#
-# TODO
-# - descriptions
+# UPDATE WARNING: xtables-addons 2.0 support only kernels 3.7+
+#
#
# Conditional build:
%bcond_without dist_kernel # without distribution kernel
%bcond_without kernel # don't build kernel modules
-%bcond_without userspace # # don't build userspace tools
+%bcond_without userspace # don't build userspace tools
%bcond_with verbose # verbose build (V=1)
%if %{without kernel}
%undefine with_dist_kernel
%endif
+
+# The goal here is to have main, userspace, package built once with
+# simple release number, and only rebuild kernel packages with kernel
+# version as part of release number, without the need to bump release
+# with every kernel change.
+%if 0%{?_pld_builder:1} && %{with kernel} && %{with userspace}
+%{error:kernel and userspace cannot be built at the same time on PLD builders}
+exit 1
+%endif
+
%if "%{_alt_kernel}" != "%{nil}"
+%if 0%{?build_kernels:1}
+%{error:alt_kernel and build_kernels are mutually exclusive}
+exit 1
+%endif
%undefine with_userspace
+%global _build_kernels %{alt_kernel}
+%else
+%global _build_kernels %{?build_kernels:,%{?build_kernels}}
%endif
+
%if %{without userspace}
# nothing to be placed to debuginfo package
%define _enable_debug_packages 0
%endif
-%define rel 1
-Summary: Extensible packet filtering system && extensible NAT system
-Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
-Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
-Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
-Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
-Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
-Name: xtables-addons
-Version: 1.18
-Release: %{rel}
-License: GPL
+%define kbrs %(echo %{_build_kernels} | tr , '\\n' | while read n ; do echo %%undefine alt_kernel ; [ -z "$n" ] || echo %%define alt_kernel $n ; echo "BuildRequires:kernel%%{_alt_kernel}-module-build >= 3:3.7.0" ; done)
+%define kpkg %(echo %{_build_kernels} | tr , '\\n' | while read n ; do echo %%undefine alt_kernel ; [ -z "$n" ] || echo %%define alt_kernel $n ; echo %%kernel_pkg ; done)
+%define bkpkg %(echo %{_build_kernels} | tr , '\\n' | while read n ; do echo %%undefine alt_kernel ; [ -z "$n" ] || echo %%define alt_kernel $n ; echo %%build_kernel_pkg ; done)
+
+%define rel 2
+%define pname xtables-addons
+Summary: Additional extensions for xtables packet filtering system
+Summary(pl.UTF-8): Dodatkowe rozszerzenia do systemu filtrowania pakietów xtables
+Name: %{pname}%{?_pld_builder:%{?with_kernel:-kernel}}%{_alt_kernel}
+Version: 2.4
+Release: %{rel}%{?_pld_builder:%{?with_kernel:@%{_kernel_ver_str}}}
+License: GPL v2
Group: Networking/Admin
-Source0: http://dl.sourceforge.net/xtables-addons/%{name}-%{version}.tar.bz2
-# Source0-md5: 5a8d2edbf5a3470bba58d6a60c350805
+Source0: http://downloads.sourceforge.net/xtables-addons/%{pname}-%{version}.tar.xz
+# Source0-md5: b2dfe9a37f328d3a3f6fe402e0596a2c
URL: http://xtables-addons.sourceforge.net/
-Patch0: %{name}-libs.patch
-Patch1: %{name}-geoip-dbpath.patch
-Patch2: kernelrelease.patch
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: iptables-devel >= 1.4.3
-%{?with_dist_kernel:BuildRequires: kernel%{_alt_kernel}-module-build >= 3:2.6.25}
+BuildRequires: autoconf >= 2.65
+BuildRequires: automake >= 1:1.11
+BuildRequires: iptables-devel >= 1.4.5
+%{?with_dist_kernel:%{expand:%kbrs}}
BuildRequires: libtool
-BuildRequires: pkgconfig
-BuildRequires: rpmbuild(macros) >= 1.379
-Requires: iptables >= 1.4.3
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+BuildRequires: pkgconfig >= 0.9.0
+BuildRequires: rpmbuild(macros) >= 1.678
+BuildRequires: tar >= 1.22
+BuildRequires: xz
+Requires: iptables >= 1.4.5
+Obsoletes: iptables-ipp2p
+BuildRoot: %{tmpdir}/%{pname}-%{version}-root-%(id -u -n)
+
+%define _duplicate_files_terminate_build 0
%description
-An extensible NAT system, and an extensible packet filtering system.
-Replacement of ipchains in 2.6 and higher kernels.
+xtables-addons is the proclaimed successor to patch-o-matic(-ng). It
+contains extensions that were not accepted in the main
+xtables/iptables package.
+
+For the tools to work, you should install kernel modules, which could
+be found in kernel*-net-xtables-addons.
%description -l pl.UTF-8
-Wydajny system translacji adresów (NAT) oraz system filtrowania
-pakietów. Zamiennik ipchains w jądrach 2.6 i nowszych.
-
-%description -l pt_BR.UTF-8
-Esta é a ferramenta que controla o código de filtragem de pacotes do
-kernel 2.6, obsoletando ipchains. Com esta ferramenta você pode
-configurar filtros de pacotes, NAT, mascaramento (masquerading),
-regras dinâmicas (stateful inspection), etc.
-
-%description -l ru.UTF-8
-xtables-addons управляют кодом фильтрации сетевых пакетов в ядре
-Linux. Они позволяют вам устанавливать межсетевые экраны (firewalls) и
-IP маскарадинг, и т.п.
-
-%description -l uk.UTF-8
-xtables-addons управляють кодом фільтрації пакетів мережі в ядрі
-Linux. Вони дозволяють вам встановлювати міжмережеві екрани
-(firewalls) та IP маскарадинг, тощо.
-
-%package -n kernel%{_alt_kernel}-net-xtables-addons
-Summary: -
-Summary(pl.UTF-8): -
-Release: %{release}@%{_kernel_ver_str}
-Group: Base/Kernel
-Requires: %{name} = %{version}-%{rel}
-%{?with_dist_kernel:%requires_releq_kernel}
-Requires(post,postun): /sbin/depmod
-
-%description -n kernel%{_alt_kernel}-net-xtables-addons
+xtables-addons to następca patch-o-matic(-ng). Zawiera rozszerzenia,
+które nie zostały zaakceptowane do głównego pakietu xtables/iptables.
+
+Aby narzędzia działały należy zainstalować moduły jądra, które można
+znaleźć w pakiecie kernel*-net-xtables-addons.
+
+%define kernel_pkg()\
+%package -n kernel%{_alt_kernel}-net-xtables-addons\
+Summary: Kernel modules for xtables addons\
+Summary(pl.UTF-8): Moudły jądra dla rozszerzeń z pakietu xtables-addons\
+Release: %{rel}@%{_kernel_ver_str}\
+Group: Base/Kernel\
+# VERSION only dependency is intentional, for allowing multiple kernel pkgs and\
+# single userspace package installs.\
+Requires: %{pname} = %{version}\
+Suggests: xtables-geoip\
+Conflicts: xtables-geoip < 20090901-2\
+Requires(post,postun): /sbin/depmod\
+%if %{with dist_kernel}\
+%requires_releq_kernel\
+Requires(postun): %releq_kernel\
+%endif\
+\
+%description -n kernel%{_alt_kernel}-net-xtables-addons\
+Kernel modules for xtables addons.\
+\
+%description -n kernel%{_alt_kernel}-net-xtables-addons -l pl.UTF-8\
+Moduły jądra dla rozszerzeń z pakietu xtables-addons.\
+\
+%files -n kernel%{_alt_kernel}-net-xtables-addons\
+%defattr(644,root,root,755)\
+# restricted permissions - may contain password\
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/modprobe.d/xt_sysrq.conf\
+/lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko*\
+/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_*.ko*\
+\
+%post -n kernel%{_alt_kernel}-net-xtables-addons\
+%depmod %{_kernel_ver}\
+\
+%postun -n kernel%{_alt_kernel}-net-xtables-addons\
+%depmod %{_kernel_ver}\
+%{nil}
+
+%define build_kernel_pkg()\
+srcdir=${PWD:-$(pwd)}\
+%build_kernel_modules XA_ABSTOPSRCDIR=$srcdir -C extensions -m compat_xtables\
+for drv in extensions/compat_xtables.ko extensions/{ACCOUNT/,pknock/,}xt_*.ko ; do\
+%install_kernel_modules -D installed -m ${drv%.ko} -d kernel/net/netfilter\
+done\
+%{nil}
+
+%{?with_kernel:%{expand:%kpkg}}
%prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-
-%{__sed} -i -e 's#build_ipset=m#build_ipset=n#' mconfig
+%setup -q -n %{pname}-%{version}
%build
-%{__libtoolize}
-%{__aclocal}
-%{__autoconf}
-%{__automake}
%configure \
- --with-kbuild=%{_kernelsrcdir} \
- --with-ksource=%{_kernelsrcdir}
+ --without-kbuild
-export XA_TOPSRCDIR=$PWD
-
-%if %{with kernel}
-%build_kernel_modules -C extensions -m compat_xtables
-%endif
+%{?with_kernel:%{expand:%bkpkg}}
%if %{with userspace}
-%{__make} -C extensions
+%{__make} \
+ V=1
%endif
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter,%{_mandir}/man8}
%if %{with kernel}
-cd extensions
-%install_kernel_modules -m compat_xtables -d kernel/net/netfilter
-install xt_*ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
-cd ..
+install -d $RPM_BUILD_ROOT/etc/modprobe.d
+
+cp -a installed/* $RPM_BUILD_ROOT
+
+cat <<'EOF' > $RPM_BUILD_ROOT/etc/modprobe.d/xt_sysrq.conf
+# Set password at modprobe time. This file is secure if properly guarded,
+# i.e only readable by root.
+#options xt_SYSRQ password=cookies
+
+# The hash algorithm can also be specified as a module option, for example,
+# to use SHA-256 instead of the default SHA-1:
+#options xt_SYSRQ hash=sha256
+EOF
%endif
%if %{with userspace}
%{__make} -C extensions install \
DESTDIR=$RPM_BUILD_ROOT
+%{__make} install-man \
+ DESTDIR=$RPM_BUILD_ROOT
-cd extensions
-for m in $(cat .manpages.lst); do
- install libxt_$m.man $RPM_BUILD_ROOT%{_mandir}/man8/libxt_$m.8
-done
-cd ..
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libxt_ACCOUNT_cl.{la,so}
%endif
%clean
rm -rf $RPM_BUILD_ROOT
-%post -n kernel%{_alt_kernel}-net-xtables-addons
-%depmod %{_kernel_ver}
-
-%postun -n kernel%{_alt_kernel}-net-xtables-addons
-%depmod %{_kernel_ver}
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
%if %{with userspace}
%files
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/xtables/libxt_CHAOS.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_DELUDE.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_DHCPMAC.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_IPMARK.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_LOGMARK.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_RAWDNAT.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_RAWSNAT.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_STEAL.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_SYSRQ.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TARPIT.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_condition.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_dhcpmac.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_fuzzy.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_geoip.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_iface.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_ipp2p.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_ipv4options.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_lscan.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_quota2.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_length2.so
-%{_mandir}/man8/libxt_CHAOS.*
-%{_mandir}/man8/libxt_DELUDE.*
-%{_mandir}/man8/libxt_DHCPMAC.*
-%{_mandir}/man8/libxt_ECHO.8
-%{_mandir}/man8/libxt_IPMARK.*
-%{_mandir}/man8/libxt_LOGMARK.*
-%{_mandir}/man8/libxt_RAWDNAT.*
-%{_mandir}/man8/libxt_RAWSNAT.*
-%{_mandir}/man8/libxt_STEAL.*
-%{_mandir}/man8/libxt_SYSRQ.*
-%{_mandir}/man8/libxt_TARPIT.*
-%{_mandir}/man8/libxt_TEE.8*
-%{_mandir}/man8/libxt_condition.*
-%{_mandir}/man8/libxt_dhcpmac.*
-%{_mandir}/man8/libxt_fuzzy.*
-%{_mandir}/man8/libxt_geoip.*
-%{_mandir}/man8/libxt_iface.*
-%{_mandir}/man8/libxt_ipp2p.*
-%{_mandir}/man8/libxt_ipv4options.*
-%{_mandir}/man8/libxt_lscan.*
-%{_mandir}/man8/libxt_quota2.*
-%{_mandir}/man8/libxt_length.8*
-%endif
-
-%if %{with kernel}
-%files -n kernel%{_alt_kernel}-net-xtables-addons
-%defattr(644,root,root,755)
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_CHAOS.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_DELUDE.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_DHCPMAC.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_IPMARK.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_LOGMARK.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_RAWNAT.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_iface.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_STEAL.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_SYSRQ.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_TARPIT.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_TEE.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_condition.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_fuzzy.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_geoip.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_ipp2p.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_ipv4options.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_lscan.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_quota2.ko.gz
-/lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_length2.ko.gz
+%doc README doc/{README.psd,changelog.txt}
+%attr(755,root,root) %{_sbindir}/iptaccount
+%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libxt_ACCOUNT_cl.so.0
+%attr(755,root,root) %{_libdir}/xtables/libxt_*.so
+%{_mandir}/man8/iptaccount.8*
+%{_mandir}/man8/xtables-addons.8*
%endif