# NOTE:
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
#
%define		ver	5.2.1
%define		rel	.4

Summary:	Shoreline Firewall - an iptables-based firewall for Linux systems
Summary(pl.UTF-8):	Shoreline Firewall - zapora sieciowa oparta na iptables
Name:		shorewall
Version:	%{ver}%{rel}
Release:	1
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
# Source0-md5:	42cc5587493e702e9201cc5c90baa8ea
Source1:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
# Source1-md5:	265fbda05093d745aef7b2309156a643
Source2:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
# Source2-md5:	f8eea62a4d350f7117ae3b163ba9e444
Source3:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
# Source3-md5:	14429bc48f88cf090c28df1eccb4e0fa
Source4:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
# Source4-md5:	1e6ce776526e45525c827c82d4284a40
Source5:	http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
# Source5-md5:	dc95164f743236441e9b07f19fa68ae9
Source10:	%{name}.init
Source11:	%{name}.logrotate
Patch0:		%{name}-config.patch
Patch1:		%{name}-logging.patch
Patch2:		tld.patch
Patch3:		man.patch
Patch4:		init.patch
Patch5:		shell-fix.patch
URL:		http://www.shorewall.net/
BuildRequires:	perl
BuildRequires:	perl(Digest::SHA)
BuildRequires:	bash >= 4.0
BuildRequires:	sed
Requires:	bash >= 4.0
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Requires:	perl-modules
Requires(post):	/sbin/chkconfig
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_libexecdir	%{_prefix}/lib

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a
Netfilter (iptables) based firewall that can be used on a dedicated
firewall system, a multi-function gateway/ router/server or on a
standalone GNU/Linux system.

%description -l pl.UTF-8
Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
wszechstronny i może być wykorzystany jako zapora sieciowa,
wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
i prostotę konfiguracji.

%package -n shorewall6
Summary:	Files for the IPV6 Shorewall Firewall
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6
This package contains the files required for IPV6 functionality of the
Shoreline Firewall (shorewall).

%package lite
Summary:	Shorewall firewall for compiled rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based
firewalls. Shorewall Lite runs a firewall script generated by a
machine with a Shorewall rule compiler. A machine running Shorewall
Lite does not need to have a Shorewall rule compiler installed.

%package -n shorewall6-lite
Summary:	Shorewall firewall for compiled IPV6 rulesets
Group:		Applications/System
Requires:	%{name}-core = %{version}-%{release}
Requires:	iproute2
Requires:	iptables
Provides:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description -n shorewall6-lite
Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
firewall) that allows network administrators to centralize the
configuration of Shorewall-based firewalls. Shorewall Lite runs a
firewall script generated by a machine with a Shorewall rule compiler.
A machine running Shorewall Lite does not need to have a Shorewall
rule compiler installed.

%package core
Summary:	Core libraries for Shorewall
Group:		Applications/System
Requires:	logrotate

%description core
This package contains the core libraries for Shorewall.

%package init
Summary:	Initialization functionality and NetworkManager integration for Shorewall
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}
Requires:	NetworkManager
Requires:	iproute2
Requires:	iptables
Requires:	logrotate
Requires:	shorewall(firewall) = %{version}-%{release}
Requires(post):	/sbin/chkconfig

%description init
This package adds additional initialization functionality to Shorewall
in two ways. It allows the firewall to be closed prior to bringing up
network devices. This insures that unwanted connections are not
allowed between the time that the network comes up and when the
firewall is started. It also integrates with NetworkManager and
distribution ifup/ifdown systems to allow for 'event-driven' startup
and shutdown.

%prep
%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
        mv $i-%{version} $i
	cp -p $i/shorewallrc.{redhat,tld}
	%{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
done
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'

%install
rm -rf $RPM_BUILD_ROOT

targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
	cd $i
	./configure \
		VENDOR=tld \
		LIBEXECDIR=%{_libexecdir} \
		SBINDIR=%{_sbindir}

	DESTDIR=$RPM_BUILD_ROOT ./install.sh

	cd -
done

install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add shorewall
%service shorewall restart "Shorewall"

%preun
if [ "$1" = "0" ]; then
	%service shorewall stop
	/sbin/chkconfig --del shorewall
fi

%files
%defattr(644,root,root,755)
%doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(755,root,root) %{_sbindir}/shorewall
%dir %{_sysconfdir}/shorewall
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configfiles/
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/helpers
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/modules*
%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/version
%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
%attr(755,root,root) %{_libexecdir}/shorewall/getparams
%{perl_vendorlib}/Shorewall
%{_mandir}/man5/shorewall*
%exclude %{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall*
%exclude %{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall-lite*
%exclude %{_mandir}/man8/shorewall-init*
%attr(754,root,root) /etc/rc.d/init.d/shorewall
%dir %{_localstatedir}/lib/shorewall

%files lite
%defattr(644,root,root,755)
%doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-lite
%dir %{_sysconfdir}/shorewall-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
%{_datadir}/shorewall-lite
%{_libexecdir}/shorewall-lite
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
%dir %{_localstatedir}/lib/shorewall-lite

%files -n shorewall6
%defattr(644,root,root,755)
%doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
%attr(755,root,root) %{_sbindir}/shorewall6
%dir %{_sysconfdir}/shorewall6
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
%{_mandir}/man5/shorewall6*
%exclude %{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6*
%exclude %{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6
%attr(754,root,root) /etc/rc.d/init.d/shorewall6
%dir %{_localstatedir}/lib/shorewall6

%files -n shorewall6-lite
%defattr(644,root,root,755)
%doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall6-lite
%dir %{_sysconfdir}/shorewall6-lite
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
%{_mandir}/man5/shorewall6-lite*
%{_mandir}/man8/shorewall6-lite*
%{_datadir}/shorewall6-lite
%dir %{_libexecdir}/shorewall6-lite
%{_libexecdir}/shorewall6-lite/shorecap
%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
%dir %{_localstatedir}/lib/shorewall6-lite

%files core
%defattr(644,root,root,755)
%doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.base
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/shorewallrc
%dir %{_libexecdir}/shorewall
%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup

%files init
%defattr(644,root,root,755)
%doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
%attr(755,root,root) %{_sbindir}/shorewall-init
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
%{_mandir}/man8/shorewall-init.8.*
%{_datadir}/shorewall-init
%dir %{_libexecdir}/shorewall-init
%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
%attr(754,root,root) /etc/rc.d/init.d/shorewall-init