Djam/strongswan
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/strongswan.git synced 2025-02-23 14:02:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make sure to package all the ipsec.d cert directories. bump release

Browse source
This commit is contained in:
Giovanni Mariani 2020-04-13 14:13:02 +02:00
parent dcc31813ee
commit d71c7967bf
3 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
strongswan-5.8.4-openssl-disable-fips.patch Normal file
View file

@ -0,0 +1,12 @@
diff -rupN strongswan-5.8.4.old/conf/plugins/openssl.conf strongswan-5.8.4/conf/plugins/openssl.conf
--- strongswan-5.8.4.old/conf/plugins/openssl.conf 2020-03-26 09:26:29.000000000 +0100
+++ strongswan-5.8.4/conf/plugins/openssl.conf 2020-04-07 14:57:09.177317568 +0200
@@ -4,7 +4,7 @@ openssl {
# engine_id = pkcs11
# Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
- # fips_mode = 0
+ fips_mode = 0
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.

4
strongswan.rpmlintrc
View file

@ -1,5 +1,5 @@
# For /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
# below the latter, actually we marked them as "0700".
# We marked /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
# below the latter as "0700".
# The build process marked /etc/strongswan/swanctl and the dirs
# below as "0750": perhaps also this is OK...
addFilter("E: non-standard-dir-perm")

23
strongswan.spec
View file

@ -9,7 +9,7 @@
Summary: IPSEC implementation
Name: strongswan
Version: 5.8.4
Release: 2
Release: 3
License: GPLv2+
Group: System/Servers
Url: https://www.strongswan.org/
@ -62,7 +62,15 @@ on a freeswan enabled kernel.
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%dir %{_sysconfdir}/%{name}/ipsec.d
%dir %{_sysconfdir}/%{name}/ipsec.d/
%dir %{_sysconfdir}/%{name}/ipsec.d/aacerts
%dir %{_sysconfdir}/%{name}/ipsec.d/acerts
%dir %{_sysconfdir}/%{name}/ipsec.d/certs
%dir %{_sysconfdir}/%{name}/ipsec.d/cacerts
%dir %{_sysconfdir}/%{name}/ipsec.d/crls
%dir %{_sysconfdir}/%{name}/ipsec.d/ocspcerts
%dir %{_sysconfdir}/%{name}/ipsec.d/private
%dir %{_sysconfdir}/%{name}/ipsec.d/reqs
%dir %{_sysconfdir}/%{name}/%{name}.d
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/aikgen.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/attest.conf
@ -127,15 +135,18 @@ on a freeswan enabled kernel.
%{_mandir}/man8/%{name}_swanctl.8.*
%post
%systemd_post %{name}.service
# FIXME: New releases changed the way of starting the daemon;
# the old way (using ipsec) is now in %%{name}-starter.service:
# use it until we are sure that swanctl config is OK.
#systemd_post %%{name}.service
%systemd_post %{name}-starter.service
%preun
%systemd_preun %{name}.service
#systemd_preun %%{name}.service
%systemd_preun %{name}-starter.service
%postun
%systemd_postun_with_restart %{name}.service
#systemd_postun_with_restart %%{name}.service
%systemd_postun_with_restart %{name}-starter.service
#----------------------------------------------------------------------------
@ -395,8 +406,6 @@ automake --add-missing --copy
%make
sed -i 's/\t/ /' src/starter/ipsec.conf
%install
%makeinstall_std