diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..f087b42
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.tar.gz filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1534ba5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.rpm
+*.log
+*spec-20*
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..913e7e7
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,21 @@
+# Makefile for source rpm: libreswan
+# $Id: Makefile,v 1.1 2021/03/01 10:43:03 brianr Exp $
+NAME := libreswan
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attept a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
diff --git a/README.md b/README.md
index 5f31333..e6f67af 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,9 @@
# libreswan
-3rd Party (Maintained by Koozali) git repo for libreswan smecontribs
\ No newline at end of file
+3rd Party (Maintained by Koozali) git repo for libreswan smecontribs
+
+## Description
+
+
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
+*Once it has been checked, then this comment will be deleted*
+
diff --git a/contriborbase b/contriborbase
new file mode 100644
index 0000000..9b7fd51
--- /dev/null
+++ b/contriborbase
@@ -0,0 +1 @@
+contribs10
diff --git a/ikev1_dsa.fax.bz2 b/ikev1_dsa.fax.bz2
new file mode 100644
index 0000000..eb1c5d8
Binary files /dev/null and b/ikev1_dsa.fax.bz2 differ
diff --git a/ikev1_psk.fax.bz2 b/ikev1_psk.fax.bz2
new file mode 100644
index 0000000..7f29d6c
Binary files /dev/null and b/ikev1_psk.fax.bz2 differ
diff --git a/ikev2.fax.bz2 b/ikev2.fax.bz2
new file mode 100644
index 0000000..43a0b40
Binary files /dev/null and b/ikev2.fax.bz2 differ
diff --git a/libreswan.spec b/libreswan.spec
new file mode 100644
index 0000000..2fea461
--- /dev/null
+++ b/libreswan.spec
@@ -0,0 +1,257 @@
+# These are rpm macros and are 0 or 1
+%global _hardened_build 1
+%global with_efence 0
+%global with_development 0
+%global with_cavstests 1
+# There is no new enough unbound on rhel7
+%global with_dnssec 0
+%global nss_version 3.79-4
+# Libreswan config options
+# For RHEL7 we need USE_NSS_KDF=false and USE_FIPSCHECK=true
+# Note that this means libreswan needs its own FIPS certification
+%global libreswan_config \\\
+ FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\
+ FINALMANDIR=%{_mandir} \\\
+ FINALNSSDIR=%{_sysconfdir}/ipsec.d \\\
+ INITSYSTEM=systemd \\\
+ PREFIX=%{_prefix} \\\
+ PYTHON_BINARY=%{__python2} \\\
+ SHELL_BINARY=/bin/sh \\\
+ USE_AUTHPAM=true \\\
+ USE_DNSSEC=%{USE_DNSSEC} \\\
+ USE_FIPSCHECK=true \\\
+ USE_LABELED_IPSEC=true \\\
+ USE_LDAP=true \\\
+ USE_LIBCAP_NG=true \\\
+ USE_LIBCURL=true \\\
+ USE_NM=true \\\
+ USE_NSS_IPSEC_PROFILE=true \\\
+ USE_NSS_KDF=false \\\
+ USE_SECCOMP=true \\\
+ USE_XFRM_INTERFACE_IFLA_HEADER=true \\\
+%{nil}
+
+#global prever dr1
+
+Name: libreswan
+Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
+Version: 4.15
+Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+License: GPLv2
+Url: https://libreswan.org/
+Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
+%if 0%{with_cavstests}
+Source10: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
+Source11: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
+Source12: https://download.libreswan.org/cavs/ikev2.fax.bz2
+%endif
+
+BuildRequires: gcc make
+BuildRequires: audit-libs-devel
+BuildRequires: bison
+BuildRequires: curl-devel
+BuildRequires: fipscheck-devel
+BuildRequires: flex
+BuildRequires: hostname
+BuildRequires: libcap-ng-devel
+BuildRequires: libevent-devel
+BuildRequires: libseccomp-devel
+BuildRequires: libselinux-devel
+BuildRequires: nspr-devel
+BuildRequires: nss-devel >= %{nss_version}
+BuildRequires: nss-tools
+BuildRequires: openldap-devel
+BuildRequires: pam-devel
+BuildRequires: pkgconfig
+BuildRequires: redhat-rpm-config
+BuildRequires: systemd-devel
+BuildRequires: xmlto
+%if 0%{with_efence}
+BuildRequires: ElectricFence
+%endif
+%if 0%{with_dnssec}
+BuildRequires: ldns-devel
+BuildRequires: unbound-devel >= 1.6.0
+Requires: unbound-libs >= 1.6.0
+%global USE_DNSSEC true
+%else
+%global USE_DNSSEC false
+%endif
+Requires: coreutils
+Requires: fipscheck%{_isa}
+Requires: iproute
+Requires: logrotate
+Requires: nss >= %{nss_version}
+Requires: nss-softokn
+Requires: nss-tools
+%{?systemd_requires}
+
+Conflicts: openswan < %{version}-%{release}
+Obsoletes: openswan < %{version}-%{release}
+Provides: openswan = %{version}-%{release}
+Provides: openswan-doc = %{version}-%{release}
+
+
+
+%description
+Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
+the Internet Protocol Security and uses strong cryptography to provide
+both authentication and encryption services. These services allow you
+to build secure tunnels through untrusted networks. Everything passing
+through the untrusted net is encrypted by the ipsec gateway machine and
+decrypted by the gateway at the other end of the tunnel. The resulting
+tunnel is a virtual private network or VPN.
+
+This package contains the daemons and userland tools for setting up
+Libreswan.
+
+Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
+
+Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
+
+%prep
+%setup -q -n libreswan-%{version}%{?prever}
+
+%build
+make %{?_smp_mflags} \
+%if 0%{with_development}
+ OPTIMIZE_CFLAGS="%{?_hardened_cflags}" \
+%else
+ OPTIMIZE_CFLAGS="%{optflags}" \
+%endif
+%if 0%{with_efence}
+ USE_EFENCE=true \
+%endif
+ USERLINK="%{?__global_ldflags}" \
+ WERROR_CFLAGS="-Werror -Wno-error=address -Wno-missing-braces -Wno-missing-field-initializers" \
+ %{libreswan_config} \
+ programs
+FS=$(pwd)
+
+# Add generation of HMAC checksums of the final stripped binaries
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/pluto
+%{nil}
+
+%install
+make \
+ DESTDIR=%{buildroot} \
+ %{libreswan_config} \
+ install
+FS=$(pwd)
+rm -rf %{buildroot}/usr/share/doc/libreswan
+rm -rf %{buildroot}%{_libexecdir}/ipsec/*check
+
+install -d -m 0755 %{buildroot}%{_rundir}/pluto
+install -d %{buildroot}%{_sbindir}
+
+install -d %{buildroot}%{_sysctldir}
+install -m 0644 packaging/rhel/libreswan-sysctl.conf \
+ %{buildroot}%{_sysctldir}/50-libreswan.conf
+
+mkdir -p %{buildroot}%{_libdir}/fipscheck
+install -d %{buildroot}%{_sysconfdir}/prelink.conf.d/
+install -m644 packaging/rhel/libreswan-prelink.conf \
+ %{buildroot}%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
+
+echo "include /etc/ipsec.d/*.secrets" \
+ > %{buildroot}%{_sysconfdir}/ipsec.secrets
+
+
+%if 0%{with_cavstests}
+%check
+# There is an elaborate upstream testing infrastructure which we do not
+# run here.
+# We only run the CAVS tests here.
+cp %{SOURCE10} %{SOURCE11} %{SOURCE12} .
+bunzip2 *.fax.bz2
+
+# work around for older xen based machines
+export NSS_DISABLE_HW_GCM=1
+
+: starting CAVS test for IKEv2
+%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax | \
+ diff -u ikev2.fax - > /dev/null
+: starting CAVS test for IKEv1 RSASIG
+%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax | \
+ diff -u ikev1_dsa.fax - > /dev/null
+: starting CAVS test for IKEv1 PSK
+%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax | \
+ diff -u ikev1_psk.fax - > /dev/null
+: CAVS tests passed
+
+# Some of these tests will show ERROR for negative testing - it will exit on real errors
+%{buildroot}%{_libexecdir}/ipsec/algparse -tp || { echo prooposal test failed; exit 1; }
+%{buildroot}%{_libexecdir}/ipsec/algparse -ta || { echo algorithm test failed; exit 1; }
+: Algorithm parser tests passed
+
+# self test for pluto daemon - this also shows which algorithms it allows in FIPS mode
+tmpdir=$(mktemp -d /tmp/libreswan-XXXXX)
+certutil -N -d sql:$tmpdir --empty-password
+%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir
+: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST
+
+%endif
+
+%post
+%systemd_post ipsec.service
+%sysctl_apply 50-libreswan.conf
+prelink -u %{_libexecdir}/ipsec/* 2>/dev/null || :
+
+%preun
+%systemd_preun ipsec.service
+
+%postun
+%systemd_postun_with_restart ipsec.service
+
+%files
+%license LICENSE COPYING
+%doc CHANGES CREDITS README*
+%doc docs/*.* docs/examples
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
+%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
+%attr(0644,root,root) %config(noreplace) %{_sysctldir}/50-libreswan.conf
+%attr(0755,root,root) %dir %{_rundir}/pluto
+%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf
+%attr(0644,root,root) %{_unitdir}/ipsec.service
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
+%config(noreplace) %{_sysconfdir}/logrotate.d/libreswan
+%{_sbindir}/ipsec
+%{_libexecdir}/ipsec
+%doc %{_mandir}/*/*
+%{_libdir}/fipscheck/pluto.hmac
+# We own the directory so we don't have to require prelink
+%dir %{_sysconfdir}/prelink.conf.d/
+%{_sysconfdir}/prelink.conf.d/libreswan-fips.conf
+
+%changelog
+* Thu Oct 09 2025 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+ by assuming the date is correct and changing the weekday.
+
+* Tue Apr 16 2024 John Crisp 4.15-2
+- build for Koozali Server
+- needs libreswan-prelink.conf adding to the tar
+
+* Mon Apr 15 2024 Team Libreswan - 4.15-1
+- Automated build from release tar ball
+
+* Wed Mar 13 2024 John Crisp 4.14-2
+- build for Koozali SME Server
+- needs libreswan-prelink.conf adding to the tar
+
+* Mon Mar 11 2024 Team Libreswan - 4.14-1
+- Automated build from release tar ball
+
+* Sat Feb 10 2024 John Crisp 4.12-2
+- build for Koozali SME Server
+- needs libreswan-sysctl.conf adding to the tar
+
+* Tue Aug 8 2023 Team Libreswan - 4.12-1
+- Automated build from release tar ball