current/SPECS/shorewall.spec

%define debug_package %{nil}

%define version_major 4.5
%define version_minor 10.1
%define version %{version_major}.%{version_minor}
%define version_main %{version}
%define version_lite %{version}
%define ipv6_ver %{version}
%define ipv6_lite_ver %{version}
%define sha1sums_ver %{version}
%define ftp_ver %{version_major}.10
%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}

%define name6 %{name}6

Summary:        Iptables-based firewall for Linux systems
Name:           shorewall
Version:        %{version}
Release:        %mkrel 1
License:        GPLv2+ and LGPLv2.1+
Group:          System/Servers
URL:            http://www.shorewall.net/
Source0:        %ftp_path/%{name}-%{version}.tar.bz2
Source1:        %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
Source2:        %ftp_path/%{name}-docs-html-%{version}.tar.bz2
Source3:        %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
Source4:        %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
Source5:        %ftp_path/%{sha1sums_ver}.sha1sums
Source6:        %ftp_path/%{name}-core-%{version}.tar.bz2
Patch4:         %{name}-4.4.23-allow-netmask-0.patch
Requires:       iptables
Requires:       iproute2
Requires(post): rpm-helper
Requires(preun): rpm-helper
BuildConflicts: apt-common
BuildArch:      noarch

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package core
Summary:        Shorewall core libraries
Group:          System/Servers
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description core
An IPv6 enabled and capable Shoreline Firewall.


%package ipv6
Summary:        IPv6 capable Shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires:       iptables-ipv6
Requires:       iproute2
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6
An IPv6 enabled and capable Shoreline Firewall.

%package ipv6-lite
Summary:        Lite version of ipv6 shorewall
Group:          System/Servers
Requires:       %{name}-ipv6 = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6-lite
Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows 
network administrators to centralize the configuration of Shorewall-based
firewalls.

%package lite
Summary:        Lite version of shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.

%package doc
Summary:        Firewall scripts
Group:          System/Servers

%description doc 
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

This package contains the docs.

%prep
%setup -q -c -n %{name}-%{version}
%setup -q -T -D -a 1
%setup -q -T -D -a 2
%setup -q -T -D -a 3
%setup -q -T -D -a 4
%setup -q -T -D -a 6

pushd %{name}-%{version_main}
%patch4 -p1 -b .allow-netmask-0
popd

%build
# (tpg) we do nothing here

%install
mkdir -p %{buildroot}%{_unitdir}

export PREFIX=%{buildroot}
export OWNER=`id -n -u`
export GROUP=`id -n -g`

export CONFDIR=%{_sysconfdir}/%{name}

pushd %{name}-core-%{version_main}
./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
popd

pushd %{name}-%{version_main}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf

# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf

# blank Internal option  
perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf

# (tpg) do the optimizations
perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf

# (tpg) set config path
perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath

# (lmenut) mga kernel modules are compressed by default (mga #1147)
perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf

# (alien) have accounting by default in the mangle table
perl -pi -e 's#ACCOUNTING_TABLE=.*#ACCOUNTING_TABLE=mangle#' configfiles/%{name}.conf

./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}

# let's do the install
DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
install -m 644 *.service %{buildroot}%{_unitdir}
popd

#(tpg) IPv6
pushd %{name6}-%{ipv6_ver}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
# (lmenut) mga kernel modules are compressed by default (mga #1147)
perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
./configure.pl  SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
DESTDIR=%{buildroot} ./install.sh
install -m 644 *.service %{buildroot}%{_unitdir}
popd

pushd %{name6}-lite-%{ipv6_lite_ver}
./configure.pl  SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
DESTDIR=%{buildroot} ./install.sh
install -m 644 *.service %{buildroot}%{_unitdir}
popd

pushd %{name}-lite-%{version_lite}
./configure.pl  SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
DESTDIR=%{buildroot} ./install.sh
install -m 644 *.service %{buildroot}%{_unitdir}
popd

# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
# startup script by RPM. This automatic replacement is broken.
export DONT_GPRINTIFY=1

#(tpg) looks like these files are needed
touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall

#(tpg) ipv6
touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall

#(tpg) remove hash-bang
find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;

#remove unused files because of %exclude misbehaviour
rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*

# Remove sysv init files
rm -rf %{buildroot}%{_initrddir}

%post
if [ "$1" -ge 1 ] ; then
  perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
  perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
fi
%_post_service shorewall

%create_ghostfile %{_var}/lib/%{name}/chains root root 644
%create_ghostfile %{_var}/lib/%{name}/nat root root 644
%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name}/zones root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name}/state root root 644
%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name}/.start root root 700

%preun
%_preun_service %{name}
if [ $1 = 0 ] ; then
  rm -f %{_sysconfdir}/%{name}/startup_disabled
  rm -f %{_var}/lib/%{name}/*
fi

%post lite
%_post_service %{name}-lite
%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644

%preun lite
%_preun_service %{name}-lite

%post ipv6
if [ $1 > 1 ] ; then
  perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
  perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
fi
%_post_service %{name6}

%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name6}/state root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name6}/.start root root 700

%preun ipv6
%_preun_service %{name6}
if [ $1 = 0 ] ; then
  rm -f %{_sysconfdir}/%{name6}/startup_disabled
  rm -f %{_var}/lib/%{name6}/*
fi

%post ipv6-lite
%_post_service %{name6}-lite
%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644

%preun ipv6-lite
%_preun_service %{name6}-lite

%files
%doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
%dir %{_datadir}/%{name}
%dir %attr(755,root,root) %{_var}/lib/%{name}
%ghost %{_var}/lib/%{name}/*
%ghost %{_var}/lib/%{name}/.??*
%config %{_sysconfdir}/logrotate.d/%{name}
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}
#%attr(755,root,root) %{_sbindir}/%{name}
%attr(755,root,root) /sbin/%{name}
%{_datadir}/%{name}/action*
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/functions
#%{_datadir}/%{name}/getparams
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/lib.*
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/modules*
%{_datadir}/%{name}/version
#%{_datadir}/%{name}/wait4ifup
%{_mandir}/man5/%{name}-accounting.5.*
%{_mandir}/man5/%{name}-actions.5.*
%{_mandir}/man5/%{name}-blacklist.5.*
%{_mandir}/man5/%{name}-ecn.5.*
%{_mandir}/man5/%{name}-exclusion.5.*
%{_mandir}/man5/%{name}-hosts.5.*
%{_mandir}/man5/%{name}-interfaces.5.*
%{_mandir}/man5/%{name}-ipsets.5.*
%{_mandir}/man5/%{name}-maclist.5.*
%{_mandir}/man5/%{name}-masq.5.*
%{_mandir}/man5/%{name}-modules.5.*
%{_mandir}/man5/%{name}-nat.5.*
%{_mandir}/man5/%{name}-nesting.5.*
#%{_mandir}/man5/%{name}-notrack.5.*
%{_mandir}/man5/%{name}-netmap.5.*
%{_mandir}/man5/%{name}-params.5.*
%{_mandir}/man5/%{name}-policy.5.*
%{_mandir}/man5/%{name}-providers.5.*
%{_mandir}/man5/%{name}-proxyarp.5.*
#%{_mandir}/man5/%{name}-route_rules.5.*
%{_mandir}/man5/%{name}-routes.5.*
%{_mandir}/man5/%{name}-routestopped.5.*
%{_mandir}/man5/%{name}-rules.5.*
%{_mandir}/man5/%{name}-secmarks.5.*
%{_mandir}/man5/%{name}-tcclasses.5.*
%{_mandir}/man5/%{name}-tcinterfaces.5.*
%{_mandir}/man5/%{name}-tcpri.5.*
%{_mandir}/man5/%{name}-tcdevices.5.*
%{_mandir}/man5/%{name}-tcfilters.5.*
%{_mandir}/man5/%{name}-tcrules.5.*
%{_mandir}/man5/%{name}-tos.5.*
%{_mandir}/man5/%{name}-tunnels.5.*
%{_mandir}/man5/%{name}-vardir.5.*
%{_mandir}/man5/%{name}-zones.5.*
%{_mandir}/man5/%{name}.conf.5.*
%{_mandir}/man8/%{name}.8.*
%{_mandir}/man8/%{name}-init.8.*
%{_mandir}/man5/%{name}-blrules.5.*
%{_mandir}/man5/%{name}-conntrack.5.*
%{_mandir}/man5/%{name}-rtrules.5.*
%{_mandir}/man5/%{name}-stoppedrules.5.*
#%dir %{_datadir}/shorewall/Shorewall
%{_datadir}/perl5/vendor_perl/Shorewall/*.pm
#%{_datadir}/shorewall/compiler.pl
%{_datadir}/shorewall/prog.footer
#%{_datadir}/shorewall/prog.header
%{_datadir}/shorewall/coreversion

%files ipv6
%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
%dir %{_sysconfdir}/%{name6}
%dir %{_datadir}/%{name6}
%dir %attr(755,root,root) %{_var}/lib/%{name6}
%ghost %{_var}/lib/%{name6}/*
%ghost %{_var}/lib/%{name6}/.??*
%config(noreplace) %{_sysconfdir}/%{name6}/*
%config %{_sysconfdir}/logrotate.d/%{name6}
%attr(755,root,root) %{_sbindir}/%{name6}
%{_datadir}/%{name6}/action*
#%{_datadir}/%{name}/prog.footer6
#%{_datadir}/%{name}/prog.header6
%{_datadir}/%{name6}/configpath
%{_datadir}/%{name6}/functions
%{_datadir}/%{name6}/helpers
%{_datadir}/%{name6}/lib.*
%{_datadir}/%{name6}/macro.*
%{_datadir}/%{name6}/modules*
%{_datadir}/%{name6}/version
#%{_datadir}/%{name6}/wait4ifup
%{_mandir}/man5/%{name6}-accounting.5.*
%{_mandir}/man5/%{name6}-actions.5.*
%{_mandir}/man5/%{name6}-blacklist.5.*
%{_mandir}/man5/%{name6}-exclusion.5.*
%{_mandir}/man5/%{name6}-hosts.5.*
%{_mandir}/man5/%{name6}-interfaces.5.*
%{_mandir}/man5/%{name6}-ipsets.5.*
%{_mandir}/man5/%{name6}-maclist.5.*
%{_mandir}/man5/%{name6}-modules.5.*
%{_mandir}/man5/%{name6}-nesting.5.*
#%{_mandir}/man5/%{name6}-notrack.5.*
%{_mandir}/man5/%{name6}-params.5.*
%{_mandir}/man5/%{name6}-policy.5.*
%{_mandir}/man5/%{name6}-providers.5.*
%{_mandir}/man5/%{name6}-proxyndp.5.*
#%{_mandir}/man5/%{name6}-route_rules.5.*
%{_mandir}/man5/%{name6}-routes.5.*
%{_mandir}/man5/%{name6}-routestopped.5.*
%{_mandir}/man5/%{name6}-rules.5.*
%{_mandir}/man5/%{name6}-secmarks.5.*
%{_mandir}/man5/%{name6}-tcclasses.5.*
%{_mandir}/man5/%{name6}-tcdevices.5.*
%{_mandir}/man5/%{name6}-tcfilters.5.*
%{_mandir}/man5/%{name6}-tcinterfaces.5.*
%{_mandir}/man5/%{name6}-tcpri.5.*
%{_mandir}/man5/%{name6}-tcrules.5.*
%{_mandir}/man5/%{name6}-tos.5.*
%{_mandir}/man5/%{name6}-tunnels.5.*
%{_mandir}/man5/%{name6}-vardir.5.*
%{_mandir}/man5/%{name6}-zones.5.*
%{_mandir}/man5/%{name6}.conf.5.*
%{_mandir}/man8/%{name6}.8.*
%{_mandir}/man5/%{name6}-blrules.5.*
%{_mandir}/man5/%{name6}-conntrack.5.*
%{_mandir}/man5/%{name6}-rtrules.5.*
%{_mandir}/man5/%{name6}-stoppedrules.5.*
%{_mandir}/man5/%{name6}-netmap.5.*


%files lite
%doc %{name}-lite-%{version_lite}/*.txt
%dir %{_datadir}/%{name}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
%ghost %{_var}/lib/%{name}-lite/*
%config(noreplace) %{_sysconfdir}/%{name}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name}-lite
%attr(755,root,root) %{_sbindir}/%{name}-lite
%{_datadir}/%{name}-lite/configpath
%{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/helpers
%{_datadir}/%{name}-lite/lib.*
%{_datadir}/%{name}-lite/modules*
#%{_datadir}/%{name}-lite/shorecap
%{_datadir}/%{name}-lite/version
#%{_datadir}/%{name}-lite/wait4ifup
%{_mandir}/man5/%{name}-lite*
%{_mandir}/man8/%{name}-lite*

%files ipv6-lite
%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
%dir %{_datadir}/%{name6}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
%ghost %{_var}/lib/%{name6}-lite/*
%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name6}-lite
%attr(755,root,root) %{_sbindir}/%{name6}-lite
%{_datadir}/%{name6}-lite/configpath
%{_datadir}/%{name6}-lite/functions
%{_datadir}/%{name6}-lite/helpers
%{_datadir}/%{name6}-lite/lib.*
%{_datadir}/%{name6}-lite/modules*
#%{_datadir}/%{name6}-lite/shorecap
%{_datadir}/%{name6}-lite/version
#%{_datadir}/%{name6}-lite/wait4ifup
%{_mandir}/man5/%{name6}-lite*
%{_mandir}/man8/%{name6}-lite*

%files doc
%doc %{name}-docs-html-%{version}/*

%files core
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
#%dir %{_libexecdir}/shorewall
#%{_libexecdir}/shorewall/wait4ifup
1	%define debug_package %{nil}
2
3	%define version_major 4.5
4	%define version_minor 10.1
5	%define version %{version_major}.%{version_minor}
6	%define version_main %{version}
7	%define version_lite %{version}
8	%define ipv6_ver %{version}
9	%define ipv6_lite_ver %{version}
10	%define sha1sums_ver %{version}
11	%define ftp_ver %{version_major}.10
12	%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}
13
14	%define name6 %{name}6
15
16	Summary: Iptables-based firewall for Linux systems
17	Name: shorewall
18	Version: %{version}
19	Release: %mkrel 1
20	License: GPLv2+ and LGPLv2.1+
21	Group: System/Servers
22	URL: http://www.shorewall.net/
23	Source0: %ftp_path/%{name}-%{version}.tar.bz2
24	Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
25	Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
26	Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
27	Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
28	Source5: %ftp_path/%{sha1sums_ver}.sha1sums
29	Source6: %ftp_path/%{name}-core-%{version}.tar.bz2
30	Patch4: %{name}-4.4.23-allow-netmask-0.patch
31	Requires: iptables
32	Requires: iproute2
33	Requires(post): rpm-helper
34	Requires(preun): rpm-helper
35	BuildConflicts: apt-common
36	BuildArch: noarch
37
38	%description
39	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
40	(iptables) based firewall that can be used on a dedicated firewall system,
41	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
42
43	%package core
44	Summary: Shorewall core libraries
45	Group: System/Servers
46	Requires(post): rpm-helper
47	Requires(preun): rpm-helper
48
49	%description core
50	An IPv6 enabled and capable Shoreline Firewall.
51
52
53	%package ipv6
54	Summary: IPv6 capable Shorewall
55	Group: System/Servers
56	Requires: %{name} = %{version}-%{release}
57	Requires: iptables-ipv6
58	Requires: iproute2
59	Requires(post): rpm-helper
60	Requires(preun): rpm-helper
61
62	%description ipv6
63	An IPv6 enabled and capable Shoreline Firewall.
64
65	%package ipv6-lite
66	Summary: Lite version of ipv6 shorewall
67	Group: System/Servers
68	Requires: %{name}-ipv6 = %{version}-%{release}
69	Requires(post): rpm-helper
70	Requires(preun): rpm-helper
71
72	%description ipv6-lite
73	Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
74	network administrators to centralize the configuration of Shorewall-based
75	firewalls.
76
77	%package lite
78	Summary: Lite version of shorewall
79	Group: System/Servers
80	Requires: %{name} = %{version}-%{release}
81	Requires(post): rpm-helper
82	Requires(preun): rpm-helper
83
84	%description lite
85	Shorewall Lite is a companion product to Shorewall that allows network
86	administrators to centralize the configuration of Shorewall-based firewalls.
87
88	%package doc
89	Summary: Firewall scripts
90	Group: System/Servers
91
92	%description doc
93	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
94	(iptables) based firewall that can be used on a dedicated firewall system,
95	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
96
97	This package contains the docs.
98
99	%prep
100	%setup -q -c -n %{name}-%{version}
101	%setup -q -T -D -a 1
102	%setup -q -T -D -a 2
103	%setup -q -T -D -a 3
104	%setup -q -T -D -a 4
105	%setup -q -T -D -a 6
106
107	pushd %{name}-%{version_main}
108	%patch4 -p1 -b .allow-netmask-0
109	popd
110
111	%build
112	# (tpg) we do nothing here
113
114	%install
115	mkdir -p %{buildroot}%{_unitdir}
116
117	export PREFIX=%{buildroot}
118	export OWNER=`id -n -u`
119	export GROUP=`id -n -g`
120
121	export CONFDIR=%{_sysconfdir}/%{name}
122
123	pushd %{name}-core-%{version_main}
124	./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
125	DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
126	popd
127
128	pushd %{name}-%{version_main}
129	# (blino) enable startup (new setting as of 2.1.3)
130	perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
131
132	# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
133	perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
134
135	# blank Internal option
136	perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
137
138	# (tpg) do the optimizations
139	perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
140
141	# (tpg) set config path
142	perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
143
144	# (lmenut) mga kernel modules are compressed by default (mga #1147)
145	perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
146
147	# (alien) have accounting by default in the mangle table
148	perl -pi -e 's#ACCOUNTING_TABLE=.*#ACCOUNTING_TABLE=mangle#' configfiles/%{name}.conf
149
150	./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
151
152	# let's do the install
153	DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat
154	install -m 644 *.service %{buildroot}%{_unitdir}
155	popd
156
157	#(tpg) IPv6
158	pushd %{name6}-%{ipv6_ver}
159	# (blino) enable startup (new setting as of 2.1.3)
160	perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
161	# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
162	perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
163	# (lmenut) mga kernel modules are compressed by default (mga #1147)
164	perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
165	./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
166	DESTDIR=%{buildroot} ./install.sh
167	install -m 644 *.service %{buildroot}%{_unitdir}
168	popd
169
170	pushd %{name6}-lite-%{ipv6_lite_ver}
171	./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
172	DESTDIR=%{buildroot} ./install.sh
173	install -m 644 *.service %{buildroot}%{_unitdir}
174	popd
175
176	pushd %{name}-lite-%{version_lite}
177	./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir}
178	DESTDIR=%{buildroot} ./install.sh
179	install -m 644 *.service %{buildroot}%{_unitdir}
180	popd
181
182	# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
183	# startup script by RPM. This automatic replacement is broken.
184	export DONT_GPRINTIFY=1
185
186	#(tpg) looks like these files are needed
187	touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
188	touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
189
190	#(tpg) ipv6
191	touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
192	touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
193
194	#(tpg) remove hash-bang
195	find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
196
197	#remove unused files because of %exclude misbehaviour
198	rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
199	rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
200
201	# Remove sysv init files
202	rm -rf %{buildroot}%{_initrddir}
203
204	%post
205	if [ "$1" -ge 1 ] ; then
206	perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
207	perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
208	fi
209	%_post_service shorewall
210
211	%create_ghostfile %{_var}/lib/%{name}/chains root root 644
212	%create_ghostfile %{_var}/lib/%{name}/nat root root 644
213	%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
214	%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
215	%create_ghostfile %{_var}/lib/%{name}/zones root root 644
216	%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
217	%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
218	%create_ghostfile %{_var}/lib/%{name}/state root root 644
219	%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
220	%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
221	%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
222	%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
223	%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
224	%create_ghostfile %{_var}/lib/%{name}/.start root root 700
225
226	%preun
227	%_preun_service %{name}
228	if [ $1 = 0 ] ; then
229	rm -f %{_sysconfdir}/%{name}/startup_disabled
230	rm -f %{_var}/lib/%{name}/*
231	fi
232
233	%post lite
234	%_post_service %{name}-lite
235	%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
236
237	%preun lite
238	%_preun_service %{name}-lite
239
240	%post ipv6
241	if [ $1 > 1 ] ; then
242	perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
243	perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
244	fi
245	%_post_service %{name6}
246
247	%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
248	%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
249	%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
250	%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
251	%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
252	%create_ghostfile %{_var}/lib/%{name6}/state root root 644
253	%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
254	%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
255	%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
256	%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
257	%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
258	%create_ghostfile %{_var}/lib/%{name6}/.start root root 700
259
260	%preun ipv6
261	%_preun_service %{name6}
262	if [ $1 = 0 ] ; then
263	rm -f %{_sysconfdir}/%{name6}/startup_disabled
264	rm -f %{_var}/lib/%{name6}/*
265	fi
266
267	%post ipv6-lite
268	%_post_service %{name6}-lite
269	%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
270
271	%preun ipv6-lite
272	%_preun_service %{name6}-lite
273
274	%files
275	%doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
276	%dir %{_datadir}/%{name}
277	%dir %attr(755,root,root) %{_var}/lib/%{name}
278	%ghost %{_var}/lib/%{name}/*
279	%ghost %{_var}/lib/%{name}/.??*
280	%config %{_sysconfdir}/logrotate.d/%{name}
281	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}
282	#%attr(755,root,root) %{_sbindir}/%{name}
283	%attr(755,root,root) /sbin/%{name}
284	%{_datadir}/%{name}/action*
285	%{_datadir}/%{name}/configpath
286	%{_datadir}/%{name}/functions
287	#%{_datadir}/%{name}/getparams
288	%{_datadir}/%{name}/helpers
289	%{_datadir}/%{name}/lib.*
290	%{_datadir}/%{name}/macro.*
291	%{_datadir}/%{name}/modules*
292	%{_datadir}/%{name}/version
293	#%{_datadir}/%{name}/wait4ifup
294	%{_mandir}/man5/%{name}-accounting.5.*
295	%{_mandir}/man5/%{name}-actions.5.*
296	%{_mandir}/man5/%{name}-blacklist.5.*
297	%{_mandir}/man5/%{name}-ecn.5.*
298	%{_mandir}/man5/%{name}-exclusion.5.*
299	%{_mandir}/man5/%{name}-hosts.5.*
300	%{_mandir}/man5/%{name}-interfaces.5.*
301	%{_mandir}/man5/%{name}-ipsets.5.*
302	%{_mandir}/man5/%{name}-maclist.5.*
303	%{_mandir}/man5/%{name}-masq.5.*
304	%{_mandir}/man5/%{name}-modules.5.*
305	%{_mandir}/man5/%{name}-nat.5.*
306	%{_mandir}/man5/%{name}-nesting.5.*
307	#%{_mandir}/man5/%{name}-notrack.5.*
308	%{_mandir}/man5/%{name}-netmap.5.*
309	%{_mandir}/man5/%{name}-params.5.*
310	%{_mandir}/man5/%{name}-policy.5.*
311	%{_mandir}/man5/%{name}-providers.5.*
312	%{_mandir}/man5/%{name}-proxyarp.5.*
313	#%{_mandir}/man5/%{name}-route_rules.5.*
314	%{_mandir}/man5/%{name}-routes.5.*
315	%{_mandir}/man5/%{name}-routestopped.5.*
316	%{_mandir}/man5/%{name}-rules.5.*
317	%{_mandir}/man5/%{name}-secmarks.5.*
318	%{_mandir}/man5/%{name}-tcclasses.5.*
319	%{_mandir}/man5/%{name}-tcinterfaces.5.*
320	%{_mandir}/man5/%{name}-tcpri.5.*
321	%{_mandir}/man5/%{name}-tcdevices.5.*
322	%{_mandir}/man5/%{name}-tcfilters.5.*
323	%{_mandir}/man5/%{name}-tcrules.5.*
324	%{_mandir}/man5/%{name}-tos.5.*
325	%{_mandir}/man5/%{name}-tunnels.5.*
326	%{_mandir}/man5/%{name}-vardir.5.*
327	%{_mandir}/man5/%{name}-zones.5.*
328	%{_mandir}/man5/%{name}.conf.5.*
329	%{_mandir}/man8/%{name}.8.*
330	%{_mandir}/man8/%{name}-init.8.*
331	%{_mandir}/man5/%{name}-blrules.5.*
332	%{_mandir}/man5/%{name}-conntrack.5.*
333	%{_mandir}/man5/%{name}-rtrules.5.*
334	%{_mandir}/man5/%{name}-stoppedrules.5.*
335	#%dir %{_datadir}/shorewall/Shorewall
336	%{_datadir}/perl5/vendor_perl/Shorewall/*.pm
337	#%{_datadir}/shorewall/compiler.pl
338	%{_datadir}/shorewall/prog.footer
339	#%{_datadir}/shorewall/prog.header
340	%{_datadir}/shorewall/coreversion
341
342	%files ipv6
343	%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
344	%dir %{_sysconfdir}/%{name6}
345	%dir %{_datadir}/%{name6}
346	%dir %attr(755,root,root) %{_var}/lib/%{name6}
347	%ghost %{_var}/lib/%{name6}/*
348	%ghost %{_var}/lib/%{name6}/.??*
349	%config(noreplace) %{_sysconfdir}/%{name6}/*
350	%config %{_sysconfdir}/logrotate.d/%{name6}
351	%attr(755,root,root) %{_sbindir}/%{name6}
352	%{_datadir}/%{name6}/action*
353	#%{_datadir}/%{name}/prog.footer6
354	#%{_datadir}/%{name}/prog.header6
355	%{_datadir}/%{name6}/configpath
356	%{_datadir}/%{name6}/functions
357	%{_datadir}/%{name6}/helpers
358	%{_datadir}/%{name6}/lib.*
359	%{_datadir}/%{name6}/macro.*
360	%{_datadir}/%{name6}/modules*
361	%{_datadir}/%{name6}/version
362	#%{_datadir}/%{name6}/wait4ifup
363	%{_mandir}/man5/%{name6}-accounting.5.*
364	%{_mandir}/man5/%{name6}-actions.5.*
365	%{_mandir}/man5/%{name6}-blacklist.5.*
366	%{_mandir}/man5/%{name6}-exclusion.5.*
367	%{_mandir}/man5/%{name6}-hosts.5.*
368	%{_mandir}/man5/%{name6}-interfaces.5.*
369	%{_mandir}/man5/%{name6}-ipsets.5.*
370	%{_mandir}/man5/%{name6}-maclist.5.*
371	%{_mandir}/man5/%{name6}-modules.5.*
372	%{_mandir}/man5/%{name6}-nesting.5.*
373	#%{_mandir}/man5/%{name6}-notrack.5.*
374	%{_mandir}/man5/%{name6}-params.5.*
375	%{_mandir}/man5/%{name6}-policy.5.*
376	%{_mandir}/man5/%{name6}-providers.5.*
377	%{_mandir}/man5/%{name6}-proxyndp.5.*
378	#%{_mandir}/man5/%{name6}-route_rules.5.*
379	%{_mandir}/man5/%{name6}-routes.5.*
380	%{_mandir}/man5/%{name6}-routestopped.5.*
381	%{_mandir}/man5/%{name6}-rules.5.*
382	%{_mandir}/man5/%{name6}-secmarks.5.*
383	%{_mandir}/man5/%{name6}-tcclasses.5.*
384	%{_mandir}/man5/%{name6}-tcdevices.5.*
385	%{_mandir}/man5/%{name6}-tcfilters.5.*
386	%{_mandir}/man5/%{name6}-tcinterfaces.5.*
387	%{_mandir}/man5/%{name6}-tcpri.5.*
388	%{_mandir}/man5/%{name6}-tcrules.5.*
389	%{_mandir}/man5/%{name6}-tos.5.*
390	%{_mandir}/man5/%{name6}-tunnels.5.*
391	%{_mandir}/man5/%{name6}-vardir.5.*
392	%{_mandir}/man5/%{name6}-zones.5.*
393	%{_mandir}/man5/%{name6}.conf.5.*
394	%{_mandir}/man8/%{name6}.8.*
395	%{_mandir}/man5/%{name6}-blrules.5.*
396	%{_mandir}/man5/%{name6}-conntrack.5.*
397	%{_mandir}/man5/%{name6}-rtrules.5.*
398	%{_mandir}/man5/%{name6}-stoppedrules.5.*
399	%{_mandir}/man5/%{name6}-netmap.5.*
400
401
402	%files lite
403	%doc %{name}-lite-%{version_lite}/*.txt
404	%dir %{_datadir}/%{name}-lite
405	%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
406	%ghost %{_var}/lib/%{name}-lite/*
407	%config(noreplace) %{_sysconfdir}/%{name}-lite/*
408	%config %{_sysconfdir}/logrotate.d/%{name}-lite
409	%attr(755,root,root) %{_sbindir}/%{name}-lite
410	%{_datadir}/%{name}-lite/configpath
411	%{_datadir}/%{name}-lite/functions
412	%{_datadir}/%{name}-lite/helpers
413	%{_datadir}/%{name}-lite/lib.*
414	%{_datadir}/%{name}-lite/modules*
415	#%{_datadir}/%{name}-lite/shorecap
416	%{_datadir}/%{name}-lite/version
417	#%{_datadir}/%{name}-lite/wait4ifup
418	%{_mandir}/man5/%{name}-lite*
419	%{_mandir}/man8/%{name}-lite*
420
421	%files ipv6-lite
422	%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
423	%dir %{_datadir}/%{name6}-lite
424	%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
425	%ghost %{_var}/lib/%{name6}-lite/*
426	%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
427	%config %{_sysconfdir}/logrotate.d/%{name6}-lite
428	%attr(755,root,root) %{_sbindir}/%{name6}-lite
429	%{_datadir}/%{name6}-lite/configpath
430	%{_datadir}/%{name6}-lite/functions
431	%{_datadir}/%{name6}-lite/helpers
432	%{_datadir}/%{name6}-lite/lib.*
433	%{_datadir}/%{name6}-lite/modules*
434	#%{_datadir}/%{name6}-lite/shorecap
435	%{_datadir}/%{name6}-lite/version
436	#%{_datadir}/%{name6}-lite/wait4ifup
437	%{_mandir}/man5/%{name6}-lite*
438	%{_mandir}/man8/%{name6}-lite*
439
440	%files doc
441	%doc %{name}-docs-html-%{version}/*
442
443	%files core
444	%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
445	%dir %{_datadir}/shorewall/
446	%{_datadir}/shorewall/coreversion
447	%{_datadir}/shorewall/functions
448	%{_datadir}/shorewall/lib.base
449	%{_datadir}/shorewall/lib.cli
450	%{_datadir}/shorewall/lib.common
451	%{_datadir}/shorewall/shorewallrc
452	#%dir %{_libexecdir}/shorewall
453	#%{_libexecdir}/shorewall/wait4ifup