automatic version update by autodist [release 2.6.39-1mamba;Wed Jun 05 2013]

This commit is contained in:
Automatic Build System 2024-01-06 08:17:14 +01:00
parent f5731dd40c
commit eae4995e59
5 changed files with 525 additions and 0 deletions

View File

@ -1,2 +1,7 @@
# openswan # openswan
Openswan is an IPsec implementation for Linux. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including X.509 Digital Certificates, NAT Traversal, and many others.
Openswan was originally based on FreeS/WAN 2.04 CVS, along with some minor bug fixes from 2.05 and 2.06. See CREDITS for the history.
It also includes Andreas Steffan's X.509 Digital Certificate patch, NAT-Traversal code (based on Mathieu Lafon's work for Arkoon) and XAUTH Server support (based on Columbris's code).

85
ipsec-gencert Normal file
View File

@ -0,0 +1,85 @@
#! /bin/bash
#
# ipsec-gencert.sh - Create a client certificate signed by localhost CA
#
# Copyright (c) 2004 by Silvan Calarco <silvan.calarco@qilinux.it>
# Copyright (c) 2004 by Davide Madrisan <davide.madrisan@qilinux.it>
#
# Release: 01/04/2004
test $UID = 0 ||
{ echo "error: $0: must be superuser" >&2
{ (exit 1); exit 1; }; }
unset DESTHOSTNAME REQFILE
REQGENERATED=0
function usage() {
echo "error: $0: missing parameter"
echo
echo "Use: ipsec-gencert.sh hostname [-r cert.req]"
echo " -r: use the certificate request file specified"
echo
exit 1
}
while [ $# -gt 0 ]; do
case $1 in
-r*)
if echo $1 | grep -q '='; then
REQFILE=`echo $1 | sed 's/^-r=//'`
else
REQFILE=$2
shift
fi ;;
*)
[ -z "$DESTHOSTNAME" ] && DESTHOSTNAME=$1 || usage ;;
esac
shift
done
[ -z "$DESTHOSTNAME" ] && usage
if [ -z "$REQFILE" ]; then
REQFILE="/etc/ipsec.d/private/ipsec-$DESTHOSTNAME-key.pem"
openssl req -new -keyout /etc/ipsec.d/private/ipsec-$DESTHOSTNAME-key.pem \
-out $REQFILE -days 365 ||
{ echo "error: failed to create certificate request." >&2
{ (exit 1); exit 1; }; }
REQGENERATED=1
fi
# generate cert from request
openssl ca -policy policy_anything \
-out /etc/ipsec.d/certs/ipsec-$DESTHOSTNAME-cert.pem \
-infiles $REQFILE ||
{ echo "error: failed to sign request." >&2
{ (exit 1); exit 1; }; }
# export pkcs cert
if [ "$REQGENERATED" = "1" ]; then
# remove request file
rm /var/ssl/ipsec-$DESTHOSTNAME-req.pem
openssl pkcs12 -export \
-in /etc/ipsec.d/certs/ipsec-$DESTHOSTNAME-cert.pem \
-inkey /etc/ipsec.d/private/ipsec-$DESTHOSTNAME-key.pem \
-certfile /var/ssl/cacert.pem \
-out /tmp/$DESTHOSTNAME.pl2
else
openssl pkcs12 -export \
-in /etc/ipsec.d/certs/ipsec-$DESTHOSTNAME-cert.pem \
-certfile /var/ssl/cacert.pem \
-out /tmp/$DESTHOSTNAME.pl2 \
-nokeys
fi
[ $REQGENERATED -eq 1 ] &&
echo "Generated private keyfile: /etc/ipsec.d/private/ipsec-$DESTHOSTNAME-key.pem"
echo "Generated certificate: /etc/ipsec.d/certs/ipsec-$DESTHOSTNAME-cert.pem"
echo "Generated pkcs certificate: /tmp/$DESTHOSTNAME.pl2"
exit 0

162
ipsec-initscript Normal file
View File

@ -0,0 +1,162 @@
#!/bin/sh
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: setup.in,v 1.118 2003/02/27 16:51:55 dhr Exp $
#
# ipsec init.d script for starting and stopping
# the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown). Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: 2345 47 68
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
me='ipsec setup' # for messages
# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
then
# we must establish a suitable PATH ourselves
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH
IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi
# Check that the ipsec command is available.
found=
for dir in `echo $PATH | tr ':' ' '`
do
if test -f $dir/ipsec -a -x $dir/ipsec
then
found=yes
break # NOTE BREAK OUT
fi
done
if ! test "$found"
then
echo "cannot find ipsec command -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup
exit 1
fi
# accept a few flags
export IPSEC_setupflags
IPSEC_setupflags=""
config=""
for dummy
do
case "$1" in
--showonly|--show) IPSEC_setupflags="$1" ;;
--config) config="--config $2" ; shift ;;
*) break ;;
esac
shift
done
# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
if test " $IPSEC_confreadstatus" != " "
then
echo "$IPSEC_confreadstatus -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup
exit 1
fi
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection
IPSECsyslog=${IPSECsyslog-daemon.error}
export IPSECsyslog
# misc setup
umask 022
# do it
case "$1" in
start|--start|stop|--stop|_autostop|_autostart)
if test " `id -u`" != " 0"
then
echo "permission denied (must be superuser)" |
logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
exit 1
fi
tmp=/var/run/ipsec_setup.st
(
ipsec _realsetup $1
echo "$?" >$tmp
) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
st=$?
if test -f $tmp
then
st=`cat $tmp`
rm -f $tmp
fi
exit $st
;;
restart|--restart|force-reload)
$0 $IPSEC_setupflags stop
$0 $IPSEC_setupflags start
;;
_autorestart) # for internal use only
$0 $IPSEC_setupflags _autostop
$0 $IPSEC_setupflags _autostart
;;
status|--status)
ipsec _realsetup $1
exit
;;
--version)
echo "$me $IPSEC_VERSION"
exit 0
;;
--help)
echo "Usage: $me {--start|--stop|--restart|--status}"
exit 0
;;
*)
echo "Usage: $me {--start|--stop|--restart|--status}" >&2
exit 2
esac
exit 0

82
ipsec.conf Normal file
View File

@ -0,0 +1,82 @@
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
# Help:
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/quickstart.html
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/config.html
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html
#
# Policy groups are enabled by default. See:
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.html
#
# Examples:
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/examples
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=all
#plutodebug=dns
#interfaces="ipsec0=eth1"
#
# Note: default ipsec interface is take from %defaultroute
# if interfaces is modified from default %defaultroute is
# no longer valid
# disable OE (eg. policy groups and packetdefault)
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn clear-or-private
auto=ignore
# sample VPN connections
#conn net2net
# left=10.10.10.5
# leftsubnet=192.168.1.0/24
# leftnexthop=10.10.10.1
# right=10.20.20.2
# rightsubnet=10.30.30.0/24
# rightrsasigkey= # usually output of 'ipsec showhostkey --right' on remote host
# auto=add
#conn net2host
# left=10.10.10.5
# leftsubnet=192.168.1.0/24
# leftnexthop=10.10.10.1
# right=%any
# rightid=@jimhall.in-qinet.it
# rightrsasigkey= # usually output of 'ipsec showhostkey --right' on remote host
# auto=add
#conn host2net
# left=%defaultroute
# leftid=@jimhall.in-qinet.it
# right=10.10.10.5
# rightsubnet=192.168.1.0/24
# rightrsasigkey= # usually output of 'ipsec showhostkey --right' on remote host
# auto=add
# Add connections here

191
openswan.spec Normal file
View File

@ -0,0 +1,191 @@
Name: openswan
Version: 2.6.39
Release: 1mamba
Summary: openswan is an implementation of IPSEC & IKE for Linux
Group: Network/Security
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
Source0: http://www.openswan.com/download/openswan-%{version}.tar.gz
Source1: ipsec-initscript
Source2: ipsec.conf
Source3: ipsec-gencert
URL: http://www.openswan.com/
License: GPL
# BSD (DES library), redistributable (MD5 implementation)
BuildRequires: libgmp-devel >= 4.1.2
BuildRequires: libopenldap-devel >= 2.1.23
BuildRequires: bind-devel
Requires: libgmp >= 4.1.2
Requires: iproute >= 2.4.7
Requires: perl
Conflicts: freeswan
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Openswan is an IPsec implementation for Linux. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including X.509 Digital Certificates, NAT Traversal, and many others.
Openswan was originally based on FreeS/WAN 2.04 CVS, along with some minor bug fixes from 2.05 and 2.06. See CREDITS for the history.
It also includes Andreas Steffan's X.509 Digital Certificate patch, NAT-Traversal code (based on Mathieu Lafon's work for Arkoon) and XAUTH Server support (based on Columbris's code).
%prep
%setup -q
%build
ln freeswan linux/include/openswan -s
make %{_smp_mflags} programs \
INC_USRLOCAL=%{_prefix} \
INC_MANDIR=/share/man \
FINALLIBEXECDIR=%{_libdir}/ipsec
%install
test x"$RPM_BUILD_ROOT" != x/ && rm -rf "$RPM_BUILD_ROOT"
make install \
DESTDIR=$RPM_BUILD_ROOT \
INC_USRLOCAL=%{_prefix} \
INC_MANDIR=/share/man \
INC_RCDEFAULT=%{_initrddir} \
FINALLIBEXECDIR=%{_libdir}/ipsec
#cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/ipsec
#mv %{buildroot}%{_initrddir}/setup %{buildroot}%{_initrddir}/ipsec
cp -f %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/
cp %{SOURCE3} $RPM_BUILD_ROOT%{_sbindir}
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/cacerts
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/certs
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/crls
install -d -m700 $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.d/private
%post
# new install
if [ $1 -eq 1 ]; then
# generate a fresh RSA key pair
if [ ! -f /etc/ipsec.secrets ]; then
ipsec newhostkey --output /etc/ipsec.secrets --hostname `hostname -f`
chmod 600 /etc/ipsec.secrets
fi
fi
exit 0
%preun
#erase
if [ $1 -eq 0 ]; then
service ipsec stop
chkconfig --del ipsec
fi
exit 0
%postun
# upgrade
if [ $1 -eq 1 ]; then
chkconfig ipsec && service ipsec restart
fi
exit 0
%clean
test x"$RPM_BUILD_ROOT" != x/ && rm -rf "$RPM_BUILD_ROOT"
%files
%defattr(-,root,root)
%{_sbindir}/ipsec
%{_sbindir}/ipsec-gencert
%{_initrddir}/ipsec
%dir %{_libdir}/ipsec
%{_libdir}/ipsec/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%dir %{_sysconfdir}/ipsec.d
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/examples/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%{_sysconfdir}/ipsec.d/cacerts/
%{_sysconfdir}/ipsec.d/certs/
%{_sysconfdir}/ipsec.d/crls
%attr(0700,root,root) %{_sysconfdir}/ipsec.d/private
#%{_sysconfdir}/rc.d/rc0.d/*
#%{_sysconfdir}/rc.d/rc1.d/*
#%{_sysconfdir}/rc.d/rc2.d/*
#%{_sysconfdir}/rc.d/rc3.d/*
#%{_sysconfdir}/rc.d/rc4.d/*
#%{_sysconfdir}/rc.d/rc5.d/*
#%{_sysconfdir}/rc.d/rc6.d/*
%dir %{_datadir}/doc/openswan
%{_datadir}/doc/openswan/*
%{_mandir}/man?/*
%doc BUGS CHANGES COPYING CREDITS README
%changelog
* Wed Jun 05 2013 Automatic Build System <autodist@mambasoft.it> 2.6.39-1mamba
- automatic version update by autodist
* Sat Apr 28 2012 Automatic Build System <autodist@mambasoft.it> 2.6.38-1mamba
- automatic version update by autodist
* Mon Jul 25 2011 Automatic Build System <autodist@mambasoft.it> 2.6.35-1mamba
- automatic version update by autodist
* Sun Jun 19 2011 Automatic Build System <autodist@mambasoft.it> 2.6.34-1mamba
- automatic update by autodist
* Tue Feb 22 2011 Automatic Build System <autodist@mambasoft.it> 2.6.33-1mamba
- automatic update by autodist
* Thu Dec 23 2010 Automatic Build System <autodist@mambasoft.it> 2.6.32-1mamba
- automatic update by autodist
* Mon Dec 06 2010 Automatic Build System <autodist@mambasoft.it> 2.6.31-1mamba
- automatic update by autodist
* Mon Aug 16 2010 Automatic Build System <autodist@mambasoft.it> 2.6.28-1mamba
- automatic update by autodist
* Mon Jul 12 2010 Automatic Build System <autodist@mambasoft.it> 2.6.27-2mamba
- automatic rebuild by autodist
* Sat Jun 26 2010 Automatic Build System <autodist@mambasoft.it> 2.6.27-1mamba
- automatic update by autodist
* Tue Apr 27 2010 Automatic Build System <autodist@mambasoft.it> 2.6.25-1mamba
- automatic update by autodist
* Mon Jan 25 2010 Automatic Build System <autodist@mambasoft.it> 2.6.24-1mamba
- automatic update by autodist
* Tue Oct 13 2009 Automatic Build System <autodist@mambasoft.it> 2.6.23-1mamba
- automatic update by autodist
* Sat Jul 04 2009 Automatic Build System <autodist@mambasoft.it> 2.6.22-1mamba
- automatic update by autodist
* Sat Apr 04 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.6.21-1mamba
- automatic update by autodist
* Sun Mar 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.6.20-1mamba
- automatic update by autodist
* Sat Dec 13 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.6.19-1mamba
- update to 2.6.19
* Sat Oct 06 2007 Fabio Giani <fabio.giani@email.it> 2.4.6-1mamba
- update to 2.4.6
* Sun Jun 27 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.4-1qilnx
- new version build
* Tue May 27 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.2-2qilnx
- some fixes to ipsec-gencert script
* Thu May 20 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.2-1qilnx
- new version build
* Mon Apr 19 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.2rc3-1qilnx
- new version build
* Sun Apr 18 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.2rc2-1qilnx
- new version build
* Fri Apr 02 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.1.1-1qilnx
- package creation