rpms-fedora-extras/strongswan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up the specfile a bit

Browse Source
This commit is contained in:
Pavel Šimerda
2014-03-15 00:20:08 +01:00
parent 2a4f417b6a
commit 7c3a8251bd
4 changed files with 158 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
strongswan-5.1.2-autoconf.patch Normal file
View File

@@ -0,0 +1,26 @@
commit af15c71bfbfab2e732159f06bb024aa77a489246
Author: Tobias Brunner <tobias@strongswan.org>
Date: Mon Mar 3 17:14:26 2014 +0100
configure: Fix autoreconf with older autotools
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536.
diff --git a/configure.ac b/configure.ac
index 8a925c2..ec189c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,8 +528,7 @@ AC_CHECK_FUNC(
AC_MSG_FAILURE([qsort_r has unknown semantics])])
])
CFLAGS="$save_CFLAGS"
- ],
- []
+ ]
)
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)

235
strongswan-init.patch
View File

@@ -1,235 +0,0 @@
diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac
--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400
+++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400
@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([
man/Makefile
init/Makefile
init/systemd/Makefile
+ init/sysvinit/Makefile
+ init/sysvinit/strongswan
src/Makefile
src/include/Makefile
src/libstrongswan/Makefile
diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am
--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400
+++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400
@@ -1,5 +1,5 @@
-SUBDIRS =
+SUBDIRS = sysvinit
if HAVE_SYSTEMD
SUBDIRS += systemd
diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am
--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1 @@
+noinst_DATA = strongswan
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan
--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# strongswan An implementation of key management system for IPsec
+#
+# chkconfig: - 48 52
+# description: Starts or stops the Strongswan daemon.
+
+### BEGIN INIT INFO
+# Provides: ipsec
+# Required-Start: $network $remote_fs $syslog $named
+# Required-Stop: $syslog $remote_fs
+# Default-Start:
+# Default-Stop: 0 1 6
+# Short-Description: Start Strongswan daemons at boot time
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="@SBINDIR@/@IPSEC_SCRIPT@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon $exec start
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ $exec stop
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+_status() {
+ # run checks to determine if the service is running or use generic status
+ status $status_prog
+}
+
+_status_q() {
+ _status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ _status_q && exit 0
+ $1
+ ;;
+ stop)
+ _status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ _status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ _status
+ ;;
+ condrestart|try-restart)
+ _status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in
--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# strongswan An implementation of key management system for IPsec
+#
+# chkconfig: - 48 52
+# description: Starts or stops the Strongswan daemon.
+
+### BEGIN INIT INFO
+# Provides: ipsec
+# Required-Start: $network $remote_fs $syslog $named
+# Required-Stop: $syslog $remote_fs
+# Default-Start:
+# Default-Stop: 0 1 6
+# Short-Description: Start Strongswan daemons at boot time
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="@sbindir@/@ipsec_script@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon $exec start
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ $exec stop
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+_status() {
+ # run checks to determine if the service is running or use generic status
+ status $status_prog
+}
+
+_status_q() {
+ _status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ _status_q && exit 0
+ $1
+ ;;
+ stop)
+ _status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ _status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ _status
+ ;;
+ condrestart|try-restart)
+ _status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?

75
strongswan.spec
View File

@@ -1,23 +1,15 @@
%global _hardened_build 1
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%global enable_nm 1
%global _enable_nm '--enable-nm'
%else
%global enable_nm 0
%endif
Name: strongswan
Version: 5.1.2
Release: 1%{?dist}
Release: 2%{?dist}
Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons
License: GPLv2+
URL: http://www.strongswan.org/
Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2
# Add RHEL6 sysvinit to source and build system
# http://wiki.strongswan.org/issues/195
Patch0: strongswan-init.patch
# Initscript for epel6
Source1: %{name}.sysvinit
# Avoid breakage with Fedora OpenSSL
# http://wiki.strongswan.org/issues/537
Patch1: strongswan-pts-ecp-disable.patch
@@ -27,12 +19,15 @@ Patch2: libstrongswan-plugin.patch
# Use DBG1 for settings.c debug messages
# http://wiki.strongswan.org/issues/539
Patch3: libstrongswan-settings-debug.patch
# See above
# Link plugins to libstrongswan
# http://wiki.strongswan.org/issues/538 (same as for Patch2)
Patch4: libstrongswan-973315.patch
# Fix selinux issues caused by leaking file descriptors to xtables-multi
# http://wiki.strongswan.org/issues/519
Patch6: strongswan-5.1.1-selinux.patch
# Fix configure.ac to build for epel6
# http://wiki.strongswan.org/issues/536
Patch7: strongswan-5.1.2-autoconf.patch
BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel
BuildRequires: openldap-devel
@@ -42,31 +37,27 @@ BuildRequires: gettext-devel
BuildRequires: trousers-devel
BuildRequires: libxml2-devel
BuildRequires: pam-devel
%if 0%{?enable_nm}
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
BuildRequires: NetworkManager-devel
BuildRequires: NetworkManager-glib-devel
Obsoletes: %{name}-NetworkManager < 0:5.0.4-5
Provides: %{name}-charon-nm = 0:%{version}-%{release}
%else
Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619
%endif
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%else
Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
%endif
%description
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
%if 0%{?enable_nm}
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%package charon-nm
Summary: NetworkManager plugin for Strongswan
Group: System Environment/Daemons
@@ -89,20 +80,18 @@ modules can be used by any third party TNC Client/Server implementation
possessing a standard IF-IMC/IMV interface. In addition, it implements
PT-TLS to support TNC over TLS.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch7 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
%build
# for initscript patch to work
autoreconf
%configure --disable-static \
--with-ipsec-script=%{name} \
@@ -111,6 +100,9 @@ autoreconf
--with-ipseclibdir=%{_libdir}/%{name} \
--with-fips-mode=2 \
--with-tss=trousers \
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
--enable-nm \
%endif
--enable-openssl \
--enable-md4 \
--enable-xauth-eap \
@@ -145,10 +137,7 @@ autoreconf
--enable-eap-radius \
--enable-curl \
--enable-eap-identity \
--enable-cmd \
%{?_enable_nm}
--enable-cmd
make %{?_smp_mflags}
%install
@@ -166,33 +155,29 @@ find %{buildroot} -type f -name '*.la' -delete
chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
# protect configuration from ordinary user's eyes
chmod 700 %{buildroot}%{_sysconfdir}/%{name}
# setup systemd unit or initscript
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%else
install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}
%endif
#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools
#mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki
#move /usr/bin/pki to avoid conflict with pki-core/pki-tools
# move stuff to libexec
mv %{buildroot}%{_bindir}/pki %{buildroot}%{_libexecdir}/%{name}/pki
# Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
done
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%else
install -D -m 755 %{name}.sysvinit %{buildroot}/%{_initddir}/%{name}
%endif
%post
/sbin/ldconfig
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_post %{name}.service
%else
/sbin/chkconfig --add %{name}
%endif
%preun
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_preun %{name}.service
%else
if [ $1 -eq 0 ] ; then
@@ -204,19 +189,18 @@ fi
%postun
/sbin/ldconfig
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_postun_with_restart %{name}.service
%else
%endif
%files
%doc README README.Fedora COPYING NEWS TODO
%dir %{_sysconfdir}/%{name}
%{_sysconfdir}/%{name}/ipsec.d/
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%{_unitdir}/%{name}.service
%else
%{_initddir}/%{name}
@@ -480,13 +464,18 @@ fi
%dir %{_datadir}/regid.2004-03.org.%{name}
%{_datadir}/regid.2004-03.org.%{name}/*.swidtag
%if 0%{?enable_nm}
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%files charon-nm
%doc COPYING
%{_libexecdir}/%{name}/charon-nm
%endif
%changelog
* Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-2
- clean up the specfile a bit
- replace the initscript patch with an individual initscript
- patch to build for epel6
* Mon Mar 03 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-1
- #1071353 - bump to 5.1.2
- #1071338 - strongswan is compiled without xauth-pam plugin

100
strongswan.sysvinit Normal file
View File

@@ -0,0 +1,100 @@
#!/bin/sh
#
# strongswan An implementation of key management system for IPsec
#
# chkconfig: - 48 52
# description: Starts or stops the Strongswan daemon.
### BEGIN INIT INFO
# Provides: ipsec
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop: $syslog $remote_fs
# Default-Start:
# Default-Stop: 0 1 6
# Short-Description: Start Strongswan daemons at boot time
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
exec="@SBINDIR@/@IPSEC_SCRIPT@"
prog="strongswan"
status_prog="starter"
config="/etc/strongswan/strongswan.conf"
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
daemon $exec start
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$exec stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
_status() {
# run checks to determine if the service is running or use generic status
status $status_prog
}
_status_q() {
_status >/dev/null 2>&1
}
case "$1" in
start)
_status_q && exit 0
$1
;;
stop)
_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
_status
;;
condrestart|try-restart)
_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?