diff --git a/.gitignore b/.gitignore
index 6ca1317..96f7b2b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1 @@
 /tcpcrypt-bb990b1bfb0e411f0613abdaf3b71fdce50a82cf.tar.gz
-/tcpcrypt-0.4.tar.gz
-/tcpcrypt-0.5.tar.gz
diff --git a/sources b/sources
index 6a603fb..d753f8c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tcpcrypt-0.5.tar.gz) = aa7068e24c16449e84cc06450bbbac0a245df4f7883eef3c5cc10afb3592f194d42103d06e3e072ad997d09835545fa71bfecd57209ee45c07433f64fb6f0048
+a664a62b58c891eb0b769234bab34a9b  tcpcrypt-bb990b1bfb0e411f0613abdaf3b71fdce50a82cf.tar.gz
diff --git a/tcpcrypt.spec b/tcpcrypt.spec
index 050228a..a34138d 100644
--- a/tcpcrypt.spec
+++ b/tcpcrypt.spec
@@ -1,27 +1,31 @@
 %global _hardened_build 1
-%global snapshot 0
+
+%global commit bb990b1bfb0e411f0613abdaf3b71fdce50a82cf
+%global shortcommit %(c=%{commit}; echo ${c:0:8})
+
+# Requested upstream to do proper release so we dont need auto* tools
+#  and we dont have github tar ball diffs
+# Reported old macro use AC_PROG_LIBTOOL https://github.com/scslab/tcpcrypt/pull/3
 
 Summary: Opportunistically encrypt TCP connections
 Name: tcpcrypt
-Version: 0.5
-Release: 19%{?dist}
-# Automatically converted from old format: BSD - review is highly recommended.
-License: LicenseRef-Callaway-BSD
+Version: 0.4
+Release: 0.4.%{shortcommit}%{?dist}
+Group: System Environment/Libraries
+License: BSD
 Url: http://tcpcrypt.org/
-Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz
+Source0: https://github.com/scslab/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz
 SOURCE1: tmpfiles-tcpcrypt.conf
 SOURCE2: tcpcryptd.service
 SOURCE3: tcpcryptd-firewall
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-BuildRequires: make
-BuildRequires:  gcc
 BuildRequires: openssl-devel libnetfilter_queue-devel libcap-devel
-BuildRequires: libnetfilter_conntrack-devel libpcap-devel
-BuildRequires: libtool autoconf automake
+BuildRequires: libtool, autoconf, automake
 BuildRequires: systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
+Requires(pre): shadow-utils
 
 %description
 Provides a protocol that attempts to encrypt (almost) all of your
@@ -32,6 +36,7 @@ end does not support
 
 %package devel
 Summary: Development package that includes the tcpcrypt header files
+Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 
 %description devel
@@ -39,25 +44,24 @@ The devel package contains the tcpcrypt library and the include files
 
 %package libs
 Summary: Libraries used by tcpcryptd server and tcpcrypt-aware applications
+Group: Applications/System
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
 
 %description libs
 Contains libraries used by tcpcryptd server and tcpcrypt-aware applications
 
 %prep
-%autosetup
-
-# Create a sysusers.d config file
-cat >tcpcrypt.sysusers.conf <<EOF
-u tcpcryptd - 'tcpcrypt daemon account' /var/run/tcpcryptd -
-EOF
+%setup -qn %{name}-%{commit}
 
 %build
-sh bootstrap.sh
+# git snapsots only
+./bootstrap.sh
 %configure --disable-static --disable-rpath
-%make_build
+make %{?_smp_mflags}
 
 %install
-%make_install
+make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
 install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}
 rm %{buildroot}%{_libdir}/*.la
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/tcpcryptd
@@ -65,16 +69,12 @@ install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf
 mkdir -p %{buildroot}%{_unitdir}
 install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service
 
-install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.conf
-
 %files libs
-%doc README.markdown
-%license LICENSE
+%doc README.markdown LICENSE
 %{_libdir}/libtcpcrypt.so.*
 
 %files
-%doc README.markdown
-%license LICENSE
+%doc README.markdown LICENSE
 %{_bindir}/tcnetstat
 %{_bindir}/tcpcryptd
 %{_bindir}/tcpcryptd-firewall
@@ -83,15 +83,20 @@ install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.co
 %attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf
 %attr(0644,root,root) %{_unitdir}/tcpcryptd.service
 %attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd
-%{_sysusersdir}/tcpcrypt.conf
 
 %files devel
 %{_libdir}/libtcpcrypt.so
 %dir %{_includedir}/tcpcrypt
 %{_includedir}/tcpcrypt/*.h
 
-%ldconfig_scriptlets libs
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
 
+%pre
+getent group tcpcryptd >/dev/null || groupadd -r tcpcryptd
+getent passwd tcpcryptd >/dev/null || \
+useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
+-c "tcpcrypt daemon account" tcpcrypt || exit 0
 
 %post
 %systemd_post tcpcryptd.service
@@ -103,93 +108,6 @@ install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.co
 %systemd_postun_with_restart tcpcryptd.service
 
 %changelog
-* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-19
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-18
-- Add sysusers.d config file to allow rpm to create users/groups automatically
-
-* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-17
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Wed Sep 04 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5-16
-- convert license to SPDX
-
-* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-12
-- remove bash-isms from tcpcryptd-firewall
-
-* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-11
-- remove broken firewalld service definition
-
-* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.5-7
-- Rebuilt with OpenSSL 3.0.0
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-5
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sun Aug 04 2019 Filipe Rosset <rosset.filipe@gmail.com> - 0.5-1
-- Update to 0.5 plus spec cleanup and modernization
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Sun Mar 06 2016 Paul Wouters <pwouters@redhat.com> - 0.4-1
-- Updated to 0.4
-- Resolves: rhbz#1213128 wrong user tcpcrypt
-- Resolves: rhbz#1312703 Package systemd ExecStartPre/ExecStopPost script broken
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-0.5.bb990b1b
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
 * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-0.4.bb990b1b
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 
diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall
index 33d1075..01f64f5 100755
--- a/tcpcryptd-firewall
+++ b/tcpcryptd-firewall
@@ -1,7 +1,6 @@
 #!/bin/sh
 
-# use iptables manually
-if [ "$1" = "start" ]
+if [ "$1" == "start" ]
 then
 	iptables -t raw -N tcpcrypt
 	iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
@@ -13,7 +12,7 @@ then
  
 	# launch `tcpcryptd` with `-x 0x10`
 fi
-if [ "$1" = "stop" ]
+if [ "$1" == "stop" ]
 then
 	iptables -t raw -F tcpcrypt
 	iptables -t raw -D PREROUTING -j tcpcrypt