[packages/freeswan.git] / freeswan.spec

# Conditional builds
%bcond_with	NAT		# with NAT-Traversal
%bcond_without	x509		# without x509 support
%bcond_without	dist_kernel	# without sources of distribution kernel
%bcond_without	modules		# build only library+programs, no kernel modules
#
%define x509ver		x509-1.4.8
%define nat_tr_ver	0.6
%define _25x_ver	20030825
%define	_rel	0.1
Summary:	Free IPSEC implemetation
Summary(pl.UTF-8):	Publicznie dostępna implementacja IPSEC
Name:		freeswan
Version:	2.04
Release:	%{_rel}
License:	GPL
Group:		Networking/Daemons
Source0:	ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
# Source0-md5:	37a15f760ca43317fe7c5d6e6859689c
Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
# Source1-md5:	6bd0b509015a2795cfb895aaab0bbc55
Source2:	http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
# Source2-md5:	d5ff93ed3dc33afcc3ab5d00ca11008b
Source3:	http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
# Source3-md5:	6858a8535aa2611769d17e86e6735db2
Patch0:		%{name}-showhostkey.patch
Patch1:		%{name}-init.patch
Patch2:		%{name}-paths.patch
Patch3:		%{name}-confread.patch
URL:		http://www.freeswan.org/
BuildRequires:	gmp-devel
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-doc}}
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-headers}}
%{?with_dist_kernel:%{?with_modules:BuildRequires:	kernel-source}}
BuildRequires:	rpmbuild(macros) >= 1.118
# for useful lndir
%{?with_modules:BuildRequires:	xorg-util-lndir}
Requires(post,preun):	/sbin/chkconfig
Requires:	gawk
Requires:	gmp
Requires:	rc-scripts
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
free implementation of the IPsec protocol for Linux. It allows to
build secure tunnels through untrusted networks. The basic idea of
IPsec is to provide security functions (authentication and encryption)
at the IP (Internet Protocol) level.

%description -l pl.UTF-8
Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną
implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie
bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na
poziomie IP.

%package -n kernel-net-ipsec
Summary:	Kernel module for Linux IPSEC
Summary(pl.UTF-8):	Moduł jądra dla IPSEC
Release:	%{_rel}@%{_kernel_ver_str}
Group:		Base/Kernel
%{?with_dist_kernel:%requires_releq_kernel_up}
Requires(post,postun):	/sbin/depmod
Requires:	%{name} = %{version}-%{release}
Requires:	modutils >= 2.4.6-4
Conflicts:	kernel <= 2.4.20-9

%description -n kernel-net-ipsec
Kernel module for FreeS/WAN.

%description -n kernel-net-ipsec -l pl.UTF-8
Moduł jądra wykorzystywany przez FreeS/WAN.

%package -n kernel-smp-net-ipsec
Summary:	SMP kernel module for Linux IPSEC
Summary(pl.UTF-8):	Moduł jądra SMP dla IPSEC
Release:	%{_rel}@%{_kernel_ver_str}
Group:		Base/Kernel
%{?with_dist_kernel:%requires_releq_kernel_up}
Requires(post,postun):	/sbin/depmod
Requires:	%{name} = %{version}-%{release}
Requires:	modutils >= 2.4.6-4
Conflicts:	kernel-smp <= 2.4.20-9

%description -n kernel-smp-net-ipsec
SMP kernel module for FreeS/WAN.

%description -n kernel-smp-net-ipsec -l pl.UTF-8
Moduł jądra SMP wykorzystywany przez FreeS/WAN.

%prep
%setup -q -a2 -a3
%patch0 -p1
%patch1 -p1
%{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
%patch3 -p1
%{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}

%build
%define	_kver	`echo "%{_kernel_ver}" |awk -F. '{print $2}'`

%if %{with modules}
install -d kernelsrc
lndir -silent %{_kernelsrcdir} kernelsrc
mv kernelsrc/.config kernelsrc/.config.old
cp kernelsrc/.config.old kernelsrc/.config

%if %{with dist_kernel}
rm -rf kernelsrc/include/asm
cd kernelsrc
patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
cd ..
rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
cp kernelsrc/config-up kernelsrc/.config
%endif

echo "CONFIG_IPSEC=m" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
%endif

USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
CC="%{__cc}"; export CC


%if %{with modules}
%{__make} precheck verset kpatch ocf confcheck module \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"

install linux/net/ipsec/ipsec.o .

%if %{with smp}
rm -rf kernelsrc
install -d kernelsrc
lndir -silent %{_kernelsrcdir} kernelsrc
mv kernelsrc/.config kernelsrc/.config.old
cp kernelsrc/.config.old kernelsrc/.config

%if %{with dist_kernel}
rm -rf kernelsrc/include/asm
cd kernelsrc
patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
cd ..
rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
cp kernelsrc/config-smp kernelsrc/.config
%endif

echo "CONFIG_IPSEC=m" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
%{__make} precheck verset kpatch ocf confcheck module \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"
%endif

%endif

%{__make} programs \
	BIND9STATICLIBDIR=%{_libdir} \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	KERNELSRC="`pwd`/kernelsrc"

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}

%{__make} install \
	BIND9STATICLIBDIR=%{_libdir} \
	DESTDIR="$RPM_BUILD_ROOT" \
	FINALCONFDIR=%{_sysconfdir}/ipsec \
	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	FINALLIBEXECDIR=%{_libdir}/ipsec \
	FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
	INC_USRLOCAL=/usr \
	INC_MANDIR=share/man


%if %{with x509}
install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
for i in crls cacerts private policies; do
	install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
done
for i in CHANGES README; do
	install  %{x509ver}-%{name}-%{version}/$i $i.x509 ;
done
%endif

bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}

%if %{with modules}
install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc

%if %{with smp}
install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
%endif

%endif

%clean
rm -rf $RPM_BUILD_ROOT

%post
# generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
# not already exist
if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
then
	echo generate RSA private key...
	/usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
	chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
fi

/sbin/chkconfig --add ipsec
if [ -f /var/lock/subsys/ipsec ]; then
	/etc/rc.d/init.d/ipsec restart >&2
else
	echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
fi

%preun
if [ "$1" = "0" ]; then
	if [ -f /var/lock/subsys/ipsec ]; then
		/etc/rc.d/init.d/ipsec stop >&2
	fi
	/sbin/chkconfig --del ipsec >&2
fi

%post	-n kernel-net-ipsec
%depmod %{_kernel_ver}

%postun -n kernel-net-ipsec
%depmod %{_kernel_ver}

%post	-n kernel-smp-net-ipsec
%depmod %{_kernel_ver}

%postun -n kernel-smp-net-ipsec
%depmod %{_kernel_ver}

%files
%defattr(644,root,root,755)
%doc README CREDITS CHANGES BUGS
%doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
%{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
%{?with_x509:%doc CHANGES.x509 README.x509}
%{_mandir}/man*/*
%lang(pl) %{_mandir}/pl/man*/*
%attr(755,root,root) %{_sbindir}/*
%attr(754,root,root) /etc/rc.d/init.d/*
%dir %{_libdir}/ipsec
%attr(755,root,root) %{_libdir}/ipsec/*
%attr(751,root,root) %dir %{_sysconfdir}/ipsec
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
%if %{with x509}
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
%endif

%if %{with modules}
%files -n kernel-net-ipsec
%defattr(644,root,root,755)
/lib/modules/%{_kernel_ver}/misc/ipsec*
%if %{with smp}
%files -n kernel-smp-net-ipsec
%defattr(644,root,root,755)
/lib/modules/%{_kernel_ver}smp/misc/ipsec*
%endif
%endif
Commit	Line	Data
6904ab19	1	# Conditional builds
e90bc4b2	2	%bcond_with NAT # with NAT-Traversal
	3	%bcond_without x509 # without x509 support
	4	%bcond_without dist_kernel # without sources of distribution kernel
	5	%bcond_without modules # build only library+programs, no kernel modules
24048f08	6	#
24048f08	7	%define x509ver x509-1.4.8
32134c2e	8	%define nat_tr_ver 0.6
aa67810f	9	%define _25x_ver 20030825
aeff9c41	10	%define _rel 0.1
f331b9bf	11	Summary: Free IPSEC implemetation
c075fee4	12	Summary(pl.UTF-8): Publicznie dostępna implementacja IPSEC
f331b9bf	13	Name: freeswan
24048f08	14	Version: 2.04
6cc9e62d	15	Release: %{_rel}
f331b9bf JK	16	License: GPL
f331b9bf JK	17	Group: Networking/Daemons
2f4862e3	18	Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
24048f08	19	# Source0-md5: 37a15f760ca43317fe7c5d6e6859689c
a036e7c8	20	Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
569c268b	21	# Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55
2f4862e3	22	Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
24048f08	23	# Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b
32134c2e	24	Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
32134c2e	25	# Source3-md5: 6858a8535aa2611769d17e86e6735db2
cb185c34 PG	26	Patch0: %{name}-showhostkey.patch
cb185c34 PG	27	Patch1: %{name}-init.patch
137bbf9c	28	Patch2: %{name}-paths.patch
137bbf9c	29	Patch3: %{name}-confread.patch
571203eb	30	URL: http://www.freeswan.org/
cb185c34	31	BuildRequires: gmp-devel
2f4862e3 ER	32	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}}
	33	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}}
	34	%{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}}
aeff9c41	35	BuildRequires: rpmbuild(macros) >= 1.118
b7eb6496 JB	36	# for useful lndir
b7eb6496 JB	37	%{?with_modules:BuildRequires: xorg-util-lndir}
70749b12	38	Requires(post,preun): /sbin/chkconfig
ea8c144b	39	Requires: gawk
6cc9e62d	40	Requires: gmp
aeff9c41	41	Requires: rc-scripts
40d451ac	42	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
f331b9bf JK	43
f331b9bf JK	44	%description
2f4862e3 ER	45	This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
	46	free implementation of the IPsec protocol for Linux. It allows to
	47	build secure tunnels through untrusted networks. The basic idea of
	48	IPsec is to provide security functions (authentication and encryption)
	49	at the IP (Internet Protocol) level.
f331b9bf	50
7160902f JR	51	%description -l pl.UTF-8
	52	Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną
	53	implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie
2f4862e3	54	bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
7160902f	55	zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na
2f4862e3	56	poziomie IP.
fceefb8a	57
9ea7db12	58	%package -n kernel-net-ipsec
6cc9e62d	59	Summary: Kernel module for Linux IPSEC
c075fee4	60	Summary(pl.UTF-8): Moduł jądra dla IPSEC
6cc9e62d	61	Release: %{_rel}@%{_kernel_ver_str}
6cc9e62d	62	Group: Base/Kernel
24048f08	63	%{?with_dist_kernel:%requires_releq_kernel_up}
6cc9e62d	64	Requires(post,postun): /sbin/depmod
aeff9c41 ER	65	Requires: %{name} = %{version}-%{release}
aeff9c41 ER	66	Requires: modutils >= 2.4.6-4
6cc9e62d	67	Conflicts: kernel <= 2.4.20-9
9ea7db12	68
9ea7db12	69	%description -n kernel-net-ipsec
70749b12	70	Kernel module for FreeS/WAN.
9ea7db12	71
7160902f JR	72	%description -n kernel-net-ipsec -l pl.UTF-8
7160902f JR	73	Moduł jądra wykorzystywany przez FreeS/WAN.
6a476547	74
6a476547	75	%package -n kernel-smp-net-ipsec
6cc9e62d	76	Summary: SMP kernel module for Linux IPSEC
c075fee4	77	Summary(pl.UTF-8): Moduł jądra SMP dla IPSEC
6cc9e62d	78	Release: %{_rel}@%{_kernel_ver_str}
6cc9e62d	79	Group: Base/Kernel
24048f08	80	%{?with_dist_kernel:%requires_releq_kernel_up}
6cc9e62d	81	Requires(post,postun): /sbin/depmod
aeff9c41 ER	82	Requires: %{name} = %{version}-%{release}
aeff9c41 ER	83	Requires: modutils >= 2.4.6-4
6cc9e62d	84	Conflicts: kernel-smp <= 2.4.20-9
6a476547	85
6a476547	86	%description -n kernel-smp-net-ipsec
70749b12	87	SMP kernel module for FreeS/WAN.
6a476547	88
7160902f JR	89	%description -n kernel-smp-net-ipsec -l pl.UTF-8
7160902f JR	90	Moduł jądra SMP wykorzystywany przez FreeS/WAN.
6a476547	91
f331b9bf	92	%prep
2f4862e3	93	%setup -q -a2 -a3
f331b9bf JK	94	%patch0 -p1
f331b9bf JK	95	%patch1 -p1
24048f08	96	%{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
ea8c144b	97	%patch3 -p1
24048f08	98	%{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}
14cc3d42	99
42658ea6	100	%build
74ee1b40	101	%define _kver `echo "%{_kernel_ver}" \|awk -F. '{print $2}'`
74ee1b40	102
24048f08	103	%if %{with modules}
74ee1b40	104	install -d kernelsrc
	105	lndir -silent %{_kernelsrcdir} kernelsrc
	106	mv kernelsrc/.config kernelsrc/.config.old
	107	cp kernelsrc/.config.old kernelsrc/.config
	108
	109	%if %{with dist_kernel}
	110	rm -rf kernelsrc/include/asm
	111	cd kernelsrc
	112	patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
	113	patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
	114	patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
	115	patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
	116	cd ..
	117	rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
	118	rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
	119	cp kernelsrc/config-up kernelsrc/.config
	120	%endif
	121
	122	echo "CONFIG_IPSEC=m" >> kernelsrc/.config
	123	echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
	124	echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
	125	echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
	126	echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
	127	echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
	128	echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
	129	echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
	130	echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
a8fc5f00	131	%endif
9ea7db12	132
6731ed56	133	USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
07722809	134	OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
89712c9b	135	CC="%{__cc}"; export CC
14cc3d42	136
a8fc5f00	137
24048f08	138	%if %{with modules}
74ee1b40	139	%{__make} precheck verset kpatch ocf confcheck module \
9ea7db12	140	BIND9STATICLIBDIR=%{_libdir} \
cb185c34	141	FINALCONFDIR=%{_sysconfdir}/ipsec \
ea8c144b	142	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
cb185c34 PG	143	INC_USRLOCAL=/usr \
	144	INC_MANDIR=share/man \
	145	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
9ea7db12	146	FINALLIBEXECDIR=%{_libdir}/ipsec \
462295d6	147	KERNELSRC="`pwd`/kernelsrc"
6a476547	148
74ee1b40	149	install linux/net/ipsec/ipsec.o .
	150
	151	%if %{with smp}
	152	rm -rf kernelsrc
	153	install -d kernelsrc
aeff9c41	154	lndir -silent %{_kernelsrcdir} kernelsrc
74ee1b40	155	mv kernelsrc/.config kernelsrc/.config.old
	156	cp kernelsrc/.config.old kernelsrc/.config
	157
	158	%if %{with dist_kernel}
	159	rm -rf kernelsrc/include/asm
	160	cd kernelsrc
	161	patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
	162	patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
	163	patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
	164	patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
	165	cd ..
	166	rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
	167	rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
	168	cp kernelsrc/config-smp kernelsrc/.config
	169	%endif
	170
	171	echo "CONFIG_IPSEC=m" >> kernelsrc/.config
	172	echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
	173	echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
	174	echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
	175	echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
	176	echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
	177	echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
	178	echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
	179	echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
	180	%{__make} precheck verset kpatch ocf confcheck module \
	181	BIND9STATICLIBDIR=%{_libdir} \
	182	FINALCONFDIR=%{_sysconfdir}/ipsec \
	183	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	184	INC_USRLOCAL=/usr \
	185	INC_MANDIR=share/man \
	186	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	187	FINALLIBEXECDIR=%{_libdir}/ipsec \
	188	KERNELSRC="`pwd`/kernelsrc"
6a476547	189	%endif
6a476547	190
74ee1b40	191	%endif
6a476547	192
6a476547	193	%{__make} programs \
74ee1b40	194	BIND9STATICLIBDIR=%{_libdir} \
	195	FINALCONFDIR=%{_sysconfdir}/ipsec \
	196	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
	197	INC_USRLOCAL=/usr \
	198	INC_MANDIR=share/man \
	199	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
	200	FINALLIBEXECDIR=%{_libdir}/ipsec \
	201	KERNELSRC="`pwd`/kernelsrc"
6a476547	202
f331b9bf JK	203	%install
f331b9bf JK	204	rm -rf $RPM_BUILD_ROOT
ce2e8fd6	205	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
8c11072f	206
e1d420a7	207	%{__make} install \
42658ea6	208	BIND9STATICLIBDIR=%{_libdir} \
9ea7db12	209	DESTDIR="$RPM_BUILD_ROOT" \
74ee1b40	210	FINALCONFDIR=%{_sysconfdir}/ipsec \
ea8c144b	211	FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
9ea7db12	212	FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
cb185c34	213	FINALLIBEXECDIR=%{_libdir}/ipsec \
42658ea6	214	FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
74ee1b40	215	INC_USRLOCAL=/usr \
74ee1b40	216	INC_MANDIR=share/man
9ea7db12	217
f331b9bf	218
24048f08	219	%if %{with x509}
74ee1b40	220	install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
74ee1b40	221	for i in crls cacerts private policies; do
9ea7db12	222	install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
74ee1b40	223	done
74ee1b40	224	for i in CHANGES README; do
ae3cdc89	225	install %{x509ver}-%{name}-%{version}/$i $i.x509 ;
74ee1b40	226	done
6904ab19	227	%endif
6904ab19	228
717bb55a	229	bzip2 -dc %{SOURCE1} \| tar xf - -C $RPM_BUILD_ROOT%{_mandir}
717bb55a	230
24048f08	231	%if %{with modules}
74ee1b40	232	install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
	233	install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
	234
	235	%if %{with smp}
	236	install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
	237	install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
	238	%endif
	239
9ea7db12	240	%endif
9ea7db12	241
70749b12 JB	242	%clean
	243	rm -rf $RPM_BUILD_ROOT
	244
f331b9bf	245	%post
ce2e8fd6	246	# generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
	247	# not already exist
	248	if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
	249	then
74ee1b40	250	echo generate RSA private key...
	251	/usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
	252	chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
ce2e8fd6	253	fi
ce2e8fd6	254
8362fa3d	255	/sbin/chkconfig --add ipsec
df1c19e4	256	if [ -f /var/lock/subsys/ipsec ]; then
	257	/etc/rc.d/init.d/ipsec restart >&2
	258	else
	259	echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
	260	fi
8362fa3d	261
f331b9bf	262	%preun
df1c19e4	263	if [ "$1" = "0" ]; then
	264	if [ -f /var/lock/subsys/ipsec ]; then
	265	/etc/rc.d/init.d/ipsec stop >&2
	266	fi
74ee1b40	267	/sbin/chkconfig --del ipsec >&2
df1c19e4	268	fi
f331b9bf	269
74ee1b40	270	%post -n kernel-net-ipsec
772d1706	271	%depmod %{_kernel_ver}
9ea7db12	272
9ea7db12	273	%postun -n kernel-net-ipsec
772d1706	274	%depmod %{_kernel_ver}
9ea7db12	275
74ee1b40	276	%post -n kernel-smp-net-ipsec
6a476547	277	%depmod %{_kernel_ver}
	278
	279	%postun -n kernel-smp-net-ipsec
	280	%depmod %{_kernel_ver}
	281
f331b9bf JK	282	%files
f331b9bf JK	283	%defattr(644,root,root,755)
ae3cdc89	284	%doc README CREDITS CHANGES BUGS
24048f08	285	%doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
	286	%{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
	287	%{?with_x509:%doc CHANGES.x509 README.x509}
f331b9bf	288	%{_mandir}/man/
717bb55a	289	%lang(pl) %{_mandir}/pl/man/
f331b9bf JK	290	%attr(755,root,root) %{_sbindir}/*
f331b9bf JK	291	%attr(754,root,root) /etc/rc.d/init.d/*
5da9ef72	292	%dir %{_libdir}/ipsec
5da9ef72	293	%attr(755,root,root) %{_libdir}/ipsec/*
64c24b24	294	%attr(751,root,root) %dir %{_sysconfdir}/ipsec
2f4862e3	295	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
24048f08	296	%if %{with x509}
2f4862e3 ER	297	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
	298	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
	299	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
	300	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
	301	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
	302	%attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
	303	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
6904ab19	304	%endif
9ea7db12	305
24048f08	306	%if %{with modules}
9ea7db12	307	%files -n kernel-net-ipsec
9ea7db12	308	%defattr(644,root,root,755)
6a476547	309	/lib/modules/%{_kernel_ver}/misc/ipsec*
24048f08	310	%if %{with smp}
6a476547	311	%files -n kernel-smp-net-ipsec
	312	%defattr(644,root,root,755)
	313	/lib/modules/%{_kernel_ver}smp/misc/ipsec*
	314	%endif
9ea7db12	315	%endif