jengelh/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

Accepting request 1077378 from network:vpn

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1077378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=89
This commit is contained in:
Dominique Leuenberger 2023-04-07 16:16:14 +00:00 committed by Git OBS Bridge
commit 657b2da015
2 changed files with 37 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
strongswan.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Apr 5 01:34:28 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
- Allow to use stroke aka ipsec interface by default instead of
vici aka swanctl interface which is current upstream's default.
strongswan.service which enables swanctl interface is masked to
stop interfering with the ipsec interface (bsc#1184144)
- Removes deprecated SysV support
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de> Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

74
strongswan.spec
View File

@ -56,11 +56,6 @@ Release: 0
%bcond_with gcrypt %bcond_with gcrypt
%bcond_with nm %bcond_with nm
%endif %endif
%if 0%{suse_version} > 1220
%bcond_without systemd
%else
%bcond_with systemd
%endif
Summary: IPsec-based VPN solution Summary: IPsec-based VPN solution
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
@ -105,17 +100,11 @@ BuildRequires: libgcrypt-devel
%if %{with nm} %if %{with nm}
BuildRequires: pkgconfig(libnm) BuildRequires: pkgconfig(libnm)
%endif %endif
%if %{with systemd}
%{?systemd_requires} %{?systemd_requires}
BuildRequires: pkgconfig(libsystemd)
%endif
BuildRequires: iptables BuildRequires: iptables
%if %{with systemd} BuildRequires: pkgconfig(libsystemd)
%{!?_rundir: %global _rundir /run} %{!?_rundir: %global _rundir /run}
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d} %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d}
%else
%{!?_rundir: %global _rundir /var/run}
%endif
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
%if %{with fipscheck} %if %{with fipscheck}
@ -282,10 +271,8 @@ autoreconf --force --install
--with-plugindir=%{strongswan_plugins} \ --with-plugindir=%{strongswan_plugins} \
--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
--with-piddir=%{_rundir}/%{name} \ --with-piddir=%{_rundir}/%{name} \
%if %{with systemd}
--enable-systemd \ --enable-systemd \
--with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemunitdir=%{_unitdir} \
%endif
--enable-pkcs11 \ --enable-pkcs11 \
--enable-openssl \ --enable-openssl \
--enable-agent \ --enable-agent \
@ -374,13 +361,9 @@ autoreconf --force --install
%install %install
install -d -m755 %{buildroot}/%{_sbindir}/ install -d -m755 %{buildroot}/%{_sbindir}/
install -d -m755 %{buildroot}/%{_sysconfdir}/ipsec.d/ install -d -m755 %{buildroot}/%{_sysconfdir}/ipsec.d/
%if %{with systemd}
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan
%else ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan-starter
install -d -m755 %{buildroot}/%{_sysconfdir}/init.d/ ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcipsec
install -m755 strongswan.init %{buildroot}/%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec %{buildroot}/%{_sbindir}/rcipsec
%endif
# #
# Ensure, plugin -> library dependencies can be resolved # Ensure, plugin -> library dependencies can be resolved
# (e.g. libtls) to avoid plugin segment checksum errors. # (e.g. libtls) to avoid plugin segment checksum errors.
@ -438,10 +421,8 @@ install -c -m644 TODO NEWS README COPYING LICENSE \
%{buildroot}/%{strongswan_docdir}/ %{buildroot}/%{strongswan_docdir}/
install -c -m644 %{_sourcedir}/README.SUSE \ install -c -m644 %{_sourcedir}/README.SUSE \
%{buildroot}/%{strongswan_docdir}/ %{buildroot}/%{strongswan_docdir}/
%if %{with systemd}
install -d -m 0755 %{buildroot}%{_tmpfilesdir} install -d -m 0755 %{buildroot}%{_tmpfilesdir}
echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf
%endif
%if %{with fipscheck} %if %{with fipscheck}
# #
# note: keep the following, _fipscheck's and file lists in sync # note: keep the following, _fipscheck's and file lists in sync
@ -479,22 +460,34 @@ sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon
%postun libs0 -p /sbin/ldconfig %postun libs0 -p /sbin/ldconfig
%if %{with systemd}
%pre ipsec %pre ipsec
%service_add_pre %{name}.service %service_add_pre %{name}-starter.service
%endif
%if %{with systemd}
%post ipsec %post ipsec
%service_add_post %{name}.service # Following code does the migration from strongwan.service (ver < 5.8.0) to
%endif # strongswan-starter.service (ver >= 5.8.0) during update. The systemd service
# units have been renamed. The modern unit, which was called strongswan-swanctl,
# is now called strongswan (the previous name is configured as alias in the unit,
# for which a symlink is created when the unit is enabled). The legacy unit is now
# called strongswan-starter.
_ipsec_active=`/usr/bin/systemctl is-active %{name}-starter.service 2>/dev/null` || :
_swanctl_active=`/usr/bin/systemctl is-active %{name}.service 2>/dev/null` || :
_ipsec_enable=`/usr/bin/systemctl is-enabled %{name}-starter.service 2>/dev/null` || :
_swanctl_enable=`/usr/bin/systemctl is-enabled %{name}.service 2>/dev/null` || :
if [[ "$_swanctl_enable" == "enabled" || "$_swanctl_active" == "active" ]]; then
/usr/bin/systemctl disable --now %{name}.service || :
/usr/bin/systemctl mask %{name}.service || :
fi
if [[ "$_swanctl_enable" == "enabled" || "$_ipsec_enable" == "enabled" ]]; then
/usr/bin/systemctl daemon-reload
/usr/bin/systemctl enable %{name}-starter.service || :
fi
if [[ "$_swanctl_active" == "active" || "$_ipsec_active" == "active" ]]; then
/usr/bin/systemctl start %{name}-starter.service || :
fi
%preun ipsec %preun ipsec
%if %{with systemd} %service_del_preun %{name}-starter.service
%service_del_preun %{name}.service
%else
%{stop_on_removal ipsec}
%endif
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \ cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \
%{_sysconfdir}/ipsec.secrets.rpmsave.old %{_sysconfdir}/ipsec.secrets.rpmsave.old
@ -504,10 +497,8 @@ if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then
%{_sysconfdir}/ipsec.conf.rpmsave.old %{_sysconfdir}/ipsec.conf.rpmsave.old
fi fi
%if %{with systemd}
%postun ipsec %postun ipsec
%service_del_postun %{name}.service %service_del_postun %{name}-starter.service
%endif
%files %files
%dir %{strongswan_docdir} %dir %{strongswan_docdir}
@ -545,15 +536,12 @@ fi
%dir %{_sysconfdir}/ipsec.d/cacerts %dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%if %{with systemd}
%{_unitdir}/strongswan-starter.service %{_unitdir}/strongswan-starter.service
%{_unitdir}/strongswan.service %{_unitdir}/strongswan.service
%{_sbindir}/rcstrongswan %{_sbindir}/rcstrongswan
%{_sbindir}/rcstrongswan-starter
%{_sbindir}/charon-systemd %{_sbindir}/charon-systemd
%else
%config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec %{_sbindir}/rcipsec
%endif
%{_bindir}/pki %{_bindir}/pki
%{_bindir}/pt-tls-client %{_bindir}/pt-tls-client
%{_bindir}/tpm_extendpcr %{_bindir}/tpm_extendpcr
@ -596,16 +584,12 @@ fi
%{_mandir}/man8/swanctl.8.* %{_mandir}/man8/swanctl.8.*
%files libs0 %files libs0
%if %{with systemd}
%{_tmpfilesdir}/%{name}.conf %{_tmpfilesdir}/%{name}.conf
%endif
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{strongswan_configs} %dir %{strongswan_configs}
%dir %{strongswan_configs}/charon %dir %{strongswan_configs}/charon
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf
%if %{with systemd}
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf
%endif
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
@ -935,9 +919,7 @@ fi
%{strongswan_templates}/config/plugins/curve25519.conf %{strongswan_templates}/config/plugins/curve25519.conf
%{strongswan_templates}/config/plugins/vici.conf %{strongswan_templates}/config/plugins/vici.conf
%{strongswan_templates}/config/plugins/bypass-lan.conf %{strongswan_templates}/config/plugins/bypass-lan.conf
%if %{with systemd}
%{strongswan_templates}/config/strongswan.d/charon-systemd.conf %{strongswan_templates}/config/strongswan.d/charon-systemd.conf
%endif
%{strongswan_templates}/config/strongswan.d/charon-logging.conf %{strongswan_templates}/config/strongswan.d/charon-logging.conf
%{strongswan_templates}/config/strongswan.d/charon.conf %{strongswan_templates}/config/strongswan.d/charon.conf
%{strongswan_templates}/config/strongswan.d/imcv.conf %{strongswan_templates}/config/strongswan.d/imcv.conf