[packages/openvpn.git] / openvpn.spec

# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
#
# Conditional build:
%bcond_without	pkcs11		# PKCS#11 support
%bcond_without	tests

Summary:	VPN Daemon
Summary(pl.UTF-8):	Serwer VPN
Name:		openvpn
Version:	2.5.5
Release:	1
License:	GPL v2
Group:		Networking/Daemons
Source0:	https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
# Source0-md5:	e469f55a223677b4cb6c7f4541065f5a
Source1:	%{name}.init
Source2:	%{name}.sysconfig
Source3:	%{name}.tmpfiles
Source4:	%{name}-service-generator
Source5:	%{name}.target
Source6:	%{name}@.service
Source7:	%{name}-update-resolv-conf
Patch0:		%{name}-pam.patch
Patch1:		unsupported-ciphers.patch
Patch100:	0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
Patch101:	0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
Patch102:	0040-Remove-DES-check-with-OpenSSL-3.0.patch
Patch104:	0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
Patch105:	0045-Do-not-allow-CTS-ciphers.patch
Patch106:	0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
Patch107:	0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
URL:		https://www.openvpn.net/
BuildRequires:	autoconf >= 2.59
BuildRequires:	automake >= 1:1.9
BuildRequires:	libselinux-devel
BuildRequires:	libtool
BuildRequires:	lz4-devel >= 1:1.7.1
BuildRequires:	lzo-devel
# or mbedtls-devel >= 2
BuildRequires:	openssl-devel >= 1.0.2
%{?with_pkcs11:BuildRequires:	p11-kit-devel}
BuildRequires:	pam-devel
%{?with_pkcs11:BuildRequires:	pkcs11-helper-devel >= 1.11}
BuildRequires:	pkgconfig
BuildRequires:	rpmbuild(macros) >= 1.671
BuildRequires:	systemd-devel >= 1:217
BuildRequires:	tar >= 1:1.22
BuildRequires:	xz
Requires(post,preun):	/sbin/chkconfig
Requires(post,preun,postun):	systemd-units >= 38
Requires:	/sbin/ip
Requires:	lz4 >= 1:1.7.1
Requires:	openssl >= 1.0.2
%{?with_pkcs11:Requires:	pkcs11-helper >= 1.11}
Requires:	rc-scripts >= 0.4.3.0
Requires:	systemd-libs >= 1:217
Requires:	systemd-units >= 38
Requires:	uname(release) >= 2.4
Suggests:	%{name}-plugin-auth-pam
Suggests:	%{name}-plugin-down-root
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_localstatedir	/var

%description
OpenVPN is a robust and highly configurable VPN (Virtual Private
Network) daemon which can be used to securely link two or more private
networks using an encrypted tunnel over the internet.

%description -l pl.UTF-8
OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
internet.

%package plugin-auth-pam
Summary:	Plugin for username/password authentication via PAM
Summary(pl.UTF-8):	Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-auth-pam
The openvpn-auth-pam module implements username/password
authentication via PAM, and essentially allows any authentication
method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
passwords) to be used with OpenVPN. While PAM supports
username/password authentication, this can be combined with X509
certificates to provide two indepedent levels of authentication.

This module uses a split privilege execution model which will function
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.

%description plugin-auth-pam -l pl.UTF-8
Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
zapewniania dwóch różnych poziomów uwierzytelnienia.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
dyrektyw user, group lub chroot.

%package plugin-down-root
Summary:	Plugin to allow root after privilege drop
Summary(pl.UTF-8):	Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-down-root
The down-root module allows an OpenVPN configuration to call a down
script with root privileges, even when privileges have been dropped
using --user/--group/--chroot.

This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called. The module will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script. Thus, the down script will be run in the same execution
environment as the up script.

%description plugin-down-root -l pl.UTF-8
Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
uprawnień przy użyciu opcji --user/--group/--chroot.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
tym samym środowisku, co skrypt up.

%package devel
Summary:	Header files for OpenVPN plugins development
Summary(pl.UTF-8):	Pliki nagłówkowe do tworzenia wtyczek OpenVPN
Group:		Development/Libraries

%description devel
This is the package containing the header files for OpenVPN plugins
development.

%description devel -l pl.UTF-8
Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.

%prep
%setup -q
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch0 -p1
%patch1 -p1

sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf

%build
%{__libtoolize}
%{__aclocal} -I m4
%{__autoheader}
%{__autoconf}
%{__automake}
CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
%configure \
	IFCONFIG=/sbin/ifconfig \
	IPROUTE=/sbin/ip \
	NETSTAT=/bin/netstat \
	ROUTE=/sbin/route \
	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
	ac_cv_nsl_inet_ntoa=no \
	ac_cv_socket_socket=no \
	ac_cv_resolv_gethostbyname=no \
	--enable-iproute2 \
	%{?with_pkcs11:--enable-pkcs11} \
	--enable-async-push \
	--enable-selinux \
	--enable-systemd \
	--enable-x509-alt-username \
	--with-crypto-library=openssl

%{__make}

%if %{with tests}
%{__make} check
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
	$RPM_BUILD_ROOT%{systemdunitdir}-generators

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf

install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service

# we use "cp", not "install", not to pull /bin/bash dependency
cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}

%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add openvpn
%service openvpn restart "OpenVPN"
%systemd_post openvpn.target

%preun
if [ "$1" = "0" ]; then
	%service openvpn stop
	/sbin/chkconfig --del openvpn
fi
%systemd_preun openvpn.target

%postun
%systemd_reload

%triggerpostun -- openvpn < 2.3.2-2
[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
/bin/systemctl --quiet enable openvpn.target || :
exit 0

%files
%defattr(644,root,root,755)
%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts}
%dir %{_sysconfdir}/openvpn
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
%attr(755,root,root) %{_sbindir}/openvpn
%attr(754,root,root) /etc/rc.d/init.d/%{name}
%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
# PLD-specific
%{systemdunitdir}/openvpn.service
%{systemdunitdir}/openvpn.target
%{systemdunitdir}/openvpn@.service
# upstream provided
#%{systemdunitdir}/openvpn-client@.service
#%{systemdunitdir}/openvpn-server@.service
%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/client.down
%attr(755,root,root) %{_libdir}/%{name}/client.up
%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
%{_mandir}/man5/openvpn-examples.5*
%{_mandir}/man8/openvpn.8*
%dir /var/run/openvpn
%{systemdtmpfilesdir}/%{name}.conf

%files plugin-auth-pam
%defattr(644,root,root,755)
%doc src/plugins/auth-pam/README.auth-pam
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so

%files plugin-down-root
%defattr(644,root,root,755)
%doc src/plugins/down-root/README.down-root
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so

%files devel
%defattr(644,root,root,755)
%doc doc/README.plugins sample/sample-plugins
%{_includedir}/openvpn-msg.h
%{_includedir}/openvpn-plugin.h
Commit	Line	Data
a4f057cc	1	# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
357bd270	2	#
3a40fd75	3	# Conditional build:
694cb9a3	4	%bcond_without pkcs11 # PKCS#11 support
e155c28e	5	%bcond_without tests
3a40fd75	6
1e54a8c4	7	Summary: VPN Daemon
f284e4d9	8	Summary(pl.UTF-8): Serwer VPN
1e54a8c4	9	Name: openvpn
511cab26	10	Version: 2.5.5
36925592	11	Release: 1
4b4dae2a	12	License: GPL v2
1e54a8c4	13	Group: Networking/Daemons
36925592	14	Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
511cab26	15	# Source0-md5: e469f55a223677b4cb6c7f4541065f5a
1e54a8c4 AM	16	Source1: %{name}.init
1e54a8c4 AM	17	Source2: %{name}.sysconfig
d073bea7	18	Source3: %{name}.tmpfiles
f6fd18dc ER	19	Source4: %{name}-service-generator
	20	Source5: %{name}.target
	21	Source6: %{name}@.service
0a7f47ba	22	Source7: %{name}-update-resolv-conf
d073bea7	23	Patch0: %{name}-pam.patch
fd3387b8	24	Patch1: unsupported-ciphers.patch
4d7e3f68 JR	25	Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
	26	Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
	27	Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch
4d7e3f68 JR	28	Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
	29	Patch105: 0045-Do-not-allow-CTS-ciphers.patch
	30	Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
	31	Patch107: 0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
36925592	32	URL: https://www.openvpn.net/
4b4dae2a	33	BuildRequires: autoconf >= 2.59
694cb9a3	34	BuildRequires: automake >= 1:1.9
c4f969c4	35	BuildRequires: libselinux-devel
694cb9a3	36	BuildRequires: libtool
f3aaee0e	37	BuildRequires: lz4-devel >= 1:1.7.1
1e54a8c4	38	BuildRequires: lzo-devel
a4f057cc JB	39	# or mbedtls-devel >= 2
a4f057cc JB	40	BuildRequires: openssl-devel >= 1.0.2
694cb9a3	41	%{?with_pkcs11:BuildRequires: p11-kit-devel}
7367fd64	42	BuildRequires: pam-devel
694cb9a3 JB	43	%{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11}
694cb9a3 JB	44	BuildRequires: pkgconfig
22af7faa	45	BuildRequires: rpmbuild(macros) >= 1.671
f3aaee0e	46	BuildRequires: systemd-devel >= 1:217
694cb9a3 JB	47	BuildRequires: tar >= 1:1.22
694cb9a3 JB	48	BuildRequires: xz
a32abac3	49	Requires(post,preun): /sbin/chkconfig
22af7faa	50	Requires(post,preun,postun): systemd-units >= 38
dc577c8b	51	Requires: /sbin/ip
f3aaee0e	52	Requires: lz4 >= 1:1.7.1
a4f057cc	53	Requires: openssl >= 1.0.2
694cb9a3	54	%{?with_pkcs11:Requires: pkcs11-helper >= 1.11}
be1312a6	55	Requires: rc-scripts >= 0.4.3.0
f3aaee0e	56	Requires: systemd-libs >= 1:217
22af7faa	57	Requires: systemd-units >= 38
ef1142ad	58	Requires: uname(release) >= 2.4
59856f7f ER	59	Suggests: %{name}-plugin-auth-pam
59856f7f ER	60	Suggests: %{name}-plugin-down-root
1e54a8c4 AM	61	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	62
	63	%define _localstatedir /var
	64
	65	%description
	66	OpenVPN is a robust and highly configurable VPN (Virtual Private
	67	Network) daemon which can be used to securely link two or more private
	68	networks using an encrypted tunnel over the internet.
	69
22031f4a	70	%description -l pl.UTF-8
1e54a8c4	71	OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
22031f4a JR	72	Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
22031f4a JR	73	lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
1e54a8c4 AM	74	internet.
1e54a8c4 AM	75
bfa8e009 ER	76	%package plugin-auth-pam
bfa8e009 ER	77	Summary: Plugin for username/password authentication via PAM
357bd270 JB	78	Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
357bd270 JB	79	Group: Libraries
bfa8e009 ER	80	Requires: %{name} = %{version}-%{release}
	81
	82	%description plugin-auth-pam
	83	The openvpn-auth-pam module implements username/password
	84	authentication via PAM, and essentially allows any authentication
	85	method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
	86	passwords) to be used with OpenVPN. While PAM supports
	87	username/password authentication, this can be combined with X509
	88	certificates to provide two indepedent levels of authentication.
	89
	90	This module uses a split privilege execution model which will function
	91	even if you drop openvpn daemon privileges using the user, group, or
	92	chroot directives.
	93
357bd270 JB	94	%description plugin-auth-pam -l pl.UTF-8
	95	Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
	96	i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
	97	metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
	98	hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
	99	użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
	100	zapewniania dwóch różnych poziomów uwierzytelnienia.
	101
	102	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
	103	działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
	104	dyrektyw user, group lub chroot.
	105
bfa8e009 ER	106	%package plugin-down-root
bfa8e009 ER	107	Summary: Plugin to allow root after privilege drop
357bd270 JB	108	Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
357bd270 JB	109	Group: Libraries
bfa8e009 ER	110	Requires: %{name} = %{version}-%{release}
	111
	112	%description plugin-down-root
	113	The down-root module allows an OpenVPN configuration to call a down
	114	script with root privileges, even when privileges have been dropped
	115	using --user/--group/--chroot.
	116
	117	This module uses a split privilege execution model which will fork()
	118	before OpenVPN drops root privileges, at the point where the --up
	119	script is usually called. The module will then remain in a wait state
	120	until it receives a message from OpenVPN via pipe to execute the down
	121	script. Thus, the down script will be run in the same execution
	122	environment as the up script.
	123
357bd270 JB	124	%description plugin-down-root -l pl.UTF-8
	125	Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
	126	roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
	127	uprawnień przy użyciu opcji --user/--group/--chroot.
	128
	129	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
	130	wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
	131	zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
	132	oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
	133	wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
	134	tym samym środowisku, co skrypt up.
	135
088b9e85	136	%package devel
a1c1b5a0	137	Summary: Header files for OpenVPN plugins development
f284e4d9	138	Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN
088b9e85 ER	139	Group: Development/Libraries
	140
	141	%description devel
a1c1b5a0 JB	142	This is the package containing the header files for OpenVPN plugins
	143	development.
	144
22031f4a JR	145	%description devel -l pl.UTF-8
22031f4a JR	146	Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
088b9e85	147
1e54a8c4	148	%prep
da7b9d5f	149	%setup -q
4d7e3f68 JR	150	%patch100 -p1
	151	%patch101 -p1
	152	%patch102 -p1
4d7e3f68 JR	153	%patch104 -p1
	154	%patch105 -p1
	155	%patch106 -p1
	156	%patch107 -p1
7c5604b6	157	%patch0 -p1
fd3387b8	158	%patch1 -p1
727c4226	159
0a7f47ba	160	sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf
6b9f12e5	161
1e54a8c4	162	%build
694cb9a3	163	%{__libtoolize}
d073bea7	164	%{__aclocal} -I m4
8abf6e16	165	%{__autoheader}
	166	%{__autoconf}
	167	%{__automake}
c1560620	168	CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
8abf6e16	169	%configure \
d073bea7 AM	170	IFCONFIG=/sbin/ifconfig \
d073bea7 AM	171	IPROUTE=/sbin/ip \
694cb9a3	172	NETSTAT=/bin/netstat \
c1560620 JB	173	ROUTE=/sbin/route \
c1560620 JB	174	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
694cb9a3 JB	175	ac_cv_nsl_inet_ntoa=no \
	176	ac_cv_socket_socket=no \
	177	ac_cv_resolv_gethostbyname=no \
	178	--enable-iproute2 \
694cb9a3	179	%{?with_pkcs11:--enable-pkcs11} \
1f151bf6	180	--enable-async-push \
694cb9a3	181	--enable-selinux \
3e7c77f0	182	--enable-systemd \
1f151bf6	183	--enable-x509-alt-username \
3e7c77f0	184	--with-crypto-library=openssl
43fa42e4	185
d073bea7	186	%{__make}
088b9e85	187
e155c28e AM	188	%if %{with tests}
	189	%{__make} check
	190	%endif
	191
1e54a8c4 AM	192	%install
1e54a8c4 AM	193	rm -rf $RPM_BUILD_ROOT
c13903eb	194	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
f3908354	195	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
ec6e7d04	196	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
f6fd18dc	197	$RPM_BUILD_ROOT%{systemdunitdir}-generators
1e54a8c4	198
d073bea7 AM	199	%{__make} install \
d073bea7 AM	200	DESTDIR=$RPM_BUILD_ROOT
1e54a8c4	201
f6fd18dc ER	202	install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
	203	cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
	204	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
ec6e7d04	205
f6fd18dc	206	install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
ec6e7d04 JR	207	install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
	208	install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
	209	ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service
6f1eceea	210
0a7f47ba ER	211	# we use "cp", not "install", not to pull /bin/bash dependency
	212	cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
	213	cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
	214	cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
	215
388387bf	216	%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
f6fd18dc	217	%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
388387bf	218
1e54a8c4 AM	219	%clean
	220	rm -rf $RPM_BUILD_ROOT
	221
55a7ee18 JK	222	%post
55a7ee18 JK	223	/sbin/chkconfig --add openvpn
1a7a867b	224	%service openvpn restart "OpenVPN"
ec6e7d04	225	%systemd_post openvpn.target
55a7ee18 JK	226
	227	%preun
	228	if [ "$1" = "0" ]; then
1a7a867b	229	%service openvpn stop
55a7ee18	230	/sbin/chkconfig --del openvpn
a34b9b51	231	fi
ec6e7d04 JR	232	%systemd_preun openvpn.target
	233
	234	%postun
	235	%systemd_reload
	236
	237	%triggerpostun -- openvpn < 2.3.2-2
	238	[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
	239	[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
	240	[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
	241	export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
	242	/bin/systemctl --quiet enable openvpn.target \|\| :
	243	exit 0
55a7ee18	244
1e54a8c4 AM	245	%files
1e54a8c4 AM	246	%defattr(644,root,root,755)
f3aaee0e	247	%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts}
f063e411	248	%dir %{_sysconfdir}/openvpn
088b9e85	249	%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
1a7a867b	250	%attr(755,root,root) %{_sbindir}/openvpn
e06b2f01	251	%attr(754,root,root) /etc/rc.d/init.d/%{name}
c1560620 JB	252	%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
	253	# PLD-specific
	254	%{systemdunitdir}/openvpn.service
	255	%{systemdunitdir}/openvpn.target
	256	%{systemdunitdir}/openvpn@.service
	257	# upstream provided
	258	#%{systemdunitdir}/openvpn-client@.service
	259	#%{systemdunitdir}/openvpn-server@.service
088b9e85	260	%dir %{_libdir}/%{name}
0a7f47ba ER	261	%attr(755,root,root) %{_libdir}/%{name}/client.down
	262	%attr(755,root,root) %{_libdir}/%{name}/client.up
	263	%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
088b9e85	264	%dir %{_libdir}/%{name}/plugins
8453ecf5	265	%{_mandir}/man5/openvpn-examples.5*
388387bf	266	%{_mandir}/man8/openvpn.8*
55a7ee18	267	%dir /var/run/openvpn
f6fd18dc	268	%{systemdtmpfilesdir}/%{name}.conf
088b9e85	269
bfa8e009 ER	270	%files plugin-auth-pam
	271	%defattr(644,root,root,755)
	272	%doc src/plugins/auth-pam/README.auth-pam
	273	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so
	274
	275	%files plugin-down-root
	276	%defattr(644,root,root,755)
	277	%doc src/plugins/down-root/README.down-root
	278	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so
	279
088b9e85 ER	280	%files devel
088b9e85 ER	281	%defattr(644,root,root,755)
d073bea7	282	%doc doc/README.plugins sample/sample-plugins
24429fb3	283	%{_includedir}/openvpn-msg.h
388387bf	284	%{_includedir}/openvpn-plugin.h