#
-# TODO
-# - kernel modules package (or not, 2 packages with mutual R?)
-# - descriptions
-#
# Conditional build:
%bcond_without dist_kernel # without distribution kernel
-%bcond_without kernel
-%bcond_without userspace
-#
-%define rel 3
-Summary: Extensible packet filtering system && extensible NAT system
-Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
-Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
-Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
-Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
-Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
+%bcond_without kernel # don't build kernel modules
+%bcond_without userspace # # don't build userspace tools
+
+%if %{without kernel}
+%undefine with_dist_kernel
+%endif
+%if "%{_alt_kernel}" != "%{nil}"
+%undefine with_userspace
+%endif
+%if %{without userspace}
+# nothing to be placed to debuginfo package
+%define _enable_debug_packages 0
+%endif
+
+%define rel 6
+Summary: Additional extensions for xtables packet filtering system
+Summary(pl.UTF-8): Dodatkowe rozszerzenia do systemu filtrowania pakietów xtables
Name: xtables-addons
-Version: 1.6
-Release: %{rel}@%{_kernel_ver_str}
-License: GPL
-Group: Networking/Daemons
-Source0: http://dev.medozas.de/files/xtables/%{name}-%{version}.tar.bz2
-# Source0-md5: 44ba8faec006efa53cc2cbb5d15ba928
-URL: http://jengelh.medozas.de/projects/xtables/
-Patch0: %{name}-libs.patch
-Patch1: %{name}-geoip-dbpath.patch
-Patch2: %{name}-help.patch
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: iptables-devel >= 1.4.1
+Version: 1.33
+Release: %{rel}
+License: GPL v2
+Group: Networking/Admin
+Source0: http://downloads.sourceforge.net/xtables-addons/%{name}-%{version}.tar.xz
+# Source0-md5: db80618d505bf7a5b9d576d83e3f0f80
+Patch0: kernelrelease.patch
+URL: http://xtables-addons.sourceforge.net/
+BuildRequires: autoconf >= 2.50
+BuildRequires: automake >= 1:1.10.2
+BuildRequires: iptables-devel >= 1.4.3
%{?with_dist_kernel:BuildRequires: kernel%{_alt_kernel}-module-build >= 3:2.6.25}
BuildRequires: libtool
+BuildRequires: pkgconfig >= 0.9.0
BuildRequires: rpmbuild(macros) >= 1.379
-%{?with_dist_kernel:%requires_releq_kernel}
-Requires(post,postun): /sbin/depmod
-Requires: iptables >= 1.4.1
+BuildRequires: tar >= 1.22
+BuildRequires: xz
+Requires: iptables >= 1.4.3
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+# use macro, so adapter won't try to wrap
+%define kpackage kernel%{_alt_kernel}-net-xtables-addons = %{version}-%{rel}@%{_kernel_ver_str}
+
%description
-An extensible NAT system, and an extensible packet filtering system.
-Replacement of ipchains in 2.6 and higher kernels.
+xtables-addons is the proclaimed successor to patch-o-matic(-ng). It
+contains extensions that were not accepted in the main
+xtables/iptables package.
+
+For the tools to work, you should install kernel modules, which could
+be found in %{kpackage}.
%description -l pl.UTF-8
-Wydajny system translacji adresów (NAT) oraz system filtrowania
-pakietów. Zamiennik ipchains w jądrach 2.6 i nowszych.
+xtables-addons to następca patch-o-matic(-ng). Zawiera rozszerzenia,
+które nie zostały zaakceptowane do głównego pakietu xtables/iptables.
+
+Aby narzędzia działały należy zainstalować moduły jądra, które można
+znaleźć w pakiecie %{kpackage}.
-%description -l pt_BR.UTF-8
-Esta é a ferramenta que controla o código de filtragem de pacotes do
-kernel 2.6, obsoletando ipchains. Com esta ferramenta você pode
-configurar filtros de pacotes, NAT, mascaramento (masquerading),
-regras dinâmicas (stateful inspection), etc.
+%package -n kernel%{_alt_kernel}-net-xtables-addons
+Summary: Kernel modules for xtables addons
+Summary(pl.UTF-8): Moudły jądra dla rozszerzeń z pakietu xtables-addons
+Release: %{rel}@%{_kernel_ver_str}
+Group: Base/Kernel
+# VERSION only dependency is intentional, for allowing multiple kernel pkgs and
+# single userspace package installs.
+Requires: %{name} = %{version}
+Suggests: xtables-geoip
+Conflicts: xtables-geoip < 20090901-2
+%{?with_dist_kernel:%requires_releq_kernel}
+Requires(post,postun): /sbin/depmod
-%description -l ru.UTF-8
-xtables-addons управляют кодом фильтрации сетевых пакетов в ядре
-Linux. Они позволяют вам устанавливать межсетевые экраны (firewalls) и
-IP маскарадинг, и т.п.
+%description -n kernel%{_alt_kernel}-net-xtables-addons
+Kernel modules for xtables addons.
-%description -l uk.UTF-8
-xtables-addons управляють кодом фільтрації пакетів мережі в ядрі
-Linux. Вони дозволяють вам встановлювати міжмережеві екрани
-(firewalls) та IP маскарадинг, тощо.
+%description -n kernel%{_alt_kernel}-net-xtables-addons -l pl.UTF-8
+Moduły jądra dla rozszerzeń z pakietu xtables-addons.
%prep
%setup -q
%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+
+%{__sed} -i -e 's#build_ipset4=m#build_ipset4=#' mconfig
%build
%{__libtoolize}
%{__aclocal}
%{__autoconf}
+%{__autoheader}
%{__automake}
%configure \
- --with-kbuild=%{_kernelsrcdir} \
- --with-ksource=%{_kernelsrcdir}
-
-export XA_TOPSRCDIR=$PWD
+ --without-kbuild
%if %{with kernel}
-%build_kernel_modules -C extensions -m compat_xtables
+srcdir=${PWD:-$(pwd)}
+%build_kernel_modules V=1 XA_ABSTOPSRCDIR=$srcdir -C extensions -m compat_xtables
%endif
%if %{with userspace}
-%{__make} -C extensions
+%{__make} \
+ V=1
%endif
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter,%{_mandir}/man8}
%if %{with kernel}
+install -d $RPM_BUILD_ROOT{/etc/modprobe.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter}
cd extensions
+install iptable_rawpost.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter
%install_kernel_modules -m compat_xtables -d kernel/net/netfilter
-install xt_*ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
+install -p {ACCOUNT/,pknock/,}xt_*.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
cd ..
+
+cat <<'EOF' > $RPM_BUILD_ROOT/etc/modprobe.d/xt_sysrq.conf
+# Set password at modprobe time. This file is secure if properly guarded,
+# i.e only readable by root.
+#options xt_SYSRQ password=cookies
+
+# The hash algorithm can also be specified as a module option, for example, to use SHA-256 instead of the default SHA-1:
+#options xt_SYSRQ hash=sha256
+EOF
%endif
%if %{with userspace}
%{__make} -C extensions install \
DESTDIR=$RPM_BUILD_ROOT
-cd extensions
-for m in $(cat .manpages.lst); do
- install libxt_$m.man $RPM_BUILD_ROOT%{_mandir}/man8/libxt_$m.8
-done
-cd ..
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libxt_ACCOUNT_cl.{la,so}
+
+install -d $RPM_BUILD_ROOT%{_mandir}/man8
+cp -a xtables-addons.8 $RPM_BUILD_ROOT%{_mandir}/man8
%endif
%clean
rm -rf $RPM_BUILD_ROOT
-%post
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%post -n kernel%{_alt_kernel}-net-xtables-addons
%depmod %{_kernel_ver}
-%postun
+%postun -n kernel%{_alt_kernel}-net-xtables-addons
%depmod %{_kernel_ver}
+%if %{with userspace}
%files
%defattr(644,root,root,755)
-%if %{with userspace}
-%attr(755,root,root) %{_libdir}/xtables/libxt_CHAOS.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_DELUDE.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_DHCPADDR.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_IPMARK.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_LOGMARK.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_SYSRQ.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TARPIT.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_condition.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_dhcpaddr.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_fuzzy.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_geoip.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_ipp2p.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_portscan.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_quota2.so
-%{_mandir}/man8/libxt_CHAOS.*
-%{_mandir}/man8/libxt_DELUDE.*
-%{_mandir}/man8/libxt_DHCPADDR.*
-%{_mandir}/man8/libxt_IPMARK.*
-%{_mandir}/man8/libxt_LOGMARK.*
-%{_mandir}/man8/libxt_SYSRQ.*
-%{_mandir}/man8/libxt_TARPIT.*
-%{_mandir}/man8/libxt_condition.*
-%{_mandir}/man8/libxt_dhcpaddr.*
-%{_mandir}/man8/libxt_fuzzy.*
-%{_mandir}/man8/libxt_geoip.*
-%{_mandir}/man8/libxt_ipp2p.*
-%{_mandir}/man8/libxt_portscan.*
-%{_mandir}/man8/libxt_quota2.*
+%doc README doc/{README.psd,changelog.txt}
+%attr(755,root,root) %{_sbindir}/iptaccount
+%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libxt_ACCOUNT_cl.so.0
+%attr(755,root,root) %{_libdir}/xtables/libxt_*.so
+%{_mandir}/man8/xtables-addons.8*
%endif
+
%if %{with kernel}
+%files -n kernel%{_alt_kernel}-net-xtables-addons
+%defattr(644,root,root,755)
+# restricted permissions - may contain password
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/modprobe.d/xt_sysrq.conf
+/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter/iptable_rawpost.ko.gz
/lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_CHAOS.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_DELUDE.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_DHCPADDR.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_IPMARK.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_LOGMARK.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_SYSRQ.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_TARPIT.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_TEE.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_condition.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_fuzzy.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_geoip.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_ipp2p.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_portscan.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_quota2.ko.gz
+/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_*.ko.gz
%endif
projects / packages / xtables-addons.git / blobdiff