shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 # TODO
   5 # - rc-script inits
   6 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   7 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
   8 Name:           shorewall
   9 Version:        5.2.0.4
  10 Release:        2
  11 License:        GPL
  12 Group:          Networking/Utilities
  13 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
  14 # Source0-md5:  b8702d14846f890d263f5ea2447b5bed
  15 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
  16 # Source1-md5:  0dd43f44f7555418ae2f153fbf7ce1ef
  17 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
  18 # Source2-md5:  14c87b9880bc69c82792854af45335e6
  19 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
  20 # Source3-md5:  9f03407f5f7dac39f286bdaf3ec051e8
  21 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
  22 # Source4-md5:  cf6b2a6c1a8827a99c1b3e717d42ccff
  23 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
  24 # Source5-md5:  be73e2f76b2438e7813f62873a50c203
  25 Source10:       %{name}.init
  26 Patch0:         %{name}-config.patch
  27 Patch1:         tld.patch
  28 Patch2:         man.patch
  29 Patch3:         init.patch
  30 Patch4:         shell-fix.patch
  31 URL:            http://www.shorewall.net/
  32 BuildRequires:  perl
  33 BuildRequires:  perl(Digest::SHA)
  34 BuildRequires:  bash >= 4.0
  35 BuildRequires:  sed
  36 Requires:       bash >= 4.0
  37 Requires:       %{name}-core = %{version}-%{release}
  38 Requires:       iproute2
  39 Requires:       iptables
  40 Requires:       perl-modules
  41 Requires(post): /sbin/chkconfig
  42 BuildArch:      noarch
  43 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  44
  45 %define         _libexecdir     %{_prefix}/lib
  46
  47 %description
  48 The Shoreline Firewall, more commonly known as "Shorewall", is a
  49 Netfilter (iptables) based firewall that can be used on a dedicated
  50 firewall system, a multi-function gateway/ router/server or on a
  51 standalone GNU/Linux system.
  52
  53 %description -l pl.UTF-8
  54 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  55 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  56 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  57 wszechstronny i może być wykorzystany jako zapora sieciowa,
  58 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  59 i prostotę konfiguracji.
  60
  61 %package -n shorewall6
  62 Summary:        Files for the IPV6 Shorewall Firewall
  63 Group:          Applications/System
  64 Requires:       %{name}-core = %{version}-%{release}
  65 Requires:       iproute2
  66 Requires:       iptables
  67 Provides:       shorewall(firewall) = %{version}-%{release}
  68 Requires(post): /sbin/chkconfig
  69
  70 %description -n shorewall6
  71 This package contains the files required for IPV6 functionality of the
  72 Shoreline Firewall (shorewall).
  73
  74 %package lite
  75 Summary:        Shorewall firewall for compiled rulesets
  76 Group:          Applications/System
  77 Requires:       %{name}-core = %{version}-%{release}
  78 Requires:       iproute2
  79 Requires:       iptables
  80 Provides:       shorewall(firewall) = %{version}-%{release}
  81 Requires(post): /sbin/chkconfig
  82
  83 %description lite
  84 Shorewall Lite is a companion product to Shorewall that allows network
  85 administrators to centralize the configuration of Shorewall-based
  86 firewalls. Shorewall Lite runs a firewall script generated by a
  87 machine with a Shorewall rule compiler. A machine running Shorewall
  88 Lite does not need to have a Shorewall rule compiler installed.
  89
  90 %package -n shorewall6-lite
  91 Summary:        Shorewall firewall for compiled IPV6 rulesets
  92 Group:          Applications/System
  93 Requires:       %{name}-core = %{version}-%{release}
  94 Requires:       iproute2
  95 Requires:       iptables
  96 Provides:       shorewall(firewall) = %{version}-%{release}
  97 Requires(post): /sbin/chkconfig
  98
  99 %description -n shorewall6-lite
 100 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 101 firewall) that allows network administrators to centralize the
 102 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 103 firewall script generated by a machine with a Shorewall rule compiler.
 104 A machine running Shorewall Lite does not need to have a Shorewall
 105 rule compiler installed.
 106
 107 %package core
 108 Summary:        Core libraries for Shorewall
 109 Group:          Applications/System
 110
 111 %description core
 112 This package contains the core libraries for Shorewall.
 113
 114 %package init
 115 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 116 Group:          Applications/System
 117 Requires:       %{name} = %{version}-%{release}
 118 Requires:       NetworkManager
 119 Requires:       iproute2
 120 Requires:       iptables
 121 Requires:       logrotate
 122 Requires:       shorewall(firewall) = %{version}-%{release}
 123 Requires(post): /sbin/chkconfig
 124
 125 %description init
 126 This package adds additional initialization functionality to Shorewall
 127 in two ways. It allows the firewall to be closed prior to bringing up
 128 network devices. This insures that unwanted connections are not
 129 allowed between the time that the network comes up and when the
 130 firewall is started. It also integrates with NetworkManager and
 131 distribution ifup/ifdown systems to allow for 'event-driven' startup
 132 and shutdown.
 133
 134 %prep
 135 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 136 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 137 for i in $targets; do
 138         cp -p $i-%{version}/shorewallrc.{redhat,tld}
 139         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
 140 done
 141 %patch0 -p1
 142 %patch1 -p1
 143 %patch2 -p1
 144 %patch3 -p1
 145 %patch4 -p1
 146
 147 # Remove hash-bang from files which are not directly executed as shell
 148 # scripts. This silences some rpmlint errors.
 149 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 150
 151 %install
 152 rm -rf $RPM_BUILD_ROOT
 153
 154 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 155 for i in $targets; do
 156         cd $i-%{version}
 157         ./configure \
 158                 VENDOR=tld \
 159                 LIBEXECDIR=%{_libexecdir} \
 160                 SBINDIR=%{_sbindir}
 161
 162         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 163
 164         cd -
 165 done
 166
 167 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 168 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 169
 170 %clean
 171 rm -rf $RPM_BUILD_ROOT
 172
 173 %post
 174 /sbin/chkconfig --add shorewall
 175 %service shorewall restart "Shorewall"
 176
 177 %preun
 178 if [ "$1" = "0" ]; then
 179         %service shorewall stop
 180         /sbin/chkconfig --del shorewall
 181 fi
 182
 183 %files
 184 %defattr(644,root,root,755)
 185 %doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
 186 %attr(755,root,root) %{_sbindir}/shorewall
 187 %dir %{_sysconfdir}/shorewall
 188 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 189 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 190 %{_datadir}/shorewall/action.*
 191 %{_datadir}/shorewall/actions.std
 192 %{_datadir}/shorewall/configfiles/
 193 %{_datadir}/shorewall/configpath
 194 %{_datadir}/shorewall/helpers
 195 %{_datadir}/shorewall/lib.cli-std
 196 %{_datadir}/shorewall/lib.core
 197 %{_datadir}/shorewall/lib.runtime
 198 %{_datadir}/shorewall/macro.*
 199 %{_datadir}/shorewall/modules*
 200 %{_datadir}/shorewall/prog.*
 201 %{_datadir}/shorewall/version
 202 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 203 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 204 %{perl_vendorlib}/Shorewall
 205 %{_mandir}/man5/shorewall*
 206 %exclude %{_mandir}/man5/shorewall6*
 207 %exclude %{_mandir}/man5/shorewall-lite*
 208 %{_mandir}/man8/shorewall*
 209 %exclude %{_mandir}/man8/shorewall6*
 210 %exclude %{_mandir}/man8/shorewall-lite*
 211 %exclude %{_mandir}/man8/shorewall-init*
 212 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 213 %dir %{_localstatedir}/lib/shorewall
 214
 215 %files lite
 216 %defattr(644,root,root,755)
 217 %doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 218 %attr(755,root,root) %{_sbindir}/shorewall-lite
 219 %dir %{_sysconfdir}/shorewall-lite
 220 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 221 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite
 222 %{_datadir}/shorewall-lite
 223 %{_libexecdir}/shorewall-lite
 224 %{_mandir}/man5/shorewall-lite*
 225 %{_mandir}/man8/shorewall-lite*
 226 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 227 %dir %{_localstatedir}/lib/shorewall-lite
 228
 229 %files -n shorewall6
 230 %defattr(644,root,root,755)
 231 %doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 232 %attr(755,root,root) %{_sbindir}/shorewall6
 233 %dir %{_sysconfdir}/shorewall6
 234 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 235 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6
 236 %{_mandir}/man5/shorewall6*
 237 %exclude %{_mandir}/man5/shorewall6-lite*
 238 %{_mandir}/man8/shorewall6*
 239 %exclude %{_mandir}/man8/shorewall6-lite*
 240 %{_datadir}/shorewall6
 241 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 242 %dir %{_localstatedir}/lib/shorewall6
 243
 244 %files -n shorewall6-lite
 245 %defattr(644,root,root,755)
 246 %doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 247 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 248 %dir %{_sysconfdir}/shorewall6-lite
 249 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 250 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite
 251 %{_mandir}/man5/shorewall6-lite*
 252 %{_mandir}/man8/shorewall6-lite*
 253 %{_datadir}/shorewall6-lite
 254 %dir %{_libexecdir}/shorewall6-lite
 255 %{_libexecdir}/shorewall6-lite/shorecap
 256 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 257 %dir %{_localstatedir}/lib/shorewall6-lite
 258
 259 %files core
 260 %defattr(644,root,root,755)
 261 %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 262 %dir %{_datadir}/shorewall/
 263 %{_datadir}/shorewall/coreversion
 264 %{_datadir}/shorewall/functions
 265 %{_datadir}/shorewall/lib.base
 266 %{_datadir}/shorewall/lib.cli
 267 %{_datadir}/shorewall/lib.common
 268 %{_datadir}/shorewall/shorewallrc
 269 %dir %{_libexecdir}/shorewall
 270 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 271
 272 %files init
 273 %defattr(644,root,root,755)
 274 %doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 275 %attr(755,root,root) %{_sbindir}/shorewall-init
 276 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 277 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 278 /etc/logrotate.d/shorewall-init
 279 %{_mandir}/man8/shorewall-init.8.*
 280 %{_datadir}/shorewall-init
 281 %dir %{_libexecdir}/shorewall-init
 282 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 283 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init