Name: racoon2
Version: 20100526a
Release: 14%{?dist}
Summary: An implementation of key management system for IPsec
Group: System Environment/Daemons
License: BSD
URL: http://www.racoon2.wide.ad.jp/
Source0: http://ftp.racoon2.wide.ad.jp/pub/%{name}/%{name}-%{version}.tgz
Patch0: %{name}-autotools.patch
Patch1: %{name}-systemd.patch
Patch2: %{name}-functions-shebang.patch
Patch3: %{name}-configfiles.patch
BuildRequires: byacc
BuildRequires: flex
BuildRequires: openssl-devel
Requires(post): pwgen
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
BuildRequires: systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
%endif
%description
The Racoon2 project is a joint effort which provides an implementation of key
management system for IPsec. The implementation is called Racoon2, a successor
of Racoon, which was developed by the KAME project. It supports IKEv1, IKEv2,
and KINK protocols. It works on FreeBSD, NetBSD, Linux, and Mac OS X.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
%configure --disable-kinkd --disable-pedant --prefix=%{prefix} --sysconfdir=%{_sysconfdir}
# --disable-kinkd: KINK must be disabled unless krb5 is compiled --with-crypto-impl=builtin
# because kinkd uses krb5's internal crypto functions that are not compiled otherwise.
# --disable-pedant: Racoon2 doesn't compile with pedantic compiler that is enabled
# in the source tarball.
make %{?_smp_mflags}
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
# Delete kinkd initscript
rm %{buildroot}%{_initddir}/%{name}-kinkd
# Install/delete systemd units and initscripts
# This must correspond to units/initscripts in the
# files section.
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
install -d %{buildroot}/%{_unitdir}
install -m 644 -t %{buildroot}/%{_unitdir} %{name}-iked.service %{name}-spmd.service
rm %{buildroot}%{_initddir}/%{name}-*
%endif
%files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/default.conf
%config(noreplace) %{_sysconfdir}/%{name}/local-test.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/transport_ike.conf
%config(noreplace) %{_sysconfdir}/%{name}/transport_kink.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_ike.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_ike_natt.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_kink.conf
%config(noreplace) %{_sysconfdir}/%{name}/vals.conf
%dir %{_sysconfdir}/%{name}/hook
%{_sysconfdir}/%{name}/hook/child-down
%{_sysconfdir}/%{name}/hook/child-rekey
%{_sysconfdir}/%{name}/hook/child-up
%{_sysconfdir}/%{name}/hook/child-up.d/00childup_sample
%config(noreplace) %{_sysconfdir}/%{name}/hook/functions
%{_sysconfdir}/%{name}/hook/ikesa-down
%{_sysconfdir}/%{name}/hook/ikesa-rekey
%{_sysconfdir}/%{name}/hook/ikesa-up
%{_sysconfdir}/%{name}/hook/ikesa-up.d/00ikesaup_sample
%{_sysconfdir}/%{name}/hook/migration
%{_sysconfdir}/%{name}/hook/ph1-down
%{_sysconfdir}/%{name}/hook/ph1-up
%{_sbindir}/iked
%{_sbindir}/pskgen
%{_sbindir}/spmd
%{_sbindir}/spmdctl
%dir %{_var}/run/%{name}
%{_mandir}/man8/iked.8.gz
%{_mandir}/man8/pskgen.8.gz
%{_mandir}/man8/spmd.8.gz
%{_mandir}/man8/spmdctl.8.gz
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%{_unitdir}/%{name}-iked.service
%{_unitdir}/%{name}-spmd.service
%else
%{_initddir}/%{name}-iked
%{_initddir}/%{name}-spmd
%endif
%post
if [ ! -e "%{_sysconfdir}/%{name}/spmd.pwd" ]; then
pwgen > %{_sysconfdir}/%{name}/spmd.pwd
chmod 600 %{_sysconfdir}/%{name}/spmd.pwd
fi
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%else
/sbin/chkconfig --add %{name}-iked
/sbin/chkconfig --add %{name}-spmd
%endif
%preun
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable %{name}-spmd.service > /dev/null 2>&1 || :
/bin/systemctl --no-reload disable %{name}-iked.service > /dev/null 2>&1 || :
/bin/systemctl stop %{name}-spmd.service > /dev/null 2>&1 || :
/bin/systemctl stop %{name}-iked.service > /dev/null 2>&1 || :
fi
%else
if [ $1 -eq 0 ] ; then
/sbin/service %{name}-iked stop >/dev/null 2>&1
/sbin/service %{name}-spmd stop >/dev/null 2>&1
/sbin/chkconfig --del %{name}-iked
/sbin/chkconfig --del %{name}-spmd
fi
%endif
%postun
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart %{name}-spmd.service >/dev/null 2>&1 || :
/bin/systemctl try-restart %{name}-iked.service >/dev/null 2>&1 || :
fi
%else
%endif
%changelog
* Mon Feb 13 2012 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-14
- rebuilt
* Sat Jan 21 2012 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-13
- Added rm at the beginning of install section
- Changed conditionals to versioned ones
* Sun Jan 15 2012 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-12
- Removed sysvinit subpackage
- Added conditionals to handle different init systems
- Changed initrd macro to initd
- Marked functions as config file
* Fri Dec 30 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-11
- Removed -fno-strict-aliasing
- Removed -D_GNU_SOURCE=1
- Added rationale for --disable-kinkd and --disable-pedant
- Removed @prefix@ from configuration files (patch)
* Thu Dec 29 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-10
- Added pwgen dependency
- Moved various inline fixes from specfile to patches
- Fixed racoon2 configuration path (/etc/racoon2)
* Wed Dec 07 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-9
- Incorporated more rpmlint feedback
- Directories are now specified by macros
- Added systemd scriptlets
- Added needed /var/run/racoon2 directory
- Added directories to files section
* Wed Nov 09 2011 pavlix - 20100526a-8
- Incorporated rpmlint feedback
* Wed Nov 09 2011 pavlix - 20100526a-7
- Experimental build for packaging