shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 #
   5 %define         ver     5.2.8
   6 %define         rel     %{nil}
   7
   8 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   9 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
  10 Name:           shorewall
  11 Version:        %{ver}%{rel}
  12 Release:        3
  13 License:        GPL
  14 Group:          Networking/Utilities
  15 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
  16 # Source0-md5:  0e4041810f066deef40bf9e57fa79e96
  17 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
  18 # Source1-md5:  330562592f437ab44c438988e499d85b
  19 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
  20 # Source2-md5:  4a9a2f55cd40bb2cc17dae0227350c4d
  21 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
  22 # Source3-md5:  be2a9eb5d1aa5de6162e240b24e921e6
  23 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
  24 # Source4-md5:  364a305ecba4ec40eedc5cf1a48e08e9
  25 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
  26 # Source5-md5:  07c7371fd2896e87f373b760561e41a8
  27 Source10:       %{name}.init
  28 Source11:       %{name}.logrotate
  29 Patch0:         %{name}-config.patch
  30 Patch1:         %{name}-logging.patch
  31 Patch2:         tld.patch
  32 Patch3:         man.patch
  33 Patch4:         init.patch
  34 Patch5:         shell-fix.patch
  35 Patch6:         grep.patch
  36 URL:            http://www.shorewall.net/
  37 BuildRequires:  perl
  38 BuildRequires:  perl(Digest::SHA)
  39 BuildRequires:  bash >= 4.0
  40 BuildRequires:  sed
  41 Requires:       bash >= 4.0
  42 Requires:       %{name}-core = %{version}-%{release}
  43 Requires:       iproute2
  44 Requires:       iptables
  45 Requires:       perl-modules
  46 Requires(post): /sbin/chkconfig
  47 BuildArch:      noarch
  48 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  49
  50 %define         _libexecdir     %{_prefix}/lib
  51
  52 %description
  53 The Shoreline Firewall, more commonly known as "Shorewall", is a
  54 Netfilter (iptables) based firewall that can be used on a dedicated
  55 firewall system, a multi-function gateway/ router/server or on a
  56 standalone GNU/Linux system.
  57
  58 %description -l pl.UTF-8
  59 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  60 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  61 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  62 wszechstronny i może być wykorzystany jako zapora sieciowa,
  63 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  64 i prostotę konfiguracji.
  65
  66 %package -n shorewall6
  67 Summary:        Files for the IPV6 Shorewall Firewall
  68 Group:          Applications/System
  69 Requires:       %{name}-core = %{version}-%{release}
  70 Requires:       iproute2
  71 Requires:       iptables
  72 Provides:       shorewall(firewall) = %{version}-%{release}
  73 Requires(post): /sbin/chkconfig
  74
  75 %description -n shorewall6
  76 This package contains the files required for IPV6 functionality of the
  77 Shoreline Firewall (shorewall).
  78
  79 %package lite
  80 Summary:        Shorewall firewall for compiled rulesets
  81 Group:          Applications/System
  82 Requires:       %{name}-core = %{version}-%{release}
  83 Requires:       iproute2
  84 Requires:       iptables
  85 Provides:       shorewall(firewall) = %{version}-%{release}
  86 Requires(post): /sbin/chkconfig
  87
  88 %description lite
  89 Shorewall Lite is a companion product to Shorewall that allows network
  90 administrators to centralize the configuration of Shorewall-based
  91 firewalls. Shorewall Lite runs a firewall script generated by a
  92 machine with a Shorewall rule compiler. A machine running Shorewall
  93 Lite does not need to have a Shorewall rule compiler installed.
  94
  95 %package -n shorewall6-lite
  96 Summary:        Shorewall firewall for compiled IPV6 rulesets
  97 Group:          Applications/System
  98 Requires:       %{name}-core = %{version}-%{release}
  99 Requires:       iproute2
 100 Requires:       iptables
 101 Provides:       shorewall(firewall) = %{version}-%{release}
 102 Requires(post): /sbin/chkconfig
 103
 104 %description -n shorewall6-lite
 105 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 106 firewall) that allows network administrators to centralize the
 107 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 108 firewall script generated by a machine with a Shorewall rule compiler.
 109 A machine running Shorewall Lite does not need to have a Shorewall
 110 rule compiler installed.
 111
 112 %package core
 113 Summary:        Core libraries for Shorewall
 114 Group:          Applications/System
 115 Requires:       logrotate
 116
 117 %description core
 118 This package contains the core libraries for Shorewall.
 119
 120 %package init
 121 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 122 Group:          Applications/System
 123 Requires:       %{name} = %{version}-%{release}
 124 Requires:       NetworkManager
 125 Requires:       iproute2
 126 Requires:       iptables
 127 Requires:       logrotate
 128 Requires:       shorewall(firewall) = %{version}-%{release}
 129 Requires(post): /sbin/chkconfig
 130
 131 %description init
 132 This package adds additional initialization functionality to Shorewall
 133 in two ways. It allows the firewall to be closed prior to bringing up
 134 network devices. This insures that unwanted connections are not
 135 allowed between the time that the network comes up and when the
 136 firewall is started. It also integrates with NetworkManager and
 137 distribution ifup/ifdown systems to allow for 'event-driven' startup
 138 and shutdown.
 139
 140 %prep
 141 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 142 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 143 for i in $targets; do
 144         mv $i-%{version} $i
 145         cp -p $i/shorewallrc.{redhat,tld}
 146         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
 147 done
 148 %patch0 -p1
 149 %patch1 -p1
 150 %patch2 -p1
 151 %patch3 -p1
 152 %patch4 -p1
 153 %patch5 -p1
 154 %patch6 -p1
 155
 156 # Remove hash-bang from files which are not directly executed as shell
 157 # scripts. This silences some rpmlint errors.
 158 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 159
 160 %install
 161 rm -rf $RPM_BUILD_ROOT
 162
 163 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 164 for i in $targets; do
 165         cd $i
 166         ./configure \
 167                 VENDOR=tld \
 168                 LIBEXECDIR=%{_libexecdir} \
 169                 SBINDIR=%{_sbindir}
 170
 171         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 172
 173         cd -
 174 done
 175
 176 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 177 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 178 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
 179
 180 %clean
 181 rm -rf $RPM_BUILD_ROOT
 182
 183 %post
 184 /sbin/chkconfig --add shorewall
 185 %service shorewall restart "Shorewall"
 186
 187 %preun
 188 if [ "$1" = "0" ]; then
 189         %service shorewall stop
 190         /sbin/chkconfig --del shorewall
 191 fi
 192
 193 %files
 194 %defattr(644,root,root,755)
 195 %doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
 196 %attr(755,root,root) %{_sbindir}/shorewall
 197 %dir %{_sysconfdir}/shorewall
 198 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 199 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
 200 %{_datadir}/shorewall/action.*
 201 %{_datadir}/shorewall/actions.std
 202 %{_datadir}/shorewall/configfiles/
 203 %{_datadir}/shorewall/configpath
 204 %{_datadir}/shorewall/helpers
 205 %{_datadir}/shorewall/lib.cli-std
 206 %{_datadir}/shorewall/lib.core
 207 %{_datadir}/shorewall/lib.runtime
 208 %{_datadir}/shorewall/macro.*
 209 %{_datadir}/shorewall/prog.*
 210 %{_datadir}/shorewall/version
 211 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 212 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 213 %{perl_vendorlib}/Shorewall
 214 %{_mandir}/man5/shorewall*
 215 %exclude %{_mandir}/man5/shorewall6*
 216 %exclude %{_mandir}/man5/shorewall-lite*
 217 %{_mandir}/man8/shorewall*
 218 %exclude %{_mandir}/man8/shorewall6*
 219 %exclude %{_mandir}/man8/shorewall-lite*
 220 %exclude %{_mandir}/man8/shorewall-init*
 221 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 222 %dir %{_localstatedir}/lib/shorewall
 223
 224 %files lite
 225 %defattr(644,root,root,755)
 226 %doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
 227 %attr(755,root,root) %{_sbindir}/shorewall-lite
 228 %dir %{_sysconfdir}/shorewall-lite
 229 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 230 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
 231 %{_datadir}/shorewall-lite
 232 %{_libexecdir}/shorewall-lite
 233 %{_mandir}/man5/shorewall-lite*
 234 %{_mandir}/man8/shorewall-lite*
 235 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 236 %dir %{_localstatedir}/lib/shorewall-lite
 237
 238 %files -n shorewall6
 239 %defattr(644,root,root,755)
 240 %doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 241 %attr(755,root,root) %{_sbindir}/shorewall6
 242 %dir %{_sysconfdir}/shorewall6
 243 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 244 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
 245 %{_mandir}/man5/shorewall6*
 246 %exclude %{_mandir}/man5/shorewall6-lite*
 247 %{_mandir}/man8/shorewall6*
 248 %exclude %{_mandir}/man8/shorewall6-lite*
 249 %{_datadir}/shorewall6
 250 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 251 %dir %{_localstatedir}/lib/shorewall6
 252
 253 %files -n shorewall6-lite
 254 %defattr(644,root,root,755)
 255 %doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
 256 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 257 %dir %{_sysconfdir}/shorewall6-lite
 258 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 259 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
 260 %{_mandir}/man5/shorewall6-lite*
 261 %{_mandir}/man8/shorewall6-lite*
 262 %{_datadir}/shorewall6-lite
 263 %dir %{_libexecdir}/shorewall6-lite
 264 %{_libexecdir}/shorewall6-lite/shorecap
 265 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 266 %dir %{_localstatedir}/lib/shorewall6-lite
 267
 268 %files core
 269 %defattr(644,root,root,755)
 270 %doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
 271 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 272 %dir %{_datadir}/shorewall/
 273 %{_datadir}/shorewall/coreversion
 274 %{_datadir}/shorewall/functions
 275 %{_datadir}/shorewall/lib.base
 276 %{_datadir}/shorewall/lib.cli
 277 %{_datadir}/shorewall/lib.common
 278 %{_datadir}/shorewall/shorewallrc
 279 %dir %{_libexecdir}/shorewall
 280 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 281
 282 %files init
 283 %defattr(644,root,root,755)
 284 %doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
 285 %attr(755,root,root) %{_sbindir}/shorewall-init
 286 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 287 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 288 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
 289 %{_mandir}/man8/shorewall-init.8.*
 290 %{_datadir}/shorewall-init
 291 %dir %{_libexecdir}/shorewall-init
 292 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 293 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init