rpms-fedora-extras/strongswan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up the specfile a bit

Browse Source
This commit is contained in:
Pavel Šimerda
2014-03-15 00:20:08 +01:00
parent 2a4f417b6a
commit 7c3a8251bd
4 changed files with 158 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
strongswan-5.1.2-autoconf.patch Normal file
View File

@@ -0,0 +1,26 @@
commit af15c71bfbfab2e732159f06bb024aa77a489246
Author: Tobias Brunner <tobias@strongswan.org>
Date: Mon Mar 3 17:14:26 2014 +0100
configure: Fix autoreconf with older autotools
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536.
diff --git a/configure.ac b/configure.ac
index 8a925c2..ec189c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,8 +528,7 @@ AC_CHECK_FUNC(
AC_MSG_FAILURE([qsort_r has unknown semantics])])
])
CFLAGS="$save_CFLAGS"
- ],
- []
+ ]
)
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)

235
strongswan-init.patch
View File

@@ -1,235 +0,0 @@
diff -urNp strongswan-5.1.1-patched/configure.ac strongswan-5.1.1-current/configure.ac
--- strongswan-5.1.1-patched/configure.ac 2013-11-01 13:12:05.964927156 -0400
+++ strongswan-5.1.1-current/configure.ac 2013-11-01 13:12:24.357926499 -0400
@@ -1330,6 +1330,8 @@ AC_CONFIG_FILES([
man/Makefile
init/Makefile
init/systemd/Makefile
+ init/sysvinit/Makefile
+ init/sysvinit/strongswan
src/Makefile
src/include/Makefile
src/libstrongswan/Makefile
diff -urNp strongswan-5.1.1-patched/init/Makefile.am strongswan-5.1.1-current/init/Makefile.am
--- strongswan-5.1.1-patched/init/Makefile.am 2013-11-01 13:12:05.966927156 -0400
+++ strongswan-5.1.1-current/init/Makefile.am 2013-11-01 13:12:24.357926499 -0400
@@ -1,5 +1,5 @@
-SUBDIRS =
+SUBDIRS = sysvinit
if HAVE_SYSTEMD
SUBDIRS += systemd
diff -urNp strongswan-5.1.1-patched/init/sysvinit/Makefile.am strongswan-5.1.1-current/init/sysvinit/Makefile.am
--- strongswan-5.1.1-patched/init/sysvinit/Makefile.am 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/Makefile.am 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1 @@
+noinst_DATA = strongswan
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan strongswan-5.1.1-current/init/sysvinit/strongswan
--- strongswan-5.1.1-patched/init/sysvinit/strongswan 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/strongswan 2013-11-01 13:12:24.358926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# strongswan An implementation of key management system for IPsec
+#
+# chkconfig: - 48 52
+# description: Starts or stops the Strongswan daemon.
+
+### BEGIN INIT INFO
+# Provides: ipsec
+# Required-Start: $network $remote_fs $syslog $named
+# Required-Stop: $syslog $remote_fs
+# Default-Start:
+# Default-Stop: 0 1 6
+# Short-Description: Start Strongswan daemons at boot time
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="@SBINDIR@/@IPSEC_SCRIPT@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon $exec start
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ $exec stop
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+_status() {
+ # run checks to determine if the service is running or use generic status
+ status $status_prog
+}
+
+_status_q() {
+ _status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ _status_q && exit 0
+ $1
+ ;;
+ stop)
+ _status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ _status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ _status
+ ;;
+ condrestart|try-restart)
+ _status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
diff -urNp strongswan-5.1.1-patched/init/sysvinit/strongswan.in strongswan-5.1.1-current/init/sysvinit/strongswan.in
--- strongswan-5.1.1-patched/init/sysvinit/strongswan.in 1969-12-31 19:00:00.000000000 -0500
+++ strongswan-5.1.1-current/init/sysvinit/strongswan.in 2013-11-01 13:12:24.359926499 -0400
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# strongswan An implementation of key management system for IPsec
+#
+# chkconfig: - 48 52
+# description: Starts or stops the Strongswan daemon.
+
+### BEGIN INIT INFO
+# Provides: ipsec
+# Required-Start: $network $remote_fs $syslog $named
+# Required-Stop: $syslog $remote_fs
+# Default-Start:
+# Default-Stop: 0 1 6
+# Short-Description: Start Strongswan daemons at boot time
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="@sbindir@/@ipsec_script@"
+prog="strongswan"
+status_prog="starter"
+config="/etc/strongswan/strongswan.conf"
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon $exec start
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ $exec stop
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+_status() {
+ # run checks to determine if the service is running or use generic status
+ status $status_prog
+}
+
+_status_q() {
+ _status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ _status_q && exit 0
+ $1
+ ;;
+ stop)
+ _status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ _status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ _status
+ ;;
+ condrestart|try-restart)
+ _status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?

75
strongswan.spec
View File

@@ -1,23 +1,15 @@
%global _hardened_build 1 %global _hardened_build 1
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%global enable_nm 1
%global _enable_nm '--enable-nm'
%else
%global enable_nm 0
%endif
Name: strongswan Name: strongswan
Version: 5.1.2 Version: 5.1.2
Release: 1%{?dist} Release: 2%{?dist}
Summary: An OpenSource IPsec-based VPN Solution Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPLv2+ License: GPLv2+
URL: http://www.strongswan.org/ URL: http://www.strongswan.org/
Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2 Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2
# Add RHEL6 sysvinit to source and build system # Initscript for epel6
# http://wiki.strongswan.org/issues/195 Source1: %{name}.sysvinit
Patch0: strongswan-init.patch
# Avoid breakage with Fedora OpenSSL # Avoid breakage with Fedora OpenSSL
# http://wiki.strongswan.org/issues/537 # http://wiki.strongswan.org/issues/537
Patch1: strongswan-pts-ecp-disable.patch Patch1: strongswan-pts-ecp-disable.patch
@@ -27,12 +19,15 @@ Patch2: libstrongswan-plugin.patch
# Use DBG1 for settings.c debug messages # Use DBG1 for settings.c debug messages
# http://wiki.strongswan.org/issues/539 # http://wiki.strongswan.org/issues/539
Patch3: libstrongswan-settings-debug.patch Patch3: libstrongswan-settings-debug.patch
# See above # Link plugins to libstrongswan
# http://wiki.strongswan.org/issues/538 (same as for Patch2)
Patch4: libstrongswan-973315.patch Patch4: libstrongswan-973315.patch
# Fix selinux issues caused by leaking file descriptors to xtables-multi # Fix selinux issues caused by leaking file descriptors to xtables-multi
# http://wiki.strongswan.org/issues/519 # http://wiki.strongswan.org/issues/519
Patch6: strongswan-5.1.1-selinux.patch Patch6: strongswan-5.1.1-selinux.patch
# Fix configure.ac to build for epel6
# http://wiki.strongswan.org/issues/536
Patch7: strongswan-5.1.2-autoconf.patch
BuildRequires: gmp-devel autoconf automake BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
BuildRequires: openldap-devel BuildRequires: openldap-devel
@@ -42,31 +37,27 @@ BuildRequires: gettext-devel
BuildRequires: trousers-devel BuildRequires: trousers-devel
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: pam-devel BuildRequires: pam-devel
%if 0%{?enable_nm} %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
BuildRequires: NetworkManager-devel BuildRequires: NetworkManager-devel
BuildRequires: NetworkManager-glib-devel BuildRequires: NetworkManager-glib-devel
Obsoletes: %{name}-NetworkManager < 0:5.0.4-5 Obsoletes: %{name}-NetworkManager < 0:5.0.4-5
Provides: %{name}-charon-nm = 0:%{version}-%{release}
%else
Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619
%endif
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
BuildRequires: systemd BuildRequires: systemd
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
%else %else
Obsoletes: %{name}-NetworkManager < 0:5.0.0-3.git20120619
Requires(post): chkconfig Requires(post): chkconfig
Requires(preun): chkconfig Requires(preun): chkconfig
Requires(preun): initscripts Requires(preun): initscripts
%endif %endif
%description %description
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel. Linux kernel.
%if 0%{?enable_nm} %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%package charon-nm %package charon-nm
Summary: NetworkManager plugin for Strongswan Summary: NetworkManager plugin for Strongswan
Group: System Environment/Daemons Group: System Environment/Daemons
@@ -89,20 +80,18 @@ modules can be used by any third party TNC Client/Server implementation
possessing a standard IF-IMC/IMV interface. In addition, it implements possessing a standard IF-IMC/IMV interface. In addition, it implements
PT-TLS to support TNC over TLS. PT-TLS to support TNC over TLS.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
%build %build
# for initscript patch to work
autoreconf autoreconf
%configure --disable-static \ %configure --disable-static \
--with-ipsec-script=%{name} \ --with-ipsec-script=%{name} \
@@ -111,6 +100,9 @@ autoreconf
--with-ipseclibdir=%{_libdir}/%{name} \ --with-ipseclibdir=%{_libdir}/%{name} \
--with-fips-mode=2 \ --with-fips-mode=2 \
--with-tss=trousers \ --with-tss=trousers \
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
--enable-nm \
%endif
--enable-openssl \ --enable-openssl \
--enable-md4 \ --enable-md4 \
--enable-xauth-eap \ --enable-xauth-eap \
@@ -145,10 +137,7 @@ autoreconf
--enable-eap-radius \ --enable-eap-radius \
--enable-curl \ --enable-curl \
--enable-eap-identity \ --enable-eap-identity \
--enable-cmd \ --enable-cmd
%{?_enable_nm}
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
@@ -166,33 +155,29 @@ find %{buildroot} -type f -name '*.la' -delete
chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
# protect configuration from ordinary user's eyes # protect configuration from ordinary user's eyes
chmod 700 %{buildroot}%{_sysconfdir}/%{name} chmod 700 %{buildroot}%{_sysconfdir}/%{name}
# setup systemd unit or initscript # move stuff to libexec
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%else
install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}
%endif
#rename /usr/bin/pki to avoid conflict with pki-core/pki-tools
#mv %{buildroot}%{_bindir}/pki %{buildroot}%{_bindir}/%{name}-pki
#move /usr/bin/pki to avoid conflict with pki-core/pki-tools
mv %{buildroot}%{_bindir}/pki %{buildroot}%{_libexecdir}/%{name}/pki mv %{buildroot}%{_bindir}/pki %{buildroot}%{_libexecdir}/%{name}/pki
# Create ipsec.d directory tree. # Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i} install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
done done
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%else
install -D -m 755 %{name}.sysvinit %{buildroot}/%{_initddir}/%{name}
%endif
%post %post
/sbin/ldconfig /sbin/ldconfig
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_post %{name}.service %systemd_post %{name}.service
%else %else
/sbin/chkconfig --add %{name} /sbin/chkconfig --add %{name}
%endif %endif
%preun %preun
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_preun %{name}.service %systemd_preun %{name}.service
%else %else
if [ $1 -eq 0 ] ; then if [ $1 -eq 0 ] ; then
@@ -204,19 +189,18 @@ fi
%postun %postun
/sbin/ldconfig /sbin/ldconfig
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%else %else
%endif %endif
%files %files
%doc README README.Fedora COPYING NEWS TODO %doc README README.Fedora COPYING NEWS TODO
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%{_sysconfdir}/%{name}/ipsec.d/ %{_sysconfdir}/%{name}/ipsec.d/
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%else %else
%{_initddir}/%{name} %{_initddir}/%{name}
@@ -480,13 +464,18 @@ fi
%dir %{_datadir}/regid.2004-03.org.%{name} %dir %{_datadir}/regid.2004-03.org.%{name}
%{_datadir}/regid.2004-03.org.%{name}/*.swidtag %{_datadir}/regid.2004-03.org.%{name}/*.swidtag
%if 0%{?enable_nm} %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%files charon-nm %files charon-nm
%doc COPYING %doc COPYING
%{_libexecdir}/%{name}/charon-nm %{_libexecdir}/%{name}/charon-nm
%endif %endif
%changelog %changelog
* Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-2
- clean up the specfile a bit
- replace the initscript patch with an individual initscript
- patch to build for epel6
* Mon Mar 03 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-1 * Mon Mar 03 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.2-1
- #1071353 - bump to 5.1.2 - #1071353 - bump to 5.1.2
- #1071338 - strongswan is compiled without xauth-pam plugin - #1071338 - strongswan is compiled without xauth-pam plugin

100
strongswan.sysvinit Normal file
View File

@@ -0,0 +1,100 @@
#!/bin/sh
#
# strongswan An implementation of key management system for IPsec
#
# chkconfig: - 48 52
# description: Starts or stops the Strongswan daemon.
### BEGIN INIT INFO
# Provides: ipsec
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop: $syslog $remote_fs
# Default-Start:
# Default-Stop: 0 1 6
# Short-Description: Start Strongswan daemons at boot time
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
exec="@SBINDIR@/@IPSEC_SCRIPT@"
prog="strongswan"
status_prog="starter"
config="/etc/strongswan/strongswan.conf"
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
daemon $exec start
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$exec stop
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
_status() {
# run checks to determine if the service is running or use generic status
status $status_prog
}
_status_q() {
_status >/dev/null 2>&1
}
case "$1" in
start)
_status_q && exit 0
$1
;;
stop)
_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
_status
;;
condrestart|try-restart)
_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?