shorewall.spec

   1 # NOTE:
   2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
   3 # which is found at http://www.shorewall.net/Anatomy.html
   4 # TODO
   5 # - rc-script inits
   6 Summary:        Shoreline Firewall - an iptables-based firewall for Linux systems
   7 Summary(pl.UTF-8):      Shoreline Firewall - zapora sieciowa oparta na iptables
   8 Name:           shorewall
   9 Version:        5.2.0.4
  10 Release:        1
  11 License:        GPL
  12 Group:          Networking/Utilities
  13 Source0:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
  14 # Source0-md5:  b8702d14846f890d263f5ea2447b5bed
  15 Source1:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
  16 # Source1-md5:  0dd43f44f7555418ae2f153fbf7ce1ef
  17 Source2:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
  18 # Source2-md5:  14c87b9880bc69c82792854af45335e6
  19 Source3:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
  20 # Source3-md5:  9f03407f5f7dac39f286bdaf3ec051e8
  21 Source4:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
  22 # Source4-md5:  cf6b2a6c1a8827a99c1b3e717d42ccff
  23 Source5:        http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
  24 # Source5-md5:  be73e2f76b2438e7813f62873a50c203
  25 Source10:       %{name}.init
  26 Patch0:         %{name}-config.patch
  27 Patch1:         tld.patch
  28 Patch2:         man.patch
  29 Patch3:         init.patch
  30 Patch4:         shell-fix.patch
  31 URL:            http://www.shorewall.net/
  32 BuildRequires:  perl
  33 BuildRequires:  perl(Digest::SHA)
  34 BuildRequires:  bash >= 4.0
  35 BuildRequires:  sed
  36 Requires:       bash >= 4.0
  37 Requires:       %{name}-core = %{version}-%{release}
  38 Requires:       iproute2
  39 Requires:       iptables
  40 Requires:       perl-modules
  41 Requires(post): /sbin/chkconfig
  42 BuildArch:      noarch
  43 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  44
  45 %define         _libexecdir     %{_prefix}/lib
  46
  47 %description
  48 The Shoreline Firewall, more commonly known as "Shorewall", is a
  49 Netfilter (iptables) based firewall that can be used on a dedicated
  50 firewall system, a multi-function gateway/ router/server or on a
  51 standalone GNU/Linux system.
  52
  53 %description -l pl.UTF-8
  54 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
  55 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
  56 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
  57 wszechstronny i może być wykorzystany jako zapora sieciowa,
  58 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
  59 i prostotę konfiguracji.
  60
  61 %package -n shorewall6
  62 Summary:        Files for the IPV6 Shorewall Firewall
  63 Group:          Applications/System
  64 Requires:       %{name}-core = %{version}-%{release}
  65 Requires:       iproute2
  66 Requires:       iptables
  67 Provides:       shorewall(firewall) = %{version}-%{release}
  68 Requires(post): /sbin/chkconfig
  69
  70 %description -n shorewall6
  71 This package contains the files required for IPV6 functionality of the
  72 Shoreline Firewall (shorewall).
  73
  74 %package lite
  75 Summary:        Shorewall firewall for compiled rulesets
  76 Group:          Applications/System
  77 Requires:       %{name}-core = %{version}-%{release}
  78 Requires:       iproute2
  79 Requires:       iptables
  80 Provides:       shorewall(firewall) = %{version}-%{release}
  81 Requires(post): /sbin/chkconfig
  82
  83 %description lite
  84 Shorewall Lite is a companion product to Shorewall that allows network
  85 administrators to centralize the configuration of Shorewall-based
  86 firewalls. Shorewall Lite runs a firewall script generated by a
  87 machine with a Shorewall rule compiler. A machine running Shorewall
  88 Lite does not need to have a Shorewall rule compiler installed.
  89
  90 %package -n shorewall6-lite
  91 Summary:        Shorewall firewall for compiled IPV6 rulesets
  92 Group:          Applications/System
  93 Requires:       %{name}-core = %{version}-%{release}
  94 Requires:       iproute2
  95 Requires:       iptables
  96 Provides:       shorewall(firewall) = %{version}-%{release}
  97 Requires(post): /sbin/chkconfig
  98
  99 %description -n shorewall6-lite
 100 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
 101 firewall) that allows network administrators to centralize the
 102 configuration of Shorewall-based firewalls. Shorewall Lite runs a
 103 firewall script generated by a machine with a Shorewall rule compiler.
 104 A machine running Shorewall Lite does not need to have a Shorewall
 105 rule compiler installed.
 106
 107 %package core
 108 Summary:        Core libraries for Shorewall
 109 Group:          Applications/System
 110
 111 %description core
 112 This package contains the core libraries for Shorewall.
 113
 114 %package init
 115 Summary:        Initialization functionality and NetworkManager integration for Shorewall
 116 Group:          Applications/System
 117 Requires:       %{name} = %{version}-%{release}
 118 Requires:       NetworkManager
 119 Requires:       iproute2
 120 Requires:       iptables
 121 Requires:       logrotate
 122 Requires:       shorewall(firewall) = %{version}-%{release}
 123 Requires(post): /sbin/chkconfig
 124
 125 %description init
 126 This package adds additional initialization functionality to Shorewall
 127 in two ways. It allows the firewall to be closed prior to bringing up
 128 network devices. This insures that unwanted connections are not
 129 allowed between the time that the network comes up and when the
 130 firewall is started. It also integrates with NetworkManager and
 131 distribution ifup/ifdown systems to allow for 'event-driven' startup
 132 and shutdown.
 133
 134 %prep
 135 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
 136 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 137 for i in $targets; do
 138         cp -p $i-%{version}/shorewallrc.{redhat,tld}
 139         %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
 140 done
 141 %patch0 -p1
 142 %patch1 -p1
 143 %patch2 -p1
 144 %patch3 -p1
 145 %patch4 -p1
 146
 147 # Remove hash-bang from files which are not directly executed as shell
 148 # scripts. This silences some rpmlint errors.
 149 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
 150
 151 %install
 152 rm -rf $RPM_BUILD_ROOT
 153
 154 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
 155 for i in $targets; do
 156         cd $i-%{version}
 157         ./configure \
 158                 VENDOR=tld \
 159                 LIBEXECDIR=%{_libexecdir} \
 160                 SBINDIR=%{_sbindir}
 161
 162         DESTDIR=$RPM_BUILD_ROOT ./install.sh
 163
 164         cd -
 165 done
 166
 167 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 168 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
 169
 170 %clean
 171 rm -rf $RPM_BUILD_ROOT
 172
 173 %files
 174 %defattr(644,root,root,755)
 175 %doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
 176 %attr(755,root,root) %{_sbindir}/shorewall
 177 %dir %{_sysconfdir}/shorewall
 178 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
 179 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
 180 %{_datadir}/shorewall/action.*
 181 %{_datadir}/shorewall/actions.std
 182 %{_datadir}/shorewall/configfiles/
 183 %{_datadir}/shorewall/configpath
 184 %{_datadir}/shorewall/helpers
 185 %{_datadir}/shorewall/lib.cli-std
 186 %{_datadir}/shorewall/lib.core
 187 %{_datadir}/shorewall/lib.runtime
 188 %{_datadir}/shorewall/macro.*
 189 %{_datadir}/shorewall/modules*
 190 %{_datadir}/shorewall/prog.*
 191 %{_datadir}/shorewall/version
 192 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
 193 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
 194 %{perl_vendorlib}/Shorewall
 195 %{_mandir}/man5/shorewall*
 196 %exclude %{_mandir}/man5/shorewall6*
 197 %exclude %{_mandir}/man5/shorewall-lite*
 198 %{_mandir}/man8/shorewall*
 199 %exclude %{_mandir}/man8/shorewall6*
 200 %exclude %{_mandir}/man8/shorewall-lite*
 201 %exclude %{_mandir}/man8/shorewall-init*
 202 %attr(754,root,root) /etc/rc.d/init.d/shorewall
 203 %dir %{_localstatedir}/lib/shorewall
 204
 205 %files lite
 206 %defattr(644,root,root,755)
 207 %doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 208 %attr(755,root,root) %{_sbindir}/shorewall-lite
 209 %dir %{_sysconfdir}/shorewall-lite
 210 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
 211 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite
 212 %{_datadir}/shorewall-lite
 213 %{_libexecdir}/shorewall-lite
 214 %{_mandir}/man5/shorewall-lite*
 215 %{_mandir}/man8/shorewall-lite*
 216 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
 217 %dir %{_localstatedir}/lib/shorewall-lite
 218
 219 %files -n shorewall6
 220 %defattr(644,root,root,755)
 221 %doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
 222 %attr(755,root,root) %{_sbindir}/shorewall6
 223 %dir %{_sysconfdir}/shorewall6
 224 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
 225 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6
 226 %{_mandir}/man5/shorewall6*
 227 %exclude %{_mandir}/man5/shorewall6-lite*
 228 %{_mandir}/man8/shorewall6*
 229 %exclude %{_mandir}/man8/shorewall6-lite*
 230 %{_datadir}/shorewall6
 231 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
 232 %dir %{_localstatedir}/lib/shorewall6
 233
 234 %files -n shorewall6-lite
 235 %defattr(644,root,root,755)
 236 %doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 237 %attr(755,root,root) %{_sbindir}/shorewall6-lite
 238 %dir %{_sysconfdir}/shorewall6-lite
 239 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
 240 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite
 241 %{_mandir}/man5/shorewall6-lite*
 242 %{_mandir}/man8/shorewall6-lite*
 243 %{_datadir}/shorewall6-lite
 244 %dir %{_libexecdir}/shorewall6-lite
 245 %{_libexecdir}/shorewall6-lite/shorecap
 246 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
 247 %dir %{_localstatedir}/lib/shorewall6-lite
 248
 249 %files core
 250 %defattr(644,root,root,755)
 251 %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 252 %dir %{_datadir}/shorewall/
 253 %{_datadir}/shorewall/coreversion
 254 %{_datadir}/shorewall/functions
 255 %{_datadir}/shorewall/lib.base
 256 %{_datadir}/shorewall/lib.cli
 257 %{_datadir}/shorewall/lib.common
 258 %{_datadir}/shorewall/shorewallrc
 259 %dir %{_libexecdir}/shorewall
 260 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
 261
 262 %files init
 263 %defattr(644,root,root,755)
 264 %doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
 265 %attr(755,root,root) %{_sbindir}/shorewall-init
 266 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
 267 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
 268 /etc/logrotate.d/shorewall-init
 269 %{_mandir}/man8/shorewall-init.8.*
 270 %{_datadir}/shorewall-init
 271 %dir %{_libexecdir}/shorewall-init
 272 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
 273 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init