source: projects/specs/tags/6_0_REL/i/ipsec-tools/ipsec-tools-vl.spec @ 3644

Revision 3644, 9.0 KB checked in by tomop, 13 years ago (diff)

ipsec-tools-0.8.0-1
Line 
1%bcond_with wildcard_psk
2
3Name: ipsec-tools
4Version: 0.8.0
5Release: 1%{?_dist_release}
6Summary: Tools for configuring and using IPsec
7Summary(ja): IPsecツール
8License: BSD
9Group: System Environment/Base
10URL: http://ipsec-tools.sourceforge.net/
11Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
12Source1: racoon.conf
13Source2: psk.txt
14Source3: p1_up_down
15Source4: racoon.init
16Source5: racoon.pam
17
18Source100: ipsec.conf
19
20# Ignore acquires that are sent by kernel for SAs that are already being
21# negotiated (#234491)
22Patch3: ipsec-tools-0.8.0-acquires.patch
23# Support for labeled IPSec on loopback
24Patch4: ipsec-tools-0.8.0-loopback.patch
25# Create racoon as PIE
26Patch11: ipsec-tools-0.7.1-pie.patch
27# Fix leak in certification handling
28Patch14: ipsec-tools-0.7.2-moreleaks.patch
29# Do not install development files
30Patch16: ipsec-tools-0.8.0-nodevel.patch
31# Use krb5 gssapi mechanism
32Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
33# Drop -R from linker
34Patch19: ipsec-tools-0.7.3-build.patch
35# Silence strict aliasing warnings
36Patch20: ipsec-tools-0.8.0-aliasing.patch
37
38Patch100: racoon-wildcard_id.patch
39
40#BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
41BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
42BuildRequires: openssl-devel, pam-devel, krb5-devel
43#BuildRequires: libselinux-devel >= 1.30.28-2
44BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
45#Requires: initscripts >= 7.31.11.EL-1
46Requires: initscripts
47
48Vendor: Project Vine
49Distribution: Vine Linux
50       
51%description
52This is the IPsec-Tools package.  You need this package in order to
53really use the IPsec functionality in the linux-2.5+ kernels.  This
54package builds:
55 
56        - setkey, a program to directly manipulate policies and SAs
57        - racoon, an IKEv1 keying daemon
58
59%description -l ja
60これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
61機能を使うにはこのパッケージが必要です。パッケージには以下の物が
62含まれています。
63
64        - setkey, SA と SP を操作/設定する為のプログラム
65        - racoon, IKEv1 自動鍵交換デーモン
66
67%prep
68%setup -q
69#%patch -p1
70#%patch2 -p1
71#%patch5 -p1 -b .64bit
72
73%patch3 -p1 -b .acquires
74%patch4 -p1 -b .loopback
75
76%patch11 -p1 -b .pie
77%patch14 -p1 -b .moreleaks
78%patch16 -p1 -b .nodevel
79%patch18 -p1 -b .gssapi-mech
80%patch19 -p1 -b .build
81%patch20 -p1 -b .aliasing
82
83%if %{with wildcard_psk}
84%patch100 -p0 -b wildcard_id
85%endif
86
87./bootstrap
88
89%build
90sed -i 's|-Werror||g' configure
91LDFLAGS="-Wl,--as-needed"
92export LDFLAGS
93%configure \
94 --with-kernel-headers=/usr/include \
95 --sysconfdir=%{_sysconfdir}/racoon \
96 --without-readline \
97 --enable-adminport \
98 --enable-hybrid \
99 --enable-frag \
100 --enable-dpd \
101 --enable-gssapi \
102 --enable-natt \
103 --disable-security-context \
104 --disable-audit \
105 --with-libpam
106make
107
108%install
109rm -rf $RPM_BUILD_ROOT
110mkdir -p $RPM_BUILD_ROOT/sbin
111mkdir -p $RPM_BUILD_ROOT%{_sbindir}
112mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
113mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
114make install DESTDIR=$RPM_BUILD_ROOT
115
116install -m 600 %{SOURCE1} \
117  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
118install -m 600 %{SOURCE2} \
119  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
120
121mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
122
123mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
124mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
125
126install -m 700 %{SOURCE3} \
127  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
128install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
129install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
130
131install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
132
133# no devel stuff for now
134rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
135      $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
136      $RPM_BUILD_ROOT%{_includedir} \
137      $RPM_BUILD_ROOT%{_mandir}/man3
138
139
140%clean
141rm -rf $RPM_BUILD_ROOT
142
143%post
144if [ $1 = 1 ]; then
145        chkconfig --add racoon
146fi
147
148%preun
149if [ $1 = 0 ]; then
150        service racoon stop > /dev/null 2>&1
151        /sbin/chkconfig --del racoon
152fi
153
154%files
155%defattr(-,root,root)
156%doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
157%doc src/racoon/doc/FAQ
158%doc ChangeLog NEWS README
159/sbin/*
160%{_sbindir}/*
161%{_mandir}/man*/*
162%config %{_sysconfdir}/rc.d/init.d/racoon
163%dir /etc/racoon
164%dir /etc/racoon/certs
165%dir /etc/racoon/scripts
166%dir /var/racoon
167/etc/racoon/scripts/*
168%config(noreplace) %{_sysconfdir}/racoon/psk.txt
169%config(noreplace) %{_sysconfdir}/racoon/racoon.conf
170%config(noreplace) %{_sysconfdir}/ipsec.conf
171%config(noreplace) %{_sysconfdir}/pam.d/racoon
172
173%changelog
174* Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
175- new upstream release.
176- shipped all patches from Fedora RawHide.
177- added Patch100 but not applied as default.
178
179* Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
180- rebuild with openssl-1.0.0c
181
182* Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
183- applied new versioning policy, spec in utf-8
184
185* Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
186- new upstream release (including security fix CVE-2007-1841)
187- rebuilt with new toolchain
188
189* Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
190- initial build for Vine Linux
191
192* Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
193- version 0.6.6
194
195* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
196- rebuilt for unwind info generation, broken in gcc-4.1.1-21
197
198* Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
199- added patch for selinux integration (bug #207159)
200
201* Fri Aug  4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
202- backport of important 0.6.6 fixes:
203  - sets NAT-T ports to 0 if no NAT encapsulation
204  - fixed memory leak
205
206* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
207- rebuild
208
209* Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
210- more build requirements
211
212* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
213- Fix patch to build MLS Stuff correctly
214
215* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
216- Update to latest upstream version
217- Add MLS Patch to allow use of labeled networks
218- Patch provided by Joy Latten <latten@austin.ibm.com>
219
220* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
221- bump again for double-long bug on ppc(64)
222
223* Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
224- version 0.6.4
225
226* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
227- rebuilt for new gcc4.1 snapshot and glibc changes
228
229* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
230- rebuilt
231
232* Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
233- version 0.6.3, which contains fixes for various DoS problems
234
235* Wed Nov  9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
236- rebuilt against new openssl
237
238* Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
239- version 0.6.1
240
241* Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
242- fix 64-bit issue in setph1attr() (<aviro@redhat.com>)
243
244* Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
245- add patch for DoS (CAN-2005-0398, #145532)
246
247* Sat Mar  5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
248- now racoon use /etc/racoon/racoon.conf as default
249- add the /var/racoon directory for racoon.sock
250
251* Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
252- update to 0.5
253
254* Thu Nov  4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
255- don't use new 0.3.3 handling of stdin in setkey; it breaks the
256  format (#138105)
257
258* Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
259- update to 0.3.3 (#122211)
260
261* Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
262- fix buildreqs (Steve Grubb)
263
264* Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
265- rebuild
266
267* Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
268- backport certificate validation fixes from 0.3.3 (#126568)
269
270* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
271- rebuilt
272
273* Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
274- add patch for potential remote DoS (CAN-2004-0403)
275
276* Tue Apr  6 2004 Bill Nottingham <notting@redhat.com>
277- update to 0.2.5
278
279* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
280- rebuilt
281
282* Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
283- update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)
284
285* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
286- rebuilt
287
288* Mon Dec  8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
289- rebuild
290
291* Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
292- add fix for #103238
293
294* Tue Aug  5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
295- update kernel interface bits, rebuild against them
296
297* Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
298- rebuild
299
300* Wed Jul  2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
301- ship a much more pared-down racoon.conf and psk.txt
302
303* Thu Jun  5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
304- update pfkey header for current kernels
305
306* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
307- rebuilt
308
309* Fri May  2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
310- update to 0.2.2
311
312* Fri Mar  7 2003 Bill Nottingham <notting@redhat.com>
313- initial build
Note: See TracBrowser for help on using the repository browser.