firehol.spec

   1 # TODO
   2 # - pldize initscript
   3 # - unbash initscript
   4 # - recheck deps
   5 # - update configure not to require tools at build time
   6 Summary:        Simple and powerful firewall and traffic shaping languages
   7 Name:           firehol
   8 Version:        3.0.1
   9 Release:        0.1
  10 License:        GPL v2+
  11 Group:          Applications/Networking
  12 Source0:        https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz
  13 # Source0-md5:  afee409b698ad0707340112ff0e811b2
  14 Source1:        %{name}.service
  15 Source2:        fireqos.service
  16 URL:            https://firehol.org/
  17 BuildRequires:  graphviz
  18 BuildRequires:  hostname
  19 BuildRequires:  iprange >= 1.0.2
  20 BuildRequires:  iproute2
  21 BuildRequires:  iptables
  22 BuildRequires:  procps
  23 BuildRequires:  screen
  24 BuildRequires:  systemd-devel
  25 BuildRequires:  tar >= 1:1.22
  26 BuildRequires:  unzip
  27 BuildRequires:  wget
  28 BuildRequires:  whois
  29 BuildRequires:  xz
  30 Requires(post,preun):   /sbin/chkconfig
  31 Requires:       coreutils
  32 Requires:       gawk >= 3.0
  33 Requires:       grep >= 2.4.2
  34 Requires:       gzip
  35 Requires:       hostname
  36 Requires:       iproute2 >= 2.2.4
  37 Requires:       ipset
  38 Requires:       iptables >= 1.2.4
  39 Requires:       kmod
  40 Requires:       less
  41 Requires:       procps
  42 Requires:       rc-scripts
  43 Requires:       sed
  44 Requires:       uname(release) >= 2.4
  45 Requires:       util-linux >= 2.11
  46 BuildArch:      noarch
  47 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  48
  49 %description
  50 FireHOL is a generic firewall generator, meaning that you can design
  51 any kind of local or routing stateful packet filtering firewalls with
  52 ease. Install FireHOL if you want an easy way to configure stateful
  53 packet filtering firewalls on Linux hosts and routers.
  54
  55 FireHOL uses an extremely simple but powerful way to define firewall
  56 rules which it turns into complete stateful iptables firewalls.
  57
  58 You can run FireHOL with the 'helpme' argument, to get a configuration
  59 file for the system run, which you can modify according to your needs.
  60 The default configuration file will allow only client traffic on all
  61 interfaces.
  62
  63 %prep
  64 %setup -q
  65
  66 %build
  67 # grep -E 'AX_NEED_PROG|AX_CHECK_PROG' configure.ac |sort -u|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'|sh
  68 %configure \
  69         BASH_SHELL_PATH=/bin/bash \
  70         BRIDGE=/sbin/bridge \
  71         CAT=/bin/cat \
  72         CHMOD=/bin/chmod \
  73         CHOWN=/bin/chown \
  74         CP=/bin/cp \
  75         CURL=/usr/bin/curl \
  76         CUT=/usr/bin/cut \
  77         DATE=/bin/date \
  78         DIFF=/usr/bin/diff \
  79         DIRNAME=/usr/bin/dirname \
  80         ENV=/usr/bin/env \
  81         EXPR=/usr/bin/expr \
  82         FIND=/usr/bin/find \
  83         FLOCK=/usr/bin/flock \
  84         FOLD=/usr/bin/fold \
  85         FUNZIP=/usr/bin/funzip \
  86         GAWK=/usr/bin/gawk \
  87         GIT=/usr/bin/git \
  88         HEAD=/usr/bin/head \
  89         HOSTNAMECMD=/bin/hostname \
  90         IP6TABLES=/usr/sbin/ip6tables \
  91         IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \
  92         IP6TABLES_SAVE=/usr/sbin/ip6tables-save \
  93         IP=/sbin/ip \
  94         IPRANGE=/usr/bin/iprange \
  95         IPSET=/usr/sbin/ipset \
  96         IPTABLES=/usr/sbin/iptables \
  97         IPTABLES_RESTORE=/usr/sbin/iptables-restore \
  98         IPTABLES_SAVE=/usr/sbin/iptables-save \
  99         LN=/bin/ln \
 100         LOGGER=/usr/bin/logger \
 101         LS=/bin/ls \
 102         LSMOD=/sbin/lsmod \
 103         MKDIR=/bin/mkdir \
 104         MKTEMP=/bin/mktemp \
 105         MODPROBE=/sbin/insmod \
 106         MODPROBE=/sbin/modprobe \
 107         MORE=/bin/more \
 108         MV=/bin/mv \
 109         NEATO=/usr/bin/neato \
 110         PING6=/usr/bin/ping6 \
 111         PING=/usr/bin/ping \
 112         RENICE=/usr/bin/renice \
 113         RM=/bin/rm \
 114         RMMOD=/sbin/rmmod \
 115         SCREEN=/usr/bin/screen \
 116         SEQ=/usr/bin/seq \
 117         SH=/bin/sh \
 118         SLEEP=/bin/sleep \
 119         SORT=/bin/sort \
 120         SS=/sbin/ss \
 121         STTY=/bin/stty \
 122         SYSCTL=/sbin/sysctl \
 123         TAIL=/usr/bin/tail \
 124         TAR=/bin/tar \
 125         TC=/sbin/tc \
 126         TCPDUMP=/usr/sbin/tcpdump \
 127         TOUCH=/bin/touch \
 128         TPUT=/usr/bin/tput \
 129         TR=/usr/bin/tr \
 130         TRACEROUTE=/usr/bin/traceroute \
 131         UNAME=/bin/uname \
 132         UNIQ=/usr/bin/uniq \
 133         UNZIP=/usr/bin/unzip \
 134         WC=/usr/bin/wc \
 135         WGET=/usr/bin/wget \
 136         WHOIS=/usr/bin/whois \
 137         ZCAT=/bin/zcat \
 138         %{nil}
 139
 140 %{__make}
 141
 142 %install
 143 rm -rf $RPM_BUILD_ROOT
 144 %{__make} install \
 145         DESTDIR=$RPM_BUILD_ROOT
 146
 147 # Hack for documentation without crufts.
 148 rm -frv $RPM_BUILD_ROOT%{_docdir}
 149 find examples/ -name "Makefile*" -delete -print
 150
 151 # Install systemd units.
 152 install -d $RPM_BUILD_ROOT%{systemdunitdir}
 153 cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}
 154
 155 # Install runtime directories.
 156 install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services
 157 install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol
 158
 159 # Ghost configurations.
 160 touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \
 161       $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf
 162
 163 %clean
 164 rm -rf $RPM_BUILD_ROOT
 165
 166 %post
 167 /sbin/chkconfig --add firehol
 168 %service firehol restart
 169 %systemd_post firehol.service
 170 %systemd_post fireqos.service
 171
 172 %preun
 173 if [ "$1" = 0 ]; then
 174         %service firehol stop
 175         /sbin/chkconfig --del firehol
 176 fi
 177 %systemd_preun firehol.service
 178 %systemd_preun fireqos.service
 179
 180 %postun
 181 %systemd_reload
 182
 183 %files
 184 %defattr(644,root,root,755)
 185 %doc README THANKS examples
 186 %doc doc/firehol/firehol-manual.{pdf,html}
 187 %doc doc/fireqos/fireqos-manual.{pdf,html}
 188 %dir %{_sysconfdir}/firehol
 189 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf
 190 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf
 191 %{_sysconfdir}/%{name}/*.example
 192 %dir %{_sysconfdir}/%{name}/services
 193 %{_sysconfdir}/%{name}/services/*.example
 194 %attr(755,root,root) %{_sbindir}/firehol
 195 %attr(755,root,root) %{_sbindir}/fireqos
 196 %{_mandir}/man1/*.1*
 197 %{_mandir}/man5/*.5*
 198 %{systemdunitdir}/firehol.service
 199 %{systemdunitdir}/fireqos.service
 200 %{_localstatedir}/spool/%{name}