1 |
%define _enable_debug_packages %{nil} |
2 |
%define debug_package %{nil} |
3 |
|
4 |
Summary: An implementation of IPSEC & IKE for Linux |
5 |
Name: openswan |
6 |
Version: 2.6.28 |
7 |
%define subrel 2 |
8 |
Release: %mkrel 2 |
9 |
License: GPLv2+ |
10 |
Group: System/Servers |
11 |
URL: http://www.openswan.org/ |
12 |
Source0: http://www.openswan.org/download/openswan-%{version}.tar.gz |
13 |
Source1: http://www.openswan.org/download/openswan-%{version}.tar.gz.asc |
14 |
Patch0: openswan-2.6.28-manfix.patch |
15 |
Patch1: openswan-2.6.21-format_not_a_string_literal_and_no_format_arguments.diff |
16 |
# patch 2 from RedHat, also fixes CVE-2010-3752 and CVE-2010-3753 |
17 |
Patch2: openswan-2.6.28-CVE-2010-3302-CVE-2010-3308.patch |
18 |
Patch3: openswan-cve-2011-4073.patch |
19 |
# patches 4 and 5 from RedHat, fixes CVE-2013-2053 |
20 |
Patch4: openswan-libreswan-backport-949437-atodn.patch |
21 |
Patch5: openswan-libreswan-backport-949437-x509dn.patch |
22 |
Requires(post): rpm-helper |
23 |
Requires(preun): rpm-helper |
24 |
Provides: ipsec-userland |
25 |
Requires: lsof |
26 |
Requires: iproute2 |
27 |
Requires: ipsec-tools |
28 |
Conflicts: freeswan |
29 |
BuildRequires: bison |
30 |
BuildRequires: gmp-devel |
31 |
BuildRequires: pam-devel |
32 |
BuildRequires: dos2unix |
33 |
BuildRequires: flex |
34 |
BuildRequires: xmlto |
35 |
BuildRequires: docbook-dtd412-xml |
36 |
BuildRequires: docbook-style-xsl |
37 |
|
38 |
%description |
39 |
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the |
40 |
FreeS/WAN project. |
41 |
|
42 |
IPSEC is Internet Protocol Security and uses strong cryptography to |
43 |
provide both authentication and encryption services. These services |
44 |
allow you to build secure tunnels through untrusted networks. |
45 |
Everything passing through the untrusted net is encrypted by the ipsec |
46 |
gateway machine and decrypted by the gateway at the other end of the |
47 |
tunnel. The resulting tunnel is a virtual private network or VPN. |
48 |
|
49 |
This package contains the daemons and userland tools for setting up |
50 |
Openswan on a kernel with either the 2.6 native IPsec code, or |
51 |
FreeS/WAN's KLIPS. |
52 |
|
53 |
%package doc |
54 |
Summary: An implementation of IPSEC & IKE for Linux |
55 |
Group: System/Servers |
56 |
|
57 |
%description doc |
58 |
Openswan is a free implementation of IPSEC & IKE for Linux, a fork of the |
59 |
FreeS/WAN project. |
60 |
|
61 |
This is the documentation for Openswan. |
62 |
|
63 |
%prep |
64 |
|
65 |
%setup -q -n openswan-%{version} |
66 |
%patch0 -p0 -b .manfix |
67 |
%patch1 -p0 -b .format_not_a_string_literal_and_no_format_arguments |
68 |
%patch2 -p1 -b .xauth |
69 |
%patch3 -p1 -b .ike |
70 |
%patch4 -p1 -b .atodn |
71 |
%patch5 -p1 -b .x509dn |
72 |
|
73 |
find . -type f -name "*.html" -exec dos2unix -U {} \; |
74 |
|
75 |
%build |
76 |
|
77 |
%serverbuild |
78 |
|
79 |
find . -name "Makefile*" | xargs perl -pi -e "s|libexec|%{_lib}|g" |
80 |
export CLFAGS=$(echo %{optflags} -fno-strict-aliasing) |
81 |
# the %make macro doesn't seem to work |
82 |
make \ |
83 |
USERCOMPILE="-g $CLFAGS" \ |
84 |
INC_USRLOCAL=%{_prefix} \ |
85 |
MANTREE=%{_mandir} \ |
86 |
INC_RCDEFAULT=%{_initrddir} \ |
87 |
CONFDIR=%{_sysconfdir}/%name \ |
88 |
FINALCONFDIR=%{_sysconfdir}/%name \ |
89 |
FINALCONFFILE=%{_sysconfdir}/%name/ipsec.conf \ |
90 |
FINALLIBEXECDIR=%{_libdir}/ipsec \ |
91 |
FINALLIBDIR=%{_libdir}/ipsec \ |
92 |
programs |
93 |
|
94 |
%install |
95 |
rm -rf %{buildroot} |
96 |
|
97 |
%{make} \ |
98 |
DESTDIR=%{buildroot} \ |
99 |
INC_USRLOCAL=%{_prefix} \ |
100 |
MANTREE=%{buildroot}%{_mandir} \ |
101 |
INC_RCDEFAULT=%{_initrddir} \ |
102 |
INC_USRLOCAL=%{_prefix} \ |
103 |
INC_RCDEFAULT=%{_initrddir} \ |
104 |
FINALCONFDIR=%{_sysconfdir}/%name \ |
105 |
FINALLIBEXECDIR=%{_libdir}/ipsec \ |
106 |
FINALLIBDIR=%{_libdir}/ipsec \ |
107 |
install |
108 |
|
109 |
install -d -m700 %{buildroot}%{_localstatedir}/lib/run/pluto |
110 |
install -d %{buildroot}%{_sbindir} |
111 |
|
112 |
# Remove old documentation for the time being. |
113 |
rm -rf %{buildroot}%{_defaultdocdir}/freeswan |
114 |
|
115 |
# cleanup |
116 |
rm -rf %{buildroot}%{_sysconfdir}/rc.d/rc* |
117 |
rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d/setup |
118 |
rm -rf %{buildroot}%{_docdir}/%{name} |
119 |
|
120 |
%preun |
121 |
%_preun_service ipsec |
122 |
|
123 |
%post |
124 |
%_post_service ipsec |
125 |
|
126 |
%clean |
127 |
rm -rf %{buildroot} |
128 |
|
129 |
%files |
130 |
%doc BUGS CHANGES COPYING CREDITS README |
131 |
%attr(0755,root,root) %{_initrddir}/ipsec |
132 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf |
133 |
%attr(0700,root,root) %dir %{_sysconfdir}/%{name}/ipsec.d |
134 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/ipsec.d/*/* |
135 |
%{_sbindir}/ipsec |
136 |
%dir %{_libdir}/ipsec |
137 |
%{_libdir}/ipsec/* |
138 |
%{_localstatedir}/lib/run/pluto |
139 |
%{_mandir}/*/* |
140 |
|
141 |
%files doc |
142 |
%doc doc/* |