%define haproxy_user    haproxy
%define haproxy_group   %{haproxy_user}
%define haproxy_home    %{_localstatedir}/lib/haproxy
%define haproxy_confdir %{_sysconfdir}/haproxy
%define haproxy_datadir %{_datadir}/haproxy

%global _hardened_build 1

%define real_name haproxy20

Name:           haproxy
Version:        2.0.14
Release:        1%{?dist}
Summary:        Do not ship, install or use this, use %{real_name} subpackage instead

License:        GPLv2+

URL:            http://www.haproxy.org/
Source0:        http://www.haproxy.org/download/2.0/src/haproxy-%{version}.tar.gz

Patch0:         /0001-BUG-MINOR-protocol_buffer-Wrong-maximum-shifting.patch

BuildRequires:  openssl-devel
BuildRequires:  pcre-devel
BuildRequires:  zlib-devel

%package -n %{real_name}
Summary:            TCP/HTTP proxy and load balancer for high availability environments
Group:              System Environment/Daemons
Requires(pre):      shadow-utils

Conflicts:          haproxy

%description
This is a cut-down build for the OpenShift router; use as %{real_name} subpackage

%description -n %{real_name}
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
 - route HTTP requests depending on statically assigned cookies
 - spread load among several servers while assuring server persistence
   through the use of HTTP cookies
 - switch to backup servers in the event a main server fails
 - accept connections to special ports dedicated to service monitoring
 - stop accepting connections without breaking existing ones
 - add, modify, and delete HTTP headers in both directions
 - block requests matching particular patterns
 - report detailed status to authenticated users from a URI
   intercepted by the application

%prep
%setup -q
%patch0 -p1

%build
regparm_opts=
%ifarch %ix86 x86_64
regparm_opts="USE_REGPARM=1"
%endif

%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 ${regparm_opts} ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}"

%install
%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux-glibc"
%{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}

%{__install} -d -m 0755 %{buildroot}%{haproxy_home}
%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}

for textfile in $(find ./ -type f -name "*.txt" -o -name README)
do
    %{__mv} $textfile $textfile.old
    iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old
    %{__rm} -f $textfile.old
done

%pre -n %{real_name}
getent group %{haproxy_group} >/dev/null || groupadd -f -g 188 -r %{haproxy_group}
if ! getent passwd %{haproxy_user} >/dev/null ; then
    if ! getent passwd 188 >/dev/null ; then
	useradd -r -u 188 -g %{haproxy_group} -d %{haproxy_home} -s /sbin/nologin -c "haproxy" %{haproxy_user}
    else
	useradd -r -g %{haproxy_group} -d %{haproxy_home} -s /sbin/nologin -c "haproxy" %{haproxy_user}
    fi
fi

%files -n %{real_name}
%defattr(-,root,root,-)
%doc doc/* examples/
%doc CHANGELOG LICENSE README ROADMAP VERSION
%{_mandir}/man1/*
%{_sbindir}/%{name}

%changelog
* Tue Apr 14 2020 Andrew McDermott <amcdermo@redhat.com> - 2.0.14-1
- Bump to 2.0.14

* Wed Apr 01 2020 Dan Mace <dmace@redhat.com> - 2.0.13-3
- Resolve CVE-2020-11100 (https://bugzilla.redhat.com/show_bug.cgi?id=1819111)

* Mon Feb 17 2020 Andrew McDermott <amcdermo@redhat.com> - 2.0.13-2
- Correct changelog, remove unused patch

* Mon Feb 17 2020 Andrew McDermott <amcdermo@redhat.com> - 2.0.13-1
- Bump to 2.0.13

* Fri Jan 03 2020 Andrew McDermott <amcdermo@redhat.com> - 2.0.12-1
- Bump to 2.0.12

* Tue Dec 17 2019 Andrew McDermott <amcdermo@redhat.com> - 2.0.11-2
- Disable LUA

* Fri Dec 13 2019 Andrew McDermott <amcdermo@redhat.com> - 2.0.11-1
- initial packaging