forked from pool/strongswan
8de2037089
checked in (request 40896) OBS-URL: https://build.opensuse.org/request/show/40896 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=13
236 lines
8.0 KiB
RPMSpec
236 lines
8.0 KiB
RPMSpec
#
|
|
# spec file for package strongswan (Version 4.3.6)
|
|
#
|
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
|
|
Name: strongswan
|
|
%define upstream_version 4.3.6
|
|
%define strongswan_docdir %{_docdir}/%{name}
|
|
Version: 4.3.6
|
|
Release: 1
|
|
License: GPLv2+
|
|
Group: Productivity/Networking/Security
|
|
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
|
|
Url: http://www.strongswan.org/
|
|
PreReq: gmp grep %insserv_prereq %fillup_prereq
|
|
Requires: iproute2
|
|
Provides: pluto klips ipsec VPN freeswan
|
|
Obsoletes: freeswan
|
|
Conflicts: openswan
|
|
AutoReqProv: on
|
|
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
|
|
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
|
|
Source2: %{name}.init.in
|
|
Source3: %{name}-%{version}-rpmlintrc
|
|
Patch1: %{name}_modprobe_syslog.patch
|
|
Patch2: strongswan-4.3.6-time_t_ptr.diff
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildRequires: bison flex gmp-devel gperf pkg-config
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libopenssl-devel
|
|
BuildRequires: libgcrypt-devel
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: curl-devel
|
|
|
|
%description
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
|
|
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
|
|
* Fully tested support of IPv6 IPsec tunnel and transport connections
|
|
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
|
|
* Automatic insertion and deletion of IPsec-policy-based firewall rules
|
|
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
|
|
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
|
|
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
|
|
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
|
|
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
|
|
* Virtual IP address pool managed by IKE daemon or SQL database
|
|
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
|
|
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
|
|
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
|
|
* Authentication based on X.509 certificates or preshared keys
|
|
* Generation of a default self-signed certificate during first strongSwan startup
|
|
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
|
|
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
|
|
* CA management (OCSP and CRL URIs, default LDAP server)
|
|
* Powerful IPsec policies based on wildcards or intermediate CAs
|
|
* Group policies based on X.509 attribute certificates (RFC 3281)
|
|
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
|
|
* Modular plugins for crypto algorithms and relational database interfaces
|
|
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
|
|
* Optional built-in integrity and crypto tests for plugins and libraries
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Andreas Steffen
|
|
and others
|
|
|
|
%package doc
|
|
License: GPLv2+
|
|
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
|
|
%description doc
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the StrongSwan documentation.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Andreas Steffen
|
|
and others
|
|
|
|
%prep
|
|
%setup -q -n %{name}-%{upstream_version}
|
|
%patch1 -p0
|
|
%patch2 -p0
|
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
|
< $RPM_SOURCE_DIR/strongswan.init.in \
|
|
> strongswan.init
|
|
|
|
%build
|
|
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing"
|
|
export RPM_OPT_FLAGS CFLAGS
|
|
#libtoolize --force
|
|
%{?suse_update_config:%{suse_update_config -f}}
|
|
autoreconf
|
|
%configure \
|
|
--enable-integrity-test \
|
|
--with-capabilities=libcap \
|
|
--with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \
|
|
--enable-smartcard \
|
|
--with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
|
|
--enable-cisco-quirks \
|
|
--enable-openssl \
|
|
%if 0%{suse_version} >= 1110
|
|
--enable-gcrypt \
|
|
%endif
|
|
--enable-ldap \
|
|
--enable-curl
|
|
make %{?_smp_mflags:%_smp_mflags}
|
|
|
|
%install
|
|
export RPM_BUILD_ROOT
|
|
install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/
|
|
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
|
|
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
|
|
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
|
|
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
|
|
#
|
|
make install DESTDIR="$RPM_BUILD_ROOT"
|
|
#
|
|
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
|
|
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
|
|
#
|
|
# ipsec.secrets
|
|
#
|
|
# This file holds the RSA private keys or the PSK preshared secrets for
|
|
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
|
|
#
|
|
EOT
|
|
#
|
|
rm -f $RPM_BUILD_ROOT%{_libdir}/libstrongswan.{so,a,la}
|
|
find $RPM_BUILD_ROOT%{_libexecdir}/ipsec \
|
|
-name "*.a" -o -name "*.la" | xargs -r rm -f
|
|
#
|
|
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
|
|
install -m644 TODO NEWS README COPYING CREDITS \
|
|
${RPM_BUILD_ROOT}%{strongswan_docdir}/
|
|
install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan
|
|
|
|
%post
|
|
%{run_ldconfig}
|
|
%{fillup_and_insserv ipsec}
|
|
|
|
%preun
|
|
%{stop_on_removal ipsec}
|
|
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then
|
|
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old
|
|
fi
|
|
if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then
|
|
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old
|
|
fi
|
|
|
|
%postun
|
|
%{run_ldconfig}
|
|
%{insserv_cleanup}
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
|
|
%dir %{_sysconfdir}/ipsec.d
|
|
%dir %{_sysconfdir}/ipsec.d/crls
|
|
%dir %{_sysconfdir}/ipsec.d/reqs
|
|
%dir %{_sysconfdir}/ipsec.d/certs
|
|
%dir %{_sysconfdir}/ipsec.d/acerts
|
|
%dir %{_sysconfdir}/ipsec.d/aacerts
|
|
%dir %{_sysconfdir}/ipsec.d/cacerts
|
|
%dir %{_sysconfdir}/ipsec.d/ocspcerts
|
|
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
|
|
%config %{_sysconfdir}/init.d/ipsec
|
|
%{_sbindir}/rcipsec
|
|
%{_sbindir}/ipsec
|
|
%{_libexecdir}/ipsec
|
|
%{_libdir}/libstrongswan.*
|
|
%{_mandir}/man5/ipsec.conf.5*
|
|
%{_mandir}/man5/ipsec.secrets.5*
|
|
%{_mandir}/man8/ipsec.8*
|
|
%dir %{_localstatedir}/run/strongswan
|
|
|
|
%files doc
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_docdir}
|
|
%{strongswan_docdir}/TODO
|
|
%{strongswan_docdir}/NEWS
|
|
%{strongswan_docdir}/README
|
|
%{strongswan_docdir}/COPYING
|
|
%{strongswan_docdir}/CREDITS
|
|
%{_mandir}/man3/anyaddr.3*
|
|
%{_mandir}/man3/atoaddr.3*
|
|
%{_mandir}/man3/atoasr.3*
|
|
%{_mandir}/man3/atosa.3*
|
|
%{_mandir}/man3/atoul.3*
|
|
%{_mandir}/man3/goodmask.3*
|
|
%{_mandir}/man3/initaddr.3*
|
|
%{_mandir}/man3/initsubnet.3*
|
|
%{_mandir}/man3/keyblobtoid.3*
|
|
%{_mandir}/man3/portof.3*
|
|
%{_mandir}/man3/prng.3*
|
|
%{_mandir}/man3/rangetosubnet.3*
|
|
%{_mandir}/man3/sameaddr.3*
|
|
%{_mandir}/man3/subnetof.3*
|
|
%{_mandir}/man3/ttoaddr.3*
|
|
%{_mandir}/man3/ttodata.3*
|
|
%{_mandir}/man3/ttosa.3*
|
|
%{_mandir}/man3/ttoul.3*
|
|
%{_mandir}/man8/_copyright.8*
|
|
%{_mandir}/man8/_updown.8*
|
|
%{_mandir}/man8/_updown_espmark.8*
|
|
%{_mandir}/man8/openac.8*
|
|
%{_mandir}/man8/pluto.8*
|
|
%{_mandir}/man8/scepclient.8*
|
|
%{_mandir}/man8/starter.8*
|
|
|
|
%changelog
|