]>
Commit | Line | Data |
---|---|---|
a4f057cc | 1 | # TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section) |
357bd270 | 2 | # |
3a40fd75 | 3 | # Conditional build: |
694cb9a3 | 4 | %bcond_without pkcs11 # PKCS#11 support |
e155c28e | 5 | %bcond_without tests |
3a40fd75 | 6 | |
1e54a8c4 | 7 | Summary: VPN Daemon |
f284e4d9 | 8 | Summary(pl.UTF-8): Serwer VPN |
1e54a8c4 | 9 | Name: openvpn |
511cab26 | 10 | Version: 2.5.5 |
36925592 | 11 | Release: 1 |
4b4dae2a | 12 | License: GPL v2 |
1e54a8c4 | 13 | Group: Networking/Daemons |
36925592 | 14 | Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz |
511cab26 | 15 | # Source0-md5: e469f55a223677b4cb6c7f4541065f5a |
1e54a8c4 AM |
16 | Source1: %{name}.init |
17 | Source2: %{name}.sysconfig | |
d073bea7 | 18 | Source3: %{name}.tmpfiles |
f6fd18dc ER |
19 | Source4: %{name}-service-generator |
20 | Source5: %{name}.target | |
21 | Source6: %{name}@.service | |
0a7f47ba | 22 | Source7: %{name}-update-resolv-conf |
d073bea7 | 23 | Patch0: %{name}-pam.patch |
fd3387b8 | 24 | Patch1: unsupported-ciphers.patch |
4d7e3f68 JR |
25 | Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch |
26 | Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch | |
27 | Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch | |
4d7e3f68 JR |
28 | Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch |
29 | Patch105: 0045-Do-not-allow-CTS-ciphers.patch | |
30 | Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch | |
31 | Patch107: 0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch | |
36925592 | 32 | URL: https://www.openvpn.net/ |
4b4dae2a | 33 | BuildRequires: autoconf >= 2.59 |
694cb9a3 | 34 | BuildRequires: automake >= 1:1.9 |
c4f969c4 | 35 | BuildRequires: libselinux-devel |
694cb9a3 | 36 | BuildRequires: libtool |
f3aaee0e | 37 | BuildRequires: lz4-devel >= 1:1.7.1 |
1e54a8c4 | 38 | BuildRequires: lzo-devel |
a4f057cc JB |
39 | # or mbedtls-devel >= 2 |
40 | BuildRequires: openssl-devel >= 1.0.2 | |
694cb9a3 | 41 | %{?with_pkcs11:BuildRequires: p11-kit-devel} |
7367fd64 | 42 | BuildRequires: pam-devel |
694cb9a3 JB |
43 | %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11} |
44 | BuildRequires: pkgconfig | |
22af7faa | 45 | BuildRequires: rpmbuild(macros) >= 1.671 |
f3aaee0e | 46 | BuildRequires: systemd-devel >= 1:217 |
694cb9a3 JB |
47 | BuildRequires: tar >= 1:1.22 |
48 | BuildRequires: xz | |
a32abac3 | 49 | Requires(post,preun): /sbin/chkconfig |
22af7faa | 50 | Requires(post,preun,postun): systemd-units >= 38 |
dc577c8b | 51 | Requires: /sbin/ip |
f3aaee0e | 52 | Requires: lz4 >= 1:1.7.1 |
a4f057cc | 53 | Requires: openssl >= 1.0.2 |
694cb9a3 | 54 | %{?with_pkcs11:Requires: pkcs11-helper >= 1.11} |
be1312a6 | 55 | Requires: rc-scripts >= 0.4.3.0 |
f3aaee0e | 56 | Requires: systemd-libs >= 1:217 |
22af7faa | 57 | Requires: systemd-units >= 38 |
ef1142ad | 58 | Requires: uname(release) >= 2.4 |
59856f7f ER |
59 | Suggests: %{name}-plugin-auth-pam |
60 | Suggests: %{name}-plugin-down-root | |
1e54a8c4 AM |
61 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
62 | ||
63 | %define _localstatedir /var | |
64 | ||
65 | %description | |
66 | OpenVPN is a robust and highly configurable VPN (Virtual Private | |
67 | Network) daemon which can be used to securely link two or more private | |
68 | networks using an encrypted tunnel over the internet. | |
69 | ||
22031f4a | 70 | %description -l pl.UTF-8 |
1e54a8c4 | 71 | OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne |
22031f4a JR |
72 | Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch |
73 | lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez | |
1e54a8c4 AM |
74 | internet. |
75 | ||
bfa8e009 ER |
76 | %package plugin-auth-pam |
77 | Summary: Plugin for username/password authentication via PAM | |
357bd270 JB |
78 | Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM |
79 | Group: Libraries | |
bfa8e009 ER |
80 | Requires: %{name} = %{version}-%{release} |
81 | ||
82 | %description plugin-auth-pam | |
83 | The openvpn-auth-pam module implements username/password | |
84 | authentication via PAM, and essentially allows any authentication | |
85 | method supported by PAM (such as LDAP, RADIUS, or Linux Shadow | |
86 | passwords) to be used with OpenVPN. While PAM supports | |
87 | username/password authentication, this can be combined with X509 | |
88 | certificates to provide two indepedent levels of authentication. | |
89 | ||
90 | This module uses a split privilege execution model which will function | |
91 | even if you drop openvpn daemon privileges using the user, group, or | |
92 | chroot directives. | |
93 | ||
357bd270 JB |
94 | %description plugin-auth-pam -l pl.UTF-8 |
95 | Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika | |
96 | i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej | |
97 | metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS, | |
98 | hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą | |
99 | użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu | |
100 | zapewniania dwóch różnych poziomów uwierzytelnienia. | |
101 | ||
102 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co | |
103 | działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu | |
104 | dyrektyw user, group lub chroot. | |
105 | ||
bfa8e009 ER |
106 | %package plugin-down-root |
107 | Summary: Plugin to allow root after privilege drop | |
357bd270 JB |
108 | Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień |
109 | Group: Libraries | |
bfa8e009 ER |
110 | Requires: %{name} = %{version}-%{release} |
111 | ||
112 | %description plugin-down-root | |
113 | The down-root module allows an OpenVPN configuration to call a down | |
114 | script with root privileges, even when privileges have been dropped | |
115 | using --user/--group/--chroot. | |
116 | ||
117 | This module uses a split privilege execution model which will fork() | |
118 | before OpenVPN drops root privileges, at the point where the --up | |
119 | script is usually called. The module will then remain in a wait state | |
120 | until it receives a message from OpenVPN via pipe to execute the down | |
121 | script. Thus, the down script will be run in the same execution | |
122 | environment as the up script. | |
123 | ||
357bd270 JB |
124 | %description plugin-down-root -l pl.UTF-8 |
125 | Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami | |
126 | roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia | |
127 | uprawnień przy użyciu opcji --user/--group/--chroot. | |
128 | ||
129 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który | |
130 | wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie | |
131 | zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie | |
132 | oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby | |
133 | wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w | |
134 | tym samym środowisku, co skrypt up. | |
135 | ||
088b9e85 | 136 | %package devel |
a1c1b5a0 | 137 | Summary: Header files for OpenVPN plugins development |
f284e4d9 | 138 | Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN |
088b9e85 ER |
139 | Group: Development/Libraries |
140 | ||
141 | %description devel | |
a1c1b5a0 JB |
142 | This is the package containing the header files for OpenVPN plugins |
143 | development. | |
144 | ||
22031f4a JR |
145 | %description devel -l pl.UTF-8 |
146 | Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN. | |
088b9e85 | 147 | |
1e54a8c4 | 148 | %prep |
da7b9d5f | 149 | %setup -q |
4d7e3f68 JR |
150 | %patch100 -p1 |
151 | %patch101 -p1 | |
152 | %patch102 -p1 | |
4d7e3f68 JR |
153 | %patch104 -p1 |
154 | %patch105 -p1 | |
155 | %patch106 -p1 | |
156 | %patch107 -p1 | |
7c5604b6 | 157 | %patch0 -p1 |
fd3387b8 | 158 | %patch1 -p1 |
727c4226 | 159 | |
0a7f47ba | 160 | sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf |
6b9f12e5 | 161 | |
1e54a8c4 | 162 | %build |
694cb9a3 | 163 | %{__libtoolize} |
d073bea7 | 164 | %{__aclocal} -I m4 |
8abf6e16 | 165 | %{__autoheader} |
166 | %{__autoconf} | |
167 | %{__automake} | |
c1560620 | 168 | CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)" |
8abf6e16 | 169 | %configure \ |
d073bea7 AM |
170 | IFCONFIG=/sbin/ifconfig \ |
171 | IPROUTE=/sbin/ip \ | |
694cb9a3 | 172 | NETSTAT=/bin/netstat \ |
c1560620 JB |
173 | ROUTE=/sbin/route \ |
174 | SYSTEMD_UNIT_DIR=%{systemdunitdir} \ | |
694cb9a3 JB |
175 | ac_cv_nsl_inet_ntoa=no \ |
176 | ac_cv_socket_socket=no \ | |
177 | ac_cv_resolv_gethostbyname=no \ | |
178 | --enable-iproute2 \ | |
694cb9a3 | 179 | %{?with_pkcs11:--enable-pkcs11} \ |
1f151bf6 | 180 | --enable-async-push \ |
694cb9a3 | 181 | --enable-selinux \ |
3e7c77f0 | 182 | --enable-systemd \ |
1f151bf6 | 183 | --enable-x509-alt-username \ |
3e7c77f0 | 184 | --with-crypto-library=openssl |
43fa42e4 | 185 | |
d073bea7 | 186 | %{__make} |
088b9e85 | 187 | |
e155c28e AM |
188 | %if %{with tests} |
189 | %{__make} check | |
190 | %endif | |
191 | ||
1e54a8c4 AM |
192 | %install |
193 | rm -rf $RPM_BUILD_ROOT | |
c13903eb | 194 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \ |
f3908354 | 195 | $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \ |
ec6e7d04 | 196 | $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \ |
f6fd18dc | 197 | $RPM_BUILD_ROOT%{systemdunitdir}-generators |
1e54a8c4 | 198 | |
d073bea7 AM |
199 | %{__make} install \ |
200 | DESTDIR=$RPM_BUILD_ROOT | |
1e54a8c4 | 201 | |
f6fd18dc ER |
202 | install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
203 | cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} | |
204 | cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf | |
ec6e7d04 | 205 | |
f6fd18dc | 206 | install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator |
ec6e7d04 JR |
207 | install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target |
208 | install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service | |
209 | ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service | |
6f1eceea | 210 | |
0a7f47ba ER |
211 | # we use "cp", not "install", not to pull /bin/bash dependency |
212 | cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name} | |
213 | cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name} | |
214 | cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name} | |
215 | ||
388387bf | 216 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la |
f6fd18dc | 217 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name} |
388387bf | 218 | |
1e54a8c4 AM |
219 | %clean |
220 | rm -rf $RPM_BUILD_ROOT | |
221 | ||
55a7ee18 JK |
222 | %post |
223 | /sbin/chkconfig --add openvpn | |
1a7a867b | 224 | %service openvpn restart "OpenVPN" |
ec6e7d04 | 225 | %systemd_post openvpn.target |
55a7ee18 JK |
226 | |
227 | %preun | |
228 | if [ "$1" = "0" ]; then | |
1a7a867b | 229 | %service openvpn stop |
55a7ee18 | 230 | /sbin/chkconfig --del openvpn |
a34b9b51 | 231 | fi |
ec6e7d04 JR |
232 | %systemd_preun openvpn.target |
233 | ||
234 | %postun | |
235 | %systemd_reload | |
236 | ||
237 | %triggerpostun -- openvpn < 2.3.2-2 | |
238 | [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm | |
239 | [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0 | |
240 | [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0 | |
241 | export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog | |
242 | /bin/systemctl --quiet enable openvpn.target || : | |
243 | exit 0 | |
55a7ee18 | 244 | |
1e54a8c4 AM |
245 | %files |
246 | %defattr(644,root,root,755) | |
f3aaee0e | 247 | %doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts} |
f063e411 | 248 | %dir %{_sysconfdir}/openvpn |
088b9e85 | 249 | %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} |
1a7a867b | 250 | %attr(755,root,root) %{_sbindir}/openvpn |
e06b2f01 | 251 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c1560620 JB |
252 | %attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator |
253 | # PLD-specific | |
254 | %{systemdunitdir}/openvpn.service | |
255 | %{systemdunitdir}/openvpn.target | |
256 | %{systemdunitdir}/openvpn@.service | |
257 | # upstream provided | |
258 | #%{systemdunitdir}/openvpn-client@.service | |
259 | #%{systemdunitdir}/openvpn-server@.service | |
088b9e85 | 260 | %dir %{_libdir}/%{name} |
0a7f47ba ER |
261 | %attr(755,root,root) %{_libdir}/%{name}/client.down |
262 | %attr(755,root,root) %{_libdir}/%{name}/client.up | |
263 | %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf | |
088b9e85 | 264 | %dir %{_libdir}/%{name}/plugins |
8453ecf5 | 265 | %{_mandir}/man5/openvpn-examples.5* |
388387bf | 266 | %{_mandir}/man8/openvpn.8* |
55a7ee18 | 267 | %dir /var/run/openvpn |
f6fd18dc | 268 | %{systemdtmpfilesdir}/%{name}.conf |
088b9e85 | 269 | |
bfa8e009 ER |
270 | %files plugin-auth-pam |
271 | %defattr(644,root,root,755) | |
272 | %doc src/plugins/auth-pam/README.auth-pam | |
273 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so | |
274 | ||
275 | %files plugin-down-root | |
276 | %defattr(644,root,root,755) | |
277 | %doc src/plugins/down-root/README.down-root | |
278 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so | |
279 | ||
088b9e85 ER |
280 | %files devel |
281 | %defattr(644,root,root,755) | |
d073bea7 | 282 | %doc doc/README.plugins sample/sample-plugins |
24429fb3 | 283 | %{_includedir}/openvpn-msg.h |
388387bf | 284 | %{_includedir}/openvpn-plugin.h |