rpms/openswan/devel openswan-2.6-host_name_max.patch, NONE, 1.1 openswan-2.6-initscript.patch, NONE, 1.1 ipsec.conf, 1.2, 1.3 openswan.spec, 1.60, 1.61 ipsec.init, 1.8, NONE

Steve Conklin (sconklin) fedora-extras-commits at redhat.com
Fri Mar 14 15:34:06 UTC 2008


Author: sconklin

Update of /cvs/pkgs/rpms/openswan/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12731

Modified Files:
	ipsec.conf openswan.spec 
Added Files:
	openswan-2.6-host_name_max.patch openswan-2.6-initscript.patch 
Removed Files:
	ipsec.init 
Log Message:
Sync to latest upstream


openswan-2.6-host_name_max.patch:

--- NEW FILE openswan-2.6-host_name_max.patch ---
diff -up openswan-2.6.09/programs/pluto/myid.c.spc openswan-2.6.09/programs/pluto/myid.c
--- openswan-2.6.09/programs/pluto/myid.c.spc	2008-03-14 09:29:42.000000000 -0500
+++ openswan-2.6.09/programs/pluto/myid.c	2008-03-14 09:30:47.000000000 -0500
@@ -22,6 +22,7 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <limits.h>
 
 #include <openswan.h>
 #include <openswan/ipsec_policy.h>

openswan-2.6-initscript.patch:

--- NEW FILE openswan-2.6-initscript.patch ---
--- openswan-2.6.09/programs/setup/setup.in.spc	2008-03-13 13:52:38.000000000 -0500
+++ openswan-2.6.09/programs/setup/setup.in	2008-03-13 14:22:18.000000000 -0500
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # IPsec startup and shutdown script
 # Copyright (C) 1998, 1999, 2001  Henry Spencer.
 # Copyright (C) 2002              Michael Richardson <mcr at freeswan.org>
@@ -13,10 +13,6 @@
 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # for more details.
 #
-#
-# ipsec         init.d script for starting and stopping
-#               the IPsec security subsystem (KLIPS and Pluto).
-#
 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
 # and is also accessible as "ipsec setup" (the preferred route for human
 # invocation).
@@ -26,12 +22,40 @@
 # times of NFS filesystem startup/shutdown).  Startup is after startup of
 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
 #
-# chkconfig: 2345 47 76
-# description: IPsec provides encrypted and authenticated communications; \
-# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
+# chkconfig: - 47 76
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that we are root ... so non-root users stop here
+[ `id -u` = 0 ] || exit 1
 
 me='ipsec setup'		# for messages
 
+syslog ()
+{
+    logger -s "$*" -f daemon -p ${IPSECsyslog:-error} -n ipsec_setup
+}
+
+[ "$(tty)" != '/dev/console' ] && TTY=1;
+log ()
+{
+    if [ "$1" = "-n" ]; then 
+       nonl="-n";
+       shift;
+    fi;
+    [ -n "$TTY" ] && echo $nonl $0: "$*";
+    syslog $1;
+}
+fail()
+{
+    
+    log -n "$*";
+    failure;
+    echo;
+    exit 1;
+}
+
 # where the private directory and the config files are
 IPSEC_EXECDIR="${IPSEC_EXECDIR- at IPSEC_EXECDIR@}"
 IPSEC_LIBDIR="${IPSEC_LIBDIR- at IPSEC_LIBDIR@}"
@@ -60,9 +84,7 @@
 done
 if ! test "$found"
 then
-	echo "cannot find ipsec command -- \`$1' aborted" |
-		logger -s -p daemon.error -t ipsec_setup
-	exit 1
+	fail $"cannot find ipsec command"' -- `'$1"'"$" aborted"
 fi
 
 # accept a few flags
@@ -82,31 +104,6 @@
 	shift
 done
 
-
-# Pick up IPsec configuration (until we have done this, successfully, we
-# do not know where errors should go, hence the explicit "daemon.error"s.)
-# Note the "--export", which exports the variables created.
-variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
-if [ $? != 0 ]
-then
-    echo "Failed to parse config setup portion of ipsec.conf"
-    exit $?
-fi
-eval $variables
-
-if test " $IPSEC_confreadstatus" != " "
-then
-    case $1 in 
-    stop|--stop|_autostop) 
-	echo "$IPSEC_confreadstatus -- \`$1' may not work" |
-		logger -s -p daemon.error -t ipsec_setup;;
-		
-    *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
-	    logger -s -p daemon.error -t ipsec_setup;
-	exit 1;;
-    esac
-fi
-
 IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
 export IPSEC_confreadsection
 
@@ -116,49 +113,62 @@
 # misc setup
 umask 022
 
-mkdir -p /var/run/pluto
+RETVAL=0
+
+prog="IPsec"
+
+# Load the af_key module if not already present
+[ -e /proc/net/pfkey ] || /sbin/modprobe af_key &>/dev/null
 
+[ -e /proc/net/pfkey ] || sleep 1
+
+# Don't bother if /proc/net/pfkey still doesn't exist, we need it
+[ -e /proc/net/pfkey ] || exit 0
+
+# do it
+start_it()
+{
+	action $"Starting $prog: " ipsec _realsetup $1;
+	return $?;
+}
+
+stop_it()
+{
+        action $"Shutting down $prog: " ipsec _realsetup $1;
+        return $?;
+}
 
 # do it
 case "$1" in
-  start|--start|stop|--stop|_autostop|_autostart)
-	# remove for: @cygwin_START@ 
-	# portable way for checking for root
-	if [ ! -w / ]
-	then
-		
-		echo "permission denied (must be superuser)" |
-			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		exit 1
-	fi
-	# remove for: @cygwin_END@
-	tmp=/var/run/pluto/ipsec_setup.st
-	outtmp=/var/run/pluto/ipsec_setup.out
-	(
-		ipsec _realsetup $1
-		echo "$?" >$tmp
-	) > ${outtmp} 2>&1
-	st=$?
-	if test -f $tmp
-	then
-		st=`cat $tmp`
-		rm -f $tmp
+  start|--start|_autostart)
+	start_it $1;
+	RETVAL=$?;
+	;;
+
+  stop|--stop|_autostop)
+	stop_it $1;
+	RETVAL=$?;
+        ;;
+
+  condrestart)
+        if [ -f /var/lock/subsys/ipsec ]; then
+	        stop_it stop
+	        start_it start
+	        RETVAL=$?
+	else 
+		RETVAL=-1
 	fi
-	if [ -f ${outtmp} ]; then
-		cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		rm -f ${outtmp}
-	fi
-	exit $st
-	;;
+        ;;
 
   restart|--restart|force-reload)
-	$0 $IPSEC_setupflags stop
-	$0 $IPSEC_setupflags start
+	stop_it stop
+	start_it start
+        RETVAL=$?
 	;;
 
   _autorestart)			# for internal use only
-	$0 $IPSEC_setupflags _autostop
-	$0 $IPSEC_setupflags _autostart
+        stop_it _autostop
+        start_it _autostart
 	;;
 
   status|--status)
@@ -172,15 +182,13 @@
 	;;
 
   --help)
-	echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
-	echo "       $me --status"
+	echo $"Usage: $0 {start|stop|restart|condrestart|status}"
 	exit 0
 	;;
 
   *)
-	echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
-	echo "       $me --status"
+	echo $"Usage: $0 {start|stop|restart|condrestart|status}"
 	exit 2
 esac
 
-exit 0
+exit $RETVAL


Index: ipsec.conf
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/ipsec.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ipsec.conf	12 May 2005 15:01:20 -0000	1.2
+++ ipsec.conf	14 Mar 2008 15:33:32 -0000	1.3
@@ -11,6 +11,8 @@
 	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
 	# klipsdebug=none
 	# plutodebug="control parsing"
+	# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
+	protostack=netkey
 	nat_traversal=yes
 
 include /etc/ipsec.d/*.conf


Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/openswan.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- openswan.spec	11 Feb 2008 20:11:21 -0000	1.60
+++ openswan.spec	14 Mar 2008 15:33:32 -0000	1.61
@@ -1,14 +1,13 @@
 Summary: Openswan IPSEC implementation
 Name: openswan
-Version: 2.6.07
+Version: 2.6.09
 
 Release: 1%{?dist}
 License: GPLv2+
 Url: http://www.openswan.org/
 Source: openswan-%{version}.tar.gz
 
-Source2: ipsec.init
-Source3: ipsec.conf
+Source2: ipsec.conf
 
 Patch: openswan-2.6-examples.patch
 Patch1: openswan-2.6-relpath.patch
@@ -16,6 +15,8 @@
 Patch3: openswan-2.6-cleanbarf.patch
 Patch4: openswan-2.6-intwarning.patch
 Patch5: openswan-2.6-selinux.patch
+Patch6: openswan-2.6-initscript.patch
+Patch7: openswan-2.6-host_name_max.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -62,6 +63,8 @@
 %patch3 -p1 -b .cleanbarf
 %patch4 -p1 -b .interface
 %patch5 -p1 -b .selinux
+%patch6 -p1 -b .initfix
+%patch7 -p1 -b .hostnamemax
 
 %build
 
@@ -92,6 +95,8 @@
   install
 FS=$(pwd)
 rm -rf %{buildroot}/usr/share/doc/openswan
+
+# ipsec and setup both installed by default - they are identical
 rm -f %{buildroot}/etc/rc.d/init.d/setup
 rm -f %{buildroot}/usr/share/man/man3/*
 install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
@@ -99,8 +104,7 @@
 find %{buildroot}/etc/ipsec.d -type f -exec chmod 644 {} \;
 
 mkdir -p %{buildroot}%{_sysconfdir}
-install -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/ipsec.conf
-install -m 755 %{SOURCE2} %{buildroot}%{_initrddir}/ipsec
+install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/ipsec.conf
 
 sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' %{buildroot}%{_initrddir}/ipsec
 
@@ -152,6 +156,13 @@
 chkconfig --add ipsec || :
 
 %changelog
+* Wed Mar 12 2008 Steve Conklin <sconklin at redhat.com> - 2.6.08-1
+- Moved to latest upstream
+- Replaced the init script source file with a patch to the upstream one
+-    (no functional changes to the init script)
+- Added protostack=netkey to ipsec.conf
+- New patch to include definition of HOST_NAME_MAX
+
 * Mon Feb 11 2008 Steve Conklin <sconklin at redhat.com> - 2.6.07-1
 - Moved to latest upstream
 


--- ipsec.init DELETED ---




More information about the fedora-extras-commits mailing list