# Review bug: https://bugzilla.redhat.com/479723 # Defaults %global gitver 2.34.1 %global cachedir %{_localstatedir}/cache/%{name} %global filterdir %{_libexecdir}/%{name}/filters %global scriptdir %{_localstatedir}/www/cgi-bin %global cgitdata %{_datadir}/%{name} %global httpdconfd %{_sysconfdir}/httpd/conf.d %global gitrepodir %{_localstatedir}/lib/git # GPG signing key fingerprints %global gpg_cgit AB9942E6D4A4CFC3412620A749FC7012A5DE03AE %global gpg_git 96E07AF25771955980DAD10020D04E5A713660A7 # Settings for Fedora and EL >= 8 %if 0%{?fedora} || 0%{?rhel} >= 8 %bcond_without httpd_filesystem %global use_perl_interpreter 1 %else %bcond_with httpd_filesystem %global use_perl_interpreter 0 %endif # The highlight package is only available in EL7+ on ppc64le and x86_64 %if 0%{?rhel} >= 7 && ! ( "%{_arch}" == "ppc64le" || "%{_arch}" == "x86_64" ) %bcond_with highlight %else %bcond_without highlight %endif Name: cgit Version: 1.2.3 Release: 8%{?dist} Summary: A fast web interface for git License: GPLv2 URL: https://git.zx2c4.com/cgit/ Source0: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz Source1: https://www.kernel.org/pub/software/scm/git/git-%{gitver}.tar.xz Source2: cgitrc Source3: README-SELinux.md # Jason A. Donenfeld's key is used to sign cgit releases. # https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc Source90: gpgkey-%{gpg_cgit}.asc # Junio C Hamano's key is used to sign git releases. It can be found in the # junio-gpg-pub tag within git. # # (Note that the tagged blob in git contains a version of the key with an # expired signing subkey. The subkey expiration has been extended on the # public keyservers, but the blob in git has not been updated.) # # https://git.kernel.org/cgit/git/git.git/tag/?h=junio-gpg-pub # https://git.kernel.org/cgit/git/git.git/blob/?h=junio-gpg-pub&id=7214aea37915ee2c4f6369eb9dea520aec7d855b # https://src.fedoraproject.org/rpms/git/raw/master/f/gpgkey-junio.asc Source91: gpgkey-%{gpg_git}.asc # Tarball signatures Source92: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.asc Source93: https://www.kernel.org/pub/software/scm/git/git-%{gitver}.tar.sign # All supported releases use highlight version 3. Patch0: 0001-use-highlight-3-by-default.patch # Improve test suite's support for older tar versions # https://lists.zx2c4.com/pipermail/cgit/2020-August/004513.html Patch1: https://git.zx2c4.com/cgit/patch/?id=bd6f5683f#/0001-t0107-support-older-and-or-non-GNU-tar.patch # Update to current git # # This is a compilation of patches Christian Hesse has sent to the cgit list. # It was created somewhat manually by reviewing the number of patches since the # last update to git-2.25.1 (14). Then patch was generated via: # # git log --grep=git: --format='%h' --reverse -14 origin/ch/for-jason | # while read c _; do # git format-patch -1 --ignore-submodules --no-signature --stdout $c # done >~/src/dist/fedora/cgit/cgit-1.2.3-update-to-git-2.34.1.patch Patch2: cgit-1.2.3-update-to-git-2.34.1.patch # Note the bundled git, per the packaging guidelines # https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling Provides: bundled(git) = %gitver %if %{with highlight} BuildRequires: highlight %endif BuildRequires: asciidoc %if 0%{?rhel} && 0%{?rhel} < 9 # Require epel-rpm-macros for the %%gpgverify macro on EL-7/EL-8, and # %%build_cflags / %%build_ldflags on EL-7. BuildRequires: epel-rpm-macros %endif BuildRequires: gcc BuildRequires: git-core BuildRequires: gnupg2 BuildRequires: libcurl-devel BuildRequires: openssl-devel BuildRequires: lua-devel BuildRequires: make BuildRequires: zlib-devel # Test dependencies BuildRequires: gettext BuildRequires: lzip %if %{use_perl_interpreter} BuildRequires: perl-interpreter %else BuildRequires: perl %endif BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: strace BuildRequires: tidy BuildRequires: unzip BuildRequires: xz BuildRequires: zstd %if %{with httpd_filesystem} # httpd-filesystem provides the basic apache directory layout Requires: httpd-filesystem %endif Requires: webserver %description Cgit is a fast web interface for git. It uses caching to increase performance. %prep # Verify GPG signatures xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE90}' --signature='%{SOURCE92}' --data=- xz -dc '%{SOURCE1}' | %{gpgverify} --keyring='%{SOURCE91}' --signature='%{SOURCE93}' --data=- %autosetup -a 1 -S git # setup the git dir rm -rf git mv git-%{gitver} git # add README.SELinux cp -p %{SOURCE3} . # Use the same options for every invocation of 'make'. # Otherwise it will rebuild in %%install due to flags changes. cat << \EOF | tee cgit.conf V = 1 CFLAGS = %{build_cflags} LDFLAGS = %{build_ldflags} CACHE_ROOT = %{cachedir} CGIT_SCRIPT_PATH = %{scriptdir} CGIT_SCRIPT_NAME = cgit CGIT_DATA_PATH = %{cgitdata} COPYTREE = %{__cp} -rp INSTALL = %{__install} -p docdir = %{docdir} filterdir = %{filterdir} prefix = %{_prefix} EOF # git build flags cat << \EOF | tee git/config.mak V = 1 CFLAGS = %{build_cflags} LDFLAGS = %{build_ldflags} NO_EXPAT = 1 NO_PERL = 1 NO_PYTHON = 1 NO_TCLTK = 1 EOF # remove env shebang's from filter scripts grep -rl '#!.*/env' filters/ | xargs -r sed -Ei 's@^(.+/)env (.+)$@\1\2@' # remove execute permissions from contrib file find contrib -type f | xargs -r chmod -x # default httpd config cat >httpd.conf < Require all granted EOF touch -r README httpd.conf %build %make_build all doc-man doc-html %if %{with highlight} highlight --print-style --style-outfile=stdout >> cgit.css %endif %install %make_install install install-man mkdir -p %{buildroot}%{cachedir} %{buildroot}%{gitrepodir} install -Dp -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/cgitrc install -Dp -m0644 httpd.conf %{buildroot}%{httpdconfd}/%{name}.conf %check %__make %{?_smp_mflags} test %files %doc README* contrib *.html %license COPYING %config(noreplace) %{_sysconfdir}/cgitrc %if ! %{with httpd_filesystem} # own httpd config dirs on systems without httpd-filesystem %dir %{_sysconfdir}/httpd %dir %{_sysconfdir}/httpd/conf.d %endif %config(noreplace) %{httpdconfd}/%{name}.conf %dir %attr(-,apache,root) %{cachedir} %{cgitdata} %{filterdir} # exclude byte-compiled python files on EL7 %{?el7:%exclude %{filterdir}/*.py[co]} %{scriptdir}/%{name} %{_mandir}/man*/* %dir %{gitrepodir} %changelog * Sun Jan 02 2022 Todd Zullinger - 1.2.3-8 - update to git-2.34.1 - use %%__make to run tests in %%check * Mon Jul 26 2021 Todd Zullinger - 1.2.3-7 - update SELinux README - simplify install commands - improve httpd config file creation - explicitly list the cgit cgi-bin script - create /var/lib/git to improve SELinux compatibility * Wed Jul 21 2021 Fedora Release Engineering - 1.2.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sat Jun 05 2021 Todd Zullinger - 1.2.3-5 - include output of cgit.conf and git/config.mak in build logs - explicitly disable expat, perl, python, and tcl/tk in git build - use %%{gpgverify} macro to verify tarball signature - use %%{build_cflags} and %%{build_ldflags} - preserve timestamps when running install - clean up & improve dist conditionals - remove %%_python_bytecompile_extra - limit *.py[co] %%exclude to el7 - refresh highlight v3 patch - use git to apply patches * Tue Jan 26 2021 Fedora Release Engineering - 1.2.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Dec 29 2020 Todd Zullinger - update tar/zstd patch from upstream * Sat Aug 08 2020 Todd Zullinger - improve test suite's use of zstd to decode a tar file * Mon Jul 27 2020 Fedora Release Engineering - 1.2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Apr 02 2020 Björn Esser - 1.2.3-2 - Fix string quoting for rpm >= 4.16 * Sat Mar 14 2020 Todd Zullinger - 1.2.3-1 - update to 1.2.3 * Tue Jan 28 2020 Fedora Release Engineering - 1.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Jan 14 2020 Todd Zullinger - 1.2.2-1 - update to 1.2.2 - adjust highlight requirement conditional for EL-7+ * Fri Aug 02 2019 Todd Zullinger - 1.2.1-5 - add missing zlib-devel BuildRequires, fixes FTBFS (#1737005) * Wed Jul 24 2019 Fedora Release Engineering - 1.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering - 1.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Aug 10 2018 Todd Zullinger - 1.2.1-2 - use git's default, collision-detecting SHA1 implementation - verify upstream GPG signatures in %%prep * Fri Aug 03 2018 Todd Zullinger - 1.2.1-1 - Update to 1.2.1, fixes directory traversal vulnerability * Fri Jul 13 2018 Todd Zullinger - 1.2-1 - Update to 1.2 - Include contrib dir in docs - Update example cgtirc settings * Thu Jul 12 2018 Fedora Release Engineering - 1.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 15 2018 Todd Zullinger - 1.1-11 - disable automatic compilation of *.py files outside of python sitelib - use %%bcond_(with|without) to toggle highlight - use %%autosetup macro - drop crufty curl-devel conditional - fix parallel make issues in docs - simplify README.SELinux install - use %%bcond_(with|without) to handle httpd-filesystem - avoid libcrypto.so requires - run test suite in %%check * Mon Jun 04 2018 Todd Zullinger - make config: drop redundant DESTDIR/INSTALL, add COPYTREE - remove env shebang's from filter scripts * Sun Feb 18 2018 Todd Zullinger - 1.1-10 - Use https for source URLs - Remove el5 conditionals - Use cgit.conf and config.mak for cgit/git build options - Drop obsolete %%{buildroot} cleanup - Add gcc and make BuildRequires * Wed Feb 07 2018 Fedora Release Engineering - 1.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 02 2017 Fedora Release Engineering - 1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Sun Jul 30 2017 Florian Weimer - 1.1-7 - Rebuild with binutils fix for ppc64le (#1475636) * Wed Jul 26 2017 Fedora Release Engineering - 1.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 24 2017 Todd Zullinger - 1.1-5 - Require webserver on all dists (#1468839) * Mon Jul 24 2017 Kevin Fenzi - 1.1-4 - Fix httpd requirements on epel7. Fixes bug #1468839 * Tue Mar 07 2017 Pavel Raiskup - 1.1-3 - suggest using correct selinux context (rhbz#1429790) * Fri Feb 10 2017 Fedora Release Engineering - 1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Nov 23 2016 Kevin Fenzi - 1.1-1 - Update to 1.1. Fixes bug #1397820 * Mon Sep 19 2016 Pavel Raiskup - 1.0-2 - ensure we inform about git bundling appropriately * Tue Jun 07 2016 Kevin Fenzi - 1.0-1 - Update to 1.0 * Wed Feb 03 2016 Fedora Release Engineering - 0.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Sat Jan 16 2016 Kevin Fenzi - 0.12-1 - Update to 0.12. Fixes bug #1298912 - Fixes CVE-2016-1899 CVE-2016-1900 CVE-2016-1901 * Sat Sep 05 2015 Kevin Fenzi 0.11.2-3 - Fix up logic around webserver and httpd. - On Fedora require webserver and httpd-filesystem - On EPEL require httpd. * Wed Jun 17 2015 Fedora Release Engineering - 0.11.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat Mar 14 2015 Kevin Fenzi 0.11.2-1 - Update to 0.11.2 * Tue Mar 10 2015 Kevin Fenzi 0.11.1-1 - Update to 0.11.1 * Mon Feb 16 2015 Kevin Fenzi 0.11.0-1 - Update to 0.11.0 * Mon Feb 09 2015 Pavel Raiskup - 0.10.2-5 - require "any" 'webserver' instead of concrete 'httpd' (#1138599) * Fri Aug 15 2014 Fedora Release Engineering - 0.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jul 08 2014 Pavel Raiskup - 0.10.2-3 - currently epel-7-ppc64 does not have highlight package (#1117261) * Tue Jul 08 2014 Pavel Raiskup - 0.10.2-2 - install README.SELinux documentation again (#1036123) - generate cgit.conf for httpd >= 2.4 when needed * Tue Jul 01 2014 Kevin Fenzi 0.10.2-1 - Update to 0.10.2. Fixes bug #1114970 * Wed Jun 11 2014 Kevin Fenzi 0.10.1-4 - Add patch to fix raw patch handling * Sat Jun 07 2014 Fedora Release Engineering - 0.10.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Mar 20 2014 Ville Skyttä - 0.10.1-2 - Include highlight styles in cgit.css * Thu Feb 27 2014 Kevin Fenzi 0.10.1-1 - Update to 0.10.1 - Correctly enable lua filters. * Wed Feb 19 2014 Kevin Fenzi 0.10-1 - Update to 0.10 * Sat Aug 03 2013 Fedora Release Engineering - 0.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon May 27 2013 Todd Zullinger - 0.9.2-1 - Update to 0.9.2, fixes CVE-2013-2117 * Wed Feb 13 2013 Fedora Release Engineering - 0.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Nov 21 2012 Kevin Fenzi 0.9.1-3 - Fixed ldflags. Fixes bug 878611 * Sat Nov 17 2012 Kevin Fenzi 0.9.1-2 - Add patch to use correct version of highlight for all branches except epel5 * Thu Nov 15 2012 Kevin Fenzi 0.9.1-1 - Update to 0.9.1 - Fixes bug #870714 - CVE-2012-4548 - Fixes bug #820733 - CVE-2012-4465 * Wed Jul 18 2012 Fedora Release Engineering - 0.9.0.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering - 0.9.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Jul 22 2011 Todd Zullinger - 0.9.0.2-2 - Fix potential XSS vulnerability in rename hint * Thu Jul 21 2011 Todd Zullinger - 0.9.0.2-1 - Update to 0.9.0.2 * Sun Mar 06 2011 Todd Zullinger - 0.9-1 - Update to 0.9 - Fixes: CVE-2011-1027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027 - Generate and install man page and html docs - Use libcurl-devel on RHEL >= 6 - Include example filter scripts - Update example cgitrc * Tue Feb 08 2011 Fedora Release Engineering - 0.8.2.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Sep 27 2010 Todd Zullinger - 0.8.2.1-4 - Appy upstream git patch for CVE-2010-2542 (#618108) * Fri Aug 21 2009 Tomas Mraz - 0.8.2.1-3 - rebuilt with new openssl * Fri Jul 24 2009 Fedora Release Engineering - 0.8.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sun Mar 15 2009 Todd Zullinger - 0.8.2.1-1 - Update to 0.8.2.1 * Mon Feb 23 2009 Fedora Release Engineering - 0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sun Feb 01 2009 Todd Zullinger - 0.8.2-1 - Update to 0.8.2 - Drop upstreamed Makefile patch * Sun Jan 18 2009 Todd Zullinger - 0.8.1-2 - Rebuild with new openssl * Mon Jan 12 2009 Todd Zullinger - 0.8.1-1 - Initial package