# https://docs.fedoraproject.org/en-US/quick-docs/publish-rpm-on-copr # http://ftp.rpm.org/max-rpm/s1-rpm-inside-scripts.html # https://rpm-software-management.github.io/rpm/manual/macros.html # https://rpm-packaging-guide.github.io/ %global _owner pgnd %global _build_timestamp %( date +%%Y%%m%%d_%%H%%M%%S --utc ) %global _dist .%{_build_timestamp}.%{_owner}.fc%{fedora} # https://stackoverflow.com/questions/47838041/rpmbuild-how-to-disable-check-buildroot # https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # %%global __spec_install_pre /bin/true %global __arch_install_post %{nil} %global __os_install_post %{nil} %global _disable_source_fetch 0 %global debug_package %{nil} # %%undefine _auto_set_build_flags %global _hardened_build 1 # %%global __brp_mangle_shebangs %%{nil} %global __brp_strip %{nil} # %%global __requires_exclude ^.*/xxx/bin/python.*$ # %%global __requires_exclude_from ^.*/xxx/bin/python.*$ # RHEL8 rpmbuild and /usr/lib/.build-id # https://access.redhat.com/discussions/5045161 %global _build_id_links none # %%bcond_with XXX : opt build with XXX; default, without # %%bcond_without XXX : opt build without XXX; default, with ## NETFILTER STACK %global _nf_repo https://git.netfilter.org %global _nf_repo_branch fullstack %global _nf_pkg1 libnfnetlink # %%global _nf_br1 libnfnetlink-1.0.2 %global _nf_br1 master %global _nf_pkg2 libmnl # %%global _nf_br2 libmnl-1.0.5 %global _nf_br2 master %global _nf_pkg3 libnftnl # %%global _nf_br3 libnftnl-1.2.7 %global _nf_br3 master %global _nf_pkg4 libnetfilter_log # %%global _nf_br4 libnetfilter_log-1.0.2 %global _nf_br4 master %global _nf_pkg5 libnetfilter_acct # %%global _nf_br5 libnetfilter_acct-1.0.3 %global _nf_br5 master %global _nf_pkg6 libnetfilter_queue # %%global _nf_br6 libnetfilter_queue-1.0.5 %global _nf_br6 master %global _nf_pkg7 libnetfilter_conntrack # %%global _nf_br7 libnetfilter_conntrack-1.0.9 %global _nf_br7 master %global _nf_pkg8 libnetfilter_cttimeout # %%global _nf_br8 libnetfilter_cttimeout-1.0.0 %global _nf_br8 master %global _nf_pkg9 libnetfilter_cthelper # %%global _nf_br9 libnetfilter_cthelper-1.0.0 %global _nf_br9 master %global _nf_pkg10 ulogd2 # %%global _nf_br10 ulogd2-2.0.8 %global _nf_br10 master %global _nf_pkg11 conntrack-tools # %%global _nf_br11 conntrack-tools-1.4.8 %global _nf_br11 master %global _nf_pkg12 nfacct # %%global _nf_br12 nfacct-1.0.2 %global _nf_br12 master %global _nf_pkg13 nftables # %%global _nf_br13 nftables-1.1.0 %global _nf_br13 master %global _nf_name netfilter %global _nf_pkgnm netfilter-fullstack %global _nf_comment netfilter fullstack pkgs %global _nf_descrip %{expand: %{_nf_comment}.} %global _systemd_unit_dir /etc/systemd/system # https://spdx.org/licenses/GPL-2.0-only.html %global _nf_license GPL-2.0-only %global _nf_install_dir /usr/local/netfilter %global _nf_inc_dir %{_nf_install_dir}/include %global _nf_lib_dir %{_nf_install_dir}/lib64 %global _nf_sbin_dir_r sbin %global _nftables_unitnm nftables %global _nftables_conf_dir /usr/local/etc/nftables ## ULOGD2 # https://www.netfilter.org/projects/ulogd/index.html # https://git.netfilter.org/ulogd2/ # https://software.opensuse.org/package/ulogd2 # https://salsa.debian.org/pkg-netfilter-team/ulogd2 %global _ulog_name ulogd2 %global _ulog_unitnm ulogd2 %global _ulog_usr ulog %global _ulog_grp ulog %global _ulog_conf_dir /usr/local/etc/ulogd2 %global _ulog_libexec_dir_r libexec %global _ulog_log_dir /var/log/%{_ulog_name} %global _ulog_pid_file %{_ulog_name}.pid %global _ulog_run_dir /run/%{_ulog_name} #!!! https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin %global _ulog_sbin_dir_r sbin ## KEEPALIVED # https://github.com/acassen/keepalived %global _keep_repo https://github.com/acassen/keepalived %global _keep_repo_branch master %global _keep_name keepalived %global _keep_unitnm keepalived %global _keep_usr root %global _keep_grp root %global _keep_conf_dir /usr/local/etc/keepalived %global _keep_conf_file %{_keep_name}.conf %global _keep_data_dir /var/lib/%{_keep_name} %global _keep_log_dir /var/log/%{_keep_name} %global _keep_pid_file %{_keep_name}.pid %global _keep_run_dir /run/%{_keep_name} %global _keep_pkg1 keepalived # %%global _keep_br1 v2.3.1 %global _keep_br1 master # https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ %global dist %{_dist} %global scm0 git # Vendor Pinning Vendor: %{_owner} # NEVRA (n-e:v-r.a) Name: %{_nf_pkgnm} Epoch: 3 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/ Version: %{scm0}_%( echo %{_nf_repo_branch} | sed 's|-|_|g' ) Release: 0%{?dist} # https://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ %global _same_evr %{epoch}:%{version}-%{release} Summary: %{_nf_comment} License: %{_nf_license} URL: %{_nf_repo} Source100: %{_nftables_unitnm}.service Source101: %{_nftables_unitnm}.target Source110: %{_ulog_unitnm}.service Source111: %{_ulog_unitnm}.target Source120: %{_nftables_unitnm}-init.service Source121: %{_nftables_unitnm}-init.target Source130: %{_keep_unitnm}.service Source131: %{_keep_unitnm}.target Source200: %{_nf_name}.logrotate Source210: %{_nf_name}.sysctl Source220: %{_keep_name}.logrotate # https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets # https://docs.pagure.org/packaging-guidelines/Packaging:Scriptlets.html BuildRequires: asciidoc BuildRequires: autoconf BuildRequires: automake BuildRequires: bison BuildRequires: byacc BuildRequires: doxygen BuildRequires: findutils BuildRequires: flex BuildRequires: gmp-devel BuildRequires: gnupg2 BuildRequires: jansson-devel BuildRequires: libtool BuildRequires: patchelf BuildRequires: pkgconf pkgconf-pkg-config BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libpcap) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libtirpc) BuildRequires: pkgconfig(sqlite3) BuildRequires: readline BuildRequires: sgml-tools # keepalived additions BuildRequires: gcc BuildRequires: file-devel BuildRequires: kmod-devel BuildRequires: make # libmnl-devel # BuildRequires: libnl3-devel # libnfnetlink-devel # libnftnl-devel BuildRequires: net-snmp-devel BuildRequires: NetworkManager-libnm-devel BuildRequires: pcre2-devel BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(libnl-3.0) BuildRequires: pkgconfig(libnl-cli-3.0) BuildRequires: pkgconfig(libnl-genl-3.0) BuildRequires: pkgconfig(libnl-idiag-3.0) BuildRequires: pkgconfig(libnl-nf-3.0) BuildRequires: pkgconfig(libnl-route-3.0) BuildRequires: pkgconfig(libnl-xfrm-3.0) BuildRequires: pkgconfig(openssl) BuildRequires: systemd BuildRequires: systemd-rpm-macros %{?systemd_requires} Requires(pre): user(%{_ulog_name}) Requires(pre): group(%{_ulog_name}) Requires: libnetfilter_acct Requires: libnetfilter_conntrack Requires: logrotate Requires: net-snmp-agent-libs Provides: %{_nf_name} = %{_same_evr} Obsoletes: %{_nf_name} < %{_same_evr} # Automatic Filtering of Provides and Requires # https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/ # NOTE: # this pkg's requires/provides are _internal_ to the install dir. # should _not_ be exposed by rpm to system's %global __requires_exclude_from ^%{_nf_install_dir}/.* %global __requires_exclude ^%{_nf_install_dir}/.* %global __provides_exclude_from ^%{_nf_install_dir}/.* %global __provides_exclude ^%{_nf_install_dir}/.* %description %{_nf_descrip} %prep echo '##### STARTING PREP #####' cd %{_builddir} git clone --single-branch --branch %{_nf_br1} %{_nf_repo}/%{_nf_pkg1} git clone --single-branch --branch %{_nf_br2} %{_nf_repo}/%{_nf_pkg2} git clone --single-branch --branch %{_nf_br3} %{_nf_repo}/%{_nf_pkg3} git clone --single-branch --branch %{_nf_br4} %{_nf_repo}/%{_nf_pkg4} git clone --single-branch --branch %{_nf_br5} %{_nf_repo}/%{_nf_pkg5} git clone --single-branch --branch %{_nf_br6} %{_nf_repo}/%{_nf_pkg6} git clone --single-branch --branch %{_nf_br7} %{_nf_repo}/%{_nf_pkg7} git clone --single-branch --branch %{_nf_br8} %{_nf_repo}/%{_nf_pkg8} git clone --single-branch --branch %{_nf_br9} %{_nf_repo}/%{_nf_pkg9} git clone --single-branch --branch %{_nf_br10} %{_nf_repo}/%{_nf_pkg10} git clone --single-branch --branch %{_nf_br11} %{_nf_repo}/%{_nf_pkg11} git clone --single-branch --branch %{_nf_br12} %{_nf_repo}/%{_nf_pkg12} git clone --single-branch --branch %{_nf_br13} %{_nf_repo}/%{_nf_pkg13} git clone --single-branch --branch %{_keep_br1} %{_keep_repo} %build echo '##### STARTING BUILD #####' cd %{_builddir} mkdir -p %{_builddir}/%{_nf_install_dir} export PKG_CONFIG_PATH="%{_nf_lib_dir}:${PKG_CONFIG_PATH}" %global _binc %{_builddir}%{_nf_inc_dir} %global _blib %{_builddir}%{_nf_lib_dir} export LIBMNL_CFLAGS="-I%{_binc}" export LIBMNL_LIBS="-L%{_blib} -lmnl" export LIBNETFILTER_ACCT_CFLAGS="-I%{_binc}" export LIBNETFILTER_ACCT_LIBS="-L%{_blib} -lnetfilter_acct" export LIBNETFILTER_CONNTRACK_CFLAGS="-I%{_binc}" export LIBNETFILTER_CONNTRACK_LIBS="-L%{_blib} -lnetfilter_conntrack" export LIBNETFILTER_CTHELPER_CFLAGS="-I%{_binc}" export LIBNETFILTER_CTHELPER_LIBS="-L%{_blib} -lnetfilter_cthelper" export LIBNETFILTER_CTTIMEOUT_CFLAGS="-I%{_binc}" export LIBNETFILTER_CTTIMEOUT_LIBS="-L%{_blib} -lnetfilter_cttimeout" export LIBNETFILTER_LOG_CFLAGS="-I%{_binc}" export LIBNETFILTER_LOG_LIBS="-L%{_blib} -lnetfilter_log" export LIBNETFILTER_QUEUE_CFLAGS="-I%{_binc}" export LIBNETFILTER_QUEUE_LIBS="-L%{_blib} -lnetfilter_queue" export LIBNFNETLINK_CFLAGS="-I%{_binc}" export LIBNFNETLINK_LIBS="-L%{_blib} -lnfnetlink" export LIBNFTNL_CFLAGS="-I%{_binc}" export LIBNFTNL_LIBS="-L%{_blib} -lnftnl" # LIBNFNETLINK cd %{_builddir}/libnfnetlink autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBMNL cd %{_builddir}/libmnl autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNFTNL (deps: libmnl) cd %{_builddir}/libnftnl autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_CONNTRACK (deps: libnfnetlink, libmnl ) cd %{_builddir}/libnetfilter_conntrack autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_LOG (deps: libnfnetlink, libmnl, libnetfilter_conntrack) cd %{_builddir}/libnetfilter_log autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_ACCT (deps: libmnl ) cd %{_builddir}/libnetfilter_acct autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_QUEUE (deps: libnfnetlink, libmnl) cd %{_builddir}/libnetfilter_queue autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_CTTIMEOUT (deps: libmnl) cd %{_builddir}/libnetfilter_cttimeout autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # LIBNETFILTER_CTHELPER (deps: libmnl) cd %{_builddir}/libnetfilter_cthelper autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # ULOGD2 (deps: libnfnetlink, libnetfilter_log, libnetfilter_conntrack, libmnl, libnetfilter_acct) cd %{_builddir}/ulogd2 autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld \ --with-ulogd2libdir=%{_nf_lib_dir}/ulogd \ --enable-ulog=no \ --enable-nflog=yes \ --enable-nfct=yes \ --enable-nfacct=yes \ --enable-pgsql=no \ --enable-mysql=no \ --enable-sqlite3=yes \ --enable-dbi=no \ --enable-pcap=yes \ --enable-json=yes make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # CONNTRACK-TOOLS (deps: libnfnetlink, libmnl, libnetfilter_conntrack, libnetfilter_cttimeout, libnetfilter_cthelper, libnetfilter_queue) cd %{_builddir}/conntrack-tools autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld \ --enable-cthelper \ --enable-cttimeout \ --enable-systemd make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # NFACCT (deps: libmnl, libnetfilter_acct) cd %{_builddir}/nfacct autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # NFTABLES (deps: libmnl, libnftnl) cd %{_builddir}/nftables autoreconf -fi && rm -Rf autom4te*.cache ./configure --prefix=%{_nf_install_dir} --enable-shared=yes --enable-static=no --libdir=%{_nf_lib_dir} --with-gnu-ld \ --without-xtables \ --with-json make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f # KEEPALIVED cd %{_builddir}/keepalived chmod +x autogen.sh ./autogen.sh && rm -Rf autom4te*.cache ./configure \ --prefix=%{_nf_install_dir} \ --libdir=%{_nf_lib_dir} \ --enable-snmp \ --enable-snmp-rfc \ --enable-nftables \ --disable-iptables \ --enable-json \ --enable-sha1 \ --with-init=systemd make V=0 -j${RPM_BUILD_NCPUS} && make install DESTDIR=%{_builddir} make install DESTDIR=%{_builddir} find %{_builddir}/ -name '*.la' | xargs rm -f %install echo '##### STARTING INSTALL #####' cd %{_builddir} ## modify rpmbuild rpath check criteria # cref: /usr/lib/rpm/check-rpaths-worker # QA_RPATHS=$(( 0x0001|0x0002|0x0004|0x0008|0x0010|0x0020 )) # allow 'invalid' RPATHs export QA_RPATHS="$(( 0x0002 ))" mkdir -p ${RPM_BUILD_ROOT}/%{_nf_install_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_systemd_unit_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d # GENERATE .service FILES, scripts sed -i \ -e 's|__ULOG_USR__|%{_ulog_usr}|g' \ -e 's|__ULOG_GRP__|%{_ulog_grp}|g' \ -e 's|__ULOG_CONFDIR__|%{_ulog_conf_dir}|g' \ -e 's|__ULOG_EXEC__|%{_nf_install_dir}/%{_nf_sbin_dir_r}/ulogd|g' \ -e 's|__ULOG_RUNDIR__|%{_ulog_run_dir}|g' \ -e 's|__ULOG_PIDFILE__|%{_ulog_pid_file}|g' \ -e 's|__ULOG_UNITFILE__|%{_ulog_unitnm}.service|g' \ -e 's|__ULOG_LOGDIR__|%{_ulog_log_dir}|g' \ -e 's|__ULOG_LIBDIR__|%{_nf_lib_dir}|g' \ -e 's|__NFT_CONFDIR__|%{_nftables_conf_dir}|g' \ -e 's|__KEEP_USR__|%{_keep_usr}|g' \ -e 's|__KEEP_GRP__|%{_keep_grp}|g' \ -e 's|__KEEP_LOGDIR__|%{_keep_log_dir}|g' \ -e 's|__KEEP_UNITFILE__|%{_keep_unitnm}.service|g' \ -e 's|__KEEP_CONFDIR__|%{_keep_conf_dir}|g' \ -e 's|__KEEP_CONFFILE__|%{_keep_conf_file}|g' \ -e 's|__KEEP_RUNDIR__|%{_keep_run_dir}|g' \ -e 's|__KEEP_PIDFILE__|%{_keep_pid_file}|g' \ -e 's|__KEEP_LIBDIR__|%{_nf_lib_dir}|g' \ -e 's|__KEEP_DATADIR__|%{_keep_data_dir}|g' \ -e 's|__KEEP_EXEC__|%{_nf_install_dir}/%{_nf_sbin_dir_r}/keepalived|g' \ %{SOURCE100} %{SOURCE101} %{SOURCE110} %{SOURCE111} %{SOURCE120} %{SOURCE121} %{SOURCE130} %{SOURCE131} %{SOURCE200} %{SOURCE220} # systemd unit files install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE100} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_nftables_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE101} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_nftables_unitnm}.target install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE110} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_ulog_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE111} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_ulog_unitnm}.target install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE120} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_nftables_unitnm}-init.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE121} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_nftables_unitnm}-init.target install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE130} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_keep_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE131} \ ${RPM_BUILD_ROOT}/%{_systemd_unit_dir}/%{_keep_unitnm}.target #\systemd unit files # logrotate files install -D -p -m 644 \ %{SOURCE200} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d/%{_nf_name} install -D -p -m 644 \ %{SOURCE220} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d/%{_keep_name} #\logrotate files install -D -p -m 644 \ %{SOURCE210} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysctl.d/90-%{_nf_name}.conf cp -af \ %{_builddir}/%{_nf_install_dir} \ ${RPM_BUILD_ROOT}/usr/local/ cp -af \ %{_builddir}/ulogd2/ulogd.conf \ ${RPM_BUILD_ROOT}/%{_nf_install_dir}/share/ulogd2.conf.example # symlink bins mkdir -p ${RPM_BUILD_ROOT}/usr/local/sbin pushd ${RPM_BUILD_ROOT}/usr/local/sbin _d="${RPM_BUILD_ROOT}%{_nf_install_dir}/sbin" ln -sfr ${_d}/conntrack . ln -sfr ${_d}/nfacct . ln -sfr ${_d}/nfct . ln -sfr ${_d}/nft . popd # FIX APP-ONLY RUNTIME PATHS TO NOT CAUSE COLLISIONS WITH SYSINSTALL'd LIBS pushd ${RPM_BUILD_ROOT}/%{_nf_install_dir} cd ./sbin patchelf --remove-rpath ./* patchelf --force-rpath --set-rpath '%{_nf_lib_dir}:%{_nf_lib_dir}/ulogd' ./* cd ../lib64/ patchelf --remove-rpath ./*.so patchelf --force-rpath --set-rpath '%{_nf_lib_dir}:%{_nf_lib_dir}/ulogd' ./*.so cd ./ulogd patchelf --remove-rpath ./*.so patchelf --force-rpath --set-rpath '%{_nf_lib_dir}:%{_nf_lib_dir}/ulogd' ./*.so # check: # patchelf --print-rpath /usr/local/netfilter/sbin/* # patchelf --print-rpath /usr/local/netfilter/lib64/*.so # patchelf --print-rpath /usr/local/netfilter/lib64/ulogd/*.so # /usr/local/netfilter/lib64 # or: # readelf -d /usr/local/netfilter/sbin/ulogd | grep RPATH # 0x000000000000000f (RPATH) Library rpath: [/usr/local/netfilter/lib64] popd %pre %post %systemd_post %{_nftables_unitnm}.service %systemd_post %{_ulog_unitnm}.service %preun %systemd_preun %{_nftables_unitnm}.service %systemd_preun %{_ulog_unitnm}.service %postun %systemd_postun_with_restart %{_nftables_unitnm}.service %systemd_postun_with_restart %{_ulog_unitnm}.service %files # http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html %dir %{_nf_install_dir} %{_nf_install_dir}/* %{_systemd_unit_dir}/%{_ulog_unitnm}* %{_systemd_unit_dir}/%{_nftables_unitnm}* %{_systemd_unit_dir}/%{_keep_unitnm}* %dir /usr/local/sbin/ /usr/local/sbin/* %{_sysconfdir}/logrotate.d/%{_nf_name} %{_sysconfdir}/logrotate.d/%{_keep_name} %{_sysconfdir}/sysctl.d/90-%{_nf_name}.conf %changelog * Thu Oct 31 2024 pgnd _ - bump 1730382184