%define LIBMAJ 0
%define libname %mklibname ipsec %LIBMAJ
%define libnamedev %{libname}-devel
Name: ipsec-tools
Version: 0.6.7
Release: %mkrel 1
Summary: Tools for configuring and using IPSEC
License: BSD
Group: Networking/Other
URL: http://ipsec-tools.sourceforge.net/
Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
Source3: racoon.conf
Source4: psk.txt
Source6: ipsec-setkey-initscript
Source7: racoon-initscript
Source8: racoon.sysconfig
Patch0: ipsec-tools-0.6.2b2-x86_64.patch
Patch1: ipsec-tools-0.6.2b3-manfix.patch
Patch2: ipsec-tools-0.5.2-includes.patch
Patch3: ipsec-tools-0.6.6-gcc-misc.patch
# (tv) fix build by disabling -Werror which make build randomly fails for no
# good reason when newer gcc spit out more warnings:
Patch4: ipsec-tools-disable-Werror.patch
BuildRequires: openssl-devel krb5-devel flex bison
BuildRequires: libpam-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: %{libname} = %{version}
Requires(pre): rpm-helper
Requires: rpm-helper
Provides: kvpnc-backend
%description
This is the IPsec-Tools package. You need this package in order to
really use the IPsec functionality in the linux-2.6 and above kernels.
This package builds:
- libipsec, a PFKeyV2 library
- setkey, a program to directly manipulate policies and SAs
- racoon, an IKEv1 keying daemon
%define old_libname %mklibname ipsec-tools 0
%package -n %{libname}
Summary: The shared libraries used by ipsec-tools
Group: System/Libraries
Requires(post): grep, coreutils
Requires(preun): grep, coreutils
Requires: grep, coreutils
Provides: libipsec = %{version}-%{release}
Provides: libipsec-tools = %{version}-%{release}
Obsoletes: libipsec-tools
Provides: %old_libname = %{version}-%{release}
Obsoletes: %old_libname
%description -n %{libname}
These are the shared libraries for the IPsec-Tools package.
%package -n %{libnamedev}
Summary: Headers for programs for %libname
Group: Development/C
Requires: %{libname} = %{version}
Provides: libipsec-tools-devel = %{version}-%{release}
Provides: libipsec-devel = %{version}-%{release}
Obsoletes: libipsec-tools-devel
Provides: %{old_libname}-devel = %{version}-%{release}
Obsoletes: %{old_libname}-devel
%description -n %{libnamedev}
These are development headers for libipsec
%prep
%setup -q
%patch0 -p1 -b .x86_64
%patch1 -p1 -b .manfix
%patch2 -p1 -b .includes
%patch3 -p1 -b .gcc41
%patch4 -p1 -b .err
%build
./configure \
--prefix=%{_prefix} \
--mandir=%{_mandir} \
--libdir=/%{_lib} \
--sbindir=/sbin \
--localstatedir=%{_localstatedir} \
--sysconfdir=%{_sysconfdir}/racoon \
--with-kernel-headers=%{_includedir} \
--enable-shared \
--disable-rpath \
--enable-hybrid \
--enable-frag \
--enable-dpd \
--enable-adminport \
--enable-gssapi \
--enable-natt \
--with-libpam
# removed: 0.6.1 says it's not supported in linux
# --enable-samode-unspec
make
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall_std
mkdir -p $RPM_BUILD_ROOT/etc/racoon/
install -m 0600 %{SOURCE3} $RPM_BUILD_ROOT/etc/racoon/racoon.conf
install -m 0600 %{SOURCE4} $RPM_BUILD_ROOT/etc/racoon/psk.txt
mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs
mkdir -p $RPM_BUILD_ROOT/%{_initrddir}
install -m 0755 %{SOURCE6} $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey
install -m 0755 %{SOURCE7} $RPM_BUILD_ROOT/%{_initrddir}/racoon
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
# racoon.sysconfig
install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon
# pam file
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
cat > %{buildroot}%{_sysconfdir}/pam.d/racoon <<EOF
#%PAM-1.0
auth required pam_nologin.so
%if %mdkversion < 200700
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
%else
auth include system-auth
account include system-auth
%endif
EOF
# default ipsec.conf file
cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF
#!/usr/sbin/setkey -f
#
# File /etc/ipsec.conf
# delete the SAD and SPD
flush;
spdflush;
# Define here your security policies
# Example
# ipsec between two machines: 192.168.1.10 and 192.168.1.20
#
# spdadd 192.168.1.10 192.168.1.20 any -P in ipsec
# esp/transport//require
# ah/transport//require;
#
# spdadd 192.168.1.20 192.168.1.10 any -P out ipsec
# esp/transport//require
# ah/transport//require;
EOF
# remove some files from the sample dir so we can include it
# in %%doc. Also fix their permissions
rm -f src/racoon/samples/*.in
find src/racoon/samples -type f -exec chmod 0644 {} \;
%clean
rm -rf $RPM_BUILD_ROOT
%post
%_post_service ipsec-setkey
%_post_service racoon
%preun
%_preun_service ipsec-setkey
%_preun_service racoon
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc ChangeLog NEWS README
%doc src/racoon/samples
%doc src/racoon/doc/*
/sbin/*
%{_mandir}/man*/*
%dir %{_sysconfdir}/racoon
%dir %{_sysconfdir}/racoon/certs
%config(noreplace) %{_sysconfdir}/sysconfig/racoon
%config(noreplace) %{_sysconfdir}/racoon/psk.txt
%config(noreplace) %{_sysconfdir}/racoon/racoon.conf
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %{_sysconfdir}/pam.d/racoon
%attr (0755,root,root) %{_initrddir}/ipsec-setkey
%attr (0755,root,root) %{_initrddir}/racoon
%dir /var/lib/racoon
%files -n %{libname}
%defattr(-,root,root)
%doc ChangeLog NEWS README
/%{_lib}/*.so.*
%files -n %{libnamedev}
%defattr(-,root,root)
/%{_lib}/libipsec.la
/%{_lib}/libipsec.a
/%{_lib}/libipsec.so
/%{_lib}/libracoon.la
/%{_lib}/libracoon.a
/%{_lib}/libracoon.so
%{_includedir}/*
%changelog
* Thu Aug 23 2007 Thierry Vignaud <tvignaud@mandriva.com> 0.6.7-1mdv2008.0
+ Revision: 69963
- patch 4: fix build by disabling -Werror which make build randomly fails for no good reason when newer gcc spit out more warnings
- fileutils, sh-utils & textutils have been obsoleted by coreutils a long time ago
* Sat Apr 07 2007 Andreas Hasenack <andreas@mandriva.com> 0.6.7-1mdv2007.1
+ Revision: 151144
- updated to version 0.6.7, fixing a DoS (CVE-2007-1841)
* Thu Sep 14 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.6-2mdv2007.0
+ Revision: 61328
- added PAM configuration file (PAM auth tested)
* Thu Sep 14 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.6-1mdv2007.0
+ Revision: 61275
- added buildrequires for libpam-devel due to new pam support
- using mkrel
- enabled pam support
- added support for parallel initscripts
- bunzipped patches and some source files
- updated to version 0.6.6
- added gcc patch
- don't run auto-tools, it's introducing a build error
- Import ipsec-tools
* Sun Feb 05 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.5-1mdk
- updated to version 0.6.5
* Wed Jan 25 2006 Andreas Hasenack <andreas@mandriva.com> 0.6.4-1mdk
- updated to version 0.6.4
- removed openssl0.9.8 patch, not needed anymore
* Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 0.6.2b3-2mdk
- added P3 from fedora to make it build against openssl-0.9.8a
* Wed Oct 05 2005 Andreas Hasenack <andreas@mandriva.com> 0.6.2b3-1mdk
- updated to version 0.6.2b3
- removed signwarn patch, already applied
- removed warning patch, no longer needed
- redid x86_64 patch
- redid manfix patch
- removed --enable-samode-unspec ./configure option, it's said to not work
with linux
- added "remote anonymous" section to default racoon.conf, taken from sample file
in the documentation directory
- added libracoon to file list in devel package
* Thu Sep 08 2005 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.5.2-5mdk
- don't forcibly redefine bcopy() & bzero()
* Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-4mdk
- added a sample ipsec.conf file
- use proper exit codes in the ipsec-setkey and racoon initscripts
- only load ipv6 ipsec related modules if NETWORKING_IPV6=yes
(ipsec-setkey init script)
- added more documentation to %%doc
- removed reload option from the racoon initscript since it's not
supported anyway (was equal to restart)
* Thu Jun 23 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-3mdk
- more fixes for paths in the manpage
* Tue Jun 14 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-2mdk
- fix patch referenced in manpage
* Tue Jun 14 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-1mdk
- updated to version 0.5.2
- using /etc/racoon for sysconfdir directory (fixes #16234)
- added patch to fix a signedess warning with gcc4
- included missing /var/lib/racoon directory, fixing #16409 (why isn't
rpm warning about this directory which wasn't being packaged?)
- added a sysconfig file so that the admin can give racoon some command
line arguments if needed
* Wed May 04 2005 Couriousous <couriousous@mandriva.org> 0.5.1-2mdk
- Fix x86_64 build
* Sun May 01 2005 Couriousous <couriousous@mandriva.org> 0.5.1-1mdk
- 0.5.1
- Enable more features
- Patch to fix gssapi warning
* Fri Mar 25 2005 Couriousous <couriousous@mandrake.org> 0.5-4mdk
- Security fix (CAN-2005-0398)
* Thu Mar 03 2005 Couriousous <couriousous@mandrake.org> 0.5-3mdk
- Fix conflict with openswan ( #14133 )
* Wed Feb 23 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.5-2mdk
- add BuildRequires: bison
* Sat Feb 19 2005 Couriousous <couriousous@mandrake.org> 0.5-1mdk
- 0.5
- Change library name libipsec-tools to libipsec
* Sun Dec 26 2004 Couriousous <couriousous@mandrake.org> 0.4-2mdk
- Add Provide kvpnc-backend
* Thu Sep 23 2004 Couriousous <couriousous@sceen.net> 0.4-1mdk
- 0.4
- Add startup scripts
- Enable -devel package
* Fri Jul 16 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.2.5-2mdk
- add BuildRequires: flex
* Fri Apr 09 2004 Florin <florin@mandrakesoft.com> 0.2.5-1mdk
- 0.2.5 (security update)
- /sbin now contains the binaries and not /usr/sbin anymore
