ipsec-tools-0.8.0-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@3644 ec354946-7b23-47d6-9f5a-488ba84defc7

i/ipsec-tools/ipsec-tools-vl.spec

@@ -1,29 +1,45 @@
+%bcond_with wildcard_psk
+
 Name: ipsec-tools
-Version: 0.6.7
-Release: 2%{?_dist_release}
+Version: 0.8.0
+Release: 1%{?_dist_release}
 Summary: Tools for configuring and using IPsec
 Summary(ja): IPsecツール
 License: BSD
 Group: System Environment/Base
 URL: http://ipsec-tools.sourceforge.net/
 Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
-#Source1: ipsec.h
-#Source2: pfkeyv2.h
-Source3: racoon.conf
-Source4: psk.txt
-#Source5: xfrm.h
-#Source6: udp.h
-Source7: racoon.init
-Source8: ipsec.conf
-
-Patch: ipsec-tools-0.5-libs.patch
-Patch2: isakmp.c.diff
-Patch5: ipsec-tools-0.5-64bit.patch
-Patch7: ipsec-tools-0.6.5-mls.patch
-Patch9: racoon-lspp-ipsec.patch
+Source1: racoon.conf
+Source2: psk.txt
+Source3: p1_up_down
+Source4: racoon.init
+Source5: racoon.pam
+
+Source100: ipsec.conf
+
+# Ignore acquires that are sent by kernel for SAs that are already being
+# negotiated (#234491)
+Patch3: ipsec-tools-0.8.0-acquires.patch
+# Support for labeled IPSec on loopback
+Patch4: ipsec-tools-0.8.0-loopback.patch
+# Create racoon as PIE
+Patch11: ipsec-tools-0.7.1-pie.patch
+# Fix leak in certification handling
+Patch14: ipsec-tools-0.7.2-moreleaks.patch
+# Do not install development files
+Patch16: ipsec-tools-0.8.0-nodevel.patch
+# Use krb5 gssapi mechanism
+Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
+# Drop -R from linker
+Patch19: ipsec-tools-0.7.3-build.patch
+# Silence strict aliasing warnings
+Patch20: ipsec-tools-0.8.0-aliasing.patch
+
+Patch100: racoon-wildcard_id.patch
 
 #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
-BuildRequires: openssl-devel, bison, flex, automake, libtool, glibc-kernheaders
+BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
+BuildRequires: openssl-devel, pam-devel, krb5-devel
 #BuildRequires: libselinux-devel >= 1.30.28-2
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 #Requires: initscripts >= 7.31.11.EL-1
@@ -50,29 +66,43 @@ package builds:
 
 %prep
 %setup -q
-%patch -p1
-%patch2 -p1
-%patch5 -p1 -b .64bit
-#%patch7 -p1 -b .mls
-#%patch9 -p1 -b .sctx
+#%patch -p1
+#%patch2 -p1
+#%patch5 -p1 -b .64bit
+
+%patch3 -p1 -b .acquires
+%patch4 -p1 -b .loopback
+
+%patch11 -p1 -b .pie
+%patch14 -p1 -b .moreleaks
+%patch16 -p1 -b .nodevel
+%patch18 -p1 -b .gssapi-mech
+%patch19 -p1 -b .build
+%patch20 -p1 -b .aliasing
+
+%if %{with wildcard_psk}
+%patch100 -p0 -b wildcard_id
+%endif
 
-#mkdir -p kernel-headers/linux
-#cp %{SOURCE1} %{SOURCE2} %{SOURCE5} %{SOURCE6} kernel-headers/linux
-#./bootstrap
+./bootstrap
 
 %build
 sed -i 's|-Werror||g' configure
-CFLAGS="$RPM_OPT_FLAGS" %configure \
- --sysconfdir=%{_sysconfdir}/racoon \
+LDFLAGS="-Wl,--as-needed"
+export LDFLAGS
+%configure \
  --with-kernel-headers=/usr/include \
+ --sysconfdir=%{_sysconfdir}/racoon \
  --without-readline \
  --enable-adminport \
  --enable-hybrid \
  --enable-frag \
  --enable-dpd \
- --enable-natt
-# --enable-gssapi \
-# --enable-security-context
+ --enable-gssapi \
+ --enable-natt \
+ --disable-security-context \
+ --disable-audit \
+ --with-libpam
 make
 
 %install
@@ -82,28 +112,45 @@ mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
 make install DESTDIR=$RPM_BUILD_ROOT
-# no devel stuff for now
-rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
-      $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
-      $RPM_BUILD_ROOT%{_includedir} \
-      $RPM_BUILD_ROOT%{_mandir}/man3
 
-install -m 600 %{SOURCE3} \
+install -m 600 %{SOURCE1} \
   $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
-install -m 600 %{SOURCE4} \
+install -m 600 %{SOURCE2} \
   $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
-install -m 755 %{SOURCE7} \
-  $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/racoon
-install -m 600 %{SOURCE8} \
-  $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
 
 mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
 
 mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
+mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
+
+install -m 700 %{SOURCE3} \
+  $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
+install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
+install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
+
+install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
+
+# no devel stuff for now
+rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
+      $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
+      $RPM_BUILD_ROOT%{_includedir} \
+      $RPM_BUILD_ROOT%{_mandir}/man3
+
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%post
+if [ $1 = 1 ]; then
+        chkconfig --add racoon
+fi
+
+%preun
+if [ $1 = 0 ]; then
+        service racoon stop > /dev/null 2>&1
+        /sbin/chkconfig --del racoon
+fi
+
 %files
 %defattr(-,root,root)
 %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
@@ -112,15 +159,23 @@ rm -rf $RPM_BUILD_ROOT
 /sbin/*
 %{_sbindir}/*
 %{_mandir}/man*/*
+%config %{_sysconfdir}/rc.d/init.d/racoon
 %dir /etc/racoon
 %dir /etc/racoon/certs
+%dir /etc/racoon/scripts
 %dir /var/racoon
+/etc/racoon/scripts/*
 %config(noreplace) %{_sysconfdir}/racoon/psk.txt
 %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
-%config %{_sysconfdir}/rc.d/init.d/racoon
 %config(noreplace) %{_sysconfdir}/ipsec.conf
+%config(noreplace) %{_sysconfdir}/pam.d/racoon
 
 %changelog
+* Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
+- new upstream release.
+- shipped all patches from Fedora RawHide.
+- added Patch100 but not applied as default.
+
 * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
 - rebuild with openssl-1.0.0c