/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Annotation of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 99032 - (hide annotations) (download)
Sun May 15 13:30:32 2011 UTC (12 years, 11 months ago) by pterjan
File size: 14841 byte(s) 
- Rebuild for fixed find-requires
1 ennael 50066 %define debug_package %{nil}
2    
3     %define version_major 4.4
4 ahmad 90647 %define version_minor 19.1
5 ennael 50066 %define version %{version_major}.%{version_minor}
6     %define version_main %{version}
7     %define version_lite %{version}
8     %define ipv6_ver %{version}
9     %define ipv6_lite_ver %{version}
10     %define sha1sums_ver %{version_main}
11    
12 ahmad 90647 %define url_ver %(echo %{version} | cut -d. -f1,2,3)
13    
14     %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{url_ver}
15    
16 ennael 50066 %define name6 %{name}6
17    
18     Summary: Iptables-based firewall for Linux systems
19     Name: shorewall
20     Version: %{version}
21 pterjan 99032 Release: %mkrel 3
22 ennael 50066 License: GPLv2+
23     Group: System/Servers
24     URL: http://www.shorewall.net/
25     Source0: %ftp_path/%{name}-%{version_main}.tar.bz2
26     Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
27     Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
28     Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
29     Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
30     Source5: %ftp_path/%{sha1sums_ver}.sha1sums
31     Patch0: %{name}-common-4.2.5-init-script.patch
32     Patch1: %{name}-lite-4.2.5-init-script.patch
33     Patch2: %{name6}-4.2.5-init-script.patch
34     Patch3: %{name6}-lite-4.2.5-init-script.patch
35     # shorewall 4.4.0 does not adds comments at the end of the file
36 ahmad 90647 Patch4: %{name}-4.4.19.1-comment.patch
37 ennael 50066 Requires: iptables >= 1.4.1
38     Requires: iproute2
39 tmb 94462 Requires: dash
40 ennael 50066 Requires(post): rpm-helper
41     Requires(preun): rpm-helper
42     Conflicts: shorewall < 4.0.7-1
43     BuildConflicts: apt-common
44     BuildArch: noarch
45     BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
46     # since shorewall 4.4 we do not have common, shell and perl modules anymore
47     Obsoletes: shorewall-common
48     Obsoletes: shorewall-perl
49     Obsoletes: shorewall-shell
50    
51     %description
52     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
53     (iptables) based firewall that can be used on a dedicated firewall system,
54     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
55    
56     %package ipv6
57     Summary: IPv6 capable Shorewall
58     Group: System/Servers
59     Requires: %{name} = %{version}-%{release}
60     Requires: iptables-ipv6
61     Requires: iproute2
62     Requires(post): rpm-helper
63     Requires(preun): rpm-helper
64    
65     %description ipv6
66     An IPv6 enabled and capable Shoreline Firewall.
67    
68     %package ipv6-lite
69     Summary: Lite version of ipv6 shorewall
70     Group: System/Servers
71     Requires: %{name}-ipv6 = %{version}-%{release}
72     Requires(post): rpm-helper
73     Requires(preun): rpm-helper
74    
75     %description ipv6-lite
76     Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
77     network administrators to centralize the configuration of Shorewall-based
78     firewalls.
79    
80     %package lite
81     Summary: Lite version of shorewall
82     Group: System/Servers
83     Requires: %{name} = %{version}-%{release}
84     Requires(post): rpm-helper
85     Requires(preun): rpm-helper
86    
87     %description lite
88     Shorewall Lite is a companion product to Shorewall that allows network
89     administrators to centralize the configuration of Shorewall-based firewalls.
90    
91     %package doc
92     Summary: Firewall scripts
93     Group: System/Servers
94    
95     %description doc
96     The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
97     (iptables) based firewall that can be used on a dedicated firewall system,
98     a multi-function gateway/ router/server or on a standalone GNU/Linux system.
99    
100     This package contains the docs.
101    
102     %prep
103     %setup -q -c -n %{name}-%{version}
104     %setup -q -T -D -a 1
105     %setup -q -T -D -a 2
106     %setup -q -T -D -a 3
107     %setup -q -T -D -a 4
108    
109     pushd %{name}-%{version_main}
110     %patch0 -p1 -b .init
111     %patch4 -p1 -b .comment
112     popd
113    
114     pushd %{name}-lite-%{version_lite}
115     %patch1 -p1 -b .initlite
116     popd
117    
118     pushd %{name6}-%{ipv6_ver}
119     %patch2 -p1 -b .init6
120     popd
121    
122     pushd %{name6}-lite-%{ipv6_lite_ver}
123     %patch3 -p1 -b .init6lite
124     popd
125    
126     %build
127     # (tpg) we do nothing here
128    
129     %install
130     rm -rf %{buildroot}
131     export PREFIX=%{buildroot}
132     export OWNER=`id -n -u`
133     export GROUP=`id -n -g`
134     export DEST=%{_initrddir}
135    
136     pushd %{name}-%{version_main}
137     export CONFDIR=%{_sysconfdir}/%{name}
138     # (blino) enable startup (new setting as of 2.1.3)
139     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
140    
141     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
142     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
143    
144     # blank Internal option
145     perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
146    
147     # (tpg) use perl compiler
148     perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
149    
150     # (tpg) do the optimizations
151     perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
152    
153     # (tpg) enable IPv6
154     perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
155    
156     # (tpg) set config path
157     perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
158    
159     # let's do the install
160     ./install.sh
161     popd
162    
163     #(tpg) IPv6
164     pushd %{name6}-%{ipv6_ver}
165     # (blino) enable startup (new setting as of 2.1.3)
166     perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name6}.conf
167     # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
168     perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name6}.conf
169    
170     ./install.sh
171     popd
172    
173     pushd %{name6}-lite-%{ipv6_lite_ver}
174     ./install.sh
175     popd
176    
177     pushd %{name}-lite-%{version_lite}
178     ./install.sh
179     popd
180    
181     # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
182     # startup script by RPM. This automatic replacement is broken.
183     export DONT_GPRINTIFY=1
184    
185     #(tpg) looks like these files are needed
186     touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
187     touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
188    
189     #(tpg) ipv6
190     touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
191     touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
192    
193     #(tpg) remove hash-bang
194     find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
195    
196     # (tpg) let's use dash everywhere!
197     find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
198    
199     # add information about 4.4.0 upgrade
200     cat > README.4.4.0.upgrade.urpmi << EOF
201     As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
202     were merged into a single shorewall package. Other notable changes in 4.4.0
203     version are:
204     - The support for shorewall-shell has been discontinued
205     - Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
206     has been removed.
207     - Support for norfc1918 and RFC1918_STRICT have been removed.
208     - The name 'any' is now reserved and may not be used as a zone name.
209    
210     If you were relying on those options, please review your shorewall
211     configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
212     for further instructions.
213     EOF
214    
215 ennael 50105 #remove unused files because of %exclude misbehaviour
216     rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
217     rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
218    
219    
220 ennael 50066 %clean
221     rm -rf %{buildroot}
222    
223     %post
224     %_post_service shorewall
225    
226     %create_ghostfile %{_var}/lib/%{name}/chains root root 644
227     %create_ghostfile %{_var}/lib/%{name}/nat root root 644
228     %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
229     %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
230     %create_ghostfile %{_var}/lib/%{name}/zones root root 644
231     %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
232     %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
233     %create_ghostfile %{_var}/lib/%{name}/state root root 644
234     %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
235     %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
236     %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
237     %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
238     %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
239     %create_ghostfile %{_var}/lib/%{name}/.start root root 700
240    
241     %preun
242     %_preun_service %{name}
243     if [ $1 = 0 ] ; then
244     %{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
245     %{__rm} -f %{_var}/lib/%{name}/*
246     fi
247    
248     %post lite
249     %_post_service %{name}-lite
250     %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
251    
252     %preun lite
253     %_preun_service %{name}-lite
254    
255     %post ipv6
256     %_post_service %{name6}
257    
258     %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
259     %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
260     %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
261     %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
262     %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
263     %create_ghostfile %{_var}/lib/%{name6}/state root root 644
264     %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
265     %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
266     %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
267     %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
268     %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
269     %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
270    
271     %preun ipv6
272     %_preun_service %{name6}
273     if [ $1 = 0 ] ; then
274     %{__rm} -f %{_sysconfdir}/%{name6}/startup_disabled
275     %{__rm} -f %{_var}/lib/%{name6}/*
276     fi
277    
278     %post ipv6-lite
279     %_post_service %{name6}-lite
280     %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
281    
282     %preun ipv6-lite
283     %_preun_service %{name6}-lite
284    
285     %files
286     %defattr(-,root,root)
287     %doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
288     %dir %{_sysconfdir}/%{name}
289     %dir %{_datadir}/%{name}
290     %dir %attr(755,root,root) %{_var}/lib/%{name}
291     %ghost %{_var}/lib/%{name}/*
292     %ghost %{_var}/lib/%{name}/.??*
293     %config %{_sysconfdir}/logrotate.d/%{name}
294     %attr(700,root,root) %{_initrddir}/%{name}
295     %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
296     %attr(755,root,root) /sbin/%{name}
297     %{_datadir}/%{name}/action*
298     %{_datadir}/%{name}/configpath
299     %{_datadir}/%{name}/functions
300 ahmad 90647 %{_datadir}/%{name}/getparams
301 ennael 50066 %{_datadir}/%{name}/helpers
302     %{_datadir}/%{name}/lib.*
303     %{_datadir}/%{name}/macro.*
304 ahmad 90647 %{_datadir}/%{name}/modules*
305 ennael 50066 %{_datadir}/%{name}/version
306     %{_datadir}/%{name}/wait4ifup
307     %{_mandir}/man5/%{name}-accounting.5.*
308     %{_mandir}/man5/%{name}-actions.5.*
309     %{_mandir}/man5/%{name}-blacklist.5.*
310     %{_mandir}/man5/%{name}-ecn.5.*
311     %{_mandir}/man5/%{name}-exclusion.5.*
312     %{_mandir}/man5/%{name}-hosts.5.*
313     %{_mandir}/man5/%{name}-interfaces.5.*
314 ahmad 90647 %{_mandir}/man5/%{name}-ipsets.5.*
315 ennael 50066 %{_mandir}/man5/%{name}-maclist.5.*
316     %{_mandir}/man5/%{name}-masq.5.*
317     %{_mandir}/man5/%{name}-modules.5.*
318     %{_mandir}/man5/%{name}-nat.5.*
319     %{_mandir}/man5/%{name}-nesting.5.*
320     %{_mandir}/man5/%{name}-notrack.5.*
321     %{_mandir}/man5/%{name}-netmap.5.*
322     %{_mandir}/man5/%{name}-params.5.*
323     %{_mandir}/man5/%{name}-policy.5.*
324     %{_mandir}/man5/%{name}-providers.5.*
325     %{_mandir}/man5/%{name}-proxyarp.5.*
326     %{_mandir}/man5/%{name}-route_rules.5.*
327 ahmad 90647 %{_mandir}/man5/%{name}-routes.5.*
328 ennael 50066 %{_mandir}/man5/%{name}-routestopped.5.*
329     %{_mandir}/man5/%{name}-rules.5.*
330 ahmad 90647 %{_mandir}/man5/%{name}-secmarks.5.*
331 ennael 50066 %{_mandir}/man5/%{name}-tcclasses.5.*
332     %{_mandir}/man5/%{name}-tcinterfaces.5.*
333     %{_mandir}/man5/%{name}-tcpri.5.*
334     %{_mandir}/man5/%{name}-tcdevices.5.*
335     %{_mandir}/man5/%{name}-tcfilters.5.*
336     %{_mandir}/man5/%{name}-tcrules.5.*
337     %{_mandir}/man5/%{name}-tos.5.*
338     %{_mandir}/man5/%{name}-tunnels.5.*
339     %{_mandir}/man5/%{name}-vardir.5.*
340     %{_mandir}/man5/%{name}-zones.5.*
341     %{_mandir}/man5/%{name}.conf.5.*
342     %{_mandir}/man8/%{name}.8.*
343     %{_mandir}/man8/%{name}-init.8.*
344     %{_datadir}/shorewall/Shorewall/*.pm
345     %{_datadir}/shorewall/compiler.pl
346     %{_datadir}/shorewall/prog.footer
347     %{_datadir}/shorewall/prog.header
348    
349    
350     %files ipv6
351     %defattr(-,root,root)
352     %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
353     %dir %{_sysconfdir}/%{name6}
354     %dir %{_datadir}/%{name6}
355     %dir %attr(755,root,root) %{_var}/lib/%{name6}
356     %ghost %{_var}/lib/%{name6}/*
357     %ghost %{_var}/lib/%{name6}/.??*
358     %attr(700,root,root) %{_initrddir}/%{name6}
359     %config(noreplace) %{_sysconfdir}/%{name6}/*
360     %config %{_sysconfdir}/logrotate.d/%{name6}
361     %attr(755,root,root) /sbin/%{name6}
362     %{_datadir}/%{name6}/action*
363     %{_datadir}/%{name}/prog.footer6
364     %{_datadir}/%{name}/prog.header6
365     %{_datadir}/%{name6}/configpath
366     %{_datadir}/%{name6}/functions
367     %{_datadir}/%{name6}/helpers
368     %{_datadir}/%{name6}/lib.*
369     %{_datadir}/%{name6}/macro.*
370 ahmad 90647 %{_datadir}/%{name6}/modules*
371 ennael 50066 %{_datadir}/%{name6}/version
372     %{_datadir}/%{name6}/wait4ifup
373     %{_mandir}/man5/%{name6}-accounting.5.*
374     %{_mandir}/man5/%{name6}-actions.5.*
375     %{_mandir}/man5/%{name6}-blacklist.5.*
376     %{_mandir}/man5/%{name6}-exclusion.5.*
377     %{_mandir}/man5/%{name6}-hosts.5.*
378     %{_mandir}/man5/%{name6}-interfaces.5.*
379     %{_mandir}/man5/%{name6}-maclist.5.*
380     %{_mandir}/man5/%{name6}-modules.5.*
381     %{_mandir}/man5/%{name6}-nesting.5.*
382     %{_mandir}/man5/%{name6}-notrack.5.*
383     %{_mandir}/man5/%{name6}-params.5.*
384     %{_mandir}/man5/%{name6}-policy.5.*
385     %{_mandir}/man5/%{name6}-providers.5.*
386 ahmad 90647 %{_mandir}/man5/%{name6}-proxyndp.5.*
387 ennael 50066 %{_mandir}/man5/%{name6}-route_rules.5.*
388 ahmad 90647 %{_mandir}/man5/%{name6}-routes.5.*
389 ennael 50066 %{_mandir}/man5/%{name6}-routestopped.5.*
390     %{_mandir}/man5/%{name6}-rules.5.*
391 ahmad 90647 %{_mandir}/man5/%{name6}-secmarks.5.*
392 ennael 50066 %{_mandir}/man5/%{name6}-tcclasses.5.*
393     %{_mandir}/man5/%{name6}-tcdevices.5.*
394 ahmad 90647 %{_mandir}/man5/%{name6}-tcfilters.5.*
395 ennael 50066 %{_mandir}/man5/%{name6}-tcinterfaces.5.*
396     %{_mandir}/man5/%{name6}-tcpri.5.*
397     %{_mandir}/man5/%{name6}-tcrules.5.*
398     %{_mandir}/man5/%{name6}-tos.5.*
399     %{_mandir}/man5/%{name6}-tunnels.5.*
400     %{_mandir}/man5/%{name6}-vardir.5.*
401     %{_mandir}/man5/%{name6}-zones.5.*
402     %{_mandir}/man5/%{name6}.conf.5.*
403     %{_mandir}/man8/%{name6}.8.*
404    
405     %files lite
406     %defattr(-,root,root)
407     %doc %{name}-lite-%{version_lite}/*.txt
408     %dir %{_datadir}/%{name}-lite
409     %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
410     %ghost %{_var}/lib/%{name}-lite/*
411     %attr(700,root,root) %{_initrddir}/%{name}-lite
412     %config(noreplace) %{_sysconfdir}/%{name}-lite/*
413     %config %{_sysconfdir}/logrotate.d/%{name}-lite
414     %attr(755,root,root) /sbin/%{name}-lite
415     %{_datadir}/%{name}-lite/configpath
416     %{_datadir}/%{name}-lite/functions
417 ahmad 90647 %{_datadir}/%{name}-lite/helpers
418 ennael 50066 %{_datadir}/%{name}-lite/lib.*
419 ahmad 90647 %{_datadir}/%{name}-lite/modules*
420 ennael 50066 %{_datadir}/%{name}-lite/shorecap
421     %{_datadir}/%{name}-lite/version
422     %{_datadir}/%{name}-lite/wait4ifup
423     %{_mandir}/man5/%{name}-lite*
424     %{_mandir}/man8/%{name}-lite*
425    
426     %files ipv6-lite
427     %defattr(-,root,root)
428     %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
429     %dir %{_datadir}/%{name6}-lite
430     %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
431     %ghost %{_var}/lib/%{name6}-lite/*
432     %attr(700,root,root) %{_initrddir}/%{name6}-lite
433     %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
434     %config %{_sysconfdir}/logrotate.d/%{name6}-lite
435     %attr(755,root,root) /sbin/%{name6}-lite
436     %{_datadir}/%{name6}-lite/configpath
437     %{_datadir}/%{name6}-lite/functions
438 ahmad 90647 %{_datadir}/%{name6}-lite/helpers
439 ennael 50066 %{_datadir}/%{name6}-lite/lib.*
440 ahmad 90647 %{_datadir}/%{name6}-lite/modules*
441 ennael 50066 %{_datadir}/%{name6}-lite/shorecap
442     %{_datadir}/%{name6}-lite/version
443     %{_datadir}/%{name6}-lite/wait4ifup
444     %{_mandir}/man5/%{name6}-lite*
445     %{_mandir}/man8/%{name6}-lite*
446    
447     %files doc
448     %defattr(-,root,root)
449     %doc %{name}-docs-html-%{version}/*
  ViewVC Help
Powered by ViewVC 1.1.30