Overview

File ocserv.spec of Package ocserv

%define realname ocserv
%define realver  1.3.0
%define srcext   tar.xz

# turn off the generation of debuginfo rpm  (RH9) ??
%global debug_package %{nil}

# Common info
Name:          %{realname}
Version:       %{realver}
Release:       %{?extraver:0.}1%{?dist}
License:       GPL-2.0+ and LGPL-2.1+ and BSD-3-Clause
Group:         Productivity/Networking/Security
URL:           https://ocserv.openconnect-vpn.net/
Summary:       OpenConnect SSL VPN server compatible with Cisco's AnyConnect VPN protocol

# Install-time parameters
Provides:      openconnect-server = %{version}-%{release}

# Build-time parameters
BuildRequires: autoconf automake libtool
BuildRequires: pkg-config
BuildRequires: ipcalc
BuildRequires: pkgconfig(nettle) >= 2.7
BuildRequires: pkgconfig(gnutls) >= 3.3.0
BuildRequires: pkgconfig(libprotobuf-c)
BuildRequires: libev-devel
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.1
BuildRequires: pkgconfig(libmaxminddb) >= 1.0.0
BuildRequires: readline-devel
BuildRequires: pkgconfig(liboath)
BuildRequires: pkgconfig(radcli) >= 1.2.5
BuildRequires: libseccomp-devel
BuildRequires: systemd-devel
BuildRequires: http-parser-devel
BuildRequires: gperf
# Compression
BuildRequires: pkgconfig(liblz4)
# GSSAPI
BuildRequires: pkgconfig(krb5-gssapi) pkgconfig(libtasn1) >= 3.4
# OIDC
BuildRequires: pkgconfig(libcurl) pkgconfig(cjose) pkgconfig(jansson)
# Manpages
%if 0%{?suse_version}
#BuildRequires: rubygem(ronn)
%else
BuildRequires: rubygem(ronn-ng)
%endif
Source0:       https://www.infradead.org/ocserv/download/%{realname}-%{realver}%{?extraver}.%{srcext}

%description
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure,
small, fast and configurable VPN server. It implements the OpenConnect SSL VPN
protocol, and has also (currently experimental) compatibility with clients using
the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual
TCP/UDP VPN channel, and uses the standard IETF security protocols to secure it.

Ocserv's main features are security through privilege separation and sandboxing,
accounting, and resilience due to a combined use of TCP and UDP. Authentication
occurs in an isolated security module process, and each user is assigned
an unprivileged worker process, and a networking (tun) device. That not only
eases the control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege escalation
due to any bug on the VPN handling (worker) process. A management interface
allows for viewing and querying logged-in users.

# Preparation step (unpackung and patching if necessary)
%prep
%setup -q -n %{realname}-%{realver}%{?extraver}
test -x configure || autoreconf -i

%build
_CFLAGS='%{optflags} %{?gcc_lto}'
_LDFLAGS='-Wl,--as-needed -Wl,--strip-all -Wl,--no-undefined -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro %{?gcc_lto}'
%configure \
 --disable-silent-rules \
 --enable-oidc-auth \
 --without-root-tests \
 --without-tun-tests \
 --without-pam \
 CFLAGS="$_CFLAGS" \
 LDFLAGS="$_LDFLAGS"
%{__make} %{?_smp_mflags}

%install
%{__make} install DESTDIR=%{buildroot}
%{__install} -D -m644 doc/sample.config         %{buildroot}%{_sysconfdir}/ocserv/ocserv.conf
%{__install} -D -m755 doc/scripts/ocserv-script %{buildroot}%{_sysconfdir}/ocserv/ocserv-script
%{__install} -D -m644 doc/profile.xml           %{buildroot}%{_sysconfdir}/ocserv/profile.xml
%{__install} -D -m644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitdir}/ocserv.service
%{__install} -D -m644 doc/systemd/socket-activated/ocserv.socket  %{buildroot}%{_unitdir}/ocserv.socket

%files
%defattr(-,root,root)
%license COPYING
%doc NEWS README.md
%{_bindir}/*
%{_sbindir}/*
%{_libexecdir}/*
%dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/*
%{_unitdir}/ocserv.service
%{_unitdir}/ocserv.socket
%doc %{_mandir}/man8/*

%if "%{expand:%_vendor}" == "suse"

%pre
%{service_add_pre %{name}.service}
%{service_add_pre %{name}.socket}

%post
%{service_add_post %{name}.service}
%{service_add_post %{name}.socket}

%preun
%{service_del_preun %{name}.service}
%{service_del_preun %{name}.socket}

%postun
%{service_del_postun %{name}.service}
%{service_del_postun %{name}.socket}

%endif

%if "%{expand:%_vendor}" == "redhat"

%post
%{systemd_post %{name}.service}
%{systemd_post %{name}.socket}

%preun
%{systemd_preun %{name}.service}
%{systemd_preun %{name}.socket}

%postun
%{systemd_postun %{name}.service}
%{systemd_postun %{name}.socket}

%endif

%changelog
openSUSE Build Service is sponsored by
Places