|
@@ -1,29 +1,45 @@
|
|
|
+%bcond_with wildcard_psk
|
|
|
+
|
|
|
Name: ipsec-tools
|
|
|
-Version: 0.6.7
|
|
|
-Release: 2%{?_dist_release}
|
|
|
+Version: 0.8.0
|
|
|
+Release: 1%{?_dist_release}
|
|
|
Summary: Tools for configuring and using IPsec
|
|
|
Summary(ja): IPsecツール
|
|
|
License: BSD
|
|
|
Group: System Environment/Base
|
|
|
URL: http://ipsec-tools.sourceforge.net/
|
|
|
Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
|
|
|
-#Source1: ipsec.h
|
|
|
-#Source2: pfkeyv2.h
|
|
|
-Source3: racoon.conf
|
|
|
-Source4: psk.txt
|
|
|
-#Source5: xfrm.h
|
|
|
-#Source6: udp.h
|
|
|
-Source7: racoon.init
|
|
|
-Source8: ipsec.conf
|
|
|
-
|
|
|
-Patch: ipsec-tools-0.5-libs.patch
|
|
|
-Patch2: isakmp.c.diff
|
|
|
-Patch5: ipsec-tools-0.5-64bit.patch
|
|
|
-Patch7: ipsec-tools-0.6.5-mls.patch
|
|
|
-Patch9: racoon-lspp-ipsec.patch
|
|
|
+Source1: racoon.conf
|
|
|
+Source2: psk.txt
|
|
|
+Source3: p1_up_down
|
|
|
+Source4: racoon.init
|
|
|
+Source5: racoon.pam
|
|
|
+
|
|
|
+Source100: ipsec.conf
|
|
|
+
|
|
|
+# Ignore acquires that are sent by kernel for SAs that are already being
|
|
|
+# negotiated (#234491)
|
|
|
+Patch3: ipsec-tools-0.8.0-acquires.patch
|
|
|
+# Support for labeled IPSec on loopback
|
|
|
+Patch4: ipsec-tools-0.8.0-loopback.patch
|
|
|
+# Create racoon as PIE
|
|
|
+Patch11: ipsec-tools-0.7.1-pie.patch
|
|
|
+# Fix leak in certification handling
|
|
|
+Patch14: ipsec-tools-0.7.2-moreleaks.patch
|
|
|
+# Do not install development files
|
|
|
+Patch16: ipsec-tools-0.8.0-nodevel.patch
|
|
|
+# Use krb5 gssapi mechanism
|
|
|
+Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
|
|
|
+# Drop -R from linker
|
|
|
+Patch19: ipsec-tools-0.7.3-build.patch
|
|
|
+# Silence strict aliasing warnings
|
|
|
+Patch20: ipsec-tools-0.8.0-aliasing.patch
|
|
|
+
|
|
|
+Patch100: racoon-wildcard_id.patch
|
|
|
|
|
|
#BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
|
|
|
-BuildRequires: openssl-devel, bison, flex, automake, libtool, glibc-kernheaders
|
|
|
+BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
|
|
|
+BuildRequires: openssl-devel, pam-devel, krb5-devel
|
|
|
#BuildRequires: libselinux-devel >= 1.30.28-2
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
#Requires: initscripts >= 7.31.11.EL-1
|
|
@@ -50,29 +66,43 @@ package builds:
|
|
|
|
|
|
%prep
|
|
|
%setup -q
|
|
|
-%patch -p1
|
|
|
-%patch2 -p1
|
|
|
-%patch5 -p1 -b .64bit
|
|
|
-#%patch7 -p1 -b .mls
|
|
|
-#%patch9 -p1 -b .sctx
|
|
|
+#%patch -p1
|
|
|
+#%patch2 -p1
|
|
|
+#%patch5 -p1 -b .64bit
|
|
|
+
|
|
|
+%patch3 -p1 -b .acquires
|
|
|
+%patch4 -p1 -b .loopback
|
|
|
+
|
|
|
+%patch11 -p1 -b .pie
|
|
|
+%patch14 -p1 -b .moreleaks
|
|
|
+%patch16 -p1 -b .nodevel
|
|
|
+%patch18 -p1 -b .gssapi-mech
|
|
|
+%patch19 -p1 -b .build
|
|
|
+%patch20 -p1 -b .aliasing
|
|
|
+
|
|
|
+%if %{with wildcard_psk}
|
|
|
+%patch100 -p0 -b wildcard_id
|
|
|
+%endif
|
|
|
|
|
|
-#mkdir -p kernel-headers/linux
|
|
|
-#cp %{SOURCE1} %{SOURCE2} %{SOURCE5} %{SOURCE6} kernel-headers/linux
|
|
|
-#./bootstrap
|
|
|
+./bootstrap
|
|
|
|
|
|
%build
|
|
|
sed -i 's|-Werror||g' configure
|
|
|
-CFLAGS="$RPM_OPT_FLAGS" %configure \
|
|
|
- --sysconfdir=%{_sysconfdir}/racoon \
|
|
|
+LDFLAGS="-Wl,--as-needed"
|
|
|
+export LDFLAGS
|
|
|
+%configure \
|
|
|
--with-kernel-headers=/usr/include \
|
|
|
+ --sysconfdir=%{_sysconfdir}/racoon \
|
|
|
--without-readline \
|
|
|
--enable-adminport \
|
|
|
--enable-hybrid \
|
|
|
--enable-frag \
|
|
|
--enable-dpd \
|
|
|
- --enable-natt
|
|
|
-# --enable-gssapi \
|
|
|
-# --enable-security-context
|
|
|
+ --enable-gssapi \
|
|
|
+ --enable-natt \
|
|
|
+ --disable-security-context \
|
|
|
+ --disable-audit \
|
|
|
+ --with-libpam
|
|
|
make
|
|
|
|
|
|
%install
|
|
@@ -82,28 +112,45 @@ mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
-# no devel stuff for now
|
|
|
-rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
|
|
|
- $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
|
|
|
- $RPM_BUILD_ROOT%{_includedir} \
|
|
|
- $RPM_BUILD_ROOT%{_mandir}/man3
|
|
|
|
|
|
-install -m 600 %{SOURCE3} \
|
|
|
+install -m 600 %{SOURCE1} \
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
|
|
|
-install -m 600 %{SOURCE4} \
|
|
|
+install -m 600 %{SOURCE2} \
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
|
|
|
-install -m 755 %{SOURCE7} \
|
|
|
- $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/racoon
|
|
|
-install -m 600 %{SOURCE8} \
|
|
|
- $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
|
|
|
|
|
|
mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
|
|
|
|
|
|
mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
|
|
|
+mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
|
|
|
+
|
|
|
+install -m 700 %{SOURCE3} \
|
|
|
+ $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
|
|
|
+install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
|
|
|
+install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
|
|
|
+
|
|
|
+install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
|
|
|
+
|
|
|
+# no devel stuff for now
|
|
|
+rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
|
|
|
+ $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
|
|
|
+ $RPM_BUILD_ROOT%{_includedir} \
|
|
|
+ $RPM_BUILD_ROOT%{_mandir}/man3
|
|
|
+
|
|
|
|
|
|
%clean
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
+%post
|
|
|
+if [ $1 = 1 ]; then
|
|
|
+ chkconfig --add racoon
|
|
|
+fi
|
|
|
+
|
|
|
+%preun
|
|
|
+if [ $1 = 0 ]; then
|
|
|
+ service racoon stop > /dev/null 2>&1
|
|
|
+ /sbin/chkconfig --del racoon
|
|
|
+fi
|
|
|
+
|
|
|
%files
|
|
|
%defattr(-,root,root)
|
|
|
%doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
|
|
@@ -112,15 +159,23 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
/sbin/*
|
|
|
%{_sbindir}/*
|
|
|
%{_mandir}/man*/*
|
|
|
+%config %{_sysconfdir}/rc.d/init.d/racoon
|
|
|
%dir /etc/racoon
|
|
|
%dir /etc/racoon/certs
|
|
|
+%dir /etc/racoon/scripts
|
|
|
%dir /var/racoon
|
|
|
+/etc/racoon/scripts/*
|
|
|
%config(noreplace) %{_sysconfdir}/racoon/psk.txt
|
|
|
%config(noreplace) %{_sysconfdir}/racoon/racoon.conf
|
|
|
-%config %{_sysconfdir}/rc.d/init.d/racoon
|
|
|
%config(noreplace) %{_sysconfdir}/ipsec.conf
|
|
|
+%config(noreplace) %{_sysconfdir}/pam.d/racoon
|
|
|
|
|
|
%changelog
|
|
|
+* Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
|
|
|
+- new upstream release.
|
|
|
+- shipped all patches from Fedora RawHide.
|
|
|
+- added Patch100 but not applied as default.
|
|
|
+
|
|
|
* Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
|
|
|
- rebuild with openssl-1.0.0c
|
|
|
|