X-Git-Url: http://git.pld-linux.org/?p=packages%2Fxtables-addons.git;a=blobdiff_plain;f=xtables-addons.spec;h=2a7c22f76143446c817e6e2f23b36908712d07b3;hp=ce2e954292a02806c4baf67d62e36fef8c5a9b8b;hb=69300cb50ccab2391def6586ca0f51cf9edffb88;hpb=8f4622528a1970dc9ecde82951ef32d0fbe524f5

diff --git a/xtables-addons.spec b/xtables-addons.spec
index ce2e954..2a7c22f 100644
--- a/xtables-addons.spec
+++ b/xtables-addons.spec
@@ -1,20 +1,9 @@
-# TODO
-# - descriptions
-# - package reference implementation iptaccount(8) and userspace lib
-#   /usr/lib64/libxt_ACCOUNT_cl.la
-#   /usr/lib64/libxt_ACCOUNT_cl.so
-#   /usr/lib64/libxt_ACCOUNT_cl.so.0
-#   /usr/lib64/libxt_ACCOUNT_cl.so.0.0.0
-#   /usr/sbin/iptaccount
-#   and if packaged can remove debuginfo package omit
-# - subpackage for geoip due extra deps? (it goes silly as then need THREE
-#   packages installed for functionality (userspace,kernel,data packages...)
 #
 # Conditional build:
 %bcond_without	dist_kernel	# without distribution kernel
 %bcond_without	kernel		# don't build kernel modules
-%bcond_without	userspace	# # don't build userspace tools
-%bcond_with	verbose		# verbose build (V=1)
+%bcond_without	userspace	# don't build userspace tools
+%bcond_with	ipset		# include IPSET (6.x)
 
 %if %{without kernel}
 %undefine	with_dist_kernel
@@ -27,70 +16,62 @@
 %define		_enable_debug_packages	0
 %endif
 
-%define		rel	1
-Summary:	Extensible packet filtering system && extensible NAT system
-Summary(pl.UTF-8):	System filtrowania pakietÃ³w oraz system translacji adresÃ³w (NAT)
-Summary(pt_BR.UTF-8):	Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
-Summary(ru.UTF-8):	Ð£ÑÐ¸Ð»Ð¸ÑÑ Ð´Ð»Ñ ÑÐ¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð°ÐºÐµÑÐ½ÑÐ¼Ð¸ ÑÐ¸Ð»ÑÑÑÐ°Ð¼Ð¸ ÑÐ´ÑÐ° Linux
-Summary(uk.UTF-8):	Ð£ÑÐ¸Ð»ÑÑÐ¸ Ð´Ð»Ñ ÐºÐµÑÑÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑÐ½Ð¸Ð¼Ð¸ ÑÑÐ»ÑÑÑÐ°Ð¼Ð¸ ÑÐ´ÑÐ° Linux
-Summary(zh_CN.UTF-8):	Linuxåæ ¸åè¿æ»¤ç®¡çå·¥å·
+%define		rel	5
+Summary:	Additional extensions for xtables packet filtering system
+Summary(pl.UTF-8):	Dodatkowe rozszerzenia do systemu filtrowania pakietÃ³w xtables
 Name:		xtables-addons
-Version:	1.27
+Version:	1.41
 Release:	%{rel}
-License:	GPL
+License:	GPL v2
 Group:		Networking/Admin
 Source0:	http://downloads.sourceforge.net/xtables-addons/%{name}-%{version}.tar.xz
-# Source0-md5:	f4f65ce5361d7f8c0908ca3db37fa8ee
+# Source0-md5:	a8de5e5e5823aefcbab210159f122564
 URL:		http://xtables-addons.sourceforge.net/
-Patch0:		kernelrelease.patch
-BuildRequires:	autoconf
-BuildRequires:	automake
-BuildRequires:	iptables-devel >= 1.4.3
-%{?with_dist_kernel:BuildRequires:	kernel%{_alt_kernel}-module-build >= 3:2.6.25}
+BuildRequires:	autoconf >= 2.65
+BuildRequires:	automake >= 1:1.11
+BuildRequires:	iptables-devel >= 1.4.5
+%{?with_dist_kernel:BuildRequires:	kernel%{_alt_kernel}-module-build >= 3:2.6.29}
 BuildRequires:	libtool
-BuildRequires:	pkgconfig
+BuildRequires:	pkgconfig >= 0.9.0
 BuildRequires:	rpmbuild(macros) >= 1.379
-Requires:	iptables >= 1.4.3
+BuildRequires:	tar >= 1.22
+BuildRequires:	xz
+Requires:	iptables >= 1.4.5
+%if %{with ipset}
+Provides:	ipset = 6.7
+Obsoletes:	ipset
+%endif
+Obsoletes:	iptables-ipp2p
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 # use macro, so adapter won't try to wrap
-%define		kpackage	kernel%{_alt_kernel}-net-xtables-addons = %{rel}@%{_kernel_ver_str}
+%define		kpackage	kernel%{_alt_kernel}-net-xtables-addons = %{version}-%{rel}@%{_kernel_ver_str}
 
 %description
-An extensible NAT system, and an extensible packet filtering system.
-Replacement of ipchains in 2.6 and higher kernels.
+xtables-addons is the proclaimed successor to patch-o-matic(-ng). It
+contains extensions that were not accepted in the main
+xtables/iptables package.
 
-You need %{kpackage} installed for the tools to work.
+For the tools to work, you should install kernel modules, which could
+be found in %{kpackage}.
 
 %description -l pl.UTF-8
-Wydajny system translacji adresÃ³w (NAT) oraz system filtrowania
-pakietÃ³w. Zamiennik ipchains w jÄdrach 2.6 i nowszych.
-
-%description -l pt_BR.UTF-8
-Esta Ã© a ferramenta que controla o cÃ³digo de filtragem de pacotes do
-kernel 2.6, obsoletando ipchains. Com esta ferramenta vocÃª pode
-configurar filtros de pacotes, NAT, mascaramento (masquerading),
-regras dinÃ¢micas (stateful inspection), etc.
-
-%description -l ru.UTF-8
-xtables-addons ÑÐ¿ÑÐ°Ð²Ð»ÑÑÑ ÐºÐ¾Ð´Ð¾Ð¼ ÑÐ¸Ð»ÑÑÑÐ°ÑÐ¸Ð¸ ÑÐµÑÐµÐ²ÑÑ Ð¿Ð°ÐºÐµÑÐ¾Ð² Ð² ÑÐ´ÑÐµ
-Linux. ÐÐ½Ð¸ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÑÑ Ð²Ð°Ð¼ ÑÑÑÐ°Ð½Ð°Ð²Ð»Ð¸Ð²Ð°ÑÑ Ð¼ÐµÐ¶ÑÐµÑÐµÐ²ÑÐµ ÑÐºÑÐ°Ð½Ñ (firewalls) Ð¸
-IP Ð¼Ð°ÑÐºÐ°ÑÐ°Ð´Ð¸Ð½Ð³, Ð¸ Ñ.Ð¿.
+xtables-addons to nastÄpca patch-o-matic(-ng). Zawiera rozszerzenia,
+ktÃ³re nie zostaÅy zaakceptowane do gÅÃ³wnego pakietu xtables/iptables.
 
-%description -l uk.UTF-8
-xtables-addons ÑÐ¿ÑÐ°Ð²Ð»ÑÑÑÑ ÐºÐ¾Ð´Ð¾Ð¼ ÑÑÐ»ÑÑÑÐ°ÑÑÑ Ð¿Ð°ÐºÐµÑÑÐ² Ð¼ÐµÑÐµÐ¶Ñ Ð² ÑÐ´ÑÑ
-Linux. ÐÐ¾Ð½Ð¸ Ð´Ð¾Ð·Ð²Ð¾Ð»ÑÑÑÑ Ð²Ð°Ð¼ Ð²ÑÑÐ°Ð½Ð¾Ð²Ð»ÑÐ²Ð°ÑÐ¸ Ð¼ÑÐ¶Ð¼ÐµÑÐµÐ¶ÐµÐ²Ñ ÐµÐºÑÐ°Ð½Ð¸
-(firewalls) ÑÐ° IP Ð¼Ð°ÑÐºÐ°ÑÐ°Ð´Ð¸Ð½Ð³, ÑÐ¾ÑÐ¾.
+Aby narzÄdzia dziaÅaÅy naleÅ¼y zainstalowaÄ moduÅy jÄdra, ktÃ³re moÅ¼na
+znaleÅºÄ w pakiecie %{kpackage}.
 
 %package -n kernel%{_alt_kernel}-net-xtables-addons
 Summary:	Kernel modules for xtables addons
-Summary(pl.UTF-8):	MoudÅy jÄdra dla xtables addons
+Summary(pl.UTF-8):	MoudÅy jÄdra dla rozszerzeÅ z pakietu xtables-addons
 Release:	%{rel}@%{_kernel_ver_str}
 Group:		Base/Kernel
-Conflicts:	xtables-geoip < 20090901-2
 # VERSION only dependency is intentional, for allowing multiple kernel pkgs and
 # single userspace package installs.
 Requires:	%{name} = %{version}
+Suggests:	xtables-geoip
+Conflicts:	xtables-geoip < 20090901-2
 %{?with_dist_kernel:%requires_releq_kernel}
 Requires(post,postun):	/sbin/depmod
 
@@ -98,21 +79,23 @@ Requires(post,postun):	/sbin/depmod
 Kernel modules for xtables addons.
 
 %description -n kernel%{_alt_kernel}-net-xtables-addons -l pl.UTF-8
-ModuÅy jÄdra dla xtables addons.
+ModuÅy jÄdra dla rozszerzeÅ z pakietu xtables-addons.
 
 %prep
 %setup -q
-%patch0 -p1
 
-%{__sed} -i -e 's#build_ipset=m#build_ipset=n#' mconfig
+%if %{without ipset}
+%{__sed} -i -e 's#build_ipset6=m#build_ipset6=#' mconfig
+%endif
 
 %build
 %{__libtoolize}
 %{__aclocal}
 %{__autoconf}
+%{__autoheader}
 %{__automake}
 %configure \
-	--with-kbuild=no
+	--without-kbuild
 
 %if %{with kernel}
 srcdir=${PWD:-$(pwd)}
@@ -120,32 +103,47 @@ srcdir=${PWD:-$(pwd)}
 %endif
 
 %if %{with userspace}
-%{__make}
+%{__make} \
+	V=1
 %endif
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter,%{_mandir}/man8}
 
 %if %{with kernel}
+install -d $RPM_BUILD_ROOT{/etc/modprobe.d,/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter}
 cd extensions
+install iptable_rawpost.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter
 %install_kernel_modules -m compat_xtables -d kernel/net/netfilter
-install -p xt_*ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
+install -p {ACCOUNT/,pknock/,}xt_*.ko $RPM_BUILD_ROOT/lib/modules/%{_kernel_ver}/kernel/net/netfilter
 cd ..
+
+cat <<'EOF' > $RPM_BUILD_ROOT/etc/modprobe.d/xt_sysrq.conf
+# Set password at modprobe time. This file is secure if properly guarded,
+# i.e only readable by root.
+#options xt_SYSRQ password=cookies
+
+# The hash algorithm can also be specified as a module option, for example, to use SHA-256 instead of the default SHA-1:
+#options xt_SYSRQ hash=sha256
+EOF
 %endif
 
 %if %{with userspace}
 %{__make} -C extensions install \
 	DESTDIR=$RPM_BUILD_ROOT
+%{__make} install-man \
+	DESTDIR=$RPM_BUILD_ROOT
 
-install -d $RPM_BUILD_ROOT%{_mandir}/man8
-cp -a xtables-addons.8 $RPM_BUILD_ROOT%{_mandir}/man8
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libxt_ACCOUNT_cl.{la,so}
+%if %{with ipset}
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libipset.{la,so}
+%endif
 %endif
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%post -p /sbin/ldconfig
+%post   -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
 %post -n kernel%{_alt_kernel}-net-xtables-addons
@@ -157,15 +155,27 @@ rm -rf $RPM_BUILD_ROOT
 %if %{with userspace}
 %files
 %defattr(644,root,root,755)
+%doc README doc/{README.psd,changelog.txt}
 %attr(755,root,root) %{_sbindir}/iptaccount
+%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libxt_ACCOUNT_cl.so.0
 %attr(755,root,root) %{_libdir}/xtables/libxt_*.so
-%attr(755,root,root) %{_libdir}/libxt_ACCOUNT_cl.so.*
+%{_mandir}/man8/iptaccount.8*
 %{_mandir}/man8/xtables-addons.8*
+%if %{with ipset}
+%attr(755,root,root) %{_sbindir}/ipset
+%attr(755,root,root) %{_libdir}/libipset.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libipset.so.1
+%{_mandir}/man8/ipset.8*
+%endif
 %endif
 
 %if %{with kernel}
 %files -n kernel%{_alt_kernel}-net-xtables-addons
 %defattr(644,root,root,755)
+# restricted permissions - may contain password
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/modprobe.d/xt_sysrq.conf
+/lib/modules/%{_kernel_ver}/kernel/net/ipv4/netfilter/iptable_rawpost.ko.gz
 /lib/modules/%{_kernel_ver}/kernel/net/netfilter/compat_xtables.ko.gz
 /lib/modules/%{_kernel_ver}/kernel/net/netfilter/xt_*.ko.gz
 %endif