| |
@@ -95,6 +95,7 @@
|
| |
--bindir=%{_libexecdir}/strongswan \
|
| |
--with-ipseclibdir=%{_libdir}/strongswan \
|
| |
--with-fips-mode=2 \
|
| |
+ --enable-bypass-lan \
|
| |
--enable-tss-trousers \
|
| |
--enable-nm \
|
| |
--enable-systemd \
|
| |
@@ -168,6 +169,11 @@
|
| |
%endif
|
| |
--enable-kernel-libipsec
|
| |
|
| |
+ # disable certain plugins in the daemon configuration by default
|
| |
+ for p in bypass-lan; do
|
| |
+ echo -e "\ncharon.plugins.${p}.load := no" >> conf/plugins/${p}.opt
|
| |
+ done
|
| |
+
|
| |
make %{?_smp_mflags}
|
| |
|
| |
%install
|
| |
@@ -183,12 +189,12 @@
|
| |
# delete unwanted library files - no consumers, so no -devel package
|
| |
rm %{buildroot}%{_libdir}/strongswan/*.so
|
| |
# fix config permissions
|
| |
- chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
|
| |
+ chmod 644 %{buildroot}%{_sysconfdir}/strongswan/strongswan.conf
|
| |
|
| |
# Create ipsec.d directory tree.
|
| |
- install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
|
| |
+ install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d
|
| |
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
|
| |
- install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
|
| |
+ install -d -m 700 %{buildroot}%{_sysconfdir}/strongswan/ipsec.d/${i}
|
| |
done
|
| |
|
| |
%post
|
| |
mzabaluev
commented 6 years ago
An improvement over #4, with the plugin disabled in daemon configuration.