smeserver-coova-chilli/contribs10/smeserver-coova-chilli.spec

# $Id: smeserver-coova-chilli.spec,v 1.2 2020/12/21 19:25:51 brianr Exp $
# Authority: vip-ire
# Name: Daniel Berteaud

Summary: Coova-Chilli, a captive portal based on ChilliSpot configured for SME server
%define name smeserver-coova-chilli
Name: %{name}
%define version 0.3
%define release 6
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Networking/Remote access
Source: %{name}-%{version}.tar.xz
Patch0: smeserver-coova-chilli-0.3-MasqUpdate.patch
Patch1: smeserver-coova-chilli-0.3-logout_screen.patch
Patch2: smeserver-coova-chilli-0.3-dnsfix.patch
Patch3:  smeserver-coova-chilli-0.3-bz12041-24syntax.patch
URL: https://contribs.org
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires: e-smith-release >= 7.0 
Requires: openssl 
Requires: coova-chilli >= 1.0.13
Requires: e-smith-radiusd >= 1.0.0-18
Requires: perl(NetAddr::IP)
Requires: smeserver-remoteuseraccess

%description
This package allow you to configure a third interface
(eth2). Just plug a WiFi AP on it, and you'll have
a secured captive portal. Users will be redirected
on a logon page and they'll have to enter credentials
(sme accounts) before the server allows them. By default, 
they'll only have web access if they are members of the group "chilli"
This contrib will only work in server&gateway mode 

%changelog
* Fri Jul 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-6.sme
- update access syntax for httpd 2.4 [SME: 12041]

* Mon Dec 21 2020 Brian Read <brianr@bjsystems.co.uk> 0.3-5.sme
- Initial Import in SME10 [SME: 11289]

* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-4.sme
- fix old dns default are not available [SME: 9514]

* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-3.sme
- fix format for logout screen [SME: 9514]
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
  by assuming the date is correct and changing the weekday.
  Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
  Sun Mar 07 2009 --> Sun Mar 01 2009 or Sat Mar 07 2009 or Sun Mar 08 2009 or ....
  Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....

* Thu May 26 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-2.sme
- fix iptables syntax exclamation mark misplaced [SME: 9514]
- smeserver-coova-chilli-0.3-MasqUpdate.patch

* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.3-1
- Roll new stream for sme9

* Mon Mar 28 2011 Daniel B. <daniel@firewall-services.com> 0.2-20
- Fix uamhomepage setting

* Wed Oct 20 2010 Daniel B. <daniel@firewall-services.com> 0.2-19
- Drop all the trafic not going through the external interface

* Thu Jul 29 2010 Daniel B. <daniel@firewall-services.com> 0.2-18
- cleanup CGI login script
- remove obsolete php templates
- add macallowed DB key to bypass auth for some mac addresses
- add uamhomepage DB key

* Mon Jul 19 2010 Daniel B. <daniel@firewall-services.com> 0.2-17
- Fixes sudo env (bug only in SME8)
- Uses TCPPort squid key instead of TransparentPort so coova can
  work with dansguardian
- insert NAT rule just before the ACCEPT (PREROUTING_FROM_CHILLI)
- add transparent directive to squid (required for squid => 2.6)

* Wed Apr 14 2010 Daniel B. <daniel@firewall-services.com> 0.2-16
- Fixe a bug in conup.sh and condown.sh

* Thu Jun 11 2009 Daniel B. <daniel@firewall-services.com> 0.2-15
- Fixe a bug in masq template for uamallowed entries

* Thu May 28 2009 Daniel B. <daniel@firewall-services.com> 0.2-14
- Remove space in hotspot-config.pl template

* Tue May 26 2009 Daniel B. <daniel@firewall-services.com> 0.2-13
- Add noc2c key (allow to disable the option, but default to enabled)

* Thu Apr 30 2009 Daniel B. <daniel@firewall-services.com> 0.2-12
- Create a new user coovachilli
- Add support of new options uid and gid to drop privileges
- Enabled noc2c (prevent client to client communication)
- Use sudo to call conup/condown script (as chilli runs under un
  unprivileged account now)
- Add smeserver-remoteuseraccess as a dependency (for sudoers metadata templates)
- move templates2expand in creatlinks script

* Fri Mar 13 2009 Daniel B. <daniel@firewall-services.com> 0.2-11
  Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....
- Automatically allow uamallowed entries in the firewall (no need to 
  explicitly allow it agin in AllowOutgoing)

* Thu Mar 12 2009 Daniel B. <daniel@firewall-services.com> 0.2-10
- Small typo correction

* Tue Mar 10 2009 Daniel B. <daniel@firewall-services.com> 0.2-9
- Use allready defined localhost NAS to fixe PPTP problem [SME: 4996]
  (thanks John K Pruder)
- fix a typo in squid template

* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-8
- Add dhcpstart and dhcpstop db parameters (thanks John K Pruder)

* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-7
- Fix tundev template [SME: 5054]

* Thu Sep 18 2008 Daniel B. <daniel@firewall-services.com> 0.2-6
- Remove warning in httpd.conf file (httpd -t)

* Mon Sep 15 2008 Daniel B. <daniel@firewall-services.com> 0.2-5
- Fix Syntax Error in /etc/chilli.conf template (25listen) [SME: 4559]

* Mon Sep 08 2008 Daniel B. <daniel@firewall-services.com> 0.2-4
- Requires perl(NetAddr::IP)

* Fri Sep 5 2008 Daniel B. <daniel@firewall-services.com> 0.2-3
- Chilli IP computed with NetAddr::IP
- Radius timeout set to 3 sec
- syntax error in radius users template fixed (for guest access)

* Wed Sep 03 2008 Daniel B. <daniel@firewall-services.com> 0.2-2
  Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
- Bug fix for guest access

* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-1
- uplink and downlink for guest account are configurable via db keys

* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-0
- Login page is a CGI, with a server-manager login page look
- Guest Access can be enabled with guestAccess key (enabled/disabled)
- merge patchs in main package

* Mon Sep 01 2008 Daniel B. <daniel@firewall-services.com> 0.1-8
- Fix uamallowed not working (since bypass_auth_with_squid_fix patch)
- Add WebRequests key (use of squid or direct connexions, default to direct)
- disable radconf in /etc/chilli/config
- possible to disable https (enabled by default in AllowedOutgoing)
- add tcp:static.sourceforge.net:80 in uamallowed so daloradius homepage is displayed correctly
- add radiustimeout directive so authentication errors display the standard message quickly

* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-7
- Reverted moving of default db entries to SPEC file since common practice is to store them in files

* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-6
- split uamallowed (one per line)
- Add dnsparanoia directive
- correct cmdsock directive
- initialise default configuration db in the spec file

* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-5
- Remove the reset of $OUT from the template

* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-4
- Add template to enable auth module unix (replace the template-custom)
- Copy images to /opt/chilli/template before removing .rpmnew directory
- Correct dependency (e-smith-radiusd not esmith-radiusd)

* Wed Aug 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-3
- Split requirements to one per line
- Removed .rpmnew directory from package
- Removed the need for templates-custom as package now requires e-smith-radiusd >= 1.0.0-18

* Tue Aug 26 2008 Daniel B. <daniel@firewall-services.com>
- [0.1-2]
- Most firewall customizations (for incomming and forwarded traffic from
  chilli network only) can be set through db commands (Patch3)
- Outgoing DNS is allowed only for the two DNS servers configured
- Clean spec file, and put php files in /opt/chilli (Patch4)

* Tue Apr 15 2008 Daniel Berteaud <daniel@firewall-services.com>
- [0.1-1]
- security fixe: auth bypass with squid (patch1)
- masq template not expanded (patch2)

* Fri Apr 04 2008 Daniel Berteaud <daniel@firewall-services.com>
- [0.1]
- initiale release

%prep
%setup
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1

%build
/usr/bin/perl createlinks

%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
        --file /etc/chilli/conup.sh 'attr(755,root,root)' \
        --file /etc/chilli/condown.sh 'attr(750,root,root)' \
        --file /etc/chilli/call_conup.sh 'attr(755,root,root)' \
        --file /etc/chilli/call_condown.sh 'attr(755,root,root)' \
        --file /opt/chilli/cgi-bin/hotspotlogin.cgi 'attr(0750,root,www) %config(noreplace)' \
        --file /opt/chilli/lang/hotspotlogin.fr.pl 'config(noreplace)' \
        --file /opt/chilli/lang/hotspotlogin.en.pl 'config(noreplace)' \
        --file /opt/chilli/css/sme.css 'config(noreplace)' \
        > %{name}-%{version}-filelist

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean 
rm -rf $RPM_BUILD_ROOT

%pre
if ! /usr/bin/id coovachilli &>/dev/null; then
        /usr/sbin/useradd -c 'Coova Chilli User' -s /sbin/nologin -r -d /etc/chilli coovachilli &>/dev/null || \
                %logmsg "Unexpected error adding user \"coovachilli\". Abort installation."
fi


%preun

if [ $1 == 0 ]; then
        /sbin/e-smith/db configuration setprop chilli status disabled
        /etc/rc.d/init.d/chilli stop >& /dev/null || :
fi

1	jpp	1.3	# $Id: smeserver-coova-chilli.spec,v 1.2 2020/12/21 19:25:51 brianr Exp $
2	brianr	1.1	# Authority: vip-ire
3			# Name: Daniel Berteaud
4
5			Summary: Coova-Chilli, a captive portal based on ChilliSpot configured for SME server
6			%define name smeserver-coova-chilli
7			Name: %{name}
8			%define version 0.3
9	jpp	1.3	%define release 6
10	brianr	1.1	Version: %{version}
11			Release: %{release}%{?dist}
12			License: GPL
13			Group: Networking/Remote access
14			Source: %{name}-%{version}.tar.xz
15			Patch0: smeserver-coova-chilli-0.3-MasqUpdate.patch
16			Patch1: smeserver-coova-chilli-0.3-logout_screen.patch
17			Patch2: smeserver-coova-chilli-0.3-dnsfix.patch
18	jpp	1.3	Patch3: smeserver-coova-chilli-0.3-bz12041-24syntax.patch
19	brianr	1.1	URL: https://contribs.org
20			BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
21			BuildArchitectures: noarch
22			BuildRequires: e-smith-devtools
23			Requires: e-smith-release >= 7.0
24			Requires: openssl
25			Requires: coova-chilli >= 1.0.13
26			Requires: e-smith-radiusd >= 1.0.0-18
27			Requires: perl(NetAddr::IP)
28			Requires: smeserver-remoteuseraccess
29
30			%description
31			This package allow you to configure a third interface
32			(eth2). Just plug a WiFi AP on it, and you'll have
33			a secured captive portal. Users will be redirected
34			on a logon page and they'll have to enter credentials
35			(sme accounts) before the server allows them. By default,
36			they'll only have web access if they are members of the group "chilli"
37			This contrib will only work in server&gateway mode
38
39			%changelog
40	jpp	1.3	* Fri Jul 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-6.sme
41			- update access syntax for httpd 2.4 [SME: 12041]
42
43	brianr	1.2	* Mon Dec 21 2020 Brian Read <brianr@bjsystems.co.uk> 0.3-5.sme
44			- Initial Import in SME10 [SME: 11289]
45
46	brianr	1.1	* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-4.sme
47			- fix old dns default are not available [SME: 9514]
48
49			* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-3.sme
50			- fix format for logout screen [SME: 9514]
51			- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
52			by assuming the date is correct and changing the weekday.
53			Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
54			Sun Mar 07 2009 --> Sun Mar 01 2009 or Sat Mar 07 2009 or Sun Mar 08 2009 or ....
55			Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....
56
57			* Thu May 26 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-2.sme
58			- fix iptables syntax exclamation mark misplaced [SME: 9514]
59			- smeserver-coova-chilli-0.3-MasqUpdate.patch
60
61			* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.3-1
62			- Roll new stream for sme9
63
64			* Mon Mar 28 2011 Daniel B. <daniel@firewall-services.com> 0.2-20
65			- Fix uamhomepage setting
66
67			* Wed Oct 20 2010 Daniel B. <daniel@firewall-services.com> 0.2-19
68			- Drop all the trafic not going through the external interface
69
70			* Thu Jul 29 2010 Daniel B. <daniel@firewall-services.com> 0.2-18
71			- cleanup CGI login script
72			- remove obsolete php templates
73			- add macallowed DB key to bypass auth for some mac addresses
74			- add uamhomepage DB key
75
76			* Mon Jul 19 2010 Daniel B. <daniel@firewall-services.com> 0.2-17
77			- Fixes sudo env (bug only in SME8)
78			- Uses TCPPort squid key instead of TransparentPort so coova can
79			work with dansguardian
80			- insert NAT rule just before the ACCEPT (PREROUTING_FROM_CHILLI)
81			- add transparent directive to squid (required for squid => 2.6)
82
83			* Wed Apr 14 2010 Daniel B. <daniel@firewall-services.com> 0.2-16
84			- Fixe a bug in conup.sh and condown.sh
85
86			* Thu Jun 11 2009 Daniel B. <daniel@firewall-services.com> 0.2-15
87			- Fixe a bug in masq template for uamallowed entries
88
89			* Thu May 28 2009 Daniel B. <daniel@firewall-services.com> 0.2-14
90			- Remove space in hotspot-config.pl template
91
92			* Tue May 26 2009 Daniel B. <daniel@firewall-services.com> 0.2-13
93			- Add noc2c key (allow to disable the option, but default to enabled)
94
95			* Thu Apr 30 2009 Daniel B. <daniel@firewall-services.com> 0.2-12
96			- Create a new user coovachilli
97			- Add support of new options uid and gid to drop privileges
98			- Enabled noc2c (prevent client to client communication)
99			- Use sudo to call conup/condown script (as chilli runs under un
100			unprivileged account now)
101			- Add smeserver-remoteuseraccess as a dependency (for sudoers metadata templates)
102			- move templates2expand in creatlinks script
103
104			* Fri Mar 13 2009 Daniel B. <daniel@firewall-services.com> 0.2-11
105			Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....
106			- Automatically allow uamallowed entries in the firewall (no need to
107			explicitly allow it agin in AllowOutgoing)
108
109			* Thu Mar 12 2009 Daniel B. <daniel@firewall-services.com> 0.2-10
110			- Small typo correction
111
112			* Tue Mar 10 2009 Daniel B. <daniel@firewall-services.com> 0.2-9
113			- Use allready defined localhost NAS to fixe PPTP problem [SME: 4996]
114			(thanks John K Pruder)
115			- fix a typo in squid template
116
117			* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-8
118			- Add dhcpstart and dhcpstop db parameters (thanks John K Pruder)
119
120			* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-7
121			- Fix tundev template [SME: 5054]
122
123			* Thu Sep 18 2008 Daniel B. <daniel@firewall-services.com> 0.2-6
124			- Remove warning in httpd.conf file (httpd -t)
125
126			* Mon Sep 15 2008 Daniel B. <daniel@firewall-services.com> 0.2-5
127			- Fix Syntax Error in /etc/chilli.conf template (25listen) [SME: 4559]
128
129			* Mon Sep 08 2008 Daniel B. <daniel@firewall-services.com> 0.2-4
130			- Requires perl(NetAddr::IP)
131
132			* Fri Sep 5 2008 Daniel B. <daniel@firewall-services.com> 0.2-3
133			- Chilli IP computed with NetAddr::IP
134			- Radius timeout set to 3 sec
135			- syntax error in radius users template fixed (for guest access)
136
137			* Wed Sep 03 2008 Daniel B. <daniel@firewall-services.com> 0.2-2
138			Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
139			- Bug fix for guest access
140
141			* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-1
142			- uplink and downlink for guest account are configurable via db keys
143
144			* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-0
145			- Login page is a CGI, with a server-manager login page look
146			- Guest Access can be enabled with guestAccess key (enabled/disabled)
147			- merge patchs in main package
148
149			* Mon Sep 01 2008 Daniel B. <daniel@firewall-services.com> 0.1-8
150			- Fix uamallowed not working (since bypass_auth_with_squid_fix patch)
151			- Add WebRequests key (use of squid or direct connexions, default to direct)
152			- disable radconf in /etc/chilli/config
153			- possible to disable https (enabled by default in AllowedOutgoing)
154			- add tcp:static.sourceforge.net:80 in uamallowed so daloradius homepage is displayed correctly
155			- add radiustimeout directive so authentication errors display the standard message quickly
156
157			* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-7
158			- Reverted moving of default db entries to SPEC file since common practice is to store them in files
159
160			* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-6
161			- split uamallowed (one per line)
162			- Add dnsparanoia directive
163			- correct cmdsock directive
164			- initialise default configuration db in the spec file
165
166			* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-5
167			- Remove the reset of $OUT from the template
168
169			* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-4
170			- Add template to enable auth module unix (replace the template-custom)
171			- Copy images to /opt/chilli/template before removing .rpmnew directory
172			- Correct dependency (e-smith-radiusd not esmith-radiusd)
173
174			* Wed Aug 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-3
175			- Split requirements to one per line
176			- Removed .rpmnew directory from package
177			- Removed the need for templates-custom as package now requires e-smith-radiusd >= 1.0.0-18
178
179			* Tue Aug 26 2008 Daniel B. <daniel@firewall-services.com>
180			- [0.1-2]
181			- Most firewall customizations (for incomming and forwarded traffic from
182			chilli network only) can be set through db commands (Patch3)
183			- Outgoing DNS is allowed only for the two DNS servers configured
184			- Clean spec file, and put php files in /opt/chilli (Patch4)
185
186			* Tue Apr 15 2008 Daniel Berteaud <daniel@firewall-services.com>
187			- [0.1-1]
188			- security fixe: auth bypass with squid (patch1)
189			- masq template not expanded (patch2)
190
191			* Fri Apr 04 2008 Daniel Berteaud <daniel@firewall-services.com>
192			- [0.1]
193			- initiale release
194
195			%prep
196			%setup
197			%patch0 -p1
198			%patch1 -p1
199			%patch2 -p1
200	jpp	1.3	%patch3 -p1
201	brianr	1.1
202			%build
203			/usr/bin/perl createlinks
204
205			%install
206			/bin/rm -rf $RPM_BUILD_ROOT
207			(cd root ; /usr/bin/find . -depth -print \| /bin/cpio -dump $RPM_BUILD_ROOT)
208			/bin/rm -f %{name}-%{version}-filelist
209			/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
210			--file /etc/chilli/conup.sh 'attr(755,root,root)' \
211			--file /etc/chilli/condown.sh 'attr(750,root,root)' \
212			--file /etc/chilli/call_conup.sh 'attr(755,root,root)' \
213			--file /etc/chilli/call_condown.sh 'attr(755,root,root)' \
214			--file /opt/chilli/cgi-bin/hotspotlogin.cgi 'attr(0750,root,www) %config(noreplace)' \
215			--file /opt/chilli/lang/hotspotlogin.fr.pl 'config(noreplace)' \
216			--file /opt/chilli/lang/hotspotlogin.en.pl 'config(noreplace)' \
217			--file /opt/chilli/css/sme.css 'config(noreplace)' \
218			> %{name}-%{version}-filelist
219
220			%files -f %{name}-%{version}-filelist
221			%defattr(-,root,root)
222
223			%clean
224			rm -rf $RPM_BUILD_ROOT
225
226			%pre
227			if ! /usr/bin/id coovachilli &>/dev/null; then
228			/usr/sbin/useradd -c 'Coova Chilli User' -s /sbin/nologin -r -d /etc/chilli coovachilli &>/dev/null \|\| \
229			%logmsg "Unexpected error adding user \"coovachilli\". Abort installation."
230			fi
231
232
233			%preun
234
235			if [ $1 == 0 ]; then
236			/sbin/e-smith/db configuration setprop chilli status disabled
237			/etc/rc.d/init.d/chilli stop >& /dev/null \|\| :
238			fi
239