|
@@ -1,12 +1,15 @@
|
|
|
-%define ver 5.49
|
|
|
-%define rel 1
|
|
|
+%bcond_with systemd
|
|
|
|
|
|
Summary: An SSL-encrypting socket wrapper
|
|
|
Name: stunnel
|
|
|
-Version: %{ver}
|
|
|
-Release: %{rel}%{?_dist_release}
|
|
|
-License: GPLv2
|
|
|
+Version: 5.56
|
|
|
+Release: 1%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
Group: Applications/Internet
|
|
|
+Vendor: Project Vine
|
|
|
+Distribution: Vine Linux
|
|
|
+Packager: iwaim
|
|
|
+
|
|
|
+License: GPLv2
|
|
|
URL: https://www.stunnel.org/
|
|
|
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
|
|
|
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
|
|
@@ -15,19 +18,36 @@ Source3: sfinger.xinetd
|
|
|
Source4: stunnel-sfinger.conf
|
|
|
Source5: pop3-redirect.xinetd
|
|
|
Source6: stunnel-pop3s-client.conf
|
|
|
+Source7: stunnel@.service
|
|
|
Source100: stunnel.init
|
|
|
-Patch0: 0001-authpriv.patch
|
|
|
-Patch1: 0002-config.patch
|
|
|
+
|
|
|
+Patch0: stunnel-5.50-authpriv.patch
|
|
|
+Patch3: stunnel-5.56-system-ciphers.patch
|
|
|
+Patch4: stunnel-5.56-coverity.patch
|
|
|
+Patch5: stunnel-5.56-default-tls-version.patch
|
|
|
+Patch6: stunnel-5.56-curves-doc-update.patch
|
|
|
+
|
|
|
Buildroot: %{_tmppath}/stunnel-root
|
|
|
# util-linux is needed for rename
|
|
|
BuildRequires: openssl-devel
|
|
|
BuildRequires: pkgconfig
|
|
|
-BuildRequires: tcp_wrappers
|
|
|
BuildRequires: util-linux
|
|
|
-
|
|
|
-Vendor: Project Vine
|
|
|
-Distribution: Vine Linux
|
|
|
-Packager: iwaim
|
|
|
+%if %{with systemd}
|
|
|
+%{?systemd_requires}
|
|
|
+%else
|
|
|
+Requires(post): chkconfig
|
|
|
+Requires(preun): chkconfig /sbin/service
|
|
|
+Requires(postun): /sbin/service
|
|
|
+%endif
|
|
|
+
|
|
|
+%if %{with systemd}
|
|
|
+%global pidfile %{_rundir}/stunnel.pid
|
|
|
+%else
|
|
|
+%global pidfile %{_localstatedir}/run/stunnel.pid
|
|
|
+%endif
|
|
|
+
|
|
|
+# Do not generate provides for private libraries
|
|
|
+%global __provides_exclude_from ^%{_libdir}/stunnel/.*$
|
|
|
|
|
|
%description
|
|
|
Stunnel is a socket wrapper which can provide SSL (Secure Sockets
|
|
@@ -36,8 +56,13 @@ in conjunction with imapd to create an SSL secure IMAP server.
|
|
|
|
|
|
%prep
|
|
|
%setup -q
|
|
|
-%patch0 -p1 -b .authpriv
|
|
|
-%patch1 -p1 -b .config
|
|
|
+%autopatch -p1
|
|
|
+
|
|
|
+# Fix a testcase with system-ciphers support
|
|
|
+sed -i '/client = yes/a \\ ciphers = PSK' tests/recipes/014_PSK_secrets
|
|
|
+
|
|
|
+# modify systemd service unit
|
|
|
+sed -i '/Type=forking/a \\PrivateTmp=true' tools/stunnel.service.in
|
|
|
|
|
|
%build
|
|
|
CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
|
|
@@ -45,8 +70,8 @@ if pkg-config openssl ; then
|
|
|
CFLAGS="$CFLAGS `pkg-config --cflags openssl`";
|
|
|
LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS
|
|
|
fi
|
|
|
-%configure --disable-fips --enable-ipv6 \
|
|
|
- CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
|
|
|
+%configure --disable-fips --enable-ipv6 --with-ssl=%{_prefix} \
|
|
|
+ CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{pidfile}\"'"
|
|
|
make LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
|
|
|
|
|
|
%install
|
|
@@ -62,43 +87,65 @@ for lang in pl ; do
|
|
|
rename ".${lang}" "" $RPM_BUILD_ROOT/%{_mandir}/${lang}/man8/*
|
|
|
done
|
|
|
|
|
|
+mkdir -p srpm-docs
|
|
|
+cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
|
|
|
+
|
|
|
+%if %{with systemd}
|
|
|
+mkdir -p %{buildroot}%{_unitdir}
|
|
|
+cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
|
|
|
+cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
|
|
|
+%else
|
|
|
install -d -m755 %{buildroot}%{_initdir}
|
|
|
install -m755 %{SOURCE100} %{buildroot}%{_initdir}/stunnel
|
|
|
-
|
|
|
install -d m755 %{buildroot}%{_sysconfdir}/sysconfig
|
|
|
cat <<EOF > %{buildroot}%{_sysconfdir}/sysconfig/stunnel
|
|
|
ENABLED=0
|
|
|
EOF
|
|
|
+%endif
|
|
|
|
|
|
-mkdir -p srpm-docs
|
|
|
-cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
|
|
|
|
|
|
%clean
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
-%pre
|
|
|
-getent group stunnel >/dev/null || groupadd -r stunnel
|
|
|
-getent passwd stunnel >/dev/null || \
|
|
|
-useradd -r -g stunnel -d /dev/null -s /sbin/nologin \
|
|
|
- -c "stunnel service account" stunnel
|
|
|
|
|
|
%post
|
|
|
+%if %{with systemd}
|
|
|
+%systemd_post %{name}.service
|
|
|
+%else
|
|
|
/sbin/chkconfig --add stunnel
|
|
|
+%endif
|
|
|
|
|
|
%preun
|
|
|
-if [ $1 -eq 0 ]; then
|
|
|
+%if %{with systemd}
|
|
|
+%systemd_preun %{name}.service
|
|
|
+%else
|
|
|
+if [ $1 -eq 0 -o -x /bin/systemctl ]; then
|
|
|
+ /sbin/service stunnel stop /dev/null 2>/dev/null ||:
|
|
|
/sbin/chkconfig --del stunnel
|
|
|
fi
|
|
|
+%endif
|
|
|
+
|
|
|
+%postun
|
|
|
+%if %{with systemd}
|
|
|
+%systemd_postun_with_restart %{name}.service
|
|
|
+%else
|
|
|
+if [ $1 -gt 0 ]; then
|
|
|
+ if /sbin/service stunnel status >/dev/null; then
|
|
|
+ /sbin/service stunnel restart
|
|
|
+ fi
|
|
|
+fi
|
|
|
+%endif
|
|
|
+
|
|
|
|
|
|
%files
|
|
|
%defattr(-,root,root)
|
|
|
-%doc AUTHORS BUGS ChangeLog COPY* CREDITS PORTS README TODO
|
|
|
+%doc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
|
|
|
%doc tools/stunnel.conf-sample
|
|
|
%doc srpm-docs/*
|
|
|
+%license COPY*
|
|
|
%lang(en) %doc doc/en/*
|
|
|
%lang(po) %doc doc/pl/*
|
|
|
%{_bindir}/stunnel
|
|
|
-%{_initdir}/stunnel
|
|
|
%exclude %{_bindir}/stunnel3
|
|
|
%exclude %{_datadir}/doc/stunnel
|
|
|
%{_libdir}/stunnel
|
|
@@ -109,9 +156,19 @@ fi
|
|
|
%dir %{_sysconfdir}/%{name}/conf.d
|
|
|
%exclude %{_sysconfdir}/stunnel/stunnel.conf-sample
|
|
|
%exclude %{_sysconfdir}/stunnel/stunnel.pem
|
|
|
+%if %{with systemd}
|
|
|
+%{_unitdir}/%{name}*.service
|
|
|
+%else
|
|
|
+%{_initdir}/stunnel
|
|
|
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
|
|
+%endif
|
|
|
|
|
|
%changelog
|
|
|
+* Sat Apr 18 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 5.56-1
|
|
|
+- new upstream release.
|
|
|
+- replaced all patches.
|
|
|
+- added systemd support (disabled as default).
|
|
|
+
|
|
|
* Sat Dec 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 5.49-1
|
|
|
- new upstream release.
|
|
|
- updated Patch0,1.
|