/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Contents of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 333527 - (show annotations) (download)
Thu Dec 20 23:37:46 2012 UTC (11 years, 4 months ago) by kamil
File size: 15482 byte(s) 
- update %files
1 %define debug_package %{nil}
2
3 %define version_major 4.5
4 %define version_minor 10.1
5 %define version %{version_major}.%{version_minor}
6 %define version_main %{version}
7 %define version_lite %{version}
8 %define ipv6_ver %{version}
9 %define ipv6_lite_ver %{version}
10 %define sha1sums_ver %{version}
11 %define ftp_ver %{version_major}.10
12 %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}
13
14 %define name6 %{name}6
15
16 Summary: Iptables-based firewall for Linux systems
17 Name: shorewall
18 Version: %{version}
19 Release: %mkrel 1
20 License: GPLv2+ and LGPLv2.1+
21 Group: System/Servers
22 URL: http://www.shorewall.net/
23 Source0: %ftp_path/%{name}-%{version}.tar.bz2
24 Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
25 Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
26 Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
27 Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
28 Source5: %ftp_path/%{sha1sums_ver}.sha1sums
29 Source6: %ftp_path/%{name}-core-%{version}.tar.bz2
30 Patch0: %{name}-common-4.2.5-init-script.patch
31 Patch1: %{name}-lite-4.2.5-init-script.patch
32 Patch2: %{name6}-4.2.5-init-script.patch
33 Patch3: %{name6}-lite-4.2.5-init-script.patch
34 Patch4: %{name}-4.4.23-allow-netmask-0.patch
35 Requires: iptables
36 Requires: iproute2
37 Requires: dash
38 Requires(post): rpm-helper
39 Requires(preun): rpm-helper
40 BuildConflicts: apt-common
41 BuildArch: noarch
42
43 %description
44 The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
45 (iptables) based firewall that can be used on a dedicated firewall system,
46 a multi-function gateway/ router/server or on a standalone GNU/Linux system.
47
48 %package core
49 Summary: Shorewall core
50 Group: System/Servers
51 Requires: %{name} = %{version}-%{release}
52 Requires: iptables-ipv6
53 Requires: iproute2
54 Requires(post): rpm-helper
55 Requires(preun): rpm-helper
56
57 %description core
58 An IPv6 enabled and capable Shoreline Firewall.
59
60
61 %package ipv6
62 Summary: IPv6 capable Shorewall
63 Group: System/Servers
64 Requires: %{name} = %{version}-%{release}
65 Requires: iptables-ipv6
66 Requires: iproute2
67 Requires(post): rpm-helper
68 Requires(preun): rpm-helper
69
70 %description ipv6
71 An IPv6 enabled and capable Shoreline Firewall.
72
73 %package ipv6-lite
74 Summary: Lite version of ipv6 shorewall
75 Group: System/Servers
76 Requires: %{name}-ipv6 = %{version}-%{release}
77 Requires(post): rpm-helper
78 Requires(preun): rpm-helper
79
80 %description ipv6-lite
81 Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
82 network administrators to centralize the configuration of Shorewall-based
83 firewalls.
84
85 %package lite
86 Summary: Lite version of shorewall
87 Group: System/Servers
88 Requires: %{name} = %{version}-%{release}
89 Requires(post): rpm-helper
90 Requires(preun): rpm-helper
91
92 %description lite
93 Shorewall Lite is a companion product to Shorewall that allows network
94 administrators to centralize the configuration of Shorewall-based firewalls.
95
96 %package doc
97 Summary: Firewall scripts
98 Group: System/Servers
99
100 %description doc
101 The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
102 (iptables) based firewall that can be used on a dedicated firewall system,
103 a multi-function gateway/ router/server or on a standalone GNU/Linux system.
104
105 This package contains the docs.
106
107 %prep
108 %setup -q -c -n %{name}-%{version}
109 %setup -q -T -D -a 1
110 %setup -q -T -D -a 2
111 %setup -q -T -D -a 3
112 %setup -q -T -D -a 4
113 %setup -q -T -D -a 6
114
115 pushd %{name}-%{version_main}
116 #%patch0 -p1 -b .init
117 %patch4 -p1 -b .allow-netmask-0
118 popd
119
120 pushd %{name}-lite-%{version_lite}
121 #%patch1 -p1 -b .initlite
122 popd
123
124 pushd %{name6}-%{ipv6_ver}
125 #%patch2 -p1 -b .init6
126 popd
127
128 pushd %{name6}-lite-%{ipv6_lite_ver}
129 #%patch3 -p1 -b .init6lite
130 popd
131
132 %build
133 # (tpg) we do nothing here
134
135 %install
136 export PREFIX=%{buildroot}
137 export OWNER=`id -n -u`
138 export GROUP=`id -n -g`
139 export DEST=%{_initrddir}
140
141 export CONFDIR=%{_sysconfdir}/%{name}
142
143 pushd %{name}-core-%{version_main}
144 ./configure.pl
145 DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
146 popd
147
148 pushd %{name}-%{version_main}
149
150
151 # (blino) enable startup (new setting as of 2.1.3)
152 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
153
154 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
155 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
156
157 # blank Internal option
158 perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
159
160 # (tpg) do the optimizations
161 perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
162
163 # (tpg) set config path
164 perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
165
166 # (lmenut) mga kernel modules are compressed by default (mga #1147)
167 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
168
169 # (alien) have accounting by default in the mangle table
170 perl -pi -e 's#ACCOUNTING_TABLE=.*#ACCOUNTING_TABLE=mangle#' configfiles/%{name}.conf
171
172 DESTDIR=%{buildroot} ./configure.pl
173
174 # let's do the install
175 DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
176 popd
177
178 #(tpg) IPv6
179 pushd %{name6}-%{ipv6_ver}
180 # (blino) enable startup (new setting as of 2.1.3)
181 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
182 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
183 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
184 # (lmenut) mga kernel modules are compressed by default (mga #1147)
185 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
186
187 ./configure.pl
188
189 DESTDIR=%{buildroot} ./install.sh
190 popd
191
192 pushd %{name6}-lite-%{ipv6_lite_ver}
193
194 ./configure.pl
195
196 DESTDIR=%{buildroot} ./install.sh
197 popd
198
199 pushd %{name}-lite-%{version_lite}
200
201 ./configure.pl
202
203 DESTDIR=%{buildroot} ./install.sh
204 popd
205
206 # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
207 # startup script by RPM. This automatic replacement is broken.
208 export DONT_GPRINTIFY=1
209
210 #(tpg) looks like these files are needed
211 touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
212 touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
213
214 #(tpg) ipv6
215 touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
216 touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
217
218 #(tpg) remove hash-bang
219 find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
220
221 # (tpg) let's use dash everywhere!
222 find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
223
224 #remove unused files because of %exclude misbehaviour
225 rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
226 rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
227
228 %post
229 if [ "$1" -ge 1 ] ; then
230 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
231 perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
232 fi
233 %_post_service shorewall
234
235 %create_ghostfile %{_var}/lib/%{name}/chains root root 644
236 %create_ghostfile %{_var}/lib/%{name}/nat root root 644
237 %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
238 %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
239 %create_ghostfile %{_var}/lib/%{name}/zones root root 644
240 %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
241 %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
242 %create_ghostfile %{_var}/lib/%{name}/state root root 644
243 %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
244 %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
245 %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
246 %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
247 %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
248 %create_ghostfile %{_var}/lib/%{name}/.start root root 700
249
250 %preun
251 %_preun_service %{name}
252 if [ $1 = 0 ] ; then
253 rm -f %{_sysconfdir}/%{name}/startup_disabled
254 rm -f %{_var}/lib/%{name}/*
255 fi
256
257 %post lite
258 %_post_service %{name}-lite
259 %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
260
261 %preun lite
262 %_preun_service %{name}-lite
263
264 %post ipv6
265 if [ $1 > 1 ] ; then
266 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
267 perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
268 fi
269 %_post_service %{name6}
270
271 %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
272 %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
273 %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
274 %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
275 %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
276 %create_ghostfile %{_var}/lib/%{name6}/state root root 644
277 %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
278 %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
279 %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
280 %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
281 %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
282 %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
283
284 %preun ipv6
285 %_preun_service %{name6}
286 if [ $1 = 0 ] ; then
287 rm -f %{_sysconfdir}/%{name6}/startup_disabled
288 rm -f %{_var}/lib/%{name6}/*
289 fi
290
291 %post ipv6-lite
292 %_post_service %{name6}-lite
293 %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
294
295 %preun ipv6-lite
296 %_preun_service %{name6}-lite
297
298 %files
299 %doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
300 %dir %{_datadir}/%{name}
301 %dir %attr(755,root,root) %{_var}/lib/%{name}
302 %ghost %{_var}/lib/%{name}/*
303 %ghost %{_var}/lib/%{name}/.??*
304 %config %{_sysconfdir}/logrotate.d/%{name}
305 %attr(700,root,root) %{_initrddir}/%{name}
306 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}
307 %attr(755,root,root) /sbin/%{name}
308 %{_datadir}/%{name}/action*
309 %{_datadir}/%{name}/configpath
310 %{_datadir}/%{name}/functions
311 #%{_datadir}/%{name}/getparams
312 %{_datadir}/%{name}/helpers
313 %{_datadir}/%{name}/lib.*
314 %{_datadir}/%{name}/macro.*
315 %{_datadir}/%{name}/modules*
316 %{_datadir}/%{name}/version
317 #%{_datadir}/%{name}/wait4ifup
318 %{_mandir}/man5/%{name}-accounting.5.*
319 %{_mandir}/man5/%{name}-actions.5.*
320 %{_mandir}/man5/%{name}-blacklist.5.*
321 %{_mandir}/man5/%{name}-ecn.5.*
322 %{_mandir}/man5/%{name}-exclusion.5.*
323 %{_mandir}/man5/%{name}-hosts.5.*
324 %{_mandir}/man5/%{name}-interfaces.5.*
325 %{_mandir}/man5/%{name}-ipsets.5.*
326 %{_mandir}/man5/%{name}-maclist.5.*
327 %{_mandir}/man5/%{name}-masq.5.*
328 %{_mandir}/man5/%{name}-modules.5.*
329 %{_mandir}/man5/%{name}-nat.5.*
330 %{_mandir}/man5/%{name}-nesting.5.*
331 #%{_mandir}/man5/%{name}-notrack.5.*
332 %{_mandir}/man5/%{name}-netmap.5.*
333 %{_mandir}/man5/%{name}-params.5.*
334 %{_mandir}/man5/%{name}-policy.5.*
335 %{_mandir}/man5/%{name}-providers.5.*
336 %{_mandir}/man5/%{name}-proxyarp.5.*
337 #%{_mandir}/man5/%{name}-route_rules.5.*
338 %{_mandir}/man5/%{name}-routes.5.*
339 %{_mandir}/man5/%{name}-routestopped.5.*
340 %{_mandir}/man5/%{name}-rules.5.*
341 %{_mandir}/man5/%{name}-secmarks.5.*
342 %{_mandir}/man5/%{name}-tcclasses.5.*
343 %{_mandir}/man5/%{name}-tcinterfaces.5.*
344 %{_mandir}/man5/%{name}-tcpri.5.*
345 %{_mandir}/man5/%{name}-tcdevices.5.*
346 %{_mandir}/man5/%{name}-tcfilters.5.*
347 %{_mandir}/man5/%{name}-tcrules.5.*
348 %{_mandir}/man5/%{name}-tos.5.*
349 %{_mandir}/man5/%{name}-tunnels.5.*
350 %{_mandir}/man5/%{name}-vardir.5.*
351 %{_mandir}/man5/%{name}-zones.5.*
352 %{_mandir}/man5/%{name}.conf.5.*
353 %{_mandir}/man8/%{name}.8.*
354 %{_mandir}/man8/%{name}-init.8.*
355 %{_mandir}/man5/%{name}-blrules.5.*
356 %{_mandir}/man5/%{name}-conntrack.5.*
357 %{_mandir}/man5/%{name}-rtrules.5.*
358 %{_mandir}/man5/%{name}-stoppedrules.5.*
359 #%dir %{_datadir}/shorewall/Shorewall
360 %{_datadir}/perl5/vendor_perl/Shorewall/*.pm
361 #%{_datadir}/shorewall/compiler.pl
362 %{_datadir}/shorewall/prog.footer
363 #%{_datadir}/shorewall/prog.header
364 %{_datadir}/shorewall/coreversion
365
366 %files ipv6
367 %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
368 %dir %{_sysconfdir}/%{name6}
369 %dir %{_datadir}/%{name6}
370 %dir %attr(755,root,root) %{_var}/lib/%{name6}
371 %ghost %{_var}/lib/%{name6}/*
372 %ghost %{_var}/lib/%{name6}/.??*
373 %attr(700,root,root) %{_initrddir}/%{name6}
374 %config(noreplace) %{_sysconfdir}/%{name6}/*
375 %config %{_sysconfdir}/logrotate.d/%{name6}
376 %attr(755,root,root) /sbin/%{name6}
377 %{_datadir}/%{name6}/action*
378 #%{_datadir}/%{name}/prog.footer6
379 #%{_datadir}/%{name}/prog.header6
380 %{_datadir}/%{name6}/configpath
381 %{_datadir}/%{name6}/functions
382 %{_datadir}/%{name6}/helpers
383 %{_datadir}/%{name6}/lib.*
384 %{_datadir}/%{name6}/macro.*
385 %{_datadir}/%{name6}/modules*
386 %{_datadir}/%{name6}/version
387 #%{_datadir}/%{name6}/wait4ifup
388 %{_mandir}/man5/%{name6}-accounting.5.*
389 %{_mandir}/man5/%{name6}-actions.5.*
390 %{_mandir}/man5/%{name6}-blacklist.5.*
391 %{_mandir}/man5/%{name6}-exclusion.5.*
392 %{_mandir}/man5/%{name6}-hosts.5.*
393 %{_mandir}/man5/%{name6}-interfaces.5.*
394 %{_mandir}/man5/%{name6}-ipsets.5.*
395 %{_mandir}/man5/%{name6}-maclist.5.*
396 %{_mandir}/man5/%{name6}-modules.5.*
397 %{_mandir}/man5/%{name6}-nesting.5.*
398 #%{_mandir}/man5/%{name6}-notrack.5.*
399 %{_mandir}/man5/%{name6}-params.5.*
400 %{_mandir}/man5/%{name6}-policy.5.*
401 %{_mandir}/man5/%{name6}-providers.5.*
402 %{_mandir}/man5/%{name6}-proxyndp.5.*
403 #%{_mandir}/man5/%{name6}-route_rules.5.*
404 %{_mandir}/man5/%{name6}-routes.5.*
405 %{_mandir}/man5/%{name6}-routestopped.5.*
406 %{_mandir}/man5/%{name6}-rules.5.*
407 %{_mandir}/man5/%{name6}-secmarks.5.*
408 %{_mandir}/man5/%{name6}-tcclasses.5.*
409 %{_mandir}/man5/%{name6}-tcdevices.5.*
410 %{_mandir}/man5/%{name6}-tcfilters.5.*
411 %{_mandir}/man5/%{name6}-tcinterfaces.5.*
412 %{_mandir}/man5/%{name6}-tcpri.5.*
413 %{_mandir}/man5/%{name6}-tcrules.5.*
414 %{_mandir}/man5/%{name6}-tos.5.*
415 %{_mandir}/man5/%{name6}-tunnels.5.*
416 %{_mandir}/man5/%{name6}-vardir.5.*
417 %{_mandir}/man5/%{name6}-zones.5.*
418 %{_mandir}/man5/%{name6}.conf.5.*
419 %{_mandir}/man8/%{name6}.8.*
420 %{_mandir}/man5/%{name6}-blrules.5.*
421 %{_mandir}/man5/%{name6}-conntrack.5.*
422 %{_mandir}/man5/%{name6}-rtrules.5.*
423 %{_mandir}/man5/%{name6}-stoppedrules.5.*
424 %{_mandir}/man5/%{name6}-netmap.5.*
425
426
427 %files lite
428 %doc %{name}-lite-%{version_lite}/*.txt
429 %dir %{_datadir}/%{name}-lite
430 %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
431 %ghost %{_var}/lib/%{name}-lite/*
432 %attr(700,root,root) %{_initrddir}/%{name}-lite
433 %config(noreplace) %{_sysconfdir}/%{name}-lite/*
434 %config %{_sysconfdir}/logrotate.d/%{name}-lite
435 %attr(755,root,root) /sbin/%{name}-lite
436 %{_datadir}/%{name}-lite/configpath
437 %{_datadir}/%{name}-lite/functions
438 %{_datadir}/%{name}-lite/helpers
439 %{_datadir}/%{name}-lite/lib.*
440 %{_datadir}/%{name}-lite/modules*
441 #%{_datadir}/%{name}-lite/shorecap
442 %{_datadir}/%{name}-lite/version
443 #%{_datadir}/%{name}-lite/wait4ifup
444 %{_mandir}/man5/%{name}-lite*
445 %{_mandir}/man8/%{name}-lite*
446
447 %files ipv6-lite
448 %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
449 %dir %{_datadir}/%{name6}-lite
450 %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
451 %ghost %{_var}/lib/%{name6}-lite/*
452 %attr(700,root,root) %{_initrddir}/%{name6}-lite
453 %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
454 %config %{_sysconfdir}/logrotate.d/%{name6}-lite
455 %attr(755,root,root) /sbin/%{name6}-lite
456 %{_datadir}/%{name6}-lite/configpath
457 %{_datadir}/%{name6}-lite/functions
458 %{_datadir}/%{name6}-lite/helpers
459 %{_datadir}/%{name6}-lite/lib.*
460 %{_datadir}/%{name6}-lite/modules*
461 #%{_datadir}/%{name6}-lite/shorecap
462 %{_datadir}/%{name6}-lite/version
463 #%{_datadir}/%{name6}-lite/wait4ifup
464 %{_mandir}/man5/%{name6}-lite*
465 %{_mandir}/man8/%{name6}-lite*
466
467 %files doc
468 %doc %{name}-docs-html-%{version}/*
  ViewVC Help
Powered by ViewVC 1.1.30