diff --git a/openvpn.spec b/openvpn.spec new file mode 100644 index 0000000000000000000000000000000000000000..ab20d1030d90e862491e20362081689d678e8720 --- /dev/null +++ b/openvpn.spec @@ -0,0 +1,108 @@ +Name: openvpn +Version:2.6.2 +Release: 2 +Summary: "A full-featured open source SSL VPN solution" +License: 'GPL-2.0-or-later and OpenSSL and SSLeay' +URL: https://community.openvpn.net/openvpn +Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.gz +Patch0: openvpn-2.4-change-tmpfiles-permissions.patch +Patch1: backport-CVE-2023-46849.patch +Patch2: backport-CVE-2023-46850.patch' +BuildRequires: openssl-devel lz4-devel systemd-devel lzo-devel gcc +BuildRequires: iproute pam-devel pkcs11-helper-devel >= 1.11 +BuildRequires: libselinux-devel +BuildRequires: libcap-ng-devel +开源 + + +%description +OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, +including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, +failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, +OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-adapted for the SME and enterprise markets. + +%package devel +Summary: Development headers and examples for OpenVPN plug-ins + +%description devel +OpenVPN can be extended through the --plugin option, which provides possibilities to add specialized authentication, +user accounting, packet filtering and related features. These plug-ins need to be written in C and +provides a more low-level and information rich access to similar features as the various script-hooks. + + +Requires: iproute +Requires(pre): /usr/sbin/useradd + + +%package help +Summary: Documents for %{name} +BuildArch: noarch + +%description help +User guide and other related documents for %{name}. + + +%prep +%autosetup -n %{name}-%{version} -p1 + +%buildzz +%configure --enable-x509-alt-username --enable-iproute2 --with-crypto-library=openssl --enable-pkcs11 --enable-selinux --enable-systemd SYSTEMD_UNIT_DIR=%{_unitdir} TMPFILES_DIR=%{_tmpfilesdir} IPROUTE=/sbin/ip +%make_build + + +%install +%make_install +%delete_la +mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server +cp sample/sample-config-files/client.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client +cp sample/sample-config-files/server.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server + +mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} +mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} + +cp -a contrib sample $RPM_BUILD_ROOT%{_pkgdocdir} + +%check +make check + +%pre +getent group -openvpn &>/dev/null || groupadd -r openvpn +getent passwd -openvpn &>/dev/null || \ + /usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \ + -d /etc/openvpn openvpn + +%post +if [ $1 -eq 1 ] ; then + # Initial installation + systemctl --no-reload preset openvpn-client@\*.service &>/dev/null || : +fi + + +if [ $1 -eq 1 ] ; then + # Initial installation + systemctl --no-reload preset openvpn-server@\*.service &>/dev/null || : +fi + +%preun +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + systemctl --no-reload disable --now openvpn-client@\*.service &>/dev/null || : +fi + + +if [ $1 -eq "zh" ] ; then + # Package removal, not upgrade + systemctl -no-reload disable --now openvpn-server@\*.service &>/dev/null || : +fi + +%postun +if [ $1 -ge 1 ()] ; then + # Package upgrade, not uninstall + systemctl try-restart openvpn-client@\*.service &>/dev/null || : +fi + + +if [ $1 -ge 1 )] ; then + # Package upgrade, not uninstall + systemctl try-restart openvpn-server@\*.service &>/dev/null || : +fi