2 %bcond_with NAT # with NAT-Traversal
3 %bcond_without x509 # without x509 support
4 %bcond_without dist_kernel # without sources of distribution kernel
5 %bcond_without modules # build only library+programs, no kernel modules
7 %define x509ver x509-1.4.8
9 %define _25x_ver 20030825
10 Summary: Free IPSEC implemetation
11 Summary(pl): Publicznie dostêpna implementacja IPSEC
17 Group: Networking/Daemons
18 Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
19 # Source0-md5: 37a15f760ca43317fe7c5d6e6859689c
20 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
21 # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55
22 Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
23 # Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b
24 Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
25 # Source3-md5: 6858a8535aa2611769d17e86e6735db2
26 Patch0: %{name}-showhostkey.patch
27 Patch1: %{name}-init.patch
28 Patch2: %{name}-paths.patch
29 Patch3: %{name}-confread.patch
30 URL: http://www.freeswan.org/
31 BuildRequires: gmp-devel
32 BuildRequires: rpmbuild(macros) >= 1.118
34 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}}
35 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}}
36 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}}
37 Requires(post,preun): /sbin/chkconfig
40 # XFree86 is required to use usefull lndir
41 %{?with_dist_kernel:%{?with_modules:BuildRequires: XFree86}}
42 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
45 This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
46 free implementation of the IPsec protocol for Linux. It allows to
47 build secure tunnels through untrusted networks. The basic idea of
48 IPsec is to provide security functions (authentication and encryption)
49 at the IP (Internet Protocol) level.
52 Ten pakiet zawiera demona i narzêdzia FreeS/WAN. FreeS/WAN jest woln±
53 implementacj± protoko³u IPsec dla Linuksa. Umo¿liwia zestawianie
54 bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
55 zapewnienie funkcji bezpieczeñstwa (autentykacji i szyfrowania) na
58 %package -n kernel-net-ipsec
59 Summary: Kernel module for Linux IPSEC
60 Summary(pl): Modu³ j±dra dla IPSEC
61 Release: %{_rel}@%{_kernel_ver_str}
63 %{?with_dist_kernel:%requires_releq_kernel_up}
64 Requires: modutils >= 2.4.6-4
65 Requires(post,postun): /sbin/depmod
66 Requires: %{name} = %{version}
67 Conflicts: kernel <= 2.4.20-9
69 %description -n kernel-net-ipsec
70 Kernel module for FreeS/WAN.
72 %description -n kernel-net-ipsec -l pl
73 Modu³ j±dra wykorzystywany przez FreeS/WAN.
75 %package -n kernel-smp-net-ipsec
76 Summary: SMP kernel module for Linux IPSEC
77 Summary(pl): Modu³ j±dra SMP dla IPSEC
78 Release: %{_rel}@%{_kernel_ver_str}
80 %{?with_dist_kernel:%requires_releq_kernel_up}
81 Requires: modutils >= 2.4.6-4
82 Requires(post,postun): /sbin/depmod
83 Requires: %{name} = %{version}
84 Conflicts: kernel-smp <= 2.4.20-9
86 %description -n kernel-smp-net-ipsec
87 SMP kernel module for FreeS/WAN.
89 %description -n kernel-smp-net-ipsec -l pl
90 Modu³ j±dra SMP wykorzystywany przez FreeS/WAN.
96 %{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
98 %{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}
101 %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'`
104 lndir -silent %{_kernelsrcdir} kernelsrc
105 mv kernelsrc/.config kernelsrc/.config.old
106 cp kernelsrc/.config.old kernelsrc/.config
107 %if %{with dist_kernel}
108 rm -rf kernelsrc/include/asm
110 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
111 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
112 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
113 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
115 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
116 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
117 cp kernelsrc/config-up kernelsrc/.config
119 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
120 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
121 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
122 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
123 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
124 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
125 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
126 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
127 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
130 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
131 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
132 CC="%{__cc}"; export CC
136 %{__make} precheck verset kpatch ocf confcheck module \
137 BIND9STATICLIBDIR=%{_libdir} \
138 FINALCONFDIR=%{_sysconfdir}/ipsec \
139 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
141 INC_MANDIR=share/man \
142 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
143 FINALLIBEXECDIR=%{_libdir}/ipsec \
144 KERNELSRC="`pwd`/kernelsrc"
146 install linux/net/ipsec/ipsec.o .
151 lndir -silent /usr/src/linux kernelsrc
152 mv kernelsrc/.config kernelsrc/.config.old
153 cp kernelsrc/.config.old kernelsrc/.config
154 %if %{with dist_kernel}
155 rm -rf kernelsrc/include/asm
157 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
158 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
159 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
160 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
162 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
163 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
164 cp kernelsrc/config-smp kernelsrc/.config
166 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
167 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
168 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
169 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
170 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
171 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
172 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
173 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
174 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
176 %{__make} precheck verset kpatch ocf confcheck module \
177 BIND9STATICLIBDIR=%{_libdir} \
178 FINALCONFDIR=%{_sysconfdir}/ipsec \
179 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
181 INC_MANDIR=share/man \
182 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
183 FINALLIBEXECDIR=%{_libdir}/ipsec \
184 KERNELSRC="`pwd`/kernelsrc"
190 BIND9STATICLIBDIR=%{_libdir} \
191 FINALCONFDIR=%{_sysconfdir}/ipsec \
192 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
194 INC_MANDIR=share/man \
195 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
196 FINALLIBEXECDIR=%{_libdir}/ipsec \
197 KERNELSRC="`pwd`/kernelsrc"
200 rm -rf $RPM_BUILD_ROOT
201 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
204 BIND9STATICLIBDIR=%{_libdir} \
205 DESTDIR="$RPM_BUILD_ROOT" \
206 FINALCONFDIR=%{_sysconfdir}/ipsec \
207 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
208 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
209 FINALLIBEXECDIR=%{_libdir}/ipsec \
210 FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
216 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
217 for i in crls cacerts private policies; do
218 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
220 for i in CHANGES README; do
221 install %{x509ver}-%{name}-%{version}/$i $i.x509 ;
225 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
228 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
229 install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
231 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
232 install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
237 rm -rf $RPM_BUILD_ROOT
240 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
242 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
244 echo generate RSA private key...
245 /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
246 chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
249 /sbin/chkconfig --add ipsec
250 if [ -f /var/lock/subsys/ipsec ]; then
251 /etc/rc.d/init.d/ipsec restart >&2
253 echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
257 if [ "$1" = "0" ]; then
258 if [ -f /var/lock/subsys/ipsec ]; then
259 /etc/rc.d/init.d/ipsec stop >&2
261 /sbin/chkconfig --del ipsec >&2
264 %post -n kernel-net-ipsec
265 %depmod %{_kernel_ver}
267 %postun -n kernel-net-ipsec
268 %depmod %{_kernel_ver}
270 %post -n kernel-smp-net-ipsec
271 %depmod %{_kernel_ver}
273 %postun -n kernel-smp-net-ipsec
274 %depmod %{_kernel_ver}
277 %defattr(644,root,root,755)
278 %doc README CREDITS CHANGES BUGS
279 %doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
280 %{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
281 %{?with_x509:%doc CHANGES.x509 README.x509}
283 %lang(pl) %{_mandir}/pl/man*/*
284 %attr(755,root,root) %{_sbindir}/*
285 %attr(754,root,root) /etc/rc.d/init.d/*
286 %dir %{_libdir}/ipsec
287 %attr(755,root,root) %{_libdir}/ipsec/*
288 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
289 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
291 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
292 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
293 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
294 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
295 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
296 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
297 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
301 %files -n kernel-net-ipsec
302 %defattr(644,root,root,755)
303 /lib/modules/%{_kernel_ver}/misc/ipsec*
305 %files -n kernel-smp-net-ipsec
306 %defattr(644,root,root,755)
307 /lib/modules/%{_kernel_ver}smp/misc/ipsec*