]>
Commit | Line | Data |
---|---|---|
c1560620 | 1 | # TODO: compare PLD vs upstream provided systemd support, maybe we can switch? |
357bd270 | 2 | # |
3a40fd75 | 3 | # Conditional build: |
694cb9a3 | 4 | %bcond_without pkcs11 # PKCS#11 support |
3a40fd75 | 5 | |
1e54a8c4 | 6 | Summary: VPN Daemon |
f284e4d9 | 7 | Summary(pl.UTF-8): Serwer VPN |
1e54a8c4 | 8 | Name: openvpn |
7d0baea5 | 9 | Version: 2.4.4 |
439c7eee | 10 | Release: 1 |
4b4dae2a | 11 | License: GPL v2 |
1e54a8c4 | 12 | Group: Networking/Daemons |
694cb9a3 | 13 | Source0: http://swupdate.openvpn.net/community/releases/%{name}-%{version}.tar.xz |
7d0baea5 | 14 | # Source0-md5: 7a2002aad1671b24457bc9432a0c5c52 |
1e54a8c4 AM |
15 | Source1: %{name}.init |
16 | Source2: %{name}.sysconfig | |
d073bea7 | 17 | Source3: %{name}.tmpfiles |
f6fd18dc ER |
18 | Source4: %{name}-service-generator |
19 | Source5: %{name}.target | |
20 | Source6: %{name}@.service | |
0a7f47ba | 21 | Source7: %{name}-update-resolv-conf |
d073bea7 | 22 | Patch0: %{name}-pam.patch |
72e50cf3 | 23 | URL: http://www.openvpn.net/ |
4b4dae2a | 24 | BuildRequires: autoconf >= 2.59 |
694cb9a3 | 25 | BuildRequires: automake >= 1:1.9 |
c4f969c4 | 26 | BuildRequires: libselinux-devel |
694cb9a3 | 27 | BuildRequires: libtool |
c1560620 | 28 | BuildRequires: lz4-devel >= 1:1.7 |
1e54a8c4 | 29 | BuildRequires: lzo-devel |
c1560620 | 30 | BuildRequires: openssl-devel >= 0.9.8 |
694cb9a3 | 31 | %{?with_pkcs11:BuildRequires: p11-kit-devel} |
7367fd64 | 32 | BuildRequires: pam-devel |
694cb9a3 JB |
33 | %{?with_pkcs11:BuildRequires: pkcs11-helper-devel >= 1.11} |
34 | BuildRequires: pkgconfig | |
22af7faa | 35 | BuildRequires: rpmbuild(macros) >= 1.671 |
8cbbfc56 | 36 | BuildRequires: systemd-devel |
694cb9a3 JB |
37 | BuildRequires: tar >= 1:1.22 |
38 | BuildRequires: xz | |
a32abac3 | 39 | Requires(post,preun): /sbin/chkconfig |
22af7faa | 40 | Requires(post,preun,postun): systemd-units >= 38 |
dc577c8b | 41 | Requires: /sbin/ip |
c1560620 | 42 | Requires: openssl >= 0.9.8 |
694cb9a3 | 43 | %{?with_pkcs11:Requires: pkcs11-helper >= 1.11} |
be1312a6 | 44 | Requires: rc-scripts >= 0.4.3.0 |
22af7faa | 45 | Requires: systemd-units >= 38 |
ef1142ad | 46 | Requires: uname(release) >= 2.4 |
59856f7f ER |
47 | Suggests: %{name}-plugin-auth-pam |
48 | Suggests: %{name}-plugin-down-root | |
1e54a8c4 AM |
49 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
50 | ||
51 | %define _localstatedir /var | |
52 | ||
53 | %description | |
54 | OpenVPN is a robust and highly configurable VPN (Virtual Private | |
55 | Network) daemon which can be used to securely link two or more private | |
56 | networks using an encrypted tunnel over the internet. | |
57 | ||
22031f4a | 58 | %description -l pl.UTF-8 |
1e54a8c4 | 59 | OpenVPN jest mocnym i silnie konfigurowalnym serwerem VPN (Wirtualne |
22031f4a JR |
60 | Sieci Prywatne), który może być użyty do bezpiecznego łączenia dwóch |
61 | lub więcej prywatnych sieci używając zaszyfrowanego tunelu poprzez | |
1e54a8c4 AM |
62 | internet. |
63 | ||
bfa8e009 ER |
64 | %package plugin-auth-pam |
65 | Summary: Plugin for username/password authentication via PAM | |
357bd270 JB |
66 | Summary(pl.UTF-8): Wtyczka do uwierzytelniania nazwą użytkownika i hasłem poprzez PAM |
67 | Group: Libraries | |
bfa8e009 ER |
68 | Requires: %{name} = %{version}-%{release} |
69 | ||
70 | %description plugin-auth-pam | |
71 | The openvpn-auth-pam module implements username/password | |
72 | authentication via PAM, and essentially allows any authentication | |
73 | method supported by PAM (such as LDAP, RADIUS, or Linux Shadow | |
74 | passwords) to be used with OpenVPN. While PAM supports | |
75 | username/password authentication, this can be combined with X509 | |
76 | certificates to provide two indepedent levels of authentication. | |
77 | ||
78 | This module uses a split privilege execution model which will function | |
79 | even if you drop openvpn daemon privileges using the user, group, or | |
80 | chroot directives. | |
81 | ||
357bd270 JB |
82 | %description plugin-auth-pam -l pl.UTF-8 |
83 | Moduł openvpn-auth-pam implementuje uwierzytelnianie nazwą użytkownika | |
84 | i hasłem poprzez PAM, zasadniczo pozwalając na korzystanie z dowolnej | |
85 | metody uwierzytelniania obsługiwanej przez PAM (np. LDAP, RADIUS, | |
86 | hasła shadow) z OpenVPN. Jako że PAM obsługuje uwierzytelnianie nazwą | |
87 | użytkownika i hasłem, to można je łączyć z certyfikatami X509 w celu | |
88 | zapewniania dwóch różnych poziomów uwierzytelnienia. | |
89 | ||
90 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, co | |
91 | działa nawet przy odrzuceniu uprawnień demona openvpn przy użyciu | |
92 | dyrektyw user, group lub chroot. | |
93 | ||
bfa8e009 ER |
94 | %package plugin-down-root |
95 | Summary: Plugin to allow root after privilege drop | |
357bd270 JB |
96 | Summary(pl.UTF-8): Wtyczka pozwalająca na wykorzystanie uprawnień roota po odrzuceniu uprawnień |
97 | Group: Libraries | |
bfa8e009 ER |
98 | Requires: %{name} = %{version}-%{release} |
99 | ||
100 | %description plugin-down-root | |
101 | The down-root module allows an OpenVPN configuration to call a down | |
102 | script with root privileges, even when privileges have been dropped | |
103 | using --user/--group/--chroot. | |
104 | ||
105 | This module uses a split privilege execution model which will fork() | |
106 | before OpenVPN drops root privileges, at the point where the --up | |
107 | script is usually called. The module will then remain in a wait state | |
108 | until it receives a message from OpenVPN via pipe to execute the down | |
109 | script. Thus, the down script will be run in the same execution | |
110 | environment as the up script. | |
111 | ||
357bd270 JB |
112 | %description plugin-down-root -l pl.UTF-8 |
113 | Moduł down-root pozwala na wywołanie skryptu down z uprawnieniami | |
114 | roota z poziomu konfiguracji OpenVPN-a nawet w przypadku odrzucenia | |
115 | uprawnień przy użyciu opcji --user/--group/--chroot. | |
116 | ||
117 | Ten moduł wykorzystuje model wykonywania z podziałem uprawnień, który | |
118 | wykonuje fork() przed odrzuceniem uprawnień roota, w miejscu, gdzie | |
119 | zwykle jest wywoływany skrypt --up. Moduł pozostaje w stanie | |
120 | oczekiwania do odebrania przez potok od OpenVPN-a komunikatu, aby | |
121 | wykonać skrypt down. Dzięki temu skrypt down zostanie uruchomiony w | |
122 | tym samym środowisku, co skrypt up. | |
123 | ||
088b9e85 | 124 | %package devel |
a1c1b5a0 | 125 | Summary: Header files for OpenVPN plugins development |
f284e4d9 | 126 | Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia wtyczek OpenVPN |
088b9e85 ER |
127 | Group: Development/Libraries |
128 | ||
129 | %description devel | |
a1c1b5a0 JB |
130 | This is the package containing the header files for OpenVPN plugins |
131 | development. | |
132 | ||
22031f4a JR |
133 | %description devel -l pl.UTF-8 |
134 | Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN. | |
088b9e85 | 135 | |
1e54a8c4 | 136 | %prep |
da7b9d5f | 137 | %setup -q |
7c5604b6 | 138 | %patch0 -p1 |
727c4226 | 139 | |
0a7f47ba | 140 | sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE7} > contrib/update-resolv-conf |
6b9f12e5 | 141 | |
1e54a8c4 | 142 | %build |
694cb9a3 | 143 | %{__libtoolize} |
d073bea7 | 144 | %{__aclocal} -I m4 |
8abf6e16 | 145 | %{__autoheader} |
146 | %{__autoconf} | |
147 | %{__automake} | |
c1560620 | 148 | CPPFLAGS="%{rpmcppflags} $(pkg-config --cflags liblz4)" |
8abf6e16 | 149 | %configure \ |
d073bea7 AM |
150 | IFCONFIG=/sbin/ifconfig \ |
151 | IPROUTE=/sbin/ip \ | |
694cb9a3 | 152 | NETSTAT=/bin/netstat \ |
c1560620 JB |
153 | ROUTE=/sbin/route \ |
154 | SYSTEMD_UNIT_DIR=%{systemdunitdir} \ | |
694cb9a3 JB |
155 | ac_cv_nsl_inet_ntoa=no \ |
156 | ac_cv_socket_socket=no \ | |
157 | ac_cv_resolv_gethostbyname=no \ | |
158 | --enable-iproute2 \ | |
159 | --enable-password-save \ | |
160 | %{?with_pkcs11:--enable-pkcs11} \ | |
161 | --enable-selinux \ | |
162 | --enable-systemd | |
43fa42e4 | 163 | |
d073bea7 | 164 | %{__make} |
088b9e85 | 165 | |
1e54a8c4 AM |
166 | %install |
167 | rm -rf $RPM_BUILD_ROOT | |
c13903eb | 168 | install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \ |
f3908354 | 169 | $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \ |
ec6e7d04 | 170 | $RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,%{systemdtmpfilesdir},%{systemdunitdir}} \ |
f6fd18dc | 171 | $RPM_BUILD_ROOT%{systemdunitdir}-generators |
1e54a8c4 | 172 | |
d073bea7 AM |
173 | %{__make} install \ |
174 | DESTDIR=$RPM_BUILD_ROOT | |
1e54a8c4 | 175 | |
f6fd18dc ER |
176 | install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
177 | cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} | |
178 | cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf | |
ec6e7d04 | 179 | |
f6fd18dc | 180 | install -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}-generators/openvpn-service-generator |
ec6e7d04 JR |
181 | install -p %{SOURCE5} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.target |
182 | install -p %{SOURCE6} $RPM_BUILD_ROOT%{systemdunitdir}/openvpn@.service | |
183 | ln -s /dev/null $RPM_BUILD_ROOT%{systemdunitdir}/openvpn.service | |
6f1eceea | 184 | |
0a7f47ba ER |
185 | # we use "cp", not "install", not to pull /bin/bash dependency |
186 | cp -p contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name} | |
187 | cp -p contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name} | |
188 | cp -p contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name} | |
189 | ||
388387bf | 190 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/*.la |
f6fd18dc | 191 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name} |
388387bf | 192 | |
1e54a8c4 AM |
193 | %clean |
194 | rm -rf $RPM_BUILD_ROOT | |
195 | ||
55a7ee18 JK |
196 | %post |
197 | /sbin/chkconfig --add openvpn | |
1a7a867b | 198 | %service openvpn restart "OpenVPN" |
ec6e7d04 | 199 | %systemd_post openvpn.target |
55a7ee18 JK |
200 | |
201 | %preun | |
202 | if [ "$1" = "0" ]; then | |
1a7a867b | 203 | %service openvpn stop |
55a7ee18 | 204 | /sbin/chkconfig --del openvpn |
a34b9b51 | 205 | fi |
ec6e7d04 JR |
206 | %systemd_preun openvpn.target |
207 | ||
208 | %postun | |
209 | %systemd_reload | |
210 | ||
211 | %triggerpostun -- openvpn < 2.3.2-2 | |
212 | [ -f /etc/sysconfig/rpm ] && . /etc/sysconfig/rpm | |
213 | [ ${RPM_ENABLE_SYSTEMD_SERVICE:-yes} = no ] && exit 0 | |
214 | [ "$(echo /etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn)" = "/etc/rc.d/rc[0-6].d/S[0-9][0-9]openvpn" ] && exit 0 | |
215 | export SYSTEMD_LOG_LEVEL=warning SYSTEMD_LOG_TARGET=syslog | |
216 | /bin/systemctl --quiet enable openvpn.target || : | |
217 | exit 0 | |
55a7ee18 | 218 | |
1e54a8c4 AM |
219 | %files |
220 | %defattr(644,root,root,755) | |
d073bea7 | 221 | %doc AUTHORS README* ChangeLog sample/sample-{config-files,keys,scripts} doc/management-notes.txt |
bfa8e009 | 222 | %doc *.IPv6 |
f063e411 | 223 | %dir %{_sysconfdir}/openvpn |
088b9e85 | 224 | %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} |
1a7a867b | 225 | %attr(755,root,root) %{_sbindir}/openvpn |
e06b2f01 | 226 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c1560620 JB |
227 | %attr(755,root,root) %{systemdunitdir}-generators/openvpn-service-generator |
228 | # PLD-specific | |
229 | %{systemdunitdir}/openvpn.service | |
230 | %{systemdunitdir}/openvpn.target | |
231 | %{systemdunitdir}/openvpn@.service | |
232 | # upstream provided | |
233 | #%{systemdunitdir}/openvpn-client@.service | |
234 | #%{systemdunitdir}/openvpn-server@.service | |
088b9e85 | 235 | %dir %{_libdir}/%{name} |
0a7f47ba ER |
236 | %attr(755,root,root) %{_libdir}/%{name}/client.down |
237 | %attr(755,root,root) %{_libdir}/%{name}/client.up | |
238 | %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf | |
088b9e85 | 239 | %dir %{_libdir}/%{name}/plugins |
388387bf | 240 | %{_mandir}/man8/openvpn.8* |
55a7ee18 | 241 | %dir /var/run/openvpn |
f6fd18dc | 242 | %{systemdtmpfilesdir}/%{name}.conf |
088b9e85 | 243 | |
bfa8e009 ER |
244 | %files plugin-auth-pam |
245 | %defattr(644,root,root,755) | |
246 | %doc src/plugins/auth-pam/README.auth-pam | |
247 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-auth-pam.so | |
248 | ||
249 | %files plugin-down-root | |
250 | %defattr(644,root,root,755) | |
251 | %doc src/plugins/down-root/README.down-root | |
252 | %attr(755,root,root) %{_libdir}/%{name}/plugins/openvpn-plugin-down-root.so | |
253 | ||
088b9e85 ER |
254 | %files devel |
255 | %defattr(644,root,root,755) | |
d073bea7 | 256 | %doc doc/README.plugins sample/sample-plugins |
24429fb3 | 257 | %{_includedir}/openvpn-msg.h |
388387bf | 258 | %{_includedir}/openvpn-plugin.h |