Hi Johannes,
> I've been maintaing an rpm/spec of strongswan for internal use for about
> two years now and i've decided to put some work into it and make it nice
> and i shall try to maintain it for fedora and maybe epel.
thanks for investing time into that, I've been doing the same for some time
now...
> However, since i'm not a packager yet i'd need someone to "sponsor" me
> into the packager group.
This sponsoring process is one of the reasons I haven't done anything into
that direction yet. Sorry that I can't help you with it.
Would you mind posting your spec (and other files/patches when needed)?
Do you have network manager integration as a separate subpackage? I haven't
done that yet.
The stuff I've used here is attached, feel free to copy anything you want from
it.
Kind regards,
Gerd
diff -r -u strongswan-4.3.3.orig/src/ipsec/ipsec.in strongswan-4.3.3/src/ipsec/ipsec.in
--- strongswan-4.3.3.orig/src/ipsec/ipsec.in 2009-07-20 14:50:48.000000000 +0200
+++ strongswan-4.3.3/src/ipsec/ipsec.in 2009-08-06 12:01:11.000000000 +0200
@@ -14,6 +14,9 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
+# chkconfig: - 47 76
+# description: StrongSwan IPsecc provides encrypted and authenticated communications
+
# define a minimum PATH environment in case it is not set
PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
export PATH
diff -r -u strongswan-4.3.3.orig/src/strongswan.conf strongswan-4.3.3/src/strongswan.conf
--- strongswan-4.3.3.orig/src/strongswan.conf 2009-07-20 14:50:50.000000000 +0200
+++ strongswan-4.3.3/src/strongswan.conf 2009-08-06 17:15:10.000000000 +0200
@@ -19,6 +19,16 @@
# database = mysql://user:passw...@localhost/database
}
}
+
+ syslog {
+ # default level to the LOG_AUTHPRIV facility
+ auth {
+ }
+ # no logging to LOG_DAEMON
+ daemon {
+ default = -1
+ }
+ }
# ...
}
Summary: StrongSwan IPsec
Name: strongswan
Version: 4.3.3
Release: 1
License: GPLv2+
Url: http://www.strongswan.org/
Source: http://download.strongswan.org/strongswan-%{version}.tar.bz2
Patch1: strongswan-4.3.3-initscript.patch
Patch2: strongswan-4.3.3-logfacility.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gmp-devel bison flex
BuildRequires: curl-devel
BuildRequires: openldap-devel
Obsoletes: freeswan
Conflicts: openswan
Requires: iproute
Requires(post): coreutils bash initscripts
Requires(post): /sbin/chkconfig
Requires(preun): initscripts
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
%description
strongSwan is an OpenSource IPsec implementation for the Linux
operating system. It is based on the discontinued FreeS/WAN project
and the X.509 patch which we developped over the last three years.
In order to have a stable IPsec platform to base our future extensions
of the X.509 capability on, we decided to lauch the strongSwan project.
Implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols.
%prep
%setup -q
%patch1 -p1 -b .initscript
%patch2 -p1 -b .logfacility
%build
%configure \
--enable-cisco-quirks \
--enable-curl \
--enable-ldap
make %{?_smp_mflags:%_smp_mflags}
%install
make DESTDIR=%{buildroot} install
install -d -m755 %{buildroot}%{_sysconfdir}/rc.d/init.d/
ln -s %{_sbindir}/ipsec %{buildroot}%{_sysconfdir}/rc.d/init.d/ipsec
# we don't have/need a strongswan-devel and the includes are not there too
rm -f %{buildroot}%{_libdir}/libstrongswan.{a,la}
rm -f %{buildroot}%{_libexecdir}/ipsec/plugins/*.{a,la}
# default configuration
cat << EOT > %{buildroot}%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
# This file holds the RSA private keys or the PSK preshared secrets for
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
#
include %{_sysconfdir}/ipsec.d/*.secrets
EOT
cat << EOT > %{buildroot}%{_sysconfdir}/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
version 2.0
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=yes
plutostart=yes
uniqueids=yes
# put the connection-definitions into the directory %{_sysconfdir}/ipsec.d
include %{_sysconfdir}/ipsec.d/*.conf
EOT
%clean
rm -rf ${RPM_BUILD_ROOT}
%preun
if [ $1 = 0 ]; then
/sbin/service ipsec stop || :
/sbin/chkconfig --del ipsec
fi
%postun
if [ $1 -ge 1 ] ; then
/sbin/service ipsec condrestart 2>&1 > /dev/null || :
fi
%post
/sbin/chkconfig --add ipsec || :
%files
%defattr(-,root,root)
%doc ChangeLog COPYING
%doc CREDITS INSTALL README TODO NEWS
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/ocspcerts
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/certs
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/acerts
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/aacerts
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/reqs
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/private
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/strongswan.conf
%{_sysconfdir}/rc.d/init.d/ipsec
%{_libdir}/libstrongswan.so*
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
%{_mandir}/*/*
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
