forgejo/forgejo.spec

239 lines
7.3 KiB
RPMSpec
Raw Permalink Normal View History

- update to 9.0.2: * it was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action (registration, password reset or secondary email validation) could be used to perform a different action. * a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. * the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code. * the tokens used when replying by email to issues or pull requests were weaker than the rfc2104 recommendations. * a registered user could modify the update frequency of any push mirror. * it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. * some markup sanitation rules were not as strong as they could be. * when Forgejo is configured to enable instance wide search (e.g. with bleve), results found in the repositories of private or limited users were displayed to anonymous visitors. * fix: handle renamed dependency for cargo registry. * support www.github.com for migrations. * move forgot_password-link to fix login tab order. * code owners will not be mentioned when a pull request comes from a forked repository. * labels are missing in the pull request payload removing a label. * in a Forgejo Actions workflow, the unlabeled event type for pull requests was incorrectly mapped to the labeled event type. * when a Forgejo Actions issue or pull request workflow is triggered by an labeled or unlabeled event type, it misses information about the label added OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=45
2024-11-16 04:41:20 +01:00
#
# spec file for package forgejo
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} > 1600
%bcond_without selinux
%bcond_without apparmor
%else
%if 0%{?suse_version} == 1600
%bcond_without selinux
%bcond_with apparmor
%else
# Leap & SLE
%bcond_with selinux
%bcond_without apparmor
%endif
%endif
Name: forgejo
Version: 9.0.2
Release: 0
Summary: Self-hostable forge
License: GPL-3.0-or-later
Group: Development/Tools/Version Control
URL: https://forgejo.org
Source0: https://codeberg.org/%{name}/%{name}/releases/download/v%{version}/%{name}-src-%{version}.tar.gz
Source1: https://codeberg.org/%{name}/%{name}/releases/download/v%{version}/%{name}-src-%{version}.tar.gz.asc
Source2: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xeb114f5e6c0dc2bcdd183550a4b61a2dc5923710#/%{name}.keyring
Source3: package-lock.json
Source4: node_modules.spec.inc
%include %{_sourcedir}/node_modules.spec.inc
Source5: %{name}.service
Source6: %{name}.sysusers
Source7: %{name}.fc
Source8: %{name}.if
Source9: %{name}.te
Source10: %{name}.apparmor
Source11: %{name}.firewalld
Source99: get-sources.sh
Patch0: custom-app.ini.patch
Patch1: dont-strip.patch
BuildRequires: golang-packaging
BuildRequires: golang(API) = 1.23
## node >= 20
%if 0%{?suse_version} == 1500
BuildRequires: nodejs-devel-default
BuildRequires: npm-default
%else
BuildRequires: nodejs-packaging
%endif
BuildRequires: firewall-macros
BuildRequires: firewalld
BuildRequires: local-npm-registry
BuildRequires: make
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
Requires: git-core
Requires: git-lfs
Requires: (%{name}-apparmor if apparmor-abstractions)
Requires: (%{name}-firewalld if firewalld)
Requires: (%{name}-selinux if selinux-policy-targeted)
%if %{with apparmor}
BuildRequires: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
BuildRequires: libapparmor-devel
%endif
%if %{with selinux}
BuildRequires: checkpolicy
BuildRequires: selinux-policy-devel
%endif
%{systemd_requires}
%{sysusers_requires}
%package firewalld
Summary: Firewalld profile for %{name}
BuildArch: noarch
%description firewalld
This package adds a firewalld service profile to %{name}
%if %{with apparmor}
%package apparmor
Summary: Apparmor profile for %{name}
BuildArch: noarch
Requires: %{name} = %{version}-%{release}
%description apparmor
This package adds the Apparmor profile to %{name}
%endif
%if %{with selinux}
%package selinux
Summary: Selinux support for %{name}
BuildArch: noarch
Requires: %{name} = %{version}-%{release}
Requires: selinux-policy-targeted
%description selinux
This package adds SELinux enforcement to %{name}.
%endif
%package environment-to-ini
Summary: Configuration params via environment variables for %{name}
Requires: %{name} = %{version}-%{release}
%description environment-to-ini
OCI Container users can change arbitrary configuration
via environment variables with this tool
Forgejo needs to use an ini file for configuration because the running
environment that starts the OCI container may not be the same as that used
by the hooks. An ini file also gives a good default and means that
users do not have to completely provide a full environment.
%description
Providing Git hosting for your project, friends, company or community? Forgejo (/for'd͡ʒe.jo/ inspired by forĝejo
the Esperanto word for forge) has you covered with its intuitive interface, light and easy hosting and a lot of builtin functionality.
%prep
%autosetup -p1 -n %{name}-src-%{version}
local-npm-registry %{_sourcedir} install --also=dev
%build
%sysusers_generate_pre %{SOURCE6} %{name} %{name}.conf
export TAGS="bindata timetzdata sqlite sqlite_unlock_notify"
export EXTRA_GOFLAGS="-buildmode=pie -mod=vendor"
%make_build build
go build ${EXTRA_GOFLAGS} -o contrib/environment-to-ini/environment-to-ini contrib/environment-to-ini/environment-to-ini.go
%install
install -d %{buildroot}%{_bindir}
install -d %{buildroot}%{_datadir}/%{name}
install -d %{buildroot}%{_datadir}/%{name}/{conf,https,mailer}
install -Dm0755 contrib/environment-to-ini/environment-to-ini %{buildroot}%{_bindir}
ln -s %{name} %{buildroot}%{_bindir}/gitea
install -d %{buildroot}%{_sharedstatedir}/%{name}/{data,https,indexers,queues,repositories}
install -d %{buildroot}%{_sysconfdir}/%{name}
install -d %{buildroot}%{_localstatedir}/log/%{name}
install -D -m 0644 %{_builddir}/%{name}-src-%{version}/custom/conf/app.example.ini %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini
install -D -m 0755 %{_builddir}/%{name}-src-%{version}/gitea %{buildroot}%{_bindir}/%{name}
install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/%{name}.conf
%if %{with apparmor}
install -d %{buildroot}%{_sysconfdir}/apparmor.d
install -Dm0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name}
%endif
%if %{with selinux}
cd %{_sourcedir}
make -f %{_datadir}/selinux/devel/Makefile %{name}.pp
install -Dm0644 %{name}.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp
install -Dm0644 %{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
%endif
#firewalld service file
install -D -m 0644 %{SOURCE11} %{buildroot}%{_prefix}/lib/firewalld/services/%{name}.xml
%pre -f %{name}.pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%post firewalld
%firewalld_reload
%if %{with apparmor}
%post apparmor
%apparmor_reload %{_sysconfdir}/apparmor.d/usr.bin.%{name}
%endif
%if %{with selinux}
%post selinux
semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp 2>/dev/null || :
%preun selinux
semodule -r %{name} 2>/dev/null || :
%endif
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%check
#as of now, broken
#%%make_build test
%files
%license LICENSE
%doc README.md RELEASE-NOTES.md CONTRIBUTING.md
%{_unitdir}/%{name}.service
%{_bindir}/%{name}
%{_bindir}/gitea
%defattr(0660,root,forgejo,770)
%{_localstatedir}/log/%{name}
%defattr(0660,forgejo,forgejo,750)
%config(noreplace) %{_sysconfdir}/%{name}/conf/app.ini
%{_sysconfdir}/%{name}
%{_datadir}/%{name}
%{_sharedstatedir}/%{name}
%{_sysusersdir}/%{name}.conf
%if %{with apparmor}
%files apparmor
%dir %{_sysconfdir}/apparmor.d
%config %{_sysconfdir}/apparmor.d/usr.bin.%{name}
%endif
%if %{with selinux}
%files selinux
%dir %{_datadir}/selinux/devel/include/distributed
%{_datadir}/selinux/packages/%{name}
%{_datadir}/selinux/devel/include/distributed/%{name}.if
%endif
%files firewalld
%{_prefix}/lib/firewalld/services/%{name}.xml
%files environment-to-ini
%{_bindir}/environment-to-ini
%changelog