%global _hardened_build 1 %global srcname ejabberd # Since we require the version in both BuildRequires and Requires, let's make these variables for # easier maintenance. %global cache_tab_ver 1.0.19 %global eimp_ver 1.0.11 %global epam_ver 1.0.6 %global esip_ver 1.0.29 %global ezlib_ver 1.0.6 %global fast_tls_ver 1.1.1 %global fast_xml_ver 1.1.36 %global fast_yaml_ver 1.0.19 %global luerl_ver 0.3 %global mqtree_ver 1.0.3 %global p1_mysql_ver 1.0.11 %global p1_oauth2_ver 0.6.5 %global p1_pgsql_ver 1.1.8 %global p1_utils_ver 1.0.15 %global pkix_ver 1.0.2 %global stringprep_ver 1.0.16 %global stun_ver 1.0.28 %global xmpp_ver 1.3.4 # Define SELinux policy variables %global selinuxtype targeted %global selinux_policyver 3.14.2 %global moduletype contrib %global modulename ejabberd Name: ejabberd Version: 19.05 Release: 1%{?dist} BuildArch: noarch License: GPLv2+ Summary: A distributed, fault-tolerant Jabber/XMPP server URL: https://www.ejabberd.im/ VCS: scm:git:https://github.com/processone/ejabberd.git Source0: https://github.com/processone/%{name}/archive/%{version}/%{name}-%{version}.tar.gz Source2: ejabberd.logrotate # Support for systemd Source4: ejabberd.service # PAM support Source9: ejabberdctl.pam Source11: ejabberd.pam # polkit support Source12: ejabberdctl.polkit.actions Source13: ejabberdctl.polkit.rules # SELinux module Source14: ejabberd.te Source15: ejabberd.fc Source16: ejabberd.if # Fedora-specific Patch3: ejabberd-0003-Install-into-BINDIR-instead-of-SBINDIR.patch # Fedora-specific Patch4: ejabberd-0004-Enable-systemd-notification-if-available.patch BuildRequires: elixir >= 1.4.4 BuildRequires: erlang-cache_tab >= %{cache_tab_ver} BuildRequires: erlang-eimp >= %{eimp_ver} BuildRequires: erlang-epam >= %{epam_ver} BuildRequires: erlang-esip >= %{esip_ver} BuildRequires: erlang-ezlib >= %{ezlib_ver} BuildRequires: erlang-fast_tls >= %{fast_tls_ver} BuildRequires: erlang-fast_xml >= %{fast_xml_ver} BuildRequires: erlang-fast_yaml >= %{fast_yaml_ver} BuildRequires: erlang-jiffy >= 0.14.8 BuildRequires: erlang-jose >= 1.8.4 BuildRequires: erlang-lager >= 3.6 BuildRequires: erlang-luerl >= %{luerl_ver} BuildRequires: erlang-mqtree >= %{mqtree_ver} BuildRequires: erlang-odbc BuildRequires: erlang-p1_mysql >= %{p1_mysql_ver} BuildRequires: erlang-p1_oauth2 >= %{p1_oauth2_ver} BuildRequires: erlang-p1_pgsql >= %{p1_pgsql_ver} BuildRequires: erlang-p1_utils >= %{p1_utils_ver} BuildRequires: erlang-pkix >= %{pkix_ver} BuildRequires: erlang-rebar BuildRequires: erlang-riak_client BuildRequires: erlang-sd_notify BuildRequires: erlang-stringprep >= %{stringprep_ver} BuildRequires: erlang-stun >= %{stun_ver} BuildRequires: erlang-xmpp >= %{xmpp_ver} BuildRequires: expat-devel >= 1.95 BuildRequires: git BuildRequires: libyaml-devel >= 0.1.4 BuildRequires: openssl-devel >= 1.0.0 BuildRequires: pam-devel BuildRequires: selinux-policy-devel BuildRequires: autoconf BuildRequires: automake # For creating user and group Requires(pre): shadow-utils Requires(post): /usr/bin/openssl Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Provides: user(%{name}) Provides: group(%{name}) Requires: ejabberd-selinux == %{version}-%{release} # From rebar Requires: elixir >= 1.4.4 Requires: erlang-cache_tab >= %{cache_tab_ver} Requires: erlang-eimp >= %{eimp_ver} Requires: erlang-epam >= %{epam_ver} Requires: erlang-esip >= %{esip_ver} Requires: erlang-ezlib >= %{ezlib_ver} Requires: erlang-fast_tls >= %{fast_tls_ver} Requires: erlang-fast_xml >= %{fast_xml_ver} Requires: erlang-fast_yaml >= %{fast_yaml_ver} Requires: erlang-jiffy >= 0.14.8 Requires: erlang-jose >= 1.8.4 Requires: erlang-lager >= 3.6 Requires: erlang-luerl >= %{luerl_ver} Requires: erlang-mqtree >= %{mqtree_ver} Requires: erlang-os_mon Requires: erlang-p1_mysql >= %{p1_mysql_ver} Requires: erlang-p1_oauth2 >= %{p1_oauth2_ver} Requires: erlang-p1_pgsql >= %{p1_pgsql_ver} Requires: erlang-p1_utils >= %{p1_utils_ver} Requires: erlang-pkix >= %{pkix_ver} Requires: erlang-stringprep >= %{stringprep_ver} Requires: erlang-stun >= %{stun_ver} Requires: erlang-xmpp >= %{xmpp_ver} # We install a logrotate.d file Requires: logrotate # for /usr/bin/pkexec Requires: polkit # for flock in ejabberdctl Requires: util-linux %description ejabberd is a Free and Open Source distributed fault-tolerant Jabber/XMPP server. It is mostly written in Erlang, and runs on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris, Mac OS X and Windows NT/2000/XP). %package selinux BuildArch: noarch Summary: SELinux policy for ejabberd Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): libselinux-utils Requires(post): policycoreutils Requires(post): policycoreutils-python-utils %description selinux This is the SELinux policy for ejabberd. %prep %autosetup -p1 # Upstream seems to import erlang-xmpp and erlang-fast_xml in a way that isn't compatible with them # being system libraries. We need to patch the include statements to fix this. # https://github.com/processone/ejabberd/pull/1446/ find . -name "*.hrl" | xargs sed -i \ "s/include(\"fxml.hrl/include_lib(\"fast_xml\/include\/fxml.hrl/" find . -name "*.erl" | xargs sed -i "s/include(\"jid.hrl/include_lib(\"xmpp\/include\/jid.hrl/" find . -name "*.hrl" | xargs sed -i "s/include(\"ns.hrl/include_lib(\"xmpp\/include\/ns.hrl/" find . -name "*.erl" | xargs sed -i "s/include(\"xmpp.hrl/include_lib(\"xmpp\/include\/xmpp.hrl/" find . -name "*.hrl" | xargs sed -i \ "s/include(\"xmpp_codec.hrl/include_lib(\"xmpp\/include\/xmpp_codec.hrl/" # A few dependencies are configured to be found in the deps folder instead of in system libs # https://github.com/processone/ejabberd/issues/1850 perl -p -i -e "s|deps/p1_utils/include|$(rpm -ql erlang-p1_utils | grep -E '/include$' )|g" rebar.config perl -p -i -e "s|deps/fast_xml/include|$(rpm -ql erlang-fast_xml | grep -E '/include$' )|g" rebar.config perl -p -i -e "s|deps/xmpp/include|$(rpm -ql erlang-xmpp | grep -E '/include$' )|g" rebar.config cp %{S:14} %{S:15} %{S:16} . %build autoreconf -ivf %configure --disable-graphics --enable-odbc --enable-mysql --enable-pgsql --enable-pam --enable-zlib --enable-debug --enable-lager --libdir=%{_libdir}/erlang/lib/ --with-erlang=%{_libdir}/erlang/ --enable-system-deps --enable-stun %{erlang_compile} # Build the SELinux policy make NAME=ejabberd -f /usr/share/selinux/devel/Makefile DISTRO=fedora%{fedora} bzip2 ejabberd.pp %install %{erlang_install} sed -e "s*{{rootdir}}*%{_prefix}*" \ -e "s*{{installuser}}*%{name}*" \ -e "s*{{bindir}}*%{_bindir}*" \ -e "s*{{libdir}}*%{_erllibdir}*" \ -e "s*{{sysconfdir}}*%{_sysconfdir}*" \ -e "s*{{localstatedir}}*/var*" \ -e "s*{{docdir}}*%{_datadir}/doc/%{name}*" \ -e "s*{{erl}}*%{_bindir}/erl*" \ -e "s*{{epmd}}*%{_bindir}/epmd*" ejabberdctl.template \ > ejabberdctl.example install -d -m 0750 %{buildroot}%{_sysconfdir}/%{name} install -D -p -m 0644 ejabberd.yml.example %{buildroot}%{_sysconfdir}/%{name}/ejabberd.yml install -D -p -m 0644 ejabberdctl.cfg.example %{buildroot}%{_sysconfdir}/%{name}/ejabberdctl.cfg install -D -p -m 0644 inetrc %{buildroot}%{_sysconfdir}/%{name}/inetrc install -D -p -m 0755 ejabberdctl.example %{buildroot}%{_bindir}/ejabberdctl install -d -m 0750 %{buildroot}/var/lib/ejabberd install -d -m 0750 %{buildroot}/var/lock/ejabberdctl install -d -m 0750 %{buildroot}/var/log/ejabberd # fix example SSL certificate path to real one, which we created recently (see above) %{__perl} -pi -e 's!/path/to/ssl.pem!/etc/ejabberd/ejabberd.pem!g' %{buildroot}/etc/ejabberd/ejabberd.yml install -D -p -m 0755 tools/captcha.sh %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/bin/captcha.sh # fix captcha path %{__perl} -pi -e 's!/lib/ejabberd/priv/bin/captcha.sh!%{_libdir}/%{name}/priv/bin/captcha.sh!g' %{buildroot}/etc/ejabberd/ejabberd.yml install -D -p -m 0644 %{S:9} %{buildroot}%{_sysconfdir}/pam.d/ejabberdctl install -D -p -m 0644 %{S:11} %{buildroot}%{_sysconfdir}/pam.d/ejabberd # install systemd entry install -D -m 0644 -p %{S:4} %{buildroot}%{_unitdir}/%{name}.service # install config for logrotate install -D -p -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/logrotate.d/ejabberd # create room for additional files (such as SQL schemas) install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ # install sql-scripts for creating db schemes for various RDBMS install -p -m 0644 sql/lite.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/mssql.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/mysql.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ install -p -m 0644 sql/pg.sql %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/sql/ # Install css files install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/css install -p -m 0644 priv/css/* %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/css/ # Install img files install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/img install -p -m 0644 priv/img/* %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/img/ # Install js files install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/js install -p -m 0644 priv/js/* %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/js/ # Install lua files install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/lua install -p -m 0644 priv/lua/* %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/lua/ install -d -m 0755 %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/msgs/ install -p -m 0644 priv/msgs/*.msg %{buildroot}%{_erllibdir}/%{name}-%{version}/priv/msgs/ # Install polkit-related files install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/actions/ejabberdctl.policy install -D -p -m 0644 %{S:13} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules # Install the SELinux policy install -d %{buildroot}%{_datadir}/selinux/packages install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} install -p -m 0644 ejabberd.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} install -p -m 0644 ejabberd.pp.bz2 %{buildroot}%{_datadir}/selinux/packages %check %{rebar_eunit} %pre getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || \ useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -M \ -c "ejabberd" %{name} 2>/dev/null || : if [ $1 -gt 1 ]; then # we should backup DB in every upgrade if ejabberdctl status >/dev/null ; then # Use timestamp to make database restoring easier TIME=$(date +%%Y-%%m-%%dT%%H:%%M:%%S) BACKUPDIR=$(mktemp -d -p /var/tmp/ ejabberd-$TIME.XXXXXX) chown ejabberd:ejabberd $BACKUPDIR BACKUP=$BACKUPDIR/ejabberd-database ejabberdctl backup $BACKUP # Change ownership to root:root because ejabberd user might be # removed on package removal. chown -R root:root $BACKUPDIR chmod 700 $BACKUPDIR echo echo The ejabberd database has been backed up to $BACKUP. echo fi # fix cookie path (since ver. 2.1.0 cookie stored in /var/lib/ejabberd/spool # rather than in /var/lib/ejabberd if [ -f /var/lib/ejabberd/spool/.erlang.cookie ]; then cp -pu /var/lib/ejabberd/{spool/,}.erlang.cookie echo echo The ejabberd cookie file was moved again. echo Please delete old one from /var/lib/ejabberd/spool/.erlang.cookie echo fi fi %pre selinux %selinux_relabel_pre -s %{selinuxtype} %post %systemd_post %{name}.service # Create SSL certificate with default values if it doesn't exist (cd /etc/ejabberd if [ ! -f ejabberd.pem ] then echo "Generating SSL certificate /etc/ejabberd/ejabberd.pem..." HOSTNAME=$(hostname -s 2>/dev/null || echo "localhost") DOMAINNAME=$(hostname -d 2>/dev/null || echo "localdomain") openssl req -new -x509 -days 365 -nodes -out ejabberd.pem \ -keyout ejabberd.pem > /dev/null 2>&1 <<+++ . . . $DOMAINNAME $HOSTNAME ejabberd root@$HOSTNAME.$DOMAINNAME +++ chown ejabberd:ejabberd ejabberd.pem chmod 600 ejabberd.pem fi) %post selinux %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2 %posttrans selinux /usr/sbin/restorecon -i -R /var/lib/ejabberd/ /usr/sbin/restorecon -i -R /var/log/ejabberd/ %selinux_relabel_post -s %{selinuxtype} %preun %systemd_preun %{name}.service %postun %systemd_postun_with_restart %{name}.service %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} %{modulename} fi %files %license COPYING %doc CHANGELOG.md CONTRIBUTING.md CONTRIBUTORS.md README.md %attr(750,ejabberd,ejabberd) %dir %{_sysconfdir}/ejabberd %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/ejabberd.yml %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/ejabberdctl.cfg %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/inetrc %{_unitdir}/%{name}.service %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/ejabberdctl %{_datadir}/polkit-1/actions/ejabberdctl.policy %{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules %{_bindir}/ejabberdctl %{_erllibdir}/%{name}-%{version} %attr(750,ejabberd,ejabberd) %dir /var/lib/ejabberd %attr(750,ejabberd,ejabberd) %dir /var/log/ejabberd %files selinux %{_datadir}/selinux/devel/include/%{moduletype}/ejabberd.if %{_datadir}/selinux/packages/ejabberd.pp.bz2 %changelog * Wed Jun 05 2019 Randy Barlow - 19.05-1 - Update to 19.05. - https://blog.process-one.net/ejabberd-19-05/ * Sat Apr 13 2019 Randy Barlow - 19.02-1 - Update to 19.02 (#1683310). - https://blog.process-one.net/ejabberd-19-02-the-mqtt-edition/ * Thu Jan 31 2019 Fedora Release Engineering - 18.12.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Dec 28 2018 Randy Barlow - 18.12.1-1 - Update to 18.12.1. - https://blog.process-one.net/ejabberd-18-12-1/ * Sun Dec 09 2018 Randy Barlow - 18.09-3 - Include CSS, image, JavaScript, and Lua files (#1651809). * Tue Dec 04 2018 Xavier Bachelot - 18.09-2 - Add upstream patch to fix missing stun module options in conf validator. * Sun Oct 14 2018 Randy Barlow - 18.09-1 - Upgrade to 18.09. - https://blog.process-one.net/ejabberd-18-09/ * Thu Sep 06 2018 Randy Barlow - 18.06-3 - Refactor to use Fedora SELinux macros documented at https://fedoraproject.org/wiki/SELinux/IndependentPolicy. * Fri Aug 31 2018 Randy Barlow - 18.06-2 - Use erl and epmd symlinks from bindir instead of trying to use the archful ones (#1573006). * Sun Jul 29 2018 Randy Barlow - 18.06-1 - Update to 18.06 (#1596197). - https://blog.process-one.net/ejabberd-18-06/ * Thu Jul 12 2018 Fedora Release Engineering - 18.04-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sat Jun 09 2018 Randy Barlow - 18.04-2 - Correct a typo in the oauth2 requires macro. * Sat Jun 09 2018 Randy Barlow - 18.04-1 - Upgrade to 18.04 (#1571775). - Use TLS for the URL. - https://blog.process-one.net/ejabberd-18-04/ * Mon Jun 04 2018 Randy Barlow - 18.03-3 - Use the correct path to epmd in ejabberdctl (#1573006). * Sat Mar 31 2018 Jeremy Cline - 18.03-2 - Allow PostgreSQL and MySQL database connections in SELinux policy * Mon Mar 26 2018 Randy Barlow - 18.03-1 - Update to 18.03 (#1560117). - https://blog.process-one.net/ejabberd-18-03/ * Sun Mar 25 2018 Randy Barlow - 18.1.0-2 - Convert to a noarch package. * Tue Feb 13 2018 Randy Barlow - 18.1.0-1 - Update to 18.1.0 (#1537324). - Require erlang-os_mon (#1542927). * Wed Feb 07 2018 Fedora Release Engineering - 18.01-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Jan 13 2018 Randy Barlow - 18.01-1 - Update to 18.01 (#1516062). - https://blog.process-one.net/ejabberd-17-11-happy-birthday-ejabberd/ - https://blog.process-one.net/ejabberd-17-12/ - https://blog.process-one.net/ejabberd-18-01/ - Require the selinux policy to be installed. - Allow port 5281 in the SELinux policy (#1494854).