# $Id: smeserver-openvpn-bridge.spec,v 1.2 2015/02/17 12:06:59 vip-ire Exp $
# Authority: vip-ire
# Name: Daniel Berteaud

Summary: OpenVPN, a strong VPN solution build over SSL, pre-configured for bridge mode
%define name smeserver-openvpn-bridge
Name: %{name}
%define version 2.1
%define release 3
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Networking/Remote access
Source: %{name}-%{version}.tar.xz

Patch0: smeserver-openvpn-bridge-2.1-locale-2015-02-17.patch
Patch1: smeserver-openvpn-bridge-2.1-add_routes_for_s2s_virtual_ip.patch

BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch

BuildRequires: e-smith-devtools

Requires: e-smith-base
Requires: openvpn
Requires: smeserver-bridge-interface
Requires: perl(Net::OpenVPN::Manage)
Obsoletes: smeserver-openvpn-bridge-fws
Obsoletes: smeserver-openvpn-bridge.fws

%description
This package contains all the needed scripts and templates
to have a full working openvpn server running in bridge mode.

%changelog
* Thu Aug 6 2015 Daniel Berteaud <daniel@firewall-services.com> 2.1-3.sme
- Add routes for s2s virtual IP

* Tue Feb 17 2015 Daniel Berteaud <daniel@firewall-services.com> 2.1-2.sme
- Apply locale 2015-02-17 patch

* Mon Nov 11 2013 Daniel B. <daniel@firewall-services.com> 2.1-1.sme
- Rebuild for SME9

* Sun Jul 14 2013 JP Pialasse <tests@pialasse.com> 2.0-50.sme
- apply locale 2013-07-14 patch

* Thu Jun 6 2013 Daniel B. <daniel@firewall-services.com> 2.0-49.sme
- Fix plugin directory for x86_64 [SME: 7658]

* Fri Mar 22 2013 Daniel B. <daniel@firewall-services.com> 2.0-48.sme
- Fix spelling in en-us panel [SME: 7507]

* Mon Oct 08 2012 Daniel B. <daniel@firewall-services.com> 2.0-47.sme
- Create a tmp dir (needed for openvpn 2.2.2)

* Tue Mar 20 2012 SME Translation Server <translations@contribs.org> 2.0-46.el6
- apply locale 2012-03-20 patch

* Wed Apr 27 2011 SME Translation Server <translations@contribs.org> 2.0-45.sme
- apply locale 2011-04-27 patch

* Sun Mar 06 2011 SME Translation Server <translations@contribs.org> 2.0-44.sme
- apply locale 2011-03-06 patch

* Thu Feb 17 2011 Daniel B. <daniel@firewall-services.com> 2.0-43.sme
- Fix a typo in the panel [SME: 6509]

* Tue Jan 25 2011 Daniel B. <daniel@firewall-services.com> 2.0-42.sme
- Stop disabling service on rpm removal (spec change only)

* Tue Jan 25 2011 Daniel B. <daniel@firewall-services.com> 2.0-41.sme
- Add comp-lzo option back into client conf file

* Tue Oct 26 2010 Daniel B. <daniel@firewall-services.com> 2.0-40.sme
- Add PassTOS DB key to enable/disable passtos
- Enhance routes push (work with s2s contrib)

* Tue Oct 19 2010  Daniel B. <daniel@firewall-services.com> 2.0-39.sme
- templates cleanup
- DB prop to disable local networks routes push to client

* Mon Jul 19 2010 Daniel B. <daniel@firewall-services.com> 2.0-38.sme
- apply locale 2010-07-19 patc

* Wed Jun 02 2010 Daniel B. <daniel@firewall-services.com> 2.0-37.sme
- apply locale 2010-06-02 patch
- use multilog timestamp

* Wed May 12 2010 Daniel B. <daniel@firewall-services.com> 2.0-36.sme
- Comment the passtos option as it's not supported on Windows

* Fri Apr 30 2010 Daniel B. <daniel@firewall-services.com> 2.0-35.sme
- add the passtos option
- push the comp-lzo option to the client
- apply locale 2010-04-29 patch

* Tue Mar 02 2010 SME Translation Server <translations@contribs.org> 2.0-34.sme
- apply locale 2010-03-02 patch

* Wed Nov 18 2009 Daniel B. <daniel@firewall-services.com> 2.0-33.sme
- code cleanup

* Tue Nov 17 2009 Daniel B. <daniel@firewall-services.com> 2.0-32.sme
- apply locale 2009-11-17 patch
- Fix CRL update on event (openvpn-bridge-update)

* Tue Oct 27 2009 SME Translation Server <translations@contribs.org> 2.0-31.sme
- apply locale 2009-10-27 patch

* Wed Oct 21 2009 Daniel B. <daniel@firewall-services.com> 2.0-30.sme
- apply locale 2009-10-21 patch

* Tue Sep 29 2009 Daniel B. <daniel@firewall-services.com> 2.0-29.sme
- Put tls-client directive in client config file even when additional TLS
  auth is disabled (required for the main TLS auth) [SME: 5495]
- apply locale 2009-09-28 patch

* Mon Aug 24 2009 SME Translation Server <translations@contribs.org> 2.0-28.sme
- apply locale 2009-08-24 patch

* Wed Jul 22 2009 Daniel B. <daniel@firewall-services.com> 2.0-27.sme
- apply locale 2009-07-22 patch

* Thu Jun 25 2009 Daniel B. <daniel@firewall-services.com> 2.0-26.sme
- expand config and restart the service when local networks are added
  or removed so the new routes are pushed

* Tue May 26 2009 Daniel B. <daniel@firewall-services.com> 2.0-25.sme
- apply locale 2009-05-26 patch

* Sun May 24 2009 Daniel B. <daniel@firewall-services.com> 2.0-24.sme
- apply locale 2009-05-24 patch

* Thu Apr 30 2009 Daniel B. <daniel@firewall-services.com> 2.0-23.sme
- apply local 2009-04-30 patch

* Mon Apr 27 2009 SME Translation Server <translations@contribs.org> 2.0-22.sme
- apply locale 2009-04-27 patch

* Tue Apr 14 2009 Daniel B. <daniel@firewall-services.com> [2.0-21]
- Fixe permissions on public directory (pub and ccd) which must be readable
  by everyone (especially user nobody)

* Sun Apr 12 2009 Daniel B. <daniel@firewall-services.com> [2.0-20]
- remove obsolete init scripts reset-openvpn and openvpn-bridge

* Wed Mar 18 2009 Daniel B. <daniel@firewall-services.com> [2.0-19]
- Do not add cipher directive in client configuration file if set to 'auto'

* Wed Mar 11 2009 Daniel B. <daniel@firewall-services.com> [2.0-18]
- Compatibility with openvpn 2.1 (detect plugin dir location) [SME: 5060]

* Mon Mar 09 2009 Daniel B. <daniel@firewall-services.com> [2.0-17]
- Add smeserver-bridge-interface as dependency
- Update spec description

* Tue Mar 03 2009 SME Translation Server [2.0-16]
- apply locale 2009-03-03 patch

* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-15]
- Fix some more errors in the en-us locale
- Remove tabs from SPEC file as some editors act weird with them, e.g. nano

* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-14]
- Fix some grammar errors in the en-us locale

* Tue Mar 03 2009 Jonathan Martens <smeserver-contribs@snetram.nl> [2.0-13]
- Fix a typo in the en-us locale

* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-12]
- Fix xml language tag to be correct

* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-11]
- Remove duplicate translations that break pootle

* Tue Mar 03 2009 Shad L. Lords <slords@mail.com> [2.0-10]
- Rename locale/en to locale/en-us to pootle works

* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [2.0-9]
- Apply locale patch fr 1
- Add e-smith-devtools as a build dependency

* Thu Jan 29 2009 Daniel B. <daniel@firewall-services.com> [2.0-8]
- Fix an error with the creation of the db

* Wed Jan 28 2009 Daniel B. <daniel@firewall-services.com> [2.0-7]
- Cleanly create openvpn-bridge db

* Fri Jan 16 2009 Daniel B. <daniel@firewall-services.com> [2.0-6]
- Just warn if openvpn db is missing
- Fix certificates check
- Warn if bridge service isn't enabled
- Configure the CRL update URL

* Mon Jan 12 2009 Daniel B. <daniel@firewall-services.com> [2.0-5]
- localization patch

* Mon Dec 22 2008 Daniel B. <daniel@firewall-services.com> [2.0-4]
- Add validate_common_name routine

* Wed Dec 19 2008 Daniel B. <daniel@firewall-services.com> [2.0-3]
- Added option configRequired (accept only certificate listed in the rules section)
- Clean config templates

* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [2.0-2]
- Add missing pull directive in client config

* Fri Dec 12 2008 Daniel B. <daniel@firewall-services.com> [2.0-1]
- Remove useless migrate fragment (now handled by the bridge package)

* Thu Dec 04 2008 Daniel B. <daniel@firewall-services.com> [2.0-0]
- The bridge stuff is now in a separated rpm
- Restarting the service doesn't cut the InternalInterface
  as the bridge isn't restarted
- Correct (truely this time) the bug with dhcpd looping
- Panel re-writen in FormMagick (much more simple now)
- Removed the certificate manager, now handled by phpki
- Real-time clients info using Net::OpenVPN::Manage
- Routes to local networks are pushed to clients

* Tue Feb 06 2007 Daniel Berteaud <daniel@firewall-services.com>
- [1.1-1]
- Bugs fixes (repported by Stephan Braunstein)
- corrections in the en language

* Tue Feb 06 2007 Daniel Berteaud <daniel@firewall-services.com>
- [1.1-0]
- panel enhancement
- little correction in the local file

* Fri Dec 11 2006 Daniel Berteaud <daniel@firewall-services.com>
- [1.0-3]
- correction of permissions on startup and shutdown scripts
- little correction in the local file

* Fri Dec 08 2006 Daniel Berteaud <daniel@firewall-services.com>
- [1.0-2]
- Added missing directory keys/bridge

* Fri Dec 06 2006 Daniel Berteaud <daniel@firewall-services.com>
- [1.0-1]
- Removed useless parameters from the panel (tap, br and localInf)
- Added a stop script (k20openvpn-bridge)
- panel renamed to openvpn-bridge for futur compatibility

%prep

%setup -q -n %{name}-%{version}
%patch0 -p1
%patch1 -p1

%build
perl createlinks

%{__mkdir_p} root/etc/openvpn/bridge/ccd
%{__mkdir_p} root/etc/openvpn/bridge/priv
%{__mkdir_p} root/etc/openvpn/bridge/pub
%{__mkdir_p} root/etc/openvpn/bridge/tmp
%{__mkdir_p} root/var/log/openvpn-bridge

%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
  --file /var/service/openvpn-bridge/run 'attr(0755,root,root)' \
  --file /var/service/openvpn-bridge/log/run 'attr(0755,root,root)' \
  --dir /var/log/openvpn-bridge 'attr(0750,smelog,smelog)' \
  --dir /etc/openvpn/bridge/pub 'attr(0755,root,root)' \
  --dir /etc/openvpn/bridge/priv 'attr(0750,root,root)' \
  --dir /etc/openvpn/bridge/ccd 'attr(0755,root,root)' \
  --dir /etc/openvpn/bridge/tmp 'attr(0770,root,nobody)' \
  --file /usr/bin/ovpn-bridge-update-crl  'attr(0750,root,root)' \
  > %{name}-%{version}-filelist

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean 
rm -rf $RPM_BUILD_ROOT


%post

%preun