From c4eef8c84a6ec079e552aa04aa39d946e7b37ddf Mon Sep 17 00:00:00 2001 From: Mathieu Bridon Date: Sep 19 2011 02:25:27 +0000 Subject: Initial packaging of ipset. This package was submitted for review in Fedora on Wed Sep 14 2011:     https://bugzilla.redhat.com/show_bug.cgi?id=738153#c0 --- diff --git a/ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch b/ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch new file mode 100644 index 0000000..001b046 --- /dev/null +++ b/ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch @@ -0,0 +1,107 @@ +From 1051c0992a291d254694c47d316454839f3658ef Mon Sep 17 00:00:00 2001 +From: Mathieu Bridon +Date: Mon, 12 Sep 2011 16:03:23 +0800 +Subject: [PATCH] Optionally disable building the kernel module. + +Distributors (like Fedora) might be interested in including the ipset +tools and libs, but they often don't want to build and ship external +kernel modules, especially if those modules are already included in +their kernel packages. + +This patch introduces a new --with-kmod configure option that can be +used to conditionally build the kernel module. The module is still built +by default, to preserve compatibility. + +A user who wants to build only the user-space part of ipset can do so by +running the following: + + $ ./autogen.sh + $ configure --with-kmod=no + $ make + # make install +--- + Makefile.am | 16 ++++++++++++++++ + configure.ac | 11 +++++++++++ + 2 files changed, 27 insertions(+), 0 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index bd6b3a8..fc604d7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -23,21 +23,37 @@ endif + SUBDIRS = lib src + + modules_sparse: ++if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \ + V=$V C=2 CF=-D__CHECK_ENDIAN__ \ + IP_SET_MAX=$(IP_SET_MAX) KDIR=$$PWD/kernel modules ++else ++ @echo Skipping kernel modules due to --with-kmod=no ++endif + + modules: ++if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter V=$V \ + IP_SET_MAX=$(IP_SET_MAX) KDIR=$$PWD/kernel modules ++else ++ @echo Skipping kernel modules due to --with-kmod=no ++endif + + modules_install: ++if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \ + KDIR=$$PWD/kernel modules_install ++else ++ @echo Skipping kernel modules due to --with-kmod=no ++endif + + modules_clean: ++if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \ + KDIR=$$PWD/kernel clean ++else ++ @echo Skipping kernel modules due to --with-kmod=no ++endif + + update_includes: + ./update ip_set.h +diff --git a/configure.ac b/configure.ac +index 1481d18..9ad8bed 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -11,6 +11,14 @@ case "$host" in + *) AC_MSG_ERROR([Linux systems supported exclusively!]);; + esac + ++dnl Optionnally disable building the kernel module ++AC_ARG_WITH([kmod], ++ AS_HELP_STRING([--with-kmod=yes/no], ++ [Build the kernel module (default: yes)]), ++ [BUILDKMOD="$withval";], ++ [BUILDKMOD="yes";]) ++AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" == "yes") ++ + dnl Additional arguments + dnl Kernel build directory or source tree + AC_ARG_WITH([kbuild], +@@ -24,6 +32,8 @@ AC_ARG_WITH([ksource], + AM_CONDITIONAL(WITH_KBUILDDIR, test "$KBUILDDIR" != "") + AC_SUBST(KBUILDDIR) + ++if test "$BUILDKMOD" == "yes" ++then + dnl Sigh: check kernel version dependencies + if test "$KBUILDDIR" != "" + then +@@ -55,6 +65,7 @@ if test "X`$GREP 'NFNL_SUBSYS_IPSET' $ksourcedir/include/linux/netfilter/nfnetli + then + AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset]) + fi ++fi + + dnl Maximal number of sets supported by the kernel, default 256 + AC_ARG_WITH([maxsets], +-- +1.7.4.4 + diff --git a/ipset.spec b/ipset.spec new file mode 100644 index 0000000..5c3befd --- /dev/null +++ b/ipset.spec @@ -0,0 +1,91 @@ +Name: ipset +Version: 6.9.1 +Release: 1%{?dist} +Summary: Manage Linux IP sets + +Group: Applications/System +License: GPLv2 +URL: http://ipset.netfilter.org/ +Source0: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2 + +# Submitted upstream: http://bugzilla.netfilter.org/show_bug.cgi?id=749 +Patch0: ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch + +BuildRequires: autoconf automake libtool +BuildRequires: libmnl-devel + +# This is developped hand in hand with a kernel module +Requires: kernel >= 3.1 + +%description +IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be +administered by the ipset utility. Depending on the type, currently an IP set +may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC +addresses in a way, which ensures lightning speed when matching an entry +against a set. + +If you want to: + - store multiple IP addresses or port numbers and match against the collection + by iptables at one swoop; + - dynamically update iptables rules against IP addresses or ports without + performance penalty; + - express complex IP address and ports based rulesets with one single iptables + rule and benefit from the speed of IP sets +then ipset may be the proper tool for you. + + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} == %{version}-%{release} +Requires: kernel-devel >= 3.1 + +%description devel +This package contains the files required to develop software using the %{name} +libraries. + + +%prep +%setup -q +%patch0 -p1 + +# Just to make absolutely sure we are not building the bundled kernel module +rm -fr kernel + + +%build +autoreconf -i +%configure --enable-static=no --with-kmod=no + +# Prevent libtool from defining rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} + + +%install +make install DESTDIR=$RPM_BUILD_ROOT +find %{buildroot} -name '*.la' -exec rm -f '{}' \; + + +%post -p /sbin/ldconfig + + +%postun -p /sbin/ldconfig + + +%files +%doc COPYING +%doc %{_mandir}/man8/%{name}.8.gz +%{_sbindir}/%{name} +%{_libdir}/lib%{name}.so.1 +%{_libdir}/lib%{name}.so.1.0.0 + +%files devel +%doc COPYING +%{_libdir}/lib%{name}.so + + +%changelog +* Wed Sep 14 2011 Mathieu Bridon - 6.9.1-1 +- Initial packaging.