diff --git a/fedora/SPECS/clsync.spec b/fedora/SPECS/archive/clsync.spec similarity index 100% rename from fedora/SPECS/clsync.spec rename to fedora/SPECS/archive/clsync.spec diff --git a/fedora/SPECS/collectd.spec b/fedora/SPECS/archive/collectd.spec similarity index 100% rename from fedora/SPECS/collectd.spec rename to fedora/SPECS/archive/collectd.spec diff --git a/fedora/SPECS/icinga-web.spec b/fedora/SPECS/archive/icinga-web.spec similarity index 100% rename from fedora/SPECS/icinga-web.spec rename to fedora/SPECS/archive/icinga-web.spec diff --git a/fedora/SPECS/icinga.spec b/fedora/SPECS/archive/icinga.spec similarity index 100% rename from fedora/SPECS/icinga.spec rename to fedora/SPECS/archive/icinga.spec diff --git a/fedora/SPECS/nconf.spec b/fedora/SPECS/archive/nconf.spec similarity index 100% rename from fedora/SPECS/nconf.spec rename to fedora/SPECS/archive/nconf.spec diff --git a/fedora/SPECS/owncloud-files.spec b/fedora/SPECS/archive/owncloud-files.spec similarity index 100% rename from fedora/SPECS/owncloud-files.spec rename to fedora/SPECS/archive/owncloud-files.spec diff --git a/fedora/SPECS/owncloud.spec b/fedora/SPECS/archive/owncloud.spec similarity index 100% rename from fedora/SPECS/owncloud.spec rename to fedora/SPECS/archive/owncloud.spec diff --git a/fedora/SPECS/subversion.spec b/fedora/SPECS/archive/subversion.spec similarity index 100% rename from fedora/SPECS/subversion.spec rename to fedora/SPECS/archive/subversion.spec diff --git a/fedora/SPECS/haproxy.spec b/fedora/SPECS/haproxy.spec new file mode 100644 index 0000000..55e28fa --- /dev/null +++ b/fedora/SPECS/haproxy.spec @@ -0,0 +1,485 @@ +%define haproxy_user haproxy +%define haproxy_group %{haproxy_user} +%define haproxy_home %{_localstatedir}/lib/haproxy +%define haproxy_confdir %{_sysconfdir}/haproxy +%define haproxy_datadir %{_datadir}/haproxy + +%global _hardened_build 1 + +Name: haproxy +Version: 1.8.4 +Release: 2%{?dist} +Summary: HAProxy reverse proxy for high availability environments + +Group: System Environment/Daemons +License: GPLv2+ + +URL: http://www.haproxy.org/ +Source0: http://www.haproxy.org/download/1.8/src/haproxy-%{version}.tar.gz +Source1: %{name}.service +Source2: %{name}.cfg +Source3: %{name}.logrotate +Source4: %{name}.sysconfig +Source5: halog.1 + +BuildRequires: lua-devel +BuildRequires: pcre-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +BuildRequires: systemd-devel +BuildRequires: systemd-units + +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high +availability environments. Indeed, it can: + - route HTTP requests depending on statically assigned cookies + - spread load among several servers while assuring server persistence + through the use of HTTP cookies + - switch to backup servers in the event a main one fails + - accept connections to special ports dedicated to service monitoring + - stop accepting connections without breaking existing ones + - add, modify, and delete HTTP headers in both directions + - block requests matching particular patterns + - report detailed status to authenticated users from a URI + intercepted from the application + +%prep +%setup -q + +%build +regparm_opts= +%ifarch %ix86 x86_64 +regparm_opts="USE_REGPARM=1" +%endif + +%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 ${regparm_opts} ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}" + +pushd contrib/halog +%{__make} ${halog} OPTIMIZE="%{optflags} %{build_ldflags}" +popd + +pushd contrib/iprange +%{__make} iprange OPTIMIZE="%{optflags} %{build_ldflags}" +popd + +%install +%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628" +%{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} + +%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg +%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 +%{__install} -d -m 0755 %{buildroot}%{haproxy_home} +%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir} +%{__install} -d -m 0755 %{buildroot}%{_bindir} +%{__install} -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog +%{__install} -p -m 0755 ./contrib/iprange/iprange %{buildroot}%{_bindir}/iprange +%{__install} -p -m 0644 ./examples/errorfiles/* %{buildroot}%{haproxy_datadir} + +for httpfile in $(find ./examples/errorfiles/ -type f) +do + %{__install} -p -m 0644 $httpfile %{buildroot}%{haproxy_datadir} +done + +%{__rm} -rf ./examples/errorfiles/ + +find ./examples/* -type f ! -name "*.cfg" -exec %{__rm} -f "{}" \; + +for textfile in $(find ./ -type f -name '*.txt') +do + %{__mv} $textfile $textfile.old + iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old + %{__rm} -f $textfile.old +done + +%pre +getent group %{haproxy_group} >/dev/null || \ + groupadd -r %{haproxy_group} +getent passwd %{haproxy_user} >/dev/null || \ + useradd -r -g %{haproxy_user} -d %{haproxy_home} \ + -s /sbin/nologin -c "haproxy" %{haproxy_user} +exit 0 + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + +%clean +[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc doc/* examples/* +%doc CHANGELOG README ROADMAP VERSION +%license LICENSE +%dir %{haproxy_confdir} +%dir %{haproxy_datadir} +%{haproxy_datadir}/* +%config(noreplace) %{haproxy_confdir}/%{name}.cfg +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%{_unitdir}/%{name}.service +%{_sbindir}/%{name} +%{_bindir}/halog +%{_bindir}/iprange +%{_mandir}/man1/* +%attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} + +%changelog +* Mon Feb 26 2018 Ryan O'Hara - 1.8.4-2 +- Define USE_SYSTEMD at build time (#1549027) + +* Mon Feb 26 2018 Ryan O'Hara - 1.8.4-1 +- Update to 1.8.4 (#1543668) + +* Thu Feb 08 2018 Florian Weimer - 1.8.3-5 +- Build halog and iprange with linker flags from redhat-rpm-config +- Tell build to include + +* Wed Feb 07 2018 Fedora Release Engineering - 1.8.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 1.8.3-3 +- Rebuilt for switch to libxcrypt + +* Fri Jan 05 2018 Ryan O'Hara - 1.8.3-2 +- Remove haproxy-systemd-wrapper + +* Fri Jan 05 2018 Ryan O'Hara - 1.8.3-1 +- Update to 1.8.3 (#1528829) + +* Wed Dec 27 2017 Ryan O'Hara - 1.8.2-1 +- Update to 1.8.2 + +* Fri Dec 15 2017 Ryan O'Hara - 1.8.1-1 +- Update to 1.8.1 + +* Fri Dec 15 2017 Ryan O'Hara - 1.8.0-1 +- Update to 1.8.0 + +* Mon Sep 11 2017 Ryan O'Hara - 1.7.9-1 +- Update to 1.7.9 (#1485084) + +* Wed Aug 02 2017 Fedora Release Engineering - 1.7.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.7.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 10 2017 Ryan O'Hara - 1.7.8-1 +- Update to 1.7.8 (#1436669) + +* Mon May 01 2017 Ryan O'Hara - 1.7.3-2 +- Use KillMode=mixed in systemd service file (#1447085) + +* Sun Mar 26 2017 Ryan O'Hara - 1.7.3-1 +- Update to 1.7.3 (#1413276) + +* Fri Feb 10 2017 Fedora Release Engineering - 1.7.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 18 2017 Ryan O'Hara - 1.7.2-1 +- Update to 1.7.2 (#1413276) + +* Thu Dec 29 2016 Ryan O'Hara - 1.7.1-1 +- Update to 1.7.1 + +* Mon Nov 28 2016 Ryan O'Hara - 1.7.0-1 +- Update to 1.7.0 + +* Mon Nov 21 2016 Ryan O'Hara - 1.6.10-1 +- Update to 1.6.10 (#1397013) + +* Wed Aug 31 2016 Ryan O'Hara - 1.6.9-1 +- Update to 1.6.9 (#1370709) + +* Thu Jul 14 2016 Ryan O'Hara - 1.6.7-2 +- Fix main frontend in default config file (#1348674) + +* Thu Jul 14 2016 Ryan O'Hara - 1.6.7-1 +- Update to 1.6.7 (#1356578) + +* Tue Jun 28 2016 Ryan O'Hara - 1.6.6-2 +- Remove patch for CVE-2016-5360 + +* Tue Jun 28 2016 Ryan O'Hara - 1.6.6-1 +- Update to 1.6.6 (#1350426) + +* Wed Jun 15 2016 Ryan O'Hara - 1.6.5-3 +- Fix reqdeny causing random crashes (CVE-2016-5360, #1346672) + +* Fri Jun 03 2016 Ryan O'Hara - 1.6.5-2 +- Utilize system-wide crypto-policies (#1256253) + +* Mon May 23 2016 Ryan O'Hara - 1.6.5-1 +- Update to 1.6.5 (#1317313) + +* Wed Feb 03 2016 Fedora Release Engineering - 1.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 20 2016 Ryan O'Hara - 1.6.3-1 +- Update to 1.6.3 (#1276288) + +* Wed Nov 18 2015 Ryan O'Hara - 1.6.2-3 +- Enable Lua support + +* Tue Nov 03 2015 Ryan O'Hara - 1.6.2-2 +- Update to 1.6.2 (#1276288) + +* Fri Oct 30 2015 Ryan O'Hara - 1.6.1-1 +- Update to 1.6.1 (#1276288) + +* Mon Jul 06 2015 Ryan O'Hara - 1.5.14-1 +- Update to 1.5.14 (CVE-2015-3281, #1239181) + +* Fri Jun 26 2015 Ryan O'Hara - 1.5.13-1 +- Update to 1.5.13 (#1236056) + +* Wed Jun 17 2015 Fedora Release Engineering - 1.5.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 05 2015 Ryan O'Hara - 1.5.12-2 +- Remove unused patches + +* Tue May 05 2015 Ryan O'Hara - 1.5.12-1 +- Update to 1.5.12 (#1217922) + +* Wed Mar 04 2015 Ryan O'Hara - 1.5.11-4 +- Rework systemd service and sysconfig file + +* Wed Feb 11 2015 Ryan O'Hara - 1.5.11-3 +- Add sysconfig file + +* Tue Feb 10 2015 Ryan O'Hara - 1.5.11-2 +- Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783) + +* Sun Feb 01 2015 Ryan O'Hara - 1.5.11-1 +- Update to 1.5.11 (#1188029) + +* Mon Jan 05 2015 Ryan O'Hara - 1.5.10-1 +- Update to 1.5.10 + +* Mon Dec 01 2014 Ryan O'Hara - 1.5.9-1 +- Update to 1.5.9 + +* Sat Nov 01 2014 Ryan O'Hara - 1.5.8-1 +- Update to 1.5.8 + +* Thu Oct 30 2014 Ryan O'Hara - 1.5.7-1 +- Update to 1.5.7 + +* Mon Oct 20 2014 Ryan O'Hara - 1.5.6-1 +- Update to 1.5.6 + +* Wed Oct 08 2014 Ryan O'Hara - 1.5.5-1 +- Update to 1.5.5 + +* Tue Sep 02 2014 Ryan O'Hara - 1.5.4-1 +- Update to 1.5.4 + +* Sat Aug 16 2014 Fedora Release Engineering - 1.5.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 06 2014 Ryan O'Hara - 1.5.3-2 +- Use haproxy-systemd-wrapper in service file (#1126955) + +* Fri Jul 25 2014 Ryan O'Hara - 1.5.3-1 +- Update to 1.5.3 + +* Tue Jul 15 2014 Ryan O'Hara - 1.5.2-1 +- Update to 1.5.2 + +* Tue Jun 24 2014 Ryan O'Hara - 1.5.1-1 +- Update to 1.5.1 + +* Thu Jun 19 2014 Ryan O'Hara - 1.5.0-2 +- Build with zlib and openssl support + +* Thu Jun 19 2014 Ryan O'Hara - 1.5.0-1 +- Update to 1.5.0 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.4.25-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Mar 27 2014 Ryan O'Hara - 1.4.25-1 +- Update to 1.4.25 + +* Sat Aug 03 2013 Fedora Release Engineering - 1.4.24-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jun 17 2013 Ryan O'Hara - 1.4.24-1 +- Update to 1.4.24 (CVE-2013-2174, #975160) + +* Tue Apr 30 2013 Ryan O'Hara - 1.4.23-3 +- Build with PIE flags (#955182) + +* Mon Apr 22 2013 Ryan O'Hara - 1.4.23-2 +- Build with PIE flags (#955182) + +* Tue Apr 02 2013 Ryan O'Hara - 1.4.23-1 +- Update to 1.4.23 (CVE-2013-1912, #947697) +- Drop supplementary groups after setuid/setgid (#894626) + +* Thu Feb 14 2013 Fedora Release Engineering - 1.4.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Oct 12 2012 Robin Lee - 1.4.22-1 +- Update to 1.4.22 (CVE-2012-2942, #824544) +- Use linux2628 build target +- No separate x86_64 build target for halog +- halog build honors rpmbuild optflags +- Specfile cleanup + +* Mon Sep 17 2012 Václav Pavlín - 1.4.20-3 +- Scriptlets replaced with new systemd macros (#850143) + +* Thu Jul 19 2012 Fedora Release Engineering - 1.4.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Apr 03 2012 Jeremy Hinegardner - 1.4.20-1 +- Update to 1.4.20 + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.4.19-4 +- fix haproxy.services file + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.4.19-3 +- Update to use systemd fixing bug #770305 + +* Fri Feb 10 2012 Petr Pisar - 1.4.19-2 +- Rebuild against PCRE 8.30 + +* Sun Jan 29 2012 Jeremy Hinegardner - 1.4.19-1 +- Update to 1.4.19 + +* Fri Jan 13 2012 Fedora Release Engineering - 1.4.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Sep 22 2011 Jeremy Hinegardner - 1.4.18-1 +- Update to 1.4.18 + +* Tue Apr 26 2011 Jeremy Hinegardner - 1.4.15-1 +- Update to 1.4.15 + +* Sun Feb 27 2011 Jeremy Hinegardner - 1.4.11-1 +- update to 1.4.11 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 12 2010 Jeremy Hinegardner - 1.4.9-1 +- update to 1.4.9 + +* Sun Jun 20 2010 Jeremy Hinegardner - 1.4.8-1 +- update to 1.4.8 + +* Sun May 30 2010 Jeremy Hinegardner - 1.4.6-1 +- update to 1.4.6 + +* Thu Feb 18 2010 Jeremy Hinegardner - 1.3.23-1 +- update to 1.3.23 + +* Sat Oct 17 2009 Jeremy Hinegardner - 1.3.22-1 +- update to 1.3.22 +- added logrotate configuration + +* Mon Oct 12 2009 Jeremy Hinegardner - 1.3.21-1 +- update to 1.3.21 + +* Sun Oct 11 2009 Jeremy Hinegardner - 1.3.20-1 +- update to 1.3.20 + +* Sun Aug 02 2009 Jeremy Hinegardner - 1.3.19-1 +- update to 1.3.19 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.3.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun May 17 2009 Jeremy Hinegardner - 1.3.18-1 +- update to 1.3.18 + +* Sat Apr 11 2009 Jeremy Hinegardner - 1.3.17-1 +- Update to 1.3.17 + +* Tue Feb 24 2009 Fedora Release Engineering - 1.3.15.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Dec 30 2008 Jeremy Hinegardner - 1.3.15.7-1 +- update to 1.3.15.7 +- remove upstream patches, they are now part of source distribution + +* Sat Nov 22 2008 Jeremy Hinegardner - 1.3.15.6-2 +- apply upstream patches + +* Sat Nov 15 2008 Jeremy Hinegardner - 1.3.15.6-1 +- update to 1.3.15.6 +- use new build targets from upstream +- add in recommended build options for x86 from upstream + +* Sat Jun 28 2008 Jeremy Hinegardner - 1.3.14.6-1 +- update to 1.3.14.6 +- remove gcc 4.3 patch, it has been applied upstream +- remove MIT license as that code has been removed from upstream + +* Mon Apr 14 2008 Jeremy Hinegardner - 1.3.14.4-1 +- update to 1.3.14.4 + +* Sun Mar 16 2008 Jeremy Hinegardner - 1.3.14.3-1 +- update to 1.3.14.3 + +* Sat Mar 01 2008 Jeremy Hinegardner - 1.3.14.2-4 +- apply the gcc 4.3 patch to the build process + +* Sat Mar 01 2008 Jeremy Hinegardner - 1.3.14.2-3 +- fix gcc 4.3 bug [#434144] +- update init script to properly reload configuration + +* Tue Feb 19 2008 Fedora Release Engineering - 1.3.14.2-2 +- Autorebuild for GCC 4.3 + +* Sun Jan 20 2008 Jeremy Hinegardner - 1.3.14.2-1 +- update to 1.3.14.2 +- update make flags that changed with this upstream release +- added man page installation + +* Sun Dec 16 2007 Jeremy Hinegardner - 1.3.14-1 +- update to 1.3.14 + +* Mon Nov 05 2007 Jeremy Hinegardner - 1.3.12.4-1 +- update to 1.3.12.4 + +* Thu Nov 01 2007 Jeremy Hinegardner - 1.3.12.3-1 +- update to 1.3.12.3 + +* Fri Sep 21 2007 Jeremy Hinegardner - 1.3.12.2-3 +- fix init script 'reload' task + +* Thu Sep 20 2007 Jeremy Hinegardner - 1.3.12.2-2 +- update License field + +* Thu Sep 20 2007 Jeremy Hinegardner - 1.3.12.2-1 +- update to 1.3.12.2 +- remove the upstream patch + +* Tue Sep 18 2007 Jeremy Hinegardner - 1.3.12.1-1 +- switch to 1.3.12.1 branch +- add patch from upstream with O'Reilly licensing updates. +- convert ISO-8859-1 doc files to UTF-8 + +* Sat Mar 24 2007 Jeremy Hinegardner - 1.2.17-2 +- addition of haproxy user +- add license information + +* Fri Mar 23 2007 Jeremy Hinegardner - 1.2.17-1 +- initial packaging diff --git a/fedora/SPECS/libmodsecurity.spec b/fedora/SPECS/libmodsecurity.spec new file mode 100644 index 0000000..c311990 --- /dev/null +++ b/fedora/SPECS/libmodsecurity.spec @@ -0,0 +1,94 @@ + +Name: libmodsecurity +Version: 3.0.2 +Release: 1%{?dist} +Summary: A library that loads/interprets rules written in the ModSecurity SecRules + +License: ASL 2.0 +URL: https://www.modsecurity.org/ + +Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz + +BuildRequires: gcc-c++ +BuildRequires: make +BuildRequires: flex +BuildRequires: bison +BuildRequires: git-core +BuildRequires: ssdeep-devel +BuildRequires: yajl-devel +BuildRequires: libcurl-devel +BuildRequires: lmdb-devel +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(yajl) +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(geoip) +BuildRequires: pkgconfig(libpcre) +BuildRequires: pkgconfig(lmdb) + +# libinjection is supposed to be bundled (same as with mod_security 2.x) +# See: https://github.com/client9/libinjection#embedding +Provides: bundled(libinjection) = 3.9.2 + +%description +Libmodsecurity is one component of the ModSecurity v3 project. +The library codebase serves as an interface to ModSecurity Connectors +taking in web traffic and applying traditional ModSecurity processing. +In general, it provides the capability to load/interpret rules written +in the ModSecurity SecRules format and apply them to HTTP content provided +by your application via Connectors. + + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package static +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description static +The %{name}-static package contains static libraries for developing +applications that use %{name}. + + +%prep +%autosetup -n modsecurity-v%{version} + +%build +%configure --libdir=%{_libdir} +%make_build + +%install +%make_install + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc README.md AUTHORS +%{_libdir}/*.so.* +%{_bindir}/* +%license LICENSE + +%files devel +%doc README.md AUTHORS +%{_includedir}/* +%{_libdir}/*.so +%license LICENSE + +%files static +%{_libdir}/*.a +%{_libdir}/*.la + +%clean +[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/* +[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/* + +%changelog +* Sun Apr 15 2018 Daniel Steiner 3.0.2-1 +- Initial build for Fedora 27 diff --git a/fedora/SPECS/nginx.spec b/fedora/SPECS/nginx.spec new file mode 100644 index 0000000..eec1ec2 --- /dev/null +++ b/fedora/SPECS/nginx.spec @@ -0,0 +1,516 @@ +%global _hardened_build 1 +%global nginx_user nginx +%global with_ldap_module 1 +%global with_modsecurity_module 1 +%global modsecver 3.0.2 + +# gperftools exist only on selected arches +%ifnarch s390 s390x +%global with_gperftools 1 +%endif + +%global with_aio 1 + +%if 0%{?fedora} > 22 +%global with_mailcap_mimetypes 1 +%endif + +Name: nginx +Epoch: 1 +Version: 1.13.12 +Release: 3%{?dist} + +Summary: A high performance web server and reverse proxy server +Group: System Environment/Daemons +# BSD License (two clause) +# http://www.freebsd.org/copyright/freebsd-license.html +License: BSD +URL: http://nginx.org/ + +Source0: https://nginx.org/download/nginx-%{version}.tar.gz +Source1: ngx_http_auth_ldap_module.tar.gz +Source2: modsecurity-nginx-%{modsecver}.tar.gz +Source3: modsecurity.conf +Source4: main.conf +Source10: nginx.service +Source11: nginx.logrotate +Source12: nginx.conf +Source13: nginx-upgrade +Source14: nginx-upgrade.8 +Source100: index.html +Source101: poweredby.png +Source102: nginx-logo.png +Source103: 404.html +Source104: 50x.html +Source200: README.dynamic +Source210: UPGRADE-NOTES-1.6-to-1.10 + +# removes -Werror in upstream build scripts. -Werror conflicts with +# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. +Patch0: nginx-auto-cc-gcc.patch + +%if 0%{?with_gperftools} +BuildRequires: gperftools-devel +%endif +BuildRequires: openssl-devel +BuildRequires: pcre-devel +BuildRequires: zlib-devel + +Requires: nginx-filesystem = %{epoch}:%{version}-%{release} + +%if 0%{?rhel} || 0%{?fedora} < 24 +# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later. +Requires: nginx-all-modules = %{epoch}:%{version}-%{release} +%endif + +Requires: openssl +Requires: pcre +Requires(pre): nginx-filesystem +%if 0%{?with_mailcap_mimetypes} +Requires: nginx-mimetypes +%endif +Provides: webserver + +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and +IMAP protocols, with a strong focus on high concurrency, performance and low +memory usage. + +%package all-modules +Group: System Environment/Daemons +Summary: A meta package that installs all available Nginx modules +BuildArch: noarch + +Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release} +Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release} +Requires: nginx-mod-mail = %{epoch}:%{version}-%{release} +Requires: nginx-mod-stream = %{epoch}:%{version}-%{release} + +%description all-modules +%{summary}. +%if 0%{?rhel} +The main nginx package depends on this to ease the upgrade path. After a grace +period of several months, modules will become optional. +%endif +%if 0%{?fedora} && 0%{?fedora} < 24 +The main nginx package depends on this to ease the upgrade path. Starting from +Fedora 24, modules are optional. +%endif + +%package filesystem +Group: System Environment/Daemons +Summary: The basic directory layout for the Nginx server +BuildArch: noarch +Requires(pre): shadow-utils + +%description filesystem +The nginx-filesystem package contains the basic directory layout +for the Nginx server including the correct permissions for the +directories. + +%package mod-http-geoip +Group: System Environment/Daemons +Summary: Nginx HTTP geoip module +BuildRequires: GeoIP-devel +Requires: nginx +Requires: GeoIP + +%description mod-http-geoip +%{summary}. + +%package mod-http-image-filter +Group: System Environment/Daemons +Summary: Nginx HTTP image filter module +BuildRequires: gd-devel +Requires: nginx +Requires: gd + +%description mod-http-image-filter +%{summary}. + +%package mod-http-perl +Group: System Environment/Daemons +Summary: Nginx HTTP perl module +BuildRequires: perl-devel +%if 0%{?fedora} >= 24 +BuildRequires: perl-generators +%endif +BuildRequires: perl(ExtUtils::Embed) +Requires: nginx +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description mod-http-perl +%{summary}. + +%package mod-http-xslt-filter +Group: System Environment/Daemons +Summary: Nginx XSLT modul +BuildRequires: libxslt-devel +Requires: nginx + +%description mod-http-xslt-filter +%{summary}. + +%package mod-mail +Group: System Environment/Daemons +Summary: Nginx mail module +Requires: nginx + +%description mod-mail +%{summary}. + +%package mod-stream +Group: System Environment/Daemons +Summary: Nginx stream module +Requires: nginx + +%description mod-stream +%{summary}. + +%if 0%{?with_ldap_module} +%package mod-auth-ldap +Group: System Environment/Daemons +Summary: Nginx ldap auth module +Requires: nginx +BuildRequires: openldap-devel + +%description mod-auth-ldap +LDAP auth module for nginx +%endif + +%if 0%{?with_modsecurity_module} +%package mod-security +Group: System Environment/Daemons +Summary: Nginx modsecurity module +Requires: nginx libmodsecurity +BuildRequires: libmodsecurity-devel + +%description mod-security +Modsecurity module for nginx +%endif + +%prep +%if 0%{?with_ldap_module} +%setup -q -b 1 -n ngx_http_auth_ldap_module +%setup -q -b 2 -n modsecurity-nginx-%{modsecver} +%endif +%setup -q +%patch0 -p0 +cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . + +%if 0%{?rhel} > 0 && 0%{?rhel} < 8 +sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service +sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf +%endif + + +%build +# nginx does not utilize a standard configure script. It has its own +# and the standard configure options cause the nginx configure script +# to error out. This is is also the reason for the DESTDIR environment +# variable. +export DESTDIR=%{buildroot} +./configure \ + --prefix=%{_datadir}/nginx \ + --sbin-path=%{_sbindir}/nginx \ + --modules-path=%{_libdir}/nginx/modules \ + --conf-path=%{_sysconfdir}/nginx/nginx.conf \ + --error-log-path=%{_localstatedir}/log/nginx/error.log \ + --http-log-path=%{_localstatedir}/log/nginx/access.log \ + --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \ + --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \ + --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \ + --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \ + --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/lock/subsys/nginx \ + --user=%{nginx_user} \ + --group=%{nginx_user} \ +%if 0%{?with_aio} + --with-file-aio \ +%endif + --with-ipv6 \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ + --with-http_slice_module \ + --with-http_stub_status_module \ + --with-http_perl_module=dynamic \ + --with-http_auth_request_module \ + --with-mail=dynamic \ + --with-mail_ssl_module \ + --with-pcre \ + --with-pcre-jit \ + --with-stream=dynamic \ + --with-stream_ssl_module \ +%if 0%{?with_gperftools} + --with-google_perftools_module \ +%endif +%if 0%{?with_ldap_module} + --add-dynamic-module=%{_builddir}/ngx_http_auth_ldap_module \ +%endif +%if 0%{?with_modsecurity_module} + --add-dynamic-module=%{_builddir}/modsecurity-nginx-%{modsecver} \ + --with-compat \ +%endif + --with-debug \ + --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ + --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols + +make %{?_smp_mflags} + + +%install +make install DESTDIR=%{buildroot} INSTALLDIRS=vendor + +find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; +find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; +find %{buildroot} -type f -empty -exec rm -f '{}' \; +find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; + +install -p -D -m 0644 ./nginx.service \ + %{buildroot}%{_unitdir}/nginx.service +install -p -D -m 0644 %{SOURCE11} \ + %{buildroot}%{_sysconfdir}/logrotate.d/nginx + +install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d +install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d + +install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx +install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp +install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx + +install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html +install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules +install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules + +%if 0%{?with_ldap_module} +install -m 0755 ./objs/ngx_http_auth_ldap_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so +install -p -D -m 0644 %{_builddir}/ngx_http_auth_ldap_module/example.conf %{buildroot}%{_defaultdocdir}/%{name}/auth_ldap_example.conf +%endif + +%if 0%{?with_modsecurity_module} +install -m 0755 ./objs/ngx_http_modsecurity_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so +install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/modsecurity.conf +install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/main.conf +for f in CHANGES AUTHORS README.md LICENSE; do + install -p -D -m 0644 %{_builddir}/modsecurity-nginx-%{modsecver}/$f %{buildroot}%{_defaultdocdir}/%{name}-mod-security/$f +done +%endif + +install -p -m 0644 ./nginx.conf \ + %{buildroot}%{_sysconfdir}/nginx +install -p -m 0644 %{SOURCE100} \ + %{buildroot}%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE101} %{SOURCE102} \ + %{buildroot}%{_datadir}/nginx/html +install -p -m 0644 %{SOURCE103} %{SOURCE104} \ + %{buildroot}%{_datadir}/nginx/html + +%if 0%{?with_mailcap_mimetypes} +rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types +%endif + +install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \ + %{buildroot}%{_mandir}/man8/nginx.8 + +install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade +install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8 + +for i in ftdetect indent syntax; do + install -p -D -m644 contrib/vim/${i}/nginx.vim \ + %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim +done + +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf +%if 0%{?with_ldap_module} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http_auth-ldap.conf +%endif +%if 0%{?with_modsecurity_module} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http_modsecurity.conf +%endif + +%pre filesystem +getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} +getent passwd %{nginx_user} > /dev/null || \ + useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ + -s /sbin/nologin -c "Nginx web server" %{nginx_user} +exit 0 + +%post +%systemd_post nginx.service + +%post mod-http-geoip +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-image-filter +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-perl +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-http-xslt-filter +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-mail +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%post mod-stream +if [ $1 -eq 1 ]; then + /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : +fi + +%preun +%systemd_preun nginx.service + +%postun +%systemd_postun nginx.service +if [ $1 -ge 1 ]; then + /usr/bin/nginx-upgrade >/dev/null 2>&1 || : +fi + +%files +%license LICENSE +%doc CHANGES README README.dynamic +%if 0%{?rhel} == 7 +%doc UPGRADE-NOTES-1.6-to-1.10 +%endif +%{_datadir}/nginx/html/* +%{_bindir}/nginx-upgrade +%{_sbindir}/nginx +%{_datadir}/vim/vimfiles/ftdetect/nginx.vim +%{_datadir}/vim/vimfiles/syntax/nginx.vim +%{_datadir}/vim/vimfiles/indent/nginx.vim +%{_mandir}/man3/nginx.3pm* +%{_mandir}/man8/nginx.8* +%{_mandir}/man8/nginx-upgrade.8* +%{_unitdir}/nginx.service +%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf +%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default +%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params +%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default +%config(noreplace) %{_sysconfdir}/nginx/koi-utf +%config(noreplace) %{_sysconfdir}/nginx/koi-win +%if ! 0%{?with_mailcap_mimetypes} +%config(noreplace) %{_sysconfdir}/nginx/mime.types +%endif +%config(noreplace) %{_sysconfdir}/nginx/mime.types.default +%config(noreplace) %{_sysconfdir}/nginx/nginx.conf +%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default +%config(noreplace) %{_sysconfdir}/nginx/scgi_params +%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default +%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params +%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default +%config(noreplace) %{_sysconfdir}/nginx/win-utf +%config(noreplace) %{_sysconfdir}/logrotate.d/nginx +%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx +%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp +%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx +%dir %{_libdir}/nginx/modules + +%files all-modules + +%files filesystem +%dir %{_datadir}/nginx +%dir %{_datadir}/nginx/html +%dir %{_sysconfdir}/nginx +%dir %{_sysconfdir}/nginx/conf.d +%dir %{_sysconfdir}/nginx/default.d + +%files mod-http-geoip +%{_datadir}/nginx/modules/mod-http-geoip.conf +%{_libdir}/nginx/modules/ngx_http_geoip_module.so + +%files mod-http-image-filter +%{_datadir}/nginx/modules/mod-http-image-filter.conf +%{_libdir}/nginx/modules/ngx_http_image_filter_module.so + +%files mod-http-perl +%{_datadir}/nginx/modules/mod-http-perl.conf +%{_libdir}/nginx/modules/ngx_http_perl_module.so +%dir %{perl_vendorarch}/auto/nginx +%{perl_vendorarch}/nginx.pm +%{perl_vendorarch}/auto/nginx/nginx.so + +%files mod-http-xslt-filter +%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so + +%files mod-mail +%{_datadir}/nginx/modules/mod-mail.conf +%{_libdir}/nginx/modules/ngx_mail_module.so + +%files mod-stream +%{_datadir}/nginx/modules/mod-stream.conf +%{_libdir}/nginx/modules/ngx_stream_module.so + +%if 0%{?with_ldap_module} +%files mod-auth-ldap +%{_datadir}/nginx/modules/mod-http_auth-ldap.conf +%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so +%{_defaultdocdir}/%{name}/auth_ldap_example.conf +%endif + +%if 0%{?with_modsecurity_module} +%files mod-security +%{_defaultdocdir}/%{name}-mod-security/* +%config(noreplace) %{_sysconfdir}/nginx/modsec/modsecurity.conf +%config(noreplace) %{_sysconfdir}/nginx/modsec/main.conf +%{_datadir}/nginx/modules/mod-http_modsecurity.conf +%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so +%endif + +%clean +[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/* +[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/* + +%changelog +* Sun Apr 15 2018 Daniel Steiner 1.13.12-3 +- Modsecurity module added as a shared module. + +* Sat Apr 14 2018 Daniel Steiner 1.13.12-2 +- Auth-ldap module added for basic auth over LDAP as a shared module. + diff --git a/fedora/SPECS/percona-monitoring-plugins.spec b/fedora/SPECS/percona-monitoring-plugins.spec index 1f114a4..61ee82e 100644 --- a/fedora/SPECS/percona-monitoring-plugins.spec +++ b/fedora/SPECS/percona-monitoring-plugins.spec @@ -18,7 +18,7 @@ BuildRequires: perl-Digest-MD5 %else BuildRequires: perl-MD5 %endif - +BuildRequires: perl-Time-HiRes %description Summary: Percona Monitoring Plugins are high-quality components to add enterprise-class MySQL monitoring and graphing capabilities to your existing on-premise monitoring solutions.