Updated to release 5.6.0, update configure options, updated file lists and added S100 to kill a boatload of wrong rpmlint output

.abf.yml

@@ -1,2 +1,2 @@
 sources:
-  strongswan-5.5.0.tar.bz2: d76306a48f622ec4212413fa93dd858675ebf267
+  strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f

strongswan.rpmlintrc

@@ -0,0 +1,13 @@
+# For /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
+# below the latter, actually we marked them as "0700".
+# The build process marked /etc/strongswan/swanctl and the dirs
+# below as "0750": perhaps also this is OK...
+addFilter("E: non-standard-dir-perm")
+
+# Security-related files: so it is OK
+# be not readable by the world
+addFilter("E: non-readable")
+
+# Sorry: all the files flagged with this warning
+# are really config files
+addFilter("W: non-conffile-in-etc")

strongswan.spec

@@ -1,24 +1,25 @@
-#%%define Werror_cflags %nil
-%define _disable_ld_no_undefined 1
+#%%define Werror_cflags %%nil
+%define	_disable_ld_no_undefined 1
 
 %bcond_without nm
 
 Summary:	IPSEC implementation
 Name:		strongswan
-Version:	5.5.0
-Release:	5
+Version:	5.6.0
+Release:	1
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
+Source100:	%{name}.rpmlintrc
 BuildRequires:	gettext-devel
-BuildRequires:	gmp-devel
+BuildRequires:	gmp-devel >= 4.1.4
 BuildRequires:	openldap-devel
 BuildRequires:	trousers-devel
 BuildRequires:	pkgconfig(libcurl)
 BuildRequires:	pkgconfig(libxml-2.0)
 BuildRequires:	pkgconfig(openssl)
-BuildRequires:	pkgconfig(sqlite3)
+BuildRequires:	pkgconfig(sqlite3) >= 3.3.1
 BuildRequires:	pkgconfig(systemd)
 %if %{with nm}
 BuildRequires:	pkgconfig(NetworkManager)
@@ -26,25 +27,27 @@ BuildRequires:	pkgconfig(libnm-glib-vpn)
 BuildRequires:	pkgconfig(libnm-util)
 BuildRequires:	pkgconfig(libnm-glib)
 %endif
+Requires(post,preun):	rpm-helper
 
 %description
-FreeS/WAN is a free implementation of IPSEC & IKE for Linux.  IPSEC is
-the Internet Protocol Security and uses strong cryptography to provide
-both authentication and encryption services.  These services allow you
-to build secure tunnels through untrusted networks.  Everything passing
-through the untrusted net is encrypted by the ipsec gateway machine and
-decrypted by the gateway at the other end of the tunnel.  The resulting
-tunnel is a virtual private network or VPN.
-
-This package contains the daemons and userland tools for setting up
-FreeS/WAN on a freeswan enabled kernel.
+FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the
+Internet Protocol Security and uses strong cryptography to provide both
+authentication and encryption services. These services allow you to build
+secure tunnels through untrusted networks. Everything passing through the
+untrusted net is encrypted by the ipsec gateway machine and decrypted by the
+gateway at the other end of the tunnel. The resulting tunnel is a virtual
+private network or VPN.
+This package contains the daemons and userland tools for setting up FreeS/WAN
+on a freeswan enabled kernel.
 
 %files
 %doc README COPYING NEWS TODO
 %dir %{_sysconfdir}/%{name}
 %{_sysconfdir}/%{name}/ipsec.d/
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
+%config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
 %{_unitdir}/%{name}.service
 %{_sysconfdir}/%{name}/%{name}.d
 %{_sysconfdir}/%{name}/swanctl
@@ -69,6 +72,7 @@ FreeS/WAN on a freeswan enabled kernel.
 %{_libdir}/%{name}/plugins/lib%{name}-attr.so
 %{_libdir}/%{name}/plugins/lib%{name}-cmac.so
 %{_libdir}/%{name}/plugins/lib%{name}-constraints.so
+%{_libdir}/%{name}/plugins/lib%{name}-curve25519.so
 %{_libdir}/%{name}/plugins/lib%{name}-des.so
 %{_libdir}/%{name}/plugins/lib%{name}-dnskey.so
 %{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so
@@ -110,6 +114,7 @@ FreeS/WAN on a freeswan enabled kernel.
 %{_libdir}/%{name}/plugins/lib%{name}-curl.so
 %{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
 %{_libdir}/%{name}/plugins/lib%{name}-vici.so
+%{_libdir}/%{name}/plugins/lib%{name}-systime-fix.so
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/_copyright
 %{_libexecdir}/%{name}/_updown
@@ -119,10 +124,11 @@ FreeS/WAN on a freeswan enabled kernel.
 %{_libexecdir}/%{name}/stroke
 %{_libexecdir}/%{name}/_imv_policy
 %{_libexecdir}/%{name}/imv_policy_manager
-%{_libexecdir}/%{name}/pt-tls-client
+#{_libexecdir}/%%{name}/pt-tls-client
 %{_sbindir}/%{name}
 %{_sbindir}/swanctl
 %{_bindir}/pki
+%{_bindir}/pt-tls-client
 %{_mandir}/man5/%{name}.conf.5.*
 %{_mandir}/man1/%{name}*.1.*
 %{_mandir}/man5/%{name}_ipsec.conf.5.*
@@ -138,8 +144,8 @@ FreeS/WAN on a freeswan enabled kernel.
 %preun
 %_preun_service %{name}
 
-#%postun
-#%_postun_userdel strongswan
+#%%postun
+#%%_postun_userdel strongswan
 
 #----------------------------------------------------------------------------
 
@@ -172,6 +178,7 @@ IMC/IMV dynamic libraries can be used by any third party TNC Client/Server
 implementation possessing a standard IF-IMC/IMV interface.
 
 %files tnc-imcvs
+%doc COPYING
 %{_libdir}/%{name}/libimcv.so.0
 %{_libdir}/%{name}/libimcv.so.0.0.0
 %{_libdir}/%{name}/libtnccs.so.0
@@ -225,7 +232,6 @@ automake --add-missing --copy
     --with-ipsecdir=%{_libexecdir}/%{name} \
     --with-ipseclibdir=%{_libdir}/%{name} \
     --with-fips-mode=2 \
-    --with-tss=trousers \
     --enable-openssl \
     --enable-md4 \
     --enable-xauth-eap \
@@ -254,9 +260,11 @@ automake --add-missing --copy
     --enable-tnccs-dynamic \
     --enable-tnc-imc \
     --enable-tnc-imv \
+    --enable-tss-trousers \
     --enable-eap-radius \
     --enable-curl \
     --enable-eap-identity \
+    --enable-systime-fix \
 %if %{with nm}
     --enable-nm \
 %endif
@@ -264,20 +272,25 @@ automake --add-missing --copy
 %make
 sed -i 's/\t/    /' src/starter/ipsec.conf
 
+
 %install
 %makeinstall_std
-# prefix man pages
+
+# Prefix man pages
 for i in %{buildroot}%{_mandir}/*/*; do
-    if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
-        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
-    fi
+	if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
+		mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
+	fi
 done
-# delete unwanted library files
+
+# Delete unwanted library files
 rm %{buildroot}%{_libdir}/%{name}/*.so
 find %{buildroot} -type f -name '*.la' -delete
-# fix config permissions
+
+# Fix config permissions
 chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
-# protect configuration from ordinary user's eyes
+
+# Protect configuration from ordinary user's eyes
 chmod 700 %{buildroot}%{_sysconfdir}/%{name}
 
 # Create ipsec.d directory tree.
@@ -286,3 +299,7 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
     install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
 done
 
+# Put a conf file in the right spot
+mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/system.d/
+mv %{buildroot}%{_sysconfdir}/%{name}/dbus-1/system.d/nm-%{name}-service.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/
+rm -rf %{buildroot}%{_sysconfdir}/%{name}/dbus-1/