rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

Accepting request 534431 from home:jengelh:branches:network:vpn

Browse Source 
- Update summaries and descriptions. Trim filler words and
  author list.
- Drop %if..%endif guards that are idempotent and do not affect
  the build result.
- Replace old $RPM_ shell variables.

OBS-URL: https://build.opensuse.org/request/show/534431
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=106
This commit is contained in:
Dominique Leuenberger 2018-02-06 17:07:40 +00:00 committed by Git OBS Bridge
parent 062c69a06d
commit 4ee9977c46
2 changed files with 82 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
strongswan.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de
- Update summaries and descriptions. Trim filler words and
author list.
- Drop %if..%endif guards that are idempotent and do not affect
the build result.
- Replace old $RPM_ shell variables.
-------------------------------------------------------------------
Tue Sep 5 17:10:11 CEST 2017 - ndas@suse.de

181
strongswan.spec
View File

@ -61,7 +61,7 @@ Release: 0
%else
%bcond_with systemd
%endif
Summary: OpenSource IPsec-based VPN Solution
Summary: IPsec-based VPN solution
License: GPL-2.0+
Group: Productivity/Networking/Security
Url: http://www.strongswan.org/
@ -127,17 +127,16 @@ BuildRequires: fipscheck
BuildRequires: libtool
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an IPsec-based VPN solution for Linux.
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Dynamic IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* NAT Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* Static virtual IP addresses and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
@ -154,46 +153,32 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
* Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
Authors:
--------
Andreas Steffen
and others
%package doc
BuildArch: noarch
Summary: OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
Summary: Documentation for strongSwan
Group: Documentation/Man
%description doc
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the StrongSwan documentation.
Authors:
--------
Andreas Steffen
and others
%package libs0
Summary: OpenSource IPsec-based VPN Solution
Summary: strongSwan core libraries and basic plugins
Group: Productivity/Networking/Security
Conflicts: strongswan < %{version}
%description libs0
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan library and plugins.
%if %{with fipscheck}
%package hmac
Summary: HMAC files for FIPS-140-2 integrity
Summary: HMAC files for FIPS-140-2 integrity in strongSwan
Group: Productivity/Networking/Security
Requires: fipscheck
Requires: strongswan-ipsec = %{version}
@ -206,10 +191,8 @@ _fipscheck helper script preforming the integrity checks before e.g.
"ipsec start" action is executed, when FIPS-140-2 compliant operation
mode is enabled.
%endif
%package ipsec
Summary: OpenSource IPsec-based VPN Solution
Summary: IPsec-based VPN solution
Group: Productivity/Networking/Security
PreReq: grep %insserv_prereq %fillup_prereq
Requires: strongswan-libs0 = %{version}
@ -220,72 +203,55 @@ Obsoletes: strongswan < %{version}
Conflicts: freeswan openswan
%description ipsec
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the /etc/init.d/ipsec service script and allows
to maintain both, IKEv1 and IKEv2, using the /etc/ipsec.conf and the
to maintain both IKEv1 and IKEv2 using the /etc/ipsec.conf and the
/etc/ipsec.sectes files.
%if %{with mysql}
%package mysql
Summary: OpenSource IPsec-based VPN Solution
Summary: MySQL plugin for strongSwan
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description mysql
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an IPsec-based VPN solution for Linux.
This package provides the strongswan mysql plugin.
%endif
%if %{with sqlite}
%package sqlite
Summary: OpenSource IPsec-based VPN Solution
Summary: SQLite plugin for strongSwan
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description sqlite
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an OpenSource IPsec-based VPN solution for Linux.
This package provides the strongswan sqlite plugin.
%endif
%if %{with nm}
%package nm
Summary: OpenSource IPsec-based VPN Solution
Summary: NetworkManager plugin for strongSwan
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description nm
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an OpenSource IPsec-based VPN solution for Linux.
This package provides the NetworkManager plugin to control the
charon IKEv2 daemon through D-Bus, designed to work using the
NetworkManager-strongswan graphical user interface.
%endif
%if %{with tests}
%package tests
Summary: OpenSource IPsec-based VPN Solution
Summary: Testing plugins for strongSwan
Group: Productivity/Networking/Security
Requires: strongswan-libs0 = %{version}
%description tests
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
StrongSwan is an OpenSource IPsec-based VPN solution for Linux.
This package provides the strongswan crypto test-vectors plugin
This package provides the strongswan crypto test vectors plugin
and the load testing plugin for IKEv2 daemon.
%endif
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
@ -297,20 +263,20 @@ and the load testing plugin for IKEv2 daemon.
%patch5 -p1
%patch6 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
< %{_sourcedir}/strongswan.init.in \
> strongswan.init
%if %{with fipscheck}
sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \
-e 's|@IPSEC_LIBDIR@|%{_libdir}/ipsec|g' \
-e 's|@IPSEC_SBINDIR@|%{_sbindir}|g' \
-e 's|@IPSEC_BINDIR@|%{_bindir}|g' \
< $RPM_SOURCE_DIR/fipscheck.sh.in \
< %{_sourcedir}/fipscheck.sh.in \
> _fipscheck
%endif
%build
CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
export RPM_OPT_FLAGS CFLAGS
CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter"
export CFLAGS
autoreconf --force --install
%configure \
%if %{with integrity}
@ -405,25 +371,24 @@ autoreconf --force --install
--enable-soup \
--enable-curl \
--disable-static
make %{?_smp_mflags:%_smp_mflags}
make %{?_smp_mflags}
%install
export RPM_BUILD_ROOT
install -d -m755 ${RPM_BUILD_ROOT}%{_sbindir}/
install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.d/
install -d -m755 %{buildroot}/%{_sbindir}/
install -d -m755 %{buildroot}/%{_sysconfdir}/ipsec.d/
%if %{with systemd}
ln -sf %_sbindir/service ${RPM_BUILD_ROOT}%_sbindir/rcstrongswan
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcstrongswan
%else
install -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
install -d -m755 %{buildroot}/%{_sysconfdir}/init.d/
install -m755 strongswan.init %{buildroot}/%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec %{buildroot}/%{_sbindir}/rcipsec
%endif
#
# Ensure, plugin -> library dependencies can be resolved
# (e.g. libtls) to avoid plugin segment checksum errors.
#
LD_LIBRARY_PATH="$RPM_BUILD_ROOT-$$%{strongswan_libdir}" \
make install DESTDIR="$RPM_BUILD_ROOT"
LD_LIBRARY_PATH="%{buildroot}-$$/%{strongswan_libdir}" \
%make_install
#
# checksums are calculated during make install using the
# installed binaries/libraries... but find-debuginfo.sh
@ -434,23 +399,23 @@ make install DESTDIR="$RPM_BUILD_ROOT"
%if %{with integrity}
%{?__debug_package:
if test -x %{_rpmconfigdir}/find-debuginfo.sh ; then
cp -a "${RPM_BUILD_ROOT}" "${RPM_BUILD_ROOT}-$$"
RPM_BUILD_ROOT="$RPM_BUILD_ROOT-$$" \
cp -a "%{buildroot}" "%{buildroot}-$$"
RPM_BUILD_ROOT="%{buildroot}-$$" \
%{_rpmconfigdir}/find-debuginfo.sh \
%{?_find_debuginfo_opts} "${RPM_BUILD_ROOT}-$$"
%{?_find_debuginfo_opts} "%{buildroot}-$$"
make -C src/checksum clean
rm -f src/checksum/checksum_builder
LD_LIBRARY_PATH="$RPM_BUILD_ROOT-$$%{strongswan_libdir}" \
make -C src/checksum install DESTDIR="$RPM_BUILD_ROOT-$$"
mv "$RPM_BUILD_ROOT-$$%{strongswan_libdir}/libchecksum.so" \
"$RPM_BUILD_ROOT%{strongswan_libdir}/libchecksum.so"
rm -rf "${RPM_BUILD_ROOT}-$$"
LD_LIBRARY_PATH="%{buildroot}-$$/%{strongswan_libdir}" \
make -C src/checksum install DESTDIR="%{buildroot}-$$"
mv "%{buildroot}-$$/%{strongswan_libdir}/libchecksum.so" \
"%{buildroot}/%{strongswan_libdir}/libchecksum.so"
rm -rf "%{buildroot}-$$"
fi
}
%endif
#
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
rm -f %{buildroot}/%{_sysconfdir}/ipsec.secrets
cat << EOT > %{buildroot}/%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
@ -460,21 +425,21 @@ cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
EOT
#
%if ! %{with mysql}
rm -f $RPM_BUILD_ROOT%{strongswan_templates}/database/sql/mysql.sql
rm -f %{buildroot}/%{strongswan_templates}/database/sql/mysql.sql
%endif
%if ! %{with sqlite}
rm -f $RPM_BUILD_ROOT%{strongswan_templates}/database/sql/sqlite.sql
rm -f %{buildroot}/%{strongswan_templates}/database/sql/sqlite.sql
%endif
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so
rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so
find $RPM_BUILD_ROOT%{strongswan_libdir} -type f -name "*.la" -delete
rm -f %{buildroot}/%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so
rm -f %{buildroot}/%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so
find %{buildroot}/%{strongswan_libdir} -type f -name "*.la" -delete
#
install -d -m755 ${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -d -m755 %{buildroot}/%{strongswan_docdir}/
install -c -m644 TODO NEWS README COPYING LICENSE \
AUTHORS ChangeLog \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
%{buildroot}/%{strongswan_docdir}/
install -c -m644 %{_sourcedir}/README.SUSE \
%{buildroot}/%{strongswan_docdir}/
%if %{with systemd}
%{__install} -d -m 0755 %{buildroot}%{_tmpfilesdir}
echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf
@ -483,24 +448,24 @@ echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}
#
# note: keep the following, _fipscheck's and file lists in sync
#
install -c -m750 _fipscheck ${RPM_BUILD_ROOT}%{_libexecdir}/ipsec/
install -c -m644 ${RPM_SOURCE_DIR}/fips-enforce.conf \
${RPM_BUILD_ROOT}%{strongswan_configs}/charon/zzz_fips-enforce.conf
install -c -m750 _fipscheck %{buildroot}/%{_libexecdir}/ipsec/
install -c -m644 %{_sourcedir}/fips-enforce.conf \
%{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf
# create fips hmac hashes _after_ install post run
%{expand:%%global __os_install_post {%__os_install_post
for f in $RPM_BUILD_ROOT%{strongswan_libdir}/lib*.so.*.*.* \
$RPM_BUILD_ROOT%{strongswan_libdir}/imcvs/*.so \
$RPM_BUILD_ROOT%{strongswan_plugins}/*.so \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/charon \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/charon-nm \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/stroke \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/starter \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/pool \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/scepclient \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/imv_policy_manager \
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/_fipscheck \
$RPM_BUILD_ROOT%{_bindir}/pt-tls-client \
$RPM_BUILD_ROOT%{_sbindir}/ipsec \
for f in %{buildroot}/%{strongswan_libdir}/lib*.so.*.*.* \
%{buildroot}/%{strongswan_libdir}/imcvs/*.so \
%{buildroot}/%{strongswan_plugins}/*.so \
%{buildroot}/%{_libexecdir}/ipsec/charon \
%{buildroot}/%{_libexecdir}/ipsec/charon-nm \
%{buildroot}/%{_libexecdir}/ipsec/stroke \
%{buildroot}/%{_libexecdir}/ipsec/starter \
%{buildroot}/%{_libexecdir}/ipsec/pool \
%{buildroot}/%{_libexecdir}/ipsec/scepclient \
%{buildroot}/%{_libexecdir}/ipsec/imv_policy_manager \
%{buildroot}/%{_libexecdir}/ipsec/_fipscheck \
%{buildroot}/%{_bindir}/pt-tls-client \
%{buildroot}/%{_sbindir}/ipsec \
;
do
/usr/bin/fipshmac "$f"