]>
Commit | Line | Data |
---|---|---|
357bd270 | 1 | # |
3a40fd75 | 2 | # Conditional build: |
694cb9a3 | 3 | %bcond_without pkcs11 # PKCS#11 support |
3a40fd75 | 4 | |
1e54a8c4 | 5 | Summary: VPN Daemon |
f284e4d9 | 6 | Summary(pl.UTF-8): Serwer VPN |
1e54a8c4 | 7 | Name: openvpn |
694cb9a3 | 8 | Version: 2.3.12 |
439c7eee | 9 | Release: 1 |
4b4dae2a | 10 | License: GPL v2 |
1e54a8c4 | 11 | Group: Networking/Daemons |
694cb9a3 JB |
12 | Source0: http://swupdate.openvpn.net/community/releases/%{name}-%{version}.tar.xz |
13 | # Source0-md5: 63326bab2ebb9efe3c7becaa4f15e1c1 | |
1e54a8c4 AM |
14 | Source1: %{name}.init |
15 | Source2: %{name}.sysconfig | |
d073bea7 | 16 | Source3: %{name}.tmpfiles |
f6fd18dc ER |
17 | Source4: %{name}-service-generator |
18 | Source5: %{name}.target | |
19 | Source6: %{name}@.service | |
0a7f47ba | 20 | Source7: %{name}-update-resolv-conf |
d073bea7 | 21 | Patch0: %{name}-pam.patch |
72e50cf3 | 22 | URL: http://www.openvpn.net/ |
4b4dae2a | 23 | BuildRequires: autoconf >= 2.59 |
694cb9a3 | 24 | BuildRequires: automake >= 1:1.9 |
c4f969c4 | 25 | BuildRequires: libselinux-devel |
694cb9a3 | 26 | BuildRequires: libtool |
1e54a8c4 | 27 | BuildRequires: lzo-devel |
2d7ad149 | 28 | BuildRequires: openssl-devel >= 0.9.7d |
694cb9a3 | 29 | %{?with_pkcs11:BuildRequires: p11-kit-devel} |
7367fd64 | 30 | BuildRequires: pam-devel |
694cb9a3 JB |
31 | %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11} |
32 | BuildRequires: pkgconfig | |
22af7faa | 33 | BuildRequires: rpmbuild(macros) >= 1.671 |
8cbbfc56 | 34 | BuildRequires: systemd-devel |
694cb9a3 JB |
35 | BuildRequires: tar >= 1:1.22 |
36 | BuildRequires: xz | |
a32abac3 | 37 | Requires(post,preun): /sbin/chkconfig |
22af7faa | 38 | Requires(post,preun,postun): systemd-units >= 38 |
dc577c8b | 39 | Requires: /sbin/ip |
694cb9a3 | 40 | %{?with_pkcs11:Requires: pkcs11-helper >= 1.11} |
be1312a6 | 41 | Requires: rc-scripts >= 0.4.3.0 |
22af7faa | 42 | Requires: systemd-units >= 38 |
ef1142ad | 43 | Requires: uname(release) >= 2.4 |
59856f7f ER |
44 | Suggests: %{name}-plugin-auth-pam |
45 | Suggests: %{name}-plugin-down-root | |
1e54a8c4 AM |
46 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
47 | ||
48 | %define _localstatedir /var | |
49 | ||
50 | %description | |
51 | OpenVPN is a robust and highly configurable VPN (Virtual Private | |
52 | Network) daemon which can be used to securely link two or more private | |
53 | networks using an encrypted tunnel over the internet. | |
54 | ||
22031f4a | 55 | %description -l pl.UTF-8 |
1e54a8c4 | 56 | OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne |
22031f4a JR |
57 | Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch |
58 | lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez | |
1e54a8c4 AM |
59 | internet. |
60 | ||
bfa8e009 ER |
61 | %package plugin-auth-pam |
62 | Summary: Plugin for username/password authentication via PAM | |
357bd270 JB |
63 | Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM |
64 | Group: Libraries | |
bfa8e009 ER |
65 | Requires: %{name} = %{version}-%{release} |
66 | ||
67 | %description plugin-auth-pam | |
68 | The openvpn-auth-pam module implements username/password | |
69 | authentication via PAM, and essentially allows any authentication | |
70 | method supported by PAM (such as LDAP, RADIUS, or Linux Shadow | |
71 | passwords) to be used with OpenVPN. While PAM supports | |
72 | username/password authentication, this can be combined with X509 | |
73 | certificates to provide two indepedent levels of authentication. | |
74 | ||
75 | This module uses a split privilege execution model which will function | |
76 | even if you drop openvpn daemon privileges using the user, group, or | |
77 | chroot directives. | |
78 | ||
357bd270 JB |
79 | %description plugin-auth-pam -l pl.UTF-8 |
80 | Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika | |
81 | i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej | |
82 | metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS, | |
83 | hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą | |
84 | użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu | |
85 | zapewniania dwóch różnych poziomów uwierzytelnienia. | |
86 | ||
87 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co | |
88 | działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu | |
89 | dyrektyw user, group lub chroot. | |
90 | ||
bfa8e009 ER |
91 | %package plugin-down-root |
92 | Summary: Plugin to allow root after privilege drop | |
357bd270 JB |
93 | Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień |
94 | Group: Libraries | |
bfa8e009 ER |
95 | Requires: %{name} = %{version}-%{release} |
96 | ||
97 | %description plugin-down-root | |
98 | The down-root module allows an OpenVPN configuration to call a down | |
99 | script with root privileges, even when privileges have been dropped | |
100 | using --user/--group/--chroot. | |
101 | ||
102 | This module uses a split privilege execution model which will fork() | |
103 | before OpenVPN drops root privileges, at the point where the --up | |
104 | script is usually called. The module will then remain in a wait state | |
105 | until it receives a message from OpenVPN via pipe to execute the down | |
106 | script. Thus, the down script will be run in the same execution | |
107 | environment as the up script. | |
108 | ||
357bd270 JB |
109 | %description plugin-down-root -l pl.UTF-8 |
110 | Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami | |
111 | roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia | |
112 | uprawnień przy użyciu opcji --user/--group/--chroot. | |
113 | ||
114 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który | |
115 | wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie | |
116 | zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie | |
117 | oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby | |
118 | wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w | |
119 | tym samym środowisku, co skrypt up. | |
120 | ||
088b9e85 | 121 | %package devel |
a1c1b5a0 | 122 | Summary: Header files for OpenVPN plugins development |
f284e4d9 | 123 | Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN |
088b9e85 ER |
124 | Group: Development/Libraries |
125 | ||
126 | %description devel | |
a1c1b5a0 JB |
127 | This is the package containing the header files for OpenVPN plugins |
128 | development. | |
129 | ||
22031f4a JR |
130 | %description devel -l pl.UTF-8 |
131 | Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN. | |
088b9e85 | 132 | |
1e54a8c4 | 133 | %prep |
da7b9d5f | 134 | %setup -q |
7c5604b6 | 135 | %patch0 -p1 |
727c4226 | 136 | |
0a7f47ba | 137 | sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf |
6b9f12e5 | 138 | |
1e54a8c4 | 139 | %build |
694cb9a3 | 140 | %{__libtoolize} |
d073bea7 | 141 | %{__aclocal} -I m4 |
8abf6e16 | 142 | %{__autoheader} |
143 | %{__autoconf} | |
144 | %{__automake} | |
73042e26 | 145 | |
8abf6e16 | 146 | %configure \ |
d073bea7 AM |
147 | IFCONFIG=/sbin/ifconfig \ |
148 | IPROUTE=/sbin/ip \ | |
149 | ROUTE=/sbin/route \ | |
694cb9a3 JB |
150 | NETSTAT=/bin/netstat \ |
151 | ac_cv_nsl_inet_ntoa=no \ | |
152 | ac_cv_socket_socket=no \ | |
153 | ac_cv_resolv_gethostbyname=no \ | |
154 | --enable-iproute2 \ | |
155 | --enable-password-save \ | |
156 | %{?with_pkcs11:--enable-pkcs11} \ | |
157 | --enable-selinux \ | |
158 | --enable-systemd | |
43fa42e4 | 159 | |
d073bea7 | 160 | %{__make} |
088b9e85 | 161 | |
1e54a8c4 AM |
162 | %install |
163 | rm -rf $RPM_BUILD_ROOT | |
c13903eb | 164 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \ |
f3908354 | 165 | $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \ |
ec6e7d04 | 166 | $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \ |
f6fd18dc | 167 | $RPM_BUILD_ROOT%{systemdunitdir}-generators |
1e54a8c4 | 168 | |
d073bea7 AM |
169 | %{__make} install \ |
170 | DESTDIR=$RPM_BUILD_ROOT | |
1e54a8c4 | 171 | |
f6fd18dc ER |
172 | install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
173 | cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} | |
174 | cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf | |
ec6e7d04 | 175 | |
f6fd18dc | 176 | install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator |
ec6e7d04 JR |
177 | install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target |
178 | install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service | |
179 | ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service | |
6f1eceea | 180 | |
0a7f47ba ER |
181 | # we use "cp", not "install", not to pull /bin/bash dependency |
182 | cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name} | |
183 | cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name} | |
184 | cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name} | |
185 | ||
388387bf | 186 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la |
f6fd18dc | 187 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name} |
388387bf | 188 | |
1e54a8c4 AM |
189 | %clean |
190 | rm -rf $RPM_BUILD_ROOT | |
191 | ||
55a7ee18 JK |
192 | %post |
193 | /sbin/chkconfig --add openvpn | |
1a7a867b | 194 | %service openvpn restart "OpenVPN" |
ec6e7d04 | 195 | %systemd_post openvpn.target |
55a7ee18 JK |
196 | |
197 | %preun | |
198 | if [ "$1" = "0" ]; then | |
1a7a867b | 199 | %service openvpn stop |
55a7ee18 | 200 | /sbin/chkconfig --del openvpn |
a34b9b51 | 201 | fi |
ec6e7d04 JR |
202 | %systemd_preun openvpn.target |
203 | ||
204 | %postun | |
205 | %systemd_reload | |
206 | ||
207 | %triggerpostun -- openvpn < 2.3.2-2 | |
208 | [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm | |
209 | [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0 | |
210 | [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0 | |
211 | export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog | |
212 | /bin/systemctl --quiet enable openvpn.target || : | |
213 | exit 0 | |
55a7ee18 | 214 | |
1e54a8c4 AM |
215 | %files |
216 | %defattr(644,root,root,755) | |
d073bea7 | 217 | %doc AUTHORS README* ChangeLog sample/sample-{config-files,keys,scripts} doc/management-notes.txt |
bfa8e009 | 218 | %doc *.IPv6 |
f063e411 | 219 | %dir %{_sysconfdir}/openvpn |
088b9e85 | 220 | %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} |
1a7a867b | 221 | %attr(755,root,root) %{_sbindir}/openvpn |
e06b2f01 | 222 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
f6fd18dc | 223 | %attr(755,root,root) %{systemdunitdir}-generators/%{name}-service-generator |
ec6e7d04 JR |
224 | %{systemdunitdir}/%{name}.service |
225 | %{systemdunitdir}/%{name}.target | |
226 | %{systemdunitdir}/%{name}@.service | |
088b9e85 | 227 | %dir %{_libdir}/%{name} |
0a7f47ba ER |
228 | %attr(755,root,root) %{_libdir}/%{name}/client.down |
229 | %attr(755,root,root) %{_libdir}/%{name}/client.up | |
230 | %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf | |
088b9e85 | 231 | %dir %{_libdir}/%{name}/plugins |
388387bf | 232 | %{_mandir}/man8/openvpn.8* |
55a7ee18 | 233 | %dir /var/run/openvpn |
f6fd18dc | 234 | %{systemdtmpfilesdir}/%{name}.conf |
088b9e85 | 235 | |
bfa8e009 ER |
236 | %files plugin-auth-pam |
237 | %defattr(644,root,root,755) | |
238 | %doc src/plugins/auth-pam/README.auth-pam | |
239 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so | |
240 | ||
241 | %files plugin-down-root | |
242 | %defattr(644,root,root,755) | |
243 | %doc src/plugins/down-root/README.down-root | |
244 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so | |
245 | ||
088b9e85 ER |
246 | %files devel |
247 | %defattr(644,root,root,755) | |
d073bea7 | 248 | %doc doc/README.plugins sample/sample-plugins |
388387bf | 249 | %{_includedir}/openvpn-plugin.h |