pool/strongswan
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cf29eb7ccf
strongswan/strongswan.spec
Marius Tomaschewski cf29eb7ccf - Updated to strongSwan 4.6.3 release: 
- The tnc-pdp plugin implements a RADIUS server interface allowing
    a strongSwan TNC server to act as a Policy Decision Point.
  - The eap-radius authentication backend enforces Session-Timeout
    attributes using RFC4478 repeated authentication and acts upon
    RADIUS Dynamic Authorization extensions, RFC 5176. Currently
    supported are disconnect requests and CoA messages containing
    a Session-Timeout.
  - The eap-radius plugin can forward arbitrary RADIUS attributes
    from and to clients using custom IKEv2 notify payloads. The new
    radattr plugin reads attributes to include from files and prints
    received attributes to the console.
  - Added support for untruncated MD5 and SHA1 HMACs in ESP as used
    in RFC 4595.
  - The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128
    algorithms as defined in RFC 4494 and RFC 4615, respectively.
  - The resolve plugin automatically installs nameservers via
    resolvconf(8), if it is installed, instead of modifying
    /etc/resolv.conf directly.
  - The IKEv2 charon daemon supports now raw RSA public keys in RFC
    3110 DNSKEY and PKCS#1 file format.
  - The farp plugin sends ARP responses for any tunneled address,
    not only virtual IPs.
  - Charon resolves hosts again during additional keying tries.
  - Fixed switching back to original address pair during MOBIKE.
  - When resending IKE_SA_INIT with a COOKIE charon reuses the previous
    DH value, as specified in RFC 5996.
    This has an effect on the lifecycle of diffie_hellman_t, see
    source:src/libcharon/sa/keymat.h#39 for details.
  - COOKIEs are now kept enabled a bit longer to avoid certain race

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=44
2012-05-10 10:02:51 +00:00

550 lines
17 KiB
RPMSpec
Raw Blame History

#
# spec file for package strongswan
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: strongswan
Version: 4.6.3
Release: 0
%define upstream_version %{version}
%define strongswan_docdir %{_docdir}/%{name}
%define strongswan_libdir %{_libdir}/ipsec
%define strongswan_plugins %{strongswan_libdir}/plugins
%define with_mysql 1
%define with_sqlite 0%{suse_version} >= 1110
%define with_gcrypt 0%{suse_version} >= 1110
%define with_nm 0%{suse_version} >= 1110
%define with_tests 0
Summary: OpenSource IPsec-based VPN Solution
License: GPL-2.0+
Group: Productivity/Networking/Security
Url: http://www.strongswan.org/
Requires: strongswan-ikev1 = %{version}
Requires: strongswan-ikev2 = %{version}
Requires: strongswan-ipsec = %{version}
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Source4: README.SUSE
Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}-%{version}-fmt-warnings.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison
BuildRequires: curl-devel
BuildRequires: flex
BuildRequires: gmp-devel
BuildRequires: gperf
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%if %with_mysql
BuildRequires: libmysqlclient-devel
%endif
%if %with_sqlite
BuildRequires: sqlite3-devel
%endif
%if %with_gcrypt
BuildRequires: libgcrypt-devel
%endif
%if %with_nm
BuildRequires: NetworkManager-devel
%endif
BuildRequires: iptables
BuildRequires: libnl >= 1.1
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
Authors:
--------
Andreas Steffen
and others
%package doc
BuildArch: noarch
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
%description doc
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the StrongSwan documentation.
Authors:
--------
Andreas Steffen
and others
%package libs0
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Conflicts: strongswan < %{version}
%description libs0
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan library and plugins.
%package ikev1
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: iproute2
Requires: strongswan-ipsec = %{version}
Requires: strongswan-libs0 = %{version}
Provides: ikev1
Provides: pluto
Provides: strongswan-daemon = %{version}
Conflicts: freeswan openswan strongswan < %{version}
%description ikev1
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the pluto IKEv1 daemon.
%package ikev2
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: iproute2
Requires: strongswan-daemon-starter = %{version}
Requires: strongswan-libs0 = %{version}
Provides: ikev2
Provides: strongswan-daemon = %{version}
Conflicts: openswan strongswan < %{version}
%description ikev2
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the charon IKEv2 daemon.
%package ipsec
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
PreReq: grep %insserv_prereq %fillup_prereq
Requires: strongswan-daemon = %{version}
Requires: strongswan-libs0 = %{version}
Provides: VPN
Provides: ipsec
Provides: strongswan = %{version}
Provides: strongswan-daemon-starter = %{version}
Obsoletes: strongswan < %{version}
Conflicts: freeswan openswan
%description ipsec
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the /etc/init.d/ipsec service script and allows
to maintain both, IKEv1 and IKEv2 daemons, using /etc/ipsec.conf and
/etc/ipsec.sectes files.
%if %with_mysql
%package mysql
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description mysql
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan mysql plugin.
%endif
%if %with_sqlite
%package sqlite
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description sqlite
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan sqlite plugin.
%endif
%if %with_nm
%package nm
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-ikev2 = %{version}
Requires: strongswan-libs0 = %{version}
Provides: strongswan-daemon-starter = %{version}
%description nm
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the NetworkManager plugin to control the
charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
%endif
%if %with_tests
%package tests
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description tests
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the strongswan crypto test-vectors plugin
and the load testing plugin for IKEv2 daemon.
%endif
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
%build
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing"
export RPM_OPT_FLAGS CFLAGS
#libtoolize --force
#autoreconf
%configure \
--enable-integrity-test \
--with-capabilities=libcap \
--with-plugindir=%{strongswan_plugins} \
--with-resolv-conf=%{_localstatedir}/run/strongswan/resolv.conf \
--enable-smartcard \
--with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
--enable-cisco-quirks \
--enable-openssl \
--enable-agent \
--enable-md4 \
--enable-blowfish \
--enable-eap-sim \
--enable-eap-sim-file \
--enable-eap-simaka-sql \
--enable-eap-simaka-pseudonym \
--enable-eap-simaka-reauth \
--enable-eap-md5 \
--enable-eap-gtc \
--enable-eap-aka \
--enable-eap-radius \
--enable-eap-identity \
--enable-eap-mschapv2 \
--enable-eap-aka-3gpp2 \
--enable-ha \
--enable-dhcp \
--enable-farp \
--enable-sql \
--enable-attr-sql \
--enable-addrblock \
%if %with_mysql
--enable-mysql \
%endif
%if %with_sqlite
--enable-sqlite \
%endif
%if %with_gcrypt
--enable-gcrypt \
%endif
%if %with_nm
--enable-nm \
%endif
%if %with_tests
--enable-load-tester \
--enable-test-vectors \
%endif
--enable-ldap \
--enable-curl
make %{?_smp_mflags:%_smp_mflags}
%install
export RPM_BUILD_ROOT
install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
#
make install DESTDIR="$RPM_BUILD_ROOT"
#
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
# This file holds the RSA private keys or the PSK preshared secrets for
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
#
EOT
#
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,radius,strongswan,simaka}.so
find $RPM_BUILD_ROOT%{strongswan_libdir} \
-name "*.a" -o -name "*.la" | xargs -r rm -f
#
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m644 TODO NEWS README COPYING CREDITS \
${RPM_SOURCE_DIR}/README.SUSE \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m755 -d $RPM_BUILD_ROOT%{_localstatedir}/run/strongswan
%post libs0
%{run_ldconfig}
test -d %{_localstatedir}/run/strongswan || \
%{__mkdir_p} %{_localstatedir}/run/strongswan
%postun libs0
%{run_ldconfig}
%post ipsec
%{fillup_and_insserv ipsec}
%preun ipsec
%{stop_on_removal ipsec}
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old
fi
if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old
fi
%postun ipsec
%{insserv_cleanup}
%files
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/README.SUSE
%files ipsec
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
%dir %{_sysconfdir}/ipsec.d/certs
%dir %{_sysconfdir}/ipsec.d/acerts
%dir %{_sysconfdir}/ipsec.d/aacerts
%dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec
%{_sbindir}/ipsec
%{_mandir}/man8/ipsec.8*
%{_mandir}/man5/ipsec.conf.5*
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man5/strongswan.conf.5*
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/_updown
%{_libexecdir}/ipsec/_updown_espmark
%{_libexecdir}/ipsec/_copyright
%{_libexecdir}/ipsec/pki
%{_libexecdir}/ipsec/openac
%{_libexecdir}/ipsec/scepclient
%{_libexecdir}/ipsec/starter
%{_libexecdir}/ipsec/stroke
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-stroke.so
%{strongswan_plugins}/libstrongswan-updown.so
%files ikev1
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/whack
%{_libexecdir}/ipsec/pluto
%{_libexecdir}/ipsec/_pluto_adns
%files ikev2
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%{_libexecdir}/ipsec/charon
%files doc
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/TODO
%{strongswan_docdir}/NEWS
%{strongswan_docdir}/README
%{strongswan_docdir}/COPYING
%{strongswan_docdir}/CREDITS
%{_mandir}/man3/anyaddr.3*
%{_mandir}/man3/atoaddr.3*
%{_mandir}/man3/atoasr.3*
%{_mandir}/man3/atoul.3*
%{_mandir}/man3/goodmask.3*
%{_mandir}/man3/initaddr.3*
%{_mandir}/man3/initsubnet.3*
%{_mandir}/man3/portof.3*
%{_mandir}/man3/rangetosubnet.3*
%{_mandir}/man3/sameaddr.3*
%{_mandir}/man3/subnetof.3*
%{_mandir}/man3/ttoaddr.3*
%{_mandir}/man3/ttodata.3*
%{_mandir}/man3/ttosa.3*
%{_mandir}/man3/ttoul.3*
%{_mandir}/man8/_updown.8*
%{_mandir}/man8/_updown_espmark.8*
%{_mandir}/man8/openac.8*
%{_mandir}/man8/pluto.8*
%{_mandir}/man8/scepclient.8*
%files libs0
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{_libexecdir}/ipsec
%dir %{_libexecdir}/ipsec/pool
%dir %{strongswan_libdir}
%{strongswan_libdir}/libchecksum.so
%{strongswan_libdir}/libhydra.so.0
%{strongswan_libdir}/libhydra.so.0.0.0
%{strongswan_libdir}/libcharon.so.0
%{strongswan_libdir}/libcharon.so.0.0.0
%{strongswan_libdir}/libradius.so.0
%{strongswan_libdir}/libradius.so.0.0.0
%{strongswan_libdir}/libsimaka.so.0
%{strongswan_libdir}/libsimaka.so.0.0.0
%{strongswan_libdir}/libstrongswan.so.0
%{strongswan_libdir}/libstrongswan.so.0.0.0
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-addrblock.so
%{strongswan_plugins}/libstrongswan-aes.so
%{strongswan_plugins}/libstrongswan-agent.so
%{strongswan_plugins}/libstrongswan-attr.so
%{strongswan_plugins}/libstrongswan-attr-sql.so
%{strongswan_plugins}/libstrongswan-blowfish.so
%{strongswan_plugins}/libstrongswan-cmac.so
%{strongswan_plugins}/libstrongswan-constraints.so
%{strongswan_plugins}/libstrongswan-curl.so
%{strongswan_plugins}/libstrongswan-des.so
%{strongswan_plugins}/libstrongswan-dhcp.so
%{strongswan_plugins}/libstrongswan-dnskey.so
%{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so
%{strongswan_plugins}/libstrongswan-eap-aka.so
%{strongswan_plugins}/libstrongswan-eap-gtc.so
%{strongswan_plugins}/libstrongswan-eap-identity.so
%{strongswan_plugins}/libstrongswan-eap-md5.so
%{strongswan_plugins}/libstrongswan-eap-mschapv2.so
%{strongswan_plugins}/libstrongswan-eap-radius.so
%{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so
%{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so
%{strongswan_plugins}/libstrongswan-eap-simaka-sql.so
%{strongswan_plugins}/libstrongswan-eap-sim-file.so
%{strongswan_plugins}/libstrongswan-eap-sim.so
%{strongswan_plugins}/libstrongswan-farp.so
%{strongswan_plugins}/libstrongswan-fips-prf.so
%if %with_gcrypt
%{strongswan_plugins}/libstrongswan-gcrypt.so
%endif
%{strongswan_plugins}/libstrongswan-gmp.so
%{strongswan_plugins}/libstrongswan-ha.so
%{strongswan_plugins}/libstrongswan-hmac.so
%{strongswan_plugins}/libstrongswan-kernel-netlink.so
%{strongswan_plugins}/libstrongswan-ldap.so
%{strongswan_plugins}/libstrongswan-md4.so
%{strongswan_plugins}/libstrongswan-md5.so
%{strongswan_plugins}/libstrongswan-openssl.so
%{strongswan_plugins}/libstrongswan-pem.so
%{strongswan_plugins}/libstrongswan-pgp.so
%{strongswan_plugins}/libstrongswan-pkcs1.so
%{strongswan_plugins}/libstrongswan-pkcs8.so
%{strongswan_plugins}/libstrongswan-pubkey.so
%{strongswan_plugins}/libstrongswan-random.so
%{strongswan_plugins}/libstrongswan-resolve.so
%{strongswan_plugins}/libstrongswan-revocation.so
%{strongswan_plugins}/libstrongswan-sha1.so
%{strongswan_plugins}/libstrongswan-sha2.so
%{strongswan_plugins}/libstrongswan-socket*.so
%{strongswan_plugins}/libstrongswan-sql.so
%{strongswan_plugins}/libstrongswan-x509.so
%{strongswan_plugins}/libstrongswan-xauth.so
%{strongswan_plugins}/libstrongswan-xcbc.so
%dir %ghost %{_localstatedir}/run/strongswan
%if %with_nm
%files nm
%defattr(-,root,root)
%dir %{_libexecdir}/ipsec
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-nm.so
%endif
%if %with_mysql
%files mysql
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-mysql.so
%endif
%if %with_sqlite
%files sqlite
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-sqlite.so
%endif
%if %with_tests
%files tests
%defattr(-,root,root)
%dir %{strongswan_plugins}
%{strongswan_plugins}/libstrongswan-load-tester.so
%{strongswan_plugins}/libstrongswan-test-vectors.so
%endif
%changelog
Reference in New Issue View Git Blame Copy Permalink