Name:           sqs
Version:        1.2
Release:        1%{?dist}
Summary:        File integrity monitor with SHA256 hashing and GDBM cache

License:        GPL-3.0-only
Source0:        %{name}-%{version}.tar.gz

# No debuginfo/debugsource sub-packages — sources are not installed
%global debug_package %{nil}

BuildRequires:  gcc
BuildRequires:  make
BuildRequires:  openssl-devel
BuildRequires:  gdbm-devel

Requires:       openssl-libs
Requires:       gdbm
# mail command is only needed when mail-to is configured in sqs.mail.conf
Recommends:     s-nail

%description
sqs is a file integrity monitor (FIM) that tracks changes to files under
configured paths using SHA256 hashes and sub-second mtime comparison. It
stores metadata in a GDBM cache (one database per directory) and logs
events as JSON. Designed to run periodically via a systemd timer.

Results are optionally mailed to an address configured in
%{_sysconfdir}/sqs/sqs.mail.conf.

%prep
%setup -q

%build
make %{?_smp_mflags} sqs

%install
install -D -m 755 sqs             %{buildroot}%{_sbindir}/sqs
install -D -m 755 sqs-run         %{buildroot}%{_libexecdir}/sqs/sqs-run
install -D -m 644 sqs.conf.sample %{buildroot}%{_sysconfdir}/sqs/sqs.conf
install -D -m 644 sqs.mail.conf   %{buildroot}%{_sysconfdir}/sqs/sqs.mail.conf
install -D -m 644 sqs.service     %{buildroot}%{_unitdir}/sqs.service
install -D -m 644 sqs.timer       %{buildroot}%{_unitdir}/sqs.timer
install -D -m 644 sqs.logrotate   %{buildroot}%{_sysconfdir}/logrotate.d/sqs
install -d -m 750                 %{buildroot}%{_localstatedir}/cache/sqs
install -d -m 750                 %{buildroot}%{_localstatedir}/log

%post
%systemd_post sqs.timer

%preun
%systemd_preun sqs.timer

%postun
%systemd_postun_with_restart sqs.timer

%files
%{_sbindir}/sqs
%dir %{_libexecdir}/sqs
%{_libexecdir}/sqs/sqs-run
%dir %{_sysconfdir}/sqs
%config(noreplace) %{_sysconfdir}/sqs/sqs.conf
%config(noreplace) %{_sysconfdir}/sqs/sqs.mail.conf
%{_unitdir}/sqs.service
%{_unitdir}/sqs.timer
%config(noreplace) %{_sysconfdir}/logrotate.d/sqs
%dir %attr(750, root, root) %{_localstatedir}/cache/sqs
%ghost %{_localstatedir}/log/sqs.log

%changelog
* Tue Mar 03 2026 Raimund Sacherer <rsachere@redhat.com> - 1.2-1
- Reduce peak RSS: disable GDBM mmap (GDBM_NOMMAP), cap GDBM page cache at
  1 bucket per handle (GDBM_SETCACHESIZE), limit glibc malloc arenas to 4
  (M_ARENA_MAX), reduce worker threads from 8 to 4, reduce DB cache slots
  from 16 to 8

* Tue Mar 03 2026 Raimund Sacherer <rsachere@redhat.com> - 1.1-1
- Move config to /etc/sqs/ directory
- Add sqs.mail.conf and sqs-run helper for optional mail notifications
- Add logrotate config (monthly, 24-month retention)
- Fix text diff shown on metadata-only changes
- Fix mtime_nsec false positives after cache migration
- Reduce peak memory usage (flexible MetaNode, smaller slot cache, thread stacks)

* Tue Mar 03 2026 Raimund Sacherer <rsachere@redhat.com> - 1.0-1
- Initial package