Overview

File obs-signd.spec of Package obs-signd

# http://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#PIE
%global _hardened_build 1
%global commit 5c320501dc048bbcf56480dfc5780fb43dd20de5
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global snapdate 20210907
%global snapshotrel .%{snapdate}git%{shortcommit}
# To make rpmdev-bumpspec work properly
%global baserelease 2

Name:             obs-signd
Summary:          The OBS sign daemon
License:          GPLv2
URL:              https://github.com/openSUSE/obs-sign
Version:          2.6.1
Release:          %{baserelease}%{?dist}
#Release:          %%{baserelease}%%{?snapshotrel}%%{?dist}
Source0:          https://github.com/openSUSE/obs-sign/archive/%{version}/obs-sign-%{version}.tar.gz
# We renamed the option in gnupg2 to 'file-is-digest'
Patch0:           0001-Rename-option-files-are-digests-to-file-is-digest.patch
# https://github.com/openSUSE/obs-sign/pull/6
Patch1:           0002-fixes-user-id-matching-to-provide-unique-results.patch
# https://github.com/openSUSE/obs-sign/pull/36
Patch2:           0003-Implement-allow-unprivileged-ports-for-the-client.patch
Requires:         gnupg2
Requires(pre):    shadow-utils
BuildRequires:    perl-generators
BuildRequires:    systemd
BuildRequires:    gcc
BuildRequires:    make

%description
The OpenSUSE Build Service sign client and daemon.

This daemon can be used to sign anything via gpg by communicating
with a remote server to avoid the need to host the private key
on the same server.

%prep
%autosetup -n obs-sign-%{version}

%build
%make_build CFLAGS="%{build_cflags}" LDFLAGS="%{build_ldflags}" sign

%install
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_sysconfdir}
install -d -m 0755 %{buildroot}%{_bindir}

# binaries and configuration
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_sysconfdir}
install -m 0755 signd %{buildroot}%{_sbindir}
install -m 0750 sign %{buildroot}%{_bindir}
install -m 0644 sign.conf %{buildroot}%{_sysconfdir}

# systemd service
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 dist/signd.service %{buildroot}%{_unitdir}

# man pages
install -d -m 0755 %{buildroot}%{_mandir}/man{5,8}

for f in 5 8; do
  install -m 0644 sig*.${f} %{buildroot}%{_mandir}/man${f}/
done

%pre
getent group obsrun >/dev/null || %{_sbindir}/groupadd -r obsrun
getent passwd obsrun >/dev/null || \
  %{_sbindir}/useradd -r -s /bin/false -c "User for Open Build Service backend" \
                         -d %{_libdir}/obs -g obsrun obsrun
exit 0

%post
%systemd_post signd.service

%preun
%systemd_preun signd.service

%postun
%systemd_postun_with_restart signd.service

%files
%config(noreplace) %{_sysconfdir}/sign.conf
%attr(4750,root,obsrun) %{_bindir}/sign
%{_sbindir}/signd
%{_unitdir}/signd.service
%doc %{_mandir}/man*/*
Places