ocserv/ocserv.spec

198 lines
7.2 KiB
RPMSpec
Raw Normal View History

2013-12-06 13:24:37 +00:00
Name: ocserv
2014-02-17 07:27:55 +00:00
Version: 0.3.1
Release: 1%{?dist}
2013-12-06 13:24:37 +00:00
Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING
# To simplify licenses LGPLv2+ files have been promoted to GPLv2+.
License: GPLv2+ and BSD and MIT and CC0
URL: http://www.infradead.org/ocserv/
Source0: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
Source1: ocserv.conf
Source2: ocserv.service
Source3: ocserv-pamd.conf
Source4: PACKAGE-LICENSING
2014-01-27 09:43:16 +00:00
Source5: org.infradead.ocserv.conf
2013-12-06 13:24:37 +00:00
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gnutls-devel
BuildRequires: pam-devel
BuildRequires: iproute
BuildRequires: systemd
2013-12-06 13:35:59 +00:00
BuildRequires: autogen-libopts-devel
2014-01-27 09:43:16 +00:00
BuildRequires: protobuf-c-devel
BuildRequires: libnl3-devel
BuildRequires: readline-devel
BuildRequires: dbus-devel
2013-12-06 13:24:37 +00:00
BuildRequires: autogen
2014-01-27 10:45:34 +00:00
BuildRequires: pcllib-devel
BuildRequires: http-parser-devel
BuildRequires: tcp_wrappers-devel
2013-12-06 13:24:37 +00:00
BuildRequires: automake, autoconf
2014-01-27 09:43:16 +00:00
Requires: gnutls-utils
2013-12-06 13:24:37 +00:00
Requires: iproute
Requires: pam
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib)
#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364
Provides: bundled(bobjenkins-hash) bundled(ccan-container_of)
Provides: bundled(ccan-htable) bundled(ccan-list)
Provides: bundled(ccan-check_type) bundled(ccan-build_assert)
%description
2013-12-16 09:32:18 +00:00
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
to provide the secure VPN service.
2013-12-06 13:24:37 +00:00
%prep
%setup -q
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
2014-01-27 09:43:16 +00:00
rm -rf src/protobuf/
2013-12-06 13:24:37 +00:00
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
rm -f src/pcl/*.c src/pcl/*.h
2013-12-06 14:21:42 +00:00
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
2013-12-16 09:32:18 +00:00
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config
2014-01-27 09:43:16 +00:00
# GPLv3 in headers is a gnulib bug:
2013-12-06 13:24:37 +00:00
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
%build
%configure
2014-01-27 09:43:16 +00:00
make %{?_smp_mflags}
2013-12-06 13:24:37 +00:00
%pre
getent group ocserv &>/dev/null || groupadd -r ocserv
getent passwd ocserv &>/dev/null || \
/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
-d /var/lib/ocserv ocserv
2014-01-27 09:43:16 +00:00
mkdir -p %{_sysconfdir}/pki/ocserv/public
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
#generate CA certificate/key
if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key >/dev/null 2>&1
2014-01-27 09:43:16 +00:00
echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl
2014-01-29 08:35:20 +00:00
echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
2014-01-27 09:43:16 +00:00
echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
certtool --template %{_sysconfdir}/pki/ocserv/ca.tmpl \
--generate-self-signed --load-privkey %{_sysconfdir}/pki/ocserv/private/ca.key \
--outfile %{_sysconfdir}/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1
2014-01-27 09:43:16 +00:00
#rm -f %{_sysconfdir}/pki/ocserv/ca.tmpl
fi
#generate server certificate/key
if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key >/dev/null 2>&1
2014-01-27 09:43:16 +00:00
echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl
echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl
2014-01-29 08:35:20 +00:00
echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/server.tmpl
2014-01-27 09:43:16 +00:00
echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \
--generate-certificate --load-privkey %{_sysconfdir}/pki/ocserv/private/server.key \
--load-ca-certificate %{_sysconfdir}/pki/ocserv/cacerts/ca.crt --load-ca-privkey \
%{_sysconfdir}/pki/ocserv/private/ca.key --outfile %{_sysconfdir}/pki/ocserv/public/server.crt >/dev/null 2>&1
2014-01-27 09:43:16 +00:00
#rm -f %{_sysconfdir}/pki/ocserv/server.tmpl
fi
2013-12-06 13:24:37 +00:00
%post
%systemd_post ocserv.service
%preun
%systemd_preun ocserv.service
%postun
%systemd_postun ocserv.service
%install
rm -rf %{buildroot}
cp -a %{SOURCE4} PACKAGE-LICENSING
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/
2014-01-27 09:43:16 +00:00
mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
2013-12-06 13:24:37 +00:00
mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
mkdir -p %{buildroot}/var/lib/ocserv/
%make_install
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%dir /var/lib/ocserv
%dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
2014-01-27 09:43:16 +00:00
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
2013-12-06 13:24:37 +00:00
%config(noreplace) %{_sysconfdir}/pam.d/ocserv
2014-01-27 09:43:16 +00:00
2013-12-06 13:24:37 +00:00
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
%{_mandir}/man8/ocserv.8*
2014-01-27 09:43:16 +00:00
%{_mandir}/man8/occtl.8*
2013-12-06 13:24:37 +00:00
%{_mandir}/man8/ocpasswd.8*
%{_bindir}/ocpasswd
2014-01-27 09:43:16 +00:00
%{_bindir}/occtl
2013-12-06 13:24:37 +00:00
%{_sbindir}/ocserv
%{_unitdir}/ocserv.service
%changelog
2014-02-17 07:27:55 +00:00
* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-1
- new upstream release
2014-01-29 08:35:20 +00:00
* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2
- Generated certificates no longer carry an expiration date.
2014-01-27 09:44:33 +00:00
* Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1
- Updated to latest upstream version (0.3.0).
- Certificates and private keys are auto-generated.
2013-12-16 09:32:18 +00:00
* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1
- Updated to latest upstream version (0.2.3).
- Corrected the chroot directory in config file.
2013-12-06 13:24:37 +00:00
* Fri Dec 6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6
- Added exception for the bundling of CCAN components.
* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-5
- Updated the way PACKAGE-LICENSING is handled.
* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-4
- Replaced gnulib's GPLv3+ license with GPLv2+. According to
http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
it was a gnulib bug.
- Reduced the number of applicable licenses by upgrading LGPLv2+
components to GPLv2+.
- Added PACKAGE-LICENSING.
* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-3
- Updated spec to add http-parser and pcllib as dependencies.
- Bundled library files are removed.
- Updated license information.
* Fri Nov 8 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-2
- Updated spec to account improvements suggested by Alec Leamas.
* Thu Nov 7 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-1
- Initial version of the package