|
 |
f5104d |
# service legacy actions
|
|
|
f5104d |
%define legacy_actions %{_libexecdir}/initscripts/legacy-actions
|
|
|
acb3cb |
|
|
|
f5104d |
Name: ipset
|
|
|
35a10e |
Version: 6.38
|
|
|
35a10e |
Release: 2%{?dist}
|
|
|
f5104d |
Summary: Manage Linux IP sets
|
|
|
acb3cb |
|
|
|
f5104d |
License: GPLv2
|
|
|
f5104d |
URL: http://ipset.netfilter.org/
|
|
|
f5104d |
Source0: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2
|
|
|
f5104d |
Source1: %{name}.service
|
|
|
f5104d |
Source2: %{name}.start-stop
|
|
|
f5104d |
Source3: %{name}-config
|
|
|
f5104d |
Source4: %{name}.save-legacy
|
|
|
acb3cb |
|
|
|
f5104d |
BuildRequires: libmnl-devel
|
|
|
f5104d |
|
|
|
f5104d |
# An explicit requirement is needed here, to avoid cases where a user would
|
|
|
f5104d |
# explicitly update only one of the two (e.g 'yum update ipset')
|
|
|
f5104d |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
acb3cb |
|
|
|
acb3cb |
%description
|
|
|
f5104d |
IP sets are a framework inside the Linux kernel since version 2.4.x, which can
|
|
|
f5104d |
be administered by the ipset utility. Depending on the type, currently an IP
|
|
|
f5104d |
set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC
|
|
|
acb3cb |
addresses in a way, which ensures lightning speed when matching an entry
|
|
|
acb3cb |
against a set.
|
|
|
acb3cb |
|
|
|
acb3cb |
If you want to:
|
|
|
acb3cb |
- store multiple IP addresses or port numbers and match against the collection
|
|
|
acb3cb |
by iptables at one swoop;
|
|
|
acb3cb |
- dynamically update iptables rules against IP addresses or ports without
|
|
|
acb3cb |
performance penalty;
|
|
|
acb3cb |
- express complex IP address and ports based rulesets with one single iptables
|
|
|
acb3cb |
rule and benefit from the speed of IP sets
|
|
|
acb3cb |
then ipset may be the proper tool for you.
|
|
|
acb3cb |
|
|
|
f5104d |
|
|
|
acb3cb |
%package libs
|
|
|
acb3cb |
Summary: Shared library providing the IP sets functionality
|
|
|
acb3cb |
|
|
|
acb3cb |
%description libs
|
|
|
acb3cb |
This package contains the libraries which provide the IP sets funcionality.
|
|
|
acb3cb |
|
|
|
f5104d |
|
|
|
acb3cb |
%package devel
|
|
|
acb3cb |
Summary: Development files for %{name}
|
|
|
acb3cb |
Requires: %{name}-libs%{?_isa} == %{version}-%{release}
|
|
|
acb3cb |
Requires: kernel-devel
|
|
|
acb3cb |
|
|
|
acb3cb |
%description devel
|
|
|
acb3cb |
This package contains the files required to develop software using the %{name}
|
|
|
acb3cb |
libraries.
|
|
|
acb3cb |
|
|
|
acb3cb |
|
|
|
f5104d |
%package service
|
|
|
f5104d |
Summary: %{name} service for %{name}s
|
|
|
f5104d |
Requires: %{name} = %{version}-%{release}
|
|
|
f5104d |
BuildRequires: systemd
|
|
|
f5104d |
Requires: iptables-services
|
|
|
f5104d |
Requires(post): systemd
|
|
|
f5104d |
Requires(preun): systemd
|
|
|
f5104d |
Requires(postun): systemd
|
|
|
f5104d |
BuildArch: noarch
|
|
|
f5104d |
|
|
|
f5104d |
%description service
|
|
|
f5104d |
This package provides the service %{name} that is split
|
|
|
f5104d |
out of the base package since it is not active by default.
|
|
|
f5104d |
|
|
|
f5104d |
|
|
|
acb3cb |
%prep
|
|
|
acb3cb |
%setup -q
|
|
|
acb3cb |
|
|
|
acb3cb |
|
|
|
acb3cb |
%build
|
|
|
acb3cb |
%configure --enable-static=no --with-kmod=no
|
|
|
acb3cb |
|
|
|
f5104d |
# Just to make absolutely sure we are not building the bundled kernel module
|
|
|
f5104d |
# I have to do it after the configure run unfortunately
|
|
|
f5104d |
rm -fr kernel
|
|
|
f5104d |
|
|
|
acb3cb |
# Prevent libtool from defining rpath
|
|
|
acb3cb |
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
|
|
acb3cb |
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
|
|
acb3cb |
|
|
|
acb3cb |
make %{?_smp_mflags}
|
|
|
acb3cb |
|
|
|
acb3cb |
|
|
|
acb3cb |
%install
|
|
|
acb3cb |
make install DESTDIR=%{buildroot}
|
|
|
acb3cb |
find %{buildroot} -name '*.la' -exec rm -f '{}' \;
|
|
|
acb3cb |
|
|
|
f5104d |
# install systemd unit file
|
|
|
f5104d |
install -d -m 755 %{buildroot}/%{_unitdir}
|
|
|
f5104d |
install -c -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}
|
|
|
acb3cb |
|
|
|
f5104d |
# install supporting script
|
|
|
f5104d |
install -d -m 755 %{buildroot}%{_libexecdir}/%{name}
|
|
|
f5104d |
install -c -m 755 %{SOURCE2} %{buildroot}%{_libexecdir}/%{name}
|
|
|
f5104d |
|
|
|
f5104d |
# install ipset-config
|
|
|
f5104d |
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
|
|
|
f5104d |
install -c -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-config
|
|
|
acb3cb |
|
|
|
f5104d |
# install legacy actions for service command
|
|
|
f5104d |
install -d %{buildroot}/%{legacy_actions}/ipset
|
|
|
f5104d |
install -c -m 755 %{SOURCE4} %{buildroot}/%{legacy_actions}/ipset/save
|
|
|
f5104d |
|
|
|
f5104d |
# Create directory for configuration
|
|
|
f5104d |
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
|
|
|
f5104d |
|
|
|
f5104d |
|
|
|
f5104d |
%preun
|
|
|
f5104d |
if [[ $1 -eq 0 && -n $(lsmod | grep "^xt_set ") ]]; then
|
|
|
f5104d |
rmmod xt_set 2>/dev/null
|
|
|
f5104d |
[[ $? -ne 0 ]] && echo Current iptables configuration requires ipsets && exit 1
|
|
|
f5104d |
fi
|
|
|
f5104d |
|
|
|
f5104d |
|
|
|
f5104d |
%post libs -p /sbin/ldconfig
|
|
|
acb3cb |
|
|
|
acb3cb |
%postun libs -p /sbin/ldconfig
|
|
|
acb3cb |
|
|
|
acb3cb |
|
|
|
f5104d |
%post service
|
|
|
f5104d |
%systemd_post %{name}.service
|
|
|
f5104d |
|
|
|
f5104d |
%preun service
|
|
|
f5104d |
if [[ $1 -eq 0 && -n $(lsmod | grep "^xt_set ") ]]; then
|
|
|
f5104d |
rmmod xt_set 2>/dev/null
|
|
|
f5104d |
[[ $? -ne 0 ]] && echo Current iptables configuration requires ipsets && exit 1
|
|
|
f5104d |
fi
|
|
|
f5104d |
%systemd_preun %{name}.service
|
|
|
f5104d |
|
|
|
f5104d |
%postun service
|
|
|
f5104d |
%systemd_postun_with_restart %{name}.service
|
|
|
f5104d |
|
|
|
35a10e |
%triggerin service -- ipset-service < 6.38-1%{?dist}
|
|
|
35a10e |
# Before 6.38-1, ipset.start-stop keeps a backup of previously saved sets, but
|
|
|
35a10e |
# doesn't touch the /etc/sysconfig/ipset.d/.saved flag. Remove the backup on
|
|
|
35a10e |
# upgrade, so that we use the current version of saved sets
|
|
|
35a10e |
rm -f /etc/sysconfig/ipset.save || :
|
|
|
35a10e |
exit 0
|
|
|
35a10e |
|
|
|
35a10e |
%triggerun service -- ipset-service < 6.38-1%{?dist}
|
|
|
35a10e |
# Up to 6.29-1, ipset.start-stop uses a single data file
|
|
|
35a10e |
for f in /etc/sysconfig/ipset.d/*; do
|
|
|
35a10e |
[ "${f}" = "/etc/sysconfig/ipset.d/*" ] && break
|
|
|
35a10e |
cat ${f} >> /etc/sysconfig/ipset || :
|
|
|
35a10e |
done
|
|
|
35a10e |
exit 0
|
|
|
f5104d |
|
|
|
acb3cb |
%files
|
|
|
acb3cb |
%doc COPYING ChangeLog
|
|
|
acb3cb |
%doc %{_mandir}/man8/%{name}.8.gz
|
|
|
acb3cb |
%{_sbindir}/%{name}
|
|
|
acb3cb |
|
|
|
acb3cb |
%files libs
|
|
|
acb3cb |
%doc COPYING
|
|
|
35a10e |
%{_libdir}/lib%{name}.so.11*
|
|
|
acb3cb |
|
|
|
acb3cb |
%files devel
|
|
|
acb3cb |
%{_includedir}/lib%{name}
|
|
|
acb3cb |
%{_libdir}/lib%{name}.so
|
|
|
afce33 |
%{_libdir}/pkgconfig/lib%{name}.pc
|
|
|
f5104d |
|
|
|
f5104d |
%files service
|
|
|
f5104d |
%{_unitdir}/%{name}.service
|
|
|
f5104d |
%dir %{_libexecdir}/%{name}
|
|
|
f5104d |
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/ipset-config
|
|
|
f5104d |
%ghost %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/ipset
|
|
|
f5104d |
%attr(0755,root,root) %{_libexecdir}/%{name}/%{name}.start-stop
|
|
|
f5104d |
%dir %{legacy_actions}/ipset
|
|
|
f5104d |
%{legacy_actions}/ipset/save
|
|
|
acb3cb |
|
|
|
acb3cb |
|
|
|
acb3cb |
%changelog
|
|
|
35a10e |
* Wed Jun 27 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-2
|
|
|
35a10e |
- Fix upgrade and downgrade triggers in specfile (RHBZ#1594722)
|
|
|
35a10e |
|
|
|
35a10e |
* Mon Apr 16 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-1
|
|
|
35a10e |
- Rebase to 6.38 (RHBZ#1557600):
|
|
|
35a10e |
- hash:ipmac type support added to ipset, userspace part (Tomasz Chilinski)
|
|
|
35a10e |
- Refactor /etc/sysconfig/ipset.start-stop
|
|
|
35a10e |
- Fixes:
|
|
|
35a10e |
- IPSet Service Monolithic Operation (RHBZ#1440741)
|
|
|
35a10e |
- "systemctl start ipset" doesn't handle existing ipset's having counters
|
|
|
35a10e |
(RHBZ#1502212)
|
|
|
35a10e |
|
|
|
afce33 |
* Wed Feb 1 2017 Thomas Woerner <twoerner@redhat.com> - 6.29-1
|
|
|
afce33 |
- Rebase to 6.29 (RHBZ#1351299)
|
|
|
afce33 |
- Fixes:
|
|
|
afce33 |
- Backport ipset capability to run in namespaces (RHBZ#1226051)
|
|
|
afce33 |
- Fix service save with empty ipset list and existing ipset save file
|
|
|
afce33 |
(RHBZ#1377621)
|
|
|
afce33 |
- Fix internal error at printing to output buffer (RHBZ#1395865)
|
|
|
afce33 |
|
|
|
f5104d |
* Wed Aug 17 2016 Thomas Woerner <twoerner@redhat.com> - 6.19-6
|
|
|
f5104d |
- Use /etc/sysconfig/ipset-config in service as EnvironmentFile (RHBZ#1136257)
|
|
|
f5104d |
- Use /etc/sysconfig/ipset for data as in RHEL-6 (RHBZ#1136257)
|
|
|
f5104d |
- No save on reload, but legacy save action (RHBZ#1136257)
|
|
|
f5104d |
|
|
|
f5104d |
* Wed Jun 29 2016 Thomas Woerner <twoerner@redhat.com> - 6.19-5
|
|
|
f5104d |
- New service sub package to provide the ipset service (RHBZ#1136257)
|
|
|
f5104d |
Service and start-stop script from F-24
|
|
|
f5104d |
- Fixed ipset package summary (RHBZ#1195171)
|
|
|
f5104d |
Spec file derived from F-24
|
|
|
f5104d |
|
|
|
0315e0 |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 6.19-4
|
|
|
0315e0 |
- Mass rebuild 2014-01-24
|
|
|
0315e0 |
|
|
|
0315e0 |
* Tue Jan 14 2014 Thomas Woerner <twoerner@redhat.com> - 6.19-3
|
|
|
0315e0 |
- fixed failed rmdiff testing (RHBZ#884500)
|
|
|
0315e0 |
|
|
|
0315e0 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 6.19-2
|
|
|
0315e0 |
- Mass rebuild 2013-12-27
|
|
|
0315e0 |
|
|
|
acb3cb |
* Thu Aug 15 2013 Mathieu Bridon <bochecha@fedoraproject.org> - 6.19
|
|
|
acb3cb |
- New upstream release.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.16.1-3
|
|
|
acb3cb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
acb3cb |
|
|
|
acb3cb |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.16.1-2
|
|
|
acb3cb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
acb3cb |
|
|
|
acb3cb |
* Wed Sep 26 2012 Mathieu Bridon <bochecha@fedoraproject.org> - 6.16.1-1
|
|
|
acb3cb |
- New upstream release.
|
|
|
acb3cb |
- Fix a requirement.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Wed Sep 26 2012 Mathieu Bridon <bochecha@fedoraproject.org> - 6.14-1
|
|
|
acb3cb |
- New upstream release.
|
|
|
acb3cb |
- Fix scriptlets, ldconfig is needed for the libs subpackage, not the main one.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Mon Jul 30 2012 Mathieu Bridon <bochecha@fedoraproject.org> - 6.13-1
|
|
|
acb3cb |
- New upstream release.
|
|
|
acb3cb |
- Split out the library in its own subpackage.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.11-2
|
|
|
acb3cb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
acb3cb |
|
|
|
acb3cb |
* Mon Feb 06 2012 Mathieu Bridon <bochecha@fedoraproject.org> - 6.11-1
|
|
|
acb3cb |
- New upstream release.
|
|
|
acb3cb |
- Removed our patch, it has been integrated upstream. As such, we also don't
|
|
|
acb3cb |
need to re-run autoreconf any more.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.9.1-3
|
|
|
acb3cb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
acb3cb |
|
|
|
acb3cb |
* Fri Sep 16 2011 Mathieu Bridon <bochecha@fedoraproject.org> - 6.9.1-2
|
|
|
acb3cb |
- Some fixes based on Pierre-Yves' review feedback.
|
|
|
acb3cb |
|
|
|
acb3cb |
* Wed Sep 14 2011 Mathieu Bridon <bochecha@fedoraproject.org> - 6.9.1-1
|
|
|
acb3cb |
- Initial packaging.
|