Name: ocserv Version: 0.8.0 Release: 1%{?dist} Summary: OpenConnect SSL VPN server # For a breakdown of the licensing, see PACKAGE-LICENSING # To simplify licenses LGPLv2+ files have been promoted to GPLv3+. License: GPLv3+ and BSD and MIT and CC0 URL: http://www.infradead.org/ocserv/ Source0: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz Source1: ocserv.conf Source2: ocserv.service Source3: ocserv-pamd.conf Source4: PACKAGE-LICENSING Source5: org.infradead.ocserv.conf Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig Patch1: ocserv-0.8.0-endianness.patch Patch2: ocserv-0.8.0-cmp.patch # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gnutls-devel BuildRequires: pam-devel BuildRequires: iproute BuildRequires: systemd BuildRequires: systemd-devel BuildRequires: autogen-libopts-devel BuildRequires: protobuf-c-devel BuildRequires: libnl3-devel BuildRequires: readline-devel BuildRequires: autogen BuildRequires: pcllib-devel BuildRequires: libtalloc-devel BuildRequires: http-parser-devel BuildRequires: tcp_wrappers-devel BuildRequires: automake, autoconf # we don't build with dbus support #BuildRequires: dbus-devel Requires: gnutls-utils Requires: iproute Requires: pam Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd #gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) #CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364 Provides: bundled(bobjenkins-hash) bundled(ccan-container_of) Provides: bundled(ccan-htable) bundled(ccan-list) Provides: bundled(ccan-check_type) bundled(ccan-build_assert) %description OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS to provide the secure VPN service. %prep %setup -q rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h rm -rf src/protobuf/ rm -rf src/ccan/talloc rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h rm -f src/pcl/*.c src/pcl/*.h sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config # GPLv3 in headers is a gnulib bug: # http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/* %patch1 -p1 -b .cmp %patch2 -p1 -b .endianness %build %configure make %{?_smp_mflags} %pre getent group ocserv &>/dev/null || groupadd -r ocserv getent passwd ocserv &>/dev/null || \ /usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \ -d %{_localstatedir}/lib/ocserv ocserv mkdir -p %{_sysconfdir}/pki/ocserv/public mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private mkdir -p %{_sysconfdir}/pki/ocserv/cacerts #generate CA certificate/key if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key >/dev/null 2>&1 echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl certtool --template %{_sysconfdir}/pki/ocserv/ca.tmpl \ --generate-self-signed --load-privkey %{_sysconfdir}/pki/ocserv/private/ca.key \ --outfile %{_sysconfdir}/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1 #rm -f %{_sysconfdir}/pki/ocserv/ca.tmpl fi #generate server certificate/key if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key >/dev/null 2>&1 echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/server.tmpl echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \ --generate-certificate --load-privkey %{_sysconfdir}/pki/ocserv/private/server.key \ --load-ca-certificate %{_sysconfdir}/pki/ocserv/cacerts/ca.crt --load-ca-privkey \ %{_sysconfdir}/pki/ocserv/private/ca.key --outfile %{_sysconfdir}/pki/ocserv/public/server.crt >/dev/null 2>&1 #rm -f %{_sysconfdir}/pki/ocserv/server.tmpl fi %post %systemd_post ocserv.service %preun %systemd_preun ocserv.service %postun %systemd_postun ocserv.service %install rm -rf %{buildroot} cp -a %{SOURCE4} PACKAGE-LICENSING mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/ mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/ install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/ mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/ install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/ mkdir -p %{buildroot}/%{_unitdir} install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir} mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/ install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/ %make_install %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %dir %{_localstatedir}/lib/ocserv %dir %{_sysconfdir}/ocserv %config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf %config(noreplace) %{_sysconfdir}/pam.d/ocserv %doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING %doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT %{_mandir}/man8/ocserv.8* %{_mandir}/man8/occtl.8* %{_mandir}/man8/ocpasswd.8* %{_bindir}/ocpasswd %{_bindir}/occtl %{_sbindir}/ocserv %{_unitdir}/ocserv.service %{_localstatedir}/lib/ocserv/profile.xml %changelog * Mon Jun 02 2014 Nikos Mavrogiannopoulos - 0.8.0-1 - New upstream release * Mon May 26 2014 Nikos Mavrogiannopoulos - 0.8.0pre0-1 - New upstream release * Fri May 09 2014 Nikos Mavrogiannopoulos - 0.3.5-1 - New upstream release * Fri May 02 2014 Nikos Mavrogiannopoulos - 0.3.4-1 - New upstream release * Thu Apr 10 2014 Nikos Mavrogiannopoulos - 0.3.3-1 - New upstream release * Fri Mar 14 2014 Nikos Mavrogiannopoulos - 0.3.2-1 - New upstream release * Mon Feb 17 2014 Nikos Mavrogiannopoulos - 0.3.1-2 - new upstream release * Wed Jan 29 2014 Nikos Mavrogiannopoulos - 0.3.0-2 - Generated certificates no longer carry an expiration date. * Mon Jan 27 2014 Nikos Mavrogiannopoulos - 0.3.0-1 - Updated to latest upstream version (0.3.0). - Certificates and private keys are auto-generated. * Mon Dec 16 2013 Nikos Mavrogiannopoulos - 0.2.3-1 - Updated to latest upstream version (0.2.3). - Corrected the chroot directory in config file. * Fri Dec 6 2013 Nikos Mavrogiannopoulos - 0.2.1-6 - Added exception for the bundling of CCAN components. * Wed Nov 13 2013 Nikos Mavrogiannopoulos - 0.2.1-5 - Updated the way PACKAGE-LICENSING is handled. * Tue Nov 12 2013 Nikos Mavrogiannopoulos - 0.2.1-4 - Replaced gnulib's GPLv3+ license with GPLv2+. According to http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html it was a gnulib bug. - Reduced the number of applicable licenses by upgrading LGPLv2+ components to GPLv2+. - Added PACKAGE-LICENSING. * Mon Nov 11 2013 Nikos Mavrogiannopoulos - 0.2.1-3 - Updated spec to add http-parser and pcllib as dependencies. - Bundled library files are removed. - Updated license information. * Fri Nov 8 2013 Nikos Mavrogiannopoulos - 0.2.1-2 - Updated spec to account improvements suggested by Alec Leamas. * Thu Nov 7 2013 Nikos Mavrogiannopoulos - 0.2.1-1 - Initial version of the package