[openswan] Lot of clean up of spec file, removing unnecessary stuff and

avesh avesh at fedoraproject.org
Tue Oct 23 15:19:54 UTC 2012 

commit 199dc76080e20cbfbd0e3416da1cb4d21559e558
Author: Avesh Agarwal <avagarwa at redhat.com>
Date:   Tue Oct 23 11:19:44 2012 -0400

    Lot of clean up of spec file, removing unnecessary stuff and
    
      fixing ordering of sections. Hopefully making it more readable now.
    - Fixed /var/run/pluto error as it was installed by the package, so
      there is no need to create it inside spec file.
    - Fixed pluto run time error related to missing directories in
      /etc/ipsec.d/ directory.

 openswan.spec |   98 +++++++++++++++++++++++++++-----------------------------
 1 files changed, 47 insertions(+), 51 deletions(-)
---
diff --git a/openswan.spec b/openswan.spec
index 56e54b1..78b4d21 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -9,12 +9,10 @@
 Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
 Name: openswan
 Version: 2.6.38
-
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Url: http://www.openswan.org/
 Source: openswan-%{version}.tar.gz
-
 Source2: ipsec.conf
 Source3: README.x509
 
@@ -44,10 +42,6 @@ Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: gmp-devel bison flex xmlto bind-devel
 BuildRequires: systemd
-%if %{USE_LIBNSS}
-BuildRequires: nss-devel >= %{nss_version}
-Requires: nss-tools
-%endif
 Requires(post): coreutils bash systemd-units systemd-sysv
 Requires(preun): initscripts chkconfig systemd-units
 Requires(post): /sbin/chkconfig
@@ -55,6 +49,11 @@ Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 Requires(postun): systemd-units
 
+%if %{USE_LIBNSS}
+BuildRequires: nss-devel >= %{nss_version}
+Requires: nss-tools
+%endif
+
 %if %{USE_FIPSCHECK}
 BuildRequires: fipscheck-devel >= %{fipscheck_version}
 Requires: fipscheck%{_isa} >= %{fipscheck_version}
@@ -69,9 +68,7 @@ BuildRequires: openldap-devel curl-devel
 Requires: curl openldap
 %endif
 
-Provides: ipsec-userland = %{version}-%{release}
-#unless kernel with NETKEY supplies this capability we cannot do this
-#Requires: ipsec-kernel
+Provides: ike = %{version}-%{release}
 
 %package doc
 Summary: Full documentation of Openswan IPSEC implementation
@@ -93,16 +90,14 @@ in the default Linux kernel.
 Openswan 2.6.x also supports IKEv2 (RFC4306)
 
 %description doc
-This package contains extensive documentation of the Openswan IPSEC
+This package contains extensive documentation of the Openswan IKE/IPSEC
 system.
 
 %prep
 %setup -q -n openswan-%{version}
 install -m 644 %{SOURCE3} docs/README.x509
-#find doc/examples -type f -print0 | xargs -0 chmod a-x
-#find doc -name .gitignore -print0 | xargs -0 rm -v
 
-%patch1 -p1 -b .relpath
+%patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
@@ -125,7 +120,6 @@ install -m 644 %{SOURCE3} docs/README.x509
 %patch21 -p1
 
 %build
-
 #796683: -fno-strict-aliasing
 %{__make} \
   USERCOMPILE="-g %{optflags} -fno-strict-aliasing -fPIE -pie" \
@@ -155,19 +149,8 @@ install -m 644 %{SOURCE3} docs/README.x509
   programs
 FS=$(pwd)
 
-%if %{USE_FIPSCHECK}
-# Add generation of HMAC checksums of the final stripped binaries
-%define __spec_install_post \
-    %{?__debug_package:%{__debug_install_post}} \
-    %{__arch_install_post} \
-    %{__os_install_post} \
-  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
-  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
-%{nil}
-%endif
-
 %install
-rm -rf $RPM_BUILD_ROOT
+#rm -rf $RPM_BUILD_ROOT
 %{__make} \
   DESTDIR=$RPM_BUILD_ROOT \
   INC_USRLOCAL=%{_prefix} \
@@ -181,12 +164,9 @@ rm -rf $RPM_BUILD_ROOT/usr/share/doc/openswan
 
 # ipsec and setup both installed by default - they are identical
 rm -f $RPM_BUILD_ROOT/etc/rc.d/init.d/setup
-rm -rf $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
+#remove the setup symbolic link and move ipsec to setup
+rm -f $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
 mv $RPM_BUILD_ROOT/etc/rc.d/init.d/ipsec $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup
-rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
-install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
-install -d $RPM_BUILD_ROOT%{_sbindir}
-find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
 
 %if %{USE_FIPSCHECK}
 mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
@@ -196,21 +176,30 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}
 install -m644 ./systemd-service-file/ipsec.service $RPM_BUILD_ROOT%{_unitdir}
 
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
+#etc related files
+find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
 install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
-
-#sed -i -e 's#/usr/lib/#%{_libexecdir}/#g' $RPM_BUILD_ROOT%{_initrddir}/ipsec
-
 echo "include /etc/ipsec.d/*.secrets" > $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.secrets
+rm -fr $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/examples
+#rm -fr $RPM_BUILD_ROOT/etc/rc.d/rc*
 
+#help pages
+rm -f $RPM_BUILD_ROOT/usr/share/man/man3/*
 chmod a-x $RPM_BUILD_ROOT%{_mandir}/*/*
-
 # nuke duplicate docs to save space.  this leaves html and ps
 rm -f doc/HOWTO.pdf doc/HOWTO.txt
 
-rm -fr $RPM_BUILD_ROOT/etc/rc.d/rc*
-
-rm -fr $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/examples
+%if %{USE_FIPSCHECK}
+# Add generation of HMAC checksums of the final stripped binaries
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
+  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
+  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_unitdir}/ipsec.service \
+%{nil}
+%endif
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -227,36 +216,43 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/aacerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/ocspcerts
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/certs
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/private
 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
+%attr(0700,root,root) %dir %{_localstatedir}/run/pluto
 %attr(0644,root,root) %{_unitdir}/ipsec.service
-#%{_initrddir}/ipsec
 %{_sbindir}/ipsec
 %if %{USE_FIPSCHECK}
 %{_libdir}/fipscheck/*.hmac
 %endif
 %{_libexecdir}/ipsec
 %{_mandir}/*/*.gz
-%ghost %{_localstatedir}/run/pluto
 
 %preun
 if [ $1 = 0 ]; then
-#	/sbin/service ipsec stop || :
-#	/sbin/chkconfig --del ipsec
 	/bin/systemctl stop ipsec.service > /dev/null 2>&1 || :
 	/bin/systemctl --no-reload disable ipsec.service > /dev/null 2>&1 || :
 fi
 
 %postun
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-#if [ $1 -ge 1 ] ; then
-#	/sbin/service ipsec condrestart 2>&1 > /dev/null || :
-#	/bin/systemctl try-restart ipsec.service >/dev/null 2>&1 || :
-#fi
-
-#%post
-#chkconfig --add ipsec || :
+if [ $1 -ge 1 ] ; then
+	/bin/systemctl try-restart ipsec.service >/dev/null 2>&1 || :
+fi
 
 %changelog
+* Tue Oct 19 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-8
+- Lot of clean up of spec file, removing unnecessary stuff and 
+  fixing ordering of sections. Hopefully making it more readable now.
+- Fixed /var/run/pluto error as it was installed by the package, so
+  there is no need to create it inside spec file.
+- Fixed pluto run time error related to missing directories in 
+  /etc/ipsec.d/ directory.
+
 * Tue Oct 16 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-7
 - redhat #820143: systemd support for openswan pluto daemon.
 - Made changes to spec file to support systemd service support.

More information about the scm-commits mailing list