source: projects/specs/trunk/i/ipsec-tools/ipsec-tools-vl.spec @ 10954

%bcond_with wildcard_psk

%if %{with wildcard_psk}
%define rel_wildcard_psk _wildcard
%endif

Name: ipsec-tools
Version: 0.8.2
Release: 1%{?_dist_release}%{?rel_wildcard_psk}
Summary: Tools for configuring and using IPsec
Summary(ja): IPsecツール
License: BSD
Group: System Environment/Base
URL: http://ipsec-tools.sourceforge.net/
Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
Source1: racoon.conf
Source2: psk.txt
Source3: p1_up_down
Source4: racoon.init
Source5: racoon.pam

Source100: ipsec.conf

# Ignore acquires that are sent by kernel for SAs that are already being
# negotiated (#234491)
Patch3: ipsec-tools-0.8.0-acquires.patch
# Support for labeled IPSec on loopback
Patch4: ipsec-tools-0.8.0-loopback.patch
# Create racoon as PIE
Patch11: ipsec-tools-0.7.1-pie.patch
# Fix leak in certification handling
Patch14: ipsec-tools-0.7.2-moreleaks.patch
# Do not install development files
Patch16: ipsec-tools-0.8.0-nodevel.patch
# Use krb5 gssapi mechanism
Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
# Drop -R from linker
Patch19: ipsec-tools-0.7.3-build.patch
# Silence strict aliasing warnings
Patch20: ipsec-tools-0.8.0-aliasing.patch

Patch100: racoon-wildcard_id.patch

#BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
BuildRequires: openssl-devel, pam-devel, krb5-devel
#BuildRequires: libselinux-devel >= 1.30.28-2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
#Requires: initscripts >= 7.31.11.EL-1
Requires: initscripts

Vendor: Project Vine
Distribution: Vine Linux
        
%description
This is the IPsec-Tools package.  You need this package in order to
really use the IPsec functionality in the linux-2.5+ kernels.  This
package builds:
 
        - setkey, a program to directly manipulate policies and SAs
        - racoon, an IKEv1 keying daemon

%description -l ja
これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
機能を使うにはこのパッケージが必要です。パッケージには以下の物が
含まれています。

        - setkey, SA と SP を操作/設定する為のプログラム
        - racoon, IKEv1 自動鍵交換デーモン

%prep
%setup -q
#%patch -p1
#%patch2 -p1
#%patch5 -p1 -b .64bit

%patch3 -p1 -b .acquires
%patch4 -p1 -b .loopback

%patch11 -p1 -b .pie
%patch14 -p1 -b .moreleaks
%patch16 -p1 -b .nodevel
%patch18 -p1 -b .gssapi-mech
%patch19 -p1 -b .build
%patch20 -p1 -b .aliasing

%if %{with wildcard_psk}
%patch100 -p0 -b wildcard_id
%endif

./bootstrap

%build
sed -i 's|-Werror||g' configure
LDFLAGS="-Wl,--as-needed"
export LDFLAGS
%configure \
 --with-kernel-headers=/usr/include \
 --sysconfdir=%{_sysconfdir}/racoon \
 --without-readline \
 --enable-adminport \
 --enable-hybrid \
 --enable-frag \
 --enable-dpd \
 --enable-gssapi \
 --enable-natt \
 --disable-security-context \
 --disable-audit \
 --with-libpam
make

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
make install DESTDIR=$RPM_BUILD_ROOT

install -m 600 %{SOURCE1} \
  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
install -m 600 %{SOURCE2} \
  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt

mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin

mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts

install -m 700 %{SOURCE3} \
  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon

install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf

# no devel stuff for now
rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
      $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
      $RPM_BUILD_ROOT%{_includedir} \
      $RPM_BUILD_ROOT%{_mandir}/man3


%clean
rm -rf $RPM_BUILD_ROOT

%post
if [ $1 = 1 ]; then
        chkconfig --add racoon
fi

%preun
if [ $1 = 0 ]; then
        service racoon stop > /dev/null 2>&1
        /sbin/chkconfig --del racoon
fi

%files
%defattr(-,root,root)
%doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
%doc src/racoon/doc/FAQ
%doc ChangeLog NEWS README
/sbin/*
%{_sbindir}/*
%{_mandir}/man*/*
%config %{_sysconfdir}/rc.d/init.d/racoon
%dir /etc/racoon
%dir /etc/racoon/certs
%dir /etc/racoon/scripts
%dir /var/racoon
/etc/racoon/scripts/*
%config(noreplace) %{_sysconfdir}/racoon/psk.txt
%config(noreplace) %{_sysconfdir}/racoon/racoon.conf
%config(noreplace) %{_sysconfdir}/ipsec.conf
%config(noreplace) %{_sysconfdir}/pam.d/racoon

%changelog
* Wed Apr 2 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.2-1
- new upstream release.

* Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1
- new upstream release.

* Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
- new upstream release.
- shipped all patches from Fedora RawHide.
- added Patch100 but not applied as default.

* Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
- rebuild with openssl-1.0.0c

* Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
- applied new versioning policy, spec in utf-8

* Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
- new upstream release (including security fix CVE-2007-1841)
- rebuilt with new toolchain

* Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
- initial build for Vine Linux

* Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
- version 0.6.6

* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
- rebuilt for unwind info generation, broken in gcc-4.1.1-21

* Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
- added patch for selinux integration (bug #207159)

* Fri Aug  4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
- backport of important 0.6.6 fixes:
  - sets NAT-T ports to 0 if no NAT encapsulation
  - fixed memory leak

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
- rebuild

* Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
- more build requirements

* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
- Fix patch to build MLS Stuff correctly

* Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
- Update to latest upstream version
- Add MLS Patch to allow use of labeled networks
- Patch provided by Joy Latten <latten@austin.ibm.com>

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
- version 0.6.4

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
- version 0.6.3, which contains fixes for various DoS problems

* Wed Nov  9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
- rebuilt against new openssl

* Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
- version 0.6.1

* Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
- fix 64-bit issue in setph1attr() (<aviro@redhat.com>)

* Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
- add patch for DoS (CAN-2005-0398, #145532)

* Sat Mar  5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
- now racoon use /etc/racoon/racoon.conf as default
- add the /var/racoon directory for racoon.sock

* Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
- update to 0.5

* Thu Nov  4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
- don't use new 0.3.3 handling of stdin in setkey; it breaks the
  format (#138105)

* Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
- update to 0.3.3 (#122211)

* Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
- fix buildreqs (Steve Grubb)

* Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
- rebuild

* Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
- backport certificate validation fixes from 0.3.3 (#126568)

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
- add patch for potential remote DoS (CAN-2004-0403)

* Tue Apr  6 2004 Bill Nottingham <notting@redhat.com>
- update to 0.2.5

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
- update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Mon Dec  8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
- rebuild

* Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
- add fix for #103238

* Tue Aug  5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
- update kernel interface bits, rebuild against them

* Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
- rebuild

* Wed Jul  2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
- ship a much more pared-down racoon.conf and psk.txt

* Thu Jun  5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
- update pfkey header for current kernels

* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri May  2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
- update to 0.2.2

* Fri Mar  7 2003 Bill Nottingham <notting@redhat.com>
- initial build