2 # _without_x509 - without x509 support
3 # _without_dist_kernel - without distribution kernel
6 %define x509ver x509-1.2.1
7 Summary: Free IPSEC implemetation
8 Summary(pl): Publicznie dostêpna implementacja IPSEC
13 Group: Networking/Daemons
14 Source0: ftp://ftp.xs4all.nl/pub/crypto/%{name}/development/%{name}-%{version}-%{_rc}.tar.gz
15 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2
16 Source2: http://www.strongsec.com/%{name}/%{x509ver}-%{name}-%{version}-%{_rc}.tar.gz
17 Patch0: %{name}-showhostkey.patch
18 Patch1: %{name}-init.patch
19 Patch2: %{name}-des.patch
20 URL: http://www.freeswan.org/
21 %{!?_without_dist_kernel:BuildRequires: kernel-headers(freeswan)}
22 BuildRequires: gmp-devel
23 Prereq: /sbin/chkconfig
26 %{!?_without_dist_kernel:Requires: kernel(freeswan)}
27 BuildRoot: %{tmpdir}/%{name}-%{version}-%{_rc}-root-%(id -u -n)
30 %{?_without_x509:%define x509 0}
33 The basic idea of IPSEC is to provide security functions
34 (authentication and encryption) at the IP (Internet Protocol) level.
35 It will be required in IP version 6 (better known as IPng, the next
36 generation) and is optional for the current IP, version 4.
38 FreeS/WAN is a freely-distributable implementation of IPSEC protocol.
39 FreeS/WAN utilities%{?!_without_x509: compiled with X.509 certificate support}.
42 Podstawowa idea IPSEC to zapewnienie funkcji bezpieczeñstwa
43 (autentykacji i szyfrowania) na poziomie IP. Bêdzie wymagany do IP w
44 wersji 6 (znanego tak¿e jako IPng, IP nastêpnej generacji) i jest
45 opcjonalny dla aktualnego IP, w wersji 4.
47 FreeS/WAN jest darmow± implementacj± protoko³u IPSEC.
50 %setup -q -a2 -n %{name}-%{version}-%{_rc}
55 %{?!_without_x509:patch -p1 <%{x509ver}-%{name}-%{version}-%{_rc}/freeswan.diff}
56 #%{?!_without_x509:%patch5 -p1 }
62 USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE
63 OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS
66 FINALCONFDIR=%{_sysconfdir}/ipsec \
68 INC_MANDIR=share/man \
69 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
70 FINALLIBEXECDIR=${_libdir}/ipsec
73 rm -rf $RPM_BUILD_ROOT
74 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto}
77 DESTDIR="$RPM_BUILD_ROOT" \
79 INC_MANDIR=share/man \
80 FINALCONFDIR=%{_sysconfdir}/ipsec \
81 FINALRCDIR=%{_sysconfdir}/rc.d/init.d \
82 FINALLIBEXECDIR=%{_libdir}/ipsec \
83 FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version}
86 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d
87 for i in crls cacerts private policies; do
88 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i
90 for i in CHANGES README; do
91 install %{x509ver}-%{name}-%{version}-%{_rc}/$i $i.x509 ;
95 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
98 # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does
100 if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ];
102 echo generate RSA private key...
103 /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets
104 chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets
107 /sbin/chkconfig --add ipsec
108 if [ -f /var/lock/subsys/ipsec ]; then
109 /etc/rc.d/init.d/ipsec restart >&2
111 echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2
115 if [ "$1" = "0" ]; then
116 if [ -f /var/lock/subsys/ipsec ]; then
117 /etc/rc.d/init.d/ipsec stop >&2
119 /sbin/chkconfig --del ipsec >&2
123 rm -rf $RPM_BUILD_ROOT
126 %defattr(644,root,root,755)
127 %doc README CREDITS CHANGES BUGS
128 %doc doc/{kernel.notes,impl.notes,examples,prob.report,standards} doc/*.html
129 %{?!_without_x509:%doc CHANGES.x509 README.x509}
131 %lang(pl) %{_mandir}/pl/man*/*
132 %attr(755,root,root) %{_sbindir}/*
133 %attr(754,root,root) /etc/rc.d/init.d/*
134 %dir %{_libdir}/ipsec
135 %attr(755,root,root) %{_libdir}/ipsec/*
136 %attr(751,root,root) %dir %{_sysconfdir}/ipsec
137 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.conf
139 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d
140 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls
141 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts
142 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private
143 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies
144 %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.d/policies/*