/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Annotation of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 333459 - (hide annotations) (download)
Thu Dec 20 20:48:04 2012 UTC (11 years, 4 months ago) by kamil
File size: 14666 byte(s) 
SILENT : fix Reease
1 ennael 50066 %define debug_package %{nil}
2    
3 kamil 333436 %define version_major 4.5
4     %define version_minor 10.1
5 ennael 50066 %define version %{version_major}.%{version_minor}
6     %define version_main %{version}
7     %define version_lite %{version}
8     %define ipv6_ver %{version}
9     %define ipv6_lite_ver %{version}
10 kamil 333436 %define sha1sums_ver %{version}
11     %define ftp_ver %{version_major}.10
12     %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}
13 ennael 50066
14     %define name6 %{name}6
15    
16     Summary: Iptables-based firewall for Linux systems
17     Name: shorewall
18     Version: %{version}
19 kamil 333459 Release: %mkrel 1
20 kamil 222372 License: GPLv2+ and LGPLv2.1+
21 ennael 50066 Group: System/Servers
22     URL: http://www.shorewall.net/
23 kamil 333436 Source0: %ftp_path/%{name}-%{version}.tar.bz2
24 ennael 50066 Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
25     Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
26     Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
27     Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
28     Source5: %ftp_path/%{sha1sums_ver}.sha1sums
29     Patch0: %{name}-common-4.2.5-init-script.patch
30     Patch1: %{name}-lite-4.2.5-init-script.patch
31     Patch2: %{name6}-4.2.5-init-script.patch
32     Patch3: %{name6}-lite-4.2.5-init-script.patch
33 alien 229827 Patch4: %{name}-4.4.23-allow-netmask-0.patch
34 kamil 333449 Requires: iptables
35 ennael 50066 Requires: iproute2
36 tmb 94462 Requires: dash
37 ennael 50066 Requires(post): rpm-helper
38 ahmad 105489 Requires(preun): rpm-helper
39 ennael 50066 BuildConflicts: apt-common
40     BuildArch: noarch
41    
42     %description
43     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
44     (iptables) based firewall that can be used on a dedicated firewall system,
45     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
46    
47     %package ipv6
48     Summary: IPv6 capable Shorewall
49     Group: System/Servers
50     Requires: %{name} = %{version}-%{release}
51     Requires: iptables-ipv6
52     Requires: iproute2
53     Requires(post): rpm-helper
54     Requires(preun): rpm-helper
55    
56     %description ipv6
57     An IPv6 enabled and capable Shoreline Firewall.
58    
59     %package ipv6-lite
60     Summary: Lite version of ipv6 shorewall
61     Group: System/Servers
62     Requires: %{name}-ipv6 = %{version}-%{release}
63     Requires(post): rpm-helper
64     Requires(preun): rpm-helper
65    
66     %description ipv6-lite
67     Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
68     network administrators to centralize the configuration of Shorewall-based
69     firewalls.
70    
71     %package lite
72     Summary: Lite version of shorewall
73     Group: System/Servers
74     Requires: %{name} = %{version}-%{release}
75     Requires(post): rpm-helper
76     Requires(preun): rpm-helper
77    
78     %description lite
79     Shorewall Lite is a companion product to Shorewall that allows network
80     administrators to centralize the configuration of Shorewall-based firewalls.
81    
82     %package doc
83     Summary: Firewall scripts
84     Group: System/Servers
85    
86     %description doc
87     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
88     (iptables) based firewall that can be used on a dedicated firewall system,
89     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
90    
91     This package contains the docs.
92    
93     %prep
94     %setup -q -c -n %{name}-%{version}
95     %setup -q -T -D -a 1
96     %setup -q -T -D -a 2
97     %setup -q -T -D -a 3
98     %setup -q -T -D -a 4
99    
100     pushd %{name}-%{version_main}
101     %patch0 -p1 -b .init
102 alien 229827 %patch4 -p1 -b .allow-netmask-0
103 ennael 50066 popd
104    
105     pushd %{name}-lite-%{version_lite}
106     %patch1 -p1 -b .initlite
107     popd
108    
109     pushd %{name6}-%{ipv6_ver}
110     %patch2 -p1 -b .init6
111     popd
112    
113     pushd %{name6}-lite-%{ipv6_lite_ver}
114     %patch3 -p1 -b .init6lite
115     popd
116    
117     %build
118     # (tpg) we do nothing here
119    
120     %install
121     export PREFIX=%{buildroot}
122     export OWNER=`id -n -u`
123     export GROUP=`id -n -g`
124     export DEST=%{_initrddir}
125    
126     pushd %{name}-%{version_main}
127     export CONFDIR=%{_sysconfdir}/%{name}
128     # (blino) enable startup (new setting as of 2.1.3)
129     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
130    
131     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
132     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
133    
134     # blank Internal option
135     perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
136    
137     # (tpg) use perl compiler
138     perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
139    
140     # (tpg) do the optimizations
141     perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
142    
143     # (tpg) enable IPv6
144     perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
145    
146     # (tpg) set config path
147     perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
148    
149 lmenut 189975 # (lmenut) mga kernel modules are compressed by default (mga #1147)
150 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
151 lmenut 189975
152 alien 229729 # (alien) have accounting by default in the mangle table
153     perl -pi -e 's#ACCOUNT_TABLE=.*#ACCOUNT_TABLE=mangle#' configfiles/%{name}.conf
154    
155 ennael 50066 # let's do the install
156     ./install.sh
157     popd
158    
159     #(tpg) IPv6
160     pushd %{name6}-%{ipv6_ver}
161     # (blino) enable startup (new setting as of 2.1.3)
162 lmenut 189975 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
163 ennael 50066 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
164 lmenut 189975 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
165     # (lmenut) mga kernel modules are compressed by default (mga #1147)
166 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
167 ennael 50066
168     ./install.sh
169     popd
170    
171     pushd %{name6}-lite-%{ipv6_lite_ver}
172     ./install.sh
173     popd
174    
175     pushd %{name}-lite-%{version_lite}
176     ./install.sh
177     popd
178    
179     # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
180     # startup script by RPM. This automatic replacement is broken.
181     export DONT_GPRINTIFY=1
182    
183     #(tpg) looks like these files are needed
184     touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
185     touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
186    
187     #(tpg) ipv6
188     touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
189     touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
190    
191     #(tpg) remove hash-bang
192     find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
193    
194     # (tpg) let's use dash everywhere!
195     find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
196    
197 ennael 50105 #remove unused files because of %exclude misbehaviour
198     rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
199     rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
200    
201 ennael 50066 %post
202 blino 225082 if [ "$1" -ge 1 ] ; then
203 lmenut 209011 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
204     perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
205 lmenut 193495 fi
206 ennael 50066 %_post_service shorewall
207    
208     %create_ghostfile %{_var}/lib/%{name}/chains root root 644
209     %create_ghostfile %{_var}/lib/%{name}/nat root root 644
210     %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
211     %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
212     %create_ghostfile %{_var}/lib/%{name}/zones root root 644
213     %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
214     %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
215     %create_ghostfile %{_var}/lib/%{name}/state root root 644
216     %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
217     %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
218     %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
219     %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
220     %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
221     %create_ghostfile %{_var}/lib/%{name}/.start root root 700
222    
223     %preun
224     %_preun_service %{name}
225     if [ $1 = 0 ] ; then
226 kamil 222372 rm -f %{_sysconfdir}/%{name}/startup_disabled
227     rm -f %{_var}/lib/%{name}/*
228 ennael 50066 fi
229    
230     %post lite
231     %_post_service %{name}-lite
232     %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
233    
234     %preun lite
235     %_preun_service %{name}-lite
236    
237     %post ipv6
238 lmenut 193495 if [ $1 > 1 ] ; then
239 lmenut 209012 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
240     perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
241 lmenut 193495 fi
242 ennael 50066 %_post_service %{name6}
243    
244     %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
245     %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
246     %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
247     %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
248     %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
249     %create_ghostfile %{_var}/lib/%{name6}/state root root 644
250     %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
251     %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
252     %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
253     %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
254     %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
255     %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
256    
257     %preun ipv6
258     %_preun_service %{name6}
259     if [ $1 = 0 ] ; then
260 kamil 222372 rm -f %{_sysconfdir}/%{name6}/startup_disabled
261     rm -f %{_var}/lib/%{name6}/*
262 ennael 50066 fi
263    
264     %post ipv6-lite
265     %_post_service %{name6}-lite
266     %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
267    
268     %preun ipv6-lite
269     %_preun_service %{name6}-lite
270    
271     %files
272 kamil 333442 %doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
273 ennael 50066 %dir %{_sysconfdir}/%{name}
274     %dir %{_datadir}/%{name}
275     %dir %attr(755,root,root) %{_var}/lib/%{name}
276     %ghost %{_var}/lib/%{name}/*
277     %ghost %{_var}/lib/%{name}/.??*
278     %config %{_sysconfdir}/logrotate.d/%{name}
279     %attr(700,root,root) %{_initrddir}/%{name}
280     %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
281     %attr(755,root,root) /sbin/%{name}
282     %{_datadir}/%{name}/action*
283     %{_datadir}/%{name}/configpath
284     %{_datadir}/%{name}/functions
285 ahmad 90647 %{_datadir}/%{name}/getparams
286 ennael 50066 %{_datadir}/%{name}/helpers
287     %{_datadir}/%{name}/lib.*
288     %{_datadir}/%{name}/macro.*
289 ahmad 90647 %{_datadir}/%{name}/modules*
290 ennael 50066 %{_datadir}/%{name}/version
291     %{_datadir}/%{name}/wait4ifup
292     %{_mandir}/man5/%{name}-accounting.5.*
293     %{_mandir}/man5/%{name}-actions.5.*
294     %{_mandir}/man5/%{name}-blacklist.5.*
295     %{_mandir}/man5/%{name}-ecn.5.*
296     %{_mandir}/man5/%{name}-exclusion.5.*
297     %{_mandir}/man5/%{name}-hosts.5.*
298     %{_mandir}/man5/%{name}-interfaces.5.*
299 ahmad 90647 %{_mandir}/man5/%{name}-ipsets.5.*
300 ennael 50066 %{_mandir}/man5/%{name}-maclist.5.*
301     %{_mandir}/man5/%{name}-masq.5.*
302     %{_mandir}/man5/%{name}-modules.5.*
303     %{_mandir}/man5/%{name}-nat.5.*
304     %{_mandir}/man5/%{name}-nesting.5.*
305     %{_mandir}/man5/%{name}-notrack.5.*
306     %{_mandir}/man5/%{name}-netmap.5.*
307     %{_mandir}/man5/%{name}-params.5.*
308     %{_mandir}/man5/%{name}-policy.5.*
309     %{_mandir}/man5/%{name}-providers.5.*
310     %{_mandir}/man5/%{name}-proxyarp.5.*
311     %{_mandir}/man5/%{name}-route_rules.5.*
312 ahmad 90647 %{_mandir}/man5/%{name}-routes.5.*
313 ennael 50066 %{_mandir}/man5/%{name}-routestopped.5.*
314     %{_mandir}/man5/%{name}-rules.5.*
315 ahmad 90647 %{_mandir}/man5/%{name}-secmarks.5.*
316 ennael 50066 %{_mandir}/man5/%{name}-tcclasses.5.*
317     %{_mandir}/man5/%{name}-tcinterfaces.5.*
318     %{_mandir}/man5/%{name}-tcpri.5.*
319     %{_mandir}/man5/%{name}-tcdevices.5.*
320     %{_mandir}/man5/%{name}-tcfilters.5.*
321     %{_mandir}/man5/%{name}-tcrules.5.*
322     %{_mandir}/man5/%{name}-tos.5.*
323     %{_mandir}/man5/%{name}-tunnels.5.*
324     %{_mandir}/man5/%{name}-vardir.5.*
325     %{_mandir}/man5/%{name}-zones.5.*
326     %{_mandir}/man5/%{name}.conf.5.*
327     %{_mandir}/man8/%{name}.8.*
328     %{_mandir}/man8/%{name}-init.8.*
329 tv 142806 %dir %{_datadir}/shorewall/Shorewall
330 ennael 50066 %{_datadir}/shorewall/Shorewall/*.pm
331     %{_datadir}/shorewall/compiler.pl
332     %{_datadir}/shorewall/prog.footer
333     %{_datadir}/shorewall/prog.header
334    
335     %files ipv6
336     %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
337     %dir %{_sysconfdir}/%{name6}
338     %dir %{_datadir}/%{name6}
339     %dir %attr(755,root,root) %{_var}/lib/%{name6}
340     %ghost %{_var}/lib/%{name6}/*
341     %ghost %{_var}/lib/%{name6}/.??*
342     %attr(700,root,root) %{_initrddir}/%{name6}
343     %config(noreplace) %{_sysconfdir}/%{name6}/*
344     %config %{_sysconfdir}/logrotate.d/%{name6}
345     %attr(755,root,root) /sbin/%{name6}
346     %{_datadir}/%{name6}/action*
347     %{_datadir}/%{name}/prog.footer6
348     %{_datadir}/%{name}/prog.header6
349     %{_datadir}/%{name6}/configpath
350     %{_datadir}/%{name6}/functions
351     %{_datadir}/%{name6}/helpers
352     %{_datadir}/%{name6}/lib.*
353     %{_datadir}/%{name6}/macro.*
354 ahmad 90647 %{_datadir}/%{name6}/modules*
355 ennael 50066 %{_datadir}/%{name6}/version
356     %{_datadir}/%{name6}/wait4ifup
357     %{_mandir}/man5/%{name6}-accounting.5.*
358     %{_mandir}/man5/%{name6}-actions.5.*
359     %{_mandir}/man5/%{name6}-blacklist.5.*
360     %{_mandir}/man5/%{name6}-exclusion.5.*
361     %{_mandir}/man5/%{name6}-hosts.5.*
362     %{_mandir}/man5/%{name6}-interfaces.5.*
363 tv 142806 %{_mandir}/man5/%{name6}-ipsets.5.*
364 ennael 50066 %{_mandir}/man5/%{name6}-maclist.5.*
365     %{_mandir}/man5/%{name6}-modules.5.*
366     %{_mandir}/man5/%{name6}-nesting.5.*
367     %{_mandir}/man5/%{name6}-notrack.5.*
368     %{_mandir}/man5/%{name6}-params.5.*
369     %{_mandir}/man5/%{name6}-policy.5.*
370     %{_mandir}/man5/%{name6}-providers.5.*
371 ahmad 90647 %{_mandir}/man5/%{name6}-proxyndp.5.*
372 ennael 50066 %{_mandir}/man5/%{name6}-route_rules.5.*
373 ahmad 90647 %{_mandir}/man5/%{name6}-routes.5.*
374 ennael 50066 %{_mandir}/man5/%{name6}-routestopped.5.*
375     %{_mandir}/man5/%{name6}-rules.5.*
376 ahmad 90647 %{_mandir}/man5/%{name6}-secmarks.5.*
377 ennael 50066 %{_mandir}/man5/%{name6}-tcclasses.5.*
378     %{_mandir}/man5/%{name6}-tcdevices.5.*
379 ahmad 90647 %{_mandir}/man5/%{name6}-tcfilters.5.*
380 ennael 50066 %{_mandir}/man5/%{name6}-tcinterfaces.5.*
381     %{_mandir}/man5/%{name6}-tcpri.5.*
382     %{_mandir}/man5/%{name6}-tcrules.5.*
383     %{_mandir}/man5/%{name6}-tos.5.*
384     %{_mandir}/man5/%{name6}-tunnels.5.*
385     %{_mandir}/man5/%{name6}-vardir.5.*
386     %{_mandir}/man5/%{name6}-zones.5.*
387     %{_mandir}/man5/%{name6}.conf.5.*
388     %{_mandir}/man8/%{name6}.8.*
389    
390     %files lite
391     %doc %{name}-lite-%{version_lite}/*.txt
392     %dir %{_datadir}/%{name}-lite
393     %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
394     %ghost %{_var}/lib/%{name}-lite/*
395     %attr(700,root,root) %{_initrddir}/%{name}-lite
396     %config(noreplace) %{_sysconfdir}/%{name}-lite/*
397     %config %{_sysconfdir}/logrotate.d/%{name}-lite
398     %attr(755,root,root) /sbin/%{name}-lite
399     %{_datadir}/%{name}-lite/configpath
400     %{_datadir}/%{name}-lite/functions
401 ahmad 90647 %{_datadir}/%{name}-lite/helpers
402 ennael 50066 %{_datadir}/%{name}-lite/lib.*
403 ahmad 90647 %{_datadir}/%{name}-lite/modules*
404 ennael 50066 %{_datadir}/%{name}-lite/shorecap
405     %{_datadir}/%{name}-lite/version
406     %{_datadir}/%{name}-lite/wait4ifup
407     %{_mandir}/man5/%{name}-lite*
408     %{_mandir}/man8/%{name}-lite*
409    
410     %files ipv6-lite
411     %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
412     %dir %{_datadir}/%{name6}-lite
413     %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
414     %ghost %{_var}/lib/%{name6}-lite/*
415     %attr(700,root,root) %{_initrddir}/%{name6}-lite
416     %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
417     %config %{_sysconfdir}/logrotate.d/%{name6}-lite
418     %attr(755,root,root) /sbin/%{name6}-lite
419     %{_datadir}/%{name6}-lite/configpath
420     %{_datadir}/%{name6}-lite/functions
421 ahmad 90647 %{_datadir}/%{name6}-lite/helpers
422 ennael 50066 %{_datadir}/%{name6}-lite/lib.*
423 ahmad 90647 %{_datadir}/%{name6}-lite/modules*
424 ennael 50066 %{_datadir}/%{name6}-lite/shorecap
425     %{_datadir}/%{name6}-lite/version
426     %{_datadir}/%{name6}-lite/wait4ifup
427     %{_mandir}/man5/%{name6}-lite*
428     %{_mandir}/man8/%{name6}-lite*
429    
430     %files doc
431     %doc %{name}-docs-html-%{version}/*
  ViewVC Help
Powered by ViewVC 1.1.30