Accepting request 159617 from home:posophe:branches:network:vpn

Update and systemd support For a weird reason, adding entry in changes file is followed with a conflict in changes file... Can you add this for me ? Thanks you http://paste.opensuse.org/30892895 OBS-URL: https://build.opensuse.org/request/show/159617 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=52
2013-03-25 15:08:09 +00:00 · 2013-03-25 15:08:09 +00:00 · 0b141f27c6
commit 0b141f27c6
parent bb7cfe65b6
14 changed files with 152 additions and 288 deletions
--- a/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
+++ b/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
@ -1,31 +0,0 @@
 From db33132094f4748ccc63aadbfa4b7446bb95b350 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
 Date: Sat, 20 Aug 2011 18:12:28 -0400
 Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
 ---
 ssl.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
 diff --git a/ssl.c b/ssl.c
 index ea7b204..459e66c 100644
 --- a/ssl.c
 +++ b/ssl.c
@@ -2073,6 +2073,9 @@ init_ssl (const struct options *options)
     }
   /* Set SSL options */
 +#ifdef SSL_MODE_RELEASE_BUFFERS
 +  SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS);
 +#endif
   SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF);
   SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE);
 -- 
 1.7.4.1
--- a/openvpn-2.1-plugin-build.dif
+++ b/openvpn-2.1-plugin-build.dif
@ -1,34 +0,0 @@
 Index: plugin/auth-pam/Makefile
 ===================================================================
 --- plugin/auth-pam/Makefile.orig
 +++ plugin/auth-pam/Makefile
@@ -15,10 +15,10 @@ endif
 # This directory is where we will look for openvpn-plugin.h
 INCLUDE=-I../..
 -CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
 +CC_FLAGS=$(CFLAGS) -DDLOPEN_PAM=$(DLOPEN_PAM)
 openvpn-auth-pam.so : auth-pam.o pamdl.o
 -	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
 +	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
 auth-pam.o : auth-pam.c pamdl.h
 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c
 Index: plugin/down-root/Makefile
 ===================================================================
 --- plugin/down-root/Makefile.orig
 +++ plugin/down-root/Makefile
@@ -5,10 +5,10 @@
 # This directory is where we will look for openvpn-plugin.h
 INCLUDE=-I../..
 -CC_FLAGS=-O2 -Wall
 +CC_FLAGS=${CFLAGS}
 down-root.so : down-root.o
 -	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
 +	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
 down-root.o : down-root.c
 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c
--- a/openvpn-2.1-systemd-passwd.patch
+++ b/openvpn-2.1-systemd-passwd.patch
@ -1,61 +0,0 @@
 Index: openvpn-2.2.1/misc.c
 ===================================================================
 --- openvpn-2.2.1.orig/misc.c
 +++ openvpn-2.2.1/misc.c
@@ -1333,26 +1333,49 @@ get_console_input (const char *prompt, c
   ASSERT (input);
   ASSERT (capacity > 0);
   input[0] = '\0';
 +  bool is_systemd_running;
 +  struct stat a, b;
 +
 +  /* We simply test whether the systemd cgroup hierarchy is
 +   * mounted */
 +
 +  is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
 +	  && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
 +	  && (a.st_dev != b.st_dev);
 #if defined(WIN32)
   return get_console_input_win32 (prompt, echo, input, capacity);
 #elif defined(HAVE_GETPASS)
 -  if (echo)
 +  if (echo || is_systemd_running)
     {
       FILE *fp;
 -      fp = open_tty (true);
 -      fprintf (fp, "%s", prompt);
 -      fflush (fp);
 -      close_tty (fp);
 +      if (is_systemd_running)
 +        {
 +	 char *cmd;
 +
 +	 asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt);
 +         fp = popen (cmd, "re");
 +	 free (cmd);
 +        }
 +      else
 +        {
 +          fp = open_tty (true);
 +          fprintf (fp, "%s", prompt);
 +          fflush (fp);
 +          close_tty (fp);
 -      fp = open_tty (false);
 +          fp = open_tty (false);
 +        }
       if (fgets (input, capacity, fp) != NULL)
 	{
 	  chomp (input);
 	  ret = true;
 	}
 -      close_tty (fp);
 +      if (is_systemd_running)
 +	fclose (fp);
 +      else
 +	close_tty (fp);
     }
   else
     {
--- a/openvpn-2.2.1-man-dot.diff
+++ b/openvpn-2.2.1-man-dot.diff
@ -1,18 +0,0 @@
 --- openvpn.8
 +++ openvpn.8	2011/08/29 18:26:40
@@ -21,13 +21,13 @@
 .\"  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 .\"
 .\" Manual page for openvpn
 -.\
 +.\"
 .\" SH section heading
 .\" SS subsection heading
 .\" LP paragraph
 .\" IP indented paragraph
 .\" TP hanging label
 -.\
 +.\"
 .\" .nf -- no formatting
 .\" .fi -- resume formatting
 .\" .ft 3 -- boldface
--- a/openvpn-2.2.2.tar.gz
+++ b/openvpn-2.2.2.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:54ca8b260e2ea3b26e84c2282ccb5f8cb149edcfd424b686d5fb22b8dbbeac00
 size 911158
--- a/openvpn-2.2.2.tar.gz.asc
+++ b/openvpn-2.2.2.tar.gz.asc
@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iEYEABECAAYFAk7x3a0ACgkQHQtJlh+/UfNoTwCgqozpPBOdBQhT+P0/ITdFcR0h
 qLQAn3vtza2SRKG2Li2hl7I7vAkHFw1q
 =OsX4
 -----END PGP SIGNATURE-----
--- a/openvpn-2.3-plugin-man.dif
+++ b/openvpn-2.3-plugin-man.dif
@ -1,8 +1,8 @@
 Index: openvpn.8
 ===================================================================
--- openvpn.8.orig
+--- doc/openvpn.8.orig
-+++ openvpn.8
+++ doc/openvpn.8
-@@ -2389,11 +2389,10 @@ plug-in modules, see the README file in
+@@ -2563,11 +2563,10 @@
 folder of the OpenVPN source distribution.
 If you are using an RPM install of OpenVPN, see
--- a/openvpn-2.3.0-man-dot.diff
+++ b/openvpn-2.3.0-man-dot.diff
@ -0,0 +1,11 @@
 --- doc/openvpn.8
 +++ doc/openvpn.8
@@ -21,7 +21,7 @@
 .\"  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 .\"
 .\" Manual page for openvpn
 -.\
 +.\"
 .\" SH section heading
 .\" SS subsection heading
 .\" LP paragraph
--- a/openvpn-2.3.0.tar.gz
+++ b/openvpn-2.3.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4602a8d0f66dfa6ac10b7abfeba35260d7d4c570948f6eba5f8216ffa3a2c490
 size 1130659
--- a/openvpn-2.3.0.tar.gz.asc
+++ b/openvpn-2.3.0.tar.gz.asc
@ -0,0 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iEYEABECAAYFAlDsEP0ACgkQwp2X7RmNIqOWzgCgjV8zuTIeQyf9akjPC9zmD0Lb
 x0wAoJJvA2HdPqrbUELnP9I8ulh4R+o9
 =F+0q
 -----END PGP SIGNATURE-----
--- a/openvpn-tmpfile.conf
+++ b/openvpn-tmpfile.conf
@ -0,0 +1 @@
 D /var/run/openvpn 0710 root openvpn -
--- a/openvpn.keyring
+++ b/openvpn.keyring
@ -1,33 +1,30 @@
 pub   1024D/1FBF51F3 2003-11-20
 uid                  James Yonan <jim@yonan.net>
 sub   2048g/4B9741E3 2003-11-20
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v1.4.9 (GNU/Linux)
-mQGiBD+9OaARBAC41lHwut4og8RL+QvChit93Yg8JloaZzqvKQHMKvcb14OY27QB
+mQGiBEsHuu4RBACnPwEKcLYmlwe8v2e8xizlO1fCeqOA7zj6tU/T/1+YTJhrVbgW
-00oEtwxotBRkvJHy/cR4feK9Itje556FbzC7ODesYtjZh1V81B2ep4tfwRQSPqZT
+PiRYSNKAmAq0uLFLQ14KpIDsrtdi5ySeUTf64kJtDrBa2si6h0HUyNHf9EX6rUVC
-xy2jwzW5SwReBuIPxBOFts+OeeLQuKFU/VSItU9abA51cvKEvaV0CZx6ZwCg/h70
+g/CTpsfYEkqlfMoBH7w7L5O2yidwWA+F4RGWhruzP7i1z+bBsIguSxiBzwCg5qPh
-OgABmkCl8u+nHK2EHMSjZAUD/RP1jLNub1wlg2vJvfty+Nu7PoDJxSG7LzsSFC6W
+pgkFGeWArp/OUBHkaqmPZ00D/08dmkrez9d7C/PoR/cFq0nQBqL3zmsRxv66I6fM
-a5KiryIMvokp3cZQ7EnTG1Jc5y5tsZrRfTa7QLcooQrYivWSCSldkAowEh/tUGwb
+TUqwaRpweWHh9P6XR+pTJjBglVSvk9kLv+PYCvk7yxbT3M6OA/GrSEp/53itlzOU
-CurQZtDAmmuqLJAG+zDh6qFINHPnkVZBMuN+Lhkg0gqo+Mgsjn0ZzuGgQYb2b3wn
+MPkv/OF6BmbRbYJK5HAsZgHGbuZxUHUqm4qJ+t4+WZaz9i8WtYbOM6T9aNWQrVUW
-pXckBACZE6EJSnICN/Cn5657of5znOwixZUdl4Pvsv7X5LuUJ0SeUtfSjNfUFu0b
+dUMqA/4tZlHJzCrd1NbfEetQVeso9rzzWWWmDAusbvkowfrFHXJGUjfL0hBmxj/9
-j/s0BXpQ/Y933rS+m0axbiElRNHzwtBb4W+TzwLvkwHw5WrIw5tcZXcZpos1NkhW
+JmZtwU+i8G+MKQS0w9rCVLEMLoHLLxPH+Jiknz3Y2xE6CbiSvL+8cvOolgADz/06
-lUDKLQ63WMqg5SBpilo3/wFU4+ngvPMcfbL1vgMYuuWfSPRt5LQbSmFtZXMgWW9u
+MniHKOZb4tPFPw7ObESeAGp4T9FgT53fJ14AMjGLyHv6EXbfvbQsU2FtdWxpIFNl
-YW4gPGppbUB5b25hbi5uZXQ+iF4EExECAB4FAj+9OaACGwMGCwkIBwMCAxUCAwMW
+cHDDpG5lbiA8c2FtdWxpLnNlcHBhbmVuQGdtYWlsLmNvbT6IYAQTEQIAIAUCSwe6
-AgECHgECF4AACgkQHQtJlh+/UfMaFgCeOIDuybiePnFpYbm7faiqT34NvzYAoLjO
+7gIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEMKdl+0ZjSKjsfsAoK6khXtq
-ob+WiwJECbjpV62fmItBsYI9uQINBD+9OcAQCAC4wi4knBzA3bGbb2XSnZcIt+Tf
+w2xDtNBv/UhRhuVH0NQOAKCDWiB2zYNvHWLYnuIpAlE1sAnGPrkCDQRLB7ruEAgA
-9JGXoG7+cpLT6wGZqzaAHNdgiZZf5Gdod9ud3CcLwrc1WXJljZXBhnpNNypen6O9
+jwSEfTWLJsIW5qlKNEhySIjmRmcVgqB/NTaZ+Nd/r++stYSan1qb7qlQ3B3w48p1
-uGCb9OXKO7PuYV014D0pKv96rYtgPNE7MUO101lDt7bE8Zmw+HmOpyf6TnIg8GWw
+gB0SPfwKRmMkiYsHNcbRr5KIHWTnYrMI/5OAjPIiz/2j294wRnObzrbJK3T+qJSL
-3Vj8n0HfGvsx/WW2PZ1tXxUFAbsVIU/W5EJlCAhJbaZZCBj+P0QJFGuP41E7V0iO
+A2mEXXPPK7i0hUwH12ZJej/h98lPQA+NiDgDOaq4asyq4pcHrR2T2NyiiR2+Xi/L
-2UMGRbzoQrwmGQopjVrzXcWAr5NvKKd8HL4ESkp8xdZrhCukNIBE9EEt6H+EvPut
+2Lz1zKj4iQ3f5g0ktmAEdGcDtV7tI0xZeXWEtesRXeXmqPmjLskJozUoZP1GXXAz
-KdvpH2fIUTyEeZY4zDtm0ZS0zGZBET9SdcX/+sAuseiojPKd/D67oMG5FcF7AAMG
+80PySK2HsEQ/846q1Ybl5KYwbSH+l8jLIyqMDTQnCYG+Ft1moCk3HLyc4c1ALVov
-CACfOcVjPcqYAhkGo6HNrpU7HMuaxy3Tuy5HI+4kU/POlLlm2AsfmHr4BtRCFMBt
+1Rvom8u3dM5tUtpuZMwcJwADBQf+MCohqLqGJmEdiTEnmggsiKSoZTIBJhcujRaL
-uNxybJwMMew1o1E4H4RvTEfPpVS0WW2lkOcpet429xf4oX1HL2nvlLmOAaMKgLhL
+pxPpBlXz6P2bvlprUedBs+zxEEI+Q/CqIlyYaN+Kca1FK4YG9iQoHmb9IIVHf4C/
-ZxPPTCzmjyIVIeRF8BC+VQYh346v/LocO2obbD0chO0mApVgxVhO4E0vlu0Rdmsp
+lyWSx1xK+BnIk7SEfMjpGAjofNzNc34NmebnosHfP/g3ruLo6EgtjQ68iUty9PgX
-d7+mCuani1wS9n0lgYVnHYdxRPL/AWj11KDgKm2LjoJt0WHHyEHGMjJTUB0JhM2a
+Q1bZQ/SeXk16b8Nn0xQa9S+hg5LAxA+DuSvXbMqU5q2p8JlPgGEFVKzaVcxPhppB
-EfWkimDELeAb3pjdVEtmW6aF+q8sd6tn+mM0Z2I+6kwiMsdoWzjosuvXPzFsvkWq
+Kcv/2CxjsqXj/6sW3nFSw+8Jd4SWL1+cPZ1v1WHG3SUMFoLAjSmVj3X8roG5EiLi
-0QY2wWyYYsNaXscfjKnjBUcpiEkEGBECAAkFAj+9OcACGwwACgkQHQtJlh+/UfOR
+QxSGOUz8uVtvumfKyd25MYmgHMELL7fxhrZcw2OVdo977lt2fIhJBBgRAgAJBQJL
-TACgpg5MZJMgULtP31swTRmPGZ3driAAniP+Xg3U2KxAiS9Mxf0BOen8FgW5
+B7ruAhsMAAoJEMKdl+0ZjSKjgrAAoLeln17YxSQA7RUHwTbquOA92odMAKDiq7c8
-=eZlZ
+p2hUs3rZaXY1aMmExyB0gQ==
-----END PGP PUBLIC KEY BLOCK-----
+=l5lk
 -----END PGP PUBLIC KEY BLOCK-----
--- a/openvpn.service
+++ b/openvpn.service
@ -0,0 +1,14 @@
 [Unit]
 Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
 After=syslog.target network.target
 [Service]
 PrivateTmp=true
 Type=forking
 PIDFile=/var/run/openvpn/%i.pid
 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
 [Install]
 WantedBy=multi-user.target
--- a/openvpn.spec
+++ b/openvpn.spec
@ -15,47 +15,57 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 %if 0%{?suse_version} < 1230
 %define _unitdir /lib/systemd/system
 %else
 %define _unitdir /usr/lib/systemd/system
 %endif
 %if 0%{?suse_version} > 1210
 %define with_systemd 1
 %else
 %define with_systemd 0
 %endif
 Name:           openvpn
 Url:            http://openvpn.net/
-%if 0%{?suse_version}
+%if %{with_systemd}
 %{?systemd_requires}
 %else
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
-Version:        2.2.2
+Version:        2.3.0
 Release:        0
 %define         upstream_version %version
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
 Group:          Productivity/Networking/Security
-Source:         http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz
+Source:         http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz
-Source1:        http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc
+Source1:        http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz.asc
-Source2:        openvpn.init
+Source2:        %{name}.init
-Source3:        openvpn.README.SUSE
+Source6:        %{name}.sysconfig
 Source3:        %{name}.README.SUSE
 Source4:        client-netconfig.up
 Source5:        client-netconfig.down
 Source6:        openvpn.sysconfig
 Source7:        %{name}.keyring
-Patch1:         %{name}-2.1-plugin-man.dif
+Source8:		%{name}.service
-Patch2:         %{name}-2.1-plugin-build.dif
+Source9:        %{name}-tmpfile.conf
-Patch3:         openvpn-2.1-systemd-passwd.patch
+Patch1:         %{name}-2.3-plugin-man.dif
-Patch4:         0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
+Patch5:         %{name}-2.3.0-man-dot.diff
 Patch5:         openvpn-2.2.1-man-dot.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  automake
 BuildRequires:  gpg-offline
 BuildRequires:  iproute2
 BuildRequires:  lzo-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
-%if 0%{?suse_version} > 1010
+%if %{with_systemd}
-BuildRequires:  libselinux-devel
+BuildRequires:	systemd
 %endif
-%if 0%{?suse_version} > 1030
+BuildRequires:  libselinux-devel
 BuildRequires:  pkcs11-helper-devel
 Requires:       pkcs11-helper
 %if %{with_systemd}
 BuildRequires:	systemd
 %endif
 %define         plugin_dir        %{_libdir}/%{name}/plugin
 %define         plugin_libdir     %{plugin_dir}/lib
 %description
 OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
@ -76,12 +86,6 @@ NetBSD, Mac OS X, and Solaris.
 OpenVPN is not a web application proxy and does not operate through a
 web browser.
 Authors:
 --------
    James Yonan <jim@yonan.net>
 %package down-root-plugin
 Summary:        OpenVPN down-root plugin
 Group:          Productivity/Networking/Security
@ -99,12 +103,6 @@ until it receives a message from OpenVPN via pipe to execute the down
 script.  Thus, the down script will be run in the same execution
 environment as the up script.
 Authors:
 --------
    James Yonan <jim@yonan.net>
 %package auth-pam-plugin
 Summary:        OpenVPN auth-pam plugin
 Group:          Productivity/Networking/Security
@ -124,126 +122,113 @@ This plugin uses a split privilege execution model which will function
 even if you drop openvpn daemon privileges using the user, group, or
 chroot directives.
 Authors:
 --------
    James Yonan <jim@yonan.net>
 %prep
 %gpg_verify %{S:1}
-%setup -q -n %{name}-%{upstream_version}
+%setup -q -n %{name}-%{version}
 %patch1 -p0
 %patch2 -p0
 %patch3 -p1
 %patch4 -p1
 %patch5 -p0
-sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \
+sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i src/openvpn/options.c
-    -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \
+
-    -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
+# %%doc items shouldn't be executable.
-    -i openvpn.8
+find contrib sample -type f -perm +100 \
-# the build __DATE__ causes obs rebuild/republish of binaries;
+    -exec chmod a-x {} \;
 # use the date of version.m4 file in the tar archive instead
 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i options.c
 %build
 autoreconf -fi
 export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing"
 export LDFLAGS
 %configure \
 	--enable-iproute2                   \
 	--enable-x509-alt-username          \
 	--enable-password-save              \
    --enable-plugins                    \
    --enable-plugin-down-root           \
    --enable-plugin-auth-pam            \
 	--with-lzo-headers=%_includedir/lzo \
-	CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
+    CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
 	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib"
 make
 #
 # Build down-root plugin
 #
 pushd plugin/down-root
 make
 popd
 #
 # Build auth-pam plugin
 #
 pushd plugin/auth-pam
 make
 popd
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
 find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
 mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
 %if %{with_systemd}
 install -D -m 755 $RPM_SOURCE_DIR/%{name}.service %{buildroot}/%{_unitdir}/%{name}.service
 # tmpfiles.d
 mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d
 install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
 %else
 install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn
 ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn
-cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
+# the /etc/sysconfig/openvpn template only with sysvinit, no needed with systemd
 install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample-scripts/client-netconfig.up
 install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample-scripts/client-netconfig.down
 find sample-* suse contrib -type f -exec chmod -x \{\} \;
 chmod -x easy-rsa/2.0/{vars,openssl*.cnf}
 chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl}
 cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/
 rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows
 #
 # Install the plugins
 #
 install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/
 mv -f plugin/README README.plugins
 for pi in auth-pam down-root; do
 	mv -f plugin/$pi/README README.$pi
 	install -m 755 plugin/$pi/openvpn-$pi.so \
 		$RPM_BUILD_ROOT%{plugin_libdir}/
 done
 # we install docs via spec into _defaultdocdir/name/management-notes.txt
 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
 # the /etc/sysconfig/openvpn template
 install -d -m0755 %{buildroot}/var/adm/fillup-templates
 install    -m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \
                  %{buildroot}/var/adm/fillup-templates/sysconfig.openvpn
 %endif
 cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
 install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up
 install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down
-%clean
+# we install docs via spec into _defaultdocdir/name/management-notes.txt
-if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
 %post
 %if %{with_systemd}
 %service_add_post %{name}.service
 %else
 %{?fillup_and_insserv:%fillup_and_insserv}
 %endif
 %preun
 %if %{with_systemd}
 %service_del_preun %{name}.service
 %else
 %{?stop_on_removal:%stop_on_removal openvpn}
 %endif
 %postun
 %if %{with_systemd}
 %service_del_postun %{name}.service
 %else
 %{?insserv_cleanup:%insserv_cleanup}
 %endif
 %files
 %defattr(-,root,root)
 %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
 %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root}
 %doc README.*
 %doc contrib
-%doc sample-config-files
+%doc sample/sample-config-files
-%doc sample-keys
+%doc sample/sample-keys
-%doc sample-scripts
+%doc sample/sample-scripts
-%doc suse
+%doc doc/management-notes.txt
 %doc management/management-notes.txt
 %doc %{_mandir}/man8/openvpn.8.gz
 %config(noreplace) %{_sysconfdir}/openvpn/
 %if %{with_systemd}
 %{_unitdir}/%{name}.service
 %{_libexecdir}/tmpfiles.d/%{name}.conf
 %else
 %config %{_sysconfdir}/init.d/openvpn
 %{_sbindir}/openvpn
 %{_sbindir}/rcopenvpn
 %attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
 %dir %{_datadir}/openvpn
 %{_datadir}/openvpn/easy-rsa
 %dir %{_libdir}/%{name}
 %dir %{plugin_dir}
 %dir %{plugin_libdir}
 /var/adm/fillup-templates/sysconfig.openvpn
 %{_sbindir}/rcopenvpn
 %endif
 %{_sbindir}/openvpn
 %attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
 %{_includedir}/%{name}-plugin.h
 %files down-root-plugin
 %defattr(-,root,root)
-%{plugin_libdir}/openvpn-down-root.so
+%dir %{_libdir}/%{name}
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so
 %files auth-pam-plugin
 %defattr(-,root,root)
-%{plugin_libdir}/openvpn-auth-pam.so
+%dir %{_libdir}/%{name}
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so
 %changelog