Name: strongswan Version: 6.0.2 Release: 1%{?dist} Summary: IPsec-based VPN solution focused on security and ease of use License: GPLv2+ URL: https://www.strongswan.org/ Source0: https://download.strongswan.org/%{name}-%{version}.tar.bz2 BuildRequires: gcc BuildRequires: make BuildRequires: gmp-devel BuildRequires: openssl-devel BuildRequires: curl-devel BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros BuildRequires: pam-devel BuildRequires: sqlite-devel BuildRequires: iptables-devel BuildRequires: libcap-devel BuildRequires: libnl3-devel BuildRequires: ldns-devel BuildRequires: unbound-devel BuildRequires: json-c-devel Requires: gmp Requires: openssl Requires: sqlite Requires: iptables Requires: systemd %description StrongSwan is an OpenSource IPsec-based VPN solution for Linux. It supports IKEv1 and IKEv2 key exchange protocols, authentication based on X.509 certificates or pre-shared keys, and various virtual IP and configuration attribute exchange methods. %prep %setup -q %build # Adjust compiler flags to avoid format-security errors export CFLAGS="%{optflags} -Wno-error=format-security -Wno-error=format -Wformat" export CXXFLAGS="%{optflags} -Wno-error=format-security -Wno-error=format -Wformat" %configure \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir} \ --libdir=%{_libdir} \ --libexecdir=%{_libexecdir} \ --with-systemdsystemunitdir=%{_unitdir} \ --enable-systemd \ --enable-openssl \ --enable-curl \ --enable-sqlite \ --enable-attr \ --enable-cmd \ --enable-dhcp \ --enable-eap-aka \ --enable-eap-aka-3gpp2 \ --enable-eap-dynamic \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-mschapv2 \ --enable-eap-peap \ --enable-eap-radius \ --enable-eap-sim \ --enable-eap-sim-file \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ --enable-eap-simaka-sql \ --enable-eap-tls \ --enable-eap-tnc \ --enable-eap-ttls \ --enable-ext-auth \ --enable-farp \ --enable-files \ --enable-ipseckey \ --enable-led \ --enable-lookip \ --enable-radattr \ --enable-sql \ --enable-unity \ --enable-vici \ --enable-xauth-eap \ --enable-xauth-generic \ --enable-xauth-noauth \ --enable-xauth-pam \ --enable-pkcs11 \ --disable-tpm \ --disable-tss-tss2 \ --disable-static \ --disable-mysql \ --disable-ldap \ --disable-nm \ --disable-warnings \ --disable-werror make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT # Create necessary directories install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/strongswan.d install -d -m 755 $RPM_BUILD_ROOT%{_localstatedir}/lib/strongswan # Remove .la files find $RPM_BUILD_ROOT -type f -name "*.la" -delete # Create swanctl directories install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/bliss install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/ecdsa install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/pkcs12 install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/pkcs8 install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/private install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/pubkey install -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/rsa install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509 install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509aa install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509ac install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509ca install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509crl install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/swanctl/x509ocsp %post %systemd_post strongswan.service %preun %systemd_preun strongswan.service %postun %systemd_postun_with_restart strongswan.service %files %license COPYING LICENSE %doc README AUTHORS NEWS TODO %config(noreplace) %{_sysconfdir}/strongswan.conf %config(noreplace) %{_sysconfdir}/strongswan.d/ %config(noreplace) %{_sysconfdir}/swanctl/swanctl.conf %dir %{_sysconfdir}/swanctl %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/bliss %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/ecdsa %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/pkcs12 %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/pkcs8 %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/private %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/pubkey %dir %attr(0750, root, root) %{_sysconfdir}/swanctl/rsa %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509 %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509aa %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509ac %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509ca %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509crl %dir %attr(0755, root, root) %{_sysconfdir}/swanctl/x509ocsp %{_sbindir}/charon-cmd %{_sbindir}/charon-systemd %{_sbindir}/swanctl %{_bindir}/pki %{_bindir}/pt-tls-client %{_libdir}/ipsec/ %{_libexecdir}/ipsec/ %{_datadir}/strongswan/ %{_mandir}/man1/*.1* %{_mandir}/man5/*.5* %{_mandir}/man8/*.8* %{_unitdir}/strongswan.service %dir %{_localstatedir}/lib/strongswan %exclude %{_libdir}/debug/* %exclude /usr/lib/debug/* %changelog * Wed Aug 27 2025 Chris Morrison - 6.0.2 - Initial RPM build for Amazon Linux 2023