%define auth_ldap_version 2.0.3 %define easy_rsa_version 2.2.0_master %define develname %mklibname %{name} -d %define plugindir %{_libdir}/%{name}/plugins %bcond_without ldap # There is an issue with gcc, so disable for amd64 # waiting reply/fix %ifarch amd64 %bcond_without ldap %endif Summary: A Secure TCP/UDP Tunneling Daemon Name: openvpn Version: 2.3.9 Release: %mkrel 1 URL: http://openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.xz Source2: http://openvpn-auth-ldap.googlecode.com/files/auth-ldap-%{auth_ldap_version}.tar.gz Source3: dhcp.sh Source4: openvpn-tmpfile.conf Source5: openvpn@.service Source6: openvpn.target Source7: https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-%{easy_rsa_version}.tar.gz Patch1: openvpn-2.3.openvpn_user.patch Patch2: openvpn-auth-ldap-2.0.3-disable-tests.patch Patch3: openvpn-2.3.1_rc15-wformat.patch Patch4: auth-ldap-rfc2307.patch Patch1001: openvpn-auth-ldap-2.0.3-objc.patch License: GPLv2 Group: Networking/Other BuildRequires: liblzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: libpkcs11-helper-devel BuildRequires: automake1.8 BuildRequires: systemd-devel %if %with ldap BuildRequires: gcc-objc BuildRequires: openldap-devel BuildRequires: re2c %endif Requires(post): systemd >= %{systemd_required_version} Requires(post): rpm-helper >= 0.24.8-1 Requires(preun): rpm-helper >= 0.24.8-1 %description OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. %package -n %{develname} Summary: Development package for OpenVPN plugins Group: System/Libraries Requires: %{name} = %{version}-%{release} %description -n %{develname} OpenVPN .h files. %if %with ldap This package contains the auth-ldap plugin %endif %prep %setup -q -n openvpn-%{version} -a 7 %if %with ldap %setup -q -n openvpn-%{version} -a 2 -a 7 %{__mv} auth-ldap-%{auth_ldap_version}/README auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap pushd auth-ldap-%{auth_ldap_version} %patch1001 -p1 %patch2 -p1 %patch4 -p1 popd %endif %patch1 -p1 %patch3 -p1 %build %serverbuild #./pre-touch libtoolize --copy --force --install aclocal automake -a -c -f -i autoreconf -fi %configure2_5x \ --enable-systemd \ --enable-pthread \ --with-lzo-headers=%{_includedir}/lzo \ --enable-password-save || cat config.log %make # plugins %make -C src/plugins/down-root %make -C src/plugins/auth-pam %if %with ldap pushd auth-ldap-%{auth_ldap_version} %configure2_5x \ --with-openvpn=`pwd`/../include \ --libdir=%{plugindir} \ --with-objc-runtime=GNU # workaround parallel build problem with generated header %make -C tools make -C src TRConfigParser.h %make popd %endif pushd easy-rsa-%{easy_rsa_version} %configure2_5x \ --with-easyrsadir=%{_datadir}/%{name}/easy-rsa %make popd %install %makeinstall_std %makeinstall_std -C easy-rsa-%{easy_rsa_version} install -d %{buildroot}%{_sysconfdir}/%{name} # (cg) NB The sample config file is needed for drakvpn cp -pr sample/sample-{config-file,key,script}s %{buildroot}%{_datadir}/%{name} mkdir -p %{buildroot}%{_datadir}/%{name} install -d %{buildroot}%{_localstatedir}/lib/%{name} # (cg) Nuke sysvinit script rm -f %{buildroot}%{_datadir}/%{name}/sample-scripts/openvpn.init # (cg) Add systemd units install -D -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/openvpn.conf install -D -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/openvpn@.service install -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/openvpn.target #plugins mkdir -p %{buildroot}%{plugindir} %if %with ldap pushd auth-ldap-%{auth_ldap_version} %make_install popd %endif install -m755 %{SOURCE3} %{buildroot}%{_datadir}/%{name} %pre %_pre_useradd %{name} %{_localstatedir}/lib/%{name} /bin/true %post # (cg) This is a templated unit, so we have to manually convert to systemd if [ ! -f %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name} ]; then if [ -f %{_sysconfdir}/rc3.d/S??%{name} ]; then for conf in %{_sysconfdir}/%{name}/*.conf; do [ "$conf" = "%{_sysconfdir}/%{name}/*.conf" ] && continue conf=$(basename $conf .conf) mkdir -p %{_sysconfdir}/systemd/system/%{name}.target.wants ln -s %{_unitdir}/%{name}@.service %{_sysconfdir}/systemd/system/%{name}.target.wants/%{name}@$conf.service done systemctl --quiet enable %{name}.target fi mkdir -p %{_localstatedir}/lib/rpm-helper/systemd-migration touch %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name} else # (cg) Older versions were not controlled by their own target UNITS= for unit in %{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service; do [ "$unit" = "%{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service" ] && continue UNITS="$UNITS $unit" done if [ -n "$UNITS" ]; then mkdir %{_sysconfdir}/systemd/system/%{name}.target.wants mv $UNITS %{_sysconfdir}/systemd/system/%{name}.target.wants systemctl --quiet enable %{name}.target fi fi %_tmpfilescreate %{name} %_post_service %{name} %{name}.target %preun %_preun_service %{name} %{name}.target %postun %_postun_userdel %{name} %files %doc AUTHORS INSTALL PORTS README %doc COPYING COPYRIGHT.GPL README.IPv6 README.polarssl doc/management-notes.txt %doc src/plugins/*/README.* %doc %if %with ldap %doc auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap %endif %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} %{_datadir}/%{name} %dir %{_sysconfdir}/%{name} #{_datadir}/%%{name}/dhcp.sh %{_unitdir}/%{name}*.service %{_unitdir}/%{name}.target %{_tmpfilesdir}/%{name}.conf %dir %{_localstatedir}/lib/%{name} %dir %{plugindir} %{plugindir}/* %exclude %{_docdir}/easy-rsa/COPYING %exclude %{_docdir}/easy-rsa/COPYRIGHT.GPL %exclude %{_docdir}/easy-rsa/README-2.0 %files -n %{develname} %{_includedir}/openvpn-plugin.h %changelog * Tue Dec 29 2015 luigiwalser <luigiwalser> 2.3.9-1.mga5 + Revision: 916826 - 2.3.9 * Sat Dec 27 2014 dlucio <dlucio> 2.3.6-1.mga5 + Revision: 806680 - systemd-devel as BR - 2.3.6 - P5 merged upstream - P6 fixes an assertion when there is not crypto * Tue Dec 02 2014 luigiwalser <luigiwalser> 2.3.2-6.mga5 + Revision: 800333 - add patch from ubuntu to fix CVE-2014-8104 * Wed Oct 15 2014 umeabot <umeabot> 2.3.2-5.mga5 + Revision: 743394 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 2.3.2-4.mga5 + Revision: 683259 - Mageia 5 Mass Rebuild * Mon Jan 27 2014 neoclust <neoclust> 2.3.2-3.mga4 + Revision: 568428 - Add P4: RFC2307 group support * Sat Oct 19 2013 umeabot <umeabot> 2.3.2-2.mga4 + Revision: 529088 - Mageia 4 Mass Rebuild * Wed Jul 03 2013 dlucio <dlucio> 2.3.2-1.mga4 + Revision: 449968 - 2.3.2 * Tue Apr 16 2013 colin <colin> 2.3.1-2.mga3 + Revision: 410213 - Drop patch5 properly (unapplied, but fix is in upstream) - Rediff and reenable patch3 (wformat) - Drop patch4 (systemd console input): fixed upstream - Ship the sample configs accidentally removed in r404203 (needed by drakvpn) * Sat Apr 13 2013 dlucio <dlucio> 2.3.1-1.mga3 + Revision: 409825 - 2.3.1 - P5 merged upstream * Sun Mar 24 2013 colin <colin> 2.3.0-2.mga3 + Revision: 404859 - Add systemd requires and general post/pre fixes (mga#9302) * Wed Mar 20 2013 dlucio <dlucio> 2.3.0-1.mga3 + Revision: 404203 - 2.3.0 - new devel subpackage - easy-rsa is now anothe project, S7 added - P1 and P5 rediffed - P3 and P4 no needed - lets move plugins to its plugins directory - multiple spec cleanups * Sun Jan 27 2013 pterjan <pterjan> 2.2.2-13.mga3 + Revision: 392746 - Fix parallel build * Sun Jan 13 2013 umeabot <umeabot> 2.2.2-12.mga3 + Revision: 362181 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Wed Jan 09 2013 cjw <cjw> 2.2.2-11.mga3 + Revision: 343413 - patch5: fix build with automake 1.13 * Tue Nov 27 2012 colin <colin> 2.2.2-10.mga3 + Revision: 322422 - Renumber patches - Do not package /var/run/openvpn dir (tmpfiles takes care of it) - Completely drop sysvinit script (including patches to it) - Minor configure tidyup - No need to explicitly enable -fPIC (it's enabled by default) - Enable systemd input for authentication (via upstream + Fred Crozat @ suse) * Sun Nov 25 2012 colin <colin> 2.2.2-9.mga3 + Revision: 321721 - Switch to an openvpn.target setup with PartOf= support in .service units - Run systemd-tmpfiles --create on install to ensure pid file dir creation (mga#8200) - Package tmpfiles.d snippet in the /usr tree, not /etc as config * Sat Aug 18 2012 nanardon <nanardon> 2.2.2-8.mga3 + Revision: 281954 - kill initscripts * Fri Aug 17 2012 nanardon <nanardon> 2.2.2-7.mga3 + Revision: 281885 - fix startup with systemd - fix initscript * Mon Aug 13 2012 dlucio <dlucio> 2.2.2-6.mga3 + Revision: 281004 - P13 to fix gcc47 issues, from debian - rebuild for new libs * Sat Apr 28 2012 tmb <tmb> 2.2.2-5.mga2 + Revision: 233831 - Require rpm-helper >= 0.24.8-1 for systemd support * Sat Apr 21 2012 colin <colin> 2.2.2-4.mga2 + Revision: 232371 - Use macros in post script. * Sat Apr 21 2012 colin <colin> 2.2.2-3.mga2 + Revision: 232360 - Handle systemd template unit migration and mask sysvinit script. * Wed Apr 18 2012 guillomovitch <guillomovitch> 2.2.2-2.mga2 + Revision: 231466 - spec cleanup - systemd support * Fri Mar 16 2012 dlucio <dlucio> 2.2.2-1.mga2 + Revision: 223673 - Update to 2.2.2 - New dhcp.sh script that lets to handle dynamic dns with dhcp environments * Fri Dec 09 2011 wally <wally> 2.2.1-1.2.mga2 + Revision: 179681 - fix build + dmorgan <dmorgan> - Rebuild against gcc 4.6.2 + dlucio <dlucio> - more synced patches - P3 synced from Mandriva - 2.2.1 * Wed Jun 15 2011 mikala <mikala> 2.1.4-2.mga2 + Revision: 107896 - Add --enable-save-password switch (Allow --askpass and --auth-user-pass passwords to be read from a file) * Thu Mar 03 2011 ennael <ennael> 2.1.4-1.mga1 + Revision: 63137 - imported package openvpn