forked from pool/openvpn
Marius Tomaschewski
2ca2ba7e01
not require libselinux-devel on SLE-10 and datadir/doc cleanup. OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=39
241 lines
7.6 KiB
RPMSpec
241 lines
7.6 KiB
RPMSpec
#
|
|
# spec file for package openvpn
|
|
#
|
|
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: openvpn
|
|
Url: http://openvpn.net/
|
|
%if 0%{?suse_version}
|
|
PreReq: %insserv_prereq %fillup_prereq
|
|
%endif
|
|
Version: 2.2.2
|
|
Release: 0
|
|
%define upstream_version %version
|
|
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
|
|
License: GPL-2.0+ ; LGPL-2.1+
|
|
Group: Productivity/Networking/Security
|
|
Source: http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz
|
|
Source1: http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc
|
|
Source2: openvpn.init
|
|
Source3: openvpn.README.SUSE
|
|
Source4: client-netconfig.up
|
|
Source5: client-netconfig.down
|
|
Patch1: %{name}-2.1-plugin-man.dif
|
|
Patch2: %{name}-2.1-plugin-build.dif
|
|
Patch3: openvpn-2.1-systemd-passwd.patch
|
|
Patch4: 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
|
|
Patch5: openvpn-2.2.1-man-dot.diff
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildRequires: automake
|
|
BuildRequires: iproute2
|
|
BuildRequires: lzo-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pam-devel
|
|
%if 0%{?suse_version} > 1010
|
|
BuildRequires: libselinux-devel
|
|
%endif
|
|
%if 0%{?suse_version} > 1030
|
|
BuildRequires: pkcs11-helper-devel
|
|
Requires: pkcs11-helper
|
|
%endif
|
|
%define plugin_dir %{_libdir}/%{name}/plugin
|
|
%define plugin_libdir %{plugin_dir}/lib
|
|
|
|
%description
|
|
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
|
|
range of configurations, including remote access, site-to-site VPNs,
|
|
WiFi security, and enterprise-scale remote access solutions with load
|
|
balancing, failover, and fine-grained access-controls.
|
|
|
|
OpenVPN implements OSI layer 2 or 3 secure network extension using the
|
|
industry standard SSL/TLS protocol, supports flexible client
|
|
authentication methods based on certificates, smart cards, and/or
|
|
2-factor authentication, and allows user or group-specific access
|
|
control policies using firewall rules applied to the VPN virtual
|
|
interface.
|
|
|
|
OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
|
|
NetBSD, Mac OS X, and Solaris.
|
|
|
|
OpenVPN is not a web application proxy and does not operate through a
|
|
web browser.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
James Yonan <jim@yonan.net>
|
|
|
|
%package down-root-plugin
|
|
Summary: OpenVPN down-root plugin
|
|
Group: Productivity/Networking/Security
|
|
Requires: %{name} = %{version}
|
|
|
|
%description down-root-plugin
|
|
The OpenVPN down-root plugin allows an OpenVPN configuration to call a
|
|
down script with root privileges, even when privileges have been
|
|
dropped using --user/--group/--chroot.
|
|
|
|
This module uses a split privilege execution model which will fork()
|
|
before OpenVPN drops root privileges, at the point where the --up
|
|
script is usually called. The plugin will then remain in a wait state
|
|
until it receives a message from OpenVPN via pipe to execute the down
|
|
script. Thus, the down script will be run in the same execution
|
|
environment as the up script.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
James Yonan <jim@yonan.net>
|
|
|
|
%package auth-pam-plugin
|
|
Summary: OpenVPN auth-pam plugin
|
|
Group: Productivity/Networking/Security
|
|
Requires: %{name} = %{version}
|
|
|
|
%description auth-pam-plugin
|
|
The OpenVPN auth-pam plugin implements username/password authentication
|
|
via PAM, and essentially allows any authentication method supported by
|
|
PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with
|
|
OpenVPN.
|
|
|
|
While PAM supports username/password authentication, this can be
|
|
combined with X509 certificates to provide two indepedent levels of
|
|
authentication.
|
|
|
|
This plugin uses a split privilege execution model which will function
|
|
even if you drop openvpn daemon privileges using the user, group, or
|
|
chroot directives.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
James Yonan <jim@yonan.net>
|
|
|
|
%prep
|
|
%setup -q -n %{name}-%{upstream_version}
|
|
%patch1 -p0
|
|
%patch2 -p0
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch5 -p0
|
|
sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \
|
|
-e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \
|
|
-e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
|
|
-i openvpn.8
|
|
# the build __DATE__ causes obs rebuild/republish of binaries;
|
|
# use the date of version.m4 file in the tar archive instead
|
|
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i options.c
|
|
|
|
%build
|
|
autoreconf -fi
|
|
export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing"
|
|
export LDFLAGS
|
|
%configure \
|
|
--enable-iproute2 \
|
|
--enable-x509-alt-username \
|
|
--enable-password-save \
|
|
--with-lzo-headers=%_includedir/lzo \
|
|
CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
|
|
LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib"
|
|
make
|
|
#
|
|
# Build down-root plugin
|
|
#
|
|
pushd plugin/down-root
|
|
make
|
|
popd
|
|
#
|
|
# Build auth-pam plugin
|
|
#
|
|
pushd plugin/auth-pam
|
|
make
|
|
popd
|
|
|
|
%install
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
|
|
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
|
|
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
|
|
install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn
|
|
ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn
|
|
cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
|
|
install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample-scripts/client-netconfig.up
|
|
install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample-scripts/client-netconfig.down
|
|
find sample-* suse contrib -type f -exec chmod -x \{\} \;
|
|
chmod -x easy-rsa/2.0/{vars,openssl*.cnf}
|
|
chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl}
|
|
cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/
|
|
rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows
|
|
#
|
|
# Install the plugins
|
|
#
|
|
install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/
|
|
mv -f plugin/README README.plugins
|
|
for pi in auth-pam down-root; do
|
|
mv -f plugin/$pi/README README.$pi
|
|
install -m 755 plugin/$pi/openvpn-$pi.so \
|
|
$RPM_BUILD_ROOT%{plugin_libdir}/
|
|
done
|
|
# we install docs via spec into _defaultdocdir/name/management-notes.txt
|
|
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
|
|
|
|
%clean
|
|
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
|
|
|
|
%post
|
|
%{?fillup_and_insserv:%fillup_and_insserv -f}
|
|
|
|
%preun
|
|
%{?stop_on_removal:%stop_on_removal openvpn}
|
|
|
|
%postun
|
|
%{?insserv_cleanup:%insserv_cleanup}
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
|
|
%doc README.*
|
|
%doc contrib
|
|
%doc sample-config-files
|
|
%doc sample-keys
|
|
%doc sample-scripts
|
|
%doc suse
|
|
%doc management/management-notes.txt
|
|
%doc %{_mandir}/man8/openvpn.8.gz
|
|
%config(noreplace) %{_sysconfdir}/openvpn/
|
|
%config %{_sysconfdir}/init.d/openvpn
|
|
%{_sbindir}/openvpn
|
|
%{_sbindir}/rcopenvpn
|
|
%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
|
|
%dir %{_datadir}/openvpn
|
|
%{_datadir}/openvpn/easy-rsa
|
|
%dir %{_libdir}/%{name}
|
|
%dir %{plugin_dir}
|
|
%dir %{plugin_libdir}
|
|
|
|
%files down-root-plugin
|
|
%defattr(-,root,root)
|
|
%{plugin_libdir}/openvpn-down-root.so
|
|
|
|
%files auth-pam-plugin
|
|
%defattr(-,root,root)
|
|
%{plugin_libdir}/openvpn-auth-pam.so
|
|
|
|
%changelog
|