diff --git a/.rpmlint b/.rpmlint new file mode 100644 index 0000000..5232fc9 --- /dev/null +++ b/.rpmlint @@ -0,0 +1,2 @@ +addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") +addFilter("E: non-standard-dir-perm /etc/openvpn/client 0750L") diff --git a/openvpn.spec b/openvpn.spec index 7947d8c..7df788d 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,11 +1,13 @@ %define _hardened_build 1 #define prerelease rc22 -%define plugins down-root auth-pam +# Build conditionals +# tests_long - Enabled by default, enables long running tests in %%check +%bcond_without tests_long Name: openvpn Version: 2.4.1 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -43,9 +45,21 @@ Requires(postun): systemd-units OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP -port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library +port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. +%package devel +Group: Applications/Internet +Summary: Development headers and examples for OpenVPN plug-ins + +%description devel +OpenVPN can be extended through the --plugin option, which provides +possibilities to add specialized authentication, user accounting, +packet filtering and related features. These plug-ins need to be +written in C and provides a more low-level and information rich access +to similar features as the various script-hooks. + + %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p1 @@ -69,34 +83,36 @@ find contrib sample -type f -perm /100 \ # --enable-pkcs11 \ %{__make} -#%check -## Test Crypto: -#./src/openvpn/openvpn --genkey --secret key -#./src/openvpn/openvpn --test-crypto --secret key -# -## Randomize ports for tests to avoid conflicts on the build servers. -#cport=$[ 50000 + ($RANDOM % 15534) ] -#sport=$[ $cport + 1 ] -#sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ -# -e 's/^\(lport\) .*$/\1 '$cport'/' \ -# < sample/sample-config-files/loopback-client \ -# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client -#sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ -# -e 's/^\(lport\) .*$/\1 '$sport'/' \ -# < sample/sample-config-files/loopback-server \ -# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -# -#pushd sample -## Test SSL/TLS negotiations (runs for 2 minutes): -#../src/openvpn/openvpn --config \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -#../src/openvpn/openvpn --config \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -#wait -#popd -# -#rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +%check +# Test Crypto: +./src/openvpn/openvpn --genkey --secret key +./src/openvpn/openvpn --test-crypto --secret key + +%if %{with tests_long} +# Randomize ports for tests to avoid conflicts on the build servers. +cport=$[ 50000 + ($RANDOM % 15534) ] +sport=$[ $cport + 1 ] +sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ + -e 's/^\(lport\) .*$/\1 '$cport'/' \ + < sample/sample-config-files/loopback-client \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client +sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ + -e 's/^\(lport\) .*$/\1 '$sport'/' \ + < sample/sample-config-files/loopback-server \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server + +pushd sample +# Test SSL/TLS negotiations (runs for 2 minutes): +../src/openvpn/openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & +../src/openvpn/openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +wait +popd + +rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +%endif %install %{__make} install DESTDIR=$RPM_BUILD_ROOT @@ -108,6 +124,11 @@ cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ # Add further files cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} +# Remove some files which does not really belong here +rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} +rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch +rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys +rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/keychain-mcd %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -132,10 +153,9 @@ getent passwd openvpn &>/dev/null || \ %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 %exclude %{_pkgdocdir}/README.polarssl +%exclude %{_pkgdocdir}/sample/sample-plugins %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} -%{_includedir}/openvpn-plugin.h -%{_includedir}/openvpn-msg.h %{_libdir}/%{name}/ %{_unitdir}/%{name}-client@.service %{_unitdir}/%{name}-server@.service @@ -144,8 +164,21 @@ getent passwd openvpn &>/dev/null || \ %config %dir %{_sysconfdir}/%{name}/client %config %dir %{_sysconfdir}/%{name}/server +%files devel +%{_pkgdocdir}/sample/sample-plugins +%{_includedir}/openvpn-plugin.h +%{_includedir}/openvpn-msg.h + %changelog +* Wed Mar 29 2017 David Sommerseth - 2.4.1-3 +- Splitting out -devel files into a separate package +- Removed several contrib and sample files which makes is not + strictly needed in this package. +- build: Enable tests runs by default, long running tests can + be disabled with "--without tests_long" +- build: Removed defined %%{plugins} macro not in use + * Fri Mar 24 2017 David Sommerseth - 2.4.1-2 - Various cleanups - Use systemd-rpm macros (rhbz #850257)