%global version 1.0.0.20241119.152340.g842be80 %global min_required_version_django 3.2 %if 0%{?fedora} < 41 %global psycopg_pkg python3-psycopg2 %else %global psycopg_pkg python3-psycopg3 %endif Name: osh Version: %{version} Release: 2%{?dist} License: GPL-3.0-or-later Summary: Static and Dynamic Analysis as a Service URL: https://github.com/openscanhub/openscanhub/ Source: https://github.com/openscanhub/openscanhub/archive/refs/tags/%{name}-%{version}.tar.gz BuildArch: noarch BuildRequires: koji BuildRequires: python3dist(django) >= %{min_required_version_django} BuildRequires: python3-csdiff BuildRequires: python3-devel BuildRequires: python3-kobo-client BuildRequires: python3-kobo-django BuildRequires: python3-kobo-hub BuildRequires: python3-kobo-rpmlib BuildRequires: %{psycopg_pkg} BuildRequires: python3-qpid-proton BuildRequires: python3-setuptools BuildRequires: python3-setuptools_scm BuildRequires: systemd-rpm-macros # make sure that shell completion dir macros are defined in the buildroot %{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions} %{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions} %description OpenScanHub is a service for static and dynamic analysis of RPM packages. It consists of central hub, workers and cli client. %package client Summary: OpenScanHub CLI client Requires: koji Requires: python3-kobo-client >= 0.15.1-100 Requires: %{name}-common = %{version}-%{release} # Although the package is named `osh-client`, users know it as `osh-cli` # because of how the executable is named. This makes it easier for them # to install it. Provides: osh-cli = %{version}-%{release} # This is kept here for backward compatibility with old package name Provides: covscan-client = %{version} Obsoletes: covscan-client < %{version} %description client OpenScanHub CLI client. It is used to submit, query and download scans. %package common Summary: OpenScanHub shared files for client, hub and worker Obsoletes: covscan-common < %{version} %description common OpenScanHub shared files for client, hub and worker. %package worker Summary: OpenScanHub worker Requires: csmock Requires: file Requires: koji Requires: python3-kobo-client Requires: python3-kobo-rpmlib Requires: python3-kobo-worker >= 0.36.1 Requires: %{name}-common = %{version}-%{release} Recommends: osh-worker-conf Obsoletes: covscan-worker < %{version} %description worker OpenScanHub worker. It is used to process tasks submitted to the hub. %package hub Summary: OpenScanHub xml-rpc interface and web application Requires: httpd Requires: mod_auth_gssapi Requires: mod_ssl Requires: python3dist(django) >= %{min_required_version_django} Requires: python3-kobo-client Requires: python3-kobo-django >= 0.35.0 Requires: python3-kobo-hub >= 0.35.0 Requires: python3-kobo-rpmlib Requires: python3-mod_wsgi # PostgreSQL adapter for python Requires: %{psycopg_pkg} Requires: gzip # inform ET about progress using UMB (Unified Message Bus) Requires: python3-qpid-proton # hub is interacting with brew Requires: koji # extract tarballs created by csmock Requires: xz Requires: csdiff Requires: python3-bugzilla Requires: python3-csdiff Requires: python3-jira # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2255013 %if 0%{?fedora} < 40 && 0%{?rhel} < 10 Requires(post): postgresql < 16 %else Requires(post): postgresql %endif Requires: %{name}-common = %{version}-%{release} Recommends: osh-hub-conf Obsoletes: covscan-hub < %{version} %description hub OpenScanHub xml-rpc interface and web application. %package worker-manager Summary: OpenScanHub worker manager Requires: %{name}-hub = %{version}-%{release} Requires: openssh-clients %description worker-manager OpenScanHub worker manager to dynamically create and destroy workers. %package hub-conf-devel Summary: OpenScanHub hub devel configuration Provides: osh-hub-conf = %{version}-%{release} Conflicts: osh-hub-conf Requires: httpd-filesystem Requires: osh-hub %description hub-conf-devel OpenScanHub hub devel configurations. %package worker-conf-devel Summary: OpenScanHub worker devel configuration Provides: osh-worker-conf = %{version}-%{release} Conflicts: osh-worker-conf %description worker-conf-devel OpenScanHub worker devel configurations. %prep %setup -q %build # Add -s to the shebang in osh/client/osh-cli: # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_shebang_macros # TODO: Remove this when we migrate to newer Python packaging macros which # do this automatically. %py3_shebang_fix osh/client/osh-cli # collect static files from Django itself PYTHONPATH=. osh/hub/manage.py collectstatic --noinput # set path to python sitelib in the example httpd config sed 's|@PYTHON3_SITELIB@|%{python3_sitelib}|' osh/hub/osh-hub-httpd.conf.in > osh/hub/osh-hub-httpd.conf %py3_build %install %py3_install # install the files collected by `manage.py collectstatic` cp -a {,%{buildroot}%{python3_sitelib}/}osh/hub/static/ # Temporarily provide /usr/bin/covscan for backward compatibility ln -s osh-cli %{buildroot}%{_bindir}/covscan # create /etc/osh/hub/secrets directory mkdir -p %{buildroot}%{_sysconfdir}/osh/hub/secrets # create /etc/osh/worker-manager directory mkdir -p %{buildroot}%{_sysconfdir}/osh/worker-manager # create /var/lib dirs mkdir -p %{buildroot}%{_sharedstatedir}/osh/hub/{tasks,upload,worker} # create log file mkdir -p %{buildroot}%{_localstatedir}/log/osh/hub touch %{buildroot}%{_localstatedir}/log/osh/hub/hub.log # copy checker_groups.txt cp -a osh/hub/scripts/checker_groups.txt %{buildroot}%{python3_sitelib}/osh/hub/scripts/ # make manage.py executable chmod 0755 %{buildroot}%{python3_sitelib}/osh/hub/manage.py # scripts are needed for setup.py, no longer needed rm -rf %{buildroot}%{python3_sitelib}/scripts # install example httpd config install -D {osh/hub,%{buildroot}%{_sysconfdir}/httpd/conf.d}/osh-hub-httpd.conf # keep configuration in `/etc` so that it can be overridden if /usr is read-only mv %{buildroot}%{python3_sitelib}/osh/hub/settings_local.py %{buildroot}%{_sysconfdir}/osh/hub ln -s %{_sysconfdir}/osh/hub/settings_local.py %{buildroot}%{python3_sitelib}/osh/hub/settings_local.py %files client %attr(755,root,root) %{_bindir}/osh-cli %{_bindir}/covscan %attr(644,root,root) %config(noreplace) %{_sysconfdir}/osh/client.conf %{bash_completions_dir} %{zsh_completions_dir} %{python3_sitelib}/osh/client %{python3_sitelib}/osh-*-py%{python3_version}.egg-info %files common %dir %{_sysconfdir}/osh %{python3_sitelib}/osh/common %{python3_sitelib}/osh/__init__.py* %{python3_sitelib}/osh/__pycache__ %dir %{python3_sitelib}/osh %dir %{_sharedstatedir}/osh %license LICENSE %files worker %{python3_sitelib}/osh/worker %{_unitdir}/osh-worker.service %attr(755,root,root) %{_sbindir}/osh-worker %dir %{_localstatedir}/log/osh %post client if test -f %{_sysconfdir}/covscan/covscan.conf; then mv %{_sysconfdir}/covscan/covscan.conf %{_sysconfdir}/osh/client.conf fi %post worker %systemd_post osh-worker.service %preun worker %systemd_preun osh-worker.service %postun worker %if 0%{?fedora} || 0%{?rhel} > 9 %systemd_postun_with_reload osh-worker.service %else # Reload service on package upgrade. if [ $1 -ge 1 ]; then # Service reloads using systemd-update-helper are broken on RHEL 9. systemctl reload osh-worker.service || : fi %endif %files worker-conf-devel %attr(640,root,root) %config(noreplace) %{_sysconfdir}/osh/worker.conf %files hub %{_sbindir}/osh-retention %{_sbindir}/osh-stats %{_sysconfdir}/osh/hub %{python3_sitelib}/osh/hub %{_unitdir}/osh-retention.* %{_unitdir}/osh-stats.* %exclude %{python3_sitelib}/osh/hub/scripts/osh-xmlrpc-client.py* %exclude %{python3_sitelib}/osh/hub/scripts/umb-emit.py* %exclude %{python3_sitelib}/osh/hub/settings_local.py* %exclude %{python3_sitelib}/osh/hub/settings_local.ci.py* %exclude %{python3_sitelib}/osh/hub/__pycache__/settings_local.* %exclude %{_sysconfdir}/osh/hub/settings_local.py* %dir %{_localstatedir}/log/osh # These files should be readable and writable by respective groups. %dir %attr(775,root,apache) %{_localstatedir}/log/osh/hub %attr(775,root,apache) %{_sharedstatedir}/osh/hub %ghost %attr(644,apache,apache) %{_localstatedir}/log/osh/hub/hub.log # These files contain secrets and should not be readable by others. %defattr(640,root,apache) %ghost %{_sharedstatedir}/osh/hub/secret_key %ghost %{_sysconfdir}/osh/hub/secrets/bugzilla_secret %ghost %{_sysconfdir}/osh/hub/secrets/jira_secret %post hub exec &>> %{_localstatedir}/log/osh/hub/post-install-%{name}-%{version}-%{release}.log # record timestamp echo -n '>>> ' date -R set -x umask 0026 if ! test -e %{_sharedstatedir}/osh/hub/secret_key; then # generate Django secret key for a fresh installation %{__python3} -c "from django.core.management.utils import get_random_secret_key print(get_random_secret_key())" > %{_sharedstatedir}/osh/hub/secret_key chgrp apache %{_sharedstatedir}/osh/hub/secret_key fi # this only takes an effect if PostgreSQL is running and the database exists if pg_isready -h localhost; then # run `manage.py` as the `apache` user to improve security and to prevent # the Python interpreter from creating an unowned byte-compiled module for # `settings_local.py` runuser -u apache -- %{python3_sitelib}/osh/hub/manage.py migrate fi %systemd_post osh-{retention,stats}.{service,timer} %preun hub %systemd_preun osh-{retention,stats}.{service,timer} %postun hub %systemd_postun osh-{retention,stats}.{service,timer} %files worker-manager %{_bindir}/osh-worker-manager %{_sysconfdir}/osh/worker-manager %files hub-conf-devel %{python3_sitelib}/osh/hub/settings_local.py %config(noreplace) %{_sysconfdir}/osh/hub/settings_local.py %config(noreplace) %{_sysconfdir}/httpd/conf.d/osh-hub-httpd.conf %ghost %attr(640,root,apache) %{_sysconfdir}/osh/hub/secrets/db_password %changelog * Mon Apr 22 2024 Siteshwar Vashisht - 1.0.0-2 - add subpackage for osh-worker-manager * Mon Apr 15 2024 Siteshwar Vashisht - 1.0.0-1 - use Fedora production deployment as the default hub URL * Tue Feb 13 2024 Kamil Dudka - 0.9.7-1 - stabilize a new version of osh-client * Tue Dec 19 2023 Kamil Dudka - 0.9.6-1 - stabilize a new version of osh-client * Tue Oct 24 2023 Kamil Dudka - 0.9.5-1 - stabilize a new version of osh-client * Tue Sep 05 2023 Kamil Dudka - 0.9.4-1 - stabilize a new version of osh-client * Wed May 17 2023 Kamil Dudka - 0.9.3-1 - rename covscan-* packages to osh-* * Tue Apr 25 2023 Lukáš Zaoral - 0.9.2-1 - revert osh-cli to use an absolute path to python3 * Fri Apr 14 2023 Kamil Dudka - 0.9.1-1 - let osh-cli use hub URL with the new /osh prefix * Thu Mar 16 2023 Kamil Dudka - 0.9.0-1 - stabilize the refactored version of covscan-client * Thu Sep 01 2022 Siteshwar Vashisht - 0.8.2-2 - Add mod_ssl as runtime dependency * Wed Aug 24 2022 Kamil Dudka - 0.8.2-1 - update production hub URL in default configuration of covscan-client * Fri Jun 17 2022 Kamil Dudka - 0.8.1-1 - bump version to make upgrades to git snapshots work again * Thu Apr 07 2022 Lumír Balhar - 0.8.0-3 - Reorganize specfile and add covscan-common * Mon Mar 14 2022 Kamil Dudka - 0.8.0-2 - add obsoletes to ease upgrade * Thu Jan 20 2022 Kamil Dudka - 0.8.0-1 - drop support for python 2.x and django 1.x - new major release * Thu Nov 04 2021 Kamil Dudka - 0.7.2-1 - new release * Thu Mar 25 2021 Kamil Dudka - 0.7.1-1 - new release * Tue Dec 22 2020 Kamil Dudka - 0.7.0-1 - new release * Thu Oct 24 2019 Matej Mužila - 0.6.12-3 - spec changes to build python3 covscan * Thu Sep 19 2019 Kamil Dudka - 0.6.12-2 - explicitly require python2-* build dependencies * Tue Sep 03 2019 Kamil Dudka - 0.6.12-1 - new release * Fri Oct 19 2018 Kamil Dudka - 0.6.11-1 - new release * Mon Aug 13 2018 Kamil Dudka - 0.6.10-1 - new release * Fri Oct 20 2017 Kamil Dudka - 0.6.9-1 - new release * Mon Jun 26 2017 Kamil Dudka - 0.6.8-1 - new release * Tue Apr 12 2016 Kamil Dudka - 0.6.7-2 - bump release to force update if stale covscan-testing packages are installed * Thu Aug 20 2015 Kamil Dudka - 0.6.7-1 - 0.6.7 bugfix release * Wed Aug 12 2015 Kamil Dudka - 0.6.6-1 - 0.6.6 bugfix release - update the list of dependencies - create empty /var/log/covscanhub.log unless it exists already * Thu Feb 19 2015 Tomas Tomecek - 0.6.5-1 - 0.6.5 bugfix release * Wed Dec 10 2014 Tomas Tomecek - 0.6.4-1 - update CLI docs (--help) and homepage - workaround a race on server when running multiple tasks * Tue Nov 04 2014 Tomas Tomecek - 0.6.3-1 - enable passing args to csmock from client - fix several TBs * Mon Oct 20 2014 Tomas Tomecek - 0.6.2-1 - enable submitting prio from cli - pass cmock args to version task * Mon Oct 13 2014 Tomas Tomecek - 0.6.1-1 - bugfix update: fix version-diff-build * Sat Oct 11 2014 Tomas Tomecek - 0.6.0-1 - 0.6.0 release - add profiles * Thu Sep 25 2014 Tomas Tomecek - 0.6.0-1.a - 0.6.0a alpha release * Mon Aug 04 2014 Tomas Tomecek - 0.5.2-1 - add DB fixtures to package * Mon Aug 04 2014 Tomas Tomecek - 0.5.1-1 - fixes for reworked scheduler * Wed Jan 8 2014 Tomas Tomecek - 0.4.4-1 - remove brewkoji dependency * Sun Nov 17 2013 Tomas Tomecek - 0.4.3-1 - hub update (django and kobo rebase) * Fri Oct 18 2013 Tomas Tomecek - 0.4.2-2 - update kobo dependency (0.4.1 should be fine) - add scriptlets for handling issues with kobo-0.4.0 * Mon Sep 30 2013 Tomas Tomecek - 0.4.1-2 - make dependency to kobo 0.3.8 (0.4 is broken currently) * Fri Sep 13 2013 Tomas Tomecek - 0.4.1-1 - improve stats - bugfixes * Wed Sep 11 2013 Tomas Tomecek - 0.4.0-1 - new version of hub and client * Mon Jun 03 2013 Tomas Tomecek - 0.3.2-3 - store provider requests in DB (hub) * Thu May 23 2013 Tomas Tomecek - 0.3.2-2 - New release of hub, bugfixes and RFEs - Getting ready for 6.5 scanning * Thu May 23 2013 Tomas Tomecek - 0.3.2-1 - Update to version 0.3.2 * Wed Apr 24 2013 Tomas Tomecek - 0.3.1-1 - Update to version 0.3.1 * Fri Apr 5 2013 Tomas Tomecek - 0.3.0-1 - Update for hub and worker - ET pilot * Fri Mar 15 2013 Tomas Tomecek - 0.2.3-1 - Let client depend on brewkoji - new version * Thu Jan 24 2013 Tomas Tomecek - 0.2.2-2 - Tarball extraction fix * Wed Jan 09 2013 Tomas Tomecek - 0.2.2-1 - Added support for multiple new options (CLI) * Tue Nov 06 2012 Tomas Tomecek - 0.2.1-2 - Updated requirements for hub and worker * Thu Nov 1 2012 Tomas Tomecek - 0.2.1-1 - Added version-diff-build (CLI, HUB, worker) - Improved WebUI (scans, waiver) (HUB) - Implemented functionality for ET scans (HUB, worker) - Fixed several bugs on worker (worker) - Tarball on hub is now automatically extracted (worker, HUB) - You may browse more types of log files (.out, .html, etc.) (HUB) * Thu Dec 8 2011 Daniel Mach - 0.2.0-1 - Implement a mock-build command and brew build support. (Daniel Mach) - Minor tweaks to hub settings and client configuration. (Daniel Mach) - Add a --timeout option to the diff-build command. (Daniel Mach) * Tue Jun 14 2011 Daniel Mach - 0.1.0-1 - Initial build.