- install cron snipplet only on old systems and prefer

systemd timer (and service) on current systems
- new sub-packages matomo-php-fpm and matomo-nginx
- instead of patching the manifest file (and enhancing the patch 
  line again and again) just regenerate the manifest file from 
  scratch
- only config.ini.php should not get replaced during update:
  all other php files in /etc/matomo should be replaced
- little cleanup in the files section

OBS-URL: https://build.opensuse.org/package/show/network:utilities/matomo?expand=0&rev=69
This commit is contained in:
Lars Vogdt 2020-03-21 01:07:48 +00:00 committed by Git OBS Bridge
parent 0753b8172e
commit d6daa1049f
6 changed files with 243 additions and 31 deletions

2
.gitattributes vendored
View File

@ -21,3 +21,5 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
matomo-3.13.3-0.noarch.rpm.old filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dbd9601c24e96af14cdcdeb4c4fe8f26863dafd693ae65a5eddf623645c9c51f
size 12896360

89
matomo-nginx.conf Normal file
View File

@ -0,0 +1,89 @@
# If you run matomo stand alone, please redirect all traffix on port 80
# to an SSL encrypted setup on port 443.
# In this case, uncomment the following server section.
#server {
# listen [::]:80 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6
# listen 80 fastopen=500;
# server_name matomo.example.com;
# # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
# location / {
# return 301 https://$host$request_uri;
# }
#}
server {
# If you run matomo behind a load balancer like haproxy, let haproxy handle the SSL offloading
# for you. If no, please comment the two lines below and uncomment the lines above and below
# for SSL encrypted traffic
listen [::]:80 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6
listen 80 fastopen=500;
# If you run nginx with SSL, please adjust and uncomment the lines below
# listen 443 ssl http2 fastopen=500;
# listen [::]:443 ssl http2 fastopen=500; # remove this if you don't want Matomo to be reachable from IPv6
# include ssl.conf; # if you want to support older browsers, please read through this file
# add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-XSS-Protection "1; mode=block" always;
# ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
# ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
# Please insert the correct FQDN of your server below:
server_name matomo.example.com;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
log_not_found off;
# If you run nginx behind a reverse proxy like haproxy, please
# adjust and uncomment the lines below:
# set_real_ip_from 192.168.0.1;
# real_ip_header X-Forwarded-For;
root __matomo_web___;
index index.php;
# only allow accessing the following php files
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
include /etc/nginx/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404; # protects against CVE-2019-11043
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass 127.0.0.1:9000;
}
# deny access to all other .php files
location ~* ^.+\.php$ {
deny all;
return 403;
}
# serve all other files normally
location / {
try_files $uri $uri/ =404;
}
# disable all access to the following directories
location ~ /(config|tmp|core|lang) {
deny all;
return 403;
}
# disable all access to files starting with .ht (apache)
location ~ /\.ht {
deny all;
return 403;
}
# Cache images,CSS,JS and webfonts for an hour
# Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
# disable all access to the following directories
location ~ /(libs|vendor|plugins|misc/user) {
deny all;
return 403;
}
}

View File

@ -0,0 +1,2 @@
[global]
include=/etc/php7/fpm/php-fpm.d/*.conf

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Fri Mar 20 20:16:22 UTC 2020 - lars@linux-schulserver.de - 3.13.3
- install cron snipplet only on old systems and prefer
systemd timer (and service) on current systems
- new sub-packages matomo-php-fpm and matomo-nginx
- instead of patching the manifest file (and enhancing the patch
line again and again) just regenerate the manifest file from
scratch
- only config.ini.php should not get replaced during update:
all other php files in /etc/matomo should be replaced
- little cleanup in the files section
-------------------------------------------------------------------
Mon Feb 24 23:16:59 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de>

View File

@ -31,6 +31,12 @@
%endif
%{!?_tmpfilesdir:%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d}
%if 0%{?suse_version} >= 01230
%bcond_without systemd
%else
%bcond_with systemd
%endif
Name: matomo
Version: 3.13.3
Release: 0
@ -47,6 +53,9 @@ Source11: %{name}-archive.service
Source12: %{name}-archive.timer
Source13: %{name}.my.cnf
Source14: %{name}-tmpfile.conf
Source15: %{name}-php-fpm.conf
Source16: %{name}-php-fpm.default.conf
Source17: %{name}-nginx.conf
Source99: %{name}.rpmlintrc
BuildArch: noarch
%if 0%{?suse_version} >= 1500
@ -60,6 +69,7 @@ BuildRequires: cron
BuildRequires: fdupes
BuildRequires: logrotate
BuildRequires: mariadb
BuildRequires: php-fpm >= 7
BuildRequires: unzip
BuildRequires: pkgconfig(systemd)
Requires: apache2
@ -87,44 +97,80 @@ Recommends: php-geoip
Recommends: php-openssl
Recommends: apache2-mod_geoip
Recommends: mariadb
Recommends: cron
Conflicts: piwik
%if %{with systemd}
BuildRequires: systemd
%{?systemd_requires}
%else
Recommends: cron
%endif
%description
Matomo, formerly Piwik, is a web analytics platform that gives
insights into a website's visitors and marketing campaigns, so the
strategy and online experience of visitors may be optimized.
%package php-fpm
Summary: PHP FPM configuration for %{name}
Group: Productivity/Networking/Web/Utilities
Requires: php-fpm >= 7
Requires(pre): php-fpm >= 7
%if %{with systemd}
%{?systemd_requires}
%endif
%description php-fpm
This package contains the PHP FPM configuration file to run
Matomo with php-fpm.
Please remember to setup php-fpm correctly (by creating a working
/etc/php7/fpm/php-fpm.conf first).
%package nginx
Summary: Nginx configuration for running Matomo
Group: Productivity/Networking/Web/Utilities
Requires: %{name}-php-fpm >= %{version}
Requires(pre): nginx
Requires: nginx
%if %{with systemd}
%{?systemd_requires}
%endif
%description nginx
This package contains a small nginx configuration that should help you get your
own Matomo instance running and start collecting your own analytics.
Please read through the %{_sysconfdir}/nginx/vhosts.d/matomo.conf and adjust
it to your needs. Please remember that you also need to check/configure the
%{name}-php-fpm package and enable and run php-fpm.
%prep
%setup -q -n %{name}
install -m644 %{SOURCE4} README.SUSE
# remove unwanted files
find . -type f "(" -name .htaccess -o -name .travis.sh -o -name .gitkeep ")" -delete
#find . -name ".git*" -exec rm -Rf "{}" "+"
find . -type f "(" -name "*.c" -o -name "*.h" -o -name "*.js.orig" ")" -delete
# remove doc from subdirs
find plugins vendor libs -type f "(" -iname README.md -o -iname CHANGELOG.md -iname CONTRIBUTING.md -iname UPGRADE.md ")" -delete
rm -rf vendor/szymach/c-pchart/doc
# env-script-interpreter
find . -type f -exec sed -i -e 's|\/usr\/bin\/env php|\/usr\/bin\/php|g' {} +
#
# disable the auto updater, it can't work properly with the new, more secure permissions and is a bad idea on a RPM based setup anyways.
#
sed -i '/enable_auto_update/s/1$/0/' config/global.ini.php
#
# Fix integrity check triggered from fix of rpmlint errors.
# Drop moved files
for i in CHANGELOG.md CONTRIBUTING.md PRIVACY.md README.md SECURITY.md LEGALNOTICE LICENSE 'misc\/cron\/.htaccess' 'misc\/How to install Matomo.html' 'vendor\/tecnickcom\/tcpdf\/tools\/.htaccess' 'vendor\/twig\/twig\/ext\/twig\/php_twig.h' 'vendor\/twig\/twig\/ext\/twig\/twig.c' 'js\/piwik.js.orig'
do
sed -i "/\W\"${i}\"\W/d" config/manifest.inc.php
done
# Insert new hashes for chanded files
for file in console 'vendor/leafo/lessphp/plessc' 'vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php' 'config/global.ini.php' 'core/CliMulti/Output.php'
do
size=$(ls -l $file | awk '{ print $5 }')
checksum=$(md5sum $file | awk '{ print $1 }')
file2=$(echo "$file" | sed 's/\//\\\//g')
sed -i "/\W\"$file2\"\W/c \"$file\" => array(\"$size\", \"$checksum\")," config/manifest.inc.php
done
# regenerate the manifest file
#
find ./ -type f -printf '%s ' -exec md5sum {} \; \
| grep -E -v 'config/manifest.inc.php|vendor/autoload.php|vendor/composer/autoload_real.php' \
| grep -E -v ' ./LEGALNOTICE| ./LICENSE|misc/How to install Matomo.html' \
| grep -E -v ' ./CHANGELOG.md| ./CONTRIBUTING.md| ./PRIVACY.md| ./README.md| ./SECURITY.md' \
| sed '1,$ s/\([0-9]*\) \([a-z0-9]*\) *\.\/\(.*\)/\t\t"\3" => array("\1", "\2"),/;' \
| sort \
| sed '1 s/^/<?php\n\/\/ This file is automatically generated during the Matomo build process \
namespace Piwik;\nclass Manifest {\n\tstatic $files=array(\n/; $ s/$/\n\t);\n}/' \
> ./config/manifest.inc.php
%build
# nothing to build
@ -134,9 +180,8 @@ done
install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name}
install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name}/tmp
install -d -m0755 %{buildroot}/%{_sysconfdir}/%{name}
install -d -m0755 %{buildroot}/%{_defaultdocdir}/%{name}
# copy src from build to buildroot
mv *SUSE %{buildroot}/%{_defaultdocdir}/%{name}
install -D -m644 %{SOURCE4} %{buildroot}/%{_defaultdocdir}/%{name}/README.SUSE
mv LEGALNOTICE %{buildroot}/%{_defaultdocdir}/%{name}
mv LICENSE %{buildroot}/%{_defaultdocdir}/%{name}
mv "misc/How to install Matomo.html" %{buildroot}/%{_defaultdocdir}/%{name}
@ -148,6 +193,16 @@ sed -e 's|__matomo_web__|%{ap_serverroot}/%{name}|g' \
-e 's|__matomo_conf__|%{_sysconfdir}/%{name}|g' \
-e 's|__matomo_log__|/var/log/%{name}|g' \
%{SOURCE2} > %{buildroot}/%{ap_sysconfdir}/conf.d/%{name}.conf
# install php-fpm configuration
mkdir -p %{buildroot}/etc/php7/fpm/php-fpm.d
sed -e 's|__matomo_web__|%{ap_serverroot}/%{name}|g' \
-e 's|__matomo_conf__|%{_sysconfdir}/%{name}|g' \
-e 's|__matomo_log__|/var/log/%{name}|g' \
%{SOURCE15} > %{buildroot}%{_sysconfdir}/php7/fpm/php-fpm.d/matomo-php-fpm.conf
install -m 0644 %{SOURCE16} %{buildroot}%{_sysconfdir}/php7/fpm/php-fpm.conf
# install nginx configuration
install -D -m 0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/nginx/vhosts.d/matomo.conf
sed -i 's|__matomo_web__|%{ap_serverroot}/%{name}|g' %{buildroot}%{_sysconfdir}/nginx/vhosts.d/matomo.conf
# install logrotate
install -D -m0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
# move config to etc/matomo and make symlink
@ -156,28 +211,35 @@ mv %{buildroot}/%{ap_serverroot}/%{name}/config/* \
rm -d %{buildroot}/%{ap_serverroot}/%{name}/config
ln -s %{_sysconfdir}/%{name} %{buildroot}/%{ap_serverroot}/%{name}/config
# install cronscript and systemd-timer
install -d -m 0755 %{buildroot}/%{_sysconfdir}/cron.d
install -d -m 0755 %{buildroot}/var/log/%{name}
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name}-archive
%if %{with systemd}
install -D -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-archive.service
install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-archive.timer
install -D -m 0644 %{SOURCE14} %{buildroot}%{_tmpfilesdir}/%{name}.conf
sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_sysconfdir}/cron.d/%{name}-archive
sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_unitdir}/%{name}-archive.service
%else
install -d -m 0755 %{buildroot}/%{_sysconfdir}/cron.d
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name}-archive
sed -i -e 's|@ap_serverroot@|%{ap_serverroot}|g' %{buildroot}%{_sysconfdir}/cron.d/%{name}-archive
%endif
# install changes for mariadb
install -D -m0644 %{SOURCE13} %{buildroot}/%{_sysconfdir}/my.cnf.d/%{name}.my.cnf
# touch config.ini.php (ghost)
touch %{buildroot}%{_sysconfdir}/%{name}/config.ini.php
%fdupes %{buildroot}/%{_prefix}
%fdupes %{buildroot}/srv
%if %{with systemd}
%pre
%service_add_pre matomo-archive.timer matomo-archive.service
%endif
%post
# BSC#1154324
# # # chown -R %{ap_usr}:%{ap_grp} %{ap_serverroot}/%{name}
%if %{with systemd}
%service_add_post matomo-archive.timer matomo-archive.service apache2.service
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%endif
if [ $1 -gt 1 ]; then
# Update matomo if this is an upgrade $1 == 2
echo "matomo: Update matomo:core..."
@ -189,37 +251,68 @@ if [ $1 -gt 1 ]; then
:
fi
%if %{with systemd}
%preun
%service_del_preun matomo-archive.timer matomo-archive.service
%postun
%service_del_postun matomo-archive.timer matomo-archive.service apache2.service
%pre php-fpm
%service_add_pre php-fpm.service
%post php-fpm
%service_add_post php-fpm.service
%preun php-fpm
%service_del_preun php-fpm.service
%postun php-fpm
%service_del_postun php-fpm.service
%pre nginx
%service_add_pre nginx.service
%post nginx
%service_add_post nginx.service
%preun nginx
%service_del_preun nginx.service
%postun nginx
%service_del_postun nginx.service
%endif
%files
%defattr(-,root,root,-)
%defattr(0644,root,root,0755)
%dir %{_defaultdocdir}/%{name}
%{_defaultdocdir}/%{name}/*
%config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/cron.d/%{name}-archive
%config(noreplace) %{_sysconfdir}/my.cnf.d/%{name}.my.cnf
%if %{with systemd}
%{_unitdir}/%{name}-archive.service
%{_unitdir}/%{name}-archive.timer
%{_tmpfilesdir}/%{name}.conf
%else
%config(noreplace) %{_sysconfdir}/cron.d/%{name}-archive
%endif
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment
%{_sysconfdir}/%{name}/environment/*php
%attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*.php
%attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment/*.php
%ghost %attr(0750,%{ap_usr},%{ap_grp}) /run/%{name}_sessions
%defattr(644,root,root,755)
%dir %{ap_serverroot}/%{name}
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins
%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/tmp
%dir %attr(0750,%{ap_usr},%{ap_grp}) /var/log/%{name}
%config(noreplace) %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*php
%{_sysconfdir}/%{name}/environment/*php
%ghost %config(noreplace) %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/config.ini.php
%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/global.ini.php
%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/global.php
%config %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/manifest.inc.php
%attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/matomo.js
%attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/piwik.js
%attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js/piwik.min.js
@ -228,7 +321,6 @@ fi
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/log-analytics/import_logs.py
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/clean-xhprof.sh
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/build-xhprof.sh
#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins/TestRunner/scripts/on_instance_launch.sh
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/package.sh
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/lessify
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/plessc
@ -238,4 +330,15 @@ fi
%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/twig/twig/drupal_test.sh
%{ap_serverroot}/%{name}/*
%files php-fpm
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/php7/fpm/php-fpm.conf
%config(noreplace) %{_sysconfdir}/php7/fpm/php-fpm.d/matomo-php-fpm.conf
%files nginx
%defattr(-,root,root,-)
%dir %{_sysconfdir}/nginx
%dir %{_sysconfdir}/nginx/vhosts.d
%config(noreplace) %{_sysconfdir}/nginx/vhosts.d/matomo.conf
%changelog