[packages/firehol.git] / firehol.spec

# TODO
# - pldize initscript
# - unbash initscript
# - recheck deps
# - update configure not to require tools at build time
Summary:	Simple and powerful firewall and traffic shaping languages
Name:		firehol
Version:	3.0.1
Release:	0.1
License:	GPL v2+
Group:		Applications/Networking
Source0:	https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz
# Source0-md5:	afee409b698ad0707340112ff0e811b2
Source1:	%{name}.service
Source2:	fireqos.service
URL:		https://firehol.org/
BuildRequires:	graphviz
BuildRequires:	hostname
BuildRequires:	iprange >= 1.0.2
BuildRequires:	iproute2
BuildRequires:	iptables
BuildRequires:	procps
BuildRequires:	screen
BuildRequires:	systemd-devel
BuildRequires:	tar >= 1:1.22
BuildRequires:	unzip
BuildRequires:	wget
BuildRequires:	whois
BuildRequires:	xz
Requires(post,preun):	/sbin/chkconfig
Requires:	coreutils
Requires:	gawk >= 3.0
Requires:	grep >= 2.4.2
Requires:	gzip
Requires:	hostname
Requires:	iproute2 >= 2.2.4
Requires:	ipset
Requires:	iptables >= 1.2.4
Requires:	kmod
Requires:	less
Requires:	procps
Requires:	rc-scripts
Requires:	sed
Requires:	uname(release) >= 2.4
Requires:	util-linux >= 2.11
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
FireHOL is a generic firewall generator, meaning that you can design
any kind of local or routing stateful packet filtering firewalls with
ease. Install FireHOL if you want an easy way to configure stateful
packet filtering firewalls on Linux hosts and routers.

FireHOL uses an extremely simple but powerful way to define firewall
rules which it turns into complete stateful iptables firewalls.

You can run FireHOL with the 'helpme' argument, to get a configuration
file for the system run, which you can modify according to your needs.
The default configuration file will allow only client traffic on all
interfaces.

%prep
%setup -q

%build
# grep -E 'AX_NEED_PROG|AX_CHECK_PROG' configure.ac |sort -u|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'|sh
%configure \
	BASH_SHELL_PATH=/bin/bash \
	BRIDGE=/sbin/bridge \
	CAT=/bin/cat \
	CHMOD=/bin/chmod \
	CHOWN=/bin/chown \
	CP=/bin/cp \
	CURL=/usr/bin/curl \
	CUT=/usr/bin/cut \
	DATE=/bin/date \
	DIFF=/usr/bin/diff \
	DIRNAME=/usr/bin/dirname \
	ENV=/usr/bin/env \
	EXPR=/usr/bin/expr \
	FIND=/usr/bin/find \
	FLOCK=/usr/bin/flock \
	FOLD=/usr/bin/fold \
	FUNZIP=/usr/bin/funzip \
	GAWK=/usr/bin/gawk \
	GIT=/usr/bin/git \
	HEAD=/usr/bin/head \
	HOSTNAMECMD=/bin/hostname \
	IP6TABLES=/usr/sbin/ip6tables \
	IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \
	IP6TABLES_SAVE=/usr/sbin/ip6tables-save \
	IP=/sbin/ip \
	IPRANGE=/usr/bin/iprange \
	IPSET=/usr/sbin/ipset \
	IPTABLES=/usr/sbin/iptables \
	IPTABLES_RESTORE=/usr/sbin/iptables-restore \
	IPTABLES_SAVE=/usr/sbin/iptables-save \
	LN=/bin/ln \
	LOGGER=/usr/bin/logger \
	LS=/bin/ls \
	LSMOD=/sbin/lsmod \
	MKDIR=/bin/mkdir \
	MKTEMP=/bin/mktemp \
	MODPROBE=/sbin/insmod \
	MODPROBE=/sbin/modprobe \
	MORE=/bin/more \
	MV=/bin/mv \
	NEATO=/usr/bin/neato \
	PING6=/usr/bin/ping6 \
	PING=/usr/bin/ping \
	RENICE=/usr/bin/renice \
	RM=/bin/rm \
	RMMOD=/sbin/rmmod \
	SCREEN=/usr/bin/screen \
	SEQ=/usr/bin/seq \
	SH=/bin/sh \
	SLEEP=/bin/sleep \
	SORT=/bin/sort \
	SS=/sbin/ss \
	STTY=/bin/stty \
	SYSCTL=/sbin/sysctl \
	TAIL=/usr/bin/tail \
	TAR=/bin/tar \
	TC=/sbin/tc \
	TCPDUMP=/usr/sbin/tcpdump \
	TOUCH=/bin/touch \
	TPUT=/usr/bin/tput \
	TR=/usr/bin/tr \
	TRACEROUTE=/usr/bin/traceroute \
	UNAME=/bin/uname \
	UNIQ=/usr/bin/uniq \
	UNZIP=/usr/bin/unzip \
	WC=/usr/bin/wc \
	WGET=/usr/bin/wget \
	WHOIS=/usr/bin/whois \
	ZCAT=/bin/zcat \
	%{nil}

%{__make}

%install
rm -rf $RPM_BUILD_ROOT
%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

# Hack for documentation without crufts.
rm -frv $RPM_BUILD_ROOT%{_docdir}
find examples/ -name "Makefile*" -delete -print

# Install systemd units.
install -d $RPM_BUILD_ROOT%{systemdunitdir}
cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}

# Install runtime directories.
install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services
install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol

# Ghost configurations.
touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \
      $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add firehol
%service firehol restart
%systemd_post firehol.service
%systemd_post fireqos.service

%preun
if [ "$1" = 0 ]; then
	%service firehol stop
	/sbin/chkconfig --del firehol
fi
%systemd_preun firehol.service
%systemd_preun fireqos.service

%postun
%systemd_reload

%files
%defattr(644,root,root,755)
%doc README THANKS examples
%doc doc/firehol/firehol-manual.{pdf,html}
%doc doc/fireqos/fireqos-manual.{pdf,html}
%dir %{_sysconfdir}/firehol
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf
%{_sysconfdir}/%{name}/*.example
%dir %{_sysconfdir}/%{name}/services
%{_sysconfdir}/%{name}/services/*.example
%attr(755,root,root) %{_sbindir}/firehol
%attr(755,root,root) %{_sbindir}/fireqos
%{_mandir}/man1/*.1*
%{_mandir}/man5/*.5*
%{systemdunitdir}/firehol.service
%{systemdunitdir}/fireqos.service
%{_localstatedir}/spool/%{name}
Commit	Line	Data
	1	# TODO
	2	# - pldize initscript
	3	# - unbash initscript
	4	# - recheck deps
	5	# - update configure not to require tools at build time
	6	Summary: Simple and powerful firewall and traffic shaping languages
	7	Name: firehol
	8	Version: 3.0.1
	9	Release: 0.1
	10	License: GPL v2+
	11	Group: Applications/Networking
	12	Source0: https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz
	13	# Source0-md5: afee409b698ad0707340112ff0e811b2
	14	Source1: %{name}.service
	15	Source2: fireqos.service
	16	URL: https://firehol.org/
	17	BuildRequires: graphviz
	18	BuildRequires: hostname
	19	BuildRequires: iprange >= 1.0.2
	20	BuildRequires: iproute2
	21	BuildRequires: iptables
	22	BuildRequires: procps
	23	BuildRequires: screen
	24	BuildRequires: systemd-devel
	25	BuildRequires: tar >= 1:1.22
	26	BuildRequires: unzip
	27	BuildRequires: wget
	28	BuildRequires: whois
	29	BuildRequires: xz
	30	Requires(post,preun): /sbin/chkconfig
	31	Requires: coreutils
	32	Requires: gawk >= 3.0
	33	Requires: grep >= 2.4.2
	34	Requires: gzip
	35	Requires: hostname
	36	Requires: iproute2 >= 2.2.4
	37	Requires: ipset
	38	Requires: iptables >= 1.2.4
	39	Requires: kmod
	40	Requires: less
	41	Requires: procps
	42	Requires: rc-scripts
	43	Requires: sed
	44	Requires: uname(release) >= 2.4
	45	Requires: util-linux >= 2.11
	46	BuildArch: noarch
	47	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	48
	49	%description
	50	FireHOL is a generic firewall generator, meaning that you can design
	51	any kind of local or routing stateful packet filtering firewalls with
	52	ease. Install FireHOL if you want an easy way to configure stateful
	53	packet filtering firewalls on Linux hosts and routers.
	54
	55	FireHOL uses an extremely simple but powerful way to define firewall
	56	rules which it turns into complete stateful iptables firewalls.
	57
	58	You can run FireHOL with the 'helpme' argument, to get a configuration
	59	file for the system run, which you can modify according to your needs.
	60	The default configuration file will allow only client traffic on all
	61	interfaces.
	62
	63	%prep
	64	%setup -q
	65
	66	%build
	67	# grep -E 'AX_NEED_PROG\|AX_CHECK_PROG' configure.ac \|sort -u\|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'\|sh
	68	%configure \
	69	BASH_SHELL_PATH=/bin/bash \
	70	BRIDGE=/sbin/bridge \
	71	CAT=/bin/cat \
	72	CHMOD=/bin/chmod \
	73	CHOWN=/bin/chown \
	74	CP=/bin/cp \
	75	CURL=/usr/bin/curl \
	76	CUT=/usr/bin/cut \
	77	DATE=/bin/date \
	78	DIFF=/usr/bin/diff \
	79	DIRNAME=/usr/bin/dirname \
	80	ENV=/usr/bin/env \
	81	EXPR=/usr/bin/expr \
	82	FIND=/usr/bin/find \
	83	FLOCK=/usr/bin/flock \
	84	FOLD=/usr/bin/fold \
	85	FUNZIP=/usr/bin/funzip \
	86	GAWK=/usr/bin/gawk \
	87	GIT=/usr/bin/git \
	88	HEAD=/usr/bin/head \
	89	HOSTNAMECMD=/bin/hostname \
	90	IP6TABLES=/usr/sbin/ip6tables \
	91	IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \
	92	IP6TABLES_SAVE=/usr/sbin/ip6tables-save \
	93	IP=/sbin/ip \
	94	IPRANGE=/usr/bin/iprange \
	95	IPSET=/usr/sbin/ipset \
	96	IPTABLES=/usr/sbin/iptables \
	97	IPTABLES_RESTORE=/usr/sbin/iptables-restore \
	98	IPTABLES_SAVE=/usr/sbin/iptables-save \
	99	LN=/bin/ln \
	100	LOGGER=/usr/bin/logger \
	101	LS=/bin/ls \
	102	LSMOD=/sbin/lsmod \
	103	MKDIR=/bin/mkdir \
	104	MKTEMP=/bin/mktemp \
	105	MODPROBE=/sbin/insmod \
	106	MODPROBE=/sbin/modprobe \
	107	MORE=/bin/more \
	108	MV=/bin/mv \
	109	NEATO=/usr/bin/neato \
	110	PING6=/usr/bin/ping6 \
	111	PING=/usr/bin/ping \
	112	RENICE=/usr/bin/renice \
	113	RM=/bin/rm \
	114	RMMOD=/sbin/rmmod \
	115	SCREEN=/usr/bin/screen \
	116	SEQ=/usr/bin/seq \
	117	SH=/bin/sh \
	118	SLEEP=/bin/sleep \
	119	SORT=/bin/sort \
	120	SS=/sbin/ss \
	121	STTY=/bin/stty \
	122	SYSCTL=/sbin/sysctl \
	123	TAIL=/usr/bin/tail \
	124	TAR=/bin/tar \
	125	TC=/sbin/tc \
	126	TCPDUMP=/usr/sbin/tcpdump \
	127	TOUCH=/bin/touch \
	128	TPUT=/usr/bin/tput \
	129	TR=/usr/bin/tr \
	130	TRACEROUTE=/usr/bin/traceroute \
	131	UNAME=/bin/uname \
	132	UNIQ=/usr/bin/uniq \
	133	UNZIP=/usr/bin/unzip \
	134	WC=/usr/bin/wc \
	135	WGET=/usr/bin/wget \
	136	WHOIS=/usr/bin/whois \
	137	ZCAT=/bin/zcat \
	138	%{nil}
	139
	140	%{__make}
	141
	142	%install
	143	rm -rf $RPM_BUILD_ROOT
	144	%{__make} install \
	145	DESTDIR=$RPM_BUILD_ROOT
	146
	147	# Hack for documentation without crufts.
	148	rm -frv $RPM_BUILD_ROOT%{_docdir}
	149	find examples/ -name "Makefile*" -delete -print
	150
	151	# Install systemd units.
	152	install -d $RPM_BUILD_ROOT%{systemdunitdir}
	153	cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}
	154
	155	# Install runtime directories.
	156	install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services
	157	install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol
	158
	159	# Ghost configurations.
	160	touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \
	161	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf
	162
	163	%clean
	164	rm -rf $RPM_BUILD_ROOT
	165
	166	%post
	167	/sbin/chkconfig --add firehol
	168	%service firehol restart
	169	%systemd_post firehol.service
	170	%systemd_post fireqos.service
	171
	172	%preun
	173	if [ "$1" = 0 ]; then
	174	%service firehol stop
	175	/sbin/chkconfig --del firehol
	176	fi
	177	%systemd_preun firehol.service
	178	%systemd_preun fireqos.service
	179
	180	%postun
	181	%systemd_reload
	182
	183	%files
	184	%defattr(644,root,root,755)
	185	%doc README THANKS examples
	186	%doc doc/firehol/firehol-manual.{pdf,html}
	187	%doc doc/fireqos/fireqos-manual.{pdf,html}
	188	%dir %{_sysconfdir}/firehol
	189	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf
	190	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf
	191	%{_sysconfdir}/%{name}/*.example
	192	%dir %{_sysconfdir}/%{name}/services
	193	%{_sysconfdir}/%{name}/services/*.example
	194	%attr(755,root,root) %{_sbindir}/firehol
	195	%attr(755,root,root) %{_sbindir}/fireqos
	196	%{_mandir}/man1/.1
	197	%{_mandir}/man5/.5
	198	%{systemdunitdir}/firehol.service
	199	%{systemdunitdir}/fireqos.service
	200	%{_localstatedir}/spool/%{name}