Make sure to not overwrite custom user config files on upgrade, bump release

2025-02-23 05:52:52 +00:00 · 2020-04-07 18:17:07 +02:00 · 2020-04-07 18:17:07 +02:00 · c46ceca227
commit c46ceca227
parent 929ce4f9ae
2 changed files with 38 additions and 6 deletions
--- a/strongswan-5.8.4-openssl-disable-fips.patch
+++ b/strongswan-5.8.4-openssl-disable-fips.patch
@ -0,0 +1,12 @@
+diff -rupN strongswan-5.8.4.old/conf/plugins/openssl.conf strongswan-5.8.4/conf/plugins/openssl.conf
+--- strongswan-5.8.4.old/conf/plugins/openssl.conf	2020-03-26 09:26:29.000000000 +0100
+++ strongswan-5.8.4/conf/plugins/openssl.conf	2020-04-07 14:57:09.177317568 +0200
+@@ -4,7 +4,7 @@ openssl {
+     # engine_id = pkcs11
+ 
+     # Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+-    # fips_mode = 0
+    fips_mode = 0
+ 
+     # Whether to load the plugin. Can also be an integer to increase the
+     # priority of this plugin.
--- a/strongswan.spec
+++ b/strongswan.spec
@ -9,13 +9,15 @@
 Summary:	IPSEC implementation
 Name:		strongswan
 Version:	5.8.4
-Release:	1
+Release:	2
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
 Source1:	tmpfiles-%{name}.conf
 Patch0:		strongswan-5.6.0-uintptr_t.patch
+# To fix openssl plugin failure at loading (rbz #10579)
+Patch1:		strongswan-5.8.4-openssl-disable-fips.patch
 Source100:	%{name}.rpmlintrc
 BuildRequires:	bison
 BuildRequires:	byacc
@ -55,15 +57,32 @@ on a freeswan enabled kernel.

 %files
 %doc COPYING NEWS README TODO
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
 %dir %{_sysconfdir}/%{name}
-
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
-%{_sysconfdir}/%{name}/ipsec.d/
-%{_sysconfdir}/%{name}/%{name}.d
-%{_sysconfdir}/%{name}/swanctl
-%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
+%dir %{_sysconfdir}/%{name}/ipsec.d
+%dir %{_sysconfdir}/%{name}/%{name}.d
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/aikgen.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/attest.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon-logging.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon-systemd.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/imcv.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/pki.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/scepclient.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/sec-updater.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/starter.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/swanctl.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/tnc.conf
+%dir %{_sysconfdir}/%{name}/%{name}.d/charon
+#{_sysconfdir}/%%{name}/%%{name}.d/charon/*.conf
+# We need to prevent overwriting of user's custom config
+# but there are near 90 files here...
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon/*.conf
+%dir %{_sysconfdir}/%{name}/swanctl
+%config(noreplace) %{_sysconfdir}/%{name}/swanctl/swanctl.conf
 %{_tmpfilesdir}/%{name}.conf
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}-starter.service
@ -284,6 +303,7 @@ remote attestation and scanner and test IMCs and IMVs.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1


 %build