%define auth_ldap_version 2.0.3
%define easy_rsa_version 2.2.0_master
%define develname %mklibname %{name} -d


%define plugindir %{_libdir}/%{name}/plugins
%bcond_without ldap

# There is an issue with gcc, so disable for amd64
# waiting reply/fix
%ifarch amd64
%bcond_without ldap
%endif

Summary:	A Secure TCP/UDP Tunneling Daemon
Name:		openvpn
Version:	2.3.9
Release:	%mkrel 1
URL:		http://openvpn.net/
Source0:	https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.xz
Source2:	http://openvpn-auth-ldap.googlecode.com/files/auth-ldap-%{auth_ldap_version}.tar.gz
Source3:	dhcp.sh
Source4:	openvpn-tmpfile.conf
Source5:	openvpn@.service
Source6:	openvpn.target
Source7:	https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-%{easy_rsa_version}.tar.gz
Patch1:		openvpn-2.3.openvpn_user.patch
Patch2:		openvpn-auth-ldap-2.0.3-disable-tests.patch
Patch3:		openvpn-2.3.1_rc15-wformat.patch
Patch4:		auth-ldap-rfc2307.patch
Patch1001:	openvpn-auth-ldap-2.0.3-objc.patch
License:	GPLv2
Group:		Networking/Other
BuildRequires:	liblzo-devel 
BuildRequires:	openssl-devel
BuildRequires:	pam-devel
BuildRequires:	libpkcs11-helper-devel
BuildRequires:	automake1.8
BuildRequires:	systemd-devel
%if %with ldap
BuildRequires:	gcc-objc
BuildRequires:	openldap-devel
BuildRequires:	re2c
%endif
Requires(post):  systemd >= %{systemd_required_version}
Requires(post):  rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1

%description
OpenVPN is a robust and highly flexible tunneling application that  uses
all of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP port.


%package -n	%{develname}
Summary: 	Development package for OpenVPN plugins
Group:		System/Libraries
Requires:	%{name} = %{version}-%{release}

%description -n	%{develname}
OpenVPN .h files.

%if %with ldap
This package contains the auth-ldap plugin
%endif

%prep
%setup -q -n openvpn-%{version} -a 7
%if %with ldap
%setup -q -n openvpn-%{version} -a 2 -a 7
%{__mv} auth-ldap-%{auth_ldap_version}/README auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap
pushd auth-ldap-%{auth_ldap_version}
%patch1001 -p1
%patch2 -p1
%patch4 -p1
popd
%endif
%patch1 -p1
%patch3 -p1

%build
%serverbuild
#./pre-touch
libtoolize --copy --force --install
aclocal
automake -a -c -f -i
autoreconf -fi

%configure2_5x \
	--enable-systemd \
	--enable-pthread \
	--with-lzo-headers=%{_includedir}/lzo \
	--enable-password-save || cat config.log

%make

# plugins
%make -C src/plugins/down-root
%make -C src/plugins/auth-pam

%if %with ldap
pushd auth-ldap-%{auth_ldap_version}
%configure2_5x \
	--with-openvpn=`pwd`/../include \
	--libdir=%{plugindir} \
	--with-objc-runtime=GNU
# workaround parallel build problem with generated header
%make -C tools
make -C src TRConfigParser.h
%make
popd
%endif

pushd easy-rsa-%{easy_rsa_version}
%configure2_5x \
	--with-easyrsadir=%{_datadir}/%{name}/easy-rsa
%make
popd

%install
%makeinstall_std
%makeinstall_std -C easy-rsa-%{easy_rsa_version}

install -d %{buildroot}%{_sysconfdir}/%{name}
# (cg) NB The sample config file is needed for drakvpn
cp -pr sample/sample-{config-file,key,script}s %{buildroot}%{_datadir}/%{name}

mkdir -p %{buildroot}%{_datadir}/%{name}
install -d %{buildroot}%{_localstatedir}/lib/%{name}

# (cg) Nuke sysvinit script
rm -f %{buildroot}%{_datadir}/%{name}/sample-scripts/openvpn.init

# (cg) Add systemd units
install -D -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/openvpn.conf
install -D -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/openvpn@.service
install -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/openvpn.target

#plugins
mkdir -p %{buildroot}%{plugindir}

%if %with ldap
pushd auth-ldap-%{auth_ldap_version}
%make_install
popd
%endif

install -m755 %{SOURCE3} %{buildroot}%{_datadir}/%{name}

%pre
%_pre_useradd %{name} %{_localstatedir}/lib/%{name} /bin/true

%post
# (cg) This is a templated unit, so we have to manually convert to systemd
if [ ! -f %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name} ]; then
  if [ -f %{_sysconfdir}/rc3.d/S??%{name} ]; then
    for conf in %{_sysconfdir}/%{name}/*.conf; do
      [ "$conf" = "%{_sysconfdir}/%{name}/*.conf" ] && continue
      conf=$(basename $conf .conf)
      mkdir -p %{_sysconfdir}/systemd/system/%{name}.target.wants
      ln -s %{_unitdir}/%{name}@.service %{_sysconfdir}/systemd/system/%{name}.target.wants/%{name}@$conf.service
    done
    systemctl --quiet enable %{name}.target
  fi
  mkdir -p %{_localstatedir}/lib/rpm-helper/systemd-migration
  touch %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name}
else
  # (cg) Older versions were not controlled by their own target
  UNITS=
  for unit in %{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service; do
    [ "$unit" = "%{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service" ] && continue
    UNITS="$UNITS $unit"
  done
  if [ -n "$UNITS" ]; then
    mkdir %{_sysconfdir}/systemd/system/%{name}.target.wants
    mv $UNITS %{_sysconfdir}/systemd/system/%{name}.target.wants
    systemctl --quiet enable %{name}.target
  fi
fi
%_tmpfilescreate %{name}
%_post_service %{name} %{name}.target

%preun
%_preun_service %{name} %{name}.target

%postun
%_postun_userdel %{name}

%files
%doc AUTHORS INSTALL PORTS README 
%doc COPYING COPYRIGHT.GPL README.IPv6 README.polarssl doc/management-notes.txt
%doc src/plugins/*/README.*
%doc 
%if %with ldap
%doc auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap
%endif
%{_mandir}/man8/%{name}.8*
%{_sbindir}/%{name}
%{_datadir}/%{name}
%dir %{_sysconfdir}/%{name}
#{_datadir}/%%{name}/dhcp.sh
%{_unitdir}/%{name}*.service
%{_unitdir}/%{name}.target
%{_tmpfilesdir}/%{name}.conf
%dir %{_localstatedir}/lib/%{name}
%dir %{plugindir}
%{plugindir}/*
%exclude %{_docdir}/easy-rsa/COPYING
%exclude %{_docdir}/easy-rsa/COPYRIGHT.GPL
%exclude %{_docdir}/easy-rsa/README-2.0

%files -n %{develname}
%{_includedir}/openvpn-plugin.h


%changelog
* Tue Dec 29 2015 luigiwalser <luigiwalser> 2.3.9-1.mga5
+ Revision: 916826
- 2.3.9

* Sat Dec 27 2014 dlucio <dlucio> 2.3.6-1.mga5
+ Revision: 806680
- systemd-devel as BR
- 2.3.6
- P5 merged upstream
- P6 fixes an assertion when there is not crypto

* Tue Dec 02 2014 luigiwalser <luigiwalser> 2.3.2-6.mga5
+ Revision: 800333
- add patch from ubuntu to fix CVE-2014-8104

* Wed Oct 15 2014 umeabot <umeabot> 2.3.2-5.mga5
+ Revision: 743394
- Second Mageia 5 Mass Rebuild

* Tue Sep 16 2014 umeabot <umeabot> 2.3.2-4.mga5
+ Revision: 683259
- Mageia 5 Mass Rebuild

* Mon Jan 27 2014 neoclust <neoclust> 2.3.2-3.mga4
+ Revision: 568428
- Add P4: RFC2307 group support

* Sat Oct 19 2013 umeabot <umeabot> 2.3.2-2.mga4
+ Revision: 529088
- Mageia 4 Mass Rebuild

* Wed Jul 03 2013 dlucio <dlucio> 2.3.2-1.mga4
+ Revision: 449968
- 2.3.2

* Tue Apr 16 2013 colin <colin> 2.3.1-2.mga3
+ Revision: 410213
- Drop patch5 properly (unapplied, but fix is in upstream)
- Rediff and reenable patch3 (wformat)
- Drop patch4 (systemd console input): fixed upstream
- Ship the sample configs accidentally removed in r404203 (needed by drakvpn)

* Sat Apr 13 2013 dlucio <dlucio> 2.3.1-1.mga3
+ Revision: 409825
- 2.3.1
- P5 merged upstream

* Sun Mar 24 2013 colin <colin> 2.3.0-2.mga3
+ Revision: 404859
- Add systemd requires and general post/pre fixes (mga#9302)

* Wed Mar 20 2013 dlucio <dlucio> 2.3.0-1.mga3
+ Revision: 404203
- 2.3.0
- new devel subpackage
- easy-rsa is now anothe project, S7 added
- P1 and P5 rediffed
- P3 and P4 no needed
- lets move plugins to its plugins directory
- multiple spec cleanups

* Sun Jan 27 2013 pterjan <pterjan> 2.2.2-13.mga3
+ Revision: 392746
- Fix parallel build

* Sun Jan 13 2013 umeabot <umeabot> 2.2.2-12.mga3
+ Revision: 362181
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild

* Wed Jan 09 2013 cjw <cjw> 2.2.2-11.mga3
+ Revision: 343413
- patch5: fix build with automake 1.13

* Tue Nov 27 2012 colin <colin> 2.2.2-10.mga3
+ Revision: 322422
- Renumber patches
- Do not package /var/run/openvpn dir (tmpfiles takes care of it)
- Completely drop sysvinit script (including patches to it)
- Minor configure tidyup
- No need to explicitly enable -fPIC (it's enabled by default)
- Enable systemd input for authentication (via upstream + Fred Crozat @ suse)

* Sun Nov 25 2012 colin <colin> 2.2.2-9.mga3
+ Revision: 321721
- Switch to an openvpn.target setup with PartOf= support in .service units
- Run systemd-tmpfiles --create on install to ensure pid file dir creation (mga#8200)
- Package tmpfiles.d snippet in the /usr tree, not /etc as config

* Sat Aug 18 2012 nanardon <nanardon> 2.2.2-8.mga3
+ Revision: 281954
- kill initscripts

* Fri Aug 17 2012 nanardon <nanardon> 2.2.2-7.mga3
+ Revision: 281885
- fix startup with systemd
- fix initscript

* Mon Aug 13 2012 dlucio <dlucio> 2.2.2-6.mga3
+ Revision: 281004
- P13 to fix gcc47 issues, from debian
- rebuild for new libs

* Sat Apr 28 2012 tmb <tmb> 2.2.2-5.mga2
+ Revision: 233831
- Require rpm-helper >= 0.24.8-1 for systemd support

* Sat Apr 21 2012 colin <colin> 2.2.2-4.mga2
+ Revision: 232371
- Use macros in post script.

* Sat Apr 21 2012 colin <colin> 2.2.2-3.mga2
+ Revision: 232360
- Handle systemd template unit migration and mask sysvinit script.

* Wed Apr 18 2012 guillomovitch <guillomovitch> 2.2.2-2.mga2
+ Revision: 231466
- spec cleanup
- systemd support

* Fri Mar 16 2012 dlucio <dlucio> 2.2.2-1.mga2
+ Revision: 223673
- Update to 2.2.2
- New dhcp.sh script that lets to handle dynamic dns with dhcp environments

* Fri Dec 09 2011 wally <wally> 2.2.1-1.2.mga2
+ Revision: 179681
- fix build

  + dmorgan <dmorgan>
    - Rebuild against gcc 4.6.2

  + dlucio <dlucio>
    - more synced patches
    - P3 synced from Mandriva
    - 2.2.1

* Wed Jun 15 2011 mikala <mikala> 2.1.4-2.mga2
+ Revision: 107896
- Add --enable-save-password switch (Allow --askpass and --auth-user-pass passwords to be read from a file)

* Thu Mar 03 2011 ennael <ennael> 2.1.4-1.mga1
+ Revision: 63137
- imported package openvpn