[openswan] Lot of clean up of spec file, removing unnecessary stuff and
avesh
avesh at fedoraproject.org
Tue Oct 23 15:19:54 UTC 2012
commit 199dc76080e20cbfbd0e3416da1cb4d21559e558
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Oct 23 11:19:44 2012 -0400
Lot of clean up of spec file, removing unnecessary stuff and
fixing ordering of sections. Hopefully making it more readable now.
- Fixed /var/run/pluto error as it was installed by the package, so
there is no need to create it inside spec file.
- Fixed pluto run time error related to missing directories in
/etc/ipsec.d/ directory.
openswan.spec | 98 +++++++++++++++++++++++++++-----------------------------
1 files changed, 47 insertions(+), 51 deletions(-)
---
diff --git a/openswan.spec b/openswan.spec
index 56e54b1..78b4d21 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -9,12 +9,10 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
Version: 2.6.38
-
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
-
Source2: ipsec.conf
Source3: README.x509
@@ -44,10 +42,6 @@ Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gmp-devel bison flex xmlto bind-devel
BuildRequires: systemd
-%if %{USE_LIBNSS}
-BuildRequires: nss-devel >= %{nss_version}
-Requires: nss-tools
-%endif
Requires(post): coreutils bash systemd-units systemd-sysv
Requires(preun): initscripts chkconfig systemd-units
Requires(post): /sbin/chkconfig
@@ -55,6 +49,11 @@ Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): systemd-units
+%if %{USE_LIBNSS}
+BuildRequires: nss-devel >= %{nss_version}
+Requires: nss-tools
+%endif
+
%if %{USE_FIPSCHECK}
BuildRequires: fipscheck-devel >= %{fipscheck_version}
Requires: fipscheck%{_isa} >= %{fipscheck_version}
@@ -69,9 +68,7 @@ BuildRequires: openldap-devel curl-devel
Requires: curl openldap
%endif
-Provides: ipsec-userland = %{version}-%{release}
-#unless kernel with NETKEY supplies this capability we cannot do this
-#Requires: ipsec-kernel
+Provides: ike = %{version}-%{release}
%package doc
Summary: Full documentation of Openswan IPSEC implementation
@@ -93,16 +90,14 @@ in the default Linux kernel.
Openswan 2.6.x also supports IKEv2 (RFC4306)
%description doc
-This package contains extensive documentation of the Openswan IPSEC
+This package contains extensive documentation of the Openswan IKE/IPSEC
system.
%prep
%setup -q -n openswan-%{version}
install -m 644 %{SOURCE3} docs/README.x509
-#find doc/examples -type f -print0 | xargs -0 chmod a-x
-#find doc -name .gitignore -print0 | xargs -0 rm -v
-%patch1 -p1 -b .relpath
+%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
@@ -125,7 +120,6 @@ install -m 644 %{SOURCE3} docs/README.x509
%patch21 -p1
%build
-
#796683: -fno-strict-aliasing
%{__make} \
USERCOMPILE="-g %{optflags} -fno-strict-aliasing -fPIE -pie" \
@@ -155,19 +149,8 @@ install -m 644 %{SOURCE3} docs/README.x509
programs
FS=$(pwd)
-%if %{USE_FIPSCHECK}
-# Add generation of HMAC checksums of the final stripped binaries
-%define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
- fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
-%{nil}
-%endif
-
%install
-rm -rf $RPM_BUILD_ROOT
+#rm -rf $RPM_BUILD_ROOT
%{__make} \
DESTDIR=$RPM_BUILD_ROOT \
INC_USRLOCAL=%{_prefix} \
@@ -181,12 +164,9 @@ rm -rf $RPM_BUILD_ROOT/usr/share/doc/openswan
# ipsec and setup both installed by default - they are identical
rm -f $RPM_BUILD_ROOT/etc/rc.d/init.d/setup
-rm -rf $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
+#remove the setup symbolic link and move ipsec to setup
+rm -f $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
mv $RPM_BUILD_ROOT/etc/rc.d/init.d/ipsec $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
-rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
-install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
-install -d $RPM_BUILD_ROOT%{_sbindir}
-find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
%if %{USE_FIPSCHECK}
mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
@@ -196,21 +176,30 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
install -m644 ./systemd-service-file/ipsec.service $RPM_BUILD_ROOT%{_unitdir}
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
+#etc related files
+find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
-
-#sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' $RPM_BUILD_ROOT%{_initrddir}/ipsec
-
echo "include /etc/ipsec.d/*.secrets" > $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.secrets
+rm -fr $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/examples
+#rm -fr $RPM_BUILD_ROOT/etc/rc.d/rc*
+#help pages
+rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
chmod a-x $RPM_BUILD_ROOT%{_mandir}/*/*
-
# nuke duplicate docs to save space. this leaves html and ps
rm -f doc/HOWTO.pdf doc/HOWTO.txt
-rm -fr $RPM_BUILD_ROOT/etc/rc.d/rc*
-
-rm -fr $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/examples
+%if %{USE_FIPSCHECK}
+# Add generation of HMAC checksums of the final stripped binaries
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
+ fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
+ fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_unitdir}/ipsec.service \
+%{nil}
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
@@ -227,36 +216,43 @@ rm -rf $RPM_BUILD_ROOT
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/aacerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/ocspcerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/certs
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/private
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
+%attr(0700,root,root) %dir %{_localstatedir}/run/pluto
%attr(0644,root,root) %{_unitdir}/ipsec.service
-#%{_initrddir}/ipsec
%{_sbindir}/ipsec
%if %{USE_FIPSCHECK}
%{_libdir}/fipscheck/*.hmac
%endif
%{_libexecdir}/ipsec
%{_mandir}/*/*.gz
-%ghost %{_localstatedir}/run/pluto
%preun
if [ $1 = 0 ]; then
-# /sbin/service ipsec stop || :
-# /sbin/chkconfig --del ipsec
/bin/systemctl stop ipsec.service > /dev/null 2>&1 || :
/bin/systemctl --no-reload disable ipsec.service > /dev/null 2>&1 || :
fi
%postun
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-#if [ $1 -ge 1 ] ; then
-# /sbin/service ipsec condrestart 2>&1 > /dev/null || :
-# /bin/systemctl try-restart ipsec.service >/dev/null 2>&1 || :
-#fi
-
-#%post
-#chkconfig --add ipsec || :
+if [ $1 -ge 1 ] ; then
+ /bin/systemctl try-restart ipsec.service >/dev/null 2>&1 || :
+fi
%changelog
+* Tue Oct 19 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-8
+- Lot of clean up of spec file, removing unnecessary stuff and
+ fixing ordering of sections. Hopefully making it more readable now.
+- Fixed /var/run/pluto error as it was installed by the package, so
+ there is no need to create it inside spec file.
+- Fixed pluto run time error related to missing directories in
+ /etc/ipsec.d/ directory.
+
* Tue Oct 16 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-7
- redhat #820143: systemd support for openswan pluto daemon.
- Made changes to spec file to support systemd service support.
More information about the scm-commits
mailing list