[packages/openvpn.git] / openvpn.spec

# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
#
# Conditional build:
%bcond_without	pkcs11		# PKCS#11 support
%bcond_without	tests

Summary:	VPN Daemon
Summary(pl.UTF-8):	Serwer VPN
Name:		openvpn
Version:	2.5.4
Release:	1
License:	GPL v2
Group:		Networking/Daemons
Source0:	https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
# Source0-md5:	336be3b2388cdc65dd8c81f22b1c2836
Source1:	%{name}.init
Source2:	%{name}.sysconfig
Source3:	%{name}.tmpfiles
Source4:	%{name}-service-generator
Source5:	%{name}.target
Source6:	%{name}@.service
Source7:	%{name}-update-resolv-conf
Patch0:		%{name}-pam.patch
Patch1:		unsupported-ciphers.patch
Patch100:	0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
Patch101:	0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
Patch102:	0040-Remove-DES-check-with-OpenSSL-3.0.patch
Patch103:	0043-Ensure-the-current-common_name-is-in-the-environment.patch
Patch104:	0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
Patch105:	0045-Do-not-allow-CTS-ciphers.patch
Patch106:	0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
Patch107:	0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
URL:		https://www.openvpn.net/
BuildRequires:	autoconf >= 2.59
BuildRequires:	automake >= 1:1.9
BuildRequires:	libselinux-devel
BuildRequires:	libtool
BuildRequires:	lz4-devel >= 1:1.7.1
BuildRequires:	lzo-devel
# or mbedtls-devel >= 2
BuildRequires:	openssl-devel >= 1.0.2
%{?with_pkcs11:BuildRequires:	p11-kit-devel}
BuildRequires:	pam-devel
%{?with_pkcs11:BuildRequires:	pkcs11-helper-devel >= 1.11}
BuildRequires:	pkgconfig
BuildRequires:	rpmbuild(macros) >= 1.671
BuildRequires:	systemd-devel >= 1:217
BuildRequires:	tar >= 1:1.22
BuildRequires:	xz
Requires(post,preun):	/sbin/chkconfig
Requires(post,preun,postun):	systemd-units >= 38
Requires:	/sbin/ip
Requires:	lz4 >= 1:1.7.1
Requires:	openssl >= 1.0.2
%{?with_pkcs11:Requires:	pkcs11-helper >= 1.11}
Requires:	rc-scripts >= 0.4.3.0
Requires:	systemd-libs >= 1:217
Requires:	systemd-units >= 38
Requires:	uname(release) >= 2.4
Suggests:	%{name}-plugin-auth-pam
Suggests:	%{name}-plugin-down-root
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_localstatedir	/var

%description
OpenVPN is a robust and highly configurable VPN (Virtual Private
Network) daemon which can be used to securely link two or more private
networks using an encrypted tunnel over the internet.

%description -l pl.UTF-8
OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
internet.

%package plugin-auth-pam
Summary:	Plugin for username/password authentication via PAM
Summary(pl.UTF-8):	Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-auth-pam
The openvpn-auth-pam module implements username/password
authentication via PAM, and essentially allows any authentication
method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
passwords) to be used with OpenVPN. While PAM supports
username/password authentication, this can be combined with X509
certificates to provide two indepedent levels of authentication.

This module uses a split privilege execution model which will function
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.

%description plugin-auth-pam -l pl.UTF-8
Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
zapewniania dwóch różnych poziomów uwierzytelnienia.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
dyrektyw user, group lub chroot.

%package plugin-down-root
Summary:	Plugin to allow root after privilege drop
Summary(pl.UTF-8):	Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description plugin-down-root
The down-root module allows an OpenVPN configuration to call a down
script with root privileges, even when privileges have been dropped
using --user/--group/--chroot.

This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called. The module will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script. Thus, the down script will be run in the same execution
environment as the up script.

%description plugin-down-root -l pl.UTF-8
Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
uprawnień przy użyciu opcji --user/--group/--chroot.

Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
tym samym środowisku, co skrypt up.

%package devel
Summary:	Header files for OpenVPN plugins development
Summary(pl.UTF-8):	Pliki nagłówkowe do tworzenia wtyczek OpenVPN
Group:		Development/Libraries

%description devel
This is the package containing the header files for OpenVPN plugins
development.

%description devel -l pl.UTF-8
Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.

%prep
%setup -q
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch0 -p1
%patch1 -p1

sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf

%build
%{__libtoolize}
%{__aclocal} -I m4
%{__autoheader}
%{__autoconf}
%{__automake}
CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
%configure \
	IFCONFIG=/sbin/ifconfig \
	IPROUTE=/sbin/ip \
	NETSTAT=/bin/netstat \
	ROUTE=/sbin/route \
	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
	ac_cv_nsl_inet_ntoa=no \
	ac_cv_socket_socket=no \
	ac_cv_resolv_gethostbyname=no \
	--enable-iproute2 \
	%{?with_pkcs11:--enable-pkcs11} \
	--enable-async-push \
	--enable-selinux \
	--enable-systemd \
	--enable-x509-alt-username \
	--with-crypto-library=openssl

%{__make}

%if %{with tests}
%{__make} check
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
	$RPM_BUILD_ROOT%{systemdunitdir}-generators

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf

install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service

# we use "cp", not "install", not to pull /bin/bash dependency
cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}

%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add openvpn
%service openvpn restart "OpenVPN"
%systemd_post openvpn.target

%preun
if [ "$1" = "0" ]; then
	%service openvpn stop
	/sbin/chkconfig --del openvpn
fi
%systemd_preun openvpn.target

%postun
%systemd_reload

%triggerpostun -- openvpn < 2.3.2-2
[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
/bin/systemctl --quiet enable openvpn.target || :
exit 0

%files
%defattr(644,root,root,755)
%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts}
%dir %{_sysconfdir}/openvpn
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
%attr(755,root,root) %{_sbindir}/openvpn
%attr(754,root,root) /etc/rc.d/init.d/%{name}
%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
# PLD-specific
%{systemdunitdir}/openvpn.service
%{systemdunitdir}/openvpn.target
%{systemdunitdir}/openvpn@.service
# upstream provided
#%{systemdunitdir}/openvpn-client@.service
#%{systemdunitdir}/openvpn-server@.service
%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/client.down
%attr(755,root,root) %{_libdir}/%{name}/client.up
%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
%{_mandir}/man8/openvpn.8*
%dir /var/run/openvpn
%{systemdtmpfilesdir}/%{name}.conf

%files plugin-auth-pam
%defattr(644,root,root,755)
%doc src/plugins/auth-pam/README.auth-pam
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so

%files plugin-down-root
%defattr(644,root,root,755)
%doc src/plugins/down-root/README.down-root
%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so

%files devel
%defattr(644,root,root,755)
%doc doc/README.plugins sample/sample-plugins
%{_includedir}/openvpn-msg.h
%{_includedir}/openvpn-plugin.h
Commit	Line	Data
a4f057cc	1	# TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
357bd270	2	#
3a40fd75	3	# Conditional build:
694cb9a3	4	%bcond_without pkcs11 # PKCS#11 support
e155c28e	5	%bcond_without tests
3a40fd75	6
1e54a8c4	7	Summary: VPN Daemon
f284e4d9	8	Summary(pl.UTF-8): Serwer VPN
1e54a8c4	9	Name: openvpn
13eb918b	10	Version: 2.5.4
36925592	11	Release: 1
4b4dae2a	12	License: GPL v2
1e54a8c4	13	Group: Networking/Daemons
36925592	14	Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
13eb918b	15	# Source0-md5: 336be3b2388cdc65dd8c81f22b1c2836
1e54a8c4 AM	16	Source1: %{name}.init
1e54a8c4 AM	17	Source2: %{name}.sysconfig
d073bea7	18	Source3: %{name}.tmpfiles
f6fd18dc ER	19	Source4: %{name}-service-generator
	20	Source5: %{name}.target
	21	Source6: %{name}@.service
0a7f47ba	22	Source7: %{name}-update-resolv-conf
d073bea7	23	Patch0: %{name}-pam.patch
fd3387b8	24	Patch1: unsupported-ciphers.patch
4d7e3f68 JR	25	Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
	26	Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
	27	Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch
	28	Patch103: 0043-Ensure-the-current-common_name-is-in-the-environment.patch
	29	Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
	30	Patch105: 0045-Do-not-allow-CTS-ciphers.patch
	31	Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
	32	Patch107: 0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
36925592	33	URL: https://www.openvpn.net/
4b4dae2a	34	BuildRequires: autoconf >= 2.59
694cb9a3	35	BuildRequires: automake >= 1:1.9
c4f969c4	36	BuildRequires: libselinux-devel
694cb9a3	37	BuildRequires: libtool
f3aaee0e	38	BuildRequires: lz4-devel >= 1:1.7.1
1e54a8c4	39	BuildRequires: lzo-devel
a4f057cc JB	40	# or mbedtls-devel >= 2
a4f057cc JB	41	BuildRequires: openssl-devel >= 1.0.2
694cb9a3	42	%{?with_pkcs11:BuildRequires: p11-kit-devel}
7367fd64	43	BuildRequires: pam-devel
694cb9a3 JB	44	%{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11}
694cb9a3 JB	45	BuildRequires: pkgconfig
22af7faa	46	BuildRequires: rpmbuild(macros) >= 1.671
f3aaee0e	47	BuildRequires: systemd-devel >= 1:217
694cb9a3 JB	48	BuildRequires: tar >= 1:1.22
694cb9a3 JB	49	BuildRequires: xz
a32abac3	50	Requires(post,preun): /sbin/chkconfig
22af7faa	51	Requires(post,preun,postun): systemd-units >= 38
dc577c8b	52	Requires: /sbin/ip
f3aaee0e	53	Requires: lz4 >= 1:1.7.1
a4f057cc	54	Requires: openssl >= 1.0.2
694cb9a3	55	%{?with_pkcs11:Requires: pkcs11-helper >= 1.11}
be1312a6	56	Requires: rc-scripts >= 0.4.3.0
f3aaee0e	57	Requires: systemd-libs >= 1:217
22af7faa	58	Requires: systemd-units >= 38
ef1142ad	59	Requires: uname(release) >= 2.4
59856f7f ER	60	Suggests: %{name}-plugin-auth-pam
59856f7f ER	61	Suggests: %{name}-plugin-down-root
1e54a8c4 AM	62	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	63
	64	%define _localstatedir /var
	65
	66	%description
	67	OpenVPN is a robust and highly configurable VPN (Virtual Private
	68	Network) daemon which can be used to securely link two or more private
	69	networks using an encrypted tunnel over the internet.
	70
22031f4a	71	%description -l pl.UTF-8
1e54a8c4	72	OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
22031f4a JR	73	Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
22031f4a JR	74	lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
1e54a8c4 AM	75	internet.
1e54a8c4 AM	76
bfa8e009 ER	77	%package plugin-auth-pam
bfa8e009 ER	78	Summary: Plugin for username/password authentication via PAM
357bd270 JB	79	Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
357bd270 JB	80	Group: Libraries
bfa8e009 ER	81	Requires: %{name} = %{version}-%{release}
	82
	83	%description plugin-auth-pam
	84	The openvpn-auth-pam module implements username/password
	85	authentication via PAM, and essentially allows any authentication
	86	method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
	87	passwords) to be used with OpenVPN. While PAM supports
	88	username/password authentication, this can be combined with X509
	89	certificates to provide two indepedent levels of authentication.
	90
	91	This module uses a split privilege execution model which will function
	92	even if you drop openvpn daemon privileges using the user, group, or
	93	chroot directives.
	94
357bd270 JB	95	%description plugin-auth-pam -l pl.UTF-8
	96	Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
	97	i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
	98	metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
	99	hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
	100	użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
	101	zapewniania dwóch różnych poziomów uwierzytelnienia.
	102
	103	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
	104	działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
	105	dyrektyw user, group lub chroot.
	106
bfa8e009 ER	107	%package plugin-down-root
bfa8e009 ER	108	Summary: Plugin to allow root after privilege drop
357bd270 JB	109	Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
357bd270 JB	110	Group: Libraries
bfa8e009 ER	111	Requires: %{name} = %{version}-%{release}
	112
	113	%description plugin-down-root
	114	The down-root module allows an OpenVPN configuration to call a down
	115	script with root privileges, even when privileges have been dropped
	116	using --user/--group/--chroot.
	117
	118	This module uses a split privilege execution model which will fork()
	119	before OpenVPN drops root privileges, at the point where the --up
	120	script is usually called. The module will then remain in a wait state
	121	until it receives a message from OpenVPN via pipe to execute the down
	122	script. Thus, the down script will be run in the same execution
	123	environment as the up script.
	124
357bd270 JB	125	%description plugin-down-root -l pl.UTF-8
	126	Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
	127	roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
	128	uprawnień przy użyciu opcji --user/--group/--chroot.
	129
	130	Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
	131	wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
	132	zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
	133	oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
	134	wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
	135	tym samym środowisku, co skrypt up.
	136
088b9e85	137	%package devel
a1c1b5a0	138	Summary: Header files for OpenVPN plugins development
f284e4d9	139	Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN
088b9e85 ER	140	Group: Development/Libraries
	141
	142	%description devel
a1c1b5a0 JB	143	This is the package containing the header files for OpenVPN plugins
	144	development.
	145
22031f4a JR	146	%description devel -l pl.UTF-8
22031f4a JR	147	Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
088b9e85	148
1e54a8c4	149	%prep
da7b9d5f	150	%setup -q
4d7e3f68 JR	151	%patch100 -p1
	152	%patch101 -p1
	153	%patch102 -p1
	154	%patch103 -p1
	155	%patch104 -p1
	156	%patch105 -p1
	157	%patch106 -p1
	158	%patch107 -p1
7c5604b6	159	%patch0 -p1
fd3387b8	160	%patch1 -p1
727c4226	161
0a7f47ba	162	sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf
6b9f12e5	163
1e54a8c4	164	%build
694cb9a3	165	%{__libtoolize}
d073bea7	166	%{__aclocal} -I m4
8abf6e16	167	%{__autoheader}
	168	%{__autoconf}
	169	%{__automake}
c1560620	170	CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
8abf6e16	171	%configure \
d073bea7 AM	172	IFCONFIG=/sbin/ifconfig \
d073bea7 AM	173	IPROUTE=/sbin/ip \
694cb9a3	174	NETSTAT=/bin/netstat \
c1560620 JB	175	ROUTE=/sbin/route \
c1560620 JB	176	SYSTEMD_UNIT_DIR=%{systemdunitdir} \
694cb9a3 JB	177	ac_cv_nsl_inet_ntoa=no \
	178	ac_cv_socket_socket=no \
	179	ac_cv_resolv_gethostbyname=no \
	180	--enable-iproute2 \
694cb9a3	181	%{?with_pkcs11:--enable-pkcs11} \
1f151bf6	182	--enable-async-push \
694cb9a3	183	--enable-selinux \
3e7c77f0	184	--enable-systemd \
1f151bf6	185	--enable-x509-alt-username \
3e7c77f0	186	--with-crypto-library=openssl
43fa42e4	187
d073bea7	188	%{__make}
088b9e85	189
e155c28e AM	190	%if %{with tests}
	191	%{__make} check
	192	%endif
	193
1e54a8c4 AM	194	%install
1e54a8c4 AM	195	rm -rf $RPM_BUILD_ROOT
c13903eb	196	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
f3908354	197	$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
ec6e7d04	198	$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
f6fd18dc	199	$RPM_BUILD_ROOT%{systemdunitdir}-generators
1e54a8c4	200
d073bea7 AM	201	%{__make} install \
d073bea7 AM	202	DESTDIR=$RPM_BUILD_ROOT
1e54a8c4	203
f6fd18dc ER	204	install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
	205	cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
	206	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
ec6e7d04	207
f6fd18dc	208	install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
ec6e7d04 JR	209	install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
	210	install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
	211	ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service
6f1eceea	212
0a7f47ba ER	213	# we use "cp", not "install", not to pull /bin/bash dependency
	214	cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
	215	cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
	216	cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
	217
388387bf	218	%{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
f6fd18dc	219	%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
388387bf	220
1e54a8c4 AM	221	%clean
	222	rm -rf $RPM_BUILD_ROOT
	223
55a7ee18 JK	224	%post
55a7ee18 JK	225	/sbin/chkconfig --add openvpn
1a7a867b	226	%service openvpn restart "OpenVPN"
ec6e7d04	227	%systemd_post openvpn.target
55a7ee18 JK	228
	229	%preun
	230	if [ "$1" = "0" ]; then
1a7a867b	231	%service openvpn stop
55a7ee18	232	/sbin/chkconfig --del openvpn
a34b9b51	233	fi
ec6e7d04 JR	234	%systemd_preun openvpn.target
	235
	236	%postun
	237	%systemd_reload
	238
	239	%triggerpostun -- openvpn < 2.3.2-2
	240	[ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
	241	[ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
	242	[ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
	243	export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
	244	/bin/systemctl --quiet enable openvpn.target \|\| :
	245	exit 0
55a7ee18	246
1e54a8c4 AM	247	%files
1e54a8c4 AM	248	%defattr(644,root,root,755)
f3aaee0e	249	%doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts}
f063e411	250	%dir %{_sysconfdir}/openvpn
088b9e85	251	%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
1a7a867b	252	%attr(755,root,root) %{_sbindir}/openvpn
e06b2f01	253	%attr(754,root,root) /etc/rc.d/init.d/%{name}
c1560620 JB	254	%attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
	255	# PLD-specific
	256	%{systemdunitdir}/openvpn.service
	257	%{systemdunitdir}/openvpn.target
	258	%{systemdunitdir}/openvpn@.service
	259	# upstream provided
	260	#%{systemdunitdir}/openvpn-client@.service
	261	#%{systemdunitdir}/openvpn-server@.service
088b9e85	262	%dir %{_libdir}/%{name}
0a7f47ba ER	263	%attr(755,root,root) %{_libdir}/%{name}/client.down
	264	%attr(755,root,root) %{_libdir}/%{name}/client.up
	265	%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
088b9e85	266	%dir %{_libdir}/%{name}/plugins
388387bf	267	%{_mandir}/man8/openvpn.8*
55a7ee18	268	%dir /var/run/openvpn
f6fd18dc	269	%{systemdtmpfilesdir}/%{name}.conf
088b9e85	270
bfa8e009 ER	271	%files plugin-auth-pam
	272	%defattr(644,root,root,755)
	273	%doc src/plugins/auth-pam/README.auth-pam
	274	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so
	275
	276	%files plugin-down-root
	277	%defattr(644,root,root,755)
	278	%doc src/plugins/down-root/README.down-root
	279	%attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so
	280
088b9e85 ER	281	%files devel
088b9e85 ER	282	%defattr(644,root,root,755)
d073bea7	283	%doc doc/README.plugins sample/sample-plugins
24429fb3	284	%{_includedir}/openvpn-msg.h
388387bf	285	%{_includedir}/openvpn-plugin.h