shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 #
   5 %define         ver     5.2.8
   6 %define         rel     %{nil}
   7
   8 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   9 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
  10 Name:           shorewall
  11 Version:        %{ver}%{rel}
  12 Release:        1
  13 License:        GPL
  14 Group:          Networking/Utilities
  15 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
  16 # Source0-md5:  0e4041810f066deef40bf9e57fa79e96
  17 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
  18 # Source1-md5:  330562592f437ab44c438988e499d85b
  19 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
  20 # Source2-md5:  4a9a2f55cd40bb2cc17dae0227350c4d
  21 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
  22 # Source3-md5:  be2a9eb5d1aa5de6162e240b24e921e6
  23 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
  24 # Source4-md5:  364a305ecba4ec40eedc5cf1a48e08e9
  25 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
  26 # Source5-md5:  07c7371fd2896e87f373b760561e41a8
  27 Source10:       %{name}.init
  28 Source11:       %{name}.logrotate
  29 Patch0:         %{name}-config.patch
  30 Patch1:         %{name}-logging.patch
  31 Patch2:         tld.patch
  32 Patch3:         man.patch
  33 Patch4:         init.patch
  34 Patch5:         shell-fix.patch
  35 URL:            http://www.shorewall.net/
  36 BuildRequires:  perl
  37 BuildRequires:  perl(Digest::SHA)
  38 BuildRequires:  bash >= 4.0
  39 BuildRequires:  sed
  40 Requires:       bash >= 4.0
  41 Requires:       %{name}-core = %{version}-%{release}
  42 Requires:       iproute2
  43 Requires:       iptables
  44 Requires:       perl-modules
  45 Requires(post): /sbin/chkconfig
  46 BuildArch:      noarch
  47 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  48
  49 %define         _libexecdir     %{_prefix}/lib
  50
  51 %description
  52 The Shoreline Firewall, more commonly known as "Shorewall", is a
  53 Netfilter (iptables) based firewall that can be used on a dedicated
  54 firewall system, a multi-function gateway/ router/server or on a
  55 standalone GNU/Linux system.
  56
  57 %description -l pl.UTF-8
  58 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  59 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  60 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  61 wszechstronny i może być wykorzystany jako zapora sieciowa,
  62 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  63 i prostotę konfiguracji.
  64
  65 %package -n shorewall6
  66 Summary:        Files for the IPV6 Shorewall Firewall
  67 Group:          Applications/System
  68 Requires:       %{name}-core = %{version}-%{release}
  69 Requires:       iproute2
  70 Requires:       iptables
  71 Provides:       shorewall(firewall) = %{version}-%{release}
  72 Requires(post): /sbin/chkconfig
  73
  74 %description -n shorewall6
  75 This package contains the files required for IPV6 functionality of the
  76 Shoreline Firewall (shorewall).
  77
  78 %package lite
  79 Summary:        Shorewall firewall for compiled rulesets
  80 Group:          Applications/System
  81 Requires:       %{name}-core = %{version}-%{release}
  82 Requires:       iproute2
  83 Requires:       iptables
  84 Provides:       shorewall(firewall) = %{version}-%{release}
  85 Requires(post): /sbin/chkconfig
  86
  87 %description lite
  88 Shorewall Lite is a companion product to Shorewall that allows network
  89 administrators to centralize the configuration of Shorewall-based
  90 firewalls. Shorewall Lite runs a firewall script generated by a
  91 machine with a Shorewall rule compiler. A machine running Shorewall
  92 Lite does not need to have a Shorewall rule compiler installed.
  93
  94 %package -n shorewall6-lite
  95 Summary:        Shorewall firewall for compiled IPV6 rulesets
  96 Group:          Applications/System
  97 Requires:       %{name}-core = %{version}-%{release}
  98 Requires:       iproute2
  99 Requires:       iptables
 100 Provides:       shorewall(firewall) = %{version}-%{release}
 101 Requires(post): /sbin/chkconfig
 102
 103 %description -n shorewall6-lite
 104 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 105 firewall) that allows network administrators to centralize the
 106 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 107 firewall script generated by a machine with a Shorewall rule compiler.
 108 A machine running Shorewall Lite does not need to have a Shorewall
 109 rule compiler installed.
 110
 111 %package core
 112 Summary:        Core libraries for Shorewall
 113 Group:          Applications/System
 114 Requires:       logrotate
 115
 116 %description core
 117 This package contains the core libraries for Shorewall.
 118
 119 %package init
 120 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 121 Group:          Applications/System
 122 Requires:       %{name} = %{version}-%{release}
 123 Requires:       NetworkManager
 124 Requires:       iproute2
 125 Requires:       iptables
 126 Requires:       logrotate
 127 Requires:       shorewall(firewall) = %{version}-%{release}
 128 Requires(post): /sbin/chkconfig
 129
 130 %description init
 131 This package adds additional initialization functionality to Shorewall
 132 in two ways. It allows the firewall to be closed prior to bringing up
 133 network devices. This insures that unwanted connections are not
 134 allowed between the time that the network comes up and when the
 135 firewall is started. It also integrates with NetworkManager and
 136 distribution ifup/ifdown systems to allow for 'event-driven' startup
 137 and shutdown.
 138
 139 %prep
 140 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 141 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 142 for i in $targets; do
 143         mv $i-%{version} $i
 144         cp -p $i/shorewallrc.{redhat,tld}
 145         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
 146 done
 147 %patch0 -p1
 148 %patch1 -p1
 149 %patch2 -p1
 150 %patch3 -p1
 151 %patch4 -p1
 152 %patch5 -p1
 153
 154 # Remove hash-bang from files which are not directly executed as shell
 155 # scripts. This silences some rpmlint errors.
 156 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 157
 158 %install
 159 rm -rf $RPM_BUILD_ROOT
 160
 161 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 162 for i in $targets; do
 163         cd $i
 164         ./configure \
 165                 VENDOR=tld \
 166                 LIBEXECDIR=%{_libexecdir} \
 167                 SBINDIR=%{_sbindir}
 168
 169         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 170
 171         cd -
 172 done
 173
 174 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 175 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 176 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
 177
 178 %clean
 179 rm -rf $RPM_BUILD_ROOT
 180
 181 %post
 182 /sbin/chkconfig --add shorewall
 183 %service shorewall restart "Shorewall"
 184
 185 %preun
 186 if [ "$1" = "0" ]; then
 187         %service shorewall stop
 188         /sbin/chkconfig --del shorewall
 189 fi
 190
 191 %files
 192 %defattr(644,root,root,755)
 193 %doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
 194 %attr(755,root,root) %{_sbindir}/shorewall
 195 %dir %{_sysconfdir}/shorewall
 196 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 197 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
 198 %{_datadir}/shorewall/action.*
 199 %{_datadir}/shorewall/actions.std
 200 %{_datadir}/shorewall/configfiles/
 201 %{_datadir}/shorewall/configpath
 202 %{_datadir}/shorewall/helpers
 203 %{_datadir}/shorewall/lib.cli-std
 204 %{_datadir}/shorewall/lib.core
 205 %{_datadir}/shorewall/lib.runtime
 206 %{_datadir}/shorewall/macro.*
 207 %{_datadir}/shorewall/prog.*
 208 %{_datadir}/shorewall/version
 209 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 210 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 211 %{perl_vendorlib}/Shorewall
 212 %{_mandir}/man5/shorewall*
 213 %exclude %{_mandir}/man5/shorewall6*
 214 %exclude %{_mandir}/man5/shorewall-lite*
 215 %{_mandir}/man8/shorewall*
 216 %exclude %{_mandir}/man8/shorewall6*
 217 %exclude %{_mandir}/man8/shorewall-lite*
 218 %exclude %{_mandir}/man8/shorewall-init*
 219 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 220 %dir %{_localstatedir}/lib/shorewall
 221
 222 %files lite
 223 %defattr(644,root,root,755)
 224 %doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
 225 %attr(755,root,root) %{_sbindir}/shorewall-lite
 226 %dir %{_sysconfdir}/shorewall-lite
 227 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 228 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
 229 %{_datadir}/shorewall-lite
 230 %{_libexecdir}/shorewall-lite
 231 %{_mandir}/man5/shorewall-lite*
 232 %{_mandir}/man8/shorewall-lite*
 233 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 234 %dir %{_localstatedir}/lib/shorewall-lite
 235
 236 %files -n shorewall6
 237 %defattr(644,root,root,755)
 238 %doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 239 %attr(755,root,root) %{_sbindir}/shorewall6
 240 %dir %{_sysconfdir}/shorewall6
 241 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 242 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
 243 %{_mandir}/man5/shorewall6*
 244 %exclude %{_mandir}/man5/shorewall6-lite*
 245 %{_mandir}/man8/shorewall6*
 246 %exclude %{_mandir}/man8/shorewall6-lite*
 247 %{_datadir}/shorewall6
 248 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 249 %dir %{_localstatedir}/lib/shorewall6
 250
 251 %files -n shorewall6-lite
 252 %defattr(644,root,root,755)
 253 %doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
 254 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 255 %dir %{_sysconfdir}/shorewall6-lite
 256 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 257 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
 258 %{_mandir}/man5/shorewall6-lite*
 259 %{_mandir}/man8/shorewall6-lite*
 260 %{_datadir}/shorewall6-lite
 261 %dir %{_libexecdir}/shorewall6-lite
 262 %{_libexecdir}/shorewall6-lite/shorecap
 263 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 264 %dir %{_localstatedir}/lib/shorewall6-lite
 265
 266 %files core
 267 %defattr(644,root,root,755)
 268 %doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
 269 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 270 %dir %{_datadir}/shorewall/
 271 %{_datadir}/shorewall/coreversion
 272 %{_datadir}/shorewall/functions
 273 %{_datadir}/shorewall/lib.base
 274 %{_datadir}/shorewall/lib.cli
 275 %{_datadir}/shorewall/lib.common
 276 %{_datadir}/shorewall/shorewallrc
 277 %dir %{_libexecdir}/shorewall
 278 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 279
 280 %files init
 281 %defattr(644,root,root,755)
 282 %doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
 283 %attr(755,root,root) %{_sbindir}/shorewall-init
 284 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 285 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 286 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
 287 %{_mandir}/man8/shorewall-init.8.*
 288 %{_datadir}/shorewall-init
 289 %dir %{_libexecdir}/shorewall-init
 290 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 291 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init