coturn/coturn.spec

#
# spec file for package coturn
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

# ship a static libraries that are made of an archive
%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects

Name:           coturn
Version:        4.5.1.1
Release:        0
Summary:        TURN and STUN server for VoIP
License:        BSD-3-Clause
Group:          Productivity/Networking/Talk/Servers
URL:            https://github.com/coturn/coturn/
Source0:        https://github.com/coturn/coturn/archive/%{version}/%{name}-%{version}.tar.gz
Source1:        %{name}.service
Source2:        %{name}.tmpfilesd
Source3:        %{name}.logrotate
Source4:        %{name}-user.conf
Source5:        %{name}.sysconfig
Source6:        %{name}.firewalld
Source7:        README.SUSE
# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them
Patch0:         coturn-4.5.1.0-append-log.patch
# PATCH-FIX-UPSTREAM  coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061
Patch1:         coturn-4.5.1.1-cve-2020-6061.patch
# PATCH-FIX-UPSTREAM  coturn-4.5.1.1-cve-2020-6062.patch CVE-2020-6062
Patch2:         coturn-4.5.1.1-cve-2020-6062.patch
# PATCH-FIX-UPSTREAM   coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch fix rpmlint error
Patch3:         coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch
BuildRequires:  fdupes
BuildRequires:  firewall-macros
BuildRequires:  libevent-devel >= 2.0.0
BuildRequires:  libmysqld-devel
BuildRequires:  p11-kit
BuildRequires:  pkgconfig
BuildRequires:  systemd
BuildRequires:  sysuser-tools
BuildRequires:  pkgconfig(hiredis)
BuildRequires:  pkgconfig(libpq)
BuildRequires:  pkgconfig(libssl) >= 1.0.2
BuildRequires:  pkgconfig(sqlite3)
Requires(pre):  %fillup_prereq
Requires(pre):  shadow
Recommends:     logrotate
%sysusers_requires

%description
STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays
around NAT) are protocols that can be used to provide NAT traversal for VoIP
and WebRTC.

It can be used as a general-purpose network traffic TURN server and gateway,
too. On-line management interface (over telnet or over HTTPS) for the TURN
server is available.
This implementation also includes some extra features. Supported RFCs:

TURN specs:
- RFC 5766 - base TURN specs
- RFC 6062 - TCP relaying TURN extension
- RFC 6156 - IPv6 extension for TURN
- Experimental DTLS support as client protocol.

STUN specs:
- RFC 3489 - "classic" STUN
- RFC 5389 - base "new" STUN specs
- RFC 5769 - test vectors for STUN protocol testing
- RFC 5780 - NAT behavior discovery support

The implementation fully supports the following client-to-TURN-server protocols:
- UDP (per RFC 5766)
- TCP (per RFC 5766 and RFC 6062)
- TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2
- DTLS (experimental non-standard feature)

Supported relay protocols:
- UDP (per RFC 5766)
- TCP (per RFC 6062)

Supported user databases (for user repository, with passwords or keys, if
authentication is required):
- SQLite
- MySQL
- PostgreSQL
- Redis

Redis can also be used for status and statistics storage and notification.
Supported TURN authentication mechanisms:
- long-term
- TURN REST API (a modification of the long-term mechanism, for time-limited
  secret-based authentication, for WebRTC applications)

The load balancing can be implemented with the following tools (either one or a
combination of them):
- network load-balancer server
- DNS-based load balancing
- built-in ALTERNATE-SERVER mechanism.

%package        utils
Summary:        Coturn utils

%description    utils
This package contains the TURN client utils.

%package        devel
Summary:        Coturn development headers
Group:          Development/Libraries/C and C++
Requires:       %{name} = %{version}

%description    devel
This package contains the TURN development headers.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1

%build
%sysusers_generate_pre %{SOURCE4} %{name}

%configure \
	--confdir=%{_sysconfdir}/%{name} \
	--examplesdir=%{_docdir}/%{name} \
	--schemadir=%{_datadir}/%{name} \
	--manprefix=%{_datadir} \
	--docdir=%{_docdir}/%{name} \
	--turndbdir=%{_localstatedir}/lib/%{name} \
	--disable-rpath
%make_build

%check
%make_build test

%install
%make_install
mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}}
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/
install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -Dpm 0644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/

sed -i \
    -e "s|^syslog$|#syslog|g" \
    -e "s|^#*log-file=.*|log-file=%{_localstatedir}/log/coturn/turnserver.log|g" \
    -e "s|^#*simple-log|simple-log|g" \
    -e "s|^#*cert=.*|#cert=%{_sysconfdir}/pki/coturn/public/turn_server_cert.pem|g" \
    -e "s|^#*pkey=.*|#pkey=%{_sysconfdir}/pki/coturn/private/turn_server_pkey.pem|g" \
    %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default
touch -c -r examples%{_sysconfdir}/turnserver.conf %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default
mv %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf

# Remove certs and keys
rm %{buildroot}%{_docdir}/%{name}%{_sysconfdir}/*.pem

# fix permissions
find %{buildroot}%{_docdir} -type f -exec chmod 0664 {} \;
chmod 0644 %{buildroot}%{_mandir}/man1/*
chmod 0644 %{buildroot}%{_datadir}/%{name}/*

# compatibility link
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

# manually create and symlink man pages
rm %{buildroot}%{_mandir}/man1/{turnutils_*,coturn.1}
gzip %{buildroot}%{_mandir}/man1/*.1
ln -s turnserver.1.gz %{buildroot}%{_mandir}/man1/coturn.1.gz
for PKG in natdiscovery oauth peer stunclient uclient ; do
ln -s turnutils.1.gz %{buildroot}%{_mandir}/man1/turnutils_$PKG.1.gz
done

%pre -f %{name}.pre
%service_add_pre %{name}.service

%post
%service_add_post %{name}.service
systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf
%{fillup_only -n %{name}}
%firewalld_reload

%preun
%service_del_preun %{name}.service

%postun
%service_del_postun %{name}.service

%files
%license LICENSE
%{_sysusersdir}/%{name}-user.conf
%{_sbindir}/rc%{name}
%{_fillupdir}/sysconfig.coturn
%dir %{_libexecdir}/firewalld
%dir %{_libexecdir}/firewalld/services
%{_libexecdir}/firewalld/services/coturn.xml

%{_bindir}/turnserver
%{_bindir}/turnadmin
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/*.redis
%{_datadir}/%{name}/*.sql
%attr(0750,-,-) %{_datadir}/%{name}/*.sh
%dir %{_docdir}/%{name}
%{_docdir}/%{name}/README.*
%exclude %{_docdir}/%{name}/README.turnutils
%exclude %{_docdir}/%{name}/INSTALL
%exclude %{_docdir}/%{name}/LICENSE
%exclude %{_docdir}/%{name}/postinstall.txt
%dir %{_docdir}/%{name}%{_sysconfdir}
%doc %{_docdir}/%{name}%{_sysconfdir}/*
%dir %{_docdir}/%{name}/scripts
%dir %{_docdir}/%{name}/scripts/*
%{_docdir}/%{name}/scripts/*.sh
%{_docdir}/%{name}/scripts/readme.txt
%doc %{_docdir}/%{name}/scripts/*/*

#Don't package schemas twice
%exclude %doc %{_docdir}/%{name}/schema.*

%{_mandir}/man1/coturn.1%{?ext_man}
%{_mandir}/man1/turnserver.1%{?ext_man}
%{_mandir}/man1/turnadmin.1%{?ext_man}

%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}
%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/%{name}/turnserver.conf
%dir %{_sysconfdir}/pki/%{name}
%dir %{_sysconfdir}/pki/%{name}/public
%dir %attr(0750,root,%{name}) %{_sysconfdir}/pki/%{name}/private
%{_unitdir}/coturn.service
%{_tmpfilesdir}/coturn.conf
%dir %ghost %attr(0750,%{name},%{name}) %{_rundir}/%{name}
%dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name}
%dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}

%files utils
%license LICENSE
%{_bindir}/turnutils_peer
%{_bindir}/turnutils_stunclient
%{_bindir}/turnutils_uclient
%{_bindir}/turnutils_oauth
%{_bindir}/turnutils_natdiscovery
%doc %{_docdir}/%{name}/README.turnutils
%{_mandir}/man1/turnutils.1%{?ext_man}
%{_mandir}/man1/turnutils_*.1%{?ext_man}

%files devel
%defattr(0644,root,root,0755)
%license LICENSE
%{_includedir}/turn
%{_libdir}/libturnclient.a

%changelog
Accepting request 793075 from home:weberho:tools Coturn is a STUN/TURN server which works nicely e.g. nextcloud. I'd like to offer that project in factory and Leap. Please review. If you like the package I'll request the coturn user/group for factory. OBS-URL: https://build.opensuse.org/request/show/793075 OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=1 2020-04-11 15:08:03 +02:00			`#`
			`# spec file for package coturn`
			`#`
			`# Copyright (c) 2020 SUSE LLC`
			`#`
			`# All modifications and additions to the file contributed by third parties`
			`# remain the property of their copyright owners, unless otherwise agreed`
			`# upon. The license for this file, and modifications and additions to the`
			`# file, is the same license as for the pristine package itself (unless the`
			`# license for the pristine package is not an Open Source License, in which`
			`# case the license is the MIT License). An "Open Source License" is a`
			`# license that conforms to the Open Source Definition (Version 1.9)`
			`# published by the Open Source Initiative.`

			`# Please submit bugfixes or comments via https://bugs.opensuse.org/`
			`#`

			`# ship a static libraries that are made of an archive`
			`%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects`

			`Name: coturn`
			`Version: 4.5.1.1`
			`Release: 0`
			`Summary: TURN and STUN server for VoIP`
			`License: BSD-3-Clause`
			`Group: Productivity/Networking/Talk/Servers`
			`URL: https://github.com/coturn/coturn/`
			`Source0: https://github.com/coturn/coturn/archive/%{version}/%{name}-%{version}.tar.gz`
			`Source1: %{name}.service`
			`Source2: %{name}.tmpfilesd`
			`Source3: %{name}.logrotate`
			`Source4: %{name}-user.conf`
			`Source5: %{name}.sysconfig`
			`Source6: %{name}.firewalld`
			`Source7: README.SUSE`
			`# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them`
			`Patch0: coturn-4.5.1.0-append-log.patch`
			`# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061`
			`Patch1: coturn-4.5.1.1-cve-2020-6061.patch`
			`# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6062.patch CVE-2020-6062`
			`Patch2: coturn-4.5.1.1-cve-2020-6062.patch`
			`# PATCH-FIX-UPSTREAM coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch fix rpmlint error`
			`Patch3: coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch`
			`BuildRequires: fdupes`
			`BuildRequires: firewall-macros`
			`BuildRequires: libevent-devel >= 2.0.0`
			`BuildRequires: libmysqld-devel`
			`BuildRequires: p11-kit`
			`BuildRequires: pkgconfig`
			`BuildRequires: systemd`
			`BuildRequires: sysuser-tools`
			`BuildRequires: pkgconfig(hiredis)`
			`BuildRequires: pkgconfig(libpq)`
			`BuildRequires: pkgconfig(libssl) >= 1.0.2`
			`BuildRequires: pkgconfig(sqlite3)`
			`Requires(pre): %fillup_prereq`
			`Requires(pre): shadow`
			`Recommends: logrotate`
			`%sysusers_requires`

			`%description`
			`STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays`
			`around NAT) are protocols that can be used to provide NAT traversal for VoIP`
			`and WebRTC.`

			`It can be used as a general-purpose network traffic TURN server and gateway,`
			`too. On-line management interface (over telnet or over HTTPS) for the TURN`
			`server is available.`
			`This implementation also includes some extra features. Supported RFCs:`

			`TURN specs:`
			`- RFC 5766 - base TURN specs`
			`- RFC 6062 - TCP relaying TURN extension`
			`- RFC 6156 - IPv6 extension for TURN`
			`- Experimental DTLS support as client protocol.`

			`STUN specs:`
			`- RFC 3489 - "classic" STUN`
			`- RFC 5389 - base "new" STUN specs`
			`- RFC 5769 - test vectors for STUN protocol testing`
			`- RFC 5780 - NAT behavior discovery support`

			`The implementation fully supports the following client-to-TURN-server protocols:`
			`- UDP (per RFC 5766)`
			`- TCP (per RFC 5766 and RFC 6062)`
			`- TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2`
			`- DTLS (experimental non-standard feature)`

			`Supported relay protocols:`
			`- UDP (per RFC 5766)`
			`- TCP (per RFC 6062)`

			`Supported user databases (for user repository, with passwords or keys, if`
			`authentication is required):`
			`- SQLite`
			`- MySQL`
			`- PostgreSQL`
			`- Redis`

			`Redis can also be used for status and statistics storage and notification.`
			`Supported TURN authentication mechanisms:`
			`- long-term`
			`- TURN REST API (a modification of the long-term mechanism, for time-limited`
			`secret-based authentication, for WebRTC applications)`

			`The load balancing can be implemented with the following tools (either one or a`
			`combination of them):`
			`- network load-balancer server`
			`- DNS-based load balancing`
			`- built-in ALTERNATE-SERVER mechanism.`

			`%package utils`
			`Summary: Coturn utils`

			`%description utils`
			`This package contains the TURN client utils.`

			`%package devel`
			`Summary: Coturn development headers`
			`Group: Development/Libraries/C and C++`
			`Requires: %{name} = %{version}`

			`%description devel`
			`This package contains the TURN development headers.`

			`%prep`
			`%setup -q`
			`%patch0 -p1`
			`%patch1 -p1`
			`%patch2 -p1`
			`%patch3 -p1`

			`%build`
			`%sysusers_generate_pre %{SOURCE4} %{name}`

			`%configure \`
			`--confdir=%{_sysconfdir}/%{name} \`
			`--examplesdir=%{_docdir}/%{name} \`
			`--schemadir=%{_datadir}/%{name} \`
			`--manprefix=%{_datadir} \`
			`--docdir=%{_docdir}/%{name} \`
			`--turndbdir=%{_localstatedir}/lib/%{name} \`
			`--disable-rpath`
			`%make_build`

			`%check`
			`%make_build test`

			`%install`
			`%make_install`
			`mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}}`
			`install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/`
			`install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf`
			`install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}`
			`install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/`
			`install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name}`
			`install -Dpm 0644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml`
			`install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/`

			`sed -i \`
			`-e "s\|^syslog$\|#syslog\|g" \`
			`-e "s\|^#log-file=.\|log-file=%{_localstatedir}/log/coturn/turnserver.log\|g" \`
			`-e "s\|^#*simple-log\|simple-log\|g" \`
			`-e "s\|^#cert=.\|#cert=%{_sysconfdir}/pki/coturn/public/turn_server_cert.pem\|g" \`
			`-e "s\|^#pkey=.\|#pkey=%{_sysconfdir}/pki/coturn/private/turn_server_pkey.pem\|g" \`
			`%{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default`
			`touch -c -r examples%{_sysconfdir}/turnserver.conf %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default`
			`mv %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf`

			`# Remove certs and keys`
			`rm %{buildroot}%{_docdir}/%{name}%{_sysconfdir}/*.pem`

			`# fix permissions`
			`find %{buildroot}%{_docdir} -type f -exec chmod 0664 {} \;`
			`chmod 0644 %{buildroot}%{_mandir}/man1/*`
			`chmod 0644 %{buildroot}%{_datadir}/%{name}/*`

			`# compatibility link`
			`ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}`

			`# manually create and symlink man pages`
			`rm %{buildroot}%{_mandir}/man1/{turnutils_*,coturn.1}`
			`gzip %{buildroot}%{_mandir}/man1/*.1`
			`ln -s turnserver.1.gz %{buildroot}%{_mandir}/man1/coturn.1.gz`
			`for PKG in natdiscovery oauth peer stunclient uclient ; do`
			`ln -s turnutils.1.gz %{buildroot}%{_mandir}/man1/turnutils_$PKG.1.gz`
			`done`

			`%pre -f %{name}.pre`
			`%service_add_pre %{name}.service`

			`%post`
			`%service_add_post %{name}.service`
			`systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf`
			`%{fillup_only -n %{name}}`
			`%firewalld_reload`

			`%preun`
			`%service_del_preun %{name}.service`

			`%postun`
			`%service_del_postun %{name}.service`

			`%files`
			`%license LICENSE`
			`%{_sysusersdir}/%{name}-user.conf`
			`%{_sbindir}/rc%{name}`
			`%{_fillupdir}/sysconfig.coturn`
			`%dir %{_libexecdir}/firewalld`
			`%dir %{_libexecdir}/firewalld/services`
			`%{_libexecdir}/firewalld/services/coturn.xml`

			`%{_bindir}/turnserver`
			`%{_bindir}/turnadmin`
			`%dir %{_datadir}/%{name}`
			`%{_datadir}/%{name}/*.redis`
			`%{_datadir}/%{name}/*.sql`
			`%attr(0750,-,-) %{_datadir}/%{name}/*.sh`
			`%dir %{_docdir}/%{name}`
			`%{_docdir}/%{name}/README.*`
			`%exclude %{_docdir}/%{name}/README.turnutils`
			`%exclude %{_docdir}/%{name}/INSTALL`
			`%exclude %{_docdir}/%{name}/LICENSE`
			`%exclude %{_docdir}/%{name}/postinstall.txt`
			`%dir %{_docdir}/%{name}%{_sysconfdir}`
			`%doc %{_docdir}/%{name}%{_sysconfdir}/*`
			`%dir %{_docdir}/%{name}/scripts`
			`%dir %{_docdir}/%{name}/scripts/*`
			`%{_docdir}/%{name}/scripts/*.sh`
			`%{_docdir}/%{name}/scripts/readme.txt`
			`%doc %{_docdir}/%{name}/scripts//`

			`#Don't package schemas twice`
			`%exclude %doc %{_docdir}/%{name}/schema.*`

			`%{_mandir}/man1/coturn.1%{?ext_man}`
			`%{_mandir}/man1/turnserver.1%{?ext_man}`
			`%{_mandir}/man1/turnadmin.1%{?ext_man}`

			`%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}`
			`%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/%{name}/turnserver.conf`
			`%dir %{_sysconfdir}/pki/%{name}`
			`%dir %{_sysconfdir}/pki/%{name}/public`
			`%dir %attr(0750,root,%{name}) %{_sysconfdir}/pki/%{name}/private`
			`%{_unitdir}/coturn.service`
			`%{_tmpfilesdir}/coturn.conf`
			`%dir %ghost %attr(0750,%{name},%{name}) %{_rundir}/%{name}`
			`%dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name}`
			`%dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name}`
			`%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}`

			`%files utils`
			`%license LICENSE`
			`%{_bindir}/turnutils_peer`
			`%{_bindir}/turnutils_stunclient`
			`%{_bindir}/turnutils_uclient`
			`%{_bindir}/turnutils_oauth`
			`%{_bindir}/turnutils_natdiscovery`
			`%doc %{_docdir}/%{name}/README.turnutils`
			`%{_mandir}/man1/turnutils.1%{?ext_man}`
			`%{_mandir}/man1/turnutils_*.1%{?ext_man}`

			`%files devel`
			`%defattr(0644,root,root,0755)`
			`%license LICENSE`
			`%{_includedir}/turn`
			`%{_libdir}/libturnclient.a`

			`%changelog`