Updated to release 5.8.4, created a proper library sub-package, dropped P3 (merged) and renumbered P1, updated BReqs and file lists

2025-02-23 05:52:52 +00:00 · 2020-04-06 15:42:16 +02:00 · 2020-04-06 15:42:16 +02:00 · 0fc97fa9c2
commit 0fc97fa9c2
parent 345840cad6
4 changed files with 256 additions and 169 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,4 +1,2 @@
-removed_sources:
-  strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f
 sources:
-  strongswan-5.7.2.tar.bz2: 307d4d7c7d5cf6e904b85ec735cb8eefc33bb9c2
+  strongswan-5.8.4.tar.bz2: 969a3d5ce194ca664208ddc73d772dd53480a94f
--- a/strongswan-5.6.2-CVE-2018-5388.patch
+++ b/strongswan-5.6.2-CVE-2018-5388.patch
@ -1,15 +0,0 @@
-diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c	2017-11-09 10:57:30.000000000 -0500
-+++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c	2018-05-24 00:00:32.382953618 -0400
-@@ -628,6 +628,11 @@
- 		return FALSE;
- 	}
- 
-+	if (len < offsetof(stroke_msg_t, buffer))
-+	{
-+		DBG1(DBG_CFG, "invalid stroke message length %d", len);
-+		return FALSE;
-+	}
- 	/* read message (we need an additional byte to terminate the buffer) */
- 	msg = malloc(len + 1);
- 	msg->length = len;
--- a/strongswan.spec
+++ b/strongswan.spec
@ -1,36 +1,46 @@
 #%%define Werror_cflags %%nil
 %define	_disable_ld_no_undefined 1

-%bcond_without nm
+%define	major	0
+%define	libswan	%mklibname	%{name} %{major}
+
+%bcond_without	nm

 Summary:	IPSEC implementation
 Name:		strongswan
-Version:	5.7.2
+Version:	5.8.4
 Release:	1
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
-Patch1:         strongswan-5.6.0-uintptr_t.patch
-Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
+Source1:	tmpfiles-%{name}.conf
+Patch0:		strongswan-5.6.0-uintptr_t.patch
 Source100:	%{name}.rpmlintrc
+BuildRequires:	bison
+BuildRequires:	byacc
+BuildRequires:	flex
 BuildRequires:	gettext-devel
 BuildRequires:	gmp-devel >= 4.1.4
 BuildRequires:	openldap-devel
+BuildRequires:	pam-devel
 BuildRequires:	trousers-devel
+BuildRequires:	pkgconfig(json-c)
 BuildRequires:	pkgconfig(libcurl)
+BuildRequires:	pkgconfig(libsoup-2.4)
 BuildRequires:	pkgconfig(libxml-2.0)
 BuildRequires:	pkgconfig(openssl)
 BuildRequires:	pkgconfig(sqlite3) >= 3.3.1
 BuildRequires:	pkgconfig(systemd)
 %if %{with nm}
-BuildRequires:	pkgconfig(NetworkManager)
 BuildRequires:	pkgconfig(libnm-glib-vpn)
 BuildRequires:	pkgconfig(libnm-util)
 BuildRequires:	pkgconfig(libnm-glib)
 BuildRequires:	pkgconfig(libnm)
+BuildRequires:	pkgconfig(NetworkManager)
 %endif
-Requires(post,preun):	rpm-helper
+Requires(post,preun,postun):	systemd
+Requires:	%{libswan} = %{EVRD}

 %description
 FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the
@ -44,113 +54,196 @@ This package contains the daemons and userland tools for setting up FreeS/WAN
 on a freeswan enabled kernel.

 %files
-%doc README COPYING NEWS TODO
+%doc COPYING NEWS README TODO
 %dir %{_sysconfdir}/%{name}
-%{_sysconfdir}/%{name}/ipsec.d/
+
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
-%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
-%{_unitdir}/%{name}.service
+%{_sysconfdir}/%{name}/ipsec.d/
 %{_sysconfdir}/%{name}/%{name}.d
 %{_sysconfdir}/%{name}/swanctl
+%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
+%{_tmpfilesdir}/%{name}.conf
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}-starter.service
+%{_sbindir}/charon-cmd
+%{_sbindir}/charon-systemd
+%{_sbindir}/sec-updater
+%{_sbindir}/sw-collector
+%{_sbindir}/%{name}
+%{_sbindir}/swanctl
+%{_bindir}/aikgen
+%{_bindir}/pki
+%{_bindir}/pt-tls-client
+%{_bindir}/tpm_extendpcr
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/_copyright
+%{_libexecdir}/%{name}/_imv_policy
+%{_libexecdir}/%{name}/_updown
+%{_libexecdir}/%{name}/charon
+%{_libexecdir}/%{name}/duplicheck
+%{_libexecdir}/%{name}/imv_policy_manager
+#{_libexecdir}/%%{name}/pt-tls-client
+%{_libexecdir}/%{name}/scepclient
+%{_libexecdir}/%{name}/starter
+%{_libexecdir}/%{name}/stroke
+%{_libexecdir}/%{name}/xfrmi
+%{_datadir}/%{name}/swidtag/*.swidtag
 %{_datadir}/%{name}/templates/config/plugins/*.conf
 %{_datadir}/%{name}/templates/config/%{name}.conf
 %{_datadir}/%{name}/templates/config/%{name}.d/*.conf
 %{_datadir}/%{name}/templates/database/imv/*.sql
-%{_libdir}/%{name}/libcharon.so.0
-%{_libdir}/%{name}/libcharon.so.0.0.0
-%{_libdir}/%{name}/libtls.so.0
-%{_libdir}/%{name}/libtls.so.0.0.0
-%{_libdir}/%{name}/libpttls.so.0
-%{_libdir}/%{name}/libpttls.so.0.0.0
-%{_libdir}/%{name}/libtpmtss.so.0
-%{_libdir}/%{name}/libtpmtss.so.0.0.0
-%{_libdir}/%{name}/lib%{name}.so.0
-%{_libdir}/%{name}/lib%{name}.so.0.0.0
-%{_libdir}/%{name}/libvici.so.0
-%{_libdir}/%{name}/libvici.so.0.0.0
+%{_datadir}/%{name}/templates/database/sw-collector/*.sql
+%{_mandir}/man1/%{name}*.1.*
+%{_mandir}/man5/%{name}.conf.5.*
+%{_mandir}/man5/%{name}_ipsec.conf.5.*
+%{_mandir}/man5/%{name}_ipsec.secrets.5.*
+%{_mandir}/man5/%{name}_swanctl.conf.5.*
+%{_mandir}/man8/%{name}.8.*
+%{_mandir}/man8/%{name}_charon-cmd.8.*
+%{_mandir}/man8/%{name}_scepclient.8.*
+%{_mandir}/man8/%{name}_sec-updater.8.*
+%{_mandir}/man8/%{name}_sw-collector.8.*
+%{_mandir}/man8/%{name}_swanctl.8.*
+
+%post
+%systemd_post %{name}.service
+%systemd_post %{name}-starter.service
+
+%preun
+%systemd_preun %{name}.service
+%systemd_preun %{name}-starter.service
+
+%postun
+%systemd_postun_with_restart %{name}.service
+%systemd_postun_with_restart %{name}-starter.service
+
+#----------------------------------------------------------------------------
+
+%package -n %{libswan}
+Summary:	Libraries and plugins for Strongswan
+Group:		System/Libraries
+
+%description -n %{libswan}
+FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the
+Internet Protocol Security and uses strong cryptography to provide both
+authentication and encryption services.
+This package contains the libraries needed from %{name}, including the
+IMC/IMV dynamic libraries that can be used by any third party TNC
+Client/Server implementation possessing a standard IF-IMC/IMV interface.
+
+%files -n %{libswan}
+%doc COPYING
+%{_libdir}/%{name}/libcharon.so.%{major}*
+%{_libdir}/%{name}/libimcv.so.%{major}*
+%{_libdir}/%{name}/libipsec.so.%{major}*
+%{_libdir}/%{name}/libpttls.so.%{major}*
+%{_libdir}/%{name}/libradius.so.%{major}*
+%{_libdir}/%{name}/lib%{name}.so.%{major}*
+%{_libdir}/%{name}/libsimaka.so.%{major}*
+%{_libdir}/%{name}/libtls.so.%{major}*
+%{_libdir}/%{name}/libtpmtss.so.%{major}*
+%{_libdir}/%{name}/libtnccs.so.%{major}*
+%{_libdir}/%{name}/libvici.so.%{major}*
+%dir %{_libdir}/%{name}/imcvs
+%{_libdir}/%{name}/imcvs/imc-attestation.so
+%{_libdir}/%{name}/imcvs/imc-hcd.so
+%{_libdir}/%{name}/imcvs/imc-os.so
+%{_libdir}/%{name}/imcvs/imc-scanner.so
+%{_libdir}/%{name}/imcvs/imc-swima.so
+%{_libdir}/%{name}/imcvs/imc-test.so
+%{_libdir}/%{name}/imcvs/imv-attestation.so
+%{_libdir}/%{name}/imcvs/imv-hcd.so
+%{_libdir}/%{name}/imcvs/imv-os.so
+%{_libdir}/%{name}/imcvs/imv-scanner.so
+%{_libdir}/%{name}/imcvs/imv-swima.so
+%{_libdir}/%{name}/imcvs/imv-test.so
 %dir %{_libdir}/%{name}/plugins
+%{_libdir}/%{name}/plugins/lib%{name}-acert.so
 %{_libdir}/%{name}/plugins/lib%{name}-aes.so
 %{_libdir}/%{name}/plugins/lib%{name}-attr.so
+%{_libdir}/%{name}/plugins/lib%{name}-chapoly.so
 %{_libdir}/%{name}/plugins/lib%{name}-cmac.so
 %{_libdir}/%{name}/plugins/lib%{name}-constraints.so
 %{_libdir}/%{name}/plugins/lib%{name}-counters.so
+%{_libdir}/%{name}/plugins/lib%{name}-curl.so
 %{_libdir}/%{name}/plugins/lib%{name}-curve25519.so
 %{_libdir}/%{name}/plugins/lib%{name}-des.so
+%{_libdir}/%{name}/plugins/lib%{name}-dhcp.so
 %{_libdir}/%{name}/plugins/lib%{name}-dnskey.so
+%{_libdir}/%{name}/plugins/lib%{name}-drbg.so
+%{_libdir}/%{name}/plugins/lib%{name}-duplicheck.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-aka.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-aka-3gpp.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-aka-3gpp2.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-dynamic.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-md5.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-gtc.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-mschapv2.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-peap.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-sim.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-sim-file.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-tls.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-tnc.so
+%{_libdir}/%{name}/plugins/lib%{name}-eap-ttls.so
+%{_libdir}/%{name}/plugins/lib%{name}-ext-auth.so
+%{_libdir}/%{name}/plugins/lib%{name}-farp.so
 %{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so
 %{_libdir}/%{name}/plugins/lib%{name}-gmp.so
+%{_libdir}/%{name}/plugins/lib%{name}-ha.so
 %{_libdir}/%{name}/plugins/lib%{name}-hmac.so
+%{_libdir}/%{name}/plugins/lib%{name}-ipseckey.so
+%{_libdir}/%{name}/plugins/lib%{name}-kernel-libipsec.so
 %{_libdir}/%{name}/plugins/lib%{name}-kernel-netlink.so
+%{_libdir}/%{name}/plugins/lib%{name}-ldap.so
+%{_libdir}/%{name}/plugins/lib%{name}-led.so
+%{_libdir}/%{name}/plugins/lib%{name}-md4.so
 %{_libdir}/%{name}/plugins/lib%{name}-md5.so
 %{_libdir}/%{name}/plugins/lib%{name}-mgf1.so
 %{_libdir}/%{name}/plugins/lib%{name}-nonce.so
 %{_libdir}/%{name}/plugins/lib%{name}-openssl.so
 %{_libdir}/%{name}/plugins/lib%{name}-pem.so
-%{_libdir}/%{name}/plugins/lib%{name}-pgp.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so
+%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so
+%{_libdir}/%{name}/plugins/lib%{name}-pkcs11.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs12.so
+%{_libdir}/%{name}/plugins/lib%{name}-pgp.so
+%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so
 %{_libdir}/%{name}/plugins/lib%{name}-rc2.so
 %{_libdir}/%{name}/plugins/lib%{name}-sshkey.so
-%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so
 %{_libdir}/%{name}/plugins/lib%{name}-random.so
 %{_libdir}/%{name}/plugins/lib%{name}-resolve.so
 %{_libdir}/%{name}/plugins/lib%{name}-revocation.so
 %{_libdir}/%{name}/plugins/lib%{name}-sha1.so
 %{_libdir}/%{name}/plugins/lib%{name}-sha2.so
+%{_libdir}/%{name}/plugins/lib%{name}-sha3.so
 %{_libdir}/%{name}/plugins/lib%{name}-socket-default.so
+%{_libdir}/%{name}/plugins/lib%{name}-soup.so
+%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
 %{_libdir}/%{name}/plugins/lib%{name}-stroke.so
-%{_libdir}/%{name}/plugins/lib%{name}-updown.so
-%{_libdir}/%{name}/plugins/lib%{name}-x509.so
-%{_libdir}/%{name}/plugins/lib%{name}-xauth-generic.so
-%{_libdir}/%{name}/plugins/lib%{name}-xauth-eap.so
-%{_libdir}/%{name}/plugins/lib%{name}-xcbc.so
-%{_libdir}/%{name}/plugins/lib%{name}-md4.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-md5.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-gtc.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-tls.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-ttls.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-peap.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-mschapv2.so
-%{_libdir}/%{name}/plugins/lib%{name}-farp.so
-%{_libdir}/%{name}/plugins/lib%{name}-dhcp.so
-%{_libdir}/%{name}/plugins/lib%{name}-curl.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
-%{_libdir}/%{name}/plugins/lib%{name}-vici.so
 %{_libdir}/%{name}/plugins/lib%{name}-systime-fix.so
-%dir %{_libexecdir}/%{name}
-%{_libexecdir}/%{name}/_copyright
-%{_libexecdir}/%{name}/_updown
-%{_libexecdir}/%{name}/charon
-%{_libexecdir}/%{name}/scepclient
-%{_libexecdir}/%{name}/starter
-%{_libexecdir}/%{name}/stroke
-%{_libexecdir}/%{name}/_imv_policy
-%{_libexecdir}/%{name}/imv_policy_manager
-#{_libexecdir}/%%{name}/pt-tls-client
-%{_sbindir}/%{name}
-%{_sbindir}/swanctl
-%{_bindir}/pki
-%{_bindir}/pt-tls-client
-%{_mandir}/man5/%{name}.conf.5.*
-%{_mandir}/man1/%{name}*.1.*
-%{_mandir}/man5/%{name}_ipsec.conf.5.*
-%{_mandir}/man5/%{name}_ipsec.secrets.5.*
-%{_mandir}/man5/%{name}_swanctl.conf.5.*
-%{_mandir}/man8/%{name}.8.*
-%{_mandir}/man8/%{name}_scepclient.8.*
-%{_mandir}/man8/%{name}_swanctl.8.*
-
-%post
-%_post_service %{name}
-
-%preun
-%_preun_service %{name}
-
-#%%postun
-#%%_postun_userdel strongswan
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-imc.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-imv.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnc-tnccs.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnccs-20.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
+%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
+%{_libdir}/%{name}/plugins/lib%{name}-tpm.so
+%{_libdir}/%{name}/plugins/lib%{name}-unity.so
+%{_libdir}/%{name}/plugins/lib%{name}-updown.so
+%{_libdir}/%{name}/plugins/lib%{name}-vici.so
+%{_libdir}/%{name}/plugins/lib%{name}-x509.so
+%{_libdir}/%{name}/plugins/lib%{name}-xauth-eap.so
+%{_libdir}/%{name}/plugins/lib%{name}-xauth-generic.so
+%{_libdir}/%{name}/plugins/lib%{name}-xauth-noauth.so
+%{_libdir}/%{name}/plugins/lib%{name}-xauth-pam.so
+%{_libdir}/%{name}/plugins/lib%{name}-xcbc.so

 #----------------------------------------------------------------------------

@ -173,45 +266,16 @@ to NetworkManager.
 %package tnc-imcvs
 Summary:	Trusted network connect (TNC)'s IMC/IMV functionality
 Group:		System/Servers
-Requires:	%{name} = %{version}
+Requires:	%{name} = %{EVRD}
+Requires:	%{libswan} = %{EVRD}

 %description tnc-imcvs
 This package provides Trusted Network Connect's (TNC) IMC and IMV
 functionality. Specifically it includes PTS based IMC/IMV for TPM based
-remote attestation and scanner and test IMCs and IMVs. The Strongswan's
-IMC/IMV dynamic libraries can be used by any third party TNC Client/Server
-implementation possessing a standard IF-IMC/IMV interface.
+remote attestation and scanner and test IMCs and IMVs.

 %files tnc-imcvs
 %doc COPYING
-%{_libdir}/%{name}/libimcv.so.0
-%{_libdir}/%{name}/libimcv.so.0.0.0
-%{_libdir}/%{name}/libtnccs.so.0
-%{_libdir}/%{name}/libtnccs.so.0.0.0
-%{_libdir}/%{name}/libradius.so.0
-%{_libdir}/%{name}/libradius.so.0.0.0
-%dir %{_libdir}/%{name}/imcvs
-%{_libdir}/%{name}/imcvs/imc-attestation.so
-%{_libdir}/%{name}/imcvs/imc-scanner.so
-%{_libdir}/%{name}/imcvs/imc-test.so
-%{_libdir}/%{name}/imcvs/imc-os.so
-%{_libdir}/%{name}/imcvs/imv-attestation.so
-%{_libdir}/%{name}/imcvs/imv-scanner.so
-%{_libdir}/%{name}/imcvs/imv-test.so
-%{_libdir}/%{name}/imcvs/imv-os.so
-%dir %{_libdir}/%{name}/plugins
-%{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
-%{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-tnc.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnc-imc.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnc-imv.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnc-tnccs.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnccs-20.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
-%{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
-%{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/attest

@ -219,8 +283,8 @@ implementation possessing a standard IF-IMC/IMV interface.

 %prep
 %setup -q
-%patch1 -p1
-%patch3 -p1
+%patch0 -p1
+

 %build
 libtoolize --install --copy --force --automake
@ -230,51 +294,87 @@ autoheader
 automake --add-missing --copy

 %serverbuild
+# TODO: Command-line too long: consider using --enable-all
+#  by default and selectively disabling unwanted options, if any
 %configure2_5x \
-    --disable-static \
-    --with-ipsec-script=%{name} \
-    --sysconfdir=%{_sysconfdir}/%{name} \
-    --with-ipsecdir=%{_libexecdir}/%{name} \
-    --with-ipseclibdir=%{_libdir}/%{name} \
-    --with-fips-mode=2 \
-    --enable-openssl \
-    --enable-md4 \
-    --enable-xauth-eap \
-    --enable-eap-md5 \
-    --enable-eap-gtc \
-    --enable-eap-tls \
-    --enable-eap-ttls \
-    --enable-eap-peap \
-    --enable-eap-mschapv2 \
-    --enable-farp \
-    --enable-dhcp \
-    --enable-sqlite \
-    --enable-tnc-ifmap \
-    --enable-tnc-pdp \
-    --enable-imc-test \
-    --enable-imv-test \
-    --enable-imc-scanner \
-    --enable-imv-scanner  \
-    --enable-imc-attestation \
-    --enable-imv-attestation \
-    --enable-imv-os \
-    --enable-imc-os \
-    --enable-eap-tnc \
-    --enable-tnccs-20 \
-    --enable-tnccs-11 \
-    --enable-tnccs-dynamic \
-    --enable-tnc-imc \
-    --enable-tnc-imv \
-    --enable-tss-trousers \
-    --enable-eap-radius \
-    --enable-curl \
-    --enable-eap-identity \
-    --enable-systime-fix \
+	--disable-static \
+	--with-ipsec-script=%{name} \
+	--sysconfdir=%{_sysconfdir}/%{name} \
+	--with-ipsecdir=%{_libexecdir}/%{name} \
+	--with-ipseclibdir=%{_libdir}/%{name} \
+	--with-piddir="/run/%{name}" \
+	--with-fips-mode=2 \
+	--enable-acert \
+	--enable-aikgen \
+	--enable-chapoly \
+	--enable-cmd \
+	--enable-curl \
+	--enable-dhcp \
+	--enable-duplicheck \
+	--enable-eap-aka \
+	--enable-eap-aka-3gpp \
+	--enable-eap-aka-3gpp2 \
+	--enable-eap-dynamic \
+	--enable-eap-gtc \
+	--enable-eap-identity \
+	--enable-eap-md5 \
+	--enable-eap-mschapv2 \
+	--enable-eap-peap \
+	--enable-eap-radius \
+	--enable-eap-sim \
+	--enable-eap-sim-file \
+	--enable-eap-tls \
+	--enable-eap-ttls \
+	--enable-eap-tnc \
+	--enable-ext-auth \
+	--enable-farp \
+	--enable-ha \
+	--enable-imc-attestation \
+	--enable-imc-hcd \
+	--enable-imc-os \
+	--enable-imc-scanner \
+	--enable-imc-swima \
+	--enable-imc-test \
+	--enable-imv-attestation \
+	--enable-imv-hcd \
+	--enable-imv-os \
+	--enable-imv-scanner  \
+	--enable-imv-swima \
+	--enable-imv-test \
+	--enable-ipseckey \
+	--enable-kernel-libipsec \
+	--enable-ldap \
+	--enable-led \
+	--enable-md4 \
 %if %{with nm}
-    --enable-nm \
+	--enable-nm \
 %endif
+	--enable-openssl \
+	--enable-pkcs11 \
+	--enable-sha3 \
+	--enable-soup \
+	--enable-sqlite \
+	--enable-swanctl \
+	--enable-systemd \
+	--enable-systime-fix \
+	--enable-tnc-ifmap \
+	--enable-tnc-imc \
+	--enable-tnc-imv \
+	--enable-tnc-pdp \
+	--enable-tnccs-11 \
+	--enable-tnccs-20 \
+	--enable-tnccs-dynamic \
+	--enable-tpm \
+	--enable-tss-trousers \
+	--enable-tss-tss2 \
+	--enable-unity \
+	--enable-vici \
+	--enable-xauth-eap \
+	--enable-xauth-noauth \
+	--enable-xauth-pam

 %make
+
 sed -i 's/\t/    /' src/starter/ipsec.conf


@ -288,7 +388,7 @@ for i in %{buildroot}%{_mandir}/*/*; do
 	fi
 done

-# Delete unwanted library files
+# Delete unwanted library files: no -devel package
 rm %{buildroot}%{_libdir}/%{name}/*.so
 find %{buildroot} -type f -name '*.la' -delete

@ -301,10 +401,13 @@ chmod 700 %{buildroot}%{_sysconfdir}/%{name}
 # Create ipsec.d directory tree.
 install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
 for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
-    install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
+	install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
 done

-# Put a conf file in the right spot
+# Install tmpfiles support
+install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
+
+# Put a config file in the right spot
 mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/system.d/
-mv %{buildroot}%{_sysconfdir}/%{name}/dbus-1/system.d/nm-%{name}-service.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/
-rm -rf %{buildroot}%{_sysconfdir}/%{name}/dbus-1/
+cp %{buildroot}%{_datadir}/dbus-1/system.d/nm-%{name}-service.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/
+rm -rf %{buildroot}%{_datadir}/dbus-1
--- a/tmpfiles-strongswan.conf
+++ b/tmpfiles-strongswan.conf
@ -0,0 +1 @@
+D /run/strongswan 0755 root root -