcond_with NAT # with NAT-Traversal
	3	%bcond_without x509 # without x509 support
	4	%bcond_without dist_kernel # without sources of distribution kernel
	5	%bcond_without modules # build only library+programs, no kernel modules
	6	#
	7	%define x509ver x509-1.4.8
	8	%define nat_tr_ver 0.6
	9	%define _25x_ver 20030825
	10	%define _rel 0.1
	11	Summary: Free IPSEC implemetation
	12	Summary(pl.UTF-8): Publicznie dostępna implementacja IPSEC
	13	Name: freeswan
	14	Version: 2.04
	15	Release: %{_rel}
	16	License: GPL
	17	Group: Networking/Daemons
	18	Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
	19	# Source0-md5: 37a15f760ca43317fe7c5d6e6859689c
	20	Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
	21	# Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55
	22	Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
	23	# Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b
	24	Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
	25	# Source3-md5: 6858a8535aa2611769d17e86e6735db2
	26	Patch0: %{name}-showhostkey.patch
	27	Patch1: %{name}-init.patch
	28	Patch2: %{name}-paths.patch
	29	Patch3: %{name}-confread.patch
	30	URL: http://www.freeswan.org/
	31	BuildRequires: gmp-devel
	32	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}}
	33	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}}
	34	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}}
	35	BuildRequires: rpmbuild(macros) >= 1.118
	36	# for useful lndir
	37	%{?with_modules:BuildRequires: xorg-util-lndir}
	38	Requires(post,preun): /sbin/chkconfig
	39	Requires: gawk
	40	Requires: gmp
	41	Requires: rc-scripts
	42	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	43
	44	%description
	45	This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
	46	free implementation of the IPsec protocol for Linux. It allows to
	47	build secure tunnels through untrusted networks. The basic idea of
	48	IPsec is to provide security functions (authentication and encryption)
	49	at the IP (Internet Protocol) level.
	50
	51	%description -l pl.UTF-8
	52	Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną
	53	implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie
	54	bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
	55	zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na
	56	poziomie IP.
	57
	58	%package -n kernel-net-ipsec
	59	Summary: Kernel module for Linux IPSEC
	60	Summary(pl.UTF-8): Moduł jądra dla IPSEC
	61	Release: %{_rel}@%{_kernel_ver_str}
	62	Group: Base/Kernel
	63	%{?with_dist_kernel:%requires_releq_kernel_up}
	64	Requires(post,postun): /sbin/depmod
	65	Requires: %{name} = %{version}-%{release}
	66	Requires: modutils >= 2.4.6-4
	67	Conflicts: kernel <= 2.4.20-9
	68
	69	%description -n kernel-net-ipsec
	70	Kernel module for FreeS/WAN.
	71
	72	%description -n kernel-net-ipsec -l pl.UTF-8
	73	Moduł jądra wykorzystywany przez FreeS/WAN.
	74
	75	%package -n kernel-smp-net-ipsec
	76	Summary: SMP kernel module for Linux IPSEC
	77	Summary(pl.UTF-8): Moduł jądra SMP dla IPSEC
	78	Release: %{_rel}@%{_kernel_ver_str}
	79	Group: Base/Kernel
	80	%{?with_dist_kernel:%requires_releq_kernel_up}
	81	Requires(post,postun): /sbin/depmod
	82	Requires: %{name} = %{version}-%{release}
	83	Requires: modutils >= 2.4.6-4
	84	Conflicts: kernel-smp <= 2.4.20-9
	85
	86	%description -n kernel-smp-net-ipsec
	87	SMP kernel module for FreeS/WAN.
	88
	89	%description -n kernel-smp-net-ipsec -l pl.UTF-8
	90	Moduł jądra SMP wykorzystywany przez FreeS/WAN.
	91
	92	%prep
	93	%setup -q -a2 -a3
	94	%patch0 -p1
	95	%patch1 -p1
	96	%{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
	97	%patch3 -p1
	98	%{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}
	99
	100	%build
	101	%define _kver `echo "%{_kernel_ver}" \|awk -F. '{print $2}'`
	102
	103	%if %{with modules}
	104	install -d kernelsrc
	105	lndir -silent %{_kernelsrcdir} kernelsrc
	106	mv kernelsrc/.config kernelsrc/.config.old
	107	cp kernelsrc/.config.old kernelsrc/.config
	108
	109	%if %{with dist_kernel}
	110	rm -rf kernelsrc/include/asm
	111	cd kernelsrc
	112	patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
	113	patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
	114	patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
	115	patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
	116	cd ..
	117	rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
	118	rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
	119	cp kernelsrc/config-up kernelsrc/.config
	120	%endif
	121
	122	echo "CONFIG_IPSEC=m" >> kernelsrc/.config
	123	echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
	124	echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
	125	echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
	126	echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
	127	echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
	128	echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
	129	echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
	130	echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
	131	%endif
	132
	133	USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
	134	OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
	135	CC="%{__cc}"; export CC
	136
	137
	138	%if %{with modules}
	139	%{__make} precheck verset kpatch ocf confcheck module \
	140	BIND9STATICLIBDIR=%{_libdir} \
	141	FINALCONFDIR=%{_sysconfdir}/ipsec \
	142	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	143	INC_USRLOCAL=/usr \
	144	INC_MANDIR=share/man \
	145	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	146	FINALLIBEXECDIR=%{_libdir}/ipsec \
	147	KERNELSRC="`pwd`/kernelsrc"
	148
	149	install linux/net/ipsec/ipsec.o .
	150
	151	%if %{with smp}
	152	rm -rf kernelsrc
	153	install -d kernelsrc
	154	lndir -silent %{_kernelsrcdir} kernelsrc
	155	mv kernelsrc/.config kernelsrc/.config.old
	156	cp kernelsrc/.config.old kernelsrc/.config
	157
	158	%if %{with dist_kernel}
	159	rm -rf kernelsrc/include/asm
	160	cd kernelsrc
	161	patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
	162	patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
	163	patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
	164	patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
	165	cd ..
	166	rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
	167	rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
	168	cp kernelsrc/config-smp kernelsrc/.config
	169	%endif
	170
	171	echo "CONFIG_IPSEC=m" >> kernelsrc/.config
	172	echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
	173	echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
	174	echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
	175	echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
	176	echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
	177	echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
	178	echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
	179	echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
	180	%{__make} precheck verset kpatch ocf confcheck module \
	181	BIND9STATICLIBDIR=%{_libdir} \
	182	FINALCONFDIR=%{_sysconfdir}/ipsec \
	183	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	184	INC_USRLOCAL=/usr \
	185	INC_MANDIR=share/man \
	186	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	187	FINALLIBEXECDIR=%{_libdir}/ipsec \
	188	KERNELSRC="`pwd`/kernelsrc"
	189	%endif
	190
	191	%endif
	192
	193	%{__make} programs \
	194	BIND9STATICLIBDIR=%{_libdir} \
	195	FINALCONFDIR=%{_sysconfdir}/ipsec \
	196	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	197	INC_USRLOCAL=/usr \
	198	INC_MANDIR=share/man \
	199	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	200	FINALLIBEXECDIR=%{_libdir}/ipsec \
	201	KERNELSRC="`pwd`/kernelsrc"
	202
	203	%install
	204	rm -rf $RPM_BUILD_ROOT
	205	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
	206
	207	%{__make} install \
	208	BIND9STATICLIBDIR=%{_libdir} \
	209	DESTDIR="$RPM_BUILD_ROOT" \
	210	FINALCONFDIR=%{_sysconfdir}/ipsec \
	211	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	212	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	213	FINALLIBEXECDIR=%{_libdir}/ipsec \
	214	FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
	215	INC_USRLOCAL=/usr \
	216	INC_MANDIR=share/man
	217
	218
	219	%if %{with x509}
	220	install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
	221	for i in crls cacerts private policies; do
	222	install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
	223	done
	224	for i in CHANGES README; do
	225	install %{x509ver}-%{name}-%{version}/$i $i.x509 ;
	226	done
	227	%endif
	228
	229	bzip2 -dc %{SOURCE1} \| tar xf - -C $RPM_BUILD_ROOT%{_mandir}
	230
	231	%if %{with modules}
	232	install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
	233	install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
	234
	235	%if %{with smp}
	236	install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
	237	install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
	238	%endif
	239
	240	%endif
	241
	242	%clean
	243	rm -rf $RPM_BUILD_ROOT
	244
	245	%post
	246	# generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
	247	# not already exist
	248	if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
	249	then
	250	echo generate RSA private key...
	251	/usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
	252	chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
	253	fi
	254
	255	/sbin/chkconfig --add ipsec
	256	if [ -f /var/lock/subsys/ipsec ]; then
	257	/etc/rc.d/init.d/ipsec restart >&2
	258	else
	259	echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
	260	fi
	261
	262	%preun
	263	if [ "$1" = "0" ]; then
	264	if [ -f /var/lock/subsys/ipsec ]; then
	265	/etc/rc.d/init.d/ipsec stop >&2
	266	fi
	267	/sbin/chkconfig --del ipsec >&2
	268	fi
	269
	270	%post -n kernel-net-ipsec
	271	%depmod %{_kernel_ver}
	272
	273	%postun -n kernel-net-ipsec
	274	%depmod %{_kernel_ver}
	275
	276	%post -n kernel-smp-net-ipsec
	277	%depmod %{_kernel_ver}
	278
	279	%postun -n kernel-smp-net-ipsec
	280	%depmod %{_kernel_ver}
	281
	282	%files
	283	%defattr(644,root,root,755)
	284	%doc README CREDITS CHANGES BUGS
	285	%doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
	286	%{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
	287	%{?with_x509:%doc CHANGES.x509 README.x509}
	288	%{_mandir}/man/
	289	%lang(pl) %{_mandir}/pl/man/
	290	%attr(755,root,root) %{_sbindir}/*
	291	%attr(754,root,root) /etc/rc.d/init.d/*
	292	%dir %{_libdir}/ipsec
	293	%attr(755,root,root) %{_libdir}/ipsec/*
	294	%attr(751,root,root) %dir %{_sysconfdir}/ipsec
	295	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
	296	%if %{with x509}
	297	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
	298	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
	299	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
	300	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
	301	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
	302	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
	303	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
	304	%endif
	305
	306	%if %{with modules}
	307	%files -n kernel-net-ipsec
	308	%defattr(644,root,root,755)
	309	/lib/modules/%{_kernel_ver}/misc/ipsec*
	310	%if %{with smp}
	311	%files -n kernel-smp-net-ipsec
	312	%defattr(644,root,root,755)
	313	/lib/modules/%{_kernel_ver}smp/misc/ipsec*
	314	%endif
	315	%endif