# NOTE:
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
#
%define		ver	5.2.1
%define		rel	%{nil}

Summary:	Shoreline Firewall - an iptables-based firewall for Linux systems
Summary(pl.UTF-8):	Shoreline Firewall - zapora sieciowa oparta na iptables
Name:		shorewall
Version:	%{ver}%{rel}
Release:	1
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
# Source0-md5:	904a6b38d97bbdfc97b2713ac7f902e2
Source1:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
# Source1-md5:	3ebbacbe1414588c01f068264f97de4b
Source2:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
# Source2-md5:	d6597b128ff6affef5d7d1dc8b6cd90c
Source3:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
# Source3-md5:	c267e40785d85a2b607234b7388be5b1
Source4:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
# Source4-md5:	6f0365f0d1401221d319844f027b49b5
Source5:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
# Source5-md5:	ca867aed49a68c58be90add6be937fb2
Source10:	%{name}.init
Source11:	%{name}.logrotate
Patch0:		%{name}-config.patch
Patch1:		%{name}-logging.patch
Patch2:		tld.patch
Patch3:		man.patch
Patch4:		init.patch
Patch5:		shell-fix.patch
URL:		http://www.shorewall.net/
BuildRequires:	perl
BuildRequires:	perl(Digest::SHA)
BuildRequires:	bash >= 4.0
BuildRequires:	sed
Requires:	bash >= 4.0
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Requires:	perl-modules
Requires(post):	/sbin/chkconfig
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_libexecdir	%{_prefix}/lib

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system.

%description -l pl.UTF-8
Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
wszechstronny i może być wykorzystany jako zapora sieciowa,
wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
i prostotę konfiguracji.

%package -n shorewall6
Summary:	Files for the IPV6 Shorewall Firewall
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6
This package contains the files required for IPV6 functionality of the
Shoreline Firewall (shorewall).

%package lite
Summary:	Shorewall firewall for compiled rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based
firewalls. Shorewall Lite runs a firewall script generated by a
machine with a Shorewall rule compiler. A machine running Shorewall
Lite does not need to have a Shorewall rule compiler installed.

%package -n shorewall6-lite
Summary:	Shorewall firewall for compiled IPV6 rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6-lite
Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
firewall) that allows network administrators to centralize the
configuration of Shorewall-based firewalls. Shorewall Lite runs a
firewall script generated by a machine with a Shorewall rule compiler.
A machine running Shorewall Lite does not need to have a Shorewall
rule compiler installed.

%package core
Summary:	Core libraries for Shorewall
Group:		Applications/System
Requires:	logrotate

%description core
This package contains the core libraries for Shorewall.

%package init
Summary:	Initialization functionality and NetworkManager integration for Shorewall
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}
Requires:	NetworkManager
Requires:	iproute2
Requires:	iptables
Requires:	logrotate
Requires:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description init
This package adds additional initialization functionality to Shorewall
in two ways. It allows the firewall to be closed prior to bringing up
network devices. This insures that unwanted connections are not
allowed between the time that the network comes up and when the
firewall is started. It also integrates with NetworkManager and
distribution ifup/ifdown systems to allow for 'event-driven' startup
and shutdown.

%prep
%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
        mv $i-%{version} $i
	cp -p $i/shorewallrc.{redhat,tld}
	%{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
done
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'

%install
rm -rf $RPM_BUILD_ROOT

targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cd $i
	./configure \
		VENDOR=tld \
		LIBEXECDIR=%{_libexecdir} \
		SBINDIR=%{_sbindir}

	DESTDIR=$RPM_BUILD_ROOT ./install.sh

	cd -
done

install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add shorewall
%service shorewall restart "Shorewall"

%preun
if [ "$1" = "0" ]; then
	%service shorewall stop
	/sbin/chkconfig --del shorewall
fi

%files
%defattr(644,root,root,755)
%doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(755,root,root) %{_sbindir}/shorewall
%dir %{_sysconfdir}/shorewall
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configfiles/
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/helpers
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/modules*
%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/version
%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
%attr(755,root,root) %{_libexecdir}/shorewall/getparams
%{perl_vendorlib}/Shorewall
%{_mandir}/man5/shorewall*
%exclude %{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall*
%exclude %{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall-lite*
%exclude %{_mandir}/man8/shorewall-init*
%attr(754,root,root) /etc/rc.d/init.d/shorewall
%dir %{_localstatedir}/lib/shorewall

%files lite
%defattr(644,root,root,755)
%doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-lite
%dir %{_sysconfdir}/shorewall-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
%{_datadir}/shorewall-lite
%{_libexecdir}/shorewall-lite
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
%dir %{_localstatedir}/lib/shorewall-lite

%files -n shorewall6
%defattr(644,root,root,755)
%doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
%attr(755,root,root) %{_sbindir}/shorewall6
%dir %{_sysconfdir}/shorewall6
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
%{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6
%attr(754,root,root) /etc/rc.d/init.d/shorewall6
%dir %{_localstatedir}/lib/shorewall6

%files -n shorewall6-lite
%defattr(644,root,root,755)
%doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall6-lite
%dir %{_sysconfdir}/shorewall6-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
%{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6-lite
%dir %{_libexecdir}/shorewall6-lite
%{_libexecdir}/shorewall6-lite/shorecap
%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
%dir %{_localstatedir}/lib/shorewall6-lite

%files core
%defattr(644,root,root,755)
%doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
%dir %{_libexecdir}/shorewall
%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup

%files init
%defattr(644,root,root,755)
%doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-init
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
%{_mandir}/man8/shorewall-init.8.*
%{_datadir}/shorewall-init
%dir %{_libexecdir}/shorewall-init
%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
%attr(754,root,root) /etc/rc.d/init.d/shorewall-init