diff --git a/strongswan.changes b/strongswan.changes index cd88415..cf9211a 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de + +- Update summaries and descriptions. Trim filler words and + author list. +- Drop %if..%endif guards that are idempotent and do not affect + the build result. +- Replace old $RPM_ shell variables. + ------------------------------------------------------------------- Tue Sep 5 17:10:11 CEST 2017 - ndas@suse.de diff --git a/strongswan.spec b/strongswan.spec index 7f8d63a..97ad8df 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -61,7 +61,7 @@ Release: 0 %else %bcond_with systemd %endif -Summary: OpenSource IPsec-based VPN Solution +Summary: IPsec-based VPN solution License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.strongswan.org/ @@ -127,17 +127,16 @@ BuildRequires: fipscheck BuildRequires: libtool %description -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an IPsec-based VPN solution for Linux. -* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels -* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols +* Implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols * Fully tested support of IPv6 IPsec tunnel and transport connections -* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555) +* Dynamic IP address and interface update with IKEv2 MOBIKE (RFC 4555) * Automatic insertion and deletion of IPsec-policy-based firewall rules * Strong 128/192/256 bit AES or Camellia encryption, 3DES support -* NAT-Traversal via UDP encapsulation and port floating (RFC 3947) +* NAT Traversal via UDP encapsulation and port floating (RFC 3947) * Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels -* Static virtual IPs and IKEv1 ModeConfig pull and push modes +* Static virtual IP addresses and IKEv1 ModeConfig pull and push modes * XAUTH server and client functionality on top of IKEv1 Main Mode authentication * Virtual IP address pool managed by IKE daemon or SQL database * Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.) @@ -154,46 +153,32 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux * Modular plugins for crypto algorithms and relational database interfaces * Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869) * Optional built-in integrity and crypto tests for plugins and libraries -* Smooth Linux desktop integration via the strongSwan NetworkManager applet +* Linux desktop integration via the strongSwan NetworkManager applet This package triggers the installation of both, IKEv1 and IKEv2 daemons. -Authors: --------- - Andreas Steffen - and others - %package doc BuildArch: noarch -Summary: OpenSource IPsec-based VPN Solution -Group: Productivity/Networking/Security +Summary: Documentation for strongSwan +Group: Documentation/Man %description doc -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an IPsec-based VPN solution for Linux. This package provides the StrongSwan documentation. - - -Authors: --------- - Andreas Steffen - and others - %package libs0 -Summary: OpenSource IPsec-based VPN Solution +Summary: strongSwan core libraries and basic plugins Group: Productivity/Networking/Security Conflicts: strongswan < %{version} %description libs0 -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an IPsec-based VPN solution for Linux. This package provides the strongswan library and plugins. -%if %{with fipscheck} - %package hmac -Summary: HMAC files for FIPS-140-2 integrity +Summary: HMAC files for FIPS-140-2 integrity in strongSwan Group: Productivity/Networking/Security Requires: fipscheck Requires: strongswan-ipsec = %{version} @@ -206,10 +191,8 @@ _fipscheck helper script preforming the integrity checks before e.g. "ipsec start" action is executed, when FIPS-140-2 compliant operation mode is enabled. -%endif - %package ipsec -Summary: OpenSource IPsec-based VPN Solution +Summary: IPsec-based VPN solution Group: Productivity/Networking/Security PreReq: grep %insserv_prereq %fillup_prereq Requires: strongswan-libs0 = %{version} @@ -220,72 +203,55 @@ Obsoletes: strongswan < %{version} Conflicts: freeswan openswan %description ipsec -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an IPsec-based VPN solution for Linux. This package provides the /etc/init.d/ipsec service script and allows -to maintain both, IKEv1 and IKEv2, using the /etc/ipsec.conf and the +to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the /etc/ipsec.sectes files. -%if %{with mysql} - %package mysql -Summary: OpenSource IPsec-based VPN Solution +Summary: MySQL plugin for strongSwan Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description mysql -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an IPsec-based VPN solution for Linux. This package provides the strongswan mysql plugin. -%endif - -%if %{with sqlite} - %package sqlite -Summary: OpenSource IPsec-based VPN Solution +Summary: SQLite plugin for strongSwan Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description sqlite -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an OpenSource IPsec-based VPN solution for Linux. This package provides the strongswan sqlite plugin. -%endif - -%if %{with nm} - %package nm -Summary: OpenSource IPsec-based VPN Solution +Summary: NetworkManager plugin for strongSwan Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description nm -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an OpenSource IPsec-based VPN solution for Linux. This package provides the NetworkManager plugin to control the charon IKEv2 daemon through D-Bus, designed to work using the NetworkManager-strongswan graphical user interface. -%endif - -%if %{with tests} - %package tests - -Summary: OpenSource IPsec-based VPN Solution +Summary: Testing plugins for strongSwan Group: Productivity/Networking/Security Requires: strongswan-libs0 = %{version} %description tests -StrongSwan is an OpenSource IPsec-based VPN Solution for Linux +StrongSwan is an OpenSource IPsec-based VPN solution for Linux. -This package provides the strongswan crypto test-vectors plugin +This package provides the strongswan crypto test vectors plugin and the load testing plugin for IKEv2 daemon. -%endif - %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 @@ -297,20 +263,20 @@ and the load testing plugin for IKEv2 daemon. %patch5 -p1 %patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ - < $RPM_SOURCE_DIR/strongswan.init.in \ + < %{_sourcedir}/strongswan.init.in \ > strongswan.init %if %{with fipscheck} sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \ -e 's|@IPSEC_LIBDIR@|%{_libdir}/ipsec|g' \ -e 's|@IPSEC_SBINDIR@|%{_sbindir}|g' \ -e 's|@IPSEC_BINDIR@|%{_bindir}|g' \ - < $RPM_SOURCE_DIR/fipscheck.sh.in \ + < %{_sourcedir}/fipscheck.sh.in \ > _fipscheck %endif %build -CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" -export RPM_OPT_FLAGS CFLAGS +CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" +export CFLAGS autoreconf --force --install %configure \ %if %{with integrity} @@ -405,25 +371,24 @@ autoreconf --force --install --enable-soup \ --enable-curl \ --disable-static -make %{?_smp_mflags:%_smp_mflags} +make %{?_smp_mflags} %install -export RPM_BUILD_ROOT -install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/ -install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/ +install -d -m755 %{buildroot}/%{_sbindir}/ +install -d -m755 %{buildroot}/%{_sysconfdir}/ipsec.d/ %if %{with systemd} -ln -sf %_sbindir/service ${RPM_BUILD_ROOT}%_sbindir/rcstrongswan +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan %else -install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ -install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec -ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec +install -d -m755 %{buildroot}/%{_sysconfdir}/init.d/ +install -m755 strongswan.init %{buildroot}/%{_sysconfdir}/init.d/ipsec +ln -s %{_sysconfdir}/init.d/ipsec %{buildroot}/%{_sbindir}/rcipsec %endif # # Ensure, plugin -> library dependencies can be resolved # (e.g. libtls) to avoid plugin segment checksum errors. # -LD_LIBRARY_PATH="$RPM_BUILD_ROOT-$$%{strongswan_libdir}" \ -make install DESTDIR="$RPM_BUILD_ROOT" +LD_LIBRARY_PATH="%{buildroot}-$$/%{strongswan_libdir}" \ +%make_install # # checksums are calculated during make install using the # installed binaries/libraries... but find-debuginfo.sh @@ -434,23 +399,23 @@ make install DESTDIR="$RPM_BUILD_ROOT" %if %{with integrity} %{?__debug_package: if test -x %{_rpmconfigdir}/find-debuginfo.sh ; then - cp -a "${RPM_BUILD_ROOT}" "${RPM_BUILD_ROOT}-$$" - RPM_BUILD_ROOT="$RPM_BUILD_ROOT-$$" \ + cp -a "%{buildroot}" "%{buildroot}-$$" + RPM_BUILD_ROOT="%{buildroot}-$$" \ %{_rpmconfigdir}/find-debuginfo.sh \ - %{?_find_debuginfo_opts} "${RPM_BUILD_ROOT}-$$" + %{?_find_debuginfo_opts} "%{buildroot}-$$" make -C src/checksum clean rm -f src/checksum/checksum_builder - LD_LIBRARY_PATH="$RPM_BUILD_ROOT-$$%{strongswan_libdir}" \ - make -C src/checksum install DESTDIR="$RPM_BUILD_ROOT-$$" - mv "$RPM_BUILD_ROOT-$$%{strongswan_libdir}/libchecksum.so" \ - "$RPM_BUILD_ROOT%{strongswan_libdir}/libchecksum.so" - rm -rf "${RPM_BUILD_ROOT}-$$" + LD_LIBRARY_PATH="%{buildroot}-$$/%{strongswan_libdir}" \ + make -C src/checksum install DESTDIR="%{buildroot}-$$" + mv "%{buildroot}-$$/%{strongswan_libdir}/libchecksum.so" \ + "%{buildroot}/%{strongswan_libdir}/libchecksum.so" + rm -rf "%{buildroot}-$$" fi } %endif # -rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets -cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets +rm -f %{buildroot}/%{_sysconfdir}/ipsec.secrets +cat << EOT > %{buildroot}/%{_sysconfdir}/ipsec.secrets # # ipsec.secrets # @@ -460,21 +425,21 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets EOT # %if ! %{with mysql} -rm -f $RPM_BUILD_ROOT%{strongswan_templates}/database/sql/mysql.sql +rm -f %{buildroot}/%{strongswan_templates}/database/sql/mysql.sql %endif %if ! %{with sqlite} -rm -f $RPM_BUILD_ROOT%{strongswan_templates}/database/sql/sqlite.sql +rm -f %{buildroot}/%{strongswan_templates}/database/sql/sqlite.sql %endif -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so -find $RPM_BUILD_ROOT%{strongswan_libdir} -type f -name "*.la" -delete +rm -f %{buildroot}/%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so +rm -f %{buildroot}/%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so +find %{buildroot}/%{strongswan_libdir} -type f -name "*.la" -delete # -install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -d -m755 %{buildroot}/%{strongswan_docdir}/ install -c -m644 TODO NEWS README COPYING LICENSE \ AUTHORS ChangeLog \ - ${RPM_BUILD_ROOT}%{strongswan_docdir}/ -install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \ - ${RPM_BUILD_ROOT}%{strongswan_docdir}/ + %{buildroot}/%{strongswan_docdir}/ +install -c -m644 %{_sourcedir}/README.SUSE \ + %{buildroot}/%{strongswan_docdir}/ %if %{with systemd} %{__install} -d -m 0755 %{buildroot}%{_tmpfilesdir} echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf @@ -483,24 +448,24 @@ echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name} # # note: keep the following, _fipscheck's and file lists in sync # -install -c -m750 _fipscheck ${RPM_BUILD_ROOT}%{_libexecdir}/ipsec/ -install -c -m644 ${RPM_SOURCE_DIR}/fips-enforce.conf \ - ${RPM_BUILD_ROOT}%{strongswan_configs}/charon/zzz_fips-enforce.conf +install -c -m750 _fipscheck %{buildroot}/%{_libexecdir}/ipsec/ +install -c -m644 %{_sourcedir}/fips-enforce.conf \ + %{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf # create fips hmac hashes _after_ install post run %{expand:%%global __os_install_post {%__os_install_post - for f in $RPM_BUILD_ROOT%{strongswan_libdir}/lib*.so.*.*.* \ - $RPM_BUILD_ROOT%{strongswan_libdir}/imcvs/*.so \ - $RPM_BUILD_ROOT%{strongswan_plugins}/*.so \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/charon \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/charon-nm \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/stroke \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/starter \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pool \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/scepclient \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/imv_policy_manager \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_fipscheck \ - $RPM_BUILD_ROOT%{_bindir}/pt-tls-client \ - $RPM_BUILD_ROOT%{_sbindir}/ipsec \ + for f in %{buildroot}/%{strongswan_libdir}/lib*.so.*.*.* \ + %{buildroot}/%{strongswan_libdir}/imcvs/*.so \ + %{buildroot}/%{strongswan_plugins}/*.so \ + %{buildroot}/%{_libexecdir}/ipsec/charon \ + %{buildroot}/%{_libexecdir}/ipsec/charon-nm \ + %{buildroot}/%{_libexecdir}/ipsec/stroke \ + %{buildroot}/%{_libexecdir}/ipsec/starter \ + %{buildroot}/%{_libexecdir}/ipsec/pool \ + %{buildroot}/%{_libexecdir}/ipsec/scepclient \ + %{buildroot}/%{_libexecdir}/ipsec/imv_policy_manager \ + %{buildroot}/%{_libexecdir}/ipsec/_fipscheck \ + %{buildroot}/%{_bindir}/pt-tls-client \ + %{buildroot}/%{_sbindir}/ipsec \ ; do /usr/bin/fipshmac "$f"