]> git.pld-linux.org Git - packages/freeswan.git/blob - freeswan.spec
projects / packages / freeswan.git / blob
? search:


ea72d6e20abfd038d50518575b10fc1d5e6ba17e
[packages/freeswan.git] / freeswan.spec
1 # Conditional builds
2 # _without_x509         - without x509 support
3 # _without_dist_kernel  - without sources of distribution kernel
4 # _without_NAT          - without NAT-Traversal
5 # _without_25x  - without FreeS/WAN's keying daemon to work with 
6 #                         the 2.5 kernel IPsec implementation
7 # _without_modules      - build only library+programs, no kernel modules
8 %define x509ver         x509-1.4.1
9 %define nat_tr_ver      0.6
10 %define _25x_ver        20030713
11 Summary:        Free IPSEC implemetation
12 Summary(pl):    Publicznie dostêpna implementacja IPSEC
13 Name:           freeswan
14 Version:        2.01
15 %define _rel    0.4
16 Release:        %{_rel}
17 License:        GPL
18 Group:          Networking/Daemons
19 Source0:        ftp://ftp.xs4all.nl/pub/crypto/%{name}/%{name}-%{version}.tar.gz
20 # Source0-md5:  0a5bdc7b93879c77de295fd75d704b4a
21 Source1:        http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
22 # Source1-md5:  6bd0b509015a2795cfb895aaab0bbc55
23 Source2:        http://www.strongsec.com/%{name}/%{x509ver}-%{name}-%{version}.tar.gz
24 # Source2-md5:  5a76bed78f6aaf18d1509520ab7936fc
25 Source3:        http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz
26 # Source3-md5:  6858a8535aa2611769d17e86e6735db2
27 Source4:        http://gondor.apana.org.au/~herbert/freeswan/%{version}/freeswan-%{version}-linux-ipsec-%{_25x_ver}.patch.gz
28 # Source4-md5:  bffd7e46ca167de041e75641b0b1e9ef
29 Patch0:         %{name}-showhostkey.patch
30 Patch1:         %{name}-init.patch
31 Patch2:         %{name}-paths.patch
32 Patch3:         %{name}-confread.patch
33 URL:            http://www.freeswan.org/
34 BuildRequires:  gmp-devel
35 BuildRequires:  rpmbuild(macros) >= 1.118
36 Prereq:         /sbin/chkconfig
37 Prereq:         rc-scripts
38 Requires:       gawk
39 Requires:       gmp
40 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires:    kernel-headers}}
41 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires:    kernel-source}}
42 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires:    kernel-doc}}
43 # XFree86 is required to use usefull lndir
44 %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires:    XFree86}}
45 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
46
47 %description
48 The basic idea of IPSEC is to provide security functions
49 (authentication and encryption) at the IP (Internet Protocol) level.
50 It will be required in IP version 6 (better known as IPng, the next
51 generation) and is optional for the current IP, version 4.
52
53 FreeS/WAN is a freely-distributable implementation of IPSEC protocol.
54 FreeS/WAN utilities%{?!_without_x509: compiled with X.509 certificate support}.
55
56 %description -l pl
57 Podstawowa idea IPSEC to zapewnienie funkcji bezpieczeñstwa
58 (autentykacji i szyfrowania) na poziomie IP. Bêdzie wymagany do IP w
59 wersji 6 (znanego tak¿e jako IPng, IP nastêpnej generacji) i jest
60 opcjonalny dla aktualnego IP, w wersji 4.
61
62 FreeS/WAN jest darmow± implementacj± protoko³u IPSEC.
63
64 %package -n kernel-net-ipsec
65 Summary:        Kernel module for Linux IPSEC
66 Summary(pl):    Modu³ j±dra dla IPSEC
67 Release:        %{_rel}@%{_kernel_ver_str}
68 Group:          Base/Kernel
69 %{!?_without_dist_kernel:%requires_releq_kernel_up}
70 PreReq:         modutils >= 2.4.6-4
71 Requires(post,postun):  /sbin/depmod
72 Requires:       %{name} = %{version}
73 Conflicts:      kernel <= 2.4.20-9
74
75 %description -n kernel-net-ipsec
76 Kernel module for FreeS/WAN
77
78 %description -n kernel-net-ipsec -l pl
79 Modu³ j±dra wykorzystywany przez FreeS/WAN
80
81
82 %package -n kernel-smp-net-ipsec
83 Summary:        SMP kernel module for Linux IPSEC
84 Summary(pl):    Modu³ j±dra dla IPSEC
85 Release:        %{_rel}@%{_kernel_ver_str}
86 Group:          Base/Kernel
87 %{!?_without_dist_kernel:%requires_releq_kernel_up}
88 PreReq:         modutils >= 2.4.6-4
89 Requires(post,postun):  /sbin/depmod
90 Requires:       %{name} = %{version}
91 Conflicts:      kernel-smp <= 2.4.20-9
92
93 %description -n kernel-smp-net-ipsec
94 SMP kernel module for FreeS/WAN
95
96 %description -n kernel-smp-net-ipsec -l pl
97 Modu³ j±dra SMP wykorzystywany przez FreeS/WAN
98
99
100 %prep
101 %setup  -q -a2 -a3 -n %{name}-%{version}
102 %patch0 -p1
103 %patch1 -p1
104 %{?!_without_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff}
105 #%patch2 -p1
106 %patch3 -p1
107 %{?!_without_NAT:patch -p1 -s <NAT-Traversal-%{nat_tr_ver}/NAT-Traversal-%{nat_tr_ver}-freeswan-2.00-x509-1.3.5.diff} 
108 %{?!_without_25x:gzip -d <%{SOURCE4}| patch -p1 -s}
109
110
111 %build
112 %define _kver `echo "%{_kernel_ver}" |awk -F. '{print $2}'`
113 %if 0%{!?_without_modules:1}
114   install -d kernelsrc
115   lndir -silent /usr/src/linux kernelsrc
116   mv kernelsrc/.config kernelsrc/.config.old
117   cp kernelsrc/.config.old kernelsrc/.config
118   %if 0%{!?_without_dist_kernel:1}
119     rm -rf kernelsrc/include/asm
120     cd kernelsrc
121     patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
122     patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
123     patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
124     patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
125     cd ..
126     rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
127     rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
128     cp kernelsrc/config-up kernelsrc/.config
129   %endif
130   echo "CONFIG_IPSEC=m" >> kernelsrc/.config
131   echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
132   echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
133   echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
134   echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
135   echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
136   echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
137   echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
138   echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
139 %endif
140
141 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
142 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
143 CC=%{__cc}; export CC
144
145
146 %if 0%{!?_without_modules:1}
147   %{__make} precheck verset kpatch ocf confcheck module \
148         BIND9STATICLIBDIR=%{_libdir} \
149         FINALCONFDIR=%{_sysconfdir}/ipsec \
150         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
151         INC_USRLOCAL=/usr \
152         INC_MANDIR=share/man \
153         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
154         FINALLIBEXECDIR=%{_libdir}/ipsec \
155         KERNELSRC="`pwd`/kernelsrc"
156
157   install linux/net/ipsec/ipsec.o .
158
159   %if 0%{!?_without_smp:1}
160     rm -rf kernelsrc
161     install -d kernelsrc
162     lndir -silent /usr/src/linux kernelsrc
163     mv kernelsrc/.config kernelsrc/.config.old
164     cp kernelsrc/.config.old kernelsrc/.config
165     %if 0%{!?_without_dist_kernel:1}
166       rm -rf kernelsrc/include/asm
167       cd kernelsrc
168       patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch
169       patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch
170       patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch
171       patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch
172       cd ..
173       rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec}
174       rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h
175       cp kernelsrc/config-smp kernelsrc/.config
176     %endif
177     echo "CONFIG_IPSEC=m" >> kernelsrc/.config
178     echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config
179     echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config
180     echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config
181     echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config
182     echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config
183     echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config
184     echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config
185     echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config
186
187     %{__make} precheck verset kpatch ocf confcheck module \
188         BIND9STATICLIBDIR=%{_libdir} \
189         FINALCONFDIR=%{_sysconfdir}/ipsec \
190         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
191         INC_USRLOCAL=/usr \
192         INC_MANDIR=share/man \
193         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
194         FINALLIBEXECDIR=%{_libdir}/ipsec \
195         KERNELSRC="`pwd`/kernelsrc"
196   %endif
197 %endif
198
199
200 %{__make} programs \
201         BIND9STATICLIBDIR=%{_libdir} \
202         FINALCONFDIR=%{_sysconfdir}/ipsec \
203         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
204         INC_USRLOCAL=/usr \
205         INC_MANDIR=share/man \
206         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
207         FINALLIBEXECDIR=%{_libdir}/ipsec \
208         KERNELSRC="`pwd`/kernelsrc"
209
210
211
212 %install
213 rm -rf $RPM_BUILD_ROOT
214 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
215
216 %{__make} install \
217         BIND9STATICLIBDIR=%{_libdir} \
218         DESTDIR="$RPM_BUILD_ROOT" \
219         FINALCONFDIR=%{_sysconfdir}/ipsec \
220         FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \
221         FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
222         FINALLIBEXECDIR=%{_libdir}/ipsec \
223         FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \
224         INC_USRLOCAL=/usr \
225         INC_MANDIR=share/man
226
227
228 %if 0%{!?_without_x509:1}
229   install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d 
230   for i in crls cacerts private policies; do
231         install -d  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
232   done
233   for i in CHANGES README; do
234         install  %{x509ver}-%{name}-%{version}/$i $i.x509 ;     
235   done
236 %endif
237
238 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
239
240 %if 0%{!?_without_modules:1}
241   install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
242   install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc
243   %if 0%{!?_without_smp:1}
244     install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
245     install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc
246   %endif
247 %endif
248
249 %post
250 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
251 # not already exist
252 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
253 then
254     echo generate RSA private key...
255     /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
256     chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
257 fi
258
259 /sbin/chkconfig --add ipsec
260 if [ -f /var/lock/subsys/ipsec ]; then
261         /etc/rc.d/init.d/ipsec restart >&2
262 else
263         echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
264 fi
265
266 %preun
267 if [ "$1" = "0" ]; then
268         if [ -f /var/lock/subsys/ipsec ]; then
269                 /etc/rc.d/init.d/ipsec stop >&2
270         fi
271         /sbin/chkconfig --del ipsec >&2
272 fi
273
274 %post   -n kernel-net-ipsec
275 %depmod %{_kernel_ver}
276
277 %postun -n kernel-net-ipsec
278 %depmod %{_kernel_ver}
279
280 %post   -n kernel-smp-net-ipsec
281 %depmod %{_kernel_ver}
282
283 %postun -n kernel-smp-net-ipsec
284 %depmod %{_kernel_ver}
285
286
287 %clean
288 rm -rf $RPM_BUILD_ROOT
289
290 %files
291 %defattr(644,root,root,755)
292 %doc README CREDITS CHANGES BUGS 
293 %doc doc/{kernel.notes,impl.notes,examples,prob.report,standards} doc/*.html
294 %{?!_without_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal}
295 %{?!_without_x509:%doc CHANGES.x509 README.x509}
296 %{_mandir}/man*/*
297 %lang(pl) %{_mandir}/pl/man*/*
298 %attr(755,root,root) %{_sbindir}/*
299 %attr(754,root,root) /etc/rc.d/init.d/*
300 %dir %{_libdir}/ipsec
301 %attr(755,root,root) %{_libdir}/ipsec/*
302 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
303 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.conf
304 %if 0%{!?_without_x509:1}
305 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
306 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs
307 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
308 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
309 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
310 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
311 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.d/policies/*
312 %endif
313
314 %if 0%{!?_without_modules:1}
315 %files -n kernel-net-ipsec
316 %defattr(644,root,root,755)
317 /lib/modules/%{_kernel_ver}/misc/ipsec*
318 %if 0%{!?_without_smp:1}
319 %files -n kernel-smp-net-ipsec
320 %defattr(644,root,root,755)
321 /lib/modules/%{_kernel_ver}smp/misc/ipsec*
322 %endif
323 %endif
Free IPSEC implemetation
This page took 0.30737 seconds and 2 git commands to generate.