Marius Tomaschewski
2fa10a3109
- Fixed a security vulnerability in the openssl plugin which was reported by Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA signature verification was used, due to a misinterpretation of the error code returned by the OpenSSL ECDSA_verify() function, an empty or zeroed signature was accepted as a legitimate one. Refer to our blog for details. - The handling of a couple of other non-security relevant OpenSSL return codes was fixed as well. - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its TCG TNC IF-MAP 2.1 interface. - The charon.initiator_only strongswan.conf option causes charon to ignore IKE initiation requests. - The openssl plugin can now use the openssl-fips library. The version 5.0.3 provides new ipseckey plugin, enabling authentication based on trustworthy public keys stored as IPSECKEY resource records in the DNS and protected by DNSSEC and new openssl plugin using the AES-NI accelerated version of AES-GCM if the hardware supports it. See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 for a list of all changes since the 5.0.1 release. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=58
601 lines
18 KiB
RPMSpec
601 lines
18 KiB
RPMSpec
#
|
|
# spec file for package strongswan
|
|
#
|
|
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: strongswan
|
|
Version: 5.0.4
|
|
Release: 0
|
|
%define upstream_version %{version}
|
|
%define strongswan_docdir %{_docdir}/%{name}
|
|
%define strongswan_libdir %{_libdir}/ipsec
|
|
%define strongswan_plugins %{strongswan_libdir}/plugins
|
|
%if 0
|
|
%bcond_without tests
|
|
%else
|
|
%bcond_with tests
|
|
%endif
|
|
%if 0%{suse_version} > 1110
|
|
%bcond_without mysql
|
|
%else
|
|
%bcond_with mysql
|
|
%endif
|
|
%if 0%{suse_version} > 1110
|
|
%bcond_without sqlite
|
|
%bcond_without gcrypt
|
|
%bcond_without nm
|
|
%else
|
|
%bcond_with sqlite
|
|
%bcond_with gcrypt
|
|
%bcond_with nm
|
|
%endif
|
|
%if 0%{suse_version} > 1220
|
|
%bcond_without systemd
|
|
%else
|
|
%bcond_with systemd
|
|
%endif
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
License: GPL-2.0+
|
|
Group: Productivity/Networking/Security
|
|
Url: http://www.strongswan.org/
|
|
Requires: strongswan-ipsec = %{version}
|
|
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
|
|
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
|
|
Source2: %{name}.init.in
|
|
Source3: %{name}-%{version}-rpmlintrc
|
|
Source4: README.SUSE
|
|
Source5: %{name}.keyring
|
|
Patch1: %{name}_modprobe_syslog.patch
|
|
Patch2: %{name}_ipsec_service.patch
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildRequires: bison
|
|
BuildRequires: curl-devel
|
|
BuildRequires: flex
|
|
BuildRequires: gmp-devel
|
|
BuildRequires: gperf
|
|
BuildRequires: gpg-offline
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libopenssl-devel
|
|
BuildRequires: libsoup-devel
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: pam-devel
|
|
BuildRequires: pcsc-lite-devel
|
|
BuildRequires: pkg-config
|
|
%if %{with mysql}
|
|
BuildRequires: libmysqlclient-devel
|
|
%endif
|
|
%if %{with sqlite}
|
|
BuildRequires: sqlite3-devel
|
|
%endif
|
|
%if %{with gcrypt}
|
|
BuildRequires: libgcrypt-devel
|
|
%endif
|
|
%if %{with nm}
|
|
BuildRequires: NetworkManager-devel
|
|
%endif
|
|
%if %{with systemd}
|
|
BuildRequires: systemd-devel
|
|
%endif
|
|
BuildRequires: iptables
|
|
BuildRequires: libnl >= 1.1
|
|
|
|
%description
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
|
|
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
|
|
* Fully tested support of IPv6 IPsec tunnel and transport connections
|
|
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
|
|
* Automatic insertion and deletion of IPsec-policy-based firewall rules
|
|
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
|
|
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
|
|
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
|
|
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
|
|
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
|
|
* Virtual IP address pool managed by IKE daemon or SQL database
|
|
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
|
|
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
|
|
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
|
|
* Authentication based on X.509 certificates or preshared keys
|
|
* Generation of a default self-signed certificate during first strongSwan startup
|
|
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
|
|
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
|
|
* CA management (OCSP and CRL URIs, default LDAP server)
|
|
* Powerful IPsec policies based on wildcards or intermediate CAs
|
|
* Group policies based on X.509 attribute certificates (RFC 3281)
|
|
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
|
|
* Modular plugins for crypto algorithms and relational database interfaces
|
|
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
|
|
* Optional built-in integrity and crypto tests for plugins and libraries
|
|
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
|
|
|
|
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
|
|
|
|
Authors:
|
|
--------
|
|
Andreas Steffen
|
|
and others
|
|
|
|
%package doc
|
|
BuildArch: noarch
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
|
|
%description doc
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the StrongSwan documentation.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Andreas Steffen
|
|
and others
|
|
|
|
%package libs0
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
Conflicts: strongswan < %{version}
|
|
|
|
%description libs0
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the strongswan library and plugins.
|
|
|
|
%package ipsec
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
PreReq: grep %insserv_prereq %fillup_prereq
|
|
Requires: strongswan-libs0 = %{version}
|
|
Provides: VPN
|
|
Provides: ipsec
|
|
Provides: strongswan = %{version}
|
|
Obsoletes: strongswan < %{version}
|
|
Conflicts: freeswan openswan
|
|
|
|
%description ipsec
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the /etc/init.d/ipsec service script and allows
|
|
to maintain both, IKEv1 and IKEv2, using the /etc/ipsec.conf and the
|
|
/etc/ipsec.sectes files.
|
|
|
|
%if %{with mysql}
|
|
|
|
%package mysql
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
Requires: strongswan-libs0 = %{version}
|
|
|
|
%description mysql
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the strongswan mysql plugin.
|
|
|
|
%endif
|
|
|
|
%if %{with sqlite}
|
|
|
|
%package sqlite
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
Requires: strongswan-libs0 = %{version}
|
|
|
|
%description sqlite
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the strongswan sqlite plugin.
|
|
|
|
%endif
|
|
|
|
%if %{with nm}
|
|
|
|
%package nm
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
Requires: strongswan-libs0 = %{version}
|
|
|
|
%description nm
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the NetworkManager plugin to control the
|
|
charon IKEv2 daemon through D-Bus, designed to work using the
|
|
NetworkManager-strongswan graphical user interface.
|
|
|
|
%endif
|
|
|
|
%if %{with tests}
|
|
|
|
%package tests
|
|
|
|
Summary: OpenSource IPsec-based VPN Solution
|
|
Group: Productivity/Networking/Security
|
|
Requires: strongswan-libs0 = %{version}
|
|
|
|
%description tests
|
|
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
|
|
|
|
This package provides the strongswan crypto test-vectors plugin
|
|
and the load testing plugin for IKEv2 daemon.
|
|
|
|
%endif
|
|
|
|
%prep
|
|
%gpg_verify %{S:1}
|
|
%setup -q -n %{name}-%{upstream_version}
|
|
%patch1 -p0
|
|
%patch2 -p0
|
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
|
< $RPM_SOURCE_DIR/strongswan.init.in \
|
|
> strongswan.init
|
|
|
|
%build
|
|
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing"
|
|
export RPM_OPT_FLAGS CFLAGS
|
|
#libtoolize --force
|
|
#autoreconf
|
|
%configure \
|
|
--enable-conftest \
|
|
--enable-integrity-test \
|
|
--with-capabilities=libcap \
|
|
--with-plugindir=%{strongswan_plugins} \
|
|
--with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \
|
|
--enable-pkcs11 \
|
|
--enable-openssl \
|
|
--enable-agent \
|
|
--enable-gcrypt \
|
|
--enable-blowfish \
|
|
--enable-ctr \
|
|
--enable-ccm \
|
|
--enable-gcm \
|
|
--enable-unity \
|
|
--enable-md4 \
|
|
--enable-af-alg \
|
|
--enable-eap-sim \
|
|
--enable-eap-sim-file \
|
|
--enable-eap-sim-pcsc \
|
|
--enable-eap-aka \
|
|
--enable-eap-aka-3gpp2 \
|
|
--enable-eap-simaka-sql \
|
|
--enable-eap-simaka-pseudonym \
|
|
--enable-eap-simaka-reauth \
|
|
--enable-eap-identity \
|
|
--enable-eap-md5 \
|
|
--enable-eap-gtc \
|
|
--enable-eap-mschapv2 \
|
|
--enable-eap-tls \
|
|
--enable-eap-ttls \
|
|
--enable-eap-peap \
|
|
--enable-eap-tnc \
|
|
--enable-eap-dynamic \
|
|
--enable-eap-radius \
|
|
--enable-xauth-eap \
|
|
--enable-xauth-pam \
|
|
--enable-tnc-pdp \
|
|
--enable-tnc-imc \
|
|
--enable-tnc-imv \
|
|
--enable-tnccs-11 \
|
|
--enable-tnccs-20 \
|
|
--enable-tnccs-dynamic \
|
|
--enable-imc-test \
|
|
--enable-imv-test \
|
|
--enable-imc-scanner \
|
|
--enable-imv-scanner \
|
|
--enable-ha \
|
|
--enable-dhcp \
|
|
--enable-farp \
|
|
--enable-smp \
|
|
--enable-sql \
|
|
--enable-attr-sql \
|
|
--enable-addrblock \
|
|
--enable-radattr \
|
|
--enable-mediation \
|
|
--enable-led \
|
|
--enable-certexpire \
|
|
--enable-duplicheck \
|
|
--enable-coupling \
|
|
%if %{with mysql}
|
|
--enable-mysql \
|
|
%endif
|
|
%if %{with sqlite}
|
|
--enable-sqlite \
|
|
%endif
|
|
%if %{with gcrypt}
|
|
--enable-gcrypt \
|
|
%endif
|
|
%if %{with nm}
|
|
--enable-nm \
|
|
%else
|
|
--disable-nm \
|
|
%endif
|
|
%if %{with tests}
|
|
--enable-load-tester \
|
|
--enable-test-vectors \
|
|
%endif
|
|
--enable-ldap \
|
|
--enable-soup \
|
|
--enable-curl
|
|
make %{?_smp_mflags:%_smp_mflags}
|
|
|
|
%install
|
|
export RPM_BUILD_ROOT
|
|
install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/
|
|
install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
|
|
%if ! %{with systemd}
|
|
install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
|
|
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
|
|
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
|
|
%endif
|
|
#
|
|
make install DESTDIR="$RPM_BUILD_ROOT"
|
|
#
|
|
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
|
|
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
|
|
#
|
|
# ipsec.secrets
|
|
#
|
|
# This file holds the RSA private keys or the PSK preshared secrets for
|
|
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
|
|
#
|
|
EOT
|
|
#
|
|
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so
|
|
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so
|
|
find $RPM_BUILD_ROOT%{strongswan_libdir} \
|
|
-name "*.a" -o -name "*.la" | xargs -r rm -f
|
|
#
|
|
install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/
|
|
install -c -m644 TODO NEWS README COPYING LICENSE \
|
|
AUTHORS ChangeLog \
|
|
${RPM_BUILD_ROOT}%{strongswan_docdir}/
|
|
install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \
|
|
${RPM_BUILD_ROOT}%{strongswan_docdir}/
|
|
install -d -m755 $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan
|
|
|
|
%post libs0
|
|
%{run_ldconfig}
|
|
test -d %{_localstatedir}/run/strongswan || \
|
|
%{__mkdir_p} %{_localstatedir}/run/strongswan
|
|
|
|
%postun libs0
|
|
%{run_ldconfig}
|
|
|
|
%post ipsec
|
|
%if ! %{with systemd}
|
|
%{fillup_and_insserv ipsec}
|
|
%endif
|
|
|
|
%preun ipsec
|
|
%if ! %{with systemd}
|
|
%{stop_on_removal ipsec}
|
|
%endif
|
|
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave ; then
|
|
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave \
|
|
%{_sysconfdir}/ipsec.secrets.rpmsave.old
|
|
fi
|
|
if test -s %{_sysconfdir}/ipsec.conf.rpmsave ; then
|
|
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave \
|
|
%{_sysconfdir}/ipsec.conf.rpmsave.old
|
|
fi
|
|
|
|
%postun ipsec
|
|
%if ! %{with systemd}
|
|
%{insserv_cleanup}
|
|
%endif
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_docdir}
|
|
%{strongswan_docdir}/README.SUSE
|
|
|
|
%files ipsec
|
|
%defattr(-,root,root)
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
|
|
%dir %{_sysconfdir}/ipsec.d
|
|
%dir %{_sysconfdir}/ipsec.d/crls
|
|
%dir %{_sysconfdir}/ipsec.d/reqs
|
|
%dir %{_sysconfdir}/ipsec.d/certs
|
|
%dir %{_sysconfdir}/ipsec.d/acerts
|
|
%dir %{_sysconfdir}/ipsec.d/aacerts
|
|
%dir %{_sysconfdir}/ipsec.d/cacerts
|
|
%dir %{_sysconfdir}/ipsec.d/ocspcerts
|
|
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
|
|
%if %{with systemd}
|
|
%{_unitdir}/strongswan.service
|
|
%else
|
|
%config %{_sysconfdir}/init.d/ipsec
|
|
%{_sbindir}/rcipsec
|
|
%endif
|
|
%{_sbindir}/ipsec
|
|
%{_mandir}/man8/ipsec.8*
|
|
%{_mandir}/man5/ipsec.conf.5*
|
|
%{_mandir}/man5/ipsec.secrets.5*
|
|
%{_mandir}/man5/strongswan.conf.5*
|
|
%dir %{_libexecdir}/ipsec
|
|
%{_libexecdir}/ipsec/_copyright
|
|
%{_libexecdir}/ipsec/_updown
|
|
%{_libexecdir}/ipsec/_updown_espmark
|
|
%{_libexecdir}/ipsec/conftest
|
|
%{_libexecdir}/ipsec/duplicheck
|
|
%{_libexecdir}/ipsec/openac
|
|
%{_libexecdir}/ipsec/pki
|
|
%{_libexecdir}/ipsec/pool
|
|
%{_libexecdir}/ipsec/scepclient
|
|
%{_libexecdir}/ipsec/starter
|
|
%{_libexecdir}/ipsec/stroke
|
|
%{_libexecdir}/ipsec/charon
|
|
%dir %{strongswan_plugins}
|
|
%{strongswan_plugins}/libstrongswan-stroke.so
|
|
%{strongswan_plugins}/libstrongswan-updown.so
|
|
|
|
%files doc
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_docdir}
|
|
%{strongswan_docdir}/TODO
|
|
%{strongswan_docdir}/NEWS
|
|
%{strongswan_docdir}/README
|
|
%{strongswan_docdir}/COPYING
|
|
%{strongswan_docdir}/LICENSE
|
|
%{strongswan_docdir}/AUTHORS
|
|
%{strongswan_docdir}/ChangeLog
|
|
%{_mandir}/man8/_updown.8*
|
|
%{_mandir}/man8/_updown_espmark.8*
|
|
%{_mandir}/man8/openac.8*
|
|
%{_mandir}/man8/scepclient.8*
|
|
|
|
%files libs0
|
|
%defattr(-,root,root)
|
|
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
|
|
%dir %{_libexecdir}/ipsec
|
|
%dir %{strongswan_libdir}
|
|
%{strongswan_libdir}/libchecksum.so
|
|
%{strongswan_libdir}/libcharon.so.*
|
|
%{strongswan_libdir}/libhydra.so.*
|
|
%{strongswan_libdir}/libpttls.so.*
|
|
%{strongswan_libdir}/libradius.so.*
|
|
%{strongswan_libdir}/libsimaka.so.*
|
|
%{strongswan_libdir}/libstrongswan.so.*
|
|
%{strongswan_libdir}/libtls.so.*
|
|
%{strongswan_libdir}/libtnccs.so.*
|
|
%{strongswan_libdir}/libimcv.so.*
|
|
%dir %{strongswan_libdir}/imcvs
|
|
%{strongswan_libdir}/imcvs/imc-scanner.so
|
|
%{strongswan_libdir}/imcvs/imc-test.so
|
|
%{strongswan_libdir}/imcvs/imv-scanner.so
|
|
%{strongswan_libdir}/imcvs/imv-test.so
|
|
%dir %{strongswan_plugins}
|
|
%{strongswan_plugins}/libstrongswan-addrblock.so
|
|
%{strongswan_plugins}/libstrongswan-aes.so
|
|
%{strongswan_plugins}/libstrongswan-af-alg.so
|
|
%{strongswan_plugins}/libstrongswan-agent.so
|
|
%{strongswan_plugins}/libstrongswan-attr.so
|
|
%{strongswan_plugins}/libstrongswan-attr-sql.so
|
|
%{strongswan_plugins}/libstrongswan-blowfish.so
|
|
%{strongswan_plugins}/libstrongswan-ccm.so
|
|
%{strongswan_plugins}/libstrongswan-certexpire.so
|
|
%{strongswan_plugins}/libstrongswan-cmac.so
|
|
%{strongswan_plugins}/libstrongswan-constraints.so
|
|
%{strongswan_plugins}/libstrongswan-coupling.so
|
|
%{strongswan_plugins}/libstrongswan-ctr.so
|
|
%{strongswan_plugins}/libstrongswan-curl.so
|
|
%{strongswan_plugins}/libstrongswan-des.so
|
|
%{strongswan_plugins}/libstrongswan-dhcp.so
|
|
%{strongswan_plugins}/libstrongswan-dnskey.so
|
|
%{strongswan_plugins}/libstrongswan-duplicheck.so
|
|
%{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so
|
|
%{strongswan_plugins}/libstrongswan-eap-aka.so
|
|
%{strongswan_plugins}/libstrongswan-eap-dynamic.so
|
|
%{strongswan_plugins}/libstrongswan-eap-gtc.so
|
|
%{strongswan_plugins}/libstrongswan-eap-identity.so
|
|
%{strongswan_plugins}/libstrongswan-eap-md5.so
|
|
%{strongswan_plugins}/libstrongswan-eap-mschapv2.so
|
|
%{strongswan_plugins}/libstrongswan-eap-peap.so
|
|
%{strongswan_plugins}/libstrongswan-eap-radius.so
|
|
%{strongswan_plugins}/libstrongswan-eap-sim-file.so
|
|
%{strongswan_plugins}/libstrongswan-eap-sim-pcsc.so
|
|
%{strongswan_plugins}/libstrongswan-eap-sim.so
|
|
%{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so
|
|
%{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so
|
|
%{strongswan_plugins}/libstrongswan-eap-simaka-sql.so
|
|
%{strongswan_plugins}/libstrongswan-eap-tls.so
|
|
%{strongswan_plugins}/libstrongswan-eap-tnc.so
|
|
%{strongswan_plugins}/libstrongswan-eap-ttls.so
|
|
%{strongswan_plugins}/libstrongswan-farp.so
|
|
%{strongswan_plugins}/libstrongswan-fips-prf.so
|
|
%{strongswan_plugins}/libstrongswan-gcm.so
|
|
%if %{with gcrypt}
|
|
%{strongswan_plugins}/libstrongswan-gcrypt.so
|
|
%endif
|
|
%{strongswan_plugins}/libstrongswan-gmp.so
|
|
%{strongswan_plugins}/libstrongswan-ha.so
|
|
%{strongswan_plugins}/libstrongswan-hmac.so
|
|
%{strongswan_plugins}/libstrongswan-kernel-netlink.so
|
|
%{strongswan_plugins}/libstrongswan-ldap.so
|
|
%{strongswan_plugins}/libstrongswan-led.so
|
|
%{strongswan_plugins}/libstrongswan-md4.so
|
|
%{strongswan_plugins}/libstrongswan-md5.so
|
|
%{strongswan_plugins}/libstrongswan-nonce.so
|
|
%{strongswan_plugins}/libstrongswan-openssl.so
|
|
%{strongswan_plugins}/libstrongswan-pem.so
|
|
%{strongswan_plugins}/libstrongswan-pgp.so
|
|
%{strongswan_plugins}/libstrongswan-pkcs1.so
|
|
%{strongswan_plugins}/libstrongswan-pkcs11.so
|
|
%{strongswan_plugins}/libstrongswan-pkcs7.so
|
|
%{strongswan_plugins}/libstrongswan-pkcs8.so
|
|
%{strongswan_plugins}/libstrongswan-pubkey.so
|
|
%{strongswan_plugins}/libstrongswan-radattr.so
|
|
%{strongswan_plugins}/libstrongswan-random.so
|
|
%{strongswan_plugins}/libstrongswan-resolve.so
|
|
%{strongswan_plugins}/libstrongswan-revocation.so
|
|
%{strongswan_plugins}/libstrongswan-sha1.so
|
|
%{strongswan_plugins}/libstrongswan-sha2.so
|
|
%{strongswan_plugins}/libstrongswan-smp.so
|
|
%{strongswan_plugins}/libstrongswan-socket-default.so
|
|
%{strongswan_plugins}/libstrongswan-soup.so
|
|
%{strongswan_plugins}/libstrongswan-sql.so
|
|
%{strongswan_plugins}/libstrongswan-tnc-imc.so
|
|
%{strongswan_plugins}/libstrongswan-tnc-imv.so
|
|
%{strongswan_plugins}/libstrongswan-tnc-pdp.so
|
|
%{strongswan_plugins}/libstrongswan-tnc-tnccs.so
|
|
%{strongswan_plugins}/libstrongswan-tnccs-11.so
|
|
%{strongswan_plugins}/libstrongswan-tnccs-20.so
|
|
%{strongswan_plugins}/libstrongswan-tnccs-dynamic.so
|
|
%{strongswan_plugins}/libstrongswan-unity.so
|
|
%{strongswan_plugins}/libstrongswan-x509.so
|
|
%{strongswan_plugins}/libstrongswan-xauth-eap.so
|
|
%{strongswan_plugins}/libstrongswan-xauth-generic.so
|
|
%{strongswan_plugins}/libstrongswan-xauth-pam.so
|
|
%{strongswan_plugins}/libstrongswan-xcbc.so
|
|
%dir %ghost %{_localstatedir}/run/strongswan
|
|
|
|
%if %{with nm}
|
|
|
|
%files nm
|
|
%defattr(-,root,root)
|
|
%dir %{_libexecdir}/ipsec
|
|
%dir %{strongswan_plugins}
|
|
%{_libexecdir}/ipsec/charon-nm
|
|
%endif
|
|
|
|
%if %{with mysql}
|
|
|
|
%files mysql
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_plugins}
|
|
%{strongswan_plugins}/libstrongswan-mysql.so
|
|
%endif
|
|
|
|
%if %{with sqlite}
|
|
|
|
%files sqlite
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_plugins}
|
|
%{strongswan_plugins}/libstrongswan-sqlite.so
|
|
%endif
|
|
|
|
%if %{with tests}
|
|
|
|
%files tests
|
|
%defattr(-,root,root)
|
|
%dir %{strongswan_plugins}
|
|
%{strongswan_plugins}/libstrongswan-load-tester.so
|
|
%{strongswan_plugins}/libstrongswan-test-vectors.so
|
|
%endif
|
|
|
|
%changelog
|