#
+# TODO:
+# - /opt ??????
+# - cvpnd use nobody account, permission to /proc/net and /etc/opt/cisco-vpnclient/* files and dirs
+#
+# WARNING:
+# - It does not work with kernel >= 2.6.29. I'm able to connect, but the first
+# ip packet send via cipsec0 interface (even simple icmp echo) causes kernel
+# panic.
+#
+# Status:
+# - works with kernel-vanilla 2.6.27.*
+# - fails with kernel-vanilla 2.6.30 (kernel panic, see warning)
+# - fails with kernel-2.6.27 (/proc/net permissions. grsec related problem?)
+#
# Conditional build:
%bcond_without dist_kernel # without distribution kernel
%bcond_without kernel # don't build kernel modules
-%bcond_without smp # don't build SMP module
%bcond_without userspace # don't build userspace tools
%bcond_with verbose # verbose build (V=1)
#
-%if %{without kernel}
+%if !%{with kernel}
%undefine with_dist_kernel
%endif
-%define _rel 0.1
+%define _rel 4
Summary: Cisco Systems VPN Client
-Summary(pl): Klient VPN produkcji Cisco Systems
+Summary(pl.UTF-8): Klient VPN produkcji Cisco Systems
Name: cisco-vpnclient
-Version: 4.6.02.0030_k9
+Version: 4.8.02.0030_k9
Release: %{_rel}
License: Commercial
-Vendor: Cisco Systems
Group: Networking
-Source0: vpnclient-linux-4.6.02.0030-k9.tar.gz
-# NoSource0-md5: 435dd370208643e526623ddfca6e938a
-Source1: cisco_vpnclient.init
+# Source0-download: http://projects.tuxx-home.at/ciscovpn/clients/linux/
+Source0: vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
+# NoSource0-md5: de869c26dbc3b8851759907855dee48c
+Source1: %{name}.modprobe
NoSource: 0
+# patches - http://projects.tuxx-home.at/?id=cisco_vpn_client
+Patch1: %{name}-skbuff_offset.patch
URL: http://www.cisco.com/en/US/products/sw/secursw/ps2308/tsd_products_support_series_home.html
-%{?with_dist_kernel:BuildRequires: kernel-module-build >= 2.6.0}
-BuildRequires: rpmbuild(macros) >= 1.153
-ExclusiveArch: %{ix86}
+%{?with_dist_kernel:BuildRequires: kernel%{_alt_kernel}-module-build >= 3:2.6.22}
+BuildRequires: rpmbuild(macros) >= 1.379
+ExclusiveArch: %{ix86} %{x8664}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
Cisco Systems VPN Client.
-%description -l pl
+%description -l pl.UTF-8
Klient VPN produkcji Cisco Systems.
-%package -n kernel-net-cisco_ipsec
+%package -n kernel%{_alt_kernel}-net-cisco_ipsec
Summary: Cisco Systems VPN Client - kernel module
-Summary(pl): Klient VPN produkcji Cisco Systems - modu³ j±dra
+Summary(pl.UTF-8): Klient VPN produkcji Cisco Systems - moduł jądra
Release: %{_rel}@%{_kernel_ver_str}
Group: Base/Kernel
-%{?with_dist_kernel:%requires_releq_kernel_up}
+%{?with_dist_kernel:%requires_releq_kernel}
Requires(post,postun): /sbin/depmod
Provides: cisco-vpnclient(kernel)
-%description -n kernel-net-cisco_ipsec
+%description -n kernel%{_alt_kernel}-net-cisco_ipsec
Cisco Systems VPN Client - Linux kernel module.
-%description -n kernel-net-cisco_ipsec -l pl
-Klient VPN produkcji Cisco Systems - modu³ j±dra Linuksa.
-
-%package -n kernel-smp-net-cisco_ipsec
-Summary: Cisco Systems VPN Client - SMP kernel module
-Summary(pl): Klient VPN produkcji Cisco Systems - modu³ j±dra SMP
-Release: %{_rel}@%{_kernel_ver_str}
-License: Commercial
-Vendor: Cisco Systems
-Group: Base/Kernel
-%{?with_dist_kernel:%requires_releq_kernel_smp}
-Requires(post,postun): /sbin/depmod
-Provides: cisco-vpnclient(kernel)
-
-%description -n kernel-smp-net-cisco_ipsec
-Cisco Systems VPN Client - Linux SMP kernel module.
-
-%description -n kernel-net-cisco_ipsec -l pl
-Klient VPN produkcji Cisco Systems - modu³ j±dra Linuksa SMP.
+%description -n kernel%{_alt_kernel}-net-cisco_ipsec -l pl.UTF-8
+Klient VPN produkcji Cisco Systems - moduł jądra Linuksa.
%prep
-%setup -q -n vpnclient
+%setup -q -T -c
+tar -zxvf %{SOURCE0}
+%patch1 -p0
%build
%if %{with kernel}
-for cfg in %{?with_dist_kernel:%{?with_smp:smp} up}%{!?with_dist_kernel:nondist}; do
- if [ ! -r "%{_kernelsrcdir}/config-$cfg" ]; then
- exit 1
- fi
- rm -rf include
- install -d include/{linux,config}
- ln -sf %{_kernelsrcdir}/config-$cfg .config
- ln -sf %{_kernelsrcdir}/include/linux/autoconf-$cfg.h include/linux/autoconf.h
- ln -sf %{_kernelsrcdir}/include/asm-%{_target_base_arch} include/asm
- ln -sf %{_kernelsrcdir}/Module.symvers-$cfg Module.symvers
-%if %{without dist_kernel}
- ln -sf %{_kernelsrcdir}/scripts
-%endif
- touch include/config/MARKER
- %{__make} -C %{_kernelsrcdir} clean \
- RCS_FIND_IGNORE="-name '*.ko' -o" \
- M=$PWD O=$PWD \
- %{?with_verbose:V=1}
- %{__make} -C %{_kernelsrcdir} modules \
- M=$PWD O=$PWD \
- %{?with_verbose:V=1}
- mv cisco_ipsec.ko cisco_ipsec-$cfg.ko
-done
+%build_kernel_modules -m cisco_ipsec -C vpnclient
%endif
%install
rm -rf $RPM_BUILD_ROOT
-
+cd vpnclient
%if %{with kernel}
-install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}{,smp}/misc
-
-install cisco_ipsec-%{?with_dist_kernel:up}%{!?with_dist_kernel:nondist}.ko \
- $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc/cisco_ipsec.ko
-%if %{with smp} && %{with dist_kernel}
-install cisco_ipsec-smp.ko \
- $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc/cisco_ipsec.ko
-%endif
+%install_kernel_modules -m cisco_ipsec -d misc
%endif
%if %{with userspace}
-install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
-install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-
-install -d $RPM_BUILD_ROOT%{_sbindir}
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/opt/cisco-vpnclient/Certificates
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/opt/cisco-vpnclient/Profiles
+install -d $RPM_BUILD_ROOT{/etc/modprobe.d,%{_sbindir}} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/opt/cisco-vpnclient/{Certificates,Profiles} \
+ $RPM_BUILD_ROOT/opt/cisco-vpnclient/{bin,lib,include}
-install -d $RPM_BUILD_ROOT/opt/cisco-vpnclient/bin
-install -d $RPM_BUILD_ROOT/opt/cisco-vpnclient/lib
-install -d $RPM_BUILD_ROOT/opt/cisco-vpnclient/include
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/modprobe.d/cisco-vpnclient.conf
install {cisco_cert_mgr,vpnclient,cvpnd,ipseclog} $RPM_BUILD_ROOT/opt/cisco-vpnclient/bin
install libvpnapi.so $RPM_BUILD_ROOT/opt/cisco-vpnclient/lib
%clean
rm -rf $RPM_BUILD_ROOT
-%post
-/sbin/chkconfig --add cisco-vpnclient
-if [ -f /var/lock/subsys/cisco-vpnclient ]; then
- /etc/rc.d/init.d/cisco-vpnclient restart >&2
-else
- echo "Run '/etc/rc.d/init.d/cisco-vpnclient start' to start vpnclient support." >&2
-fi
-
-%preun
-if [ "$1" = "0" ]; then
- if [ -f /var/lock/subsys/cisco-vpnclient ]; then
- /etc/rc.d/init.d/cisco-vpnclient stop >&2
- fi
- /sbin/chkconfig --del cisco-vpnclient >&2
-fi
-
-%post -n kernel-net-cisco_ipsec
+%post -n kernel%{_alt_kernel}-net-cisco_ipsec
%depmod %{_kernel_ver}
-%postun -n kernel-net-cisco_ipsec
+%postun -n kernel%{_alt_kernel}-net-cisco_ipsec
%depmod %{_kernel_ver}
-%post -n kernel-smp-net-cisco_ipsec
-%depmod %{_kernel_ver}smp
-
-%postun -n kernel-smp-net-cisco_ipsec
-%depmod %{_kernel_ver}smp
-
%if %{with userspace}
%files
%defattr(644,root,root,755)
-%doc license.txt sample.pcf
+%doc vpnclient/license.txt vpnclient/sample.pcf
+/etc/modprobe.d/cisco-vpnclient.conf
%dir /opt/cisco-vpnclient
%dir /opt/cisco-vpnclient/bin
%dir /opt/cisco-vpnclient/lib
%dir %{_sysconfdir}/opt/cisco-vpnclient
%dir %{_sysconfdir}/opt/cisco-vpnclient/Certificates
%dir %{_sysconfdir}/opt/cisco-vpnclient/Profiles
-%attr(755,root,root) /opt/cisco-vpnclient/bin/*
+%attr(755,root,root) /opt/cisco-vpnclient/bin/cisco_cert_mgr
+%attr(755,root,root) /opt/cisco-vpnclient/bin/ipseclog
+%attr(755,root,root) /opt/cisco-vpnclient/bin/vpnclient
+%attr(4111,root,root) /opt/cisco-vpnclient/bin/cvpnd
%attr(755,root,root) %{_sbindir}/*
/opt/cisco-vpnclient/lib/*
/opt/cisco-vpnclient/include/*
%attr(755,root,root) %{_sysconfdir}/CiscoSystemsVPNClient
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/opt/cisco-vpnclient/vpnclient.ini
-%attr(754,root,root) /etc/rc.d/init.d/%{name}
%endif
-%if %{with kernel}
-%files -n kernel-net-cisco_ipsec
+%if %{with kernel} || %{with dist_kernel}
+%files -n kernel%{_alt_kernel}-net-cisco_ipsec
%defattr(644,root,root,755)
-/lib/modules/%{_kernel_ver}/misc/*.ko*
-
-%if %{with smp} && %{with dist_kernel}
-%files -n kernel-smp-net-cisco_ipsec
-%defattr(644,root,root,755)
-/lib/modules/%{_kernel_ver}smp/misc/*.ko*
-%endif
+/lib/modules/%{_kernel_ver}/misc/*ko*
%endif