1 # TODO: compare PLD vs upstream provided systemd support, maybe we can switch? (see also files section)
4 %bcond_without pkcs11 # PKCS#11 support
8 Summary(pl.UTF-8): Serwer VPN
13 Group: Networking/Daemons
14 Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
15 # Source0-md5: 6893bc6b4cc24b15471408200864ce3f
17 Source2: %{name}.sysconfig
18 Source3: %{name}.tmpfiles
19 Source4: %{name}-service-generator
20 Source5: %{name}.target
21 Source6: %{name}@.service
22 Source7: %{name}-update-resolv-conf
23 Patch0: %{name}-pam.patch
24 Patch1: unsupported-ciphers.patch
25 URL: https://www.openvpn.net/
26 BuildRequires: autoconf >= 2.59
27 BuildRequires: automake >= 1:1.9
28 BuildRequires: libselinux-devel
29 BuildRequires: libtool
30 BuildRequires: lz4-devel >= 1:1.7.1
31 BuildRequires: lzo-devel
32 # or mbedtls-devel >= 2
33 BuildRequires: openssl-devel >= 1.0.2
34 %{?with_pkcs11:BuildRequires: p11-kit-devel}
35 BuildRequires: pam-devel
36 %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11}
37 BuildRequires: pkgconfig
38 BuildRequires: rpmbuild(macros) >= 1.671
39 BuildRequires: systemd-devel >= 1:217
40 BuildRequires: tar >= 1:1.22
42 Requires(post,preun): /sbin/chkconfig
43 Requires(post,preun,postun): systemd-units >= 38
45 Requires: lz4 >= 1:1.7.1
46 Requires: openssl >= 1.0.2
47 %{?with_pkcs11:Requires: pkcs11-helper >= 1.11}
48 Requires: rc-scripts >= 0.4.3.0
49 Requires: systemd-libs >= 1:217
50 Requires: systemd-units >= 38
51 Requires: uname(release) >= 2.4
52 Suggests: %{name}-plugin-auth-pam
53 Suggests: %{name}-plugin-down-root
54 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
56 %define _localstatedir /var
59 OpenVPN is a robust and highly configurable VPN (Virtual Private
60 Network) daemon which can be used to securely link two or more private
61 networks using an encrypted tunnel over the internet.
63 %description -l pl.UTF-8
64 OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne
65 Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch
66 lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez
69 %package plugin-auth-pam
70 Summary: Plugin for username/password authentication via PAM
71 Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM
73 Requires: %{name} = %{version}-%{release}
75 %description plugin-auth-pam
76 The openvpn-auth-pam module implements username/password
77 authentication via PAM, and essentially allows any authentication
78 method supported by PAM (such as LDAP, RADIUS, or Linux Shadow
79 passwords) to be used with OpenVPN. While PAM supports
80 username/password authentication, this can be combined with X509
81 certificates to provide two indepedent levels of authentication.
83 This module uses a split privilege execution model which will function
84 even if you drop openvpn daemon privileges using the user, group, or
87 %description plugin-auth-pam -l pl.UTF-8
88 Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika
89 i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej
90 metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS,
91 hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą
92 użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu
93 zapewniania dwóch różnych poziomów uwierzytelnienia.
95 Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co
96 działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu
97 dyrektyw user, group lub chroot.
99 %package plugin-down-root
100 Summary: Plugin to allow root after privilege drop
101 Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień
103 Requires: %{name} = %{version}-%{release}
105 %description plugin-down-root
106 The down-root module allows an OpenVPN configuration to call a down
107 script with root privileges, even when privileges have been dropped
108 using --user/--group/--chroot.
110 This module uses a split privilege execution model which will fork()
111 before OpenVPN drops root privileges, at the point where the --up
112 script is usually called. The module will then remain in a wait state
113 until it receives a message from OpenVPN via pipe to execute the down
114 script. Thus, the down script will be run in the same execution
115 environment as the up script.
117 %description plugin-down-root -l pl.UTF-8
118 Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami
119 roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia
120 uprawnień przy użyciu opcji --user/--group/--chroot.
122 Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który
123 wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie
124 zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie
125 oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby
126 wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w
127 tym samym środowisku, co skrypt up.
130 Summary: Header files for OpenVPN plugins development
131 Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN
132 Group: Development/Libraries
135 This is the package containing the header files for OpenVPN plugins
138 %description devel -l pl.UTF-8
139 Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
146 sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf
154 CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)"
156 IFCONFIG=/sbin/ifconfig \
158 NETSTAT=/bin/netstat \
160 SYSTEMD_UNIT_DIR=%{systemdunitdir} \
161 ac_cv_nsl_inet_ntoa=no \
162 ac_cv_socket_socket=no \
163 ac_cv_resolv_gethostbyname=no \
165 %{?with_pkcs11:--enable-pkcs11} \
166 --enable-async-push \
169 --enable-x509-alt-username \
170 --with-crypto-library=openssl
179 rm -rf $RPM_BUILD_ROOT
180 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
181 $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
182 $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \
183 $RPM_BUILD_ROOT%{systemdunitdir}-generators
186 DESTDIR=$RPM_BUILD_ROOT
188 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
189 cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
190 cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
192 install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator
193 install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target
194 install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service
195 ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service
197 # we use "cp", not "install", not to pull /bin/bash dependency
198 cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
199 cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
200 cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
202 %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la
203 %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
206 rm -rf $RPM_BUILD_ROOT
209 /sbin/chkconfig --add openvpn
210 %service openvpn restart "OpenVPN"
211 %systemd_post openvpn.target
214 if [ "$1" = "0" ]; then
215 %service openvpn stop
216 /sbin/chkconfig --del openvpn
218 %systemd_preun openvpn.target
223 %triggerpostun -- openvpn < 2.3.2-2
224 [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm
225 [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0
226 [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0
227 export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog
228 /bin/systemctl --quiet enable openvpn.target || :
232 %defattr(644,root,root,755)
233 %doc AUTHORS COPYING ChangeLog Changes.rst PORTS README* TODO.IPv6 doc/management-notes.txt sample/sample-{config-files,keys,scripts}
234 %dir %{_sysconfdir}/openvpn
235 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
236 %attr(755,root,root) %{_sbindir}/openvpn
237 %attr(754,root,root) /etc/rc.d/init.d/%{name}
238 %attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator
240 %{systemdunitdir}/openvpn.service
241 %{systemdunitdir}/openvpn.target
242 %{systemdunitdir}/openvpn@.service
244 #%{systemdunitdir}/openvpn-client@.service
245 #%{systemdunitdir}/openvpn-server@.service
246 %dir %{_libdir}/%{name}
247 %attr(755,root,root) %{_libdir}/%{name}/client.down
248 %attr(755,root,root) %{_libdir}/%{name}/client.up
249 %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
250 %dir %{_libdir}/%{name}/plugins
251 %{_mandir}/man5/openvpn-examples.5*
252 %{_mandir}/man8/openvpn.8*
253 %dir /var/run/openvpn
254 %{systemdtmpfilesdir}/%{name}.conf
256 %files plugin-auth-pam
257 %defattr(644,root,root,755)
258 %doc src/plugins/auth-pam/README.auth-pam
259 %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so
261 %files plugin-down-root
262 %defattr(644,root,root,755)
263 %doc src/plugins/down-root/README.down-root
264 %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so
267 %defattr(644,root,root,755)
268 %doc doc/README.plugins sample/sample-plugins
269 %{_includedir}/openvpn-msg.h
270 %{_includedir}/openvpn-plugin.h