%kmdl openswan Summary: An implementation of IPSEC & IKE for Linux Name: openswan Version: 2.4.12 Release: 32%{?dist} License: GPL Group: System Environment/Daemons URL: http://www.openswan.org/ Source0: http://www.openswan.org/download/%{name}-%{version}.tar.gz Source1: http://www.openswan.org/download/%{name}-%{version}.tar.gz.asc Source2: ipsec.init Source3: ipsec.conf BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildRequires: gmp-devel, pam-devel BuildRequires: /usr/bin/man2html, htmldoc BuildRequires: bison, m4, flex BuildRequires: lynx PreReq: /sbin/chkconfig, /sbin/service %description Openswan is based on code from the FreeS/WAN project (www.freeswan.org) It has support for most of the extensions (RFC + IETF drafts) related to IPsec, include X.509 Digital Certificates, multiple ciphers (3DES, AES, Twofish, Blowfish) and many other features. This version includes the following major patches: X.509 Digital Certificate Support (Now includes RFC 2401 IKE Port Selectors) ALG 0.8.1 (All ciphers/hashes enabled) Notify/Delete SA NAT Traversal MODP 768bit MTS Keepalive Support Aggressive Mode Support Dead Peer Detection (DPD) Support XAUTH Server Support 64bit Support As well, various bugfixes have been applied on top of these patches - for a full list, see CHANGES for an exhaustive list. %package -n %kmdl_name %kmdl_dependencies Summary: Kernel modules for openswan. Group: System Environment/Kernel %description -n %kmdl_name Openswan is based on code from the FreeS/WAN project (www.freeswan.org) It has support for most of the extensions (RFC + IETF drafts) related to IPsec, include X.509 Digital Certificates, multiple ciphers (3DES, AES, Twofish, Blowfish) and many other features. %kmdl_desc %prep %setup -q grep -rl '/usr/local' . | grep -v /doc/ | xargs perl -pi -e's,/usr/local,/usr,g' grep -Erl '\$.?INC_USRLOCAL.?/' . | xargs perl -pi -e's,\$.?INC_USRLOCAL.?/,/usr/,g' grep -Erl '/usr/lib($|[^e])' . | xargs perl -pi -e's,/usr/lib($|[^e]),%{_libdir}$1,g' grep -rl 'lib/ipsec' . | grep -v /doc/ | xargs perl -pi -e's,lib/ipsec,%{_lib}/ipsec,g' rm -f cvs.datemark echo IPSECVERSION=%{name}-%{version}-%{release} > Makefile.ver %build %if %{kmdl_userland} make \ INC_USRLOCAL=%{_prefix} \ USERCOMPILE="%{optflags}" \ WERROR=-Wno-error \ verset programs %else %kmdl_config here=`pwd` cp -a %{kmdl_kernelsrcdir}/.config $here/.config hasnatt=`grep 'CONFIG_.*_NAT_TRAVERSAL=y' $here/.config > /dev/null && echo yes || echo no` echo "Does the kernel have the natt patch: $hasnatt" cat > $here/.config.new << EOF CONFIG_KLIPS=m CONFIG_KLIPS_IPIP=y CONFIG_KLIPS_AH=y CONFIG_KLIPS_AUTH_HMAC_MD5=y CONFIG_KLIPS_AUTH_HMAC_SHA1=y CONFIG_KLIPS_ESP=y CONFIG_KLIPS_ALG=y CONFIG_KLIPS_ENC_3DES=y CONFIG_KLIPS_ENC_AES=y CONFIG_KLIPS_ALG_TWOFISH=m CONFIG_KLIPS_ALG_BLOWFISH=m CONFIG_KLIPS_ALG_SERPENT=m CONFIG_KLIPS_ALG_MD5=m CONFIG_KLIPS_ALG_SHA1=m CONFIG_KLIPS_ALG_SHA2=m #CONFIG_KLIPS_ALG_CAST=n #CONFIG_KLIPS_ALG_NULL=n #CONFIG_KLIPS_ENC_CRYPTOAPI=n CONFIG_KLIPS_IPCOMP=m CONFIG_KLIPS_DEBUG=y #CONFIG_KLIPS_REGRESS=n EOF test "$hasnatt" = yes && echo CONFIG_KLIPS_NAT_TRAVERSAL=y >> $here/.config.new for config in `cat $here/.config.new | sed -e's,.*\(CONFIG_[^ =]*.\)*,\1,'`; do perl -pi -e"s,^$1=.*,," $here/.config perl -pi -e"s,^ $1 is not set,," $here/.config done #cat $here/.config.new >> $here/.config cat $here/.config.new > $here/.config cat > autoconf_ipsec.h << EOF /* #define CONFIG_IP_MASQUERADE_IPSEC 1 */ /* #define CONFIG_KLIPS_NAT_TRAVERSAL 1 (optional) */ /* #define CONFIG_IPSEC_MODULE 1 */ #define CONFIG_KLIPS 1 #define CONFIG_KLIPS_IPIP 1 #define CONFIG_KLIPS_AH 1 #define CONFIG_KLIPS_AUTH_HMAC_MD5 1 #define CONFIG_KLIPS_AUTH_HMAC_SHA1 1 #define CONFIG_KLIPS_ESP 1 #define CONFIG_KLIPS_ENC_3DES 1 #define CONFIG_KLIPS_ENC_AES 1 #define CONFIG_KLIPS_ALG 1 #define CONFIG_KLIPS_ALG_TWOFISH 1 #define CONFIG_KLIPS_ALG_BLOWFISH 1 #define CONFIG_KLIPS_ALG_SERPENT 1 #define CONFIG_KLIPS_ALG_MD5 1 #define CONFIG_KLIPS_ALG_SHA1 1 #define CONFIG_KLIPS_ALG_SHA2 1 #undef CONFIG_KLIPS_ALG_CAST #undef CONFIG_KLIPS_ALG_NULL #undef CONFIG_KLIPS_ENC_CRYPTOAPI #define CONFIG_KLIPS_IPCOMP 1 #define CONFIG_KLIPS_DEBUG 1 #undef CONFIG_KLIPS_REGRESS EOF cp -a linux/include/*.h linux/net/ipsec/ make KERNELSRC=%{kmdl_kernelsrcdir} MODULE_DEFCONFIG=$here/.config MODULE_DEF_INCLUDE="`pwd`/autoconf_ipsec.h" module %endif %install rm -rf %{buildroot} %if %{kmdl_userland} make \ DESTDIR=%{buildroot} \ INC_USRLOCAL=%{_prefix} \ MANTREE=%{buildroot}%{_mandir} \ install find %{buildroot}%{_mandir} %{buildroot}%{_sysconfdir} -type f -exec chmod -x {} \; install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto mv %{buildroot}%{_sysconfdir}/ipsec.conf %{buildroot}%{_sysconfdir}/ipsec.conf.vendor install -p %{SOURCE3} %{buildroot}%{_sysconfdir}/ipsec.conf mv %{buildroot}%{_initrddir}/ipsec %{buildroot}%{_initrddir}/ipsec.vendor install -p %{SOURCE2} %{buildroot}%{_initrddir}/ipsec sed -i -e 's#/usr/lib/#%{_libdir}/#g' %{buildroot}%{_initrddir}/ipsec echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets install -p %{buildroot}%{_sysconfdir}/ipsec.d/examples/no_oe.conf \ %{buildroot}%{_sysconfdir}/ipsec.d/ mkdir -p %{buildroot}%{_defaultdocdir} mv %{buildroot}%{_datadir}/doc/%{name} %{buildroot}%{_defaultdocdir}/%{name}-%{version} %else mkdir -p %{buildroot}%{kmdl_moduledir}/net/ipsec install -p modobj*/ipsec.{,k}o %{buildroot}%{kmdl_moduledir}/net/ipsec/ %endif %clean rm -rf %{buildroot} %post /sbin/chkconfig --add ipsec %preun if [ $1 = 0 ]; then /sbin/service ipsec stop > /dev/null 2>&1 || : /sbin/chkconfig --del ipsec fi %postun if [ "$1" -ge "1" ]; then /sbin/service ipsec condrestart >/dev/null 2>&1 || : fi %post -n %kmdl_name %kmdl_install %postun -n %kmdl_name %kmdl_remove %if %{kmdl_userland} %files %defattr(-,root,root,-) %doc README* CHANGES* BUGS COPYING CREDITS doc LICENSE %config(noreplace) %{_sysconfdir}/ipsec.conf %config(noreplace) %{_sysconfdir}/ipsec.conf.vendor %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d %dir %{_sysconfdir}/ipsec.d/*/ %config(noreplace) %{_sysconfdir}/ipsec.d/no_oe.conf %config(noreplace) %{_sysconfdir}/ipsec.d/policies/* %config(noreplace) %{_sysconfdir}/ipsec.d/examples/* %{_initrddir}/ipsec %{_initrddir}/ipsec.vendor %exclude /etc/rc.d/rc?.d/*ipsec %{_sbindir}/ipsec %{_libdir}/ipsec %{_libexecdir}/ipsec %{_mandir}/man3/ipsec_*.3* %{_mandir}/man5/ipsec_*.5* %{_mandir}/man5/ipsec.conf.5* %{_mandir}/man5/ipsec.secrets.5* %{_mandir}/man5/pf_key.5* %{_mandir}/man8/ipsec_*.8* %{_mandir}/man8/ipsec.8* %{_localstatedir}/run/pluto %else %files -n %kmdl_name %defattr(-,root,root,-) %{kmdl_moduledir}/net/ipsec/ipsec.*o %endif %changelog * Sat Mar 22 2008 Axel Thimm - 2.4.12-32 - Update to 2.4.12. * Sun Aug 12 2007 Axel Thimm - 2.4.9-31 - Update to 2.4.9. * Tue May 29 2007 Axel Thimm - 2.4.8-30 - Update to 2.4.8. * Sun May 13 2007 Axel Thimm - 2.4.8-29_rc1 - Update to 2.4.8rc1. * Fri Nov 18 2005 Axel Thimm - Update to 2.4.4. * Wed Nov 16 2005 Axel Thimm - Update to 2.4.3. * Sat Sep 24 2005 Axel Thimm - Update to 2.4.0. * Thu Apr 21 2005 Axel Thimm - Update to 2.3.1. * Mon Feb 7 2005 Axel Thimm - Update to 2.3.0. * Fri Jan 28 2005 Axel Thimm - Update to 2.2.1. * Sat Sep 18 2004 Axel Thimm - Update to 2.2.0. * Tue Aug 24 2004 Axel Thimm - Update to 2.1.5. * Mon Jun 28 2004 Axel Thimm - Update to 2.1.4. * Wed May 19 2004 Axel Thimm - Update to 2.1.2 final. * Sat May 15 2004 Axel Thimm - Update to 2.1.2rc5. * Mon Apr 19 2004 Axel Thimm - Autodetect whether natt patch is in kernel. - Update to 2.1.2rc3. * Thu Apr 8 2004 Axel Thimm - Update to 2.1.1. * Tue Mar 2 2004 Axel Thimm - Update to 2.1.0rc1. * Sun Jan 4 2004 Axel Thimm - Initial build.