shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 #
   5 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   6 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
   7 Name:           shorewall
   8 Version:        5.2.0.5
   9 Release:        2
  10 License:        GPL
  11 Group:          Networking/Utilities
  12 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
  13 # Source0-md5:  3fb5f8c1f0012c0221681bc6d62b84a3
  14 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
  15 # Source1-md5:  821f5b69ba22fb9950195647ff3ad223
  16 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
  17 # Source2-md5:  7f8a9fcc0227e50b21da553acb99f764
  18 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
  19 # Source3-md5:  57fbbf639a3351212c02026ba0e7b89d
  20 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
  21 # Source4-md5:  87cc6453104a65fac36996a86469157e
  22 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
  23 # Source5-md5:  16e6505831f5c1bc19c08d8982a4becc
  24 Source10:       %{name}.init
  25 Source11:       %{name}.logrotate
  26 Patch0:         %{name}-config.patch
  27 Patch1:         %{name}-logging.patch
  28 Patch2:         tld.patch
  29 Patch3:         man.patch
  30 Patch4:         init.patch
  31 Patch5:         shell-fix.patch
  32 Patch6:         perl.patch
  33 URL:            http://www.shorewall.net/
  34 BuildRequires:  perl
  35 BuildRequires:  perl(Digest::SHA)
  36 BuildRequires:  bash >= 4.0
  37 BuildRequires:  sed
  38 Requires:       bash >= 4.0
  39 Requires:       %{name}-core = %{version}-%{release}
  40 Requires:       iproute2
  41 Requires:       iptables
  42 Requires:       perl-modules
  43 Requires(post): /sbin/chkconfig
  44 BuildArch:      noarch
  45 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  46
  47 %define         _libexecdir     %{_prefix}/lib
  48
  49 %description
  50 The Shoreline Firewall, more commonly known as "Shorewall", is a
  51 Netfilter (iptables) based firewall that can be used on a dedicated
  52 firewall system, a multi-function gateway/ router/server or on a
  53 standalone GNU/Linux system.
  54
  55 %description -l pl.UTF-8
  56 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  57 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  58 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  59 wszechstronny i może być wykorzystany jako zapora sieciowa,
  60 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  61 i prostotę konfiguracji.
  62
  63 %package -n shorewall6
  64 Summary:        Files for the IPV6 Shorewall Firewall
  65 Group:          Applications/System
  66 Requires:       %{name}-core = %{version}-%{release}
  67 Requires:       iproute2
  68 Requires:       iptables
  69 Provides:       shorewall(firewall) = %{version}-%{release}
  70 Requires(post): /sbin/chkconfig
  71
  72 %description -n shorewall6
  73 This package contains the files required for IPV6 functionality of the
  74 Shoreline Firewall (shorewall).
  75
  76 %package lite
  77 Summary:        Shorewall firewall for compiled rulesets
  78 Group:          Applications/System
  79 Requires:       %{name}-core = %{version}-%{release}
  80 Requires:       iproute2
  81 Requires:       iptables
  82 Provides:       shorewall(firewall) = %{version}-%{release}
  83 Requires(post): /sbin/chkconfig
  84
  85 %description lite
  86 Shorewall Lite is a companion product to Shorewall that allows network
  87 administrators to centralize the configuration of Shorewall-based
  88 firewalls. Shorewall Lite runs a firewall script generated by a
  89 machine with a Shorewall rule compiler. A machine running Shorewall
  90 Lite does not need to have a Shorewall rule compiler installed.
  91
  92 %package -n shorewall6-lite
  93 Summary:        Shorewall firewall for compiled IPV6 rulesets
  94 Group:          Applications/System
  95 Requires:       %{name}-core = %{version}-%{release}
  96 Requires:       iproute2
  97 Requires:       iptables
  98 Provides:       shorewall(firewall) = %{version}-%{release}
  99 Requires(post): /sbin/chkconfig
 100
 101 %description -n shorewall6-lite
 102 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 103 firewall) that allows network administrators to centralize the
 104 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 105 firewall script generated by a machine with a Shorewall rule compiler.
 106 A machine running Shorewall Lite does not need to have a Shorewall
 107 rule compiler installed.
 108
 109 %package core
 110 Summary:        Core libraries for Shorewall
 111 Group:          Applications/System
 112 Requires:       logrotate
 113
 114 %description core
 115 This package contains the core libraries for Shorewall.
 116
 117 %package init
 118 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 119 Group:          Applications/System
 120 Requires:       %{name} = %{version}-%{release}
 121 Requires:       NetworkManager
 122 Requires:       iproute2
 123 Requires:       iptables
 124 Requires:       logrotate
 125 Requires:       shorewall(firewall) = %{version}-%{release}
 126 Requires(post): /sbin/chkconfig
 127
 128 %description init
 129 This package adds additional initialization functionality to Shorewall
 130 in two ways. It allows the firewall to be closed prior to bringing up
 131 network devices. This insures that unwanted connections are not
 132 allowed between the time that the network comes up and when the
 133 firewall is started. It also integrates with NetworkManager and
 134 distribution ifup/ifdown systems to allow for 'event-driven' startup
 135 and shutdown.
 136
 137 %prep
 138 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 139 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 140 for i in $targets; do
 141         cp -p $i-%{version}/shorewallrc.{redhat,tld}
 142         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
 143 done
 144 %patch0 -p1
 145 %patch1 -p1
 146 %patch2 -p1
 147 %patch3 -p1
 148 %patch4 -p1
 149 %patch5 -p1
 150 %patch6 -p1
 151
 152 # Remove hash-bang from files which are not directly executed as shell
 153 # scripts. This silences some rpmlint errors.
 154 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 155
 156 %install
 157 rm -rf $RPM_BUILD_ROOT
 158
 159 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 160 for i in $targets; do
 161         cd $i-%{version}
 162         ./configure \
 163                 VENDOR=tld \
 164                 LIBEXECDIR=%{_libexecdir} \
 165                 SBINDIR=%{_sbindir}
 166
 167         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 168
 169         cd -
 170 done
 171
 172 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 173 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 174 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
 175
 176 %clean
 177 rm -rf $RPM_BUILD_ROOT
 178
 179 %post
 180 /sbin/chkconfig --add shorewall
 181 %service shorewall restart "Shorewall"
 182
 183 %preun
 184 if [ "$1" = "0" ]; then
 185         %service shorewall stop
 186         /sbin/chkconfig --del shorewall
 187 fi
 188
 189 %files
 190 %defattr(644,root,root,755)
 191 %doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
 192 %attr(755,root,root) %{_sbindir}/shorewall
 193 %dir %{_sysconfdir}/shorewall
 194 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 195 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
 196 %{_datadir}/shorewall/action.*
 197 %{_datadir}/shorewall/actions.std
 198 %{_datadir}/shorewall/configfiles/
 199 %{_datadir}/shorewall/configpath
 200 %{_datadir}/shorewall/helpers
 201 %{_datadir}/shorewall/lib.cli-std
 202 %{_datadir}/shorewall/lib.core
 203 %{_datadir}/shorewall/lib.runtime
 204 %{_datadir}/shorewall/macro.*
 205 %{_datadir}/shorewall/modules*
 206 %{_datadir}/shorewall/prog.*
 207 %{_datadir}/shorewall/version
 208 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 209 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 210 %{perl_vendorlib}/Shorewall
 211 %{_mandir}/man5/shorewall*
 212 %exclude %{_mandir}/man5/shorewall6*
 213 %exclude %{_mandir}/man5/shorewall-lite*
 214 %{_mandir}/man8/shorewall*
 215 %exclude %{_mandir}/man8/shorewall6*
 216 %exclude %{_mandir}/man8/shorewall-lite*
 217 %exclude %{_mandir}/man8/shorewall-init*
 218 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 219 %dir %{_localstatedir}/lib/shorewall
 220
 221 %files lite
 222 %defattr(644,root,root,755)
 223 %doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 224 %attr(755,root,root) %{_sbindir}/shorewall-lite
 225 %dir %{_sysconfdir}/shorewall-lite
 226 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 227 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
 228 %{_datadir}/shorewall-lite
 229 %{_libexecdir}/shorewall-lite
 230 %{_mandir}/man5/shorewall-lite*
 231 %{_mandir}/man8/shorewall-lite*
 232 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 233 %dir %{_localstatedir}/lib/shorewall-lite
 234
 235 %files -n shorewall6
 236 %defattr(644,root,root,755)
 237 %doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 238 %attr(755,root,root) %{_sbindir}/shorewall6
 239 %dir %{_sysconfdir}/shorewall6
 240 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 241 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
 242 %{_mandir}/man5/shorewall6*
 243 %exclude %{_mandir}/man5/shorewall6-lite*
 244 %{_mandir}/man8/shorewall6*
 245 %exclude %{_mandir}/man8/shorewall6-lite*
 246 %{_datadir}/shorewall6
 247 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 248 %dir %{_localstatedir}/lib/shorewall6
 249
 250 %files -n shorewall6-lite
 251 %defattr(644,root,root,755)
 252 %doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 253 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 254 %dir %{_sysconfdir}/shorewall6-lite
 255 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 256 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
 257 %{_mandir}/man5/shorewall6-lite*
 258 %{_mandir}/man8/shorewall6-lite*
 259 %{_datadir}/shorewall6-lite
 260 %dir %{_libexecdir}/shorewall6-lite
 261 %{_libexecdir}/shorewall6-lite/shorecap
 262 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 263 %dir %{_localstatedir}/lib/shorewall6-lite
 264
 265 %files core
 266 %defattr(644,root,root,755)
 267 %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 268 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 269 %dir %{_datadir}/shorewall/
 270 %{_datadir}/shorewall/coreversion
 271 %{_datadir}/shorewall/functions
 272 %{_datadir}/shorewall/lib.base
 273 %{_datadir}/shorewall/lib.cli
 274 %{_datadir}/shorewall/lib.common
 275 %{_datadir}/shorewall/shorewallrc
 276 %dir %{_libexecdir}/shorewall
 277 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 278
 279 %files init
 280 %defattr(644,root,root,755)
 281 %doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 282 %attr(755,root,root) %{_sbindir}/shorewall-init
 283 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 284 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 285 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
 286 %{_mandir}/man8/shorewall-init.8.*
 287 %{_datadir}/shorewall-init
 288 %dir %{_libexecdir}/shorewall-init
 289 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 290 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init