# NOTE:
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
#
Summary:	Shoreline Firewall - an iptables-based firewall for Linux systems
Summary(pl.UTF-8):	Shoreline Firewall - zapora sieciowa oparta na iptables
Name:		shorewall
Version:	5.2.0.5
Release:	2
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
# Source0-md5:	3fb5f8c1f0012c0221681bc6d62b84a3
Source1:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
# Source1-md5:	821f5b69ba22fb9950195647ff3ad223
Source2:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
# Source2-md5:	7f8a9fcc0227e50b21da553acb99f764
Source3:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
# Source3-md5:	57fbbf639a3351212c02026ba0e7b89d
Source4:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
# Source4-md5:	87cc6453104a65fac36996a86469157e
Source5:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
# Source5-md5:	16e6505831f5c1bc19c08d8982a4becc
Source10:	%{name}.init
Source11:	%{name}.logrotate
Patch0:		%{name}-config.patch
Patch1:		%{name}-logging.patch
Patch2:		tld.patch
Patch3:		man.patch
Patch4:		init.patch
Patch5:		shell-fix.patch
Patch6:		perl.patch
URL:		http://www.shorewall.net/
BuildRequires:	perl
BuildRequires:	perl(Digest::SHA)
BuildRequires:	bash >= 4.0
BuildRequires:	sed
Requires:	bash >= 4.0
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Requires:	perl-modules
Requires(post):	/sbin/chkconfig
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_libexecdir	%{_prefix}/lib

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system.

%description -l pl.UTF-8
Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
wszechstronny i może być wykorzystany jako zapora sieciowa,
wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
i prostotę konfiguracji.

%package -n shorewall6
Summary:	Files for the IPV6 Shorewall Firewall
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6
This package contains the files required for IPV6 functionality of the
Shoreline Firewall (shorewall).

%package lite
Summary:	Shorewall firewall for compiled rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based
firewalls. Shorewall Lite runs a firewall script generated by a
machine with a Shorewall rule compiler. A machine running Shorewall
Lite does not need to have a Shorewall rule compiler installed.

%package -n shorewall6-lite
Summary:	Shorewall firewall for compiled IPV6 rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6-lite
Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
firewall) that allows network administrators to centralize the
configuration of Shorewall-based firewalls. Shorewall Lite runs a
firewall script generated by a machine with a Shorewall rule compiler.
A machine running Shorewall Lite does not need to have a Shorewall
rule compiler installed.

%package core
Summary:	Core libraries for Shorewall
Group:		Applications/System
Requires:	logrotate

%description core
This package contains the core libraries for Shorewall.

%package init
Summary:	Initialization functionality and NetworkManager integration for Shorewall
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}
Requires:	NetworkManager
Requires:	iproute2
Requires:	iptables
Requires:	logrotate
Requires:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description init
This package adds additional initialization functionality to Shorewall
in two ways. It allows the firewall to be closed prior to bringing up
network devices. This insures that unwanted connections are not
allowed between the time that the network comes up and when the
firewall is started. It also integrates with NetworkManager and
distribution ifup/ifdown systems to allow for 'event-driven' startup
and shutdown.

%prep
%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cp -p $i-%{version}/shorewallrc.{redhat,tld}
	%{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
done
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1

# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'

%install
rm -rf $RPM_BUILD_ROOT

targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cd $i-%{version}
	./configure \
		VENDOR=tld \
		LIBEXECDIR=%{_libexecdir} \
		SBINDIR=%{_sbindir}

	DESTDIR=$RPM_BUILD_ROOT ./install.sh

	cd -
done

install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add shorewall
%service shorewall restart "Shorewall"

%preun
if [ "$1" = "0" ]; then
	%service shorewall stop
	/sbin/chkconfig --del shorewall
fi

%files
%defattr(644,root,root,755)
%doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(755,root,root) %{_sbindir}/shorewall
%dir %{_sysconfdir}/shorewall
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configfiles/
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/helpers
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/modules*
%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/version
%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
%attr(755,root,root) %{_libexecdir}/shorewall/getparams
%{perl_vendorlib}/Shorewall
%{_mandir}/man5/shorewall*
%exclude %{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall*
%exclude %{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall-lite*
%exclude %{_mandir}/man8/shorewall-init*
%attr(754,root,root) /etc/rc.d/init.d/shorewall
%dir %{_localstatedir}/lib/shorewall

%files lite
%defattr(644,root,root,755)
%doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-lite
%dir %{_sysconfdir}/shorewall-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
%{_datadir}/shorewall-lite
%{_libexecdir}/shorewall-lite
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
%dir %{_localstatedir}/lib/shorewall-lite

%files -n shorewall6
%defattr(644,root,root,755)
%doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
%attr(755,root,root) %{_sbindir}/shorewall6
%dir %{_sysconfdir}/shorewall6
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
%{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6
%attr(754,root,root) /etc/rc.d/init.d/shorewall6
%dir %{_localstatedir}/lib/shorewall6

%files -n shorewall6-lite
%defattr(644,root,root,755)
%doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall6-lite
%dir %{_sysconfdir}/shorewall6-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
%{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6-lite
%dir %{_libexecdir}/shorewall6-lite
%{_libexecdir}/shorewall6-lite/shorecap
%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
%dir %{_localstatedir}/lib/shorewall6-lite

%files core
%defattr(644,root,root,755)
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
%dir %{_libexecdir}/shorewall
%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup

%files init
%defattr(644,root,root,755)
%doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-init
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
%{_mandir}/man8/shorewall-init.8.*
%{_datadir}/shorewall-init
%dir %{_libexecdir}/shorewall-init
%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
%attr(754,root,root) /etc/rc.d/init.d/shorewall-init