current/SPECS/shorewall.spec

%define debug_package %{nil}

%define version_major 4.4
%define version_minor 19.1
%define version %{version_major}.%{version_minor}
%define version_main %{version}
%define version_lite %{version}
%define ipv6_ver %{version}
%define ipv6_lite_ver %{version}
%define sha1sums_ver %{version_main}

%define url_ver %(echo %{version} | cut -d. -f1,2,3)

%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{url_ver}

%define name6 %{name}6

Summary:        Iptables-based firewall for Linux systems
Name:           shorewall
Version:        %{version}
Release:        %mkrel 2
License:        GPLv2+
Group:          System/Servers
URL:            http://www.shorewall.net/
Source0:        %ftp_path/%{name}-%{version_main}.tar.bz2
Source1:        %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
Source2:        %ftp_path/%{name}-docs-html-%{version}.tar.bz2
Source3:        %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
Source4:        %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
Source5:        %ftp_path/%{sha1sums_ver}.sha1sums
Patch0:         %{name}-common-4.2.5-init-script.patch
Patch1:         %{name}-lite-4.2.5-init-script.patch
Patch2:         %{name6}-4.2.5-init-script.patch
Patch3:         %{name6}-lite-4.2.5-init-script.patch
# shorewall 4.4.0 does not adds comments at the end of the file
Patch4:         %{name}-4.4.19.1-comment.patch
Requires:       iptables >= 1.4.1
Requires:       iproute2
Requires:       dash
Requires(post): rpm-helper
Requires(preun):        rpm-helper
Conflicts:      shorewall < 4.0.7-1
BuildConflicts: apt-common
BuildArch:      noarch
BuildRoot:      %{_tmppath}/%{name}-%{version}-buildroot
# since shorewall 4.4 we do not have common, shell and perl modules anymore
Obsoletes:      shorewall-common
Obsoletes:      shorewall-perl
Obsoletes:      shorewall-shell

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package ipv6
Summary:        IPv6 capable Shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires:       iptables-ipv6
Requires:       iproute2
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6
An IPv6 enabled and capable Shoreline Firewall.

%package ipv6-lite
Summary:        Lite version of ipv6 shorewall
Group:          System/Servers
Requires:       %{name}-ipv6 = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description ipv6-lite
Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows 
network administrators to centralize the configuration of Shorewall-based
firewalls.

%package lite
Summary:        Lite version of shorewall
Group:          System/Servers
Requires:       %{name} = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun):        rpm-helper

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.

%package doc
Summary:        Firewall scripts
Group:          System/Servers

%description doc 
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

This package contains the docs.

%prep
%setup -q -c -n %{name}-%{version}
%setup -q -T -D -a 1
%setup -q -T -D -a 2
%setup -q -T -D -a 3
%setup -q -T -D -a 4

pushd %{name}-%{version_main}
%patch0 -p1 -b .init
%patch4 -p1 -b .comment
popd

pushd %{name}-lite-%{version_lite}
%patch1 -p1 -b .initlite
popd

pushd %{name6}-%{ipv6_ver}
%patch2 -p1 -b .init6
popd

pushd %{name6}-lite-%{ipv6_lite_ver}
%patch3 -p1 -b .init6lite
popd

%build
# (tpg) we do nothing here

%install
rm -rf %{buildroot}
export PREFIX=%{buildroot}
export OWNER=`id -n -u`
export GROUP=`id -n -g`
export DEST=%{_initrddir}

pushd %{name}-%{version_main}
export CONFDIR=%{_sysconfdir}/%{name}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf

# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf

# blank Internal option 
perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf

# (tpg) use perl compiler
perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf

# (tpg) do the optimizations
perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf

# (tpg) enable IPv6
perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf

# (tpg) set config path
perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath

# let's do the install
./install.sh
popd

#(tpg) IPv6
pushd %{name6}-%{ipv6_ver}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name6}.conf
# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name6}.conf

./install.sh
popd

pushd %{name6}-lite-%{ipv6_lite_ver}
./install.sh
popd

pushd %{name}-lite-%{version_lite}
./install.sh
popd

# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
# startup script by RPM. This automatic replacement is broken.
export DONT_GPRINTIFY=1

#(tpg) looks like these files are needed
touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall

#(tpg) ipv6
touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall

#(tpg) remove hash-bang
find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;

# (tpg) let's use dash everywhere!
find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;

# add information about 4.4.0 upgrade
cat > README.4.4.0.upgrade.urpmi << EOF
As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
were merged into a single shorewall package. Other notable changes in 4.4.0
version are:
 - The support for shorewall-shell has been discontinued
 - Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
   has been removed.
 - Support for norfc1918 and RFC1918_STRICT have been removed.
 - The name 'any' is now reserved and may not be used as a zone name.

If you were relying on those options, please review your shorewall
configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
for further instructions.
EOF

#remove unused files because of %exclude misbehaviour
rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*


%clean
rm -rf %{buildroot}

%post
%_post_service shorewall

%create_ghostfile %{_var}/lib/%{name}/chains root root 644
%create_ghostfile %{_var}/lib/%{name}/nat root root 644
%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name}/zones root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name}/state root root 644
%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name}/.start root root 700

%preun
%_preun_service %{name}
if [ $1 = 0 ] ; then
  %{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
  %{__rm} -f %{_var}/lib/%{name}/*
fi

%post lite
%_post_service %{name}-lite
%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644

%preun lite
%_preun_service %{name}-lite

%post ipv6
%_post_service %{name6}

%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
%create_ghostfile %{_var}/lib/%{name6}/state root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
%create_ghostfile %{_var}/lib/%{name6}/.start root root 700

%preun ipv6
%_preun_service %{name6}
if [ $1 = 0 ] ; then
  %{__rm} -f %{_sysconfdir}/%{name6}/startup_disabled
  %{__rm} -f %{_var}/lib/%{name6}/*
fi

%post ipv6-lite
%_post_service %{name6}-lite
%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644

%preun ipv6-lite
%_preun_service %{name6}-lite

%files
%defattr(-,root,root)
%doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %attr(755,root,root) %{_var}/lib/%{name}
%ghost %{_var}/lib/%{name}/*
%ghost %{_var}/lib/%{name}/.??*
%config %{_sysconfdir}/logrotate.d/%{name}
%attr(700,root,root) %{_initrddir}/%{name}
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
%attr(755,root,root) /sbin/%{name}
%{_datadir}/%{name}/action*
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/functions
%{_datadir}/%{name}/getparams
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/lib.*
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/modules*
%{_datadir}/%{name}/version
%{_datadir}/%{name}/wait4ifup
%{_mandir}/man5/%{name}-accounting.5.*
%{_mandir}/man5/%{name}-actions.5.*
%{_mandir}/man5/%{name}-blacklist.5.*
%{_mandir}/man5/%{name}-ecn.5.*
%{_mandir}/man5/%{name}-exclusion.5.*
%{_mandir}/man5/%{name}-hosts.5.*
%{_mandir}/man5/%{name}-interfaces.5.*
%{_mandir}/man5/%{name}-ipsets.5.*
%{_mandir}/man5/%{name}-maclist.5.*
%{_mandir}/man5/%{name}-masq.5.*
%{_mandir}/man5/%{name}-modules.5.*
%{_mandir}/man5/%{name}-nat.5.*
%{_mandir}/man5/%{name}-nesting.5.*
%{_mandir}/man5/%{name}-notrack.5.*
%{_mandir}/man5/%{name}-netmap.5.*
%{_mandir}/man5/%{name}-params.5.*
%{_mandir}/man5/%{name}-policy.5.*
%{_mandir}/man5/%{name}-providers.5.*
%{_mandir}/man5/%{name}-proxyarp.5.*
%{_mandir}/man5/%{name}-route_rules.5.*
%{_mandir}/man5/%{name}-routes.5.*
%{_mandir}/man5/%{name}-routestopped.5.*
%{_mandir}/man5/%{name}-rules.5.*
%{_mandir}/man5/%{name}-secmarks.5.*
%{_mandir}/man5/%{name}-tcclasses.5.*
%{_mandir}/man5/%{name}-tcinterfaces.5.*
%{_mandir}/man5/%{name}-tcpri.5.*
%{_mandir}/man5/%{name}-tcdevices.5.*
%{_mandir}/man5/%{name}-tcfilters.5.*
%{_mandir}/man5/%{name}-tcrules.5.*
%{_mandir}/man5/%{name}-tos.5.*
%{_mandir}/man5/%{name}-tunnels.5.*
%{_mandir}/man5/%{name}-vardir.5.*
%{_mandir}/man5/%{name}-zones.5.*
%{_mandir}/man5/%{name}.conf.5.*
%{_mandir}/man8/%{name}.8.*
%{_mandir}/man8/%{name}-init.8.*
%{_datadir}/shorewall/Shorewall/*.pm
%{_datadir}/shorewall/compiler.pl
%{_datadir}/shorewall/prog.footer
%{_datadir}/shorewall/prog.header


%files ipv6
%defattr(-,root,root)
%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
%dir %{_sysconfdir}/%{name6}
%dir %{_datadir}/%{name6}
%dir %attr(755,root,root) %{_var}/lib/%{name6}
%ghost %{_var}/lib/%{name6}/*
%ghost %{_var}/lib/%{name6}/.??*
%attr(700,root,root) %{_initrddir}/%{name6}
%config(noreplace) %{_sysconfdir}/%{name6}/*
%config %{_sysconfdir}/logrotate.d/%{name6}
%attr(755,root,root) /sbin/%{name6}
%{_datadir}/%{name6}/action*
%{_datadir}/%{name}/prog.footer6
%{_datadir}/%{name}/prog.header6
%{_datadir}/%{name6}/configpath
%{_datadir}/%{name6}/functions
%{_datadir}/%{name6}/helpers
%{_datadir}/%{name6}/lib.*
%{_datadir}/%{name6}/macro.*
%{_datadir}/%{name6}/modules*
%{_datadir}/%{name6}/version
%{_datadir}/%{name6}/wait4ifup
%{_mandir}/man5/%{name6}-accounting.5.*
%{_mandir}/man5/%{name6}-actions.5.*
%{_mandir}/man5/%{name6}-blacklist.5.*
%{_mandir}/man5/%{name6}-exclusion.5.*
%{_mandir}/man5/%{name6}-hosts.5.*
%{_mandir}/man5/%{name6}-interfaces.5.*
%{_mandir}/man5/%{name6}-maclist.5.*
%{_mandir}/man5/%{name6}-modules.5.*
%{_mandir}/man5/%{name6}-nesting.5.*
%{_mandir}/man5/%{name6}-notrack.5.*
%{_mandir}/man5/%{name6}-params.5.*
%{_mandir}/man5/%{name6}-policy.5.*
%{_mandir}/man5/%{name6}-providers.5.*
%{_mandir}/man5/%{name6}-proxyndp.5.*
%{_mandir}/man5/%{name6}-route_rules.5.*
%{_mandir}/man5/%{name6}-routes.5.*
%{_mandir}/man5/%{name6}-routestopped.5.*
%{_mandir}/man5/%{name6}-rules.5.*
%{_mandir}/man5/%{name6}-secmarks.5.*
%{_mandir}/man5/%{name6}-tcclasses.5.*
%{_mandir}/man5/%{name6}-tcdevices.5.*
%{_mandir}/man5/%{name6}-tcfilters.5.*
%{_mandir}/man5/%{name6}-tcinterfaces.5.*
%{_mandir}/man5/%{name6}-tcpri.5.*
%{_mandir}/man5/%{name6}-tcrules.5.*
%{_mandir}/man5/%{name6}-tos.5.*
%{_mandir}/man5/%{name6}-tunnels.5.*
%{_mandir}/man5/%{name6}-vardir.5.*
%{_mandir}/man5/%{name6}-zones.5.*
%{_mandir}/man5/%{name6}.conf.5.*
%{_mandir}/man8/%{name6}.8.*

%files lite
%defattr(-,root,root)
%doc %{name}-lite-%{version_lite}/*.txt
%dir %{_datadir}/%{name}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
%ghost %{_var}/lib/%{name}-lite/*
%attr(700,root,root) %{_initrddir}/%{name}-lite
%config(noreplace) %{_sysconfdir}/%{name}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name}-lite
%attr(755,root,root) /sbin/%{name}-lite
%{_datadir}/%{name}-lite/configpath
%{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/helpers
%{_datadir}/%{name}-lite/lib.*
%{_datadir}/%{name}-lite/modules*
%{_datadir}/%{name}-lite/shorecap
%{_datadir}/%{name}-lite/version
%{_datadir}/%{name}-lite/wait4ifup
%{_mandir}/man5/%{name}-lite*
%{_mandir}/man8/%{name}-lite*

%files ipv6-lite
%defattr(-,root,root)
%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
%dir %{_datadir}/%{name6}-lite
%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
%ghost %{_var}/lib/%{name6}-lite/*
%attr(700,root,root) %{_initrddir}/%{name6}-lite
%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
%config %{_sysconfdir}/logrotate.d/%{name6}-lite
%attr(755,root,root) /sbin/%{name6}-lite
%{_datadir}/%{name6}-lite/configpath
%{_datadir}/%{name6}-lite/functions
%{_datadir}/%{name6}-lite/helpers
%{_datadir}/%{name6}-lite/lib.*
%{_datadir}/%{name6}-lite/modules*
%{_datadir}/%{name6}-lite/shorecap
%{_datadir}/%{name6}-lite/version
%{_datadir}/%{name6}-lite/wait4ifup
%{_mandir}/man5/%{name6}-lite*
%{_mandir}/man8/%{name6}-lite*

%files doc
%defattr(-,root,root)
%doc %{name}-docs-html-%{version}/*
1	%define debug_package %{nil}
2
3	%define version_major 4.4
4	%define version_minor 19.1
5	%define version %{version_major}.%{version_minor}
6	%define version_main %{version}
7	%define version_lite %{version}
8	%define ipv6_ver %{version}
9	%define ipv6_lite_ver %{version}
10	%define sha1sums_ver %{version_main}
11
12	%define url_ver %(echo %{version} \| cut -d. -f1,2,3)
13
14	%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{url_ver}
15
16	%define name6 %{name}6
17
18	Summary: Iptables-based firewall for Linux systems
19	Name: shorewall
20	Version: %{version}
21	Release: %mkrel 2
22	License: GPLv2+
23	Group: System/Servers
24	URL: http://www.shorewall.net/
25	Source0: %ftp_path/%{name}-%{version_main}.tar.bz2
26	Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
27	Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
28	Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
29	Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
30	Source5: %ftp_path/%{sha1sums_ver}.sha1sums
31	Patch0: %{name}-common-4.2.5-init-script.patch
32	Patch1: %{name}-lite-4.2.5-init-script.patch
33	Patch2: %{name6}-4.2.5-init-script.patch
34	Patch3: %{name6}-lite-4.2.5-init-script.patch
35	# shorewall 4.4.0 does not adds comments at the end of the file
36	Patch4: %{name}-4.4.19.1-comment.patch
37	Requires: iptables >= 1.4.1
38	Requires: iproute2
39	Requires: dash
40	Requires(post): rpm-helper
41	Requires(preun): rpm-helper
42	Conflicts: shorewall < 4.0.7-1
43	BuildConflicts: apt-common
44	BuildArch: noarch
45	BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
46	# since shorewall 4.4 we do not have common, shell and perl modules anymore
47	Obsoletes: shorewall-common
48	Obsoletes: shorewall-perl
49	Obsoletes: shorewall-shell
50
51	%description
52	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
53	(iptables) based firewall that can be used on a dedicated firewall system,
54	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
55
56	%package ipv6
57	Summary: IPv6 capable Shorewall
58	Group: System/Servers
59	Requires: %{name} = %{version}-%{release}
60	Requires: iptables-ipv6
61	Requires: iproute2
62	Requires(post): rpm-helper
63	Requires(preun): rpm-helper
64
65	%description ipv6
66	An IPv6 enabled and capable Shoreline Firewall.
67
68	%package ipv6-lite
69	Summary: Lite version of ipv6 shorewall
70	Group: System/Servers
71	Requires: %{name}-ipv6 = %{version}-%{release}
72	Requires(post): rpm-helper
73	Requires(preun): rpm-helper
74
75	%description ipv6-lite
76	Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
77	network administrators to centralize the configuration of Shorewall-based
78	firewalls.
79
80	%package lite
81	Summary: Lite version of shorewall
82	Group: System/Servers
83	Requires: %{name} = %{version}-%{release}
84	Requires(post): rpm-helper
85	Requires(preun): rpm-helper
86
87	%description lite
88	Shorewall Lite is a companion product to Shorewall that allows network
89	administrators to centralize the configuration of Shorewall-based firewalls.
90
91	%package doc
92	Summary: Firewall scripts
93	Group: System/Servers
94
95	%description doc
96	The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
97	(iptables) based firewall that can be used on a dedicated firewall system,
98	a multi-function gateway/ router/server or on a standalone GNU/Linux system.
99
100	This package contains the docs.
101
102	%prep
103	%setup -q -c -n %{name}-%{version}
104	%setup -q -T -D -a 1
105	%setup -q -T -D -a 2
106	%setup -q -T -D -a 3
107	%setup -q -T -D -a 4
108
109	pushd %{name}-%{version_main}
110	%patch0 -p1 -b .init
111	%patch4 -p1 -b .comment
112	popd
113
114	pushd %{name}-lite-%{version_lite}
115	%patch1 -p1 -b .initlite
116	popd
117
118	pushd %{name6}-%{ipv6_ver}
119	%patch2 -p1 -b .init6
120	popd
121
122	pushd %{name6}-lite-%{ipv6_lite_ver}
123	%patch3 -p1 -b .init6lite
124	popd
125
126	%build
127	# (tpg) we do nothing here
128
129	%install
130	rm -rf %{buildroot}
131	export PREFIX=%{buildroot}
132	export OWNER=`id -n -u`
133	export GROUP=`id -n -g`
134	export DEST=%{_initrddir}
135
136	pushd %{name}-%{version_main}
137	export CONFDIR=%{_sysconfdir}/%{name}
138	# (blino) enable startup (new setting as of 2.1.3)
139	perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
140
141	# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
142	perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
143
144	# blank Internal option
145	perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
146
147	# (tpg) use perl compiler
148	perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
149
150	# (tpg) do the optimizations
151	perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
152
153	# (tpg) enable IPv6
154	perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
155
156	# (tpg) set config path
157	perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
158
159	# let's do the install
160	./install.sh
161	popd
162
163	#(tpg) IPv6
164	pushd %{name6}-%{ipv6_ver}
165	# (blino) enable startup (new setting as of 2.1.3)
166	perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name6}.conf
167	# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
168	perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name6}.conf
169
170	./install.sh
171	popd
172
173	pushd %{name6}-lite-%{ipv6_lite_ver}
174	./install.sh
175	popd
176
177	pushd %{name}-lite-%{version_lite}
178	./install.sh
179	popd
180
181	# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
182	# startup script by RPM. This automatic replacement is broken.
183	export DONT_GPRINTIFY=1
184
185	#(tpg) looks like these files are needed
186	touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
187	touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
188
189	#(tpg) ipv6
190	touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
191	touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
192
193	#(tpg) remove hash-bang
194	find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
195
196	# (tpg) let's use dash everywhere!
197	find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
198
199	# add information about 4.4.0 upgrade
200	cat > README.4.4.0.upgrade.urpmi << EOF
201	As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
202	were merged into a single shorewall package. Other notable changes in 4.4.0
203	version are:
204	- The support for shorewall-shell has been discontinued
205	- Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
206	has been removed.
207	- Support for norfc1918 and RFC1918_STRICT have been removed.
208	- The name 'any' is now reserved and may not be used as a zone name.
209
210	If you were relying on those options, please review your shorewall
211	configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
212	for further instructions.
213	EOF
214
215	#remove unused files because of %exclude misbehaviour
216	rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
217	rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
218
219
220	%clean
221	rm -rf %{buildroot}
222
223	%post
224	%_post_service shorewall
225
226	%create_ghostfile %{_var}/lib/%{name}/chains root root 644
227	%create_ghostfile %{_var}/lib/%{name}/nat root root 644
228	%create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
229	%create_ghostfile %{_var}/lib/%{name}/restarted root root 644
230	%create_ghostfile %{_var}/lib/%{name}/zones root root 644
231	%create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
232	%create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
233	%create_ghostfile %{_var}/lib/%{name}/state root root 644
234	%create_ghostfile %{_var}/lib/%{name}/.modules root root 644
235	%create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
236	%create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
237	%create_ghostfile %{_var}/lib/%{name}/.restart root root 700
238	%create_ghostfile %{_var}/lib/%{name}/.restore root root 700
239	%create_ghostfile %{_var}/lib/%{name}/.start root root 700
240
241	%preun
242	%_preun_service %{name}
243	if [ $1 = 0 ] ; then
244	%{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
245	%{__rm} -f %{_var}/lib/%{name}/*
246	fi
247
248	%post lite
249	%_post_service %{name}-lite
250	%create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
251
252	%preun lite
253	%_preun_service %{name}-lite
254
255	%post ipv6
256	%_post_service %{name6}
257
258	%create_ghostfile %{_var}/lib/%{name6}/chains root root 644
259	%create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
260	%create_ghostfile %{_var}/lib/%{name6}/zones root root 644
261	%create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
262	%create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
263	%create_ghostfile %{_var}/lib/%{name6}/state root root 644
264	%create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
265	%create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
266	%create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
267	%create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
268	%create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
269	%create_ghostfile %{_var}/lib/%{name6}/.start root root 700
270
271	%preun ipv6
272	%_preun_service %{name6}
273	if [ $1 = 0 ] ; then
274	%{__rm} -f %{_sysconfdir}/%{name6}/startup_disabled
275	%{__rm} -f %{_var}/lib/%{name6}/*
276	fi
277
278	%post ipv6-lite
279	%_post_service %{name6}-lite
280	%create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
281
282	%preun ipv6-lite
283	%_preun_service %{name6}-lite
284
285	%files
286	%defattr(-,root,root)
287	%doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
288	%dir %{_sysconfdir}/%{name}
289	%dir %{_datadir}/%{name}
290	%dir %attr(755,root,root) %{_var}/lib/%{name}
291	%ghost %{_var}/lib/%{name}/*
292	%ghost %{_var}/lib/%{name}/.??*
293	%config %{_sysconfdir}/logrotate.d/%{name}
294	%attr(700,root,root) %{_initrddir}/%{name}
295	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
296	%attr(755,root,root) /sbin/%{name}
297	%{_datadir}/%{name}/action*
298	%{_datadir}/%{name}/configpath
299	%{_datadir}/%{name}/functions
300	%{_datadir}/%{name}/getparams
301	%{_datadir}/%{name}/helpers
302	%{_datadir}/%{name}/lib.*
303	%{_datadir}/%{name}/macro.*
304	%{_datadir}/%{name}/modules*
305	%{_datadir}/%{name}/version
306	%{_datadir}/%{name}/wait4ifup
307	%{_mandir}/man5/%{name}-accounting.5.*
308	%{_mandir}/man5/%{name}-actions.5.*
309	%{_mandir}/man5/%{name}-blacklist.5.*
310	%{_mandir}/man5/%{name}-ecn.5.*
311	%{_mandir}/man5/%{name}-exclusion.5.*
312	%{_mandir}/man5/%{name}-hosts.5.*
313	%{_mandir}/man5/%{name}-interfaces.5.*
314	%{_mandir}/man5/%{name}-ipsets.5.*
315	%{_mandir}/man5/%{name}-maclist.5.*
316	%{_mandir}/man5/%{name}-masq.5.*
317	%{_mandir}/man5/%{name}-modules.5.*
318	%{_mandir}/man5/%{name}-nat.5.*
319	%{_mandir}/man5/%{name}-nesting.5.*
320	%{_mandir}/man5/%{name}-notrack.5.*
321	%{_mandir}/man5/%{name}-netmap.5.*
322	%{_mandir}/man5/%{name}-params.5.*
323	%{_mandir}/man5/%{name}-policy.5.*
324	%{_mandir}/man5/%{name}-providers.5.*
325	%{_mandir}/man5/%{name}-proxyarp.5.*
326	%{_mandir}/man5/%{name}-route_rules.5.*
327	%{_mandir}/man5/%{name}-routes.5.*
328	%{_mandir}/man5/%{name}-routestopped.5.*
329	%{_mandir}/man5/%{name}-rules.5.*
330	%{_mandir}/man5/%{name}-secmarks.5.*
331	%{_mandir}/man5/%{name}-tcclasses.5.*
332	%{_mandir}/man5/%{name}-tcinterfaces.5.*
333	%{_mandir}/man5/%{name}-tcpri.5.*
334	%{_mandir}/man5/%{name}-tcdevices.5.*
335	%{_mandir}/man5/%{name}-tcfilters.5.*
336	%{_mandir}/man5/%{name}-tcrules.5.*
337	%{_mandir}/man5/%{name}-tos.5.*
338	%{_mandir}/man5/%{name}-tunnels.5.*
339	%{_mandir}/man5/%{name}-vardir.5.*
340	%{_mandir}/man5/%{name}-zones.5.*
341	%{_mandir}/man5/%{name}.conf.5.*
342	%{_mandir}/man8/%{name}.8.*
343	%{_mandir}/man8/%{name}-init.8.*
344	%{_datadir}/shorewall/Shorewall/*.pm
345	%{_datadir}/shorewall/compiler.pl
346	%{_datadir}/shorewall/prog.footer
347	%{_datadir}/shorewall/prog.header
348
349
350	%files ipv6
351	%defattr(-,root,root)
352	%doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
353	%dir %{_sysconfdir}/%{name6}
354	%dir %{_datadir}/%{name6}
355	%dir %attr(755,root,root) %{_var}/lib/%{name6}
356	%ghost %{_var}/lib/%{name6}/*
357	%ghost %{_var}/lib/%{name6}/.??*
358	%attr(700,root,root) %{_initrddir}/%{name6}
359	%config(noreplace) %{_sysconfdir}/%{name6}/*
360	%config %{_sysconfdir}/logrotate.d/%{name6}
361	%attr(755,root,root) /sbin/%{name6}
362	%{_datadir}/%{name6}/action*
363	%{_datadir}/%{name}/prog.footer6
364	%{_datadir}/%{name}/prog.header6
365	%{_datadir}/%{name6}/configpath
366	%{_datadir}/%{name6}/functions
367	%{_datadir}/%{name6}/helpers
368	%{_datadir}/%{name6}/lib.*
369	%{_datadir}/%{name6}/macro.*
370	%{_datadir}/%{name6}/modules*
371	%{_datadir}/%{name6}/version
372	%{_datadir}/%{name6}/wait4ifup
373	%{_mandir}/man5/%{name6}-accounting.5.*
374	%{_mandir}/man5/%{name6}-actions.5.*
375	%{_mandir}/man5/%{name6}-blacklist.5.*
376	%{_mandir}/man5/%{name6}-exclusion.5.*
377	%{_mandir}/man5/%{name6}-hosts.5.*
378	%{_mandir}/man5/%{name6}-interfaces.5.*
379	%{_mandir}/man5/%{name6}-maclist.5.*
380	%{_mandir}/man5/%{name6}-modules.5.*
381	%{_mandir}/man5/%{name6}-nesting.5.*
382	%{_mandir}/man5/%{name6}-notrack.5.*
383	%{_mandir}/man5/%{name6}-params.5.*
384	%{_mandir}/man5/%{name6}-policy.5.*
385	%{_mandir}/man5/%{name6}-providers.5.*
386	%{_mandir}/man5/%{name6}-proxyndp.5.*
387	%{_mandir}/man5/%{name6}-route_rules.5.*
388	%{_mandir}/man5/%{name6}-routes.5.*
389	%{_mandir}/man5/%{name6}-routestopped.5.*
390	%{_mandir}/man5/%{name6}-rules.5.*
391	%{_mandir}/man5/%{name6}-secmarks.5.*
392	%{_mandir}/man5/%{name6}-tcclasses.5.*
393	%{_mandir}/man5/%{name6}-tcdevices.5.*
394	%{_mandir}/man5/%{name6}-tcfilters.5.*
395	%{_mandir}/man5/%{name6}-tcinterfaces.5.*
396	%{_mandir}/man5/%{name6}-tcpri.5.*
397	%{_mandir}/man5/%{name6}-tcrules.5.*
398	%{_mandir}/man5/%{name6}-tos.5.*
399	%{_mandir}/man5/%{name6}-tunnels.5.*
400	%{_mandir}/man5/%{name6}-vardir.5.*
401	%{_mandir}/man5/%{name6}-zones.5.*
402	%{_mandir}/man5/%{name6}.conf.5.*
403	%{_mandir}/man8/%{name6}.8.*
404
405	%files lite
406	%defattr(-,root,root)
407	%doc %{name}-lite-%{version_lite}/*.txt
408	%dir %{_datadir}/%{name}-lite
409	%dir %attr(755,root,root) %{_var}/lib/%{name}-lite
410	%ghost %{_var}/lib/%{name}-lite/*
411	%attr(700,root,root) %{_initrddir}/%{name}-lite
412	%config(noreplace) %{_sysconfdir}/%{name}-lite/*
413	%config %{_sysconfdir}/logrotate.d/%{name}-lite
414	%attr(755,root,root) /sbin/%{name}-lite
415	%{_datadir}/%{name}-lite/configpath
416	%{_datadir}/%{name}-lite/functions
417	%{_datadir}/%{name}-lite/helpers
418	%{_datadir}/%{name}-lite/lib.*
419	%{_datadir}/%{name}-lite/modules*
420	%{_datadir}/%{name}-lite/shorecap
421	%{_datadir}/%{name}-lite/version
422	%{_datadir}/%{name}-lite/wait4ifup
423	%{_mandir}/man5/%{name}-lite*
424	%{_mandir}/man8/%{name}-lite*
425
426	%files ipv6-lite
427	%defattr(-,root,root)
428	%doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
429	%dir %{_datadir}/%{name6}-lite
430	%dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
431	%ghost %{_var}/lib/%{name6}-lite/*
432	%attr(700,root,root) %{_initrddir}/%{name6}-lite
433	%config(noreplace) %{_sysconfdir}/%{name6}-lite/*
434	%config %{_sysconfdir}/logrotate.d/%{name6}-lite
435	%attr(755,root,root) /sbin/%{name6}-lite
436	%{_datadir}/%{name6}-lite/configpath
437	%{_datadir}/%{name6}-lite/functions
438	%{_datadir}/%{name6}-lite/helpers
439	%{_datadir}/%{name6}-lite/lib.*
440	%{_datadir}/%{name6}-lite/modules*
441	%{_datadir}/%{name6}-lite/shorecap
442	%{_datadir}/%{name6}-lite/version
443	%{_datadir}/%{name6}-lite/wait4ifup
444	%{_mandir}/man5/%{name6}-lite*
445	%{_mandir}/man8/%{name6}-lite*
446
447	%files doc
448	%defattr(-,root,root)
449	%doc %{name}-docs-html-%{version}/*