rpms
/
ocserv
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '50490ebb14'
${ noResults }
ocserv/ocserv.spec

204 lines
7.6 KiB
Raw Blame History

Name: ocserv
Version: 0.3.1
Release: 3%{?dist}
Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING
# To simplify licenses LGPLv2+ files have been promoted to GPLv2+.
License: GPLv2+ and BSD and MIT and CC0
URL: http://www.infradead.org/ocserv/
Source0: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
Source1: ocserv.conf
Source2: ocserv.service
Source3: ocserv-pamd.conf
Source4: PACKAGE-LICENSING
Source5: org.infradead.ocserv.conf
Source6: profile.xml
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gnutls-devel
BuildRequires: pam-devel
BuildRequires: iproute
BuildRequires: systemd
BuildRequires: autogen-libopts-devel
BuildRequires: protobuf-c-devel
BuildRequires: libnl3-devel
BuildRequires: readline-devel
BuildRequires: dbus-devel
BuildRequires: autogen
BuildRequires: pcllib-devel
BuildRequires: http-parser-devel
BuildRequires: tcp_wrappers-devel
BuildRequires: automake, autoconf
Requires: gnutls-utils
Requires: iproute
Requires: pam
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib)
#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364
Provides: bundled(bobjenkins-hash) bundled(ccan-container_of)
Provides: bundled(ccan-htable) bundled(ccan-list)
Provides: bundled(ccan-check_type) bundled(ccan-build_assert)
%description
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
to provide the secure VPN service.
%prep
%setup -q
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
rm -rf src/protobuf/
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
rm -f src/pcl/*.c src/pcl/*.h
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config
# GPLv3 in headers is a gnulib bug:
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
%build
%configure
make %{?_smp_mflags}
%pre
getent group ocserv &>/dev/null || groupadd -r ocserv
getent passwd ocserv &>/dev/null || \
/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
-d %{_localstatedir}/lib/ocserv ocserv
mkdir -p %{_sysconfdir}/pki/ocserv/public
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
#generate CA certificate/key
if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key >/dev/null 2>&1
echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
certtool --template %{_sysconfdir}/pki/ocserv/ca.tmpl \
--generate-self-signed --load-privkey %{_sysconfdir}/pki/ocserv/private/ca.key \
--outfile %{_sysconfdir}/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1
#rm -f %{_sysconfdir}/pki/ocserv/ca.tmpl
fi
#generate server certificate/key
if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then
certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key >/dev/null 2>&1
echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl
echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl
echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/server.tmpl
echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \
--generate-certificate --load-privkey %{_sysconfdir}/pki/ocserv/private/server.key \
--load-ca-certificate %{_sysconfdir}/pki/ocserv/cacerts/ca.crt --load-ca-privkey \
%{_sysconfdir}/pki/ocserv/private/ca.key --outfile %{_sysconfdir}/pki/ocserv/public/server.crt >/dev/null 2>&1
#rm -f %{_sysconfdir}/pki/ocserv/server.tmpl
fi
%post
%systemd_post ocserv.service
%preun
%systemd_preun ocserv.service
%postun
%systemd_postun ocserv.service
%install
rm -rf %{buildroot}
cp -a %{SOURCE4} PACKAGE-LICENSING
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/
mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
#install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
install -p -m 644 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/ocserv/
%make_install
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%dir %{_localstatedir}/lib/ocserv
%dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
%config(noreplace) %{_sysconfdir}/pam.d/ocserv
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
%{_mandir}/man8/ocserv.8*
%{_mandir}/man8/occtl.8*
%{_mandir}/man8/ocpasswd.8*
%{_bindir}/ocpasswd
%{_bindir}/occtl
%{_sbindir}/ocserv
%{_unitdir}/ocserv.service
%{_localstatedir}/lib/ocserv/profile.xml
%changelog
#* xxx xxx xx 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-3
#- Added missing profile.xml
* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2
- new upstream release
* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2
- Generated certificates no longer carry an expiration date.
* Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1
- Updated to latest upstream version (0.3.0).
- Certificates and private keys are auto-generated.
* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1
- Updated to latest upstream version (0.2.3).
- Corrected the chroot directory in config file.
* Fri Dec 6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6
- Added exception for the bundling of CCAN components.
* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-5
- Updated the way PACKAGE-LICENSING is handled.
* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-4
- Replaced gnulib's GPLv3+ license with GPLv2+. According to
http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
it was a gnulib bug.
- Reduced the number of applicable licenses by upgrading LGPLv2+
components to GPLv2+.
- Added PACKAGE-LICENSING.
* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-3
- Updated spec to add http-parser and pcllib as dependencies.
- Bundled library files are removed.
- Updated license information.
* Fri Nov 8 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-2
- Updated spec to account improvements suggested by Alec Leamas.
* Thu Nov 7 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-1
- Initial version of the package
Reference in new issue View Git Blame Copy Permalink