diff --git a/.gitignore b/.gitignore
index e69de29..7ae2e9c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz
diff --git a/hitch-1.0.0-beta3.setgroups.patch b/hitch-1.0.0-beta3.setgroups.patch
new file mode 100644
index 0000000..bbfdeb8
--- /dev/null
+++ b/hitch-1.0.0-beta3.setgroups.patch
@@ -0,0 +1,28 @@
+diff -Nur ../hitch-hitch-1.0.0-beta3.orig/src/hitch.c ./src/hitch.c
+--- ../hitch-hitch-1.0.0-beta3.orig/src/hitch.c	2015-06-18 12:01:42.000000000 +0200
++++ ./src/hitch.c	2015-06-22 23:53:22.790991923 +0200
+@@ -46,10 +46,10 @@
+ #include <errno.h>
+ #include <getopt.h>
+ #include <pwd.h>
+-#include <grp.h>
+ #include <limits.h>
+ #include <syslog.h>
+ #include <stdarg.h>
++#include <grp.h>
+ 
+ #include <ctype.h>
+ #include <sched.h>
+@@ -2026,8 +2026,10 @@
+ }
+ 
+ void drop_privileges() {
+-    if (CONFIG->GID >= 0 && setgroups(0, NULL) < 0 && setgid(CONFIG->GID) < 0)
+-        fail("setgroups or setgid failed");
++    if (CONFIG->UID >= 0 && setgroups(0, NULL) < 0)
++        fail("setgroups failed");
++    if (CONFIG->GID >= 0 && setgid(CONFIG->GID) < 0)
++        fail("setgid failed");
+     if (CONFIG->UID >= 0 && setuid(CONFIG->UID) < 0)
+         fail("setuid failed");
+ }
diff --git a/hitch.clean_test_processes.patch b/hitch.clean_test_processes.patch
new file mode 100644
index 0000000..6e62201
--- /dev/null
+++ b/hitch.clean_test_processes.patch
@@ -0,0 +1,44 @@
+diff -Nur tests.orig/common.sh tests/common.sh
+--- tests.orig/common.sh	2015-06-18 12:01:42.000000000 +0200
++++ tests/common.sh	2015-06-25 11:42:43.073934674 +0200
+@@ -7,13 +7,14 @@
+ PIDFILE="$(mktemp -u)"
+ CONFFILE="$(mktemp -u)"
+ DUMPFILE="$(mktemp -u)"
++SESSFILE="$(mktemp)"
+ 
+ HITCH=../src/hitch-openssl
+ HITCH_ARGS="--pidfile=$PIDFILE --daemon --quiet"
+ 
+ cleanup() {
+         test -s $PIDFILE && kill `cat "$PIDFILE"`
+-        rm -f "$PIDFILE" "$CONFFILE" "$DUMPFILE" 2>/dev/null
++        rm -f "$PIDFILE" "$CONFFILE" "$DUMPFILE" "$SESSFILE" 2>/dev/null
+ }
+ trap cleanup EXIT
+ 
+diff -Nur tests.orig/test06-ticket-resume tests/test06-ticket-resume
+--- tests.orig/test06-ticket-resume	2015-06-25 11:33:22.324599585 +0200
++++ tests/test06-ticket-resume	2015-06-25 11:43:13.974677607 +0200
+@@ -5,19 +5,13 @@
+ . common.sh
+ set +o errexit
+ 
+-sessfile=$(mktemp)
+-function rmsess {
+-	rm -f $sessfile
+-}
+-trap rmsess EXIT
+-
+ $HITCH $HITCH_ARGS --backend=[hyse.org]:80 "--frontend=[${LISTENADDR}]:$LISTENPORT" certs/site1.example.com
+ test "$?" = "0" || die "Hitch did not start."
+ 
+-echo -e "\n" | openssl s_client -prexit -sess_out $sessfile -connect $LISTENADDR:$LISTENPORT >/dev/null 2>&1
++echo -e "\n" | openssl s_client -prexit -sess_out $SESSFILE -connect $LISTENADDR:$LISTENPORT >/dev/null 2>&1
+ test "$?" = "0" || die "s_client failed (1)"
+ 
+-echo -e "\n" | openssl s_client -prexit -sess_in $sessfile -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
++echo -e "\n" | openssl s_client -prexit -sess_in $SESSFILE -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
+ test "$?" = "0" || die "s_client failed (2)"
+ 
+ grep -q -c "Reused, " $DUMPFILE
diff --git a/hitch.initrc.redhat.patch b/hitch.initrc.redhat.patch
new file mode 100644
index 0000000..490f796
--- /dev/null
+++ b/hitch.initrc.redhat.patch
@@ -0,0 +1,130 @@
+diff -Naur ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.initrc.redhat ./hitch.initrc.redhat
+--- ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.initrc.redhat	1970-01-01 01:00:00.000000000 +0100
++++ ./hitch.initrc.redhat	2015-06-25 15:23:33.575130324 +0200
+@@ -0,0 +1,126 @@
++#! /bin/sh
++#
++# hitch Control the Hitch daemon
++#
++# chkconfig: - 90 10
++# description: Hitch proxy daemon
++# processname: hitch
++# config: /etc/hitch/hitch.conf
++# pidfile: /var/run/hitch/hitch.pid
++
++### BEGIN INIT INFO
++# Provides: hitch
++# Required-Start: $network $local_fs $remote_fs
++# Required-Stop: $network $local_fs $remote_fs
++# Default-Start:
++# Default-Stop:
++# Short-Description: start and stop hitch
++# Description: Hitch proxy daemon
++### END INIT INFO
++
++# Source function library.
++. /etc/init.d/functions
++
++retval=0
++pidfile="/var/run/hitch/hitch.pid"
++lockfile="/var/lock/subsys/hitch"
++config="/etc/hitch/hitch.conf"
++exec="/usr/sbin/hitch-openssl"
++prog="hitch-openssl"
++
++
++start() {
++
++	if [ ! -x $exec ]
++	then
++		echo $exec not found
++		exit 5
++	fi
++
++	if [ ! -f $config ]
++	then
++		echo $config not found
++		exit 6
++	fi
++
++	echo -n "Starting hitch ssl proxy: "
++
++	daemon $exec "--pidfile=$pidfile --config $config" > /dev/null
++	retval=$?
++	if [ $retval -eq 0 ]
++	then
++		touch $lockfile
++		echo_success
++		echo
++	else
++		echo_failure
++		echo
++	fi
++	return $retval
++}
++
++stop() {
++	echo -n "Stopping Hitch proxy daemon: "
++	killproc -p $pidfile $prog
++	retval=$?
++	echo
++	[ $retval -eq 0 ] && rm -f $lockfile
++	return $retval
++}
++
++restart() {
++	stop
++	start
++}
++
++reload() {
++	restart
++}
++
++force_reload() {
++	restart
++}
++
++rh_status() {
++	status -p $pidfile $prog
++}
++
++rh_status_q() {
++	rh_status >/dev/null 2>&1
++}
++
++# See how we were called.
++case "$1" in
++	start)
++		rh_status_q && exit 0
++		$1
++		;;
++	stop)
++		rh_status_q || exit 0
++		$1
++		;;
++	restart)
++		$1
++		;;
++	reload)
++		rh_status_q || exit 7
++		$1
++		;;
++	force-reload)
++		force_reload
++		;;
++	status)
++		rh_status
++		;;
++	condrestart|try-restart)
++		rh_status_q || exit 0
++		restart
++		;;
++	*)
++	echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
++
++	exit 2
++esac
++
++exit $?
++
diff --git a/hitch.spec b/hitch.spec
new file mode 100644
index 0000000..a93ec2d
--- /dev/null
+++ b/hitch.spec
@@ -0,0 +1,181 @@
+%global	commit		00b264b5537986fecfa1013cc27ad3b7b771a646
+%global	shortcommit	%(c=%{commit}; echo ${c:0:7})
+
+# Checks may only be ran from a host with internet connection
+#% global runcheck	0
+
+%global hitch_user	hitch
+%global hitch_group	hitch
+%global hitch_homedir	%{_localstatedir}/lib/hitch
+%global hitch_confdir	%{_sysconfdir}/hitch
+%global hitch_datadir	%{_datadir}/hitch
+
+%global _hardened_build 1
+
+Name:		hitch
+Version:	1.0.0
+Release:	0.3.4.beta3%{?dist}
+Summary:	Network proxy that terminates TLS/SSL connections
+
+Group:		System Environment/Daemons
+License:	BSD
+URL:		https://github.com/varnish/hitch
+Source0:	https://github.com/varnish/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz
+
+BuildRequires:	libev-devel
+BuildRequires:	openssl-devel
+BuildRequires:	openssl
+BuildRequires:	libtool
+Requires:	openssl
+
+Patch0:		hitch.systemd.service.patch
+Patch1:		hitch.initrc.redhat.patch
+# POS36-C correct revocation order while relinquishing privileges
+Patch2:		hitch-1.0.0-beta3.setgroups.patch
+# Fixes a bug in the test suite that leaves running processes behind
+Patch3:		hitch.clean_test_processes.patch
+Patch4:		hitch.test07_missing_curl_resolve_on_el6.patch
+
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+BuildRequires: systemd
+%else
+Requires(preun): initscripts
+%endif
+
+%description
+hitch is a network proxy that terminates TLS/SSL connections and forwards the
+unencrypted traffic to some backend. It is designed to handle 10s of thousands
+of connections efficiently on multicore machines.
+
+%prep
+%setup -qn %{name}-%{commit}
+%patch0
+%patch1
+%patch2 -p1
+%patch3
+%if 0%{?rhel} == 6
+%patch4
+%endif
+
+
+%build
+./bootstrap
+
+%if 0%{?rhel} == 6
+CFLAGS="%{optflags} -fPIE"
+LDFLAGS=" -pie"
+CPPFLAGS=" -I%{_includedir}/libev"
+export CFLAGS
+export LDFLAGS
+export CPPFLAGS
+%endif
+
+%configure
+make %{?_smp_mflags}
+
+
+%install
+%make_install
+%{buildroot}%{_sbindir}/hitch-openssl --default-config | sed '
+	s/user = ""/user = "%{hitch_user}"/g;
+	s/group = ""/group = "%{hitch_group}"/g;
+	s/backend = "\[127.0.0.1\]:8000"/backend = "[127.0.0.1]:6081"/g;
+	s/syslog = off/syslog = on/g;
+	' > hitch.conf
+%if 0%{?rhel} == 6
+	sed -i 's/daemon = off/daemon = on/g;' hitch.conf
+%endif
+install -p -D -m 0644 hitch.conf %{buildroot}%{_sysconfdir}/hitch/hitch.conf
+install -d -m 0755 %{buildroot}%{hitch_homedir}
+install -d -m 0755 %{buildroot}%{hitch_datadir}
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+install -p -D -m 0644 hitch.service %{buildroot}%{_unitdir}/hitch.service
+install -p -D -m 0644 hitch.tmpfilesd.conf %{buildroot}%{_tmpfilesdir}/hitch.conf
+%else
+install -p -D -m 0755 hitch.initrc.redhat %{buildroot}%{_initrddir}/hitch
+install -d -m 0755 %{buildroot}%{_localstatedir}/run/hitch
+%endif
+
+# check is not enabled by default, as it won't work on the koji builders, 
+# nor on machines that can't reach the Internet. 
+%check
+%if 0%{?runcheck} == 1
+cd tests; ./runtests
+%endif
+
+%pre
+groupadd -r %{hitch_group} &>/dev/null ||:
+useradd -r -g %{hitch_group} -s /sbin/nologin -d %{hitch_homedir} %{hitch_user} &>/dev/null ||:
+
+
+%post
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+%systemd_post hitch.service
+%tmpfiles_create %{_tmpfilesdir}/hitch.conf
+%else
+/sbin/chkconfig --add hitch
+%endif
+
+%preun
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+%systemd_preun hitch.service
+%else
+/sbin/service hitch stop > /dev/null 2>&1
+/sbin/chkconfig --del hitch
+%endif
+
+
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+%postun
+%systemd_postun_with_restart hitch.service
+%endif
+
+
+%files
+%doc README.md
+%if 0%{?rhel} == 6
+%doc LICENSE
+%else
+%license LICENSE
+%endif
+%{_sbindir}/hitch-openssl
+%{_mandir}/man8/hitch.8*
+%dir %{_sysconfdir}/hitch
+%config(noreplace) %{_sysconfdir}/hitch/hitch.conf
+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+%{_unitdir}/hitch.service
+%{_tmpfilesdir}/hitch.conf
+%ghost %verify(not md5 size mtime)  /run/hitch/hitch.pid
+
+%else
+%{_initrddir}/hitch
+%attr(0755,hitch,hitch) %dir %{_localstatedir}/run/hitch
+%attr(0644,hitch,hitch) %ghost %verify(not md5 size mtime)  %{_localstatedir}/run/hitch/hitch.pid
+%endif
+
+
+%changelog
+* Sun Jul 19 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.4.beta3
+- Some more fixes for the fedora package review, ref Cicku
+
+* Thu Jul 16 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.3.beta3
+- Some more fixes for the fedora package review, ref Jeff Backus
+
+* Fri Jun 26 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.2.beta3
+- Added _hardened_build macro and PIE on el6
+
+* Thu Jun 25 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.1.beta3
+- Some fixes for the fedora package review, ref Sören Möller
+- Now runs the test suite in check, adding BuildRequire openssl
+- Added a patch that fixed missing cleaning running daemons from test suite
+- Added a patch that made test07 run on older curl (epel6)
+- Package owns /etc/hitch
+- Added pidfile to systemd and tmpfiles.d configuration
+- Added pidfile to redhat sysv init script
+
+* Wed Jun 10 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.beta3
+- Initial wrap for fedora
+
diff --git a/hitch.systemd.service.patch b/hitch.systemd.service.patch
new file mode 100644
index 0000000..40b5ec0
--- /dev/null
+++ b/hitch.systemd.service.patch
@@ -0,0 +1,36 @@
+diff -Naur ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.service ./hitch.service
+--- ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.service	1970-01-01 01:00:00.000000000 +0100
++++ ./hitch.service	2015-06-25 14:23:07.120277818 +0200
+@@ -0,0 +1,27 @@
++[Unit]
++Description=Network proxy that terminates TLS/SSL connections
++After=syslog.target network.target
++
++[Service]
++
++#
++# If you want to make changes to this file, please copy it to 
++# /etc/systemd/system/hitch.service and make your changes there.
++# This will override the file kept at /lib/systemd/system/hitch.service
++#
++# Configuration may be done in /etc/hitch/hitch.params
++#
++
++PIDFile=/run/hitch/hitch.pid
++
++# Maximum size of the corefile. 
++LimitCORE=infinity
++
++Type=simple
++PrivateTmp=true
++ExecStart=/usr/sbin/hitch-openssl --pidfile=/run/hitch/hitch.pid --config=/etc/hitch/hitch.conf
++
++
++[Install]
++WantedBy=multi-user.target
++
+diff -Naur ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.tmpfilesd.conf ./hitch.tmpfilesd.conf
+--- ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/hitch.tmpfilesd.conf	1970-01-01 01:00:00.000000000 +0100
++++ ./hitch.tmpfilesd.conf	2015-06-25 14:44:15.785888764 +0200
+@@ -0,0 +1 @@
++d /run/hitch 0755 hitch hitch -
diff --git a/hitch.test07_missing_curl_resolve_on_el6.patch b/hitch.test07_missing_curl_resolve_on_el6.patch
new file mode 100644
index 0000000..8a53c20
--- /dev/null
+++ b/hitch.test07_missing_curl_resolve_on_el6.patch
@@ -0,0 +1,10 @@
+diff -Nur ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/tests/test07-nomatch-abort ./tests/test07-nomatch-abort
+--- ../hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.orig/tests/test07-nomatch-abort	2015-06-18 12:01:42.000000000 +0200
++++ ./tests/test07-nomatch-abort	2015-06-25 16:54:31.635809295 +0200
+@@ -30,5 +30,4 @@
+ grep -q -c "unrecognized name" $DUMPFILE
+ test "$?" = "0" || die "Expected 'unrecognized name' error."
+ 
+-CURL_EXTRA="--resolve site1.example.com:$LISTENPORT:127.0.0.1"
+-runcurl site1.example.com $LISTENPORT
++(echo -e 'GET / HTTP/1.0\nHost: site1.example.com\n'; sleep 1) | openssl s_client -connect $LISTENADDR:$LISTENPORT > $DUMPFILE 2>&1
diff --git a/sources b/sources
index e69de29..29a4be7 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+2b786ab1da1a7314882c02423904c316  hitch-00b264b5537986fecfa1013cc27ad3b7b771a646.tar.gz