--- rpms/smeserver-coova-chilli/contribs7/smeserver-coova-chilli.spec 2008/04/15 15:18:07 1.2 +++ rpms/smeserver-coova-chilli/contribs7/smeserver-coova-chilli.spec 2008/08/28 13:14:07 1.12 @@ -1,4 +1,4 @@ -# $Id: smeserver-coova-chilli.spec,v 1.1 2008/04/15 15:04:56 slords Exp $ +# $Id: smeserver-coova-chilli.spec,v 1.11 2008/08/28 10:12:16 snetram Exp $ # Authority: vip-ire # Name: Daniel Berteaud @@ -6,19 +6,30 @@ Summary: Coova-Chilli, a captive portal %define name smeserver-coova-chilli Name: %{name} %define version 0.1 -%define release 1 +%define release 6 Version: %{version} Release: %{release}%{?dist} License: GPL Group: Networking/Remote access Source: %{name}-%{version}.tar.gz -Patch1: smeserver-coova-chilli-0.1-bypass_auth_with_squid_fix.patch -Patch2: smeserver-coova-chilli-0.1-expand_masq_fix.patch URL: http://sme.firewall-services.com BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot BuildArchitectures: noarch -Requires: e-smith-release >= 7.0 openssl coova-chilli -BuildRequires: e-smith-devtools >= 1.13.1-03 +BuildRequires: e-smith-devtools +Requires: e-smith-release >= 7.0 +Requires: openssl +Requires: coova-chilli +Requires: e-smith-radiusd >= 1.0.0-18 + +Patch1: smeserver-coova-chilli-0.1-bypass_auth_with_squid_fix.patch +Patch2: smeserver-coova-chilli-0.1-expand_masq_fix.patch +Patch3: smeserver-coova-chilli-0.1-firewall2db.patch +Patch4: smeserver-coova-chilli-0.1-loginPageDir.patch +Patch5: smeserver-coova-chilli-0.1-authTemplate.patch +Patch6: smeserver-coova-chilli-0.1-fixOUTreset.patch +Patch7: smeserver-coova-chilli-0.1-uamallowed.patch +Patch8: smeserver-coova-chilli-0.1-dnsparano.patch +Patch9: smeserver-coova-chilli-0.1-cmdsock.patch %description This package allow you to configure a third interface @@ -26,9 +37,36 @@ This package allow you to configure a th a secured captive portal. Users will be redirected on a logon page and they'll have to enter credentials (sme accounts) before the server allows them. By default, -they'll only have web access if they are members of the group "chilli" +they'll only have web access if they are members of the group "chilli" +This contrib will only work in server&gateway mode %changelog +*Thu Aug 28 2008 Daniel B. 0.1-6 +- split uamallowed (one per line) +- Add dnsparanoia directive +- correct cmdsock directive +- initialise default configuration db in the spec file + +* Thu Aug 28 2008 Jonathan Martens 0.1-5 +- Remove the reset of $OUT from the template + +* Thu Aug 28 2008 Daniel B. 0.1-4 +- Add template to enable auth module unix (replace the template-custom) +- Copy images to /opt/chilli/template before removing .rpmnew directory +- Correct dependency (e-smith-radiusd not esmith-radiusd) + +* Wed Aug 27 2008 Jonathan Martens 0.1-3 +- Split requirements to one per line +- Removed .rpmnew directory from package +- Removed the need for templates-custom as package now requires e-smith-radiusd >= 1.0.0-18 + +* Tue Aug 26 2008 Daniel B. +- [0.1-2] +- Most firewall customizations (for incomming and forwarded traffic from + chilli network only) can be set through db commands (Patch3) +- Outgoing DNS is allowed only for the two DNS servers configured +- Clean spec file, and put php files in /opt/chilli (Patch4) + * Tue Apr 15 2008 Daniel Berteaud - [0.1-1] - security fixe: auth bypass with squid (patch1) @@ -42,10 +80,45 @@ they'll only have web access if they are %setup %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 + +mv root/opt/chilli.rpmnew/template/images root/opt/chilli/template +rm -rf root/opt/chilli.rpmnew/ +rm -rf root/etc/e-smith/templates-custom/ +rm -rf root/etc/e-smith/db/configuration/defaults %build /usr/bin/perl createlinks +# Initialise db fragment +DEFAULT=root/etc/e-smith/db/configuration/defaults/chilli +mkdir -p $DEFAULT +echo 'service' > $DEFAULT/type +echo 'disabled' > $DEFAULT/status +echo 'private' > $DEFAULT/access +echo '900' > $DEFAULT/defidletimeout +echo '7200' > $DEFAULT/defsessiontimeout +echo 'eth2' > $DEFAULT/dhcpif +echo '212.73.209.226' > $DEFAULT/dns1 +echo '194.206.120.1' > $DEFAULT/dns2 +echo '10.1.0.0/255.255.255.0' > $DEFAULT/net +echo '3990' > $DEFAULT/TCPPort +echo 'tun0' > $DEFAULT/tundev +echo 'tcp:www.firewall-services.com:80,\ + tcp:coova.org:80,\ + tcp:smeserver.org:80,\ + tcp:sourceforge.net:80' > $DEFAULT/uamallowed +echo '' > $DEFAULT/RedirectToChilli +echo '' > $DEFAULT/AllowedServices +echo '' > $DEFAULT/AllowedOutgoing + + %install /bin/rm -rf $RPM_BUILD_ROOT (cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) @@ -53,6 +126,16 @@ they'll only have web access if they are /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ --file /etc/chilli/conup.sh 'attr(0750,root,root)' \ --file /etc/chilli/condown.sh 'attr(0750,root,root)' \ + --file /opt/chilli/hotspotlogin-loginform.php 'config(noreplace)' \ + --file /opt/chilli/hotspotlogin-nonchilli.php 'config(noreplace)' \ + --file /opt/chilli/hotspotlogin-nonssl.php 'config(noreplace)' \ + --file /opt/chilli/hotspotlogin.php 'config(noreplace)' \ + --file /opt/chilli/lang/en.php 'config(noreplace)' \ + --file /opt/chilli/lang/fr.php 'config(noreplace)' \ + --file /opt/chilli/lang/main.php 'config(noreplace)' \ + --file /opt/chilli/template/loggingin.php 'config(noreplace)' \ + --file /opt/chilli/template/loginform-footer.php 'config(noreplace)' \ + --file /opt/chilli/template/loginform-header.php 'config(noreplace)' \ > %{name}-%{version}-filelist %files -f %{name}-%{version}-filelist @@ -61,14 +144,10 @@ they'll only have web access if they are %clean rm -rf $RPM_BUILD_ROOT -%post -if [ ! -e /opt/chilli ]; then - /bin/cp -a /opt/chilli.rpmnew /opt/chilli -fi - %preun + if [ $1 == 0 ]; then /sbin/e-smith/db configuration setprop chilli status disabled - /sbin/e-smith/signal-event chilli-update + /etc/rc.d/init.d/chilli stop >& /dev/null || : fi