/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Annotation of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 209011 - (hide annotations) (download)
Wed Feb 15 00:21:08 2012 UTC (12 years, 2 months ago) by lmenut
File size: 15387 byte(s) 
- allow loading of xz compressed kernel modules
1 ennael 50066 %define debug_package %{nil}
2    
3     %define version_major 4.4
4 tv 142806 %define version_minor 23.1
5 ennael 50066 %define version %{version_major}.%{version_minor}
6     %define version_main %{version}
7     %define version_lite %{version}
8     %define ipv6_ver %{version}
9     %define ipv6_lite_ver %{version}
10     %define sha1sums_ver %{version_main}
11 tv 142806 %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{version}
12 ennael 50066
13     %define name6 %{name}6
14    
15     Summary: Iptables-based firewall for Linux systems
16     Name: shorewall
17     Version: %{version}
18 lmenut 209011 Release: %mkrel 5
19 ennael 50066 License: GPLv2+
20     Group: System/Servers
21     URL: http://www.shorewall.net/
22     Source0: %ftp_path/%{name}-%{version_main}.tar.bz2
23     Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
24     Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
25     Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
26     Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
27     Source5: %ftp_path/%{sha1sums_ver}.sha1sums
28     Patch0: %{name}-common-4.2.5-init-script.patch
29     Patch1: %{name}-lite-4.2.5-init-script.patch
30     Patch2: %{name6}-4.2.5-init-script.patch
31     Patch3: %{name6}-lite-4.2.5-init-script.patch
32     Requires: iptables >= 1.4.1
33     Requires: iproute2
34 tmb 94462 Requires: dash
35 ennael 50066 Requires(post): rpm-helper
36 ahmad 105489 Requires(preun): rpm-helper
37 ennael 50066 Conflicts: shorewall < 4.0.7-1
38     BuildConflicts: apt-common
39     BuildArch: noarch
40     # since shorewall 4.4 we do not have common, shell and perl modules anymore
41     Obsoletes: shorewall-common
42     Obsoletes: shorewall-perl
43     Obsoletes: shorewall-shell
44    
45     %description
46     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
47     (iptables) based firewall that can be used on a dedicated firewall system,
48     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
49    
50     %package ipv6
51     Summary: IPv6 capable Shorewall
52     Group: System/Servers
53     Requires: %{name} = %{version}-%{release}
54     Requires: iptables-ipv6
55     Requires: iproute2
56     Requires(post): rpm-helper
57     Requires(preun): rpm-helper
58    
59     %description ipv6
60     An IPv6 enabled and capable Shoreline Firewall.
61    
62     %package ipv6-lite
63     Summary: Lite version of ipv6 shorewall
64     Group: System/Servers
65     Requires: %{name}-ipv6 = %{version}-%{release}
66     Requires(post): rpm-helper
67     Requires(preun): rpm-helper
68    
69     %description ipv6-lite
70     Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
71     network administrators to centralize the configuration of Shorewall-based
72     firewalls.
73    
74     %package lite
75     Summary: Lite version of shorewall
76     Group: System/Servers
77     Requires: %{name} = %{version}-%{release}
78     Requires(post): rpm-helper
79     Requires(preun): rpm-helper
80    
81     %description lite
82     Shorewall Lite is a companion product to Shorewall that allows network
83     administrators to centralize the configuration of Shorewall-based firewalls.
84    
85     %package doc
86     Summary: Firewall scripts
87     Group: System/Servers
88    
89     %description doc
90     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
91     (iptables) based firewall that can be used on a dedicated firewall system,
92     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
93    
94     This package contains the docs.
95    
96     %prep
97     %setup -q -c -n %{name}-%{version}
98     %setup -q -T -D -a 1
99     %setup -q -T -D -a 2
100     %setup -q -T -D -a 3
101     %setup -q -T -D -a 4
102    
103     pushd %{name}-%{version_main}
104     %patch0 -p1 -b .init
105     popd
106    
107     pushd %{name}-lite-%{version_lite}
108     %patch1 -p1 -b .initlite
109     popd
110    
111     pushd %{name6}-%{ipv6_ver}
112     %patch2 -p1 -b .init6
113     popd
114    
115     pushd %{name6}-lite-%{ipv6_lite_ver}
116     %patch3 -p1 -b .init6lite
117     popd
118    
119     %build
120     # (tpg) we do nothing here
121    
122     %install
123     rm -rf %{buildroot}
124     export PREFIX=%{buildroot}
125     export OWNER=`id -n -u`
126     export GROUP=`id -n -g`
127     export DEST=%{_initrddir}
128    
129     pushd %{name}-%{version_main}
130     export CONFDIR=%{_sysconfdir}/%{name}
131     # (blino) enable startup (new setting as of 2.1.3)
132     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
133    
134     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
135     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
136    
137     # blank Internal option
138     perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
139    
140     # (tpg) use perl compiler
141     perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
142    
143     # (tpg) do the optimizations
144     perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
145    
146     # (tpg) enable IPv6
147     perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
148    
149     # (tpg) set config path
150     perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
151    
152 lmenut 189975 # (lmenut) mga kernel modules are compressed by default (mga #1147)
153 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
154 lmenut 189975
155 ennael 50066 # let's do the install
156     ./install.sh
157     popd
158    
159     #(tpg) IPv6
160     pushd %{name6}-%{ipv6_ver}
161     # (blino) enable startup (new setting as of 2.1.3)
162 lmenut 189975 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
163 ennael 50066 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
164 lmenut 189975 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
165     # (lmenut) mga kernel modules are compressed by default (mga #1147)
166 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
167 ennael 50066
168     ./install.sh
169     popd
170    
171     pushd %{name6}-lite-%{ipv6_lite_ver}
172     ./install.sh
173     popd
174    
175     pushd %{name}-lite-%{version_lite}
176     ./install.sh
177     popd
178    
179     # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
180     # startup script by RPM. This automatic replacement is broken.
181     export DONT_GPRINTIFY=1
182    
183     #(tpg) looks like these files are needed
184     touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
185     touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
186    
187     #(tpg) ipv6
188     touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
189     touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
190    
191     #(tpg) remove hash-bang
192     find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
193    
194     # (tpg) let's use dash everywhere!
195     find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
196    
197     # add information about 4.4.0 upgrade
198     cat > README.4.4.0.upgrade.urpmi << EOF
199     As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
200     were merged into a single shorewall package. Other notable changes in 4.4.0
201     version are:
202     - The support for shorewall-shell has been discontinued
203     - Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
204     has been removed.
205     - Support for norfc1918 and RFC1918_STRICT have been removed.
206     - The name 'any' is now reserved and may not be used as a zone name.
207    
208     If you were relying on those options, please review your shorewall
209     configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
210     for further instructions.
211     EOF
212    
213 ennael 50105 #remove unused files because of %exclude misbehaviour
214     rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
215     rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
216    
217    
218 ennael 50066 %clean
219     rm -rf %{buildroot}
220    
221     %post
222 lmenut 193495 if [ $1 > 1 ] ; then
223 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
224     perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
225 lmenut 193495 fi
226 ennael 50066 %_post_service shorewall
227    
228     %create_ghostfile %{_var}/lib/%{name}/chains root root 644
229     %create_ghostfile %{_var}/lib/%{name}/nat root root 644
230     %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
231     %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
232     %create_ghostfile %{_var}/lib/%{name}/zones root root 644
233     %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
234     %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
235     %create_ghostfile %{_var}/lib/%{name}/state root root 644
236     %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
237     %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
238     %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
239     %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
240     %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
241     %create_ghostfile %{_var}/lib/%{name}/.start root root 700
242    
243     %preun
244     %_preun_service %{name}
245     if [ $1 = 0 ] ; then
246     %{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
247     %{__rm} -f %{_var}/lib/%{name}/*
248     fi
249    
250     %post lite
251     %_post_service %{name}-lite
252     %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
253    
254     %preun lite
255     %_preun_service %{name}-lite
256    
257     %post ipv6
258 lmenut 193495 if [ $1 > 1 ] ; then
259     perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
260     fi
261 ennael 50066 %_post_service %{name6}
262    
263     %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
264     %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
265     %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
266     %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
267     %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
268     %create_ghostfile %{_var}/lib/%{name6}/state root root 644
269     %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
270     %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
271     %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
272     %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
273     %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
274     %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
275    
276     %preun ipv6
277     %_preun_service %{name6}
278     if [ $1 = 0 ] ; then
279     %{__rm} -f %{_sysconfdir}/%{name6}/startup_disabled
280     %{__rm} -f %{_var}/lib/%{name6}/*
281     fi
282    
283     %post ipv6-lite
284     %_post_service %{name6}-lite
285     %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
286    
287     %preun ipv6-lite
288     %_preun_service %{name6}-lite
289    
290     %files
291     %defattr(-,root,root)
292     %doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
293     %dir %{_sysconfdir}/%{name}
294     %dir %{_datadir}/%{name}
295     %dir %attr(755,root,root) %{_var}/lib/%{name}
296     %ghost %{_var}/lib/%{name}/*
297     %ghost %{_var}/lib/%{name}/.??*
298     %config %{_sysconfdir}/logrotate.d/%{name}
299     %attr(700,root,root) %{_initrddir}/%{name}
300     %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
301     %attr(755,root,root) /sbin/%{name}
302     %{_datadir}/%{name}/action*
303     %{_datadir}/%{name}/configpath
304     %{_datadir}/%{name}/functions
305 ahmad 90647 %{_datadir}/%{name}/getparams
306 ennael 50066 %{_datadir}/%{name}/helpers
307     %{_datadir}/%{name}/lib.*
308     %{_datadir}/%{name}/macro.*
309 ahmad 90647 %{_datadir}/%{name}/modules*
310 ennael 50066 %{_datadir}/%{name}/version
311     %{_datadir}/%{name}/wait4ifup
312     %{_mandir}/man5/%{name}-accounting.5.*
313     %{_mandir}/man5/%{name}-actions.5.*
314     %{_mandir}/man5/%{name}-blacklist.5.*
315     %{_mandir}/man5/%{name}-ecn.5.*
316     %{_mandir}/man5/%{name}-exclusion.5.*
317     %{_mandir}/man5/%{name}-hosts.5.*
318     %{_mandir}/man5/%{name}-interfaces.5.*
319 ahmad 90647 %{_mandir}/man5/%{name}-ipsets.5.*
320 ennael 50066 %{_mandir}/man5/%{name}-maclist.5.*
321     %{_mandir}/man5/%{name}-masq.5.*
322     %{_mandir}/man5/%{name}-modules.5.*
323     %{_mandir}/man5/%{name}-nat.5.*
324     %{_mandir}/man5/%{name}-nesting.5.*
325     %{_mandir}/man5/%{name}-notrack.5.*
326     %{_mandir}/man5/%{name}-netmap.5.*
327     %{_mandir}/man5/%{name}-params.5.*
328     %{_mandir}/man5/%{name}-policy.5.*
329     %{_mandir}/man5/%{name}-providers.5.*
330     %{_mandir}/man5/%{name}-proxyarp.5.*
331     %{_mandir}/man5/%{name}-route_rules.5.*
332 ahmad 90647 %{_mandir}/man5/%{name}-routes.5.*
333 ennael 50066 %{_mandir}/man5/%{name}-routestopped.5.*
334     %{_mandir}/man5/%{name}-rules.5.*
335 ahmad 90647 %{_mandir}/man5/%{name}-secmarks.5.*
336 ennael 50066 %{_mandir}/man5/%{name}-tcclasses.5.*
337     %{_mandir}/man5/%{name}-tcinterfaces.5.*
338     %{_mandir}/man5/%{name}-tcpri.5.*
339     %{_mandir}/man5/%{name}-tcdevices.5.*
340     %{_mandir}/man5/%{name}-tcfilters.5.*
341     %{_mandir}/man5/%{name}-tcrules.5.*
342     %{_mandir}/man5/%{name}-tos.5.*
343     %{_mandir}/man5/%{name}-tunnels.5.*
344     %{_mandir}/man5/%{name}-vardir.5.*
345     %{_mandir}/man5/%{name}-zones.5.*
346     %{_mandir}/man5/%{name}.conf.5.*
347     %{_mandir}/man8/%{name}.8.*
348     %{_mandir}/man8/%{name}-init.8.*
349 tv 142806 %dir %{_datadir}/shorewall/Shorewall
350 ennael 50066 %{_datadir}/shorewall/Shorewall/*.pm
351     %{_datadir}/shorewall/compiler.pl
352     %{_datadir}/shorewall/prog.footer
353     %{_datadir}/shorewall/prog.header
354    
355    
356     %files ipv6
357     %defattr(-,root,root)
358     %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
359     %dir %{_sysconfdir}/%{name6}
360     %dir %{_datadir}/%{name6}
361     %dir %attr(755,root,root) %{_var}/lib/%{name6}
362     %ghost %{_var}/lib/%{name6}/*
363     %ghost %{_var}/lib/%{name6}/.??*
364     %attr(700,root,root) %{_initrddir}/%{name6}
365     %config(noreplace) %{_sysconfdir}/%{name6}/*
366     %config %{_sysconfdir}/logrotate.d/%{name6}
367     %attr(755,root,root) /sbin/%{name6}
368     %{_datadir}/%{name6}/action*
369     %{_datadir}/%{name}/prog.footer6
370     %{_datadir}/%{name}/prog.header6
371     %{_datadir}/%{name6}/configpath
372     %{_datadir}/%{name6}/functions
373     %{_datadir}/%{name6}/helpers
374     %{_datadir}/%{name6}/lib.*
375     %{_datadir}/%{name6}/macro.*
376 ahmad 90647 %{_datadir}/%{name6}/modules*
377 ennael 50066 %{_datadir}/%{name6}/version
378     %{_datadir}/%{name6}/wait4ifup
379     %{_mandir}/man5/%{name6}-accounting.5.*
380     %{_mandir}/man5/%{name6}-actions.5.*
381     %{_mandir}/man5/%{name6}-blacklist.5.*
382     %{_mandir}/man5/%{name6}-exclusion.5.*
383     %{_mandir}/man5/%{name6}-hosts.5.*
384     %{_mandir}/man5/%{name6}-interfaces.5.*
385 tv 142806 %{_mandir}/man5/%{name6}-ipsets.5.*
386 ennael 50066 %{_mandir}/man5/%{name6}-maclist.5.*
387     %{_mandir}/man5/%{name6}-modules.5.*
388     %{_mandir}/man5/%{name6}-nesting.5.*
389     %{_mandir}/man5/%{name6}-notrack.5.*
390     %{_mandir}/man5/%{name6}-params.5.*
391     %{_mandir}/man5/%{name6}-policy.5.*
392     %{_mandir}/man5/%{name6}-providers.5.*
393 ahmad 90647 %{_mandir}/man5/%{name6}-proxyndp.5.*
394 ennael 50066 %{_mandir}/man5/%{name6}-route_rules.5.*
395 ahmad 90647 %{_mandir}/man5/%{name6}-routes.5.*
396 ennael 50066 %{_mandir}/man5/%{name6}-routestopped.5.*
397     %{_mandir}/man5/%{name6}-rules.5.*
398 ahmad 90647 %{_mandir}/man5/%{name6}-secmarks.5.*
399 ennael 50066 %{_mandir}/man5/%{name6}-tcclasses.5.*
400     %{_mandir}/man5/%{name6}-tcdevices.5.*
401 ahmad 90647 %{_mandir}/man5/%{name6}-tcfilters.5.*
402 ennael 50066 %{_mandir}/man5/%{name6}-tcinterfaces.5.*
403     %{_mandir}/man5/%{name6}-tcpri.5.*
404     %{_mandir}/man5/%{name6}-tcrules.5.*
405     %{_mandir}/man5/%{name6}-tos.5.*
406     %{_mandir}/man5/%{name6}-tunnels.5.*
407     %{_mandir}/man5/%{name6}-vardir.5.*
408     %{_mandir}/man5/%{name6}-zones.5.*
409     %{_mandir}/man5/%{name6}.conf.5.*
410     %{_mandir}/man8/%{name6}.8.*
411    
412     %files lite
413     %defattr(-,root,root)
414     %doc %{name}-lite-%{version_lite}/*.txt
415     %dir %{_datadir}/%{name}-lite
416     %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
417     %ghost %{_var}/lib/%{name}-lite/*
418     %attr(700,root,root) %{_initrddir}/%{name}-lite
419     %config(noreplace) %{_sysconfdir}/%{name}-lite/*
420     %config %{_sysconfdir}/logrotate.d/%{name}-lite
421     %attr(755,root,root) /sbin/%{name}-lite
422     %{_datadir}/%{name}-lite/configpath
423     %{_datadir}/%{name}-lite/functions
424 ahmad 90647 %{_datadir}/%{name}-lite/helpers
425 ennael 50066 %{_datadir}/%{name}-lite/lib.*
426 ahmad 90647 %{_datadir}/%{name}-lite/modules*
427 ennael 50066 %{_datadir}/%{name}-lite/shorecap
428     %{_datadir}/%{name}-lite/version
429     %{_datadir}/%{name}-lite/wait4ifup
430     %{_mandir}/man5/%{name}-lite*
431     %{_mandir}/man8/%{name}-lite*
432    
433     %files ipv6-lite
434     %defattr(-,root,root)
435     %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
436     %dir %{_datadir}/%{name6}-lite
437     %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
438     %ghost %{_var}/lib/%{name6}-lite/*
439     %attr(700,root,root) %{_initrddir}/%{name6}-lite
440     %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
441     %config %{_sysconfdir}/logrotate.d/%{name6}-lite
442     %attr(755,root,root) /sbin/%{name6}-lite
443     %{_datadir}/%{name6}-lite/configpath
444     %{_datadir}/%{name6}-lite/functions
445 ahmad 90647 %{_datadir}/%{name6}-lite/helpers
446 ennael 50066 %{_datadir}/%{name6}-lite/lib.*
447 ahmad 90647 %{_datadir}/%{name6}-lite/modules*
448 ennael 50066 %{_datadir}/%{name6}-lite/shorecap
449     %{_datadir}/%{name6}-lite/version
450     %{_datadir}/%{name6}-lite/wait4ifup
451     %{_mandir}/man5/%{name6}-lite*
452     %{_mandir}/man8/%{name6}-lite*
453    
454     %files doc
455     %defattr(-,root,root)
456     %doc %{name}-docs-html-%{version}/*
  ViewVC Help
Powered by ViewVC 1.1.30