File openvpn.spec of Package openvpn - j0ke.net Open Build Service

File openvpn.spec of Package openvpn (Revision 6)

Currently displaying revision 6, show latest

#
# spec file for package openvpn
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

%define         upstream_version 2.3.10
%define		easyver 2.2.0

Name:           openvpn
Url:            http://openvpn.net/
License:        GPLv2+ ; LGPLv2.1+
Group:          Productivity/Networking/Security
AutoReqProv:    on
%if 0%{?suse_version}
PreReq:         %insserv_prereq %fillup_prereq
%endif
Version:        2.3.10
Release:        1
Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
Source:         http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz
Source1:        http://openvpn.net/signatures/openvpn-%{upstream_version}.tar.gz.asc
Source2:        openvpn.init
Source3:        openvpn.README.SUSE
Source4:        client-netconfig.up
Source5:        client-netconfig.down
Source6:	easy-rsa-%{easyver}.tar.bz2
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  lzo-devel openssl-devel
BuildRequires:  iproute2 pam-devel
%if 0%{?suse_version} > 1030
BuildRequires:  pkcs11-helper-devel
Requires:       pkcs11-helper
%endif
%define         plugin_dir        %{_libdir}/%{name}/plugins
%define         plugin_libdir     %{plugin_dir}

%description
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
range of configurations, including remote access, site-to-site VPNs,
WiFi security, and enterprise-scale remote access solutions with load
balancing, failover, and fine-grained access-controls.

OpenVPN implements OSI layer 2 or 3 secure network extension using the
industry standard SSL/TLS protocol, supports flexible client
authentication methods based on certificates, smart cards, and/or
2-factor authentication, and allows user or group-specific access
control policies using firewall rules applied to the VPN virtual
interface.

OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Solaris.

OpenVPN is not a web application proxy and does not operate through a
web browser.

Authors:
--------
    James Yonan <jim@yonan.net>

%package down-root-plugin
License:        GPLv2+ ; LGPLv2.1+
Summary:        OpenVPN down-root plugin
Group:          Productivity/Networking/Security
AutoReqProv:    on
Requires:       %{name} = %{version}

%description down-root-plugin
The OpenVPN down-root plugin allows an OpenVPN configuration to call a
down script with root privileges, even when privileges have been
dropped using --user/--group/--chroot.

This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called.  The plugin will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script.  Thus, the down script will be run in the same execution
environment as the up script.

Authors:
--------
    James Yonan <jim@yonan.net>

%package auth-pam-plugin
License:        GPLv2+ ; LGPLv2.1+
Summary:        OpenVPN auth-pam plugin
Group:          Productivity/Networking/Security
AutoReqProv:    on
Requires:       %{name} = %{version}

%description auth-pam-plugin
The OpenVPN auth-pam plugin implements username/password authentication
via PAM, and essentially allows any authentication method supported by
PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with
OpenVPN.

While PAM supports username/password authentication, this can be
combined with X509 certificates to provide two indepedent levels of
authentication.

This plugin uses a split privilege execution model which will function
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.

Authors:
--------
    James Yonan <jim@yonan.net>

%package easy-rsa
Group:		Productivity/Networking/Security
Summary:	Easy-rsa
Version:	%{easyver}

%description easy-rsa
easy-rsa - Simple shell based CA utility.

%prep
%setup -q -n %{name}-%{upstream_version} -b 6
sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \
    -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \
    -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
    -i doc/openvpn.8

%build
autoreconf -fi
export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing"
export LDFLAGS
%configure \
	--enable-pthread --enable-iproute2  \
	%if 0%{?suse_version} >= 1210
        --enable-systemd \
	%endif
	%if 0%{?centos_version} || 0%{?rhel_version} || 0%{?sl_version} || 0%{?fedora_version}
	--enable-selinux \
	%endif
	--enable-plugins \
	CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib"
make
#
# Build down-root plugin
#
pushd src/plugins/down-root
make
popd
#
# Build auth-pam plugin
#
pushd src/plugins/auth-pam
make
popd

# easy-rsa
cd ../easy-rsa-%{easyver}
autoreconf -fi
%configure
make

%install
make DESTDIR=$RPM_BUILD_ROOT install
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn
ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn
cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up
install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down
find sample/sample-* contrib -type f -exec chmod -x \{\} \;
#chmod -x easy-rsa/2.0/{vars,openssl*.cnf}
#chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl}
#cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/
#rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows
#
# Install the plugins
#
install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/
mv -f doc/README.plugins README.plugins
for pi in auth-pam down-root; do
	mv -f src/plugins/$pi/README.$pi README.$pi
#	install -m 755 src/plugins/$pi/openvpn-$pi.so \
#		$RPM_BUILD_ROOT%{plugin_libdir}/
done
rm -rf %{buildroot}%{_datadir}/doc/openvpn

# easy-rsa
cd ../easy-rsa-%{easyver}
make DESTDIR=$RPM_BUILD_ROOT install
rm -rf %{buildroot}%{_datadir}/doc/easy-rsa

%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi

%post
%{?fillup_and_insserv:%fillup_and_insserv -f}

%preun
%{?stop_on_removal:%stop_on_removal openvpn}

%postun
%{?insserv_cleanup:%insserv_cleanup}

%files
%defattr(-,root,root)
%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README
%doc README.*
%doc contrib
%doc sample/sample-config-files
%doc sample/sample-keys
%doc sample/sample-scripts
%doc %{_mandir}/man8/openvpn.8.gz
%config(noreplace) %{_sysconfdir}/openvpn/
%config %{_sysconfdir}/init.d/openvpn
%{_sbindir}/openvpn
%{_sbindir}/rcopenvpn
%dir %{_localstatedir}/run/openvpn
%dir %{_datadir}/openvpn
##%{_datadir}/openvpn/easy-rsa
%dir %{_libdir}/%{name}
%dir %{plugin_dir}
%dir %{plugin_libdir}
%{_includedir}//openvpn-plugin.h

%files down-root-plugin
%defattr(-,root,root)
%{plugin_libdir}/openvpn-plugin-down-root.*

%files auth-pam-plugin
%defattr(-,root,root)
%{plugin_libdir}/openvpn-plugin-auth-pam.*

%files easy-rsa
%defattr(-,root,root)
%dir %{_datadir}/easy-rsa
%{_datadir}/easy-rsa/*

%changelog