3 # for sles11+ and opensuse 11.4
4 # for sles10, use sles10.spec
6 Summary: Openswan IPSEC implementation
9 # Build KLIPS kernel module?
10 %{!?buildklips: %{expand: %%define buildklips 0}}
11 %{!?buildxen: %{expand: %%define buildxen 0}}
13 # The default kernel version to build for is the latest of
14 # the installed binary kernel
15 # This can be overridden by "--define 'kversion x.x.x-y.y.y'"
16 %define defkflavor %(uname -r | cut -d- -f 3)
17 %define defkrelease %(uname -r)
18 %define defkversion %(rpm -q --queryformat '%%{VERSION}-%%{RELEASE}' kernel-%{defkflavor})
19 %{!?kflavor: %{expand: %%define kflavor %defkflavor}}
20 %{!?krelease: %{expand: %%define krelease %defkrelease}}
21 %{!?kversion: %{expand: %%define kversion %defkversion}}
22 %define krelver %(echo %{krelease} | tr -s '-' '_')
24 # Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
25 %define srcpkgver %(echo %{version} | tr -s '_' '-')
27 Release: %{ourrelease}
29 Url: http://www.openswan.org/
30 Source: openswan-%{srcpkgver}.tar.gz
32 Group: Productivity/Networking/Security
33 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
34 Summary: Openswan - An IPsec and IKE implementation
35 PreReq: %insserv_prereq %fillup_prereq perl
36 BuildRequires: gmp-devel bison flex bind-devel xmlto
37 Requires: iproute2 >= 2.6.8
43 Openswan is a free implementation of IPSEC & IKE for Linux. IPSEC is
44 the Internet Protocol Security and uses strong cryptography to provide
45 both authentication and encryption services. These services allow you
46 to build secure tunnels through untrusted networks. Everything passing
47 through the untrusted net is encrypted by the ipsec gateway machine and
48 decrypted by the gateway at the other end of the tunnel. The resulting
49 tunnel is a virtual private network or VPN.
51 This package contains the daemons and userland tools for setting up
52 Openswan on a freeswan enabled kernel. It optionally also builds the
53 Openswan KLIPS IPsec stack that is an alternative for the NETKEY/XFRM
54 IPsec stack that exists in the default Linux kernel.
58 Summary: Openswan kernel module
60 Release: %{krelver}_%{ourrelease}
61 Requires: kernel-%{kflavor} = %{kversion}
62 BuildRequires: kernel-%{kflavor} = %{kversion}, kernel-%{kflavor}-devel = %{kversion}, module-init-tools
67 This package contains only the ipsec module for the RedHat/Fedora series of
72 %setup -q -n openswan-%{srcpkgver}
74 sed -i 's/-Werror/#-Werror/' lib/libdns/Makefile
75 sed -i 's/-Werror/#-Werror/' lib/libisc/Makefile
76 sed -i 's/-Werror/#-Werror/' lib/liblwres/Makefile
79 # Suse has no %{_libexecdir} directory, put it all in libdir instead (yuck)
81 USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
82 INC_USRLOCAL=%{_prefix} \
83 FINALLIBDIR=%{_libdir}/ipsec \
84 FINALBINDIR=%{_libdir}/ipsec \
85 FINALLIBEXECDIR=%{_libdir}/ipsec \
87 INC_RCDEFAULT=%{_initrddir} \
88 INC_RCDIRS='/etc/init.d /etc/rc.d/init.d /etc/rc.d /sbin/init.d' \
89 INC_DOCDIR=share/doc/packages \
93 mkdir -p BUILD.%{_target_cpu}
96 # rpm doesn't know we're compiling kernel code. optflags will give us -m64
97 %{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu} \
99 KLIPSCOMPILE="%{optflags}" \
100 KERNELSRC=/lib/modules/%{krelease}/build \
111 DESTDIR=%{buildroot} \
112 INC_USRLOCAL=%{_prefix} \
113 FINALLIBDIR=%{_libdir}/ipsec \
114 FINALBINDIR=%{_libdir}/ipsec \
115 FINALLIBEXECDIR=%{_libdir}/ipsec \
116 MANTREE=%{buildroot}%{_mandir} \
117 INC_RCDEFAULT=%{_initrddir} \
120 rm -rf %{buildroot}/usr/share/doc/openswan
121 rm -rf %{buildroot}/%{_initrddir}/setup
122 rm -rf %{buildroot}/etc/ipsec.d/examples
123 find %{buildroot}%{_mandir} -type f | xargs chmod a-x
124 install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
125 install -d %{buildroot}%{_sbindir}
127 ln -sf /etc/init.d/ipsec ${RPM_BUILD_ROOT}%{prefix}/sbin/rcipsec
128 #echo "# see man ipsec.secrets" > $RPM_BUILD_ROOT/etc/ipsec.secrets
129 install -d -m 755 %{buildroot}/etc/sysconfig/network/{scripts,if-up.d,if-down.d}
130 install -m 755 packaging/suse/sysconfig.network.scripts.openswan %{buildroot}/etc/sysconfig/network/scripts/freeswan
131 install -m 644 packaging/suse/sysconfig.network.scripts.openswan-functions %{buildroot}/etc/sysconfig/network/scripts/freeswan-functions
132 ln -s ../scripts/freeswan %{buildroot}/etc/sysconfig/network/if-up.d/freeswan
133 ln -s ../scripts/freeswan %{buildroot}/etc/sysconfig/network/if-down.d/freeswan
134 # ip-up script (#39048)
135 install -d -m 750 -g dialout %{buildroot}/etc/ppp/ip-{up,down}.d
136 install -d -m 750 %{buildroot}/etc/ppp/ip-{up,down}.d
137 install -m 755 packaging/suse/openswan.ip-up %{buildroot}/etc/ppp/ip-up.d/freeswan
138 ln -s ../ip-up.d/freeswan %{buildroot}/etc/ppp/ip-down.d/freeswan
139 rm -f %{buildroot}/etc/rc?.d/[KS]*ipsec
142 mkdir -p %{buildroot}/lib/modules/%{krelease}/kernel/net/ipsec
143 for i in $FS/BUILD.%{_target_cpu}/ipsec.ko $FS/modobj/ipsec.o
147 cp $i %{buildroot}/lib/modules/%{krelease}/kernel/net/ipsec
153 rm -rf ${RPM_BUILD_ROOT}
156 %defattr(-,root,root)
157 %doc BUGS CHANGES COPYING CREDITS README LICENSE
158 %doc OBJ.linux.*/programs/examples/*.conf
159 #%doc doc/manpage.d/*
160 # /usr/share/doc/openswan/*
161 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
162 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
163 %dir %attr(700,root,root) /etc/ipsec.d/policies
164 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
165 %ghost %attr(0700,root,root) %dir %{_localstatedir}/run/pluto
171 /etc/sysconfig/network/scripts/*
172 /etc/sysconfig/network/if-up.d/freeswan
173 /etc/sysconfig/network/if-down.d/freeswan
174 /etc/ppp/ip-up.d/freeswan
175 /etc/ppp/ip-down.d/freeswan
176 %dir %attr(700,root,root) /etc/ipsec.d/private
180 %defattr (-,root,root)
181 /lib/modules/%{krelease}/kernel/net/ipsec
185 %{stop_on_removal ipsec}
186 # Some people expect to not loose their secrets even after multiple rpm -e.
187 if test -s etc/ipsec.secrets.rpmsave; then
188 cp -p --backup=numbered etc/ipsec.secrets.rpmsave etc/ipsec.secrets.rpmsave.old
193 %{restart_on_update ipsec}
198 /sbin/depmod -a -e -F /boot/System.map-%{krelease} %{krelease}
200 /sbin/depmod -a -e -F /boot/System.map-%{krelease} %{krelease}
204 %{fillup_and_insserv ipsec}
205 # don't create host keys on install - might be no entropy!
206 # openswan automatically does it on 'start' if no ipsec.secrets is found
209 * Wed May 07 2008 Paul Wouters <paul@xelerance.com> - 2.5.50-1
210 - Various spec file fixes to compile on SLES 10 SP1
211 - Suse has no libexec directory - use libdir
213 * Fri Apr 18 2008 Paul Wouters <paul@xelerance.com> - 2.5.49-1
214 - Incororated Suse initscripts and some SPEC semantics from mt@suse.de
216 * Thu Dec 20 2007 Paul Wouters <paul@xelerance.com> - 2.6.01-1
217 - Work around for warnings in BIND related code
218 - Remove bogus file /etc/init.d/setup at install
219 - Cleaned up spec file
221 * Mon Oct 10 2005 Paul Wouters <paul@xelerance.com>
222 - Updated for klips on xen
223 - added ldconfig for post klips to obtain ipsec module dependancies
224 - Run 'make include' since on FC4 kernel source does not have the links yet.
226 * Wed Jan 5 2005 Paul Wouters <paul@xelerance.com>
227 - Updated for x86_64 and klips on 2.6
229 * Sun Sep 5 2004 Paul Wouters <paul@xelerance.com>
230 - Updated for openswan
232 * Fri Aug 22 2003 Sam Sgro <sam@freeswan.org>
233 - Juggling release/source package names to allow for
234 -pre/-rc releases to build.
236 * Thu Aug 14 2003 Sam Sgro <sam@freeswan.org>
237 - Reverting back to pre-x.509 version, cosmetic changes.
239 * Tue May 20 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_2es
240 - Add "Obsoletes: freeswan" to userland RPM.
242 * Fri May 16 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-x509_1.3.2_1es
243 - Add version 1.3.2 of the x509 patch.
244 - Add missing /usr/libexec/ipsec dir and files.
245 - Minor tidy up of spec file.
247 * Thu May 15 2003 Charlie Brady <charlieb@e-smith.com> 2.0.0-1es
248 - Based on work by Paul Lahaie of Steamballoon, Michael
249 Richardson of freeS/WAN team and Tuomo Soini <tis@foobar.fi>.
250 - Build freeswan RPMs from a single source RPM, for RedHat, but
251 should work on any RPM based system.