1Name: relic
2Version: 1.0
3Release: 1%{?dist}
4Summary: Client to the relic secure package signing service
5License: Apache 2.0
6URL: http://github.com/sassoftware/relic
7Source0: relic.tar
8Group: Utilities/File
9BuildArch: x86_64
10
11%package server
12Requires: %{name} = %{version}-%{release}
13Requires: rubygem-einhorn
14Summary: Secure package signing service
15Group: Utilities/File
16
17%package audit
18Requires: %{name} = %{version}-%{release}
19Summary: Audit client for relic
20Group: Utilities/File
21
22%define confdir %{_sysconfdir}/relic
23%define systemddir %{_prefix}/lib/systemd/system
24
25%description
26Relic is a service for signing RPMs and other package types using a PKCS#11
27Hardware Security Module (HSM) or other token. It also includes functions for
28creating keys, manipulating tokens, and a client for accessing a remote signing
29server.
30
31%description server
32This package contains the relic signing service and startup files.
33
34%description audit
35relic-audit subscribes to audit events on one or more AMQP message brokers and
36saves records to a database or log file.
37
38%prep
39%autosetup
40
41%install
42mkdir -p %{buildroot}%{systemddir}
43mkdir -p %{buildroot}%{confdir}/{certs,server,audit.d}
44mkdir -p %{buildroot}%{_localstatedir}/log/relic{,-audit}
45install -D relic %{buildroot}%{_bindir}/relic
46install -D relic-einhorn %{buildroot}%{_libexecdir}/relic-einhorn
47install -D relic.yml %{buildroot}%{confdir}/relic.yml
48install -D audit.yml %{buildroot}%{confdir}/audit.yml
49install -D logrotate.conf %{buildroot}%{_sysconfdir}/logrotate.d/relic
50install relic.service relic-audit.service %{buildroot}%{systemddir}/
51
52%clean
53rm -rf %{buildroot}
54
55%files
56%attr(0755,root,root) %{_bindir}/relic
57%attr(0755,root,root) %dir %{confdir}
58
59%files server
60%attr(0755,root,root) %{_libexecdir}/relic-einhorn
61%attr(0644,root,root) %{systemddir}/relic.service
62%attr(0755,root,root) %dir %{confdir}/certs
63%attr(0640,root,relic) %config(noreplace) %{confdir}/relic.yml
64%attr(0750,root,relic) %dir %{confdir}/server
65%attr(0750,relic,relic) %dir %{_localstatedir}/log/relic
66%attr(0644,root,root) %{_sysconfdir}/logrotate.d/relic
67
68%files audit
69%attr(0644,root,root) %{systemddir}/relic-audit.service
70%attr(0755,root,root) %dir %{confdir}/audit.d
71%attr(0644,root,root) %config(noreplace) %{confdir}/audit.yml
72%attr(0750,relic-audit,relic-audit) %dir %{_localstatedir}/log/relic-audit
73
74%changelog
75
76%pre server
77getent group relic >/dev/null || groupadd -r relic
78getent passwd relic >/dev/null || useradd -r -g relic \
79 -d / relic -s /sbin/nologin -c "relic package signing service"
80
81%pre audit
82getent group relic-audit >/dev/null || groupadd -r relic-audit
83getent passwd relic-audit >/dev/null || useradd -r -g relic-audit \
84 -d / relic-audit -s /sbin/nologin -c "relic audit service"
85
86%post server
87/bin/systemctl daemon-reload
88
89%post audit
90/bin/systemctl daemon-reload
91
92%preun server
93if [ $1 -eq 0 ] ; then
94 # removal, not upgrade
95 systemctl --no-reload disable --now relic.service > /dev/null 2>&1 || :
96fi
97
98%preun audit
99if [ $1 -eq 0 ] ; then
100 systemctl --no-reload disable --now relic-audit.service > /dev/null 2>&1 || :
101fi
102
103%postun server
104if [ $1 -ge 1 ] ; then
105 # upgrade, not removal
106 # try-reload not available on centos 7 unfortunately
107 if systemctl -q is-active relic.service; then
108 systemctl reload relic.service >/dev/null 2>&1 || :
109 fi
110fi
111
112%postun audit
113if [ $1 -ge 1 ] ; then
114 # upgrade, not removal
115 systemctl try-restart relic-audit.service >/dev/null 2>&1 || :
116fi
View as plain text