File fwknop.spec of Package fwknop
%define _prefix /usr
%define _bindir /usr/bin
%define _sbindir /usr/sbin
%define _includedir /usr/include
%ifarch x86_64
%define _libdir /usr/lib64
%else
%define _libdir /usr/lib
%endif
%define _sysconfdir /etc
%define _localstatedir /var
%define _infodir /usr/share/info
%define _mandir /usr/share/man
Name: fwknop
Version: 2.0.0rc3
# Uncomment this when the version becomes 2.0.0 (without the rcX).
#Epoch: 1
Release: 1%{?dist}
Summary: Firewall Knock Operator client/server implementing Single Packet Authorization
Group: Productivity/Networking/Security
License: GPL
URL: http://www.cipherdyne.org/fwknop/
Source0: fwknop-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gpgme-devel, libgpgme-devel, libgpg-error, libpcap-devel, gdbm-devel, iptables, gpg
%package client
Summary: Firewall Knock Operator client implementing Single Packet Authorization
Group: Productivity/Networking/Security
%package -n libfko0
Version: 0.0.3
Summary: The Firewall Knock Operator library
Group: System/Libraries
Requires: gpgme
%package -n libfko-devel
Version: 0.0.3
Summary: Firewall Knock Operator library header and API docs
Group: Development/Libraries/Other
Requires: libfko0 libgpgme-devel libgpg-error-devel
%package server
Summary: Firewall Knock Operator server implementing Single Packet Authorization
Group: System/Daemons
Requires: gdbm, iptables
%description
Fwknop implements an authorization scheme known as Single Packet Authorization
(SPA) for Linux systems running iptables. This mechanism requires only a
single encrypted and non-replayed packet to communicate various pieces of
information including desired access through an iptables policy. The main
application of this program is to use iptables in a default-drop stance to
protect services such as SSH with an additional layer of security in order
to make the exploitation of vulnerabilities (both 0-day and unpatched code)
much more difficult.
%description client
The Firewall Knock Operator (fwknop) client component.
Fwknop implements an authorization scheme known as Single Packet Authorization
(SPA) for Linux systems running iptables. This mechanism requires only a
single encrypted and non-replayed packet to communicate various pieces of
information including desired access through an iptables policy. The main
application of this program is to use iptables in a default-drop stance to
protect services such as SSH with an additional layer of security in order
to make the exploitation of vulnerabilities (both 0-day and unpatched code)
much more difficult.
%description -n libfko0
The Firewall Knock Operator library, libfko, provides the Single Packet
Authorization implementation and API for the other fwkop components.
%description -n libfko-devel
This is the Firewall Knock Operator library (libfko) development header and API documentation.
%description server
The Firewall Knock Operator server component for the FireWall Knock Operator,
and is responsible for monitoring Single Packet Authorization (SPA) packets
that are generated by fwknop clients, modifying a firewall or acl policy to
allow the desired access after decrypting a valid SPA packet, and removing
access after a configurable timeout.
# Notes: setup directives below apply only to the source snapshots coming from
# the trunk branch on fwknop-c trac server.
# - the 'config' dir, which autogen requires, is not present so is explicitly made
# (currently that's created by hand when making the source tarball from the trac-generated
# zip file so is commented out)
# - autogen must be run to set up the autotools-based build environment.
# For the standard source release file, this is all probably not necessary
%prep
%setup -q
#mkdir config
sh autogen.sh
%build
CFLAGS="$RPM_OPT_FLAGS" \
./configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_localstatedir} \
--libdir=%{_libdir} \
--with-gpgme \
--disable-static
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
%post -n libfko0
/sbin/ldconfig
%post -n libfko-devel
/sbin/install-info %{_infodir}/libfko.info* %{_infodir}/dir
%preun -n libfko-devel
if [ "$1" = 0 ]; then
/sbin/install-info --delete %{_infodir}/libfko.info* %{_infodir}/dir
fi
%postun -n libfko0
/sbin/ldconfig
%files client
%defattr(-,root,root,-)
%attr(0755,root,root) %{_bindir}/fwknop
%attr(0644,root,root) %{_mandir}/man8/fwknop.8*
%exclude %{_infodir}/dir
%files -n libfko0
%defattr(-,root,root,-)
%attr(0644,root,root) %{_libdir}/libfko.so.0.0.3
%files -n libfko-devel
%defattr(-,root,root,-)
%attr(0644,root,root) %{_libdir}/libfko.so
%attr(0644,root,root) %{_libdir}/libfko.so.0
%attr(0644,root,root) %{_libdir}/libfko.la
%attr(0644,root,root) %{_includedir}/fko.h
%attr(0644,root,root) %{_infodir}/libfko.info*
%files server
%defattr(-,root,root,-)
%attr(0755,root,root) %{_sbindir}/fwknopd
%attr(0644,root,root) %{_mandir}/man8/fwknopd.8*
%attr(0755,root,root) %{_sysconfdir}/fwknop
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/fwknop/fwknopd.conf
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/fwknop/access.conf
%changelog
* Thu Mar 14 2011 c0d3g33k <c0d3g33k@gmail.com> - 2.0.0rc3-1
- Updated sources to rev 311
- Bumped version to rc3 and reset release number to 1
- Bumped libfko0 version to 0.0.3
- First build for openSUSE 11.4
- added iptables and gpg as build requirements for openSUSE 11.4
- added iptables and gpg as runtime requirements as well
- change Group for each package to match new SUSE 11.4 groups
- various things to make rpmlint happy, like adding version to changelog,
- changing compression to bz2 etc.
- Still 1 rpmlint warning left, but I'll leave that for next time
* Mon Aug 02 2010 c0d3g33k <c0d3g33k@gmail.com>
- Updated sources to rev 275
- Switched BuildRoot path to SUSE preferred version
* Wed Jul 28 2010 c0d3g33k <c0d3g33k@gmail.com>
- Updated sources to rev 270 (rc2)
* Thu Jul 15 2010 c0d3g33k <c0d3g33k@gmail.com>
- Initial creation of openSUSE specific spec file.
- Based off of original by Damien Stuart <dstuart@dstuart.org>
- Changes include adding -client to client package, tweaking
- to reduce/eliminate rpmlint errors, create -devel package
* Tue Jul 6 2010 Damien Stuart <dstuart@dstuart.org>
- Initial RPMification.
###EOF###
