# TODO
# initscript nuauth to revise ??
%define name nufw
%define version 2.4.0
%define release %mkrel 3
%define major 3
%define libname %mklibname nuclient %{major}
%define develname %mklibname %{name} -d
%define _disable_ld_no_undefined 1
Name: %{name}
Version: %{version}
Release: %{release}
Summary: Authentication Firewall Suite for Linux
License: GPLv2+
Group: Networking/Other
Source: http://www.nufw.org/download/nufw/%{name}-%{version}.tar.bz2
Source1: nufw.init
Source2: nuauth.init
Source3: nuauth.pam
Source4: setup-python_nufw.py
Source5: version-python_nufw.py
Source6: README.python_nufw
Source7: http://www.nufw.org/download/nufw/%{name}-%{version}.tar.bz2.asc
URL: http://www.nufw.org/
Patch0: nufw-2.4.0-log_printf.patch
Patch2: nufw-2.2.21-literal.patch
Patch3: nufw-2.2.21-gnutls-2.8.patch
Requires(post): rpm-helper
Requires(postun): rpm-helper
Requires(preun): rpm-helper
Requires(pre): rpm-helper
Requires: iptables python-IPy
BuildRequires: postgresql-devel mysql-devel
BuildRequires: libtasn1-devel gnutls-devel glib2-devel pam-devel libsasl2-devel chrpath
BuildRequires: openldap-devel iptables-devel
BuildRequires: prelude-devel netfilter_queue-devel libnetfilter_conntrack-devel nfnetlink-devel
BuildRequires: python-IPy python-setuptools python-devel
BuildRequires: flex bison
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}/buildroot
%description
NuFW is a firewall able to filter connection according to user uid or user
software, meaning you can allows port 80 for only one user, whatever ip he
uses, or only for konqueror.
NuFW performs an authentication of every single connection passing through the
IP filter, by transparently requesting user's credentials before any filtering
decision is taken. Practically, this means security policies can integrate with
the users directory, and bring the notion of user ID down to the IP layers.
%package utils
Summary: Various utilities for Nufw administrators
Group: Networking/Other
%description utils
This package contains various utilities :
* nutop : a top-like utility to watch connection
* nutcpc : a console client to authenticate on nuauth gateway
* nuaclgen : a perl script to add users to ldap
%package -n %{libname}
Summary: Nuclient library
Group: System/Libraries
%description -n %{libname}
Library needed by nufw for nuclient.
%package -n %{develname}
Summary: Nuclient development library
Group: System/Libraries
Provides: libnuclient-devel
Requires: %libname = %version
%description -n %{develname}
Development file of the nuclient library, used to compile
client accessing to nufw.
%package -n pam_nufw
Summary: Nufw client using pam credentials
Group: Networking/Other
%description -n pam_nufw
pam_nufw is a PAM module able to integrate with the PAM stack.
It reuse pam credentials to connect to nufw daemon, instead of requiring to
start nutcpc by hand.
%package nutcpc
Summary: Nufw client
Group: Networking/Other
Requires: sasl-plug-login sasl-plug-plain
%description nutcpc
Nutcpc is the command line client used to authenticate on a firewall using
nufw.
%package nuauth
Summary: Nufw user database daemon
Group: Networking/Other
Requires(post): rpm-helper
Requires(postun): rpm-helper
Requires(preun): rpm-helper
Requires(pre): rpm-helper
Requires: sasl-plug-login sasl-plug-plain python-IPy perl-ldap
Obsoletes: nufw-nuauth-auth-plaintext nufw-nuauth-log-syslog nufw-nuauth-auth-system
Provides: nufw-nuauth-auth-plaintext nufw-nuauth-log-syslog nufw-nuauth-auth-system
%description nuauth
NuFW is an authenticating gateway, which means that connections are
authenticated before being forwarded through the gateway. Classical packet
filtering systems disregard the identity of the user who may be attempting
to access the network, instead caring only about the originating IP addresses.
Nuauth lays on a user database, and an ACL system (which can reside in an LDAP
directory, etc. Nuauth receives requests from nufw, and auth packets from
users' clients, and sends decision to the nufw daemon.
This package contains the main daemon.
%package nuauth-auth-ldap
Summary: Module for nuauth providing ldap user database
Group: Networking/Other
%description nuauth-auth-ldap
This package provides a module to use ldap as user database for nuauth.
%package nuauth-log-mysql
Summary: Module for nuauth to log in Mysql database
Group: Networking/Other
%description nuauth-log-mysql
This module allows you to log user activity in a mysql database.
%package nuauth-log-pgsql
Summary: Module for nuauth to log in Postgresql database
Group: Networking/Other
%description nuauth-log-pgsql
This module allows you to log user activity in a postgresql database.
%package nuauth-log-prelude
Summary: Module for nuauth to log to Prelude IDS
Group: Networking/Other
%description nuauth-log-prelude
This module allows you to log user activity to the Prelude IDS.
%package -n python-nufw
Summary: Python bindings for NuFW client (nutcpc)
Group: Development/Python
%description -n python-nufw
Bindings Python and nutcpc client for NuFW.
%prep
%setup -q
%patch0 -p0 -b .log_printf
#%patch2 -p0 -b .literal
#%patch3 -p0 -b .gnutls
# fix postgresql name
perl -pi -e "s|postgresql|pgsql|" ./src/nuauth/modules/log_pgsql/Makefile*
# fix for lib64 policy
perl -pi -e 's|^(modulesdir\s*=\s*/)lib|$1%_lib|' ./src/clients/pam_nufw/Makefile*
perl -pi -e 's|(\@modulesdir\s*=\s*/)lib|$1%_lib|' ./src/clients/pam_nufw/Makefile*
# fix nuauth-utils build
perl -pi -e 's|\$\(prefix\)|\${buildroot\}\/usr|' ./scripts/nuauth_command/Makefile*
%build
./autogen.sh
%configure2_5x --localstatedir=%_var \
--sysconfdir=%{_sysconfdir}/nufw/ \
--with-mysql-log --with-pgsql-log --with-system-auth --with-ldap \
--with-nfqueue --with-nfconntrack --with-fixedtimeout --with-utf8 \
--enable-pam-nufw --with-prelude-log
# (misc) fix for some error in the Makefile, until I find a proper way to explain this upstream :)
perl -pi -e 's|(install -d \$\(localstatedir\)/run/nuauth/)|#$1|' ./src/nuauth/Makefile
%make
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall_std
# (saispo) install python bindings
cp %{SOURCE4} python/setup.py
cp %{SOURCE5} python/nuclient/version.py
cp %{SOURCE5} python/README
cd python; python setup.py install --no-compil --root=%{buildroot}; cd ..
cp scripts/nuaclgen $RPM_BUILD_ROOT/%{_bindir}
cp scripts/nutop $RPM_BUILD_ROOT/%{_bindir}
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/nufw
cp conf/{nutop,nuauth,nuaclgen}.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nufw
cp conf/{acls.nufw,periods.xml} $RPM_BUILD_ROOT/%{_sysconfdir}/nufw
cp -R conf/certs/* $RPM_BUILD_ROOT/%{_sysconfdir}/nufw
cp conf/users-plaintext.nufw $RPM_BUILD_ROOT/%{_sysconfdir}/nufw/users.nufw
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/nuauth
mkdir -p $RPM_BUILD_ROOT/var/run/nuauth
# clean useless files
rm -f $RPM_BUILD_ROOT/%{_libdir}/nuauth/modules/*.{a,la}
rm -f $RPM_BUILD_ROOT/%{_lib}/security/*{a,la}
rm -f $RPM_BUILD_ROOT/%{_libdir}/libnobuffer*
mkdir -p $RPM_BUILD_ROOT/%_initrddir/
install -m755 %SOURCE1 $RPM_BUILD_ROOT/%_initrddir/nufw
install -m755 %SOURCE2 $RPM_BUILD_ROOT/%_initrddir/nuauth
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
cat > $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/nufw << EOF
# daemon verbosity
#VERBOSITY="vv"
# address where nufw listen ( -L )
#LISTEN_ADDRESS="127.0.0.1"
# default port -l
#LISTEN_UDP_PORT="4129"
# nuauth address ( -d )
#NUAUTH_ADDRESS="127.0.0.1"
# nuauth port ( -p )
#NUAUTH_UDP_PORT=4128
# Firewall timeout ( -t )
#FW_TIMEOUT=15
# Track size ( -T )
#TRACK_SIZE=1000
EOF
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/
cp %SOURCE3 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/nuauth
# (misc) Zeck request for corporate server 4
%if %mdkversion < 200700
perl -pi -e "s/include\s*system-auth/required pam_stack.so service=system-auth/g" $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/nuauth
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%if %mdkversion < 200900
%post -n %{libname} -p /sbin/ldconfig
%endif
%if %mdkversion < 200900
%postun -n %{libname} -p /sbin/ldconfig
%endif
%post
%_post_service nufw
%preun
%_preun_service nufw
# nuauth
%pre nuauth
%_pre_useradd nuauth %{_localstatedir}/lib/nuauth /bin/false
%post nuauth
%_post_service nuauth
%postun nuauth
%_postun_userdel nuauth
%preun nuauth
%_preun_service nuauth
%files
%defattr(-, root, root)
%doc AUTHORS ChangeLog NEWS README TODO
%doc doc
%{_sbindir}/nufw
%{_mandir}/man8/nufw.8*
%config(noreplace) %{_initrddir}/nufw
%config(noreplace) %{_sysconfdir}/sysconfig/nufw
%dir %{_sysconfdir}/nufw/
%files utils
%defattr(-, root, root)
%{_bindir}/nuaclgen
%{_bindir}/nutop
%{_bindir}/nuauth_command
%{_mandir}/man8/nuaclgen.8*
%{_mandir}/man8/nutop.8*
%{py_puresitedir}/nuauth_command/*
%config(noreplace) %{_sysconfdir}/nufw/nutop.conf
%config(noreplace) %{_sysconfdir}/nufw/nuaclgen.conf
%dir %{_sysconfdir}/nufw/
%files -n %{libname}
%defattr(-, root, root)
%{_libdir}/libnuclient.so.*
%{_libdir}/libnussl.so.*
%files -n %{develname}
%defattr(-, root, root)
%{_libdir}/libnuclient.a
%{_libdir}/libnuclient.la
%{_libdir}/libnuclient.so
%{_libdir}/libnussl.a
%{_libdir}/libnussl.la
%{_libdir}/libnussl.so
%{_libdir}/nuclient/modules/luser.a
%{_libdir}/nuclient/modules/luser.la
%{_libdir}/nuclient/modules/luser.so
%{_libdir}/pkgconfig/libnuclient.pc
%{_libdir}/pkgconfig/libnussl.pc
%{_includedir}/*
%{_mandir}/man3/libnuclient.3*
%files -n pam_nufw
%defattr(-, root, root)
%doc doc/README.pam_nufw
/%{_lib}/security/pam_nufw.so
%files nuauth-auth-ldap
%defattr(-, root, root)
%doc conf/acls.schema
%{_libdir}/nuauth/modules/libldap.so*
%files nuauth-log-mysql
%defattr(-, root, root)
%doc conf/nulog*mysql.dump
%{_libdir}/nuauth/modules/libmysql.so*
%files nuauth-log-pgsql
%defattr(-, root, root)
%doc conf/nulog*pgsql.dump
%{_libdir}/nuauth/modules/libpgsql.so*
%files nuauth-log-prelude
%defattr(-, root, root)
%{_libdir}/nuauth/modules/libnuprelude.so*
%files nuauth
%defattr(-, root, root)
%{_sbindir}/nuauth
%{_mandir}/man8/nuauth.8*
%{_mandir}/man5/nuclient.conf.5*
%{_localstatedir}/lib/nuauth
%dir /var/run/nuauth/
%config(noreplace) %{_initrddir}/nuauth
%config(noreplace) %{_sysconfdir}/%{name}/nuauth.conf
%config(noreplace) %{_sysconfdir}/%{name}/periods.xml
%config(noreplace) %{_sysconfdir}/%{name}/users.nufw
%config(noreplace) %{_sysconfdir}/%{name}/acls.nufw
%attr(640, root, nuauth) %config(noreplace) %{_sysconfdir}/%{name}/*pem
%config(noreplace) %{_sysconfdir}/pam.d/nuauth
%dir %{_sysconfdir}/%{name}/
%{_libdir}/nuauth/modules/libsyslog.so*
%{_libdir}/nuauth/modules/libplaintext.so*
%{_libdir}/nuauth/modules/libsystem.so*
%{_libdir}/nuauth/modules/libscript.so*
%{_libdir}/nuauth/modules/libx509_std.so*
%{_libdir}/nuauth/modules/libxml_defs.so*
%{_libdir}/nuauth/modules/libipauth_guest.so*
%{_libdir}/nuauth/modules/libmark_field.so*
%{_libdir}/nuauth/modules/libmark_flag.so*
%{_libdir}/nuauth/modules/libmark_group.so*
%{_libdir}/nuauth/modules/libmark_uid.so*
%{_libdir}/nuauth/modules/libsession_expire.so*
%{_libdir}/nuauth/modules/libsession_authtype.so*
%{_libdir}/nuauth/modules/libpostauth_localuser.so*
%{_libdir}/nuauth/modules/libulogd2.so
%files nutcpc
%defattr(-, root, root)
%{_bindir}/nutcpc
%{_mandir}/man1/nutcpc.1*
%files -n python-nufw
%defattr(-, root, root)
%{py_puresitedir}/*egg-info
%{py_puresitedir}/nuclient/*
%changelog
* Tue Mar 30 2010 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.4.0-2mdv2010.1
+ Revision: 529977
- SASL requieres (#56567)
* Wed Mar 03 2010 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.4.0-1mdv2010.1
+ Revision: 513970
- 2.4.0
* Thu Feb 18 2010 Oden Eriksson <oeriksson@mandriva.com> 2.2.21-5mdv2010.1
+ Revision: 507525
- rebuild
* Wed Jun 03 2009 Funda Wang <fwang@mandriva.org> 2.2.21-4mdv2010.0
+ Revision: 382436
- build with gnutls 2.8
* Thu Mar 19 2009 Jérôme Soyer <saispo@mandriva.org> 2.2.21-3mdv2009.1
+ Revision: 357687
- Fix two bugs (see bz)
* Tue Feb 17 2009 Jérôme Soyer <saispo@mandriva.org> 2.2.21-2mdv2009.1
+ Revision: 341421
- Fix patch
* Tue Feb 10 2009 Jérôme Soyer <saispo@mandriva.org> 2.2.21-1mdv2009.1
+ Revision: 339236
- New upstream release
Rediff the patch and include it upstream
* Sat Jan 03 2009 Adam Williamson <awilliamson@mandriva.org> 2.2.20-2mdv2009.1
+ Revision: 323613
- add literal.patch: fix string literal errors
- fix #46536: don't modprobe ip_queue in the initscript, it breaks nufw by
stopping nfnetlink from loading (thanks Glen)
* Wed Dec 10 2008 Jérôme Soyer <saispo@mandriva.org> 2.2.20-1mdv2009.1
+ Revision: 312479
- New release 2.2.20
* Mon Dec 01 2008 Jérôme Soyer <saispo@mandriva.org> 2.2.19-1mdv2009.1
+ Revision: 308805
- Add BuilRequires
- Readd patch for underlinking
- New release 2.2.19
* Sat Oct 25 2008 Oden Eriksson <oeriksson@mandriva.com> 2.2.17-1mdv2009.1
+ Revision: 297262
- 2.2.17
* Fri Sep 12 2008 Michael Scherer <misc@mandriva.org> 2.2.16-1mdv2009.0
+ Revision: 284106
- add _disable_ld_no_undefined, for modules
- fix first underlinking problem
+ Funda Wang <fwang@mandriva.org>
- New version 2.2.16
+ Thierry Vignaud <tv@mandriva.org>
- rebuild early 2009.0 package (before pixel changes)
+ Pixel <pixel@mandriva.com>
- do not call ldconfig in %%post/%%postun, it is now handled by filetriggers
- adapt to %%_localstatedir now being /var instead of /var/lib (#22312)
* Tue Apr 15 2008 Michael Scherer <misc@mandriva.org> 2.2.15-1mdv2009.0
+ Revision: 194059
- new version
* Fri Feb 15 2008 Michael Scherer <misc@mandriva.org> 2.2.11-2mdv2008.1
+ Revision: 168867
- update to 2.2.11
+ Thierry Vignaud <tv@mandriva.org>
- fix description-line-too-long
* Tue Jan 22 2008 Funda Wang <fwang@mandriva.org> 2.2.10-2mdv2008.1
+ Revision: 156230
- rebuild against latest gnutls
* Fri Jan 04 2008 Jérôme Soyer <saispo@mandriva.org> 2.2.10-1mdv2008.1
+ Revision: 144947
- Remove the buggy things...
- Add BR
- Fix python binding builds
- Add python-setuptools for python bindings
- Up to 2.2 branches
Add python bindings
Clean some SPEC features
+ Olivier Blin <oblin@mandriva.com>
- restore BuildRoot
+ Thierry Vignaud <tv@mandriva.org>
- kill re-definition of %%buildroot on Pixel's request
* Thu Sep 06 2007 Michael Scherer <misc@mandriva.org> 2.0.22-1mdv2008.0
+ Revision: 80960
- go back to version 2.0.22 until other applications are ported
+ Funda Wang <fwang@mandriva.org>
- New version 2.2.4
* Sun Apr 22 2007 Michael Scherer <misc@mandriva.org> 2.0.20-1mdv2008.0
+ Revision: 16988
- update to 2.0.20
* Wed Feb 21 2007 Jérôme Soyer <saispo@mandriva.org> 2.0.16-1mdv2007.0
+ Revision: 124134
- New release 2.0.16
* Thu Feb 08 2007 Michael Scherer <misc@mandriva.org> 2.0.14-1mdv2007.1
+ Revision: 118235
- 2.0.14
* Sat Dec 23 2006 Michael Scherer <misc@mandriva.org> 2.0.13-1mdv2007.1
+ Revision: 101934
- update to 2.0.13
* Tue Dec 19 2006 Michael Scherer <misc@mandriva.org> 2.0.12-1mdv2007.1
+ Revision: 99968
- really upgrade to 2.0.12
- version 2.0.12
* Mon Dec 04 2006 Michael Scherer <misc@mandriva.org> 2.0.11-1mdv2007.1
+ Revision: 90477
- update to 2.0.11
- add missing requires for sasl plugin, thanks to darack and regit
* Sun Oct 08 2006 Michael Scherer <misc@mandriva.org> 2.0.9-1mdv2007.1
+ Revision: 62985
- activate prelude support
- new version 2.0.9
- Import nufw
* Fri Aug 25 2006 Michael Scherer <misc@mandriva.org> 2.0.8-1mdv2007.0
- New version 2.0.8
- fix again for lib policy
- fix a typo
* Fri Jul 21 2006 Michael Scherer <misc@mandriva.org> 2.0.4-2mdv2007.0
- fix Obsoletes/Conflicts
* Thu Jul 06 2006 Michael Scherer <misc@mandriva.org> 2.0.4-1mdv2007.0
- New release 2.0.4
* Tue Jun 27 2006 Michael Scherer <misc@mandriva.org> 2.0.3-1mdv2007.0
- New release 2.0.3
* Wed Jun 14 2006 Michael Scherer <misc@mandriva.org> 2.0.2-1mdv2007.0
- 2.0.2
- fix pam config file for cs4
* Wed May 31 2006 Michael Scherer <misc@mandriva.org> 2.0.1-1mdv2007.0
- New release 2.0.1
- configuration moved to /etc/nufw/, with defaut configuration file
- layour of the packages changed ( no more useless split , in order to
have a default working system, as proposed by Zeck )
- many fix thanks to the restless testing of Zeck
* Mon May 01 2006 Michael Scherer <misc@mandriva.org> 1.0.25-1mdk
- New release 1.0.25
* Thu Apr 06 2006 Michael Scherer <misc@mandriva.org> 1.0.24-1mdk
- New release 1.0.24
* Thu Mar 23 2006 Michael Scherer <misc@mandriva.org> 1.0.23-1mdk
- New release 1.0.23
* Tue Feb 28 2006 Michael Scherer <misc@mandriva.org> 1.0.21-1mdk
- New release 1.0.21
* Wed Feb 01 2006 Lenny Cartier <lenny@mandriva.com> 1.0.18-1mdk
- 1.0.18
* Tue Jan 10 2006 Michael Scherer <misc@mandriva.org> 1.0.17-1mdk
- New release 1.0.17
* Wed Dec 07 2005 Michael Scherer <misc@mandriva.org> 1.0.16-1mdk
- New release 1.0.16
* Fri Nov 18 2005 Michael Scherer <misc@mandriva.org> 1.0.15-1mdk
- New release 1.0.15
* Sat Oct 01 2005 Michael Scherer <misc@mandriva.org> 1.0.13-1mdk
- New release 1.0.13
- patch 1 removed, applied upstream
* Wed Sep 07 2005 Michael Scherer <misc@mandriva.org> 1.0.12-1mdk
- New release 1.0.12
- patch to compile with new ldap
* Mon Aug 29 2005 Michael Scherer <misc@mandriva.org> 1.0.11-2mdk
- missing buildrequires
* Mon Aug 29 2005 Michael Scherer <misc@mandriva.org> 1.0.11-1mdk
- First version ( at last )
distrib
>
Mandriva
>
current
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
1f0df828a0279cbd4898cc27e98dfdca
>
files
>
10
