ipsec-tools-vl.spec 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316
  1. %bcond_with wildcard_psk
  2. Name: ipsec-tools
  3. Version: 0.8.1
  4. Release: 1%{?_dist_release}
  5. Summary: Tools for configuring and using IPsec
  6. Summary(ja): IPsecツール
  7. License: BSD
  8. Group: System Environment/Base
  9. URL: http://ipsec-tools.sourceforge.net/
  10. Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
  11. Source1: racoon.conf
  12. Source2: psk.txt
  13. Source3: p1_up_down
  14. Source4: racoon.init
  15. Source5: racoon.pam
  16. Source100: ipsec.conf
  17. # Ignore acquires that are sent by kernel for SAs that are already being
  18. # negotiated (#234491)
  19. Patch3: ipsec-tools-0.8.0-acquires.patch
  20. # Support for labeled IPSec on loopback
  21. Patch4: ipsec-tools-0.8.0-loopback.patch
  22. # Create racoon as PIE
  23. Patch11: ipsec-tools-0.7.1-pie.patch
  24. # Fix leak in certification handling
  25. Patch14: ipsec-tools-0.7.2-moreleaks.patch
  26. # Do not install development files
  27. Patch16: ipsec-tools-0.8.0-nodevel.patch
  28. # Use krb5 gssapi mechanism
  29. Patch18: ipsec-tools-0.7.3-gssapi-mech.patch
  30. # Drop -R from linker
  31. Patch19: ipsec-tools-0.7.3-build.patch
  32. # Silence strict aliasing warnings
  33. Patch20: ipsec-tools-0.8.0-aliasing.patch
  34. Patch100: racoon-wildcard_id.patch
  35. #BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
  36. BuildRequires: bison, flex, automake, libtool, glibc-kernheaders
  37. BuildRequires: openssl-devel, pam-devel, krb5-devel
  38. #BuildRequires: libselinux-devel >= 1.30.28-2
  39. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
  40. #Requires: initscripts >= 7.31.11.EL-1
  41. Requires: initscripts
  42. Vendor: Project Vine
  43. Distribution: Vine Linux
  44. %description
  45. This is the IPsec-Tools package. You need this package in order to
  46. really use the IPsec functionality in the linux-2.5+ kernels. This
  47. package builds:
  48. - setkey, a program to directly manipulate policies and SAs
  49. - racoon, an IKEv1 keying daemon
  50. %description -l ja
  51. これは IPsecツールのパッケージです。Linux Kernel 2.5 以上の IPsec
  52. 機能を使うにはこのパッケージが必要です。パッケージには以下の物が
  53. 含まれています。
  54. - setkey, SA と SP を操作/設定する為のプログラム
  55. - racoon, IKEv1 自動鍵交換デーモン
  56. %prep
  57. %setup -q
  58. #%patch -p1
  59. #%patch2 -p1
  60. #%patch5 -p1 -b .64bit
  61. %patch3 -p1 -b .acquires
  62. %patch4 -p1 -b .loopback
  63. %patch11 -p1 -b .pie
  64. %patch14 -p1 -b .moreleaks
  65. %patch16 -p1 -b .nodevel
  66. %patch18 -p1 -b .gssapi-mech
  67. %patch19 -p1 -b .build
  68. %patch20 -p1 -b .aliasing
  69. %if %{with wildcard_psk}
  70. %patch100 -p0 -b wildcard_id
  71. %endif
  72. ./bootstrap
  73. %build
  74. sed -i 's|-Werror||g' configure
  75. LDFLAGS="-Wl,--as-needed"
  76. export LDFLAGS
  77. %configure \
  78. --with-kernel-headers=/usr/include \
  79. --sysconfdir=%{_sysconfdir}/racoon \
  80. --without-readline \
  81. --enable-adminport \
  82. --enable-hybrid \
  83. --enable-frag \
  84. --enable-dpd \
  85. --enable-gssapi \
  86. --enable-natt \
  87. --disable-security-context \
  88. --disable-audit \
  89. --with-libpam
  90. make
  91. %install
  92. rm -rf $RPM_BUILD_ROOT
  93. mkdir -p $RPM_BUILD_ROOT/sbin
  94. mkdir -p $RPM_BUILD_ROOT%{_sbindir}
  95. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon
  96. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
  97. make install DESTDIR=$RPM_BUILD_ROOT
  98. install -m 600 %{SOURCE1} \
  99. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/racoon.conf
  100. install -m 600 %{SOURCE2} \
  101. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/psk.txt
  102. mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
  103. mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/certs
  104. mkdir -m 0700 -p $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts
  105. install -m 700 %{SOURCE3} \
  106. $RPM_BUILD_ROOT%{_sysconfdir}/racoon/scripts/p1_up_down
  107. install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
  108. install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
  109. install -D -m644 %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
  110. # no devel stuff for now
  111. rm -rf $RPM_BUILD_ROOT%{_libdir}/libipsec.{a,la} \
  112. $RPM_BUILD_ROOT%{_libdir}/libracoon.{a,la} \
  113. $RPM_BUILD_ROOT%{_includedir} \
  114. $RPM_BUILD_ROOT%{_mandir}/man3
  115. %clean
  116. rm -rf $RPM_BUILD_ROOT
  117. %post
  118. if [ $1 = 1 ]; then
  119. chkconfig --add racoon
  120. fi
  121. %preun
  122. if [ $1 = 0 ]; then
  123. service racoon stop > /dev/null 2>&1
  124. /sbin/chkconfig --del racoon
  125. fi
  126. %files
  127. %defattr(-,root,root)
  128. %doc src/racoon/samples/racoon.conf src/racoon/samples/psk.txt
  129. %doc src/racoon/doc/FAQ
  130. %doc ChangeLog NEWS README
  131. /sbin/*
  132. %{_sbindir}/*
  133. %{_mandir}/man*/*
  134. %config %{_sysconfdir}/rc.d/init.d/racoon
  135. %dir /etc/racoon
  136. %dir /etc/racoon/certs
  137. %dir /etc/racoon/scripts
  138. %dir /var/racoon
  139. /etc/racoon/scripts/*
  140. %config(noreplace) %{_sysconfdir}/racoon/psk.txt
  141. %config(noreplace) %{_sysconfdir}/racoon/racoon.conf
  142. %config(noreplace) %{_sysconfdir}/ipsec.conf
  143. %config(noreplace) %{_sysconfdir}/pam.d/racoon
  144. %changelog
  145. * Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.1-1
  146. - new upstream release.
  147. * Fri Apr 22 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.0-1
  148. - new upstream release.
  149. - shipped all patches from Fedora RawHide.
  150. - added Patch100 but not applied as default.
  151. * Sun Feb 06 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.7-2
  152. - rebuild with openssl-1.0.0c
  153. * Sun Sep 28 2008 Shu KONNO <owa@bg.wakwak.com> 0.6.7-1vl5
  154. - applied new versioning policy, spec in utf-8
  155. * Sun Jun 10 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.6.7-0vl1
  156. - new upstream release (including security fix CVE-2007-1841)
  157. - rebuilt with new toolchain
  158. * Wed Feb 28 2007 Kunio Murasawa <murasawa@fa2.so-net.ne.jp> 0.6.6-1vl1
  159. - initial build for Vine Linux
  160. * Wed Jan 17 2007 Harald Hoyer <harald@redhat.com> - 0.6.6-1
  161. - version 0.6.6
  162. * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-6
  163. - rebuilt for unwind info generation, broken in gcc-4.1.1-21
  164. * Mon Sep 25 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-5
  165. - added patch for selinux integration (bug #207159)
  166. * Fri Aug 4 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-4
  167. - backport of important 0.6.6 fixes:
  168. - sets NAT-T ports to 0 if no NAT encapsulation
  169. - fixed memory leak
  170. * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.5-3.1
  171. - rebuild
  172. * Wed Jun 21 2006 Harald Hoyer <harald@redhat.com> - 0.6.5-3
  173. - more build requirements
  174. * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-2
  175. - Fix patch to build MLS Stuff correctly
  176. * Tue Apr 18 2006 Dan Walsh <dwalsh@redhat.com> - 0.6.5-1
  177. - Update to latest upstream version
  178. - Add MLS Patch to allow use of labeled networks
  179. - Patch provided by Joy Latten <latten@austin.ibm.com>
  180. * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.4-1.1
  181. - bump again for double-long bug on ppc(64)
  182. * Tue Feb 07 2006 Harald Hoyer <harald@redhat.com> 0.6.4-1
  183. - version 0.6.4
  184. * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.3-1.2
  185. - rebuilt for new gcc4.1 snapshot and glibc changes
  186. * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
  187. - rebuilt
  188. * Mon Dec 05 2005 Harald Hoyer <harald@redhat.com> 0.6.3-1
  189. - version 0.6.3, which contains fixes for various DoS problems
  190. * Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 0.6.1-2
  191. - rebuilt against new openssl
  192. * Wed Oct 12 2005 Harald Hoyer <harald@redhat.com> 0.6.1-1
  193. - version 0.6.1
  194. * Mon Mar 28 2005 Bill Nottingham <notting@redhat.com> 0.5-4
  195. - fix 64-bit issue in setph1attr() (<aviro@redhat.com>)
  196. * Mon Mar 14 2005 Bill Nottingham <notting@redhat.com> 0.5-3
  197. - add patch for DoS (CAN-2005-0398, #145532)
  198. * Sat Mar 5 2005 Uwe Beck <ubeck@c3pdm.com> 0.5-2
  199. - now racoon use /etc/racoon/racoon.conf as default
  200. - add the /var/racoon directory for racoon.sock
  201. * Wed Feb 23 2005 Bill Nottingham <notting@redhat.com> 0.5-1
  202. - update to 0.5
  203. * Thu Nov 4 2004 Bill Nottingham <notting@redhat.com> 0.3.3-2
  204. - don't use new 0.3.3 handling of stdin in setkey; it breaks the
  205. format (#138105)
  206. * Mon Sep 27 2004 Bill Nottingham <notting@redhat.com> 0.3.3-1
  207. - update to 0.3.3 (#122211)
  208. * Sun Aug 08 2004 Alan Cox <alan@redhat.com> 0.2.5-6
  209. - fix buildreqs (Steve Grubb)
  210. * Mon Jun 28 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-5
  211. - rebuild
  212. * Fri Jun 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.2.5-4
  213. - backport certificate validation fixes from 0.3.3 (#126568)
  214. * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
  215. - rebuilt
  216. * Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2
  217. - add patch for potential remote DoS (CAN-2004-0403)
  218. * Tue Apr 6 2004 Bill Nottingham <notting@redhat.com>
  219. - update to 0.2.5
  220. * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
  221. - rebuilt
  222. * Mon Feb 23 2004 Bill Nottingham <notting@redhat.com>
  223. - update to 0.2.4, fix racoon install location (#116374, <kajtzu@fi.basen.net>)
  224. * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
  225. - rebuilt
  226. * Mon Dec 8 2003 Bill Nottingham <notting@redhat.com> 0.2.2-8
  227. - rebuild
  228. * Fri Aug 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-7
  229. - add fix for #103238
  230. * Tue Aug 5 2003 Bill Nottingham <notting@redhat.com> 0.2.2-6
  231. - update kernel interface bits, rebuild against them
  232. * Tue Jul 29 2003 Bill Nottingham <notting@redhat.com> 0.2.2-5
  233. - rebuild
  234. * Wed Jul 2 2003 Bill Notitngham <notting@redhat.com> 0.2.2-4
  235. - ship a much more pared-down racoon.conf and psk.txt
  236. * Thu Jun 5 2003 Bill Notitngham <notting@redhat.com> 0.2.2-3
  237. - update pfkey header for current kernels
  238. * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
  239. - rebuilt
  240. * Fri May 2 2003 Bill Nottingham <notting@redhat.com> 0.2.2-1
  241. - update to 0.2.2
  242. * Fri Mar 7 2003 Bill Nottingham <notting@redhat.com>
  243. - initial build