]>
Commit | Line | Data |
---|---|---|
6904ab19 | 1 | # Conditional builds |
e90bc4b2 | 2 | %bcond_with NAT # with NAT-Traversal |
3 | %bcond_without x509 # without x509 support | |
4 | %bcond_without dist_kernel # without sources of distribution kernel | |
5 | %bcond_without modules # build only library+programs, no kernel modules | |
24048f08 | 6 | # |
7 | %define x509ver x509-1.4.8 | |
32134c2e | 8 | %define nat_tr_ver 0.6 |
aa67810f | 9 | %define _25x_ver 20030825 |
aeff9c41 | 10 | %define _rel 0.1 |
f331b9bf | 11 | Summary: Free IPSEC implemetation |
c075fee4 | 12 | Summary(pl.UTF-8): Publicznie dostępna implementacja IPSEC |
f331b9bf | 13 | Name: freeswan |
24048f08 | 14 | Version: 2.04 |
6cc9e62d | 15 | Release: %{_rel} |
f331b9bf JK |
16 | License: GPL |
17 | Group: Networking/Daemons | |
2f4862e3 | 18 | Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz |
24048f08 | 19 | # Source0-md5: 37a15f760ca43317fe7c5d6e6859689c |
a036e7c8 | 20 | Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2 |
569c268b | 21 | # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55 |
2f4862e3 | 22 | Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz |
24048f08 | 23 | # Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b |
32134c2e | 24 | Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz |
25 | # Source3-md5: 6858a8535aa2611769d17e86e6735db2 | |
cb185c34 PG |
26 | Patch0: %{name}-showhostkey.patch |
27 | Patch1: %{name}-init.patch | |
137bbf9c | 28 | Patch2: %{name}-paths.patch |
29 | Patch3: %{name}-confread.patch | |
571203eb | 30 | URL: http://www.freeswan.org/ |
cb185c34 | 31 | BuildRequires: gmp-devel |
2f4862e3 ER |
32 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}} |
33 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}} | |
34 | %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}} | |
aeff9c41 | 35 | BuildRequires: rpmbuild(macros) >= 1.118 |
b7eb6496 JB |
36 | # for useful lndir |
37 | %{?with_modules:BuildRequires: xorg-util-lndir} | |
70749b12 | 38 | Requires(post,preun): /sbin/chkconfig |
ea8c144b | 39 | Requires: gawk |
6cc9e62d | 40 | Requires: gmp |
aeff9c41 | 41 | Requires: rc-scripts |
40d451ac | 42 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f331b9bf JK |
43 | |
44 | %description | |
2f4862e3 ER |
45 | This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a |
46 | free implementation of the IPsec protocol for Linux. It allows to | |
47 | build secure tunnels through untrusted networks. The basic idea of | |
48 | IPsec is to provide security functions (authentication and encryption) | |
49 | at the IP (Internet Protocol) level. | |
f331b9bf | 50 | |
7160902f JR |
51 | %description -l pl.UTF-8 |
52 | Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną | |
53 | implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie | |
2f4862e3 | 54 | bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to |
7160902f | 55 | zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na |
2f4862e3 | 56 | poziomie IP. |
fceefb8a | 57 | |
9ea7db12 | 58 | %package -n kernel-net-ipsec |
6cc9e62d | 59 | Summary: Kernel module for Linux IPSEC |
c075fee4 | 60 | Summary(pl.UTF-8): Moduł jądra dla IPSEC |
6cc9e62d | 61 | Release: %{_rel}@%{_kernel_ver_str} |
62 | Group: Base/Kernel | |
24048f08 | 63 | %{?with_dist_kernel:%requires_releq_kernel_up} |
6cc9e62d | 64 | Requires(post,postun): /sbin/depmod |
aeff9c41 ER |
65 | Requires: %{name} = %{version}-%{release} |
66 | Requires: modutils >= 2.4.6-4 | |
6cc9e62d | 67 | Conflicts: kernel <= 2.4.20-9 |
9ea7db12 | 68 | |
69 | %description -n kernel-net-ipsec | |
70749b12 | 70 | Kernel module for FreeS/WAN. |
9ea7db12 | 71 | |
7160902f JR |
72 | %description -n kernel-net-ipsec -l pl.UTF-8 |
73 | Moduł jądra wykorzystywany przez FreeS/WAN. | |
6a476547 | 74 | |
75 | %package -n kernel-smp-net-ipsec | |
6cc9e62d | 76 | Summary: SMP kernel module for Linux IPSEC |
c075fee4 | 77 | Summary(pl.UTF-8): Moduł jądra SMP dla IPSEC |
6cc9e62d | 78 | Release: %{_rel}@%{_kernel_ver_str} |
79 | Group: Base/Kernel | |
24048f08 | 80 | %{?with_dist_kernel:%requires_releq_kernel_up} |
6cc9e62d | 81 | Requires(post,postun): /sbin/depmod |
aeff9c41 ER |
82 | Requires: %{name} = %{version}-%{release} |
83 | Requires: modutils >= 2.4.6-4 | |
6cc9e62d | 84 | Conflicts: kernel-smp <= 2.4.20-9 |
6a476547 | 85 | |
86 | %description -n kernel-smp-net-ipsec | |
70749b12 | 87 | SMP kernel module for FreeS/WAN. |
6a476547 | 88 | |
7160902f JR |
89 | %description -n kernel-smp-net-ipsec -l pl.UTF-8 |
90 | Moduł jądra SMP wykorzystywany przez FreeS/WAN. | |
6a476547 | 91 | |
f331b9bf | 92 | %prep |
2f4862e3 | 93 | %setup -q -a2 -a3 |
f331b9bf JK |
94 | %patch0 -p1 |
95 | %patch1 -p1 | |
24048f08 | 96 | %{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff} |
ea8c144b | 97 | %patch3 -p1 |
24048f08 | 98 | %{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff} |
14cc3d42 | 99 | |
42658ea6 | 100 | %build |
74ee1b40 | 101 | %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'` |
102 | ||
24048f08 | 103 | %if %{with modules} |
74ee1b40 | 104 | install -d kernelsrc |
105 | lndir -silent %{_kernelsrcdir} kernelsrc | |
106 | mv kernelsrc/.config kernelsrc/.config.old | |
107 | cp kernelsrc/.config.old kernelsrc/.config | |
108 | ||
109 | %if %{with dist_kernel} | |
110 | rm -rf kernelsrc/include/asm | |
111 | cd kernelsrc | |
112 | patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch | |
113 | patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch | |
114 | patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch | |
115 | patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch | |
116 | cd .. | |
117 | rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec} | |
118 | rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h | |
119 | cp kernelsrc/config-up kernelsrc/.config | |
120 | %endif | |
121 | ||
122 | echo "CONFIG_IPSEC=m" >> kernelsrc/.config | |
123 | echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config | |
124 | echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config | |
125 | echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config | |
126 | echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config | |
127 | echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config | |
128 | echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config | |
129 | echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config | |
130 | echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config | |
a8fc5f00 | 131 | %endif |
9ea7db12 | 132 | |
6731ed56 | 133 | USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE |
07722809 | 134 | OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS |
89712c9b | 135 | CC="%{__cc}"; export CC |
14cc3d42 | 136 | |
a8fc5f00 | 137 | |
24048f08 | 138 | %if %{with modules} |
74ee1b40 | 139 | %{__make} precheck verset kpatch ocf confcheck module \ |
9ea7db12 | 140 | BIND9STATICLIBDIR=%{_libdir} \ |
cb185c34 | 141 | FINALCONFDIR=%{_sysconfdir}/ipsec \ |
ea8c144b | 142 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ |
cb185c34 PG |
143 | INC_USRLOCAL=/usr \ |
144 | INC_MANDIR=share/man \ | |
145 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
9ea7db12 | 146 | FINALLIBEXECDIR=%{_libdir}/ipsec \ |
462295d6 | 147 | KERNELSRC="`pwd`/kernelsrc" |
6a476547 | 148 | |
74ee1b40 | 149 | install linux/net/ipsec/ipsec.o . |
150 | ||
151 | %if %{with smp} | |
152 | rm -rf kernelsrc | |
153 | install -d kernelsrc | |
aeff9c41 | 154 | lndir -silent %{_kernelsrcdir} kernelsrc |
74ee1b40 | 155 | mv kernelsrc/.config kernelsrc/.config.old |
156 | cp kernelsrc/.config.old kernelsrc/.config | |
157 | ||
158 | %if %{with dist_kernel} | |
159 | rm -rf kernelsrc/include/asm | |
160 | cd kernelsrc | |
161 | patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch | |
162 | patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch | |
163 | patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch | |
164 | patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch | |
165 | cd .. | |
166 | rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec} | |
167 | rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h | |
168 | cp kernelsrc/config-smp kernelsrc/.config | |
169 | %endif | |
170 | ||
171 | echo "CONFIG_IPSEC=m" >> kernelsrc/.config | |
172 | echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config | |
173 | echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config | |
174 | echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config | |
175 | echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config | |
176 | echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config | |
177 | echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config | |
178 | echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config | |
179 | echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config | |
180 | %{__make} precheck verset kpatch ocf confcheck module \ | |
181 | BIND9STATICLIBDIR=%{_libdir} \ | |
182 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
183 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
184 | INC_USRLOCAL=/usr \ | |
185 | INC_MANDIR=share/man \ | |
186 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
187 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
188 | KERNELSRC="`pwd`/kernelsrc" | |
6a476547 | 189 | %endif |
190 | ||
74ee1b40 | 191 | %endif |
6a476547 | 192 | |
193 | %{__make} programs \ | |
74ee1b40 | 194 | BIND9STATICLIBDIR=%{_libdir} \ |
195 | FINALCONFDIR=%{_sysconfdir}/ipsec \ | |
196 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ | |
197 | INC_USRLOCAL=/usr \ | |
198 | INC_MANDIR=share/man \ | |
199 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ | |
200 | FINALLIBEXECDIR=%{_libdir}/ipsec \ | |
201 | KERNELSRC="`pwd`/kernelsrc" | |
6a476547 | 202 | |
f331b9bf JK |
203 | %install |
204 | rm -rf $RPM_BUILD_ROOT | |
ce2e8fd6 | 205 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto} |
8c11072f | 206 | |
e1d420a7 | 207 | %{__make} install \ |
42658ea6 | 208 | BIND9STATICLIBDIR=%{_libdir} \ |
9ea7db12 | 209 | DESTDIR="$RPM_BUILD_ROOT" \ |
74ee1b40 | 210 | FINALCONFDIR=%{_sysconfdir}/ipsec \ |
ea8c144b | 211 | FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ |
9ea7db12 | 212 | FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ |
cb185c34 | 213 | FINALLIBEXECDIR=%{_libdir}/ipsec \ |
42658ea6 | 214 | FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \ |
74ee1b40 | 215 | INC_USRLOCAL=/usr \ |
216 | INC_MANDIR=share/man | |
9ea7db12 | 217 | |
f331b9bf | 218 | |
24048f08 | 219 | %if %{with x509} |
74ee1b40 | 220 | install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d |
221 | for i in crls cacerts private policies; do | |
9ea7db12 | 222 | install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i |
74ee1b40 | 223 | done |
224 | for i in CHANGES README; do | |
ae3cdc89 | 225 | install %{x509ver}-%{name}-%{version}/$i $i.x509 ; |
74ee1b40 | 226 | done |
6904ab19 | 227 | %endif |
228 | ||
717bb55a | 229 | bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} |
230 | ||
24048f08 | 231 | %if %{with modules} |
74ee1b40 | 232 | install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc |
233 | install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc | |
234 | ||
235 | %if %{with smp} | |
236 | install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc | |
237 | install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc | |
238 | %endif | |
239 | ||
9ea7db12 | 240 | %endif |
241 | ||
70749b12 JB |
242 | %clean |
243 | rm -rf $RPM_BUILD_ROOT | |
244 | ||
f331b9bf | 245 | %post |
ce2e8fd6 | 246 | # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does |
247 | # not already exist | |
248 | if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ]; | |
249 | then | |
74ee1b40 | 250 | echo generate RSA private key... |
251 | /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets | |
252 | chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets | |
ce2e8fd6 | 253 | fi |
254 | ||
8362fa3d | 255 | /sbin/chkconfig --add ipsec |
df1c19e4 | 256 | if [ -f /var/lock/subsys/ipsec ]; then |
257 | /etc/rc.d/init.d/ipsec restart >&2 | |
258 | else | |
259 | echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2 | |
260 | fi | |
8362fa3d | 261 | |
f331b9bf | 262 | %preun |
df1c19e4 | 263 | if [ "$1" = "0" ]; then |
264 | if [ -f /var/lock/subsys/ipsec ]; then | |
265 | /etc/rc.d/init.d/ipsec stop >&2 | |
266 | fi | |
74ee1b40 | 267 | /sbin/chkconfig --del ipsec >&2 |
df1c19e4 | 268 | fi |
f331b9bf | 269 | |
74ee1b40 | 270 | %post -n kernel-net-ipsec |
772d1706 | 271 | %depmod %{_kernel_ver} |
9ea7db12 | 272 | |
273 | %postun -n kernel-net-ipsec | |
772d1706 | 274 | %depmod %{_kernel_ver} |
9ea7db12 | 275 | |
74ee1b40 | 276 | %post -n kernel-smp-net-ipsec |
6a476547 | 277 | %depmod %{_kernel_ver} |
278 | ||
279 | %postun -n kernel-smp-net-ipsec | |
280 | %depmod %{_kernel_ver} | |
281 | ||
f331b9bf JK |
282 | %files |
283 | %defattr(644,root,root,755) | |
ae3cdc89 | 284 | %doc README CREDITS CHANGES BUGS |
24048f08 | 285 | %doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html |
286 | %{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal} | |
287 | %{?with_x509:%doc CHANGES.x509 README.x509} | |
f331b9bf | 288 | %{_mandir}/man*/* |
717bb55a | 289 | %lang(pl) %{_mandir}/pl/man*/* |
f331b9bf JK |
290 | %attr(755,root,root) %{_sbindir}/* |
291 | %attr(754,root,root) /etc/rc.d/init.d/* | |
5da9ef72 | 292 | %dir %{_libdir}/ipsec |
293 | %attr(755,root,root) %{_libdir}/ipsec/* | |
64c24b24 | 294 | %attr(751,root,root) %dir %{_sysconfdir}/ipsec |
2f4862e3 | 295 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf |
24048f08 | 296 | %if %{with x509} |
2f4862e3 ER |
297 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d |
298 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs | |
299 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls | |
300 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts | |
301 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private | |
302 | %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies | |
303 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/* | |
6904ab19 | 304 | %endif |
9ea7db12 | 305 | |
24048f08 | 306 | %if %{with modules} |
9ea7db12 | 307 | %files -n kernel-net-ipsec |
308 | %defattr(644,root,root,755) | |
6a476547 | 309 | /lib/modules/%{_kernel_ver}/misc/ipsec* |
24048f08 | 310 | %if %{with smp} |
6a476547 | 311 | %files -n kernel-smp-net-ipsec |
312 | %defattr(644,root,root,755) | |
313 | /lib/modules/%{_kernel_ver}smp/misc/ipsec* | |
314 | %endif | |
9ea7db12 | 315 | %endif |