rpms
/
openvpn
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'i10ce'
${ noResults }
openvpn/SPECS/openvpn.spec

264 lines
8.9 KiB
Raw Permalink Blame History

%define _hardened_build 1
%global snap_tstamp 20241212
%global commit baa9192851006e2dbb90b410011e61ecf2e01870
%global shortcommit %(c=%{commit}; echo ${c:0:7})
# LTO needs to be disabled to avoid issues when linking the unit-test,
# which utilizes --wrap in the link process
%global _lto_cflags %{nil}
#
# Build conditionals
#
# Build with OpenVPN Data Channel Offload (kernel) support?
%bcond_without dco
# Build with PKCS#11/SmartCard support?
%bcond_without pkcs11
# tests_long - Enabled by default, enables long running tests in %%check
%bcond_without tests_long
Name: openvpn
Version: 2.7
Release: 0.%{snap_tstamp}git%{shortcommit}%{?dist}
Summary: A full-featured TLS VPN solution
URL: https://community.openvpn.net/
Source0: https://github.com/OpenVPN/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source2: roadwarrior-server.conf
Source3: roadwarrior-client.conf
Patch1: fedora-crypto-policy-compliance.patch
Patch50: openvpn-2.4-change-tmpfiles-permissions.patch
License: GPL-2.0-only
BuildRequires: gcc
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: autoconf-archive
BuildRequires: libcap-ng-devel
BuildRequires: libtool
BuildRequires: gettext
BuildRequires: lzo-devel
BuildRequires: lz4-devel
BuildRequires: make
BuildRequires: openssl-devel >= 1.1.0
%if %{with dco}
BuildRequires: libnl3-devel
%endif
%if %{with pkcs11}
BuildRequires: pkcs11-helper-devel >= 1.11
%endif
BuildRequires: pam-devel
BuildRequires: libselinux-devel
BuildRequires: libcmocka-devel
BuildRequires: systemd
BuildRequires: systemd-devel
%{?systemd_requires}
Requires(pre): /usr/sbin/useradd
%if %{with dco}
Recommends: kmod-ovpn-dco >= 0.2
%endif
BuildRequires: python3-docutils
# For the perl_default_filter macro
BuildRequires: perl-macros
# Filter out the perl(Authen::PAM) dependency.
# No perl dependency is really needed at all.
%{?perl_default_filter}
%description
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.
NOTE: Until the OpenVPN 2.7 release is completed, EPEL-10 builds will
ship with git master development snapshots. These snapshots will
contain what will be part of the next v2.7 release.
%package devel
Summary: Development headers and examples for OpenVPN plug-ins
%description devel
OpenVPN can be extended through the --plugin option, which provides
possibilities to add specialized authentication, user accounting,
packet filtering and related features. These plug-ins need to be
written in C and provides a more low-level and information rich access
to similar features as the various script-hooks.
%prep
%setup -q -n openvpn-%{commit}
%autopatch -p1
# Need to generate this on-the-fly to make autoreconf happy
# This build is from a git snapshot, not a release source tarball
echo "define([PRODUCT_NAME], [OpenVPN])" > version.m4
echo "define([PRODUCT_VERSION], [%{version}-%{release}])" >> version.m4
echo "define([PRODUCT_GUIVERSION], [copr:%{version}-%{release}])" >> version.m4
echo "define([PRODUCT_TARNAME], [openvpn])" >> version.m4
echo "define([PRODUCT_BUGREPORT], [openvpn-devel@lists.sourceforge.net])" >> version.m4
echo "define([PRODUCT_VERSION_MAJOR], [2])" >> version.m4
echo "define([PRODUCT_VERSION_MINOR], [7])" >> version.m4
echo "define([PRODUCT_VERSION_PATCH], [_git%{shortcommit}])" >> version.m4
autoreconf -vi
# %%doc items shouldn't be executable.
find contrib sample -type f -perm /100 \
-exec chmod a-x {} \;
%build
%configure \
--enable-silent-rules \
--with-crypto-library=openssl \
%{?with_pkcs11:--enable-pkcs11} \
--enable-selinux \
--enable-systemd \
--enable-x509-alt-username \
--enable-async-push \
%{?!with_dco:--disable-dco} \
--docdir=%{_pkgdocdir} \
SYSTEMD_UNIT_DIR=%{_unitdir} \
TMPFILES_DIR=%{_tmpfilesdir}
%{__make} %{?_smp_mflags}
%check
# Test Crypto:
./src/openvpn/openvpn --genkey secret key
./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key --allow-deprecated-insecure-static-crypto
./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key --allow-deprecated-insecure-static-crypto
./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key --allow-deprecated-insecure-static-crypto
./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key --allow-deprecated-insecure-static-crypto
# Some of the unit tests does not run on RHEL-7
pushd tests/unit_tests
%{__make} %{?_smp_mflags} check
popd
%if %{with tests_long}
# Randomize ports for tests to avoid conflicts on the build servers.
cport=$[ 50000 + ($RANDOM % 15534) ]
sport=$[ $cport + 1 ]
sed -e 's/^\(rport\) .*$/\1 '$sport'/' \
-e 's/^\(lport\) .*$/\1 '$cport'/' \
< sample/sample-config-files/loopback-client \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client
sed -e 's/^\(rport\) .*$/\1 '$cport'/' \
-e 's/^\(lport\) .*$/\1 '$sport'/' \
< sample/sample-config-files/loopback-server \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
pushd sample
# Test SSL/TLS negotiations (runs for 2 minutes):
../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client &
../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
wait
popd
rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
%endif
%install
%{__make} install DESTDIR=%{buildroot}
find %{buildroot} -name '*.la' | xargs rm -f
mkdir -p -m 0750 %{buildroot}/%{_sysconfdir}/%{name}/client %{buildroot}/%{_sysconfdir}/%{name}/server
cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/
# Create some directories the OpenVPN package should own
mkdir -m 0750 -p %{buildroot}%{_rundir}/%{name}-{client,server}
mkdir -m 0770 -p %{buildroot}%{_sharedstatedir}/%{name}
# Package installs into %%{_pkgdocdir} directly
# Add various additional files
cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd %{buildroot}%{_pkgdocdir}
# Fix incorrect she-bang on a python script
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_interpreter_invocation
sed -e "s|^#!/usr/bin/env.*python3$|#!%{python3} -%{py3_shebang_flags}|" \
-i %{buildroot}%{_pkgdocdir}/contrib/extract-crl/extractcrl.py
# Remove some files which does not really belong here
rm -f %{buildroot}%{_pkgdocdir}/sample/Makefile{,.in,.am}
rm -f %{buildroot}%{_pkgdocdir}/sample/sample-plugins/Makefile{,.in,.am}
rm -rf %{buildroot}%{_pkgdocdir}/sample/sample-keys
rm -f %{buildroot}%{_pkgdocdir}/contrib/multilevel-init.patch
rm -rf %{buildroot}%{_pkgdocdir}/contrib/vcpkg-*
rm -rf %{buildroot}%{_pkgdocdir}/contrib/cmake*
%pre
getent group openvpn &>/dev/null || groupadd -r openvpn
getent passwd openvpn &>/dev/null || \
/usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \
-d /etc/openvpn openvpn
exit 0
%post
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
do
%systemd_post $srv
done
%preun
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
do
%systemd_preun $srv
done
%postun
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
do
%systemd_postun_with_restart $srv
done
%files
%license COPYING COPYRIGHT.GPL
%{_pkgdocdir}/
%exclude %{_pkgdocdir}/{COPYING,COPYRIGHT.GPL}
%exclude %{_pkgdocdir}/README.mbedtls
%exclude %{_pkgdocdir}/sample/sample-plugins
%{_mandir}/man8/%{name}.8*
%{_mandir}/man5/%{name}-*.5*
%{_sbindir}/%{name}
%{_libdir}/%{name}/
%{_unitdir}/%{name}-client@.service
%{_unitdir}/%{name}-server@.service
%{_tmpfilesdir}/%{name}.conf
%config %dir %{_sysconfdir}/%{name}/
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server
%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name}
%dir %attr(0750,-,openvpn) %{_rundir}/openvpn-client
%dir %attr(0750,-,openvpn) %{_rundir}/openvpn-server
%files devel
%{_pkgdocdir}/sample/sample-plugins
%exclude %{_pkgdocdir}/sample/sample-{config-files,scripts,windows}
%{_includedir}/openvpn-plugin.h
%{_includedir}/openvpn-msg.h
%changelog
* Tue Dec 24 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.7-0.20241212gitbaa9192
- Rebuilt for MSVSphere 10
* Wed Dec 18 2024 David Sommerseth <davids@openvpn.net> - 2.7-20241212gitbaa9192
- First packaging attempt for EPEL-10 - OpenVPN 2.7 git master snapshot build
- Update to git master baa9192851006e2dbb90b410011e61ecf2e01870
Reference in new issue View Git Blame Copy Permalink