jengelh/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity
2645720915
strongswan/strongswan.spec
Marius Tomaschewski 2645720915 - Updated to strongSwan 4.6.4 release: 
- Fixed a security vulnerability in the gmp plugin. If this
    plugin was used for RSA signature verification an empty or
    zeroed signature was handled as a legitimate one
    (bnc#761325, CVE-2012-2388).
  - Fixed several issues with reauthentication and address updates.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=46
2012-05-31 16:11:42 +00:00

550 lines
17 KiB
RPMSpec
Raw Blame History

#
# spec file for package strongswan
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: strongswan
Version: 4.6.4
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
%define strongswan_libdir %{_libdir}/ipsec
%define strongswan_plugins %{strongswan_libdir}/plugins
%define with_mysql 1
%define with_sqlite 0%{suse_version} >= 1110
%define with_gcrypt 0%{suse_version} >= 1110
%define with_nm 0%{suse_version} >= 1110
%define with_tests 0
Summary: OpenSource IPsec-based VPN Solution
License: GPL-2.0+
Group: Productivity/Networking/Security
Url: http://www.strongswan.org/
Requires: strongswan-ikev1 = %{version}
Requires: strongswan-ikev2 = %{version}
Requires: strongswan-ipsec = %{version}
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Source4: README.SUSE
Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}-%{version}-fmt-warnings.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison
BuildRequires: curl-devel
BuildRequires: flex
BuildRequires: gmp-devel
BuildRequires: gperf
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%if %with_mysql
BuildRequires: libmysqlclient-devel
%endif
%if %with_sqlite
BuildRequires: sqlite3-devel
%endif
%if %with_gcrypt
BuildRequires: libgcrypt-devel
%endif
%if %with_nm
BuildRequires: NetworkManager-devel
%endif
BuildRequires: iptables
BuildRequires: libnl >= 1.1
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
Authors:
--------
Andreas Steffen
and others
%package doc
BuildArch: noarch
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
%description doc
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the StrongSwan documentation.
Authors:
--------
Andreas Steffen
and others
%package libs0
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Conflicts: strongswan < %{version}
%description libs0
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan library and plugins.
%package ikev1
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: iproute2
Requires: strongswan-ipsec = %{version}
Requires: strongswan-libs0 = %{version}
Provides: ikev1
Provides: pluto
Provides: strongswan-daemon = %{version}
Conflicts: freeswan openswan strongswan < %{version}
%description ikev1
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the pluto IKEv1 daemon.
%package ikev2
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: iproute2
Requires: strongswan-daemon-starter = %{version}
Requires: strongswan-libs0 = %{version}
Provides: ikev2
Provides: strongswan-daemon = %{version}
Conflicts: openswan strongswan < %{version}
%description ikev2
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the charon IKEv2 daemon.
%package ipsec
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
PreReq: grep %insserv_prereq %fillup_prereq
Requires: strongswan-daemon = %{version}
Requires: strongswan-libs0 = %{version}
Provides: VPN
Provides: ipsec
Provides: strongswan = %{version}
Provides: strongswan-daemon-starter = %{version}
Obsoletes: strongswan < %{version}
Conflicts: freeswan openswan
%description ipsec
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the /etc/init.d/ipsec service script and allows
to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and
/etc/ipsec.sectes files.
%if %with_mysql
%package mysql
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description mysql
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan mysql plugin.
%endif
%if %with_sqlite
%package sqlite
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description sqlite
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan sqlite plugin.
%endif
%if %with_nm
%package nm
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-ikev2 = %{version}
Requires: strongswan-libs0 = %{version}
Provides: strongswan-daemon-starter = %{version}
%description nm
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the NetworkManager plugin to control the
charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
%endif
%if %with_tests
%package tests
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description tests
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan crypto test-vectors plugin
and the load testing plugin for IKEv2 daemon.
%endif
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
%build
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing"
export RPM_OPT_FLAGS CFLAGS
#libtoolize --force
#autoreconf
%configure \
--enable-integrity-test \
--with-capabilities=libcap \
--with-plugindir=%{strongswan_plugins} \
--with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \
--enable-smartcard \
--with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
--enable-cisco-quirks \
--enable-openssl \
--enable-agent \
--enable-md4 \
--enable-blowfish \
--enable-eap-sim \
--enable-eap-sim-file \
--enable-eap-simaka-sql \
--enable-eap-simaka-pseudonym \
--enable-eap-simaka-reauth \
--enable-eap-md5 \
--enable-eap-gtc \
--enable-eap-aka \
--enable-eap-radius \
--enable-eap-identity \
--enable-eap-mschapv2 \
--enable-eap-aka-3gpp2 \
--enable-ha \
--enable-dhcp \
--enable-farp \
--enable-sql \
--enable-attr-sql \
--enable-addrblock \
%if %with_mysql
--enable-mysql \
%endif
%if %with_sqlite
--enable-sqlite \
%endif
%if %with_gcrypt
--enable-gcrypt \
%endif
%if %with_nm
--enable-nm \
%endif
%if %with_tests
--enable-load-tester \
--enable-test-vectors \
%endif
--enable-ldap \
--enable-curl
make %{?_smp_mflags:%_smp_mflags}
%install
export RPM_BUILD_ROOT
install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
#
make install DESTDIR="$RPM_BUILD_ROOT"
#
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
# This file holds the RSA private keys or the PSK preshared secrets for
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
#
EOT
#
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,radius,strongswan,simaka}.so
find $RPM_BUILD_ROOT%{strongswan_libdir} \
-name "*.a" -o -name "*.la" | xargs -r rm -f
#
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m644 TODO NEWS README COPYING CREDITS \
${RPM_SOURCE_DIR}/README.SUSE \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan
%post libs0
%{run_ldconfig}
test -d %{_localstatedir}/run/strongswan || \
%{__mkdir_p} %{_localstatedir}/run/strongswan
%postun libs0
%{run_ldconfig}
%post ipsec
%{fillup_and_insserv ipsec}
%preun ipsec
%{stop_on_removal ipsec}
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old
fi
if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old
fi
%postun ipsec
%{insserv_cleanup}
%files
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/README.SUSE
%files ipsec
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
%dir %{_sysconfdir}/ipsec.d/certs
%dir %{_sysconfdir}/ipsec.d/acerts
%dir %{_sysconfdir}/ipsec.d/aacerts
%dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec
%{_sbindir}/ipsec
%{_mandir}/man8/ipsec.8*
%{_mandir}/man5/ipsec.conf.5*
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man5/strongswan.conf.5*
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/_updown
%{_libexecdir}/ipsec/_updown_espmark
%{_libexecdir}/ipsec/_copyright
%{_libexecdir}/ipsec/pki
%{_libexecdir}/ipsec/openac
%{_libexecdir}/ipsec/scepclient
%{_libexecdir}/ipsec/starter
%{_libexecdir}/ipsec/stroke
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-stroke.so
%{strongswan_plugins}/libstrongswan-updown.so
%files ikev1
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/whack
%{_libexecdir}/ipsec/pluto
%{_libexecdir}/ipsec/_pluto_adns
%files ikev2
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/charon
%files doc
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/TODO
%{strongswan_docdir}/NEWS
%{strongswan_docdir}/README
%{strongswan_docdir}/COPYING
%{strongswan_docdir}/CREDITS
%{_mandir}/man3/anyaddr.3*
%{_mandir}/man3/atoaddr.3*
%{_mandir}/man3/atoasr.3*
%{_mandir}/man3/atoul.3*
%{_mandir}/man3/goodmask.3*
%{_mandir}/man3/initaddr.3*
%{_mandir}/man3/initsubnet.3*
%{_mandir}/man3/portof.3*
%{_mandir}/man3/rangetosubnet.3*
%{_mandir}/man3/sameaddr.3*
%{_mandir}/man3/subnetof.3*
%{_mandir}/man3/ttoaddr.3*
%{_mandir}/man3/ttodata.3*
%{_mandir}/man3/ttosa.3*
%{_mandir}/man3/ttoul.3*
%{_mandir}/man8/_updown.8*
%{_mandir}/man8/_updown_espmark.8*
%{_mandir}/man8/openac.8*
%{_mandir}/man8/pluto.8*
%{_mandir}/man8/scepclient.8*
%files libs0
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{_libexecdir}/ipsec
%dir %{_libexecdir}/ipsec/pool
%dir %{strongswan_libdir}
%{strongswan_libdir}/libchecksum.so
%{strongswan_libdir}/libhydra.so.0
%{strongswan_libdir}/libhydra.so.0.0.0
%{strongswan_libdir}/libcharon.so.0
%{strongswan_libdir}/libcharon.so.0.0.0
%{strongswan_libdir}/libradius.so.0
%{strongswan_libdir}/libradius.so.0.0.0
%{strongswan_libdir}/libsimaka.so.0
%{strongswan_libdir}/libsimaka.so.0.0.0
%{strongswan_libdir}/libstrongswan.so.0
%{strongswan_libdir}/libstrongswan.so.0.0.0
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-addrblock.so
%{strongswan_plugins}/libstrongswan-aes.so
%{strongswan_plugins}/libstrongswan-agent.so
%{strongswan_plugins}/libstrongswan-attr.so
%{strongswan_plugins}/libstrongswan-attr-sql.so
%{strongswan_plugins}/libstrongswan-blowfish.so
%{strongswan_plugins}/libstrongswan-cmac.so
%{strongswan_plugins}/libstrongswan-constraints.so
%{strongswan_plugins}/libstrongswan-curl.so
%{strongswan_plugins}/libstrongswan-des.so
%{strongswan_plugins}/libstrongswan-dhcp.so
%{strongswan_plugins}/libstrongswan-dnskey.so
%{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so
%{strongswan_plugins}/libstrongswan-eap-aka.so
%{strongswan_plugins}/libstrongswan-eap-gtc.so
%{strongswan_plugins}/libstrongswan-eap-identity.so
%{strongswan_plugins}/libstrongswan-eap-md5.so
%{strongswan_plugins}/libstrongswan-eap-mschapv2.so
%{strongswan_plugins}/libstrongswan-eap-radius.so
%{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so
%{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so
%{strongswan_plugins}/libstrongswan-eap-simaka-sql.so
%{strongswan_plugins}/libstrongswan-eap-sim-file.so
%{strongswan_plugins}/libstrongswan-eap-sim.so
%{strongswan_plugins}/libstrongswan-farp.so
%{strongswan_plugins}/libstrongswan-fips-prf.so
%if %with_gcrypt
%{strongswan_plugins}/libstrongswan-gcrypt.so
%endif
%{strongswan_plugins}/libstrongswan-gmp.so
%{strongswan_plugins}/libstrongswan-ha.so
%{strongswan_plugins}/libstrongswan-hmac.so
%{strongswan_plugins}/libstrongswan-kernel-netlink.so
%{strongswan_plugins}/libstrongswan-ldap.so
%{strongswan_plugins}/libstrongswan-md4.so
%{strongswan_plugins}/libstrongswan-md5.so
%{strongswan_plugins}/libstrongswan-openssl.so
%{strongswan_plugins}/libstrongswan-pem.so
%{strongswan_plugins}/libstrongswan-pgp.so
%{strongswan_plugins}/libstrongswan-pkcs1.so
%{strongswan_plugins}/libstrongswan-pkcs8.so
%{strongswan_plugins}/libstrongswan-pubkey.so
%{strongswan_plugins}/libstrongswan-random.so
%{strongswan_plugins}/libstrongswan-resolve.so
%{strongswan_plugins}/libstrongswan-revocation.so
%{strongswan_plugins}/libstrongswan-sha1.so
%{strongswan_plugins}/libstrongswan-sha2.so
%{strongswan_plugins}/libstrongswan-socket*.so
%{strongswan_plugins}/libstrongswan-sql.so
%{strongswan_plugins}/libstrongswan-x509.so
%{strongswan_plugins}/libstrongswan-xauth.so
%{strongswan_plugins}/libstrongswan-xcbc.so
%dir %ghost %{_localstatedir}/run/strongswan
%if %with_nm
%files nm
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-nm.so
%endif
%if %with_mysql
%files mysql
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-mysql.so
%endif
%if %with_sqlite
%files sqlite
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-sqlite.so
%endif
%if %with_tests
%files tests
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-load-tester.so
%{strongswan_plugins}/libstrongswan-test-vectors.so
%endif
%changelog
View Git Blame Copy Permalink