# NOTE:
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
#
%define		ver	5.2.8
%define		rel	%{nil}

Summary:	Shoreline Firewall - an iptables-based firewall for Linux systems
Summary(pl.UTF-8):	Shoreline Firewall - zapora sieciowa oparta na iptables
Name:		shorewall
Version:	%{ver}%{rel}
Release:	2
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
# Source0-md5:	0e4041810f066deef40bf9e57fa79e96
Source1:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
# Source1-md5:	330562592f437ab44c438988e499d85b
Source2:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
# Source2-md5:	4a9a2f55cd40bb2cc17dae0227350c4d
Source3:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
# Source3-md5:	be2a9eb5d1aa5de6162e240b24e921e6
Source4:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
# Source4-md5:	364a305ecba4ec40eedc5cf1a48e08e9
Source5:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
# Source5-md5:	07c7371fd2896e87f373b760561e41a8
Source10:	%{name}.init
Source11:	%{name}.logrotate
Patch0:		%{name}-config.patch
Patch1:		%{name}-logging.patch
Patch2:		tld.patch
Patch3:		man.patch
Patch4:		init.patch
Patch5:		shell-fix.patch
URL:		http://www.shorewall.net/
BuildRequires:	perl
BuildRequires:	perl(Digest::SHA)
BuildRequires:	bash >= 4.0
BuildRequires:	sed
Requires:	bash >= 4.0
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Requires:	perl-modules
Requires(post):	/sbin/chkconfig
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_libexecdir	%{_prefix}/lib

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system.

%description -l pl.UTF-8
Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
wszechstronny i może być wykorzystany jako zapora sieciowa,
wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
i prostotę konfiguracji.

%package -n shorewall6
Summary:	Files for the IPV6 Shorewall Firewall
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6
This package contains the files required for IPV6 functionality of the
Shoreline Firewall (shorewall).

%package lite
Summary:	Shorewall firewall for compiled rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based
firewalls. Shorewall Lite runs a firewall script generated by a
machine with a Shorewall rule compiler. A machine running Shorewall
Lite does not need to have a Shorewall rule compiler installed.

%package -n shorewall6-lite
Summary:	Shorewall firewall for compiled IPV6 rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6-lite
Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
firewall) that allows network administrators to centralize the
configuration of Shorewall-based firewalls. Shorewall Lite runs a
firewall script generated by a machine with a Shorewall rule compiler.
A machine running Shorewall Lite does not need to have a Shorewall
rule compiler installed.

%package core
Summary:	Core libraries for Shorewall
Group:		Applications/System
Requires:	logrotate

%description core
This package contains the core libraries for Shorewall.

%package init
Summary:	Initialization functionality and NetworkManager integration for Shorewall
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}
Requires:	NetworkManager
Requires:	iproute2
Requires:	iptables
Requires:	logrotate
Requires:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description init
This package adds additional initialization functionality to Shorewall
in two ways. It allows the firewall to be closed prior to bringing up
network devices. This insures that unwanted connections are not
allowed between the time that the network comes up and when the
firewall is started. It also integrates with NetworkManager and
distribution ifup/ifdown systems to allow for 'event-driven' startup
and shutdown.

%prep
%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
        mv $i-%{version} $i
	cp -p $i/shorewallrc.{redhat,tld}
	%{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
done
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'

%install
rm -rf $RPM_BUILD_ROOT

targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cd $i
	./configure \
		VENDOR=tld \
		LIBEXECDIR=%{_libexecdir} \
		SBINDIR=%{_sbindir}

	DESTDIR=$RPM_BUILD_ROOT ./install.sh

	cd -
done

install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add shorewall
%service shorewall restart "Shorewall"

%preun
if [ "$1" = "0" ]; then
	%service shorewall stop
	/sbin/chkconfig --del shorewall
fi

%files
%defattr(644,root,root,755)
%doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(755,root,root) %{_sbindir}/shorewall
%dir %{_sysconfdir}/shorewall
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configfiles/
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/helpers
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/version
%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
%attr(755,root,root) %{_libexecdir}/shorewall/getparams
%{perl_vendorlib}/Shorewall
%{_mandir}/man5/shorewall*
%exclude %{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall*
%exclude %{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall-lite*
%exclude %{_mandir}/man8/shorewall-init*
%attr(754,root,root) /etc/rc.d/init.d/shorewall
%dir %{_localstatedir}/lib/shorewall

%files lite
%defattr(644,root,root,755)
%doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-lite
%dir %{_sysconfdir}/shorewall-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
%{_datadir}/shorewall-lite
%{_libexecdir}/shorewall-lite
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
%dir %{_localstatedir}/lib/shorewall-lite

%files -n shorewall6
%defattr(644,root,root,755)
%doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
%attr(755,root,root) %{_sbindir}/shorewall6
%dir %{_sysconfdir}/shorewall6
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
%{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6
%attr(754,root,root) /etc/rc.d/init.d/shorewall6
%dir %{_localstatedir}/lib/shorewall6

%files -n shorewall6-lite
%defattr(644,root,root,755)
%doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall6-lite
%dir %{_sysconfdir}/shorewall6-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
%{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6-lite
%dir %{_libexecdir}/shorewall6-lite
%{_libexecdir}/shorewall6-lite/shorecap
%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
%dir %{_localstatedir}/lib/shorewall6-lite

%files core
%defattr(644,root,root,755)
%doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
%dir %{_libexecdir}/shorewall
%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup

%files init
%defattr(644,root,root,755)
%doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-init
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
%{_mandir}/man8/shorewall-init.8.*
%{_datadir}/shorewall-init
%dir %{_libexecdir}/shorewall-init
%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
%attr(754,root,root) /etc/rc.d/init.d/shorewall-init