2 %bcond_with NAT # with NAT-Traversal
3 %bcond_without x509 # without x509 support
4 %bcond_without dist_kernel # without sources of distribution kernel
5 %bcond_without modules # build only library+programs, no kernel modules
7 %define x509ver x509-1.4.8
9 %define _25x_ver 20030825
11 Summary: Free IPSEC implemetation
12 Summary(pl.UTF-8): Publicznie dostępna implementacja IPSEC
17 Group: Networking/Daemons
18 Source0: ftp://ftp.xs4all.nl/pub/crypto/freeswan/%{name}-%{version}.tar.gz
19 # Source0-md5: 37a15f760ca43317fe7c5d6e6859689c
20 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
21 # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55
22 Source2: http://www.strongsec.com/freeswan/%{x509ver}-%{name}-%{version}.tar.gz
23 # Source2-md5: d5ff93ed3dc33afcc3ab5d00ca11008b
24 Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
25 # Source3-md5: 6858a8535aa2611769d17e86e6735db2
26 Patch0: %{name}-showhostkey.patch
27 Patch1: %{name}-init.patch
28 Patch2: %{name}-paths.patch
29 Patch3: %{name}-confread.patch
30 URL: http://www.freeswan.org/
31 BuildRequires: gmp-devel
32 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-doc}}
33 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-headers}}
34 %{?with_dist_kernel:%{?with_modules:BuildRequires: kernel-source}}
35 BuildRequires: rpmbuild(macros) >= 1.118
37 %{?with_modules:BuildRequires: xorg-util-lndir}
38 Requires(post,preun): /sbin/chkconfig
42 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
45 This package contains FreeS/WAN daemon and utilities. FreeS/WAN is a
46 free implementation of the IPsec protocol for Linux. It allows to
47 build secure tunnels through untrusted networks. The basic idea of
48 IPsec is to provide security functions (authentication and encryption)
49 at the IP (Internet Protocol) level.
51 %description -l pl.UTF-8
52 Ten pakiet zawiera demona i narzędzia FreeS/WAN. FreeS/WAN jest wolną
53 implementacją protokołu IPsec dla Linuksa. Umożliwia zestawianie
54 bezpiecznych tuneli przez niezaufane sieci. Podstawowa idea IPsec to
55 zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na
58 %package -n kernel-net-ipsec
59 Summary: Kernel module for Linux IPSEC
60 Summary(pl.UTF-8): Moduł jądra dla IPSEC
61 Release: %{_rel}@%{_kernel_ver_str}
63 %{?with_dist_kernel:%requires_releq_kernel_up}
64 Requires(post,postun): /sbin/depmod
65 Requires: %{name} = %{version}-%{release}
66 Requires: modutils >= 2.4.6-4
67 Conflicts: kernel <= 2.4.20-9
69 %description -n kernel-net-ipsec
70 Kernel module for FreeS/WAN.
72 %description -n kernel-net-ipsec -l pl.UTF-8
73 Moduł jądra wykorzystywany przez FreeS/WAN.
75 %package -n kernel-smp-net-ipsec
76 Summary: SMP kernel module for Linux IPSEC
77 Summary(pl.UTF-8): Moduł jądra SMP dla IPSEC
78 Release: %{_rel}@%{_kernel_ver_str}
80 %{?with_dist_kernel:%requires_releq_kernel_up}
81 Requires(post,postun): /sbin/depmod
82 Requires: %{name} = %{version}-%{release}
83 Requires: modutils >= 2.4.6-4
84 Conflicts: kernel-smp <= 2.4.20-9
86 %description -n kernel-smp-net-ipsec
87 SMP kernel module for FreeS/WAN.
89 %description -n kernel-smp-net-ipsec -l pl.UTF-8
90 Moduł jądra SMP wykorzystywany przez FreeS/WAN.
96 %{?with_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
98 %{?with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}
101 %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'`
105 lndir -silent %{_kernelsrcdir} kernelsrc
106 mv kernelsrc/.config kernelsrc/.config.old
107 cp kernelsrc/.config.old kernelsrc/.config
109 %if %{with dist_kernel}
110 rm -rf kernelsrc/include/asm
112 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
113 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
114 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
115 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
117 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
118 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
119 cp kernelsrc/config-up kernelsrc/.config
122 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
123 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
124 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
125 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
126 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
127 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
128 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
129 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
130 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
133 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
134 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
135 CC="%{__cc}"; export CC
139 %{__make} precheck verset kpatch ocf confcheck module \
140 BIND9STATICLIBDIR=%{_libdir} \
141 FINALCONFDIR=%{_sysconfdir}/ipsec \
142 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
144 INC_MANDIR=share/man \
145 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
146 FINALLIBEXECDIR=%{_libdir}/ipsec \
147 KERNELSRC="`pwd`/kernelsrc"
149 install linux/net/ipsec/ipsec.o .
154 lndir -silent %{_kernelsrcdir} kernelsrc
155 mv kernelsrc/.config kernelsrc/.config.old
156 cp kernelsrc/.config.old kernelsrc/.config
158 %if %{with dist_kernel}
159 rm -rf kernelsrc/include/asm
161 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
162 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
163 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
164 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
166 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
167 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
168 cp kernelsrc/config-smp kernelsrc/.config
171 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
172 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
173 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
174 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
175 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
176 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
177 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
178 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
179 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
180 %{__make} precheck verset kpatch ocf confcheck module \
181 BIND9STATICLIBDIR=%{_libdir} \
182 FINALCONFDIR=%{_sysconfdir}/ipsec \
183 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
185 INC_MANDIR=share/man \
186 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
187 FINALLIBEXECDIR=%{_libdir}/ipsec \
188 KERNELSRC="`pwd`/kernelsrc"
194 BIND9STATICLIBDIR=%{_libdir} \
195 FINALCONFDIR=%{_sysconfdir}/ipsec \
196 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
198 INC_MANDIR=share/man \
199 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
200 FINALLIBEXECDIR=%{_libdir}/ipsec \
201 KERNELSRC="`pwd`/kernelsrc"
204 rm -rf $RPM_BUILD_ROOT
205 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
208 BIND9STATICLIBDIR=%{_libdir} \
209 DESTDIR="$RPM_BUILD_ROOT" \
210 FINALCONFDIR=%{_sysconfdir}/ipsec \
211 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
212 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
213 FINALLIBEXECDIR=%{_libdir}/ipsec \
214 FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
220 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
221 for i in crls cacerts private policies; do
222 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
224 for i in CHANGES README; do
225 install %{x509ver}-%{name}-%{version}/$i $i.x509 ;
229 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
232 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
233 install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
236 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
237 install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
243 rm -rf $RPM_BUILD_ROOT
246 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
248 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
250 echo generate RSA private key...
251 /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
252 chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
255 /sbin/chkconfig --add ipsec
256 if [ -f /var/lock/subsys/ipsec ]; then
257 /etc/rc.d/init.d/ipsec restart >&2
259 echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
263 if [ "$1" = "0" ]; then
264 if [ -f /var/lock/subsys/ipsec ]; then
265 /etc/rc.d/init.d/ipsec stop >&2
267 /sbin/chkconfig --del ipsec >&2
270 %post -n kernel-net-ipsec
271 %depmod %{_kernel_ver}
273 %postun -n kernel-net-ipsec
274 %depmod %{_kernel_ver}
276 %post -n kernel-smp-net-ipsec
277 %depmod %{_kernel_ver}
279 %postun -n kernel-smp-net-ipsec
280 %depmod %{_kernel_ver}
283 %defattr(644,root,root,755)
284 %doc README CREDITS CHANGES BUGS
285 %doc doc/{kernel.notes,impl.notes,examples,prob.report,std} doc/*.html
286 %{?with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
287 %{?with_x509:%doc CHANGES.x509 README.x509}
289 %lang(pl) %{_mandir}/pl/man*/*
290 %attr(755,root,root) %{_sbindir}/*
291 %attr(754,root,root) /etc/rc.d/init.d/*
292 %dir %{_libdir}/ipsec
293 %attr(755,root,root) %{_libdir}/ipsec/*
294 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
295 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.conf
297 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
298 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
299 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
300 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
301 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
302 %attr(700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
303 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ipsec/ipsec.d/policies/*
307 %files -n kernel-net-ipsec
308 %defattr(644,root,root,755)
309 /lib/modules/%{_kernel_ver}/misc/ipsec*
311 %files -n kernel-smp-net-ipsec
312 %defattr(644,root,root,755)
313 /lib/modules/%{_kernel_ver}smp/misc/ipsec*