ocserv/ocserv.spec

359 lines
12 KiB
RPMSpec
Raw Normal View History

2015-01-09 12:13:33 +00:00
%global _hardened_build 1
2013-12-06 13:24:37 +00:00
Name: ocserv
2016-11-15 13:51:31 +00:00
Version: 0.11.6
Release: 3%{?dist}
2013-12-06 13:24:37 +00:00
Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING
# To simplify licenses LGPLv2+ files have been promoted to GPLv2+.
License: GPLv2+ and BSD and MIT and CC0
2013-12-06 13:24:37 +00:00
URL: http://www.infradead.org/ocserv/
Source0: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
Source1: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
Source3: ocserv.conf
Source4: ocserv.service
Source5: ocserv-pamd.conf
Source6: PACKAGE-LICENSING
Source8: ocserv-genkey
Source9: ocserv-script
2016-08-05 11:01:40 +00:00
Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
2013-12-06 13:24:37 +00:00
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gnutls-devel
BuildRequires: pam-devel
BuildRequires: iproute
BuildRequires: systemd
2014-05-26 11:23:01 +00:00
BuildRequires: systemd-devel
2013-12-06 13:35:59 +00:00
BuildRequires: autogen-libopts-devel
2014-01-27 09:43:16 +00:00
BuildRequires: protobuf-c-devel
BuildRequires: libnl3-devel
BuildRequires: krb5-devel
BuildRequires: libtasn1-devel
2016-02-19 10:23:57 +00:00
BuildRequires: liboath-devel
2014-01-27 09:43:16 +00:00
BuildRequires: readline-devel
2013-12-06 13:24:37 +00:00
BuildRequires: autogen
2015-01-22 10:41:49 +00:00
BuildRequires: gperf
%ifarch x86_64 %{ix86} %{arm} aarch64
2014-12-29 11:02:34 +00:00
BuildRequires: libseccomp-devel
2015-01-06 10:54:39 +00:00
%endif
2014-01-27 10:45:34 +00:00
BuildRequires: pcllib-devel
2014-05-26 11:09:24 +00:00
BuildRequires: libtalloc-devel
2016-02-19 10:23:57 +00:00
BuildRequires: libev-devel
2014-01-27 10:45:34 +00:00
BuildRequires: http-parser-devel
BuildRequires: tcp_wrappers-devel
2013-12-06 13:24:37 +00:00
BuildRequires: automake, autoconf
2015-09-17 09:47:52 +00:00
BuildRequires: radcli-devel
2015-02-18 09:29:58 +00:00
BuildRequires: lz4-devel
BuildRequires: uid_wrapper
BuildRequires: socket_wrapper
2014-05-26 11:06:37 +00:00
2014-01-27 09:43:16 +00:00
Requires: gnutls-utils
2013-12-06 13:24:37 +00:00
Requires: iproute
Requires: pam
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib)
#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364
Provides: bundled(bobjenkins-hash) bundled(ccan-container_of)
Provides: bundled(ccan-htable) bundled(ccan-list)
Provides: bundled(ccan-check_type) bundled(ccan-build_assert)
%description
2013-12-16 09:32:18 +00:00
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
to provide the secure VPN service.
2013-12-06 13:24:37 +00:00
%prep
2016-08-05 11:01:40 +00:00
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
2013-12-06 13:24:37 +00:00
%setup -q
2015-07-09 10:13:38 +00:00
2013-12-06 13:24:37 +00:00
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
2016-02-19 10:23:57 +00:00
rm -rf src/protobuf/protobuf-c/
2014-05-26 11:09:24 +00:00
rm -rf src/ccan/talloc
2013-12-06 13:24:37 +00:00
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
rm -f src/pcl/*.c src/pcl/*.h
2013-12-06 14:21:42 +00:00
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
2016-08-05 11:01:40 +00:00
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/data/*.config
2014-01-27 09:43:16 +00:00
# GPLv3 in headers is a gnulib bug:
2013-12-06 13:24:37 +00:00
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
2014-08-05 07:53:54 +00:00
touch src/*.proto
2013-12-06 13:24:37 +00:00
%build
2015-01-06 09:40:15 +00:00
%configure \
--enable-systemd
2013-12-06 13:24:37 +00:00
make #%{?_smp_mflags}
2013-12-06 13:24:37 +00:00
%pre
getent group ocserv &>/dev/null || groupadd -r ocserv
getent passwd ocserv &>/dev/null || \
/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
2014-02-17 14:52:29 +00:00
-d %{_localstatedir}/lib/ocserv ocserv
2014-01-27 09:43:16 +00:00
mkdir -p %{_sysconfdir}/pki/ocserv/public
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
2013-12-06 13:24:37 +00:00
2015-01-29 13:09:41 +00:00
%check
make check %{?_smp_mflags}
2013-12-06 13:24:37 +00:00
%post
%systemd_post ocserv.service
%preun
%systemd_preun ocserv.service
%postun
%systemd_postun ocserv.service
%install
rm -rf %{buildroot}
cp -a %{SOURCE6} PACKAGE-LICENSING
2013-12-06 13:24:37 +00:00
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/ocserv/
2013-12-06 13:24:37 +00:00
mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}
2014-02-17 14:52:29 +00:00
mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
2014-03-14 16:02:34 +00:00
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
mkdir -p %{buildroot}/%{_sbindir}
install -p -m 755 %{SOURCE8} %{buildroot}/%{_sbindir}
mkdir -p %{buildroot}/%{_bindir}
install -p -m 755 %{SOURCE9} %{buildroot}/%{_bindir}
2013-12-06 13:24:37 +00:00
%make_install
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
2014-02-17 14:52:29 +00:00
%dir %{_localstatedir}/lib/ocserv
2013-12-06 13:24:37 +00:00
%dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
%config(noreplace) %{_sysconfdir}/pam.d/ocserv
2015-10-08 11:23:49 +00:00
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README.md TODO PACKAGE-LICENSING
2014-02-17 14:52:29 +00:00
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
2013-12-06 13:24:37 +00:00
%{_mandir}/man8/ocserv.8*
2014-01-27 09:43:16 +00:00
%{_mandir}/man8/occtl.8*
2013-12-06 13:24:37 +00:00
%{_mandir}/man8/ocpasswd.8*
%{_bindir}/ocpasswd
2014-01-27 09:43:16 +00:00
%{_bindir}/occtl
2015-11-30 15:59:06 +00:00
%{_bindir}/ocserv-fw
%{_bindir}/ocserv-script
2013-12-06 13:24:37 +00:00
%{_sbindir}/ocserv
%{_sbindir}/ocserv-genkey
2013-12-06 13:24:37 +00:00
%{_unitdir}/ocserv.service
2014-02-17 14:52:29 +00:00
%{_localstatedir}/lib/ocserv/profile.xml
2013-12-06 13:24:37 +00:00
%changelog
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 0.11.6-3
- Rebuild for readline 7.x
2016-11-15 14:23:40 +00:00
* Tue Nov 15 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.6-2
- Removed gpgkeys from sources
2016-11-15 13:51:31 +00:00
* Tue Nov 15 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.6-1
- New upstream release
* Wed Sep 14 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.4-3
- Added getrandom to the list of allowed syscalls (#1375851)
* Thu Sep 8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.4-2
- Rebuild to address http-parser breakage (#1374081)
2016-08-05 11:01:40 +00:00
* Fri Aug 5 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.4-1
- New upstream release
2016-06-16 07:37:34 +00:00
* Thu Jun 16 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.3-1
- New upstream release
* Tue Apr 26 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.2-1
- New upstream release
- Added automatic verification of signature during build
2016-03-21 07:58:53 +00:00
* Mon Mar 21 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.1-1
- new upstream release
2016-02-19 10:23:57 +00:00
* Fri Feb 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.0-1
- new upstream release
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-01-11 08:58:19 +00:00
* Mon Jan 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.11-1
- new upstream release
2015-11-30 15:59:06 +00:00
* Mon Nov 30 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.10-1
- new upstream release
2015-10-08 11:23:49 +00:00
* Thu Oct 8 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.9-1
- new upstream release (#1269479)
2015-09-17 09:47:52 +00:00
* Thu Sep 17 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.8-2
- compile ocserv using radcli
2015-09-07 15:36:05 +00:00
* Mon Sep 7 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.8-1
- new upstream release (#1260327)
2015-08-07 08:28:34 +00:00
* Fri Aug 7 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.7-1
- new upstream release (#1251305)
2015-07-09 10:13:38 +00:00
* Thu Jul 9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.6-2
- corrected JSON output
* Thu Jul 2 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.6-1
- new upstream release (#1238499)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon May 25 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.5-1
- new upstream release (#1215326)
* Mon Apr 27 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.4-1
- new upstream release
2015-03-30 08:12:18 +00:00
* Mon Mar 30 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.2-1
- new upstream release
2015-03-16 09:08:13 +00:00
* Mon Mar 16 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.1-1
- new upstream release
2015-03-11 08:55:21 +00:00
* Wed Mar 11 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.10.0-1
- new upstream release
2015-02-18 09:29:58 +00:00
* Wed Feb 18 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.2-1
- new upstream release
- enabled lz4 compression
* Mon Feb 16 2015 Peter Robinson <pbrobinson@fedoraproject.org> 0.9.1-2
- aarch64 (and ARMv7) now has seccomp support
2015-02-16 09:45:16 +00:00
* Mon Feb 16 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.1-1
- new upstream release
* Thu Jan 29 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-2
- only enable seccomp in x86-64. It seems to be broken in x86:
http://sourceforge.net/p/libseccomp/mailman/message/33275762/
2015-01-22 10:41:49 +00:00
* Thu Jan 22 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-1
- new upstream release
2015-01-09 12:13:33 +00:00
* Fri Jan 9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-4
- enable PIE
* Tue Jan 6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-3
- Comply with system-wide crypto policies (#1179332)
* Mon Jan 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-2
- ocserv.service: depend on network-online.target (#1178760)
2015-01-06 10:54:39 +00:00
- enable seccomp (on platforms it is available)
2014-12-11 12:34:08 +00:00
* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-1
- New upstream release
* Wed Nov 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.8-1
- New upstream release
2014-10-27 08:38:31 +00:00
* Mon Oct 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.7-1
- New upstream release
2014-10-27 09:06:28 +00:00
* Tue Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2
- Ship a default ocserv-script, which will put connecting clients
into the internal firewall zone.
* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
- New upstream release
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-08 11:32:42 +00:00
* Fri Aug 08 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-3
- Rebuilt
2014-08-05 07:53:54 +00:00
* Tue Aug 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-2
- Rebuilt for new protobuf-c
2014-07-28 07:31:13 +00:00
* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-1
- New upstream release
2014-06-30 08:29:57 +00:00
* Mon Jun 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.1-1
- New upstream release
2014-06-06 15:40:51 +00:00
* Fri Jun 06 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-2
- Generate certificates and private keys before the first run
2014-06-06 15:37:42 +00:00
- Corrected chroot path
2014-06-02 07:10:26 +00:00
* Mon Jun 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-1
- New upstream release
2014-05-26 11:06:37 +00:00
* Mon May 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0pre0-1
- New upstream release
2014-05-09 09:00:44 +00:00
* Fri May 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.5-1
- New upstream release
2014-05-02 11:54:34 +00:00
* Fri May 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.4-1
- New upstream release
2014-04-10 12:43:02 +00:00
* Thu Apr 10 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.3-1
- New upstream release
2014-03-14 16:02:34 +00:00
* Fri Mar 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.2-1
- New upstream release
2014-02-17 14:52:29 +00:00
2014-02-17 07:36:36 +00:00
* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2
2014-02-17 07:27:55 +00:00
- new upstream release
2014-01-29 08:35:20 +00:00
* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2
- Generated certificates no longer carry an expiration date.
2014-01-27 09:44:33 +00:00
* Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1
- Updated to latest upstream version (0.3.0).
- Certificates and private keys are auto-generated.
2013-12-16 09:32:18 +00:00
* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1
- Updated to latest upstream version (0.2.3).
- Corrected the chroot directory in config file.
2013-12-06 13:24:37 +00:00
* Fri Dec 6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6
- Added exception for the bundling of CCAN components.
* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-5
- Updated the way PACKAGE-LICENSING is handled.
* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-4
- Replaced gnulib's GPLv3+ license with GPLv2+. According to
http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
it was a gnulib bug.
- Reduced the number of applicable licenses by upgrading LGPLv2+
components to GPLv2+.
- Added PACKAGE-LICENSING.
* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-3
- Updated spec to add http-parser and pcllib as dependencies.
- Bundled library files are removed.
- Updated license information.
* Fri Nov 8 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-2
- Updated spec to account improvements suggested by Alec Leamas.
* Thu Nov 7 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-1
- Initial version of the package