Updated to 5.1.1, migrated to systemd (sync with cooker

2025-02-23 14:02:51 +00:00 · 2014-10-06 03:58:35 -04:00 · 2014-10-06 03:58:35 -04:00 · 36e010fbc0
commit 36e010fbc0
parent 0c96f2f5c7
8 changed files with 317 additions and 229 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,3 +1,4 @@
---
+removed_sources:
 sources:
  strongswan-5.0.1.tar.bz2: e338399e4237caee148da2197515233fcfd44822
 sources:
  strongswan-5.1.1.tar.bz2: eba9c90e3e910edd18ef4f1e380e59751965258b
--- a/libstrongswan-plugin.patch
+++ b/libstrongswan-plugin.patch
@ -0,0 +1,12 @@
 diff -urNp strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c
 --- strongswan-5.1.0-patched/src/libstrongswan/plugins/plugin_loader.c	2013-08-06 17:16:36.266031511 -0400
 +++ strongswan-5.1.0-current/src/libstrongswan/plugins/plugin_loader.c	2013-08-06 17:49:15.703354848 -0400
@@ -353,7 +353,7 @@ static plugin_entry_t *load_plugin(priva
 			return NULL;
 		}
 	}
 -	handle = dlopen(file, RTLD_LAZY);
 +	handle = dlopen(file, RTLD_NOW|RTLD_GLOBAL);
 	if (handle == NULL)
 	{
 		DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror());
--- a/libstrongswan-settings-debug.patch
+++ b/libstrongswan-settings-debug.patch
@ -0,0 +1,30 @@
 diff -urNp strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c strongswan-5.1.0-current/src/libstrongswan/utils/settings.c
 --- strongswan-5.1.0-patched/src/libstrongswan/utils/settings.c	2013-08-06 17:16:36.244031484 -0400
 +++ strongswan-5.1.0-current/src/libstrongswan/utils/settings.c	2013-08-06 17:52:43.272606717 -0400
@@ -960,7 +960,7 @@ static bool parse_file(linked_list_t *co
 	{
 		if (errno == ENOENT)
 		{
 -			DBG2(DBG_LIB, "'%s' does not exist, ignored", file);
 +			DBG1(DBG_LIB, "'%s' does not exist, ignored", file);
 			return TRUE;
 		}
 		DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno));
@@ -1023,7 +1023,7 @@ static bool parse_files(linked_list_t *c
 	if (!strlen(pattern))
 	{
 -		DBG2(DBG_LIB, "empty include pattern, ignored");
 +		DBG1(DBG_LIB, "empty include pattern, ignored");
 		return TRUE;
 	}
@@ -1055,7 +1055,7 @@ static bool parse_files(linked_list_t *c
 		status = glob(pat, GLOB_ERR, NULL, &buf);
 		if (status == GLOB_NOMATCH)
 		{
 -			DBG2(DBG_LIB, "no files found matching '%s', ignored", pat);
 +			DBG1(DBG_LIB, "no files found matching '%s', ignored", pat);
 		}
 		else if (status != 0)
 		{
--- a/strongswan-4.5.2-format_not_a_string_literal_and_no_format_arguments.diff
+++ b/strongswan-4.5.2-format_not_a_string_literal_and_no_format_arguments.diff
@ -1,11 +0,0 @@
 --- src/libcharon/plugins/stroke/stroke_ca.c.str	2011-05-25 14:49:41.000000000 +0200
 +++ src/libcharon/plugins/stroke/stroke_ca.c	2011-05-25 14:49:57.000000000 +0200
@@ -319,7 +319,7 @@
 	{
 		if (first)
 		{
 -			fprintf(out, label);
 +			fprintf(out, "%s", label);
 			first = FALSE;
 		}
 		else
--- a/strongswan-5.0.1-rosa-link.patch
+++ b/strongswan-5.0.1-rosa-link.patch
@ -1,26 +0,0 @@
 Index: strongswan-5.0.1/src/libcharon/Makefile.am
 ===================================================================
 --- strongswan-5.0.1.orig/src/libcharon/Makefile.am
 +++ strongswan-5.0.1/src/libcharon/Makefile.am
@@ -137,7 +137,7 @@ AM_CFLAGS = \
 	-DIPSEC_DIR=\"${ipsecdir}\" \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 -libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
 +libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(top_builddir)/src/libhydra/libhydra.la $(top_builddir)/src/libstrongswan/libstrongswan.la
 EXTRA_DIST = Android.mk
 Index: strongswan-5.0.1/src/libhydra/Makefile.am
 ===================================================================
 --- strongswan-5.0.1.orig/src/libhydra/Makefile.am
 +++ strongswan-5.0.1/src/libhydra/Makefile.am
@@ -11,7 +11,7 @@ kernel/kernel_ipsec.c kernel/kernel_ipse
 kernel/kernel_net.c kernel/kernel_net.h \
 kernel/kernel_listener.h
 -libhydra_la_LIBADD =
 +libhydra_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = \
--- a/strongswan-pts-ecp-disable.patch
+++ b/strongswan-pts-ecp-disable.patch
@ -0,0 +1,20 @@
 diff -urNp strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c
 --- strongswan-5.1.0-patched/src/libpts/pts/pts_dh_group.c	2013-08-06 17:16:36.238031476 -0400
 +++ strongswan-5.1.0-current/src/libpts/pts/pts_dh_group.c	2013-08-06 17:44:48.005036651 -0400
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
 	{
 		DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
 											ECP_256_BIT);
 +		/* Openssl in Fedora does not allow ECP_256 and ECP_384, so lets not die
 + 		 * here. As far as, there is one dh group available, lets continue. It makes
 + 		 * it non-compliant to TCG's PTS standard, but there is no choice right now.
 + 		 * see redhat bz # 319901.	
 + 		 */ 
 +		if(*dh_groups != PTS_DH_GROUP_NONE) 
 +		{
 +			return TRUE;		
 +		}
 +
 	}
 	return FALSE;
 }
--- a/strongswan.init
+++ b/strongswan.init
@ -1,132 +0,0 @@
 #!/bin/sh
 # IPsec startup and shutdown script
 # Copyright (C) 1998, 1999, 2001  Henry Spencer.
 #
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by the
 # Free Software Foundation; either version 2 of the License, or (at your
 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 #
 # This program is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # for more details.
 #
 # RCSID $Id: setup,v 1.110 2001/06/20 15:55:13 henry Exp $
 #
 # ipsec         init.d script for starting and stopping
 #               the IPsec security subsystem (KLIPS and Pluto).
 #
 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
 # and is also accessible as "ipsec setup" (the preferred route for human
 # invocation).
 #
 # The startup and shutdown times are a difficult compromise (in particular,
 # it is almost impossible to reconcile them with the insanely early/late
 # times of NFS filesystem startup/shutdown).  Startup is after startup of
 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
 #
 # chkconfig: 2345 47 68
 # description: IPsec provides encrypted and authenticated communications; \
 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
 me='ipsec setup'		# for messages
 if [ -f /etc/rc.d/init.d/functions ]
 then
    . /etc/rc.d/init.d/functions
    LOGGERMINUSS=""
 else
    failure() {
 	echo $* >&2
    }
    LOGGERMINUSS="-s"
 fi
 if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
 then
 	# we must establish a suitable PATH ourselves
 	PATH=/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
 	export PATH
 fi
 # Check that the ipsec command is available.
 found=
 for dir in `echo $PATH | tr ':' ' '`
 do
 	if test -f $dir/ipsec -a -x $dir/ipsec
 	then
 		found=yes
 		break			# NOTE BREAK OUT
 	fi
 done
 if ! test "$found"
 then
 	echo "cannot find ipsec command -- \`$1' aborted" |
 	exit 1
 fi
 # misc setup
 umask 022
 # do it
 case "$1" in
  start|stop|_autostop|_autostart)
        case $1 in
 	  start|_autostart) echo -n "Starting IPsec";;
 	  stop|_autostop) echo -n "Stopping IPsec";;
        esac
 	if test " `id -u`" != " 0"
 	then
 		echo "permission denied (must be superuser)" |
 			logger $LOGGERMINUSS -p $IPSECsyslog -t ipsec_setup 2>&1
 			failure "ipsec startup"
 		exit 1
 	fi
 	tmp=/var/run/ipsec_setup.st
 	(
 		ipsec _realsetup $1
 		echo "$?" >$tmp
 	) 2>&1 | logger $LOGGERMINUSS -p $IPSECsyslog -t ipsec_setup 2>&1
 	st=`cat $tmp`
 	rm -f $tmp
 	if [ $st -ne 0 ]
 	then
 	    failure "ipsec startup"
 	fi
 	exit $st
 	;;
  restart|--restart)
 	$0 stop
 	$0 start
 	;;
  _autorestart)			# for internal use only
 	$0 _autostop
 	$0 _autostart
 	;;
  status)
 	ipsec _realsetup $1
 	exit
 	;;
  version)
 	echo "$me $IPSEC_VERSION"
 	exit 0
 	;;
  help)
 	echo "Usage: $me {start|stop|restart|status}"
 	exit 0
 	;;
  *)
 	echo "Usage: $me {start|stop|restart|status}" >&2
 	exit 2
 esac
 exit 0
--- a/strongswan.spec
+++ b/strongswan.spec
@ -1,25 +1,36 @@
 #%%define Werror_cflags %nil
 %define _disable_ld_no_undefined 1
 %bcond_without	nm
-Summary:	StrongSWAN IPSEC implementation
+Summary:	IPSEC implementation
 Name:		strongswan
-Version:	5.0.1
+Version:	5.1.1
-Release:	3
+Release:	2
 License:	GPLv2+
-Group:		System/Servers
+URL:		http://www.strongswan.org/
 Url:		http://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
-Source1:	strongswan.init
+
-Patch0:		strongswan-4.5.2-format_not_a_string_literal_and_no_format_arguments.diff
+Patch1:		strongswan-pts-ecp-disable.patch
-Patch1:		strongswan-5.0.1-rosa-link.patch
+Patch2:		libstrongswan-plugin.patch
-BuildRequires:	intltool
+Patch3:		libstrongswan-settings-debug.patch
-BuildRequires:	gmp-devel
+
-BuildRequires:	libfcgi-devel
+Group:		System/Servers
-BuildRequires:	libldap-devel
+
-#BuildRequires:	opensc-devel
+BuildRequires:  gmp-devel
-BuildRequires:	pkgconfig(libcurl)
+BuildRequires:  curl-devel
 BuildRequires:  openldap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  sqlite-devel
 BuildRequires:  gettext-devel
 BuildRequires:  trousers-devel
 BuildRequires:	pkgconfig(libxml-2.0)
-Requires:	%{_lib}opensc3
+BuildRequires:	pkgconfig(systemd)
-Requires(post,preun):	rpm-helper
+%if %{with nm}
 BuildRequires:	pkgconfig(NetworkManager)
 BuildRequires:	pkgconfig(libnm-glib-vpn)
 BuildRequires:	pkgconfig(libnm-util)
 BuildRequires:	pkgconfig(libnm-glib)
 %endif
 %description
 FreeS/WAN is a free implementation of IPSEC & IKE for Linux.  IPSEC is
@ -33,61 +44,244 @@ tunnel is a virtual private network or VPN.
 This package contains the daemons and userland tools for setting up
 FreeS/WAN on a freeswan enabled kernel.
 %files
 %defattr(-,root,root,755)
 %doc AUTHORS TODO NEWS README LICENSE
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/acerts
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/aacerts
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/ocspcerts
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/certs
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
 %attr(700,root,root) %dir %{_sysconfdir}/ipsec.d/private
 %config(noreplace) %{_sysconfdir}/ipsec.conf
 %{_initrddir}/ipsec
 %config(noreplace) %{_sysconfdir}/strongswan.conf
 %{_systemunitdir}/strongswan.service
 %{_libdir}/ipsec
 %{_mandir}/man*/*
 %{_sbindir}/ipsec
-%post
+%if %{with nm}
-%_post_service ipsec
+%package	charon-nm
 Summary:	NetworkManager plugin for Strongswan
 Group:		System/Servers
-%preun
+%description charon-nm
-%_preun_service ipsec
+NetworkManager plugin integrates a subset of Strongswan capabilities
 to NetworkManager.
 %endif
 %package	tnc-imcvs
 Summary:	Trusted network connect (TNC)'s IMC/IMV functionality
 Group:		System/Servers
 Requires:	%{name} = %{version}
 %description tnc-imcvs
 This package provides Trusted Network Connect's (TNC) IMC and IMV
 functionality. Specifically it includes PTS based IMC/IMV for TPM based
 remote attestation and scanner and test IMCs and IMVs. The Strongswan's
 IMC/IMV dynamic libraries can be used by any third party TNC Client/Server
 implementation possessing a standard IF-IMC/IMV interface.
 #----------------------------------------------------------------------------
 %prep
 %setup -q
-#patch0 -p0 -b .str
+%apply_patches
-%patch1 -p1 -b .link
+echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.omv
 find . -name "Makefile*" -o -name "*.m4" |xargs sed -i -e 's,configure.in,configure.ac,g'
 %build
 autoreconf -fi
 %serverbuild
-%configure2_5x \
+libtoolize --install --copy --force --automake
-	--enable-smartcard \
+aclocal -I m4
-	--enable-cisco-quirks \
+autoconf
-	--enable-ldap \
+autoheader
-	--with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
+automake --add-missing --copy
-	--disable-static \
+
-	--with-systemdsystemunitdir=%{_systemunitdir}
+%serverbuild
 %configure \
    --disable-static \
    --with-ipsec-script=%{name} \
    --sysconfdir=%{_sysconfdir}/%{name} \
    --with-ipsecdir=%{_libexecdir}/%{name} \
    --with-ipseclibdir=%{_libdir}/%{name} \
    --with-fips-mode=2 \
    --with-tss=trousers \
    --enable-openssl \
    --enable-md4 \
    --enable-xauth-eap \
    --enable-eap-md5 \
    --enable-eap-gtc \
    --enable-eap-tls \
    --enable-eap-ttls \
    --enable-eap-peap \
    --enable-eap-mschapv2 \
    --enable-farp \
    --enable-dhcp \
    --enable-sqlite \
    --enable-tnc-ifmap \
    --enable-tnc-pdp \
    --enable-imc-test \
    --enable-imv-test \
    --enable-imc-scanner \
    --enable-imv-scanner  \
    --enable-imc-attestation \
    --enable-imv-attestation \
    --enable-imv-os \
    --enable-imc-os \
    --enable-eap-tnc \
    --enable-tnccs-20 \
    --enable-tnccs-11 \
    --enable-tnccs-dynamic \
    --enable-tnc-imc \
    --enable-tnc-imv \
    --enable-eap-radius \
    --enable-curl \
    --enable-eap-identity \
 %if %{with nm}
    --enable-nm \
 %endif
 %make
 sed -i 's/\t/    /' src/strongswan.conf src/starter/ipsec.conf
 %install
 install -d %{buildroot}%{_sysconfdir}/ipsec.d/{cacerts,crls,private,certs,acerts,aacerts,ocspcerts}
 install -d %{buildroot}%{_initrddir}
 install -d %{buildroot}/var/run/pluto
 %makeinstall_std
 # prefix man pages
 for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
    fi
 done
 # delete unwanted library files
 rm %{buildroot}%{_libdir}/%{name}/*.so
 find %{buildroot} -type f -name '*.la' -delete
 # fix config permissions
 chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
 # protect configuration from ordinary user's eyes
 chmod 700 %{buildroot}%{_sysconfdir}/%{name}
-# (fg) File is copied over here
+# Create ipsec.d directory tree.
-install -m0755 %{SOURCE1} %{buildroot}%{_initrddir}/ipsec
+install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
 for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
    install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
 done
 %post
 %_post_service %{name}
 %preun
 %_preun_service %{name}
 #%postun
 #%_postun_userdel strongswan
 %files
 %doc README README.omv COPYING NEWS TODO
 %dir %{_sysconfdir}/%{name}
 %{_sysconfdir}/%{name}/ipsec.d/
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %{_unitdir}/%{name}.service
 %{_libdir}/%{name}/libcharon.so.0
 %{_libdir}/%{name}/libcharon.so.0.0.0
 %{_libdir}/%{name}/libhydra.so.0
 %{_libdir}/%{name}/libhydra.so.0.0.0
 %{_libdir}/%{name}/libtls.so.0
 %{_libdir}/%{name}/libtls.so.0.0.0
 %{_libdir}/%{name}/libpttls.so.0
 %{_libdir}/%{name}/libpttls.so.0.0.0
 %{_libdir}/%{name}/lib%{name}.so.0
 %{_libdir}/%{name}/lib%{name}.so.0.0.0
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/lib%{name}-aes.so
 %{_libdir}/%{name}/plugins/lib%{name}-attr.so
 %{_libdir}/%{name}/plugins/lib%{name}-cmac.so
 %{_libdir}/%{name}/plugins/lib%{name}-constraints.so
 %{_libdir}/%{name}/plugins/lib%{name}-des.so
 %{_libdir}/%{name}/plugins/lib%{name}-dnskey.so
 %{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so
 %{_libdir}/%{name}/plugins/lib%{name}-gmp.so
 %{_libdir}/%{name}/plugins/lib%{name}-hmac.so
 %{_libdir}/%{name}/plugins/lib%{name}-kernel-netlink.so
 %{_libdir}/%{name}/plugins/lib%{name}-md5.so
 %{_libdir}/%{name}/plugins/lib%{name}-nonce.so
 %{_libdir}/%{name}/plugins/lib%{name}-openssl.so
 %{_libdir}/%{name}/plugins/lib%{name}-pem.so
 %{_libdir}/%{name}/plugins/lib%{name}-pgp.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs12.so
 %{_libdir}/%{name}/plugins/lib%{name}-rc2.so
 %{_libdir}/%{name}/plugins/lib%{name}-sshkey.so
 %{_libdir}/%{name}/plugins/lib%{name}-pubkey.so
 %{_libdir}/%{name}/plugins/lib%{name}-random.so
 %{_libdir}/%{name}/plugins/lib%{name}-resolve.so
 %{_libdir}/%{name}/plugins/lib%{name}-revocation.so
 %{_libdir}/%{name}/plugins/lib%{name}-sha1.so
 %{_libdir}/%{name}/plugins/lib%{name}-sha2.so
 %{_libdir}/%{name}/plugins/lib%{name}-socket-default.so
 %{_libdir}/%{name}/plugins/lib%{name}-stroke.so
 %{_libdir}/%{name}/plugins/lib%{name}-updown.so
 %{_libdir}/%{name}/plugins/lib%{name}-x509.so
 %{_libdir}/%{name}/plugins/lib%{name}-xauth-generic.so
 %{_libdir}/%{name}/plugins/lib%{name}-xauth-eap.so
 %{_libdir}/%{name}/plugins/lib%{name}-xcbc.so
 %{_libdir}/%{name}/plugins/lib%{name}-md4.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-md5.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-gtc.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-tls.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-ttls.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-peap.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-mschapv2.so
 %{_libdir}/%{name}/plugins/lib%{name}-farp.so
 %{_libdir}/%{name}/plugins/lib%{name}-dhcp.so
 %{_libdir}/%{name}/plugins/lib%{name}-curl.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/_copyright
 %{_libexecdir}/%{name}/_updown
 %{_libexecdir}/%{name}/_updown_espmark
 %{_libexecdir}/%{name}/charon
 %{_libexecdir}/%{name}/openac
 %{_libexecdir}/%{name}/scepclient
 %{_libexecdir}/%{name}/starter
 %{_libexecdir}/%{name}/stroke
 %{_libexecdir}/%{name}/_imv_policy
 %{_libexecdir}/%{name}/imv_policy_manager
 %{_libexecdir}/%{name}/pt-tls-client
 %{_sbindir}/%{name}
 %{_bindir}/pki
 %{_mandir}/man5/%{name}.conf.5.*
 %{_mandir}/man1/%{name}*.1.*
 %{_mandir}/man5/%{name}_ipsec.conf.5.*
 %{_mandir}/man5/%{name}_ipsec.secrets.5.*
 %{_mandir}/man8/%{name}.8.*
 %{_mandir}/man8/%{name}__updown.8.*
 %{_mandir}/man8/%{name}__updown_espmark.8.*
 %{_mandir}/man8/%{name}_openac.8.*
 %{_mandir}/man8/%{name}_scepclient.8.*
 %files tnc-imcvs
 %{_libdir}/%{name}/libimcv.so.0
 %{_libdir}/%{name}/libimcv.so.0.0.0
 %{_libdir}/%{name}/libpts.so.0
 %{_libdir}/%{name}/libpts.so.0.0.0
 %{_libdir}/%{name}/libtnccs.so.0
 %{_libdir}/%{name}/libtnccs.so.0.0.0
 %{_libdir}/%{name}/libradius.so.0
 %{_libdir}/%{name}/libradius.so.0.0.0
 %dir %{_libdir}/%{name}/imcvs
 %{_libdir}/%{name}/imcvs/imc-attestation.so
 %{_libdir}/%{name}/imcvs/imc-scanner.so
 %{_libdir}/%{name}/imcvs/imc-test.so
 %{_libdir}/%{name}/imcvs/imc-os.so
 %{_libdir}/%{name}/imcvs/imv-attestation.so
 %{_libdir}/%{name}/imcvs/imv-scanner.so
 %{_libdir}/%{name}/imcvs/imv-test.so
 %{_libdir}/%{name}/imcvs/imv-os.so
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/lib%{name}-pkcs7.so
 %{_libdir}/%{name}/plugins/lib%{name}-sqlite.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-tnc.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnc-imc.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnc-imv.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnc-tnccs.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnccs-20.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnccs-11.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnccs-dynamic.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-radius.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnc-ifmap.so
 %{_libdir}/%{name}/plugins/lib%{name}-tnc-pdp.so
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/attest
 %{_libexecdir}/%{name}/pacman
 %if %{with nm}
 %files charon-nm
 %doc COPYING
 %{_libexecdir}/%{name}/charon-nm
 %endif