]>
Commit | Line | Data |
---|---|---|
a4f057cc | 1 | # TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section) |
357bd270 | 2 | # |
3a40fd75 | 3 | # Conditional build: |
694cb9a3 | 4 | %bcond_without pkcs11 # PKCS#11 support |
e155c28e | 5 | %bcond_without tests |
3a40fd75 | 6 | |
1e54a8c4 | 7 | Summary: VPN Daemon |
f284e4d9 | 8 | Summary(pl.UTF-8): Serwer VPN |
1e54a8c4 | 9 | Name: openvpn |
ee105912 | 10 | Version: 2.6.0 |
36925592 | 11 | Release: 1 |
4b4dae2a | 12 | License: GPL v2 |
1e54a8c4 | 13 | Group: Networking/Daemons |
ee105912 AM |
14 | Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.gz |
15 | # Source0-md5: f46e8182bfee0b1634807e6ab2a220ef | |
1e54a8c4 AM |
16 | Source1: %{name}.init |
17 | Source2: %{name}.sysconfig | |
d073bea7 | 18 | Source3: %{name}.tmpfiles |
f6fd18dc ER |
19 | Source4: %{name}-service-generator |
20 | Source5: %{name}.target | |
21 | Source6: %{name}@.service | |
0a7f47ba | 22 | Source7: %{name}-update-resolv-conf |
d073bea7 | 23 | Patch0: %{name}-pam.patch |
36925592 | 24 | URL: https://www.openvpn.net/ |
4b4dae2a | 25 | BuildRequires: autoconf >= 2.59 |
694cb9a3 | 26 | BuildRequires: automake >= 1:1.9 |
c4f969c4 | 27 | BuildRequires: libselinux-devel |
694cb9a3 | 28 | BuildRequires: libtool |
f3aaee0e | 29 | BuildRequires: lz4-devel >= 1:1.7.1 |
1e54a8c4 | 30 | BuildRequires: lzo-devel |
a4f057cc JB |
31 | # or mbedtls-devel >= 2 |
32 | BuildRequires: openssl-devel >= 1.0.2 | |
694cb9a3 | 33 | %{?with_pkcs11:BuildRequires: p11-kit-devel} |
7367fd64 | 34 | BuildRequires: pam-devel |
694cb9a3 JB |
35 | %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11} |
36 | BuildRequires: pkgconfig | |
22af7faa | 37 | BuildRequires: rpmbuild(macros) >= 1.671 |
f3aaee0e | 38 | BuildRequires: systemd-devel >= 1:217 |
694cb9a3 JB |
39 | BuildRequires: tar >= 1:1.22 |
40 | BuildRequires: xz | |
a32abac3 | 41 | Requires(post,preun): /sbin/chkconfig |
22af7faa | 42 | Requires(post,preun,postun): systemd-units >= 38 |
dc577c8b | 43 | Requires: /sbin/ip |
f3aaee0e | 44 | Requires: lz4 >= 1:1.7.1 |
a4f057cc | 45 | Requires: openssl >= 1.0.2 |
694cb9a3 | 46 | %{?with_pkcs11:Requires: pkcs11-helper >= 1.11} |
be1312a6 | 47 | Requires: rc-scripts >= 0.4.3.0 |
f3aaee0e | 48 | Requires: systemd-libs >= 1:217 |
22af7faa | 49 | Requires: systemd-units >= 38 |
ef1142ad | 50 | Requires: uname(release) >= 2.4 |
59856f7f ER |
51 | Suggests: %{name}-plugin-auth-pam |
52 | Suggests: %{name}-plugin-down-root | |
1e54a8c4 AM |
53 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
54 | ||
55 | %define _localstatedir /var | |
56 | ||
57 | %description | |
58 | OpenVPN is a robust and highly configurable VPN (Virtual Private | |
59 | Network) daemon which can be used to securely link two or more private | |
60 | networks using an encrypted tunnel over the internet. | |
61 | ||
22031f4a | 62 | %description -l pl.UTF-8 |
1e54a8c4 | 63 | OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne |
22031f4a JR |
64 | Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch |
65 | lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez | |
1e54a8c4 AM |
66 | internet. |
67 | ||
bfa8e009 ER |
68 | %package plugin-auth-pam |
69 | Summary: Plugin for username/password authentication via PAM | |
357bd270 JB |
70 | Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM |
71 | Group: Libraries | |
bfa8e009 ER |
72 | Requires: %{name} = %{version}-%{release} |
73 | ||
74 | %description plugin-auth-pam | |
75 | The openvpn-auth-pam module implements username/password | |
76 | authentication via PAM, and essentially allows any authentication | |
77 | method supported by PAM (such as LDAP, RADIUS, or Linux Shadow | |
78 | passwords) to be used with OpenVPN. While PAM supports | |
79 | username/password authentication, this can be combined with X509 | |
80 | certificates to provide two indepedent levels of authentication. | |
81 | ||
82 | This module uses a split privilege execution model which will function | |
83 | even if you drop openvpn daemon privileges using the user, group, or | |
84 | chroot directives. | |
85 | ||
357bd270 JB |
86 | %description plugin-auth-pam -l pl.UTF-8 |
87 | Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika | |
88 | i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej | |
89 | metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS, | |
90 | hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą | |
91 | użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu | |
92 | zapewniania dwóch różnych poziomów uwierzytelnienia. | |
93 | ||
94 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co | |
95 | działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu | |
96 | dyrektyw user, group lub chroot. | |
97 | ||
bfa8e009 ER |
98 | %package plugin-down-root |
99 | Summary: Plugin to allow root after privilege drop | |
357bd270 JB |
100 | Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień |
101 | Group: Libraries | |
bfa8e009 ER |
102 | Requires: %{name} = %{version}-%{release} |
103 | ||
104 | %description plugin-down-root | |
105 | The down-root module allows an OpenVPN configuration to call a down | |
106 | script with root privileges, even when privileges have been dropped | |
107 | using --user/--group/--chroot. | |
108 | ||
109 | This module uses a split privilege execution model which will fork() | |
110 | before OpenVPN drops root privileges, at the point where the --up | |
111 | script is usually called. The module will then remain in a wait state | |
112 | until it receives a message from OpenVPN via pipe to execute the down | |
113 | script. Thus, the down script will be run in the same execution | |
114 | environment as the up script. | |
115 | ||
357bd270 JB |
116 | %description plugin-down-root -l pl.UTF-8 |
117 | Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami | |
118 | roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia | |
119 | uprawnień przy użyciu opcji --user/--group/--chroot. | |
120 | ||
121 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który | |
122 | wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie | |
123 | zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie | |
124 | oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby | |
125 | wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w | |
126 | tym samym środowisku, co skrypt up. | |
127 | ||
088b9e85 | 128 | %package devel |
a1c1b5a0 | 129 | Summary: Header files for OpenVPN plugins development |
f284e4d9 | 130 | Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN |
088b9e85 ER |
131 | Group: Development/Libraries |
132 | ||
133 | %description devel | |
a1c1b5a0 JB |
134 | This is the package containing the header files for OpenVPN plugins |
135 | development. | |
136 | ||
22031f4a JR |
137 | %description devel -l pl.UTF-8 |
138 | Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN. | |
088b9e85 | 139 | |
1e54a8c4 | 140 | %prep |
da7b9d5f | 141 | %setup -q |
7c5604b6 | 142 | %patch0 -p1 |
727c4226 | 143 | |
0a7f47ba | 144 | sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf |
6b9f12e5 | 145 | |
1e54a8c4 | 146 | %build |
694cb9a3 | 147 | %{__libtoolize} |
d073bea7 | 148 | %{__aclocal} -I m4 |
8abf6e16 | 149 | %{__autoheader} |
150 | %{__autoconf} | |
151 | %{__automake} | |
c1560620 | 152 | CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)" |
8abf6e16 | 153 | %configure \ |
d073bea7 AM |
154 | IFCONFIG=/sbin/ifconfig \ |
155 | IPROUTE=/sbin/ip \ | |
694cb9a3 | 156 | NETSTAT=/bin/netstat \ |
c1560620 JB |
157 | ROUTE=/sbin/route \ |
158 | SYSTEMD_UNIT_DIR=%{systemdunitdir} \ | |
ee105912 | 159 | TMPFILES_DIR=%{_tmpfilesdir} \ |
694cb9a3 JB |
160 | ac_cv_nsl_inet_ntoa=no \ |
161 | ac_cv_socket_socket=no \ | |
162 | ac_cv_resolv_gethostbyname=no \ | |
163 | --enable-iproute2 \ | |
694cb9a3 | 164 | %{?with_pkcs11:--enable-pkcs11} \ |
1f151bf6 | 165 | --enable-async-push \ |
694cb9a3 | 166 | --enable-selinux \ |
3e7c77f0 | 167 | --enable-systemd \ |
1f151bf6 | 168 | --enable-x509-alt-username \ |
3e7c77f0 | 169 | --with-crypto-library=openssl |
43fa42e4 | 170 | |
d073bea7 | 171 | %{__make} |
088b9e85 | 172 | |
e155c28e AM |
173 | %if %{with tests} |
174 | %{__make} check | |
175 | %endif | |
176 | ||
1e54a8c4 AM |
177 | %install |
178 | rm -rf $RPM_BUILD_ROOT | |
c13903eb | 179 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \ |
f3908354 | 180 | $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \ |
ec6e7d04 | 181 | $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \ |
f6fd18dc | 182 | $RPM_BUILD_ROOT%{systemdunitdir}-generators |
1e54a8c4 | 183 | |
d073bea7 AM |
184 | %{__make} install \ |
185 | DESTDIR=$RPM_BUILD_ROOT | |
1e54a8c4 | 186 | |
f6fd18dc ER |
187 | install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
188 | cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} | |
189 | cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf | |
ec6e7d04 | 190 | |
f6fd18dc | 191 | install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator |
ec6e7d04 JR |
192 | install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target |
193 | install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service | |
194 | ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service | |
6f1eceea | 195 | |
0a7f47ba ER |
196 | # we use "cp", not "install", not to pull /bin/bash dependency |
197 | cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name} | |
198 | cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name} | |
199 | cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name} | |
200 | ||
388387bf | 201 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la |
f6fd18dc | 202 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name} |
388387bf | 203 | |
1e54a8c4 AM |
204 | %clean |
205 | rm -rf $RPM_BUILD_ROOT | |
206 | ||
55a7ee18 JK |
207 | %post |
208 | /sbin/chkconfig --add openvpn | |
1a7a867b | 209 | %service openvpn restart "OpenVPN" |
ec6e7d04 | 210 | %systemd_post openvpn.target |
55a7ee18 JK |
211 | |
212 | %preun | |
213 | if [ "$1" = "0" ]; then | |
1a7a867b | 214 | %service openvpn stop |
55a7ee18 | 215 | /sbin/chkconfig --del openvpn |
a34b9b51 | 216 | fi |
ec6e7d04 JR |
217 | %systemd_preun openvpn.target |
218 | ||
219 | %postun | |
220 | %systemd_reload | |
221 | ||
222 | %triggerpostun -- openvpn < 2.3.2-2 | |
223 | [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm | |
224 | [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0 | |
225 | [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0 | |
226 | export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog | |
227 | /bin/systemctl --quiet enable openvpn.target || : | |
228 | exit 0 | |
55a7ee18 | 229 | |
1e54a8c4 AM |
230 | %files |
231 | %defattr(644,root,root,755) | |
ee105912 | 232 | %doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* doc/management-notes.txt sample/sample-{config-files,keys,scripts} |
f063e411 | 233 | %dir %{_sysconfdir}/openvpn |
088b9e85 | 234 | %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} |
1a7a867b | 235 | %attr(755,root,root) %{_sbindir}/openvpn |
e06b2f01 | 236 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c1560620 JB |
237 | %attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator |
238 | # PLD-specific | |
239 | %{systemdunitdir}/openvpn.service | |
240 | %{systemdunitdir}/openvpn.target | |
241 | %{systemdunitdir}/openvpn@.service | |
242 | # upstream provided | |
243 | #%{systemdunitdir}/openvpn-client@.service | |
244 | #%{systemdunitdir}/openvpn-server@.service | |
088b9e85 | 245 | %dir %{_libdir}/%{name} |
0a7f47ba ER |
246 | %attr(755,root,root) %{_libdir}/%{name}/client.down |
247 | %attr(755,root,root) %{_libdir}/%{name}/client.up | |
248 | %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf | |
088b9e85 | 249 | %dir %{_libdir}/%{name}/plugins |
8453ecf5 | 250 | %{_mandir}/man5/openvpn-examples.5* |
388387bf | 251 | %{_mandir}/man8/openvpn.8* |
55a7ee18 | 252 | %dir /var/run/openvpn |
f6fd18dc | 253 | %{systemdtmpfilesdir}/%{name}.conf |
088b9e85 | 254 | |
bfa8e009 ER |
255 | %files plugin-auth-pam |
256 | %defattr(644,root,root,755) | |
257 | %doc src/plugins/auth-pam/README.auth-pam | |
258 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so | |
259 | ||
260 | %files plugin-down-root | |
261 | %defattr(644,root,root,755) | |
262 | %doc src/plugins/down-root/README.down-root | |
263 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so | |
264 | ||
088b9e85 ER |
265 | %files devel |
266 | %defattr(644,root,root,755) | |
d073bea7 | 267 | %doc doc/README.plugins sample/sample-plugins |
24429fb3 | 268 | %{_includedir}/openvpn-msg.h |
388387bf | 269 | %{_includedir}/openvpn-plugin.h |