rpms/openswan/devel openswan-2.6-examples.patch, NONE, 1.1 openswan.spec, 1.46, 1.47
Steve Conklin (sconklin)
fedora-extras-commits at redhat.com
Thu Jan 17 01:07:39 UTC 2008
Author: sconklin
Update of /cvs/pkgs/rpms/openswan/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13289
Modified Files:
openswan.spec
Added Files:
openswan-2.6-examples.patch
Log Message:
Adding work so far to clean up rpmlint
openswan-2.6-examples.patch:
--- NEW FILE openswan-2.6-examples.patch ---
diff -Nur openswan-2.6.03-original/doc/example-configs/l2tp-cert.conf openswan-2.6.03-new/doc/example-configs/l2tp-cert.conf
--- openswan-2.6.03-original/doc/example-configs/l2tp-cert.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/l2tp-cert.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,38 @@
+conn l2tp-X.509
+ #
+ # Configuration for one user with any type of IPsec/L2TP client
+ # including the updated Windows 2000/XP (MS KB Q818043), but
+ # excluding the non-updated Windows 2000/XP.
+ #
+ #
+ # Use a certificate. Disable Perfect Forward Secrecy.
+ #
+ authby=rsasig
+ pfs=no
+ auto=add
+ # we cannot rekey for %any, let client rekey
+ rekey=no
+ # Set ikelifetime and keylife to same defaults windows has
+ ikelifetime=8h
+ keylife=1h
+ # l2tp-over-ipsec is transport mode
+ # See http://bugs.xelerance.com/view.php?id=466
+ type=transport
+ #
+ left=%defaultroute
+ # or you can use: left=YourIPAddress
+ leftrsasigkey=%cert
+ leftcert=/etc/ipsec.d/certs/YourGatewayCertHere.pem
+ leftprotoport=17/1701
+ #
+ # The remote user.
+ #
+ right=%any
+ rightca=%same
+ rightrsasigkey=%cert
+ # Using the magic port of "0" means "any one single port". This is
+ # a work around required for Apple OSX clients that use a randomly
+ # high port, but propose "0" instead of their port.
+ rightprotoport=17/0
+ rightsubnet=vhost:%priv,%no
+
diff -Nur openswan-2.6.03-original/doc/example-configs/l2tp-psk.conf openswan-2.6.03-new/doc/example-configs/l2tp-psk.conf
--- openswan-2.6.03-original/doc/example-configs/l2tp-psk.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/l2tp-psk.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,43 @@
+conn L2TP-PSK-NAT
+ rightsubnet=vhost:%priv
+ also=L2TP-PSK-noNAT
+
+conn L2TP-PSK-noNAT
+ #
+ # Configuration for one user with any type of IPsec/L2TP client
+ # including the updated Windows 2000/XP (MS KB Q818043), but
+ # excluding the non-updated Windows 2000/XP.
+ #
+ #
+ # Use a Preshared Key. Disable Perfect Forward Secrecy.
+ #
+ # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
+ # YourIPAddress %any: "sharedsecret"
+ authby=secret
+ pfs=no
+ auto=add
+ keyingtries=3
+ # we cannot rekey for %any, let client rekey
+ rekey=no
+ # Set ikelifetime and keylife to same defaults windows has
+ ikelifetime=8h
+ keylife=1h
+ # l2tp-over-ipsec is transport mode
+ type=transport
+ #
+ left=%defaultroute
+ # or you can use: left=YourIPAddress
+ #
+ # For updated Windows 2000/XP clients,
+ # to support old clients as well, use leftprotoport=17/%any
+ leftprotoport=17/1701
+ #
+ # The remote user.
+ #
+ right=%any
+ # Using the magic port of "0" means "any one single port". This is
+ # a work around required for Apple OSX clients that use a randomly
+ # high port, but propose "0" instead of their port.
+ rightprotoport=17/0
+
+
diff -Nur openswan-2.6.03-original/doc/example-configs/linux-linux.conf openswan-2.6.03-new/doc/example-configs/linux-linux.conf
--- openswan-2.6.03-original/doc/example-configs/linux-linux.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/linux-linux.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,19 @@
+conn linux-to-linux
+ #
+ # Simple use raw RSA keys
+ # After starting openswan, run: ipsec showhostkey --left (or --right)
+ # and fill in the connection similarly to the example below.
+ #
+ left=1.2.3.4
+ # optional
+ # leftsubnet=10.0.1.0/24
+ leftid=@bofh.xelerance.com
+ leftrsasigkey=0sAQPWTXt8DDlEhTZJ91ngNMxTSyuos6JZxXQmtRcwUl6ppUCcuuWvjXrF/qiz6eiL1LMlpGJyG1oVhtFhTaFJl7ZkF/4J1B9LCFzYxvYI97AnLuC0op5pVAZ1SZx29+aRjeMcKC4zbZ6dMMjUdn9H1gqG9rpE0MBEFNSVLEu9U8rtlz14RfxQAQ9ePj64HnGLfgJlDB0VYhKEIcRihy72bvjZ4eoX16S1EY1FgnHyrveZPxRi8sgn6Q19RytEzSmUAlGjvMDhNfenq6WCSYMeqgj0jFSArTNBQmR2QBkUG6NSOXfb+18c6jDPicGmbmWfoRx/PUJo46WiRF4RRmsxnFpbHpklILFzEJ+/k6qHVAekpVfp
+ # The remote user.
+ #
+ right=5.6.7.8
+ rightid=@tla.xelerance.com
+ # optional
+ # rightsubnet=10.0.2.0/24
+ rightrsasigkey=0sAQNxf6caKULJklYZycuo66Ko0U+iHaJUDr0QZHnG4MJ9IRNYi5H6kPxcwKIXkg+OGo+NeUyyWDEc+ox27BFYViAHQNEyBRLZu0kyE681h+cHm7lfCSy0AOEBSCyZF3aGcL8GWxVhtimpJQ4tNxXZg7tLX5sfYw8mZnUBjkHvyccIred/q3cNWbDlq2WU4TL+NBb5FnxXi9Hk/SRV7sMe56fvZuXkcJu4e2C7uocltzzF1b0BZx7yeXwHjzqAWnW/UA54fbSTvzgnrpSC+FMuhWTI1EdxcqGaOFIjGWWGV2nxg/QaPU9i8vpwFwrEEdCJTiqlbYYNudblg4vYthnVNez0/RkfZHfhAaHdbJRSaQzOu88h
+ auto=start
diff -Nur openswan-2.6.03-original/doc/example-configs/oe-exclude-dns.conf openswan-2.6.03-new/doc/example-configs/oe-exclude-dns.conf
--- openswan-2.6.03-original/doc/example-configs/oe-exclude-dns.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/oe-exclude-dns.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,9 @@
+conn let-my-dns-go
+ left=%defaultroute
+ leftnexthop=%defaultroute
+ leftprotoport=17/%any
+ right=0.0.0.0
+ rightsubnet=0.0.0.0/0
+ rightprotoport=17/53
+ type=passthrough
+ auto=route
diff -Nur openswan-2.6.03-original/doc/example-configs/sysctl.conf openswan-2.6.03-new/doc/example-configs/sysctl.conf
--- openswan-2.6.03-original/doc/example-configs/sysctl.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/sysctl.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,23 @@
+
+# example entries for /etc/sysctl.conf
+# forwarding is needed for subnet or l2tp connections
+net.ipv4.ip_forward = 1
+
+# rp_filter is stupid and cannot deal decrypted packets "appearing out of
+# nowhere"
+net.ipv4.conf.default.rp_filter = 0
+
+# when using 1 interface for two networks, and in some other cases with
+# NETKEY, the kernel thinks it can be clever but breaks things.
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.conf.all.log_martians = 0
+net.ipv4.conf.default.log_martians = 0
+
+# these are non-ipsec specific security policies you should use
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+
+
diff -Nur openswan-2.6.03-original/doc/example-configs/xauth.conf openswan-2.6.03-new/doc/example-configs/xauth.conf
--- openswan-2.6.03-original/doc/example-configs/xauth.conf 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.6.03-new/doc/example-configs/xauth.conf 2008-01-10 18:32:08.000000000 -0600
@@ -0,0 +1,34 @@
+conn xauthserver
+ #
+ left=1.2.3.4
+ leftcert=/etc/ipsec.d/certs/xauthserver.pem
+ leftxauthserver=yes
+ leftmodecfgserver=yes
+ #
+ right=%any
+ rightxauthclient=yes
+ rightmodecfgclient=yes
+ #
+ auto=add
+ rekey=yes
+ modecfgpull=yes
+ modecfgdns1=1.2.3.4
+ modecfgdns2=5.6.7.8
+ modecfgwins1=1.2.3.4
+ modecfgwins2=5.6.7.8
+
+conn xauthclient
+ #
+ left=1.2.3.4
+ leftxauthserver=yes
+ leftmodecfgserver=yes
+ #
+ right=%defaultroute
+ rightxauthclient=yes
+ rightmodecfgclient=yes
+ #
+ auto=add
+ # you probably can not rekey, it requires xauth password, and openswan does not
+ # cache it for you. Other clients might cache it and rekey to an openswan server
+ rekey=no
+ modecfgpull=yes
diff -Nur openswan-2.6.03-original/programs/examples/.cvsignore openswan-2.6.03-new/programs/examples/.cvsignore
--- openswan-2.6.03-original/programs/examples/.cvsignore 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/.cvsignore 1969-12-31 18:00:00.000000000 -0600
@@ -1 +0,0 @@
-no_oe.conf
diff -Nur openswan-2.6.03-original/programs/examples/l2tp-cert.conf.in openswan-2.6.03-new/programs/examples/l2tp-cert.conf.in
--- openswan-2.6.03-original/programs/examples/l2tp-cert.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/l2tp-cert.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,38 +0,0 @@
-conn l2tp-X.509
- #
- # Configuration for one user with any type of IPsec/L2TP client
- # including the updated Windows 2000/XP (MS KB Q818043), but
- # excluding the non-updated Windows 2000/XP.
- #
- #
- # Use a certificate. Disable Perfect Forward Secrecy.
- #
- authby=rsasig
- pfs=no
- auto=add
- # we cannot rekey for %any, let client rekey
- rekey=no
- # Set ikelifetime and keylife to same defaults windows has
- ikelifetime=8h
- keylife=1h
- # l2tp-over-ipsec is transport mode
- # See http://bugs.xelerance.com/view.php?id=466
- type=transport
- #
- left=%defaultroute
- # or you can use: left=YourIPAddress
- leftrsasigkey=%cert
- leftcert=/etc/ipsec.d/certs/YourGatewayCertHere.pem
- leftprotoport=17/1701
- #
- # The remote user.
- #
- right=%any
- rightca=%same
- rightrsasigkey=%cert
- # Using the magic port of "0" means "any one single port". This is
- # a work around required for Apple OSX clients that use a randomly
- # high port, but propose "0" instead of their port.
- rightprotoport=17/0
- rightsubnet=vhost:%priv,%no
-
diff -Nur openswan-2.6.03-original/programs/examples/l2tp-psk.conf.in openswan-2.6.03-new/programs/examples/l2tp-psk.conf.in
--- openswan-2.6.03-original/programs/examples/l2tp-psk.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/l2tp-psk.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,43 +0,0 @@
-conn L2TP-PSK-NAT
- rightsubnet=vhost:%priv
- also=L2TP-PSK-noNAT
-
-conn L2TP-PSK-noNAT
- #
- # Configuration for one user with any type of IPsec/L2TP client
- # including the updated Windows 2000/XP (MS KB Q818043), but
- # excluding the non-updated Windows 2000/XP.
- #
- #
- # Use a Preshared Key. Disable Perfect Forward Secrecy.
- #
- # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
- # YourIPAddress %any: "sharedsecret"
- authby=secret
- pfs=no
- auto=add
- keyingtries=3
- # we cannot rekey for %any, let client rekey
- rekey=no
- # Set ikelifetime and keylife to same defaults windows has
- ikelifetime=8h
- keylife=1h
- # l2tp-over-ipsec is transport mode
- type=transport
- #
- left=%defaultroute
- # or you can use: left=YourIPAddress
- #
- # For updated Windows 2000/XP clients,
- # to support old clients as well, use leftprotoport=17/%any
- leftprotoport=17/1701
- #
- # The remote user.
- #
- right=%any
- # Using the magic port of "0" means "any one single port". This is
- # a work around required for Apple OSX clients that use a randomly
- # high port, but propose "0" instead of their port.
- rightprotoport=17/0
-
-
diff -Nur openswan-2.6.03-original/programs/examples/linux-linux.conf.in openswan-2.6.03-new/programs/examples/linux-linux.conf.in
--- openswan-2.6.03-original/programs/examples/linux-linux.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/linux-linux.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,19 +0,0 @@
-conn linux-to-linux
- #
- # Simple use raw RSA keys
- # After starting openswan, run: ipsec showhostkey --left (or --right)
- # and fill in the connection similarly to the example below.
- #
- left=1.2.3.4
- # optional
- # leftsubnet=10.0.1.0/24
- leftid=@bofh.xelerance.com
- leftrsasigkey=0sAQPWTXt8DDlEhTZJ91ngNMxTSyuos6JZxXQmtRcwUl6ppUCcuuWvjXrF/qiz6eiL1LMlpGJyG1oVhtFhTaFJl7ZkF/4J1B9LCFzYxvYI97AnLuC0op5pVAZ1SZx29+aRjeMcKC4zbZ6dMMjUdn9H1gqG9rpE0MBEFNSVLEu9U8rtlz14RfxQAQ9ePj64HnGLfgJlDB0VYhKEIcRihy72bvjZ4eoX16S1EY1FgnHyrveZPxRi8sgn6Q19RytEzSmUAlGjvMDhNfenq6WCSYMeqgj0jFSArTNBQmR2QBkUG6NSOXfb+18c6jDPicGmbmWfoRx/PUJo46WiRF4RRmsxnFpbHpklILFzEJ+/k6qHVAekpVfp
- # The remote user.
- #
- right=5.6.7.8
- rightid=@tla.xelerance.com
- # optional
- # rightsubnet=10.0.2.0/24
- rightrsasigkey=0sAQNxf6caKULJklYZycuo66Ko0U+iHaJUDr0QZHnG4MJ9IRNYi5H6kPxcwKIXkg+OGo+NeUyyWDEc+ox27BFYViAHQNEyBRLZu0kyE681h+cHm7lfCSy0AOEBSCyZF3aGcL8GWxVhtimpJQ4tNxXZg7tLX5sfYw8mZnUBjkHvyccIred/q3cNWbDlq2WU4TL+NBb5FnxXi9Hk/SRV7sMe56fvZuXkcJu4e2C7uocltzzF1b0BZx7yeXwHjzqAWnW/UA54fbSTvzgnrpSC+FMuhWTI1EdxcqGaOFIjGWWGV2nxg/QaPU9i8vpwFwrEEdCJTiqlbYYNudblg4vYthnVNez0/RkfZHfhAaHdbJRSaQzOu88h
- auto=start
diff -Nur openswan-2.6.03-original/programs/examples/Makefile openswan-2.6.03-new/programs/examples/Makefile
--- openswan-2.6.03-original/programs/examples/Makefile 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/Makefile 1969-12-31 18:00:00.000000000 -0600
@@ -1,23 +0,0 @@
-# Makefile for miscelaneous programs
-# Copyright (C) 2002 Michael Richardson <mcr at freeswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-#
-
-OPENSWANSRCDIR?=$(shell cd ../..; pwd)
-include ${OPENSWANSRCDIR}/Makefile.inc
-
-CONFDSUBDIR=examples
-CONFDFILES=l2tp-cert.conf l2tp-psk.conf linux-linux.conf sysctl.conf xauth.conf
-
-include ${srcdir}../Makefile.program
-
-
diff -Nur openswan-2.6.03-original/programs/examples/oe-exclude-dns.conf.in openswan-2.6.03-new/programs/examples/oe-exclude-dns.conf.in
--- openswan-2.6.03-original/programs/examples/oe-exclude-dns.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/oe-exclude-dns.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,9 +0,0 @@
-conn let-my-dns-go
- left=%defaultroute
- leftnexthop=%defaultroute
- leftprotoport=17/%any
- right=0.0.0.0
- rightsubnet=0.0.0.0/0
- rightprotoport=17/53
- type=passthrough
- auto=route
diff -Nur openswan-2.6.03-original/programs/examples/sysctl.conf.in openswan-2.6.03-new/programs/examples/sysctl.conf.in
--- openswan-2.6.03-original/programs/examples/sysctl.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/sysctl.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,23 +0,0 @@
-
-# example entries for /etc/sysctl.conf
-# forwarding is needed for subnet or l2tp connections
-net.ipv4.ip_forward = 1
-
-# rp_filter is stupid and cannot deal decrypted packets "appearing out of
-# nowhere"
-net.ipv4.conf.default.rp_filter = 0
-
-# when using 1 interface for two networks, and in some other cases with
-# NETKEY, the kernel thinks it can be clever but breaks things.
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.send_redirects = 0
-net.ipv4.icmp_ignore_bogus_error_responses = 1
-net.ipv4.conf.all.log_martians = 0
-net.ipv4.conf.default.log_martians = 0
-
-# these are non-ipsec specific security policies you should use
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-
-
diff -Nur openswan-2.6.03-original/programs/examples/xauth.conf.in openswan-2.6.03-new/programs/examples/xauth.conf.in
--- openswan-2.6.03-original/programs/examples/xauth.conf.in 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/examples/xauth.conf.in 1969-12-31 18:00:00.000000000 -0600
@@ -1,34 +0,0 @@
-conn xauthserver
- #
- left=1.2.3.4
- leftcert=/etc/ipsec.d/certs/xauthserver.pem
- leftxauthserver=yes
- leftmodecfgserver=yes
- #
- right=%any
- rightxauthclient=yes
- rightmodecfgclient=yes
- #
- auto=add
- rekey=yes
- modecfgpull=yes
- modecfgdns1=1.2.3.4
- modecfgdns2=5.6.7.8
- modecfgwins1=1.2.3.4
- modecfgwins2=5.6.7.8
-
-conn xauthclient
- #
- left=1.2.3.4
- leftxauthserver=yes
- leftmodecfgserver=yes
- #
- right=%defaultroute
- rightxauthclient=yes
- rightmodecfgclient=yes
- #
- auto=add
- # you probably can not rekey, it requires xauth password, and openswan does not
- # cache it for you. Other clients might cache it and rekey to an openswan server
- rekey=no
- modecfgpull=yes
diff -Nur openswan-2.6.03-original/programs/Makefile openswan-2.6.03-new/programs/Makefile
--- openswan-2.6.03-original/programs/Makefile 2008-01-10 18:32:08.000000000 -0600
+++ openswan-2.6.03-new/programs/Makefile 2008-01-16 18:00:30.000000000 -0600
@@ -38,7 +38,7 @@
SUBDIRS+=_realsetup _secretcensor _updown
SUBDIRS+=auto barf verify ipsec look newhostkey ranbits secrets
SUBDIRS+=rsasigkey setup showdefaults showhostkey mailkey
-SUBDIRS+=ikeping examples livetest
+SUBDIRS+=ikeping livetest
ifeq ($(USE_KLIPS),true)
SUBDIRS+= _startklips _updown.klips
endif
Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/openswan.spec,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- openswan.spec 11 Jan 2008 21:05:14 -0000 1.46
+++ openswan.spec 17 Jan 2008 01:07:06 -0000 1.47
@@ -4,48 +4,28 @@
#%define srcpkgver %(echo %{version} | tr -s '_' '-')
%define srcpkgver %{version}
-%define with_klips 0
-
-%if %{with_klips}
-%define do_userland userland
-%else
%define do_userland %{nil}
-%endif
-
-%if %{with_klips}
-%define defkv 2.6.11-1.1369_FC4
-# The default kernel version to build for is the latest of
-# the installed kernel-source RPMs.
-# This can be overridden by "--define 'kversion x.x.x-y.y.y'"
-%{!?kversion: %{expand: %%define kversion %defkv}}
-%define krelver %(echo %{kversion} | tr -s '-' '_')
-# Openswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
-%endif
-
%define debug_package %{nil}
-Release: 2%{?dist}
-License: GPL
+Release: 3%{?dist}
+License: GPLv2
Url: http://www.openswan.org/
Source: openswan-%{srcpkgver}.tar.gz
Source2: ipsec.init
Source3: ipsec.conf
+Patch: openswan-2.6-examples.patch
+
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: gmp-devel bison flex man
+BuildRequires: gmp-devel bison flex man xmlto
Requires(post): coreutils bash
Requires(preun): initscripts chkconfig
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
-%if %{with_klips}
-%package userland
-Summary: Openswan IPSEC usermod tools
-Group: System Environment/Daemons
-%endif
Provides: ipsec-userland = %{version}-%{release}
#unless kernel with NETKEY supplies this capability we cannot do this
#Requires: ipsec-kernel
@@ -54,23 +34,7 @@
Summary: Openswan IPSEC full documentation
Group: System Environment/Daemons
-%if %{with_klips}
-%package klips
-Summary: Openswan kernel module
-Group: System Environment/Kernel
-Release: %{krelver}_%{ourrelease}.2.1.1
-Provides: ipsec-kernel = %{version}-%{release}
-Requires: kernel = %{kversion}
-# do not make the dependancy circular for now.
-Requires: ipsec-userland
-BuildRequires: kernel = %{kversion} kernel-smp = %{kversion} kernel-devel = %{kversion}
-%endif
-
-%if %{with_klips}
-%description userland
-%else
%description
-%endif
Openswan is a free implementation of IPSEC & IKE for Linux. IPSEC is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
@@ -82,26 +46,17 @@
This package contains the daemons and userland tools for setting up
Openswan on a freeswan enabled kernel.
-%if %{with_klips}
-%description klips
-This package contains only the ipsec module for the RedHat/Fedora series of
-kernels.
-%endif
-
%description doc
This package contains extensive documentation of the Openswan IPSEC
system.
-%if %{with_klips}
-%description
-A dummy package that installs userland and kernel pieces.
-%endif
-
%prep
%setup -q -n openswan-%{srcpkgver}
find doc/examples -type f -print0 | xargs -0 chmod a-x
find doc -name .gitignore -print0 | xargs -0 rm -v
+%patch -p1
+
%build
@@ -113,28 +68,9 @@
MANTREE=%{_mandir} \
INC_RCDEFAULT=%{_initrddir} \
USE_LWRES=false \
- programs %{?_smp_mflags}
+ programs
FS=$(pwd)
-%if %{with_klips}
-mkdir -p BUILD.%{_target_cpu}
-mkdir -p BUILD.%{_target_cpu}-smp
-
-cd packaging/redhat
-for i in *.h;do echo '#include "../linus/config-all.h"' >> $i;done
-for smp in -smp ""
-do
-# rpm doesn't know we're compiling kernel code. optflags will give us -m64
-%{__make} -C $FS MOD26BUILDDIR=$FS/BUILD.%{_target_cpu}$smp \
- OPENSWANSRCDIR=$FS \
- KLIPSCOMPILE="%{optflags} -mno-red-zone -mcmodel=kernel" \
- KERNELSRC=/lib/modules/%{kversion}/build \
- ARCH=%{_arch} \
- SUBARCH=%{_arch} \
- MODULE_DEF_INCLUDE=$FS/packaging/redhat/config-%{_target_cpu}$smp.h \
- module26
-done
-%endif
%install
rm -rf ${RPM_BUILD_ROOT}
@@ -153,16 +89,6 @@
install -d %{buildroot}%{_sbindir}
find %{buildroot}/etc/ipsec.d -type f -exec chmod 644 {} \;
-%if %{with_klips}
-mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
-cp $FS/BUILD.%{_target_cpu}/ipsec.ko \
- %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec
-
-mkdir -p %{buildroot}/lib/modules/%{kversion}smp/kernel/net/ipsec
-cp BUILD.%{_target_cpu}-smp/ipsec.ko \
- %{buildroot}lib/modules/%{kversion}smp/kernel/net/ipsec
-%endif
-
mkdir -p %{buildroot}%{_sysconfdir}
cp %{SOURCE3} %{buildroot}%{_sysconfdir}/ipsec.conf
cp %{SOURCE2} %{buildroot}%{_initrddir}/ipsec
@@ -170,8 +96,6 @@
sed -i -e 's#/usr/lib/#%{_libdir}/#g' %{buildroot}%{_initrddir}/ipsec
echo "include /etc/ipsec.d/*.secrets" > %{buildroot}%{_sysconfdir}/ipsec.secrets
-#cp %{buildroot}%{_sysconfdir}/ipsec.d/examples/no_oe.conf \
-# %{buildroot}%{_sysconfdir}/ipsec.d/
chmod a-x %{buildroot}%{_mandir}/*/*
@@ -180,27 +104,22 @@
rm -fr %{buildroot}/etc/rc.d/rc*
+rm -f %{buildroot}%{_sysconfdir}/ipsec.d/examples
+
%clean
rm -rf ${RPM_BUILD_ROOT}
%files doc
%defattr(-,root,root)
%doc doc/README.* doc/CHANGES.* doc/CREDITS.* doc/2.6.known-issues
-%doc doc/examples doc/std doc/quickstarts
+%doc doc/examples doc/std doc/quickstarts doc/example-configs
-%if %{with_klips}
-%files userland
-%else
%files
-%endif
%defattr(-,root,root)
%doc BUGS CHANGES COPYING CREDITS README LICENSE
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
-#%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/no_oe.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/examples/*
-%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/examples
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%{_initrddir}/ipsec
@@ -210,13 +129,6 @@
%{_mandir}/*/*.gz
%{_localstatedir}/run/pluto
-%if %{with_klips}
-%files klips
-%defattr (-,root,root)
-/lib/modules/%{kversion}/kernel/net/ipsec
-/lib/modules/%{kversion}smp/kernel/net/ipsec
-%endif
-
%preun %{do_userland}
if [ $1 = 0 ]; then
/sbin/service ipsec stop || :
@@ -228,15 +140,17 @@
/sbin/service ipsec condrestart 2>&1 > /dev/null || :
fi
-%if %{with_klips}
-%postun klips
-%post klips
-%endif
-
%post %{do_userland}
chkconfig --add ipsec || :
%changelog
+* Wed Jan 16 2008 Steve Conklin <sconklin at redhat.com> - 2.6.03-3
+- Removed %{?_smp_mflags} from %build
+- Added BuildRequires for xmlto
+- Changed License from GPL to GPL+
+- removed klips ifdefs from spec file
+- Added patch to move example configs to doc dir
+
* Fri Jan 11 2008 Steve Conklin <sconklin at redhat.com> - 2.6.03-2
- Removed copy of file that no longer exists
More information about the fedora-extras-commits
mailing list