Djam/strongswan
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/strongswan.git synced 2025-02-23 22:12:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated to release 5.6.0, update configure options, updated file lists and added S100 to kill a boatload of wrong rpmlint output

Browse source
This commit is contained in:
Giovanni Mariani 2017-10-12 20:18:32 +02:00
parent 5898f0ece9
commit f742a55ad3
3 changed files with 58 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.abf.yml
View file

@ -1,2 +1,2 @@
sources: sources:
strongswan-5.5.0.tar.bz2: d76306a48f622ec4212413fa93dd858675ebf267 strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f

13
strongswan.rpmlintrc Normal file
View file

@ -0,0 +1,13 @@
# For /etc/strongswan, /etc/strongswan/ipsec.d and the dirs
# below the latter, actually we marked them as "0700".
# The build process marked /etc/strongswan/swanctl and the dirs
# below as "0750": perhaps also this is OK...
addFilter("E: non-standard-dir-perm")
# Security-related files: so it is OK
# be not readable by the world
addFilter("E: non-readable")
# Sorry: all the files flagged with this warning
# are really config files
addFilter("W: non-conffile-in-etc")

63
strongswan.spec
View file

@ -1,24 +1,25 @@
#%%define Werror_cflags %nil #%%define Werror_cflags %%nil
%define _disable_ld_no_undefined 1 %define _disable_ld_no_undefined 1
%bcond_without nm %bcond_without nm
Summary: IPSEC implementation Summary: IPSEC implementation
Name: strongswan Name: strongswan
Version: 5.5.0 Version: 5.6.0
Release: 5 Release: 1
License: GPLv2+ License: GPLv2+
Group: System/Servers Group: System/Servers
Url: https://www.strongswan.org/ Url: https://www.strongswan.org/
Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2 Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2
Source100: %{name}.rpmlintrc
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: gmp-devel BuildRequires: gmp-devel >= 4.1.4
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: trousers-devel BuildRequires: trousers-devel
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(sqlite3) >= 3.3.1
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
%if %{with nm} %if %{with nm}
BuildRequires: pkgconfig(NetworkManager) BuildRequires: pkgconfig(NetworkManager)
@ -26,25 +27,27 @@ BuildRequires: pkgconfig(libnm-glib-vpn)
BuildRequires: pkgconfig(libnm-util) BuildRequires: pkgconfig(libnm-util)
BuildRequires: pkgconfig(libnm-glib) BuildRequires: pkgconfig(libnm-glib)
%endif %endif
Requires(post,preun): rpm-helper
%description %description
FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is the
the Internet Protocol Security and uses strong cryptography to provide Internet Protocol Security and uses strong cryptography to provide both
both authentication and encryption services. These services allow you authentication and encryption services. These services allow you to build
to build secure tunnels through untrusted networks. Everything passing secure tunnels through untrusted networks. Everything passing through the
through the untrusted net is encrypted by the ipsec gateway machine and untrusted net is encrypted by the ipsec gateway machine and decrypted by the
decrypted by the gateway at the other end of the tunnel. The resulting gateway at the other end of the tunnel. The resulting tunnel is a virtual
tunnel is a virtual private network or VPN. private network or VPN.
This package contains the daemons and userland tools for setting up FreeS/WAN
This package contains the daemons and userland tools for setting up on a freeswan enabled kernel.
FreeS/WAN on a freeswan enabled kernel.
%files %files
%doc README COPYING NEWS TODO %doc README COPYING NEWS TODO
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%{_sysconfdir}/%{name}/ipsec.d/ %{_sysconfdir}/%{name}/ipsec.d/
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
%config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%{_sysconfdir}/%{name}/%{name}.d %{_sysconfdir}/%{name}/%{name}.d
%{_sysconfdir}/%{name}/swanctl %{_sysconfdir}/%{name}/swanctl
@ -69,6 +72,7 @@ FreeS/WAN on a freeswan enabled kernel.
%{_libdir}/%{name}/plugins/lib%{name}-attr.so %{_libdir}/%{name}/plugins/lib%{name}-attr.so
%{_libdir}/%{name}/plugins/lib%{name}-cmac.so %{_libdir}/%{name}/plugins/lib%{name}-cmac.so
%{_libdir}/%{name}/plugins/lib%{name}-constraints.so %{_libdir}/%{name}/plugins/lib%{name}-constraints.so
%{_libdir}/%{name}/plugins/lib%{name}-curve25519.so
%{_libdir}/%{name}/plugins/lib%{name}-des.so %{_libdir}/%{name}/plugins/lib%{name}-des.so
%{_libdir}/%{name}/plugins/lib%{name}-dnskey.so %{_libdir}/%{name}/plugins/lib%{name}-dnskey.so
%{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so %{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so
@ -110,6 +114,7 @@ FreeS/WAN on a freeswan enabled kernel.
%{_libdir}/%{name}/plugins/lib%{name}-curl.so %{_libdir}/%{name}/plugins/lib%{name}-curl.so
%{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so %{_libdir}/%{name}/plugins/lib%{name}-eap-identity.so
%{_libdir}/%{name}/plugins/lib%{name}-vici.so %{_libdir}/%{name}/plugins/lib%{name}-vici.so
%{_libdir}/%{name}/plugins/lib%{name}-systime-fix.so
%dir %{_libexecdir}/%{name} %dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/_copyright %{_libexecdir}/%{name}/_copyright
%{_libexecdir}/%{name}/_updown %{_libexecdir}/%{name}/_updown
@ -119,10 +124,11 @@ FreeS/WAN on a freeswan enabled kernel.
%{_libexecdir}/%{name}/stroke %{_libexecdir}/%{name}/stroke
%{_libexecdir}/%{name}/_imv_policy %{_libexecdir}/%{name}/_imv_policy
%{_libexecdir}/%{name}/imv_policy_manager %{_libexecdir}/%{name}/imv_policy_manager
%{_libexecdir}/%{name}/pt-tls-client #{_libexecdir}/%%{name}/pt-tls-client
%{_sbindir}/%{name} %{_sbindir}/%{name}
%{_sbindir}/swanctl %{_sbindir}/swanctl
%{_bindir}/pki %{_bindir}/pki
%{_bindir}/pt-tls-client
%{_mandir}/man5/%{name}.conf.5.* %{_mandir}/man5/%{name}.conf.5.*
%{_mandir}/man1/%{name}*.1.* %{_mandir}/man1/%{name}*.1.*
%{_mandir}/man5/%{name}_ipsec.conf.5.* %{_mandir}/man5/%{name}_ipsec.conf.5.*
@ -138,8 +144,8 @@ FreeS/WAN on a freeswan enabled kernel.
%preun %preun
%_preun_service %{name} %_preun_service %{name}
#%postun #%%postun
#%_postun_userdel strongswan #%%_postun_userdel strongswan
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -172,6 +178,7 @@ IMC/IMV dynamic libraries can be used by any third party TNC Client/Server
implementation possessing a standard IF-IMC/IMV interface. implementation possessing a standard IF-IMC/IMV interface.
%files tnc-imcvs %files tnc-imcvs
%doc COPYING
%{_libdir}/%{name}/libimcv.so.0 %{_libdir}/%{name}/libimcv.so.0
%{_libdir}/%{name}/libimcv.so.0.0.0 %{_libdir}/%{name}/libimcv.so.0.0.0
%{_libdir}/%{name}/libtnccs.so.0 %{_libdir}/%{name}/libtnccs.so.0
@ -225,7 +232,6 @@ automake --add-missing --copy
--with-ipsecdir=%{_libexecdir}/%{name} \ --with-ipsecdir=%{_libexecdir}/%{name} \
--with-ipseclibdir=%{_libdir}/%{name} \ --with-ipseclibdir=%{_libdir}/%{name} \
--with-fips-mode=2 \ --with-fips-mode=2 \
--with-tss=trousers \
--enable-openssl \ --enable-openssl \
--enable-md4 \ --enable-md4 \
--enable-xauth-eap \ --enable-xauth-eap \
@ -254,9 +260,11 @@ automake --add-missing --copy
--enable-tnccs-dynamic \ --enable-tnccs-dynamic \
--enable-tnc-imc \ --enable-tnc-imc \
--enable-tnc-imv \ --enable-tnc-imv \
--enable-tss-trousers \
--enable-eap-radius \ --enable-eap-radius \
--enable-curl \ --enable-curl \
--enable-eap-identity \ --enable-eap-identity \
--enable-systime-fix \
%if %{with nm} %if %{with nm}
--enable-nm \ --enable-nm \
%endif %endif
@ -264,20 +272,25 @@ automake --add-missing --copy
%make %make
sed -i 's/\t/ /' src/starter/ipsec.conf sed -i 's/\t/ /' src/starter/ipsec.conf
%install %install
%makeinstall_std %makeinstall_std
# prefix man pages
# Prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do for i in %{buildroot}%{_mandir}/*/*; do
if echo "$i" | grep -vq '/%{name}[^\/]*$'; then if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`" mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
fi fi
done done
# delete unwanted library files
# Delete unwanted library files
rm %{buildroot}%{_libdir}/%{name}/*.so rm %{buildroot}%{_libdir}/%{name}/*.so
find %{buildroot} -type f -name '*.la' -delete find %{buildroot} -type f -name '*.la' -delete
# fix config permissions
# Fix config permissions
chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
# protect configuration from ordinary user's eyes
# Protect configuration from ordinary user's eyes
chmod 700 %{buildroot}%{_sysconfdir}/%{name} chmod 700 %{buildroot}%{_sysconfdir}/%{name}
# Create ipsec.d directory tree. # Create ipsec.d directory tree.
@ -286,3 +299,7 @@ for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i} install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
done done
# Put a conf file in the right spot
mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/system.d/
mv %{buildroot}%{_sysconfdir}/%{name}/dbus-1/system.d/nm-%{name}-service.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/
rm -rf %{buildroot}%{_sysconfdir}/%{name}/dbus-1/