diff --git a/strongswan.rpmlintrc b/strongswan.rpmlintrc
index 7dd8612..197c917 100644
--- a/strongswan.rpmlintrc
+++ b/strongswan.rpmlintrc
@@ -1,5 +1,5 @@
-# For /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
-# below the latter, actually we marked them as "0700".
+# We marked /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
+# below the latter as "0700".
 # The build process marked /etc/strongswan/swanctl and the dirs
 # below as "0750": perhaps also this is OK...
 addFilter("E: non-standard-dir-perm")
diff --git a/strongswan.spec b/strongswan.spec
index 90bc47c..33e9d78 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -9,7 +9,7 @@
 Summary:	IPSEC implementation
 Name:		strongswan
 Version:	5.8.4
-Release:	2
+Release:	3
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
@@ -62,7 +62,15 @@ on a freeswan enabled kernel.
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
-%dir %{_sysconfdir}/%{name}/ipsec.d
+%dir %{_sysconfdir}/%{name}/ipsec.d/
+%dir %{_sysconfdir}/%{name}/ipsec.d/aacerts
+%dir %{_sysconfdir}/%{name}/ipsec.d/acerts
+%dir %{_sysconfdir}/%{name}/ipsec.d/certs
+%dir %{_sysconfdir}/%{name}/ipsec.d/cacerts
+%dir %{_sysconfdir}/%{name}/ipsec.d/crls
+%dir %{_sysconfdir}/%{name}/ipsec.d/ocspcerts
+%dir %{_sysconfdir}/%{name}/ipsec.d/private
+%dir %{_sysconfdir}/%{name}/ipsec.d/reqs
 %dir %{_sysconfdir}/%{name}/%{name}.d
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/aikgen.conf
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/attest.conf
@@ -127,15 +135,18 @@ on a freeswan enabled kernel.
 %{_mandir}/man8/%{name}_swanctl.8.*
 
 %post
-%systemd_post %{name}.service
+# FIXME: New releases changed the way of starting the daemon;
+# the old way (using ipsec) is now in %%{name}-starter.service:
+# use it until we are sure that swanctl config is OK.
+#systemd_post %%{name}.service
 %systemd_post %{name}-starter.service
 
 %preun
-%systemd_preun %{name}.service
+#systemd_preun %%{name}.service
 %systemd_preun %{name}-starter.service
 
 %postun
-%systemd_postun_with_restart %{name}.service
+#systemd_postun_with_restart %%{name}.service
 %systemd_postun_with_restart %{name}-starter.service
 
 #----------------------------------------------------------------------------
@@ -395,8 +406,6 @@ automake --add-missing --copy
 
 %make
 
-sed -i 's/\t/    /' src/starter/ipsec.conf
-
 
 %install
 %makeinstall_std