File shorewall.spec of Package shorewall
#
# spec file for package shorewall
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define have_systemd 1
%define dmaj 5.1
%define dmin 5.1.12
#2017+ New fillup location
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: shorewall
Version: 5.1.12.4
Release: 0
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems
License: GPL-2.0-only
Group: Productivity/Networking/Security
Url: http://www.shorewall.net/
Source: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-%version.tar.bz2
Source1: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-core-%version.tar.bz2
Source2: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-lite-%version.tar.bz2
Source3: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-init-%version.tar.bz2
Source4: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-lite-%version.tar.bz2
Source5: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-%version.tar.bz2
Source6: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-docs-html-%version.tar.bz2
Source7: %{name}-4.4.22.rpmlintrc
Source8: README.openSUSE
# PATCH-FIX-OPENSUSE Shorewall-init use of fillup template
Patch1: shorewall-init-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall (6) use of fillup template
Patch2: shorewall-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall-lite (6) use of fillup template
Patch3: shorewall-lite-fillup-install.patch
BuildRequires: bash >= 4
BuildRequires: systemd
BuildRequires: perl(Digest::SHA)
Requires: %{_sbindir}/service
Requires: %{name}-core = %{version}-%{release}
Requires: iproute2
Requires: iptables
Requires: logrotate
Requires: perl-base
PreReq: %fillup_prereq
Suggests: xtables-addons
Provides: shoreline_firewall = %{version}-%{release}
BuildArch: noarch
%{?systemd_requires}
%{perl_requires}
%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%package lite
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems
License: GPL-2.0-only
Group: Productivity/Networking/Security
Requires: %{_sbindir}/service
Requires: %{name}-core
Requires: bc
Requires: iproute2
Requires: iptables
Requires: logrotate
PreReq: %fillup_prereq
Provides: shoreline_firewall = %{version}-%{release}
%{?systemd_requires}
%description lite
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.
%package -n %{name}6
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems
License: GPL-2.0-only
Group: Productivity/Networking/Security
Requires: %{_sbindir}/service
Requires: %{name}-core = %{version}-%{release}
Requires: logrotate
Requires: perl-base
PreReq: %fillup_prereq
Provides: shoreline_firewall = %{version}-%{release}
%{?systemd_requires}
%description -n %{name}6
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based IPv6 firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%package -n %{name}6-lite
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems
License: GPL-2.0-only
Group: Productivity/Networking/Security
Requires: %{_sbindir}/service
Requires: %{name}-core
Requires: logrotate
PreReq: %fillup_prereq
Provides: shoreline_firewall = %{version}-%{release}
%{?systemd_requires}
%description -n %{name}6-lite
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall6 Lite is a companion product to Shorewall6 that allows network
administrators to centralize the configuration of Shorewall6-based firewalls.
%package init
Summary: Adds functionality to Shoreline Firewall (Shorewall)
License: GPL-2.0-only
Group: Productivity/Networking/Security
Requires: %{_sbindir}/service
Requires: %{name} >= 5.0
Requires: logrotate
PreReq: %fillup_prereq
%{?systemd_requires}
%description init
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall Init is a companion product to Shorewall that allows for tigher
control of connections during boot and that integrates Shorewall with
ifup/ifdown and NetworkManager.
%package docs
Summary: HTML documentation for shorewall configuration
License: GFDL-1.1-only
Group: Documentation/Other
%description docs
HTML documentation for the Shoreline Firewall. Highly recommend to read before
starting to configure shorewall
%package core
Summary: Core libraries for Shorewall
License: GPL-2.0-only
Group: Productivity/Networking/Security
Requires: iptables
Requires: perl-base
%description core
This package contains the core libraries for Shorewall.
%prep
%setup -q -c -a1 -a2 -a3 -a4 -a5 -a6
# Patch for fillup
pushd %{name}-init-%version
%patch1 -p1
popd
pushd %{name}-%version
%patch2 -p1
popd
pushd %{name}6-%version
%patch2 -p1
popd
pushd %{name}-lite-%version
%patch3 -p1
popd
pushd %{name}6-lite-%version
%patch3 -p1
popd
chmod -x %{name}-docs-html-%version/images/*.png
chmod -x %{name}6-%version/tunnel
chmod -x %{name}6-%version/ipv6
chmod -x %{name}-%version/Contrib/swping.init
chmod -x %{name}-%version/Contrib/tunnel
cp %{SOURCE8} %{name}-%version/.
%build
%install
# find the systemd version inorder to install correct service files
%define systemd_version \
systemd --version |grep systemd|cut -d" " -f 2
# NOTE For REVIEWERS
#
# configure is used to set the installation parameters to shorewall.
# The default shorewallrc is not what we want and every distro needs
# to set it differently. Please see the disccussion in
# http://lists.opensuse.org/opensuse-packaging/2012-08/msg00050.html
targets="shorewall shorewall-core shorewall-lite shorewall6 shorewall6-lite shorewall-init"
for i in $targets; do
pushd ${i}-%{version}
./configure \
vendor=%_vendor \
host=%_vendor \
prefix=%_prefix \
perllibdir=%{perl_vendorlib} \
libexecdir=%{_libexecdir} \
sbindir=%{_sbindir} \
%if 0%{?have_systemd}
servicedir=%{_unitdir} \
%endif
# ensure correct service files are installed
%if 0%{?systemd_version} >= 214
servicefile=${i}.service.214 \
%endif
sharedir=%{_datadir}
if [ $i != shorewall-init ];then
DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc
else
install -d %buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d
%if 0%{?suse_version}
BUILD=suse \
%endif
DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc
if [ -f ${DESTDIR}%{_sysconfdir}/ppp ]; then
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
mkdir -p ${DESTDIR}%{_sysconfdir}/ppp/$directory #SuSE doesn't create the IPv6 directories
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}%{_sysconfdir}/ppp/$directory/shorewall
done
fi
fi
popd
done
# FIXME linkto /usr/sbin/service should follow usr_move thing
rctargets="shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
mkdir -p %buildroot/%{_sbindir}
for i in $rctargets; do
ln -sf %{_sbindir}/service %buildroot%{_sbindir}/rc${i}
done
# starting with 12.3 drop sysv-init support fedora already did
rm -rf %buildroot%_initddir
# Since 5.12 we need to remove them again
rm -f %{buildroot}/%{_sysconfdir}/sysconfig/%{name}*
touch %{buildroot}%{_sysconfdir}/%{name}/notrack
touch %{buildroot}%{_sysconfdir}/%{name}6/notrack
%pretrans
# Check if we need to warn users for upgrading configuration but only on dmaj changes
if [[ -x /sbin/%{name} ]];then
SHVER=$(/sbin/%{name} version | cut -d "." -f1-2 | sed 's/\.//g')
CTVER=$(echo %{dmaj} | sed 's/\.//g')
if [[ ${SHVER} -lt ${CTVER} ]];then
echo "upgrade configuration" > /run/%{name}_upgrade
fi
fi
%pretrans -n %{name}6
# Check if we need to warn users for upgrading configuration but only on dmaj changes
if [[ -x /sbin/%{name}6 ]];then
SHVER=$(/sbin/%{name}6 version | cut -d "." -f1-2 | sed 's/\.//g')
CTVER=$(echo %{dmaj} | sed 's/\.//g')
if [[ ${SHVER} -lt ${CTVER} ]];then
echo "upgrade configuration" > /run/%{name}6_upgrade
fi
fi
%pre
%service_add_pre shorewall.service
%post
%service_add_post shorewall.service
%preun
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall.service
%postun
%service_del_postun shorewall.service
%posttrans
if [ -f /run/%{name}_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF
Warning: Shorewall %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name} update -a %{_sysconfdir}/%{name}
Warning: Adjust changes and try the new configuration
%{name} try %{_sysconfdir}/%{name}
EOF
rm -f /run/%{name}_upgrade
fi
%pre -n %{name}6
%service_add_pre shorewall6.service
%post -n %{name}6
%service_add_post shorewall6.service
%preun -n %{name}6
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6.service
%postun -n %{name}6
%service_del_postun shorewall6.service
%posttrans -n %{name}6
if [ -f /run/%{name}6_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something << EOF
Warning: Shorewall6 %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name}6 update -a %{_sysconfdir}/%{name}6
Warning: Adjust changes and try the new configuration
%{name}6 try %{_sysconfdir}/%{name}6
EOF
rm -f /run/%{name}6_upgrade
fi
%pre -n %{name}-lite
%service_add_pre shorewall-lite.service
%post -n %{name}-lite
%service_add_post shorewall-lite.service
%preun -n %{name}-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall-lite.service
%postun -n %{name}-lite
%service_del_postun shorewall-lite.service
%pre -n %{name}6-lite
%service_add_pre shorewall6-lite.service
%post -n %{name}6-lite
%service_add_post shorewall6-lite.service
%preun -n %{name}6-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6-lite.service
%postun -n %{name}6-lite
%service_del_postun shorewall6-lite.service
%pre init
%service_add_pre shorewall-init.service
%post init
%{fillup_only}
%service_add_post shorewall-init.service
%postun init
%service_del_postun shorewall-init.service
%preun init
%service_del_preun shorewall-init.service
%files
%defattr(-,root,root,-)
%doc %{name}-%version/{COPYING,changelog.txt,releasenotes.txt,README.openSUSE}
%{_sbindir}/rc%{name}
%{_sbindir}/%{name}
%{_fillupdir}/sysconfig.%{name}
%dir %{_sysconfdir}/%{name}
%ghost %{_sysconfdir}/%{name}/isusable
%config(noreplace) %{_sysconfdir}/%{name}/*
%dir %{_datadir}/%{name}
%dir %{_libexecdir}/%{name}
%dir %{_datadir}/%{name}/configfiles
%dir %{_datadir}/%{name}/deprecated
%dir %{_datadir}/%{name}/Shorewall
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_datadir}/%{name}/version
%{_datadir}/%{name}/actions.std
%{_datadir}/%{name}/action.*
%{_datadir}/%{name}/lib.base
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/modules*
%{_datadir}/%{name}/prog.*
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/configfiles/*
%{_datadir}/%{name}/deprecated/action.*
%{_datadir}/%{name}/deprecated/macro.*
%attr(755,root,root) %{_libexecdir}/%{name}/getparams
%attr(755,root,root) %{_libexecdir}/%{name}/compiler.pl
%dir %{perl_vendorlib}/Shorewall
%{perl_vendorlib}/Shorewall/*.pm
%{_mandir}/man5/%{name}-[a-k,m-z]*.5*
%{_mandir}/man5/%{name}-logging.5*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man8/%{name}.8*
%attr(644,root,root) %{_unitdir}/%{name}.service
%files lite
%defattr(-,root,root,-)
%doc %{name}-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
# FIXME
%{_fillupdir}/sysconfig.%{name}-lite
%dir %{_sysconfdir}/%{name}-lite
%config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf
# FIXME
%{_sbindir}/rc%{name}-lite
%{_sbindir}/%{name}-lite
%dir %{_datadir}/%{name}-lite
%dir %{_libexecdir}/%{name}-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}-lite
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-lite
%{_datadir}/%{name}-lite/version
%{_datadir}/%{name}-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/lib.base
%{_datadir}/%{name}-lite/modules*
%{_datadir}/%{name}-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}-lite/shorecap
%{_mandir}/man5/%{name}-lite*.5*
%{_mandir}/man8/%{name}-lite.8.*
%attr(644,root,root) %{_unitdir}/%{name}-lite.service
%files -n %{name}6
%defattr(-,root,root,-)
%doc %{name}6-%version/{COPYING,changelog.txt,releasenotes.txt,tunnel,ipv6,ipsecvpn}
%{_sbindir}/rc%{name}6
%{_sbindir}/%{name}6
%{_fillupdir}/sysconfig.%{name}6
%dir %{_sysconfdir}/%{name}6
%ghost %{_sysconfdir}/%{name}6/isusable
%config(noreplace) %{_sysconfdir}/%{name}6/*
%dir %{_datadir}/%{name}6
%dir %{_libexecdir}/%{name}6
%dir %{_datadir}/%{name}6/configfiles
%dir %{_datadir}/%{name}6/deprecated
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}6
%{_datadir}/%{name}6/version
%{_datadir}/%{name}6/actions.std
%{_datadir}/%{name}6/action.*
%{_datadir}/%{name}6/functions
%{_datadir}/%{name}6/lib.base
%{_datadir}/%{name}6/macro.*
%{_datadir}/%{name}6/modules*
%{_datadir}/%{name}6/helpers
%{_datadir}/%{name}6/configpath
%{_datadir}/%{name}6/configfiles/*
%{_mandir}/man5/%{name}6-[a-k,m-z]*.5*
# bug upstream ?
#%%{_mandir}/man5/%%{name}6-logging.5*
%{_mandir}/man5/%{name}6.conf.5*
%{_mandir}/man8/%{name}6.8*
%attr(644,root,root) %{_unitdir}/%{name}6.service
%files -n %{name}6-lite
%defattr(-,root,root,-)
%{_mandir}/man5/%{name}6-lite*.5*
%{_mandir}/man8/%{name}6-lite.8*
%doc %{name}6-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_fillupdir}/sysconfig.%{name}6-lite
%dir %{_sysconfdir}/%{name}6-lite
%config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf
%{_sbindir}/rc%{name}6-lite
%{_sbindir}/%{name}6-lite
%dir %{_datadir}/%{name}6-lite
%dir %{_libexecdir}/%{name}6-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6-lite
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}6-lite
%{_datadir}/%{name}6-lite/version
%{_datadir}/%{name}6-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}6-lite/functions
%{_datadir}/%{name}6-lite/lib.base
%{_datadir}/%{name}6-lite/modules*
%{_datadir}/%{name}6-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}6-lite/shorecap
%attr(644,root,root) %{_unitdir}/%{name}6-lite.service
%files init
%defattr(-,root,root,-)
%doc %{name}-init-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_sbindir}/rc%{name}-init
%{_fillupdir}/sysconfig.%{name}-init
%attr(0755,root,root) %{_sbindir}/shorewall-init
%dir %{_datadir}/%{name}-init
%dir %{_libexecdir}/%{name}-init
%dir %attr(0755,root,root) %{_sysconfdir}/NetworkManager
%dir %attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-%{name}
%{_datadir}/%{name}-init/version
%attr(0544,root,root) %{_libexecdir}/%{name}-init/ifupdown
%attr(0544,root,root) %{_sysconfdir}/sysconfig/network/if-down.d/%{name}
%attr(0755,root,root) %{_sysconfdir}/sysconfig/network/if-up.d/%{name}
%{_mandir}/man8/%{name}-init.8*
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-init
%attr(644,root,root) %{_unitdir}/%{name}-init.service
%files core
%defattr(-,root,root,-)
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%dir %{_libexecdir}/shorewall
%{_libexecdir}/shorewall/wait4ifup
%{_datadir}/shorewall/shorewallrc
%files docs
%defattr(-,root,root,-)
%doc %{name}-docs-html-%version/*
%doc %{name}-%version/{Contrib,Samples}
%changelog
