[packages/xtables-addons.git] / xtables-addons.spec

# TODO
# - descriptions
#
# Conditional build:
%bcond_without	dist_kernel	# without distribution kernel
%bcond_without	kernel		# don't build kernel modules
%bcond_without	userspace	# # don't build userspace tools
%bcond_with	verbose		# verbose build (V=1)

%if %{without kernel}
%undefine	with_dist_kernel
%endif
%if "%{_alt_kernel}" != "%{nil}"
%undefine	with_userspace
%endif
%if %{without userspace}
# nothing to be placed to debuginfo package
%define		_enable_debug_packages	0
%endif

%define		rel	8
Summary:	Extensible packet filtering system && extensible NAT system
Summary(pl.UTF-8):	System filtrowania pakietów oraz system translacji adresów (NAT)
Summary(pt_BR.UTF-8):	Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
Summary(ru.UTF-8):	Утилиты для управления пакетными фильтрами ядра Linux
Summary(uk.UTF-8):	Утиліти для керування пакетними фільтрами ядра Linux
Summary(zh_CN.UTF-8):	Linux内核包过滤管理工具
Name:		xtables-addons
Version:	1.31
Release:	%{rel}
License:	GPL
Group:		Networking/Admin
Source0:	http://downloads.sourceforge.net/xtables-addons/%{name}-%{version}.tar.xz
# Source0-md5:	97ac895a67df67c28def98763023d51b
Patch0:		kernelrelease.patch
URL:		http://xtables-addons.sourceforge.net/
BuildRequires:	autoconf >= 2.50
BuildRequires:	automake >= 1:1.10.2
BuildRequires:	iptables-devel >= 1.4.3
%{?with_dist_kernel:BuildRequires:	kernel%{_alt_kernel}-module-build >= 3:2.6.25}
BuildRequires:	libtool
BuildRequires:	pkgconfig >= 0.9.0
BuildRequires:	rpmbuild(macros) >= 1.379
BuildRequires:	tar >= 1.22
BuildRequires:	xz
Requires:	iptables >= 1.4.3
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

# use macro, so adapter won't try to wrap
%define		kpackage	kernel%{_alt_kernel}-net-xtables-addons = %{version}-%{rel}@%{_kernel_ver_str}

%description
An extensible NAT system, and an extensible packet filtering system.
Replacement of ipchains in 2.6 and higher kernels.

You should have %{kpackage} installed for the tools to work.

%description -l pl.UTF-8
Wydajny system translacji adresów (NAT) oraz system filtrowania
pakietów. Zamiennik ipchains w jądrach 2.6 i nowszych.

%description -l pt_BR.UTF-8
Esta é a ferramenta que controla o código de filtragem de pacotes do
kernel 2.6, obsoletando ipchains. Com esta ferramenta você pode
configurar filtros de pacotes, NAT, mascaramento (masquerading),
regras dinâmicas (stateful inspection), etc.

%description -l ru.UTF-8
xtables-addons управляют кодом фильтрации сетевых пакетов в ядре
Linux. Они позволяют вам устанавливать межсетевые экраны (firewalls) и
IP маскарадинг, и т.п.

%description -l uk.UTF-8
xtables-addons управляють кодом фільтрації пакетів мережі в ядрі
Linux. Вони дозволяють вам встановлювати міжмережеві екрани
(firewalls) та IP маскарадинг, тощо.

%package -n kernel%{_alt_kernel}-net-xtables-addons
Summary:	Kernel modules for xtables addons
Summary(pl.UTF-8):	Moudły jądra dla xtables addons
Release:	%{rel}@%{_kernel_ver_str}
Group:		Base/Kernel
# VERSION only dependency is intentional, for allowing multiple kernel pkgs and
# single userspace package installs.
Requires:	%{name} = %{version}
Suggests:	xtables-geoip
Conflicts:	xtables-geoip < 20090901-2
%{?with_dist_kernel:%requires_releq_kernel}
Requires(post,postun):	/sbin/depmod

%description -n kernel%{_alt_kernel}-net-xtables-addons
Kernel modules for xtables addons.

%description -n kernel%{_alt_kernel}-net-xtables-addons -l pl.UTF-8
Moduły jądra dla xtables addons.

%prep
%setup -q
%patch0 -p1

%{__sed} -i -e 's#build_ipset=m#build_ipset=n#' mconfig

%build
%{__libtoolize}
%{__aclocal}
%{__autoconf}
%{__autoheader}
%{__automake}
%configure \
	--with-kbuild=no

%if %{with kernel}
srcdir=${PWD:-$(pwd)}
%build_kernel_modules V=1 XA_ABSTOPSRCDIR=$srcdir -C extensions -m compat_xtables
%endif

%if %{with userspace}
%{__make} \
	V=1
%endif

%install
rm -rf $RPM_BUILD_ROOT

%if %{with kernel}
install -d $RPM_BUILD_ROOT{/etc/modprobe.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter}
cd extensions
install iptable_rawpost.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter
%install_kernel_modules -m compat_xtables -d kernel/net/netfilter
install -p {ACCOUNT/,pknock/,}xt_*.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
cd ..

cat <<'EOF' > $RPM_BUILD_ROOT/etc/modprobe.d/xt_sysrq.conf
# Set password at modprobe time. if this file is secure if properly guarded,
# i.e only readable by root.
#options xt_SYSRQ password=cookies

# The hash algorithm can also be specified as a module option, for example, to use SHA-256 instead of the default SHA-1:
#options xt_SYSRQ hash=sha256
EOF
%endif

%if %{with userspace}
%{__make} -C extensions install \
	DESTDIR=$RPM_BUILD_ROOT

%{__rm} $RPM_BUILD_ROOT%{_libdir}/libxt_ACCOUNT_cl.{la,so}

install -d $RPM_BUILD_ROOT%{_mandir}/man8
cp -a xtables-addons.8 $RPM_BUILD_ROOT%{_mandir}/man8
%endif

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%post -n kernel%{_alt_kernel}-net-xtables-addons
%depmod %{_kernel_ver}

%postun -n kernel%{_alt_kernel}-net-xtables-addons
%depmod %{_kernel_ver}

%if %{with userspace}
%files
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/iptaccount
%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libxt_ACCOUNT_cl.so.0
%attr(755,root,root) %{_libdir}/xtables/libxt_*.so
%{_mandir}/man8/xtables-addons.8*
%endif

%if %{with kernel}
%files -n kernel%{_alt_kernel}-net-xtables-addons
%defattr(644,root,root,755)
# restricted permissions - may contain password
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/modprobe.d/xt_sysrq.conf
/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter/iptable_rawpost.ko.gz
/lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko.gz
/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_*.ko.gz
%endif
Commit	Line	Data
	1	# TODO
	2	# - descriptions
	3	#
	4	# Conditional build:
	5	%bcond_without dist_kernel # without distribution kernel
	6	%bcond_without kernel # don't build kernel modules
	7	%bcond_without userspace # # don't build userspace tools
	8	%bcond_with verbose # verbose build (V=1)
	9
	10	%if %{without kernel}
	11	%undefine with_dist_kernel
	12	%endif
	13	%if "%{_alt_kernel}" != "%{nil}"
	14	%undefine with_userspace
	15	%endif
	16	%if %{without userspace}
	17	# nothing to be placed to debuginfo package
	18	%define _enable_debug_packages 0
	19	%endif
	20
	21	%define rel 8
	22	Summary: Extensible packet filtering system && extensible NAT system
	23	Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
	24	Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
	25	Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
	26	Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
	27	Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
	28	Name: xtables-addons
	29	Version: 1.31
	30	Release: %{rel}
	31	License: GPL
	32	Group: Networking/Admin
	33	Source0: http://downloads.sourceforge.net/xtables-addons/%{name}-%{version}.tar.xz
	34	# Source0-md5: 97ac895a67df67c28def98763023d51b
	35	Patch0: kernelrelease.patch
	36	URL: http://xtables-addons.sourceforge.net/
	37	BuildRequires: autoconf >= 2.50
	38	BuildRequires: automake >= 1:1.10.2
	39	BuildRequires: iptables-devel >= 1.4.3
	40	%{?with_dist_kernel:BuildRequires: kernel%{_alt_kernel}-module-build >= 3:2.6.25}
	41	BuildRequires: libtool
	42	BuildRequires: pkgconfig >= 0.9.0
	43	BuildRequires: rpmbuild(macros) >= 1.379
	44	BuildRequires: tar >= 1.22
	45	BuildRequires: xz
	46	Requires: iptables >= 1.4.3
	47	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	48
	49	# use macro, so adapter won't try to wrap
	50	%define kpackage kernel%{_alt_kernel}-net-xtables-addons = %{version}-%{rel}@%{_kernel_ver_str}
	51
	52	%description
	53	An extensible NAT system, and an extensible packet filtering system.
	54	Replacement of ipchains in 2.6 and higher kernels.
	55
	56	You should have %{kpackage} installed for the tools to work.
	57
	58	%description -l pl.UTF-8
	59	Wydajny system translacji adresów (NAT) oraz system filtrowania
	60	pakietów. Zamiennik ipchains w jądrach 2.6 i nowszych.
	61
	62	%description -l pt_BR.UTF-8
	63	Esta é a ferramenta que controla o código de filtragem de pacotes do
	64	kernel 2.6, obsoletando ipchains. Com esta ferramenta você pode
	65	configurar filtros de pacotes, NAT, mascaramento (masquerading),
	66	regras dinâmicas (stateful inspection), etc.
	67
	68	%description -l ru.UTF-8
	69	xtables-addons управляют кодом фильтрации сетевых пакетов в ядре
	70	Linux. Они позволяют вам устанавливать межсетевые экраны (firewalls) и
	71	IP маскарадинг, и т.п.
	72
	73	%description -l uk.UTF-8
	74	xtables-addons управляють кодом фільтрації пакетів мережі в ядрі
	75	Linux. Вони дозволяють вам встановлювати міжмережеві екрани
	76	(firewalls) та IP маскарадинг, тощо.
	77
	78	%package -n kernel%{_alt_kernel}-net-xtables-addons
	79	Summary: Kernel modules for xtables addons
	80	Summary(pl.UTF-8): Moudły jądra dla xtables addons
	81	Release: %{rel}@%{_kernel_ver_str}
	82	Group: Base/Kernel
	83	# VERSION only dependency is intentional, for allowing multiple kernel pkgs and
	84	# single userspace package installs.
	85	Requires: %{name} = %{version}
	86	Suggests: xtables-geoip
	87	Conflicts: xtables-geoip < 20090901-2
	88	%{?with_dist_kernel:%requires_releq_kernel}
	89	Requires(post,postun): /sbin/depmod
	90
	91	%description -n kernel%{_alt_kernel}-net-xtables-addons
	92	Kernel modules for xtables addons.
	93
	94	%description -n kernel%{_alt_kernel}-net-xtables-addons -l pl.UTF-8
	95	Moduły jądra dla xtables addons.
	96
	97	%prep
	98	%setup -q
	99	%patch0 -p1
	100
	101	%{__sed} -i -e 's#build_ipset=m#build_ipset=n#' mconfig
	102
	103	%build
	104	%{__libtoolize}
	105	%{__aclocal}
	106	%{__autoconf}
	107	%{__autoheader}
	108	%{__automake}
	109	%configure \
	110	--with-kbuild=no
	111
	112	%if %{with kernel}
	113	srcdir=${PWD:-$(pwd)}
	114	%build_kernel_modules V=1 XA_ABSTOPSRCDIR=$srcdir -C extensions -m compat_xtables
	115	%endif
	116
	117	%if %{with userspace}
	118	%{__make} \
	119	V=1
	120	%endif
	121
	122	%install
	123	rm -rf $RPM_BUILD_ROOT
	124
	125	%if %{with kernel}
	126	install -d $RPM_BUILD_ROOT{/etc/modprobe.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter}
	127	cd extensions
	128	install iptable_rawpost.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter
	129	%install_kernel_modules -m compat_xtables -d kernel/net/netfilter
	130	install -p {ACCOUNT/,pknock/,}xt_*.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
	131	cd ..
	132
	133	cat <<'EOF' > $RPM_BUILD_ROOT/etc/modprobe.d/xt_sysrq.conf
	134	# Set password at modprobe time. if this file is secure if properly guarded,
	135	# i.e only readable by root.
	136	#options xt_SYSRQ password=cookies
	137
	138	# The hash algorithm can also be specified as a module option, for example, to use SHA-256 instead of the default SHA-1:
	139	#options xt_SYSRQ hash=sha256
	140	EOF
	141	%endif
	142
	143	%if %{with userspace}
	144	%{__make} -C extensions install \
	145	DESTDIR=$RPM_BUILD_ROOT
	146
	147	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libxt_ACCOUNT_cl.{la,so}
	148
	149	install -d $RPM_BUILD_ROOT%{_mandir}/man8
	150	cp -a xtables-addons.8 $RPM_BUILD_ROOT%{_mandir}/man8
	151	%endif
	152
	153	%clean
	154	rm -rf $RPM_BUILD_ROOT
	155
	156	%post -p /sbin/ldconfig
	157	%postun -p /sbin/ldconfig
	158
	159	%post -n kernel%{_alt_kernel}-net-xtables-addons
	160	%depmod %{_kernel_ver}
	161
	162	%postun -n kernel%{_alt_kernel}-net-xtables-addons
	163	%depmod %{_kernel_ver}
	164
	165	%if %{with userspace}
	166	%files
	167	%defattr(644,root,root,755)
	168	%attr(755,root,root) %{_sbindir}/iptaccount
	169	%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so...*
	170	%attr(755,root,root) %ghost %{_libdir}/libxt_ACCOUNT_cl.so.0
	171	%attr(755,root,root) %{_libdir}/xtables/libxt_*.so
	172	%{_mandir}/man8/xtables-addons.8*
	173	%endif
	174
	175	%if %{with kernel}
	176	%files -n kernel%{_alt_kernel}-net-xtables-addons
	177	%defattr(644,root,root,755)
	178	# restricted permissions - may contain password
	179	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/modprobe.d/xt_sysrq.conf
	180	/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter/iptable_rawpost.ko.gz
	181	/lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko.gz
	182	/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_*.ko.gz
	183	%endif