From f0c86398b7302426b329f885b798fbe966151f6dee416541aa58bd9891b20013 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 11 Apr 2020 13:08:03 +0000 Subject: [PATCH] Accepting request 793075 from home:weberho:tools Coturn is a STUN/TURN server which works nicely e.g. nextcloud. I'd like to offer that project in factory and Leap. Please review. If you like the package I'll request the coturn user/group for factory. OBS-URL: https://build.opensuse.org/request/show/793075 OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=1 --- .gitattributes | 23 ++ .gitignore | 1 + README.SUSE | 8 + coturn-4.5.1.0-append-log.patch | 53 ++++ coturn-4.5.1.1-cve-2020-6061.patch | 22 ++ coturn-4.5.1.1-cve-2020-6062.patch | 85 ++++++ ...sing-call-to-setgroups-before-setuid.patch | 22 ++ coturn-4.5.1.1.tar.gz | 3 + coturn-user.conf | 4 + coturn.changes | 4 + coturn.firewalld | 9 + coturn.logrotate | 12 + coturn.service | 25 ++ coturn.spec | 269 ++++++++++++++++++ coturn.sysconfig | 8 + coturn.tmpfilesd | 1 + 16 files changed, 549 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.SUSE create mode 100644 coturn-4.5.1.0-append-log.patch create mode 100644 coturn-4.5.1.1-cve-2020-6061.patch create mode 100644 coturn-4.5.1.1-cve-2020-6062.patch create mode 100644 coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch create mode 100644 coturn-4.5.1.1.tar.gz create mode 100644 coturn-user.conf create mode 100644 coturn.changes create mode 100644 coturn.firewalld create mode 100644 coturn.logrotate create mode 100644 coturn.service create mode 100644 coturn.spec create mode 100644 coturn.sysconfig create mode 100644 coturn.tmpfilesd diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..3c51d31 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,8 @@ +Configuration files: + * /etc/coturn/turnserver.conf is the mail configuration file + * /etc/sysconfig/coturn can be used to set additional command line parameters + +To allow traffic going thru the firewall use +``` +firewall-cmd --zone=public --add-service=coturn [--permanent] +``` diff --git a/coturn-4.5.1.0-append-log.patch b/coturn-4.5.1.0-append-log.patch new file mode 100644 index 0000000..113cca6 --- /dev/null +++ b/coturn-4.5.1.0-append-log.patch @@ -0,0 +1,53 @@ +https://github.com/coturn/coturn/issues/416 and https://github.com/coturn/coturn/pull/417 + +diff --git a/src/apps/common/ns_turn_utils.c b/src/apps/common/ns_turn_utils.c +index 2c656d7..0792085 100644 +--- a/src/apps/common/ns_turn_utils.c ++++ b/src/apps/common/ns_turn_utils.c +@@ -370,7 +370,7 @@ static void set_rtpfile(void) + no_stdout_log = 1; + } else { + set_log_file_name(log_fn_base,log_fn); +- _rtpfile = fopen(log_fn, "w"); ++ _rtpfile = fopen(log_fn, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", log_fn); + } +@@ -397,32 +397,32 @@ static void set_rtpfile(void) + + set_log_file_name(logbase, logf); + +- _rtpfile = fopen(logf, "w"); ++ _rtpfile = fopen(logf, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf); + else { + snprintf(logbase, FILE_STR_LEN, "/var/log/%s", logtail); + + set_log_file_name(logbase, logf); +- _rtpfile = fopen(logf, "w"); ++ _rtpfile = fopen(logf, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf); + else { + snprintf(logbase, FILE_STR_LEN, "/var/tmp/%s", logtail); + set_log_file_name(logbase, logf); +- _rtpfile = fopen(logf, "w"); ++ _rtpfile = fopen(logf, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf); + else { + snprintf(logbase, FILE_STR_LEN, "/tmp/%s", logtail); + set_log_file_name(logbase, logf); +- _rtpfile = fopen(logf, "w"); ++ _rtpfile = fopen(logf, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf); + else { + snprintf(logbase, FILE_STR_LEN, "%s", logtail); + set_log_file_name(logbase, logf); +- _rtpfile = fopen(logf, "w"); ++ _rtpfile = fopen(logf, "a"); + if(_rtpfile) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf); + else { diff --git a/coturn-4.5.1.1-cve-2020-6061.patch b/coturn-4.5.1.1-cve-2020-6061.patch new file mode 100644 index 0000000..9a6e542 --- /dev/null +++ b/coturn-4.5.1.1-cve-2020-6061.patch @@ -0,0 +1,22 @@ +From 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= +Date: Mon, 17 Feb 2020 10:34:56 +0100 +Subject: [PATCH] Fix: CVE-2020-6061/TALOS-2020-0984 + +--- + src/apps/relay/http_server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c +index 573af49b..1126b49c 100644 +--- a/src/apps/relay/http_server.c ++++ b/src/apps/relay/http_server.c +@@ -103,7 +103,7 @@ const char* get_http_date_header() + + static struct headers_list * post_parse(char *data, size_t data_len) + { +- while((*data=='\r')||(*data=='\n')) ++data; ++ while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } + char *post_data = (char*)calloc(data_len + 1, sizeof(char)); + memcpy(post_data, data, data_len); + char *fmarker = NULL; diff --git a/coturn-4.5.1.1-cve-2020-6062.patch b/coturn-4.5.1.1-cve-2020-6062.patch new file mode 100644 index 0000000..1bb7351 --- /dev/null +++ b/coturn-4.5.1.1-cve-2020-6062.patch @@ -0,0 +1,85 @@ +From e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= +Date: Tue, 18 Feb 2020 12:31:38 +0100 +Subject: [PATCH] Fix: CVE-2020-6062 / TALOS-2020-0985 + +--- + src/apps/relay/http_server.c | 63 ++++++++++++++++++++---------------- + 1 file changed, 36 insertions(+), 27 deletions(-) + +diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c +index 1126b49c..ff8e3992 100644 +--- a/src/apps/relay/http_server.c ++++ b/src/apps/relay/http_server.c +@@ -104,35 +104,44 @@ const char* get_http_date_header() + static struct headers_list * post_parse(char *data, size_t data_len) + { + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } +- char *post_data = (char*)calloc(data_len + 1, sizeof(char)); +- memcpy(post_data, data, data_len); +- char *fmarker = NULL; +- char *fsplit = strtok_r(post_data, "&", &fmarker); +- struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); +- ns_bzero(list,sizeof(struct headers_list)); +- while (fsplit != NULL) { +- char *vmarker = NULL; +- char *key = strtok_r(fsplit, "=", &vmarker); +- char *value = strtok_r(NULL, "=", &vmarker); +- char empty[1]; +- empty[0]=0; +- value = value ? value : empty; +- value = evhttp_decode_uri(value); +- char *p = value; +- while (*p) { +- if (*p == '+') +- *p = ' '; +- p++; ++ if (data_len) { ++ char *post_data = (char*)calloc(data_len + 1, sizeof(char)); ++ if (post_data != NULL) { ++ memcpy(post_data, data, data_len); ++ char *fmarker = NULL; ++ char *fsplit = strtok_r(post_data, "&", &fmarker); ++ struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); ++ bzero(list,sizeof(struct headers_list)); ++ while (fsplit != NULL) { ++ char *vmarker = NULL; ++ char *key = strtok_r(fsplit, "=", &vmarker); ++ if (key == NULL) ++ break; ++ else { ++ char *value = strtok_r(NULL, "=", &vmarker); ++ char empty[1]; ++ empty[0]=0; ++ value = value ? value : empty; ++ value = evhttp_decode_uri(value); ++ char *p = value; ++ while (*p) { ++ if (*p == '+') ++ *p = ' '; ++ p++; ++ } ++ list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); ++ list->keys[list->n] = strdup(key); ++ list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); ++ list->values[list->n] = value; ++ ++(list->n); ++ fsplit = strtok_r(NULL, "&", &fmarker); ++ } ++ } ++ free(post_data); ++ return list; + } +- list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); +- list->keys[list->n] = strdup(key); +- list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); +- list->values[list->n] = value; +- ++(list->n); +- fsplit = strtok_r(NULL, "&", &fmarker); + } +- free(post_data); +- return list; ++ return NULL; + } + + static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) diff --git a/coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch b/coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch new file mode 100644 index 0000000..1c7e457 --- /dev/null +++ b/coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch @@ -0,0 +1,22 @@ +From acbf7e15c9290e0891a6b6b5ce6e81bbaa77ce5a Mon Sep 17 00:00:00 2001 +From: Johannes Weberhofer +Date: Sat, 11 Apr 2020 10:33:55 +0200 +Subject: [PATCH] Drop of supplementary group IDs + +Fix related to POS36-C and rpmlint error "missing-call-to-setgroups-before-setuid". +--- + src/apps/relay/mainrelay.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c +index 6710da6d..5a21cfaa 100644 +--- a/src/apps/relay/mainrelay.c ++++ b/src/apps/relay/mainrelay.c +@@ -2061,6 +2061,7 @@ static void set_network_engine(void) + + static void drop_privileges(void) + { ++ setgroups(0, NULL); + if(procgroupid_set) { + if(getgid() != procgroupid) { + if (setgid(procgroupid) != 0) { diff --git a/coturn-4.5.1.1.tar.gz b/coturn-4.5.1.1.tar.gz new file mode 100644 index 0000000..83febdf --- /dev/null +++ b/coturn-4.5.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8eabe4c241ad9a74655d8516c69b1fa3275e020e7f7fca50a6cb822809e7c220 +size 420069 diff --git a/coturn-user.conf b/coturn-user.conf new file mode 100644 index 0000000..1e7ea2a --- /dev/null +++ b/coturn-user.conf @@ -0,0 +1,4 @@ +# Type Name ID GECOS [HOME] +g coturn - +u coturn - "Coturn TURN Server daemon" /var/lib/coturn +m coturn coturn diff --git a/coturn.changes b/coturn.changes new file mode 100644 index 0000000..a62aa82 --- /dev/null +++ b/coturn.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Thu Apr 9 10:57:37 UTC 2020 - Johannes Weberhofer + +- Initial release of coturn 4.5.1.1 diff --git a/coturn.firewalld b/coturn.firewalld new file mode 100644 index 0000000..46055a8 --- /dev/null +++ b/coturn.firewalld @@ -0,0 +1,9 @@ + + + TURN + TURN and STUN server ports for VoIP + + + + + diff --git a/coturn.logrotate b/coturn.logrotate new file mode 100644 index 0000000..58c05b0 --- /dev/null +++ b/coturn.logrotate @@ -0,0 +1,12 @@ +/var/log/coturn/turnserver.log { + missingok + compress + delaycompress + notifempty + postrotate + /bin/systemctl --quiet is-active coturn.service && /bin/kill -HUP `cat /run/coturn/turnserver.pid` || true + endscript + create 0660 coturn coturn + sharedscripts + su coturn coturn +} diff --git a/coturn.service b/coturn.service new file mode 100644 index 0000000..7ceea63 --- /dev/null +++ b/coturn.service @@ -0,0 +1,25 @@ +[Unit] +Description=STUN and TURN relay server for VoIP and WebRTC +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=syslog.target network.target + +[Service] +User=coturn +Group=coturn +Type=forking +EnvironmentFile=-/etc/sysconfig/turnserver +PIDFile=/run/coturn/turnserver.pid +ExecStart=/usr/bin/turnserver -o -c /etc/coturn/turnserver.conf --pidfile /run/coturn/turnserver.pid $EXTRA_OPTIONS +Restart=on-abort +ExecReload=/bin/kill -HUP $MAINPID + +LimitCORE=infinity +LimitNOFILE=999999 +LimitNPROC=60000 +LimitRTPRIO=infinity +LimitRTTIME=7000000 +CPUSchedulingPolicy=other +UMask=0007 + +[Install] +WantedBy=multi-user.target diff --git a/coturn.spec b/coturn.spec new file mode 100644 index 0000000..59c6eb0 --- /dev/null +++ b/coturn.spec @@ -0,0 +1,269 @@ +# +# spec file for package coturn +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +# ship a static libraries that are made of an archive +%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects + +Name: coturn +Version: 4.5.1.1 +Release: 0 +Summary: TURN and STUN server for VoIP +License: BSD-3-Clause +Group: Productivity/Networking/Talk/Servers +URL: https://github.com/coturn/coturn/ +Source0: https://github.com/coturn/coturn/archive/%{version}/%{name}-%{version}.tar.gz +Source1: %{name}.service +Source2: %{name}.tmpfilesd +Source3: %{name}.logrotate +Source4: %{name}-user.conf +Source5: %{name}.sysconfig +Source6: %{name}.firewalld +Source7: README.SUSE +# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them +Patch0: coturn-4.5.1.0-append-log.patch +# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061 +Patch1: coturn-4.5.1.1-cve-2020-6061.patch +# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6062.patch CVE-2020-6062 +Patch2: coturn-4.5.1.1-cve-2020-6062.patch +# PATCH-FIX-UPSTREAM coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch fix rpmlint error +Patch3: coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch +BuildRequires: fdupes +BuildRequires: firewall-macros +BuildRequires: libevent-devel >= 2.0.0 +BuildRequires: libmysqld-devel +BuildRequires: p11-kit +BuildRequires: pkgconfig +BuildRequires: systemd +BuildRequires: sysuser-tools +BuildRequires: pkgconfig(hiredis) +BuildRequires: pkgconfig(libpq) +BuildRequires: pkgconfig(libssl) >= 1.0.2 +BuildRequires: pkgconfig(sqlite3) +Requires(pre): %fillup_prereq +Requires(pre): shadow +Recommends: logrotate +%sysusers_requires + +%description +STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays +around NAT) are protocols that can be used to provide NAT traversal for VoIP +and WebRTC. + +It can be used as a general-purpose network traffic TURN server and gateway, +too. On-line management interface (over telnet or over HTTPS) for the TURN +server is available. +This implementation also includes some extra features. Supported RFCs: + +TURN specs: +- RFC 5766 - base TURN specs +- RFC 6062 - TCP relaying TURN extension +- RFC 6156 - IPv6 extension for TURN +- Experimental DTLS support as client protocol. + +STUN specs: +- RFC 3489 - "classic" STUN +- RFC 5389 - base "new" STUN specs +- RFC 5769 - test vectors for STUN protocol testing +- RFC 5780 - NAT behavior discovery support + +The implementation fully supports the following client-to-TURN-server protocols: +- UDP (per RFC 5766) +- TCP (per RFC 5766 and RFC 6062) +- TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 +- DTLS (experimental non-standard feature) + +Supported relay protocols: +- UDP (per RFC 5766) +- TCP (per RFC 6062) + +Supported user databases (for user repository, with passwords or keys, if +authentication is required): +- SQLite +- MySQL +- PostgreSQL +- Redis + +Redis can also be used for status and statistics storage and notification. +Supported TURN authentication mechanisms: +- long-term +- TURN REST API (a modification of the long-term mechanism, for time-limited + secret-based authentication, for WebRTC applications) + +The load balancing can be implemented with the following tools (either one or a +combination of them): +- network load-balancer server +- DNS-based load balancing +- built-in ALTERNATE-SERVER mechanism. + +%package utils +Summary: Coturn utils + +%description utils +This package contains the TURN client utils. + +%package devel +Summary: Coturn development headers +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description devel +This package contains the TURN development headers. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +%sysusers_generate_pre %{SOURCE4} %{name} + +%configure \ + --confdir=%{_sysconfdir}/%{name} \ + --examplesdir=%{_docdir}/%{name} \ + --schemadir=%{_datadir}/%{name} \ + --manprefix=%{_datadir} \ + --docdir=%{_docdir}/%{name} \ + --turndbdir=%{_localstatedir}/lib/%{name} \ + --disable-rpath +%make_build + +%check +%make_build test + +%install +%make_install +mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}} +install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ +install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf +install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/ +install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name} +install -Dpm 0644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml +install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/ + +sed -i \ + -e "s|^syslog$|#syslog|g" \ + -e "s|^#*log-file=.*|log-file=%{_localstatedir}/log/coturn/turnserver.log|g" \ + -e "s|^#*simple-log|simple-log|g" \ + -e "s|^#*cert=.*|#cert=%{_sysconfdir}/pki/coturn/public/turn_server_cert.pem|g" \ + -e "s|^#*pkey=.*|#pkey=%{_sysconfdir}/pki/coturn/private/turn_server_pkey.pem|g" \ + %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default +touch -c -r examples%{_sysconfdir}/turnserver.conf %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default +mv %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf + +# Remove certs and keys +rm %{buildroot}%{_docdir}/%{name}%{_sysconfdir}/*.pem + +# fix permissions +find %{buildroot}%{_docdir} -type f -exec chmod 0664 {} \; +chmod 0644 %{buildroot}%{_mandir}/man1/* +chmod 0644 %{buildroot}%{_datadir}/%{name}/* + +# compatibility link +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} + +# manually create and symlink man pages +rm %{buildroot}%{_mandir}/man1/{turnutils_*,coturn.1} +gzip %{buildroot}%{_mandir}/man1/*.1 +ln -s turnserver.1.gz %{buildroot}%{_mandir}/man1/coturn.1.gz +for PKG in natdiscovery oauth peer stunclient uclient ; do +ln -s turnutils.1.gz %{buildroot}%{_mandir}/man1/turnutils_$PKG.1.gz +done + +%pre -f %{name}.pre +%service_add_pre %{name}.service + +%post +%service_add_post %{name}.service +systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf +%{fillup_only -n %{name}} +%firewalld_reload + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%files +%license LICENSE +%{_sysusersdir}/%{name}-user.conf +%{_sbindir}/rc%{name} +%{_fillupdir}/sysconfig.coturn +%dir %{_libexecdir}/firewalld +%dir %{_libexecdir}/firewalld/services +%{_libexecdir}/firewalld/services/coturn.xml + +%{_bindir}/turnserver +%{_bindir}/turnadmin +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/*.redis +%{_datadir}/%{name}/*.sql +%attr(0750,-,-) %{_datadir}/%{name}/*.sh +%dir %{_docdir}/%{name} +%{_docdir}/%{name}/README.* +%exclude %{_docdir}/%{name}/README.turnutils +%exclude %{_docdir}/%{name}/INSTALL +%exclude %{_docdir}/%{name}/LICENSE +%exclude %{_docdir}/%{name}/postinstall.txt +%dir %{_docdir}/%{name}%{_sysconfdir} +%doc %{_docdir}/%{name}%{_sysconfdir}/* +%dir %{_docdir}/%{name}/scripts +%dir %{_docdir}/%{name}/scripts/* +%{_docdir}/%{name}/scripts/*.sh +%{_docdir}/%{name}/scripts/readme.txt +%doc %{_docdir}/%{name}/scripts/*/* + +#Don't package schemas twice +%exclude %doc %{_docdir}/%{name}/schema.* + +%{_mandir}/man1/coturn.1%{?ext_man} +%{_mandir}/man1/turnserver.1%{?ext_man} +%{_mandir}/man1/turnadmin.1%{?ext_man} + +%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name} +%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/%{name}/turnserver.conf +%dir %{_sysconfdir}/pki/%{name} +%dir %{_sysconfdir}/pki/%{name}/public +%dir %attr(0750,root,%{name}) %{_sysconfdir}/pki/%{name}/private +%{_unitdir}/coturn.service +%{_tmpfilesdir}/coturn.conf +%dir %ghost %attr(0750,%{name},%{name}) %{_rundir}/%{name} +%dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name} +%dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name} +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} + +%files utils +%license LICENSE +%{_bindir}/turnutils_peer +%{_bindir}/turnutils_stunclient +%{_bindir}/turnutils_uclient +%{_bindir}/turnutils_oauth +%{_bindir}/turnutils_natdiscovery +%doc %{_docdir}/%{name}/README.turnutils +%{_mandir}/man1/turnutils.1%{?ext_man} +%{_mandir}/man1/turnutils_*.1%{?ext_man} + +%files devel +%defattr(0644,root,root,0755) +%license LICENSE +%{_includedir}/turn +%{_libdir}/libturnclient.a + +%changelog diff --git a/coturn.sysconfig b/coturn.sysconfig new file mode 100644 index 0000000..806f213 --- /dev/null +++ b/coturn.sysconfig @@ -0,0 +1,8 @@ +## Path: coturn/TURN +## Type: string +## Default: "" +## ServiceRestart: coturn +# +# TURN Server startup options +# +EXTRA_OPTIONS="" diff --git a/coturn.tmpfilesd b/coturn.tmpfilesd new file mode 100644 index 0000000..f0de8ff --- /dev/null +++ b/coturn.tmpfilesd @@ -0,0 +1 @@ +d /run/coturn 750 coturn coturn