File obs-server.spec of Package obs-server

#
# spec file for package obs-server
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%if 0%{?fedora} || 0%{?rhel}
%global sbin /usr/sbin
%else
%global sbin /sbin
%endif

%if 0%{?fedora} || 0%{?rhel}
%global apache_user apache
%global apache_group apache
%bcond_without selinux
%else
%global apache_user wwwrun
%global apache_group www
%bcond_with selinux
%endif

%if !0%{?_httpd_confdir:1}
%define _httpd_confdir %{_sysconfdir}/httpd/conf.d
%endif

%define secret_key_file %{_datadir}/obs-api/config/secret.key
%define obs_backend_data_dir /var/lib/obs

%if 0%{?suse_version:1} && !%{defined _restart_on_update_reload}
%define _restart_on_update_reload() (\
	test "$YAST_IS_RUNNING" = instsys && exit 0\
	test -f /etc/sysconfig/services -a \\\
	     -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services\
	test "$DISABLE_RESTART_ON_UPDATE" = yes -o \\\
	     "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0\
	%{?*:/usr/bin/systemctl force-reload %{*}}\
	) || : %{nil}

%define service_del_postun(fnr) \
test -n "$FIRST_ARG" || FIRST_ARG="$1"						\
if [ "$FIRST_ARG" -ge 1 ]; then							\
	# Package upgrade, not uninstall					\
	if [ -x /usr/bin/systemctl ]; then					\
		/usr/bin/systemctl daemon-reload || :				\
		%{expand:%%_restart_on_update%{-f:_force}%{!-f:%{-n:_never}}%{!-f:%{!-n:%{-r:_reload}}} %{?*}}  \
	fi									\
else # package uninstall							\
	for service in %{?*} ; do						\
		sysv_service="${service%.*}"					\
		rm -f "/var/lib/systemd/migrated/$sysv_service" || :		\
	done									\
	if [ -x /usr/bin/systemctl ]; then					\
		/usr/bin/systemctl daemon-reload || :				\
	fi									\
fi										\
%{nil}

%endif

%if ! %{defined _fillupdir}
  %if 0%{?fedora} || 0%{?rhel}
    %define _fillupdir %{_sysconfdir}/sysconfig
  %else
    %define _fillupdir %{_localstatedir}/adm/fillup-templates
  %endif
%endif

%if 0%{?suse_version} >= 1315
%define reload_on_update() %{?nil:
	test -n "$FIRST_ARG" || FIRST_ARG=$1
	if test "$FIRST_ARG" -ge 1 ; then
	   test -f /etc/sysconfig/services && . /etc/sysconfig/services
	   if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then
	      test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || :
	      for service in %{?*} ; do
		 test -x /bin/systemctl && /bin/systemctl reload $service >/dev/null 2>&1 || :
	      done
	   fi
	fi
	%nil
}
%endif

%if !0%{?restart_on_update:1}
%define restart_on_update() %systemd_postun_with_restart %{?*}
%endif

%if !0%{?fillup_and_insserv:1}
%define fillup_and_insserv(n:) %{nil}
%endif

%if !0%{?insserv_cleanup:1}
%define insserv_cleanup() %{nil}
%endif

%if !0%{?verify_permissions:1}
%define verify_permissions() %{nil}
%endif

%if !0%{?service_add_pre:1}
%define service_add_pre() %{nil}
%endif

%if !0%{?service_add_post:1}
%define service_add_post() %systemd_post %{?*}
%endif

%if !0%{?service_del_preun:1}
%define service_del_preun() %systemd_preun %{?*}
%endif

%if !0%{?service_del_postun:1}
%define _systemd_postun_with_reload() \
[ $1 -ge 1 ] && [ -x /usr/bin/systemctl ] && \
    /usr/bin/systemctl try-reload-or-restart %{?*} || : \
%{nil}

%define service_del_postun(nr) \
  %{!-n:%{-r:%_systemd_postun_with_reload %{?*}}} \
  %{!-n:%{!-r:%systemd_postun_with_restart %{?*}}} \
%{nil}
%endif

%define patches_to_apply %{patches}

%global obs_api_support_scripts obs-api-support.target obs-clockwork.service obs-delayedjob-queue-consistency_check.service obs-delayedjob-queue-default.service obs-delayedjob-queue-issuetracking.service obs-delayedjob-queue-mailers.service obs-delayedjob-queue-project_log_rotate.service obs-delayedjob-queue-releasetracking.service obs-delayedjob-queue-staging.service obs-sphinx.service

Name:           obs-server
Summary:        The Open Build Service -- Server Component
%if 0%{?fedora} || 0%{?rhel}
License:        GPLv2 or GPLv3
%else
License:        GPL-2.0-only OR GPL-3.0-only
Group:          Productivity/Networking/Web/Utilities
%endif
Version:        2.10.10
Release:        1
Url:            http://www.openbuildservice.org
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Source0:        https://github.com/openSUSE/open-build-service/archive/%{version}/open-build-service-%version.tar.gz
Source1:        find-requires.sh
Source2:        obs-server-rc-compat
Patch1:         obs-server-2.10-0001-Revert-dist-Prepare-obs-server.spec-to-use-bundle_ge.patch
Patch2:         obs-server-2.10-0002-api-Use-bundler_ext-instead-of-bundler-if-Gemfile.in.patch
Patch3:         obs-server-2.10-0003-api-Require-json-gem-explicitly-for-tests.patch
Patch4:         obs-server-2.10-0004-api-Log-server-name-to-test-log-for-backend-log-mess.patch
Patch5:         obs-server-2.10-0005-api-Use-OBS_API_PREFIX-instead-of-explicit-pathname-.patch
Patch6:         obs-server-2.10-0006-backend-Make-OBS_BACKEND_DATA_DIR-variable-configura.patch
Patch7:         obs-server-2.10-0007-dist-Set-proper-Apache-user-group-when-installing-sc.patch
Patch8:         obs-server-2.10-0008-backend-Set-proper-pathnames-when-installing-backend.patch
Patch9:         obs-server-2.10-0009-dist-Set-proper-pathnames-when-installing-dist-files.patch
Patch10:        obs-server-2.10-0010-dist-Use-configuration-variables-instead-of-hardcode.patch
Patch11:        obs-server-2.10-0011-api-Use-absolute-pathnames-for-apidocs-in-config-env.patch
Patch12:        obs-server-2.10-0012-dist-Make-fillup-file-location-and-name-configurable.patch
Patch13:        obs-server-2.10-0013-backend-Fix-cleanup-in-BSSched-EventSource-Directory.patch
Patch14:        obs-server-2.10-0014-dist-Make-tests-respect-SBINDIR-configuration-parame.patch
Patch15:        obs-server-2.10-0015-dist-api-backend-Make-backend-ports-configurable.patch
Patch16:        obs-server-2.10-0016-dist-backend-Make-backend-log-directory-configurable.patch
Patch17:        obs-server-2.10-0017-api-Make-api-log-directory-configurable.patch
Patch18:        obs-server-2.10-0018-dist-Allow-worker-to-use-tmpfs-for-other-virtualisat.patch
Patch19:        obs-server-2.10-0019-ci-Fix-compatibility-with-Ruby-2.3-in-webui-helper-t.patch
Patch20:        obs-server-2.10-0020-ci-Don-t-distinguish-between-text-and-mediumtext.patch
Patch21:        obs-server-2.10-0021-dist-Use-python2-instead-of-python-as-interpreter.patch
Patch22:        obs-server-2.10-0022-frontend-Require-mini_mime-gem-explicitly.patch
Patch23:        obs-server-2.10-0023-frontend-Require-minimal-version-of-sanitize-webmock.patch
Patch24:        obs-server-2.10-0024-backend-Make-chekconstraints-in-repserver-not-fail-o.patch
Patch25:        obs-server-2.10-0025-ci-Make-test-backend-crash-more-prominent.patch
Patch26:        obs-server-2.10-0026-ci-Actually-wait-for-scheduler-when-test-backend-is-.patch
Patch27:        obs-server-2.10-0027-backend-Support-new-VM-types-without-modifying-worke.patch
Patch28:        obs-server-2.10-0028-frontend-Require-some-dependencies-explicitly.patch
Patch29:        obs-server-2.10-0029-ci-Limit-time-waiting-for-scheduler-thread-to-finish.patch
Patch30:        obs-server-2.10-0030-Revert-frontend-Make-it-possible-to-run-OBS-in-a-sub.patch
Patch31:        obs-server-2.10-0031-api-Get-rid-of-obsolete-URI-methods-for-Ruby-3.0.patch
Patch32:        obs-server-2.10-0032-Replace-positional-arguments-by-keyword-arguments-in.patch
Patch33:        obs-server-2.10-0033-ci-Remove-capybara_minitest_spec-Ruby-gem.patch
Patch34:        obs-server-2.10-0034-api-Add-explicit-sprockets-dependency.patch
Patch35:        obs-server-2.10-0035-ci-Change-shortened-index-name-to-expected-one.patch
Patch36:        obs-server-2.10-0036-api-Pass-keyword-args-properly-for-Ruby-3.0.patch
Patch101:       obs-server-2.10-0101-Add-strong_migrations-to-our-development-environment.patch
Patch102:       obs-server-2.10-0102-Skip-data-migration-spec-to-avoid-strong-migration-i.patch
Patch103:       obs-server-2.10-0103-Mark-the-migration-as-safe.patch
Patch104:       obs-server-2.10-0104-Move-the-strong-migrations-gem-to-a-the-generic-grou.patch
Patch105:       obs-server-2.10-0105-Bump-rails-gem-version-to-6.0.patch
Patch106:       obs-server-2.10-0106-Enable-rails-6-defaults-and-keep-classic-code-loadin.patch
Patch107:       obs-server-2.10-0107-Fix-validation-and-association-deprecations-for-rail.patch
Patch108:       obs-server-2.10-0108-Switch-to-media_type-instead-of-content_type-in-rspe.patch
Patch109:       obs-server-2.10-0109-Adjust-rspec-tests-for-the-usage-of-recyclable-cache.patch
Patch110:       obs-server-2.10-0110-Expect-dates-as-as_json-expects-them.patch
Patch111:       obs-server-2.10-0111-Use-to_time-behaviour-introduced-in-ruby-2.4.patch
Patch112:       obs-server-2.10-0112-Enable-per-form-CSRF-tokens-and-origin-checking-CSRF.patch
Patch113:       obs-server-2.10-0113-Ignore-rubocop-offenses-in-existing-codebase-after-r.patch
Patch114:       obs-server-2.10-0114-Dont-use-puma-server-default-version-from-rails-5-an.patch
Patch115:       obs-server-2.10-0115-Adapt-the-minitests-to-the-Rails-6-upgrade.patch
Patch116:       obs-server-2.10-0116-Fix-precision-of-field-created_at-in-internal-table.patch
Patch117:       obs-server-2.10-0117-Update-deep_cloneable-to-version-3.0.0.patch
Patch118:       obs-server-2.10-0118-Replace-codemirror-rails-with-copied-assets.patch
Patch119:       obs-server-2.10-0119-Pass-the-view-paths-as-array-to-ActionView-Base.new.patch
Patch120:       obs-server-2.10-0120-Increase-compatability-with-rails-6.patch
Patch121:       obs-server-2.10-0121-ci-Make-db-structire-dump-task-compatible-with-Rails.patch
Patch122:       obs-server-2.10-0122-Address-deprecation-warning-on-render_xml.patch
Patch123:       obs-server-2.10-0123-Unescape-carriage-return-char-in-nokogiri-xml-output.patch
Patch124:       obs-server-2.10-0124-Pass-source-to-Nokogiri-template-handler.patch
Patch125:       obs-server-2.10-0125-Replace-update_attributes-by-update.patch
Patch126:       obs-server-2.10-0126-Replace-update_attributes-by-update-in-specs.patch
Patch127:       obs-server-2.10-0127-Replace-update_attributes-by-update-in-data-migratio.patch
Patch128:       obs-server-2.10-0128-Fix-garbage-component-at-end-of-elements.patch
Patch129:       obs-server-2.10-0129-Adopt-test-suites-to-rexml-changes.patch
Patch130:       obs-server-2.10-0130-Remove-unnecessary-includes-in-requests-query.patch
Patch131:       obs-server-2.10-0131-Do-not-rely-on-named-scope-chain-for-BsRequest-FindF.patch
BuildRequires:  python-devel
# make sure this is in sync with the RAILS_GEM_VERSION specified in the
# config/environment.rb of the various applications.
# atm the obs rails version patch above unifies that setting among the applications
# also see requires in the obs-server-api sub package
BuildRequires:  build >= 20200110
BuildRequires:  /usr/bin/xmllint
BuildRequires:  openssl
BuildRequires:  perl(BSSolv) >= 0.17
BuildRequires:  perl-Compress-Zlib
BuildRequires:  perl-Diff-LibXDiff
BuildRequires:  perl-File-Sync >= 0.10
BuildRequires:  perl-JSON-XS
BuildRequires:  perl-Net-SSLeay
BuildRequires:  perl-Socket-MsgHdr
BuildRequires:  perl-TimeDate
BuildRequires:  perl-XML-Parser
BuildRequires:  perl-XML-Simple
BuildRequires:  perl-YAML-LibYAML
BuildRequires:  procps
BuildRequires:  /usr/share/zoneinfo
BuildRequires:  perl(Devel::Cover)
BuildRequires:  perl(Test::Simple) > 1
Requires(pre):  %{_sbindir}/useradd %{_sbindir}/groupadd
BuildArch:      noarch
Requires(pre):  obs-common
Requires:       build >= 20200110
Requires:       perl(BSSolv) >= 0.17
Requires:       perl(Date::Parse)
# Required by source server
Requires:       diffutils
Requires(pre):  git-core
Requires:       patch
Requires:       createrepo_c
Recommends:     cron logrotate

Obsoletes:      obs-devel
Provides:       obs-devel

BuildRequires:  xz

%if 0%{?suse_version:1}
BuildRequires:  fdupes
PreReq:         %insserv_prereq permissions pwdutils
%endif

%if 0%{?suse_version:1}
Recommends:     yum yum-metadata-parser repoview dpkg
Recommends:     deb >= 1.5
Recommends:     lvm2
Recommends:     openslp-server
Recommends:     obs-signd
Recommends:     inst-source-utils
Recommends:     perl-Diff-LibXDiff
%else
Requires:       dpkg
%endif
Requires:       perl-Compress-Zlib
Requires:       perl-File-Sync >= 0.10
Requires:       perl-JSON-XS
Requires:       perl-Net-SSLeay
Requires:       perl-Socket-MsgHdr
Requires:       perl-XML-Parser
Requires:       perl-XML-Simple
Requires:       perl-YAML-LibYAML
# zstd is esp for Arch Linux
Requires:       zstd

%if %{with selinux}
BuildRequires:  selinux-policy-devel
BuildRequires:  checkpolicy
%endif

Obsoletes:      obs-productconverter < 2.9
Obsoletes:      obs-source_service < 2.9
Provides:       obs-productconverter = %version
Provides:       obs-source_service = %version

Recommends:     obs-service-download_url
Recommends:     obs-service-verify_file
%if 0%{?suse_version} >= 1550
Requires:       insserv-compat
%endif

BuildRequires:  systemd-rpm-macros

%{?systemd_requires}

%description
The Open Build Service (OBS) backend is used to store all sources and binaries. It also
calculates the need for new build jobs and distributes it.

%package -n obs-worker
Requires(pre):  obs-common
Requires:       cpio
Requires:       curl
Requires:       perl-Compress-Zlib
Requires:       perl-TimeDate
Requires:       perl-XML-Parser
Requires:       screen
# for build script
Requires:       psmisc
# For runlevel script:
Requires:       curl
Recommends:     openslp lvm2
Requires:       bash
Requires:       binutils
Requires:       bsdtar
# zstd is esp for Arch Linux
Requires:       zstd
Summary:        The Open Build Service -- Build Host Component
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
Requires:       util-linux >= 2.16
# the following may not even exist depending on the architecture
Recommends:     powerpc32
%if 0%{?suse_version} >= 1550
Requires:       insserv-compat
%endif

%description -n obs-worker
This is the obs build host, to be installed on each machine building
packages in this obs installation.  Install it alongside obs-server to
run a local playground test installation.

%package -n obs-common
Summary:        The Open Build Service -- base configuration files
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
Requires(pre):  shadow
%if 0%{?suse_version}
PreReq:         %fillup_prereq
%endif

%description -n obs-common
This is a package providing basic configuration files.

%package -n obs-api
Summary:        The Open Build Service -- The API and WEBUI
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
%if 0%{?suse_version}
Requires(pre):  obs-common
%endif
%if 0%{?suse_version} >= 1330
Requires(pre):  group(www)
%endif

%if 0%{?suse_version:1}
# For apache
Requires:       apache2
Requires:       apache2-mod_xforward
Requires:       ruby2.5-rubygem-passenger
Requires:       rubygem-passenger-apache2
%endif
Requires:       memcached
Conflicts:      memcached < 1.4

%if 0%{?suse_version:1}
Requires:       ruby(abi) = 2.5.0
%else
Requires:       ruby >= 2.5.0
%endif
# needed for fulltext searching
Requires:       sphinx >= 2.1.8
BuildRequires:  sphinx >= 2.1.8
# for test suite:
BuildRequires:  createrepo_c
BuildRequires:  curl
BuildRequires:  memcached >= 1.4
BuildRequires:  mysql
BuildRequires:  mysql-server
%if 0%{?suse_version:1}
BuildRequires:  netcfg
%endif
# write down dependencies for production
BuildRequires:  obs-api-testsuite-deps = %{version}
Requires:       %(bash %{S:1} %{S:0} "production" %{patches_to_apply})
# for compiling assets
BuildRequires:  nodejs
%if 0%{?suse_version:1}
Requires:       ghostscript-fonts-std
%else
Requires:       ghostscript-fonts
%endif
# for rebuild_time
BuildRequires:  perl(GD)
Requires:       perl(GD)
# Use bundler_ext instead of bundler
BuildRequires:  rubygem(bundler_ext)
Requires:       rubygem(bundler_ext)
# Needed for rubygem-byebug
BuildRequires:  rubygem(irb)

%description -n obs-api
This is the API server instance, and the web client for the
OBS.

%package -n obs-utils
Summary:        The Open Build Service -- utilities
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
Requires:       build
Requires:       osc

%description -n obs-utils
obs_project_update is a tool to copy a packages of a project from one obs to another

%package -n obs-tests-appliance
Summary:        The Open Build Service -- Test cases for installed appliances
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
Requires:       obs-api = %{version}
Requires:       obs-server = %{version}
Requires:       perl(Test::Most)

%description -n obs-tests-appliance
This package contains test cases for testing a installed appliances.
 Test cases can be for example:
 * checks for setup-appliance.sh
 * checks if database setup worked correctly
 * checks if required service came up properly

%package -n obs-cloud-uploader
Summary:        The Open Build Service -- Image Cloud Uploader
%if !0%{?fedora} && !0%{?rhel}
Group:          Productivity/Networking/Web/Utilities
%endif
Requires:       aws-cli
Requires:       azure-cli
Requires:       obs-server
%if 0%{?suse_version} > 1315 || 0%{fedora} >= 28
Requires:       python3-ec2uploadimg
%else
Requires:       python-ec2uploadimg
%endif

%description -n obs-cloud-uploader
This package contains all the necessary tools for upload images to the cloud.

#--------------------------------------------------------------------------------
%prep
%autosetup -n open-build-service-%version -p1

# We don't need our docker files in our packages
rm -r src/api/docker-files

# drop build script, we require the installed one from own package
rm -rf src/backend/build

find -name .keep -o -name .gitignore | xargs rm -rf

rm -rf src/api/Gemfile.lock

%if 0%{?fedora} || 0%{?rhel}
sed -i \
    -e '1s|^#!/usr/bin/env ruby\.ruby.*|#!/usr/bin/ruby|' \
    -e '1s|^#!/usr/bin/env ruby|#!/usr/bin/ruby|' \
    -e '1s|^#! */usr/bin/ruby\.ruby.*|#!/usr/bin/ruby|' \
    -e '1s|^#! */usr/bin/rake\.ruby.*|#!/usr/bin/rake|' \
    -e '1s|^#!/usr/bin/env rake\.ruby.*|#!/usr/bin/rake|' \
    docs/api/restility/bin/* \
    src/api/Rakefile \
    src/api/bin/* \
    src/api/script/*
sed -i \
    -e 's|ruby\.ruby[0-9.]*|ruby|g' \
    -e 's|rake\.ruby[0-9.]*|rake|g' \
    -e 's|rails\.ruby[0-9.]*|rails|g' \
    -e 's|bundle\.ruby[0-9.]*|bundle|g' \
    -e 's|rspec\.ruby[0-9.]*|rspec|g' \
    -e 's|clockworkd\.ruby[0-9.]*|clockworkd|g' \
    dist/setup-appliance.sh \
    src/api/db/migrate/*.rb \
    src/api/test/unit/*.rb \
    src/api/script/* \
    src/api/Makefile
sed -i \
    -e 's|/usr/bin/bundle\.ruby[0-9.]* exec script/|%{_bindir}/ruby script/|g' \
    -e 's|/usr/bin/bundle\.ruby[0-9.]* exec rails |%{_bindir}/rails |g' \
    -e 's|/usr/bin/bundle\.ruby[0-9.]* exec /|/|g' \
    -e 's|/usr/lib64/obs-api/ruby/[0-9.]*/bin/clockworkd|%{_bindir}/clockworkd|g' \
    dist/systemd/*.service
%endif

%if %{with selinux}
mkdir src/selinux
pushd src/selinux

cat > obs-api.te <<EOF
policy_module(obs-api, 1.0)

require {
        type var_log_t;
        type passenger_tmp_t;
        type passenger_t;
        type httpd_t;
        type tmpfs_t;
        type obs_srcserver_port_t;
        class sock_file write;
        class file { ioctl open getattr append };
        class fifo_file { append create open read setattr getattr unlink write ioctl };
        class capability dac_override;
}

#============= httpd_t ==============
allow httpd_t passenger_tmp_t:sock_file write;

#============= passenger_t ==============
allow passenger_t var_log_t:file { ioctl open getattr append };
allow passenger_t tmpfs_t:filesystem getattr;
allow passenger_t passenger_tmp_t:fifo_file { append create open read setattr getattr unlink write ioctl };
allow passenger_t self:capability dac_override;
allow passenger_t self:cap_userns sys_ptrace;
allow passenger_t obs_srcserver_port_t:tcp_socket name_connect;
corenet_tcp_connect_memcache_port(passenger_t)
corenet_tcp_connect_mysqld_port(passenger_t)
corenet_tcp_connect_unreserved_ports(passenger_t)
dev_manage_sysfs_dirs(passenger_t)
init_rw_stream_sockets(passenger_t)
EOF

cat > obs-api.fc <<EOF
/var/log/obs-api(/.*)? system_u:object_r:passenger_log_t:s0
%{_datadir}/obs-api/tmp(/.*)? system_u:object_r:passenger_tmp_t:s0
EOF

cat > obs-server.te <<EOF
policy_module(obs-server, 1.0)

gen_require(\`
    type hi_reserved_port_t;
    type logrotate_t;
    type obs_lib_t;
    class file { getattr read };
    class lnk_file { getattr read };
    class capability { dac_override setgid chown setuid net_bind_service };
    class tcp_socket { name_bind name_connect create_stream_socket_perms };
')

type obs_t;
type obs_exec_t;

type obs_var_lib_t;
files_type(obs_var_lib_t);

type obs_log_t;
logging_log_file(obs_log_t);

type obs_service_t;
files_type(obs_service_t);

init_daemon_domain(obs_t, obs_exec_t)
init_daemon_domain(obs_t, obs_service_t)

type obs_srcserver_port_t;
corenet_port(obs_srcserver_port_t)

type obs_repserver_port_t;
corenet_port(obs_repserver_port_t)

type obs_serviceserver_port_t;
corenet_port(obs_serviceserver_port_t)

list_dirs_pattern(obs_t, obs_lib_t, obs_lib_t)
read_files_pattern(obs_t, obs_lib_t, obs_lib_t)

manage_dirs_pattern(obs_t, obs_var_lib_t, obs_var_lib_t)
manage_files_pattern(obs_t, obs_var_lib_t, obs_var_lib_t)

manage_dirs_pattern(obs_t, obs_log_t, obs_log_t)
manage_files_pattern(obs_t, obs_log_t, obs_log_t)

allow obs_t self:capability { dac_override setgid chown setuid net_bind_service };
allow obs_t self:unix_stream_socket connectto;
allow obs_t obs_exec_t:file execute_no_trans;
allow obs_t obs_lib_t:lnk_file { getattr read };
allow obs_t obs_var_lib_t:lnk_file { getattr read };
allow obs_t obs_var_lib_t:fifo_file { create getattr open read write ioctl };
allow obs_t obs_var_lib_t:sock_file { create getattr open read write unlink };
auth_read_passwd(obs_t)
auth_read_shadow(obs_t)
corecmd_exec_bin(obs_t)
sssd_search_lib(obs_t)
systemd_userdbd_runtime_manage_symlinks(obs_t)
apache_manage_sys_content(obs_t)
corecmd_mmap_bin_files(obs_t)
sysnet_dns_name_resolve(obs_t)

corenet_tcp_bind_generic_node(obs_t)
corenet_tcp_connect_http_port(obs_t)
corenet_tcp_connect_unreserved_ports(obs_t)
corenet_tcp_connect_generic_port(obs_t)
dbus_send_system_bus(obs_t)
fs_getattr_xattr_fs(obs_t)
allow obs_t self:tcp_socket create_stream_socket_perms;
allow obs_t obs_srcserver_port_t:tcp_socket { name_bind name_connect };
allow obs_t obs_repserver_port_t:tcp_socket { name_bind name_connect };
allow obs_t obs_serviceserver_port_t:tcp_socket { name_bind name_connect };
allow obs_t hi_reserved_port_t:tcp_socket name_bind;
dev_read_urand(obs_t)

allow logrotate_t obs_log_t:file { create getattr open read setattr unlink write };
allow logrotate_t obs_var_lib_t:dir read;
EOF

cat > obs-server.fc <<EOF
/usr/lib/obs/server/bs_.* gen_context(system_u:object_r:obs_exec_t,s0)
/usr/lib/obs/server(/.*)? gen_context(system_u:object_r:obs_lib_t,s0)
/var/lib/obs/repos(/.*)? system_u:object_r:httpd_sys_content_t:s0
/var/lib/obs(/.*)? gen_context(system_u:object_r:obs_var_lib_t,s0)
/var/log/obs(/.*)? gen_context(system_u:object_r:obs_log_t,s0)
/usr/lib/obs/service(/.*)? gen_context(system_u:object_r:obs_service_t,s0)
EOF

cat > obs-common.te <<EOF
policy_module(obs-common, 1.0)

gen_require(\`
    class dir search;
')

type obs_lib_t;
files_type(obs_lib_t);

type obs_setup_t;
type obs_setup_exec_t;

init_daemon_domain(obs_setup_t, obs_setup_exec_t)

manage_dirs_pattern(obs_setup_exec_t, obs_lib_t, obs_lib_t)
manage_files_pattern(obs_setup_exec_t, obs_lib_t, obs_lib_t)

allow obs_setup_t obs_setup_exec_t:file execute_no_trans;
allow obs_setup_t obs_lib_t:dir search;
auth_read_passwd(obs_setup_t)
corecmd_check_exec_shell(obs_setup_t)
corecmd_shell_entry_type(obs_setup_t)
sssd_read_public_files(obs_setup_t)
sssd_run_stream_connect(obs_setup_t)
sssd_search_lib(obs_setup_t)
sssd_stream_connect(obs_setup_t)
EOF

cat > obs-common.fc <<EOF
/usr/lib/obs/server/setup-appliance.sh gen_context(system_u:object_r:obs_setup_exec_t,s0)
EOF

popd
%endif

%build
export DESTDIR=$RPM_BUILD_ROOT

#
# generate apidocs
#
make

%if %{with selinux}
pushd src/selinux
make -f %{_datadir}/selinux/devel/Makefile
popd
%endif

%install
export DESTDIR=$RPM_BUILD_ROOT

%if 0%{?suse_version} < 1300
  perl -p -i -e 's/^APACHE_VHOST_CONF=.*/APACHE_VHOST_CONF=obs-apache2.conf/' Makefile.include
%endif

sed -i \
    -e 's|^BINDIR=.*|BINDIR=%{_bindir}|' \
    -e 's|^SBINDIR=.*|SBINDIR=%{_sbindir}|' \
    -e 's|^INITDDIR=.*|INITDDIR=%{_initddir}|' \
    -e 's|^OBS_BACKEND_DATA_DIR=.*|OBS_BACKEND_DATA_DIR=%{_sharedstatedir}/obs|' \
    -e 's|^OBS_BACKEND_LOG_DIR=.*|OBS_BACKEND_LOG_DIR=%{_localstatedir}/log/obs|' \
    -e 's|^OBS_BACKEND_SERVICE_LOG_DIR=.*|OBS_BACKEND_SERVICE_LOG_DIR=%{_localstatedir}/log/obs/service|' \
    -e 's|^OBS_DOCUMENT_ROOT=.*|OBS_DOCUMENT_ROOT=%{_datadir}/obs|' \
    -e 's|^OBS_API_PREFIX=.*|OBS_API_PREFIX=%{_datadir}/obs-api|' \
    -e 's|^OBS_API_LOG_DIR=.*|OBS_API_LOG_DIR=%{_localstatedir}/log/obs-api|' \
    -e 's|^OBS_APIDOCS_PREFIX=.*|OBS_APIDOCS_PREFIX=%{_datadir}/obs-api-doc|' \
%if 0%{?fedora} || 0%{?rhel}
    -e 's|^OBS_FILLUP_DIR=.*|OBS_FILLUP_DIR=%{_sysconfdir}/sysconfig|' \
    -e 's|^OBS_FILLUP_FILE=.*|OBS_FILLUP_FILE=obs-server|' \
    -e 's|^OBS_DEVEL_DOC_DIR=.*|OBS_DEVEL_DOC_DIR=%{_docdir}/obs-devel|' \
    -e 's|^OBS_SRCSERVER_PORT=.*|OBS_SRCSERVER_PORT=15352|' \
    -e 's|^OBS_REPOSERVER_PORT=.*|OBS_REPOSERVER_PORT=15252|' \
    -e 's|^OBS_SERVICESERVER_PORT=.*|OBS_SERVICESERVER_PORT=15152|' \
    -e 's|^APACHE_USER=.*|APACHE_USER=apache|' \
    -e 's|^APACHE_GROUP=.*|APACHE_GROUP=apache|' \
    -e 's|^APACHE_CONIFGDIR=.*|APACHE_CONIFGDIR=/etc/httpd|' \
    -e 's|^APACHE_CONIFGDIR_VHOST=.*|APACHE_CONIFGDIR_VHOST=%{_httpd_confdir}|' \
%endif
    Makefile.include

export OBS_VERSION="%{version}"
DESTDIR=%{buildroot} RAILS_RELATIVE_URL_ROOT=../.. make install

# Clean messages left over from installation
%{__cp} /dev/null %{buildroot}%{_localstatedir}/log/obs-api/production.log

%if 0%{?fedora} || 0%{?rhel}
%{__mv} %{buildroot}%{_httpd_confdir}/obs.conf %{buildroot}%{_httpd_confdir}/obs.conf.dist
sed -i \
    's/apache2.service/httpd.service/g' \
    %{buildroot}%{_unitdir}/obsapisetup.service
%endif

if [ -f %{_sourcedir}/open-build-service.obsinfo ]; then
    sed -n -e 's/commit: \(.\+\)/\1/p' %{_sourcedir}/open-build-service.obsinfo > %{buildroot}%{_datadir}/obs-api/last_deploy
else
    echo "" > %{buildroot}%{_datadir}/obs-api/last_deploy
fi
#
# turn duplicates into hard links
#
# There's dupes between webui and api:
%if 0%{?suse_version}
%fdupes $RPM_BUILD_ROOT%{_datadir}/obs-api $RPM_BUILD_ROOT%{_datadir}/obs-api-doc
%endif

# drop testcases for now
rm -rf %{buildroot}%{_datadir}/obs-api/spec
# only config for CI
rm %{buildroot}%{_datadir}/obs-api/config/brakeman.ignore

# fail when Makefiles created a directory
if ! test -L %{buildroot}/usr/lib/obs/server/build; then
  echo "/usr/lib/obs/server/build is not a symlink!"
  exit 1
fi

install -m 755 $RPM_BUILD_DIR/open-build-service-%version/dist/clouduploader.rb $RPM_BUILD_ROOT/%{_bindir}/clouduploader
mkdir -p $RPM_BUILD_ROOT/etc/obs/cloudupload
install -m 644 $RPM_BUILD_DIR/open-build-service-%version/dist/ec2utils.conf.example $RPM_BUILD_ROOT/etc/obs/cloudupload/.ec2utils.conf
mkdir -p $RPM_BUILD_ROOT/etc/obs/cloudupload/.aws
install -m 644 $RPM_BUILD_DIR/open-build-service-%version/dist/aws_credentials.example $RPM_BUILD_ROOT/etc/obs/cloudupload/.aws/credentials

rm %{buildroot}%{_datadir}/obs-api/Gemfile.lock
mv %{buildroot}%{_datadir}/obs-api/Gemfile %{buildroot}%{_datadir}/obs-api/Gemfile.in
sed -i \
    -e "s/'activerecord'/'active_record'/" \
    -e "s/'actionmailer'/'action_mailer'/" \
    -e "s/'yajl-ruby'/'yajl'/" \
    -e "s/'sprite-factory'/'sprite_factory'/" \
    -e "s/'minitest-fail-fast'/'minitest-fail_fast'/" \
    %{buildroot}%{_datadir}/obs-api/Gemfile.in
rm -rf %{buildroot}%{_datadir}/obs-api/.bundle

%if %{with selinux}
%{__mkdir_p} %{buildroot}%{_datadir}/selinux/packages
%{__install} -m644 src/selinux/obs-common.pp \
    %{buildroot}%{_datadir}/selinux/packages/obs-common.pp
%{__install} -m644 src/selinux/obs-api.pp \
    %{buildroot}%{_datadir}/selinux/packages/obs-api.pp
%{__install} -m644 src/selinux/obs-server.pp \
    %{buildroot}%{_datadir}/selinux/packages/obs-server.pp
%endif

%if !0%{?suse_version:1}
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/obs
install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/obs/rc.compat
sed -i \
    -e 's|\. /etc/rc.status|. %{_datadir}/obs/rc.compat|' \
    $RPM_BUILD_ROOT%{_sbindir}/obs*
%endif

# Link the assets without hash to make them accessible for third party tools like the pattern library
pushd $RPM_BUILD_ROOT%{_datadir}/obs-api/public/assets/webui2/
ln -sf application-*.js application.js
ln -sf webui2-*.css webui2.css
popd

%check
%if 0%{?disable_obs_test_suite}
echo "WARNING:"
echo "WARNING: OBS test suite got skipped!"
echo "WARNING:"
exit 0
%endif

export TZ=GMT
export LANG=C.UTF-8
export DESTDIR=$RPM_BUILD_ROOT
# check installed backend
pushd $RPM_BUILD_ROOT/usr/lib/obs/server/
rm -rf build
ln -sf /usr/lib/build build # just for %%check, it is a %%ghost
popd

# run in build environment
pushd src/backend/
rm -rf build
ln -sf /usr/lib/build build
popd

####
# start backend testing
pushd $RPM_BUILD_ROOT/usr/lib/obs/server/
%if 0%{?disable_obs_backend_test_suite:1} < 1
# TODO: move syntax check to backend test suite
for i in bs_*; do
  perl -wc "$i"
done
bash $RPM_BUILD_DIR/open-build-service-%version/src/backend/testdata/test_dispatcher || exit 1
popd

make -C src/backend test
%endif

####
# start api testing
#
%if 0%{?disable_obs_frontend_test_suite:1} < 1
rm -rf src/api/Gemfile.lock
mv src/api/Gemfile src/api/Gemfile.in
sed -i \
    -e "s/'activerecord'/'active_record'/" \
    -e "s/'actionmailer'/'action_mailer'/" \
    -e "s/'yajl-ruby'/'yajl'/" \
    -e "s/'sprite-factory'/'sprite_factory'/" \
    -e "s/'minitest-fail-fast'/'minitest-fail_fast'/" \
    src/api/Gemfile.in
make -C src/api test
%endif

####
# distribution tests
%if 0%{?disable_obs_dist_test_suite:1} < 1
make -C dist test
%endif

%pre
getent passwd obsservicerun >/dev/null || \
    %{_sbindir}/useradd -r -g obsrun -d /usr/lib/obs -s %{sbin}/nologin \
    -c "User for the build service source service" obsservicerun

%service_add_pre obsscheduler.service
%service_add_pre obssrcserver.service
%service_add_pre obsrepserver.service
%service_add_pre obspublisher.service
%service_add_pre obssigner.service
%service_add_pre obsservicedispatch.service
%service_add_pre obsservice.service
%service_add_pre obsdeltastore.service
%service_add_pre obsdispatcher.service
%service_add_pre obsdodup.service
%service_add_pre obsgetbinariesproxy.service
%service_add_pre obswarden.service
%service_add_pre obsnotifyforward.service
%service_add_pre obsredis.service

# make sure logfiles belong to the obsrun user
if [ -f /etc/sysconfig/obs-server ] ; then
    . /etc/sysconfig/obs-server
fi
for i in deltastore dispatcher dodup obsgetbinariesproxy publisher rep_server servicedispatch signer src_server warden ; do
    LOG=${OBS_LOG_DIR:=%{_localstatedir}/log/obs}/$i.log
    test -f $LOG && chown obsrun:obsrun $LOG
done
for i in src_service ; do
    LOG=${OBS_LOG_DIR:=%{_localstatedir}/log/obs}/$i.log
    test -f $LOG && chown obsservicerun:obsrun $LOG
done

exit 0

# create user and group in advance of obs-server
%pre -n obs-common
getent group obsrun >/dev/null || %{_sbindir}/groupadd -r obsrun
getent passwd obsrun >/dev/null || \
    %{_sbindir}/useradd -r -g obsrun -d /usr/lib/obs -s %{sbin}/nologin \
    -c "User for build service backend" obsrun
%service_add_pre obsstoragesetup.service
exit 0

%pre -n obs-worker
%service_add_pre obsworker.service

%pre -n obs-cloud-uploader
%service_add_pre obsclouduploadworker.service
%service_add_pre obsclouduploadserver.service

%preun
%service_del_preun obsscheduler.service
%service_del_preun obssrcserver.service
%service_del_preun obsrepserver.service
%service_del_preun obspublisher.service
%service_del_preun obssigner.service
%service_del_preun obsservicedispatch.service
%service_del_preun obsservice.service
%service_del_preun obsdeltastore.service
%service_del_preun obsdispatcher.service
%service_del_preun obsdodup.service
%service_del_preun obsgetbinariesproxy.service
%service_del_preun obswarden.service
%service_del_preun obsnotifyforward.service
%service_del_preun obsredis.service

%preun -n obs-common
%service_del_preun obsstoragesetup.service

%preun -n obs-worker
%service_del_preun obsworker.service

%preun -n obs-cloud-uploader
%service_del_preun obsclouduploadworker.service
%service_del_preun obsclouduploadserver.service

%preun -n obs-api
%service_del_preun %{obs_api_support_scripts}

%post
%service_add_post obsscheduler.service
%if %{with selinux}
%{_sbindir}/semodule -i %{_datadir}/selinux/packages/obs-server.pp
%{_sbindir}/semanage port -a -t obs_srcserver_port_t -p tcp 15352
%{_sbindir}/semanage port -a -t obs_repserver_port_t -p tcp 15252
%{_sbindir}/semanage port -a -t obs_serviceserver_port_t -p tcp 15152
%{_sbindir}/fixfiles -R %{name} restore || :
%{_sbindir}/restorecon -R %{obs_backend_data_dir} %{_localstatedir}/log/obs || :
%endif

%service_add_post obssrcserver.service
%service_add_post obsrepserver.service
%service_add_post obspublisher.service
%service_add_post obssigner.service
%service_add_post obsservicedispatch.service
%service_add_post obsservice.service
%service_add_post obsdeltastore.service
%service_add_post obsdispatcher.service
%service_add_post obsdodup.service
%service_add_post obsgetbinariesproxy.service
%service_add_post obswarden.service
%service_add_post obsnotifyforward.service
%service_add_post obsredis.service

%post -n obs-worker
%service_add_post obsworker.service

%post -n obs-cloud-uploader
%service_add_post obsclouduploadworker.service
%service_add_post obsclouduploadserver.service

%posttrans
[ -d %{_sharedstatedir}/obs ] || install -d -o obsrun -g obsrun %{_sharedstatedir}/obs
# this changes from directory to symlink. rpm can not handle this itself.
if [ -e /usr/lib/obs/server/build -a ! -L /usr/lib/obs/server/build ]; then
  rm -rf /usr/lib/obs/server/build
fi
if [ ! -e /usr/lib/obs/server/build ]; then
  ln -sf ../../build /usr/lib/obs/server/build
fi

%postun
%service_del_postun -r obsscheduler.service
%service_del_postun -r obssrcserver.service
%service_del_postun -r obsrepserver.service
%service_del_postun -r obspublisher.service
%service_del_postun -r obssigner.service
%service_del_postun -r obsservicedispatch.service
%service_del_postun -r obsservice.service
%service_del_postun -r obsdeltastore.service
%service_del_postun -r obsdispatcher.service
%service_del_postun -r obsdodup.service
%service_del_postun -r obsgetbinariesproxy.service
%service_del_postun -r obswarden.service
%service_del_postun -r obsnotifyforward.service
%service_del_postun -r obsredis.service
# cleanup empty directory just in case
rmdir %{_sharedstatedir}/obs 2> /dev/null || :

if [ "$1" -eq 0 ]; then
    %{_sbindir}/semanage port -d -p tcp 15352
    %{_sbindir}/semanage port -d -p tcp 15252
    %{_sbindir}/semanage port -d -p tcp 15152
    %{_sbindir}/semodule -r obs-server || :
    %{_sbindir}/fixfiles -R %{name} restore || :
    [ -d %{obs_backend_data_dir} ] && %{_sbindir}/restorecon -R %{obs_backend_data_dir} || :
    [ -d %{_localstatedir}/log/obs ] && %{_sbindir}/restorecon -R %{_localstatedir}/log/obs || :
fi

%postun -n obs-common
# NOT used on purpose: restart_on_update obsstoragesetup
# This is just run once on boot
%service_del_postun -n obsstoragesetup.service
%if %{with selinux}
test "$1" -eq 0 && semodule -r obs-common >/dev/null 2>&1 || :
%endif

%postun -n obs-worker
# NOT used on purpose: restart_on_update obsworker
# This can cause problems when building chroot
# and bs_worker is anyway updating itself at runtime based on server code
%service_del_postun -n obsworker.service

%postun -n obs-cloud-uploader
%service_del_postun -r obsclouduploadworker.service
%service_del_postun -r obsclouduploadserver.service

%verifyscript -n obs-server
%verify_permissions

%pre -n obs-api
getent passwd obsapidelayed >/dev/null || \
  %{_sbindir}/useradd -r -s /bin/bash -c "User for build service api delayed jobs" -d %{_datadir}/obs-api -g %{apache_group} obsapidelayed
%service_add_pre %{obs_api_support_scripts}

# On upgrade keep the values for the %post script
if [ "$1" == 2 ]; then
  # Cannot use "sytemctl is-enabled obsapidelayed.service" here
  # as it throws an error like "Can't determine current runlevel"
  if [ -e /etc/init.d/rc3.d/S50obsapidelayed ];then
    touch %{_rundir}/enable_obs-api-support.target
  fi
  if systemctl --quiet is-active  obsapidelayed.service;then
    touch %{_rundir}/start_obs-api-support.target
    systemctl stop    obsapidelayed.service
    systemctl disable obsapidelayed.service
  fi
fi

%post -n obs-common
%service_add_post obsstoragesetup.service
%{fillup_and_insserv -n obs-server}

%if %{with selinux}
semodule -i %{_datadir}/selinux/packages/obs-common.pp
%{_sbindir}/fixfiles -R obs-common restore || :
%endif

%post -n obs-api
if [ ! -s %{secret_key_file} ]; then
  pushd %{_datadir}/obs-api
  RAILS_ENV=production bin/rails secret > %{secret_key_file}
  popd
fi
chmod 0640 %{secret_key_file}
chown root.%{apache_group} %{secret_key_file}

# update config
sed -i -e 's,[ ]*adapter: mysql$,  adapter: mysql2,' %{_datadir}/obs-api/config/database.yml
touch %{_localstatedir}/log/obs-api/production.log
chown %{apache_user}:%{apache_group} %{_localstatedir}/log/obs-api/production.log

%if %{with selinux}
semodule -i %{_datadir}/selinux/packages/obs-api.pp
restorecon -R %{_localstatedir}/log/obs-api
%{_sbindir}/fixfiles -R obs-common restore || :
%endif

%restart_on_update memcached
%service_add_post %{obs_api_support_scripts}
# We need to touch the last_deploy file in the post hook
# to update the timestamp which we use to display the
# last deployment time in the API
touch %{_datadir}/obs-api/last_deploy || true

# Upgrading from SysV obsapidelayed.service to systemd obs-api-support.target
# This must be done after %%service_add_post. Otherwise the distribution preset is
# take, which is disabled in case of obs-api-support.target
if [ -e %{_rundir}/enable_obs-api-support.target ];then
  systemctl enable obs-api-support.target
  rm %{_rundir}/enable_obs-api-support.target
fi
if [ -e %{_rundir}/start_obs-api-support.target ];then
  systemctl start  obs-api-support.target
  rm %{_rundir}/start_obs-api-support.target
fi

%postun -n obs-api
%insserv_cleanup
%service_del_postun %{obs_api_support_scripts}
%if 0%{?suse_version:1}
%service_del_postun -r apache2
%endif
%if 0%{?fedora} || 0%{?rhel}
%service_del_postun -r httpd
%endif
%if %{with selinux}
test "$1" -eq 0 && semodule -r obs-api >/dev/null 2>&1 || :
%endif

%files
%defattr(-,root,root)
%doc dist/{README.UPDATERS,README.SETUP} docs/openSUSE.org.xml ReleaseNotes-* README.md COPYING AUTHORS
%dir /etc/slp.reg.d
%dir /usr/lib/obs
%dir /usr/lib/obs/server
%config(noreplace) /etc/logrotate.d/obs-server
%{_unitdir}/obsscheduler.service
%{_unitdir}/obssrcserver.service
%{_unitdir}/obsrepserver.service
%{_unitdir}/obspublisher.service
%{_unitdir}/obssigner.service
%{_unitdir}/obsservicedispatch.service
%{_unitdir}/obsdeltastore.service
%{_unitdir}/obsdispatcher.service
%{_unitdir}/obsdodup.service
%{_unitdir}/obsgetbinariesproxy.service
%{_unitdir}/obswarden.service
%{_unitdir}/obsnotifyforward.service
%{_unitdir}/obsredis.service
%{_sbindir}/obs_admin
%{_sbindir}/obs_serverstatus
%{_sbindir}/obsscheduler
%{_sbindir}/rcobsdispatcher
%{_sbindir}/rcobspublisher
%{_sbindir}/rcobsrepserver
%{_sbindir}/rcobsscheduler
%{_sbindir}/rcobssrcserver
%{_sbindir}/rcobswarden
%{_sbindir}/rcobsdodup
%{_sbindir}/rcobsgetbinariesproxy
%{_sbindir}/rcobsdeltastore
%{_sbindir}/rcobsservicedispatch
%{_sbindir}/rcobssigner
%{_sbindir}/rcobsnotifyforward
%{_sbindir}/rcobsredis
/usr/lib/obs/server/plugins
/usr/lib/obs/server/BSDispatcher
/usr/lib/obs/server/BSRepServer
/usr/lib/obs/server/BSSched
/usr/lib/obs/server/BSSrcServer
/usr/lib/obs/server/BSPublisher
/usr/lib/obs/server/XML
/usr/lib/obs/server/*.pm
/usr/lib/obs/server/BSConfig.pm.template
/usr/lib/obs/server/DESIGN
/usr/lib/obs/server/License
/usr/lib/obs/server/README
/usr/lib/obs/server/bs_admin
/usr/lib/obs/server/bs_cleanup
/usr/lib/obs/server/bs_archivereq
/usr/lib/obs/server/bs_check_consistency
/usr/lib/obs/server/bs_deltastore
/usr/lib/obs/server/bs_servicedispatch
/usr/lib/obs/server/bs_dodup
/usr/lib/obs/server/bs_getbinariesproxy
/usr/lib/obs/server/bs_mergechanges
/usr/lib/obs/server/bs_mkarchrepo
/usr/lib/obs/server/bs_notar
/usr/lib/obs/server/bs_regpush
/usr/lib/obs/server/bs_dispatch
/usr/lib/obs/server/bs_publish
/usr/lib/obs/server/bs_repserver
/usr/lib/obs/server/bs_sched
/usr/lib/obs/server/bs_serverstatus
/usr/lib/obs/server/bs_srcserver
/usr/lib/obs/server/bs_worker
/usr/lib/obs/server/bs_signer
/usr/lib/obs/server/bs_warden
/usr/lib/obs/server/bs_redis
/usr/lib/obs/server/bs_notifyforward
/usr/lib/obs/server/worker
/usr/lib/obs/server/worker-deltagen.spec
%config(noreplace) /usr/lib/obs/server/BSConfig.pm
%config(noreplace) /etc/slp.reg.d/*
# created via %%post, since rpm fails otherwise while switching from
# directory to symlink
%ghost /usr/lib/obs/server/build
%attr(0775, obsrun, obsrun) %dir %{obs_backend_data_dir}
%attr(0755, obsrun, obsrun) %dir %{obs_backend_data_dir}/build
%attr(0755, obsrun, obsrun) %dir %{obs_backend_data_dir}/events
%attr(0700, root, root)     %dir %{obs_backend_data_dir}/gnupg
%attr(0755, obsrun, obsrun) %dir %{obs_backend_data_dir}/info
%attr(0755, obsrun, obsrun) %dir %{obs_backend_data_dir}/jobs
%{obs_backend_data_dir}/log
%attr(0755, obsrun, obsrun) %dir %{obs_backend_data_dir}/projects
%attr(0775, obsrun, obsrun) %dir %{obs_backend_data_dir}/run
%attr(0755, obsservicerun, obsrun) %dir %{obs_backend_data_dir}/service
%{obs_backend_data_dir}/service/log
%attr(0775, obsrun, obsrun) %dir %{_localstatedir}/log/obs
%attr(0775, obsservicerun, obsrun) %dir %{_localstatedir}/log/obs/service


# formerly obs-source_service
%{_unitdir}/obsservice.service
%config(noreplace) /etc/logrotate.d/obs-source_service
%config(noreplace) /etc/cron.d/cleanup_scm_cache
/usr/sbin/rcobsservice
/usr/lib/obs/server/bs_service
/usr/lib/obs/server/call-service-in-docker.sh
/usr/lib/obs/server/run-service-containerized
/usr/lib/obs/server/cleanup_scm_cache

# formerly obs-productconverter
/usr/bin/obs_productconvert
/usr/lib/obs/server/bs_productconvert

%if %{with selinux}
%{_datadir}/selinux/packages/obs-server.pp
%endif

# add obsservicerun user into docker group if docker
# gets installed
%triggerin -n obs-server -- docker
%{_sbindir}/usermod -a -G docker obsservicerun

%files -n obs-worker
%defattr(-,root,root)
%{_unitdir}/obsworker.service
%{_sbindir}/obsworker
%{_sbindir}/rcobsworker

%files -n obs-api
%defattr(-,root,root)
%doc dist/{README.UPDATERS,README.SETUP} docs/openSUSE.org.xml ReleaseNotes-* README.md COPYING AUTHORS
%dir %{_datadir}/obs
%{_datadir}/obs/overview

%{_datadir}/obs-api/config/thinking_sphinx.yml.example
%config(noreplace) %{_datadir}/obs-api/config/thinking_sphinx.yml
%attr(-,%{apache_user},%{apache_group}) %config(noreplace) %{_datadir}/obs-api/config/production.sphinx.conf

%dir %{_datadir}/obs-api
%dir %{_datadir}/obs-api/config
%config(noreplace) %{_datadir}/obs-api/config/cable.yml
%config(noreplace) %{_datadir}/obs-api/config/feature.yml
%config(noreplace) %{_datadir}/obs-api/config/puma.rb
%config(noreplace) %{_datadir}/obs-api/config/secrets.yml
%config(noreplace) %{_datadir}/obs-api/config/spring.rb
%config(noreplace) %{_datadir}/obs-api/config/crawler-user-agents.json
%{_datadir}/obs-api/config/initializers
%dir %{_datadir}/obs-api/config/environments
%dir %{_datadir}/obs-api/files
%dir %{_datadir}/obs-api/db
%{_datadir}/obs-api/db/checker.rb
%{_datadir}/obs-api/Gemfile.in
%verify(not mtime) %{_datadir}/obs-api/last_deploy
%{_datadir}/obs-api/config.ru
%{_datadir}/obs-api/config/application.rb
%{_datadir}/obs-api/config/clock.rb
%config(noreplace) /etc/logrotate.d/obs-api
%{_unitdir}/obsapisetup.service
%{_unitdir}/obs-api-support.target
%{_unitdir}/obs-clockwork.service
%{_unitdir}/obs-delayedjob-queue-consistency_check.service
%{_unitdir}/obs-delayedjob-queue-default.service
%{_unitdir}/obs-delayedjob-queue-issuetracking.service
%{_unitdir}/obs-delayedjob-queue-mailers.service
%{_unitdir}/obs-delayedjob-queue-project_log_rotate.service
%{_unitdir}/obs-delayedjob-queue-quick@.service
%{_unitdir}/obs-delayedjob-queue-releasetracking.service
%{_unitdir}/obs-delayedjob-queue-staging.service
%{_unitdir}/obs-sphinx.service
%{_sbindir}/rcobs-api-support
%{_sbindir}/rcobs-clockwork
%{_sbindir}/rcobs-delayedjob-queue-consistency_check
%{_sbindir}/rcobs-delayedjob-queue-default
%{_sbindir}/rcobs-delayedjob-queue-issuetracking
%{_sbindir}/rcobs-delayedjob-queue-mailers
%{_sbindir}/rcobs-delayedjob-queue-project_log_rotate
%{_sbindir}/rcobs-delayedjob-queue-releasetracking
%{_sbindir}/rcobs-delayedjob-queue-staging
%{_sbindir}/rcobs-sphinx
%{_sbindir}/rcobsapisetup
%{_datadir}/obs-api/app
%attr(-,%{apache_user},%{apache_group})  %{_datadir}/obs-api/db/structure.sql
%attr(-,%{apache_user},%{apache_group})  %{_datadir}/obs-api/db/data_schema.rb
%{_datadir}/obs-api/db/attribute_descriptions.rb
%{_datadir}/obs-api/db/data
%{_datadir}/obs-api/db/migrate
%{_datadir}/obs-api/db/seeds.rb
%{_datadir}/obs-api/files/wizardtemplate.spec
%{_datadir}/obs-api/lib
%{_datadir}/obs-api/public
%{_datadir}/obs-api/Rakefile
%{_datadir}/obs-api/script
%{_datadir}/obs-api/bin
%{_datadir}/obs-api/test
%{_datadir}/obs-api/vendor/assets
%{_datadir}/obs-api-doc

%{_datadir}/obs-api/config/locales
%dir %{_datadir}/obs-api/vendor
%{_datadir}/obs-api/vendor/diststats

#
# some files below config actually are _not_ config files
# so here we go, file by file
#

%{_datadir}/obs-api/config/boot.rb
%{_datadir}/obs-api/config/routes.rb
%{_datadir}/obs-api/config/environments/development.rb
%attr(0640,root,%apache_group) %config(noreplace) %verify(md5) %{_datadir}/obs-api/config/database.yml
%attr(0640,root,%apache_group) %{_datadir}/obs-api/config/database.yml.example
%attr(0644,root,root) %config(noreplace) %verify(md5) %{_datadir}/obs-api/config/options.yml
%attr(0644,root,root) %{_datadir}/obs-api/config/options.yml.example
%dir %attr(0755,%apache_user,%apache_group) %{_datadir}/obs-api/db/sphinx
%dir %attr(0755,%apache_user,%apache_group) %{_datadir}/obs-api/db/sphinx/production

%config %{_datadir}/obs-api/config/environment.rb
%config %{_datadir}/obs-api/config/environments/production.rb
%config %{_datadir}/obs-api/config/environments/test.rb
%config %{_datadir}/obs-api/config/environments/stage.rb

%{_datadir}/obs-api/log
%attr(-,%{apache_user},%{apache_group}) %{_datadir}/obs-api/tmp

# these dirs primarily belong to apache2:
%if 0%{?fedora} || 0%{?rhel}
%{_httpd_confdir}/obs.conf.dist
%else
%dir /etc/apache2
%dir /etc/apache2/vhosts.d
%config(noreplace) /etc/apache2/vhosts.d/obs.conf
%endif

%defattr(0644,%{apache_user},%{apache_group})
%ghost %{_localstatedir}/log/obs-api/access.log
%ghost %{_localstatedir}/log/obs-api/backend_access.log
%ghost %{_localstatedir}/log/obs-api/delayed_job.log
%ghost %{_localstatedir}/log/obs-api/error.log
%ghost %{_localstatedir}/log/obs-api/lastevents.access.log
%ghost %{_localstatedir}/log/obs-api/production.log
%ghost %attr(0640,root,www) %secret_key_file
%if %{with selinux}
%{_datadir}/selinux/packages/obs-api.pp
%endif

%files -n obs-common
%defattr(-,root,root)
%if 0%{?suse_version:1}
%{_fillupdir}/sysconfig.obs-server
%else
%config(noreplace) %{_sysconfdir}/sysconfig/obs-server
%dir %{_datadir}/obs
%{_datadir}/obs/rc.compat
%endif
/usr/lib/obs/server/setup-appliance.sh
%{_unitdir}/obsstoragesetup.service
%{_sbindir}/obsstoragesetup
%{_sbindir}/rcobsstoragesetup
%if %{with selinux}
%{_datadir}/selinux/packages/obs-common.pp
%endif

%files -n obs-utils
%defattr(-,root,root)
%{_sbindir}/obs_project_update

%files -n obs-tests-appliance
%defattr(-,root,root)
%dir /usr/lib/obs/tests/
%dir /usr/lib/obs/tests/appliance
/usr/lib/obs/tests/appliance/*

%files -n obs-cloud-uploader
%defattr(-,root,root)
%{_unitdir}/obsclouduploadworker.service
%{_unitdir}/obsclouduploadserver.service
%{_sbindir}/rcobsclouduploadworker
%{_sbindir}/rcobsclouduploadserver
/usr/lib/obs/server/bs_clouduploadserver
/usr/lib/obs/server/bs_clouduploadworker
%{_bindir}/clouduploader
%dir /etc/obs
%dir /etc/obs/cloudupload
%dir /etc/obs/cloudupload/.aws
%config(noreplace) /etc/obs/cloudupload/.aws/credentials
%config /etc/obs/cloudupload/.ec2utils.conf

%changelog