freeswan.spec

   1 # Conditional builds
   2 # _without_x509         - without x509 support
   3 # _without_dist_kernel  - without distribution kernel
   4
   5 %define x509ver          x509-1.3.5
   6 Summary:        Free IPSEC implemetation
   7 Summary(pl):    Publicznie dostêpna implementacja IPSEC
   8 Name:           freeswan
   9 Version:        2.00
  10 Release:        2
  11 License:        GPL
  12 Group:          Networking/Daemons
  13 Source0:        ftp://ftp.xs4all.nl/pub/crypto/%{name}/development/%{name}-%{version}.tar.gz
  14 # Source0-md5:  9bf0c0f9aaf79b93cced4f3ab545129c
  15 Source1:        http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
  16 # Source1-md5:  6bd0b509015a2795cfb895aaab0bbc55
  17 Source2:        http://www.strongsec.com/%{name}/%{x509ver}-%{name}-%{version}.tar.gz
  18 # Source2-md5:  7efe6fd8615ad48e143b1b65f7b1c343
  19 Patch0:         %{name}-showhostkey.patch
  20 Patch1:         %{name}-init.patch
  21 Patch2:         %{name}-paths.patch
  22 Patch3:         %{name}-confread.patch
  23 URL:            http://www.freeswan.org/
  24 BuildRequires:  gmp-devel
  25 Prereq:         /sbin/chkconfig
  26 Prereq:         rc-scripts
  27 Requires:       gmp
  28 Requires:       gawk
  29 %{!?_without_dist_kernel:Requires:      kernel(freeswan) = %{version}}
  30 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  31
  32 %define x509 1
  33 %{?_without_x509:%define x509 0}
  34
  35 %description
  36 The basic idea of IPSEC is to provide security functions
  37 (authentication and encryption) at the IP (Internet Protocol) level.
  38 It will be required in IP version 6 (better known as IPng, the next
  39 generation) and is optional for the current IP, version 4.
  40
  41 FreeS/WAN is a freely-distributable implementation of IPSEC protocol.
  42 FreeS/WAN utilities%{?!_without_x509: compiled with X.509 certificate support}.
  43
  44 %description -l pl
  45 Podstawowa idea IPSEC to zapewnienie funkcji bezpieczeñstwa
  46 (autentykacji i szyfrowania) na poziomie IP. Bêdzie wymagany do IP w
  47 wersji 6 (znanego tak¿e jako IPng, IP nastêpnej generacji) i jest
  48 opcjonalny dla aktualnego IP, w wersji 4.
  49
  50 FreeS/WAN jest darmow± implementacj± protoko³u IPSEC.
  51
  52 %prep
  53 %setup  -q -a2 -n %{name}-%{version}
  54 %patch0 -p1
  55 %patch1 -p1
  56 %{?!_without_x509:patch -p1 <%{x509ver}-%{name}-%{version}/freeswan.diff}
  57 %patch2 -p1
  58 %patch3 -p1
  59 %build
  60
  61 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
  62 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
  63 CC=%{__cc}; export CC
  64 %{__make} programs \
  65         FINALCONFDIR=%{_sysconfdir}/ipsec \
  66         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
  67         INC_USRLOCAL=/usr \
  68         INC_MANDIR=share/man \
  69         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
  70         BIND9STATICLIBDIR=%{_libdir} \
  71         FINALLIBEXECDIR=%{_libdir}/ipsec
  72
  73 %install
  74 rm -rf $RPM_BUILD_ROOT
  75 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
  76
  77 %{__make} install \
  78         DESTDIR="$RPM_BUILD_ROOT" \
  79         INC_USRLOCAL=/usr \
  80         INC_MANDIR=share/man \
  81         FINALCONFDIR=%{_sysconfdir}/ipsec \
  82         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
  83         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
  84         FINALLIBEXECDIR=%{_libdir}/ipsec \
  85         BIND9STATICLIBDIR=%{_libdir} \
  86         FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version}
  87
  88 %if %{x509}
  89  install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
  90  for i in crls cacerts private policies; do
  91   install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
  92 done
  93 for i in CHANGES README; do
  94   install  %{x509ver}-%{name}-%{version}/$i $i.x509 ;
  95 done
  96 %endif
  97
  98 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
  99
 100 %post
 101 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
 102 # not already exist
 103 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
 104 then
 105     echo generate RSA private key...
 106     /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
 107     chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
 108 fi
 109
 110 /sbin/chkconfig --add ipsec
 111 if [ -f /var/lock/subsys/ipsec ]; then
 112         /etc/rc.d/init.d/ipsec restart >&2
 113 else
 114         echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
 115 fi
 116
 117 %preun
 118 if [ "$1" = "0" ]; then
 119         if [ -f /var/lock/subsys/ipsec ]; then
 120                 /etc/rc.d/init.d/ipsec stop >&2
 121         fi
 122         /sbin/chkconfig --del ipsec >&2
 123 fi
 124
 125 %clean
 126 rm -rf $RPM_BUILD_ROOT
 127
 128 %files
 129 %defattr(644,root,root,755)
 130 %doc README CREDITS CHANGES BUGS
 131 %doc doc/{kernel.notes,impl.notes,examples,prob.report,standards} doc/*.html
 132 %{?!_without_x509:%doc CHANGES.x509 README.x509}
 133 %{_mandir}/man*/*
 134 %lang(pl) %{_mandir}/pl/man*/*
 135 %attr(755,root,root) %{_sbindir}/*
 136 %attr(754,root,root) /etc/rc.d/init.d/*
 137 %dir %{_libdir}/ipsec
 138 %attr(755,root,root) %{_libdir}/ipsec/*
 139 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
 140 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.conf
 141 %if %{x509}
 142 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
 143 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
 144 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
 145 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
 146 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
 147 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
 148 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.d/policies/*
 149 %endif