[libreswan/el6] rhel6 version of libreswan spec file (not rhel7)

Paul Wouters pwouters at fedoraproject.org
Tue Jul 16 19:53:25 UTC 2013 

commit 7797818bab38e1cdff1fa3698dba2d8d945bfa91
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jul 16 15:52:43 2013 -0400

    rhel6 version of libreswan spec file (not rhel7)

 libreswan.spec |   98 +++++++++++++++++++++++++++----------------------------
 1 files changed, 48 insertions(+), 50 deletions(-)
---
diff --git a/libreswan.spec b/libreswan.spec
index dbbe13a..1b115bf 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -6,10 +6,7 @@
 %global USE_NM true
 %global USE_LINUX_AUDIT true
 
-%global _hardened_build 1
-
-%global fipscheck_version 1.3.0
-
+%global fipscheck_version 1.2.0-1
 %global buildefence 0
 %global development 0
 
@@ -18,22 +15,23 @@
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
 Version: 3.5
-Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://www.libreswan.org/
 Source: https://download.libreswan.org/%{name}-%{version}%{?prever}.tar.gz
 Group: System Environment/Daemons
 BuildRequires: gmp-devel bison flex redhat-rpm-config pkgconfig
-BuildRequires: systemd
-Requires(post): coreutils bash systemd
-Requires(preun): systemd
-Requires(postun): systemd
-
-Conflicts: openswan
+Requires(post): coreutils bash
+Requires(preun): initscripts chkconfig
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+Requires(preun): /sbin/service
 
 Patch1: libreswan-3.5-cisco-interop.patch
 
-BuildRequires: pkgconfig hostname
+Conflicts: openswan
+
+BuildRequires: pkgconfig net-tools
 BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
 BuildRequires: pam-devel
 %if %{USE_DNSSEC}
@@ -47,7 +45,6 @@ Requires: fipscheck%{_isa} >= %{fipscheck_version}
 %if %{USE_LINUX_AUDIT}
 Buildrequires: audit-libs-devel
 %endif
-
 %if %{USE_LIBCAP_NG}
 BuildRequires: libcap-ng-devel
 %endif
@@ -61,13 +58,14 @@ BuildRequires: ElectricFence
 # BuildRequires: xmlto
 
 Requires: nss-tools, nss-softokn
+Requires: iproute >= 2.6.8
 
 %description
-Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
+Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is 
 the Internet Protocol Security and uses strong cryptography to provide
 both authentication and encryption services.  These services allow you
 to build secure tunnels through untrusted networks.  Everything passing
-through the untrusted net is encrypted by the ipsec gateway machine and
+through the untrusted net is encrypted by the ipsec gateway machine and 
 decrypted by the gateway at the other end of the tunnel.  The resulting
 tunnel is a virtual private network or VPN.
 
@@ -82,9 +80,10 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %setup -q -n libreswan-%{version}%{?prever}
 %patch1 -p1 -b .ciscovpn
 
+
 %build
 %if %{buildefence}
- %define efence "-lefence"
+ %global efence "-lefence"
 %endif
 
 #796683: -fno-strict-aliasing
@@ -94,19 +93,17 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %else
   USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \
 %endif
+  INITSYSTEM=sysvinit \
   USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" \
-  INITSYSTEM=systemd \
-  USE_DYNAMICDNS="true" \
+  USE_DYNAMICDNS=true \
   USE_NM=%{USE_NM} \
   USE_XAUTHPAM=true \
-  USE_FIPSCHECK="%{USE_FIPSCHECK}" \
-  USE_LIBCAP_NG="%{USE_LIBCAP_NG}" \
-  USE_LABELED_IPSEC="%{USE_LABELED_IPSEC}" \
-%if %{USE_CRL_FETCHING}
-  USE_LDAP=true \
-  USE_LIBCURL=true \
-%endif
-  USE_DNSSEC="%{USE_DNSSEC}" \
+  USE_FIPSCHECK=%{USE_FIPSCHECK} \
+  USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
+  USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
+  USE_LDAP=%{USE_CRL_FETCHING} \
+  USE_LIBCURL=%{USE_CRL_FETCHING} \
+  USE_DNSSEC=%{USE_DNSSEC} \
   INC_USRLOCAL=%{_prefix} \
   FINALLIBDIR=%{_libexecdir}/ipsec \
   FINALLIBEXECDIR=%{_libexecdir}/ipsec \
@@ -118,47 +115,43 @@ FS=$(pwd)
 %if %{USE_FIPSCHECK}
 # Add generation of HMAC checksums of the final stripped binaries
 %define __spec_install_post \
-    %{?__debug_package:%{__debug_install_post}} \
-    %{__arch_install_post} \
-    %{__os_install_post} \
-  fipshmac -d %{buildroot}%{_libdir}/fipscheck ` ls %{buildroot}%{_libexecdir}/ipsec/*|grep -v setup` \
-  fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_sbindir}/ipsec \
+  %{?__debug_package:%{__debug_install_post}} \
+  %{__arch_install_post} \
+  %{__os_install_post} \
+  fipshmac %{buildroot}%{_sbindir}/ipsec \
+  fipshmac %{buildroot}%{_libexecdir}/ipsec/* \
 %{nil}
 %endif
 
 %install
-rm -rf ${RPM_BUILD_ROOT}
+rm -rf %{buildroot}
 %{__make} \
   DESTDIR=%{buildroot} \
+  INITSYSTEM=sysvinit \
   INC_USRLOCAL=%{_prefix} \
   FINALLIBDIR=%{_libexecdir}/ipsec \
   FINALLIBEXECDIR=%{_libexecdir}/ipsec \
   MANTREE=%{buildroot}%{_mandir} \
   INC_RCDEFAULT=%{_initrddir} \
   INSTMANFLAGS="-m 644" \
-  INITSYSTEM=systemd \
   install
 FS=$(pwd)
 rm -rf %{buildroot}/usr/share/doc/libreswan
 
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/pluto
-# used when setting --perpeerlog without --perpeerlogbase
+# used when setting --perpeerlog without --perpeerlogbase 
 install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
 install -d %{buildroot}%{_sbindir}
 
-%if %{USE_FIPSCHECK}
-mkdir -p %{buildroot}%{_libdir}/fipscheck
-%endif
-
 echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
 rm -fr %{buildroot}/etc/rc.d/rc*
 
-%files
+%files 
 %doc BUGS CHANGES COPYING CREDITS README LICENSE
 %doc docs/*.*
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/pluto
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/pluto
 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
 %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
@@ -166,28 +159,33 @@ rm -fr %{buildroot}/etc/rc.d/rc*
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
 %attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
 %attr(0755,root,root) %dir %{_localstatedir}/run/pluto
-%attr(0644,root,root) %{_unitdir}/ipsec.service
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
-%{_sbindir}/ipsec
+%{_initrddir}/ipsec
 %{_libexecdir}/ipsec
-%attr(0644,root,root) %doc %{_mandir}/*/*
+%{_sbindir}/ipsec
+%attr(0644,root,root) %{_mandir}/*/*.gz
 
 %if %{USE_FIPSCHECK}
-%{_libdir}/fipscheck/*.hmac
+%{_sbindir}/.ipsec.hmac
 %endif
 
 %preun
-%systemd_preun ipsec.service
+if [ $1 -eq 0 ]; then
+        /sbin/service ipsec stop > /dev/null 2>&1 || :
+        /sbin/chkconfig --del ipsec
+fi
 
 %postun
-%systemd_postun_with_restart ipsec.service
+if [ $1 -ge 1 ] ; then
+ /sbin/service ipsec condrestart 2>&1 >/dev/null || :
+fi
 
-%post
-%systemd_post ipsec.service
+%post 
+/sbin/chkconfig --add ipsec || :
 
 %changelog
 * Mon Jul 15 2013 Paul Wouters <pwouters at redhat.com> - 3.5-2
+- Initial package for EPEL6
+- Do not obsolete, only conflict, with openswan for RHEL6
 - Added interop patch for (some?) Cisco VPN clients sending 16 zero
   bytes of extraneous IKE data
-- Do not obsolete, only conflict, with openswan for RHEL6
-- Initial package for EPEL6

More information about the scm-commits mailing list