Initial packaging of ipset.

This package was submitted for review in Fedora on Wed Sep 14 2011:
    https://bugzilla.redhat.com/show_bug.cgi?id=738153#c0

ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch

@@ -0,0 +1,107 @@
+From 1051c0992a291d254694c47d316454839f3658ef Mon Sep 17 00:00:00 2001
+From: Mathieu Bridon <bochecha@fedoraproject.org>
+Date: Mon, 12 Sep 2011 16:03:23 +0800
+Subject: [PATCH] Optionally disable building the kernel module.
+
+Distributors (like Fedora) might be interested in including the ipset
+tools and libs, but they often don't want to build and ship external
+kernel modules, especially if those modules are already included in
+their kernel packages.
+
+This patch introduces a new --with-kmod configure option that can be
+used to conditionally build the kernel module. The module is still built
+by default, to preserve compatibility.
+
+A user who wants to build only the user-space part of ipset can do so by
+running the following:
+
+    $ ./autogen.sh
+    $ configure --with-kmod=no
+    $ make
+    # make install
+---
+ Makefile.am  |   16 ++++++++++++++++
+ configure.ac |   11 +++++++++++
+ 2 files changed, 27 insertions(+), 0 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index bd6b3a8..fc604d7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -23,21 +23,37 @@ endif
+ SUBDIRS		= lib src
+ 
+ modules_sparse:
++if WITH_KMOD
+ 	${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \
+ 			V=$V C=2 CF=-D__CHECK_ENDIAN__ \
+ 			IP_SET_MAX=$(IP_SET_MAX) KDIR=$$PWD/kernel modules
++else
++	@echo Skipping kernel modules due to --with-kmod=no
++endif
+ 
+ modules:
++if WITH_KMOD
+ 	${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter V=$V \
+ 			IP_SET_MAX=$(IP_SET_MAX) KDIR=$$PWD/kernel modules
++else
++	@echo Skipping kernel modules due to --with-kmod=no
++endif
+ 
+ modules_install:
++if WITH_KMOD
+ 	${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \
+ 			KDIR=$$PWD/kernel modules_install
++else
++	@echo Skipping kernel modules due to --with-kmod=no
++endif
+ 
+ modules_clean:
++if WITH_KMOD
+ 	${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net/netfilter \
+ 			KDIR=$$PWD/kernel clean
++else
++	@echo Skipping kernel modules due to --with-kmod=no
++endif
+ 
+ update_includes:
+ 	./update ip_set.h
+diff --git a/configure.ac b/configure.ac
+index 1481d18..9ad8bed 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -11,6 +11,14 @@ case "$host" in
+ *) AC_MSG_ERROR([Linux systems supported exclusively!]);;
+ esac
+ 
++dnl Optionnally disable building the kernel module
++AC_ARG_WITH([kmod],
++            AS_HELP_STRING([--with-kmod=yes/no],
++                           [Build the kernel module (default: yes)]),
++            [BUILDKMOD="$withval";],
++            [BUILDKMOD="yes";])
++AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" == "yes")
++
+ dnl Additional arguments
+ dnl Kernel build directory or source tree
+ AC_ARG_WITH([kbuild],
+@@ -24,6 +32,8 @@ AC_ARG_WITH([ksource],
+ AM_CONDITIONAL(WITH_KBUILDDIR, test "$KBUILDDIR" != "")
+ AC_SUBST(KBUILDDIR)
+ 
++if test "$BUILDKMOD" == "yes"
++then
+ dnl Sigh: check kernel version dependencies
+ if test "$KBUILDDIR" != ""
+ then
+@@ -55,6 +65,7 @@ if test "X`$GREP 'NFNL_SUBSYS_IPSET' $ksourcedir/include/linux/netfilter/nfnetli
+ then
+ 	AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset])
+ fi
++fi
+ 
+ dnl Maximal number of sets supported by the kernel, default 256
+ AC_ARG_WITH([maxsets],
+-- 
+1.7.4.4
+

ipset.spec

@@ -0,0 +1,91 @@
+Name:          ipset
+Version:       6.9.1
+Release:       1%{?dist}
+Summary:       Manage Linux IP sets
+
+Group:         Applications/System
+License:       GPLv2
+URL:           http://ipset.netfilter.org/
+Source0:       http://ipset.netfilter.org/%{name}-%{version}.tar.bz2
+
+# Submitted upstream: http://bugzilla.netfilter.org/show_bug.cgi?id=749
+Patch0:        ipset-6.9.1-Optionally-disable-building-the-kernel-module.patch
+
+BuildRequires: autoconf automake libtool
+BuildRequires: libmnl-devel
+
+# This is developped hand in hand with a kernel module
+Requires:      kernel >= 3.1
+
+%description
+IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be
+administered by the ipset utility. Depending on the type, currently an IP set
+may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC
+addresses in a way, which ensures lightning speed when matching an entry
+against a set.
+
+If you want to:
+ - store multiple IP addresses or port numbers and match against the collection
+   by iptables at one swoop;
+ - dynamically update iptables rules against IP addresses or ports without
+   performance penalty;
+ - express complex IP address and ports based rulesets with one single iptables
+   rule and benefit from the speed of IP sets
+then ipset may be the proper tool for you.
+
+
+%package devel
+Summary:       Development files for %{name}
+Requires:      %{name}%{?_isa} == %{version}-%{release}
+Requires:      kernel-devel >= 3.1
+
+%description devel
+This package contains the files required to develop software using the %{name}
+libraries.
+
+
+%prep
+%setup -q
+%patch0 -p1
+
+# Just to make absolutely sure we are not building the bundled kernel module
+rm -fr kernel
+
+
+%build
+autoreconf -i
+%configure --enable-static=no --with-kmod=no
+
+# Prevent libtool from defining rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+make %{?_smp_mflags}
+
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT
+find %{buildroot} -name '*.la' -exec rm -f '{}' \;
+
+
+%post -p /sbin/ldconfig
+
+
+%postun -p /sbin/ldconfig
+
+
+%files
+%doc COPYING
+%doc %{_mandir}/man8/%{name}.8.gz
+%{_sbindir}/%{name}
+%{_libdir}/lib%{name}.so.1
+%{_libdir}/lib%{name}.so.1.0.0
+
+%files devel
+%doc COPYING
+%{_libdir}/lib%{name}.so
+
+
+%changelog
+* Wed Sep 14 2011 Mathieu Bridon <bochecha@fedoraproject.org> - 6.9.1-1
+- Initial packaging.