current/SPECS/shorewall.spec

%define debug_package %{nil}

%define version_major 4.5
%define version_minor 10.1
%define version %{version_major}.%{version_minor}
%define version_main %{version}
%define version_lite %{version}
%define ipv6_ver %{version}
%define ipv6_lite_ver %{version}
%define sha1sums_ver %{version}
%define ftp_ver %{version_major}.10
%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}

%define name6 %{name}6

Summary:        Iptables-based firewall for Linux systems
Name:           shorewall
Version:        %{version}
Release:        %mkrel 1
License:        GPLv2+ and LGPLv2.1+
Group:          System/Servers
URL:            http://www.shorewall.net/
Source0:        %ftp_path/%{name}-%{version}.tar.bz2
Source1:        %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
Source2:        %ftp_path/%{name}-docs-html-%{version}.tar.bz2
Source3:        %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
Source4:        %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
Source5:        %ftp_path/%{sha1sums_ver}.sha1sums
Patch0:         %{name}-common-4.2.5-init-script.patch
Patch1:         %{name}-lite-4.2.5-init-script.patch
Patch2:         %{name6}-4.2.5-init-script.patch
Patch3:         %{name6}-lite-4.2.5-init-script.patch
Patch4:         %{name}-4.4.23-allow-netmask-0.patch
Requires:       iptables
Requires:       iproute2
Requires:       dash
Requires(post): rpm-helper
Requires(preun): rpm-helper
BuildConflicts: apt-common
BuildArch:      noarch

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package ipv6
Summary:        IPv6 capable Shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires:       iptables-ipv6
Requires:       iproute2
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6
An IPv6 enabled and capable Shoreline Firewall.

%package ipv6-lite
Summary:        Lite version of ipv6 shorewall
Group:          System/Servers
Requires:       %{name}-ipv6 = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6-lite
Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows 
network administrators to centralize the configuration of Shorewall-based
firewalls.

%package lite
Summary:        Lite version of shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.

%package doc
Summary:        Firewall scripts
Group:          System/Servers

%description doc 
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

This package contains the docs.

%prep
%setup -q -c -n %{name}-%{version}
%setup -q -T -D -a 1
%setup -q -T -D -a 2
%setup -q -T -D -a 3
%setup -q -T -D -a 4

pushd %{name}-%{version_main}
%patch0 -p1 -b .init
%patch4 -p1 -b .allow-netmask-0
popd

pushd %{name}-lite-%{version_lite}
%patch1 -p1 -b .initlite
popd

pushd %{name6}-%{ipv6_ver}
%patch2 -p1 -b .init6
popd

pushd %{name6}-lite-%{ipv6_lite_ver}
%patch3 -p1 -b .init6lite
popd

%build
# (tpg) we do nothing here

%install
export PREFIX=%{buildroot}
export OWNER=`id -n -u`
export GROUP=`id -n -g`
export DEST=%{_initrddir}

pushd %{name}-%{version_main}
export CONFDIR=%{_sysconfdir}/%{name}

# blank Internal option 
perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf

# (tpg) set config path
perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath

# (lmenut) mga kernel modules are compressed by default (mga #1147)
perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf

# (alien) have accounting by default in the mangle table
perl -pi -e 's#ACCOUNT_TABLE=.*#ACCOUNT_TABLE=mangle#' configfiles/%{name}.conf

# let's do the install
./install.sh
popd

#(tpg) IPv6
pushd %{name6}-%{ipv6_ver}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
# (lmenut) mga kernel modules are compressed by default (mga #1147)
perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf

./install.sh
popd

pushd %{name6}-lite-%{ipv6_lite_ver}
./install.sh
popd

pushd %{name}-lite-%{version_lite}
./install.sh
popd

# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
# startup script by RPM. This automatic replacement is broken.
export DONT_GPRINTIFY=1

#(tpg) looks like these files are needed
touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall

#(tpg) ipv6
touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall

#(tpg) remove hash-bang
find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;

# (tpg) let's use dash everywhere!
find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;

#remove unused files because of %exclude misbehaviour
rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*

%post
if [ "$1" -ge 1 ] ; then
  perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
  perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
fi
%_post_service shorewall

%create_ghostfile %{_var}/lib/%{name}/chains root root 644
%create_ghostfile %{_var}/lib/%{name}/nat root root 644
%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name}/zones root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name}/state root root 644
%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name}/.start root root 700

%preun
%_preun_service %{name}
if [ $1 = 0 ] ; then
  rm -f %{_sysconfdir}/%{name}/startup_disabled
  rm -f %{_var}/lib/%{name}/*
fi

%post lite
%_post_service %{name}-lite
%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644

%preun lite
%_preun_service %{name}-lite

%post ipv6
if [ $1 > 1 ] ; then
  perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
  perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
fi
%_post_service %{name6}

%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name6}/state root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name6}/.start root root 700

%preun ipv6
%_preun_service %{name6}
if [ $1 = 0 ] ; then
  rm -f %{_sysconfdir}/%{name6}/startup_disabled
  rm -f %{_var}/lib/%{name6}/*
fi

%post ipv6-lite
%_post_service %{name6}-lite
%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644

%preun ipv6-lite
%_preun_service %{name6}-lite

%files
%doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %attr(755,root,root) %{_var}/lib/%{name}
%ghost %{_var}/lib/%{name}/*
%ghost %{_var}/lib/%{name}/.??*
%config %{_sysconfdir}/logrotate.d/%{name}
%attr(700,root,root) %{_initrddir}/%{name}
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
%attr(755,root,root) /sbin/%{name}
%{_datadir}/%{name}/action*
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/functions
%{_datadir}/%{name}/getparams
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/lib.*
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/modules*
%{_datadir}/%{name}/version
%{_datadir}/%{name}/wait4ifup
%{_mandir}/man5/%{name}-accounting.5.*
%{_mandir}/man5/%{name}-actions.5.*
%{_mandir}/man5/%{name}-blacklist.5.*
%{_mandir}/man5/%{name}-ecn.5.*
%{_mandir}/man5/%{name}-exclusion.5.*
%{_mandir}/man5/%{name}-hosts.5.*
%{_mandir}/man5/%{name}-interfaces.5.*
%{_mandir}/man5/%{name}-ipsets.5.*
%{_mandir}/man5/%{name}-maclist.5.*
%{_mandir}/man5/%{name}-masq.5.*
%{_mandir}/man5/%{name}-modules.5.*
%{_mandir}/man5/%{name}-nat.5.*
%{_mandir}/man5/%{name}-nesting.5.*
%{_mandir}/man5/%{name}-notrack.5.*
%{_mandir}/man5/%{name}-netmap.5.*
%{_mandir}/man5/%{name}-params.5.*
%{_mandir}/man5/%{name}-policy.5.*
%{_mandir}/man5/%{name}-providers.5.*
%{_mandir}/man5/%{name}-proxyarp.5.*
%{_mandir}/man5/%{name}-route_rules.5.*
%{_mandir}/man5/%{name}-routes.5.*
%{_mandir}/man5/%{name}-routestopped.5.*
%{_mandir}/man5/%{name}-rules.5.*
%{_mandir}/man5/%{name}-secmarks.5.*
%{_mandir}/man5/%{name}-tcclasses.5.*
%{_mandir}/man5/%{name}-tcinterfaces.5.*
%{_mandir}/man5/%{name}-tcpri.5.*
%{_mandir}/man5/%{name}-tcdevices.5.*
%{_mandir}/man5/%{name}-tcfilters.5.*
%{_mandir}/man5/%{name}-tcrules.5.*
%{_mandir}/man5/%{name}-tos.5.*
%{_mandir}/man5/%{name}-tunnels.5.*
%{_mandir}/man5/%{name}-vardir.5.*
%{_mandir}/man5/%{name}-zones.5.*
%{_mandir}/man5/%{name}.conf.5.*
%{_mandir}/man8/%{name}.8.*
%{_mandir}/man8/%{name}-init.8.*
%dir %{_datadir}/shorewall/Shorewall
%{_datadir}/shorewall/Shorewall/*.pm
%{_datadir}/shorewall/compiler.pl
%{_datadir}/shorewall/prog.footer
%{_datadir}/shorewall/prog.header

%files ipv6
%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
%dir %{_sysconfdir}/%{name6}
%dir %{_datadir}/%{name6}
%dir %attr(755,root,root) %{_var}/lib/%{name6}
%ghost %{_var}/lib/%{name6}/*
%ghost %{_var}/lib/%{name6}/.??*
%attr(700,root,root) %{_initrddir}/%{name6}
%config(noreplace) %{_sysconfdir}/%{name6}/*
%config %{_sysconfdir}/logrotate.d/%{name6}
%attr(755,root,root) /sbin/%{name6}
%{_datadir}/%{name6}/action*
%{_datadir}/%{name}/prog.footer6
%{_datadir}/%{name}/prog.header6
%{_datadir}/%{name6}/configpath
%{_datadir}/%{name6}/functions
%{_datadir}/%{name6}/helpers
%{_datadir}/%{name6}/lib.*
%{_datadir}/%{name6}/macro.*
%{_datadir}/%{name6}/modules*
%{_datadir}/%{name6}/version
%{_datadir}/%{name6}/wait4ifup
%{_mandir}/man5/%{name6}-accounting.5.*
%{_mandir}/man5/%{name6}-actions.5.*
%{_mandir}/man5/%{name6}-blacklist.5.*
%{_mandir}/man5/%{name6}-exclusion.5.*
%{_mandir}/man5/%{name6}-hosts.5.*
%{_mandir}/man5/%{name6}-interfaces.5.*
%{_mandir}/man5/%{name6}-ipsets.5.*
%{_mandir}/man5/%{name6}-maclist.5.*
%{_mandir}/man5/%{name6}-modules.5.*
%{_mandir}/man5/%{name6}-nesting.5.*
%{_mandir}/man5/%{name6}-notrack.5.*
%{_mandir}/man5/%{name6}-params.5.*
%{_mandir}/man5/%{name6}-policy.5.*
%{_mandir}/man5/%{name6}-providers.5.*
%{_mandir}/man5/%{name6}-proxyndp.5.*
%{_mandir}/man5/%{name6}-route_rules.5.*
%{_mandir}/man5/%{name6}-routes.5.*
%{_mandir}/man5/%{name6}-routestopped.5.*
%{_mandir}/man5/%{name6}-rules.5.*
%{_mandir}/man5/%{name6}-secmarks.5.*
%{_mandir}/man5/%{name6}-tcclasses.5.*
%{_mandir}/man5/%{name6}-tcdevices.5.*
%{_mandir}/man5/%{name6}-tcfilters.5.*
%{_mandir}/man5/%{name6}-tcinterfaces.5.*
%{_mandir}/man5/%{name6}-tcpri.5.*
%{_mandir}/man5/%{name6}-tcrules.5.*
%{_mandir}/man5/%{name6}-tos.5.*
%{_mandir}/man5/%{name6}-tunnels.5.*
%{_mandir}/man5/%{name6}-vardir.5.*
%{_mandir}/man5/%{name6}-zones.5.*
%{_mandir}/man5/%{name6}.conf.5.*
%{_mandir}/man8/%{name6}.8.*

%files lite
%doc %{name}-lite-%{version_lite}/*.txt
%dir %{_datadir}/%{name}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
%ghost %{_var}/lib/%{name}-lite/*
%attr(700,root,root) %{_initrddir}/%{name}-lite
%config(noreplace) %{_sysconfdir}/%{name}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name}-lite
%attr(755,root,root) /sbin/%{name}-lite
%{_datadir}/%{name}-lite/configpath
%{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/helpers
%{_datadir}/%{name}-lite/lib.*
%{_datadir}/%{name}-lite/modules*
%{_datadir}/%{name}-lite/shorecap
%{_datadir}/%{name}-lite/version
%{_datadir}/%{name}-lite/wait4ifup
%{_mandir}/man5/%{name}-lite*
%{_mandir}/man8/%{name}-lite*

%files ipv6-lite
%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
%dir %{_datadir}/%{name6}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
%ghost %{_var}/lib/%{name6}-lite/*
%attr(700,root,root) %{_initrddir}/%{name6}-lite
%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name6}-lite
%attr(755,root,root) /sbin/%{name6}-lite
%{_datadir}/%{name6}-lite/configpath
%{_datadir}/%{name6}-lite/functions
%{_datadir}/%{name6}-lite/helpers
%{_datadir}/%{name6}-lite/lib.*
%{_datadir}/%{name6}-lite/modules*
%{_datadir}/%{name6}-lite/shorecap
%{_datadir}/%{name6}-lite/version
%{_datadir}/%{name6}-lite/wait4ifup
%{_mandir}/man5/%{name6}-lite*
%{_mandir}/man8/%{name6}-lite*

%files doc
%doc %{name}-docs-html-%{version}/*
1	%define debug_package %{nil}
2
3	%define version_major 4.5
4	%define version_minor 10.1
5	%define version %{version_major}.%{version_minor}
6	%define version_main %{version}
7	%define version_lite %{version}
8	%define ipv6_ver %{version}
9	%define ipv6_lite_ver %{version}
10	%define sha1sums_ver %{version}
11	%define ftp_ver %{version_major}.10
12	%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}
13
14	%define name6 %{name}6
15
16	Summary: Iptables-based firewall for Linux systems
17	Name: shorewall
18	Version: %{version}
19	Release: %mkrel 1
20	License: GPLv2+ and LGPLv2.1+
21	Group: System/Servers
22	URL: http://www.shorewall.net/
23	Source0: %ftp_path/%{name}-%{version}.tar.bz2
24	Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
25	Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
26	Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
27	Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
28	Source5: %ftp_path/%{sha1sums_ver}.sha1sums
29	Patch0: %{name}-common-4.2.5-init-script.patch
30	Patch1: %{name}-lite-4.2.5-init-script.patch
31	Patch2: %{name6}-4.2.5-init-script.patch
32	Patch3: %{name6}-lite-4.2.5-init-script.patch
33	Patch4: %{name}-4.4.23-allow-netmask-0.patch
34	Requires: iptables
35	Requires: iproute2
36	Requires: dash
37	Requires(post): rpm-helper
38	Requires(preun): rpm-helper
39	BuildConflicts: apt-common
40	BuildArch: noarch
41
42	%description
43	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
44	(iptables) based firewall that can be used on a dedicated firewall system,
45	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
46
47	%package ipv6
48	Summary: IPv6 capable Shorewall
49	Group: System/Servers
50	Requires: %{name} = %{version}-%{release}
51	Requires: iptables-ipv6
52	Requires: iproute2
53	Requires(post): rpm-helper
54	Requires(preun): rpm-helper
55
56	%description ipv6
57	An IPv6 enabled and capable Shoreline Firewall.
58
59	%package ipv6-lite
60	Summary: Lite version of ipv6 shorewall
61	Group: System/Servers
62	Requires: %{name}-ipv6 = %{version}-%{release}
63	Requires(post): rpm-helper
64	Requires(preun): rpm-helper
65
66	%description ipv6-lite
67	Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
68	network administrators to centralize the configuration of Shorewall-based
69	firewalls.
70
71	%package lite
72	Summary: Lite version of shorewall
73	Group: System/Servers
74	Requires: %{name} = %{version}-%{release}
75	Requires(post): rpm-helper
76	Requires(preun): rpm-helper
77
78	%description lite
79	Shorewall Lite is a companion product to Shorewall that allows network
80	administrators to centralize the configuration of Shorewall-based firewalls.
81
82	%package doc
83	Summary: Firewall scripts
84	Group: System/Servers
85
86	%description doc
87	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
88	(iptables) based firewall that can be used on a dedicated firewall system,
89	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
90
91	This package contains the docs.
92
93	%prep
94	%setup -q -c -n %{name}-%{version}
95	%setup -q -T -D -a 1
96	%setup -q -T -D -a 2
97	%setup -q -T -D -a 3
98	%setup -q -T -D -a 4
99
100	pushd %{name}-%{version_main}
101	%patch0 -p1 -b .init
102	%patch4 -p1 -b .allow-netmask-0
103	popd
104
105	pushd %{name}-lite-%{version_lite}
106	%patch1 -p1 -b .initlite
107	popd
108
109	pushd %{name6}-%{ipv6_ver}
110	%patch2 -p1 -b .init6
111	popd
112
113	pushd %{name6}-lite-%{ipv6_lite_ver}
114	%patch3 -p1 -b .init6lite
115	popd
116
117	%build
118	# (tpg) we do nothing here
119
120	%install
121	export PREFIX=%{buildroot}
122	export OWNER=`id -n -u`
123	export GROUP=`id -n -g`
124	export DEST=%{_initrddir}
125
126	pushd %{name}-%{version_main}
127	export CONFDIR=%{_sysconfdir}/%{name}
128
129	# blank Internal option
130	perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
131
132	# (tpg) set config path
133	perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
134
135	# (lmenut) mga kernel modules are compressed by default (mga #1147)
136	perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
137
138	# (alien) have accounting by default in the mangle table
139	perl -pi -e 's#ACCOUNT_TABLE=.*#ACCOUNT_TABLE=mangle#' configfiles/%{name}.conf
140
141	# let's do the install
142	./install.sh
143	popd
144
145	#(tpg) IPv6
146	pushd %{name6}-%{ipv6_ver}
147	# (blino) enable startup (new setting as of 2.1.3)
148	perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
149	# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
150	perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
151	# (lmenut) mga kernel modules are compressed by default (mga #1147)
152	perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
153
154	./install.sh
155	popd
156
157	pushd %{name6}-lite-%{ipv6_lite_ver}
158	./install.sh
159	popd
160
161	pushd %{name}-lite-%{version_lite}
162	./install.sh
163	popd
164
165	# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
166	# startup script by RPM. This automatic replacement is broken.
167	export DONT_GPRINTIFY=1
168
169	#(tpg) looks like these files are needed
170	touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
171	touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
172
173	#(tpg) ipv6
174	touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
175	touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
176
177	#(tpg) remove hash-bang
178	find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
179
180	# (tpg) let's use dash everywhere!
181	find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
182
183	#remove unused files because of %exclude misbehaviour
184	rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
185	rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
186
187	%post
188	if [ "$1" -ge 1 ] ; then
189	perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
190	perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
191	fi
192	%_post_service shorewall
193
194	%create_ghostfile %{_var}/lib/%{name}/chains root root 644
195	%create_ghostfile %{_var}/lib/%{name}/nat root root 644
196	%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
197	%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
198	%create_ghostfile %{_var}/lib/%{name}/zones root root 644
199	%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
200	%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
201	%create_ghostfile %{_var}/lib/%{name}/state root root 644
202	%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
203	%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
204	%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
205	%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
206	%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
207	%create_ghostfile %{_var}/lib/%{name}/.start root root 700
208
209	%preun
210	%_preun_service %{name}
211	if [ $1 = 0 ] ; then
212	rm -f %{_sysconfdir}/%{name}/startup_disabled
213	rm -f %{_var}/lib/%{name}/*
214	fi
215
216	%post lite
217	%_post_service %{name}-lite
218	%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
219
220	%preun lite
221	%_preun_service %{name}-lite
222
223	%post ipv6
224	if [ $1 > 1 ] ; then
225	perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
226	perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
227	fi
228	%_post_service %{name6}
229
230	%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
231	%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
232	%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
233	%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
234	%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
235	%create_ghostfile %{_var}/lib/%{name6}/state root root 644
236	%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
237	%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
238	%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
239	%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
240	%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
241	%create_ghostfile %{_var}/lib/%{name6}/.start root root 700
242
243	%preun ipv6
244	%_preun_service %{name6}
245	if [ $1 = 0 ] ; then
246	rm -f %{_sysconfdir}/%{name6}/startup_disabled
247	rm -f %{_var}/lib/%{name6}/*
248	fi
249
250	%post ipv6-lite
251	%_post_service %{name6}-lite
252	%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
253
254	%preun ipv6-lite
255	%_preun_service %{name6}-lite
256
257	%files
258	%doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
259	%dir %{_sysconfdir}/%{name}
260	%dir %{_datadir}/%{name}
261	%dir %attr(755,root,root) %{_var}/lib/%{name}
262	%ghost %{_var}/lib/%{name}/*
263	%ghost %{_var}/lib/%{name}/.??*
264	%config %{_sysconfdir}/logrotate.d/%{name}
265	%attr(700,root,root) %{_initrddir}/%{name}
266	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
267	%attr(755,root,root) /sbin/%{name}
268	%{_datadir}/%{name}/action*
269	%{_datadir}/%{name}/configpath
270	%{_datadir}/%{name}/functions
271	%{_datadir}/%{name}/getparams
272	%{_datadir}/%{name}/helpers
273	%{_datadir}/%{name}/lib.*
274	%{_datadir}/%{name}/macro.*
275	%{_datadir}/%{name}/modules*
276	%{_datadir}/%{name}/version
277	%{_datadir}/%{name}/wait4ifup
278	%{_mandir}/man5/%{name}-accounting.5.*
279	%{_mandir}/man5/%{name}-actions.5.*
280	%{_mandir}/man5/%{name}-blacklist.5.*
281	%{_mandir}/man5/%{name}-ecn.5.*
282	%{_mandir}/man5/%{name}-exclusion.5.*
283	%{_mandir}/man5/%{name}-hosts.5.*
284	%{_mandir}/man5/%{name}-interfaces.5.*
285	%{_mandir}/man5/%{name}-ipsets.5.*
286	%{_mandir}/man5/%{name}-maclist.5.*
287	%{_mandir}/man5/%{name}-masq.5.*
288	%{_mandir}/man5/%{name}-modules.5.*
289	%{_mandir}/man5/%{name}-nat.5.*
290	%{_mandir}/man5/%{name}-nesting.5.*
291	%{_mandir}/man5/%{name}-notrack.5.*
292	%{_mandir}/man5/%{name}-netmap.5.*
293	%{_mandir}/man5/%{name}-params.5.*
294	%{_mandir}/man5/%{name}-policy.5.*
295	%{_mandir}/man5/%{name}-providers.5.*
296	%{_mandir}/man5/%{name}-proxyarp.5.*
297	%{_mandir}/man5/%{name}-route_rules.5.*
298	%{_mandir}/man5/%{name}-routes.5.*
299	%{_mandir}/man5/%{name}-routestopped.5.*
300	%{_mandir}/man5/%{name}-rules.5.*
301	%{_mandir}/man5/%{name}-secmarks.5.*
302	%{_mandir}/man5/%{name}-tcclasses.5.*
303	%{_mandir}/man5/%{name}-tcinterfaces.5.*
304	%{_mandir}/man5/%{name}-tcpri.5.*
305	%{_mandir}/man5/%{name}-tcdevices.5.*
306	%{_mandir}/man5/%{name}-tcfilters.5.*
307	%{_mandir}/man5/%{name}-tcrules.5.*
308	%{_mandir}/man5/%{name}-tos.5.*
309	%{_mandir}/man5/%{name}-tunnels.5.*
310	%{_mandir}/man5/%{name}-vardir.5.*
311	%{_mandir}/man5/%{name}-zones.5.*
312	%{_mandir}/man5/%{name}.conf.5.*
313	%{_mandir}/man8/%{name}.8.*
314	%{_mandir}/man8/%{name}-init.8.*
315	%dir %{_datadir}/shorewall/Shorewall
316	%{_datadir}/shorewall/Shorewall/*.pm
317	%{_datadir}/shorewall/compiler.pl
318	%{_datadir}/shorewall/prog.footer
319	%{_datadir}/shorewall/prog.header
320
321	%files ipv6
322	%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
323	%dir %{_sysconfdir}/%{name6}
324	%dir %{_datadir}/%{name6}
325	%dir %attr(755,root,root) %{_var}/lib/%{name6}
326	%ghost %{_var}/lib/%{name6}/*
327	%ghost %{_var}/lib/%{name6}/.??*
328	%attr(700,root,root) %{_initrddir}/%{name6}
329	%config(noreplace) %{_sysconfdir}/%{name6}/*
330	%config %{_sysconfdir}/logrotate.d/%{name6}
331	%attr(755,root,root) /sbin/%{name6}
332	%{_datadir}/%{name6}/action*
333	%{_datadir}/%{name}/prog.footer6
334	%{_datadir}/%{name}/prog.header6
335	%{_datadir}/%{name6}/configpath
336	%{_datadir}/%{name6}/functions
337	%{_datadir}/%{name6}/helpers
338	%{_datadir}/%{name6}/lib.*
339	%{_datadir}/%{name6}/macro.*
340	%{_datadir}/%{name6}/modules*
341	%{_datadir}/%{name6}/version
342	%{_datadir}/%{name6}/wait4ifup
343	%{_mandir}/man5/%{name6}-accounting.5.*
344	%{_mandir}/man5/%{name6}-actions.5.*
345	%{_mandir}/man5/%{name6}-blacklist.5.*
346	%{_mandir}/man5/%{name6}-exclusion.5.*
347	%{_mandir}/man5/%{name6}-hosts.5.*
348	%{_mandir}/man5/%{name6}-interfaces.5.*
349	%{_mandir}/man5/%{name6}-ipsets.5.*
350	%{_mandir}/man5/%{name6}-maclist.5.*
351	%{_mandir}/man5/%{name6}-modules.5.*
352	%{_mandir}/man5/%{name6}-nesting.5.*
353	%{_mandir}/man5/%{name6}-notrack.5.*
354	%{_mandir}/man5/%{name6}-params.5.*
355	%{_mandir}/man5/%{name6}-policy.5.*
356	%{_mandir}/man5/%{name6}-providers.5.*
357	%{_mandir}/man5/%{name6}-proxyndp.5.*
358	%{_mandir}/man5/%{name6}-route_rules.5.*
359	%{_mandir}/man5/%{name6}-routes.5.*
360	%{_mandir}/man5/%{name6}-routestopped.5.*
361	%{_mandir}/man5/%{name6}-rules.5.*
362	%{_mandir}/man5/%{name6}-secmarks.5.*
363	%{_mandir}/man5/%{name6}-tcclasses.5.*
364	%{_mandir}/man5/%{name6}-tcdevices.5.*
365	%{_mandir}/man5/%{name6}-tcfilters.5.*
366	%{_mandir}/man5/%{name6}-tcinterfaces.5.*
367	%{_mandir}/man5/%{name6}-tcpri.5.*
368	%{_mandir}/man5/%{name6}-tcrules.5.*
369	%{_mandir}/man5/%{name6}-tos.5.*
370	%{_mandir}/man5/%{name6}-tunnels.5.*
371	%{_mandir}/man5/%{name6}-vardir.5.*
372	%{_mandir}/man5/%{name6}-zones.5.*
373	%{_mandir}/man5/%{name6}.conf.5.*
374	%{_mandir}/man8/%{name6}.8.*
375
376	%files lite
377	%doc %{name}-lite-%{version_lite}/*.txt
378	%dir %{_datadir}/%{name}-lite
379	%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
380	%ghost %{_var}/lib/%{name}-lite/*
381	%attr(700,root,root) %{_initrddir}/%{name}-lite
382	%config(noreplace) %{_sysconfdir}/%{name}-lite/*
383	%config %{_sysconfdir}/logrotate.d/%{name}-lite
384	%attr(755,root,root) /sbin/%{name}-lite
385	%{_datadir}/%{name}-lite/configpath
386	%{_datadir}/%{name}-lite/functions
387	%{_datadir}/%{name}-lite/helpers
388	%{_datadir}/%{name}-lite/lib.*
389	%{_datadir}/%{name}-lite/modules*
390	%{_datadir}/%{name}-lite/shorecap
391	%{_datadir}/%{name}-lite/version
392	%{_datadir}/%{name}-lite/wait4ifup
393	%{_mandir}/man5/%{name}-lite*
394	%{_mandir}/man8/%{name}-lite*
395
396	%files ipv6-lite
397	%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
398	%dir %{_datadir}/%{name6}-lite
399	%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
400	%ghost %{_var}/lib/%{name6}-lite/*
401	%attr(700,root,root) %{_initrddir}/%{name6}-lite
402	%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
403	%config %{_sysconfdir}/logrotate.d/%{name6}-lite
404	%attr(755,root,root) /sbin/%{name6}-lite
405	%{_datadir}/%{name6}-lite/configpath
406	%{_datadir}/%{name6}-lite/functions
407	%{_datadir}/%{name6}-lite/helpers
408	%{_datadir}/%{name6}-lite/lib.*
409	%{_datadir}/%{name6}-lite/modules*
410	%{_datadir}/%{name6}-lite/shorecap
411	%{_datadir}/%{name6}-lite/version
412	%{_datadir}/%{name6}-lite/wait4ifup
413	%{_mandir}/man5/%{name6}-lite*
414	%{_mandir}/man8/%{name6}-lite*
415
416	%files doc
417	%doc %{name}-docs-html-%{version}/*