Search
j0ke.net Open Build Service
>
Projects
>
server:network
>
openvpn
> openvpn.spec
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openvpn.spec of Package openvpn (Revision 3)
Currently displaying revision
3
,
show latest
# # spec file for package openvpn # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild %define upstream_version 2.3.0 %define easyver 2.2.0 Name: openvpn Url: http://openvpn.net/ License: GPLv2+ ; LGPLv2.1+ Group: Productivity/Networking/Security AutoReqProv: on %if 0%{?suse_version} PreReq: %insserv_prereq %fillup_prereq %endif Version: 2.3.0 Release: 1 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Source: http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz Source1: http://openvpn.net/signatures/openvpn-%{upstream_version}.tar.gz.asc Source2: openvpn.init Source3: openvpn.README.SUSE Source4: client-netconfig.up Source5: client-netconfig.down Source6: easy-rsa-%{easyver}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: lzo-devel openssl-devel BuildRequires: iproute2 pam-devel %if 0%{?suse_version} > 1030 BuildRequires: pkcs11-helper-devel Requires: pkcs11-helper %endif %define plugin_dir %{_libdir}/%{name}/plugins %define plugin_libdir %{plugin_dir} %description OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. OpenVPN is not a web application proxy and does not operate through a web browser. Authors: -------- James Yonan <jim@yonan.net> %package down-root-plugin License: GPLv2+ ; LGPLv2.1+ Summary: OpenVPN down-root plugin Group: Productivity/Networking/Security AutoReqProv: on Requires: %{name} = %{version} %description down-root-plugin The OpenVPN down-root plugin allows an OpenVPN configuration to call a down script with root privileges, even when privileges have been dropped using --user/--group/--chroot. This module uses a split privilege execution model which will fork() before OpenVPN drops root privileges, at the point where the --up script is usually called. The plugin will then remain in a wait state until it receives a message from OpenVPN via pipe to execute the down script. Thus, the down script will be run in the same execution environment as the up script. Authors: -------- James Yonan <jim@yonan.net> %package auth-pam-plugin License: GPLv2+ ; LGPLv2.1+ Summary: OpenVPN auth-pam plugin Group: Productivity/Networking/Security AutoReqProv: on Requires: %{name} = %{version} %description auth-pam-plugin The OpenVPN auth-pam plugin implements username/password authentication via PAM, and essentially allows any authentication method supported by PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with OpenVPN. While PAM supports username/password authentication, this can be combined with X509 certificates to provide two indepedent levels of authentication. This plugin uses a split privilege execution model which will function even if you drop openvpn daemon privileges using the user, group, or chroot directives. Authors: -------- James Yonan <jim@yonan.net> %package easy-rsa Group: Productivity/Networking/Security Summary: Easy-rsa Version: %{easyver} %description easy-rsa easy-rsa - Simple shell based CA utility. %prep %setup -q -n %{name}-%{upstream_version} -b 6 sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \ -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \ -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \ -i doc/openvpn.8 %build autoreconf -fi export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing" export LDFLAGS %configure \ --enable-pthread --enable-iproute2 \ %if 0%{?suse_version} >= 1210 --enable-systemd \ %endif %if 0%{?centos_version} || 0%{?rhel_version} || 0%{?sl_version} || 0%{?fedora_version} --enable-selinux \ %endif --enable-plugins \ CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \ LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib" make # # Build down-root plugin # pushd src/plugins/down-root make popd # # Build auth-pam plugin # pushd src/plugins/auth-pam make popd # easy-rsa cd ../easy-rsa-%{easyver} autoreconf -fi %configure make %install make DESTDIR=$RPM_BUILD_ROOT install mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down find sample/sample-* contrib -type f -exec chmod -x \{\} \; #chmod -x easy-rsa/2.0/{vars,openssl*.cnf} #chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl} #cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/ #rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows # # Install the plugins # install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/ mv -f doc/README.plugins README.plugins for pi in auth-pam down-root; do mv -f src/plugins/$pi/README.$pi README.$pi # install -m 755 src/plugins/$pi/openvpn-$pi.so \ # $RPM_BUILD_ROOT%{plugin_libdir}/ done rm -rf %{buildroot}%{_datadir}/doc/openvpn # easy-rsa cd ../easy-rsa-%{easyver} make DESTDIR=$RPM_BUILD_ROOT install rm -rf %{buildroot}%{_datadir}/doc/easy-rsa %clean if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %post %{?fillup_and_insserv:%fillup_and_insserv -f} %preun %{?stop_on_removal:%stop_on_removal openvpn} %postun %{?insserv_cleanup:%insserv_cleanup} %files %defattr(-,root,root) %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README %doc README.* %doc contrib %doc sample/sample-config-files %doc sample/sample-keys %doc sample/sample-scripts %doc %{_mandir}/man8/openvpn.8.gz %config(noreplace) %{_sysconfdir}/openvpn/ %config %{_sysconfdir}/init.d/openvpn %{_sbindir}/openvpn %{_sbindir}/rcopenvpn %dir %{_localstatedir}/run/openvpn %dir %{_datadir}/openvpn ##%{_datadir}/openvpn/easy-rsa %dir %{_libdir}/%{name} %dir %{plugin_dir} %dir %{plugin_libdir} %{_includedir}//openvpn-plugin.h %files down-root-plugin %defattr(-,root,root) %{plugin_libdir}/openvpn-plugin-down-root.* %files auth-pam-plugin %defattr(-,root,root) %{plugin_libdir}/openvpn-plugin-auth-pam.* %files easy-rsa %defattr(-,root,root) %dir %{_datadir}/easy-rsa %{_datadir}/easy-rsa/* %changelog