# allow to use phinx without composer.json and not remove install file
# COPR Ligenix's spec file for xibo
#
# Copyright (c) 2022-2024 Jean-Marc Liger
#
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
%global with_selinux 1
%if 0%{?fedora} || 0%{?rhel} >= 8
# httpd 2.4 with httpd-filesystem
%global with_httpd 1
# nginx 1.6 with nginx-filesystem
%global with_nginx 1
%else
%global with_httpd 0
%global with_nginx 0
%endif
%global version_string 4.1.2
%global version_major %(ver=%{version_string}; echo ${ver%.*.*})
Name: xibo
Version: %{lua:ver = string.gsub(rpm.expand("%{version_string}"), "-", "~"); print(ver)}
Release: 1%{?dist}
Summary: Xibo Open Source Digital Signage
Summary(fr): Xibo Signalisateur Numérique Open Source
License: AGPLv3+
URL: https://xibosignage.com/
Source0: https://github.com/xibosignage/%{name}-cms/releases/download/%{version_string}/%{name}-cms-%{version_string}.tar.gz
BuildArch: noarch
BuildRequires: gettext
BuildRequires: systemd
%description
Xibo is a powerful Open Source Digital Signage with several platforms display player.
This package provides the Xibo content management system and message relay.
%description -l fr
Ce package fournit le système de gestion de contenu et le relai de message Xibo.
%package cms
Summary: Xibo content management system
Summary(fr): Système de gestion de contenu Xibo
%if %{with_httpd}
Requires: httpd-filesystem
Requires: mod_xsendfile
%endif
%if %{with_nginx}
Requires: nginx-filesystem
%endif
%if %{with_httpd} || %{with_nginx}
Requires: webserver
Requires: php(httpd)
%else
Requires: httpd
Requires: mod_php
Requires: mod_xsendfile
%endif
Requires: php(language) >= 8.1.0
Requires: php-fpm
Requires: php-cli
Requires: php-common
Requires: php-ctype
Requires: php-curl
Requires: php-dom
Requires: php-iconv
Requires: php-fileinfo
Requires: php-gd
Requires: php-gettext
Requires: php-json
Requires: php-mbstring
Requires: php-mysqlnd
Requires: php-pdo
Requires: php-phar
%if %{with_selinux}
Requires: php-selinux
%endif
Requires: php-simplexml
Requires: php-soap
Requires: php-xml
Requires: php-zip
Requires: php-zlib
Requires: php-zmq
Requires: zeromq
%if 0%{?fedora} || 0%{?rhel} >= 8
# optional
Recommends: %{name}-xmr = %{version}-%{release}
%else
Requires: %{name}-xmr = %{version}-%{release}
%endif
Requires: cronie
%description cms
Xibo is a powerful Open Source Digital Signage with several platforms display player.
This package provides the Xibo content management system.
%description -l fr cms
Xibo est un puissant Signaliseur Numérique Open Source et un lecteur d'affichage multiplateforme.
Ce package fournit le système de gestion de contenu.
%package xmr
Summary: Xibo message relay
Summary(fr): Relai de message Xibo
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description xmr
Xibo is a powerful Open Source Digital Signage with several platforms display player.
This package provides the Xibo message relay.
%description xmr -l fr
Xibo est un puissant Digital Signage Open Source et un lecteur d'affichage multiplateforme.
Ce package fournit le relai de message Xibo.
%prep
%setup -q -n %{name}-cms-%{version_string}
# remove unused files
find vendor -name '.git*' -exec rm -rf {} + -print
find vendor -name '*.xml*' -delete -print
find vendor -name '*.yml*' -delete -print
find vendor -name '*.orig' -delete -print
find vendor -name 'composer.*' -delete -print
find vendor -name 'Dockerfile' -delete -print
find vendor -name '.docker*' -delete -print
find vendor -name '*.bin' -delete -print
find vendor -name '*.py' -delete -print
find vendor -name '*.sh' -delete -print
# directories not in apache space
find vendor -name .htaccess -delete -print
# fix permission files
find . -type f -exec chmod 644 {} \;
find vendor/bin -type f -exec chmod u+x {} \;
# fix LSB directories
for f in $(grep -r "PROJECT_ROOT . '/cache'" | cut -d":" -f1 | sort -u); do
sed -i -e "s/PROJECT_ROOT . '\/cache'/'\%{_localstatedir}\/lib\/%{name}\/cache'/g" $f
done
sed -i -e "s/\"library_location\", title, \"\"/\"library_location\", title, \"\%{_localstatedir}\/lib\/%{name}\/library\"/g" views/install-step6.twig
sed -i -e "s/PROJECT_ROOT . '\/library\/install_log.txt'/'\%{_localstatedir}\/log\/%{name}\/install_log.txt'/g" web/install/index.php
for f in $(grep -r "PROJECT_ROOT . '/web/settings.php'" | cut -d":" -f1 | sort -u); do
sed -i -e "s/PROJECT_ROOT . '\/web\/settings.php'/'\%{_sysconfdir}\/%{name}\/settings.php'/g" $f
done
sed -i -e "s/PROJECT_ROOT . '\/web'/'\%{_sysconfdir}\/%{name}'/g" lib/Helper/Environment.php
sed -i -e "s/'web\/settings.php'/'\%{_sysconfdir}\/%{name}\/settings.php'/g" phinx.php
sed -i -e "s/'settings.php'/'\%{_sysconfdir}\/%{name}\/settings.php'/g" web/index.php
sed -i -e "s/'\/var\/www\/cms\/custom\/settings-custom.php'/'\%{_sysconfdir}\/%{name}\/settings-custom.php'/g" lib/Helper/Install.php
for f in $(grep -r "/var/www/cms" | cut -d":" -f1 | sort -u); do
sed -i -e "s/\/var\/www\/cms/\%{_prefix}\/share\/%{name}/g" $f
done
# fix install from localhost
sed -i -e "s/'Location: install\/1'/'Location: '.\$_SERVER['REQUEST_SCHEME'].':\/\/'.\$_SERVER['SERVER_NAME'].\$_SERVER['CONTEXT_PREFIX'].'\/install\/index.php\/1'/g" web/index.php
cat >cron <<EOF
# Xibo core
# Run cron to execute task even when no user connected
* * * * * apache %{_bindir}/php %{_datadir}/%{name}/bin/xtr.php
EOF
cat >httpd <<EOF
Alias /%{name} %{_datadir}/%{name}/web
<Directory %{_datadir}/%{name}/web>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
RewriteBase /xibo/
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
</Directory>
<Directory /usr/share/xibo/web/install>
# Install is only allowed via local access (from the Xibo server).
# Add your IP address if you need it for remote installation,
# but remember to remove it after installation for security.
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
# Require ip ##.##.##.##
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
ErrorDocument 403 "<p><b>Restricted area.</b><br />Only local access allowed.<br />Check your configuration or contact your administrator.</p>"
</Directory>
XSendFile on
XSendFilePath %{_localstatedir}/lib/%{name}/library
EOF
cat >nginx <<EOF
location / {
try_files $uri /index.php?$args;
}
location /api/authorize {
try_files $uri /api/authorize/index.php?args;
}
location /api {
try_files $uri /api/index.php?$args;
}
location /install {
try_files $uri /install/index.php?$args;
}
location /maint {
try_files $uri /maint/index.php?$args;
}
location /maintenance {
try_files $uri /index.php?$args;
}
EOF
cat >fpm <<EOF
max_execution_time=0
memory_limit=-1
EOF
cat >xmr <<EOF
{
"listenOn": "tcp://127.0.0.1:5555",
"pubOn": ["tcp://*:9505"],
"debug": false
}
EOF
cat >systemd <<EOF
[Unit]
Description=Xibo Message Relay ZeroMQ Service
After=network.target
[Service]
User=apache
Group=apache
ExecStart=%{_bindir}/php %{_datadir}/%{name}/vendor/xibosignage/xibo-xmr/bin/xmr.phar
Restart=always
KillMode=process
RestartSec=500ms
[Install]
WantedBy=multi-user.target
EOF
cat >readme <<EOF
This package has been build with security enhanced by design:
The Xibo CMS %{version} source code has been patch to be LSB compliant, easy to install with full SELinux support.
The settings were moved outside of the DocumentRoot in %{_sysconfdir}/%{name} repository.
The private data store was automatically predefined as The %{_localstatedir}/lib/%{name}/library repository.
Installation with apache is now configured to be done under localhost/xibo.
Required CLI configuration for Xibo CMS:
timedatectl set-timezone Europe/Paris
edit file %{_syconfdir}/php.ini:
date.timezone = Europe/Paris
edit file %{_syconfdir}/my.cnf.d/mariadb-server.cnf in the [Mysqld] section :
innodb_file_per_table=1
systemctl enable [mariadb|mysqld] [httpd|nginx] php-fpm
systemctl start [mariadb|mysqld] [httpd|nginx] php-fpm
mysql_secure_installation
mysql -u root -p
CREATE DATABASE %{name} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '%{name}'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON %{name}.* TO '%{name}'@'localhost';
FLUSH PRIVILEGES;
Addtional CLI configuration fot Xibo CMS with SELinux in enforcing mode :
setsebool -P httpd_can_network_connect_db on ; getsebool -a | grep httpd | grep "> on"
Addtional CLI configuration fot Xibo XMR with Firewalld in active mode :
firewall-cmd --add-port=9505/tcp --permanent ; firewall-cmd --reload
EOF
cat >upgrade <<EOF
To upgrade this Xibo CMS %{version}, run in a terminal :
cd %{_datadir}/%{name} ; vendor/bin/phinx migrate -c phinx.php > %{_localstatedir}/log/%{name}/upgrade_%{version}.log ; cat %{_localstatedir}/log/%{name}/upgrade_%{version}.log
EOF
%build
%install
# application
mkdir -p %{buildroot}%{_datadir}/%{name}
cp -a *.php %{buildroot}%{_datadir}/%{name}/
for i in bin ca-certs custom db lib locale modules reports tasks vendor views web
do cp -ar $i %{buildroot}%{_datadir}/%{name}/$i
done
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}/{cache,library}
# apache
install -Dpm 0644 httpd %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf
# nginx
%if %{with_nginx}
install -Dpm 0644 nginx %{buildroot}%{_sysconfdir}/nginx/default.d/%{name}.conf
%endif
# php-fpm install
install -Dpm 0644 fpm %{buildroot}%{_datadir}/%{name}/web/install/.user.ini
# config
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
touch %{buildroot}%{_sysconfdir}/%{name}/settings.php
touch %{buildroot}%{_sysconfdir}/%{name}/settings-custom.php
# log
mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
touch %{buildroot}%{_localstatedir}/log/%{name}/install_log.txt
# cron
install -Dpm 0644 cron %{buildroot}%{_sysconfdir}/cron.d/%{name}
# xmr
install -Dpm 0644 xmr %{buildroot}%{_datadir}/%{name}/vendor/xibosignage/xibo-xmr/bin/config.json
# systemd
install -Dpm 0644 systemd %{buildroot}%{_unitdir}/%{name}.service
# doc
install -Dpm 0644 readme README.Fedora
install -Dpm 0644 upgrade UPGRADE.Fedora
# lang
for i in %{buildroot}%{_datadir}/%{name}/locale/*
do
lang=$(basename $i)
echo "%lang(${lang:0:2}) %{_datadir}/%{name}/locale/${lang}"
done > %{name}.lang
%post cms
%if %{with_selinux}
(
# create xibo file context
semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_sysconfdir}/%{name}(/.*)?"
semanage fcontext -a -s system_u -t httpd_sys_content_t -r s0 "%{_datadir}/%{name}(/.*)?"
semanage fcontext -a -s system_u -t httpd_cache_t -r s0 "%{_localstatedir}/lib/%{name}/cache(/.*)?"
semanage fcontext -a -s system_u -t httpd_var_lib_t -r s0 "%{_localstatedir}/lib/%{name}/library(/.*)?"
semanage fcontext -a -s system_u -t httpd_log_t -r s0 "%{_localstatedir}/log/%{name}(/.*)?"
# apply to files created by xibo rpm
restorecon -R %{_sysconfdir}/%{name}
restorecon -R %{_datadir}/%{name}
restorecon -R %{_localstatedir}/lib/%{name}/cache
restorecon -R %{_localstatedir}/lib/%{name}/library
restorecon -R %{_localstatedir}/log/%{name}
# set httpd permissions
getsebool httpd_can_network_connect | grep "> on" >/dev/null || setsebool -P httpd_can_network_connect on
getsebool httpd_can_sendmail | grep "> on" >/dev/null || setsebool -P httpd_can_sendmail on
) &>/dev/null
%endif
%{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || :
%postun cms
%if %{with_selinux}
if [ "$1" -eq "0" ]; then
# remove xibo file context
(
semanage fcontext -d "%{_sysconfdir}/%{name}(/.*)?"
semanage fcontext -d "%{_datadir}/%{name}(/.*)?"
semanage fcontext -d "%{_localstatedir}/lib/%{name}/cache(/.*)?"
semanage fcontext -d "%{_localstatedir}/lib/%{name}/library(/.*)?"
semanage fcontext -d "%{_localstatedir}/log/%{name}(/.*)?"
) &>/dev/null
fi
%endif
%{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || :
%post xmr
%systemd_post %{name}.service
%preun xmr
%systemd_preun %{name}.service
%files cms -f %{name}.lang
%{!?_licensedir:%global license %%doc}
%doc *.md *.Fedora
%license LICENSE
%attr(2770,root,apache) %dir %{_sysconfdir}/%{name}
%ghost %config(noreplace,missingok) %{_sysconfdir}/%{name}/settings.php
%ghost %config(noreplace,missingok) %{_sysconfdir}/%{name}/settings-custom.php
%config(noreplace) %{_sysconfdir}/cron.d/%{name}
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%if %{with_nginx}
%config(noreplace) %{_sysconfdir}/nginx/default.d/%{name}.conf
%endif
# this folder can contain private information (cache, files, ...)
%dir %{_localstatedir}/lib/%{name}
%attr(2770,root,apache) %{_localstatedir}/lib/%{name}/cache
%attr(2770,root,apache) %{_localstatedir}/lib/%{name}/library
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/*.php
%{_datadir}/%{name}/bin
%{_datadir}/%{name}/ca-certs
%{_datadir}/%{name}/custom
%{_datadir}/%{name}/db
%{_datadir}/%{name}/lib
%{_datadir}/%{name}/modules
%{_datadir}/%{name}/reports
%{_datadir}/%{name}/tasks
%{_datadir}/%{name}/vendor
%{_datadir}/%{name}/views
%{_datadir}/%{name}/web
%dir %{_datadir}/%{name}/locale
%attr(2770,apache,root) %dir %{_localstatedir}/log/%{name}
%ghost %config(noreplace,missingok) %{_localstatedir}/log/%{name}/install_log.txt
# we put xmr in a separate package
%exclude %{_datadir}/%{name}/vendor/xibosignage/xibo-xmr/
%files xmr
%{_datadir}/%{name}/vendor/xibosignage/xibo-xmr/
%{_unitdir}/%{name}.service
%changelog
* Mon Nov 18 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.2-1
- Update to 4.1.2
see https://xibosignage.com/blog/4-1-2-released
* Sat Oct 12 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.1-1
- Update to 4.1.1
see https://xibosignage.com/blog/4-1-1-released
* Tue Sep 03 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-1
- Update to 4.1.0
see https://xibosignage.com/blog/4-1-0-released
* Tue Aug 27 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-rc3-0
- Update to 4.1.0-rc3
* Tue Aug 13 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-rc2-0
- Update to 4.1.0-rc2
* Thu Jul 25 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-rc1-0
- Update to 4.1.0-rc1
* Thu Jul 25 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-beta-0
- Update to 4.1.0-beta
* Thu May 02 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.1.0-alpha-0
- Update to 4.1.0-alpha
* Sun Apr 14 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.10-1
- Update to 4.0.10
see https://xibosignage.com/blog/4.0.10-released
* Tue Mar 26 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.9-1
- Update to 4.0.9
see https://xibosignage.com/blog/4.0.9-released
* Fri Mar 15 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.8-1
- Update to 4.0.8
see https://xibosignage.com/blog/4.0.8-released
* Fri Feb 16 2024 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.7-1
- Update to 4.0.7
see https://xibosignage.com/blog/4.0.7-released
* Tue Nov 14 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.6-1
- Update to 4.0.6
see https://xibosignage.com/blog/4.0.6-released
* Tue Nov 14 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.5-1
- Update to 4.0.5
see https://xibosignage.com/blog/4.0.5-released
* Wed Oct 11 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.4-1
- Update to 4.0.4
see https://xibosignage.com/blog/4-0-4-released
* Wed Sep 20 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.3-1
- Update to 4.0.3
see https://xibosignage.com/blog/4-0-3-released
* Tue Sep 12 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.2-1
- Update to 4.0.2
see https://xibosignage.com/blog/4-0-2-released
* Sun Sep 10 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.1-1
- Update to 4.0.1
see https://xibosignage.com/blog/4-0-1-released
* Tue Sep 05 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-1
- Update to 4.0.0
see https://xibosignage.com/blog/announcing-xibo-v4
* Mon Aug 21 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-rc2-1
- Update to 4.0.0-rc2
see https://community.xibo.org.uk/t/cms-4-0-0-rc2-released/29854
- Add SELinux post instructions for xibo-cms
* Wed Aug 09 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-rc1-1
- Update to 4.0.0-rc1
see https://community.xibo.org.uk/t/cms-4-0-0-rc1-released/29807
* Thu Jul 27 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-beta-1
- Fix vendor/bin permissions
* Thu Jul 27 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-beta-0
- Update to 4.0.0-beta
see https://community.xibo.org.uk/t/cms-4-0-0-beta-released/29714
* Sat Jul 15 2023 Jean-Marc Liger <ligenix@iscp.fr> - 4.0.0-alpha2-0
- Update to 4.0.0-alpha2
see https://community.xibo.org.uk/t/cms-4-0-0-alpha2-released/29636
- Add long awaited support for PHP >= 8.1
* Sun Nov 13 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.2.2-1
- Update to 3.2.2
see https://xibosignage.com/blog/3-2-2-released
* Sun Nov 13 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.2.1-3
- Fix xmr config.json
* Fri Nov 11 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.2.1-2
- Fix missing vendor/*/bin directories
- Add upgrade doc #Nicolas Meneceur
* Thu Nov 10 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.2.1-1
- Update to 3.2.1
see https://xibosignage.com/blog/3-2-1-released
- Fix apache localhost install
* Sun Nov 06 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.1.5-3
- Fix install_log.txt attributes
- Add apache RewriteBase for localhost, workaround is still need for install
* Sun Nov 06 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.1.5-2
- Fix apache install infinity loop with localhost #Nicolas Meneceur
- Add apache XSendFilePath directive #Nicolas Meneceur
* Thu Nov 03 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.1.5-1
- Update to 3.1.5
see https://xibosignage.com/blog/3-1-5-released
* Wed Nov 02 2022 Jean-Marc Liger <ligenix@iscp.fr> - 3.1.4-1
- Initial RPM 3.1.4
see https://xibosignage.com/blog/3-1-4-released