shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 # TODO
   5 # - rc-script inits
   6 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   7 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
   8 Name:           shorewall
   9 Version:        5.2.0.4
  10 Release:        0.1
  11 License:        GPL
  12 Group:          Networking/Utilities
  13 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
  14 # Source0-md5:  b8702d14846f890d263f5ea2447b5bed
  15 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
  16 # Source1-md5:  0dd43f44f7555418ae2f153fbf7ce1ef
  17 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
  18 # Source2-md5:  14c87b9880bc69c82792854af45335e6
  19 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
  20 # Source3-md5:  9f03407f5f7dac39f286bdaf3ec051e8
  21 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
  22 # Source4-md5:  cf6b2a6c1a8827a99c1b3e717d42ccff
  23 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
  24 # Source5-md5:  be73e2f76b2438e7813f62873a50c203
  25 Source10:       %{name}.init
  26 Patch0:         %{name}-config.patch
  27 Patch1:         tld.patch
  28 Patch2:         man.patch
  29 Patch3:         init.patch
  30 URL:            http://www.shorewall.net/
  31 BuildRequires:  perl
  32 BuildRequires:  perl(Digest::SHA)
  33 BuildRequires:  bash >= 4.0
  34 BuildRequires:  sed
  35 Requires:       %{name}-core = %{version}-%{release}
  36 Requires:       iproute2
  37 Requires:       iptables
  38 Requires(post): /sbin/chkconfig
  39 BuildArch:      noarch
  40 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  41
  42 %define         _libexecdir     %{_prefix}/lib
  43
  44 %description
  45 The Shoreline Firewall, more commonly known as "Shorewall", is a
  46 Netfilter (iptables) based firewall that can be used on a dedicated
  47 firewall system, a multi-function gateway/ router/server or on a
  48 standalone GNU/Linux system.
  49
  50 %description -l pl.UTF-8
  51 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  52 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  53 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  54 wszechstronny i może być wykorzystany jako zapora sieciowa,
  55 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  56 i prostotę konfiguracji.
  57
  58 %package -n shorewall6
  59 Summary:        Files for the IPV6 Shorewall Firewall
  60 Group:          Applications/System
  61 Requires:       %{name}-core = %{version}-%{release}
  62 Requires:       iproute2
  63 Requires:       iptables
  64 Provides:       shorewall(firewall) = %{version}-%{release}
  65 Requires(post): /sbin/chkconfig
  66
  67 %description -n shorewall6
  68 This package contains the files required for IPV6 functionality of the
  69 Shoreline Firewall (shorewall).
  70
  71 %package lite
  72 Summary:        Shorewall firewall for compiled rulesets
  73 Group:          Applications/System
  74 Requires:       %{name}-core = %{version}-%{release}
  75 Requires:       iproute2
  76 Requires:       iptables
  77 Provides:       shorewall(firewall) = %{version}-%{release}
  78 Requires(post): /sbin/chkconfig
  79
  80 %description lite
  81 Shorewall Lite is a companion product to Shorewall that allows network
  82 administrators to centralize the configuration of Shorewall-based
  83 firewalls. Shorewall Lite runs a firewall script generated by a
  84 machine with a Shorewall rule compiler. A machine running Shorewall
  85 Lite does not need to have a Shorewall rule compiler installed.
  86
  87 %package -n shorewall6-lite
  88 Summary:        Shorewall firewall for compiled IPV6 rulesets
  89 Group:          Applications/System
  90 Requires:       %{name}-core = %{version}-%{release}
  91 Requires:       iproute2
  92 Requires:       iptables
  93 Provides:       shorewall(firewall) = %{version}-%{release}
  94 Requires(post): /sbin/chkconfig
  95
  96 %description -n shorewall6-lite
  97 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
  98 firewall) that allows network administrators to centralize the
  99 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 100 firewall script generated by a machine with a Shorewall rule compiler.
 101 A machine running Shorewall Lite does not need to have a Shorewall
 102 rule compiler installed.
 103
 104 %package core
 105 Summary:        Core libraries for Shorewall
 106 Group:          Applications/System
 107
 108 %description core
 109 This package contains the core libraries for Shorewall.
 110
 111 %package init
 112 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 113 Group:          Applications/System
 114 Requires:       %{name} = %{version}-%{release}
 115 Requires:       NetworkManager
 116 Requires:       iproute2
 117 Requires:       iptables
 118 Requires:       logrotate
 119 Requires:       shorewall(firewall) = %{version}-%{release}
 120 Requires(post): /sbin/chkconfig
 121
 122 %description init
 123 This package adds additional initialization functionality to Shorewall
 124 in two ways. It allows the firewall to be closed prior to bringing up
 125 network devices. This insures that unwanted connections are not
 126 allowed between the time that the network comes up and when the
 127 firewall is started. It also integrates with NetworkManager and
 128 distribution ifup/ifdown systems to allow for 'event-driven' startup
 129 and shutdown.
 130
 131 %prep
 132 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 133 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 134 for i in $targets; do
 135         cp -p $i-%{version}/shorewallrc.{redhat,tld}
 136         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
 137 done
 138 %patch0 -p1
 139 %patch1 -p1
 140 %patch2 -p1
 141 %patch3 -p1
 142
 143 # Remove hash-bang from files which are not directly executed as shell
 144 # scripts. This silences some rpmlint errors.
 145 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 146
 147 %install
 148 rm -rf $RPM_BUILD_ROOT
 149 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 150 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 151
 152 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 153 for i in $targets; do
 154         cd $i-%{version}
 155         ./configure \
 156                 VENDOR=tld \
 157                 LIBEXECDIR=%{_libexecdir} \
 158                 SBINDIR=%{_sbindir}
 159
 160         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 161
 162         cd -
 163 done
 164
 165 %clean
 166 rm -rf $RPM_BUILD_ROOT
 167
 168 %files
 169 %defattr(644,root,root,755)
 170 %doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
 171 %attr(755,root,root) %{_sbindir}/shorewall
 172 %dir %{_sysconfdir}/shorewall
 173 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 174 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 175 %{_datadir}/shorewall/action.*
 176 %{_datadir}/shorewall/actions.std
 177 %{_datadir}/shorewall/configfiles/
 178 %{_datadir}/shorewall/configpath
 179 %{_datadir}/shorewall/helpers
 180 %{_datadir}/shorewall/lib.cli-std
 181 %{_datadir}/shorewall/lib.core
 182 %{_datadir}/shorewall/lib.runtime
 183 %{_datadir}/shorewall/macro.*
 184 %{_datadir}/shorewall/modules*
 185 %{_datadir}/shorewall/prog.*
 186 %{_datadir}/shorewall/version
 187 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 188 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 189 %{perl_vendorlib}/Shorewall
 190 %{_mandir}/man5/shorewall*
 191 %exclude %{_mandir}/man5/shorewall6*
 192 %exclude %{_mandir}/man5/shorewall-lite*
 193 %{_mandir}/man8/shorewall*
 194 %exclude %{_mandir}/man8/shorewall6*
 195 %exclude %{_mandir}/man8/shorewall-lite*
 196 %exclude %{_mandir}/man8/shorewall-init*
 197 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 198 %dir %{_localstatedir}/lib/shorewall
 199
 200 %files lite
 201 %defattr(644,root,root,755)
 202 %doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 203 %attr(755,root,root) %{_sbindir}/shorewall-lite
 204 %dir %{_sysconfdir}/shorewall-lite
 205 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 206 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite
 207 %{_datadir}/shorewall-lite
 208 %{_libexecdir}/shorewall-lite
 209 %{_mandir}/man5/shorewall-lite*
 210 %{_mandir}/man8/shorewall-lite*
 211 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 212 %dir %{_localstatedir}/lib/shorewall-lite
 213
 214 %files -n shorewall6
 215 %defattr(644,root,root,755)
 216 %doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 217 %attr(755,root,root) %{_sbindir}/shorewall6
 218 %dir %{_sysconfdir}/shorewall6
 219 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 220 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6
 221 %{_mandir}/man5/shorewall6*
 222 %exclude %{_mandir}/man5/shorewall6-lite*
 223 %{_mandir}/man8/shorewall6*
 224 %exclude %{_mandir}/man8/shorewall6-lite*
 225 %{_datadir}/shorewall6
 226 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 227 %dir %{_localstatedir}/lib/shorewall6
 228
 229 %files -n shorewall6-lite
 230 %defattr(644,root,root,755)
 231 %doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 232 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 233 %dir %{_sysconfdir}/shorewall6-lite
 234 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 235 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite
 236 %{_mandir}/man5/shorewall6-lite*
 237 %{_mandir}/man8/shorewall6-lite*
 238 %{_datadir}/shorewall6-lite
 239 %dir %{_libexecdir}/shorewall6-lite
 240 %{_libexecdir}/shorewall6-lite/shorecap
 241 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 242 %dir %{_localstatedir}/lib/shorewall6-lite
 243
 244 %files core
 245 %defattr(644,root,root,755)
 246 %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 247 %dir %{_datadir}/shorewall/
 248 %{_datadir}/shorewall/coreversion
 249 %{_datadir}/shorewall/functions
 250 %{_datadir}/shorewall/lib.base
 251 %{_datadir}/shorewall/lib.cli
 252 %{_datadir}/shorewall/lib.common
 253 %{_datadir}/shorewall/shorewallrc
 254 %dir %{_libexecdir}/shorewall
 255 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 256
 257 %files init
 258 %defattr(644,root,root,755)
 259 %doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 260 %attr(755,root,root) %{_sbindir}/shorewall-init
 261 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 262 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 263 /etc/logrotate.d/shorewall-init
 264 %{_mandir}/man8/shorewall-init.8.*
 265 %{_datadir}/shorewall-init
 266 %dir %{_libexecdir}/shorewall-init
 267 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 268 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init