最新版の strongswan 5.7.0 をリビルドします。

また、リビルドを実行するにはこちらのサイトを参照して

環境を構築後に実施する必要があります

更に、以下の方法でリビルドします。

①.SOURCES の場所に移動します。

cd ~/rpm/SOURCES

②.strongswan-5.7.0.tar.bz2 をダウンロードします。

wget https://download.strongswan.org/strongswan-5.7.0.tar.bz2

③.strongswan.spec の場所に移動する。

cd ~/rpm/SPECS

④.strongswan.spec を編集します。

vi strongswan.spec

⑤.strongswan.spec に記入します。

%global _hardened_build 1
# When packaging pre-release snapshots:
# 1) Please use 0.x in the release to maintain the correct package version
# order.
# 2) Please use the following define (with a percent sign and the appropriate
# prerelease tag):
#%%define prerelease dr1

Name:           strongswan
Release:        1%{?dist}
Version:        5.7.0
Summary:        An OpenSource IPsec-based VPN and TNC solution
Group:          System Environment/Daemons
License:        GPLv2+
URL:            http://www.strongswan.org/
Source0:        http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2
# Initscript for epel6
Source1:        %{name}.sysvinit
# Use RTLD_GLOBAL when loading plugins and link them to libstrongswan
#
# The patch hasn't been accepted upstream because of insufficient
# information from the author. This situation needs to be fixed or
# the patch needs to be removed to avoid diverging from upstream
# permanently.
#
# http://wiki.strongswan.org/issues/538
#
# Removing the patch from the build as I repeatedly requested that it should be
# upstreamed. No comment has been added to the upstream bug report. Nothing
# has been done towards the goal of upstreaming the patch.
#
# See also:
#
#  * https://bugzilla.redhat.com/show_bug.cgi?id=1087437
#  * http://fedoraproject.org/wiki/Packaging:Guidelines#All_patches_should_have_an_upstream_bug_link_or_comment
#  * https://fedoraproject.org/wiki/Staying_close_to_upstream_projects
#
# The patches violated the packaging guidelines from the beginning so I took
# the initiative to merge them and submit them upstream. But I couldn't work
# with the upstream developers on the fix as I didn't have enough information
# about the use cases. Please cooperate with usptream and get the patch
# accepted. There's nothing Fedora specific in the patch.
#
#Patch1:         strongswan-5.1.1-plugins.patch
BuildRequires:  gmp-devel autoconf automake
BuildRequires:  curl-devel
BuildRequires:  openldap-devel
BuildRequires:  openssl-devel
#BuildRequires:  sqlite-devel
BuildRequires:  gettext-devel
BuildRequires:  trousers-devel
BuildRequires:  libxml2-devel
BuildRequires:  pam-devel
BuildRequires:  json-c-devel
BuildRequires:  libgcrypt-devel
#BuildRequires:  systemd-devel
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
BuildRequires:  NetworkManager-devel
BuildRequires:  NetworkManager-glib-devel
Obsoletes:      %{name}-NetworkManager < 0:5.0.4-5
BuildRequires:  systemd, systemd-devel
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%else
Obsoletes:      %{name}-NetworkManager < 0:5.0.0-3.git20120619
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
%endif

%description
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

%package libipsec
Summary: Strongswan's libipsec backend
Group: System Environment/Daemons
%description libipsec
The kernel-libipsec plugin provides an IPsec backend that works entirely
in userland, using TUN devices and its own IPsec implementation libipsec.

%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%package charon-nm
Summary:        NetworkManager plugin for Strongswan
Group:          System Environment/Daemons
%description charon-nm
NetworkManager plugin integrates a subset of Strongswan capabilities
to NetworkManager.
%endif

#%package sqlite
#Summary: SQLite support for strongSwan
#Requires: %{name} = %{version}-%{release}
#%description sqlite
#The sqlite plugin adds an SQLite database backend to strongSwan.

%package tnc-imcvs
Summary: Trusted network connect (TNC)'s IMC/IMV functionality
Group: Applications/System
Requires: %{name} = %{version}
#Requires: %{name}-sqlite = %{version}-%{release}
%description tnc-imcvs
This package provides Trusted Network Connect's (TNC) architecture support.
It includes support for TNC client and server (IF-TNCCS), IMC and IMV message
exchange (IF-M), interface between IMC/IMV and TNC client/server (IF-IMC
and IF-IMV). It also includes PTS based IMC/IMV for TPM based remote
attestation, SWID IMC/IMV, and OS IMC/IMV. It's IMC/IMV dynamic libraries
modules can be used by any third party TNC Client/Server implementation
possessing a standard IF-IMC/IMV interface. In addition, it implements
PT-TLS to support TNC over TLS.

%prep
%setup -q -n %{name}-%{version}%{?prerelease}

echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora

%build
autoreconf
# --with-ipsecdir moves internal commands to /usr/libexec/strongswan
# --bindir moves 'pki' command to /usr/libexec/strongswan
# See: http://wiki.strongswan.org/issues/552
%configure --disable-static \
    --with-ipsec-script=%{name} \
    --sysconfdir=%{_sysconfdir}/%{name} \
    --with-ipsecdir=%{_libexecdir}/%{name} \
    --bindir=%{_libexecdir}/%{name} \
    --with-ipseclibdir=%{_libdir}/%{name} \
    --with-fips-mode=2 \
    --with-tss=trousers \
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
    --enable-nm \
    --enable-systemd \
%endif
    --enable-openssl \
    --enable-unity \
    --enable-ctr \
    --enable-ccm \
    --enable-gcm \
    --enable-chapoly \
    --enable-md4 \
    --enable-gcrypt \
    --enable-newhope \
    --enable-xauth-eap \
    --enable-xauth-pam \
    --enable-xauth-noauth \
    --enable-eap-identity \
    --enable-eap-md5 \
    --enable-eap-gtc \
    --enable-eap-tls \
    --enable-eap-ttls \
    --enable-eap-peap \
    --enable-eap-mschapv2 \
    --enable-eap-tnc \
    --enable-eap-sim \
    --enable-eap-sim-file \
    --enable-eap-aka \
    --enable-eap-aka-3gpp \
    --enable-eap-aka-3gpp2 \
    --enable-eap-dynamic \
    --enable-eap-radius \
    --enable-ext-auth \
    --enable-ipseckey \
    --enable-pkcs11 \
    --enable-tpm \
    --enable-farp \
    --enable-dhcp \
    --enable-ha \
    --enable-led \
    --enable-sql \
    --enable-sqlite \
    --enable-tnc-ifmap \
    --enable-tnc-pdp \
    --enable-tnc-imc \
    --enable-tnc-imv \
    --enable-tnccs-20 \
    --enable-tnccs-11 \
    --enable-tnccs-dynamic \
    --enable-imc-test \
    --enable-imv-test \
    --enable-imc-scanner \
    --enable-imv-scanner  \
    --enable-imc-attestation \
    --enable-imv-attestation \
    --enable-imv-os \
    --enable-imc-os \
    --enable-imc-swid \
    --enable-imv-swid \
    --enable-imc-swima \
    --enable-imv-swima \
    --enable-imc-hcd \
    --enable-imv-hcd \
    --enable-curl \
    --enable-cmd \
    --enable-acert \
    --enable-aikgen \
    --enable-vici \
    --enable-swanctl \
    --enable-duplicheck \
%ifarch x86_64 %{ix86}
    --enable-aesni \
%endif
    --enable-kernel-libipsec

make %{?_smp_mflags}

%install
make install DESTDIR=%{buildroot}
# prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/%{name}[^\/]*$'; then
        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/%{name}_\1|'`"
    fi
done
# delete unwanted library files
rm %{buildroot}%{_libdir}/%{name}/*.so
find %{buildroot} -type f -name '*.la' -delete
# fix config permissions
chmod 644 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
# protect configuration from ordinary user's eyes
chmod 700 %{buildroot}%{_sysconfdir}/%{name}
# Create ipsec.d directory tree.
install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d
for i in aacerts acerts certs cacerts crls ocspcerts private reqs; do
    install -d -m 700 %{buildroot}%{_sysconfdir}/%{name}/ipsec.d/${i}
done

%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%else
install -D -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/%{name}
%endif

%post
/sbin/ldconfig
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_post %{name}.service
%else
/sbin/chkconfig --add %{name}
%endif

%preun
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_preun %{name}.service
%else
if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
    /sbin/service %{name} stop >/dev/null 2>&1
    /sbin/chkconfig --del %{name}
fi
%endif

%postun
/sbin/ldconfig
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%systemd_postun_with_restart %{name}.service
%else
%endif

%files
%doc README README.Fedora COPYING NEWS TODO
%config(noreplace) %{_sysconfdir}/%{name}
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-swanctl.service
%{_sbindir}/charon-systemd
%else
%{_initddir}/%{name}
%endif
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/*.so.*
%exclude %{_libdir}/%{name}/libimcv.so.*
%exclude %{_libdir}/%{name}/libtnccs.so.*
%exclude %{_libdir}/%{name}/libipsec.so.*
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/lib%{name}-*.so
%exclude %{_libdir}/%{name}/plugins/libstrongswan-sqlite.so
%exclude %{_libdir}/%{name}/plugins/libstrongswan-*tnc*.so
%exclude %{_libdir}/%{name}/plugins/libstrongswan-kernel-libipsec.so
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/_copyright
%{_libexecdir}/%{name}/_updown
%{_libexecdir}/%{name}/charon
%{_libexecdir}/%{name}/scepclient
%{_libexecdir}/%{name}/starter
%{_libexecdir}/%{name}/stroke
%{_libexecdir}/%{name}/_imv_policy
%{_libexecdir}/%{name}/imv_policy_manager
%{_libexecdir}/%{name}/pki
%{_libexecdir}/%{name}/aikgen
%{_sbindir}/charon-cmd
%{_sbindir}/%{name}
%{_sbindir}/swanctl
%{_mandir}/man?/%{name}_*.gz
%{_mandir}/man?/%{name}.*.gz
%{_datadir}/%{name}/templates/config/
%{_datadir}/%{name}/templates/database/

#%files sqlite
#%{_libdir}/%{name}/plugins/libstrongswan-sqlite.so

%files tnc-imcvs
%{_sbindir}/sw-collector
%{_sbindir}/sec-updater
%dir %{_libdir}/%{name}/imcvs
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/libimcv.so.*
%{_libdir}/%{name}/libtnccs.so.*
%{_libdir}/%{name}/libradius.so.*
%{_libdir}/%{name}/imcvs/imc-*.so
%{_libdir}/%{name}/imcvs/imv-*.so
%{_libdir}/%{name}/plugins/libstrongswan-*.so
%{_libexecdir}/%{name}/attest
%{_libexecdir}/%{name}/pt-tls-client
%{_libexecdir}/%{name}/duplicheck
%{_libexecdir}/%{name}/tpm_extendpcr
%dir %{_datadir}/strongswan/swidtag
%{_datadir}/strongswan/swidtag/*.swidtag

%files libipsec
%{_libdir}/%{name}/libipsec.so.*
%{_libdir}/%{name}/plugins/libstrongswan-kernel-libipsec.so

%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%files charon-nm
%doc COPYING
%{_libexecdir}/%{name}/charon-nm
%endif

⑥.リビルド開始

rpm -ba strongswan.spec > strongswan.log &

 

リビルド後

strongswan-5.7.0-1vl6.x86_64.rpm
strongswan-libipsec-5.7.0-1vl6.x86_64.rpm
strongswan-tnc-imcvs-5.7.0-1vl6.x86_64.rpm

無事、リビルドが完了する事が出来ました