shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 # TODO
   5 # - rc-script inits
   6 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   7 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
   8 Name:           shorewall
   9 Version:        5.2.0.4
  10 Release:        4
  11 License:        GPL
  12 Group:          Networking/Utilities
  13 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
  14 # Source0-md5:  b8702d14846f890d263f5ea2447b5bed
  15 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
  16 # Source1-md5:  0dd43f44f7555418ae2f153fbf7ce1ef
  17 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
  18 # Source2-md5:  14c87b9880bc69c82792854af45335e6
  19 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
  20 # Source3-md5:  9f03407f5f7dac39f286bdaf3ec051e8
  21 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
  22 # Source4-md5:  cf6b2a6c1a8827a99c1b3e717d42ccff
  23 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
  24 # Source5-md5:  be73e2f76b2438e7813f62873a50c203
  25 Source10:       %{name}.init
  26 Source11:       %{name}.logrotate
  27 Patch0:         %{name}-config.patch
  28 Patch1:         %{name}-logging.patch
  29 Patch2:         tld.patch
  30 Patch3:         man.patch
  31 Patch4:         init.patch
  32 Patch5:         shell-fix.patch
  33 URL:            http://www.shorewall.net/
  34 BuildRequires:  perl
  35 BuildRequires:  perl(Digest::SHA)
  36 BuildRequires:  bash >= 4.0
  37 BuildRequires:  sed
  38 Requires:       bash >= 4.0
  39 Requires:       %{name}-core = %{version}-%{release}
  40 Requires:       iproute2
  41 Requires:       iptables
  42 Requires:       perl-modules
  43 Requires(post): /sbin/chkconfig
  44 BuildArch:      noarch
  45 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  46
  47 %define         _libexecdir     %{_prefix}/lib
  48
  49 %description
  50 The Shoreline Firewall, more commonly known as "Shorewall", is a
  51 Netfilter (iptables) based firewall that can be used on a dedicated
  52 firewall system, a multi-function gateway/ router/server or on a
  53 standalone GNU/Linux system.
  54
  55 %description -l pl.UTF-8
  56 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  57 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  58 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  59 wszechstronny i może być wykorzystany jako zapora sieciowa,
  60 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  61 i prostotę konfiguracji.
  62
  63 %package -n shorewall6
  64 Summary:        Files for the IPV6 Shorewall Firewall
  65 Group:          Applications/System
  66 Requires:       %{name}-core = %{version}-%{release}
  67 Requires:       iproute2
  68 Requires:       iptables
  69 Provides:       shorewall(firewall) = %{version}-%{release}
  70 Requires(post): /sbin/chkconfig
  71
  72 %description -n shorewall6
  73 This package contains the files required for IPV6 functionality of the
  74 Shoreline Firewall (shorewall).
  75
  76 %package lite
  77 Summary:        Shorewall firewall for compiled rulesets
  78 Group:          Applications/System
  79 Requires:       %{name}-core = %{version}-%{release}
  80 Requires:       iproute2
  81 Requires:       iptables
  82 Provides:       shorewall(firewall) = %{version}-%{release}
  83 Requires(post): /sbin/chkconfig
  84
  85 %description lite
  86 Shorewall Lite is a companion product to Shorewall that allows network
  87 administrators to centralize the configuration of Shorewall-based
  88 firewalls. Shorewall Lite runs a firewall script generated by a
  89 machine with a Shorewall rule compiler. A machine running Shorewall
  90 Lite does not need to have a Shorewall rule compiler installed.
  91
  92 %package -n shorewall6-lite
  93 Summary:        Shorewall firewall for compiled IPV6 rulesets
  94 Group:          Applications/System
  95 Requires:       %{name}-core = %{version}-%{release}
  96 Requires:       iproute2
  97 Requires:       iptables
  98 Provides:       shorewall(firewall) = %{version}-%{release}
  99 Requires(post): /sbin/chkconfig
 100
 101 %description -n shorewall6-lite
 102 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 103 firewall) that allows network administrators to centralize the
 104 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 105 firewall script generated by a machine with a Shorewall rule compiler.
 106 A machine running Shorewall Lite does not need to have a Shorewall
 107 rule compiler installed.
 108
 109 %package core
 110 Summary:        Core libraries for Shorewall
 111 Group:          Applications/System
 112 Requires:       logrotate
 113
 114 %description core
 115 This package contains the core libraries for Shorewall.
 116
 117 %package init
 118 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 119 Group:          Applications/System
 120 Requires:       %{name} = %{version}-%{release}
 121 Requires:       NetworkManager
 122 Requires:       iproute2
 123 Requires:       iptables
 124 Requires:       logrotate
 125 Requires:       shorewall(firewall) = %{version}-%{release}
 126 Requires(post): /sbin/chkconfig
 127
 128 %description init
 129 This package adds additional initialization functionality to Shorewall
 130 in two ways. It allows the firewall to be closed prior to bringing up
 131 network devices. This insures that unwanted connections are not
 132 allowed between the time that the network comes up and when the
 133 firewall is started. It also integrates with NetworkManager and
 134 distribution ifup/ifdown systems to allow for 'event-driven' startup
 135 and shutdown.
 136
 137 %prep
 138 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 139 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 140 for i in $targets; do
 141         cp -p $i-%{version}/shorewallrc.{redhat,tld}
 142         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
 143 done
 144 %patch0 -p1
 145 %patch1 -p1
 146 %patch2 -p1
 147 %patch3 -p1
 148 %patch4 -p1
 149 %patch5 -p1
 150
 151 # Remove hash-bang from files which are not directly executed as shell
 152 # scripts. This silences some rpmlint errors.
 153 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 154
 155 %install
 156 rm -rf $RPM_BUILD_ROOT
 157
 158 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 159 for i in $targets; do
 160         cd $i-%{version}
 161         ./configure \
 162                 VENDOR=tld \
 163                 LIBEXECDIR=%{_libexecdir} \
 164                 SBINDIR=%{_sbindir}
 165
 166         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 167
 168         cd -
 169 done
 170
 171 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 172 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 173 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
 174
 175 %clean
 176 rm -rf $RPM_BUILD_ROOT
 177
 178 %post
 179 /sbin/chkconfig --add shorewall
 180 %service shorewall restart "Shorewall"
 181
 182 %preun
 183 if [ "$1" = "0" ]; then
 184         %service shorewall stop
 185         /sbin/chkconfig --del shorewall
 186 fi
 187
 188 %files
 189 %defattr(644,root,root,755)
 190 %doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
 191 %attr(755,root,root) %{_sbindir}/shorewall
 192 %dir %{_sysconfdir}/shorewall
 193 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 194 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
 195 %{_datadir}/shorewall/action.*
 196 %{_datadir}/shorewall/actions.std
 197 %{_datadir}/shorewall/configfiles/
 198 %{_datadir}/shorewall/configpath
 199 %{_datadir}/shorewall/helpers
 200 %{_datadir}/shorewall/lib.cli-std
 201 %{_datadir}/shorewall/lib.core
 202 %{_datadir}/shorewall/lib.runtime
 203 %{_datadir}/shorewall/macro.*
 204 %{_datadir}/shorewall/modules*
 205 %{_datadir}/shorewall/prog.*
 206 %{_datadir}/shorewall/version
 207 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 208 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 209 %{perl_vendorlib}/Shorewall
 210 %{_mandir}/man5/shorewall*
 211 %exclude %{_mandir}/man5/shorewall6*
 212 %exclude %{_mandir}/man5/shorewall-lite*
 213 %{_mandir}/man8/shorewall*
 214 %exclude %{_mandir}/man8/shorewall6*
 215 %exclude %{_mandir}/man8/shorewall-lite*
 216 %exclude %{_mandir}/man8/shorewall-init*
 217 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 218 %dir %{_localstatedir}/lib/shorewall
 219
 220 %files lite
 221 %defattr(644,root,root,755)
 222 %doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 223 %attr(755,root,root) %{_sbindir}/shorewall-lite
 224 %dir %{_sysconfdir}/shorewall-lite
 225 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 226 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
 227 %{_datadir}/shorewall-lite
 228 %{_libexecdir}/shorewall-lite
 229 %{_mandir}/man5/shorewall-lite*
 230 %{_mandir}/man8/shorewall-lite*
 231 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 232 %dir %{_localstatedir}/lib/shorewall-lite
 233
 234 %files -n shorewall6
 235 %defattr(644,root,root,755)
 236 %doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 237 %attr(755,root,root) %{_sbindir}/shorewall6
 238 %dir %{_sysconfdir}/shorewall6
 239 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 240 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
 241 %{_mandir}/man5/shorewall6*
 242 %exclude %{_mandir}/man5/shorewall6-lite*
 243 %{_mandir}/man8/shorewall6*
 244 %exclude %{_mandir}/man8/shorewall6-lite*
 245 %{_datadir}/shorewall6
 246 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 247 %dir %{_localstatedir}/lib/shorewall6
 248
 249 %files -n shorewall6-lite
 250 %defattr(644,root,root,755)
 251 %doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 252 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 253 %dir %{_sysconfdir}/shorewall6-lite
 254 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 255 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
 256 %{_mandir}/man5/shorewall6-lite*
 257 %{_mandir}/man8/shorewall6-lite*
 258 %{_datadir}/shorewall6-lite
 259 %dir %{_libexecdir}/shorewall6-lite
 260 %{_libexecdir}/shorewall6-lite/shorecap
 261 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 262 %dir %{_localstatedir}/lib/shorewall6-lite
 263
 264 %files core
 265 %defattr(644,root,root,755)
 266 %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 267 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 268 %dir %{_datadir}/shorewall/
 269 %{_datadir}/shorewall/coreversion
 270 %{_datadir}/shorewall/functions
 271 %{_datadir}/shorewall/lib.base
 272 %{_datadir}/shorewall/lib.cli
 273 %{_datadir}/shorewall/lib.common
 274 %{_datadir}/shorewall/shorewallrc
 275 %dir %{_libexecdir}/shorewall
 276 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 277
 278 %files init
 279 %defattr(644,root,root,755)
 280 %doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 281 %attr(755,root,root) %{_sbindir}/shorewall-init
 282 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 283 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 284 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
 285 %{_mandir}/man8/shorewall-init.8.*
 286 %{_datadir}/shorewall-init
 287 %dir %{_libexecdir}/shorewall-init
 288 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 289 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init