%global _hardened_build 1 %global srcname ejabberd # Since we require the version in both BuildRequires and Requires, let's make these variables for # easier maintenance. %global cache_tab_ver 1.0.13 %global eimp_ver 1.0.5 %global epam_ver 1.0.4 %global esip_ver 1.0.23 %global ezlib_ver 1.0.4 %global fast_tls_ver 1.0.22 %global fast_xml_ver 1.1.30 %global fast_yaml_ver 1.0.14 %global iconv_ver 1.0.7 %global luerl_ver 0.3 %global p1_mysql_ver 1.0.5 %global p1_oauth2_ver 0.6.3 %global p1_pgsql_ver 1.1.5 %global p1_utils_ver 1.0.11 %global stringprep_ver 1.0.11 %global stun_ver 1.0.22 %global xmpp_ver 1.1.21 Name: ejabberd Version: 18.04 Release: 1%{?dist} BuildArch: noarch License: GPLv2+ Summary: A distributed, fault-tolerant Jabber/XMPP server URL: https://www.ejabberd.im/ VCS: scm:git:https://github.com/processone/ejabberd.git Source0: https://github.com/processone/%{name}/archive/%{version}/%{name}-%{version}.tar.gz Source2: ejabberd.logrotate # Support for systemd Source4: ejabberd.service # PAM support Source9: ejabberdctl.pam Source11: ejabberd.pam # polkit support Source12: ejabberdctl.polkit.actions Source13: ejabberdctl.polkit.rules # SELinux module Source14: ejabberd.te Source15: ejabberd.fc Source16: ejabberd.if # Use ejabberd as an example for PAM service name (fedora/epel-specific) Patch1: ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch # Fedora-specific Patch3: ejabberd-0003-Install-into-BINDIR-instead-of-SBINDIR.patch # Fedora-specific Patch4: ejabberd-0004-Enable-systemd-notification-if-available.patch BuildRequires: elixir >= 1.4.4 BuildRequires: erlang-cache_tab >= %{cache_tab_ver} BuildRequires: erlang-eimp >= %{eimp_ver} BuildRequires: erlang-epam >= %{epam_ver} BuildRequires: erlang-esip >= %{esip_ver} BuildRequires: erlang-ezlib >= %{ezlib_ver} BuildRequires: erlang-fast_tls >= %{fast_tls_ver} BuildRequires: erlang-fast_xml >= %{fast_xml_ver} BuildRequires: erlang-fast_yaml >= %{fast_yaml_ver} BuildRequires: erlang-iconv >= %{iconv_ver} BuildRequires: erlang-jiffy >= 0.14.8 BuildRequires: erlang-jose >= 1.8.4 BuildRequires: erlang-lager >= 3.4.2 BuildRequires: erlang-luerl >= %{luerl_ver} BuildRequires: erlang-meck >= 0.8.4 BuildRequires: erlang-odbc BuildRequires: erlang-p1_mysql >= %{p1_mysql_ver} BuildRequires: erlang-p1_oauth2 >= %{p1_oauth2_ver} BuildRequires: erlang-p1_pgsql >= %{p1_pgsql_ver} BuildRequires: erlang-p1_utils >= %{p1_utils_ver} BuildRequires: erlang-rebar BuildRequires: erlang-riak_client BuildRequires: erlang-sd_notify BuildRequires: erlang-stringprep >= %{stringprep_ver} BuildRequires: erlang-stun >= %{stun_ver} BuildRequires: erlang-xmpp >= %{xmpp_ver} BuildRequires: expat-devel >= 1.95 BuildRequires: git BuildRequires: libyaml-devel >= 0.1.4 BuildRequires: openssl-devel >= 1.0.0 BuildRequires: pam-devel BuildRequires: selinux-policy-devel BuildRequires: autoconf BuildRequires: automake # For creating user and group Requires(pre): shadow-utils Requires(post): /usr/bin/openssl Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Provides: user(%{name}) Provides: group(%{name}) Requires: ejabberd-selinux == %{version}-%{release} # From rebar Requires: elixir >= 1.4.4 Requires: erlang-cache_tab >= %{cache_tab_ver} Requires: erlang-eimp >= %{eimp_ver} Requires: erlang-epam >= %{epam_ver} Requires: erlang-esip >= %{esip_ver} Requires: erlang-ezlib >= %{ezlib_ver} Requires: erlang-fast_tls >= %{fast_tls_ver} Requires: erlang-fast_xml >= %{fast_xml_ver} Requires: erlang-fast_yaml >= %{fast_yaml_ver} Requires: erlang-iconv >= %{iconv_ver} Requires: erlang-jiffy >= 0.14.8 Requires: erlang-jose >= 1.8.4 Requires: erlang-lager >= 3.4.2 Requires: erlang-luerl >= %{luerl_ver} Requires: erlang-meck >= 0.8.4 Requires: erlang-os_mon Requires: erlang-p1_mysql >= %{p1_mysql_ver} Requires: erlang-p1_oauth2 >= {%p1_oauth2_ver} Requires: erlang-p1_pgsql >= %{p1_pgsql_ver} Requires: erlang-p1_utils >= %{p1_utils_ver} Requires: erlang-stringprep >= %{stringprep_ver} Requires: erlang-stun >= %{stun_ver} Requires: erlang-xmpp >= %{xmpp_ver} # We install a logrotate.d file Requires: logrotate # for /usr/bin/pkexec Requires: polkit # for flock in ejabberdctl Requires: util-linux %description ejabberd is a Free and Open Source distributed fault-tolerant Jabber/XMPP server. It is mostly written in Erlang, and runs on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris, Mac OS X and Windows NT/2000/XP). %package selinux BuildArch: noarch Summary: SELinux policy for ejabberd Requires: selinux-policy Requires: selinux-policy-targeted Requires(post): /usr/sbin/selinuxenabled Requires(post): /usr/sbin/semodule Requires(posttrans): /usr/sbin/restorecon %description selinux This is the SELinux policy for ejabberd. %prep %autosetup -p1 # Upstream seems to import erlang-xmpp and erlang-fast_xml in a way that isn't compatible with them # being system libraries. We need to patch the include statements to fix this. # https://github.com/processone/ejabberd/pull/1446/ find . -name "*.hrl" | xargs sed -i \ "s/include(\"fxml.hrl/include_lib(\"fast_xml\/include\/fxml.hrl/" find . -name "*.erl" | xargs sed -i "s/include(\"jid.hrl/include_lib(\"xmpp\/include\/jid.hrl/" find . -name "*.hrl" | xargs sed -i "s/include(\"ns.hrl/include_lib(\"xmpp\/include\/ns.hrl/" find . -name "*.erl" | xargs sed -i "s/include(\"xmpp.hrl/include_lib(\"xmpp\/include\/xmpp.hrl/" find . -name "*.hrl" | xargs sed -i \ "s/include(\"xmpp_codec.hrl/include_lib(\"xmpp\/include\/xmpp_codec.hrl/" # A few dependencies are configured to be found in the deps folder instead of in system libs # https://github.com/processone/ejabberd/issues/1850 perl -p -i -e "s|deps/p1_utils/include|$(rpm -ql erlang-p1_utils | grep -E '/include$' )|g" rebar.config perl -p -i -e "s|deps/fast_xml/include|$(rpm -ql erlang-fast_xml | grep -E '/include$' )|g" rebar.config perl -p -i -e "s|deps/xmpp/include|$(rpm -ql erlang-xmpp | grep -E '/include$' )|g" rebar.config cp %{S:14} %{S:15} %{S:16} . %build autoreconf -ivf %configure --disable-graphics --enable-odbc --enable-mysql --enable-pgsql --enable-pam --enable-zlib --enable-iconv --enable-debug --enable-lager --libdir=%{_libdir}/erlang/lib/ --with-erlang=%{_libdir}/erlang/ --enable-system-deps --enable-stun %{erlang_compile} # Build the SELinux policy make NAME=ejabberd -f /usr/share/selinux/devel/Makefile DISTRO=fedora%{fedora} %install %{erlang_install} sed -e "s*{{rootdir}}*%{_prefix}*" \ -e "s*{{installuser}}*%{name}*" \ -e "s*{{bindir}}*%{_bindir}*" \ -e "s*{{libdir}}*%{_erllibdir}*" \ -e "s*{{sysconfdir}}*%{_sysconfdir}*" \ -e "s*{{localstatedir}}*/var*" \ -e "s*{{docdir}}*%{_datadir}/doc/%{name}*" \ -e "s*{{erl}}*%{_erldir}/bin/erl*" \ -e "s*{{epmd}}*%{_erldir}/bin/epmd*" ejabberdctl.template \ > ejabberdctl.example install -d -m 0750 %{buildroot}%{_sysconfdir}/%{name} install -D -p -m 0644 ejabberd.yml.example %{buildroot}%{_sysconfdir}/%{name}/ejabberd.yml install -D -p -m 0644 ejabberdctl.cfg.example %{buildroot}%{_sysconfdir}/%{name}/ejabberdctl.cfg install -D -p -m 0644 inetrc %{buildroot}%{_sysconfdir}/%{name}/inetrc install -D -p -m 0755 ejabberdctl.example %{buildroot}%{_bindir}/ejabberdctl install -d -m 0750 %{buildroot}/var/lib/ejabberd install -d -m 0750 %{buildroot}/var/lock/ejabberdctl install -d -m 0750 %{buildroot}/var/log/ejabberd # fix example SSL certificate path to real one, which we created recently (see above) %{__perl} -pi -e 's!/path/to/ssl.pem!/etc/ejabberd/ejabberd.pem!g' %{buildroot}/etc/ejabberd/ejabberd.yml install -D -p -m 0755 tools/captcha.sh %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/bin/captcha.sh # fix captcha path %{__perl} -pi -e 's!/lib/ejabberd/priv/bin/captcha.sh!%{_libdir}/%{name}/priv/bin/captcha.sh!g' %{buildroot}/etc/ejabberd/ejabberd.yml install -D -p -m 0644 %{S:9} %{buildroot}%{_sysconfdir}/pam.d/ejabberdctl install -D -p -m 0644 %{S:11} %{buildroot}%{_sysconfdir}/pam.d/ejabberd # install systemd entry install -D -m 0644 -p %{S:4} %{buildroot}%{_unitdir}/%{name}.service # install config for logrotate install -D -p -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/logrotate.d/ejabberd # create room for additional files (such as SQL schemas) install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ # install sql-scripts for creating db schemes for various RDBMS install -p -m 0644 sql/lite.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/mssql.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/mysql.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/pg.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/msgs/ install -p -m 0644 priv/msgs/*.msg %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/msgs/ # Install polkit-related files install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/actions/ejabberdctl.policy install -D -p -m 0644 %{S:13} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules # Install the SELinux policy install -d %{buildroot}%{_datadir}/selinux/targeted install -d %{buildroot}%{_datadir}/selinux/devel/include/apps install -p -m 0644 ejabberd.pp %{buildroot}%{_datadir}/selinux/targeted/ install -p -m 0644 ejabberd.if %{buildroot}%{_datadir}/selinux/devel/include/apps/ %check %{rebar_eunit} %pre getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || \ useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -M \ -c "ejabberd" %{name} 2>/dev/null || : if [ $1 -gt 1 ]; then # we should backup DB in every upgrade if ejabberdctl status >/dev/null ; then # Use timestamp to make database restoring easier TIME=$(date +%%Y-%%m-%%dT%%H:%%M:%%S) BACKUPDIR=$(mktemp -d -p /var/tmp/ ejabberd-$TIME.XXXXXX) chown ejabberd:ejabberd $BACKUPDIR BACKUP=$BACKUPDIR/ejabberd-database ejabberdctl backup $BACKUP # Change ownership to root:root because ejabberd user might be # removed on package removal. chown -R root:root $BACKUPDIR chmod 700 $BACKUPDIR echo echo The ejabberd database has been backed up to $BACKUP. echo fi # fix cookie path (since ver. 2.1.0 cookie stored in /var/lib/ejabberd/spool # rather than in /var/lib/ejabberd if [ -f /var/lib/ejabberd/spool/.erlang.cookie ]; then cp -pu /var/lib/ejabberd/{spool/,}.erlang.cookie echo echo The ejabberd cookie file was moved again. echo Please delete old one from /var/lib/ejabberd/spool/.erlang.cookie echo fi fi %post %systemd_post %{name}.service # Create SSL certificate with default values if it doesn't exist (cd /etc/ejabberd if [ ! -f ejabberd.pem ] then echo "Generating SSL certificate /etc/ejabberd/ejabberd.pem..." HOSTNAME=$(hostname -s 2>/dev/null || echo "localhost") DOMAINNAME=$(hostname -d 2>/dev/null || echo "localdomain") openssl req -new -x509 -days 365 -nodes -out ejabberd.pem \ -keyout ejabberd.pem > /dev/null 2>&1 <<+++ . . . $DOMAINNAME $HOSTNAME ejabberd root@$HOSTNAME.$DOMAINNAME +++ chown ejabberd:ejabberd ejabberd.pem chmod 600 ejabberd.pem fi) %post selinux if /usr/sbin/selinuxenabled ; then /usr/sbin/semodule -i %{_datadir}/selinux/targeted/ejabberd.pp fi %posttrans selinux /usr/sbin/restorecon -i -R /var/lib/ejabberd/ /usr/sbin/restorecon -i -R /var/log/ejabberd/ %preun %systemd_preun %{name}.service %preun selinux if [ $1 -eq 0 ] && [ "$(/usr/sbin/semodule -l | grep ejabberd)" = "ejabberd" ]; then /usr/sbin/semodule -s targeted -r ejabberd &> /dev/null fi %postun %systemd_postun_with_restart %{name}.service %files %license COPYING %doc README README.md %attr(750,ejabberd,ejabberd) %dir %{_sysconfdir}/ejabberd %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/ejabberd.yml %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/ejabberdctl.cfg %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/inetrc %{_unitdir}/%{name}.service %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/ejabberdctl %{_datadir}/polkit-1/actions/ejabberdctl.policy %{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules %{_bindir}/ejabberdctl %dir %{_erllibdir}/%{name}-%{version} %dir %{_erllibdir}/%{name}-%{version}/ebin %dir %{_erllibdir}/%{name}-%{version}/include %dir %{_erllibdir}/%{name}-%{version}/priv %dir %{_erllibdir}/%{name}-%{version}/priv/bin %dir %{_erllibdir}/%{name}-%{version}/priv/msgs %dir %{_erllibdir}/%{name}-%{version}/priv/sql %{_erllibdir}/%{name}-%{version}/ebin/*.app %{_erllibdir}/%{name}-%{version}/ebin/*.beam %{_erllibdir}/%{name}-%{version}/include/*.hrl %{_erllibdir}/%{name}-%{version}/priv/bin/captcha.sh %{_erllibdir}/%{name}-%{version}/priv/msgs/*.msg %{_erllibdir}/%{name}-%{version}/priv/sql/*.sql %attr(750,ejabberd,ejabberd) %dir /var/lib/ejabberd %attr(750,ejabberd,ejabberd) %dir /var/log/ejabberd %files selinux %{_datadir}/selinux/devel/include/apps/ejabberd.if %{_datadir}/selinux/targeted/ejabberd.pp %changelog * Sat Jun 09 2018 Randy Barlow - 18.04-1 - Upgrade to 18.04 (#1571775). - Use TLS for the URL. - https://blog.process-one.net/ejabberd-18-04/ * Mon Jun 04 2018 Randy Barlow - 18.03-3 - Use the correct path to epmd in ejabberdctl (#1573006). * Sat Mar 31 2018 Jeremy Cline - 18.03-2 - Allow PostgreSQL and MySQL database connections in SELinux policy * Mon Mar 26 2018 Randy Barlow - 18.03-1 - Update to 18.03 (#1560117). - https://blog.process-one.net/ejabberd-18-03/ * Sun Mar 25 2018 Randy Barlow - 18.1.0-2 - Convert to a noarch package. * Tue Feb 13 2018 Randy Barlow - 18.1.0-1 - Update to 18.1.0 (#1537324). - Require erlang-os_mon (#1542927). * Wed Feb 07 2018 Fedora Release Engineering - 18.01-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Jan 13 2018 Randy Barlow - 18.01-1 - Update to 18.01 (#1516062). - https://blog.process-one.net/ejabberd-17-11-happy-birthday-ejabberd/ - https://blog.process-one.net/ejabberd-17-12/ - https://blog.process-one.net/ejabberd-18-01/ - Require the selinux policy to be installed. - Allow port 5281 in the SELinux policy (#1494854). * Mon Dec 11 2017 Randy Barlow - 17.09-2 - Fix three issues that prevented ejabberd from starting (#1524199). * Fri Nov 10 2017 Randy Barlow - 17.09-1 - Update to 17.09 (#1427123). - https://blog.process-one.net/ejabberd-17-09/ * Sun Oct 22 2017 Randy Barlow - 17.07-2 - In 17.07-1 I had accidentally reverted my patch to depend on epam instead of p1_pam. This build fixes that again. * Sun Oct 22 2017 Randy Barlow - 17.07-1 - Update to 17.07 (#1427123). - https://blog.process-one.net/ejabberd-17-07/ - Add an SELinux policy subpackage. * Mon Oct 02 2017 Randy Barlow - 17.01-6 - Depend on epam instead of p1_pam (#1494988). * Sat Sep 23 2017 Randy Barlow - 17.01-5 - Run ejabberd directly in the unit file so it gets the correct SELinux context (#1424823). - Don't run ejabberdctl through polkit, as it doesn't play nice with the SELinux policy. * Wed Aug 02 2017 Fedora Release Engineering - 17.01-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 17.01-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sun Feb 19 2017 Randy Barlow - 17.01-2 - Stop shipping the unneeded /usr/lib/tmpfiles.d/ejabberd.conf (#1186674). - Stop putting a folder in /var/lock since that's a tmpfs.