rpms/ipsec-tools/devel racoon.pam, NONE, 1.1 ipsec-tools.spec, 1.67, 1.68 p1_up_down, 1.2, 1.3
Tomáš Mráz
tmraz at fedoraproject.org
Wed Aug 19 13:54:10 UTC 2009
- Previous message: rpms/gdm/devel gdm.spec,1.480,1.481
- Next message: rpms/libgphoto2/devel .cvsignore, 1.9, 1.10 libgphoto2.spec, 1.23, 1.24 sources, 1.9, 1.10 libgphoto2.udev-136.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23176
Modified Files:
ipsec-tools.spec p1_up_down
Added Files:
racoon.pam
Log Message:
* Wed Aug 19 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.3-2
- enable xauth over PAM (#470793)
- add TMPDIR setting to the p1_up_down script
--- NEW FILE racoon.pam ---
#%PAM-1.0
# do not allow ipsec xauth for root
auth required pam_succeed_if.so user != root
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -p -r1.67 -r1.68
--- ipsec-tools.spec 18 Aug 2009 19:03:09 -0000 1.67
+++ ipsec-tools.spec 19 Aug 2009 13:54:10 -0000 1.68
@@ -1,6 +1,6 @@
Name: ipsec-tools
Version: 0.7.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -10,6 +10,7 @@ Source1: racoon.conf
Source2: psk.txt
Source3: p1_up_down
Source4: racoon.init
+Source5: racoon.pam
Patch3: ipsec-tools-0.7-acquires.patch
Patch4: ipsec-tools-0.7.1-loopback.patch
# the following patches were also submitted upstream:
@@ -24,18 +25,20 @@ Patch15: ipsec-tools-0.7.3-aliasing.patc
Patch16: ipsec-tools-0.7.2-nodevel.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
-BuildRequires: libselinux-devel >= 1.30.28-2
+BuildRequires: libselinux-devel >= 1.30.28-2, pam-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: initscripts >= 7.31.11.EL-1
+Requires: initscripts >= 7.31.11.EL-1, pam
BuildRequires: audit-libs-devel >= 1.3.1
-
+
+%global racoonconfdir %{_sysconfdir}/racoon
+
%description
This is the IPsec-Tools package. You need this package in order to
really use the IPsec functionality in the linux-2.5+ kernels. This
package builds:
-
- - setkey, a program to directly manipulate policies and SAs
- - racoon, an IKEv1 keying daemon
+
+- setkey, a program to directly manipulate policies and SAs
+- racoon, an IKEv1 keying daemon
%prep
%setup -q
@@ -60,7 +63,7 @@ LDFLAGS="-Wl,--as-needed"
export LDFLAGS
%configure \
--with-kernel-headers=/usr/include \
- --sysconfdir=/etc/racoon \
+ --sysconfdir=%{racoonconfdir} \
--without-readline \
--enable-adminport \
--enable-hybrid \
@@ -69,27 +72,29 @@ export LDFLAGS
--enable-gssapi \
--enable-natt \
--enable-security-context \
- --enable-audit
+ --enable-audit \
+ --with-libpam
make
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/sbin
-mkdir -p $RPM_BUILD_ROOT/etc/racoon
+mkdir -p $RPM_BUILD_ROOT%{racoonconfdir}
make install DESTDIR=$RPM_BUILD_ROOT
install -m 600 %{SOURCE1} \
- $RPM_BUILD_ROOT/etc/racoon/racoon.conf
+ $RPM_BUILD_ROOT%{racoonconfdir}/racoon.conf
install -m 600 %{SOURCE2} \
- $RPM_BUILD_ROOT/etc/racoon/psk.txt
+ $RPM_BUILD_ROOT%{racoonconfdir}/psk.txt
mv $RPM_BUILD_ROOT%{_sbindir}/setkey $RPM_BUILD_ROOT/sbin
-mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/certs
-mkdir -m 0700 -p $RPM_BUILD_ROOT/etc/racoon/scripts
+mkdir -m 0700 -p $RPM_BUILD_ROOT%{racoonconfdir}/certs
+mkdir -m 0700 -p $RPM_BUILD_ROOT%{racoonconfdir}/scripts
install -m 700 %{SOURCE3} \
- $RPM_BUILD_ROOT/etc/racoon/scripts/p1_up_down
-install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT/%{_initrddir}/racoon
+ $RPM_BUILD_ROOT%{racoonconfdir}/scripts/p1_up_down
+install -D -m755 %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/racoon
+install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/racoon
%clean
rm -rf $RPM_BUILD_ROOT
@@ -113,16 +118,21 @@ fi
/sbin/*
%{_sbindir}/*
%{_mandir}/man*/*
-%{_sysconfdir}/racoon/scripts/*
%{_initrddir}/racoon
-%dir /etc/racoon
-%dir /etc/racoon/certs
-%dir /etc/racoon/scripts
-%dir /var/racoon
-%config(noreplace) /etc/racoon/psk.txt
-%config(noreplace) /etc/racoon/racoon.conf
+%dir %{racoonconfdir}
+%{racoonconfdir}/scripts/*
+%dir %{racoonconfdir}/certs
+%dir %{racoonconfdir}/scripts
+%dir %{_localstatedir}/racoon
+%config(noreplace) %{racoonconfdir}/psk.txt
+%config(noreplace) %{racoonconfdir}/racoon.conf
+%config(noreplace) %{_sysconfdir}/pam.d/racoon
%changelog
+* Wed Aug 19 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.3-2
+- enable xauth over PAM (#470793)
+- add TMPDIR setting to the p1_up_down script
+
* Tue Aug 18 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.3-1
- update to a new upstream version
- fix service stop in preun (#515880)
Index: p1_up_down
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/p1_up_down,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- p1_up_down 28 Feb 2008 16:05:36 -0000 1.2
+++ p1_up_down 19 Aug 2009 13:54:10 -0000 1.3
@@ -13,6 +13,8 @@ shopt -s nocasematch
umask 0022
PATH=/bin:/sbin:/usr/bin:/usr/sbin
+# we must not touch /tmp
+TMPDIR="/var/racoon"
# set up NAT-T
case "${NAT_T}" in
- Previous message: rpms/gdm/devel gdm.spec,1.480,1.481
- Next message: rpms/libgphoto2/devel .cvsignore, 1.9, 1.10 libgphoto2.spec, 1.23, 1.24 sources, 1.9, 1.10 libgphoto2.udev-136.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list