%define name strongswan %define version 2.0.2 %define release 4mdk %define source_name freeswan Summary: StrongSWAN IPSEC implementation Name: %{name} Version: %{version} Release: %{release} License: GPL URL: http://www.strongswan.org/ Source0: %{name}-%{version}.tar.bz2 Source1: freeswan.init.bz2 Patch0: freeswan-2.04-nuke-warnings.patch.bz2 Patch1: strongswan-2.0.2-label-at-end-of-compound-statement.patch.bz2 # parts from here: # http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-2/programs/pluto/db_ops.c?r1=1.5&r2=1.6&makepatch=1&diff_format=u # http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-2/programs/ikeping/ikeping.c?r1=1.11&r2=1.13&makepatch=1&diff_format=u Patch2: strongswan-2.0.2-gcc4.patch Group: System/Servers BuildRequires: libgmp-devel BuildRequires: libldap-devel BuildRequires: libcurl-devel BuildRequires: opensc-devel Requires: ipsec-tools PreReq: rpm-helper BuildRoot: %{_tmppath}/%{name}-buildroot %description FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up FreeS/WAN on a freeswan enabled kernel. %prep %setup -q -n %{name}-%{version} %patch0 -p1 -b .nuke-warnings %patch1 -p1 -b .label_at_end_of_comound_statement %patch2 -p1 -b .gcc4 mv README README.main # enable LDAP v3 support perl -pi -e "s,#LDAP_VERSION=3,LDAP_VERSION=3,g" %{_builddir}/%{name}-%{version}/programs/pluto/Makefile # enable smartcard support perl -pi -e "s,#SMARTCARD=1,SMARTCARD=1,g" %{_builddir}/%{name}-%{version}/programs/pluto/Makefile # enable OCSP and dynamic CRL fetching using HTTP or FTP perl -pi -e "s,#LIBCURL=1,LIBCURL=1,g" %{_builddir}/%{name}-%{version}/programs/pluto/Makefile # change some default settings find . -type f | xargs perl -pi -e "s,/usr/local/man,%{_mandir},g" find . -type f | xargs perl -pi -e "s,/usr/local,%{_prefix},g" find . -type f | xargs perl -pi -e "s,/libexec/ipsec,/lib/ipsec,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.conf,/etc/freeswan/ipsec.conf,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.secrets,/etc/freeswan/ipsec.secrets,g" find . -type f | xargs perl -pi -e "s,/etc/ipsec.d,/etc/freeswan/ipsec.d,g" #fix the ipsec_aes commands find . -type f | xargs perl -pi -e "s,modprobe ipsec_aes,modprobe aes,g" find . -type f | xargs perl -pi -e "s,rmmod ipsec_aes,rmmod aes,g" bzcat %{SOURCE1} > freeswan.init %build %serverbuild perl -p -i -e "s|INC_USRLOCAL=/usr/local|INC_USRLOCAL=%{_prefix}|" Makefile.inc perl -p -i -e "s|INC_USRLOCAL=/libexec/ipsec/|INC_USRLOCAL=%{_lib}/ipsec/|" Makefile.inc %make \ OPT_FLAGS="%{optflags}" \ CONFDIR=%{_sysconfdir}/freeswan/ \ FINALCONFDIR=%{_sysconfdir}/freeswan \ FINALCONFFILE=%{_sysconfdir}/ipsec.conf \ INC_USRLOCAL=%{_prefix} \ INC_MANDIR=share/man programs %install rm -rf %{buildroot} install -d %{buildroot}%{_sysconfdir}/%{source_name}/ipsec.d/{cacerts,crls,private,certs,acerts,aacerts,ocspcerts} install -d %{buildroot}%{_initrddir} install -d %{buildroot}/var/run/pluto make \ INC_USRLOCAL=%{_prefix} \ INC_MANDIR=share/man \ CONFDIR="%{buildroot}"%{_sysconfdir}/freeswan \ DESTDIR="%{buildroot}" \ install # (fg) File is copied over here install -m0755 freeswan.init %{buildroot}%{_initrddir}/ipsec mv %{buildroot}%{_sysconfdir}/ipsec.d/policies %{buildroot}%{_sysconfdir}/%{source_name}/ipsec.d/ find . -name ".cvsignore" | xargs rm -rf # cleanup rm -rf %{buildroot}%{_docdir} %post is=%{_sysconfdir}/freeswan/ipsec.secrets; if [ ! -f $is ]; then ipsec newhostkey --output $is && chmod 400 $is; else ipsec newhostkey --output $is.rpmnew && chmod 400 $is.rpmnew; fi %_post_service ipsec %preun %_preun_service ipsec %clean rm -rf %{buildroot} %files %defattr(-,root,root,755) %doc README* COPYING CHANGES* CREDITS doc/* %attr(700,root,root) %dir %{_sysconfdir}/%{source_name} %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/ %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/acerts %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/aacerts %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/ocspcerts %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/certs %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/cacerts %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/crls %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/private %attr(700,root,root) %dir %{_sysconfdir}/%{source_name}/ipsec.d/policies/ %config(noreplace) %{_sysconfdir}/%{source_name}/ipsec.d/policies/* %config(noreplace) %{_sysconfdir}/%{source_name}/ipsec.conf %config(noreplace) %{_initrddir}/ipsec %config(noreplace) %{_sysconfdir}/rc.d/*/* %dir %{_libdir}/ipsec %{_libdir}/ipsec/* %{_sbindir}/* %{_mandir}/*/* %changelog * Fri Sep 09 2005 Andreas Hasenack <andreas@mandriva.com> 2.0.2-4mdk - added gcc4 patch from ehabkost@mandriva.com and from openswan cvs - rebuilt with openldap-2.3.x * Mon Feb 07 2005 Buchan Milne <bgmilne@linux-mandrake.com> 2.0.2-3mdk - rebuild for ldap2.2_7 * Wed Oct 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.2-2mdk - rebuilt against new libcurl - misc spec file fixes * Wed Jun 09 2004 Florin <florin@mandrakesoft.com> 2.0.2-1mdk - first Mandrake release