# NOTE:
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
# TODO
# - rc-script inits
Summary:	Shoreline Firewall - an iptables-based firewall for Linux systems
Summary(pl.UTF-8):	Shoreline Firewall - zapora sieciowa oparta na iptables
Name:		shorewall
Version:	5.2.0.4
Release:	0.2
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2
# Source0-md5:	b8702d14846f890d263f5ea2447b5bed
Source1:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2
# Source1-md5:	0dd43f44f7555418ae2f153fbf7ce1ef
Source2:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2
# Source2-md5:	14c87b9880bc69c82792854af45335e6
Source3:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2
# Source3-md5:	9f03407f5f7dac39f286bdaf3ec051e8
Source4:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2
# Source4-md5:	cf6b2a6c1a8827a99c1b3e717d42ccff
Source5:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2
# Source5-md5:	be73e2f76b2438e7813f62873a50c203
Source10:	%{name}.init
Patch0:		%{name}-config.patch
Patch1:		tld.patch
Patch2:		man.patch
Patch3:		init.patch
Patch4:		shell-fix.patch
URL:		http://www.shorewall.net/
BuildRequires:	perl
BuildRequires:	perl(Digest::SHA)
BuildRequires:	bash >= 4.0
BuildRequires:	sed
Requires:	bash >= 4.0
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Requires:	perl-modules
Requires(post):	/sbin/chkconfig
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_libexecdir	%{_prefix}/lib

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system.

%description -l pl.UTF-8
Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
wszechstronny i może być wykorzystany jako zapora sieciowa,
wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
i prostotę konfiguracji.

%package -n shorewall6
Summary:	Files for the IPV6 Shorewall Firewall
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6
This package contains the files required for IPV6 functionality of the
Shoreline Firewall (shorewall).

%package lite
Summary:	Shorewall firewall for compiled rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based
firewalls. Shorewall Lite runs a firewall script generated by a
machine with a Shorewall rule compiler. A machine running Shorewall
Lite does not need to have a Shorewall rule compiler installed.

%package -n shorewall6-lite
Summary:	Shorewall firewall for compiled IPV6 rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6-lite
Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
firewall) that allows network administrators to centralize the
configuration of Shorewall-based firewalls. Shorewall Lite runs a
firewall script generated by a machine with a Shorewall rule compiler.
A machine running Shorewall Lite does not need to have a Shorewall
rule compiler installed.

%package core
Summary:	Core libraries for Shorewall
Group:		Applications/System

%description core
This package contains the core libraries for Shorewall.

%package init
Summary:	Initialization functionality and NetworkManager integration for Shorewall
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}
Requires:	NetworkManager
Requires:	iproute2
Requires:	iptables
Requires:	logrotate
Requires:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description init
This package adds additional initialization functionality to Shorewall
in two ways. It allows the firewall to be closed prior to bringing up
network devices. This insures that unwanted connections are not
allowed between the time that the network comes up and when the
firewall is started. It also integrates with NetworkManager and
distribution ifup/ifdown systems to allow for 'event-driven' startup
and shutdown.

%prep
%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cp -p $i-%{version}/shorewallrc.{redhat,tld}
	%{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld
done
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1

# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'

%install
rm -rf $RPM_BUILD_ROOT

targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cd $i-%{version}
	./configure \
		VENDOR=tld \
		LIBEXECDIR=%{_libexecdir} \
		SBINDIR=%{_sbindir}

	DESTDIR=$RPM_BUILD_ROOT ./install.sh

	cd -
done

install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(644,root,root,755)
%doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(755,root,root) %{_sbindir}/shorewall
%dir %{_sysconfdir}/shorewall
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configfiles/
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/helpers
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/modules*
%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/version
%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
%attr(755,root,root) %{_libexecdir}/shorewall/getparams
%{perl_vendorlib}/Shorewall
%{_mandir}/man5/shorewall*
%exclude %{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall*
%exclude %{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall-lite*
%exclude %{_mandir}/man8/shorewall-init*
%attr(754,root,root) /etc/rc.d/init.d/shorewall
%dir %{_localstatedir}/lib/shorewall

%files lite
%defattr(644,root,root,755)
%doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-lite
%dir %{_sysconfdir}/shorewall-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite
%{_datadir}/shorewall-lite
%{_libexecdir}/shorewall-lite
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
%dir %{_localstatedir}/lib/shorewall-lite

%files -n shorewall6
%defattr(644,root,root,755)
%doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6}
%attr(755,root,root) %{_sbindir}/shorewall6
%dir %{_sysconfdir}/shorewall6
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6
%{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6
%attr(754,root,root) /etc/rc.d/init.d/shorewall6
%dir %{_localstatedir}/lib/shorewall6

%files -n shorewall6-lite
%defattr(644,root,root,755)
%doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall6-lite
%dir %{_sysconfdir}/shorewall6-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite
%{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6-lite
%dir %{_libexecdir}/shorewall6-lite
%{_libexecdir}/shorewall6-lite/shorecap
%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
%dir %{_localstatedir}/lib/shorewall6-lite

%files core
%defattr(644,root,root,755)
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
%dir %{_libexecdir}/shorewall
%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup

%files init
%defattr(644,root,root,755)
%doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-init
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
/etc/logrotate.d/shorewall-init
%{_mandir}/man8/shorewall-init.8.*
%{_datadir}/shorewall-init
%dir %{_libexecdir}/shorewall-init
%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
%attr(754,root,root) /etc/rc.d/init.d/shorewall-init