Blob Blame History Raw
%global _hardened_build 1

Name:             obs-signd
Summary:          The OBS sign daemon
License:          GPLv2
Group:            Applications/System
Version:          2.2.1
Release:          5%{?dist}
# Taken from upstream git
# git clone && cd obs-sign
# git checkout 2.2.1
# tar czvf obs-signd-2.2.1.tar.bz2 \
#   sign.8  sign.c  sign.conf  sign.conf.5  signd signd.8 obssignd
Source0:          obs-signd-%version.tar.bz2
# Upstream doesn't provide systemd service file
Source1:          signd.service
# We renamed the option in gnupg2 to 'file-is-digest'
Patch0:           obs-sign-rename-option-files-are-digests-to-file-is-digest.patch
Requires:         gnupg2
Requires(post):   systemd
Requires(preun):  systemd
Requires(postun): systemd
BuildRequires:    systemd

The OpenSUSE Build Service sign client and daemon.

This daemon can be used to sign anything via gpg by communicating
with a remote server to avoid the need to host the private key
on the same server.

%setup -q -c -n obs-signd-%version

%patch0 -p1

gcc %{optflags} -fPIC -pie -o sign sign.c

mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_sysconfdir}
install -d -m 0755 %{buildroot}%{_bindir}

# binaries and configuration
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_sysconfdir}
install -m 0755 signd %{buildroot}%{_sbindir}
install -m 0750 sign %{buildroot}%{_bindir}
install -m 0644 sign.conf %{buildroot}%{_sysconfdir}

# systemd service
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 %SOURCE1 %{buildroot}%{_unitdir}

# man pages
install -d -m 0755 %{buildroot}%{_mandir}/man{5,8}

for f in 5 8; do
  install -m 0644 sig*.${f} %{buildroot}%{_mandir}/man${f}/

getent group obsrun >/dev/null || %{_sbindir}/groupadd -r obsrun
getent passwd obsrun >/dev/null || \
  %{_sbindir}/useradd -r -s /bin/false -c "User for Open Build Service backend" \
                         -d %{_libdir}/obs -g obsrun obsrun
exit 0

%systemd_post signd.service

%systemd_preun signd.service

%systemd_postun_with_restart signd.service

%config(noreplace) %{_sysconfdir}/sign.conf
%verify(not mode) %attr(4750,root,obsrun) %{_bindir}/sign
%doc %{_mandir}/man*/*

* Fri Oct 03 2014 Josef Stribny <> - 2.2.1-5
- Add install section to unit file

* Tue Aug 26 2014 Josef Stribny <> - 2.2.1-4
- Enable Position-independent code (PIC)

* Mon Aug 25 2014 Josef Stribny <> - 2.2.1-3
- Create group or user only if it doesn't exist yet
- Remove explicit gzip of man pages

* Fri Aug 22 2014 Josef Stribny <> - 2.2.1-2
- Use macros where possible

* Fri May 23 2014 Josef Stribny <> 2.2.1-1
- Initial package