From 7c3a8251bd9a73587933d87eb2a6042cdb6badc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20=C5=A0imerda?= Date: Sat, 15 Mar 2014 00:20:08 +0100 Subject: [PATCH] clean up the specfile a bit --- strongswan-5.1.2-autoconf.patch | 26 ++++ strongswan-init.patch | 235 -------------------------------- strongswan.spec | 75 +++++----- strongswan.sysvinit | 100 ++++++++++++++ 4 files changed, 158 insertions(+), 278 deletions(-) create mode 100644 strongswan-5.1.2-autoconf.patch delete mode 100644 strongswan-init.patch create mode 100644 strongswan.sysvinit diff --git a/strongswan-5.1.2-autoconf.patch b/strongswan-5.1.2-autoconf.patch new file mode 100644 index 0000000..6837087 --- /dev/null +++ b/strongswan-5.1.2-autoconf.patch @@ -0,0 +1,26 @@ +commit af15c71bfbfab2e732159f06bb024aa77a489246 +Author: Tobias Brunner +Date: Mon Mar 3 17:14:26 2014 +0100 + + configure: Fix autoreconf with older autotools + + Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block + for the removed empty argument, which the shell then trips over when + executing ./configure. + + Fixes #536. + +diff --git a/configure.ac b/configure.ac +index 8a925c2..ec189c9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -528,8 +528,7 @@ AC_CHECK_FUNC( + AC_MSG_FAILURE([qsort_r has unknown semantics])]) + ]) + CFLAGS="$save_CFLAGS" +- ], +- [] ++ ] + ) + + AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) diff --git a/strongswan-init.patch b/strongswan-init.patch deleted file mode 100644 index eb29bdb..0000000 --- a/strongswan-init.patch +++ /dev/null @@ -1,235 +0,0 @@ -diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac ---- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400 -+++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400 -@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([ - man/Makefile - init/Makefile - init/systemd/Makefile -+ init/sysvinit/Makefile -+ init/sysvinit/strongswan - src/Makefile - src/include/Makefile - src/libstrongswan/Makefile -diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am ---- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400 -+++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400 -@@ -1,5 +1,5 @@ - --SUBDIRS = -+SUBDIRS = sysvinit - - if HAVE_SYSTEMD - SUBDIRS += systemd -diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am ---- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400 -@@ -0,0 +1 @@ -+noinst_DATA = strongswan -diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan ---- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400 -@@ -0,0 +1,100 @@ -+#!/bin/sh -+# -+# strongswan An implementation of key management system for IPsec -+# -+# chkconfig: - 48 52 -+# description: Starts or stops the Strongswan daemon. -+ -+### BEGIN INIT INFO -+# Provides: ipsec -+# Required-Start: $network $remote_fs $syslog $named -+# Required-Stop: $syslog $remote_fs -+# Default-Start: -+# Default-Stop: 0 1 6 -+# Short-Description: Start Strongswan daemons at boot time -+### END INIT INFO -+ -+# Source function library. -+. /etc/rc.d/init.d/functions -+ -+exec="@SBINDIR@/@IPSEC_SCRIPT@" -+prog="strongswan" -+status_prog="starter" -+config="/etc/strongswan/strongswan.conf" -+ -+lockfile=/var/lock/subsys/$prog -+ -+start() { -+ [ -x $exec ] || exit 5 -+ [ -f $config ] || exit 6 -+ echo -n $"Starting $prog: " -+ daemon $exec start -+ retval=$? -+ echo -+ [ $retval -eq 0 ] && touch $lockfile -+ return $retval -+} -+ -+stop() { -+ echo -n $"Stopping $prog: " -+ $exec stop -+ retval=$? -+ echo -+ [ $retval -eq 0 ] && rm -f $lockfile -+ return $retval -+} -+ -+restart() { -+ stop -+ start -+} -+ -+reload() { -+ restart -+} -+ -+force_reload() { -+ restart -+} -+ -+_status() { -+ # run checks to determine if the service is running or use generic status -+ status $status_prog -+} -+ -+_status_q() { -+ _status >/dev/null 2>&1 -+} -+ -+ -+case "$1" in -+ start) -+ _status_q && exit 0 -+ $1 -+ ;; -+ stop) -+ _status_q || exit 0 -+ $1 -+ ;; -+ restart) -+ $1 -+ ;; -+ reload) -+ _status_q || exit 7 -+ $1 -+ ;; -+ force-reload) -+ force_reload -+ ;; -+ status) -+ _status -+ ;; -+ condrestart|try-restart) -+ _status_q || exit 0 -+ restart -+ ;; -+ *) -+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" -+ exit 2 -+esac -+exit $? -diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in ---- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500 -+++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400 -@@ -0,0 +1,100 @@ -+#!/bin/sh -+# -+# strongswan An implementation of key management system for IPsec -+# -+# chkconfig: - 48 52 -+# description: Starts or stops the Strongswan daemon. -+ -+### BEGIN INIT INFO -+# Provides: ipsec -+# Required-Start: $network $remote_fs $syslog $named -+# Required-Stop: $syslog $remote_fs -+# Default-Start: -+# Default-Stop: 0 1 6 -+# Short-Description: Start Strongswan daemons at boot time -+### END INIT INFO -+ -+# Source function library. -+. /etc/rc.d/init.d/functions -+ -+exec="@sbindir@/@ipsec_script@" -+prog="strongswan" -+status_prog="starter" -+config="/etc/strongswan/strongswan.conf" -+ -+lockfile=/var/lock/subsys/$prog -+ -+start() { -+ [ -x $exec ] || exit 5 -+ [ -f $config ] || exit 6 -+ echo -n $"Starting $prog: " -+ daemon $exec start -+ retval=$? -+ echo -+ [ $retval -eq 0 ] && touch $lockfile -+ return $retval -+} -+ -+stop() { -+ echo -n $"Stopping $prog: " -+ $exec stop -+ retval=$? -+ echo -+ [ $retval -eq 0 ] && rm -f $lockfile -+ return $retval -+} -+ -+restart() { -+ stop -+ start -+} -+ -+reload() { -+ restart -+} -+ -+force_reload() { -+ restart -+} -+ -+_status() { -+ # run checks to determine if the service is running or use generic status -+ status $status_prog -+} -+ -+_status_q() { -+ _status >/dev/null 2>&1 -+} -+ -+ -+case "$1" in -+ start) -+ _status_q && exit 0 -+ $1 -+ ;; -+ stop) -+ _status_q || exit 0 -+ $1 -+ ;; -+ restart) -+ $1 -+ ;; -+ reload) -+ _status_q || exit 7 -+ $1 -+ ;; -+ force-reload) -+ force_reload -+ ;; -+ status) -+ _status -+ ;; -+ condrestart|try-restart) -+ _status_q || exit 0 -+ restart -+ ;; -+ *) -+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" -+ exit 2 -+esac -+exit $? diff --git a/strongswan.spec b/strongswan.spec index a034178..67339ac 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,23 +1,15 @@ %global _hardened_build 1 -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%global enable_nm 1 -%global _enable_nm '--enable-nm' -%else -%global enable_nm 0 -%endif - Name: strongswan Version: 5.1.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: An OpenSource IPsec-based VPN Solution Group: System Environment/Daemons License: GPLv2+ URL: http://www.strongswan.org/ Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2 -# Add RHEL6 sysvinit to source and build system -# http://wiki.strongswan.org/issues/195 -Patch0: strongswan-init.patch +# Initscript for epel6 +Source1: %{name}.sysvinit # Avoid breakage with Fedora OpenSSL # http://wiki.strongswan.org/issues/537 Patch1: strongswan-pts-ecp-disable.patch @@ -27,12 +19,15 @@ Patch2: libstrongswan-plugin.patch # Use DBG1 for settings.c debug messages # http://wiki.strongswan.org/issues/539 Patch3: libstrongswan-settings-debug.patch -# See above +# Link plugins to libstrongswan +# http://wiki.strongswan.org/issues/538 (same as for Patch2) Patch4: libstrongswan-973315.patch # Fix selinux issues caused by leaking file descriptors to xtables-multi # http://wiki.strongswan.org/issues/519 Patch6: strongswan-5.1.1-selinux.patch - +# Fix configure.ac to build for epel6 +# http://wiki.strongswan.org/issues/536 +Patch7: strongswan-5.1.2-autoconf.patch BuildRequires: gmp-devel autoconf automake BuildRequires: libcurl-devel BuildRequires: openldap-devel @@ -42,31 +37,27 @@ BuildRequires: gettext-devel BuildRequires: trousers-devel BuildRequires: libxml2-devel BuildRequires: pam-devel -%if 0%{?enable_nm} +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 BuildRequires: NetworkManager-devel BuildRequires: NetworkManager-glib-devel Obsoletes: %{name}-NetworkManager < 0:5.0.4-5 -Provides: %{name}-charon-nm = 0:%{version}-%{release} -%else -Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619 -%endif - -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd %else +Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619 Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts %endif + %description The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. -%if 0%{?enable_nm} +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %package charon-nm Summary: NetworkManager plugin for Strongswan Group: System Environment/Daemons @@ -89,20 +80,18 @@ modules can be used by any third party TNC Client/Server implementation possessing a standard IF-IMC/IMV interface. In addition, it implements PT-TLS to support TNC over TLS. - %prep %setup -q -%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch6 -p1 +%patch7 -p1 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora %build -# for initscript patch to work autoreconf %configure --disable-static \ --with-ipsec-script=%{name} \ @@ -111,6 +100,9 @@ autoreconf --with-ipseclibdir=%{_libdir}/%{name} \ --with-fips-mode=2 \ --with-tss=trousers \ +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 + --enable-nm \ +%endif --enable-openssl \ --enable-md4 \ --enable-xauth-eap \ @@ -145,10 +137,7 @@ autoreconf --enable-eap-radius \ --enable-curl \ --enable-eap-identity \ - --enable-cmd \ - %{?_enable_nm} - - + --enable-cmd make %{?_smp_mflags} %install @@ -166,33 +155,29 @@ find %{buildroot} -type f -name '*.la' -delete chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf # protect configuration from ordinary user's eyes chmod 700 %{buildroot}%{_sysconfdir}/%{name} -# setup systemd unit or initscript -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%else -install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name} -%endif -#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools -#mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki -#move /usr/bin/pki to avoid conflict with pki-core/pki-tools +# move stuff to libexec mv %{buildroot}%{_bindir}/pki %{buildroot}%{_libexecdir}/%{name}/pki - # Create ipsec.d directory tree. install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i} done +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 +%else +install -D -m 755 %{name}.sysvinit %{buildroot}/%{_initddir}/%{name} +%endif %post /sbin/ldconfig -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_post %{name}.service %else /sbin/chkconfig --add %{name} %endif %preun -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_preun %{name}.service %else if [ $1 -eq 0 ] ; then @@ -204,19 +189,18 @@ fi %postun /sbin/ldconfig -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_postun_with_restart %{name}.service %else %endif - %files %doc README README.Fedora COPYING NEWS TODO %dir %{_sysconfdir}/%{name} %{_sysconfdir}/%{name}/ipsec.d/ %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %{_unitdir}/%{name}.service %else %{_initddir}/%{name} @@ -480,13 +464,18 @@ fi %dir %{_datadir}/regid.2004-03.org.%{name} %{_datadir}/regid.2004-03.org.%{name}/*.swidtag -%if 0%{?enable_nm} +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %files charon-nm %doc COPYING %{_libexecdir}/%{name}/charon-nm %endif %changelog +* Fri Mar 14 2014 Pavel Šimerda - 5.1.2-2 +- clean up the specfile a bit +- replace the initscript patch with an individual initscript +- patch to build for epel6 + * Mon Mar 03 2014 Pavel Šimerda - 5.1.2-1 - #1071353 - bump to 5.1.2 - #1071338 - strongswan is compiled without xauth-pam plugin diff --git a/strongswan.sysvinit b/strongswan.sysvinit new file mode 100644 index 0000000..2ca7ee4 --- /dev/null +++ b/strongswan.sysvinit @@ -0,0 +1,100 @@ +#!/bin/sh +# +# strongswan An implementation of key management system for IPsec +# +# chkconfig: - 48 52 +# description: Starts or stops the Strongswan daemon. + +### BEGIN INIT INFO +# Provides: ipsec +# Required-Start: $network $remote_fs $syslog $named +# Required-Stop: $syslog $remote_fs +# Default-Start: +# Default-Stop: 0 1 6 +# Short-Description: Start Strongswan daemons at boot time +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +exec="@SBINDIR@/@IPSEC_SCRIPT@" +prog="strongswan" +status_prog="starter" +config="/etc/strongswan/strongswan.conf" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon $exec start + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + $exec stop + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +_status() { + # run checks to determine if the service is running or use generic status + status $status_prog +} + +_status_q() { + _status >/dev/null 2>&1 +} + + +case "$1" in + start) + _status_q && exit 0 + $1 + ;; + stop) + _status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + _status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + _status + ;; + condrestart|try-restart) + _status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $?