[packages/openvpn.git] / openvpn.spec

# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
#
# Conditional build:
%bcond_without	pkcs11		# PKCS#11 support
%bcond_without	tests

Summary:	VPN Daemon
Summary(pl.UTF-8):	Serwer VPN
Name:		openvpn
Version:	2.6.0
Release:	1
License:	GPL v2
Group:		Networking/Daemons
Source0:        https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.gz
# Source0-md5:	f46e8182bfee0b1634807e6ab2a220ef
Source1:	%{name}.init
Source2:	%{name}.sysconfig
Source3:	%{name}.tmpfiles
Source4:	%{name}-service-generator
Source5:	%{name}.target
Source6:	%{name}@.service
Source7:	%{name}-update-resolv-conf
Patch0:		%{name}-pam.patch
URL:		https://www.openvpn.net/
BuildRequires:	autoconf >= 2.59
BuildRequires:	automake >= 1:1.9
BuildRequires:	libselinux-devel
BuildRequires:	libtool
BuildRequires:	lz4-devel >= 1:1.7.1
BuildRequires:	lzo-devel
# or mbedtls-devel >= 2
BuildRequires:	openssl-devel >= 1.0.2
%{?with_pkcs11:BuildRequires:	p11-kit-devel}
BuildRequires:	pam-devel
%{?with_pkcs11:BuildRequires:	pkcs11-helper-devel >= 1.11}
BuildRequires:	pkgconfig
BuildRequires:	rpmbuild(macros) >= 1.671
BuildRequires:	systemd-devel >= 1:217
BuildRequires:	tar >= 1:1.22
BuildRequires:	xz
Requires(post,preun):	/sbin/chkconfig
Requires(post,preun,postun):	systemd-units >= 38
Requires:	/sbin/ip
Requires:	lz4 >= 1:1.7.1
Requires:	openssl >= 1.0.2
%{?with_pkcs11:Requires:	pkcs11-helper >= 1.11}
Requires:	rc-scripts >= 0.4.3.0
Requires:	systemd-libs >= 1:217
Requires:	systemd-units >= 38
Requires:	uname(release) >= 2.4
Suggests:	%{name}-plugin-auth-pam
Suggests:	%{name}-plugin-down-root
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_localstatedir	/var

%description
OpenVPN is a robust and highly configurable VPN (Virtual Private
Network) daemon which can be used to securely link two or more private
networks using an encrypted tunnel over the internet.

%description -l pl.UTF-8
OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
internet.

%package plugin-auth-pam
Summary:	Plugin for username/password authentication via PAM
Summary(pl.UTF-8):	Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-auth-pam
The openvpn-auth-pam module implements username/password
authentication via PAM, and essentially allows any authentication
method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
passwords) to be used with OpenVPN. While PAM supports
username/password authentication, this can be combined with X509
certificates to provide two indepedent levels of authentication.

This module uses a split privilege execution model which will function
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.

%description plugin-auth-pam -l pl.UTF-8
Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
zapewniania dwóch różnych poziomów uwierzytelnienia.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
dyrektyw user, group lub chroot.

%package plugin-down-root
Summary:	Plugin to allow root after privilege drop
Summary(pl.UTF-8):	Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-down-root
The down-root module allows an OpenVPN configuration to call a down
script with root privileges, even when privileges have been dropped
using --user/--group/--chroot.

This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called. The module will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script. Thus, the down script will be run in the same execution
environment as the up script.

%description plugin-down-root -l pl.UTF-8
Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
uprawnień przy użyciu opcji --user/--group/--chroot.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
tym samym środowisku, co skrypt up.

%package devel
Summary:	Header files for OpenVPN plugins development
Summary(pl.UTF-8):	Pliki nagłówkowe do tworzenia wtyczek OpenVPN
Group:		Development/Libraries

%description devel
This is the package containing the header files for OpenVPN plugins
development.

%description devel -l pl.UTF-8
Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.

%prep
%setup -q
%patch0 -p1

sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf

%build
%{__libtoolize}
%{__aclocal} -I m4
%{__autoheader}
%{__autoconf}
%{__automake}
CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
%configure \
	IFCONFIG=/sbin/ifconfig \
	IPROUTE=/sbin/ip \
	NETSTAT=/bin/netstat \
	ROUTE=/sbin/route \
	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
        TMPFILES_DIR=%{_tmpfilesdir} \
	ac_cv_nsl_inet_ntoa=no \
	ac_cv_socket_socket=no \
	ac_cv_resolv_gethostbyname=no \
	--enable-iproute2 \
	%{?with_pkcs11:--enable-pkcs11} \
	--enable-async-push \
	--enable-selinux \
	--enable-systemd \
	--enable-x509-alt-username \
	--with-crypto-library=openssl

%{__make}

%if %{with tests}
%{__make} check
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
	$RPM_BUILD_ROOT%{systemdunitdir}-generators

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf

install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service

# we use "cp", not "install", not to pull /bin/bash dependency
cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}

%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add openvpn
%service openvpn restart "OpenVPN"
%systemd_post openvpn.target

%preun
if [ "$1" = "0" ]; then
	%service openvpn stop
	/sbin/chkconfig --del openvpn
fi
%systemd_preun openvpn.target

%postun
%systemd_reload

%triggerpostun -- openvpn < 2.3.2-2
[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
/bin/systemctl --quiet enable openvpn.target || :
exit 0

%files
%defattr(644,root,root,755)
%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* doc/management-notes.txt sample/sample-{config-files,keys,scripts}
%dir %{_sysconfdir}/openvpn
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
%attr(755,root,root) %{_sbindir}/openvpn
%attr(754,root,root) /etc/rc.d/init.d/%{name}
%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
# PLD-specific
%{systemdunitdir}/openvpn.service
%{systemdunitdir}/openvpn.target
%{systemdunitdir}/openvpn@.service
# upstream provided
#%{systemdunitdir}/openvpn-client@.service
#%{systemdunitdir}/openvpn-server@.service
%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/client.down
%attr(755,root,root) %{_libdir}/%{name}/client.up
%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
%{_mandir}/man5/openvpn-examples.5*
%{_mandir}/man8/openvpn.8*
%dir /var/run/openvpn
%{systemdtmpfilesdir}/%{name}.conf

%files plugin-auth-pam
%defattr(644,root,root,755)
%doc src/plugins/auth-pam/README.auth-pam
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so

%files plugin-down-root
%defattr(644,root,root,755)
%doc src/plugins/down-root/README.down-root
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so

%files devel
%defattr(644,root,root,755)
%doc doc/README.plugins sample/sample-plugins
%{_includedir}/openvpn-msg.h
%{_includedir}/openvpn-plugin.h
Commit	Line	Data
a4f057cc	1	# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
357bd270	2	#
3a40fd75	3	# Conditional build:
694cb9a3	4	%bcond_without pkcs11 # PKCS#11 support
e155c28e	5	%bcond_without tests
3a40fd75	6
1e54a8c4	7	Summary: VPN Daemon
f284e4d9	8	Summary(pl.UTF-8): Serwer VPN
1e54a8c4	9	Name: openvpn
ee105912	10	Version: 2.6.0
36925592	11	Release: 1
4b4dae2a	12	License: GPL v2
1e54a8c4	13	Group: Networking/Daemons
ee105912 AM	14	Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.gz
ee105912 AM	15	# Source0-md5: f46e8182bfee0b1634807e6ab2a220ef
1e54a8c4 AM	16	Source1: %{name}.init
1e54a8c4 AM	17	Source2: %{name}.sysconfig
d073bea7	18	Source3: %{name}.tmpfiles
f6fd18dc ER	19	Source4: %{name}-service-generator
	20	Source5: %{name}.target
	21	Source6: %{name}@.service
0a7f47ba	22	Source7: %{name}-update-resolv-conf
d073bea7	23	Patch0: %{name}-pam.patch
36925592	24	URL: https://www.openvpn.net/
4b4dae2a	25	BuildRequires: autoconf >= 2.59
694cb9a3	26	BuildRequires: automake >= 1:1.9
c4f969c4	27	BuildRequires: libselinux-devel
694cb9a3	28	BuildRequires: libtool
f3aaee0e	29	BuildRequires: lz4-devel >= 1:1.7.1
1e54a8c4	30	BuildRequires: lzo-devel
a4f057cc JB	31	# or mbedtls-devel >= 2
a4f057cc JB	32	BuildRequires: openssl-devel >= 1.0.2
694cb9a3	33	%{?with_pkcs11:BuildRequires: p11-kit-devel}
7367fd64	34	BuildRequires: pam-devel
694cb9a3 JB	35	%{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11}
694cb9a3 JB	36	BuildRequires: pkgconfig
22af7faa	37	BuildRequires: rpmbuild(macros) >= 1.671
f3aaee0e	38	BuildRequires: systemd-devel >= 1:217
694cb9a3 JB	39	BuildRequires: tar >= 1:1.22
694cb9a3 JB	40	BuildRequires: xz
a32abac3	41	Requires(post,preun): /sbin/chkconfig
22af7faa	42	Requires(post,preun,postun): systemd-units >= 38
dc577c8b	43	Requires: /sbin/ip
f3aaee0e	44	Requires: lz4 >= 1:1.7.1
a4f057cc	45	Requires: openssl >= 1.0.2
694cb9a3	46	%{?with_pkcs11:Requires: pkcs11-helper >= 1.11}
be1312a6	47	Requires: rc-scripts >= 0.4.3.0
f3aaee0e	48	Requires: systemd-libs >= 1:217
22af7faa	49	Requires: systemd-units >= 38
ef1142ad	50	Requires: uname(release) >= 2.4
59856f7f ER	51	Suggests: %{name}-plugin-auth-pam
59856f7f ER	52	Suggests: %{name}-plugin-down-root
1e54a8c4 AM	53	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	54
	55	%define _localstatedir /var
	56
	57	%description
	58	OpenVPN is a robust and highly configurable VPN (Virtual Private
	59	Network) daemon which can be used to securely link two or more private
	60	networks using an encrypted tunnel over the internet.
	61
22031f4a	62	%description -l pl.UTF-8
1e54a8c4	63	OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
22031f4a JR	64	Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
22031f4a JR	65	lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
1e54a8c4 AM	66	internet.
1e54a8c4 AM	67
bfa8e009 ER	68	%package plugin-auth-pam
bfa8e009 ER	69	Summary: Plugin for username/password authentication via PAM
357bd270 JB	70	Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
357bd270 JB	71	Group: Libraries
bfa8e009 ER	72	Requires: %{name} = %{version}-%{release}
	73
	74	%description plugin-auth-pam
	75	The openvpn-auth-pam module implements username/password
	76	authentication via PAM, and essentially allows any authentication
	77	method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
	78	passwords) to be used with OpenVPN. While PAM supports
	79	username/password authentication, this can be combined with X509
	80	certificates to provide two indepedent levels of authentication.
	81
	82	This module uses a split privilege execution model which will function
	83	even if you drop openvpn daemon privileges using the user, group, or
	84	chroot directives.
	85
357bd270 JB	86	%description plugin-auth-pam -l pl.UTF-8
	87	Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
	88	i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
	89	metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
	90	hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
	91	użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
	92	zapewniania dwóch różnych poziomów uwierzytelnienia.
	93
	94	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
	95	działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
	96	dyrektyw user, group lub chroot.
	97
bfa8e009 ER	98	%package plugin-down-root
bfa8e009 ER	99	Summary: Plugin to allow root after privilege drop
357bd270 JB	100	Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
357bd270 JB	101	Group: Libraries
bfa8e009 ER	102	Requires: %{name} = %{version}-%{release}
	103
	104	%description plugin-down-root
	105	The down-root module allows an OpenVPN configuration to call a down
	106	script with root privileges, even when privileges have been dropped
	107	using --user/--group/--chroot.
	108
	109	This module uses a split privilege execution model which will fork()
	110	before OpenVPN drops root privileges, at the point where the --up
	111	script is usually called. The module will then remain in a wait state
	112	until it receives a message from OpenVPN via pipe to execute the down
	113	script. Thus, the down script will be run in the same execution
	114	environment as the up script.
	115
357bd270 JB	116	%description plugin-down-root -l pl.UTF-8
	117	Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
	118	roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
	119	uprawnień przy użyciu opcji --user/--group/--chroot.
	120
	121	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
	122	wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
	123	zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
	124	oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
	125	wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
	126	tym samym środowisku, co skrypt up.
	127
088b9e85	128	%package devel
a1c1b5a0	129	Summary: Header files for OpenVPN plugins development
f284e4d9	130	Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN
088b9e85 ER	131	Group: Development/Libraries
	132
	133	%description devel
a1c1b5a0 JB	134	This is the package containing the header files for OpenVPN plugins
	135	development.
	136
22031f4a JR	137	%description devel -l pl.UTF-8
22031f4a JR	138	Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
088b9e85	139
1e54a8c4	140	%prep
da7b9d5f	141	%setup -q
7c5604b6	142	%patch0 -p1
727c4226	143
0a7f47ba	144	sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf
6b9f12e5	145
1e54a8c4	146	%build
694cb9a3	147	%{__libtoolize}
d073bea7	148	%{__aclocal} -I m4
8abf6e16	149	%{__autoheader}
	150	%{__autoconf}
	151	%{__automake}
c1560620	152	CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
8abf6e16	153	%configure \
d073bea7 AM	154	IFCONFIG=/sbin/ifconfig \
d073bea7 AM	155	IPROUTE=/sbin/ip \
694cb9a3	156	NETSTAT=/bin/netstat \
c1560620 JB	157	ROUTE=/sbin/route \
c1560620 JB	158	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
ee105912	159	TMPFILES_DIR=%{_tmpfilesdir} \
694cb9a3 JB	160	ac_cv_nsl_inet_ntoa=no \
	161	ac_cv_socket_socket=no \
	162	ac_cv_resolv_gethostbyname=no \
	163	--enable-iproute2 \
694cb9a3	164	%{?with_pkcs11:--enable-pkcs11} \
1f151bf6	165	--enable-async-push \
694cb9a3	166	--enable-selinux \
3e7c77f0	167	--enable-systemd \
1f151bf6	168	--enable-x509-alt-username \
3e7c77f0	169	--with-crypto-library=openssl
43fa42e4	170
d073bea7	171	%{__make}
088b9e85	172
e155c28e AM	173	%if %{with tests}
	174	%{__make} check
	175	%endif
	176
1e54a8c4 AM	177	%install
1e54a8c4 AM	178	rm -rf $RPM_BUILD_ROOT
c13903eb	179	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
f3908354	180	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
ec6e7d04	181	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
f6fd18dc	182	$RPM_BUILD_ROOT%{systemdunitdir}-generators
1e54a8c4	183
d073bea7 AM	184	%{__make} install \
d073bea7 AM	185	DESTDIR=$RPM_BUILD_ROOT
1e54a8c4	186
f6fd18dc ER	187	install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
	188	cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
	189	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
ec6e7d04	190
f6fd18dc	191	install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
ec6e7d04 JR	192	install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
	193	install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
	194	ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service
6f1eceea	195
0a7f47ba ER	196	# we use "cp", not "install", not to pull /bin/bash dependency
	197	cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
	198	cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
	199	cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
	200
388387bf	201	%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
f6fd18dc	202	%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
388387bf	203
1e54a8c4 AM	204	%clean
	205	rm -rf $RPM_BUILD_ROOT
	206
55a7ee18 JK	207	%post
55a7ee18 JK	208	/sbin/chkconfig --add openvpn
1a7a867b	209	%service openvpn restart "OpenVPN"
ec6e7d04	210	%systemd_post openvpn.target
55a7ee18 JK	211
	212	%preun
	213	if [ "$1" = "0" ]; then
1a7a867b	214	%service openvpn stop
55a7ee18	215	/sbin/chkconfig --del openvpn
a34b9b51	216	fi
ec6e7d04 JR	217	%systemd_preun openvpn.target
	218
	219	%postun
	220	%systemd_reload
	221
	222	%triggerpostun -- openvpn < 2.3.2-2
	223	[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
	224	[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
	225	[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
	226	export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
	227	/bin/systemctl --quiet enable openvpn.target \|\| :
	228	exit 0
55a7ee18	229
1e54a8c4 AM	230	%files
1e54a8c4 AM	231	%defattr(644,root,root,755)
ee105912	232	%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* doc/management-notes.txt sample/sample-{config-files,keys,scripts}
f063e411	233	%dir %{_sysconfdir}/openvpn
088b9e85	234	%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
1a7a867b	235	%attr(755,root,root) %{_sbindir}/openvpn
e06b2f01	236	%attr(754,root,root) /etc/rc.d/init.d/%{name}
c1560620 JB	237	%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
	238	# PLD-specific
	239	%{systemdunitdir}/openvpn.service
	240	%{systemdunitdir}/openvpn.target
	241	%{systemdunitdir}/openvpn@.service
	242	# upstream provided
	243	#%{systemdunitdir}/openvpn-client@.service
	244	#%{systemdunitdir}/openvpn-server@.service
088b9e85	245	%dir %{_libdir}/%{name}
0a7f47ba ER	246	%attr(755,root,root) %{_libdir}/%{name}/client.down
	247	%attr(755,root,root) %{_libdir}/%{name}/client.up
	248	%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
088b9e85	249	%dir %{_libdir}/%{name}/plugins
8453ecf5	250	%{_mandir}/man5/openvpn-examples.5*
388387bf	251	%{_mandir}/man8/openvpn.8*
55a7ee18	252	%dir /var/run/openvpn
f6fd18dc	253	%{systemdtmpfilesdir}/%{name}.conf
088b9e85	254
bfa8e009 ER	255	%files plugin-auth-pam
	256	%defattr(644,root,root,755)
	257	%doc src/plugins/auth-pam/README.auth-pam
	258	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so
	259
	260	%files plugin-down-root
	261	%defattr(644,root,root,755)
	262	%doc src/plugins/down-root/README.down-root
	263	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so
	264
088b9e85 ER	265	%files devel
088b9e85 ER	266	%defattr(644,root,root,755)
d073bea7	267	%doc doc/README.plugins sample/sample-plugins
24429fb3	268	%{_includedir}/openvpn-msg.h
388387bf	269	%{_includedir}/openvpn-plugin.h