diff --git a/.gitattributes b/.gitattributes index b51a5f6..9b03811 100644 --- a/.gitattributes +++ b/.gitattributes @@ -21,5 +21,3 @@ *.xz filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text -## Specific LFS patterns -matomo-3.13.3-0.noarch.rpm.old filter=lfs diff=lfs merge=lfs -text diff --git a/matomo-3.13.3-0.noarch.rpm.old b/matomo-3.13.3-0.noarch.rpm.old deleted file mode 100644 index 335d6e8..0000000 --- a/matomo-3.13.3-0.noarch.rpm.old +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dbd9601c24e96af14cdcdeb4c4fe8f26863dafd693ae65a5eddf623645c9c51f -size 12896360 diff --git a/matomo-nginx.conf b/matomo-nginx.conf deleted file mode 100644 index 65eb65e..0000000 --- a/matomo-nginx.conf +++ /dev/null @@ -1,89 +0,0 @@ -# If you run matomo stand alone, please redirect all traffix on port 80 -# to an SSL encrypted setup on port 443. -# In this case, uncomment the following server section. -#server { -# listen [::]:80 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6 -# listen 80 fastopen=500; -# server_name matomo.example.com; -# # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. -# location / { -# return 301 https://$host$request_uri; -# } -#} - -server { -# If you run matomo behind a load balancer like haproxy, let haproxy handle the SSL offloading -# for you. If no, please comment the two lines below and uncomment the lines above and below -# for SSL encrypted traffic - listen [::]:80 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6 - listen 80 fastopen=500; -# If you run nginx with SSL, please adjust and uncomment the lines below -# listen 443 ssl http2 fastopen=500; -# listen [::]:443 ssl http2 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6 -# include ssl.conf; # if you want to support older browsers, please read through this file -# add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance -# add_header X-Content-Type-Options "nosniff" always; -# add_header X-XSS-Protection "1; mode=block" always; -# ssl_certificate /etc/letsencrypt/example.com/fullchain.cer; -# ssl_certificate_key /etc/letsencrypt/example.com/example.com.key; - -# Please insert the correct FQDN of your server below: - server_name matomo.example.com; - - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - log_not_found off; - -# If you run nginx behind a reverse proxy like haproxy, please -# adjust and uncomment the lines below: -# set_real_ip_from 192.168.0.1; -# real_ip_header X-Forwarded-For; - - root __matomo_web___; - index index.php; - - # only allow accessing the following php files - location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php { - include /etc/nginx/fastcgi.conf; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - try_files $fastcgi_script_name =404; # protects against CVE-2019-11043 - set $path_info $fastcgi_path_info; - fastcgi_param PATH_INFO $path_info; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/ - fastcgi_pass 127.0.0.1:9000; - } - # deny access to all other .php files - location ~* ^.+\.php$ { - deny all; - return 403; - } - # serve all other files normally - location / { - try_files $uri $uri/ =404; - } - # disable all access to the following directories - location ~ /(config|tmp|core|lang) { - deny all; - return 403; - } - # disable all access to files starting with .ht (apache) - location ~ /\.ht { - deny all; - return 403; - } - # Cache images,CSS,JS and webfonts for an hour - # Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade - location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { - allow all; - expires 1h; - add_header Pragma public; - add_header Cache-Control "public"; - } - # disable all access to the following directories - location ~ /(libs|vendor|plugins|misc/user) { - deny all; - return 403; - } -} diff --git a/matomo-php-fpm.default.conf b/matomo-php-fpm.default.conf deleted file mode 100644 index 6bc02fa..0000000 --- a/matomo-php-fpm.default.conf +++ /dev/null @@ -1,2 +0,0 @@ -[global] -include=/etc/php7/fpm/php-fpm.d/*.conf diff --git a/matomo.changes b/matomo.changes index 7249b21..a03e995 100644 --- a/matomo.changes +++ b/matomo.changes @@ -1,16 +1,3 @@ -------------------------------------------------------------------- -Fri Mar 20 20:16:22 UTC 2020 - lars@linux-schulserver.de - 3.13.3 - -- install cron snipplet only on old systems and prefer - systemd timer (and service) on current systems -- new sub-packages matomo-php-fpm and matomo-nginx -- instead of patching the manifest file (and enhancing the patch - line again and again) just regenerate the manifest file from - scratch -- only config.ini.php should not get replaced during update: - all other php files in /etc/matomo should be replaced -- little cleanup in the files section - ------------------------------------------------------------------- Mon Feb 24 23:16:59 UTC 2020 - Lars Vogdt diff --git a/matomo.spec b/matomo.spec index 9f737fc..94e542c 100644 --- a/matomo.spec +++ b/matomo.spec @@ -31,12 +31,6 @@ %endif %{!?_tmpfilesdir:%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d} -%if 0%{?suse_version} >= 01230 -%bcond_without systemd -%else -%bcond_with systemd -%endif - Name: matomo Version: 3.13.3 Release: 0 @@ -53,9 +47,6 @@ Source11: %{name}-archive.service Source12: %{name}-archive.timer Source13: %{name}.my.cnf Source14: %{name}-tmpfile.conf -Source15: %{name}-php-fpm.conf -Source16: %{name}-php-fpm.default.conf -Source17: %{name}-nginx.conf Source99: %{name}.rpmlintrc BuildArch: noarch %if 0%{?suse_version} >= 1500 @@ -69,7 +60,6 @@ BuildRequires: cron BuildRequires: fdupes BuildRequires: logrotate BuildRequires: mariadb -BuildRequires: php-fpm >= 7 BuildRequires: unzip BuildRequires: pkgconfig(systemd) Requires: apache2 @@ -97,80 +87,44 @@ Recommends: php-geoip Recommends: php-openssl Recommends: apache2-mod_geoip Recommends: mariadb -Conflicts: piwik -%if %{with systemd} -BuildRequires: systemd -%{?systemd_requires} -%else Recommends: cron -%endif +Conflicts: piwik %description Matomo, formerly Piwik, is a web analytics platform that gives insights into a website's visitors and marketing campaigns, so the strategy and online experience of visitors may be optimized. -%package php-fpm -Summary: PHP FPM configuration for %{name} -Group: Productivity/Networking/Web/Utilities -Requires: php-fpm >= 7 -Requires(pre): php-fpm >= 7 -%if %{with systemd} -%{?systemd_requires} -%endif - -%description php-fpm -This package contains the PHP FPM configuration file to run -Matomo with php-fpm. - -Please remember to setup php-fpm correctly (by creating a working -/etc/php7/fpm/php-fpm.conf first). - -%package nginx -Summary: Nginx configuration for running Matomo -Group: Productivity/Networking/Web/Utilities -Requires: %{name}-php-fpm >= %{version} -Requires(pre): nginx -Requires: nginx -%if %{with systemd} -%{?systemd_requires} -%endif - -%description nginx -This package contains a small nginx configuration that should help you get your -own Matomo instance running and start collecting your own analytics. - -Please read through the %{_sysconfdir}/nginx/vhosts.d/matomo.conf and adjust -it to your needs. Please remember that you also need to check/configure the -%{name}-php-fpm package and enable and run php-fpm. - %prep %setup -q -n %{name} +install -m644 %{SOURCE4} README.SUSE # remove unwanted files find . -type f "(" -name .htaccess -o -name .travis.sh -o -name .gitkeep ")" -delete #find . -name ".git*" -exec rm -Rf "{}" "+" find . -type f "(" -name "*.c" -o -name "*.h" -o -name "*.js.orig" ")" -delete -# remove doc from subdirs -find plugins vendor libs -type f "(" -iname README.md -o -iname CHANGELOG.md -iname CONTRIBUTING.md -iname UPGRADE.md ")" -delete -rm -rf vendor/szymach/c-pchart/doc # env-script-interpreter find . -type f -exec sed -i -e 's|\/usr\/bin\/env php|\/usr\/bin\/php|g' {} + + # # disable the auto updater, it can't work properly with the new, more secure permissions and is a bad idea on a RPM based setup anyways. # sed -i '/enable_auto_update/s/1$/0/' config/global.ini.php + # -# regenerate the manifest file -# -find ./ -type f -printf '%s ' -exec md5sum {} \; \ - | grep -E -v 'config/manifest.inc.php|vendor/autoload.php|vendor/composer/autoload_real.php' \ - | grep -E -v ' ./LEGALNOTICE| ./LICENSE|misc/How to install Matomo.html' \ - | grep -E -v ' ./CHANGELOG.md| ./CONTRIBUTING.md| ./PRIVACY.md| ./README.md| ./SECURITY.md' \ - | sed '1,$ s/\([0-9]*\) \([a-z0-9]*\) *\.\/\(.*\)/\t\t"\3" => array("\1", "\2"),/;' \ - | sort \ - | sed '1 s/^/ ./config/manifest.inc.php +# Fix integrity check triggered from fix of rpmlint errors. +# Drop moved files +for i in CHANGELOG.md CONTRIBUTING.md PRIVACY.md README.md SECURITY.md LEGALNOTICE LICENSE 'misc\/cron\/.htaccess' 'misc\/How to install Matomo.html' 'vendor\/tecnickcom\/tcpdf\/tools\/.htaccess' 'vendor\/twig\/twig\/ext\/twig\/php_twig.h' 'vendor\/twig\/twig\/ext\/twig\/twig.c' 'js\/piwik.js.orig' +do + sed -i "/\W\"${i}\"\W/d" config/manifest.inc.php +done +# Insert new hashes for chanded files +for file in console 'vendor/leafo/lessphp/plessc' 'vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php' 'config/global.ini.php' 'core/CliMulti/Output.php' +do + size=$(ls -l $file | awk '{ print $5 }') + checksum=$(md5sum $file | awk '{ print $1 }') + file2=$(echo "$file" | sed 's/\//\\\//g') + sed -i "/\W\"$file2\"\W/c \"$file\" => array(\"$size\", \"$checksum\")," config/manifest.inc.php +done %build # nothing to build @@ -180,8 +134,9 @@ namespace Piwik;\nclass Manifest {\n\tstatic $files=array(\n/; $ s/$/\n\t);\n}/' install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name} install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name}/tmp install -d -m0755 %{buildroot}/%{_sysconfdir}/%{name} +install -d -m0755 %{buildroot}/%{_defaultdocdir}/%{name} # copy src from build to buildroot -install -D -m644 %{SOURCE4} %{buildroot}/%{_defaultdocdir}/%{name}/README.SUSE +mv *SUSE %{buildroot}/%{_defaultdocdir}/%{name} mv LEGALNOTICE %{buildroot}/%{_defaultdocdir}/%{name} mv LICENSE %{buildroot}/%{_defaultdocdir}/%{name} mv "misc/How to install Matomo.html" %{buildroot}/%{_defaultdocdir}/%{name} @@ -193,16 +148,6 @@ sed -e 's|__matomo_web__|%{ap_serverroot}/%{name}|g' \ -e 's|__matomo_conf__|%{_sysconfdir}/%{name}|g' \ -e 's|__matomo_log__|/var/log/%{name}|g' \ %{SOURCE2} > %{buildroot}/%{ap_sysconfdir}/conf.d/%{name}.conf -# install php-fpm configuration -mkdir -p %{buildroot}/etc/php7/fpm/php-fpm.d -sed -e 's|__matomo_web__|%{ap_serverroot}/%{name}|g' \ - -e 's|__matomo_conf__|%{_sysconfdir}/%{name}|g' \ - -e 's|__matomo_log__|/var/log/%{name}|g' \ - %{SOURCE15} > %{buildroot}%{_sysconfdir}/php7/fpm/php-fpm.d/matomo-php-fpm.conf -install -m 0644 %{SOURCE16} %{buildroot}%{_sysconfdir}/php7/fpm/php-fpm.conf -# install nginx configuration -install -D -m 0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/nginx/vhosts.d/matomo.conf -sed -i 's|__matomo_web__|%{ap_serverroot}/%{name}|g' %{buildroot}%{_sysconfdir}/nginx/vhosts.d/matomo.conf # install logrotate install -D -m0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} # move config to etc/matomo and make symlink @@ -211,35 +156,28 @@ mv %{buildroot}/%{ap_serverroot}/%{name}/config/* \ rm -d %{buildroot}/%{ap_serverroot}/%{name}/config ln -s %{_sysconfdir}/%{name} %{buildroot}/%{ap_serverroot}/%{name}/config # install cronscript and systemd-timer +install -d -m 0755 %{buildroot}/%{_sysconfdir}/cron.d install -d -m 0755 %{buildroot}/var/log/%{name} -%if %{with systemd} +install -D -m 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name}-archive install -D -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-archive.service install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-archive.timer install -D -m 0644 %{SOURCE14} %{buildroot}%{_tmpfilesdir}/%{name}.conf -sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_unitdir}/%{name}-archive.service -%else -install -d -m 0755 %{buildroot}/%{_sysconfdir}/cron.d -install -D -m 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name}-archive sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_sysconfdir}/cron.d/%{name}-archive -%endif +sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_unitdir}/%{name}-archive.service # install changes for mariadb install -D -m0644 %{SOURCE13} %{buildroot}/%{_sysconfdir}/my.cnf.d/%{name}.my.cnf -# touch config.ini.php (ghost) -touch %{buildroot}%{_sysconfdir}/%{name}/config.ini.php %fdupes %{buildroot}/%{_prefix} %fdupes %{buildroot}/srv -%if %{with systemd} %pre %service_add_pre matomo-archive.timer matomo-archive.service -%endif %post -%if %{with systemd} +# BSC#1154324 +# # # chown -R %{ap_usr}:%{ap_grp} %{ap_serverroot}/%{name} %service_add_post matomo-archive.timer matomo-archive.service apache2.service %tmpfiles_create %{_tmpfilesdir}/%{name}.conf -%endif if [ $1 -gt 1 ]; then # Update matomo if this is an upgrade $1 == 2 echo "matomo: Update matomo:core..." @@ -251,68 +189,37 @@ if [ $1 -gt 1 ]; then : fi -%if %{with systemd} %preun %service_del_preun matomo-archive.timer matomo-archive.service %postun %service_del_postun matomo-archive.timer matomo-archive.service apache2.service -%pre php-fpm -%service_add_pre php-fpm.service - -%post php-fpm -%service_add_post php-fpm.service - -%preun php-fpm -%service_del_preun php-fpm.service - -%postun php-fpm -%service_del_postun php-fpm.service - -%pre nginx -%service_add_pre nginx.service - -%post nginx -%service_add_post nginx.service - -%preun nginx -%service_del_preun nginx.service - -%postun nginx -%service_del_postun nginx.service -%endif - %files -%defattr(0644,root,root,0755) +%defattr(-,root,root,-) %dir %{_defaultdocdir}/%{name} %{_defaultdocdir}/%{name}/* %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%config(noreplace) %{_sysconfdir}/cron.d/%{name}-archive %config(noreplace) %{_sysconfdir}/my.cnf.d/%{name}.my.cnf -%if %{with systemd} %{_unitdir}/%{name}-archive.service %{_unitdir}/%{name}-archive.timer %{_tmpfilesdir}/%{name}.conf -%else -%config(noreplace) %{_sysconfdir}/cron.d/%{name}-archive -%endif %dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name} %dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment -%{_sysconfdir}/%{name}/environment/*php %attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*.php %attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment/*.php %ghost %attr(0750,%{ap_usr},%{ap_grp}) /run/%{name}_sessions +%defattr(644,root,root,755) %dir %{ap_serverroot}/%{name} %dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js %dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc %dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins %dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/tmp %dir %attr(0750,%{ap_usr},%{ap_grp}) /var/log/%{name} -%ghost %config(noreplace) %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/config.ini.php -%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/global.ini.php -%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/global.php -%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/manifest.inc.php +%config(noreplace) %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*php +%{_sysconfdir}/%{name}/environment/*php %attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/matomo.js %attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/piwik.js %attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js/piwik.min.js @@ -321,6 +228,7 @@ fi %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/log-analytics/import_logs.py %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/clean-xhprof.sh %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/build-xhprof.sh +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins/TestRunner/scripts/on_instance_launch.sh %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/package.sh %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/lessify %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/plessc @@ -330,15 +238,4 @@ fi %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/twig/twig/drupal_test.sh %{ap_serverroot}/%{name}/* -%files php-fpm -%defattr(-,root,root,-) -%config(noreplace) %{_sysconfdir}/php7/fpm/php-fpm.conf -%config(noreplace) %{_sysconfdir}/php7/fpm/php-fpm.d/matomo-php-fpm.conf - -%files nginx -%defattr(-,root,root,-) -%dir %{_sysconfdir}/nginx -%dir %{_sysconfdir}/nginx/vhosts.d -%config(noreplace) %{_sysconfdir}/nginx/vhosts.d/matomo.conf - %changelog