/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Annotation of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 50105 - (hide annotations) (download)
Fri Feb 11 13:38:27 2011 UTC (13 years, 2 months ago) by ennael
File size: 14534 byte(s) 
remove unused files
1 ennael 50066 %define debug_package %{nil}
2    
3     %define version_major 4.4
4     %define version_minor 12.1
5     %define version %{version_major}.%{version_minor}
6     %define version_main %{version}
7     %define version_lite %{version}
8     %define ipv6_ver %{version}
9     %define ipv6_lite_ver %{version}
10     %define sha1sums_ver %{version_main}
11     %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{version}
12    
13     %define name6 %{name}6
14    
15     Summary: Iptables-based firewall for Linux systems
16     Name: shorewall
17     Version: %{version}
18     Release: %mkrel 1
19     License: GPLv2+
20     Group: System/Servers
21     URL: http://www.shorewall.net/
22     Source0: %ftp_path/%{name}-%{version_main}.tar.bz2
23     Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
24     Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
25     Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
26     Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
27     Source5: %ftp_path/%{sha1sums_ver}.sha1sums
28     Patch0: %{name}-common-4.2.5-init-script.patch
29     Patch1: %{name}-lite-4.2.5-init-script.patch
30     Patch2: %{name6}-4.2.5-init-script.patch
31     Patch3: %{name6}-lite-4.2.5-init-script.patch
32     # shorewall 4.4.0 does not adds comments at the end of the file
33     Patch4: %{name}-4.4.12.1-comment.patch
34     Patch5: %{name}-4.4.12.1-module_suffix.patch
35     Requires: iptables >= 1.4.1
36     Requires: iproute2
37     Requires(post): rpm-helper
38     Requires(preun): rpm-helper
39     Conflicts: shorewall < 4.0.7-1
40     BuildConflicts: apt-common
41     BuildArch: noarch
42     BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
43     # since shorewall 4.4 we do not have common, shell and perl modules anymore
44     Obsoletes: shorewall-common
45     Obsoletes: shorewall-perl
46     Obsoletes: shorewall-shell
47    
48     %description
49     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
50     (iptables) based firewall that can be used on a dedicated firewall system,
51     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
52    
53     %package ipv6
54     Summary: IPv6 capable Shorewall
55     Group: System/Servers
56     Requires: %{name} = %{version}-%{release}
57     Requires: iptables-ipv6
58     Requires: iproute2
59     Requires(post): rpm-helper
60     Requires(preun): rpm-helper
61    
62     %description ipv6
63     An IPv6 enabled and capable Shoreline Firewall.
64    
65     %package ipv6-lite
66     Summary: Lite version of ipv6 shorewall
67     Group: System/Servers
68     Requires: %{name}-ipv6 = %{version}-%{release}
69     Requires(post): rpm-helper
70     Requires(preun): rpm-helper
71    
72     %description ipv6-lite
73     Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
74     network administrators to centralize the configuration of Shorewall-based
75     firewalls.
76    
77     %package lite
78     Summary: Lite version of shorewall
79     Group: System/Servers
80     Requires: %{name} = %{version}-%{release}
81     Requires(post): rpm-helper
82     Requires(preun): rpm-helper
83    
84     %description lite
85     Shorewall Lite is a companion product to Shorewall that allows network
86     administrators to centralize the configuration of Shorewall-based firewalls.
87    
88     %package doc
89     Summary: Firewall scripts
90     Group: System/Servers
91    
92     %description doc
93     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
94     (iptables) based firewall that can be used on a dedicated firewall system,
95     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
96    
97     This package contains the docs.
98    
99     %prep
100     %setup -q -c -n %{name}-%{version}
101     %setup -q -T -D -a 1
102     %setup -q -T -D -a 2
103     %setup -q -T -D -a 3
104     %setup -q -T -D -a 4
105    
106     pushd %{name}-%{version_main}
107     %patch0 -p1 -b .init
108     %patch4 -p1 -b .comment
109     popd
110    
111     pushd %{name}-lite-%{version_lite}
112     %patch1 -p1 -b .initlite
113     popd
114    
115     pushd %{name6}-%{ipv6_ver}
116     %patch2 -p1 -b .init6
117     popd
118    
119     pushd %{name6}-lite-%{ipv6_lite_ver}
120     %patch3 -p1 -b .init6lite
121     popd
122    
123     # update module suffix for all directories
124     %patch5 -p0 -b .module_suffix
125    
126     %build
127     # (tpg) we do nothing here
128    
129     %install
130     rm -rf %{buildroot}
131     export PREFIX=%{buildroot}
132     export OWNER=`id -n -u`
133     export GROUP=`id -n -g`
134     export DEST=%{_initrddir}
135    
136     pushd %{name}-%{version_main}
137     export CONFDIR=%{_sysconfdir}/%{name}
138     # (blino) enable startup (new setting as of 2.1.3)
139     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
140    
141     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
142     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
143    
144     # blank Internal option
145     perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
146    
147     # (tpg) use perl compiler
148     perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
149    
150     # (tpg) do the optimizations
151     perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
152    
153     # (tpg) enable IPv6
154     perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
155    
156     # (tpg) set config path
157     perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
158    
159     # let's do the install
160     ./install.sh
161     popd
162    
163     #(tpg) IPv6
164     pushd %{name6}-%{ipv6_ver}
165     # (blino) enable startup (new setting as of 2.1.3)
166     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name6}.conf
167     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
168     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name6}.conf
169    
170     ./install.sh
171     popd
172    
173     pushd %{name6}-lite-%{ipv6_lite_ver}
174     ./install.sh
175     popd
176    
177     pushd %{name}-lite-%{version_lite}
178     ./install.sh
179     popd
180    
181     # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
182     # startup script by RPM. This automatic replacement is broken.
183     export DONT_GPRINTIFY=1
184    
185     #(tpg) looks like these files are needed
186     touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
187     touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
188    
189     #(tpg) ipv6
190     touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
191     touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
192    
193     #(tpg) remove hash-bang
194     find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
195    
196     # (tpg) let's use dash everywhere!
197     find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
198    
199     # add information about 4.4.0 upgrade
200     cat > README.4.4.0.upgrade.urpmi << EOF
201     As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
202     were merged into a single shorewall package. Other notable changes in 4.4.0
203     version are:
204     - The support for shorewall-shell has been discontinued
205     - Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
206     has been removed.
207     - Support for norfc1918 and RFC1918_STRICT have been removed.
208     - The name 'any' is now reserved and may not be used as a zone name.
209    
210     If you were relying on those options, please review your shorewall
211     configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
212     for further instructions.
213     EOF
214    
215 ennael 50105 #remove unused files because of %exclude misbehaviour
216     rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
217     rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
218    
219    
220 ennael 50066 %clean
221     rm -rf %{buildroot}
222    
223     %post
224     %_post_service shorewall
225    
226     %create_ghostfile %{_var}/lib/%{name}/chains root root 644
227     %create_ghostfile %{_var}/lib/%{name}/nat root root 644
228     %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
229     %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
230     %create_ghostfile %{_var}/lib/%{name}/zones root root 644
231     %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
232     %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
233     %create_ghostfile %{_var}/lib/%{name}/state root root 644
234     %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
235     %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
236     %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
237     %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
238     %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
239     %create_ghostfile %{_var}/lib/%{name}/.start root root 700
240    
241     %preun
242     %_preun_service %{name}
243     if [ $1 = 0 ] ; then
244     %{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
245     %{__rm} -f %{_var}/lib/%{name}/*
246     fi
247    
248     %post lite
249     %_post_service %{name}-lite
250     %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
251    
252     %preun lite
253     %_preun_service %{name}-lite
254    
255     %post ipv6
256     %_post_service %{name6}
257    
258     %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
259     %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
260     %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
261     %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
262     %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
263     %create_ghostfile %{_var}/lib/%{name6}/state root root 644
264     %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
265     %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
266     %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
267     %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
268     %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
269     %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
270    
271     %preun ipv6
272     %_preun_service %{name6}
273     if [ $1 = 0 ] ; then
274     %{__rm} -f %{_sysconfdir}/%{name6}/startup_disabled
275     %{__rm} -f %{_var}/lib/%{name6}/*
276     fi
277    
278     %post ipv6-lite
279     %_post_service %{name6}-lite
280     %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
281    
282     %preun ipv6-lite
283     %_preun_service %{name6}-lite
284    
285     %files
286     %defattr(-,root,root)
287     %doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
288     %dir %{_sysconfdir}/%{name}
289     %dir %{_datadir}/%{name}
290     %dir %attr(755,root,root) %{_var}/lib/%{name}
291     %ghost %{_var}/lib/%{name}/*
292     %ghost %{_var}/lib/%{name}/.??*
293     %config %{_sysconfdir}/logrotate.d/%{name}
294     %attr(700,root,root) %{_initrddir}/%{name}
295     %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
296     %attr(755,root,root) /sbin/%{name}
297     %{_datadir}/%{name}/action*
298     %{_datadir}/%{name}/configpath
299     %{_datadir}/%{name}/functions
300     %{_datadir}/%{name}/helpers
301     %{_datadir}/%{name}/lib.*
302     %{_datadir}/%{name}/macro.*
303     %{_datadir}/%{name}/modules
304     %{_datadir}/%{name}/version
305     %{_datadir}/%{name}/wait4ifup
306     %{_mandir}/man5/%{name}-accounting.5.*
307     %{_mandir}/man5/%{name}-actions.5.*
308     %{_mandir}/man5/%{name}-blacklist.5.*
309     %{_mandir}/man5/%{name}-ecn.5.*
310     %{_mandir}/man5/%{name}-exclusion.5.*
311     %{_mandir}/man5/%{name}-hosts.5.*
312     %{_mandir}/man5/%{name}-interfaces.5.*
313     %{_mandir}/man5/%{name}-maclist.5.*
314     %{_mandir}/man5/%{name}-masq.5.*
315     %{_mandir}/man5/%{name}-modules.5.*
316     %{_mandir}/man5/%{name}-nat.5.*
317     %{_mandir}/man5/%{name}-nesting.5.*
318     %{_mandir}/man5/%{name}-notrack.5.*
319     %{_mandir}/man5/%{name}-netmap.5.*
320     %{_mandir}/man5/%{name}-params.5.*
321     %{_mandir}/man5/%{name}-policy.5.*
322     %{_mandir}/man5/%{name}-providers.5.*
323     %{_mandir}/man5/%{name}-proxyarp.5.*
324     %{_mandir}/man5/%{name}-route_rules.5.*
325     %{_mandir}/man5/%{name}-routestopped.5.*
326     %{_mandir}/man5/%{name}-rules.5.*
327     %{_mandir}/man5/%{name}-tcclasses.5.*
328     %{_mandir}/man5/%{name}-tcinterfaces.5.*
329     %{_mandir}/man5/%{name}-tcpri.5.*
330     %{_mandir}/man5/%{name}-tcdevices.5.*
331     %{_mandir}/man5/%{name}-tcfilters.5.*
332     %{_mandir}/man5/%{name}-tcrules.5.*
333     %{_mandir}/man5/%{name}-tos.5.*
334     %{_mandir}/man5/%{name}-tunnels.5.*
335     %{_mandir}/man5/%{name}-vardir.5.*
336     %{_mandir}/man5/%{name}-zones.5.*
337     %{_mandir}/man5/%{name}.conf.5.*
338     %{_mandir}/man8/%{name}.8.*
339     %{_mandir}/man8/%{name}-init.8.*
340     %{_datadir}/shorewall/Shorewall/*.pm
341     %{_datadir}/shorewall/compiler.pl
342     %{_datadir}/shorewall/prog.footer
343     %{_datadir}/shorewall/prog.header
344    
345    
346     %files ipv6
347     %defattr(-,root,root)
348     %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
349     %dir %{_sysconfdir}/%{name6}
350     %dir %{_datadir}/%{name6}
351     %dir %attr(755,root,root) %{_var}/lib/%{name6}
352     %ghost %{_var}/lib/%{name6}/*
353     %ghost %{_var}/lib/%{name6}/.??*
354     %attr(700,root,root) %{_initrddir}/%{name6}
355     %config(noreplace) %{_sysconfdir}/%{name6}/*
356     %config %{_sysconfdir}/logrotate.d/%{name6}
357     %attr(755,root,root) /sbin/%{name6}
358     %{_datadir}/%{name6}/action*
359     %{_datadir}/%{name}/prog.footer6
360     %{_datadir}/%{name}/prog.header6
361     %{_datadir}/%{name6}/configpath
362     %{_datadir}/%{name6}/functions
363     %{_datadir}/%{name6}/helpers
364     %{_datadir}/%{name6}/lib.*
365     %{_datadir}/%{name6}/macro.*
366     %{_datadir}/%{name6}/modules
367     %{_datadir}/%{name6}/version
368     %{_datadir}/%{name6}/wait4ifup
369     %{_mandir}/man5/%{name6}-accounting.5.*
370     %{_mandir}/man5/%{name6}-actions.5.*
371     %{_mandir}/man5/%{name6}-blacklist.5.*
372     %{_mandir}/man5/%{name6}-exclusion.5.*
373     %{_mandir}/man5/%{name6}-hosts.5.*
374     %{_mandir}/man5/%{name6}-interfaces.5.*
375     %{_mandir}/man5/%{name6}-maclist.5.*
376     %{_mandir}/man5/%{name6}-modules.5.*
377     %{_mandir}/man5/%{name6}-nesting.5.*
378     %{_mandir}/man5/%{name6}-notrack.5.*
379     %{_mandir}/man5/%{name6}-params.5.*
380     %{_mandir}/man5/%{name6}-policy.5.*
381     %{_mandir}/man5/%{name6}-providers.5.*
382     %{_mandir}/man5/%{name6}-route_rules.5.*
383     %{_mandir}/man5/%{name6}-routestopped.5.*
384     %{_mandir}/man5/%{name6}-rules.5.*
385     %{_mandir}/man5/%{name6}-tcclasses.5.*
386     %{_mandir}/man5/%{name6}-tcdevices.5.*
387     %{_mandir}/man5/%{name6}-tcinterfaces.5.*
388     %{_mandir}/man5/%{name6}-tcpri.5.*
389     %{_mandir}/man5/%{name6}-tcrules.5.*
390     %{_mandir}/man5/%{name6}-tos.5.*
391     %{_mandir}/man5/%{name6}-tunnels.5.*
392     %{_mandir}/man5/%{name6}-vardir.5.*
393     %{_mandir}/man5/%{name6}-zones.5.*
394     %{_mandir}/man5/%{name6}.conf.5.*
395     %{_mandir}/man8/%{name6}.8.*
396    
397     %files lite
398     %defattr(-,root,root)
399     %doc %{name}-lite-%{version_lite}/*.txt
400     %dir %{_datadir}/%{name}-lite
401     %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
402     %ghost %{_var}/lib/%{name}-lite/*
403     %attr(700,root,root) %{_initrddir}/%{name}-lite
404     %config(noreplace) %{_sysconfdir}/%{name}-lite/*
405     %config %{_sysconfdir}/logrotate.d/%{name}-lite
406     %attr(755,root,root) /sbin/%{name}-lite
407     %{_datadir}/%{name}-lite/configpath
408     %{_datadir}/%{name}-lite/functions
409     %{_datadir}/%{name}-lite/lib.*
410     %{_datadir}/%{name}-lite/modules
411     %{_datadir}/%{name}-lite/shorecap
412     %{_datadir}/%{name}-lite/version
413     %{_datadir}/%{name}-lite/wait4ifup
414     %{_mandir}/man5/%{name}-lite*
415     %{_mandir}/man8/%{name}-lite*
416    
417     %files ipv6-lite
418     %defattr(-,root,root)
419     %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
420     %dir %{_datadir}/%{name6}-lite
421     %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
422     %ghost %{_var}/lib/%{name6}-lite/*
423     %attr(700,root,root) %{_initrddir}/%{name6}-lite
424     %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
425     %config %{_sysconfdir}/logrotate.d/%{name6}-lite
426     %attr(755,root,root) /sbin/%{name6}-lite
427     %{_datadir}/%{name6}-lite/configpath
428     %{_datadir}/%{name6}-lite/functions
429     %{_datadir}/%{name6}-lite/lib.*
430     %{_datadir}/%{name6}-lite/modules
431     %{_datadir}/%{name6}-lite/shorecap
432     %{_datadir}/%{name6}-lite/version
433     %{_datadir}/%{name6}-lite/wait4ifup
434     %{_mandir}/man5/%{name6}-lite*
435     %{_mandir}/man8/%{name6}-lite*
436    
437     %files doc
438     %defattr(-,root,root)
439     %doc %{name}-docs-html-%{version}/*
440    
441    
  ViewVC Help
Powered by ViewVC 1.1.30