-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathsmeserver-libreswan.spec
274 lines (219 loc) · 8.93 KB
/
smeserver-libreswan.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
%define name smeserver-libreswan
%define version 0.5
%define release 35
Summary: Plugin to enable IPSEC connections
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://libreswan.org/
Group: SMEserver/addon
Source: %{name}-%{version}.tar.gz
Patch1: smeserver-libreswan-fix-masq-templates.patch
Patch2: smeserver-libreswan-move-logfile.patch
Patch3: smeserver-libreswan-add-debug-key.patch
Patch4: smeserver-libreswan-fix-rsa-id.patch
Patch5: smeserver-libreswan-fix-createlinks.patch
Patch6: smeserver-libreswan-ikev2-logrotate.patch
Patch7: smeserver-libreswan-add-certificates.patch
Patch8: smeserver-libreswan-modify-identifiers.patch
Patch9: smeserver-libreswan-modify-identifiers1.patch
Patch10: smeserver-libreswan-forceencaps-l2tpd.patch
Patch11: smeserver-libreswan-variable-network-interfaces.patch
Patch12: smeserver-libreswan-remove-obsoletes.patch
Patch13: smeserver-libreswan-add-reauth.patch
Patch14: smeserver-libreswan-check-l2tpd-status.patch
Patch15: smeserver-libreswan-include-l2tpd-rightsubnet.patch
Patch16: smeserver-libreswan-fix-xl2tpd-status-check.patch
Patch17: smeserver-libreswan-createlinks.patch
Patch18: smeserver-libreswan-modify-leftrightsubnet.patch
Patch19: smeserver-libreswan-0.5-Update-for-systemd.patch
BuildRoot: /var/tmp/%{name}-%{version}
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires: e-smith-release >= 9.2
Requires: libreswan >= 3.29
AutoReqProv: no
%description
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")
%changelog
* Mon Mar 01 2021 Brian Read <brianr@bjsystems.co.uk> 0.5-35.sme
- Initial Import in SME10 tree [SME: 11405]
- Update for systemd
* Mon Feb 17 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-34.sme
- auto insert leftsourceip and subnet from internal interface
- Force right to have a value
* Tue Feb 14 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-33.sme
- update keyingtries
- update virtual-private
* Thu Jan 30 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-32.sme
- Fix xl2tpd status check
* Thu Oct 17 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-31.sme
- Allow rightsubnet for xl2tpd in virtual_private
- Add check for empty virtual_private hosts
* Sun Oct 13 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-30.sme
- Fix issue when there is no xl2tpd key
* Sat Aug 31 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-29.sme
- Bump required Libreswan to 3.29
- add reauth option
* Thu Jun 21 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-28.sme
- Bump required Libreswan to 3.23
- Change forceencaps to encapsulation
- Remove obsolete nat_traversal
- Modify ipsec.conf for no rightsubnet in xl2tpd
* Tue Sep 19 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-27.sme
- Allow variable network interface names - Stefano Zamboni
* Thu Jun 15 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-26.sme
- add keep-alive option in main ipsec.conf
- add forceencaps option overall default and per connection
- small code tidy
- Add support for L2TPD
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-25.sme
- Fix the ipsec.conf as well
- remove automatic \@ in IDs - Fixes [SME: 9729]
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
- remove automatic \@ in IDs - Fixes [SME: 9729]
- fix swapped left/right IDs in password file
* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
- lots of code tidying
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
- update logrotate completely now I realise it is symlinked
- remove UPDPort and add UPDPorts due to ipsec v2
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
- add more variations for ike v1/2
- remove logrotate template
- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
- Fix some log noise when first installed and still disabled
* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
- Fix typo in createlinks for sysctl.conf
* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
- Fix ID in ipsec.secrets if ID is set
* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
- Add debug db key to /etc/ipsec.conf
- Remove setting public/private keys as they won't affect unless templates are re-expanded
- Set xfrm_larval_drop drop correctly
* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
- Move pluto.log to /var/log/pluto
- bump libreswan requires version to 3.16
- regenerate masq template on ipsec-update
- change wiki location page
- add sysctl.conf template
- modify masq templates for ipsec status enabled/disabled
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf
* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
- Fix masq templates for missing db entries on install
* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
- first import in SME buildsys
* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
- Fix small typo in readme
* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
- Add keyingtries
- Finally fix add issues using asynchronous
* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
- Determine host IPtype - static or dynamic IP
- auto --up changed to exec
- Add checks for Left/Right ID in secrets file
* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
- Allow dynamic addresses
- Add iptype
- disallow " in PSK passwords
- Revised logging messages
* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
- Amended templates to allow for rsasig. Early cert settings removed
* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
- Revised masq templates - disable on ipsec disable
- Template ipsec.secrets so Terry won't break it again
- Set requires e-smith >=9 and libreswan >=3.14
* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
- add 90adjustESP
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
- more update to masq firewalls - change -p 50 to -p ESP
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
- update masq firewall rules
- document clean up
* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
- set dpd actions off if ipsec is 'add'
- add salifetime key and rename ikelifetime and keylife
- change defaults for salifetime and ikelifetime
- add in rsasig support
* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
- change default ike from aes-sha to aes-sha1
* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
- More minor fixes - should work OK with xl2tpd
* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
- Remove templates2expand and added to createlinks
- modified ipsec.secret template
- various other fixes
* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
- Big changes again - now have PreviousState to detect changes
- Createlinks to S10 to run after expand-templates
* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
- Changed lots. Removed sysctl.conf template
- Changed firewall template
* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
- Load of code tidying and prep from xl2tpd
* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
- Update action script and allow for system not in gateway mode
- add ike and phase2alg db settings
* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
- New ipsec-action script
- Numerous template changes
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
- remove debugging lines
- remove expand templates from spec file
- add status check for ipsec.conf
- add comment to masq template
- updated db defaults
- ipsec.conf not expanded on install
- missed auto=start
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
- remove rc.local modifications
- add /etc/sysctl.conf patches
* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
- initial release
%prep
%setup
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%build
perl createlinks
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
echo "%doc COPYING" >> %{name}-%{version}-filelist
%clean
cd ..
rm -rf %{name}-%{version}
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%pre
%preun
%post
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q
echo "see https://wiki.contribs.org/Libreswan"
%postun
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/sbin/e-smith/expand-template /etc/inittab
/sbin/init q