]>
Commit | Line | Data |
---|---|---|
1 | # Conditional builds | |
2 | %bcond_with NAT # with NAT-Traversal | |
3 | %bcond_without x509 # without x509 support | |
4 | %bcond_without dist_kernel # without sources of distribution kernel | |
5 | %bcond_without modules # build only library+programs, no kernel modules | |
6 | # | |
7 | %define x509ver x509-1.4.8 | |
8 | %define nat_tr_ver 0.6 | |
9 | %define _25x_ver 20030825 | |
10 | %define _rel 0.1 | |
11 | Summary: Free IPSEC implemetation | |
12 | Summary(pl.UTF-8): Publicznie dostępna implementacja IPSEC | |
13 | Name: freeswan | |
14 | Version: 2.04 | |
15 | Release: %{_rel} | |
16 | License: GPL | |
17 | Group: Networking/Daemons | |
18 | Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz | |
19 | # Source0-md5: 37a15f760ca43317fe7c5d6e6859689c | |
20 | Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2 | |
21 | # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55 | |
22 | Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz | |
23 | # Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b | |
24 | Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz | |
25 | # Source3-md5: 6858a8535aa2611769d17e86e6735db2 | |
26 | Patch0: %{name}-showhostkey.patch | |
27 | Patch1: %{name}-init.patch | |
28 | Patch2: %{name}-paths.patch | |
29 | Patch3: %{name}-confread.patch | |
30 | URL: http://www.freeswan.org/ | |
31 | BuildRequires: gmp-devel | |
32 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}} | |
33 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}} | |
34 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}} | |
35 | BuildRequires: rpmbuild(macros) >= 1.118 | |
36 | # for useful lndir | |
37 | %{?with_modules:BuildRequires: xorg-util-lndir} | |
38 | Requires(post,preun): /sbin/chkconfig | |
39 | Requires: gawk | |
40 | Requires: gmp | |
41 | Requires: rc-scripts | |
42 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
43 | ||
44 | %description | |
45 | This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a | |
46 | free implementation of the IPsec protocol for Linux. It allows to | |
47 | build secure tunnels through untrusted networks. The basic idea of | |
48 | IPsec is to provide security functions (authentication and encryption) | |
49 | at the IP (Internet Protocol) level. | |
50 | ||
51 | %description -l pl.UTF-8 | |
52 | Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną | |
53 | implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie | |
54 | bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to | |
55 | zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na | |
56 | poziomie IP. | |
57 | ||
58 | %package -n kernel-net-ipsec | |
59 | Summary: Kernel module for Linux IPSEC | |
60 | Summary(pl.UTF-8): Moduł jądra dla IPSEC | |
61 | Release: %{_rel}@%{_kernel_ver_str} | |
62 | Group: Base/Kernel | |
63 | %{?with_dist_kernel:%requires_releq_kernel_up} | |
64 | Requires(post,postun): /sbin/depmod | |
65 | Requires: %{name} = %{version}-%{release} | |
66 | Requires: modutils >= 2.4.6-4 | |
67 | Conflicts: kernel <= 2.4.20-9 | |
68 | ||
69 | %description -n kernel-net-ipsec | |
70 | Kernel module for FreeS/WAN. | |
71 | ||
72 | %description -n kernel-net-ipsec -l pl.UTF-8 | |
73 | Moduł jądra wykorzystywany przez FreeS/WAN. | |
74 | ||
75 | %package -n kernel-smp-net-ipsec | |
76 | Summary: SMP kernel module for Linux IPSEC | |
77 | Summary(pl.UTF-8): Moduł jądra SMP dla IPSEC | |
78 | Release: %{_rel}@%{_kernel_ver_str} | |
79 | Group: Base/Kernel | |
80 | %{?with_dist_kernel:%requires_releq_kernel_up} | |
81 | Requires(post,postun): /sbin/depmod | |
82 | Requires: %{name} = %{version}-%{release} | |
83 | Requires: modutils >= 2.4.6-4 | |
84 | Conflicts: kernel-smp <= 2.4.20-9 | |
85 | ||
86 | %description -n kernel-smp-net-ipsec | |
87 | SMP kernel module for FreeS/WAN. | |
88 | ||
89 | %description -n kernel-smp-net-ipsec -l pl.UTF-8 | |
90 | Moduł jądra SMP wykorzystywany przez FreeS/WAN. | |
91 | ||
92 | %prep | |
93 | %setup -q -a2 -a3 | |
94 | %patch0 -p1 | |
95 | %patch1 -p1 | |
96 | %{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff} | |
97 | %patch3 -p1 | |
98 | %{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff} | |
99 | ||
100 | %build | |
101 | %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'` | |
102 | ||
103 | %if %{with modules} | |
104 | install -d kernelsrc | |
105 | lndir -silent %{_kernelsrcdir} kernelsrc | |
106 | mv kernelsrc/.config kernelsrc/.config.old | |
107 | cp kernelsrc/.config.old kernelsrc/.config | |
108 | ||
109 | %if %{with dist_kernel} | |
110 | rm -rf kernelsrc/include/asm | |
111 | cd kernelsrc | |
112 | patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch | |
113 | patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch | |
114 | patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch | |
115 | patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch | |
116 | cd .. | |
117 | rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec} | |
118 | rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h | |
119 | cp kernelsrc/config-up kernelsrc/.config | |
120 | %endif | |
121 | ||
122 | echo "CONFIG_IPSEC=m" >> kernelsrc/.config | |
123 | echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config | |
124 | echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config | |
125 | echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config | |
126 | echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config | |
127 | echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config | |
128 | echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config | |
129 | echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config | |
130 | echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config | |
131 | %endif | |
132 | ||
133 | USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE | |
134 | OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS | |
135 | CC="%{__cc}"; export CC | |
136 | ||
137 | ||
138 | %if %{with modules} | |
139 | %{__make} precheck verset kpatch ocf confcheck module \ | |
140 | BIND9STATICLIBDIR=%{_libdir} \ | |
141 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
142 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
143 | INC_USRLOCAL=/usr \ | |
144 | INC_MANDIR=share/man \ | |
145 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
146 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
147 | KERNELSRC="`pwd`/kernelsrc" | |
148 | ||
149 | install linux/net/ipsec/ipsec.o . | |
150 | ||
151 | %if %{with smp} | |
152 | rm -rf kernelsrc | |
153 | install -d kernelsrc | |
154 | lndir -silent %{_kernelsrcdir} kernelsrc | |
155 | mv kernelsrc/.config kernelsrc/.config.old | |
156 | cp kernelsrc/.config.old kernelsrc/.config | |
157 | ||
158 | %if %{with dist_kernel} | |
159 | rm -rf kernelsrc/include/asm | |
160 | cd kernelsrc | |
161 | patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch | |
162 | patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch | |
163 | patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch | |
164 | patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch | |
165 | cd .. | |
166 | rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec} | |
167 | rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h | |
168 | cp kernelsrc/config-smp kernelsrc/.config | |
169 | %endif | |
170 | ||
171 | echo "CONFIG_IPSEC=m" >> kernelsrc/.config | |
172 | echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config | |
173 | echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config | |
174 | echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config | |
175 | echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config | |
176 | echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config | |
177 | echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config | |
178 | echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config | |
179 | echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config | |
180 | %{__make} precheck verset kpatch ocf confcheck module \ | |
181 | BIND9STATICLIBDIR=%{_libdir} \ | |
182 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
183 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
184 | INC_USRLOCAL=/usr \ | |
185 | INC_MANDIR=share/man \ | |
186 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
187 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
188 | KERNELSRC="`pwd`/kernelsrc" | |
189 | %endif | |
190 | ||
191 | %endif | |
192 | ||
193 | %{__make} programs \ | |
194 | BIND9STATICLIBDIR=%{_libdir} \ | |
195 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
196 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
197 | INC_USRLOCAL=/usr \ | |
198 | INC_MANDIR=share/man \ | |
199 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
200 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
201 | KERNELSRC="`pwd`/kernelsrc" | |
202 | ||
203 | %install | |
204 | rm -rf $RPM_BUILD_ROOT | |
205 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto} | |
206 | ||
207 | %{__make} install \ | |
208 | BIND9STATICLIBDIR=%{_libdir} \ | |
209 | DESTDIR="$RPM_BUILD_ROOT" \ | |
210 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
211 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
212 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
213 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
214 | FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \ | |
215 | INC_USRLOCAL=/usr \ | |
216 | INC_MANDIR=share/man | |
217 | ||
218 | ||
219 | %if %{with x509} | |
220 | install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d | |
221 | for i in crls cacerts private policies; do | |
222 | install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i | |
223 | done | |
224 | for i in CHANGES README; do | |
225 | install %{x509ver}-%{name}-%{version}/$i $i.x509 ; | |
226 | done | |
227 | %endif | |
228 | ||
229 | bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} | |
230 | ||
231 | %if %{with modules} | |
232 | install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc | |
233 | install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc | |
234 | ||
235 | %if %{with smp} | |
236 | install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc | |
237 | install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc | |
238 | %endif | |
239 | ||
240 | %endif | |
241 | ||
242 | %clean | |
243 | rm -rf $RPM_BUILD_ROOT | |
244 | ||
245 | %post | |
246 | # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does | |
247 | # not already exist | |
248 | if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ]; | |
249 | then | |
250 | echo generate RSA private key... | |
251 | /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets | |
252 | chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets | |
253 | fi | |
254 | ||
255 | /sbin/chkconfig --add ipsec | |
256 | if [ -f /var/lock/subsys/ipsec ]; then | |
257 | /etc/rc.d/init.d/ipsec restart >&2 | |
258 | else | |
259 | echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2 | |
260 | fi | |
261 | ||
262 | %preun | |
263 | if [ "$1" = "0" ]; then | |
264 | if [ -f /var/lock/subsys/ipsec ]; then | |
265 | /etc/rc.d/init.d/ipsec stop >&2 | |
266 | fi | |
267 | /sbin/chkconfig --del ipsec >&2 | |
268 | fi | |
269 | ||
270 | %post -n kernel-net-ipsec | |
271 | %depmod %{_kernel_ver} | |
272 | ||
273 | %postun -n kernel-net-ipsec | |
274 | %depmod %{_kernel_ver} | |
275 | ||
276 | %post -n kernel-smp-net-ipsec | |
277 | %depmod %{_kernel_ver} | |
278 | ||
279 | %postun -n kernel-smp-net-ipsec | |
280 | %depmod %{_kernel_ver} | |
281 | ||
282 | %files | |
283 | %defattr(644,root,root,755) | |
284 | %doc README CREDITS CHANGES BUGS | |
285 | %doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html | |
286 | %{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal} | |
287 | %{?with_x509:%doc CHANGES.x509 README.x509} | |
288 | %{_mandir}/man*/* | |
289 | %lang(pl) %{_mandir}/pl/man*/* | |
290 | %attr(755,root,root) %{_sbindir}/* | |
291 | %attr(754,root,root) /etc/rc.d/init.d/* | |
292 | %dir %{_libdir}/ipsec | |
293 | %attr(755,root,root) %{_libdir}/ipsec/* | |
294 | %attr(751,root,root) %dir %{_sysconfdir}/ipsec | |
295 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf | |
296 | %if %{with x509} | |
297 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d | |
298 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs | |
299 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls | |
300 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts | |
301 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private | |
302 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies | |
303 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/* | |
304 | %endif | |
305 | ||
306 | %if %{with modules} | |
307 | %files -n kernel-net-ipsec | |
308 | %defattr(644,root,root,755) | |
309 | /lib/modules/%{_kernel_ver}/misc/ipsec* | |
310 | %if %{with smp} | |
311 | %files -n kernel-smp-net-ipsec | |
312 | %defattr(644,root,root,755) | |
313 | /lib/modules/%{_kernel_ver}smp/misc/ipsec* | |
314 | %endif | |
315 | %endif |