File shorewall.spec of Package shorewall

Overview Repositories Revisions Requests Users Attributes Meta

File shorewall.spec of Package shorewall

#
# spec file for package shorewall
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%define have_systemd 1
%define dmaj 5.2
%define dmin 5.2.8
# Warn users for upgrading configuration but only on major or minor version changes
%define conf_need_update 0
#2017+ New fillup location
%if ! %{defined _fillupdir}
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
Name:           shorewall
Version:        5.2.8
Release:        0
Summary:        An iptables-based firewall for Linux systems
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
URL:            http://www.shorewall.net/
Source:         http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-%version.tar.bz2
Source1:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-core-%version.tar.bz2
Source2:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-lite-%version.tar.bz2
Source3:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-init-%version.tar.bz2
Source4:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-lite-%version.tar.bz2
Source5:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-%version.tar.bz2
Source6:        http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-docs-html-%version.tar.bz2
Source7:        %{name}-5.2.rpmlintrc
Source8:        README.openSUSE
# PATCH-FIX-OPENSUSE Shorewall-init use of fillup template
Patch1:         shorewall-init-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall (6) use of fillup template
Patch2:         shorewall-fillup-install.patch
# PATCH-FIX-OPENSUSE Shorewall-lite (6) use of fillup template
Patch3:         shorewall-lite-fillup-install.patch
# PATH-FIX-OPENSUSE invalid manpage boo#1203006
Patch4:         shorewall-fix-install-manpages.patch
BuildRequires:  bash >= 4
BuildRequires:  perl-base
BuildRequires:  pkgconfig
BuildRequires:  perl(Digest::SHA)
BuildRequires:  pkgconfig(systemd)
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       bc
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
Requires:       perl-base
PreReq:         %fillup_prereq
Suggests:       xtables-addons
Provides:       shoreline_firewall = %{version}-%{release}
BuildArch:      noarch
%{?systemd_ordering}
%{perl_requires}

%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package lite
Summary:        Shoreline Firewall Lite is an iptables-based firewall for Linux systems
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       bc
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
PreReq:         %fillup_prereq
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description lite
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.

%package -n %{name}6
Summary:        Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       bc
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
Requires:       perl-base
PreReq:         %fillup_prereq
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description -n %{name}6
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based IPv6 firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

%package -n %{name}6-lite
Summary:        Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       %{name}-core = %{version}-%{release}
Requires:       bc
Requires:       iproute2
Requires:       iptables
Requires:       logrotate
PreReq:         %fillup_prereq
Provides:       shoreline_firewall = %{version}-%{release}
%{?systemd_requires}

%description -n %{name}6-lite
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall6 Lite is a companion product to Shorewall6 that allows network
administrators to centralize the configuration of Shorewall6-based firewalls.

%package  init
Summary:        Adds functionality during boot to Shoreline Firewall (Shorewall)
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Requires:       %{_sbindir}/service
Requires:       logrotate
Requires:       shoreline_firewall = %{version}-%{release}
PreReq:         %fillup_prereq
%{?systemd_requires}

%description init
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall Init is a companion product to Shorewall that allows for tigher
control of connections during boot and that integrates Shorewall with
ifup/ifdown and NetworkManager.

%package  docs
Summary:        HTML documentation for shorewall configuration
License:        GFDL-1.1-only
Group:          Documentation/Other

%description  docs
HTML documentation for the Shoreline Firewall. Highly recommend to read before
starting to configure shorewall

%package core
Summary:        Core libraries for Shorewall
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Requires:       iptables
Requires:       perl-base

%description core
This package contains the core libraries for Shorewall.

%prep
%setup -q -c -a1 -a2 -a3 -a4 -a5 -a6
#PATCH-FIX-OPENSUSE geo_ip has no LE
#We keep it with this dynamic form to avoid maintaining manual patch
find . $ -name shorewall*.conf -or -name shorewall*.conf.annotated $ -exec sed -i "s,GEOIPDIR=%{_datadir}/xt_geoip/LE,GEOIPDIR=%{_datadir}/xt_geoip,g" {} \;
#PATCH-FIX-OPENSUSUSE for fillup
pushd %{name}-init-%{version}
%patch -P 1 -p1
popd
pushd %{name}-%{version}
%patch -P 2 -p1
%patch -P 4 -p1
popd
pushd %{name}6-%{version}
%patch -P 2 -p1
%patch -P 4 -p1
popd
pushd %{name}-lite-%{version}
%patch -P 3 -p1
popd
pushd %{name}6-lite-%{version}
%patch -P 3 -p1
popd

chmod -x %{name}-docs-html-%{version}/images/*.png
chmod -x %{name}6-%{version}/tunnel
chmod -x %{name}6-%{version}/ipv6
chmod -x %{name}-%{version}/Contrib/swping.init
chmod -x %{name}-%{version}/Contrib/tunnel

cp %{SOURCE8} %{name}-%{version}/.

# We don't have /sbin /bin merged on /usr so symlinks can't work.
# so we dynamically patch last /sbin calls in lib.cli-std
# and make shorewall remote working without hacks
sed -i 's#/sbin/shorewall#%{_sbindir}/shorewall#g' %{name}-%{version}/lib.cli-std

# On 20201108 Upstream decide to remove StandardOutput=syslog from service on future version
find . -iname "*.service" -exec sed -i '/StandardOutput=syslog/d' {} \;

%build

%install

# find the systemd version in order to install correct service files
%define systemd_version \
systemd --version | awk '/^systemd/ {print $2}'

# NOTE For REVIEWERS
#
# configure is used to set the installation parameters to shorewall.
# The default shorewallrc is not what we want and every distro needs
# to set it differently. Please see the disccussion in
# http://lists.opensuse.org/opensuse-packaging/2012-08/msg00050.html

targets="shorewall shorewall-core shorewall-lite shorewall6 shorewall6-lite shorewall-init"

for i in $targets; do
    pushd ${i}-%{version}
    ./configure \
        vendor=%{_vendor} \
        host=%{_vendor} \
        prefix=%{_prefix} \
        perllibdir=%{perl_vendorlib} \
        libexecdir=%{_libexecdir} \
        sbindir=%{_sbindir} \
        %if 0%{?have_systemd}
            servicedir=%{_unitdir} \
            initdir= \
        %endif
       sharedir=%{_datadir}

if [ $i != shorewall-init ];
    then
        BUILD=suse DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc
    else
        install -d %buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d
        BUILD=suse DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc

if [ -f ${DESTDIR}%{_sysconfdir}/ppp ]; then
            for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
                mkdir -p ${DESTDIR}%{_sysconfdir}/ppp/$directory #SuSE doesn't create the IPv6 directories
                cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}%{_sysconfdir}/ppp/$directory/shorewall
            done
        fi
        # Move Networkmanager to _prefix
        if [ -d "%buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d" ]; then
            install -d "%buildroot/%{_prefix}/lib/NetworkManager/"
            mv -v "%buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d" "%buildroot/%{_prefix}/lib/NetworkManager/dispatcher.d"
        fi
        # Move logrotate.d files to _prefix
        if [ -d "%{buildroot}%{_sysconfdir}/logrotate.d" ]; then
            install -d "%{buildroot}%{_distconfdir}"
            mv -v "%{buildroot}%{_sysconfdir}/logrotate.d" "%{buildroot}%{_distconfdir}/logrotate.d"
        fi
    fi
    popd
done

rctargets="shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
mkdir -p %buildroot/%{_sbindir}
for i in $rctargets; do
  ln -sf %{_sbindir}/service %buildroot%{_sbindir}/rc${i}
done

# starting with 12.3 drop sysv-init support fedora already did
rm -rf %buildroot%_initddir

# Since 5.12 we need to remove them again
rm -f %{buildroot}/%{_sysconfdir}/sysconfig/%{name}*

# Move
%pre
%service_add_pre shorewall.service
%if %conf_need_update
echo "upgrade configuration" > /run/%{name}_upgrade
%endif

%post
%service_add_post shorewall.service

%preun
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall.service

%postun
%service_del_postun shorewall.service

%posttrans
if [ -f /run/%{name}_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-something << EOF
Warning: Shorewall %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name} update -a %{_sysconfdir}/%{name}
Warning: Adjust changes and try the new configuration
%{name} try %{_sysconfdir}/%{name}
Warning: If everything work run
systemctl try-reload-or-restart %{name}
EOF
rm -f /run/%{name}_upgrade
fi

%pre -n %{name}6
%service_add_pre shorewall6.service
%if %conf_need_update
echo "upgrade configuration" > /run/%{name}6_upgrade
%endif

%post -n %{name}6
%service_add_post shorewall6.service

%preun -n %{name}6
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6.service

%postun -n %{name}6
%service_del_postun shorewall6.service

%posttrans -n %{name}6
if [ -f /run/%{name}6_upgrade ]; then
cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-something << EOF
Warning: Shorewall6 %{dmaj} has just been installed
Warning: You have to check and upgrade your configuration
%{name}6 update -a %{_sysconfdir}/%{name}6
Warning: Adjust changes and try the new configuration
%{name}6 try %{_sysconfdir}/%{name}6
Warning: If everything work run
systemctl try-reload-or-restart %{name}6
EOF
rm -f /run/%{name}6_upgrade
fi

%pre -n %{name}-lite
%service_add_pre shorewall-lite.service

%post -n %{name}-lite
%service_add_post shorewall-lite.service

%preun -n %{name}-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall-lite.service

%postun -n %{name}-lite
%service_del_postun shorewall-lite.service

%pre -n %{name}6-lite
%service_add_pre shorewall6-lite.service

%post -n %{name}6-lite
%service_add_post shorewall6-lite.service

%preun -n %{name}6-lite
rm -f %{_sysconfdir}/%{name}/startup_disabled
%service_del_preun shorewall6-lite.service

%postun -n %{name}6-lite
%service_del_postun shorewall6-lite.service

%pre init
%service_add_pre shorewall-init.service

%post init
%{fillup_only}
%service_add_post shorewall-init.service

%preun init
%service_del_preun shorewall-init.service

%postun init
# boo#1166114 Never try to restart shorewall-init
# You can lock down the system so never use
#%%service_del_postun shorewall-init.service macro
%systemd_postun shorewall-init.service

%files
%defattr(-,root,root,-)
%doc %{name}-%version/{COPYING,changelog.txt,releasenotes.txt,README.openSUSE}
%{_sbindir}/rc%{name}
%{_fillupdir}/sysconfig.%{name}
%dir %{_sysconfdir}/%{name}
%ghost %{_sysconfdir}/%{name}/isusable
%config(noreplace) %{_sysconfdir}/%{name}/*
%dir %{_datadir}/%{name}
%dir %{_libexecdir}/%{name}
%dir %{_datadir}/%{name}/configfiles
%dir %{_datadir}/%{name}/deprecated
%dir %{_datadir}/%{name}/Shorewall
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}
%dir %{_distconfdir}
%dir %{_distconfdir}/logrotate.d/
%{_distconfdir}/logrotate.d/%{name}
%{_datadir}/%{name}/version
%{_datadir}/%{name}/actions.std
%{_datadir}/%{name}/action.*
%{_datadir}/%{name}/lib.base
%{_datadir}/%{name}/macro.*
%{_datadir}/%{name}/prog.*
%{_datadir}/%{name}/helpers
%{_datadir}/%{name}/configpath
%{_datadir}/%{name}/configfiles/*
%attr(755,root,root) %{_libexecdir}/%{name}/getparams
%attr(755,root,root) %{_libexecdir}/%{name}/compiler.pl
%dir %{perl_vendorlib}/Shorewall
%{perl_vendorlib}/Shorewall/*.pm
%{_mandir}/man5/%{name}-[a-k,m-z]*.5*
%{_mandir}/man5/%{name}-logging.5*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man8/%{name}.8*
%attr(644,root,root) %{_unitdir}/%{name}.service

%files lite
%defattr(-,root,root,-)
%doc %{name}-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_fillupdir}/sysconfig.%{name}-lite
%dir %{_sysconfdir}/%{name}-lite
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf
%{_sbindir}/rc%{name}-lite
%{_sbindir}/%{name}-lite
%dir %{_datadir}/%{name}-lite
%dir %{_libexecdir}/%{name}-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}-lite
%dir %{_distconfdir}
%dir %{_distconfdir}/logrotate.d/
%{_distconfdir}/logrotate.d/%{name}-lite
%{_datadir}/%{name}-lite/version
%{_datadir}/%{name}-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}-lite/functions
%{_datadir}/%{name}-lite/lib.base
%{_datadir}/%{name}-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}-lite/shorecap
%{_mandir}/man5/%{name}-lite*.5*
%{_mandir}/man8/%{name}-lite.8.*
%attr(644,root,root) %{_unitdir}/%{name}-lite.service

%files -n %{name}6
%defattr(-,root,root,-)
%doc %{name}6-%version/{COPYING,changelog.txt,releasenotes.txt,tunnel,ipv6,ipsecvpn}
%{_sbindir}/rc%{name}6
%{_sbindir}/%{name}6
%{_fillupdir}/sysconfig.%{name}6
%dir %{_sysconfdir}/%{name}6
%ghost %{_sysconfdir}/%{name}6/isusable
%config(noreplace) %{_sysconfdir}/%{name}6/*
%dir %{_datadir}/%{name}6
%dir %{_libexecdir}/%{name}6
%dir %{_datadir}/%{name}6/configfiles
%dir %{_datadir}/%{name}6/deprecated
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6
%dir %{_distconfdir}
%dir %{_distconfdir}/logrotate.d/
%{_distconfdir}/logrotate.d/%{name}6
%{_datadir}/%{name}6/version
%{_datadir}/%{name}6/actions.std
%{_datadir}/%{name}6/action.*
%{_datadir}/%{name}6/functions
%{_datadir}/%{name}6/lib.base
%{_datadir}/%{name}6/macro.*
%{_datadir}/%{name}6/helpers
%{_datadir}/%{name}6/configpath
%{_datadir}/%{name}6/configfiles/*
%{_mandir}/man5/%{name}6-[a-k,m-z]*.5*
%{_mandir}/man5/%{name}6.conf.5*
%{_mandir}/man8/%{name}6.8*
%attr(644,root,root) %{_unitdir}/%{name}6.service

%files -n %{name}6-lite
%defattr(-,root,root,-)
%{_mandir}/man5/%{name}6-lite*.5*
%{_mandir}/man8/%{name}6-lite.8*
%doc %{name}6-lite-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_fillupdir}/sysconfig.%{name}6-lite
%dir %{_sysconfdir}/%{name}6-lite
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf
%{_sbindir}/rc%{name}6-lite
%{_sbindir}/%{name}6-lite
%dir %{_datadir}/%{name}6-lite
%dir %{_libexecdir}/%{name}6-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6-lite
%dir %{_distconfdir}
%dir %{_distconfdir}/logrotate.d/
%{_distconfdir}/logrotate.d/%{name}6-lite
%{_datadir}/%{name}6-lite/version
%{_datadir}/%{name}6-lite/configpath
%attr(- ,root,root) %{_datadir}/%{name}6-lite/functions
%{_datadir}/%{name}6-lite/lib.base
%{_datadir}/%{name}6-lite/helpers
%attr(0544,root,root) %{_libexecdir}/%{name}6-lite/shorecap
%attr(644,root,root) %{_unitdir}/%{name}6-lite.service

%files init
%defattr(-,root,root,-)
%doc %{name}-init-%version/{COPYING,changelog.txt,releasenotes.txt}
%{_sbindir}/rc%{name}-init
%{_fillupdir}/sysconfig.%{name}-init
%attr(0755,root,root) %{_sbindir}/shorewall-init
%dir %{_datadir}/%{name}-init
%dir %{_libexecdir}/%{name}-init
%dir %attr(0755,root,root) %{_prefix}/lib//NetworkManager
%dir %attr(0755,root,root) %{_prefix}/lib//NetworkManager/dispatcher.d
%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/01-%{name}
%{_datadir}/%{name}-init/version
%attr(0544,root,root) %{_libexecdir}/%{name}-init/ifupdown
%dir %{_sysconfdir}/sysconfig/network
%dir %{_sysconfdir}/sysconfig/network/if-down.d
%attr(0544,root,root) %{_sysconfdir}/sysconfig/network/if-down.d/%{name}
%dir %{_sysconfdir}/sysconfig/network/if-up.d
%attr(0755,root,root) %{_sysconfdir}/sysconfig/network/if-up.d/%{name}
%{_mandir}/man8/%{name}-init.8*
%dir %{_distconfdir}
%dir %{_distconfdir}/logrotate.d/
%{_distconfdir}/logrotate.d/%{name}-init
%attr(644,root,root) %{_unitdir}/%{name}-init.service

%files core
%defattr(-,root,root,-)
%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt}
%{_sbindir}/%{name}
%dir %{_datadir}/shorewall/
%{_datadir}/shorewall/coreversion
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.cli
%{_datadir}/shorewall/lib.cli-std
%{_datadir}/shorewall/lib.common
%{_datadir}/shorewall/lib.core
%{_datadir}/shorewall/lib.runtime
%dir %{_libexecdir}/shorewall
%{_libexecdir}/shorewall/wait4ifup
%{_datadir}/shorewall/shorewallrc

%files docs
%defattr(-,root,root,-)
%doc %{name}-docs-html-%version/*
%doc %{name}-%version/{Contrib,Samples}

%changelog

Places

File shorewall.spec of Package shorewall

Places