Skip to content

Commit

Permalink
Created scripts to build RPM
Browse files Browse the repository at this point in the history
  • Loading branch information
Eric Wheeler committed May 17, 2016
1 parent c8c5ed9 commit 82d36ea
Show file tree
Hide file tree
Showing 8 changed files with 272 additions and 0 deletions.
1 change: 1 addition & 0 deletions .release
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
6
71 changes: 71 additions & 0 deletions .spec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
Name: fwtree
Summary: Tree-driven firewall
Version: 1.0.1
Release: 2.el7
BuildArch: noarch
Group: Application
License: Restricted
Prefix: /
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: ipset
Conflicts: firewalld
AutoReqProv: no

%description

%build
cp /usr/src/fwtree-git/base/-1.0.1-2.el7.noarch.tar %{_builddir}/-1.0.1-2.el7.noarch.tar

%install
mkdir -p $RPM_BUILD_ROOT/
mv -1.0.1-2.el7.noarch.tar $RPM_BUILD_ROOT/-1.0.1-2.el7.noarch.tar
cd $RPM_BUILD_ROOT/
tar -xf $RPM_BUILD_ROOT/-1.0.1-2.el7.noarch.tar
rm $RPM_BUILD_ROOT/-1.0.1-2.el7.noarch.tar

%clean
rm -fr $RPM_BUILD_ROOT

%post
test -e /etc/iptables.d/COMMENT && exit

echo "Warning: SSH is the only service allowed by default."

ln -s /usr/share/fwtree/rules/COMMENT /etc/iptables.d/
ln -s /usr/share/fwtree/rules/nat/_GLOBAL /etc/iptables.d/nat/
ln -s /usr/share/fwtree/rules/filter/_GLOBAL /etc/iptables.d/filter/
ln -s /usr/share/fwtree/rules/mangle/_GLOBAL /etc/iptables.d/mangle/

ln -s /usr/share/fwtree/rules/filter/DROPLOG/01-drop-and-log /etc/iptables.d/filter/DROPLOG/
ln -s /usr/share/fwtree/rules/filter/OUTPUT_DROP_ALLOW/01-allow /etc/iptables.d/filter/OUTPUT_DROP_ALLOW/

ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/filter/_GLOBAL/08-lo-input-allow /etc/iptables.d/filter/INPUT/

ln -s /etc/iptables.d/filter/_GLOBAL/22-tcp-allow-ssh-throttled /etc/iptables.d/filter/INPUT/

ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/PREROUTING
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/POSTROUTING
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/OUTPUT
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/FORWARD

%files
%defattr (-, root, root)
/usr/sbin/fwtree
/usr/sbin/fwtree-parser
/usr/sbin/fwtree-update-blacklists
/usr/sbin/ipset-helper
/etc/iptables.d
/usr/share/fwtree
/usr/lib/systemd/system/fwtree.service
1 change: 1 addition & 0 deletions .version
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.0.1
8 changes: 8 additions & 0 deletions buildscripts/mkrelease
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

if [ ! -f .release ]
then
echo 1 > .release
else
expr 0`cat .release` + 1 > .release
fi
78 changes: 78 additions & 0 deletions buildscripts/mkspec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
#!/bin/bash

echo 'Name: fwtree'
echo 'Summary: Tree-driven firewall'
echo "Version: $VERSION"
echo "Release: $PKGRELEASE"
echo "BuildArch: $ARCH"
echo 'Group: Application'
echo 'License: Restricted'
echo 'Prefix: /'
echo 'BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)'
echo 'Requires: ipset'
echo 'Conflicts: firewalld'
echo 'AutoReqProv: no'
echo ''
echo '%description'
echo ''
echo '%build'
echo "cp /usr/src/fwtree-git/$TARBALL %{_builddir}/$TARBALL"
echo ''
echo '%install'
echo 'mkdir -p $RPM_BUILD_ROOT/'
echo "mv $TARBALL"' $RPM_BUILD_ROOT/'"$TARBALL"
echo 'cd $RPM_BUILD_ROOT/'
echo 'tar -xf $RPM_BUILD_ROOT/'"$TARBALL"
echo 'rm $RPM_BUILD_ROOT/'"$TARBALL"
echo ''
echo '%clean'
echo 'rm -fr $RPM_BUILD_ROOT'
echo ''
echo '%post'
echo 'test -e /etc/iptables.d/COMMENT && exit'
echo ''
echo 'echo "Warning: SSH is the only service allowed by default."'
echo ''
echo 'ln -s /usr/share/fwtree/rules/COMMENT /etc/iptables.d/'
echo 'ln -s /usr/share/fwtree/rules/nat/_GLOBAL /etc/iptables.d/nat/'
echo 'ln -s /usr/share/fwtree/rules/filter/_GLOBAL /etc/iptables.d/filter/'
echo 'ln -s /usr/share/fwtree/rules/mangle/_GLOBAL /etc/iptables.d/mangle/'
echo ''
echo 'ln -s /usr/share/fwtree/rules/filter/DROPLOG/01-drop-and-log /etc/iptables.d/filter/DROPLOG/'
echo 'ln -s /usr/share/fwtree/rules/filter/OUTPUT_DROP_ALLOW/01-allow /etc/iptables.d/filter/OUTPUT_DROP_ALLOW/'
echo ''
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/INPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/OUTPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/FORWARD/'
echo ''
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/INPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/OUTPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/FORWARD/'
echo ''
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/08-lo-input-allow /etc/iptables.d/filter/INPUT/'
echo ''
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/22-tcp-allow-ssh-throttled /etc/iptables.d/filter/INPUT/'
echo ''
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/INPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/OUTPUT/'
echo 'ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/FORWARD/'
echo ''
echo 'ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/PREROUTING'
echo 'ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/POSTROUTING'
echo 'ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/OUTPUT'
echo 'ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/FORWARD'
echo ''
echo '%files'
echo '%defattr (-, root, root)'
echo '/usr/sbin/fwtree'
echo '/usr/sbin/fwtree-parser'
echo '/usr/sbin/fwtree-update-blacklists'
echo '/usr/sbin/ipset-helper'
echo '/etc/iptables.d'
echo '/etc/cron.d/fwtree'
echo '/etc/ipset.d/noblacklist-ewheelerinc'
echo '/etc/rsyslog.d/20-fwtree.conf'
echo '/usr/share/fwtree'
if [ "$DIST" = 'el7' ]; then
echo '/usr/lib/systemd/system/fwtree.service'
fi
39 changes: 39 additions & 0 deletions create-rpm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/bash

DIST=$1

if [ -z "$DIST" ]; then
echo "Usage: `basename $0` [DIST]"
echo " Current supported distributions: el7"
exit 1
fi

if [ "$DIST" != 'el7' ]; then
echo "Currently only el7 is supported."
exit 1
fi

FWTREE_PATH='/usr/src/fwtree-git/'
TAR_PATH="/$FWTREE_PATH/tmp/"

mkdir $TAR_PATH
cp -a $FWTREE_PATH/rootfs/* $TAR_PATH/

SUBRELEASE=".$DIST"
VERSION=$(cat /$FWTREE_PATH/.version)
$FWTREE_PATH/buildscripts/mkrelease
PKGRELEASE=$(cat $FWTREE_PATH/.release)$SUBRELEASE
ARCH='noarch'
TARBALL="fwtree-$VERSION-${PKGRELEASE}.${ARCH}.tar"

export VERSION PKGRELEASE DIST ARCH SCRIPTS TARBALL

$FWTREE_PATH/buildscripts/mkspec > $FWTREE_PATH/fwtree.spec

tar -C $TAR_PATH -cf $TARBALL ./
rm -rf $TAR_PATH

rpmbuild -bb $FWTREE_PATH/fwtree.spec
rm -f $FWTREE_PATH/$TARBALL

exit 0
74 changes: 74 additions & 0 deletions fwtree.spec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
Name: fwtree
Summary: Tree-driven firewall
Version: 1.0.1
Release: 6.el7
BuildArch: noarch
Group: Application
License: Restricted
Prefix: /
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: ipset
Conflicts: firewalld
AutoReqProv: no

%description

%build
cp /usr/src/fwtree-git/fwtree-1.0.1-6.el7.noarch.tar %{_builddir}/fwtree-1.0.1-6.el7.noarch.tar

%install
mkdir -p $RPM_BUILD_ROOT/
mv fwtree-1.0.1-6.el7.noarch.tar $RPM_BUILD_ROOT/fwtree-1.0.1-6.el7.noarch.tar
cd $RPM_BUILD_ROOT/
tar -xf $RPM_BUILD_ROOT/fwtree-1.0.1-6.el7.noarch.tar
rm $RPM_BUILD_ROOT/fwtree-1.0.1-6.el7.noarch.tar

%clean
rm -fr $RPM_BUILD_ROOT

%post
test -e /etc/iptables.d/COMMENT && exit

echo "Warning: SSH is the only service allowed by default."

ln -s /usr/share/fwtree/rules/COMMENT /etc/iptables.d/
ln -s /usr/share/fwtree/rules/nat/_GLOBAL /etc/iptables.d/nat/
ln -s /usr/share/fwtree/rules/filter/_GLOBAL /etc/iptables.d/filter/
ln -s /usr/share/fwtree/rules/mangle/_GLOBAL /etc/iptables.d/mangle/

ln -s /usr/share/fwtree/rules/filter/DROPLOG/01-drop-and-log /etc/iptables.d/filter/DROPLOG/
ln -s /usr/share/fwtree/rules/filter/OUTPUT_DROP_ALLOW/01-allow /etc/iptables.d/filter/OUTPUT_DROP_ALLOW/

ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/03-VALIDATE_TCP /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/05-established /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/filter/_GLOBAL/08-lo-input-allow /etc/iptables.d/filter/INPUT/

ln -s /etc/iptables.d/filter/_GLOBAL/22-tcp-allow-ssh-throttled /etc/iptables.d/filter/INPUT/

ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/INPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/OUTPUT/
ln -s /etc/iptables.d/filter/_GLOBAL/98-tcp-allow-fin-rst /etc/iptables.d/filter/FORWARD/

ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/PREROUTING
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/POSTROUTING
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/OUTPUT
ln -s /etc/iptables.d/mangle/_GLOBAL/10-tos-default /etc/iptables.d/mangle/FORWARD

%files
%defattr (-, root, root)
/usr/sbin/fwtree
/usr/sbin/fwtree-parser
/usr/sbin/fwtree-update-blacklists
/usr/sbin/ipset-helper
/etc/iptables.d
/etc/cron.d/fwtree
/etc/ipset.d/noblacklist-ewheelerinc
/etc/rsyslog.d/20-fwtree.conf
/usr/share/fwtree
/usr/lib/systemd/system/fwtree.service
0 rootfs/usr/sbin/fw-update-blacklists → rootfs/usr/sbin/fwtree-update-blacklists
View file
File renamed without changes.

0 comments on commit 82d36ea

Please sign in to comment.