Compare commits
1 Commits
strongswan
...
strongswan
| Author | SHA1 | Date | |
|---|---|---|---|
| d01c9e5d45 |
@@ -1,31 +0,0 @@
|
||||
From 377039d24648f82dac35dcf22a2b43de81f2fb96 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 11 Nov 2021 05:48:38 +0100
|
||||
Subject: [PATCH] Skip test case, which always hangs
|
||||
|
||||
It just stops and does not continue. Avoid that test.
|
||||
---
|
||||
src/libtls/tests/suites/test_socket.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
|
||||
index 9e26e91..5296680 100644
|
||||
--- a/src/libtls/tests/suites/test_socket.c
|
||||
+++ b/src/libtls/tests/suites/test_socket.c
|
||||
@@ -804,11 +804,13 @@ Suite *socket_suite_create()
|
||||
add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
+#if 0
|
||||
tc = tcase_create("TLS 1.3/key exchange groups");
|
||||
tcase_add_checked_fixture(tc, setup_creds, teardown_creds);
|
||||
tcase_add_loop_test(tc, test_tls13_ke_groups, 0,
|
||||
tls_crypto_get_supported_groups(NULL));
|
||||
suite_add_tcase(s, tc);
|
||||
+#endif
|
||||
|
||||
tc = tcase_create("TLS 1.3/signature schemes");
|
||||
tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
|
||||
--
|
||||
2.31.1
|
||||
|
||||
161
strongswan.spec
161
strongswan.spec
@@ -2,28 +2,15 @@
|
||||
#%%define prerelease dr1
|
||||
%global dist .nhrp.9%{?dist}
|
||||
|
||||
%bcond_without python3
|
||||
%bcond_without perl
|
||||
%bcond_with check
|
||||
|
||||
%if (0%{?fedora} && 0%{?fedora} < 36) || (0%{?rhel} && 0%{?rhel} < 9)
|
||||
# trousers was retired for F36+ and no longer available in RHEL with 9+
|
||||
%bcond_without tss_trousers
|
||||
%else
|
||||
%bcond_with tss_trousers
|
||||
%endif
|
||||
|
||||
Name: strongswan
|
||||
Version: 5.9.4
|
||||
Release: 4%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: An OpenSource IPsec-based VPN and TNC solution
|
||||
License: GPLv2+
|
||||
URL: http://www.strongswan.org/
|
||||
Source0: http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
|
||||
Source1: tmpfiles-strongswan.conf
|
||||
Patch0: strongswan-5.6.0-uintptr_t.patch
|
||||
# https://github.com/strongswan/strongswan/issues/752
|
||||
Patch1: strongswan-5.9.4-test-socket.patch
|
||||
|
||||
Patch10: 0001-charon-add-optional-source-and-remote-overrides-for-.patch
|
||||
Patch11: 0002-vici-send-certificates-for-ike-sa-events.patch
|
||||
@@ -42,6 +29,7 @@ BuildRequires: openldap-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: trousers-devel
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: json-c-devel
|
||||
@@ -52,21 +40,6 @@ BuildRequires: libcap-devel
|
||||
BuildRequires: tpm2-tss-devel
|
||||
Recommends: tpm2-tools
|
||||
|
||||
%if %{with python3}
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: python3-pytest
|
||||
%endif
|
||||
|
||||
%if %{with perl}
|
||||
BuildRequires: perl-devel perl-macros
|
||||
BuildRequires: perl(ExtUtils::MakeMaker)
|
||||
%endif
|
||||
|
||||
%if %{with tss_trousers}
|
||||
BuildRequires: trousers-devel
|
||||
%endif
|
||||
|
||||
BuildRequires: NetworkManager-libnm-devel
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
@@ -113,38 +86,14 @@ modules can be used by any third party TNC Client/Server implementation
|
||||
possessing a standard IF-IMC/IMV interface. In addition, it implements
|
||||
PT-TLS to support TNC over TLS.
|
||||
|
||||
%if %{with python3}
|
||||
%package -n python3-vici
|
||||
Summary: Strongswan Versatile IKE Configuration Interface python bindings
|
||||
BuildArch: noarch
|
||||
%description -n python3-vici
|
||||
VICI is an attempt to improve the situation for system integrators by providing
|
||||
a stable IPC interface, allowing external tools to query, configure
|
||||
and control the IKE daemon.
|
||||
|
||||
The Versatile IKE Configuration Interface (VICI) python bindings provides module
|
||||
for Strongswan runtime configuration from python applications.
|
||||
|
||||
%endif
|
||||
|
||||
%if %{with perl}
|
||||
%package -n perl-vici
|
||||
Summary: Strongswan Versatile IKE Configuration Interface perl bindings
|
||||
BuildArch: noarch
|
||||
%description -n perl-vici
|
||||
VICI is an attempt to improve the situation for system integrators by providing
|
||||
a stable IPC interface, allowing external tools to query, configure
|
||||
and control the IKE daemon.
|
||||
|
||||
The Versatile IKE Configuration Interface (VICI) perl bindings provides module
|
||||
for Strongswan runtime configuration from perl applications.
|
||||
%endif
|
||||
|
||||
# TODO: make also ruby-vici
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version}%{?prerelease} -p1
|
||||
%setup -q -n %{name}-%{version}%{?prerelease}
|
||||
%patch0 -p1
|
||||
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%build
|
||||
# only for snapshots
|
||||
@@ -163,7 +112,7 @@ for Strongswan runtime configuration from perl applications.
|
||||
--with-piddir=%{_rundir}/strongswan \
|
||||
--with-nm-ca-dir=%{_sysconfdir}/strongswan/ipsec.d/cacerts/ \
|
||||
--enable-bypass-lan \
|
||||
--enable-tss-tss2 \
|
||||
--enable-tss-trousers \
|
||||
--enable-nm \
|
||||
--enable-systemd \
|
||||
--enable-openssl \
|
||||
@@ -227,74 +176,26 @@ for Strongswan runtime configuration from perl applications.
|
||||
--enable-curl \
|
||||
--enable-cmd \
|
||||
--enable-acert \
|
||||
--enable-aikgen \
|
||||
--enable-vici \
|
||||
--enable-swanctl \
|
||||
--enable-duplicheck \
|
||||
%ifarch x86_64 %{ix86}
|
||||
--enable-aesni \
|
||||
%endif
|
||||
%if %{with python3}
|
||||
PYTHON=%{python3} --enable-python-eggs \
|
||||
%endif
|
||||
%if %{with perl}
|
||||
--enable-perl-cpan \
|
||||
%endif
|
||||
%if %{with check}
|
||||
--enable-test-vectors \
|
||||
%endif
|
||||
%if %{with tss_trousers}
|
||||
--enable-tss-trousers \
|
||||
--enable-aikgen \
|
||||
%endif
|
||||
--enable-kernel-libipsec \
|
||||
--with-capabilities=libcap \
|
||||
CPPFLAGS="-DSTARTER_ALLOW_NON_ROOT"
|
||||
# TODO: --enable-python-eggs-install not python3 ready
|
||||
|
||||
# disable certain plugins in the daemon configuration by default
|
||||
for p in bypass-lan; do
|
||||
echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt
|
||||
done
|
||||
|
||||
%make_build
|
||||
|
||||
pushd src/libcharon/plugins/vici
|
||||
|
||||
%if %{with python3}
|
||||
pushd python
|
||||
%make_build
|
||||
sed -e "s,/var/run/charon.vici,%{_rundir}/strongswan/charon.vici," -i vici/session.py
|
||||
#py3_build
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with perl}
|
||||
pushd perl/Vici-Session/
|
||||
perl Makefile.PL INSTALLDIRS=vendor
|
||||
%make_build
|
||||
popd
|
||||
%endif
|
||||
|
||||
popd
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
|
||||
pushd src/libcharon/plugins/vici
|
||||
%if %{with python3}
|
||||
pushd python
|
||||
# TODO: --enable-python-eggs breaks our previous build. Do it now
|
||||
# propose better way to upstream
|
||||
%py3_build
|
||||
%py3_install
|
||||
popd
|
||||
%endif
|
||||
%if %{with perl}
|
||||
%make_install -C perl/Vici-Session
|
||||
rm -f %{buildroot}{%{perl_archlib}/perllocal.pod,%{perl_vendorarch}/auto/Vici/Session/.packlist}
|
||||
%endif
|
||||
popd
|
||||
make install DESTDIR=%{buildroot}
|
||||
# prefix man pages
|
||||
for i in %{buildroot}%{_mandir}/*/*; do
|
||||
if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
|
||||
@@ -316,20 +217,6 @@ install -d -m 0700 %{buildroot}%{_rundir}/strongswan
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan.conf
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.conf
|
||||
|
||||
|
||||
%check
|
||||
%if %{with check}
|
||||
# Seen some tests hang. Ensure we do not block builder forever
|
||||
export TESTS_VERBOSITY=1
|
||||
timeout 600 %make_build check
|
||||
%endif
|
||||
%if %{with python}
|
||||
pushd src/libcharon/plugins/vici
|
||||
%pytest
|
||||
popd
|
||||
%endif
|
||||
:
|
||||
|
||||
%post
|
||||
%systemd_post strongswan.service strongswan-starter.service
|
||||
|
||||
@@ -399,29 +286,7 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
|
||||
%{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
|
||||
%{_libexecdir}/strongswan/charon-nm
|
||||
|
||||
%if %{with python3}
|
||||
%files -n python3-vici
|
||||
%license COPYING
|
||||
%doc src/libcharon/plugins/vici/python/README.rst
|
||||
%{python3_sitelib}/vici
|
||||
%{python3_sitelib}/vici-%{version}-py*.egg-info
|
||||
%endif
|
||||
|
||||
%if %{with perl}
|
||||
%license COPYING
|
||||
%files -n perl-vici
|
||||
%{perl_vendorlib}/Vici
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Dec 16 2021 Neal Gompa <ngompa@datto.com> - 5.9.4-4
|
||||
- Disable TPM/TSS 1.2 support for F36+ / RHEL9+
|
||||
- Resolves: rhbz#2033299 Drop TPM/TSS 1.2 support (trousers)
|
||||
|
||||
* Thu Nov 11 2021 Petr Menšík <pemensik@redhat.com> - 5.9.4-3
|
||||
- Resolves rhbz#1419441 Add python and perl vici bindings
|
||||
- Adds optional tests run
|
||||
|
||||
* Tue Nov 09 2021 Paul Wouters <paul.wouters@aiven.io> - 5.9.4-2
|
||||
- Resolves rhbz#2018547 'strongswan restart' breaks ipsec started with strongswan-starter
|
||||
- Return to using tmpfiles, but extend to cover strongswan-starter service too
|
||||
|
||||
Reference in New Issue
Block a user