Name:           racoon2
Version:        20100526a
Release:        12%{?dist}
Summary:        An implementation of key management system for IPsec
Group:          System Environment/Daemons
License:        BSD
URL:            http://www.racoon2.wide.ad.jp/
Source0:        http://ftp.racoon2.wide.ad.jp/pub/%{name}/%{name}-%{version}.tgz
Patch0:         %{name}-autotools.patch
Patch1:         %{name}-systemd.patch
Patch2:         %{name}-functions-shebang.patch
Patch3:         %{name}-configfiles.patch
BuildRequires:  byacc
BuildRequires:  flex
BuildRequires:  openssl-devel
Requires(post): pwgen
%if 0%{?fedora}
BuildRequires:  systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
%endif
%if 0%{?rhel}
Requires:	%{name}-sysvinit
%endif
%description
The Racoon2 project is a joint effort which provides an implementation of key
management system for IPsec. The implementation is called Racoon2, a successor
of Racoon, which was developed by the KAME project. It supports IKEv1, IKEv2,
and KINK protocols. It works on FreeBSD, NetBSD, Linux, and Mac OS X.

%package sysvinit
Summary: Initscripts for Racoon2
Group:          System Environment/Daemons
%description sysvinit
This package provides System V style initscripts for Racoon2.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1

%build
%configure --disable-kinkd --disable-pedant --prefix=%{prefix} --sysconfdir=%{_sysconfdir}
# --disable-kinkd: KINK must be disabled unless krb5 is compiled --with-crypto-impl=builtin
# because kinkd uses krb5's internal crypto functions that are not compiled otherwise.
# --disable-pedant: Racoon2 doesn't compile with pedantic compiler that is enabled
# in the source tarball.
make %{?_smp_mflags}

%install
make install DESTDIR=%{buildroot}
%if 0%{?fedora}
# Install systemd units
install -d %{buildroot}/%{_unitdir}
install -m 644 -t %{buildroot}/%{_unitdir} %{name}-iked.service %{name}-spmd.service
%endif
# Delete kinkd initscript
rm %{buildroot}%{_initddir}/%{name}-kinkd

%files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/default.conf
%config(noreplace) %{_sysconfdir}/%{name}/local-test.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/transport_ike.conf
%config(noreplace) %{_sysconfdir}/%{name}/transport_kink.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_ike.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_ike_natt.conf
%config(noreplace) %{_sysconfdir}/%{name}/tunnel_kink.conf
%config(noreplace) %{_sysconfdir}/%{name}/vals.conf
%dir %{_sysconfdir}/%{name}/hook
%{_sysconfdir}/%{name}/hook/child-down
%{_sysconfdir}/%{name}/hook/child-rekey
%{_sysconfdir}/%{name}/hook/child-up
%{_sysconfdir}/%{name}/hook/child-up.d/00childup_sample
%{_sysconfdir}/%{name}/hook/functions
%{_sysconfdir}/%{name}/hook/ikesa-down
%{_sysconfdir}/%{name}/hook/ikesa-rekey
%{_sysconfdir}/%{name}/hook/ikesa-up
%{_sysconfdir}/%{name}/hook/ikesa-up.d/00ikesaup_sample
%{_sysconfdir}/%{name}/hook/migration
%{_sysconfdir}/%{name}/hook/ph1-down
%{_sysconfdir}/%{name}/hook/ph1-up
%{_sbindir}/iked
%{_sbindir}/pskgen
%{_sbindir}/spmd
%{_sbindir}/spmdctl
%{_mandir}/man8/iked.8.gz
%{_mandir}/man8/pskgen.8.gz
%{_mandir}/man8/spmd.8.gz
%{_mandir}/man8/spmdctl.8.gz
%if 0%{?fedora}
%{_unitdir}/%{name}-iked.service
%{_unitdir}/%{name}-spmd.service
%endif
%dir %{_var}/run/%{name}

%files sysvinit
%{_initddir}/%{name}-iked
%{_initddir}/%{name}-spmd

%post
if [ ! -e "%{_sysconfdir}/%{name}/spmd.pwd" ]; then
    pwgen > %{_sysconfdir}/%{name}/spmd.pwd
    chmod 600 %{_sysconfdir}/%{name}/spmd.pwd
fi
%if 0%{?fedora}
if [ $1 -eq 1 ] ; then 
    # Initial installation 
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%endif

%preun
%if 0%{?fedora}
if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
    /bin/systemctl --no-reload disable %{name}-spmd.service > /dev/null 2>&1 || :
    /bin/systemctl --no-reload disable %{name}-iked.service > /dev/null 2>&1 || :
    /bin/systemctl stop %{name}-spmd.service > /dev/null 2>&1 || :
    /bin/systemctl stop %{name}-iked.service > /dev/null 2>&1 || :
fi
%endif

%postun
%if 0%{?fedora}
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
    # Package upgrade, not uninstall
    /bin/systemctl try-restart %{name}-spmd.service >/dev/null 2>&1 || :
    /bin/systemctl try-restart %{name}-iked.service >/dev/null 2>&1 || :
fi
%endif

%changelog
* Sun Jan 01 2012 Pavel Šimerda <pavlix@pavlix.net - 20100526a-12
- Added conditionals to build on epel6
- Fixed macro usage: initrddir to initddir 

* Fri Dec 30 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-11
- Removed -fno-strict-aliasing
- Removed -D_GNU_SOURCE=1
- Added rationale for --disable-kinkd and --disable-pedant
- Removed @prefix@ from configuration files (patch)

* Thu Dec 29 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-10
- Added pwgen dependency
- Moved various inline fixes from specfile to patches
- Fixed racoon2 configuration path (/etc/racoon2)

* Wed Dec 07 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-9
- Incorporated more rpmlint feedback
- Directories are now specified by macros
- Added systemd scriptlets
- Added needed /var/run/racoon2 directory
- Added directories to %files section

* Wed Nov 09 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-8
- Incorporated rpmlint feedback

* Wed Nov 09 2011 Pavel Šimerda <pavlix@pavlix.net> - 20100526a-7
- Experimental build for packaging