+#
# TODO:
# - /opt ??????
+# - cvpnd use nobody account, permission to /proc/net and /etc/opt/cisco-vpnclient/* files and dirs
+#
+# WARNING:
+# - It does not work with kernel >= 2.6.29. I'm able to connect, but the first
+# ip packet send via cipsec0 interface (even simple icmp echo) causes kernel
+# panic.
+#
+# Status:
+# - works with kernel-vanilla 2.6.27.*
+# - fails with kernel-vanilla 2.6.30 (kernel panic, see warning)
+# - fails with kernel-2.6.27 (/proc/net permissions. grsec related problem?)
+#
# Conditional build:
%bcond_without dist_kernel # without distribution kernel
%bcond_without kernel # don't build kernel modules
%if !%{with kernel}
%undefine with_dist_kernel
%endif
-%define _rel 0.1
+%define _rel 4
Summary: Cisco Systems VPN Client
Summary(pl.UTF-8): Klient VPN produkcji Cisco Systems
Name: cisco-vpnclient
-Version: 4.8.00.0490_k9
+Version: 4.8.02.0030_k9
Release: %{_rel}
License: Commercial
Group: Networking
-Source0: vpnclient-linux-4.8.00.0490-k9.tar.gz
-# NoSource0-md5: 293b08509aa56d9b5ab9f536b0dea6f3
-Source1: vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
-# NoSource1-md5: 0f366eafd3a73823766e14b081591c0b
-Source2: cisco_vpnclient.init
+# Source0-download: http://projects.tuxx-home.at/ciscovpn/clients/linux/
+Source0: vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
+# NoSource0-md5: de869c26dbc3b8851759907855dee48c
+Source1: %{name}.modprobe
NoSource: 0
-NoSource: 1
-# patchs - http://projects.tuxx-home.at/?id=cisco_vpn_client
-Patch0: %{name}-2.6.22.patch
+# patches - http://projects.tuxx-home.at/?id=cisco_vpn_client
+Patch1: %{name}-skbuff_offset.patch
URL: http://www.cisco.com/en/US/products/sw/secursw/ps2308/tsd_products_support_series_home.html
%{?with_dist_kernel:BuildRequires: kernel%{_alt_kernel}-module-build >= 3:2.6.22}
BuildRequires: rpmbuild(macros) >= 1.379
-Requires(post,preun): /sbin/chkconfig
-Requires: rc-scripts
ExclusiveArch: %{ix86} %{x8664}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description -l pl.UTF-8
Klient VPN produkcji Cisco Systems.
-%package -n kernel-net-cisco_ipsec
+%package -n kernel%{_alt_kernel}-net-cisco_ipsec
Summary: Cisco Systems VPN Client - kernel module
Summary(pl.UTF-8): Klient VPN produkcji Cisco Systems - moduł jądra
Release: %{_rel}@%{_kernel_ver_str}
Requires(post,postun): /sbin/depmod
Provides: cisco-vpnclient(kernel)
-%description -n kernel-net-cisco_ipsec
+%description -n kernel%{_alt_kernel}-net-cisco_ipsec
Cisco Systems VPN Client - Linux kernel module.
-%description -n kernel-net-cisco_ipsec -l pl.UTF-8
+%description -n kernel%{_alt_kernel}-net-cisco_ipsec -l pl.UTF-8
Klient VPN produkcji Cisco Systems - moduł jądra Linuksa.
%prep
%setup -q -T -c
-%ifarch %{ix86}
tar -zxvf %{SOURCE0}
-%endif
-%ifarch %{x8664}
-tar -zxvf %{SOURCE1}
-%endif
-%patch0 -p1
+%patch1 -p0
%build
%if %{with kernel}
%endif
%if %{with userspace}
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_sbindir}} \
+install -d $RPM_BUILD_ROOT{/etc/modprobe.d,%{_sbindir}} \
$RPM_BUILD_ROOT%{_sysconfdir}/opt/cisco-vpnclient/{Certificates,Profiles} \
$RPM_BUILD_ROOT/opt/cisco-vpnclient/{bin,lib,include}
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/modprobe.d/cisco-vpnclient.conf
install {cisco_cert_mgr,vpnclient,cvpnd,ipseclog} $RPM_BUILD_ROOT/opt/cisco-vpnclient/bin
install libvpnapi.so $RPM_BUILD_ROOT/opt/cisco-vpnclient/lib
%clean
rm -rf $RPM_BUILD_ROOT
-%post
-/sbin/chkconfig --add cisco-vpnclient
-%service cisco-vpnclient restart
-
-%preun
-if [ "$1" = "0" ]; then
- %service cisco-vpnclient stop
- /sbin/chkconfig --del cisco-vpnclient
-fi
-
%post -n kernel%{_alt_kernel}-net-cisco_ipsec
%depmod %{_kernel_ver}
%files
%defattr(644,root,root,755)
%doc vpnclient/license.txt vpnclient/sample.pcf
+/etc/modprobe.d/cisco-vpnclient.conf
%dir /opt/cisco-vpnclient
%dir /opt/cisco-vpnclient/bin
%dir /opt/cisco-vpnclient/lib
%dir %{_sysconfdir}/opt/cisco-vpnclient
%dir %{_sysconfdir}/opt/cisco-vpnclient/Certificates
%dir %{_sysconfdir}/opt/cisco-vpnclient/Profiles
-%attr(755,root,root) /opt/cisco-vpnclient/bin/*
+%attr(755,root,root) /opt/cisco-vpnclient/bin/cisco_cert_mgr
+%attr(755,root,root) /opt/cisco-vpnclient/bin/ipseclog
+%attr(755,root,root) /opt/cisco-vpnclient/bin/vpnclient
+%attr(4111,root,root) /opt/cisco-vpnclient/bin/cvpnd
%attr(755,root,root) %{_sbindir}/*
/opt/cisco-vpnclient/lib/*
/opt/cisco-vpnclient/include/*
%attr(755,root,root) %{_sysconfdir}/CiscoSystemsVPNClient
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/opt/cisco-vpnclient/vpnclient.ini
-%attr(754,root,root) /etc/rc.d/init.d/%{name}
%endif
%if %{with kernel} || %{with dist_kernel}