rpms/openswan/devel openswan-2.6-host_name_max.patch, NONE, 1.1 openswan-2.6-initscript.patch, NONE, 1.1 ipsec.conf, 1.2, 1.3 openswan.spec, 1.60, 1.61 ipsec.init, 1.8, NONE
Steve Conklin (sconklin)
fedora-extras-commits at redhat.com
Fri Mar 14 15:34:06 UTC 2008
Author: sconklin
Update of /cvs/pkgs/rpms/openswan/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12731
Modified Files:
ipsec.conf openswan.spec
Added Files:
openswan-2.6-host_name_max.patch openswan-2.6-initscript.patch
Removed Files:
ipsec.init
Log Message:
Sync to latest upstream
openswan-2.6-host_name_max.patch:
--- NEW FILE openswan-2.6-host_name_max.patch ---
diff -up openswan-2.6.09/programs/pluto/myid.c.spc openswan-2.6.09/programs/pluto/myid.c
--- openswan-2.6.09/programs/pluto/myid.c.spc 2008-03-14 09:29:42.000000000 -0500
+++ openswan-2.6.09/programs/pluto/myid.c 2008-03-14 09:30:47.000000000 -0500
@@ -22,6 +22,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
+#include <limits.h>
#include <openswan.h>
#include <openswan/ipsec_policy.h>
openswan-2.6-initscript.patch:
--- NEW FILE openswan-2.6-initscript.patch ---
--- openswan-2.6.09/programs/setup/setup.in.spc 2008-03-13 13:52:38.000000000 -0500
+++ openswan-2.6.09/programs/setup/setup.in 2008-03-13 14:22:18.000000000 -0500
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
# Copyright (C) 2002 Michael Richardson <mcr at freeswan.org>
@@ -13,10 +13,6 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
-#
-# ipsec init.d script for starting and stopping
-# the IPsec security subsystem (KLIPS and Pluto).
-#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
@@ -26,12 +22,40 @@
# times of NFS filesystem startup/shutdown). Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
-# chkconfig: 2345 47 76
-# description: IPsec provides encrypted and authenticated communications; \
-# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
+# chkconfig: - 47 76
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that we are root ... so non-root users stop here
+[ `id -u` = 0 ] || exit 1
me='ipsec setup' # for messages
+syslog ()
+{
+ logger -s "$*" -f daemon -p ${IPSECsyslog:-error} -n ipsec_setup
+}
+
+[ "$(tty)" != '/dev/console' ] && TTY=1;
+log ()
+{
+ if [ "$1" = "-n" ]; then
+ nonl="-n";
+ shift;
+ fi;
+ [ -n "$TTY" ] && echo $nonl $0: "$*";
+ syslog $1;
+}
+fail()
+{
+
+ log -n "$*";
+ failure;
+ echo;
+ exit 1;
+}
+
# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR- at IPSEC_EXECDIR@}"
IPSEC_LIBDIR="${IPSEC_LIBDIR- at IPSEC_LIBDIR@}"
@@ -60,9 +84,7 @@
done
if ! test "$found"
then
- echo "cannot find ipsec command -- \`$1' aborted" |
- logger -s -p daemon.error -t ipsec_setup
- exit 1
+ fail $"cannot find ipsec command"' -- `'$1"'"$" aborted"
fi
# accept a few flags
@@ -82,31 +104,6 @@
shift
done
-
-# Pick up IPsec configuration (until we have done this, successfully, we
-# do not know where errors should go, hence the explicit "daemon.error"s.)
-# Note the "--export", which exports the variables created.
-variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
-if [ $? != 0 ]
-then
- echo "Failed to parse config setup portion of ipsec.conf"
- exit $?
-fi
-eval $variables
-
-if test " $IPSEC_confreadstatus" != " "
-then
- case $1 in
- stop|--stop|_autostop)
- echo "$IPSEC_confreadstatus -- \`$1' may not work" |
- logger -s -p daemon.error -t ipsec_setup;;
-
- *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
- logger -s -p daemon.error -t ipsec_setup;
- exit 1;;
- esac
-fi
-
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection
@@ -116,49 +113,62 @@
# misc setup
umask 022
-mkdir -p /var/run/pluto
+RETVAL=0
+
+prog="IPsec"
+
+# Load the af_key module if not already present
+[ -e /proc/net/pfkey ] || /sbin/modprobe af_key &>/dev/null
+[ -e /proc/net/pfkey ] || sleep 1
+
+# Don't bother if /proc/net/pfkey still doesn't exist, we need it
+[ -e /proc/net/pfkey ] || exit 0
+
+# do it
+start_it()
+{
+ action $"Starting $prog: " ipsec _realsetup $1;
+ return $?;
+}
+
+stop_it()
+{
+ action $"Shutting down $prog: " ipsec _realsetup $1;
+ return $?;
+}
# do it
case "$1" in
- start|--start|stop|--stop|_autostop|_autostart)
- # remove for: @cygwin_START@
- # portable way for checking for root
- if [ ! -w / ]
- then
-
- echo "permission denied (must be superuser)" |
- logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- exit 1
- fi
- # remove for: @cygwin_END@
- tmp=/var/run/pluto/ipsec_setup.st
- outtmp=/var/run/pluto/ipsec_setup.out
- (
- ipsec _realsetup $1
- echo "$?" >$tmp
- ) > ${outtmp} 2>&1
- st=$?
- if test -f $tmp
- then
- st=`cat $tmp`
- rm -f $tmp
+ start|--start|_autostart)
+ start_it $1;
+ RETVAL=$?;
+ ;;
+
+ stop|--stop|_autostop)
+ stop_it $1;
+ RETVAL=$?;
+ ;;
+
+ condrestart)
+ if [ -f /var/lock/subsys/ipsec ]; then
+ stop_it stop
+ start_it start
+ RETVAL=$?
+ else
+ RETVAL=-1
fi
- if [ -f ${outtmp} ]; then
- cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- rm -f ${outtmp}
- fi
- exit $st
- ;;
+ ;;
restart|--restart|force-reload)
- $0 $IPSEC_setupflags stop
- $0 $IPSEC_setupflags start
+ stop_it stop
+ start_it start
+ RETVAL=$?
;;
_autorestart) # for internal use only
- $0 $IPSEC_setupflags _autostop
- $0 $IPSEC_setupflags _autostart
+ stop_it _autostop
+ start_it _autostart
;;
status|--status)
@@ -172,15 +182,13 @@
;;
--help)
- echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
- echo " $me --status"
+ echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 0
;;
*)
- echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
- echo " $me --status"
+ echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 2
esac
-exit 0
+exit $RETVAL
Index: ipsec.conf
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/ipsec.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ipsec.conf 12 May 2005 15:01:20 -0000 1.2
+++ ipsec.conf 14 Mar 2008 15:33:32 -0000 1.3
@@ -11,6 +11,8 @@
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
+ # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
+ protostack=netkey
nat_traversal=yes
include /etc/ipsec.d/*.conf
Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/openswan.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- openswan.spec 11 Feb 2008 20:11:21 -0000 1.60
+++ openswan.spec 14 Mar 2008 15:33:32 -0000 1.61
@@ -1,14 +1,13 @@
Summary: Openswan IPSEC implementation
Name: openswan
-Version: 2.6.07
+Version: 2.6.09
Release: 1%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
-Source2: ipsec.init
-Source3: ipsec.conf
+Source2: ipsec.conf
Patch: openswan-2.6-examples.patch
Patch1: openswan-2.6-relpath.patch
@@ -16,6 +15,8 @@
Patch3: openswan-2.6-cleanbarf.patch
Patch4: openswan-2.6-intwarning.patch
Patch5: openswan-2.6-selinux.patch
+Patch6: openswan-2.6-initscript.patch
+Patch7: openswan-2.6-host_name_max.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -62,6 +63,8 @@
%patch3 -p1 -b .cleanbarf
%patch4 -p1 -b .interface
%patch5 -p1 -b .selinux
+%patch6 -p1 -b .initfix
+%patch7 -p1 -b .hostnamemax
%build
@@ -92,6 +95,8 @@
install
FS=$(pwd)
rm -rf %{buildroot}/usr/share/doc/openswan
+
+# ipsec and setup both installed by default - they are identical
rm -f %{buildroot}/etc/rc.d/init.d/setup
rm -f %{buildroot}/usr/share/man/man3/*
install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
@@ -99,8 +104,7 @@
find %{buildroot}/etc/ipsec.d -type f -exec chmod 644 {} \;
mkdir -p %{buildroot}%{_sysconfdir}
-install -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/ipsec.conf
-install -m 755 %{SOURCE2} %{buildroot}%{_initrddir}/ipsec
+install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/ipsec.conf
sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' %{buildroot}%{_initrddir}/ipsec
@@ -152,6 +156,13 @@
chkconfig --add ipsec || :
%changelog
+* Wed Mar 12 2008 Steve Conklin <sconklin at redhat.com> - 2.6.08-1
+- Moved to latest upstream
+- Replaced the init script source file with a patch to the upstream one
+- (no functional changes to the init script)
+- Added protostack=netkey to ipsec.conf
+- New patch to include definition of HOST_NAME_MAX
+
* Mon Feb 11 2008 Steve Conklin <sconklin at redhat.com> - 2.6.07-1
- Moved to latest upstream
--- ipsec.init DELETED ---
More information about the fedora-extras-commits
mailing list