Accepting request 793075 from home:weberho:tools

Coturn is a STUN/TURN server which works nicely e.g. nextcloud. I'd like to offer that project in factory and Leap.
Please review. If you like the package I'll request the coturn user/group for factory.

OBS-URL: https://build.opensuse.org/request/show/793075
OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

README.SUSE

@@ -0,0 +1,8 @@
+Configuration files:
+  * /etc/coturn/turnserver.conf is the mail configuration file
+  * /etc/sysconfig/coturn can be used to set additional command line parameters
+
+To allow traffic going thru the firewall use
+```
+firewall-cmd --zone=public --add-service=coturn [--permanent]
+```

coturn-4.5.1.0-append-log.patch

@@ -0,0 +1,53 @@
+https://github.com/coturn/coturn/issues/416 and https://github.com/coturn/coturn/pull/417
+
+diff --git a/src/apps/common/ns_turn_utils.c b/src/apps/common/ns_turn_utils.c
+index 2c656d7..0792085 100644
+--- a/src/apps/common/ns_turn_utils.c
++++ b/src/apps/common/ns_turn_utils.c
+@@ -370,7 +370,7 @@ static void set_rtpfile(void)
+ 				no_stdout_log = 1;
+ 			} else {
+ 				set_log_file_name(log_fn_base,log_fn);
+-				_rtpfile = fopen(log_fn, "w");
++				_rtpfile = fopen(log_fn, "a");
+ 				if(_rtpfile)
+ 					TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", log_fn);
+ 			}
+@@ -397,32 +397,32 @@ static void set_rtpfile(void)
+ 
+ 		set_log_file_name(logbase, logf);
+ 
+-		_rtpfile = fopen(logf, "w");
++		_rtpfile = fopen(logf, "a");
+ 		if(_rtpfile)
+ 			TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
+ 		else {
+ 			snprintf(logbase, FILE_STR_LEN, "/var/log/%s", logtail);
+ 
+ 			set_log_file_name(logbase, logf);
+-			_rtpfile = fopen(logf, "w");
++			_rtpfile = fopen(logf, "a");
+ 			if(_rtpfile)
+ 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
+ 			else {
+ 				snprintf(logbase, FILE_STR_LEN, "/var/tmp/%s", logtail);
+ 				set_log_file_name(logbase, logf);
+-				_rtpfile = fopen(logf, "w");
++				_rtpfile = fopen(logf, "a");
+ 				if(_rtpfile)
+ 					TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
+ 				else {
+ 					snprintf(logbase, FILE_STR_LEN, "/tmp/%s", logtail);
+ 					set_log_file_name(logbase, logf);
+-					_rtpfile = fopen(logf, "w");
++					_rtpfile = fopen(logf, "a");
+ 					if(_rtpfile)
+ 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
+ 					else {
+ 						snprintf(logbase, FILE_STR_LEN, "%s", logtail);
+ 						set_log_file_name(logbase, logf);
+-						_rtpfile = fopen(logf, "w");
++						_rtpfile = fopen(logf, "a");
+ 						if(_rtpfile)
+ 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
+ 						else {

coturn-4.5.1.1-cve-2020-6061.patch

@@ -0,0 +1,22 @@
+From 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
+Date: Mon, 17 Feb 2020 10:34:56 +0100
+Subject: [PATCH] Fix: CVE-2020-6061/TALOS-2020-0984
+
+---
+ src/apps/relay/http_server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c
+index 573af49b..1126b49c 100644
+--- a/src/apps/relay/http_server.c
++++ b/src/apps/relay/http_server.c
+@@ -103,7 +103,7 @@ const char* get_http_date_header()
+ 
+ static struct headers_list * post_parse(char *data, size_t data_len)
+ {
+-	while((*data=='\r')||(*data=='\n')) ++data;
++	while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
+ 	char *post_data = (char*)calloc(data_len + 1, sizeof(char));
+ 	memcpy(post_data, data, data_len);
+ 	char *fmarker = NULL;

coturn-4.5.1.1-cve-2020-6062.patch

@@ -0,0 +1,85 @@
+From e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
+Date: Tue, 18 Feb 2020 12:31:38 +0100
+Subject: [PATCH] Fix: CVE-2020-6062 / TALOS-2020-0985
+
+---
+ src/apps/relay/http_server.c | 63 ++++++++++++++++++++----------------
+ 1 file changed, 36 insertions(+), 27 deletions(-)
+
+diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c
+index 1126b49c..ff8e3992 100644
+--- a/src/apps/relay/http_server.c
++++ b/src/apps/relay/http_server.c
+@@ -104,35 +104,44 @@ const char* get_http_date_header()
+ static struct headers_list * post_parse(char *data, size_t data_len)
+ {
+ 	while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
+-	char *post_data = (char*)calloc(data_len + 1, sizeof(char));
+-	memcpy(post_data, data, data_len);
+-	char *fmarker = NULL;
+-	char *fsplit = strtok_r(post_data, "&", &fmarker);
+-	struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
+-	ns_bzero(list,sizeof(struct headers_list));
+-	while (fsplit != NULL) {
+-		char *vmarker = NULL;
+-		char *key = strtok_r(fsplit, "=", &vmarker);
+-		char *value = strtok_r(NULL, "=", &vmarker);
+-		char empty[1];
+-		empty[0]=0;
+-		value = value ? value : empty;
+-		value = evhttp_decode_uri(value);
+-		char *p = value;
+-		while (*p) {
+-			if (*p == '+')
+-				*p = ' ';
+-			p++;
++	if (data_len) {
++		char *post_data = (char*)calloc(data_len + 1, sizeof(char));
++		if (post_data != NULL) {
++			memcpy(post_data, data, data_len);
++			char *fmarker = NULL;
++			char *fsplit = strtok_r(post_data, "&", &fmarker);
++			struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
++			bzero(list,sizeof(struct headers_list));
++			while (fsplit != NULL) {
++				char *vmarker = NULL;
++				char *key = strtok_r(fsplit, "=", &vmarker);
++				if (key == NULL)
++					break;
++				else {
++					char *value = strtok_r(NULL, "=", &vmarker);
++					char empty[1];
++					empty[0]=0;
++					value = value ? value : empty;
++					value = evhttp_decode_uri(value);
++					char *p = value;
++					while (*p) {
++						if (*p == '+')
++							*p = ' ';
++						p++;
++					}
++					list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
++					list->keys[list->n] = strdup(key);
++					list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
++					list->values[list->n] = value;
++					++(list->n);
++					fsplit = strtok_r(NULL, "&", &fmarker);
++				}
++			}
++			free(post_data);
++			return list;
+ 		}
+-		list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
+-		list->keys[list->n] = strdup(key);
+-		list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
+-		list->values[list->n] = value;
+-		++(list->n);
+-		fsplit = strtok_r(NULL, "&", &fmarker);
+ 	}
+-	free(post_data);
+-	return list;
++	return NULL;
+ }
+ 
+ static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post)

coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch

@@ -0,0 +1,22 @@
+From acbf7e15c9290e0891a6b6b5ce6e81bbaa77ce5a Mon Sep 17 00:00:00 2001
+From: Johannes Weberhofer <jweberhofer@weberhofer.at>
+Date: Sat, 11 Apr 2020 10:33:55 +0200
+Subject: [PATCH] Drop of supplementary group IDs
+
+Fix related to POS36-C and rpmlint error "missing-call-to-setgroups-before-setuid".
+---
+ src/apps/relay/mainrelay.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
+index 6710da6d..5a21cfaa 100644
+--- a/src/apps/relay/mainrelay.c
++++ b/src/apps/relay/mainrelay.c
+@@ -2061,6 +2061,7 @@ static void set_network_engine(void)
+ 
+ static void drop_privileges(void)
+ {
++	setgroups(0, NULL);
+ 	if(procgroupid_set) {
+ 		if(getgid() != procgroupid) {
+ 			if (setgid(procgroupid) != 0) {

coturn-4.5.1.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8eabe4c241ad9a74655d8516c69b1fa3275e020e7f7fca50a6cb822809e7c220
+size 420069

coturn-user.conf

@@ -0,0 +1,4 @@
+# Type Name ID GECOS [HOME]
+g coturn -
+u coturn - "Coturn TURN Server daemon" /var/lib/coturn
+m coturn coturn

coturn.changes

@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Thu Apr  9 10:57:37 UTC 2020 - Johannes Weberhofer <jweberhofer@weberhofer.at>
+
+- Initial release of coturn 4.5.1.1

coturn.firewalld

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>TURN</short>
+  <description>TURN and STUN server ports for VoIP</description>
+  <port protocol="tcp" port="3478"/>
+  <port protocol="udp" port="3478"/>
+  <port protocol="tcp" port="5349"/>
+  <port protocol="udp" port="5349"/>
+</service>

coturn.logrotate

@@ -0,0 +1,12 @@
+/var/log/coturn/turnserver.log {
+	missingok
+	compress
+	delaycompress
+	notifempty
+	postrotate
+		/bin/systemctl --quiet is-active coturn.service && /bin/kill -HUP `cat /run/coturn/turnserver.pid` || true 
+	endscript
+	create 0660 coturn coturn
+	sharedscripts
+	su coturn coturn
+}

coturn.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=STUN and TURN relay server for VoIP and WebRTC
+Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
+After=syslog.target network.target
+
+[Service]
+User=coturn
+Group=coturn
+Type=forking
+EnvironmentFile=-/etc/sysconfig/turnserver
+PIDFile=/run/coturn/turnserver.pid
+ExecStart=/usr/bin/turnserver -o -c /etc/coturn/turnserver.conf --pidfile /run/coturn/turnserver.pid $EXTRA_OPTIONS
+Restart=on-abort
+ExecReload=/bin/kill -HUP $MAINPID
+
+LimitCORE=infinity
+LimitNOFILE=999999
+LimitNPROC=60000
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+CPUSchedulingPolicy=other
+UMask=0007
+
+[Install]
+WantedBy=multi-user.target

coturn.spec

@@ -0,0 +1,269 @@
+#
+# spec file for package coturn
+#
+# Copyright (c) 2020 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+# ship a static libraries that are made of an archive
+%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects
+
+Name:           coturn
+Version:        4.5.1.1
+Release:        0
+Summary:        TURN and STUN server for VoIP
+License:        BSD-3-Clause
+Group:          Productivity/Networking/Talk/Servers
+URL:            https://github.com/coturn/coturn/
+Source0:        https://github.com/coturn/coturn/archive/%{version}/%{name}-%{version}.tar.gz
+Source1:        %{name}.service
+Source2:        %{name}.tmpfilesd
+Source3:        %{name}.logrotate
+Source4:        %{name}-user.conf
+Source5:        %{name}.sysconfig
+Source6:        %{name}.firewalld
+Source7:        README.SUSE
+# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them
+Patch0:         coturn-4.5.1.0-append-log.patch
+# PATCH-FIX-UPSTREAM  coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061
+Patch1:         coturn-4.5.1.1-cve-2020-6061.patch
+# PATCH-FIX-UPSTREAM  coturn-4.5.1.1-cve-2020-6062.patch CVE-2020-6062
+Patch2:         coturn-4.5.1.1-cve-2020-6062.patch
+# PATCH-FIX-UPSTREAM   coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch fix rpmlint error
+Patch3:         coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch
+BuildRequires:  fdupes
+BuildRequires:  firewall-macros
+BuildRequires:  libevent-devel >= 2.0.0
+BuildRequires:  libmysqld-devel
+BuildRequires:  p11-kit
+BuildRequires:  pkgconfig
+BuildRequires:  systemd
+BuildRequires:  sysuser-tools
+BuildRequires:  pkgconfig(hiredis)
+BuildRequires:  pkgconfig(libpq)
+BuildRequires:  pkgconfig(libssl) >= 1.0.2
+BuildRequires:  pkgconfig(sqlite3)
+Requires(pre):  %fillup_prereq
+Requires(pre):  shadow
+Recommends:     logrotate
+%sysusers_requires
+
+%description
+STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays
+around NAT) are protocols that can be used to provide NAT traversal for VoIP
+and WebRTC.
+
+It can be used as a general-purpose network traffic TURN server and gateway,
+too. On-line management interface (over telnet or over HTTPS) for the TURN
+server is available.
+This implementation also includes some extra features. Supported RFCs:
+
+TURN specs:
+- RFC 5766 - base TURN specs
+- RFC 6062 - TCP relaying TURN extension
+- RFC 6156 - IPv6 extension for TURN
+- Experimental DTLS support as client protocol.
+
+STUN specs:
+- RFC 3489 - "classic" STUN
+- RFC 5389 - base "new" STUN specs
+- RFC 5769 - test vectors for STUN protocol testing
+- RFC 5780 - NAT behavior discovery support
+
+The implementation fully supports the following client-to-TURN-server protocols:
+- UDP (per RFC 5766)
+- TCP (per RFC 5766 and RFC 6062)
+- TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2
+- DTLS (experimental non-standard feature)
+
+Supported relay protocols:
+- UDP (per RFC 5766)
+- TCP (per RFC 6062)
+
+Supported user databases (for user repository, with passwords or keys, if
+authentication is required):
+- SQLite
+- MySQL
+- PostgreSQL
+- Redis
+
+Redis can also be used for status and statistics storage and notification.
+Supported TURN authentication mechanisms:
+- long-term
+- TURN REST API (a modification of the long-term mechanism, for time-limited
+  secret-based authentication, for WebRTC applications)
+
+The load balancing can be implemented with the following tools (either one or a
+combination of them):
+- network load-balancer server
+- DNS-based load balancing
+- built-in ALTERNATE-SERVER mechanism.
+
+%package        utils
+Summary:        Coturn utils
+
+%description    utils
+This package contains the TURN client utils.
+
+%package        devel
+Summary:        Coturn development headers
+Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
+
+%description    devel
+This package contains the TURN development headers.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+%build
+%sysusers_generate_pre %{SOURCE4} %{name}
+
+%configure \
+	--confdir=%{_sysconfdir}/%{name} \
+	--examplesdir=%{_docdir}/%{name} \
+	--schemadir=%{_datadir}/%{name} \
+	--manprefix=%{_datadir} \
+	--docdir=%{_docdir}/%{name} \
+	--turndbdir=%{_localstatedir}/lib/%{name} \
+	--disable-rpath
+%make_build
+
+%check
+%make_build test
+
+%install
+%make_install
+mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}}
+install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
+install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/
+install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name}
+install -Dpm 0644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
+install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/
+
+sed -i \
+    -e "s|^syslog$|#syslog|g" \
+    -e "s|^#*log-file=.*|log-file=%{_localstatedir}/log/coturn/turnserver.log|g" \
+    -e "s|^#*simple-log|simple-log|g" \
+    -e "s|^#*cert=.*|#cert=%{_sysconfdir}/pki/coturn/public/turn_server_cert.pem|g" \
+    -e "s|^#*pkey=.*|#pkey=%{_sysconfdir}/pki/coturn/private/turn_server_pkey.pem|g" \
+    %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default
+touch -c -r examples%{_sysconfdir}/turnserver.conf %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default
+mv %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf.default %{buildroot}%{_sysconfdir}/%{name}/turnserver.conf
+
+# Remove certs and keys
+rm %{buildroot}%{_docdir}/%{name}%{_sysconfdir}/*.pem
+
+# fix permissions
+find %{buildroot}%{_docdir} -type f -exec chmod 0664 {} \;
+chmod 0644 %{buildroot}%{_mandir}/man1/*
+chmod 0644 %{buildroot}%{_datadir}/%{name}/*
+
+# compatibility link
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+
+# manually create and symlink man pages
+rm %{buildroot}%{_mandir}/man1/{turnutils_*,coturn.1}
+gzip %{buildroot}%{_mandir}/man1/*.1
+ln -s turnserver.1.gz %{buildroot}%{_mandir}/man1/coturn.1.gz
+for PKG in natdiscovery oauth peer stunclient uclient ; do
+ln -s turnutils.1.gz %{buildroot}%{_mandir}/man1/turnutils_$PKG.1.gz
+done
+
+%pre -f %{name}.pre
+%service_add_pre %{name}.service
+
+%post
+%service_add_post %{name}.service
+systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf
+%{fillup_only -n %{name}}
+%firewalld_reload
+
+%preun
+%service_del_preun %{name}.service
+
+%postun
+%service_del_postun %{name}.service
+
+%files
+%license LICENSE
+%{_sysusersdir}/%{name}-user.conf
+%{_sbindir}/rc%{name}
+%{_fillupdir}/sysconfig.coturn
+%dir %{_libexecdir}/firewalld
+%dir %{_libexecdir}/firewalld/services
+%{_libexecdir}/firewalld/services/coturn.xml
+
+%{_bindir}/turnserver
+%{_bindir}/turnadmin
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/*.redis
+%{_datadir}/%{name}/*.sql
+%attr(0750,-,-) %{_datadir}/%{name}/*.sh
+%dir %{_docdir}/%{name}
+%{_docdir}/%{name}/README.*
+%exclude %{_docdir}/%{name}/README.turnutils
+%exclude %{_docdir}/%{name}/INSTALL
+%exclude %{_docdir}/%{name}/LICENSE
+%exclude %{_docdir}/%{name}/postinstall.txt
+%dir %{_docdir}/%{name}%{_sysconfdir}
+%doc %{_docdir}/%{name}%{_sysconfdir}/*
+%dir %{_docdir}/%{name}/scripts
+%dir %{_docdir}/%{name}/scripts/*
+%{_docdir}/%{name}/scripts/*.sh
+%{_docdir}/%{name}/scripts/readme.txt
+%doc %{_docdir}/%{name}/scripts/*/*
+
+#Don't package schemas twice
+%exclude %doc %{_docdir}/%{name}/schema.*
+
+%{_mandir}/man1/coturn.1%{?ext_man}
+%{_mandir}/man1/turnserver.1%{?ext_man}
+%{_mandir}/man1/turnadmin.1%{?ext_man}
+
+%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}
+%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/%{name}/turnserver.conf
+%dir %{_sysconfdir}/pki/%{name}
+%dir %{_sysconfdir}/pki/%{name}/public
+%dir %attr(0750,root,%{name}) %{_sysconfdir}/pki/%{name}/private
+%{_unitdir}/coturn.service
+%{_tmpfilesdir}/coturn.conf
+%dir %ghost %attr(0750,%{name},%{name}) %{_rundir}/%{name}
+%dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name}
+%dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+
+%files utils
+%license LICENSE
+%{_bindir}/turnutils_peer
+%{_bindir}/turnutils_stunclient
+%{_bindir}/turnutils_uclient
+%{_bindir}/turnutils_oauth
+%{_bindir}/turnutils_natdiscovery
+%doc %{_docdir}/%{name}/README.turnutils
+%{_mandir}/man1/turnutils.1%{?ext_man}
+%{_mandir}/man1/turnutils_*.1%{?ext_man}
+
+%files devel
+%defattr(0644,root,root,0755)
+%license LICENSE
+%{_includedir}/turn
+%{_libdir}/libturnclient.a
+
+%changelog

coturn.sysconfig

@@ -0,0 +1,8 @@
+## Path:           coturn/TURN
+## Type:           string
+## Default:        ""
+## ServiceRestart: coturn
+#
+# TURN Server startup options
+#
+EXTRA_OPTIONS=""

coturn.tmpfilesd

@@ -0,0 +1 @@
+d /run/coturn 750 coturn coturn