pool/cfengine
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
cfengine/cfengine.spec
Klaus Kämpf f419a7545e Accepting request 1065676 from home:kwk:branches:systemsmanagement 
- Update to version 3.21.0:
  * Added cf-support utility for generating support information
    (ENT-9037)
  * Adjusted cf-check and package module code for empty updates list
    (ENT-9050)
  * '$(this.promiser)' can now be used in 'files' promise attributes
    'if', 'ifvarclass' and 'unless' (CFE-2262, ENT-7008)
  * Fixed storage promise for nfs on MacOS (CFE-4093)
  * Fixed definition of _low_ldt class from cf-monitord (CFE-4022)
  * Insertion of contents of a file with blank lines into another
    file with blank lines no longer results in mixed content (ENT-8788)
  * Added suggestion to use a negative lookahead when non-convergent edits 
    are attempted (CFE-192)
  * Unresolved function calls that return scalar values are now
    considered OK for constraints expecting strings during syntax
    check (CFE-4094)
  * cf-monitord now honors monitorfacility in body monitor control
    (ENT-4492)
  * cf-serverd now periodically reloads its policy if it contains
    unresolved variables (e.g. $(sys.policy_hub) in 'allowconnect'). (ENT-8456)
  * cf-serverd now starts in the network-online.target on systemd-based
    systems (ENT-8456)
  * edit_line bundles can now use the new $(edit.empty_before_use)
    variable mirroring the value of edit_defaults=>empty_before_use
    of the related files promise (ENT-5866)
  * Package modules with unresolved variables in their names are
    now skipped in package queries (ENT-9377)
  * Removed unsupported name_connect capability for udp_socket class
    (ENT-8824)
  * 'meta' attribute can now be used in custom promises (CFE-3440)
  * Custom promise modules can now support the 'action_policy'
    feature allowing promises of their custom types to be used
    in dry-run and simulation modes and in combination with
    'action_policy => "warn"'. (CFE-3433)
  * Use of custom promise modules that don't fully specify protocol
    now results in warning (CFE-3433)
  * Warnings are logged if levels of log messages from custom promise
    modules don't match results of their related promises (CFE-3433)
  * Adjusted SELinux policy for RHEL 9 (ENT-8824)
  * Fixed SELinux policy to allow hub to send emails (ENT-9557, ENT-9473)
  * SELinux no longer breaks SQL queries with large result sets on
    RHEL 8 hubs (ENT-9496)
  * Added SELinux LDAP port access for Mission Portal (ENT-9694)
  * Allowed ciphers are now properly split into TLS 1.3 cipher suites
    and ciphers used for TLS 1.2 and older (ENT-9018)
  * Fixed git_cfbs_deploy_refspec in masterfiles_stage leaving temp dir
- Update to version 3.20.0:
  * 'rxdirs' now defaults to "false". This means that the read
    permission bit no longer implies execute bit for directories,
    by default.
    Permission bits will be exactly as specified. To restore the
    old behavior you can still enable 'rxdirs' explicitly. (CFE-951)
  * 'N' or 'Ns' signal specs can now be used to sleep  between signals
    sent by 'processes' promises (CFE-2207, ENT-5899)
  * Directories named .no-distrib are no longer copied from policy
    server (in bootstrap/failsafe) (ENT-8079)
  * Files promises using content attribute or template method now
    create files by default unless create => "false" is specified.
    (CFE-3955, CFE-3916)
  * template_method mustache and inline_mustache now create file
    in promiser, if template rendering was successfull and file
    does not exist. (ENT-4792)
  * Added support for use of custom bodies in custom promise types
    (CFE-3574)
  * Custom promise modules now never get promise data with unresolved
    variables (CFE-3434)
  * Custom promises now use standard promise locking and support
    ifelapsed (CFE-3434)
  * Enable comment-attribute for custom promise types (CFE-3432)
  * cf-secret encrypt now encrypts for localhost if no key or host is
    specified (CFE-3874)
  * CFEngine now builds with OpenSSL 3 (ENT-8355)
  * CFEngine now requires OpenSSL 1.0.0 or newer (ENT-8355)
  * Moved Skipping loading of duplicate policy file messages from
    VERBOSE to DEBUG (CFE-3934)
  * CFEngine processes now try to use getent if the builtin user/group
    info lookup fails (CFE-3937)
  * No longer possible to undefine reserved hard classes (ENT-7718)
  * Unspecified 'rxdirs' now produces a warning (CFE-951)
  * Fixed wrong use of log level in users promises log messages
    (CFE-3906)
  * Fixed default for ignore_missing_bundles and ignore_missing_inputs
    The issue here was that these attributes should default to false,
    but when they are assigned with an unresolved variable, they
    would default to true. (ENT-8430)
  * Added protocol 3 (cookie) to syntax description (ENT-8560)
  * Moved errors from data_sysctlvalues from inform to verbose
    (CFE-3818)
  * Fixed inconsistencies with methods promises and missing bundles

OBS-URL: https://build.opensuse.org/request/show/1065676
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=197
2023-02-14 08:20:18 +00:00

317 lines
8.8 KiB
RPMSpec
Raw Permalink Blame History

#
# spec file for package cfengine
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libname libpromises
%define libsoname %{libname}3
# Yes, its not FHS conformant but in sync with cfengine documentation
%define basedir %{_localstatedir}/%{name}
%define workdir %{basedir}
# This is the place where workdir should be
#%%define basedir %%{_localstatedir}/lib/%%{name}
#%%define workdir %%{basedir}/work
%if 0%{?suse_version} < 1500
# assume SuSEfirewall2
%define with_sfw2 1
%else
# assume firewalld
%define with_sfw2 0
%endif
# Version of libntech needed (see git repo of core)
%define libntech_hash 522ec6b3240a332884d0f67059268edd8cf30cba
# pass --with-bla to enable the build
%bcond_with mysql
%bcond_with postgresql
%bcond_with libvirt
Name: cfengine
Version: 3.21.0
Release: 0
Summary: Configuration management framework
License: GPL-3.0-only
Group: Productivity/Networking/System
URL: https://cfengine.com/
Source0: https://github.com/cfengine/core/archive/refs/tags/%{version}.tar.gz#/core-%{version}.tar.gz
Source1: https://github.com/cfengine/libntech/archive/%{libntech_hash}.tar.gz#/libntech-%{libntech_hash}.tar.gz
Source11: %{name}.SuSEfirewall2
Source12: cf-execd.service
Source13: cf-monitord.service
Source14: cf-serverd.service
Source15: cf-monitord
Source16: cf-execd
Source17: cf-serverd
Source20: %{name}.cron
Source21: %{name}-rpmlintrc
Patch0: harden_cf-apache.service.patch
Patch1: harden_cf-execd.service.patch
Patch2: harden_cf-hub.service.patch
Patch3: harden_cf-monitord.service.patch
Patch4: harden_cf-postgres.service.patch
Patch5: harden_cf-runalerts.service.patch
Patch6: harden_cf-serverd.service.patch
Patch7: harden_cfengine3.service.patch
BuildRequires: bison
BuildRequires: db-devel
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libacl-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
BuildRequires: lmdb-devel >= 0.9.17
BuildRequires: openssl-devel >= 1.0.2e
BuildRequires: pam-devel
BuildRequires: pcre-devel >= 8.38
BuildRequires: pkgconfig
# for flock
BuildRequires: util-linux
# for llzma
BuildRequires: xz-devel
BuildRequires: pkgconfig(systemd)
Requires: %{libsoname} = %{version}
Recommends: %{name}-documentation
%{?systemd_requires}
%if !%{with_sfw2}
BuildRequires: firewall-macros
%endif
%if %{with mysql}
BuildRequires: mysql-devel
%endif
%if %{with libvirt}
BuildRequires: libvirt-devel
%endif
%if %{with postgresql}
BuildRequires: postgresql-devel
%endif
%if 0%{?fedora_version} == 20
BuildRequires: perl-Exporter
%endif
%description
CFEngine is the core of a configuration management system. It
combines modeling and monitoring to move a system into compliance
with a user-defined model (the Desired State). A domain-specific
language is used for setting this up.
%package -n %{libsoname}
Summary: Shared library of cfengine
Group: System/Libraries
Provides: %{libname}1 = %{version}
Obsoletes: %{libname}1 < %{version}
%description -n %{libsoname}
This package contains the shared libpromises (cfengine) library.
%package -n %{libname}-devel
Summary: Development package for libpromises
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Provides: %{name}-devel = %{version}
Obsoletes: %{name}-devel < %{version}
%description -n %{libname}-devel
A character set detection library.
This package contains the files needed to compile programs that use the
libpromises library.
%package examples
Summary: CFEngine example promises
Group: Documentation/Other
BuildArch: noarch
%description examples
Lots of example promises for CFEngine.
%prep
%setup -q -n core-%{version} -a 1
[ -d libntech ] && rmdir -v libntech
ln -s libntech-%{libntech_hash} libntech
##### rpmlint
#### wrong-file-end-of-line-encoding
find ./examples -type f -name "*.cf" -exec perl -p -i -e 's|\r\n|\n|' {} \;
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
EXPLICIT_VERSION=%{version} autoreconf -fvi -I m4
CC=cc CFLAGS="%{optflags} -fno-strict-aliasing" \
%configure \
--disable-static \
--disable-silent-rules \
--enable-fhs \
--datadir=%{_localstatedir} \
--with-workdir=%{workdir} \
%if %{with postgresql}
--with-postgresql \
%endif
%if %{with mysql}
--with-mysql \
%endif
--without-qdbm \
--without-tokyocabinet \
--with-lmdb \
--with-pthreads \
--with-openssl \
--with-pcre \
%if %{with libvirt}
--with-libvirt \
%endif
--without-libacl \
--with-libxml2 \
%if 0%{?rhel_version} > 0 && 0%{?rhel_version} < 700
--docdir=%{_docdir}/%{name}-%{version} \
%else
--docdir=%{_docdir}/%{name} \
%endif
--with-pam
%make_build
%check
# FAIL: process_test
%make_build check || :
%install
chmod -x ChangeLog
%make_install
# will appear in cfengine-examples
rm -rf %{buildroot}/%{_docdir}/%{name}/examples
install -d %{buildroot}/{%{_bindir},%{_sbindir},%{workdir}/{bin,inputs,reports}}
# create dirs needed for better organizing dirs and files
install -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins}
# systemd: install sample cron file in docdir
cp %{SOURCE20} %{buildroot}/%{_docdir}/%{name}
# install systemd scripts
install -d %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE12} %{SOURCE13} %{SOURCE14} %{buildroot}/%{_unitdir}
ln -s -f service %{buildroot}/%{_sbindir}/rccf-monitord
ln -s -f service %{buildroot}/%{_sbindir}/rccf-execd
ln -s -f service %{buildroot}/%{_sbindir}/rccf-serverd
# create symlinks for bin_PROGRAMS
# because: cf-promises needs to be installed in /var/cfengine/work/bin for pre-validation of full configuration
for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd cf-upgrade; do
ln -s -f %{_bindir}/${i} %{buildroot}%{workdir}/bin/${i}
done
rm -rf %{buildroot}/%{_libdir}/%{name}/libpromises.la
# will appear in %%docdir
rm -rf %{buildroot}/%{_datadir}/%{name}/ChangeLog
rm -rf %{buildroot}/%{_datadir}/%{name}/README
# create man pages, see https://cfengine.com/dev/issues/2989
install -d %{buildroot}/%{_mandir}/man8
for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd
do
LD_LIBRARY_PATH=%{buildroot}%{_libdir}/%{name} %{buildroot}%{_bindir}/$i -M > %{buildroot}%{_mandir}/man8/$i.8
gzip -n9 %{buildroot}%{_mandir}/man8/$i.8
done
# Firewall
%if %{with_sfw2}
install -D -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine
%endif
# Ckeabyo dyoes
%fdupes %{buildroot}%{_datadir}/cfengine
%define cf_services cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cf-reactor.service cfengine3.service
%pre
%service_add_pre %{cf_services}
%post
%service_add_post %{cf_services}
if [ $1 -lt 2 ]; then
# first install, generate key pair
cf-key
fi
%if !%{with_sfw2}
%firewalld_reload
%endif
%preun
%service_del_preun %{cf_services}
%postun
%service_del_postun %{cf_services}
if [ $1 -eq 0 ]; then
# clean up inputs cache dir on removal
rm -rf %{basedir}/inputs/*
fi
%if !%{with_sfw2}
%firewalld_reload
%endif
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%files
%license LICENSE
%doc ChangeLog README.md
%{_bindir}/cf-agent
%{_bindir}/cf-check
%{_bindir}/cf-execd
%{_bindir}/cf-key
%{_bindir}/cf-net
%{_bindir}/cf-monitord
%{_bindir}/cf-promises
%{_bindir}/cf-secret
%{_bindir}/cf-serverd
%{_bindir}/cf-support
%{_bindir}/cf-upgrade
%{_bindir}/cf-runagent
%{_bindir}/rpmvercmp
%{_sbindir}/rccf-execd
%{_sbindir}/rccf-monitord
%{_sbindir}/rccf-serverd
%{_unitdir}/*.service
%if %{with_sfw2}
%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d
%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine
%endif
%{_mandir}/man8/*
%dir %{basedir}
%dir %{workdir}
%{workdir}/*
%{_docdir}/%{name}/cfengine.cron
%files -n %{libsoname}
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/%{libname}.so.*
%files -n %{libname}-devel
%{_libdir}/%{name}/%{libname}.so
%files examples
%doc examples/*cf
%changelog
Reference in New Issue View Git Blame Copy Permalink