%define LIBMAJ 0 %define libname %mklibname ipsec %LIBMAJ %define libnamedev %{libname}-devel Name: ipsec-tools Version: 0.5.2 Release: 5mdk Summary: Tools for configuring and using IPSEC License: BSD Group: Networking/Other URL: http://ipsec-tools.sourceforge.net/ Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Source3: racoon.conf.bz2 Source4: psk.txt.bz2 Source6: ipsec-setkey-initscript.bz2 Source7: racoon-initscript.bz2 Source8: racoon.sysconfig Patch0: ipsec-tools-0.5.1-warning.patch.bz2 Patch1: ipsec-tools-0.5.1-x86_64.patch.bz2 # http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/admin.c?r1=1.17.2.2&r2=1.17.2.3 Patch2: ipsec-tools-0.5.2-signwarn.patch.bz2 Patch3: ipsec-tools-0.5.2-manfix.patch.bz2 Patch4: ipsec-tools-0.5.2-includes.patch.bz2 BuildRequires: openssl-devel krb5-devel flex bison BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires: %{libname} = %{version} Prereq: rpm-helper Provides: kvpnc-backend %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %define old_libname %mklibname ipsec-tools 0 %package -n %{libname} Summary: The shared libraries used by ipsec-tools Group: System/Libraries Prereq: grep, sh-utils Provides: libipsec = %{version}-%{release} Provides: libipsec-tools = %{version}-%{release} Obsoletes: libipsec-tools Provides: %old_libname = %{version}-%{release} Obsoletes: %old_libname %description -n %{libname} These are the shared libraries for the IPsec-Tools package. %package -n %{libnamedev} Summary: Headers for programs for %libname Group: Development/C Requires: %{libname} = %{version} Provides: libipsec-tools-devel = %{version}-%{release} Provides: libipsec-devel = %{version}-%{release} Obsoletes: libipsec-tools-devel Provides: %{old_libname}-devel = %{version}-%{release} Obsoletes: %{old_libname}-devel %description -n %{libnamedev} These are development headers for libipsec %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 -b .signwarn %patch3 -p1 -b .manfix %patch4 -p1 -b .includes %build %define _prefix %{nil} %define _includedir /usr/include %define _datadir /usr/share %configure --with-kernel-headers=/usr/include --enable-shared --disable-rpath \ --sysconfdir=%{_sysconfdir}/racoon \ --enable-gssapi \ --enable-hybrid \ --enable-frag \ --enable-dpd \ --enable-samode-unspec \ --enable-adminport \ --enable-natt make %install rm -rf $RPM_BUILD_ROOT %makeinstall mkdir -p $RPM_BUILD_ROOT/etc/racoon/ bzcat %{SOURCE3} > $RPM_BUILD_ROOT/etc/racoon/racoon.conf chmod 600 $RPM_BUILD_ROOT/etc/racoon/racoon.conf bzcat %{SOURCE4} > $RPM_BUILD_ROOT/etc/racoon/psk.txt chmod 600 $RPM_BUILD_ROOT/etc/racoon/psk.txt mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs mkdir -p $RPM_BUILD_ROOT/%{_initrddir} bzcat %{SOURCE6} > $RPM_BUILD_ROOT/%{_initrddir}/ipsec-setkey bzcat %{SOURCE7} > $RPM_BUILD_ROOT/%{_initrddir}/racoon mkdir -p %{buildroot}%{_sysconfdir}/sysconfig # racoon.sysconfig install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/racoon # default ipsec.conf file cat > %{buildroot}%{_sysconfdir}/ipsec.conf <<EOF #!/usr/sbin/setkey -f # # File /etc/ipsec.conf # delete the SAD and SPD flush; spdflush; # Define here your security policies # Example # ipsec between two machines: 192.168.1.10 and 192.168.1.20 # # spdadd 192.168.1.10 192.168.1.20 any -P in ipsec # esp/transport//require # ah/transport//require; # # spdadd 192.168.1.20 192.168.1.10 any -P out ipsec # esp/transport//require # ah/transport//require; EOF # remove some files from the sample dir so we can include it # in %%doc. Also fix their permissions rm -f src/racoon/samples/*.in find src/racoon/samples -type f -exec chmod 0644 {} \; %clean rm -rf $RPM_BUILD_ROOT %post %_post_service ipsec-setkey %_post_service racoon %preun %_preun_service ipsec-setkey %_preun_service racoon %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files %defattr(-,root,root) %doc ChangeLog NEWS README %doc src/racoon/samples %doc src/racoon/doc/* /sbin/* %{_mandir}/man*/* %dir %{_sysconfdir}/racoon %dir %{_sysconfdir}/racoon/certs %config(noreplace) %{_sysconfdir}/sysconfig/racoon %config(noreplace) %{_sysconfdir}/racoon/psk.txt %config(noreplace) %{_sysconfdir}/racoon/racoon.conf %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ipsec.conf %attr (0755,root,root) %{_initrddir}/ipsec-setkey %attr (0755,root,root) %{_initrddir}/racoon %dir /var/lib/racoon %files -n %{libname} %defattr(-,root,root) %doc ChangeLog NEWS README /%{_lib}/*.so.* %files -n %{libnamedev} %defattr(-,root,root) /%{_lib}/libipsec.la /%{_lib}/libipsec.a /%{_lib}/libipsec.so %{_includedir}/* %changelog * Wed Sep 7 2005 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.5.2-5mdk - don't forcibly redefine bcopy() & bzero() * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-4mdk - added a sample ipsec.conf file - use proper exit codes in the ipsec-setkey and racoon initscripts - only load ipv6 ipsec related modules if NETWORKING_IPV6=yes (ipsec-setkey init script) - added more documentation to %%doc - removed reload option from the racoon initscript since it's not supported anyway (was equal to restart) * Wed Jun 22 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-3mdk - more fixes for paths in the manpage * Mon Jun 13 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-2mdk - fix patch referenced in manpage * Mon Jun 13 2005 Andreas Hasenack <andreas@mandriva.com> 0.5.2-1mdk - updated to version 0.5.2 - using /etc/racoon for sysconfdir directory (fixes #16234) - added patch to fix a signedess warning with gcc4 - included missing /var/lib/racoon directory, fixing #16409 (why isn't rpm warning about this directory which wasn't being packaged?) - added a sysconfig file so that the admin can give racoon some command line arguments if needed * Tue May 03 2005 Couriousous <couriousous@mandriva.org> 0.5.1-2mdk - Fix x86_64 build * Sat Apr 30 2005 Couriousous <couriousous@mandriva.org> 0.5.1-1mdk - 0.5.1 - Enable more features - Patch to fix gssapi warning * Fri Mar 25 2005 Couriousous <couriousous@mandrake.org> 0.5-4mdk - Security fix (CAN-2005-0398) * Thu Mar 03 2005 Couriousous <couriousous@mandrake.org> 0.5-3mdk - Fix conflict with openswan ( #14133 ) * Wed Feb 23 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.5-2mdk - add BuildRequires: bison * Sat Feb 19 2005 Couriousous <couriousous@mandrake.org> 0.5-1mdk - 0.5 - Change library name libipsec-tools to libipsec * Sun Dec 26 2004 Couriousous <couriousous@mandrake.org> 0.4-2mdk - Add Provide kvpnc-backend * Mon Sep 22 2004 Couriousous <couriousous@sceen.net> 0.4-1mdk - 0.4 - Add startup scripts - Enable -devel package * Thu Jul 15 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.2.5-2mdk - add BuildRequires: flex * Thu Apr 08 2004 Florin <florin@mandrakesoft.com> 0.2.5-1mdk - 0.2.5 (security update) - /sbin now contains the binaries and not %{_sbindir} anymore * Wed Jan 21 2004 Florin <florin@mandrakesoft.com> 0.2.3-1mdk - first mandrake release