# Conditional builds # _without_x509 - without x509 support # _without_dist_kernel - without sources of distribution kernel # _with_NAT - without NAT-Traversal # _with_25x - without FreeS/WAN's keying daemon to work with # the 2.5 kernel IPsec implementation # _without_modules - build only library+programs, no kernel modules %define x509ver x509-1.4.6 %define nat_tr_ver 0.6 %define _25x_ver 20030825 Summary: Free IPSEC implemetation Summary(pl): Publicznie dostępna implementacja IPSEC Name: freeswan Version: 2.02 %define _rel 0.1 Release: %{_rel} License: GPL Group: Networking/Daemons Source0: ftp://ftp.xs4all.nl/pub/crypto/%{name}/%{name}-%{version}.tar.gz # Source0-md5: e7a5ff59b2abbb8c812221bbe7fd6e09 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-pl-man-pages.tar.bz2 # Source1-md5: 6bd0b509015a2795cfb895aaab0bbc55 Source2: http://www.strongsec.com/%{name}/%{x509ver}-%{name}-%{version}.tar.gz # Source2-md5: cd5be2b57920f839cdd88f73c4d1a32a Source3: http://open-source.arkoon.net/freeswan/NAT-Traversal-%{nat_tr_ver}.tar.gz # Source3-md5: 6858a8535aa2611769d17e86e6735db2 ##Source4: http://gondor.apana.org.au/~herbert/freeswan/%{version}/freeswan-%{version}-linux-ipsec-%{_25x_ver}.patch.gz ### Source4-md5: 48d2be60229d7971d39a89dac578b18d Patch0: %{name}-showhostkey.patch Patch1: %{name}-init.patch Patch2: %{name}-paths.patch Patch3: %{name}-confread.patch URL: http://www.freeswan.org/ BuildRequires: gmp-devel BuildRequires: rpmbuild(macros) >= 1.118 PreReq: rc-scripts Requires(post,preun): /sbin/chkconfig Requires: gawk Requires: gmp %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-headers}} %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-source}} %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: kernel-doc}} # XFree86 is required to use usefull lndir %{!?_without_dist_kernel:%{!?_without_modules:BuildRequires: XFree86}} BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description The basic idea of IPSEC is to provide security functions (authentication and encryption) at the IP (Internet Protocol) level. It will be required in IP version 6 (better known as IPng, the next generation) and is optional for the current IP, version 4. FreeS/WAN is a freely-distributable implementation of IPSEC protocol. FreeS/WAN utilities%{?!_without_x509: compiled with X.509 certificate support}. %description -l pl Podstawowa idea IPSEC to zapewnienie funkcji bezpieczeństwa (autentykacji i szyfrowania) na poziomie IP. Będzie wymagany do IP w wersji 6 (znanego także jako IPng, IP następnej generacji) i jest opcjonalny dla aktualnego IP, w wersji 4. FreeS/WAN jest darmową implementacją protokołu IPSEC. %package -n kernel-net-ipsec Summary: Kernel module for Linux IPSEC Summary(pl): Moduł jądra dla IPSEC Release: %{_rel}@%{_kernel_ver_str} Group: Base/Kernel %{!?_without_dist_kernel:%requires_releq_kernel_up} PreReq: modutils >= 2.4.6-4 Requires(post,postun): /sbin/depmod Requires: %{name} = %{version} Conflicts: kernel <= 2.4.20-9 %description -n kernel-net-ipsec Kernel module for FreeS/WAN. %description -n kernel-net-ipsec -l pl Moduł jądra wykorzystywany przez FreeS/WAN. %package -n kernel-smp-net-ipsec Summary: SMP kernel module for Linux IPSEC Summary(pl): Moduł jądra SMP dla IPSEC Release: %{_rel}@%{_kernel_ver_str} Group: Base/Kernel %{!?_without_dist_kernel:%requires_releq_kernel_up} PreReq: modutils >= 2.4.6-4 Requires(post,postun): /sbin/depmod Requires: %{name} = %{version} Conflicts: kernel-smp <= 2.4.20-9 %description -n kernel-smp-net-ipsec SMP kernel module for FreeS/WAN. %description -n kernel-smp-net-ipsec -l pl Moduł jądra SMP wykorzystywany przez FreeS/WAN. %prep %setup -q -a2 -a3 -n %{name}-%{version} %patch0 -p1 %patch1 -p1 %{?!_without_x509:patch -p1 -s <%{x509ver}-%{name}-%{version}/freeswan.diff} #%patch2 -p1 %patch3 -p1 %{?_with_NAT:patch -p1 -s > kernelsrc/.config echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config %endif USERCOMPILE="%{rpmcflags}" ; export USERCOMPILE OPT_FLAGS="%{rpmcflags}"; export OPT_FLAGS CC=%{__cc}; export CC %if 0%{!?_without_modules:1} %{__make} precheck verset kpatch ocf confcheck module \ BIND9STATICLIBDIR=%{_libdir} \ FINALCONFDIR=%{_sysconfdir}/ipsec \ FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ INC_USRLOCAL=/usr \ INC_MANDIR=share/man \ FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ FINALLIBEXECDIR=%{_libdir}/ipsec \ KERNELSRC="`pwd`/kernelsrc" install linux/net/ipsec/ipsec.o . %if 0%{!?_without_smp:1} rm -rf kernelsrc install -d kernelsrc lndir -silent /usr/src/linux kernelsrc mv kernelsrc/.config kernelsrc/.config.old cp kernelsrc/.config.old kernelsrc/.config %if 0%{!?_without_dist_kernel:1} rm -rf kernelsrc/include/asm cd kernelsrc patch -R -p1 <../linux/net/Makefile.fs2_%{_kver}.patch patch -R -p1 <../linux/net/Config.in.fs2_%{_kver}.patch patch -R -p1 <../linux/net/ipv4/af_inet.c.fs2_%{_kver}.patch patch -R -p1 <../linux/Documentation/Configure.help.fs2_%{_kver}.patch cd .. rm -rf kernelsrc/{crypto,include/{freeswan,zlib,crypto},lib/{zlib,libfreeswan},net/ipsec} rm kernelsrc/include/{freeswan,pfkey,pfkeyv2}.h cp kernelsrc/config-smp kernelsrc/.config %endif echo "CONFIG_IPSEC=m" >> kernelsrc/.config echo "CONFIG_IPSEC_IPIP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AH=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AUTH_HMAC_MD5=y" >> kernelsrc/.config echo "CONFIG_IPSEC_AUTH_HMAC_SHA1=y" >> kernelsrc/.config echo "CONFIG_IPSEC_ESP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_ENC_3DES=y" >> kernelsrc/.config echo "CONFIG_IPSEC_IPCOMP=y" >> kernelsrc/.config echo "CONFIG_IPSEC_DEBUG=y" >> kernelsrc/.config %{__make} precheck verset kpatch ocf confcheck module \ BIND9STATICLIBDIR=%{_libdir} \ FINALCONFDIR=%{_sysconfdir}/ipsec \ FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ INC_USRLOCAL=/usr \ INC_MANDIR=share/man \ FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ FINALLIBEXECDIR=%{_libdir}/ipsec \ KERNELSRC="`pwd`/kernelsrc" %endif %endif %{__make} programs \ BIND9STATICLIBDIR=%{_libdir} \ FINALCONFDIR=%{_sysconfdir}/ipsec \ FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ INC_USRLOCAL=/usr \ INC_MANDIR=share/man \ FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ FINALLIBEXECDIR=%{_libdir}/ipsec \ KERNELSRC="`pwd`/kernelsrc" %install rm -rf $RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ipsec,/etc/rc.d/init.d,/var/run/pluto} %{__make} install \ BIND9STATICLIBDIR=%{_libdir} \ DESTDIR="$RPM_BUILD_ROOT" \ FINALCONFDIR=%{_sysconfdir}/ipsec \ FINALCONFFILE=%{_sysconfdir}/ipsec/ipsec.conf \ FINALRCDIR=%{_sysconfdir}/rc.d/init.d \ FINALLIBEXECDIR=%{_libdir}/ipsec \ FINALEXAMPLECONFDIR=/usr/share/doc/%{name}-%{version} \ INC_USRLOCAL=/usr \ INC_MANDIR=share/man %if 0%{!?_without_x509:1} install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d for i in crls cacerts private policies; do install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipsec/ipsec.d/$i done for i in CHANGES README; do install %{x509ver}-%{name}-%{version}/$i $i.x509 ; done %endif bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} %if 0%{!?_without_modules:1} install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc install ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/misc %if 0%{!?_without_smp:1} install -d $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc install linux/net/ipsec/ipsec.o $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}smp/misc %endif %endif %clean rm -rf $RPM_BUILD_ROOT %post # generate RSA private key... if, and only if, /etc/ipsec/ipsec.secrets does # not already exist if [ ! -f %{_sysconfdir}/ipsec/ipsec.secrets ]; then echo generate RSA private key... /usr/sbin/ipsec newhostkey --output %{_sysconfdir}/ipsec/ipsec.secrets chmod 600 %{_sysconfdir}/ipsec/ipsec.secrets fi /sbin/chkconfig --add ipsec if [ -f /var/lock/subsys/ipsec ]; then /etc/rc.d/init.d/ipsec restart >&2 else echo "Run '/etc/rc.d/init.d/ipsec start' to start IPSEC services." >&2 fi %preun if [ "$1" = "0" ]; then if [ -f /var/lock/subsys/ipsec ]; then /etc/rc.d/init.d/ipsec stop >&2 fi /sbin/chkconfig --del ipsec >&2 fi %post -n kernel-net-ipsec %depmod %{_kernel_ver} %postun -n kernel-net-ipsec %depmod %{_kernel_ver} %post -n kernel-smp-net-ipsec %depmod %{_kernel_ver} %postun -n kernel-smp-net-ipsec %depmod %{_kernel_ver} %files %defattr(644,root,root,755) %doc README CREDITS CHANGES BUGS %doc doc/{kernel.notes,impl.notes,examples,prob.report,standards} doc/*.html %{?_with_NAT:%doc NAT-Traversal-%{nat_tr_ver}/README.NAT-Traversal} %{?!_without_x509:%doc CHANGES.x509 README.x509} %{_mandir}/man*/* %lang(pl) %{_mandir}/pl/man*/* %attr(755,root,root) %{_sbindir}/* %attr(754,root,root) /etc/rc.d/init.d/* %dir %{_libdir}/ipsec %attr(755,root,root) %{_libdir}/ipsec/* %attr(751,root,root) %dir %{_sysconfdir}/ipsec %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.conf %if 0%{!?_without_x509:1} %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/certs %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/crls %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/cacerts %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/private %attr(0700,root,root) %dir %{_sysconfdir}/ipsec/ipsec.d/policies %attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/ipsec/ipsec.d/policies/* %endif %if 0%{!?_without_modules:1} %files -n kernel-net-ipsec %defattr(644,root,root,755) /lib/modules/%{_kernel_ver}/misc/ipsec* %if 0%{!?_without_smp:1} %files -n kernel-smp-net-ipsec %defattr(644,root,root,755) /lib/modules/%{_kernel_ver}smp/misc/ipsec* %endif %endif