1 # TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
4 %bcond_without pkcs11 # PKCS#11 support
8 Summary(pl.UTF-8): Serwer VPN
13 Group: Networking/Daemons
14 Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.gz
15 # Source0-md5: f46e8182bfee0b1634807e6ab2a220ef
17 Source2: %{name}.sysconfig
18 Source3: %{name}.tmpfiles
19 Source4: %{name}-service-generator
20 Source5: %{name}.target
21 Source6: %{name}@.service
22 Source7: %{name}-update-resolv-conf
23 Patch0: %{name}-pam.patch
24 URL: https://www.openvpn.net/
25 BuildRequires: autoconf >= 2.59
26 BuildRequires: automake >= 1:1.9
27 BuildRequires: libselinux-devel
28 BuildRequires: libtool
29 BuildRequires: lz4-devel >= 1:1.7.1
30 BuildRequires: lzo-devel
31 # or mbedtls-devel >= 2
32 BuildRequires: openssl-devel >= 1.0.2
33 %{?with_pkcs11:BuildRequires: p11-kit-devel}
34 BuildRequires: pam-devel
35 %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11}
36 BuildRequires: pkgconfig
37 BuildRequires: rpmbuild(macros) >= 1.671
38 BuildRequires: systemd-devel >= 1:217
39 BuildRequires: tar >= 1:1.22
41 Requires(post,preun): /sbin/chkconfig
42 Requires(post,preun,postun): systemd-units >= 38
44 Requires: lz4 >= 1:1.7.1
45 Requires: openssl >= 1.0.2
46 %{?with_pkcs11:Requires: pkcs11-helper >= 1.11}
47 Requires: rc-scripts >= 0.4.3.0
48 Requires: systemd-libs >= 1:217
49 Requires: systemd-units >= 38
50 Requires: uname(release) >= 2.4
51 Suggests: %{name}-plugin-auth-pam
52 Suggests: %{name}-plugin-down-root
53 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
55 %define _localstatedir /var
58 OpenVPN is a robust and highly configurable VPN (Virtual Private
59 Network) daemon which can be used to securely link two or more private
60 networks using an encrypted tunnel over the internet.
62 %description -l pl.UTF-8
63 OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
64 Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
65 lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
68 %package plugin-auth-pam
69 Summary: Plugin for username/password authentication via PAM
70 Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
72 Requires: %{name} = %{version}-%{release}
74 %description plugin-auth-pam
75 The openvpn-auth-pam module implements username/password
76 authentication via PAM, and essentially allows any authentication
77 method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
78 passwords) to be used with OpenVPN. While PAM supports
79 username/password authentication, this can be combined with X509
80 certificates to provide two indepedent levels of authentication.
82 This module uses a split privilege execution model which will function
83 even if you drop openvpn daemon privileges using the user, group, or
86 %description plugin-auth-pam -l pl.UTF-8
87 Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
88 i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
89 metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
90 hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
91 użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
92 zapewniania dwóch różnych poziomów uwierzytelnienia.
94 Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
95 działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
96 dyrektyw user, group lub chroot.
98 %package plugin-down-root
99 Summary: Plugin to allow root after privilege drop
100 Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
102 Requires: %{name} = %{version}-%{release}
104 %description plugin-down-root
105 The down-root module allows an OpenVPN configuration to call a down
106 script with root privileges, even when privileges have been dropped
107 using --user/--group/--chroot.
109 This module uses a split privilege execution model which will fork()
110 before OpenVPN drops root privileges, at the point where the --up
111 script is usually called. The module will then remain in a wait state
112 until it receives a message from OpenVPN via pipe to execute the down
113 script. Thus, the down script will be run in the same execution
114 environment as the up script.
116 %description plugin-down-root -l pl.UTF-8
117 Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
118 roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
119 uprawnień przy użyciu opcji --user/--group/--chroot.
121 Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
122 wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
123 zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
124 oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
125 wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
126 tym samym środowisku, co skrypt up.
129 Summary: Header files for OpenVPN plugins development
130 Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN
131 Group: Development/Libraries
134 This is the package containing the header files for OpenVPN plugins
137 %description devel -l pl.UTF-8
138 Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
144 sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf
152 CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
154 IFCONFIG=/sbin/ifconfig \
156 NETSTAT=/bin/netstat \
158 SYSTEMD_UNIT_DIR=%{systemdunitdir} \
159 TMPFILES_DIR=%{_tmpfilesdir} \
160 ac_cv_nsl_inet_ntoa=no \
161 ac_cv_socket_socket=no \
162 ac_cv_resolv_gethostbyname=no \
164 %{?with_pkcs11:--enable-pkcs11} \
165 --enable-async-push \
168 --enable-x509-alt-username \
169 --with-crypto-library=openssl
178 rm -rf $RPM_BUILD_ROOT
179 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
180 $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
181 $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
182 $RPM_BUILD_ROOT%{systemdunitdir}-generators
185 DESTDIR=$RPM_BUILD_ROOT
187 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
188 cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
189 cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
191 install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
192 install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
193 install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
194 ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service
196 # we use "cp", not "install", not to pull /bin/bash dependency
197 cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
198 cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
199 cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
201 %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
202 %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
205 rm -rf $RPM_BUILD_ROOT
208 /sbin/chkconfig --add openvpn
209 %service openvpn restart "OpenVPN"
210 %systemd_post openvpn.target
213 if [ "$1" = "0" ]; then
214 %service openvpn stop
215 /sbin/chkconfig --del openvpn
217 %systemd_preun openvpn.target
222 %triggerpostun -- openvpn < 2.3.2-2
223 [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
224 [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
225 [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
226 export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
227 /bin/systemctl --quiet enable openvpn.target || :
231 %defattr(644,root,root,755)
232 %doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* doc/management-notes.txt sample/sample-{config-files,keys,scripts}
233 %dir %{_sysconfdir}/openvpn
234 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
235 %attr(755,root,root) %{_sbindir}/openvpn
236 %attr(754,root,root) /etc/rc.d/init.d/%{name}
237 %attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
239 %{systemdunitdir}/openvpn.service
240 %{systemdunitdir}/openvpn.target
241 %{systemdunitdir}/openvpn@.service
243 #%{systemdunitdir}/openvpn-client@.service
244 #%{systemdunitdir}/openvpn-server@.service
245 %dir %{_libdir}/%{name}
246 %attr(755,root,root) %{_libdir}/%{name}/client.down
247 %attr(755,root,root) %{_libdir}/%{name}/client.up
248 %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
249 %dir %{_libdir}/%{name}/plugins
250 %{_mandir}/man5/openvpn-examples.5*
251 %{_mandir}/man8/openvpn.8*
252 %dir /var/run/openvpn
253 %{systemdtmpfilesdir}/%{name}.conf
255 %files plugin-auth-pam
256 %defattr(644,root,root,755)
257 %doc src/plugins/auth-pam/README.auth-pam
258 %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so
260 %files plugin-down-root
261 %defattr(644,root,root,755)
262 %doc src/plugins/down-root/README.down-root
263 %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so
266 %defattr(644,root,root,755)
267 %doc doc/README.plugins sample/sample-plugins
268 %{_includedir}/openvpn-msg.h
269 %{_includedir}/openvpn-plugin.h