%global	commit		00b264b5537986fecfa1013cc27ad3b7b771a646
%global	shortcommit	%(c=%{commit}; echo ${c:0:7})

# Checks may only be ran from a host with internet connection
#% global runcheck	0

%global hitch_user	hitch
%global hitch_group	hitch
%global hitch_homedir	%{_localstatedir}/lib/hitch
%global hitch_confdir	%{_sysconfdir}/hitch
%global hitch_datadir	%{_datadir}/hitch

%global _hardened_build 1

Name:		hitch
Version:	1.0.0
Release:	0.3.4.beta3%{?dist}
Summary:	Network proxy that terminates TLS/SSL connections

Group:		System Environment/Daemons
License:	BSD
URL:		https://github.com/varnish/hitch
Source0:	https://github.com/varnish/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz

BuildRequires:	libev-devel
BuildRequires:	openssl-devel
BuildRequires:	openssl
BuildRequires:	libtool
Requires:	openssl

Patch0:		hitch.systemd.service.patch
Patch1:		hitch.initrc.redhat.patch
# POS36-C correct revocation order while relinquishing privileges
Patch2:		hitch-1.0.0-beta3.setgroups.patch
# Fixes a bug in the test suite that leaves running processes behind
Patch3:		hitch.clean_test_processes.patch
Patch4:		hitch.test07_missing_curl_resolve_on_el6.patch

%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRequires: systemd
%else
Requires(preun): initscripts
%endif

%description
hitch is a network proxy that terminates TLS/SSL connections and forwards the
unencrypted traffic to some backend. It is designed to handle 10s of thousands
of connections efficiently on multicore machines.

%prep
%setup -qn %{name}-%{commit}
%patch0
%patch1
%patch2 -p1
%patch3
%if 0%{?rhel} == 6
%patch4
%endif


%build
./bootstrap

%if 0%{?rhel} == 6
CFLAGS="%{optflags} -fPIE"
LDFLAGS=" -pie"
CPPFLAGS=" -I%{_includedir}/libev"
export CFLAGS
export LDFLAGS
export CPPFLAGS
%endif

%configure
make %{?_smp_mflags}


%install
%make_install
%{buildroot}%{_sbindir}/hitch-openssl --default-config | sed '
	s/user = ""/user = "%{hitch_user}"/g;
	s/group = ""/group = "%{hitch_group}"/g;
	s/backend = "\[127.0.0.1\]:8000"/backend = "[127.0.0.1]:6081"/g;
	s/syslog = off/syslog = on/g;
	' > hitch.conf
%if 0%{?rhel} == 6
	sed -i 's/daemon = off/daemon = on/g;' hitch.conf
%endif
install -p -D -m 0644 hitch.conf %{buildroot}%{_sysconfdir}/hitch/hitch.conf
install -d -m 0755 %{buildroot}%{hitch_homedir}
install -d -m 0755 %{buildroot}%{hitch_datadir}
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
install -p -D -m 0644 hitch.service %{buildroot}%{_unitdir}/hitch.service
install -p -D -m 0644 hitch.tmpfilesd.conf %{buildroot}%{_tmpfilesdir}/hitch.conf
%else
install -p -D -m 0755 hitch.initrc.redhat %{buildroot}%{_initrddir}/hitch
install -d -m 0755 %{buildroot}%{_localstatedir}/run/hitch
%endif

# check is not enabled by default, as it won't work on the koji builders, 
# nor on machines that can't reach the Internet. 
%check
%if 0%{?runcheck} == 1
cd tests; ./runtests
%endif

%pre
groupadd -r %{hitch_group} &>/dev/null ||:
useradd -r -g %{hitch_group} -s /sbin/nologin -d %{hitch_homedir} %{hitch_user} &>/dev/null ||:


%post
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%systemd_post hitch.service
%tmpfiles_create %{_tmpfilesdir}/hitch.conf
%else
/sbin/chkconfig --add hitch
%endif

%preun
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%systemd_preun hitch.service
%else
/sbin/service hitch stop > /dev/null 2>&1
/sbin/chkconfig --del hitch
%endif


%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%postun
%systemd_postun_with_restart hitch.service
%endif


%files
%doc README.md
%if 0%{?rhel} == 6
%doc LICENSE
%else
%license LICENSE
%endif
%{_sbindir}/hitch-openssl
%{_mandir}/man8/hitch.8*
%dir %{_sysconfdir}/hitch
%config(noreplace) %{_sysconfdir}/hitch/hitch.conf
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%{_unitdir}/hitch.service
%{_tmpfilesdir}/hitch.conf
%ghost %verify(not md5 size mtime)  /run/hitch/hitch.pid

%else
%{_initrddir}/hitch
%attr(0755,hitch,hitch) %dir %{_localstatedir}/run/hitch
%attr(0644,hitch,hitch) %ghost %verify(not md5 size mtime)  %{_localstatedir}/run/hitch/hitch.pid
%endif


%changelog
* Sun Jul 19 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.4.beta3
- Some more fixes for the fedora package review, ref Cicku

* Thu Jul 16 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.3.beta3
- Some more fixes for the fedora package review, ref Jeff Backus

* Fri Jun 26 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.2.beta3
- Added _hardened_build macro and PIE on el6

* Thu Jun 25 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.1.beta3
- Some fixes for the fedora package review, ref Sören Möller
- Now runs the test suite in check, adding BuildRequire openssl
- Added a patch that fixed missing cleaning running daemons from test suite
- Added a patch that made test07 run on older curl (epel6)
- Package owns /etc/hitch
- Added pidfile to systemd and tmpfiles.d configuration
- Added pidfile to redhat sysv init script

* Wed Jun 10 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 1.0.0-0.3.beta3
- Initial wrap for fedora