public/rpms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of ssh://dev.daniel-steiner.org/srv/git/rpms

Browse Source
This commit is contained in:
dani
2018-05-31 16:36:24 +02:00
parent d3ae961824 ce503ae1e0
commit cb66c69e4f
12 changed files with 1096 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
fedora/SPECS/clsync.spec → fedora/SPECS/archive/clsync.spec
View File

0
fedora/SPECS/collectd.spec → fedora/SPECS/archive/collectd.spec
View File

0
fedora/SPECS/icinga-web.spec → fedora/SPECS/archive/icinga-web.spec
View File

0
fedora/SPECS/icinga.spec → fedora/SPECS/archive/icinga.spec
View File

0
fedora/SPECS/nconf.spec → fedora/SPECS/archive/nconf.spec
View File

0
fedora/SPECS/owncloud-files.spec → fedora/SPECS/archive/owncloud-files.spec
View File

0
fedora/SPECS/owncloud.spec → fedora/SPECS/archive/owncloud.spec
View File

0
fedora/SPECS/subversion.spec → fedora/SPECS/archive/subversion.spec
View File

485
fedora/SPECS/haproxy.spec Normal file
View File

@@ -0,0 +1,485 @@
%define haproxy_user haproxy
%define haproxy_group %{haproxy_user}
%define haproxy_home %{_localstatedir}/lib/haproxy
%define haproxy_confdir %{_sysconfdir}/haproxy
%define haproxy_datadir %{_datadir}/haproxy
%global _hardened_build 1
Name: haproxy
Version: 1.8.4
Release: 2%{?dist}
Summary: HAProxy reverse proxy for high availability environments
Group: System Environment/Daemons
License: GPLv2+
URL: http://www.haproxy.org/
Source0: http://www.haproxy.org/download/1.8/src/haproxy-%{version}.tar.gz
Source1: %{name}.service
Source2: %{name}.cfg
Source3: %{name}.logrotate
Source4: %{name}.sysconfig
Source5: halog.1
BuildRequires: lua-devel
BuildRequires: pcre-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: systemd-devel
BuildRequires: systemd-units
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI
intercepted from the application
%prep
%setup -q
%build
regparm_opts=
%ifarch %ix86 x86_64
regparm_opts="USE_REGPARM=1"
%endif
%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 ${regparm_opts} ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}"
pushd contrib/halog
%{__make} ${halog} OPTIMIZE="%{optflags} %{build_ldflags}"
popd
pushd contrib/iprange
%{__make} iprange OPTIMIZE="%{optflags} %{build_ldflags}"
popd
%install
%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628"
%{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
%{__install} -d -m 0755 %{buildroot}%{haproxy_home}
%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
%{__install} -d -m 0755 %{buildroot}%{_bindir}
%{__install} -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog
%{__install} -p -m 0755 ./contrib/iprange/iprange %{buildroot}%{_bindir}/iprange
%{__install} -p -m 0644 ./examples/errorfiles/* %{buildroot}%{haproxy_datadir}
for httpfile in $(find ./examples/errorfiles/ -type f)
do
%{__install} -p -m 0644 $httpfile %{buildroot}%{haproxy_datadir}
done
%{__rm} -rf ./examples/errorfiles/
find ./examples/* -type f ! -name "*.cfg" -exec %{__rm} -f "{}" \;
for textfile in $(find ./ -type f -name '*.txt')
do
%{__mv} $textfile $textfile.old
iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old
%{__rm} -f $textfile.old
done
%pre
getent group %{haproxy_group} >/dev/null || \
groupadd -r %{haproxy_group}
getent passwd %{haproxy_user} >/dev/null || \
useradd -r -g %{haproxy_user} -d %{haproxy_home} \
-s /sbin/nologin -c "haproxy" %{haproxy_user}
exit 0
%post
%systemd_post %{name}.service
%preun
%systemd_preun %{name}.service
%postun
%systemd_postun_with_restart %{name}.service
%clean
[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc doc/* examples/*
%doc CHANGELOG README ROADMAP VERSION
%license LICENSE
%dir %{haproxy_confdir}
%dir %{haproxy_datadir}
%{haproxy_datadir}/*
%config(noreplace) %{haproxy_confdir}/%{name}.cfg
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%{_unitdir}/%{name}.service
%{_sbindir}/%{name}
%{_bindir}/halog
%{_bindir}/iprange
%{_mandir}/man1/*
%attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home}
%changelog
* Mon Feb 26 2018 Ryan O'Hara <rohara@redhat.com> - 1.8.4-2
- Define USE_SYSTEMD at build time (#1549027)
* Mon Feb 26 2018 Ryan O'Hara <rohara@redhat.com> - 1.8.4-1
- Update to 1.8.4 (#1543668)
* Thu Feb 08 2018 Florian Weimer <fweimer@redhat.com> - 1.8.3-5
- Build halog and iprange with linker flags from redhat-rpm-config
- Tell build to include <crypt.h>
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1.8.3-3
- Rebuilt for switch to libxcrypt
* Fri Jan 05 2018 Ryan O'Hara <rohara@redhat.com> - 1.8.3-2
- Remove haproxy-systemd-wrapper
* Fri Jan 05 2018 Ryan O'Hara <rohara@redhat.com> - 1.8.3-1
- Update to 1.8.3 (#1528829)
* Wed Dec 27 2017 Ryan O'Hara <rohara@redhat.com> - 1.8.2-1
- Update to 1.8.2
* Fri Dec 15 2017 Ryan O'Hara <rohara@redhat.com> - 1.8.1-1
- Update to 1.8.1
* Fri Dec 15 2017 Ryan O'Hara <rohara@redhat.com> - 1.8.0-1
- Update to 1.8.0
* Mon Sep 11 2017 Ryan O'Hara <rohara@redhat.com> - 1.7.9-1
- Update to 1.7.9 (#1485084)
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jul 10 2017 Ryan O'Hara <rohara@redhat.com> - 1.7.8-1
- Update to 1.7.8 (#1436669)
* Mon May 01 2017 Ryan O'Hara <rohara@redhat.com> - 1.7.3-2
- Use KillMode=mixed in systemd service file (#1447085)
* Sun Mar 26 2017 Ryan O'Hara <rohara@redhat.com> - 1.7.3-1
- Update to 1.7.3 (#1413276)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Jan 18 2017 Ryan O'Hara <rohara@redhat.com> - 1.7.2-1
- Update to 1.7.2 (#1413276)
* Thu Dec 29 2016 Ryan O'Hara <rohara@redhat.com> - 1.7.1-1
- Update to 1.7.1
* Mon Nov 28 2016 Ryan O'Hara <rohara@redhat.com> - 1.7.0-1
- Update to 1.7.0
* Mon Nov 21 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.10-1
- Update to 1.6.10 (#1397013)
* Wed Aug 31 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.9-1
- Update to 1.6.9 (#1370709)
* Thu Jul 14 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.7-2
- Fix main frontend in default config file (#1348674)
* Thu Jul 14 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.7-1
- Update to 1.6.7 (#1356578)
* Tue Jun 28 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.6-2
- Remove patch for CVE-2016-5360
* Tue Jun 28 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.6-1
- Update to 1.6.6 (#1350426)
* Wed Jun 15 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.5-3
- Fix reqdeny causing random crashes (CVE-2016-5360, #1346672)
* Fri Jun 03 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.5-2
- Utilize system-wide crypto-policies (#1256253)
* Mon May 23 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.5-1
- Update to 1.6.5 (#1317313)
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jan 20 2016 Ryan O'Hara <rohara@redhat.com> - 1.6.3-1
- Update to 1.6.3 (#1276288)
* Wed Nov 18 2015 Ryan O'Hara <rohara@redhat.com> - 1.6.2-3
- Enable Lua support
* Tue Nov 03 2015 Ryan O'Hara <rohara@redhat.com> - 1.6.2-2
- Update to 1.6.2 (#1276288)
* Fri Oct 30 2015 Ryan O'Hara <rohara@redhat.com> - 1.6.1-1
- Update to 1.6.1 (#1276288)
* Mon Jul 06 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.14-1
- Update to 1.5.14 (CVE-2015-3281, #1239181)
* Fri Jun 26 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.13-1
- Update to 1.5.13 (#1236056)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue May 05 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.12-2
- Remove unused patches
* Tue May 05 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.12-1
- Update to 1.5.12 (#1217922)
* Wed Mar 04 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.11-4
- Rework systemd service and sysconfig file
* Wed Feb 11 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.11-3
- Add sysconfig file
* Tue Feb 10 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.11-2
- Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783)
* Sun Feb 01 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.11-1
- Update to 1.5.11 (#1188029)
* Mon Jan 05 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.10-1
- Update to 1.5.10
* Mon Dec 01 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.9-1
- Update to 1.5.9
* Sat Nov 01 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.8-1
- Update to 1.5.8
* Thu Oct 30 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.7-1
- Update to 1.5.7
* Mon Oct 20 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.6-1
- Update to 1.5.6
* Wed Oct 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.5-1
- Update to 1.5.5
* Tue Sep 02 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.4-1
- Update to 1.5.4
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 06 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.3-2
- Use haproxy-systemd-wrapper in service file (#1126955)
* Fri Jul 25 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.3-1
- Update to 1.5.3
* Tue Jul 15 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.2-1
- Update to 1.5.2
* Tue Jun 24 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-1
- Update to 1.5.1
* Thu Jun 19 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.0-2
- Build with zlib and openssl support
* Thu Jun 19 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.0-1
- Update to 1.5.0
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Mar 27 2014 Ryan O'Hara <rohara@redhat.com> - 1.4.25-1
- Update to 1.4.25
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 17 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.24-1
- Update to 1.4.24 (CVE-2013-2174, #975160)
* Tue Apr 30 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-3
- Build with PIE flags (#955182)
* Mon Apr 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-2
- Build with PIE flags (#955182)
* Tue Apr 02 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-1
- Update to 1.4.23 (CVE-2013-1912, #947697)
- Drop supplementary groups after setuid/setgid (#894626)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Oct 12 2012 Robin Lee <cheeselee@fedoraproject.org> - 1.4.22-1
- Update to 1.4.22 (CVE-2012-2942, #824544)
- Use linux2628 build target
- No separate x86_64 build target for halog
- halog build honors rpmbuild optflags
- Specfile cleanup
* Mon Sep 17 2012 Václav Pavlín <vpavlin@redhat.com> - 1.4.20-3
- Scriptlets replaced with new systemd macros (#850143)
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Apr 03 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.20-1
- Update to 1.4.20
* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-4
- fix haproxy.services file
* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-3
- Update to use systemd fixing bug #770305
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.4.19-2
- Rebuild against PCRE 8.30
* Sun Jan 29 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-1
- Update to 1.4.19
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Sep 22 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.18-1
- Update to 1.4.18
* Tue Apr 26 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.15-1
- Update to 1.4.15
* Sun Feb 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.11-1
- update to 1.4.11
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.9-1
- update to 1.4.9
* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.8-1
- update to 1.4.8
* Sun May 30 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.6-1
- update to 1.4.6
* Thu Feb 18 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.23-1
- update to 1.3.23
* Sat Oct 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.22-1
- update to 1.3.22
- added logrotate configuration
* Mon Oct 12 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.21-1
- update to 1.3.21
* Sun Oct 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.20-1
- update to 1.3.20
* Sun Aug 02 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.19-1
- update to 1.3.19
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sun May 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.18-1
- update to 1.3.18
* Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.17-1
- Update to 1.3.17
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.15.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.7-1
- update to 1.3.15.7
- remove upstream patches, they are now part of source distribution
* Sat Nov 22 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-2
- apply upstream patches
* Sat Nov 15 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-1
- update to 1.3.15.6
- use new build targets from upstream
- add in recommended build options for x86 from upstream
* Sat Jun 28 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.6-1
- update to 1.3.14.6
- remove gcc 4.3 patch, it has been applied upstream
- remove MIT license as that code has been removed from upstream
* Mon Apr 14 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.4-1
- update to 1.3.14.4
* Sun Mar 16 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.3-1
- update to 1.3.14.3
* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-4
- apply the gcc 4.3 patch to the build process
* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-3
- fix gcc 4.3 bug [#434144]
- update init script to properly reload configuration
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.3.14.2-2
- Autorebuild for GCC 4.3
* Sun Jan 20 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-1
- update to 1.3.14.2
- update make flags that changed with this upstream release
- added man page installation
* Sun Dec 16 2007 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14-1
- update to 1.3.14
* Mon Nov 05 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.4-1
- update to 1.3.12.4
* Thu Nov 01 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.3-1
- update to 1.3.12.3
* Fri Sep 21 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-3
- fix init script 'reload' task
* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-2
- update License field
* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-1
- update to 1.3.12.2
- remove the upstream patch
* Tue Sep 18 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.1-1
- switch to 1.3.12.1 branch
- add patch from upstream with O'Reilly licensing updates.
- convert ISO-8859-1 doc files to UTF-8
* Sat Mar 24 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-2
- addition of haproxy user
- add license information
* Fri Mar 23 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-1
- initial packaging

94
fedora/SPECS/libmodsecurity.spec Normal file
View File

@@ -0,0 +1,94 @@
Name: libmodsecurity
Version: 3.0.2
Release: 1%{?dist}
Summary: A library that loads/interprets rules written in the ModSecurity SecRules
License: ASL 2.0
URL: https://www.modsecurity.org/
Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz
BuildRequires: gcc-c++
BuildRequires: make
BuildRequires: flex
BuildRequires: bison
BuildRequires: git-core
BuildRequires: ssdeep-devel
BuildRequires: yajl-devel
BuildRequires: libcurl-devel
BuildRequires: lmdb-devel
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(yajl)
BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(geoip)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(lmdb)
# libinjection is supposed to be bundled (same as with mod_security 2.x)
# See: https://github.com/client9/libinjection#embedding
Provides: bundled(libinjection) = 3.9.2
%description
Libmodsecurity is one component of the ModSecurity v3 project.
The library codebase serves as an interface to ModSecurity Connectors
taking in web traffic and applying traditional ModSecurity processing.
In general, it provides the capability to load/interpret rules written
in the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package static
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description static
The %{name}-static package contains static libraries for developing
applications that use %{name}.
%prep
%autosetup -n modsecurity-v%{version}
%build
%configure --libdir=%{_libdir}
%make_build
%install
%make_install
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%doc README.md AUTHORS
%{_libdir}/*.so.*
%{_bindir}/*
%license LICENSE
%files devel
%doc README.md AUTHORS
%{_includedir}/*
%{_libdir}/*.so
%license LICENSE
%files static
%{_libdir}/*.a
%{_libdir}/*.la
%clean
[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/*
[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/*
%changelog
* Sun Apr 15 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 3.0.2-1
- Initial build for Fedora 27

516
fedora/SPECS/nginx.spec Normal file
View File

@@ -0,0 +1,516 @@
%global _hardened_build 1
%global nginx_user nginx
%global with_ldap_module 1
%global with_modsecurity_module 1
%global modsecver 3.0.2
# gperftools exist only on selected arches
%ifnarch s390 s390x
%global with_gperftools 1
%endif
%global with_aio 1
%if 0%{?fedora} > 22
%global with_mailcap_mimetypes 1
%endif
Name: nginx
Epoch: 1
Version: 1.13.12
Release: 3%{?dist}
Summary: A high performance web server and reverse proxy server
Group: System Environment/Daemons
# BSD License (two clause)
# http://www.freebsd.org/copyright/freebsd-license.html
License: BSD
URL: http://nginx.org/
Source0: https://nginx.org/download/nginx-%{version}.tar.gz
Source1: ngx_http_auth_ldap_module.tar.gz
Source2: modsecurity-nginx-%{modsecver}.tar.gz
Source3: modsecurity.conf
Source4: main.conf
Source10: nginx.service
Source11: nginx.logrotate
Source12: nginx.conf
Source13: nginx-upgrade
Source14: nginx-upgrade.8
Source100: index.html
Source101: poweredby.png
Source102: nginx-logo.png
Source103: 404.html
Source104: 50x.html
Source200: README.dynamic
Source210: UPGRADE-NOTES-1.6-to-1.10
# removes -Werror in upstream build scripts. -Werror conflicts with
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
Patch0: nginx-auto-cc-gcc.patch
%if 0%{?with_gperftools}
BuildRequires: gperftools-devel
%endif
BuildRequires: openssl-devel
BuildRequires: pcre-devel
BuildRequires: zlib-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release}
%if 0%{?rhel} || 0%{?fedora} < 24
# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
%endif
Requires: openssl
Requires: pcre
Requires(pre): nginx-filesystem
%if 0%{?with_mailcap_mimetypes}
Requires: nginx-mimetypes
%endif
Provides: webserver
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
%package all-modules
Group: System Environment/Daemons
Summary: A meta package that installs all available Nginx modules
BuildArch: noarch
Requires: nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
Requires: nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
Requires: nginx-mod-http-perl = %{epoch}:%{version}-%{release}
Requires: nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
Requires: nginx-mod-mail = %{epoch}:%{version}-%{release}
Requires: nginx-mod-stream = %{epoch}:%{version}-%{release}
%description all-modules
%{summary}.
%if 0%{?rhel}
The main nginx package depends on this to ease the upgrade path. After a grace
period of several months, modules will become optional.
%endif
%if 0%{?fedora} && 0%{?fedora} < 24
The main nginx package depends on this to ease the upgrade path. Starting from
Fedora 24, modules are optional.
%endif
%package filesystem
Group: System Environment/Daemons
Summary: The basic directory layout for the Nginx server
BuildArch: noarch
Requires(pre): shadow-utils
%description filesystem
The nginx-filesystem package contains the basic directory layout
for the Nginx server including the correct permissions for the
directories.
%package mod-http-geoip
Group: System Environment/Daemons
Summary: Nginx HTTP geoip module
BuildRequires: GeoIP-devel
Requires: nginx
Requires: GeoIP
%description mod-http-geoip
%{summary}.
%package mod-http-image-filter
Group: System Environment/Daemons
Summary: Nginx HTTP image filter module
BuildRequires: gd-devel
Requires: nginx
Requires: gd
%description mod-http-image-filter
%{summary}.
%package mod-http-perl
Group: System Environment/Daemons
Summary: Nginx HTTP perl module
BuildRequires: perl-devel
%if 0%{?fedora} >= 24
BuildRequires: perl-generators
%endif
BuildRequires: perl(ExtUtils::Embed)
Requires: nginx
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
%description mod-http-perl
%{summary}.
%package mod-http-xslt-filter
Group: System Environment/Daemons
Summary: Nginx XSLT modul
BuildRequires: libxslt-devel
Requires: nginx
%description mod-http-xslt-filter
%{summary}.
%package mod-mail
Group: System Environment/Daemons
Summary: Nginx mail module
Requires: nginx
%description mod-mail
%{summary}.
%package mod-stream
Group: System Environment/Daemons
Summary: Nginx stream module
Requires: nginx
%description mod-stream
%{summary}.
%if 0%{?with_ldap_module}
%package mod-auth-ldap
Group: System Environment/Daemons
Summary: Nginx ldap auth module
Requires: nginx
BuildRequires: openldap-devel
%description mod-auth-ldap
LDAP auth module for nginx
%endif
%if 0%{?with_modsecurity_module}
%package mod-security
Group: System Environment/Daemons
Summary: Nginx modsecurity module
Requires: nginx libmodsecurity
BuildRequires: libmodsecurity-devel
%description mod-security
Modsecurity module for nginx
%endif
%prep
%if 0%{?with_ldap_module}
%setup -q -b 1 -n ngx_http_auth_ldap_module
%setup -q -b 2 -n modsecurity-nginx-%{modsecver}
%endif
%setup -q
%patch0 -p0
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
%if 0%{?rhel} > 0 && 0%{?rhel} < 8
sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
%endif
%build
# nginx does not utilize a standard configure script. It has its own
# and the standard configure options cause the nginx configure script
# to error out. This is is also the reason for the DESTDIR environment
# variable.
export DESTDIR=%{buildroot}
./configure \
--prefix=%{_datadir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--modules-path=%{_libdir}/nginx/modules \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
--http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
--http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
--http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
--http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--user=%{nginx_user} \
--group=%{nginx_user} \
%if 0%{?with_aio}
--with-file-aio \
%endif
--with-ipv6 \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-http_auth_request_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-pcre \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream_ssl_module \
%if 0%{?with_gperftools}
--with-google_perftools_module \
%endif
%if 0%{?with_ldap_module}
--add-dynamic-module=%{_builddir}/ngx_http_auth_ldap_module \
%endif
%if 0%{?with_modsecurity_module}
--add-dynamic-module=%{_builddir}/modsecurity-nginx-%{modsecver} \
--with-compat \
%endif
--with-debug \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
--with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
find %{buildroot} -type f -empty -exec rm -f '{}' \;
find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
install -p -D -m 0644 ./nginx.service \
%{buildroot}%{_unitdir}/nginx.service
install -p -D -m 0644 %{SOURCE11} \
%{buildroot}%{_sysconfdir}/logrotate.d/nginx
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
%if 0%{?with_ldap_module}
install -m 0755 ./objs/ngx_http_auth_ldap_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so
install -p -D -m 0644 %{_builddir}/ngx_http_auth_ldap_module/example.conf %{buildroot}%{_defaultdocdir}/%{name}/auth_ldap_example.conf
%endif
%if 0%{?with_modsecurity_module}
install -m 0755 ./objs/ngx_http_modsecurity_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/modsecurity.conf
install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/main.conf
for f in CHANGES AUTHORS README.md LICENSE; do
install -p -D -m 0644 %{_builddir}/modsecurity-nginx-%{modsecver}/$f %{buildroot}%{_defaultdocdir}/%{name}-mod-security/$f
done
%endif
install -p -m 0644 ./nginx.conf \
%{buildroot}%{_sysconfdir}/nginx
install -p -m 0644 %{SOURCE100} \
%{buildroot}%{_datadir}/nginx/html
install -p -m 0644 %{SOURCE101} %{SOURCE102} \
%{buildroot}%{_datadir}/nginx/html
install -p -m 0644 %{SOURCE103} %{SOURCE104} \
%{buildroot}%{_datadir}/nginx/html
%if 0%{?with_mailcap_mimetypes}
rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
%endif
install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
%{buildroot}%{_mandir}/man8/nginx.8
install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
for i in ftdetect indent syntax; do
install -p -D -m644 contrib/vim/${i}/nginx.vim \
%{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
done
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
%if 0%{?with_ldap_module}
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
%endif
%if 0%{?with_modsecurity_module}
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http_modsecurity.conf
%endif
%pre filesystem
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
getent passwd %{nginx_user} > /dev/null || \
useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
-s /sbin/nologin -c "Nginx web server" %{nginx_user}
exit 0
%post
%systemd_post nginx.service
%post mod-http-geoip
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-image-filter
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-perl
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-xslt-filter
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-mail
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-stream
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%preun
%systemd_preun nginx.service
%postun
%systemd_postun nginx.service
if [ $1 -ge 1 ]; then
/usr/bin/nginx-upgrade >/dev/null 2>&1 || :
fi
%files
%license LICENSE
%doc CHANGES README README.dynamic
%if 0%{?rhel} == 7
%doc UPGRADE-NOTES-1.6-to-1.10
%endif
%{_datadir}/nginx/html/*
%{_bindir}/nginx-upgrade
%{_sbindir}/nginx
%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
%{_datadir}/vim/vimfiles/syntax/nginx.vim
%{_datadir}/vim/vimfiles/indent/nginx.vim
%{_mandir}/man3/nginx.3pm*
%{_mandir}/man8/nginx.8*
%{_mandir}/man8/nginx-upgrade.8*
%{_unitdir}/nginx.service
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/koi-utf
%config(noreplace) %{_sysconfdir}/nginx/koi-win
%if ! 0%{?with_mailcap_mimetypes}
%config(noreplace) %{_sysconfdir}/nginx/mime.types
%endif
%config(noreplace) %{_sysconfdir}/nginx/mime.types.default
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
%config(noreplace) %{_sysconfdir}/nginx/scgi_params
%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/win-utf
%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
%dir %{_libdir}/nginx/modules
%files all-modules
%files filesystem
%dir %{_datadir}/nginx
%dir %{_datadir}/nginx/html
%dir %{_sysconfdir}/nginx
%dir %{_sysconfdir}/nginx/conf.d
%dir %{_sysconfdir}/nginx/default.d
%files mod-http-geoip
%{_datadir}/nginx/modules/mod-http-geoip.conf
%{_libdir}/nginx/modules/ngx_http_geoip_module.so
%files mod-http-image-filter
%{_datadir}/nginx/modules/mod-http-image-filter.conf
%{_libdir}/nginx/modules/ngx_http_image_filter_module.so
%files mod-http-perl
%{_datadir}/nginx/modules/mod-http-perl.conf
%{_libdir}/nginx/modules/ngx_http_perl_module.so
%dir %{perl_vendorarch}/auto/nginx
%{perl_vendorarch}/nginx.pm
%{perl_vendorarch}/auto/nginx/nginx.so
%files mod-http-xslt-filter
%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
%files mod-mail
%{_datadir}/nginx/modules/mod-mail.conf
%{_libdir}/nginx/modules/ngx_mail_module.so
%files mod-stream
%{_datadir}/nginx/modules/mod-stream.conf
%{_libdir}/nginx/modules/ngx_stream_module.so
%if 0%{?with_ldap_module}
%files mod-auth-ldap
%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so
%{_defaultdocdir}/%{name}/auth_ldap_example.conf
%endif
%if 0%{?with_modsecurity_module}
%files mod-security
%{_defaultdocdir}/%{name}-mod-security/*
%config(noreplace) %{_sysconfdir}/nginx/modsec/modsecurity.conf
%config(noreplace) %{_sysconfdir}/nginx/modsec/main.conf
%{_datadir}/nginx/modules/mod-http_modsecurity.conf
%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
%endif
%clean
[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/*
[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/*
%changelog
* Sun Apr 15 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-3
- Modsecurity module added as a shared module.
* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
- Auth-ldap module added for basic auth over LDAP as a shared module.

2
fedora/SPECS/percona-monitoring-plugins.spec
View File

@@ -18,7 +18,7 @@ BuildRequires: perl-Digest-MD5
%else %else
BuildRequires: perl-MD5 BuildRequires: perl-MD5
%endif %endif
BuildRequires: perl-Time-HiRes
%description %description
Summary: Percona Monitoring Plugins are high-quality components to add enterprise-class MySQL monitoring and graphing capabilities to your existing on-premise monitoring solutions. Summary: Percona Monitoring Plugins are high-quality components to add enterprise-class MySQL monitoring and graphing capabilities to your existing on-premise monitoring solutions.