strongSwan

Hello,

I'm maintaining Strongswan package for Fedora and we try hard to keep our packages without collisions. Moreover,
even if we have a collision and avoid installing both Strongswan and Openswan, we are getting into issues with
the SELinux policy that is written for Openswan.

Therefore we absolutely need to avoid file collisions to be able to use Strongswan in Fedora and Enterprise Linux
(through EPEL).

We already have a working package:

https://admin.fedoraproject.org/pkgdb/acls/name/strongswan

It's currently available for rawhide, fedora 17, fedora 16 and enterprise linux 6.

Right now we're passing the following to configure:

--sysconfdir=%{_sysconfdir}/%{name}
--with-ipsecdir=%{_libexecdir}/%{name}
--with-ipseclibdir=%{_libdir}/%{name}

This is OK.

But then we need this:

# rename ipsec to strongswan
mv %{buildroot}%{_sbindir}/{ipsec,%{name}}
mv %{buildroot}%{_mandir}/man8/{ipsec,strongswan}.8
# prefix man pages
for i in %{buildroot}%{_mandir}/*/*; do
    if echo "$i" | grep -vq '/strongswan[^\/]*$'; then
        mv "$i" "`echo "$i" | sed -re 's|/([^/]+)$|/strongswan_\1|'`" 
    fi
done

These are bad workaround that would be much better solved with a configure
option that would allow us to just tell strongswan is 'strongswan' and
not 'ipsec'.

And we also needed to fix the code:

Index: strongswan-4.6.1/src/pluto/kernel.c
===================================================================
--- strongswan-4.6.1.orig/src/pluto/kernel.c
+++ strongswan-4.6.1/src/pluto/kernel.c
@@ -247,7 +247,7 @@ static void escape_metachar(const char *
  */

 #ifndef DEFAULT_UPDOWN
-# define DEFAULT_UPDOWN "ipsec _updown" 
+# define DEFAULT_UPDOWN "strongswan _updown" 
 #endif

 static bool do_command(connection_t *c, struct spd_route *sr, struct state *st,

This would also be better handled by the same configure option.

(%{name} is replaced with 'strongswan')

Cheers,

Pavel