...

Text file src/github.com/sassoftware/relic/distro/linux/relic.spec

Documentation: github.com/sassoftware/relic/distro/linux

     1Name: relic
     2Version: 1.0
     3Release: 1%{?dist}
     4Summary: Client to the relic secure package signing service
     5License: Apache 2.0
     6URL: http://github.com/sassoftware/relic
     7Source0: relic.tar
     8Group: Utilities/File
     9BuildArch: x86_64
    10
    11%package server
    12Requires: %{name} = %{version}-%{release}
    13Requires: rubygem-einhorn
    14Summary: Secure package signing service
    15Group: Utilities/File
    16
    17%package audit
    18Requires: %{name} = %{version}-%{release}
    19Summary: Audit client for relic
    20Group: Utilities/File
    21
    22%define confdir %{_sysconfdir}/relic
    23%define systemddir %{_prefix}/lib/systemd/system
    24
    25%description
    26Relic is a service for signing RPMs and other package types using a PKCS#11
    27Hardware Security Module (HSM) or other token. It also includes functions for
    28creating keys, manipulating tokens, and a client for accessing a remote signing
    29server.
    30
    31%description server
    32This package contains the relic signing service and startup files.
    33
    34%description audit
    35relic-audit subscribes to audit events on one or more AMQP message brokers and
    36saves records to a database or log file.
    37
    38%prep
    39%autosetup
    40
    41%install
    42mkdir -p %{buildroot}%{systemddir}
    43mkdir -p %{buildroot}%{confdir}/{certs,server,audit.d}
    44mkdir -p %{buildroot}%{_localstatedir}/log/relic{,-audit}
    45install -D relic %{buildroot}%{_bindir}/relic
    46install -D relic-einhorn %{buildroot}%{_libexecdir}/relic-einhorn
    47install -D relic.yml %{buildroot}%{confdir}/relic.yml
    48install -D audit.yml %{buildroot}%{confdir}/audit.yml
    49install -D logrotate.conf %{buildroot}%{_sysconfdir}/logrotate.d/relic
    50install relic.service relic-audit.service %{buildroot}%{systemddir}/
    51
    52%clean
    53rm -rf %{buildroot}
    54
    55%files
    56%attr(0755,root,root)           %{_bindir}/relic
    57%attr(0755,root,root) %dir      %{confdir}
    58
    59%files server
    60%attr(0755,root,root)           %{_libexecdir}/relic-einhorn
    61%attr(0644,root,root)           %{systemddir}/relic.service
    62%attr(0755,root,root) %dir      %{confdir}/certs
    63%attr(0640,root,relic) %config(noreplace) %{confdir}/relic.yml
    64%attr(0750,root,relic) %dir     %{confdir}/server
    65%attr(0750,relic,relic) %dir    %{_localstatedir}/log/relic
    66%attr(0644,root,root)           %{_sysconfdir}/logrotate.d/relic
    67
    68%files audit
    69%attr(0644,root,root)           %{systemddir}/relic-audit.service
    70%attr(0755,root,root) %dir      %{confdir}/audit.d
    71%attr(0644,root,root) %config(noreplace) %{confdir}/audit.yml
    72%attr(0750,relic-audit,relic-audit) %dir    %{_localstatedir}/log/relic-audit
    73
    74%changelog
    75
    76%pre server
    77getent group relic >/dev/null || groupadd -r relic
    78getent passwd relic >/dev/null || useradd -r -g relic \
    79    -d / relic -s /sbin/nologin -c "relic package signing service"
    80
    81%pre audit
    82getent group relic-audit >/dev/null || groupadd -r relic-audit
    83getent passwd relic-audit >/dev/null || useradd -r -g relic-audit \
    84    -d / relic-audit -s /sbin/nologin -c "relic audit service"
    85
    86%post server
    87/bin/systemctl daemon-reload
    88
    89%post audit
    90/bin/systemctl daemon-reload
    91
    92%preun server
    93if [ $1 -eq 0 ] ; then
    94        # removal, not upgrade
    95        systemctl --no-reload disable --now relic.service > /dev/null 2>&1 || :
    96fi
    97
    98%preun audit
    99if [ $1 -eq 0 ] ; then
   100        systemctl --no-reload disable --now relic-audit.service > /dev/null 2>&1 || :
   101fi
   102
   103%postun server
   104if [ $1 -ge 1 ] ; then
   105        # upgrade, not removal
   106        # try-reload not available on centos 7 unfortunately
   107        if systemctl -q is-active relic.service; then
   108                systemctl reload relic.service >/dev/null 2>&1 || :
   109        fi
   110fi
   111
   112%postun audit
   113if [ $1 -ge 1 ] ; then
   114        # upgrade, not removal
   115        systemctl try-restart relic-audit.service >/dev/null 2>&1 || :
   116fi

View as plain text