LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File shorewall.spec of Package shorewall (Project security:netfilter)

#
# spec file for package shorewall
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


#2017+ New fillup location
%if ! %{defined _fillupdir}
  %define _fillupdir /var/adm/fillup-templates
%endif
%define have_systemd 1
%define dmaj 5.1
%define dmin 5.1.8
Name:           shorewall
Version:        5.1.8.1
Release:        0
Summary:        Shoreline Firewall is an iptables-based firewall for Linux systems
License:        GPL-2.0
Group:          Productivity/Networking/Security
Url:            http://www.shorewall.net/
Source:         http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-%version.tar.bz2
Source1:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-core-%version.tar.bz2
Source2:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-lite-%version.tar.bz2
Source3:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-init-%version.tar.bz2
Source4:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-lite-%version.tar.bz2
Source5:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-%version.tar.bz2
Source6:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-docs-html-%version.tar.bz2
Source7:        %{name}-4.4.22.rpmlintrc
Source8:        README.openSUSE
# PATCH-FIX-OPENSUSE Shorewall-init use of fillup template
Patch1:         shorewall-init-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall (6) use of fillup template
Patch2:         shorewall-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall-lite (6) use of fillup template
Patch3:         shorewall-lite-fillup-install.patch
BuildRequires:  bash >= 4
BuildRequires:  systemd
BuildRequires:  perl(Digest::SHA)
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
Requires:       perl-base
Suggests:       xtables-addons
PreReq:         %fillup_prereq
Conflicts:      SuSEfirewall2 firewalld
Provides:       shoreline_firewall = %{version}-%{release}
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch
%{?systemd_requires}
%{perl_requires}

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package lite
Summary:        Shoreline Firewall Lite is an iptables-based firewall for Linux systems
License:        GPL-2.0
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core
Requires:       bc
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
PreReq:         %fillup_prereq
Conflicts:      SuSEfirewall2 firewalld
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description lite
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.

%package -n %{name}6
Summary:        Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems
License:        GPL-2.0
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       logrotate
Requires:       perl-base
PreReq:         %fillup_prereq
Conflicts:      SuSEfirewall2 firewalld
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description -n %{name}6
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based IPv6 firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package -n %{name}6-lite
Summary:        Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems
License:        GPL-2.0
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core
Requires:       logrotate
PreReq:         %fillup_prereq
Conflicts:      SuSEfirewall2 firewalld
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description -n %{name}6-lite
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall6 Lite is a companion product to Shorewall6 that allows network
administrators to centralize the configuration of Shorewall6-based firewalls.

%package  init
Summary:        Adds functionality to Shoreline Firewall (Shorewall)
License:        GPL-2.0
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name} >= 5.0
Requires:       logrotate
PreReq:         %fillup_prereq
Conflicts:      SuSEfirewall2 firewalld
%{?systemd_requires}

%description init
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall Init is a companion product to Shorewall that allows for tigher
control of connections during boot and that integrates Shorewall with
ifup/ifdown and NetworkManager.

%package  docs
Summary:        HTML documentation for shorewall configuration
License:        GFDL-1.1
Group:          Documentation/Other

%description  docs
HTML documentation for the Shoreline Firewall. Highly recommend to read before
starting to configure shorewall

%package core
Summary:        Core libraries for Shorewall
License:        GPL-2.0
Group:          Productivity/Networking/Security
Requires:       iptables
Requires:       perl-base
Conflicts:      SuSEfirewall2 firewalld

%description core
This package contains the core libraries for Shorewall.

%prep
%setup -q  -c -a1 -a2 -a3 -a4 -a5 -a6
# Patch for fillup
pushd %{name}-init-%version
%patch1 -p1
popd
pushd %{name}-%version
%patch2 -p1
popd
pushd %{name}6-%version
%patch2 -p1
popd
pushd %{name}-lite-%version
%patch3 -p1
popd
pushd %{name}6-lite-%version
%patch3 -p1
popd

chmod -x %{name}-docs-html-%version/images/*.png
chmod -x %{name}6-%version/tunnel
chmod -x %{name}6-%version/ipv6
chmod -x %{name}-%version/Contrib/swping.init
chmod -x %{name}-%version/Contrib/tunnel

cp %{SOURCE8} %{name}-%version/.

%build

%install

# find the systemd version inorder to install correct service files
%define systemd_version \
systemd --version |grep systemd|cut -d" " -f 2

# NOTE For REVIEWERS
#
# configure is used to set the installation parameters to shorewall.
# The default shorewallrc is not what we want and every distro needs
# to set it differently. Please see the disccussion in
# http://lists.opensuse.org/opensuse-packaging/2012-08/msg00050.html

targets="shorewall shorewall-core shorewall-lite shorewall6 shorewall6-lite shorewall-init"

for i in $targets; do
    pushd ${i}-%{version}
    ./configure \
        vendor=%_vendor \
        host=%_vendor \
        prefix=%_prefix \
        perllibdir=%{perl_vendorlib} \
        libexecdir=%{_libexecdir} \
        sbindir=%{_sbindir} \
        %if 0%{?have_systemd}
            servicedir=%{_unitdir} \
        %endif
# ensure correct service files are installed
       %if 0%{?systemd_version} >= 214
           servicefile=${i}.service.214 \
       %endif

       sharedir=%{_datadir}

    if [ $i != shorewall-init ];then
       DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh  shorewallrc
    else
       install -d %buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d
               %if 0%{?suse_version}
               BUILD=suse \
               %endif
               DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc

      if [ -f ${DESTDIR}%{_sysconfdir}/ppp ]; then
            for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
                mkdir -p ${DESTDIR}%{_sysconfdir}/ppp/$directory #SuSE doesn't create the IPv6 directories
                cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}%{_sysconfdir}/ppp/$directory/shorewall
            done
      fi
    fi

    popd
done

# FIXME linkto /usr/sbin/service should follow usr_move thing
rctargets="shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
mkdir -p %buildroot/%{_sbindir}
for i in $rctargets; do
  ln -sf %{_sbindir}/service %buildroot%{_sbindir}/rc${i}
done

# starting with 12.3 drop sysv-init support fedora already did
rm -rf %buildroot%_initddir

#touch %%{buildroot}/%%{_sysconfdir}/%%{name}/isusable
#touch %%{buildroot}/%%{_sysconfdir}/%%{name}6/isusable
touch %{buildroot}%{_sysconfdir}/%{name}/notrack
touch %{buildroot}%{_sysconfdir}/%{name}6/notrack

%pretrans
# Check if we need to warn users for upgrading configuration but only on dmaj changes
if [[ -x /sbin/%{name} ]];then
SHVER=$(/sbin/%{name} version | cut -d "." -f1-2 | sed 's/\.//g')
CTVER=$(echo %{dmaj} | sed 's/\.//g')
  if [[ ${SHVER} -lt ${CTVER} ]];then
	echo "upgrade configuration" > /run/%{name}_upgrade
  fi
fi

%pretrans -n %{name}6
# Check if we need to warn users for upgrading configuration but only on dmaj changes
if [[ -x /sbin/%{name}6 ]];then
SHVER=$(/sbin/%{name}6 version | cut -d "." -f1-2 | sed 's/\.//g')
CTVER=$(echo %{dmaj} | sed 's/\.//g')
  if [[ ${SHVER} -lt ${CTVER} ]];then
	echo "upgrade configuration" > /run/%{name}6_upgrade
  fi
fi

%pre
%service_add_pre shorewall.service

%post
%service_add_post shorewall.service

%preun
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall.service

%postun
%service_del_postun shorewall.service

%posttrans
if [ -f /run/%{name}_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF
Warning: Shorewall %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name} update -a %{_sysconfdir}/%{name}
Warning: Adjust changes and try the new configuration
%{name} try %{_sysconfdir}/%{name}
EOF
rm -f /run/%{name}_upgrade
fi

%pre -n %{name}6
%service_add_pre shorewall6.service

%post -n %{name}6
%service_add_post shorewall6.service

%preun -n %{name}6
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6.service

%postun -n %{name}6
%service_del_postun shorewall6.service

%posttrans -n %{name}6
if [ -f /run/%{name}6_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF
Warning: Shorewall6 %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name}6 update -a %{_sysconfdir}/%{name}6
Warning: Adjust changes and try the new configuration
%{name}6 try %{_sysconfdir}/%{name}6
EOF
rm -f /run/%{name}6_upgrade
fi

%pre -n %{name}-lite
%service_add_pre shorewall-lite.service

%post -n %{name}-lite
%service_add_post shorewall-lite.service

%preun -n %{name}-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall-lite.service

%postun -n %{name}-lite
%service_del_postun shorewall-lite.service

%pre -n %{name}6-lite
%service_add_pre shorewall6-lite.service

%post -n %{name}6-lite
%service_add_post shorewall6-lite.service

%preun -n %{name}6-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6-lite.service

%postun -n %{name}6-lite
%service_del_postun shorewall6-lite.service

%pre init
%service_add_pre shorewall-init.service

%post  init
%{fillup_only}
%service_add_post shorewall-init.service

%postun  init
%service_del_postun shorewall-init.service

%preun  init
%service_del_preun shorewall-init.service

%files
%defattr(-,root,root,-)
%doc %{name}-%version/{COPYING,changelog.txt,releasenotes.txt,README.openSUSE}
%{_sbindir}/rc%{name}
%{_sbindir}/%{name}
%{_fillupdir}/sysconfig.%{name}
%dir %{_sysconfdir}/%{name}
%ghost %{_sysconfdir}/%{name}/isusable
%ghost %{_sysconfdir}/%{name}/masq
%config(noreplace) %{_sysconfdir}/%{name}/*
%dir %{_datadir}/%{name}
%dir %{_libexecdir}/%{name}
%dir %{_datadir}/%{name}/configfiles
%dir %{_datadir}/%{name}/deprecated
%dir %{_datadir}/%{name}/Shorewall
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_datadir}/%{name}/version
%{_datadir}/%{name}/actions.std
%{_datadir}/%{name}/action.*
%{_datadir}/%{name}/lib.base
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/modules*
%{_datadir}/%{name}/prog.*
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/configfiles/*
%{_datadir}/%{name}/deprecated/action.*
%{_datadir}/%{name}/deprecated/macro.*
%attr(755,root,root) %{_libexecdir}/%{name}/getparams
%attr(755,root,root) %{_libexecdir}/%{name}/compiler.pl
%dir %{perl_vendorlib}/Shorewall
%{perl_vendorlib}/Shorewall/*.pm
%{_mandir}/man5/%{name}-[a-k,m-z]*.5*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man8/%{name}.8*
%attr(644,root,root) %{_unitdir}/%{name}.service

%files lite
%defattr(-,root,root,-)
%doc %{name}-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
# FIXME
%{_fillupdir}/sysconfig.%{name}-lite
%dir %{_sysconfdir}/%{name}-lite
%config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf
# FIXME
%{_sbindir}/rc%{name}-lite
%{_sbindir}/%{name}-lite
%dir %{_datadir}/%{name}-lite
%dir %{_libexecdir}/%{name}-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}-lite
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-lite
%{_datadir}/%{name}-lite/version
%{_datadir}/%{name}-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/lib.base
%{_datadir}/%{name}-lite/modules*
%{_datadir}/%{name}-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}-lite/shorecap
%{_mandir}/man5/%{name}-lite*.5*
%{_mandir}/man8/%{name}-lite.8.*
%attr(644,root,root) %{_unitdir}/%{name}-lite.service

%files -n %{name}6
%defattr(-,root,root,-)
%doc %{name}6-%version/{COPYING,changelog.txt,releasenotes.txt,tunnel,ipv6,ipsecvpn}
%{_sbindir}/rc%{name}6
%{_sbindir}/%{name}6
%{_fillupdir}/sysconfig.%{name}6
%dir %{_sysconfdir}/%{name}6
%ghost %{_sysconfdir}/%{name}6/isusable
%ghost %{_sysconfdir}/%{name}6/masq
%config(noreplace) %{_sysconfdir}/%{name}6/*
%dir %{_datadir}/%{name}6
%dir %{_libexecdir}/%{name}6
%dir %{_datadir}/%{name}6/configfiles
%dir %{_datadir}/%{name}6/deprecated
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}6
%{_datadir}/%{name}6/version
%{_datadir}/%{name}6/actions.std
%{_datadir}/%{name}6/action.*
%{_datadir}/%{name}6/functions
%{_datadir}/%{name}6/lib.base
%{_datadir}/%{name}6/macro.*
%{_datadir}/%{name}6/modules*
%{_datadir}/%{name}6/helpers
%{_datadir}/%{name}6/configpath
%{_datadir}/%{name}6/configfiles/*
%{_mandir}/man5/%{name}6-[a-k,m-z]*.5*
%{_mandir}/man5/%{name}6.conf.5*
%{_mandir}/man8/%{name}6.8*
%attr(644,root,root) %{_unitdir}/%{name}6.service

%files -n %{name}6-lite
%defattr(-,root,root,-)
%{_mandir}/man5/%{name}6-lite*.5*
%{_mandir}/man8/%{name}6-lite.8*
%doc %{name}6-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_fillupdir}/sysconfig.%{name}6-lite
%dir %{_sysconfdir}/%{name}6-lite
%config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf
%{_sbindir}/rc%{name}6-lite
%{_sbindir}/%{name}6-lite
%dir %{_datadir}/%{name}6-lite
%dir %{_libexecdir}/%{name}6-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6-lite
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}6-lite
%{_datadir}/%{name}6-lite/version
%{_datadir}/%{name}6-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}6-lite/functions
%{_datadir}/%{name}6-lite/lib.base
%{_datadir}/%{name}6-lite/modules*
%{_datadir}/%{name}6-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}6-lite/shorecap
%attr(644,root,root) %{_unitdir}/%{name}6-lite.service

%files init
%defattr(-,root,root,-)
%doc %{name}-init-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_sbindir}/rc%{name}-init
%{_fillupdir}/sysconfig.%{name}-init
%attr(0755,root,root) %{_sbindir}/shorewall-init
%dir %{_datadir}/%{name}-init
%dir %{_libexecdir}/%{name}-init
%dir %attr(0755,root,root) %{_sysconfdir}/NetworkManager
%dir %attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-%{name}
%{_datadir}/%{name}-init/version
%attr(0544,root,root) %{_libexecdir}/%{name}-init/ifupdown
%attr(0544,root,root) %{_sysconfdir}/sysconfig/network/if-down.d/%{name}
%attr(0755,root,root) %{_sysconfdir}/sysconfig/network/if-up.d/%{name}
%{_mandir}/man8/%{name}-init.8*
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-init
%attr(644,root,root) %{_unitdir}/%{name}-init.service

%files core
%defattr(-,root,root,-)
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%dir %{_libexecdir}/shorewall
%{_libexecdir}/shorewall/wait4ifup
%{_datadir}/shorewall/shorewallrc

%files docs
%defattr(-,root,root,-)
%doc %{name}-docs-html-%version/*
%doc %{name}-%version/{Contrib,Samples}

%changelog