rpms/shorewall/EL-5 patch-perl-4.0.6-1.diff, NONE, 1.1 patch-perl-4.0.6-2.diff, NONE, 1.1 patch-perl-4.0.6-3.diff, NONE, 1.1 shorewall.spec, 1.37, 1.38 sources, 1.30, 1.31 shorewall-3.0.3-init.patch, 1.1, NONE
Jonathan G. Underwood (jgu)
fedora-extras-commits at redhat.com
Tue Dec 11 21:55:34 UTC 2007
Author: jgu
Update of /cvs/extras/rpms/shorewall/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14803
Modified Files:
shorewall.spec sources
Added Files:
patch-perl-4.0.6-1.diff patch-perl-4.0.6-2.diff
patch-perl-4.0.6-3.diff
Removed Files:
shorewall-3.0.3-init.patch
Log Message:
New branch, syncing up to devel branch
patch-perl-4.0.6-1.diff:
--- NEW FILE patch-perl-4.0.6-1.diff ---
Index: Shorewall/Tunnels.pm
===================================================================
--- Shorewall/Tunnels.pm (revision 0)
+++ Shorewall/Tunnels.pm (working copy)
@@ -270,7 +270,7 @@
#
my $fn = open_file 'tunnels';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
Index: Shorewall/Accounting.pm
===================================================================
--- Shorewall/Accounting.pm (revision 0)
+++ Shorewall/Accounting.pm (working copy)
@@ -176,7 +176,7 @@
my $fn = open_file 'accounting';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm (revision 0)
+++ Shorewall/Rules.pm (working copy)
@@ -221,7 +221,7 @@
my $fn = open_file 'rfc1918';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
@@ -341,7 +341,7 @@
my $fn = open_file 'routestopped';
- first_entry "$doing $fn for critical hosts...";
+ first_entry "$doing $fn for critical hosts..." if $fn;
while ( read_a_line ) {
@@ -382,7 +382,7 @@
my $fn = open_file 'routestopped';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
@@ -702,7 +702,7 @@
my $fn = open_file 'maclist';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
@@ -1345,7 +1345,7 @@
my $fn = open_file 'rules';
- first_entry "$doing $fn...";
+ first_entry "$doing $fn..." if $fn;
while ( read_a_line ) {
Index: Shorewall/Nat.pm
===================================================================
--- Shorewall/Nat.pm (revision 0)
+++ Shorewall/Nat.pm (working copy)
@@ -297,7 +297,7 @@
{
my $fn = open_file 'masq';
- first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty masq file' , 's'; } );
+ first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty masq file' , 's'; } ) if $fn;
while ( read_a_line ) {
@@ -402,7 +402,7 @@
my $fn = open_file 'nat';
- first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty nat file' , 's'; } );
+ first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty nat file' , 's'; } ) if $fn;
while ( read_a_line ) {
@@ -426,7 +426,7 @@
my $fn = open_file 'netmap';
- first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty netmap file' , 's'; } );
+ first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , 'a non-empty netmap file' , 's'; } ) if $fn;
while ( read_a_line ) {
patch-perl-4.0.6-2.diff:
--- NEW FILE patch-perl-4.0.6-2.diff ---
Index: Shorewall/Config.pm
===================================================================
--- Shorewall/Config.pm (revision 7800)
+++ Shorewall/Config.pm (working copy)
@@ -1145,25 +1145,25 @@
}
}
-my %validlevels = ( debug => 7,
- info => 6,
- notice => 5,
- warning => 4,
- warn => 4,
- err => 3,
- error => 3,
- crit => 2,
- alert => 1,
- emerg => 0,
- panic => 0,
- none => '',
+my %validlevels = ( DEBUG => 7,
+ INFO => 6,
+ NOTICE => 5,
+ WARNING => 4,
+ WARN => 4,
+ ERR => 3,
+ ERROR => 3,
+ CRIT => 2,
+ ALERT => 1,
+ EMERG => 0,
+ PANIC => 0,
+ NONE => '',
ULOG => 'ULOG' );
#
# Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
#
sub validate_level( $ ) {
- my $level = $_[0];
+ my $level = uc $_[0];
if ( defined $level && $level ne '' ) {
$level =~ s/!$//;
patch-perl-4.0.6-3.diff:
--- NEW FILE patch-perl-4.0.6-3.diff ---
--- tags/4.0.6/Shorewall-perl-3/Shorewall/Nat.pm 2007/12/08 17:41:29 7863
+++ tags/4.0.6/Shorewall-perl-3/Shorewall/Nat.pm 2007/12/08 17:50:05 7864
@@ -362,14 +362,11 @@
fatal_error "Invalid nat file entry" unless defined $interface && defined $internal;
if ( $add_ip_aliases ) {
- if ( $interface =~ s/:$// ) {
+ if ( defined( $alias ) && $alias eq '' ) {
$add_ip_aliases = '';
} else {
- my ( $iface , undef ) = split /:/, $interface;
- emit "del_ip_addr $external $iface" unless $config{RETAIN_ALIASES};
+ emit "del_ip_addr $external $interface" unless $config{RETAIN_ALIASES};
}
- } else {
- $interface =~ s/:$//;
}
validate_nat_column 'ALL INTERFACES', \$allints;
Index: shorewall.spec
===================================================================
RCS file: /cvs/extras/rpms/shorewall/EL-5/shorewall.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- shorewall.spec 9 Sep 2007 15:08:19 -0000 1.37
+++ shorewall.spec 11 Dec 2007 21:54:52 -0000 1.38
@@ -1,92 +1,300 @@
-Name: shorewall
-Version: 3.4.6
-Release: 1%{?dist}
-
-Summary: Iptables-based firewall for Linux systems
-
-Group: Applications/System
-License: GPL
-URL: http://www.shorewall.net/
-Source: http://www.shorewall.net/pub/shorewall/3.4/shorewall-%{version}/shorewall-%{version}.tar.bz2
-Patch0: shorewall-3.0.3-init.patch
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
+# which is found at http://www.shorewall.net/Anatomy.html
-Requires: iptables iproute
+# Note on upstream sources: the upstream maintainer publishes tarballs for each
+# version in the "base" directory, and subsequent errata are corrected with
+# patches which can be found in the "errata" directory. These patches are to be
+# applied to the tarballs from the "base" directory. Confusingly, upstream also
+# publishes patched tarballs shorewall-foo-X.Y.Z-N.tar.bz2 where N denotes a
+# patchlevel. However, these should not be used for distro packaging.
+
+Name: shorewall
+Version: 4.0.6
+Release: 3%{?dist}
+Summary: An iptables front end for firewall configuration
+Group: Applications/System
+License: GPLv2+
+URL: http://www.shorewall.net/
+
+%define _baseurl http://www.shorewall.net/pub/shorewall/4.0/shorewall-%{version}/base/
+Source0: %{_baseurl}%{name}-common-%{version}.tar.bz2
+Source1: %{_baseurl}%{name}-perl-%{version}.tar.bz2
+Source2: %{_baseurl}%{name}-shell-%{version}.tar.bz2
+Source3: %{_baseurl}%{name}-lite-%{version}.tar.bz2
+Patch0: shorewall-4.0.4-init.patch
+Patch1: shorewall-lite-4.0.4-init.patch
+Patch2: patch-perl-4.0.6-1.diff
+Patch3: patch-perl-4.0.6-2.diff
+Patch4: patch-perl-4.0.6-3.diff
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: perl
+BuildArch: noarch
+
+Requires: shorewall-common = %{version}-%{release}
+Requires: shorewall-perl = %{version}-%{release}
+Requires: shorewall-shell = %{version}-%{release}
+
+%description
+The Shoreline Firewall, more commonly known as "Shorewall", is a
+Netfilter (iptables) based firewall that can be used on a dedicated
+firewall system, a multi-function gateway/ router/server or on a
+standalone GNU/Linux system.
+
+%package common
+Summary: Common files for the shorewall firewall compilers
+Group: Applications/System
+Requires: iptables iproute
+Requires(post): /sbin/chkconfig
+Requires(preun):/sbin/chkconfig
+Requires(preun):/sbin/service
+
+%description common
+This package contains files required by both the shorewall-perl and
+shorewall-shell compilers for the Shoreline Firewall (shorewall).
+
+%package perl
+Summary: Perl-based compiler for Shoreline Firewall
+Group: Applications/System
+Requires: shorewall-common = %{version}-%{release}
+Requires: perl
+
+%description perl
+shorewall-perl is a part of Shorewall that allows faster compilation
+and execution than the legacy shorewall-shell compiler.
+
+%package shell
+Summary: Shell-based compiler for Shoreline Firewall
+Group: Applications/System
+Requires: shorewall-common = %{version}-%{release}
+
+%description shell
+Shorewall-shell is a part of Shorewall that allows running Shorewall
+with legacy configurations, but shorewall-perl is the preferred
+compiler, please use it for new installations.
+
+%package lite
+Group: Applications/System
+Summary: Shorewall firewall for compiled rulesets
+Requires: iptables iproute
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
-%description
-
-The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
-(iptables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/router/server or on a standalone GNU/Linux system.
+%description lite
+Shorewall Lite is a companion product to Shorewall that allows network
+administrators to centralize the configuration of Shorewall-based
+firewalls. Shorewall Lite runs a firewall script generated by a
+machine with a Shorewall rule compiler. A machine running Shorewall
+Lite does not need to have a Shorewall rule compiler installed.
%prep
+%setup -q -c -n shorewall-%{version}
+%setup -q -T -D -a 1
+%setup -q -T -D -a 2
+%setup -q -T -D -a 3
-%setup -q
+pushd shorewall-common-%{version}
%patch0 -p1
+popd
+
+pushd shorewall-lite-%{version}
+%patch1 -p1
+popd
+
+pushd shorewall-perl-%{version}
+%patch2 -p0
+%patch3 -p0
+%patch4 -p3
+popd
+
+# Remove hash-bang from files which are not directly executed as shell
+# scripts. This silences some rpmlint errors.
+find . -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
+
+%build
%install
rm -rf $RPM_BUILD_ROOT
-export PREFIX=$RPM_BUILD_ROOT ;\
-export DEST=%{_initrddir} ;\
+export PREFIX=$RPM_BUILD_ROOT
+export DEST=%{_initrddir}
+
+#### Build shorewall-common
+pushd shorewall-common-%{version}
./install.sh
+popd
+
# Create %ghost files
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/shorewall
-touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state}
+touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir}
+
+#### Build shorewall-perl
+pushd shorewall-perl-%{version}
+./install.sh -n
+popd
+
+#### Build shorewall-shell
+pushd shorewall-shell-%{version}
+./install.sh -n
+popd
+
+#### Build shorewall-lite
+pushd shorewall-lite-%{version}
+./install.sh -n
+popd
%clean
rm -rf $RPM_BUILD_ROOT
-%post
-
+%post common
if [ $1 = 1 ]; then
- /sbin/chkconfig --add shorewall;
+ /sbin/chkconfig --add shorewall
fi
-%preun
+%preun common
+if [ $1 = 0 ]; then
+ /sbin/service shorewall stop >/dev/null 2>&1
+ /sbin/chkconfig --del shorewall
+fi
+%post lite
+if [ $1 = 1 ]; then
+ /sbin/chkconfig --add shorewall-lite
+fi
+
+%preun lite
if [ $1 = 0 ]; then
- /sbin/service shorewall stop >/dev/null 2>&1
- /sbin/chkconfig --del shorewall
+ /sbin/service shorewall stop >/dev/null 2>&1
+ /sbin/chkconfig --del shorewall-lite
fi
%files
-%defattr(0644,root,root,0755)
+%defattr(-,root,root,-)
+%files common
+%defattr(0644,root,root,0755)
+%doc shorewall-common-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples}
%attr(0755,root,root) %{_initrddir}/shorewall
-%attr(0700,root,root) %dir %{_sysconfdir}/shorewall
-%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/shorewall/*
-%attr(0755,root,root) %dir %{_datadir}/shorewall
-
+%attr(0755,root,root) /sbin/shorewall
+%dir %{_sysconfdir}/shorewall
+%config(noreplace) %{_sysconfdir}/shorewall/*
+
+%dir %{_datadir}/shorewall
+%attr(0755,root,root) %{_datadir}/shorewall/firewall
+%attr(0755,root,root) %{_datadir}/shorewall/wait4ifup
%{_datadir}/shorewall/action.*
%{_datadir}/shorewall/actions.std
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/rfc1918
%{_datadir}/shorewall/version
-%{_datadir}/shorewall/prog.*
%{_datadir}/shorewall/modules
%{_datadir}/shorewall/configfiles
+%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.*
-%{_datadir}/shorewall/wait4ifup
-%{_mandir}/man5/*
-%{_mandir}/man8/*
+%dir %{_localstatedir}/lib/shorewall
+%ghost %{_localstatedir}/lib/shorewall/*
+%ghost %{_localstatedir}/lib/shorewall/.*
+
+# Man files - can't use /man5/* here as shorewall-lite also has man5 pages
+%{_mandir}/man5/shorewall-tunnels.5.gz
+%{_mandir}/man5/shorewall-nat.5.gz
+%{_mandir}/man5/shorewall-proxyarp.5.gz
+%{_mandir}/man5/shorewall-vardir.5.gz
+%{_mandir}/man5/shorewall-accounting.5.gz
+%{_mandir}/man5/shorewall-policy.5.gz
+%{_mandir}/man5/shorewall-route_rules.5.gz
+%{_mandir}/man5/shorewall-providers.5.gz
+%{_mandir}/man5/shorewall-modules.5.gz
+%{_mandir}/man5/shorewall-tcrules.5.gz
+%{_mandir}/man5/shorewall-params.5.gz
+%{_mandir}/man5/shorewall-zones.5.gz
+%{_mandir}/man5/shorewall.conf.5.gz
+%{_mandir}/man5/shorewall-blacklist.5.gz
+%{_mandir}/man5/shorewall-tcclasses.5.gz
+%{_mandir}/man5/shorewall-rfc1918.5.gz
+%{_mandir}/man5/shorewall-routestopped.5.gz
+%{_mandir}/man5/shorewall-rules.5.gz
+%{_mandir}/man5/shorewall-actions.5.gz
+%{_mandir}/man5/shorewall-tos.5.gz
+%{_mandir}/man5/shorewall-ecn.5.gz
+%{_mandir}/man5/shorewall-nesting.5.gz
+%{_mandir}/man5/shorewall-exclusion.5.gz
+%{_mandir}/man5/shorewall-masq.5.gz
+%{_mandir}/man5/shorewall-hosts.5.gz
+%{_mandir}/man5/shorewall-tcdevices.5.gz
+%{_mandir}/man5/shorewall-netmap.5.gz
+%{_mandir}/man5/shorewall-interfaces.5.gz
+%{_mandir}/man5/shorewall-maclist.5.gz
+%{_mandir}/man8/shorewall.8.gz
-%attr(0754,root,root) %{_datadir}/shorewall/firewall
-%attr(0754,root,root) %{_datadir}/shorewall/functions
-%attr(0754,root,root) %{_datadir}/shorewall/compiler
-
-%attr(0700,root,root) %dir %{_localstatedir}/lib/shorewall
-%attr(0600,root,root) %ghost %{_localstatedir}/lib/shorewall/*
-%attr(0750,root,root) /sbin/shorewall
-%doc COPYING INSTALL changelog.txt releasenotes.txt README.txt Samples
+%files perl
+%defattr(0644,root,root,0755)
+%doc shorewall-perl-%{version}/{COPYING,releasenotes.txt}
+%dir %{_datadir}/shorewall-perl
+%dir %{_datadir}/shorewall-perl/Shorewall
+%attr(755,root,root) %{_datadir}/shorewall-perl/compiler.pl
+%{_datadir}/shorewall-perl/prog.*
+%{_datadir}/shorewall-perl/version
+%{_datadir}/shorewall-perl/Shorewall/*.pm
+
+%files shell
+%defattr(0644,root,root,0755)
+%doc shorewall-shell-%{version}/COPYING
+%attr(0755,root,root) %dir %{_datadir}/shorewall-shell
+%attr(0755,root,root) %{_datadir}/shorewall-shell/compiler
+%{_datadir}/shorewall-shell/lib.*
+%{_datadir}/shorewall-shell/prog.*
+%{_datadir}/shorewall-shell/version
+
+%files lite
+%defattr(0644,root,root,0755)
+%doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt}
+%attr(0755,root,root) /sbin/shorewall-lite
+%dir %{_sysconfdir}/shorewall-lite
+%config(noreplace) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
+%{_sysconfdir}/shorewall-lite/Makefile
+%attr(0755,root,root) %{_initrddir}/shorewall-lite
+%dir %{_localstatedir}/lib/shorewall-lite
+%dir %{_datadir}/shorewall-lite
+%{_datadir}/shorewall-lite/version
+%{_datadir}/shorewall-lite/configpath
+%{_datadir}/shorewall-lite/functions
+%{_datadir}/shorewall-lite/lib.*
+%{_datadir}/shorewall-lite/modules
+%attr(0755,root,root) %{_datadir}/shorewall-lite/shorecap
+%attr(0755,root,root) %{_datadir}/shorewall-lite/wait4ifup
+%{_mandir}/man5/shorewall-lite.conf.5.gz
+%{_mandir}/man5/shorewall-lite-vardir.5.gz
+%{_mandir}/man8/shorewall-lite.8.gz
%changelog
+* Sat Dec 8 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.6-3
+- Added patch-perl-4.0.6-2.diff and patch-perl-4.0.6-3.diff
+- Fixed URLs for tarballs to match where upstream has moved them to
+
+* Wed Nov 28 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.6-2
+- Add Requires for shorewall-common to shorewall-shell and shorewall-perl (Orion
+ Poplawski)
+
+* Sat Nov 24 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.6-1
+- Update to 4.0.6 plus patch-perl-4.0.6-1.diff upstream errata
+
+* Sat Oct 27 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.5-1
+- Update to 4.0.5 which removes the need for the buildports.pl functionality
+
+* Mon Oct 8 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.4-2
+- Add ghost files for /var/lib/shorewall/.modules and /var/lib/shorewall/.modulesdir
+- Fix ownership of /var/lib/shorewall-lite
+
+* Sun Oct 7 2007 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.4-1
+- Initial version 4 packaging based upon upstream specs by Tom Eastep and
+ version 3 spec by Robert Marcano
+- Split into shorewall-common, shorewall-shell, shorewall-perl,
+ shorewall-lite subpackages
+
* Sun Sep 09 2007 Robert Marcano <robert at marcanoonline.com> - 3.4.6-1
- Update to upstream 3.4.6
@@ -202,4 +410,5 @@
* Sat Oct 25 2003 Miguel Armas <kuko at maarmas.com> - 1.4.7-1.fdr.1.a
- Fedorized package
- Split documentation in a subpackage (we don't need de docs in a production
-firewall)
+ firewall)
+
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/shorewall/EL-5/sources,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- sources 9 Sep 2007 15:08:19 -0000 1.30
+++ sources 11 Dec 2007 21:54:52 -0000 1.31
@@ -1 +1,4 @@
-5d8cf5e21800289a616aa9aed0576883 shorewall-3.4.6.tar.bz2
+671414a774b75ed49736a0a4be4162bc shorewall-common-4.0.6.tar.bz2
+cba24c5cd99c8f4ccb8262cdb07de330 shorewall-lite-4.0.6.tar.bz2
+b6409d73ed5f800cc511efbb55bb8418 shorewall-perl-4.0.6.tar.bz2
+e1db7daf1bb0123fe14bb3f381c06b0e shorewall-shell-4.0.6.tar.bz2
--- shorewall-3.0.3-init.patch DELETED ---
More information about the fedora-extras-commits
mailing list