[openswan] redhat #820143: systemd support for openswan pluto daemon.
avesh
avesh at fedoraproject.org
Wed Oct 17 20:44:41 UTC 2012
commit 9bb51bc462918f76a91a3e599cb20c62bd7f9956
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Oct 17 16:43:55 2012 -0400
redhat #820143: systemd support for openswan pluto daemon.
- Made changes to spec file to support systemd service support.
- Updated README.nss to remove unnecessary configuration parameters
that are not required by default and are network topology specific.
openswan-readme-nss.patch | 43 +++++++++++++++++++++++++++++++++++
openswan-systemd-service.patch | 41 ++++++++++++++++++++++++++++++++++
openswan.spec | 48 +++++++++++++++++++++++++++++----------
3 files changed, 119 insertions(+), 13 deletions(-)
---
diff --git a/openswan-readme-nss.patch b/openswan-readme-nss.patch
new file mode 100644
index 0000000..94ffba3
--- /dev/null
+++ b/openswan-readme-nss.patch
@@ -0,0 +1,43 @@
+commit 0d70dc360063dfcae32d5b4a849df1e6d7ae5ff2
+Author: Avesh Agarwal <avagarwa at redhat.com>
+Date: Wed Oct 17 16:32:16 2012 -0400
+
+ Updated README.nss to remove unnecessary configuration parameters
+ that are not required by default and are network topology specific.
+
+diff --git a/docs/README.nss b/docs/README.nss
+index 3ecec11..7aa5322 100644
+--- a/docs/README.nss
++++ b/docs/README.nss
+@@ -256,15 +256,11 @@ ipsec.conf at machine 1:
+ conn pluto-1-2
+ left=w1.x1.y1.z1
+ leftid="CN=usercert1"
+- leftsourceip=w1.x1.y1.z1
+ leftrsasigkey=%cert
+ leftcert=usercert1
+- leftnexthop=w2.x2.y2.z2
+ right=w2.x2.y2.z2
+ rightid="CN=usercert2"
+- rightsourceip=w2.x2.y2.z2
+ rightrsasigkey=%cert
+- rightnexthop=w1.x1.y1.z1
+ rekey=no
+ esp="aes-sha1"
+ ike="aes-sha1"
+@@ -277,15 +273,11 @@ ipsec.conf at machine 2:
+ conn pluto-1-2
+ left=w2.x2.y2.z2
+ leftid="CN=usercert2"
+- leftsourceip=w2.x2.y2.z2
+ leftrsasigkey=%cert
+ leftcert=usercert2
+- leftnexthop=w1.x1.y1.z1
+ right=w1.x1.y1.z1
+ rightid="CN=usercert1"
+- rightsourceip=w1.x1.y1.z1
+ rightrsasigkey=%cert
+- rightnexthop=w2.x2.y2.z2
+ rekey=no
+ esp="aes-sha1"
+ ike="aes-sha1"
diff --git a/openswan-systemd-service.patch b/openswan-systemd-service.patch
new file mode 100644
index 0000000..1fd7ebf
--- /dev/null
+++ b/openswan-systemd-service.patch
@@ -0,0 +1,41 @@
+commit 43fd73acf6bf70307f6f09e8ecec5f5ff7e3eb0c
+Author: Avesh Agarwal <avagarwa at redhat.com>
+Date: Wed Oct 17 16:27:42 2012 -0400
+
+ Fedora bz: #820143, RHEL bz: #818970
+
+ native systemd service file support for openswan.
+
+diff --git a/systemd-service-file/ipsec.service b/systemd-service-file/ipsec.service
+new file mode 100644
+index 0000000..e09183c
+--- /dev/null
++++ b/systemd-service-file/ipsec.service
+@@ -0,0 +1,27 @@
++[Unit]
++Description=Internet Key Exchange (IKE) Protocol Daemon
++After=syslog.target
++After=network.target
++After=remote-fs.target
++
++[Service]
++Type=forking
++#User=root
++#UMask=022
++#StandardOutput=syslog
++#Environment=IPSEC_LIBDIR=/usr/libexec/ipsec
++#Environment=IPSEC_SBINDIR=/usr/sbin
++#Environment=IPSEC_CONFS=/etc
++#Environment=IPSEC_EXECDIR=/usr/libexec/ipsec
++#Environment=IPSECsyslog=daemon.error
++
++#ExecStartPre=/usr/bin/mkdir -p /var/run/pluto ; /usr/bin/chmod 700 /var/run/pluto
++#ExecStartPre=/usr/bin/sh -c 'eval `ipsec addconn $IPSEC_CONFS/ipsec.conf --varprefix IPSEC --configsetup`'
++#ExecStart=/usr/sbin/ipsec _realsetup start
++#ExecStop=/usr/sbin/ipsec _realsetup stop
++ExecStart=/usr/libexec/ipsec/setup start
++ExecStop=/usr/libexec/ipsec/setup stop
++PIDFile=/var/run/pluto/pluto.pid
++
++[Install]
++WantedBy=multi-user.target
diff --git a/openswan.spec b/openswan.spec
index dd4a62d..56e54b1 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -10,7 +10,7 @@ Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
Version: 2.6.38
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
@@ -37,19 +37,23 @@ Patch16: openswan-785180.patch
Patch17: openswan-834396.patch
Patch18: openswan-834400.patch
Patch19: openswan-2.6.38-noperl.patch
+Patch20: openswan-systemd-service.patch
+Patch21: openswan-readme-nss.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gmp-devel bison flex xmlto bind-devel
+BuildRequires: systemd
%if %{USE_LIBNSS}
BuildRequires: nss-devel >= %{nss_version}
Requires: nss-tools
%endif
-Requires(post): coreutils bash
-Requires(preun): initscripts chkconfig
+Requires(post): coreutils bash systemd-units systemd-sysv
+Requires(preun): initscripts chkconfig systemd-units
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
+Requires(postun): systemd-units
%if %{USE_FIPSCHECK}
BuildRequires: fipscheck-devel >= %{fipscheck_version}
@@ -117,6 +121,8 @@ install -m 644 %{SOURCE3} docs/README.x509
%patch17 -p1
%patch18 -p1
%patch19 -p1
+%patch20 -p1
+%patch21 -p1
%build
@@ -175,6 +181,8 @@ rm -rf $RPM_BUILD_ROOT/usr/share/doc/openswan
# ipsec and setup both installed by default - they are identical
rm -f $RPM_BUILD_ROOT/etc/rc.d/init.d/setup
+rm -rf $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
+mv $RPM_BUILD_ROOT/etc/rc.d/init.d/ipsec $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
install -d $RPM_BUILD_ROOT%{_sbindir}
@@ -184,10 +192,14 @@ find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
%endif
+# systemd service file addition
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -m644 ./systemd-service-file/ipsec.service $RPM_BUILD_ROOT%{_unitdir}
+
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
-sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' $RPM_BUILD_ROOT%{_initrddir}/ipsec
+#sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' $RPM_BUILD_ROOT%{_initrddir}/ipsec
echo "include /etc/ipsec.d/*.secrets" > $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.secrets
@@ -216,7 +228,8 @@ rm -rf $RPM_BUILD_ROOT
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
-%{_initrddir}/ipsec
+%attr(0644,root,root) %{_unitdir}/ipsec.service
+#%{_initrddir}/ipsec
%{_sbindir}/ipsec
%if %{USE_FIPSCHECK}
%{_libdir}/fipscheck/*.hmac
@@ -225,22 +238,31 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/*.gz
%ghost %{_localstatedir}/run/pluto
-
%preun
if [ $1 = 0 ]; then
- /sbin/service ipsec stop || :
- /sbin/chkconfig --del ipsec
+# /sbin/service ipsec stop || :
+# /sbin/chkconfig --del ipsec
+ /bin/systemctl stop ipsec.service > /dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable ipsec.service > /dev/null 2>&1 || :
fi
%postun
-if [ $1 -ge 1 ] ; then
- /sbin/service ipsec condrestart 2>&1 > /dev/null || :
-fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+#if [ $1 -ge 1 ] ; then
+# /sbin/service ipsec condrestart 2>&1 > /dev/null || :
+# /bin/systemctl try-restart ipsec.service >/dev/null 2>&1 || :
+#fi
-%post
-chkconfig --add ipsec || :
+#%post
+#chkconfig --add ipsec || :
%changelog
+* Tue Oct 16 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-7
+- redhat #820143: systemd support for openswan pluto daemon.
+- Made changes to spec file to support systemd service support.
+- Updated README.nss to remove unnecessary configuration parameters
+ that are not required by default and are network topology specific.
+
* Mon Sep 10 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-6
- Fixed ipsec verify to avoid perl and use python instead. It helps
during minimum install so that openswan does not have to pull perl
More information about the scm-commits
mailing list