rpms/openswan/FC-3 ipsec.conf, NONE, 1.1 ipsec.init, 1.3, 1.4 openswan-2.3.0-pie.patch, NONE, 1.1 openswan-2.3.1-cisco.patch, NONE, 1.1 openswan-2.3.1-nat_t_aggr.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 openswan.spec, 1.9, 1.10 sources, 1.3, 1.4 openswan-2.1.4-fix_status.patch, 1.1, NONE openswan-2.1.4-initscript.patch, 1.3, NONE openswan-2.1.4-manpages.patch, 1.1, NONE openswan-2.1.4-pie.patch, 1.1, NONE openswan-2.1.4-selinux.patch, 1.1, NONE openswan-2.1.4-x86_64_pie.patch, 1.1, NONE openswan-2.1.5-pam-sa.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Nov 21 07:57:24 UTC 2005
- Previous message (by thread): rpms/openswan/FC-4 .cvsignore, 1.5, 1.6 openswan.spec, 1.18, 1.19 sources, 1.5, 1.6 openswan-2.3.0-fix_status.patch, 1.1, NONE openswan-2.3.0-wall.patch, 1.2, NONE openswan-2.3.1-iproute2.patch, 1.1, NONE
- Next message (by thread): rpms/traceroute/devel traceroute-1.0.3-notneighbor.patch, NONE, 1.1 traceroute.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: harald
Update of /cvs/dist/rpms/openswan/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv10647
Modified Files:
.cvsignore openswan.spec sources
Added Files:
ipsec.conf ipsec.init openswan-2.3.0-pie.patch
openswan-2.3.1-cisco.patch openswan-2.3.1-nat_t_aggr.patch
Removed Files:
openswan-2.1.4-fix_status.patch
openswan-2.1.4-initscript.patch openswan-2.1.4-manpages.patch
openswan-2.1.4-pie.patch openswan-2.1.4-selinux.patch
openswan-2.1.4-x86_64_pie.patch openswan-2.1.5-pam-sa.patch
Log Message:
version 2.4.4
--- NEW FILE ipsec.conf ---
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
nat_traversal=yes
include /etc/ipsec.d/*.conf
Index: ipsec.init
===================================================================
RCS file: ipsec.init
diff -N ipsec.init
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ipsec.init 21 Nov 2005 07:57:22 -0000 1.4
@@ -0,0 +1,206 @@
+#!/bin/bash
+#
+# ipsec init.d script for starting and stopping
+# the IPsec security subsystem (KLIPS and Pluto).
+#
+# chkconfig: - 47 76
+# description: IPsec provides encrypted and authenticated communications; \
+# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
+
+
+# IPsec startup and shutdown script
+# Copyright (C) 1998, 1999, 2001 Henry Spencer.
+# Copyright (C) 2002 Michael Richardson <mcr at freeswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id$
+#
+# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
+# and is also accessible as "ipsec setup" (the preferred route for human
+# invocation).
+#
+# The startup and shutdown times are a difficult compromise (in particular,
+# it is almost impossible to reconcile them with the insanely early/late
+# times of NFS filesystem startup/shutdown). Startup is after startup of
+# syslog and pcmcia support; shutdown is just before shutdown of syslog.
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that we are root ... so non-root users stop here
+[ `id -u` = 0 ] || exit 1
+
+
+me='ipsec setup' # for messages
+
+syslog ()
+{
+ /sbin/initlog -s "$*" -f daemon -p ${IPSECsyslog:-error} -n ipsec_setup
+}
+
+[ "$(tty)" != '/dev/console' ] && TTY=1;
+log ()
+{
+ if [ "$1" = "-n" ]; then
+ nonl="-n";
+ shift;
+ fi;
+ [ -n "$TTY" ] && echo $nonl $0: "$*";
+ syslog $1;
+}
+fail()
+{
+
+ log -n "$*";
+ failure;
+ echo;
+ exit 1;
+}
+
+# where the private directory and the config files are
+IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
+IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
+IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
+IPSEC_CONFS="${IPSEC_CONFS-/etc}"
+
+if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
+then
+ # we must establish a suitable PATH ourselves
+ PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
+ export PATH
+
+ IPSEC_DIR="$IPSEC_LIBDIR"
+ export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
+fi
+
+# Check that the ipsec command is available.
+found=
+for dir in `echo $PATH | tr ':' ' '`
+do
+ if test -f $dir/ipsec -a -x $dir/ipsec
+ then
+ found=yes
+ break # NOTE BREAK OUT
+ fi
+done
+if ! test "$found"
+then
+
+ fail $"cannot find ipsec command"' -- `'$1"'"$" aborted"
+fi
+
+# accept a few flags
+
+export IPSEC_setupflags
+IPSEC_setupflags=""
+
+config=""
+
+for dummy
+do
+ case "$1" in
+ --showonly|--show) IPSEC_setupflags="$1" ;;
+ --config) config="--config $2" ; shift ;;
+ *) break ;;
+ esac
+ shift
+done
+
+
+# Pick up IPsec configuration (until we have done this, successfully, we
+# do not know where errors should go, hence the explicit "daemon.error"s.)
+# Note the "--export", which exports the variables created.
+eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
+if test " $IPSEC_confreadstatus" != " "
+then
+ fail "$IPSEC_confreadstatus -- "'`'$1' '$"aborted"
+fi
+
+IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
+export IPSEC_confreadsection
+
+IPSECsyslog=${IPSECsyslog-daemon.error}
+export IPSECsyslog
+
+# misc setup
+umask 022
+
+RETVAL=0
+
+prog="IPsec"
+
+# do it
+start_it()
+{
+ action $"Starting $prog: " ipsec _realsetup $1;
+ return $?;
+}
+
+stop_it()
+{
+ action $"Shutting down $prog: " ipsec _realsetup $1;
+ return $?;
+}
+
+case "$1" in
+ start|--start|_autostart)
+ start_it $1;
+ RETVAL=$?;
+ ;;
+
+ stop|--stop|_autostop)
+ stop_it $1;
+ RETVAL=$?;
+ ;;
+
+ condrestart)
+ if [ -f /var/lock/subsys/ipsec ]; then
+ stop_it stop
+ start_it start
+ RETVAL=$?
+ else
+ RETVAL=-1
+ fi
+ ;;
+
+ restart|--restart|force-reload)
+ stop_it stop
+ start_it start
+ RETVAL=$?
+ ;;
+
+ _autorestart) # for internal use only
+ stop_it _autostop
+ start_it _autostart
+ ;;
+
+ status|--status)
+ ipsec _realsetup $1
+ exit
+ ;;
+
+ --version)
+ echo "$me $IPSEC_VERSION"
+ exit 0
+ ;;
+
+ --help)
+ echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+ exit 0
+ ;;
+
+ *)
+ echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+ exit 2
+esac
+
+exit $RETVAL
openswan-2.3.0-pie.patch:
lib/libcrypto/libdes/Makefile | 2 +-
programs/Makefile.program | 2 +-
programs/pluto/Makefile | 10 +++++-----
3 files changed, 7 insertions(+), 7 deletions(-)
--- NEW FILE openswan-2.3.0-pie.patch ---
--- openswan-2.3.1/lib/libcrypto/libdes/Makefile.pie 2004-12-18 19:13:34.000000000 +0100
+++ openswan-2.3.1/lib/libcrypto/libdes/Makefile 2005-04-13 16:21:03.000000000 +0200
@@ -60,7 +60,7 @@
# normally overridden by FreeS/WAN Makefiles anyway
CFLAG= -O3 -fomit-frame-pointer -I${KLIPSD}/include -I${SRCDIR}
-CFLAGS=$(OPTS) $(CFLAG)
+CFLAGS=$(OPTS) $(CFLAG) $(USERCOMPILE)
CPP=$(CC) -E
# Assember version of des_encrypt*().
--- openswan-2.3.1/programs/Makefile.program.pie 2005-01-26 02:01:08.000000000 +0100
+++ openswan-2.3.1/programs/Makefile.program 2005-04-13 16:21:03.000000000 +0200
@@ -125,7 +125,7 @@
%: %.o
%: %.o $(OBJS) $(OPENSWANLIB)
- $(CC) $(CFLAGS) -o $@ $@.o ${OBJS} $(LDFLAGS) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ $@.o ${OBJS} $(LDFLAGS) $(LIBS) $(USERLINK)
%.i: %.c
$(CC) $(CFLAGS) -E -o $@ $<
--- openswan-2.3.1/programs/pluto/Makefile.pie 2005-03-27 22:21:41.000000000 +0200
+++ openswan-2.3.1/programs/pluto/Makefile 2005-04-13 16:24:27.000000000 +0200
@@ -420,16 +420,16 @@
$(CC) -o $@ $^ $(LIBSPLUTO)
$(BINNAMEPLUTO): $(OBJSPLUTO) $(ALG_LIBS) $(OPENSWANLIB)
- $(CC) -o $(BINNAMEPLUTO) $(LDFLAGS) $(OBJSPLUTO) $(LIBSPLUTO)
+ $(CC) -o $(BINNAMEPLUTO) $(LDFLAGS) $(USERLINK) $(OBJSPLUTO) $(LIBSPLUTO)
$(BINNAMEADNS): $(OBJSADNS)
- $(CC) -o $(BINNAMEADNS) $(OBJSADNS) $(LIBSADNS)
+ $(CC) -o $(BINNAMEADNS) $(OBJSADNS) $(USERLINK) $(LIBSADNS)
$(BINNAMEWHACK): $(OBJSWHACK)
- $(CC) -o $(BINNAMEWHACK) $(OBJSWHACK) $(LIBSWHACK)
+ $(CC) -o $(BINNAMEWHACK) $(OBJSWHACK) $(USERLINK) $(LIBSWHACK)
$(BINNAMEWHACKINIT): $(OBJSWHACKINIT)
- $(CC) -o $(BINNAMEWHACKINIT) $(OBJSWHACKINIT) $(LIBSWHACK)
+ $(CC) -o $(BINNAMEWHACKINIT) $(OBJSWHACKINIT) $(USERLINK) $(LIBSWHACK)
distlist:
@echo $(DIST)
@@ -464,7 +464,7 @@
checkprograms:
.c.o:
- $(CC) $(COPTS) $(ALLFLAGS) -c $<
+ $(CC) $(COPTS) $(ALLFLAGS) $(USERCOMPILE) -c $<
%.i: %.c
$(CC) $(COPTS) $(ALLFLAGS) -E -o $@ $<
openswan-2.3.1-cisco.patch:
ipsec_doi.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
--- NEW FILE openswan-2.3.1-cisco.patch ---
--- openswan-2.3.1/programs/pluto/ipsec_doi.c.cisco 2005-03-27 22:15:09.000000000 +0200
+++ openswan-2.3.1/programs/pluto/ipsec_doi.c 2005-04-22 11:51:14.231560872 +0200
@@ -2061,10 +2061,11 @@
&& !(id->isaid_doi_specific_a == IPPROTO_UDP && id->isaid_doi_specific_b == IKE_UDP_PORT))
{
loglog(RC_LOG_SERIOUS, "protocol/port in Phase 1 ID Payload must be 0/0 or %d/%d"
- " but are %d/%d"
+ " but are %d/%d nat_traversal=%d"
, IPPROTO_UDP, IKE_UDP_PORT
- , id->isaid_doi_specific_a, id->isaid_doi_specific_b);
- return FALSE;
+ , id->isaid_doi_specific_a, id->isaid_doi_specific_b, st->hidden_variables.st_nat_traversal);
+ /* id->isaid_doi_specific_b = IKE_UDP_PORT; */
+ /* st->hidden_variables.st_nat_traversal |= NAT_T_WITH_PORT_FLOATING; */
}
peer.kind = id->isaid_idtype;
openswan-2.3.1-nat_t_aggr.patch:
nat_traversal.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE openswan-2.3.1-nat_t_aggr.patch ---
--- openswan-2.3.1/programs/pluto/nat_traversal.c.nat_t 2005-03-21 00:16:16.000000000 +0100
+++ openswan-2.3.1/programs/pluto/nat_traversal.c 2005-05-12 15:32:09.000000000 +0200
@@ -780,7 +780,7 @@
* need to change port (MAIN_I3 or QUICK_I1)
*/
if (((st->st_state == STATE_MAIN_I3)
- || (st->st_state == STATE_QUICK_I1))
+ || (st->st_state == STATE_AGGR_I2))
&& (st->hidden_variables.st_nat_traversal & NAT_T_WITH_PORT_FLOATING)
&& (st->hidden_variables.st_nat_traversal & NAT_T_DETECTED)
&& (st->st_localport != NAT_T_IKE_FLOAT_PORT))
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/openswan/FC-3/.cvsignore,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- .cvsignore 13 Oct 2004 10:23:11 -0000 1.3
+++ .cvsignore 21 Nov 2005 07:57:22 -0000 1.4
@@ -1 +1 @@
-openswan-2.1.5.tar.gz
+openswan-2.4.4.tar.gz
Index: openswan.spec
===================================================================
RCS file: /cvs/dist/rpms/openswan/FC-3/openswan.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- openswan.spec 27 Jan 2005 11:26:20 -0000 1.9
+++ openswan.spec 21 Nov 2005 07:57:22 -0000 1.10
@@ -1,122 +1,317 @@
Summary: Openswan IPSEC implementation
Name: openswan
-Version: 2.1.5
-%define tarversion %{version}
-Release: 2.FC3.1
-Source: http://www.openswan.org/code/openswan-%{tarversion}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-buildroot
-Summary: Openswan IPsec userland tools
-Url: http://www.openswan.org/
+Version: 2.4.4
+%define ourrelease 0.FC3.1
+
+%define with_klips 0
+
+%if %{with_klips}
+%define do_userland userland
+%else
+%define do_userland %{nil}
+%endif
+
+%if %{with_klips}
+%define defkv 2.6.11-1.1369_FC4
+# The default kernel version to build for is the latest of
+# the installed kernel-source RPMs.
+# This can be overridden by "--define 'kversion x.x.x-y.y.y'"
+%{!?kversion: %{expand: %%define kversion %defkv}}
+%define krelver %(echo %{kversion} | tr -s '-' '_')
+# Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
+%endif
+
+%define srcpkgver %(echo %{version} | tr -s '_' '-')
+%define srcpkgver 2.4.4
+
+%define debug_package %{nil}
+Release: %{ourrelease}
License: GPL
+Url: http://www.openswan.org/
+Source: openswan-%{srcpkgver}.tar.gz
+
+Source2: ipsec.init
+Source3: ipsec.conf
+
+Patch1: openswan-2.3.0-pie.patch
+
+# http://bugs.xelerance.com/view.php?id=231
+Patch4: openswan-2.3.1-nat_t_aggr.patch
+
+Patch6: openswan-2.3.1-cisco.patch
+
Group: System Environment/Daemons
+BuildRoot: /var/tmp/%{name}-%{PACKAGE_VERSION}-root/
+BuildRequires: gmp-devel bison flex
+Requires(post): coreutils bash
+Requires(preun): initscripts chkconfig
+
+%if %{with_klips}
+%package userland
+Summary: Openswan IPSEC usermod tools
+Group: System Environment/Daemons
+Release: %{ourrelease}
+%endif
Provides: ipsec-userland
-Requires: iproute ipsec-tools
-BuildRequires: pam-devel gmp-devel
-Patch0: openswan-2.1.4-initscript.patch
-Patch1: openswan-2.1.4-fix_status.patch
-Patch2: openswan-2.1.4-manpages.patch
-Patch3: openswan-2.1.4-pie.patch
-Patch4: openswan-2.1.4-x86_64_pie.patch
-Patch5: openswan-2.1.4-selinux.patch
-Patch6: openswan-2.1.5-pam-sa.patch
+Obsoletes: freeswan superfreeswan super-freeswan
+#unless kernel with NETKEY supplies this capability we cannot do this
+#Requires: ipsec-kernel
-%description
-Openswan is a free implementation of IPSEC & IKE for Linux.
+%package doc
+Summary: Openswan IPSEC full documentation
+Group: System Environment/Daemons
+Release: %{ourrelease}
-IPsec is Internet Protocol Security and uses strong cryptography to
-provide both authentication and encryption services. These services
-allow you to build secure tunnels through untrusted networks.
-Everything passing through the untrusted net is encrypted by the ipsec
-gateway machine and decrypted by the gateway at the other end of the
-tunnel. The resulting tunnel is a virtual private network or VPN.
+%if %{with_klips}
+%package klips
+Summary: Openswan kernel module
+Group: System Environment/Kernel
+Release: %{krelver}_%{ourrelease}
+Provides: ipsec-kernel
+Requires: kernel = %{kversion}
+# do not make the dependancy circular for now.
+Requires: ipsec-userland
+BuildRequires: kernel = %{kversion} kernel-smp = %{kversion} kernel-devel = %{kversion}
+%endif
+
+%if %{with_klips}
+%description userland
+%else
+%description
+%endif
+Openswan is a free implementation of IPSEC & IKE for Linux. IPSEC is
+the Internet Protocol Security and uses strong cryptography to provide
+both authentication and encryption services. These services allow you
+to build secure tunnels through untrusted networks. Everything passing
+through the untrusted net is encrypted by the ipsec gateway machine and
+decrypted by the gateway at the other end of the tunnel. The resulting
+tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
-Openswan on a kernel with the 2.6 native IPsec code.
+Openswan on a freeswan enabled kernel.
-%prep
-%setup -q -n openswan-%{tarversion}
-%patch0 -p1 -b .initscript
-%patch1 -p1 -b .fix_status
-%patch2 -p1 -b .manpages
-%ifarch x86_64
-%patch4 -p1 -b .x86_64_pie
-%else
-%patch3 -p1 -b .pie
+%if %{with_klips}
+%description klips
+This package contains only the ipsec module for the RedHat/Fedora series of
+kernels.
+%endif
+
+%description doc
+This package contains extensive documentation of the Openswan IPSEC
+system.
+
+%if %{with_klips}
+%description
+A dummy package that installs userland and kernel pieces.
%endif
-%patch6 -p1 -b .pam_sa
+
+%prep
+rm -rf ${RPM_BUILD_ROOT}
+%setup -q -n openswan-%{srcpkgver}
+#%patch1 -p1 -b .pie
+%patch4 -p1 -b .nat_t
+%patch6 -p1 -b .cisco
%build
+
+
%{__make} \
- USERCOMPILE="-g %{optflags}" \
+ USERCOMPILE="-g %{optflags} -fPIE -pie" \
+ USERLINK="-g -pie" \
INC_USRLOCAL=%{_prefix} \
+ FINALLIBDIR=%{_libdir}/ipsec \
MANTREE=%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
- BIND9STATICLIBDIR=%{_libdir} \
- USE_XAUTH=true \
- USE_XAUTHPAM=true \
+ USE_LWRES=false \
programs
FS=$(pwd)
+%if %{with_klips}
+mkdir -p BUILD.%{_target_cpu}
+mkdir -p BUILD.%{_target_cpu}-smp
+
+cd packaging/redhat
+for i in *.h;do echo '#include "../linus/config-all.h"' >> $i;done
+for smp in -smp ""
+do
+# rpm doesn't know we're compiling kernel code. optflags will give us -m64
+%{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu}$smp \
+ OPENSWANSRCDIR=$FS \
+ KLIPSCOMPILE="%{optflags} -mno-red-zone -mcmodel=kernel" \
+ KERNELSRC=/lib/modules/%{kversion}/build \
+ ARCH=%{_arch} \
+ SUBARCH=%{_arch} \
+ MODULE_DEF_INCLUDE=$FS/packaging/redhat/config-%{_target_cpu}$smp.h \
+ module26
+done
+%endif
+
%install
rm -rf ${RPM_BUILD_ROOT}
%{__make} \
DESTDIR=%{buildroot} \
INC_USRLOCAL=%{_prefix} \
- INC_RCDEFAULT=%{_initrddir} \
+ FINALLIBDIR=%{_libdir}/ipsec \
MANTREE=%{buildroot}%{_mandir} \
- BIND9STATICLIBDIR=%{_libdir} \
- USE_XAUTH=true \
- USE_XAUTHPAM=true \
- DOCDIR=%{buildroot}/usr/share/doc/openswan-%{version} \
+ INC_RCDEFAULT=%{_initrddir} \
+ USE_LWRES=false \
install
-install -d -m700 %{buildroot}%{_localstatedir}/run/pluto
+FS=$(pwd)
+rm -rf %{buildroot}/usr/share/doc/openswan
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
install -d %{buildroot}%{_sbindir}
-#install -m755 $RPM_SOURCE_DIR/ipsec.init %{buildroot}/%{_initrddir}/ipsec
-
find %{buildroot}/etc/ipsec.d -type f -exec chmod 644 {} \;
-# Fix freeswan docs
-mkdir manual
-mv %{buildroot}/usr/share/doc/openswan-%{version}/* ./manual
-chmod 644 manual/*
-rm -rf %{buildroot}/usr/share/doc
+%if %{with_klips}
+mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
+cp $FS/BUILD.%{_target_cpu}/ipsec.ko \
+ %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
+
+mkdir -p %{buildroot}/lib/modules/%{kversion}smp/kernel/net/ipsec
+cp BUILD.%{_target_cpu}-smp/ipsec.ko \
+ %{buildroot}lib/modules/%{kversion}smp/kernel/net/ipsec
+%endif
+
+mkdir -p %{buildroot}%{_sysconfdir}
+cp %{SOURCE3} %{buildroot}%{_sysconfdir}/ipsec.conf
+cp %{SOURCE2} %{buildroot}%{_initrddir}/ipsec
+
+sed -i -e 's#/usr/lib/#%{_libdir}/#g' %{buildroot}%{_initrddir}/ipsec
+
+echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
+cp %{buildroot}%{_sysconfdir}/ipsec.d/examples/no_oe.conf \
+ %{buildroot}%{_sysconfdir}/ipsec.d/
+
+chmod a-x %{buildroot}%{_mandir}/*/*
+
+# nuke duplicate docs to save space. this leaves html and ps
+rm -f doc/HOWTO.pdf doc/HOWTO.txt
+
+rm -fr %{buildroot}/etc/rc.d/rc*
%clean
rm -rf ${RPM_BUILD_ROOT}
-%files
+%files doc
+%defattr(-,root,root)
+%doc doc
+
+%if %{with_klips}
+%files userland
+%else
+%files
+%endif
%defattr(-,root,root)
-%doc BUGS CHANGES COPYING CREDITS README
+%doc BUGS CHANGES COPYING CREDITS README LICENSE ROADMAP.txt
+%doc doc/manpage.d/*
%doc doc/README.* doc/CHANGES.* doc/CREDITS.* doc/2.6.known-issues
-%doc doc/examples doc/std doc/quickstarts manual
+%doc doc/examples doc/std doc/quickstarts
+# /usr/share/doc/openswan/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
-%attr(0755,root,root) %dir %{_sysconfdir}/ipsec.d
-%dir %{_sysconfdir}/ipsec.d/*
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/*/*
-%config %{_initrddir}/ipsec
-/usr/lib/ipsec
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/no_oe.conf
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/examples/*
+%{_initrddir}/ipsec
+%{_libdir}/ipsec
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
+%{_mandir}/*/*.gz
%{_localstatedir}/run/pluto
-%{_mandir}
-%preun
+%if %{with_klips}
+%files klips
+%defattr (-,root,root)
+/lib/modules/%{kversion}/kernel/net/ipsec
+/lib/modules/%{kversion}smp/kernel/net/ipsec
+%endif
+
+%pre %{do_userland}
+%preun %{do_userland}
if [ $1 = 0 ]; then
- service ipsec stop > /dev/null 2>&1
+ /sbin/service ipsec stop || :
/sbin/chkconfig --del ipsec
fi
-%postun
-if [ "$1" -ge "1" ]; then
- service ipsec condrestart > /dev/null 2>&1
+%postun %{do_userland}
+if [ $1 -ge 1 ] ; then
+ /sbin/service ipsec condrestart 2>&1 > /dev/null || :
fi
-%post
+%if %{with_klips}
+%postun klips
+%post klips
+%endif
+
+%post %{do_userland}
chkconfig --add ipsec
+if [ ! -e /etc/ipsec.d/hostkey.secrets ];then
+ ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets
+fi
+exit 0
%changelog
-* Thu Dec 27 2005 Harald Hoyer <harald at redhat.com> - 2.1.5-2.FC3.1
-- fixed possible xauth/PAM buffer overflow. (bug 146287)
+* Mon Nov 21 2005 Harald Hoyer <harald at redhat.com> - 2.4.4-1.0.FC3.1
+- version 2.4.4
+- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
+- fixes NISCC Advisory 3756/NISCC/ISAKMP
+
+* Wed Nov 02 2005 Harald Hoyer <harald at redhat.com> - 2.4.2-0.dr5.1
+- version 2.4.2dr5
+
+* Tue Oct 25 2005 Harald Hoyer <harald at redhat.com> - 2.4.2-0.dr1.1
+- version 2.4.2dr1
+
+* Tue Sep 13 2005 Harald Hoyer <harald at redhat.com> - 2.4.0-1
+- version 2.4.0
+
+* Wed Aug 31 2005 Harald Hoyer <harald at redhat.com> - 2.4.0-0.rc4.1
+- new version
+
+* Sun Jul 31 2005 Florian La Roche <laroche at redhat.com>
+- remove sysv startup links to build with current rpm
+
+* Thu May 12 2005 Harald Hoyer <harald at redhat.com> - 2.3.1-3
+- added openswan-2.3.1-nat_t_aggr.patch
+- added openswan-2.3.1-iproute2.patch
+- added openswan-2.3.1-cisco.patch
+- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000
+
+* Wed Apr 27 2005 Harald Hoyer <harald at redhat.com> - 2.3.1-2
+- added Requires(post) of coreutils bash (bug 155699)
+- added Requires(preun) initscripts chkconfig
+
+* Wed Apr 13 2005 Harald Hoyer <harald at redhat.com> - 2.3.1-1
+- version 2.3.1
+
+* Mon Apr 4 2005 Jeremy Katz <katzj at redhat.com> - 2.3.0-6
+- remove some duplicate copies of the docs
+
+* Wed Mar 02 2005 Harald Hoyer <harald at redhat.com>
+- rebuilt
+
+* Mon Feb 21 2005 Harald Hoyer <harald at redhat.com> - 2.3.0-4
+- fixed bug rh#149164
+
+* Fri Feb 18 2005 Harald Hoyer <harald at redhat.com> - 2.3.0-3
+- patched code to compile with gcc4
+
+* Fri Jan 14 2005 Harald Hoyer <harald at redhat.com> - 2.3.0-2
+- Do not enable the initscript per default
+
+* Tue Jan 11 2005 Harald Hoyer <harald at redhat.com> - 2.3.0-1
+- version 2.3.0
+- reimported specfile
+- PIEd openswan
+- cleaned up initial config files and added include directives
+ for easy config drop in
+
+* Wed Jan 5 2005 Paul Wouters <paul at xelerance.com>
+- Updated for x86_64 and klips on 2.6
+
+* Tue Nov 2 2004 Dan Walsh <dwalsh at redhat.com> - 2.1.5-3
+- Apply selinux patch
* Thu Oct 21 2004 Bill Nottingham <notting at redhat.com> - 2.1.5-2
- don't run by default. again.
@@ -127,7 +322,7 @@
- version 2.1.5 with minor fixes
* Tue Sep 21 2004 Harald Hoyer <harald at redhat.com> - 2.1.4-7
-- added more build reqs (bug 132877)
+- added more build reqs (bug 132877)
* Thu Sep 9 2004 Bill Nottingham <notting at redhat.com> - 2.1.4-6
- don't run by default
@@ -154,4 +349,3 @@
* Tue May 25 2004 Ken Bantoft <ken at xelerance.com>
- Initial version, based on FreeS/WAN .spec
-
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openswan/FC-3/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sources 13 Oct 2004 10:23:11 -0000 1.3
+++ sources 21 Nov 2005 07:57:22 -0000 1.4
@@ -1 +1 @@
-c5f09a22e7d2d831163ce4ab9534c0a2 openswan-2.1.5.tar.gz
+bd1a46c64727674149de61da2a32ca63 openswan-2.4.4.tar.gz
--- openswan-2.1.4-fix_status.patch DELETED ---
--- openswan-2.1.4-initscript.patch DELETED ---
--- openswan-2.1.4-manpages.patch DELETED ---
--- openswan-2.1.4-pie.patch DELETED ---
--- openswan-2.1.4-selinux.patch DELETED ---
--- openswan-2.1.4-x86_64_pie.patch DELETED ---
--- openswan-2.1.5-pam-sa.patch DELETED ---
- Previous message (by thread): rpms/openswan/FC-4 .cvsignore, 1.5, 1.6 openswan.spec, 1.18, 1.19 sources, 1.5, 1.6 openswan-2.3.0-fix_status.patch, 1.1, NONE openswan-2.3.0-wall.patch, 1.2, NONE openswan-2.3.1-iproute2.patch, 1.1, NONE
- Next message (by thread): rpms/traceroute/devel traceroute-1.0.3-notneighbor.patch, NONE, 1.1 traceroute.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list