# # spec file for package strongswan (Version 4.3.4) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: strongswan %define upstream_version 4.3.4 %define strongswan_docdir %{_docdir}/%{name} Version: 4.3.4 Release: 3 License: GPL v2 or later Group: Productivity/Networking/Security Summary: StrongSwan -- OpenSource IPsec-based VPN Solution Url: http://www.strongswan.org/ PreReq: gmp grep %insserv_prereq %fillup_prereq Requires: iproute2 Provides: pluto klips ipsec VPN freeswan Obsoletes: freeswan Conflicts: openswan AutoReqProv: on Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}-4.3.4-load_secrets-lock-fix.diff Patch3: %{name}-4.3.4-load_secrets-dbgmsg-fix.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: libgcrypt-devel BuildRequires: openldap2-devel BuildRequires: curl-devel %description StrongSwan is an OpenSource IPsec-based VPN Solution for Linux * runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels * implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols * NEW: Fully tested support of IPv6 IPsec tunnel connections * Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555) * Fast connection startup and periodic update using ipsec starter * Automatic insertion and deletion of IPsec policy based firewall rules * Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption * NAT-Traversal via UDP encapsulation and port floating (RFC 3947) * Static Virtual IPs and IKE Mode Config Pull and Push modes * XAUTH server and client functionality on top of IKE Main Mode authentication * Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels * Authentication based on X.509 certificates or preshared keys * Generation of a default self-signed certificate during first strongSwan startup * Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP * Full support of the Online Certificate Status Protocol (OCSP, RCF 2560). * CA management (OCSP and CRL URIs, default LDAP server) * Powerful IPsec policies based on wildcards or intermediate CAs * Group policies based on X.509 attribute certificates ( RFC 3281) * Optional storage of RSA private keys and certificates on a smartcard * Smartcard access via standardized PKCS #11 interface * PKCS #11 proxy function offering RSA decryption services via whack * NEW: strongSwan Manager - a graphical management interface for IKEv2 Authors: -------- Andreas Steffen and others %package doc License: GPL v2 or later Summary: StrongSwan -- OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security %description doc StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the StrongSwan documentation. Authors: -------- Andreas Steffen and others %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p1 %patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init %build CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing" export RPM_OPT_FLAGS CFLAGS libtoolize --force %{?suse_update_config:%{suse_update_config -f}} autoreconf %configure \ --enable-integrity-test \ --with-capabilities=libcap \ --with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \ --enable-smartcard \ --with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \ --enable-cisco-quirks \ --enable-openssl \ --enable-gcrypt \ --enable-ldap \ --enable-curl make %{?_smp_mflags:%_smp_mflags} %install export RPM_BUILD_ROOT install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/ install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec # make install DESTDIR="$RPM_BUILD_ROOT" # rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets # # ipsec.secrets # # This file holds the RSA private keys or the PSK preshared secrets for # the IKE/IPsec authentication. See the ipsec.secrets(5) manual page. # EOT # rm -f $RPM_BUILD_ROOT%{_libdir}/libstrongswan.{so,a,la} find $RPM_BUILD_ROOT%{_libexecdir}/ipsec \ -name "*.a" -o -name "*.la" | xargs -r rm -f # install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/ install -m644 TODO NEWS README COPYING CREDITS \ ${RPM_BUILD_ROOT}%{strongswan_docdir}/ install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan %post %{run_ldconfig} %{fillup_and_insserv ipsec} %preun %{stop_on_removal ipsec} if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old fi if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old fi %postun %{run_ldconfig} %{insserv_cleanup} %files %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets %config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf %dir %{_sysconfdir}/ipsec.d %dir %{_sysconfdir}/ipsec.d/crls %dir %{_sysconfdir}/ipsec.d/reqs %dir %{_sysconfdir}/ipsec.d/certs %dir %{_sysconfdir}/ipsec.d/acerts %dir %{_sysconfdir}/ipsec.d/aacerts %dir %{_sysconfdir}/ipsec.d/cacerts %dir %{_sysconfdir}/ipsec.d/ocspcerts %dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private %config %{_sysconfdir}/init.d/ipsec %{_sbindir}/rcipsec %{_sbindir}/ipsec %{_libexecdir}/ipsec %{_libdir}/libstrongswan.* %{_mandir}/man5/ipsec.conf.5* %{_mandir}/man5/ipsec.secrets.5* %{_mandir}/man8/ipsec.8* %dir %{_localstatedir}/run/strongswan %files doc %defattr(-,root,root) %dir %{strongswan_docdir} %{strongswan_docdir}/TODO %{strongswan_docdir}/NEWS %{strongswan_docdir}/README %{strongswan_docdir}/COPYING %{strongswan_docdir}/CREDITS %{_mandir}/man3/anyaddr.3* %{_mandir}/man3/atoaddr.3* %{_mandir}/man3/atoasr.3* %{_mandir}/man3/atosa.3* %{_mandir}/man3/atoul.3* %{_mandir}/man3/goodmask.3* %{_mandir}/man3/initaddr.3* %{_mandir}/man3/initsubnet.3* %{_mandir}/man3/keyblobtoid.3* %{_mandir}/man3/portof.3* %{_mandir}/man3/prng.3* %{_mandir}/man3/rangetosubnet.3* %{_mandir}/man3/sameaddr.3* %{_mandir}/man3/subnetof.3* %{_mandir}/man3/ttoaddr.3* %{_mandir}/man3/ttodata.3* %{_mandir}/man3/ttosa.3* %{_mandir}/man3/ttoul.3* %{_mandir}/man8/_copyright.8* %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* %{_mandir}/man8/pluto.8* %{_mandir}/man8/scepclient.8* %{_mandir}/man8/starter.8* %changelog