Accepting request 1077377 from home:msaquib:branches:network:vpn

- Allow to use stroke aka ipsec interface by default instead of vici aka swanctl interface which is current upstream's default. strongswan.service which enables swanctl interface is masked to stop interfering with the ipsec interface (bsc#1184144) - Removes deprecated SysV support OBS-URL: https://build.opensuse.org/request/show/1077377 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=147
2023-04-05 00:16:41 +00:00 · 2023-04-05 00:16:41 +00:00 · 8148349f08
commit 8148349f08
parent 9178e03a23
2 changed files with 37 additions and 46 deletions
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,12 @@
 -------------------------------------------------------------------
 Wed Apr  5 01:34:28 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
 - Allow to use stroke aka ipsec interface by default instead of
  vici aka swanctl interface which is current upstream's default.
  strongswan.service which enables swanctl interface is masked to
  stop interfering with the ipsec interface (bsc#1184144)
 - Removes deprecated SysV support 
 -------------------------------------------------------------------
 Thu Mar  2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
--- a/strongswan.spec
+++ b/strongswan.spec
@ -56,11 +56,6 @@ Release:        0
 %bcond_with     gcrypt
 %bcond_with     nm
 %endif
 %if 0%{suse_version} > 1220
 %bcond_without  systemd
 %else
 %bcond_with     systemd
 %endif
 Summary:        IPsec-based VPN solution
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
@ -105,17 +100,11 @@ BuildRequires:  libgcrypt-devel
 %if %{with nm}
 BuildRequires:  pkgconfig(libnm)
 %endif
 %if %{with systemd}
 %{?systemd_requires}
 BuildRequires:  pkgconfig(libsystemd)
 %endif
 BuildRequires:  iptables
-%if %{with systemd}
+BuildRequires:  pkgconfig(libsystemd)
 %{!?_rundir: %global _rundir /run}
 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d}
 %else
 %{!?_rundir: %global _rundir /var/run}
 %endif
 BuildRequires:  autoconf
 BuildRequires:  automake
 %if %{with fipscheck}
@ -282,10 +271,8 @@ autoreconf --force --install
 	--with-plugindir=%{strongswan_plugins} \
 	--with-resolv-conf=%{_rundir}/%{name}/resolv.conf \
 	--with-piddir=%{_rundir}/%{name} \
 %if %{with systemd}
 	--enable-systemd \
 	--with-systemdsystemunitdir=%{_unitdir} \
 %endif
 	--enable-pkcs11 \
 	--enable-openssl \
 	--enable-agent \
@ -374,13 +361,9 @@ autoreconf --force --install
 %install
 install -d -m755              %{buildroot}/%{_sbindir}/
 install -d -m755              %{buildroot}/%{_sysconfdir}/ipsec.d/
 %if %{with systemd}
 ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcstrongswan
-%else
+ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcstrongswan-starter
-install -d -m755              %{buildroot}/%{_sysconfdir}/init.d/
+ln -sf %{_sbindir}/service    %{buildroot}/%{_sbindir}/rcipsec
 install -m755 strongswan.init %{buildroot}/%{_sysconfdir}/init.d/ipsec
 ln -s %{_sysconfdir}/init.d/ipsec %{buildroot}/%{_sbindir}/rcipsec
 %endif
 #
 # Ensure, plugin -> library dependencies can be resolved
 # (e.g. libtls) to avoid plugin segment checksum errors.
@ -438,10 +421,8 @@ install -c -m644 TODO NEWS README COPYING LICENSE \
 		 %{buildroot}/%{strongswan_docdir}/
 install -c -m644 %{_sourcedir}/README.SUSE \
 		 %{buildroot}/%{strongswan_docdir}/
 %if %{with systemd}
 install -d -m 0755 %{buildroot}%{_tmpfilesdir}
 echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf
 %endif
 %if %{with fipscheck}
 #
 # note: keep the following, _fipscheck's and file lists in sync
@ -479,22 +460,34 @@ sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon
 %postun libs0 -p /sbin/ldconfig
 %if %{with systemd}
 %pre ipsec
-%service_add_pre %{name}.service
+%service_add_pre %{name}-starter.service
 %endif
 %if %{with systemd}
 %post ipsec
-%service_add_post %{name}.service
+# Following code does the migration from strongwan.service (ver < 5.8.0) to
-%endif
+# strongswan-starter.service (ver >= 5.8.0) during update. The systemd service
 # units have been renamed. The modern unit, which was called strongswan-swanctl,
 # is now called strongswan (the previous name is configured as alias in the unit,
 # for which a symlink is created when the unit is enabled). The legacy unit is now
 # called strongswan-starter.
 _ipsec_active=`/usr/bin/systemctl is-active %{name}-starter.service 2>/dev/null` || :
 _swanctl_active=`/usr/bin/systemctl is-active %{name}.service 2>/dev/null` || :
 _ipsec_enable=`/usr/bin/systemctl is-enabled %{name}-starter.service 2>/dev/null` || :
 _swanctl_enable=`/usr/bin/systemctl is-enabled %{name}.service 2>/dev/null` || :
 if [[ "$_swanctl_enable" == "enabled" || "$_swanctl_active" == "active" ]]; then
        /usr/bin/systemctl disable --now %{name}.service || :
        /usr/bin/systemctl mask %{name}.service || :
 fi
 if [[ "$_swanctl_enable" == "enabled" || "$_ipsec_enable" == "enabled" ]]; then
        /usr/bin/systemctl daemon-reload
        /usr/bin/systemctl enable %{name}-starter.service || :
 fi
 if [[ "$_swanctl_active" == "active" || "$_ipsec_active" == "active" ]]; then
        /usr/bin/systemctl start %{name}-starter.service || :
 fi
 %preun ipsec
-%if %{with systemd}
+%service_del_preun %{name}-starter.service
 %service_del_preun %{name}.service
 %else
 %{stop_on_removal ipsec}
 %endif
 if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then
 	cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \
 	                        %{_sysconfdir}/ipsec.secrets.rpmsave.old
@ -504,10 +497,8 @@ if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then
 	                        %{_sysconfdir}/ipsec.conf.rpmsave.old
 fi
 %if %{with systemd}
 %postun ipsec
-%service_del_postun %{name}.service
+%service_del_postun %{name}-starter.service
 %endif
 %files
 %dir %{strongswan_docdir}
@ -545,15 +536,12 @@ fi
 %dir %{_sysconfdir}/ipsec.d/cacerts
 %dir %{_sysconfdir}/ipsec.d/ocspcerts
 %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
 %if %{with systemd}
 %{_unitdir}/strongswan-starter.service
 %{_unitdir}/strongswan.service
 %{_sbindir}/rcstrongswan
 %{_sbindir}/rcstrongswan-starter
 %{_sbindir}/charon-systemd
 %else
 %config %{_sysconfdir}/init.d/ipsec
 %{_sbindir}/rcipsec
 %endif
 %{_bindir}/pki
 %{_bindir}/pt-tls-client
 %{_bindir}/tpm_extendpcr
@ -596,16 +584,12 @@ fi
 %{_mandir}/man8/swanctl.8.*
 %files libs0
 %if %{with systemd}
 %{_tmpfilesdir}/%{name}.conf
 %endif
 %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
 %dir %{strongswan_configs}
 %dir %{strongswan_configs}/charon
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf
 %if %{with systemd}
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-systemd.conf
 %endif
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf
 %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf
@ -935,9 +919,7 @@ fi
 %{strongswan_templates}/config/plugins/curve25519.conf
 %{strongswan_templates}/config/plugins/vici.conf
 %{strongswan_templates}/config/plugins/bypass-lan.conf
 %if %{with systemd}
 %{strongswan_templates}/config/strongswan.d/charon-systemd.conf
 %endif
 %{strongswan_templates}/config/strongswan.d/charon-logging.conf
 %{strongswan_templates}/config/strongswan.d/charon.conf
 %{strongswan_templates}/config/strongswan.d/imcv.conf