Permalink
Browse files

Fixed autoconf config so libfko and fwknop client are not linked with…

… libpcap and libgdbm. Fixed some issues in the fwknop.spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@244 510a4753-2344-4c79-9c09-4d669213fbeb
  • Loading branch information...
1 parent 21e2c95 commit 9d2a4c247175ef83bb40e4aadd2af81e19f4b423 Damien Stuart committed Jul 8, 2010
Showing with 43 additions and 26 deletions.
  1. +12 −3 configure.ac
  2. +25 −20 fwknop.spec
  3. +6 −1 server/Makefile.am
  4. +0 −2 server/fw_util.h
View
@@ -167,20 +167,29 @@ AS_IF([test "x$GPG_EXE" != x],
dnl Check for libpcap, gdbm (or ndbm) if we are building the server component
dnl
AS_IF([test "$want_server" = yes], [
+ use_ndbm=no
# Looking for libpcap
#
- AC_CHECK_LIB([pcap],[pcap_open_live], [],
+ AC_CHECK_LIB([pcap],[pcap_open_live],
+ [ AC_DEFINE([HAVE_LIBPCAP], [1], [Define if you have libpcap]) ],
[ AC_MSG_ERROR([fwknopd needs libpcap])]
)
# Looking for gdbm or fallback to ndbm or bail
#
- AC_CHECK_LIB([gdbm],[gdbm_open], [],
- [ AC_CHECK_LIB([ndbm],[dbm_open], [],
+ AC_CHECK_LIB([gdbm],[gdbm_open],
+ [ AC_DEFINE([HAVE_LIBGDBM], [1], [Define if you have libgdbm]) ],
+ [ AC_CHECK_LIB([ndbm],[dbm_open],
+ [
+ AC_DEFINE([HAVE_LIBNDBM], [1], [Define if you have libndbm])
+ use_ndbm=yes
+ ],
[ AC_MSG_ERROR([fwknopd needs either gdbm or ndbm])]
)]
)
+ AM_CONDITIONAL([USE_NDBM], [test x$use_ndbm = xyes])
+
dnl Check for iptables
dnl
AC_ARG_WITH([iptables],
View
@@ -16,7 +16,8 @@ Source0: fwknop-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: gpgme-devel, libpcap-devel, gdbm-devel
-Requires: gpgme, libpcap, gdbm, iptables
+
+Requires: libfko
%package -n libfko
@@ -37,26 +38,28 @@ Requires: libfko gpgme, libpcap, gdbm, iptables
%description
-Fwknop implements an authorization scheme known as Single Packet Authorization (SPA) for
-Linux systems running iptables. This mechanism requires only a single encrypted and
-non-replayed packet to communicate various pieces of information including desired access
-through an iptables policy. The main application of this program is to use iptables in a
-default-drop stance to protect services such as SSH with an additional layer of security
-in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much
-more difficult.
+Fwknop implements an authorization scheme known as Single Packet Authorization
+(SPA) for Linux systems running iptables. This mechanism requires only a
+single encrypted and non-replayed packet to communicate various pieces of
+information including desired access through an iptables policy. The main
+application of this program is to use iptables in a default-drop stance to
+protect services such as SSH with an additional layer of security in order
+to make the exploitation of vulnerabilities (both 0-day and unpatched code)
+much more difficult.
%description -n libfko
-The Firewall Knock Operator library, libfko, provides the Single Packet Authorization
-implementation and API for the other fwkop components.
+The Firewall Knock Operator library, libfko, provides the Single Packet
+Authorization implementation and API for the other fwkop components.
%description -n libfko-devel
This is the libfko development header and API documentation.
%description server
-The Firewall Knock Operator server component for the FireWall Knock Operator, and is
-responsible for monitoring Single Packet Authorization (SPA) packets that are generated
-by fwknop clients, modifying a firewall or acl policy to allow the desired access after
-decrypting a valid SPA packet, and removing access after a configurable timeout.
+The Firewall Knock Operator server component for the FireWall Knock Operator,
+and is responsible for monitoring Single Packet Authorization (SPA) packets
+that are generated by fwknop clients, modifying a firewall or acl policy to
+allow the desired access after decrypting a valid SPA packet, and removing
+access after a configurable timeout.
%prep
%setup -q
@@ -81,13 +84,13 @@ make install DESTDIR=$RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
-%post
+%post -n libfko-devel
/sbin/ldconfig
-/sbin/install-info %{_infodir}/libfko.info.gz %{_infodir}/dir
+/sbin/install-info %{_infodir}/libfko.info* %{_infodir}/dir
-%preun
+%preun -n libfko-devel
if [ "$1" = 0 ]; then
- /sbin/install-info --delete %{_infodir}/libfko.info.gz %{_infodir}/dir
+ /sbin/install-info --delete %{_infodir}/libfko.info* %{_infodir}/dir
fi
%postun
@@ -96,7 +99,7 @@ fi
%files
%defattr(-,root,root,-)
%attr(0755,root,root) %{_bindir}/fwknop
-%attr(0644,root,root) %{_mandir}/fwknop.8*
+%attr(0644,root,root) %{_mandir}/man8/fwknop.8*
%exclude %{_infodir}/dir
%files -n libfko
@@ -111,11 +114,13 @@ fi
%files server
%defattr(-,root,root,-)
%attr(0755,root,root) %{_sbindir}/fwknopd
+%attr(0644,root,root) %{_mandir}/man8/fwknopd.8*
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/fwknop/fwknopd.conf
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/fwknop/access.conf
-%attr(0644,root,root) %{_mandir}/fwknopd.8*
%changelog
* Tue Jul 6 2010 Damien Stuart <dstuart@dstuart.org>
- Initial RPMification.
+* Wed Jul 7 2010 Damien Stuart <dstuart@dstuart.org>
+- Made the post and preun steps specific to libfko-devel.
View
@@ -8,7 +8,12 @@ fwknopd_SOURCES = fwknopd.c fwknopd.h config_init.c config_init.h \
access.c access.h fw_util.c fw_util.h extcmd.c extcmd.h \
tcp_server.c tcp_server.h
-fwknopd_LDADD = $(top_builddir)/lib/libfko.la
+fwknopd_LDADD = $(top_builddir)/lib/libfko.la -lpcap
+if USE_NDBM
+ fwknopd_LDADD += -lndbm
+else
+ fwknopd_LDADD += -lgdbm
+endif
fwknopd_CPPFLAGS = -I $(top_srcdir)/lib -I $(top_srcdir)/common -DSYSCONFDIR=\"$(sysconfdir)\" -DSYSRUNDIR=\"$(localstatedir)\"
View
@@ -47,8 +47,6 @@
#define IPT_ADD_JUMP_RULE_ARGS "-t %s -I %s %i -j %s 2>&1"
#define IPT_LIST_RULES_ARGS "-t %s -L %s --line-numbers -n 2>&1"
-#define DEF_FW_ACCESS_TIMEOUT 60
-
/* Function prototypes
*/
void fw_initialize(fko_srv_options_t *opts);

0 comments on commit 9d2a4c2

Please sign in to comment.