%define snapshot .git20120619

%define commit  0bb3c98

Name:           strongswan

Version:        5.0.0

Release:        0.1%{snapshot}%{?dist}

Summary:        An OpenSource IPsec-based VPN Solution

Group:          System Environment/Daemons

License:        GPLv2+

URL:            http://www.strongswan.org/

Source0:        %{name}-%{commit}.tar.gz

BuildRequires:  gmp-devel

BuildRequires:  libcurl-devel

BuildRequires:  openldap-devel

BuildRequires:  NetworkManager-devel

BuildRequires:  NetworkManager-glib-devel

# when building from git

BuildRequires:  gperf

BuildRequires:  flex

BuildRequires:  bison

BuildRequires:  automake

BuildRequires:  autoconf

BuildRequires:  libtool

BuildRequires:  gettext-devel

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

BuildRequires:  systemd-units

Requires(post): systemd-units

Requires(preun): systemd-units

Requires(postun): systemd-units

%else

Requires(post): chkconfig

Requires(preun): chkconfig

Requires(preun): initscripts

%endif

%description

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange

protocols in conjunction with the native NETKEY IPsec stack of the Linux

kernel.

%package NetworkManager

Summary:        NetworkManager plugin for Strongswan

Group:          System Environment/Daemons

%description NetworkManager

NetworkManager plugin integrates a subset of Strongswan capabilities

to NetworkManager.

%prep

%setup -q -n %{name}-%{commit}

%build

./autogen.sh

%configure --disable-static \

    --with-ipsec-script=%{name} \

    --sysconfdir=%{_sysconfdir}/%{name} \

    --with-ipsecdir=%{_libexecdir}/%{name} \

    --with-ipseclibdir=%{_libdir}/%{name} \

    --enable-nm

make %{?_smp_mflags}

sed -i 's/\t/    /' src/strongswan.conf src/starter/ipsec.conf

%install

make install DESTDIR=%{buildroot}

# prefix man pages

for i in %{buildroot}%{_mandir}/*/*; do

    if echo "$i" | grep -vq '/strongswan[^\/]*$'; then

        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`"

    fi

done

# delete unwanted library files

rm %{buildroot}%{_libdir}/%{name}/*.so

find %{buildroot} -type f -name '*.la' -delete

# fix config permissions

chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf

# protect configuration from ordinary user's eyes

chmod 700 %{buildroot}%{_sysconfdir}/%{name}

# setup systemd unit or initscript

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

%else

install -D -m 755 init/sysvinit/%{name} %{buildroot}/%{_initddir}/%{name}

%endif

%files

%doc README COPYING NEWS CREDITS TODO

%dir %{_sysconfdir}/%{name}

%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf

%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

%{_unitdir}/%{name}.service

%else

%{_initddir}/%{name}

%endif

%dir %{_libdir}/%{name}

%{_libdir}/%{name}/libcharon.so.0

%{_libdir}/%{name}/libcharon.so.0.0.0

%{_libdir}/%{name}/libhydra.so.0

%{_libdir}/%{name}/libhydra.so.0.0.0

%{_libdir}/%{name}/lib%{name}.so.0

%{_libdir}/%{name}/lib%{name}.so.0.0.0

%dir %{_libdir}/%{name}/plugins

%{_libdir}/%{name}/plugins/lib%{name}-aes.so

%{_libdir}/%{name}/plugins/lib%{name}-attr.so

%{_libdir}/%{name}/plugins/lib%{name}-cmac.so

%{_libdir}/%{name}/plugins/lib%{name}-constraints.so

%{_libdir}/%{name}/plugins/lib%{name}-des.so

%{_libdir}/%{name}/plugins/lib%{name}-dnskey.so

%{_libdir}/%{name}/plugins/lib%{name}-fips-prf.so

%{_libdir}/%{name}/plugins/lib%{name}-gmp.so

%{_libdir}/%{name}/plugins/lib%{name}-hmac.so

%{_libdir}/%{name}/plugins/lib%{name}-kernel-netlink.so

%{_libdir}/%{name}/plugins/lib%{name}-md5.so

%{_libdir}/%{name}/plugins/lib%{name}-nonce.so

%{_libdir}/%{name}/plugins/lib%{name}-pem.so

%{_libdir}/%{name}/plugins/lib%{name}-pgp.so

%{_libdir}/%{name}/plugins/lib%{name}-pkcs1.so

%{_libdir}/%{name}/plugins/lib%{name}-pkcs8.so

%{_libdir}/%{name}/plugins/lib%{name}-pubkey.so

%{_libdir}/%{name}/plugins/lib%{name}-random.so

%{_libdir}/%{name}/plugins/lib%{name}-resolve.so

%{_libdir}/%{name}/plugins/lib%{name}-revocation.so

%{_libdir}/%{name}/plugins/lib%{name}-sha1.so

%{_libdir}/%{name}/plugins/lib%{name}-sha2.so

%{_libdir}/%{name}/plugins/lib%{name}-socket-default.so

%{_libdir}/%{name}/plugins/lib%{name}-stroke.so

%{_libdir}/%{name}/plugins/lib%{name}-updown.so

%{_libdir}/%{name}/plugins/lib%{name}-x509.so

%{_libdir}/%{name}/plugins/lib%{name}-xcbc.so

%dir %{_libexecdir}/%{name}

%{_libexecdir}/%{name}/_copyright

%{_libexecdir}/%{name}/_updown

%{_libexecdir}/%{name}/_updown_espmark

%{_libexecdir}/%{name}/charon

%{_libexecdir}/%{name}/openac

%{_libexecdir}/%{name}/pki

%{_libexecdir}/%{name}/scepclient

%{_libexecdir}/%{name}/starter

%{_libexecdir}/%{name}/stroke

%{_sbindir}/%{name}

%{_mandir}/man5/%{name}.conf.5.gz

%{_mandir}/man5/%{name}_ipsec.conf.5.gz

%{_mandir}/man5/%{name}_ipsec.secrets.5.gz

%{_mandir}/man8/%{name}.8.gz

%{_mandir}/man8/%{name}__updown.8.gz

%{_mandir}/man8/%{name}__updown_espmark.8.gz

%{_mandir}/man8/%{name}_openac.8.gz

%{_mandir}/man8/%{name}_scepclient.8.gz

%files NetworkManager

%{_libexecdir}/%{name}/charon-nm

%post

/sbin/ldconfig

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

if [ $1 -eq 1 ] ; then

    # Initial installation

    /bin/systemctl daemon-reload >/dev/null 2>&1 || :

fi

%else

/sbin/chkconfig --add %{name}

%endif

%preun

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

if [ $1 -eq 0 ] ; then

    # Package removal, not upgrade

    /bin/systemctl --no-reload disable %{name}.service > /dev/null 2>&1 || :

    /bin/systemctl stop %{name}.service > /dev/null 2>&1 || :

fi

%else

if [ $1 -eq 0 ] ; then

    # Package removal, not upgrade

    /sbin/service %{name} stop >/dev/null 2>&1

    /sbin/chkconfig --del %{name}

fi

%endif

%postun

/sbin/ldconfig

%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7

/bin/systemctl daemon-reload >/dev/null 2>&1 || :

if [ $1 -ge 1 ] ; then

    # Package upgrade, not uninstall

    /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :

fi

%else

%endif

%changelog

* Tue Jun 19 2012 Pavel Šimerda - 5.0.0-0.1.git20120619

- Snapshot of upcoming major release

- Move patches and renaming upstream

  http://wiki.strongswan.org/issues/194

  http://wiki.strongswan.org/issues/195

- Notified upstream about manpage issues

* Tue Jun 19 2012 Pavel Šimerda - 4.6.4-2

- Make initscript patch more distro-neutral

- Add links to bugreports for patches

* Fri Jun 01 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.4-1

- New upstream version (CVE-2012-2388)

* Sat May 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.3-2

- Add --enable-nm to configure

- Add NetworkManager-devel to BuildRequires

- Add NetworkManager-glib-devel to BuildRequires

- Add strongswan-NetworkManager package

* Sat May 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.3-1

- New version of Strongswan

- Support for RFC 3110 DNSKEY (see upstream changelog)

- Fix corrupt scriptlets

* Fri Mar 30 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.2-2

- #808612 - strongswan binary renaming side-effect

* Sun Feb 26 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.2-1

- New upstream version

- Changed from .tar.gz to .tar.bz2

- Added libstrongswan-pkcs8.so

* Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-8

- Fix initscript's status function

* Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-7

- Expand tabs in config files for better readability

- Add sysvinit script for epel6

* Wed Feb 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-6

- Fix program name in systemd unit file

* Tue Feb 14 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-5

- Improve fedora/epel conditionals

* Sat Jan 21 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-4

- Protect configuration directory from ordinary users

- Add still missing directory /etc/strongswan

* Fri Jan 20 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-3

- Change directory structure to avoid clashes with Openswan

- Prefixed all manpages with 'strongswan_'

- Every file now includes 'strongswan' somewhere in its path

- Removed conflict with Openswan

- Finally fix permissions on strongswan.conf

* Fri Jan 20 2012 Pavel Šimerda <pavlix@pavlix.net> - 4.6.1-2

- Change license tag from GPL to GPLv2+

- Change permissions on /etc/strongswan.conf to 644

- Rename ipsec.8 manpage to strongswan.8

- Fix empty scriptlets for non-fedora builds

- Add ldconfig scriptlet

- Add missing directories and files

* Sun Jan 01 2012 Pavel Šimerda 

- Bump to version 4.6.1

* Sun Jan 01 2012 Pavel Šimerda 

- Add systemd scriptlets

- Add conditions to also support EPEL6

* Sat Dec 10 2011 Pavel Šimerda <pavlix@pavlix.net> - 4.6.0-2

- Experimental build for development