Update to 6.0.2 (rhbz#2312429)

- Disable vici python bindings as it does not build offline yet - Stop using old pythin macros (rhbz#2378468) - Remove old trouser support conditional - Add strongswan-6.0.2-no-isolation.patch - strongswan-5.6.0-uintptr_t.patch and gcc15 patches no longer needed
2025-09-11 09:55:37 -04:00
parent fdcc203679
commit efe247ce1b
4 changed files with 32 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,5 @@
 /strongswan-5.9.11.tar.bz2.sig
 /strongswan-5.9.14.tar.bz2
 /strongswan-5.9.14.tar.bz2.sig
+/strongswan-6.0.2.tar.bz2
+/strongswan-6.0.2.tar.bz2.sig
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-SHA512 (strongswan-5.9.14.tar.bz2) = e48bc9d215f9de6b54e24f7b4765d59aec4c615291d5c1f24f6a6d7da45dc8b17b2e0e150faf5fabb35e5d465abc5e6f6efa06cd002467067c5d7844ead359f6
-SHA512 (strongswan-5.9.14.tar.bz2.sig) = 1b3d57448caab91060fe3d209d90708c57dbf35ae62c97574107b32677cff73f13f7545dc91682ef84400bb8a2f105a1761aba8334763dc8c35d97be7921c242
+SHA512 (strongswan-6.0.2.tar.bz2) = b1ee61b7d0eab40a9fcb5a7e28cfea9050f5f894fa66032edf9511b1e260104870e23fc19329b48be01f03eb491bfc27c9b74838722c80ba0284a48596a68d71
+SHA512 (strongswan-6.0.2.tar.bz2.sig) = 374e16baf4b3ee24966abdb872890eb29da4aa6fc4e8a5e2a67d6099e2a72bad195257e505765cecbfae3a77ea42942fc3cea543b954f1f7b3e415ad536321ff
--- a/strongswan-6.0.2-no-isolation.patch
+++ b/strongswan-6.0.2-no-isolation.patch
@@ -0,0 +1,12 @@
+diff -Naur strongswan-6.0.2-orig/src/libcharon/plugins/vici/python/Makefile.am strongswan-6.0.2/src/libcharon/plugins/vici/python/Makefile.am
+--- strongswan-6.0.2-orig/src/libcharon/plugins/vici/python/Makefile.am	2025-07-12 02:36:20.000000000 -0400
+++ strongswan-6.0.2/src/libcharon/plugins/vici/python/Makefile.am	2025-09-10 15:31:43.217806666 -0400
+@@ -19,7 +19,7 @@
+ all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py3-none-any.whl
+ 
+ dist/vici-$(PYTHON_PACKAGE_VERSION)-py3-none-any.whl: $(EXTRA_DIST) $(srcdir)/setup.py
+-	(cd $(srcdir); $(PYTHON) -m build -o $(abs_builddir)/dist)
+	(cd $(srcdir); $(PYTHON) -m build --no-isolation -o $(abs_builddir)/dist) 
+ 
+ clean-local:
+ 	rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -1,22 +1,17 @@
 %global _hardened_build 1
 #%%define prerelease dr1

-%bcond_without python3
+# pytho vici bindings cannot build without network, so temp. disabled
+%bcond_with python3
 %bcond_without perl
+# checks fail for test_params_parse_rsa_pss
 %bcond_with    check

-%if (0%{?fedora} && 0%{?fedora} < 36) || (0%{?rhel} && 0%{?rhel} < 9)
-# trousers was retired for F36+ and no longer available in RHEL with 9+
-%bcond_without tss_trousers
-%else
-%bcond_with tss_trousers
-%endif
-
 %global forgeurl0 https://github.com/strongswan/strongswan

 Name:           strongswan
-Version:        5.9.14
-Release:        12%{?dist}
+Version:        6.0.2
+Release:        1%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 # Automatically converted from old format: GPLv2+ - review is highly recommended.
 License:        GPL-2.0-or-later
@@ -26,13 +21,10 @@ Source0:        https://download.strongswan.org/strongswan-%{version}%{?prerelea
 Source1:        https://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig
 Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
-Patch0:         strongswan-5.6.0-uintptr_t.patch
-# https://github.com/strongswan/strongswan/issues/1198
+# https://github.com/strongswan/strongswan/issues/1198  (also pinged upstream via email)
 Patch1:         strongswan-5.9.7-error-no-format.patch
-# C23 fixes included in 6.0.1
-Patch2:         strongswan-6.0.0-gcc15.patch
-# C23 fixed merged but not yet released
-Patch3:         strongswan-6.0.1-gcc15.patch
+# this patch doesn't seem to help unfortunately
+Patch2:         strongswan-6.0.2-no-isolation.patch

 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -64,7 +56,9 @@ Recommends:     tpm2-tools

 %if %{with python3}
 BuildRequires:  python3-devel
+BuildRequires:  python3-build
 BuildRequires:  python3-setuptools
+BuildRequires:  python3-daemon
 BuildRequires:  python3-pytest
 %endif

@@ -73,10 +67,6 @@ BuildRequires:  perl-devel perl-generators
 BuildRequires:  perl(ExtUtils::MakeMaker)
 %endif

-%if %{with tss_trousers}
-BuildRequires:  trousers-devel
-%endif
-
 BuildRequires:  NetworkManager-libnm-devel
 Requires(post): systemd
 Requires(preun): systemd
@@ -240,26 +230,23 @@ autoreconf -fiv
    --enable-vici \
    --enable-swanctl \
    --enable-duplicheck \
+    --enable-selinux \
+    --enable-stroke \
 %ifarch x86_64 %{ix86}
    --enable-aesni \
 %endif
 %if %{with python3}
-    PYTHON=%{python3} --enable-python-eggs \
+    PYTHON=%{python3} --enable-python-wheels \
 %endif
 %if %{with perl}
    --enable-perl-cpan \
 %endif
 %if %{with check}
    --enable-test-vectors \
-%endif
-%if %{with tss_trousers}
-    --enable-tss-trousers \
-    --enable-aikgen \
 %endif
    --enable-kernel-libipsec \
    --with-capabilities=libcap \
    CPPFLAGS="-DSTARTER_ALLOW_NON_ROOT"
-# TODO: --enable-python-eggs-install not python3 ready

 # disable certain plugins in the daemon configuration by default
 for p in bypass-lan; do
@@ -299,8 +286,8 @@ pushd src/libcharon/plugins/vici
  pushd python
    # TODO: --enable-python-eggs breaks our previous build. Do it now
    # propose better way to upstream
-    %py3_build
-    %py3_install
+    %pyproject_wheel
+    %pyproject_install
  popd
 %endif
 %if %{with perl}
@@ -416,7 +403,7 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %license COPYING
 %doc src/libcharon/plugins/vici/python/README.rst
 %{python3_sitelib}/vici
-%{python3_sitelib}/vici-%{version}-py*.egg-info
+%{python3_sitelib}/vici-%{version}.dist-info
 %endif

 %if %{with perl}