File ocserv.spec of Package ocserv

%define realname ocserv
%define realver  0.11.5
%define srcext   tar.xz

# turn off the generation of debuginfo rpm  (RH9) ??
%global debug_package %{nil}

# Common info
Name:          %{realname}
Version:       %{realver}
Release:       %{?extraver:0.}1%{?dist}
License:       GPL-2.0+ and LGPL-2.1+ and BSD-3-Clause
Group:         Productivity/Networking/Security
Summary:       OpenConnect SSL VPN server compatible with Cisco's AnyConnect VPN protocol

# Install-time parameters
Provides:      openconnect-server

# Build-time parameters
BuildRequires: xz pkgconfig
BuildRequires: pam-devel readline-devel
BuildRequires: pkgconfig(gnutls) >= 3.1.10
### BuildRequires: pkgconfig(dbus-1) >= 1.1.1
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.1
BuildRequires: pkgconfig(talloc)
%if 0%{?suse_version} >= 1230 || 0%{?rhel} >= 7
BuildRequires: pkgconfig(systemd)
BuildRequires: libseccomp-devel
BuildRoot:     %{_tmppath}/%{name}-root
Source11:      ocserv.init

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure,
small, fast and configurable VPN server. It implements the OpenConnect SSL VPN
protocol, and has also (currently experimental) compatibility with clients using
the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual
TCP/UDP VPN channel, and uses the standard IETF security protocols to secure it.

Ocserv's main features are security through privilege separation and sandboxing,
accounting, and resilience due to a combined use of TCP and UDP. Authentication
occurs in an isolated security module process, and each user is assigned
an unprivileged worker process, and a networking (tun) device. That not only
eases the control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege escalation
due to any bug on the VPN handling (worker) process. A management interface
allows for viewing and querying logged-in users.

# Preparation step (unpackung and patching if necessary)
%setup -q -n %{realname}-%{realver}%{?extraver}

%configure \
 --disable-static \
 CFLAGS="%{optflags} %{gcc_lto}" \
 CXXFLAGS="%{optflags} %{gcc_lto}" \
 LDFLAGS="-Wl,--as-needed -Wl,--strip-all %{gcc_lto}"
%{__make} %{?_smp_mflags}

%{__make} install DESTDIR=%{buildroot}
%{__install} -D -m644 doc/sample.config         %{buildroot}%{_sysconfdir}/ocserv/ocserv.conf
%{__install} -D -m755 doc/scripts/ocserv-script %{buildroot}%{_sysconfdir}/ocserv/ocserv-script
%{__install} -D -m644 doc/profile.xml           %{buildroot}%{_sysconfdir}/ocserv/profile.xml
### %{__install} -D -m644 doc/dbus/org.infradead.ocserv.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
%if 0%{?_unitdir:1}
%{__install} -D -m644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitdir}/ocserv.service
%{__install} -D -m644 doc/systemd/socket-activated/ocserv.socket  %{buildroot}%{_unitdir}/ocserv.socket
%{__install} -D -m755 %{S:11} %{buildroot}%{_initrddir}/%{name}
%if %{expand:%_vendor == "suse"}
%{__ln_s} %{_initrddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}

[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}

%dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/*
### %config %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
%if 0%{?_unitdir:1}
%doc %{_mandir}/man8/*

%if %{expand:%_vendor == "suse"}

%if 0%{!?_unitdir:1}
%{fillup_and_insserv %{name}}
%{fillup_only %{name}}

%if 0%{!?_unitdir:1}
%{stop_on_removal %{name}}

%if 0%{!?_unitdir:1}
%{restart_on_update %{name}}