2 # _without_x509 - without x509 support
3 # _without_dist_kernel - without sources of distribution kernel
4 # _with_NAT - without NAT-Traversal
5 # _with_25x - without FreeS/WAN's keying daemon to work with
6 # the 2.5 kernel IPsec implementation
7 # _without_modules - build only library+programs, no kernel modules
8 %define x509ver x509-1.4.3
10 %define _25x_ver 20030803
11 Summary: Free IPSEC implemetation
12 Summary(pl): Publicznie dostêpna implementacja IPSEC
18 Group: Networking/Daemons
19 Source0: ftp://ftp.xs4all.nl/pub/crypto/%{name}/%{name}-%{version}.tar.gz
20 # Source0-md5: 0a5bdc7b93879c77de295fd75d704b4a
21 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
22 # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55
23 Source2: http://www.strongsec.com/%{name}/%{x509ver}-%{name}-%{version}.tar.gz
24 # Source2-md5: 207e44ab5674ae68691ef52188ebda5f
25 Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
26 # Source3-md5: 6858a8535aa2611769d17e86e6735db2
27 Source4: http://gondor.apana.org.au/~herbert/freeswan/%{version}/freeswan-%{version}-linux-ipsec-%{_25x_ver}.patch.gz
28 # Source4-md5: 48d2be60229d7971d39a89dac578b18d
29 Patch0: %{name}-showhostkey.patch
30 Patch1: %{name}-init.patch
31 Patch2: %{name}-paths.patch
32 Patch3: %{name}-confread.patch
33 URL: http://www.freeswan.org/
34 BuildRequires: gmp-devel
35 BuildRequires: rpmbuild(macros) >= 1.118
37 Requires(post,preun): /sbin/chkconfig
40 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-headers}}
41 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-source}}
42 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-doc}}
43 # XFree86 is required to use usefull lndir
44 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: XFree86}}
45 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
48 The basic idea of IPSEC is to provide security functions
49 (authentication and encryption) at the IP (Internet Protocol) level.
50 It will be required in IP version 6 (better known as IPng, the next
51 generation) and is optional for the current IP, version 4.
53 FreeS/WAN is a freely-distributable implementation of IPSEC protocol.
54 FreeS/WAN utilities%{?!_without_x509: compiled with X.509 certificate support}.
57 Podstawowa idea IPSEC to zapewnienie funkcji bezpieczeñstwa
58 (autentykacji i szyfrowania) na poziomie IP. Bêdzie wymagany do IP w
59 wersji 6 (znanego tak¿e jako IPng, IP nastêpnej generacji) i jest
60 opcjonalny dla aktualnego IP, w wersji 4.
62 FreeS/WAN jest darmow± implementacj± protoko³u IPSEC.
64 %package -n kernel-net-ipsec
65 Summary: Kernel module for Linux IPSEC
66 Summary(pl): Modu³ j±dra dla IPSEC
67 Release: %{_rel}@%{_kernel_ver_str}
69 %{!?_without_dist_kernel:%requires_releq_kernel_up}
70 PreReq: modutils >= 2.4.6-4
71 Requires(post,postun): /sbin/depmod
72 Requires: %{name} = %{version}
73 Conflicts: kernel <= 2.4.20-9
75 %description -n kernel-net-ipsec
76 Kernel module for FreeS/WAN.
78 %description -n kernel-net-ipsec -l pl
79 Modu³ j±dra wykorzystywany przez FreeS/WAN.
81 %package -n kernel-smp-net-ipsec
82 Summary: SMP kernel module for Linux IPSEC
83 Summary(pl): Modu³ j±dra SMP dla IPSEC
84 Release: %{_rel}@%{_kernel_ver_str}
86 %{!?_without_dist_kernel:%requires_releq_kernel_up}
87 PreReq: modutils >= 2.4.6-4
88 Requires(post,postun): /sbin/depmod
89 Requires: %{name} = %{version}
90 Conflicts: kernel-smp <= 2.4.20-9
92 %description -n kernel-smp-net-ipsec
93 SMP kernel module for FreeS/WAN.
95 %description -n kernel-smp-net-ipsec -l pl
96 Modu³ j±dra SMP wykorzystywany przez FreeS/WAN.
99 %setup -q -a2 -a3 -n %{name}-%{version}
102 %{?!_without_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
105 %{?_with_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff}
106 %{?_with_25x:gzip -d <%{SOURCE4}| patch -p1 -s}
110 %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'`
111 %if 0%{!?_without_modules:1}
113 lndir -silent /usr/src/linux kernelsrc
114 mv kernelsrc/.config kernelsrc/.config.old
115 cp kernelsrc/.config.old kernelsrc/.config
116 %if 0%{!?_without_dist_kernel:1}
117 rm -rf kernelsrc/include/asm
119 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
120 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
121 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
122 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
124 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
125 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
126 cp kernelsrc/config-up kernelsrc/.config
128 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
129 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
130 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
131 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
132 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
133 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
134 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
135 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
136 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
139 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
140 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
141 CC=%{__cc}; export CC
144 %if 0%{!?_without_modules:1}
145 %{__make} precheck verset kpatch ocf confcheck module \
146 BIND9STATICLIBDIR=%{_libdir} \
147 FINALCONFDIR=%{_sysconfdir}/ipsec \
148 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
150 INC_MANDIR=share/man \
151 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
152 FINALLIBEXECDIR=%{_libdir}/ipsec \
153 KERNELSRC="`pwd`/kernelsrc"
155 install linux/net/ipsec/ipsec.o .
157 %if 0%{!?_without_smp:1}
160 lndir -silent /usr/src/linux kernelsrc
161 mv kernelsrc/.config kernelsrc/.config.old
162 cp kernelsrc/.config.old kernelsrc/.config
163 %if 0%{!?_without_dist_kernel:1}
164 rm -rf kernelsrc/include/asm
166 patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
167 patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
168 patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
169 patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
171 rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
172 rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
173 cp kernelsrc/config-smp kernelsrc/.config
175 echo "CONFIG_IPSEC=m" >> kernelsrc/.config
176 echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
177 echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
178 echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
179 echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
180 echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
181 echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
182 echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
183 echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
185 %{__make} precheck verset kpatch ocf confcheck module \
186 BIND9STATICLIBDIR=%{_libdir} \
187 FINALCONFDIR=%{_sysconfdir}/ipsec \
188 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
190 INC_MANDIR=share/man \
191 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
192 FINALLIBEXECDIR=%{_libdir}/ipsec \
193 KERNELSRC="`pwd`/kernelsrc"
199 BIND9STATICLIBDIR=%{_libdir} \
200 FINALCONFDIR=%{_sysconfdir}/ipsec \
201 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
203 INC_MANDIR=share/man \
204 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
205 FINALLIBEXECDIR=%{_libdir}/ipsec \
206 KERNELSRC="`pwd`/kernelsrc"
211 rm -rf $RPM_BUILD_ROOT
212 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
215 BIND9STATICLIBDIR=%{_libdir} \
216 DESTDIR="$RPM_BUILD_ROOT" \
217 FINALCONFDIR=%{_sysconfdir}/ipsec \
218 FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
219 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
220 FINALLIBEXECDIR=%{_libdir}/ipsec \
221 FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
226 %if 0%{!?_without_x509:1}
227 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
228 for i in crls cacerts private policies; do
229 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
231 for i in CHANGES README; do
232 install %{x509ver}-%{name}-%{version}/$i $i.x509 ;
236 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
238 %if 0%{!?_without_modules:1}
239 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
240 install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
241 %if 0%{!?_without_smp:1}
242 install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
243 install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
248 rm -rf $RPM_BUILD_ROOT
251 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
253 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
255 echo generate RSA private key...
256 /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
257 chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
260 /sbin/chkconfig --add ipsec
261 if [ -f /var/lock/subsys/ipsec ]; then
262 /etc/rc.d/init.d/ipsec restart >&2
264 echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
268 if [ "$1" = "0" ]; then
269 if [ -f /var/lock/subsys/ipsec ]; then
270 /etc/rc.d/init.d/ipsec stop >&2
272 /sbin/chkconfig --del ipsec >&2
275 %post -n kernel-net-ipsec
276 %depmod %{_kernel_ver}
278 %postun -n kernel-net-ipsec
279 %depmod %{_kernel_ver}
281 %post -n kernel-smp-net-ipsec
282 %depmod %{_kernel_ver}
284 %postun -n kernel-smp-net-ipsec
285 %depmod %{_kernel_ver}
288 %defattr(644,root,root,755)
289 %doc README CREDITS CHANGES BUGS
290 %doc doc/{kernel.notes,impl.notes,examples,prob.report,standards} doc/*.html
291 %{?_with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
292 %{?!_without_x509:%doc CHANGES.x509 README.x509}
294 %lang(pl) %{_mandir}/pl/man*/*
295 %attr(755,root,root) %{_sbindir}/*
296 %attr(754,root,root) /etc/rc.d/init.d/*
297 %dir %{_libdir}/ipsec
298 %attr(755,root,root) %{_libdir}/ipsec/*
299 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
300 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.conf
301 %if 0%{!?_without_x509:1}
302 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
303 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
304 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
305 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
306 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
307 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
308 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.d/policies/*
311 %if 0%{!?_without_modules:1}
312 %files -n kernel-net-ipsec
313 %defattr(644,root,root,755)
314 /lib/modules/%{_kernel_ver}/misc/ipsec*
315 %if 0%{!?_without_smp:1}
316 %files -n kernel-smp-net-ipsec
317 %defattr(644,root,root,755)
318 /lib/modules/%{_kernel_ver}smp/misc/ipsec*