[packages/firehol.git] / firehol.spec

# TODO
# - pldize initscript
# - unbash initscript
# - recheck deps
# - update configure not to require tools at build time
Summary:	Simple and powerful firewall and traffic shaping languages
Name:		firehol
Version:	3.0.1
Release:	0.1
License:	GPL v2+
Group:		Applications/Networking
Source0:	https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz
# Source0-md5:	afee409b698ad0707340112ff0e811b2
Source1:	%{name}.service
Source2:	fireqos.service
URL:		https://firehol.org/
BuildRequires:	hostname
BuildRequires:	iprange >= 1.0.2
BuildRequires:	tar >= 1:1.22
BuildRequires:	wget
BuildRequires:	xz
Requires(post,preun):	/sbin/chkconfig
Requires:	coreutils
Requires:	gawk >= 3.0
Requires:	grep >= 2.4.2
Requires:	gzip
Requires:	hostname
Requires:	iproute2 >= 2.2.4
Requires:	ipset
Requires:	iptables >= 1.2.4
Requires:	kmod
Requires:	less
Requires:	procps
Requires:	rc-scripts
Requires:	sed
Requires:	uname(release) >= 2.4
Requires:	util-linux >= 2.11
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
FireHOL is a generic firewall generator, meaning that you can design
any kind of local or routing stateful packet filtering firewalls with
ease. Install FireHOL if you want an easy way to configure stateful
packet filtering firewalls on Linux hosts and routers.

FireHOL uses an extremely simple but powerful way to define firewall
rules which it turns into complete stateful iptables firewalls.

You can run FireHOL with the 'helpme' argument, to get a configuration
file for the system run, which you can modify according to your needs.
The default configuration file will allow only client traffic on all
interfaces.

%prep
%setup -q

%build
# grep -E 'AX_NEED_PROG|AX_CHECK_PROG' configure.ac |sort -u|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'|sh
%configure \
	FIREHOL_AUTOSAVE=/etc/sysconfig/iptables \
	FIREHOL_AUTOSAVE6=/etc/sysconfig/ip6tables \
	\
	BASH_SHELL_PATH=/bin/bash \
	BRIDGE=/sbin/bridge \
	CAT=/bin/cat \
	CHMOD=/bin/chmod \
	CHOWN=/bin/chown \
	CP=/bin/cp \
	CURL=/usr/bin/curl \
	CUT=/usr/bin/cut \
	DATE=/bin/date \
	DIFF=/usr/bin/diff \
	DIRNAME=/usr/bin/dirname \
	ENV=/usr/bin/env \
	EXPR=/usr/bin/expr \
	FIND=/usr/bin/find \
	FLOCK=/usr/bin/flock \
	FOLD=/usr/bin/fold \
	FUNZIP=/usr/bin/funzip \
	GAWK=/usr/bin/gawk \
	GIT=/usr/bin/git \
	HEAD=/usr/bin/head \
	HOSTNAMECMD=/bin/hostname \
	IP6TABLES=/usr/sbin/ip6tables \
	IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \
	IP6TABLES_SAVE=/usr/sbin/ip6tables-save \
	IP=/sbin/ip \
	IPRANGE=/usr/bin/iprange \
	IPSET=/usr/sbin/ipset \
	IPTABLES=/usr/sbin/iptables \
	IPTABLES_RESTORE=/usr/sbin/iptables-restore \
	IPTABLES_SAVE=/usr/sbin/iptables-save \
	LN=/bin/ln \
	LOGGER=/usr/bin/logger \
	LS=/bin/ls \
	LSMOD=/sbin/lsmod \
	MKDIR=/bin/mkdir \
	MKTEMP=/bin/mktemp \
	MODPROBE=/sbin/insmod \
	MODPROBE=/sbin/modprobe \
	MORE=/bin/more \
	MV=/bin/mv \
	NEATO=/usr/bin/neato \
	PING6=/usr/bin/ping6 \
	PING=/usr/bin/ping \
	RENICE=/usr/bin/renice \
	RM=/bin/rm \
	RMMOD=/sbin/rmmod \
	SCREEN=/usr/bin/screen \
	SEQ=/usr/bin/seq \
	SH=/bin/sh \
	SLEEP=/bin/sleep \
	SORT=/bin/sort \
	SS=/sbin/ss \
	STTY=/bin/stty \
	SYSCTL=/sbin/sysctl \
	TAIL=/usr/bin/tail \
	TAR=/bin/tar \
	TC=/sbin/tc \
	TCPDUMP=/usr/sbin/tcpdump \
	TOUCH=/bin/touch \
	TPUT=/usr/bin/tput \
	TR=/usr/bin/tr \
	TRACEROUTE=/usr/bin/traceroute \
	UNAME=/bin/uname \
	UNIQ=/usr/bin/uniq \
	UNZIP=/usr/bin/unzip \
	WC=/usr/bin/wc \
	WGET=/usr/bin/wget \
	WHOIS=/usr/bin/whois \
	ZCAT=/bin/zcat \
	%{nil}

%{__make}

%install
rm -rf $RPM_BUILD_ROOT
%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

# Hack for documentation without crufts.
rm -frv $RPM_BUILD_ROOT%{_docdir}
find examples/ -name "Makefile*" -delete -print

# Install systemd units.
install -d $RPM_BUILD_ROOT%{systemdunitdir}
cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}

# Install runtime directories.
install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services
install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol

# Ghost configurations.
touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \
      $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add firehol
%service firehol restart
%systemd_post firehol.service
%systemd_post fireqos.service

%preun
if [ "$1" = 0 ]; then
	%service firehol stop
	/sbin/chkconfig --del firehol
fi
%systemd_preun firehol.service
%systemd_preun fireqos.service

%postun
%systemd_reload

%files
%defattr(644,root,root,755)
%doc README THANKS examples
%doc doc/firehol/firehol-manual.{pdf,html}
%doc doc/fireqos/fireqos-manual.{pdf,html}
%dir %{_sysconfdir}/firehol
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf
%{_sysconfdir}/%{name}/*.example
%dir %{_sysconfdir}/%{name}/services
%{_sysconfdir}/%{name}/services/*.example
%attr(755,root,root) %{_sbindir}/firehol
%attr(755,root,root) %{_sbindir}/fireqos
%attr(755,root,root) %{_sbindir}/link-balancer
%attr(755,root,root) %{_sbindir}/update-ipsets
%attr(755,root,root) %{_sbindir}/vnetbuild
%dir %{_libdir}/firehol
%{_libdir}/firehol/functions.common.sh
%{_datadir}/update-ipsets
%{_mandir}/man1/*.1*
%{_mandir}/man5/*.5*
%{systemdunitdir}/firehol.service
%{systemdunitdir}/fireqos.service
%{_localstatedir}/spool/%{name}
Commit	Line	Data
3d3e66ca ER	1	# TODO
	2	# - pldize initscript
	3	# - unbash initscript
	4	# - recheck deps
3aaa3ef5	5	# - update configure not to require tools at build time
8d21b09a	6	Summary: Simple and powerful firewall and traffic shaping languages
3d3e66ca	7	Name: firehol
3f94e594	8	Version: 3.0.1
3d3e66ca ER	9	Release: 0.1
	10	License: GPL v2+
	11	Group: Applications/Networking
3f94e594 ER	12	Source0: https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz
3f94e594 ER	13	# Source0-md5: afee409b698ad0707340112ff0e811b2
8d21b09a ER	14	Source1: %{name}.service
8d21b09a ER	15	Source2: fireqos.service
3f94e594	16	URL: https://firehol.org/
8d21b09a	17	BuildRequires: hostname
a4ae40c6	18	BuildRequires: iprange >= 1.0.2
8d21b09a	19	BuildRequires: tar >= 1:1.22
a4ae40c6	20	BuildRequires: wget
8d21b09a ER	21	BuildRequires: xz
	22	Requires(post,preun): /sbin/chkconfig
	23	Requires: coreutils
3d3e66ca ER	24	Requires: gawk >= 3.0
3d3e66ca ER	25	Requires: grep >= 2.4.2
8d21b09a ER	26	Requires: gzip
8d21b09a ER	27	Requires: hostname
3d3e66ca	28	Requires: iproute2 >= 2.2.4
a4ae40c6	29	Requires: ipset
3d3e66ca	30	Requires: iptables >= 1.2.4
8d21b09a	31	Requires: kmod
3d3e66ca	32	Requires: less
8d21b09a	33	Requires: procps
3d3e66ca	34	Requires: rc-scripts
8d21b09a ER	35	Requires: sed
	36	Requires: uname(release) >= 2.4
	37	Requires: util-linux >= 2.11
3d3e66ca ER	38	BuildArch: noarch
	39	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	40
	41	%description
	42	FireHOL is a generic firewall generator, meaning that you can design
	43	any kind of local or routing stateful packet filtering firewalls with
	44	ease. Install FireHOL if you want an easy way to configure stateful
	45	packet filtering firewalls on Linux hosts and routers.
	46
	47	FireHOL uses an extremely simple but powerful way to define firewall
	48	rules which it turns into complete stateful iptables firewalls.
	49
	50	You can run FireHOL with the 'helpme' argument, to get a configuration
	51	file for the system run, which you can modify according to your needs.
	52	The default configuration file will allow only client traffic on all
	53	interfaces.
	54
	55	%prep
	56	%setup -q
8d21b09a ER	57
8d21b09a ER	58	%build
462eeadc	59	# grep -E 'AX_NEED_PROG\|AX_CHECK_PROG' configure.ac \|sort -u\|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'\|sh
3aaa3ef5	60	%configure \
2bece9b7 ER	61	FIREHOL_AUTOSAVE=/etc/sysconfig/iptables \
	62	FIREHOL_AUTOSAVE6=/etc/sysconfig/ip6tables \
	63	\
42c97d14 ER	64	BASH_SHELL_PATH=/bin/bash \
	65	BRIDGE=/sbin/bridge \
	66	CAT=/bin/cat \
	67	CHMOD=/bin/chmod \
	68	CHOWN=/bin/chown \
	69	CP=/bin/cp \
	70	CURL=/usr/bin/curl \
	71	CUT=/usr/bin/cut \
	72	DATE=/bin/date \
	73	DIFF=/usr/bin/diff \
	74	DIRNAME=/usr/bin/dirname \
	75	ENV=/usr/bin/env \
	76	EXPR=/usr/bin/expr \
	77	FIND=/usr/bin/find \
	78	FLOCK=/usr/bin/flock \
	79	FOLD=/usr/bin/fold \
462eeadc ER	80	FUNZIP=/usr/bin/funzip \
	81	GAWK=/usr/bin/gawk \
	82	GIT=/usr/bin/git \
42c97d14	83	HEAD=/usr/bin/head \
462eeadc ER	84	HOSTNAMECMD=/bin/hostname \
	85	IP6TABLES=/usr/sbin/ip6tables \
	86	IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \
	87	IP6TABLES_SAVE=/usr/sbin/ip6tables-save \
42c97d14	88	IP=/sbin/ip \
a4ae40c6	89	IPRANGE=/usr/bin/iprange \
42c97d14	90	IPSET=/usr/sbin/ipset \
462eeadc ER	91	IPTABLES=/usr/sbin/iptables \
	92	IPTABLES_RESTORE=/usr/sbin/iptables-restore \
	93	IPTABLES_SAVE=/usr/sbin/iptables-save \
42c97d14 ER	94	LN=/bin/ln \
	95	LOGGER=/usr/bin/logger \
	96	LS=/bin/ls \
	97	LSMOD=/sbin/lsmod \
	98	MKDIR=/bin/mkdir \
	99	MKTEMP=/bin/mktemp \
	100	MODPROBE=/sbin/insmod \
462eeadc ER	101	MODPROBE=/sbin/modprobe \
462eeadc ER	102	MORE=/bin/more \
42c97d14	103	MV=/bin/mv \
462eeadc	104	NEATO=/usr/bin/neato \
42c97d14 ER	105	PING6=/usr/bin/ping6 \
42c97d14 ER	106	PING=/usr/bin/ping \
462eeadc	107	RENICE=/usr/bin/renice \
42c97d14 ER	108	RM=/bin/rm \
42c97d14 ER	109	RMMOD=/sbin/rmmod \
462eeadc	110	SCREEN=/usr/bin/screen \
42c97d14	111	SEQ=/usr/bin/seq \
462eeadc	112	SH=/bin/sh \
42c97d14 ER	113	SLEEP=/bin/sleep \
42c97d14 ER	114	SORT=/bin/sort \
462eeadc ER	115	SS=/sbin/ss \
462eeadc ER	116	STTY=/bin/stty \
42c97d14 ER	117	SYSCTL=/sbin/sysctl \
	118	TAIL=/usr/bin/tail \
	119	TAR=/bin/tar \
	120	TC=/sbin/tc \
462eeadc	121	TCPDUMP=/usr/sbin/tcpdump \
42c97d14	122	TOUCH=/bin/touch \
462eeadc	123	TPUT=/usr/bin/tput \
42c97d14 ER	124	TR=/usr/bin/tr \
	125	TRACEROUTE=/usr/bin/traceroute \
	126	UNAME=/bin/uname \
	127	UNIQ=/usr/bin/uniq \
462eeadc	128	UNZIP=/usr/bin/unzip \
42c97d14	129	WC=/usr/bin/wc \
462eeadc ER	130	WGET=/usr/bin/wget \
	131	WHOIS=/usr/bin/whois \
	132	ZCAT=/bin/zcat \
42c97d14 ER	133	%{nil}
42c97d14 ER	134
8d21b09a	135	%{__make}
3d3e66ca ER	136
	137	%install
	138	rm -rf $RPM_BUILD_ROOT
8d21b09a ER	139	%{__make} install \
8d21b09a ER	140	DESTDIR=$RPM_BUILD_ROOT
3d3e66ca	141
8d21b09a ER	142	# Hack for documentation without crufts.
	143	rm -frv $RPM_BUILD_ROOT%{_docdir}
	144	find examples/ -name "Makefile*" -delete -print
3d3e66ca	145
8d21b09a ER	146	# Install systemd units.
	147	install -d $RPM_BUILD_ROOT%{systemdunitdir}
	148	cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}
3d3e66ca	149
8d21b09a ER	150	# Install runtime directories.
8d21b09a ER	151	install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services
3d3e66ca ER	152	install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol
3d3e66ca ER	153
8d21b09a ER	154	# Ghost configurations.
	155	touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \
	156	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf
	157
	158	%clean
	159	rm -rf $RPM_BUILD_ROOT
	160
3d3e66ca ER	161	%post
	162	/sbin/chkconfig --add firehol
	163	%service firehol restart
8d21b09a ER	164	%systemd_post firehol.service
8d21b09a ER	165	%systemd_post fireqos.service
3d3e66ca ER	166
	167	%preun
	168	if [ "$1" = 0 ]; then
	169	%service firehol stop
	170	/sbin/chkconfig --del firehol
	171	fi
8d21b09a ER	172	%systemd_preun firehol.service
8d21b09a ER	173	%systemd_preun fireqos.service
3d3e66ca	174
8d21b09a ER	175	%postun
8d21b09a ER	176	%systemd_reload
3d3e66ca ER	177
	178	%files
	179	%defattr(644,root,root,755)
a4ae40c6	180	%doc README THANKS examples
8d21b09a ER	181	%doc doc/firehol/firehol-manual.{pdf,html}
8d21b09a ER	182	%doc doc/fireqos/fireqos-manual.{pdf,html}
3d3e66ca	183	%dir %{_sysconfdir}/firehol
8d21b09a ER	184	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf
	185	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf
	186	%{_sysconfdir}/%{name}/*.example
	187	%dir %{_sysconfdir}/%{name}/services
	188	%{_sysconfdir}/%{name}/services/*.example
	189	%attr(755,root,root) %{_sbindir}/firehol
	190	%attr(755,root,root) %{_sbindir}/fireqos
2bece9b7 ER	191	%attr(755,root,root) %{_sbindir}/link-balancer
	192	%attr(755,root,root) %{_sbindir}/update-ipsets
	193	%attr(755,root,root) %{_sbindir}/vnetbuild
	194	%dir %{_libdir}/firehol
	195	%{_libdir}/firehol/functions.common.sh
	196	%{_datadir}/update-ipsets
3d3e66ca ER	197	%{_mandir}/man1/.1
3d3e66ca ER	198	%{_mandir}/man5/.5
8d21b09a ER	199	%{systemdunitdir}/firehol.service
	200	%{systemdunitdir}/fireqos.service
	201	%{_localstatedir}/spool/%{name}