strongswan/strongswan.spec

#%%define Werror_cflags %nil
%define _disable_ld_no_undefined 1

%bcond_without nm

Summary:	IPSEC implementation
Name:		strongswan
Version:	5.5.0
Release:	5
License:	GPLv2+
Group:		System/Servers
Url:		https://www.strongswan.org/
Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
BuildRequires:	gettext-devel
BuildRequires:	gmp-devel
BuildRequires:	openldap-devel
BuildRequires:	trousers-devel
BuildRequires:	pkgconfig(libcurl)
BuildRequires:	pkgconfig(libxml-2.0)
BuildRequires:	pkgconfig(openssl)
BuildRequires:	pkgconfig(sqlite3)
BuildRequires:	pkgconfig(systemd)
%if %{with nm}
BuildRequires:	pkgconfig(NetworkManager)
BuildRequires:	pkgconfig(libnm-glib-vpn)
BuildRequires:	pkgconfig(libnm-util)
BuildRequires:	pkgconfig(libnm-glib)
%endif

%description
FreeS/WAN is a free implementation of IPSEC & IKE for Linux.  IPSEC is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
FreeS/WAN on a freeswan enabled kernel.

%files
%doc README COPYING NEWS TODO
%dir %{_sysconfdir}/%{name}
%{_sysconfdir}/%{name}/ipsec.d/
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%{_unitdir}/%{name}.service
%{_sysconfdir}/%{name}/%{name}.d
%{_sysconfdir}/%{name}/swanctl
%{_datadir}/%{name}/templates/config/plugins/*.conf
%{_datadir}/%{name}/templates/config/%{name}.conf
%{_datadir}/%{name}/templates/config/%{name}.d/*.conf
%{_datadir}/%{name}/templates/database/imv/*.sql
%{_libdir}/%{name}/libcharon.so.0
%{_libdir}/%{name}/libcharon.so.0.0.0
%{_libdir}/%{name}/libtls.so.0
%{_libdir}/%{name}/libtls.so.0.0.0
%{_libdir}/%{name}/libpttls.so.0
%{_libdir}/%{name}/libpttls.so.0.0.0
%{_libdir}/%{name}/libtpmtss.so.0
%{_libdir}/%{name}/libtpmtss.so.0.0.0
%{_libdir}/%{name}/lib%{name}.so.0
%{_libdir}/%{name}/lib%{name}.so.0.0.0
%{_libdir}/%{name}/libvici.so.0
%{_libdir}/%{name}/libvici.so.0.0.0
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/lib%{name}-aes.so
%{_libdir}/%{name}/plugins/lib%{name}-attr.so
%{_libdir}/%{name}/plugins/lib%{name}-cmac.so
%{_libdir}/%{name}/plugins/lib%{name}-constraints.so
%{_libdir}/%{name}/plugins/lib%{name}-des.so
%{_libdir}/%{name}/plugins/lib%{name}-dnskey.so
%{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so
%{_libdir}/%{name}/plugins/lib%{name}-gmp.so
%{_libdir}/%{name}/plugins/lib%{name}-hmac.so
%{_libdir}/%{name}/plugins/lib%{name}-kernel-netlink.so
%{_libdir}/%{name}/plugins/lib%{name}-md5.so
%{_libdir}/%{name}/plugins/lib%{name}-nonce.so
%{_libdir}/%{name}/plugins/lib%{name}-openssl.so
%{_libdir}/%{name}/plugins/lib%{name}-pem.so
%{_libdir}/%{name}/plugins/lib%{name}-pgp.so
%{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so
%{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so
%{_libdir}/%{name}/plugins/lib%{name}-pkcs12.so
%{_libdir}/%{name}/plugins/lib%{name}-rc2.so
%{_libdir}/%{name}/plugins/lib%{name}-sshkey.so
%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so
%{_libdir}/%{name}/plugins/lib%{name}-random.so
%{_libdir}/%{name}/plugins/lib%{name}-resolve.so
%{_libdir}/%{name}/plugins/lib%{name}-revocation.so
%{_libdir}/%{name}/plugins/lib%{name}-sha1.so
%{_libdir}/%{name}/plugins/lib%{name}-sha2.so
%{_libdir}/%{name}/plugins/lib%{name}-socket-default.so
%{_libdir}/%{name}/plugins/lib%{name}-stroke.so
%{_libdir}/%{name}/plugins/lib%{name}-updown.so
%{_libdir}/%{name}/plugins/lib%{name}-x509.so
%{_libdir}/%{name}/plugins/lib%{name}-xauth-generic.so
%{_libdir}/%{name}/plugins/lib%{name}-xauth-eap.so
%{_libdir}/%{name}/plugins/lib%{name}-xcbc.so
%{_libdir}/%{name}/plugins/lib%{name}-md4.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-md5.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-gtc.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-tls.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-ttls.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-peap.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-mschapv2.so
%{_libdir}/%{name}/plugins/lib%{name}-farp.so
%{_libdir}/%{name}/plugins/lib%{name}-dhcp.so
%{_libdir}/%{name}/plugins/lib%{name}-curl.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
%{_libdir}/%{name}/plugins/lib%{name}-vici.so
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/_copyright
%{_libexecdir}/%{name}/_updown
%{_libexecdir}/%{name}/charon
%{_libexecdir}/%{name}/scepclient
%{_libexecdir}/%{name}/starter
%{_libexecdir}/%{name}/stroke
%{_libexecdir}/%{name}/_imv_policy
%{_libexecdir}/%{name}/imv_policy_manager
%{_libexecdir}/%{name}/pt-tls-client
%{_sbindir}/%{name}
%{_sbindir}/swanctl
%{_bindir}/pki
%{_mandir}/man5/%{name}.conf.5.*
%{_mandir}/man1/%{name}*.1.*
%{_mandir}/man5/%{name}_ipsec.conf.5.*
%{_mandir}/man5/%{name}_ipsec.secrets.5.*
%{_mandir}/man5/%{name}_swanctl.conf.5.*
%{_mandir}/man8/%{name}.8.*
%{_mandir}/man8/%{name}_scepclient.8.*
%{_mandir}/man8/%{name}_swanctl.8.*

%post
%_post_service %{name}

%preun
%_preun_service %{name}

#%postun
#%_postun_userdel strongswan

#----------------------------------------------------------------------------

%if %{with nm}
%package	charon-nm
Summary:	NetworkManager plugin for Strongswan
Group:		System/Servers

%description charon-nm
NetworkManager plugin integrates a subset of Strongswan capabilities
to NetworkManager.

%files charon-nm
%doc COPYING
%{_libexecdir}/%{name}/charon-nm
%endif

#----------------------------------------------------------------------------

%package tnc-imcvs
Summary:	Trusted network connect (TNC)'s IMC/IMV functionality
Group:		System/Servers
Requires:	%{name} = %{version}

%description tnc-imcvs
This package provides Trusted Network Connect's (TNC) IMC and IMV
functionality. Specifically it includes PTS based IMC/IMV for TPM based
remote attestation and scanner and test IMCs and IMVs. The Strongswan's
IMC/IMV dynamic libraries can be used by any third party TNC Client/Server
implementation possessing a standard IF-IMC/IMV interface.

%files tnc-imcvs
%{_libdir}/%{name}/libimcv.so.0
%{_libdir}/%{name}/libimcv.so.0.0.0
%{_libdir}/%{name}/libtnccs.so.0
%{_libdir}/%{name}/libtnccs.so.0.0.0
%{_libdir}/%{name}/libradius.so.0
%{_libdir}/%{name}/libradius.so.0.0.0
%dir %{_libdir}/%{name}/imcvs
%{_libdir}/%{name}/imcvs/imc-attestation.so
%{_libdir}/%{name}/imcvs/imc-scanner.so
%{_libdir}/%{name}/imcvs/imc-test.so
%{_libdir}/%{name}/imcvs/imc-os.so
%{_libdir}/%{name}/imcvs/imv-attestation.so
%{_libdir}/%{name}/imcvs/imv-scanner.so
%{_libdir}/%{name}/imcvs/imv-test.so
%{_libdir}/%{name}/imcvs/imv-os.so
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-tnc.so
%{_libdir}/%{name}/plugins/lib%{name}-tnc-imc.so
%{_libdir}/%{name}/plugins/lib%{name}-tnc-imv.so
%{_libdir}/%{name}/plugins/lib%{name}-tnc-tnccs.so
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-20.so
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/attest
%{_libexecdir}/%{name}/pacman

#----------------------------------------------------------------------------

%prep
%setup -q
#apply_patches

%build
libtoolize --install --copy --force --automake
aclocal -I m4
autoconf
autoheader
automake --add-missing --copy

%serverbuild
%configure2_5x \
    --disable-static \
    --with-ipsec-script=%{name} \
    --sysconfdir=%{_sysconfdir}/%{name} \
    --with-ipsecdir=%{_libexecdir}/%{name} \
    --with-ipseclibdir=%{_libdir}/%{name} \
    --with-fips-mode=2 \
    --with-tss=trousers \
    --enable-openssl \
    --enable-md4 \
    --enable-xauth-eap \
    --enable-eap-md5 \
    --enable-eap-gtc \
    --enable-eap-tls \
    --enable-eap-ttls \
    --enable-eap-peap \
    --enable-eap-mschapv2 \
    --enable-farp \
    --enable-dhcp \
    --enable-sqlite \
    --enable-tnc-ifmap \
    --enable-tnc-pdp \
    --enable-imc-test \
    --enable-imv-test \
    --enable-imc-scanner \
    --enable-imv-scanner  \
    --enable-imc-attestation \
    --enable-imv-attestation \
    --enable-imv-os \
    --enable-imc-os \
    --enable-eap-tnc \
    --enable-tnccs-20 \
    --enable-tnccs-11 \
    --enable-tnccs-dynamic \
    --enable-tnc-imc \
    --enable-tnc-imv \
    --enable-eap-radius \
    --enable-curl \
    --enable-eap-identity \
%if %{with nm}
    --enable-nm \
%endif

%make
sed -i 's/\t/    /' src/starter/ipsec.conf

%install
%makeinstall_std
# prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
    fi
done
# delete unwanted library files
rm %{buildroot}%{_libdir}/%{name}/*.so
find %{buildroot} -type f -name '*.la' -delete
# fix config permissions
chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
# protect configuration from ordinary user's eyes
chmod 700 %{buildroot}%{_sysconfdir}/%{name}

# Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
    install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
done
Automatic import for version 4.5.2 2012-02-01 19:44:52 +04:00			`#%%define Werror_cflags %nil`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%define _disable_ld_no_undefined 1`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00
			`%bcond_without nm`
Automatic import for version 4.5.2 2012-02-01 19:44:52 +04:00
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`Summary: IPSEC implementation`
Automatic import for version 4.5.2 2012-02-01 19:44:52 +04:00			`Name: strongswan`
Updated to 5.5.0 2016-08-30 17:35:58 +03:00			`Version: 5.5.0`
MassBuild#1257: Increase release tag 2017-02-17 10:38:27 +03:00			`Release: 5`
LOG update to 5.0.1 2012-11-27 19:30:22 +04:00			`License: GPLv2+`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`Group: System/Servers`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`Url: https://www.strongswan.org/`
			`Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2`
			`BuildRequires: gettext-devel`
			`BuildRequires: gmp-devel`
			`BuildRequires: openldap-devel`
			`BuildRequires: trousers-devel`
			`BuildRequires: pkgconfig(libcurl)`
Workaround automake 1.13 issues, spec cleanup 2014-04-09 00:41:07 +11:00			`BuildRequires: pkgconfig(libxml-2.0)`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`BuildRequires: pkgconfig(openssl)`
			`BuildRequires: pkgconfig(sqlite3)`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`BuildRequires: pkgconfig(systemd)`
			`%if %{with nm}`
			`BuildRequires: pkgconfig(NetworkManager)`
			`BuildRequires: pkgconfig(libnm-glib-vpn)`
			`BuildRequires: pkgconfig(libnm-util)`
			`BuildRequires: pkgconfig(libnm-glib)`
			`%endif`
Automatic import for version 4.5.2 2012-02-01 19:44:52 +04:00
			`%description`
			`FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is`
			`the Internet Protocol Security and uses strong cryptography to provide`
			`both authentication and encryption services. These services allow you`
			`to build secure tunnels through untrusted networks. Everything passing`
			`through the untrusted net is encrypted by the ipsec gateway machine and`
			`decrypted by the gateway at the other end of the tunnel. The resulting`
			`tunnel is a virtual private network or VPN.`

			`This package contains the daemons and userland tools for setting up`
			`FreeS/WAN on a freeswan enabled kernel.`

Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%files`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%doc README COPYING NEWS TODO`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%dir %{_sysconfdir}/%{name}`
			`%{_sysconfdir}/%{name}/ipsec.d/`
			`%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf`
			`%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf`
			`%{_unitdir}/%{name}.service`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`%{_sysconfdir}/%{name}/%{name}.d`
			`%{_sysconfdir}/%{name}/swanctl`
			`%{_datadir}/%{name}/templates/config/plugins/*.conf`
			`%{_datadir}/%{name}/templates/config/%{name}.conf`
			`%{_datadir}/%{name}/templates/config/%{name}.d/*.conf`
			`%{_datadir}/%{name}/templates/database/imv/*.sql`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%{_libdir}/%{name}/libcharon.so.0`
			`%{_libdir}/%{name}/libcharon.so.0.0.0`
			`%{_libdir}/%{name}/libtls.so.0`
			`%{_libdir}/%{name}/libtls.so.0.0.0`
			`%{_libdir}/%{name}/libpttls.so.0`
			`%{_libdir}/%{name}/libpttls.so.0.0.0`
Updated to 5.5.0 2016-08-30 17:35:58 +03:00			`%{_libdir}/%{name}/libtpmtss.so.0`
			`%{_libdir}/%{name}/libtpmtss.so.0.0.0`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%{_libdir}/%{name}/lib%{name}.so.0`
			`%{_libdir}/%{name}/lib%{name}.so.0.0.0`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%{_libdir}/%{name}/libvici.so.0`
			`%{_libdir}/%{name}/libvici.so.0.0.0`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%dir %{_libdir}/%{name}/plugins`
			`%{_libdir}/%{name}/plugins/lib%{name}-aes.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-attr.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-cmac.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-constraints.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-des.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-dnskey.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-gmp.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-hmac.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-kernel-netlink.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-md5.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-nonce.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-openssl.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pem.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pgp.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pkcs12.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-rc2.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-sshkey.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-random.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-resolve.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-revocation.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-sha1.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-sha2.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-socket-default.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-stroke.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-updown.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-x509.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-xauth-generic.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-xauth-eap.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-xcbc.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-md4.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-md5.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-gtc.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-tls.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-ttls.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-peap.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-mschapv2.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-farp.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-dhcp.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-curl.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%{_libdir}/%{name}/plugins/lib%{name}-vici.so`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%dir %{_libexecdir}/%{name}`
			`%{_libexecdir}/%{name}/_copyright`
			`%{_libexecdir}/%{name}/_updown`
			`%{_libexecdir}/%{name}/charon`
			`%{_libexecdir}/%{name}/scepclient`
			`%{_libexecdir}/%{name}/starter`
			`%{_libexecdir}/%{name}/stroke`
			`%{_libexecdir}/%{name}/_imv_policy`
			`%{_libexecdir}/%{name}/imv_policy_manager`
			`%{_libexecdir}/%{name}/pt-tls-client`
			`%{_sbindir}/%{name}`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%{_sbindir}/swanctl`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%{_bindir}/pki`
			`%{_mandir}/man5/%{name}.conf.5.*`
			`%{_mandir}/man1/%{name}.1.`
			`%{_mandir}/man5/%{name}_ipsec.conf.5.*`
			`%{_mandir}/man5/%{name}_ipsec.secrets.5.*`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%{_mandir}/man5/%{name}_swanctl.conf.5.*`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%{_mandir}/man8/%{name}.8.*`
			`%{_mandir}/man8/%{name}_scepclient.8.*`
Update to 5.4.0 2016-03-23 18:38:59 +03:00			`%{_mandir}/man8/%{name}_swanctl.8.*`
Workaround automake 1.13 issues, spec cleanup 2014-04-09 00:41:07 +11:00
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`%post`
			`%_post_service %{name}`

			`%preun`
			`%_preun_service %{name}`

			`#%postun`
			`#%_postun_userdel strongswan`

			`#----------------------------------------------------------------------------`

			`%if %{with nm}`
			`%package charon-nm`
			`Summary: NetworkManager plugin for Strongswan`
			`Group: System/Servers`

			`%description charon-nm`
			`NetworkManager plugin integrates a subset of Strongswan capabilities`
			`to NetworkManager.`

			`%files charon-nm`
			`%doc COPYING`
			`%{_libexecdir}/%{name}/charon-nm`
			`%endif`

			`#----------------------------------------------------------------------------`

			`%package tnc-imcvs`
			`Summary: Trusted network connect (TNC)'s IMC/IMV functionality`
			`Group: System/Servers`
			`Requires: %{name} = %{version}`

			`%description tnc-imcvs`
			`This package provides Trusted Network Connect's (TNC) IMC and IMV`
			`functionality. Specifically it includes PTS based IMC/IMV for TPM based`
			`remote attestation and scanner and test IMCs and IMVs. The Strongswan's`
			`IMC/IMV dynamic libraries can be used by any third party TNC Client/Server`
			`implementation possessing a standard IF-IMC/IMV interface.`

Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%files tnc-imcvs`
			`%{_libdir}/%{name}/libimcv.so.0`
			`%{_libdir}/%{name}/libimcv.so.0.0.0`
			`%{_libdir}/%{name}/libtnccs.so.0`
			`%{_libdir}/%{name}/libtnccs.so.0.0.0`
			`%{_libdir}/%{name}/libradius.so.0`
			`%{_libdir}/%{name}/libradius.so.0.0.0`
			`%dir %{_libdir}/%{name}/imcvs`
			`%{_libdir}/%{name}/imcvs/imc-attestation.so`
			`%{_libdir}/%{name}/imcvs/imc-scanner.so`
			`%{_libdir}/%{name}/imcvs/imc-test.so`
			`%{_libdir}/%{name}/imcvs/imc-os.so`
			`%{_libdir}/%{name}/imcvs/imv-attestation.so`
			`%{_libdir}/%{name}/imcvs/imv-scanner.so`
			`%{_libdir}/%{name}/imcvs/imv-test.so`
			`%{_libdir}/%{name}/imcvs/imv-os.so`
			`%dir %{_libdir}/%{name}/plugins`
			`%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-tnc.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnc-imc.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnc-imv.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnc-tnccs.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnccs-20.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so`
			`%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so`
			`%dir %{_libexecdir}/%{name}`
			`%{_libexecdir}/%{name}/attest`
			`%{_libexecdir}/%{name}/pacman`
Automatic import for version 4.5.2 2012-02-01 19:44:52 +04:00
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`#----------------------------------------------------------------------------`

			`%prep`
			`%setup -q`
			`#apply_patches`

			`%build`
			`libtoolize --install --copy --force --automake`
			`aclocal -I m4`
			`autoconf`
			`autoheader`
			`automake --add-missing --copy`

			`%serverbuild`
			`%configure2_5x \`
			`--disable-static \`
			`--with-ipsec-script=%{name} \`
			`--sysconfdir=%{_sysconfdir}/%{name} \`
			`--with-ipsecdir=%{_libexecdir}/%{name} \`
			`--with-ipseclibdir=%{_libdir}/%{name} \`
			`--with-fips-mode=2 \`
			`--with-tss=trousers \`
			`--enable-openssl \`
			`--enable-md4 \`
			`--enable-xauth-eap \`
			`--enable-eap-md5 \`
			`--enable-eap-gtc \`
			`--enable-eap-tls \`
			`--enable-eap-ttls \`
			`--enable-eap-peap \`
			`--enable-eap-mschapv2 \`
			`--enable-farp \`
			`--enable-dhcp \`
			`--enable-sqlite \`
			`--enable-tnc-ifmap \`
			`--enable-tnc-pdp \`
			`--enable-imc-test \`
			`--enable-imv-test \`
			`--enable-imc-scanner \`
			`--enable-imv-scanner \`
			`--enable-imc-attestation \`
			`--enable-imv-attestation \`
			`--enable-imv-os \`
			`--enable-imc-os \`
			`--enable-eap-tnc \`
			`--enable-tnccs-20 \`
			`--enable-tnccs-11 \`
			`--enable-tnccs-dynamic \`
			`--enable-tnc-imc \`
			`--enable-tnc-imv \`
			`--enable-eap-radius \`
			`--enable-curl \`
			`--enable-eap-identity \`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%if %{with nm}`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00			`--enable-nm \`
Updated to 5.1.1, migrated to systemd (sync with cooker 2014-10-06 03:58:35 -04:00			`%endif`
Use configure2_5x macro Spec cleanup 2016-12-02 19:06:04 +10:00
			`%make`
			`sed -i 's/\t/ /' src/starter/ipsec.conf`

			`%install`
			`%makeinstall_std`
			`# prefix man pages`
			`for i in %{buildroot}%{_mandir}//; do`
			`if echo "$i" \| grep -vq '/%{name}[^\/]*$'; then`
			mv "$i" "`echo "$i" \| sed -re 's\|/([^/]+)$\|/%{name}_\1\|'`"
			`fi`
			`done`
			`# delete unwanted library files`
			`rm %{buildroot}%{_libdir}/%{name}/*.so`
			`find %{buildroot} -type f -name '*.la' -delete`
			`# fix config permissions`
			`chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf`
			`# protect configuration from ordinary user's eyes`
			`chmod 700 %{buildroot}%{_sysconfdir}/%{name}`

			`# Create ipsec.d directory tree.`
			`install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d`
			`for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do`
			`install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}`
			`done`