|
|
|
@ -1,5 +1,5 @@
|
|
|
|
|
Name: ocserv
|
|
|
|
|
Version: 0.2.3
|
|
|
|
|
Version: 0.3.0
|
|
|
|
|
Release: 1%{?dist}
|
|
|
|
|
Summary: OpenConnect SSL VPN server
|
|
|
|
|
|
|
|
|
@ -12,6 +12,7 @@ Source1: ocserv.conf
|
|
|
|
|
Source2: ocserv.service
|
|
|
|
|
Source3: ocserv-pamd.conf
|
|
|
|
|
Source4: PACKAGE-LICENSING
|
|
|
|
|
Source5: org.infradead.ocserv.conf
|
|
|
|
|
|
|
|
|
|
# Taken from upstream:
|
|
|
|
|
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
|
|
|
@ -22,10 +23,15 @@ BuildRequires: pam-devel
|
|
|
|
|
BuildRequires: iproute
|
|
|
|
|
BuildRequires: systemd
|
|
|
|
|
BuildRequires: autogen-libopts-devel
|
|
|
|
|
BuildRequires: protobuf-c-devel
|
|
|
|
|
BuildRequires: libnl3-devel
|
|
|
|
|
BuildRequires: readline-devel
|
|
|
|
|
BuildRequires: dbus-devel
|
|
|
|
|
BuildRequires: autogen
|
|
|
|
|
BuildRequires: pcllib-devel, http-parser-devel, tcp_wrappers-devel
|
|
|
|
|
BuildRequires: automake, autoconf
|
|
|
|
|
|
|
|
|
|
Requires: gnutls-utils
|
|
|
|
|
Requires: iproute
|
|
|
|
|
Requires: pam
|
|
|
|
|
Requires(pre): shadow-utils
|
|
|
|
@ -50,11 +56,12 @@ to provide the secure VPN service.
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q
|
|
|
|
|
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
|
|
|
|
|
rm -rf src/protobuf/
|
|
|
|
|
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
|
|
|
|
|
rm -f src/pcl/*.c src/pcl/*.h
|
|
|
|
|
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
|
|
|
|
|
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config
|
|
|
|
|
# GPLv3 in headers was a gnulib bug:
|
|
|
|
|
# GPLv3 in headers is a gnulib bug:
|
|
|
|
|
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
|
|
|
|
|
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
|
|
|
|
|
|
|
|
|
@ -64,13 +71,41 @@ sed -i 's/either version 3 of the License/either version 2 of the License/g' bui
|
|
|
|
|
|
|
|
|
|
# disable the smp_mflags until an issue with the dependencies in the
|
|
|
|
|
# autogen'erated files is fixed
|
|
|
|
|
make #%{?_smp_mflags}
|
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
|
|
|
|
%pre
|
|
|
|
|
getent group ocserv &>/dev/null || groupadd -r ocserv
|
|
|
|
|
getent passwd ocserv &>/dev/null || \
|
|
|
|
|
/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
|
|
|
|
|
-d /var/lib/ocserv ocserv
|
|
|
|
|
mkdir -p %{_sysconfdir}/pki/ocserv/public
|
|
|
|
|
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
|
|
|
|
|
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
|
|
|
|
|
#generate CA certificate/key
|
|
|
|
|
if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then
|
|
|
|
|
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key
|
|
|
|
|
echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl
|
|
|
|
|
echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
|
|
|
|
|
echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
|
|
|
|
|
echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
|
|
|
|
|
certtool --template %{_sysconfdir}/pki/ocserv/ca.tmpl \
|
|
|
|
|
--generate-self-signed --load-privkey %{_sysconfdir}/pki/ocserv/private/ca.key \
|
|
|
|
|
--outfile %{_sysconfdir}/pki/ocserv/cacerts/ca.crt
|
|
|
|
|
#rm -f %{_sysconfdir}/pki/ocserv/ca.tmpl
|
|
|
|
|
fi
|
|
|
|
|
#generate server certificate/key
|
|
|
|
|
if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then
|
|
|
|
|
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key
|
|
|
|
|
echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl
|
|
|
|
|
echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl
|
|
|
|
|
echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
|
|
|
|
|
echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
|
|
|
|
|
certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \
|
|
|
|
|
--generate-certificate --load-privkey %{_sysconfdir}/pki/ocserv/private/server.key \
|
|
|
|
|
--load-ca-certificate %{_sysconfdir}/pki/ocserv/cacerts/ca.crt --load-ca-privkey \
|
|
|
|
|
%{_sysconfdir}/pki/ocserv/private/ca.key --outfile %{_sysconfdir}/pki/ocserv/public/server.crt
|
|
|
|
|
#rm -f %{_sysconfdir}/pki/ocserv/server.tmpl
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%post
|
|
|
|
|
%systemd_post ocserv.service
|
|
|
|
@ -88,6 +123,8 @@ mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
|
|
|
|
|
mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
|
|
|
|
|
install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
|
|
|
|
|
install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/
|
|
|
|
|
mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
|
|
|
|
|
install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
|
|
|
|
|
mkdir -p %{buildroot}/%{_unitdir}
|
|
|
|
|
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
|
|
|
|
|
mkdir -p %{buildroot}/var/lib/ocserv/
|
|
|
|
@ -103,13 +140,17 @@ rm -rf %{buildroot}
|
|
|
|
|
%dir %{_sysconfdir}/ocserv
|
|
|
|
|
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/ocserv
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
|
|
|
|
|
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
|
|
|
|
|
%{_mandir}/man8/ocserv.8*
|
|
|
|
|
%{_mandir}/man8/occtl.8*
|
|
|
|
|
%{_mandir}/man8/ocpasswd.8*
|
|
|
|
|
%{_bindir}/ocpasswd
|
|
|
|
|
%{_bindir}/occtl
|
|
|
|
|
%{_sbindir}/ocserv
|
|
|
|
|
%{_unitdir}/ocserv.service
|
|
|
|
|
|
|
|
|
|