From eb5621d87b9a877ecf7fc83a57dc01e7490873921646f6adf390b6ab9cc851f8 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Tue, 30 Oct 2012 17:16:52 +0000 Subject: [PATCH 1/3] - WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=50 --- ...l-Ensure-the-thread-ID-is-never-zero.patch | 30 --- strongswan-4.6.4-fmt-warnings.patch | 31 --- strongswan-4.6.4.tar.bz2 | 3 - strongswan-4.6.4.tar.bz2.sig | 14 -- ....4-rpmlintrc => strongswan-5.0.1-rpmlintrc | 0 strongswan-5.0.1.tar.bz2 | 3 + strongswan-5.0.1.tar.bz2.sig | 14 ++ strongswan.changes | 5 + strongswan.spec | 210 ++++++++++-------- strongswan_modprobe_syslog.patch | 18 +- 10 files changed, 146 insertions(+), 182 deletions(-) delete mode 100644 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch delete mode 100644 strongswan-4.6.4-fmt-warnings.patch delete mode 100644 strongswan-4.6.4.tar.bz2 delete mode 100644 strongswan-4.6.4.tar.bz2.sig rename strongswan-4.6.4-rpmlintrc => strongswan-5.0.1-rpmlintrc (100%) create mode 100644 strongswan-5.0.1.tar.bz2 create mode 100644 strongswan-5.0.1.tar.bz2.sig diff --git a/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch b/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch deleted file mode 100644 index c051d0d..0000000 --- a/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 901dbc1077f6c9bd29369cad848bc79a29c1a65b Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Sat, 30 Jun 2012 10:05:41 +0200 -Subject: [PATCH] openssl: Ensure the thread ID is never zero - -This might otherwise cause problems because OpenSSL tries to lock -mutexes recursively if it assumes the lock is held by a different -thread e.g. during FIPS initialization. ---- - src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 5a11412..7daa92b 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -129,7 +129,9 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, - */ - static unsigned long id_function(void) - { -- return (unsigned long)thread_current_id(); -+ /* ensure the thread ID is never zero, otherwise OpenSSL might try to -+ * acquire locks recursively */ -+ return 1 + (unsigned long)thread_current_id(); - } - - /** --- -1.7.7 - diff --git a/strongswan-4.6.4-fmt-warnings.patch b/strongswan-4.6.4-fmt-warnings.patch deleted file mode 100644 index 88db609..0000000 --- a/strongswan-4.6.4-fmt-warnings.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- src/checksum/checksum_builder.c -+++ src/checksum/checksum_builder.c 2012/02/15 13:08:35 -@@ -64,9 +64,9 @@ static void build_checksum(char *path, c - fprintf(stderr, "dlopen failed: %s\n", dlerror()); - } - } -- printf("\t{\"%-25s%7u, 0x%08x, %6u, 0x%08x},\n", -+ printf("\t{\"%-25s%7zu, 0x%08x, %6zu, 0x%08x},\n", - name, fsize, fsum, ssize, ssum); -- fprintf(stderr, "\"%-25s%7u / 0x%08x %6u / 0x%08x\n", -+ fprintf(stderr, "\"%-25s%7zu / 0x%08x %6zu / 0x%08x\n", - name, fsize, fsum, ssize, ssum); - } - -@@ -106,14 +106,14 @@ static void build_binary_checksum(char * - pos = strrchr(binary, '.'); - if (pos && streq(pos, ".so")) - { -- snprintf(name, sizeof(name), "%.*s\",", pos - binary, binary); -+ snprintf(name, sizeof(name), "%.*s\",", (int)(pos - binary), binary); - if (streq(name, "libstrongswan\",")) - { - snprintf(sname, sizeof(sname), "%s", "library_init"); - } - else - { -- snprintf(sname, sizeof(sname), "%.*s_init", pos - binary, binary); -+ snprintf(sname, sizeof(sname), "%.*s_init", (int)(pos - binary), binary); - } - build_checksum(path, name, sname); - } diff --git a/strongswan-4.6.4.tar.bz2 b/strongswan-4.6.4.tar.bz2 deleted file mode 100644 index b7510cb..0000000 --- a/strongswan-4.6.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f372b4cc3d6c8a50a0b262e02e6a7fad43f91cc5a80cbd9432eb3c48ab2d4c69 -size 3504672 diff --git a/strongswan-4.6.4.tar.bz2.sig b/strongswan-4.6.4.tar.bz2.sig deleted file mode 100644 index 2080d3f..0000000 --- a/strongswan-4.6.4.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJPx4AbAAoJEN9CwXCzTbp3+GoL/Rs0El+oVlfUTT20/6IhwhI2 -1DJ2kRB97EqDYe7qzBVHaRs1ceU61JhsOEF+DICDttDamAYOlPMkU0Lonmk4uSqe -Z1TVC7vcQdJEW5dPgx8UYRSxB4VdYkGq8FZSfK0Hdcn69EVnRneqb1oqGPXs3unI -Eut8dounWYXSXtUhfajKeKmCXyMJDfSRAIoCsF4D/BpiU+VtHPqwLGS6KEfWsYyJ -cqq5mc4rAL4Y6rLsi6YhqXvrV9klmVpMnlq7dftod7xWXOFX6d6mDSCIH0BrNyar -AuWJ8CqO06Olp6V8sKTdrtBfuJelM4cEUyehwJbssem7bRCBikkzj0/Yxl7Uu77v -QplLktKlsq/K8SkzNaqjTNxe7SvrIcrY1ErJTm6iMuinvlIjzoYPhpfnbNcyrrXQ -qqJ1RTnrXWxDAt41vHTV8I4afhQdt9WlBrp+xYT42PiPll1V6vLx5f/OLDQUVvSo -co+HFiKgg43090Pi4x5N0J1D1tuVuE7g9IGa1RAyYg== -=XivO ------END PGP SIGNATURE----- diff --git a/strongswan-4.6.4-rpmlintrc b/strongswan-5.0.1-rpmlintrc similarity index 100% rename from strongswan-4.6.4-rpmlintrc rename to strongswan-5.0.1-rpmlintrc diff --git a/strongswan-5.0.1.tar.bz2 b/strongswan-5.0.1.tar.bz2 new file mode 100644 index 0000000..9447157 --- /dev/null +++ b/strongswan-5.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 +size 3146776 diff --git a/strongswan-5.0.1.tar.bz2.sig b/strongswan-5.0.1.tar.bz2.sig new file mode 100644 index 0000000..b3c676b --- /dev/null +++ b/strongswan-5.0.1.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQGcBAABAgAGBQJQa9S/AAoJEN9CwXCzTbp30d0L/3Uj1RYm8+25k+RLIWvU1q/L +z5+mLjNAZpxoV7t1lUuMAA2STvZFisMtoNkw2EhsdanRsEV+WYpL101EPPMja077 +BT86DVKk/IDtoGLKpQK41mV5h0bWzrUBXodw2ggoG1bOLhdfuV6z7hAn3GI+AgxM +Eus0TUWNT6VRZzYgTAcofmUyKM4Hruh5+82OSJtj8eeCqe333fdV/k6mumxYhoLB +b1Yp8NVuMmjbfp0T/kyMAlRMnOb1DGjun9sBNaPK+t6+wcToLDeijl+D83l67ZIl +Et0fehugK5dbkGtUbZHOJFWiSGyVP3eDVOjxMBp6ejBAwi0GwqNWXsE0GnHJr9TL +Q3TrM8Kt0vJ6mhlWU9KFGoRwpiyR+3pBc8smZkJvIs3kKIL5ItTVPsJcWJKu2iEd +L6+X15ZScalcrMJOGRYjgKh7cchIgVaudJOnPLtXjfyMuq+07Zz1ZhybUIu+i5Zo +q8AVLAoM6MkUXWKkJR51CH08+w32DaDp5p7yRyxCRA== +=100T +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index ce71a37..64f2832 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 30 17:09:36 UTC 2012 - mt@suse.de + +- WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 + ------------------------------------------------------------------- Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index a207c0b..1a67c6f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 4.6.4 +Version: 5.0.1 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -32,8 +32,6 @@ Summary: OpenSource IPsec-based VPN Solution License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.strongswan.org/ -Requires: strongswan-ikev1 = %{version} -Requires: strongswan-ikev2 = %{version} Requires: strongswan-ipsec = %{version} Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig @@ -41,8 +39,6 @@ Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch -Patch2: %{name}-%{version}-fmt-warnings.patch -Patch3: 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -51,8 +47,10 @@ BuildRequires: gmp-devel BuildRequires: gperf BuildRequires: libcap-devel BuildRequires: libopenssl-devel +BuildRequires: libsoup-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: pcsc-lite-devel BuildRequires: pkg-config %if %with_mysql BuildRequires: libmysqlclient-devel @@ -133,36 +131,19 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan library and plugins. -%package ikev1 -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: iproute2 -Requires: strongswan-ipsec = %{version} -Requires: strongswan-libs0 = %{version} -Provides: ikev1 -Provides: pluto -Provides: strongswan-daemon = %{version} -Conflicts: freeswan openswan strongswan < %{version} - -%description ikev1 -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the pluto IKEv1 daemon. - -%package ikev2 +%package charon Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security Requires: iproute2 Requires: strongswan-daemon-starter = %{version} Requires: strongswan-libs0 = %{version} -Provides: ikev2 Provides: strongswan-daemon = %{version} Conflicts: openswan strongswan < %{version} -%description ikev2 +%description charon StrongSwan is an OpenSource IPsec-based VPN Solution for Linux -This package provides the charon IKEv2 daemon. +This package provides the charon daemon supporting IKEv1 & IKEv2. %package ipsec Summary: OpenSource IPsec-based VPN Solution @@ -249,8 +230,6 @@ and the load testing plugin for IKEv2 daemon. %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 -%patch2 -p0 -%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -261,35 +240,55 @@ export RPM_OPT_FLAGS CFLAGS #libtoolize --force #autoreconf %configure \ + --enable-conftest \ --enable-integrity-test \ --with-capabilities=libcap \ --with-plugindir=%{strongswan_plugins} \ --with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \ - --enable-smartcard \ - --with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \ - --enable-cisco-quirks \ + --enable-pkcs11 \ --enable-openssl \ --enable-agent \ - --enable-md4 \ + --enable-gcrypt \ --enable-blowfish \ + --enable-ctr \ + --enable-ccm \ + --enable-gcm \ + --enable-unity \ + --enable-md4 \ + --enable-af-alg \ --enable-eap-sim \ --enable-eap-sim-file \ + --enable-eap-sim-pcsc \ + --enable-eap-aka \ + --enable-eap-aka-3gpp2 \ --enable-eap-simaka-sql \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ + --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-gtc \ - --enable-eap-aka \ - --enable-eap-radius \ - --enable-eap-identity \ --enable-eap-mschapv2 \ - --enable-eap-aka-3gpp2 \ + --enable-eap-tls \ + --enable-eap-ttls \ + --enable-eap-peap \ + --enable-eap-tnc \ + --enable-eap-dynamic \ + --enable-eap-radius \ + --enable-xauth-eap \ + --enable-xauth-pam \ --enable-ha \ --enable-dhcp \ --enable-farp \ + --enable-smp \ --enable-sql \ --enable-attr-sql \ --enable-addrblock \ + --enable-radattr \ + --enable-mediation \ + --enable-led \ + --enable-certexpire \ + --enable-duplicheck \ + --enable-coupling \ %if %with_mysql --enable-mysql \ %endif @@ -307,14 +306,15 @@ export RPM_OPT_FLAGS CFLAGS --enable-test-vectors \ %endif --enable-ldap \ + --enable-soup \ --enable-curl make %{?_smp_mflags:%_smp_mflags} %install export RPM_BUILD_ROOT -install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/ -install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ -install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ +install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/ +install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ +install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec # @@ -330,15 +330,18 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,radius,strongswan,simaka}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f # -install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -install -m644 TODO NEWS README COPYING CREDITS \ - ${RPM_SOURCE_DIR}/README.SUSE \ - ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan +install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +#install -m644 TODO NEWS README COPYING CREDITS \ +# ${RPM_SOURCE_DIR}/README.SUSE \ +# ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -d -m755 $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan %post libs0 %{run_ldconfig} @@ -353,11 +356,13 @@ test -d %{_localstatedir}/run/strongswan || \ %preun ipsec %{stop_on_removal ipsec} -if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then - cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old +if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \ + %{_sysconfdir}/ipsec.secrets.rpmsave.old fi -if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then - cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old +if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave \ + %{_sysconfdir}/ipsec.conf.rpmsave.old fi %postun ipsec @@ -389,11 +394,14 @@ fi %{_mandir}/man5/ipsec.secrets.5* %{_mandir}/man5/strongswan.conf.5* %dir %{_libexecdir}/ipsec +%{_libexecdir}/ipsec/_copyright %{_libexecdir}/ipsec/_updown %{_libexecdir}/ipsec/_updown_espmark -%{_libexecdir}/ipsec/_copyright -%{_libexecdir}/ipsec/pki +%{_libexecdir}/ipsec/conftest +%{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/openac +%{_libexecdir}/ipsec/pki +%{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/starter %{_libexecdir}/ipsec/stroke @@ -401,14 +409,7 @@ fi %{strongswan_plugins}/libstrongswan-stroke.so %{strongswan_plugins}/libstrongswan-updown.so -%files ikev1 -%defattr(-,root,root) -%dir %{_libexecdir}/ipsec -%{_libexecdir}/ipsec/whack -%{_libexecdir}/ipsec/pluto -%{_libexecdir}/ipsec/_pluto_adns - -%files ikev2 +%files charon %defattr(-,root,root) %dir %{_libexecdir}/ipsec %{_libexecdir}/ipsec/charon @@ -416,76 +417,85 @@ fi %files doc %defattr(-,root,root) %dir %{strongswan_docdir} -%{strongswan_docdir}/TODO -%{strongswan_docdir}/NEWS -%{strongswan_docdir}/README -%{strongswan_docdir}/COPYING -%{strongswan_docdir}/CREDITS -%{_mandir}/man3/anyaddr.3* -%{_mandir}/man3/atoaddr.3* -%{_mandir}/man3/atoasr.3* -%{_mandir}/man3/atoul.3* -%{_mandir}/man3/goodmask.3* -%{_mandir}/man3/initaddr.3* -%{_mandir}/man3/initsubnet.3* -%{_mandir}/man3/portof.3* -%{_mandir}/man3/rangetosubnet.3* -%{_mandir}/man3/sameaddr.3* -%{_mandir}/man3/subnetof.3* -%{_mandir}/man3/ttoaddr.3* -%{_mandir}/man3/ttodata.3* -%{_mandir}/man3/ttosa.3* -%{_mandir}/man3/ttoul.3* +#%{strongswan_docdir}/TODO +#%{strongswan_docdir}/NEWS +#%{strongswan_docdir}/README +#%{strongswan_docdir}/COPYING +#%{strongswan_docdir}/CREDITS +#%{_mandir}/man3/anyaddr.3* +#%{_mandir}/man3/atoaddr.3* +#%{_mandir}/man3/atoasr.3* +#%{_mandir}/man3/atoul.3* +#%{_mandir}/man3/goodmask.3* +#%{_mandir}/man3/initaddr.3* +#%{_mandir}/man3/initsubnet.3* +#%{_mandir}/man3/portof.3* +#%{_mandir}/man3/rangetosubnet.3* +#%{_mandir}/man3/sameaddr.3* +#%{_mandir}/man3/subnetof.3* +#%{_mandir}/man3/ttoaddr.3* +#%{_mandir}/man3/ttodata.3* +#%{_mandir}/man3/ttosa.3* +#%{_mandir}/man3/ttoul.3* %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* -%{_mandir}/man8/pluto.8* %{_mandir}/man8/scepclient.8* %files libs0 %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %dir %{_libexecdir}/ipsec -%dir %{_libexecdir}/ipsec/pool +#%dir %{_libexecdir}/ipsec/pool %dir %{strongswan_libdir} %{strongswan_libdir}/libchecksum.so -%{strongswan_libdir}/libhydra.so.0 -%{strongswan_libdir}/libhydra.so.0.0.0 -%{strongswan_libdir}/libcharon.so.0 -%{strongswan_libdir}/libcharon.so.0.0.0 -%{strongswan_libdir}/libradius.so.0 -%{strongswan_libdir}/libradius.so.0.0.0 -%{strongswan_libdir}/libsimaka.so.0 -%{strongswan_libdir}/libsimaka.so.0.0.0 -%{strongswan_libdir}/libstrongswan.so.0 -%{strongswan_libdir}/libstrongswan.so.0.0.0 +%{strongswan_libdir}/libcharon.so.* +%{strongswan_libdir}/libhydra.so.* +%{strongswan_libdir}/libradius.so.* +%{strongswan_libdir}/libsimaka.so.* +%{strongswan_libdir}/libstrongswan.so.* +%{strongswan_libdir}/libtls.so.* +%{strongswan_libdir}/libtnccs.so.* %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-addrblock.so %{strongswan_plugins}/libstrongswan-aes.so +%{strongswan_plugins}/libstrongswan-af-alg.so %{strongswan_plugins}/libstrongswan-agent.so %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so %{strongswan_plugins}/libstrongswan-blowfish.so +%{strongswan_plugins}/libstrongswan-ccm.so +%{strongswan_plugins}/libstrongswan-certexpire.so %{strongswan_plugins}/libstrongswan-cmac.so %{strongswan_plugins}/libstrongswan-constraints.so +%{strongswan_plugins}/libstrongswan-coupling.so +%{strongswan_plugins}/libstrongswan-ctr.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so %{strongswan_plugins}/libstrongswan-dhcp.so %{strongswan_plugins}/libstrongswan-dnskey.so +%{strongswan_plugins}/libstrongswan-duplicheck.so %{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so %{strongswan_plugins}/libstrongswan-eap-aka.so +%{strongswan_plugins}/libstrongswan-eap-dynamic.so %{strongswan_plugins}/libstrongswan-eap-gtc.so %{strongswan_plugins}/libstrongswan-eap-identity.so %{strongswan_plugins}/libstrongswan-eap-md5.so %{strongswan_plugins}/libstrongswan-eap-mschapv2.so +%{strongswan_plugins}/libstrongswan-eap-peap.so %{strongswan_plugins}/libstrongswan-eap-radius.so +%{strongswan_plugins}/libstrongswan-eap-sim-file.so +%{strongswan_plugins}/libstrongswan-eap-sim-pcsc.so +%{strongswan_plugins}/libstrongswan-eap-sim.so %{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so %{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so %{strongswan_plugins}/libstrongswan-eap-simaka-sql.so -%{strongswan_plugins}/libstrongswan-eap-sim-file.so -%{strongswan_plugins}/libstrongswan-eap-sim.so +%{strongswan_plugins}/libstrongswan-eap-tls.so +%{strongswan_plugins}/libstrongswan-eap-tnc.so +%{strongswan_plugins}/libstrongswan-eap-ttls.so %{strongswan_plugins}/libstrongswan-farp.so %{strongswan_plugins}/libstrongswan-fips-prf.so +%{strongswan_plugins}/libstrongswan-gcm.so %if %with_gcrypt %{strongswan_plugins}/libstrongswan-gcrypt.so %endif @@ -494,23 +504,33 @@ fi %{strongswan_plugins}/libstrongswan-hmac.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so +%{strongswan_plugins}/libstrongswan-led.so %{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md5.so +%{strongswan_plugins}/libstrongswan-nonce.so %{strongswan_plugins}/libstrongswan-openssl.so %{strongswan_plugins}/libstrongswan-pem.so %{strongswan_plugins}/libstrongswan-pgp.so %{strongswan_plugins}/libstrongswan-pkcs1.so +%{strongswan_plugins}/libstrongswan-pkcs11.so %{strongswan_plugins}/libstrongswan-pkcs8.so %{strongswan_plugins}/libstrongswan-pubkey.so +%{strongswan_plugins}/libstrongswan-radattr.so %{strongswan_plugins}/libstrongswan-random.so %{strongswan_plugins}/libstrongswan-resolve.so %{strongswan_plugins}/libstrongswan-revocation.so %{strongswan_plugins}/libstrongswan-sha1.so %{strongswan_plugins}/libstrongswan-sha2.so -%{strongswan_plugins}/libstrongswan-socket*.so +%{strongswan_plugins}/libstrongswan-smp.so +%{strongswan_plugins}/libstrongswan-socket-default.so +%{strongswan_plugins}/libstrongswan-soup.so %{strongswan_plugins}/libstrongswan-sql.so +%{strongswan_plugins}/libstrongswan-tnc-tnccs.so +%{strongswan_plugins}/libstrongswan-unity.so %{strongswan_plugins}/libstrongswan-x509.so -%{strongswan_plugins}/libstrongswan-xauth.so +%{strongswan_plugins}/libstrongswan-xauth-eap.so +%{strongswan_plugins}/libstrongswan-xauth-generic.so +%{strongswan_plugins}/libstrongswan-xauth-pam.so %{strongswan_plugins}/libstrongswan-xcbc.so %dir %ghost %{_localstatedir}/run/strongswan @@ -520,7 +540,7 @@ fi %defattr(-,root,root) %dir %{_libexecdir}/ipsec %dir %{strongswan_plugins} -%{strongswan_plugins}/libstrongswan-nm.so +%{_libexecdir}/ipsec/charon-nm %endif %if %with_mysql diff --git a/strongswan_modprobe_syslog.patch b/strongswan_modprobe_syslog.patch index 26817fe..9e71673 100644 --- a/strongswan_modprobe_syslog.patch +++ b/strongswan_modprobe_syslog.patch @@ -1,6 +1,6 @@ --- src/starter/klips.c -+++ src/starter/klips.c 2010/03/02 16:43:05 -@@ -34,7 +34,7 @@ starter_klips_init(void) ++++ src/starter/klips.c 2012/10/30 17:07:23 +@@ -30,7 +30,7 @@ bool starter_klips_init(void) /* ipsec module makes the pf_key proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { @@ -9,7 +9,7 @@ } /* now test again */ -@@ -48,9 +48,9 @@ starter_klips_init(void) +@@ -42,9 +42,9 @@ bool starter_klips_init(void) } /* load crypto algorithm modules */ @@ -20,11 +20,11 @@ + ignore_result(system("modprobe -s ipsec_blowfish")); + ignore_result(system("modprobe -s ipsec_sha2")); - DBG(DBG_CONTROL, - DBG_log("Found KLIPS IPsec stack") + DBG2(DBG_APP, "found KLIPS IPsec stack"); + return TRUE; --- src/starter/netkey.c -+++ src/starter/netkey.c 2010/03/02 16:43:05 -@@ -34,7 +34,7 @@ starter_netkey_init(void) ++++ src/starter/netkey.c 2012/10/30 17:07:02 +@@ -31,7 +31,7 @@ bool starter_netkey_init(void) /* af_key module makes the netkey proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { @@ -33,7 +33,7 @@ } /* now test again */ -@@ -50,11 +50,11 @@ starter_netkey_init(void) +@@ -45,11 +45,11 @@ bool starter_netkey_init(void) /* make sure that all required IPsec modules are loaded */ if (stat(PROC_MODULES, &stb) == 0) { @@ -49,4 +49,4 @@ + ignore_result(system("modprobe -s xfrm_user")); } - DBG(DBG_CONTROL, + DBG2(DBG_APP, "found netkey IPsec stack"); From f013a86fad326182ed321f2a94863a0279d1bab520a431e13f6d15cf22f5961e Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 31 Oct 2012 16:08:08 +0000 Subject: [PATCH 2/3] - Updated to strongSwan 5.0.1 release. Changes digest: - Introduced the sending of the standard IETF Assessment Result PA-TNC attribute by all strongSwan Integrity Measurement Verifiers. - Extended PTS Attestation IMC/IMV pair to provide full evidence of the Linux IMA measurement process. All pertinent file information of a Linux OS can be collected and stored in an SQL database. - The PA-TNC and PB-TNC protocols can now process huge data payloads. - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid authenticated clients against any PAM service. - The new unity plugin brings support for some parts of the IKEv1 Cisco Unity Extensions. - The kernel-netlink plugin supports the new strongswan.conf option charon.install_virtual_ip_on. - Job handling in controller_t was fixed, which occasionally caused crashes on ipsec up/down. - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain part. Changes digest from strongSwan 5.0.0 version: * The charon IKE daemon gained experimental support for the IKEv1 protocol. Pluto has been removed from the 5.x series. * The NetworkManager charon plugin of previous releases is now provided by a separate executable (charon-nm) and it should work again with NM 0.9. * scepclient was updated and it now works fine with Windows Server 2008 R2. For full list of the changes, please read the NEWS file shipped in the strongswan-doc package or online: http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 - Adopted spec file, enabled several plugins. - Changed to install strongswan.service with alias to ipsec.service OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=51 --- strongswan.changes | 34 ++++++- strongswan.spec | 168 +++++++++++++++++++-------------- strongswan_ipsec_service.patch | 7 ++ 3 files changed, 134 insertions(+), 75 deletions(-) create mode 100644 strongswan_ipsec_service.patch diff --git a/strongswan.changes b/strongswan.changes index 64f2832..4b524e5 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,7 +1,37 @@ ------------------------------------------------------------------- -Tue Oct 30 17:09:36 UTC 2012 - mt@suse.de +Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de -- WORK-IN-PROGRESS snapshot: Update to strongSwan 5.0.1 +- Updated to strongSwan 5.0.1 release. Changes digest: + - Introduced the sending of the standard IETF Assessment Result + PA-TNC attribute by all strongSwan Integrity Measurement Verifiers. + - Extended PTS Attestation IMC/IMV pair to provide full evidence of + the Linux IMA measurement process. All pertinent file information + of a Linux OS can be collected and stored in an SQL database. + - The PA-TNC and PB-TNC protocols can now process huge data payloads. + - The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid + authenticated clients against any PAM service. + - The new unity plugin brings support for some parts of the IKEv1 + Cisco Unity Extensions. + - The kernel-netlink plugin supports the new strongswan.conf option + charon.install_virtual_ip_on. + - Job handling in controller_t was fixed, which occasionally caused + crashes on ipsec up/down. + - Fixed transmission EAP-MSCHAPv2 user name if it contains a domain + part. + Changes digest from strongSwan 5.0.0 version: + * The charon IKE daemon gained experimental support for the IKEv1 + protocol. Pluto has been removed from the 5.x series. + * The NetworkManager charon plugin of previous releases is now + provided by a separate executable (charon-nm) and it should work + again with NM 0.9. + * scepclient was updated and it now works fine with Windows Server + 2008 R2. + For full list of the changes, please read the NEWS file shipped + in the strongswan-doc package or online: + http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 +- Adopted spec file, enabled several plugins. +- Changed to install strongswan.service with alias to ipsec.service + instead of the /etc/init.d/ipsec init script on openSUSE > 12.2. ------------------------------------------------------------------- Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 1a67c6f..36b0c5f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -23,11 +23,30 @@ Release: 0 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_libdir %{_libdir}/ipsec %define strongswan_plugins %{strongswan_libdir}/plugins -%define with_mysql 1 -%define with_sqlite 0%{suse_version} >= 1110 -%define with_gcrypt 0%{suse_version} >= 1110 -%define with_nm 0%{suse_version} >= 1110 -%define with_tests 0 +%if 0 +%bcond_without tests +%else +%bcond_with tests +%endif +%if 1 +%bcond_without mysql +%else +%bcond_with mysql +%endif +%if 0%{suse_version} >= 1110 +%bcond_without sqlite +%bcond_without gcrypt +%bcond_without nm +%else +%bcond_with sqlite +%bcond_with gcrypt +%bcond_with nm +%endif +%if 0%{suse_version} > 1220 +%bcond_without systemd +%else +%bcond_with systemd +%endif Summary: OpenSource IPsec-based VPN Solution License: GPL-2.0+ Group: Productivity/Networking/Security @@ -39,6 +58,7 @@ Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch +Patch2: %{name}_ipsec_service.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -52,18 +72,21 @@ BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pcsc-lite-devel BuildRequires: pkg-config -%if %with_mysql +%if %{with mysql} BuildRequires: libmysqlclient-devel %endif -%if %with_sqlite +%if %{with sqlite} BuildRequires: sqlite3-devel %endif -%if %with_gcrypt +%if %{with gcrypt} BuildRequires: libgcrypt-devel %endif -%if %with_nm +%if %{with nm} BuildRequires: NetworkManager-devel %endif +%if %{with systemd} +BuildRequires: systemd-devel +%endif BuildRequires: iptables BuildRequires: libnl >= 1.1 @@ -131,30 +154,14 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan library and plugins. -%package charon -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security -Requires: iproute2 -Requires: strongswan-daemon-starter = %{version} -Requires: strongswan-libs0 = %{version} -Provides: strongswan-daemon = %{version} -Conflicts: openswan strongswan < %{version} - -%description charon -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux - -This package provides the charon daemon supporting IKEv1 & IKEv2. - %package ipsec Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security PreReq: grep %insserv_prereq %fillup_prereq -Requires: strongswan-daemon = %{version} Requires: strongswan-libs0 = %{version} Provides: VPN Provides: ipsec Provides: strongswan = %{version} -Provides: strongswan-daemon-starter = %{version} Obsoletes: strongswan < %{version} Conflicts: freeswan openswan @@ -162,10 +169,10 @@ Conflicts: freeswan openswan StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the /etc/init.d/ipsec service script and allows -to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and +to maintain both, IKEv1 and IKEv2, using the /etc/ipsec.conf and the /etc/ipsec.sectes files. -%if %with_mysql +%if %{with mysql} %package mysql Summary: OpenSource IPsec-based VPN Solution @@ -179,7 +186,7 @@ This package provides the strongswan mysql plugin. %endif -%if %with_sqlite +%if %{with sqlite} %package sqlite Summary: OpenSource IPsec-based VPN Solution @@ -193,14 +200,12 @@ This package provides the strongswan sqlite plugin. %endif -%if %with_nm +%if %{with nm} %package nm Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security -Requires: strongswan-ikev2 = %{version} Requires: strongswan-libs0 = %{version} -Provides: strongswan-daemon-starter = %{version} %description nm StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -211,7 +216,7 @@ NetworkManager-strongswan graphical user interface. %endif -%if %with_tests +%if %{with tests} %package tests @@ -230,6 +235,7 @@ and the load testing plugin for IKEv2 daemon. %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 +%patch2 -p0 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -276,6 +282,16 @@ export RPM_OPT_FLAGS CFLAGS --enable-eap-radius \ --enable-xauth-eap \ --enable-xauth-pam \ + --enable-tnc-pdp \ + --enable-tnc-imc \ + --enable-tnc-imv \ + --enable-tnccs-11 \ + --enable-tnccs-20 \ + --enable-tnccs-dynamic \ + --enable-imc-test \ + --enable-imv-test \ + --enable-imc-scanner \ + --enable-imv-scanner \ --enable-ha \ --enable-dhcp \ --enable-farp \ @@ -289,19 +305,19 @@ export RPM_OPT_FLAGS CFLAGS --enable-certexpire \ --enable-duplicheck \ --enable-coupling \ -%if %with_mysql +%if %{with mysql} --enable-mysql \ %endif -%if %with_sqlite +%if %{with sqlite} --enable-sqlite \ %endif -%if %with_gcrypt +%if %{with gcrypt} --enable-gcrypt \ %endif -%if %with_nm +%if %{with nm} --enable-nm \ %endif -%if %with_tests +%if %{with tests} --enable-load-tester \ --enable-test-vectors \ %endif @@ -314,9 +330,11 @@ make %{?_smp_mflags:%_smp_mflags} export RPM_BUILD_ROOT install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/ install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ +%if ! %{with systemd} install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec +%endif # make install DESTDIR="$RPM_BUILD_ROOT" # @@ -331,16 +349,16 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets EOT # rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f # install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -#install -m644 TODO NEWS README COPYING CREDITS \ -# ${RPM_SOURCE_DIR}/README.SUSE \ -# ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -c -m644 TODO NEWS README COPYING LICENSE \ + AUTHORS ChangeLog \ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \ - ${RPM_BUILD_ROOT}%{strongswan_docdir}/ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ install -d -m755 $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan %post libs0 @@ -352,10 +370,14 @@ test -d %{_localstatedir}/run/strongswan || \ %{run_ldconfig} %post ipsec +%if ! %{with systemd} %{fillup_and_insserv ipsec} +%endif %preun ipsec +%if ! %{with systemd} %{stop_on_removal ipsec} +%endif if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \ %{_sysconfdir}/ipsec.secrets.rpmsave.old @@ -366,7 +388,9 @@ if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then fi %postun ipsec +%if ! %{with systemd} %{insserv_cleanup} +%endif %files %defattr(-,root,root) @@ -386,8 +410,12 @@ fi %dir %{_sysconfdir}/ipsec.d/cacerts %dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private +%if %{with systemd} +/lib/systemd/system/strongswan.service +%else %config %{_sysconfdir}/init.d/ipsec %{_sbindir}/rcipsec +%endif %{_sbindir}/ipsec %{_mandir}/man8/ipsec.8* %{_mandir}/man5/ipsec.conf.5* @@ -405,38 +433,21 @@ fi %{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/starter %{_libexecdir}/ipsec/stroke +%{_libexecdir}/ipsec/charon %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-stroke.so %{strongswan_plugins}/libstrongswan-updown.so -%files charon -%defattr(-,root,root) -%dir %{_libexecdir}/ipsec -%{_libexecdir}/ipsec/charon - %files doc %defattr(-,root,root) %dir %{strongswan_docdir} -#%{strongswan_docdir}/TODO -#%{strongswan_docdir}/NEWS -#%{strongswan_docdir}/README -#%{strongswan_docdir}/COPYING -#%{strongswan_docdir}/CREDITS -#%{_mandir}/man3/anyaddr.3* -#%{_mandir}/man3/atoaddr.3* -#%{_mandir}/man3/atoasr.3* -#%{_mandir}/man3/atoul.3* -#%{_mandir}/man3/goodmask.3* -#%{_mandir}/man3/initaddr.3* -#%{_mandir}/man3/initsubnet.3* -#%{_mandir}/man3/portof.3* -#%{_mandir}/man3/rangetosubnet.3* -#%{_mandir}/man3/sameaddr.3* -#%{_mandir}/man3/subnetof.3* -#%{_mandir}/man3/ttoaddr.3* -#%{_mandir}/man3/ttodata.3* -#%{_mandir}/man3/ttosa.3* -#%{_mandir}/man3/ttoul.3* +%{strongswan_docdir}/TODO +%{strongswan_docdir}/NEWS +%{strongswan_docdir}/README +%{strongswan_docdir}/COPYING +%{strongswan_docdir}/LICENSE +%{strongswan_docdir}/AUTHORS +%{strongswan_docdir}/ChangeLog %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* @@ -446,7 +457,6 @@ fi %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %dir %{_libexecdir}/ipsec -#%dir %{_libexecdir}/ipsec/pool %dir %{strongswan_libdir} %{strongswan_libdir}/libchecksum.so %{strongswan_libdir}/libcharon.so.* @@ -456,6 +466,12 @@ fi %{strongswan_libdir}/libstrongswan.so.* %{strongswan_libdir}/libtls.so.* %{strongswan_libdir}/libtnccs.so.* +%{strongswan_libdir}/libimcv.so.* +%dir %{strongswan_libdir}/imcvs +%{strongswan_libdir}/imcvs/imc-scanner.so +%{strongswan_libdir}/imcvs/imc-test.so +%{strongswan_libdir}/imcvs/imv-scanner.so +%{strongswan_libdir}/imcvs/imv-test.so %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-addrblock.so %{strongswan_plugins}/libstrongswan-aes.so @@ -496,7 +512,7 @@ fi %{strongswan_plugins}/libstrongswan-farp.so %{strongswan_plugins}/libstrongswan-fips-prf.so %{strongswan_plugins}/libstrongswan-gcm.so -%if %with_gcrypt +%if %{with gcrypt} %{strongswan_plugins}/libstrongswan-gcrypt.so %endif %{strongswan_plugins}/libstrongswan-gmp.so @@ -525,7 +541,13 @@ fi %{strongswan_plugins}/libstrongswan-socket-default.so %{strongswan_plugins}/libstrongswan-soup.so %{strongswan_plugins}/libstrongswan-sql.so +%{strongswan_plugins}/libstrongswan-tnc-imc.so +%{strongswan_plugins}/libstrongswan-tnc-imv.so +%{strongswan_plugins}/libstrongswan-tnc-pdp.so %{strongswan_plugins}/libstrongswan-tnc-tnccs.so +%{strongswan_plugins}/libstrongswan-tnccs-11.so +%{strongswan_plugins}/libstrongswan-tnccs-20.so +%{strongswan_plugins}/libstrongswan-tnccs-dynamic.so %{strongswan_plugins}/libstrongswan-unity.so %{strongswan_plugins}/libstrongswan-x509.so %{strongswan_plugins}/libstrongswan-xauth-eap.so @@ -534,7 +556,7 @@ fi %{strongswan_plugins}/libstrongswan-xcbc.so %dir %ghost %{_localstatedir}/run/strongswan -%if %with_nm +%if %{with nm} %files nm %defattr(-,root,root) @@ -543,7 +565,7 @@ fi %{_libexecdir}/ipsec/charon-nm %endif -%if %with_mysql +%if %{with mysql} %files mysql %defattr(-,root,root) @@ -551,7 +573,7 @@ fi %{strongswan_plugins}/libstrongswan-mysql.so %endif -%if %with_sqlite +%if %{with sqlite} %files sqlite %defattr(-,root,root) @@ -559,7 +581,7 @@ fi %{strongswan_plugins}/libstrongswan-sqlite.so %endif -%if %with_tests +%if %{with tests} %files tests %defattr(-,root,root) diff --git a/strongswan_ipsec_service.patch b/strongswan_ipsec_service.patch new file mode 100644 index 0000000..ab8b13b --- /dev/null +++ b/strongswan_ipsec_service.patch @@ -0,0 +1,7 @@ +--- init/systemd/strongswan.service.in ++++ init/systemd/strongswan.service.in 2012/10/31 15:21:11 +@@ -8,3 +8,4 @@ StandardOutput=syslog + + [Install] + WantedBy=multi-user.target ++Alias=ipsec.service From 3f181ce1a74faf40e8560fe6b3af2dabe7c338e63f48867a4bb247c984576e77 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 31 Oct 2012 16:13:18 +0000 Subject: [PATCH 3/3] - Adopted spec file, enabled several plugins, e.g.: ccm, certexpire, coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc, eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=52 --- strongswan.changes | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/strongswan.changes b/strongswan.changes index 4b524e5..c4ffdac 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -29,7 +29,9 @@ Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de For full list of the changes, please read the NEWS file shipped in the strongswan-doc package or online: http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 -- Adopted spec file, enabled several plugins. +- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire, + coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc, + eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam. - Changed to install strongswan.service with alias to ipsec.service instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.