# COPR Ligenix's spec file for librenms
#
# This spec file is mostly the doc file
#
# Copyright (c) 2023-2023 Jean-Marc Liger 
#
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#

%global useselinux 1

%if 0%{?fedora} || 0%{?rhel} >= 8
# httpd 2.4 with httpd-filesystem
%global with_httpd 1
# nginx 1.6 with nginx-filesystem
%global with_nginx 1
%else
%global with_httpd 0
%global with_nginx 0
%endif

%global version_release 23.8.0
%global vendor_install 20230820

%global version_string %{version_release}-%{vendor_install}
%global version_major %(ver=%{version_string}; echo ${ver%.*.*})


Name:           librenms
Version:        %{lua:ver = string.gsub(rpm.expand("%{version_string}"), "-", "~"); print(ver)}
Release:        1%{?dist}

Summary:        LibreNMS Autodiscovering PHP/MySQL/SNMP based network monitoring
Summary(fr):    LibreNMS Autodécouverte et surveillance réseau basée sur PHP/MySQL/SNMP

License:        GPLv3+
URL:            https://www.librenms.org/
#Source0:       https://github.com/#{name}/#{name}/releases/download/#{version_release}/#{name}-#{version_release}.tar.gz
Source0:        %{name}-%{version_string}.tar.xz

BuildArch:      noarch
BuildRequires:  gettext
BuildRequires:  systemd

%if %{with_httpd}
Requires:       httpd-filesystem
%endif
%if %{with_nginx}
Requires:       nginx-filesystem
%endif
%if %{with_httpd} || %{with_nginx}
Requires:       webserver
Requires:       php(httpd)
%else
Requires:       httpd
Requires:       mod_php
%endif
Requires:       php(language) >= 8.1.0
Requires:       php-fpm
Requires:       php-cli
Requires:       php-common
Requires:       php-curl
Requires:       php-gd
Requires:       php-gmp
Requires:       php-json
Requires:       php-mbstring
Requires:       php-pdo
Requires:       php-mysqlnd
Requires:       php-process
%if %{useselinux}
Requires:       php-selinux
%endif
Requires:       php-snmp
Requires:       php-xml
Requires:       php-zip
Requires:       ImageMagick

Requires:       python3
Requires:       python3-async-timeout >= 4.0.2
Requires:	python3-command-runner >= 1.3.0
Requires:       python3-deprecated >= 1.2.3
Requires:       python3-dotenv
Requires:       python3-memcached
Requires:       python3-packaging >= 20.4
Requires:       python3-pip
Requires:       python3-psutil >= 5.6.0
Requires:       python3-PyMySQL
Requires:       python3-pyparsing >= 2.0.2
Requires:       python3-redis >= 4.0
Requires:       python3-setuptools
Requires:       python3-systemd
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires:      (python3-wrapt >= 1.10 with python3-wrapt < 2) 
%else
Requires:       python3-wrapt >= 1.10
Requires:       python3-wrapt  < 2 
%endif

# MySQL or MariaDB server
Requires:       /usr/sbin/mysqld

Requires:       bash-completion
Requires:       fping
Requires:       mtr
Requires:       net-snmp
Requires:       net-snmp-utils
Requires:       nmap 
Requires:       rrdtool
Requires:       unzip

Requires:       cronie

Requires(pre):    systemd
Requires(post):   systemd
Requires(preun):  systemd
Requires(postun): systemd

Provides:       user(librenms)
Provides:       group(librenms)

Provides:       bundled(php-amqplib)
Provides:       bundled(php-assert)
Provides:       bundled(php-backtrace)
Provides:       bundled(php-base64url)
Provides:       bundled(php-cache)
Provides:       bundled(php-carbon)
Provides:       bundled(php-collection)
Provides:       bundled(php-commonmark)
Provides:       bundled(php-config)
Provides:       bundled(php-console)
Provides:       bundled(php-console_color2)
Provides:       bundled(php-console_table)
Provides:       bundled(php-constant_time_encoding)
Provides:       bundled(php-container)
Provides:       bundled(php-cors)
Provides:       bundled(php-cron-expression)
Provides:       bundled(php-css-selector)
Provides:       bundled(php-css-to-inline-styles)
Provides:       bundled(php-dbal)
Provides:       bundled(php-deprecation-contracts)
Provides:       bundled(php-deprecations)
Provides:       bundled(php-doctrine-dbal)
Provides:       bundled(php-dot-access-data)
Provides:       bundled(php-email-validator)
Provides:       bundled(php-error-handler)
Provides:       bundled(php-event-dispatcher)
Provides:       bundled(php-event-dispatcher-contracts)
Provides:       bundled(php-event-manager)
Provides:       bundled(php-finder)
Provides:       bundled(php-flasher)
Provides:       bundled(php-flasher-laravel)
Provides:       bundled(php-flysystem)
Provides:       bundled(php-flysystem-local)
Provides:       bundled(php-framework)
Provides:       bundled(php-geshi)
Provides:       bundled(php-getallheaders)
Provides:       bundled(php-guzzle)
Provides:       bundled(php-htmlpurifier)
Provides:       bundled(php-http-client)
Provides:       bundled(php-http-factory)
Provides:       bundled(php-http-foundation)
Provides:       bundled(php-http-kernel)
Provides:       bundled(php-http-message)
Provides:       bundled(php-ignition)
Provides:       bundled(php-inflector)
Provides:       bundled(php-installed.json)
Provides:       bundled(php-jpgraph)
Provides:       bundled(php-json-schema)
Provides:       bundled(php-jwt-core)
Provides:       bundled(php-jwt-key-mgmt)
Provides:       bundled(php-jwt-signature)
Provides:       bundled(php-jwt-signature-algorithm-ecdsa)
Provides:       bundled(php-jwt-util-ecc)
Provides:       bundled(php-laravel-console-summary)
Provides:       bundled(php-laravel-ignition)
Provides:       bundled(php-laravel-pivot)
Provides:       bundled(php-laravel-vue-i18n-generator)
Provides:       bundled(php-lexer)
Provides:       bundled(php-log)
Provides:       bundled(php-mailer)
Provides:       bundled(php-manager)
Provides:       bundled(php-math)
Provides:       bundled(php-mime)
Provides:       bundled(php-mime-type-detection)
Provides:       bundled(php-monolog)
Provides:       bundled(php-net_dns2)
Provides:       bundled(php-oauth1-client)
Provides:       bundled(php-parse)
Provides:       bundled(php-parser)
Provides:       bundled(php-patch-type-declarations)
Provides:       bundled(php-phpdotenv)
Provides:       bundled(php-phpmailer)
Provides:       bundled(php-phpoption)
Provides:       bundled(php-phpseclib)
Provides:       bundled(php-pki-framework)
Provides:       bundled(php-polyfill-ctype)
Provides:       bundled(php-polyfill-intl-grapheme)
Provides:       bundled(php-polyfill-intl-idn)
Provides:       bundled(php-polyfill-intl-normalizer)
Provides:       bundled(php-polyfill-mbstring)
Provides:       bundled(php-polyfill-uuid)
Provides:       bundled(php-portable-ascii)
Provides:       bundled(php-predis)
Provides:       bundled(php-process)
Provides:       bundled(php-promises)
Provides:       bundled(php-psr7)
Provides:       bundled(php-psysh)
Provides:       bundled(php-purifier)
Provides:       bundled(php-radius)
Provides:       bundled(php-random_compat)
Provides:       bundled(php-result-type)
Provides:       bundled(php-routing)
Provides:       bundled(php-schema)
Provides:       bundled(php-serializable-closure)
Provides:       bundled(php-service-contracts)
Provides:       bundled(php-simple-cache)
Provides:       bundled(php-socialite)
Provides:       bundled(php-socket-raw)
Provides:       bundled(php-string)
Provides:       bundled(php-tcpdf)
Provides:       bundled(php-termwind)
Provides:       bundled(php-tinker)
Provides:       bundled(php-translation)
Provides:       bundled(php-translation-contracts)
Provides:       bundled(php-ui)
Provides:       bundled(php-uid)
Provides:       bundled(php-uri-template)
Provides:       bundled(php-utils)
Provides:       bundled(php-uuid)
Provides:       bundled(php-validate-json)
Provides:       bundled(php-var-dump-server)
Provides:       bundled(php-var-dumper)
Provides:       bundled(php-web-push)
Provides:       bundled(php-webpush)
Provides:       bundled(php-yaml)
Provides:       bundled(php-yaml-lint)
Provides:       bundled(php-ziggy)

%description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool
which includes support for a wide range of network hardware and operating systems
including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

We intend LibreNMS to be a viable project and community that:
- encourages contribution,
- focuses on the needs of its users, and
- offers a welcoming, friendly environment for everyone.

The Debian Social Contract will be the basis of our priority system,
and mutual respect is the basis of our behavior towards others.

%description -l fr
LibreNMS est un outil de surveillance de réseau à découverte automatique basé
sur PHP/MySQL/SNMP qui inclut la prise en charge d'une large gamme de matériel
réseau et de systèmes d'exploitation y compris Cisco, Linux, FreeBSD, Juniper,
Brocade, Foundry, HP et bien d'autres.

Nous souhaitons que LibreNMS soit un projet et une communauté viables qui :
- encourage la contribution,
- se concentre sur les besoins de ses utilisateurs, et
- offre un environnement accueillant et convivial pour tous.

Le contrat social Debian sera la base de notre système de priorités,
et le respect mutuel est la base de notre comportement envers les autres.


%package services
Summary:        LibreNMS services
Summary(fr):    LibreNMS services

Requires:       %{name} = %{version}-%{release}
Requires:       %{name}-nagios-plugins-all

%description services
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool
which includes support for a wide range of network hardware and operating systems
including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

This package provides the LibreNMS services.

%description services -l fr
LibreNMS est un outil de surveillance de réseau à découverte automatique basé
sur PHP/MySQL/SNMP qui inclut la prise en charge d'une large gamme de matériel
réseau et de systèmes d'exploitation y compris Cisco, Linux, FreeBSD, Juniper,
Brocade, Foundry, HP et bien d'autres.

Ce package fournit les services LibreNMS.


%package snmpd
Summary:        LibreNMS SNMP daemon
Summary(fr):    LibreNMS démon SNMP

BuildRequires:  net-snmp
Requires:       net-snmp
Requires:       net-snmp-utils

%description snmpd
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool
which includes support for a wide range of network hardware and operating systems
including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

This package provides the LibreNMS SNMP daemon.

%description snmpd -l fr
LibreNMS est un outil de surveillance de réseau à découverte automatique basé
sur PHP/MySQL/SNMP qui inclut la prise en charge d'une large gamme de matériel
réseau et de systèmes d'exploitation y compris Cisco, Linux, FreeBSD, Juniper,
Brocade, Foundry, HP et bien d'autres.

Ce package fournit le démon SNMP LibreNMS.


%prep
%setup -q -n %{name}-%{version_string}

# remove unused files
find . -name '.git*' -exec rm -rf {} + -print
find . -name '*.xml*' -delete -print
find . -name '*.yml*' -delete -print
mv composer{.,_}json
find . -name 'composer.*' -delete -print
mv composer{_,.}json

# remove unnecessary files
rm misc/%{name}{-irc.init,.service.scl}
rm misc/smokeping-debian.example
rm -rf scripts/agent-local

# remove already packaged files
rm LibreNMS/command_runner.py

# directories not in apache space
find html -name .htaccess -delete -print

# fix permission files
chmod -R g-w .
chmod -R o-rwx .
for d in bootstrap config LibreNMS dist includes mibs misc vendor
do find $d -type f -exec chmod 640 {} \;
done

# fix LSB directories
sed -i -e "s/cp \/opt/ls \/opt/g" LibreNMS/Validations/Scheduler.php
sed -i -e "s/\/opt\/librenms\/dist\/librenms/\%{_prefix}\/lib\/systemd\/system\/%{name}/g" LibreNMS/Validations/Scheduler.php
sed -i -e "s/ \/etc\/systemd\/system\///g" LibreNMS/Validations/Scheduler.php
for f in $(grep -r "/opt/librenms/rrd" | cut -d":" -f1 | sort -u | grep -v "doc/"); do
        sed -i -e "s/\/opt\/librenms\/rrd/\%{_localstatedir}\/lib\/%{name}\/rrd/g" $f
done
for f in $(grep -r "/opt/librenms" | cut -d":" -f1 | sort -u | grep -v "doc/"); do
        sed -i -e "s/\/opt\/librenms/\%{_prefix}\/share\/%{name}/g" $f
done

# rename bash completion
sed -i -e "s/'lnms-completion.bash'/'lnms'/g" LibreNMS/Validations/System.php

# composer dependencies
ls vendor/*/ | grep -v / | grep -v \.php | grep -v LICENSE | sed 's/php-//g' | sort -u | sed -e 's/.*/Provides:       bundled(php-&)/' | grep -v php-\)

cat >httpd <<EOF
#Alias /%{name} %{_datadir}/%{name}/html

# some people prefer a simple URL like http://%{name}.example.com
<VirtualHost *:80>
    ServerName %{name}.example.com
    DocumentRoot %{_datadir}/%{name}/html

AllowEncodedSlashes NoDecode
<Directory %{_datadir}/%{name}/html>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All

    AddType image/svg+xml .svg
    <IfModule mod_filter.c>
        <IfModule mod_deflate.c>
             AddOutputFilterByType DEFLATE text/css
             AddOutputFilterByType DEFLATE application/javascript
             AddOutputFilterByType DEFLATE text/javascript
             AddOutputFilterByType DEFLATE application/x-javascript
             AddOutputFilterByType DEFLATE image/svg+xml
             AddOutputFilterByType DEFLATE text/plain
             AddOutputFilterByType DEFLATE text/xsd
             AddOutputFilterByType DEFLATE text/xsl
             AddOutputFilterByType DEFLATE text/xml
             AddOutputFilterByType DEFLATE image/x-icon
        </IfModule>
    </IfModule>

    RewriteEngine on
    #RewriteBase /librenms/
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !\.(js|ico|txt|gif|jpg|png|css|php)
    RewriteRule ^api/v0(.*)$ api_v0.php/$1 [L]
    RewriteCond %{REQUEST_URI} !=/server-status
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !\.(js|ico|txt|gif|jpg|png|css|php)
    RewriteRule ^(.*)$ index.php

    AcceptPathInfo On

    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Allow from all
    </IfModule>
</Directory>

# Enable http authorization headers
<IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>

<FilesMatch ".+\.php$">
    SetHandler "proxy:unix:/run/php-fpm/librenms.sock|fcgi://localhost"
</FilesMatch>

</VirtualHost>
EOF

cat >nginx <<EOF
charset utf-8;

gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

location / {
    try_files $uri $uri/ /index.php?$query_string;
 }

location ~ [^/]\.php(/|$) {
    fastcgi_pass unix:/run/php-fpm-librenms.sock;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi.conf;
}

location ~ /\.(?!well-known).* {
    deny all;
}
:
# some people prefer a simple URL like http://%{name}.example.com
#server {
#    listen      80;
#    server_name %{name}.example.com;
#    root        %{_datadir}/%{name}/html;
#    index       index.php;
#}
EOF

cat >readme <<EOF
This package has been build with security enhanced by design:

The LibreNMS %{version} source code has been patch to be LSB compliant, easy to install with full SELinux support.

The settings were moved outside of the DocumentRoot in %{_sysconfdir}/%{name} repository.

The private data store was automatically predefined as The %{_localstatedir}/lib/%{name}/library repository.

Installation with apache is now configured to be done under localhost/librenms.

Required CLI configuration for LibreNMS:

timedatectl set-timezone Europe/Paris

edit file %{_syconfdir}/php.ini:
date.timezone = Europe/Paris

edit file %{_syconfdir}/my.cnf.d/mariadb-server.cnf in the [Mysqld] section :
innodb_file_per_table=1
lower_case_table_names=0

systemctl enable [mariadb|mysqld] [httpd|nginx] php-fpm %{name}-scheduler.timer
systemctl start [mariadb|mysqld] [httpd|nginx] php-fpm %{name}-scheduler.timer

mysql_secure_installation

mysql -u root -p
CREATE DATABASE %{name} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '%{name}'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON %{name}.* TO '%{name}'@'localhost';
FLUSH PRIVILEGES;

Addtional CLI configuration fot LibreNMS with SELinux in enforcing mode and remote MariaDB/MySQL: 

setsebool -P httpd_can_network_connect_db on && getsebool -a | grep httpd | grep "> on"
EOF

%if %{useselinux}
cat >http_fping.tt <<EOF
module http_fping 1.0;

require {
type httpd_t;
type node_t;
class capability net_raw;
class rawip_socket { create read bind write setopt getopt node_bind };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { create read bind write setopt getopt };
allow httpd_t node_t:rawip_socket node_bind;
EOF
%endif


%build


%install
# application
mkdir -p %{buildroot}%{_datadir}/%{name}
for d in app database html includes lang LibreNMS mibs misc resources routes scripts tests vendor
do cp -ar $d %{buildroot}%{_datadir}/%{name}/$d
done
cp -a *.{js,php,py,sh} composer.json lnms requirements.txt %{buildroot}%{_datadir}/%{name}/
mkdir -p %{buildroot}%{_datadir}/%{name}/bootstrap
cp -a bootstrap/*.php %{buildroot}%{_datadir}/%{name}/bootstrap

# config
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
mv config.php{.default,}
for df in config config.php .env
do cp -ar $df %{buildroot}%{_sysconfdir}/%{name}/$df
ln -sr %{_sysconfdir}/%{name}/$df %{buildroot}%{_datadir}/%{name}/$df
done

# local, rrd ,cache, storage
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}/{.cache,.local,rrd}
for d in .cache .local rrd
do ln -sr %{_localstatedir}/lib/%{name}/$d %{buildroot}%{_datadir}/%{name}/$d
done
cp -ar bootstrap/cache %{buildroot}%{_localstatedir}/lib/%{name}/cache
ln -sr %{_localstatedir}/lib/%{name}/cache %{buildroot}%{_datadir}/%{name}/bootstrap/cache
cp -ar storage %{buildroot}%{_localstatedir}/lib/%{name}/storage
ln -sr %{_localstatedir}/lib/%{name}/storage %{buildroot}%{_datadir}/%{name}/storage

# log
mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
ln -sr %{_localstatedir}/log/%{name} %{buildroot}%{_datadir}/%{name}/logs
touch %{buildroot}%{_localstatedir}/log/%{name}/{install,upgrade}_%{version}.log

# command
mkdir -p %{buildroot}%{_bindir}
ln -sr %{_datadir}/%{name}/lnms %{buildroot}%{_bindir}/lnms

# apache
install -Dpm 0644 httpd %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf

# nginx
%if %{with_nginx}
install -Dpm 0644 nginx %{buildroot}%{_sysconfdir}/nginx/default.d/%{name}.conf
%endif

# fpm
mkdir -p %{buildroot}%{_sysconfdir}/php-fpm.d
touch %{buildroot}%{_sysconfdir}/php-fpm.d/%{name}.conf

# logrotate
install -Dpm 0644 misc/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}

# bash completion
install -Dpm 0644 misc/lnms-completion.bash %{buildroot}%{_sysconfdir}/bash_completion.d/lnms

# cron
install -Dpm 0644 dist/%{name}.cron %{buildroot}%{_sysconfdir}/cron.d/%{name}

# scheduler
install -Dpm 0644 dist/%{name}-scheduler.service %{buildroot}%{_unitdir}/%{name}-scheduler.service
install -Dpm 0644 dist/%{name}-scheduler.timer %{buildroot}%{_unitdir}/%{name}-scheduler.timer

# snmpd
install -Dpm 0644 snmpd.conf.example %{buildroot}%{_sysconfdir}/snmp/snmpd.conf

# doc
install -Dpm 0644 readme README.Fedora

# lang
for i in %{buildroot}%{_datadir}/%{name}/lang/*
do
  lang=$(basename $i)
  echo "%lang(${lang:0:2}) %{_datadir}/%{name}/lang/${lang}"
done > %{name}.lang

%if %{useselinux}
mkdir -p %{buildroot}%{_datadir}/%{name}/selinux
for f in *.tt
do install -Dpm 0644 $f %{buildroot}%{_datadir}/%{name}/selinux/$f
done
%endif

%pre
getent group %{name} >/dev/null || groupadd -r %{name}
getent group %{name} | grep apache >/dev/null || usermod -a -G %{name} apache
getent group %{name} | grep nginx >/dev/null || usermod -a -G %{name} nginx
getent passwd %{name} >/dev/null || \
    useradd -M -r -g %{name} -d %{_datadir}/%{name} -s /bin/bash -c "User for LibreNMS monitoring tool" %{name}

%post
%if %{useselinux}
(
# create librenms file context
semanage fcontext -a -s system_u -t httpd_sys_content_t    -r s0 "%{_datadir}/%{name}(/.*)?"
semanage fcontext -a -s system_u -t usr_t                  -r s0 "%{_datadir}/%{name}(/.*)?\.(pl|py|sh)$"
semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_sysconfdir}/%{name}(/.*)?"
semanage fcontext -a -s system_u -t httpd_var_lib_t        -r s0 "%{_localstatedir}/lib/%{name}(.cache|.local|cache|rrd|storage)(/.*)?"
semanage fcontext -a -s system_u -t httpd_log_t            -r s0 "%{_localstatedir}/log/%{name}(/.*)?"
# apply to files created by librenms rpm
restorecon -R %{_datadir}/%{name}
restorecon -R %{_sysconfdir}/%{name}
restorecon -R %{_localstatedir}/lib/%{name}
restorecon -R %{_localstatedir}/log/%{name}

# set httpd permissions
getsebool httpd_can_network_connect | grep "> on"  >/dev/null || setsebool -P httpd_can_network_connect on
getsebool httpd_can_sendmail | grep "> on"  >/dev/null || setsebool -P httpd_can_sendmail on
getsebool httpd_execmem | grep "> on"  >/dev/null || setsebool -P httpd_execmem on
getsebool httpd_unified | grep "> on"  >/dev/null || setsebool -P httpd_unified on

# allow fping from http
checkmodule -M -m -o %{_datadir}/%{name}/selinux/http_fping.mod %{_datadir}/%{name}/selinux/http_fping.tt
semodule_package -o %{_datadir}/%{name}/selinux/http_fping.pp -m %{_datadir}/%{name}/selinux/http_fping.mod
semodule -i %{_datadir}/%{name}/selinux/http_fping.pp
) &>/dev/null
%endif

%{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || :

# set file access control lists
setfacl -d -m g::rwx %{_datadir}/%{name}/{bootstrap/cache,rrd,storage,logs}
setfacl -R -m g::rwx %{_datadir}/%{name}/{bootstrap/cache,rrd,storage,logs}

# create librenms php-fpm file if not exist
if [ ! -f %{_sysconfdir}/php-fpm.d/%{name}.conf ]; then
    cp -a %{_sysconfdir}/php-fpm.d/{www,%{name}}.conf
    sed -i -e "s/apache/%{name}/g" %{_sysconfdir}/php-fpm.d/%{name}.conf 
    sed -i -e "s/listen.acl_users = %{name},nginx/listen.acl_users = apache,nginx/g" %{_sysconfdir}/php-fpm.d/%{name}.conf
    sed -i -e "s/www/%{name}/g" %{_sysconfdir}/php-fpm.d/%{name}.conf
    sed -i -e "s/%{name}.foo/www.foo/g" %{_sysconfdir}/php-fpm.d/%{name}.conf
    sed -i -e "s/var\/%{name}/var\/www/g" %{_sysconfdir}/php-fpm.d/%{name}.conf
fi

# install or update and check requirements
for f in %{_localstatedir}/log/%{name}/install_*.log*; do echo $f > /dev/null ; done
if [ ! -f $f ]; then
	echo $'\nSELinux:\n' >' >> %{_localstatedir}/log/%{name}/install_%{version}.log
	getsebool -a | grep httpd | grep "> on" >> %{_localstatedir}/log/%{name}/install_%{version}.log
	echo $'\nValidate:\n' >' >> %{_localstatedir}/log/%{name}/install_%{version}.log
	su -P - %{name} -c './validate.php' >> %{_localstatedir}/log/%{name}/install_%{version}.log
	chown librenms:librenms %{_localstatedir}/log/%{name}/install_%{version}.log
else
	echo $'\nSELinux:\n' >' >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	getsebool -a | grep httpd | grep "> on" >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	echo $'\nUpdate:\n' >' >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	su -P - %{name} -c 'lnms update' >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	echo $'\nValidate:\n' >' >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	su -P - %{name} -c './validate.php' >> %{_localstatedir}/log/%{name}/upgrade_%{version}.log
	chown librenms:librenms %{_localstatedir}/log/%{name}/upgrade_%{version}.log
fi

# disable librenms rolling updates
su -P - %{name} -c 'lnms config:set update false'

%systemd_post %{name}-scheduler.service
%systemd_post %{name}-scheduler.timer

%preun
%systemd_preun %{name}-scheduler.service
%systemd_preun %{name}-scheduler.timer

%postun
%if %{useselinux}
if [ "$1" -eq "0" ]; then
    # remove librenms file context
    (
    semanage fcontext -d "%{_datadir}/%{name}(/.*)?"
    semanage fcontext -d "%{_datadir}/%{name}(/.*)?\.(pl|py|sh)$"
    semanage fcontext -d "%{_sysconfdir}/%{name}(/.*)?"
    semanage fcontext -d "%{_localstatedir}/lib/%{name}/(.cache|.local|cache|rrd|storage)(/.*)?"
    semanage fcontext -d "%{_localstatedir}/log/%{name}(/.*)?"
    ) &>/dev/null
fi
for f in %{_datadir}/%{name}/selinux/http_fping.{mod,pp}
do if [ -f $f ]; then rm $f; fi
done
%endif

%{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || :


%files -f %{name}.lang
%{!?_licensedir:%global license %%doc}
%doc *.md *.Fedora doc
%license LICENSE.txt licenses

%config(noreplace) %{_sysconfdir}/cron.d/%{name}
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%if %{with_nginx}
%config(noreplace) %{_sysconfdir}/nginx/default.d/%{name}.conf
%endif
%ghost %config(noreplace) %{_sysconfdir}/php-fpm.d/%{name}.conf

%{_sysconfdir}/logrotate.d/%{name}
%{_sysconfdir}/bash_completion.d/lnms

%{_bindir}/lnms

%attr(750,librenms,librenms) %dir %{_sysconfdir}/%{name}
%attr(640,librenms,librenms) %config(noreplace) %{_sysconfdir}/%{name}/.env
%attr(640,librenms,librenms) %config(noreplace) %{_sysconfdir}/%{name}/config.php
%attr(750,librenms,librenms) %dir %{_sysconfdir}/%{name}/config
%attr(640,librenms,librenms) %config(noreplace) %{_sysconfdir}/%{name}/config/*.php

# this folder can contain private information (cache, files, ...)
%dir %_localstatedir/lib/%{name}
%attr(750,librenms,librenms) %{_localstatedir}/lib/%{name}/.cache
%attr(750,librenms,librenms) %{_localstatedir}/lib/%{name}/.local
%attr(750,librenms,librenms) %{_localstatedir}/lib/%{name}/cache
%attr(750,librenms,librenms) %{_localstatedir}/lib/%{name}/storage
%attr(775,librenms,librenms) %{_localstatedir}/lib/%{name}/rrd

%attr(750,librenms,librenms) %dir %{_localstatedir}/log/%{name}
%attr(640,librenms,librenms) %ghost %config(noreplace,missingok) %{_localstatedir}/log/%{name}/install_%{version}.log
%attr(640,librenms,librenms) %ghost %config(noreplace,missingok) %{_localstatedir}/log/%{name}/upgrade_%{version}.log
%attr(640,librenms,librenms) %ghost %config(noreplace,missingok) %{_localstatedir}/log/%{name}/%{name}.log

%defattr(-,librenms,librenms,750)
%dir %{_datadir}/%{name}
# python requirements
%{_datadir}/%{name}/requirements.txt
# php requirements
%{_datadir}/%{name}/composer.json
%{_datadir}/%{name}/*.js
%{_datadir}/%{name}/*.php
%{_datadir}/%{name}/*.py
%{_datadir}/%{name}/*.sh
%{_datadir}/%{name}/lnms
%{_datadir}/%{name}/app
%{_datadir}/%{name}/bootstrap/app.php
%{_datadir}/%{name}/database
%{_datadir}/%{name}/html
%{_datadir}/%{name}/includes
%{_datadir}/%{name}/LibreNMS
%{_datadir}/%{name}/mibs
%{_datadir}/%{name}/misc
%{_datadir}/%{name}/resources
%{_datadir}/%{name}/routes
%{_datadir}/%{name}/scripts
%{_datadir}/%{name}/tests
%{_datadir}/%{name}/vendor

%dir %{_datadir}/%{name}/lang

%defattr(-,root,root,-)
%{_datadir}/%{name}/.env
%{_datadir}/%{name}/config.php
%{_datadir}/%{name}/.cache
%{_datadir}/%{name}/.local
%{_datadir}/%{name}/config
%{_datadir}/%{name}/bootstrap/cache
%{_datadir}/%{name}/rrd
%{_datadir}/%{name}/storage
%{_datadir}/%{name}/logs
%{_datadir}/%{name}/selinux

%{_unitdir}/%{name}-scheduler.service
%{_unitdir}/%{name}-scheduler.timer

%files services

%files snmpd
%config(noreplace) %{_sysconfdir}/snmp/snmpd.conf


%changelog
* Mon Aug 21 2023 Jean-Marc Liger <ligenix@iscp.fr> - 23.8.0~20230820-1
- Update to 23.8.0
  see https://community.librenms.org/t/23-8-0-release-announcement/22082
  drop sql-schema/
- Fix some SELinux issues with python and fping
- Add auto-update post install instructions

* Mon Aug 14 2023 Jean-Marc Liger <ligenix@iscp.fr> - 23.7.0~20230814-1
- Initial RPM 23.7.0
  see https://community.librenms.org/t/23-7-0-changelog/21841