vsftpd/vsftpd.spec

#
# spec file for package vsftpd
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%global with_sysvinit 0
%if 0%{?suse_version} < 1310
%global with_sysvinit 1
%endif

Name:           vsftpd
BuildRequires:  gpg-offline
BuildRequires:  libcap-devel
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
%if 0%{?suse_version} > 1140
BuildRequires:  systemd
%endif
Version:        3.0.2
Release:        0
Summary:        Very Secure FTP Daemon - Written from Scratch
License:        SUSE-GPL-2.0-with-openssl-exception
Group:          Productivity/Networking/Ftp/Servers
Url:            https://security.appspot.com/vsftpd.html
Source0:        https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1:        %name.pam
Source2:        %name.logrotate
Source3:        %name.init
Source4:        README.SUSE
Source5:        %name.xml
Source6:        %name.firewall
Source7:        vsftpd.service
Source9:        %name.keyring
Source1000:     https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1:         vsftpd-2.0.4-lib64.diff
Patch3:         vsftpd-2.0.4-xinetd.diff
Patch4:         vsftpd-2.0.4-enable-ssl.patch
Patch5:         vsftpd-2.0.4-dmapi.patch
Patch6:         vsftpd-2.0.5-vuser.patch
Patch7:         vsftpd-2.0.5-enable-debuginfo.patch
Patch8:         vsftpd-2.0.5-utf8-log-names.patch
Patch9:         vsftpd-2.3.5-conf.patch
Patch10:        vsftpd-3.0.0_gnu_source_defines.patch
Patch11:        vsftpd-3.0.0-optional-seccomp.patch
#PATCH-FIX-OPENSUSE: bnc#786024
Patch12:        vsftpd-allow-dev-log-socket.patch
#PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct
Patch13:        vsftpd-drop-newpid-from-clone.patch
#PATCH-FIX-OPENSUSE: bnc#812406
Patch14:        vsftpd-enable-fcntl-f_setfl.patch
#PATCH-FIX-OPENSUSE: bnc#812406
Patch15:        vsftpd-enable-dev-log-sendto.patch
#PATCH-FEATURE-SUSE: FATE#311051, call chroot with user credentials to enable nsf with squash_root option
Patch16:        vsftpd-root-squashed-chroot.patch
#PATCH-FIX-UPSTREAM: bnc#870122
Patch17:        vsftpd-enable-gettimeofday-sec.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Provides:       ftp-server
Requires(pre):  %insserv_prereq /usr/sbin/useradd
%{?systemd_requires}
Requires:       logrotate

%description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
Obviously this is not a guarantee, but the entire codebase was written
with security in mind, and carefully designed to be resilient to
attack.

Recent evidence suggests that vsftpd is also extremely fast (and this
is before any explicit performance tuning!). In tests against wu-ftpd,
vsftpd was always faster, supporting over twice as many users in some
tests.

%prep
%gpg_verify %{S:1000}
%setup -q
%patch1
%patch3 -p1
%patch4
%patch5
%patch6
%patch7
%patch8
%patch9
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1

%build
%define seccomp_opts %{nil}
%if 0%{?suse_version} > 1030
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
%endif
rm -f dummyinc/sys/capability.h
make CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
     LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=

%install
mkdir -p $RPM_BUILD_ROOT/usr/share/empty
cp %SOURCE4 .
install -D -m 755 %name  $RPM_BUILD_ROOT/usr/sbin/%name
install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf
install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name
install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name
install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%name
install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5
install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8
%if %{with_sysvinit}
install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name
ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name
%else
ln -sf service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name}
%endif
install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{S:6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%if 0%{?suse_version} > 1140
install -D -m 0644 %SOURCE7 %{buildroot}/%{_unitdir}/%{name}.service
%endif

%pre
/usr/sbin/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d /var/lib/empty ftpsecure 2> /dev/null || :
%if 0%{?suse_version} > 1140
%service_add_pre %{name}.service
%endif

%preun
if [ -e /etc/init.d/%{name} ]; then
%stop_on_removal %name
fi

%if 0%{?suse_version} > 1140
%service_del_preun %{name}.service
%endif

%post
%if %{with_sysvinit}
%{fillup_and_insserv -f %{name}}
%endif

%if 0%{?suse_version} > 1140
%service_add_post %{name}.service
%endif

%postun
%if %{with_sysvinit}
%insserv_cleanup
%restart_on_update %name
%endif

%if 0%{?suse_version} > 1140
%service_del_postun %{name}.service
%endif

%files
%defattr(-,root,root)
%if 0%{?suse_version} > 1140
%{_unitdir}/%{name}.service
%endif
/usr/sbin/%name
/usr/sbin/rc%name
%if %{with_sysvinit}
%config /etc/init.d/%name
%endif
%_datadir/omc/svcinfo.d/vsftpd.xml
%dir /usr/share/empty
%config(noreplace) /etc/xinetd.d/%name
%config(noreplace) /etc/%name.conf
%config /etc/pam.d/%name
%config(noreplace) /etc/logrotate.d/%name
%_mandir/man5/%name.conf.*
%_mandir/man8/%name.*
%doc BUGS AUDIT Changelog LICENSE README README.security
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
%doc README.SUSE
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}

%changelog