iptables/iptables.spec
Jan Engelhardt 1926c173b5 Accepting request 506228 from home:mgerstner:branches:security:netfilter
- fix a locking issue of iptables-batch which can cause it to spuriously fail
  when other programs modify the iptables rules in parallel (bnc#1045130).
  This can especially affect SuSEfirewall2 during startup.

OBS-URL: https://build.opensuse.org/request/show/506228
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=93
2017-06-29 11:37:40 +00:00

244 lines
7.6 KiB
RPMSpec

#
# spec file for package iptables
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: iptables
Version: 1.6.1
Release: 0
Summary: IP Packet Filter Administration utilities
License: GPL-2.0 and Artistic-2.0
Group: Productivity/Networking/Security
Url: http://netfilter.org/projects/iptables/
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
Source3: %name.keyring
Patch3: iptables-batch.patch
Patch4: iptables-apply-mktemp-fix.patch
Patch5: iptables-batch-lock.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?fedora_version} || 0%{?centos_version}
BuildRequires: sgml-common
%endif
%if 0%{?suse_version}
BuildRequires: fdupes
%endif
#git#BuildRequires: autoconf, automake >= 1.10
BuildRequires: bison
BuildRequires: flex >= 2.5.33
BuildRequires: libtool
BuildRequires: pkg-config >= 0.21
BuildRequires: xz
BuildRequires: pkgconfig(libmnl) >= 1.0
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
BuildRequires: pkgconfig(libnftnl) >= 1.0.5
Requires: xtables-plugins = %version-%release
%description
iptables is used to set up, maintain, and inspect the rule tables of
the classic "ip6_tables" and "ip_tables" packet filters in the Linux
kernel.
%package nft
Summary: NFT Packet Filter Administration utilties in the style of Xtables
Group: Productivity/Networking/Security
Requires: xtables-plugins = %version-%release
Conflicts: ebtables
%description nft
The programs shipped in this subpackage behave like iptables on the
command line, but instead edit the rules of the NFT packet filter in
the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
all features.
%package -n xtables-plugins
Summary: Match and Target Extension plugins for iptables
Group: Productivity/Networking/Security
Conflicts: iptables < 1.4.18
%description -n xtables-plugins
Match and Target Extension plugins for iptables.
%package -n libipq0
Summary: Library to interface with the (old) ip_queue kernel mechanism
Group: System/Libraries
%description -n libipq0
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libipq-devel
Summary: Development files for the ip_queue kernel mechanism
Group: Development/Libraries/C and C++
Requires: libipq0 = %version
%description -n libipq-devel
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libiptc0
Summary: Library for low-level ruleset generation and parsing
Group: System/Libraries
%description -n libiptc0
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library
Group: Development/Libraries/C and C++
Requires: libiptc0 = %version
%description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n libxtables12
Summary: iptables extension interface
Group: System/Libraries
%description -n libxtables12
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
iproute2's m_xt.
%package -n libxtables-devel
Summary: Libraries, Headers and Development Man Pages for iptables
Group: Development/Libraries/C and C++
Requires: libxtables12 = %version
%description -n libxtables-devel
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
Link your extension (iptables plugins) with $(pkg-config xtables
--libs) and place the plugin in the directory given by $(pkg-config
xtables --variable=xtlibdir).
%prep
%setup -q
%patch -P 3 -P 4 -P 5 -p1
%build
# We have the iptables-batch patch, so always regenerate.
if true || [ ! -e configure ]; then
./autogen.sh;
fi
# bnc#561793 - do not include unclean module in iptables manpage
rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS
%configure --includedir="%_includedir/%name" --enable-libipq
make %{?_smp_mflags}
%install
make DESTDIR=%buildroot install
# iptables-apply is not installed by upstream Makefile
install -m0755 iptables/iptables-apply %buildroot%_sbindir/
install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
rm -f "%buildroot/%_libdir"/*.la;
%if 0%{?suse_version}
%fdupes %buildroot/%_prefix
%endif
%post -n libipq0 -p /sbin/ldconfig
%postun -n libipq0 -p /sbin/ldconfig
%post -n libiptc0 -p /sbin/ldconfig
%postun -n libiptc0 -p /sbin/ldconfig
%post -n libxtables12 -p /sbin/ldconfig
%postun -n libxtables12 -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc COPYING
%doc %_mandir/man1/ip*
%doc %_mandir/man8/ip*
%_bindir/iptables-xml
%_sbindir/iptables
%_sbindir/iptables-apply
%_sbindir/iptables-batch
%_sbindir/iptables-restore
%_sbindir/iptables-save
%_sbindir/ip6tables
%_sbindir/ip6tables-batch
%_sbindir/ip6tables-restore
%_sbindir/ip6tables-save
%_sbindir/xtables-multi
%files nft
%defattr(-,root,root)
%_sysconfdir/ethertypes
%_sbindir/*-compat*
%_sbindir/*-translate*
%files -n xtables-plugins
%defattr(-,root,root)
%_libdir/xtables/
%_sbindir/nfnl_osf
%_datadir/xtables/
%files -n libipq0
%defattr(-,root,root)
%_libdir/libipq.so.0*
%files -n libipq-devel
%defattr(-,root,root)
%doc %_mandir/man3/libipq*
%doc %_mandir/man3/ipq*
%dir %_includedir/%name/
%_includedir/%name/libipq*
%_libdir/libipq.so
%_libdir/pkgconfig/libipq.pc
%files -n libiptc0
%defattr(-,root,root)
%_libdir/libiptc.so.0*
%_libdir/libip4tc.so.0*
%_libdir/libip6tc.so.0*
%files -n libiptc-devel
%defattr(-,root,root)
%dir %_includedir/%name/
%_includedir/%name/libiptc*
%_libdir/libip*tc.so
%_libdir/pkgconfig/libip*tc.pc
%files -n libxtables12
%defattr(-,root,root)
%_libdir/libxtables.so.12*
%files -n libxtables-devel
%defattr(-,root,root)
%dir %_includedir/%name/
%_includedir/%name/xtables.h
%_includedir/%name/xtables-version.h
%_libdir/libxtables.so
%_libdir/pkgconfig/xtables.pc
%changelog