File haproxy.spec of Package haproxy.748

#
# spec file for package haproxy
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


# Please submit bugfixes or comments via http://bugs.opensuse.org/
%if 0%{?suse_version} >= 1230
%bcond_without tcp_fast_open
%else
%bcond_with tcp_fast_open
%endif

%if 0%{?suse_version} >= 1310
%bcond_without systemd
%else
%bcond_with systemd
%endif

%if 0%{?suse_version} > 1140
%bcond_without pcre_jit
%else
%bcond_with pcre_jit
%endif
%bcond_without  apparmor

Name:           haproxy
Version:        1.5.4
Release:        0
#
#
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  libgcrypt-devel
BuildRequires:  openssl-devel
BuildRequires:  pcre-devel
BuildRequires:  pkg-config
BuildRequires:  udev
BuildRequires:  zlib-devel
%if %{with systemd}
BuildRequires:  pkgconfig(systemd)
%endif
BuildRequires:  vim
%define pkg_name haproxy
%define pkg_home /var/lib/%{pkg_name}
#
Url:            http://www.haproxy.org/
Source:         http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
Source1:        %{pkg_name}.init
Source2:        http://www.haproxy.org/download/contrib/haproxy.vim
Source3:        usr.sbin.haproxy.apparmor
Source4:        local.usr.sbin.haproxy.apparmor
Patch1:         haproxy-1.2.16_config_haproxy_user.patch
Patch2:         haproxy-makefile_lib.patch
Patch3:         sec-options.patch
Patch4:         haproxy-1.5_check_config_before_start.patch

# PATCH-FIX-UPSTREAM: MEDIUM: ssl: replace standards DH groups with custom ones (bsc#937202)
Patch5:         0001-MINOR-ssl-add-fetchs-ssl_c_der-and-ssl_f_der-to-retu.patch
Patch6:         0002-MINOR-ssl-add-statement-to-force-some-ssl-options-in.patch
Patch7:         0003-BUG-MINOR-ssl-correctly-initialize-ssl-ctx-for-inval.patch
Patch8:         0004-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
Patch9:         0005-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
Patch10:        0006-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
Patch11:        0007-MINOR-ssl-load-certificates-in-alphabetical-order.patch
Patch12:        0008-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
Patch13:        0009-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
Patch14:        0010-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
Patch15:        0011-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
Patch16:        0012-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
# PATCH-FIX-UPSTREAM: BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data (bsc#937042) (CVE-2015-3281)
Patch17:        0013-BUG-MAJOR-buffers-make-the-buffer_slow_realign-funct.patch

Source99:       haproxy-rpmlintrc
#
Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
License:        GPL-2.0+ and LGPL-2.1+
Group:          Productivity/Networking/Web/Proxy
Provides:       %{name}-doc = %{version}
Obsoletes:      %{name}-doc < %{version}
Provides:       haproxy-1.5 = %{version}
Obsoletes:      haproxy-1.5 < %{version}
# this requires is not strictly needed. we only need it for the ownership of the vim data dir
Requires:       vim
%if %{with systemd}
%{?systemd_requires}
%endif
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}

%description
HAProxy implements an event-driven, mono-process model which enables support
for very high number of simultaneous connections at very high speeds.
Multi-process or multi-threaded models can rarely cope with thousands of
connections because of memory limits, system scheduler limits, and lock
contention everywhere. Event-driven models do not have these problems because
implementing all the tasks in user-space allows a finer resource and time
management. The down side is that those programs generally don't scale well on
multi-processor systems. That's the reason why they must be optimized to get
the most work done from every CPU cycle.

%prep
%setup -q
%patch1
%patch2
%patch3
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1

%build
%{__make} \
    TARGET=linux26 \
    CPU="%{_target_cpu}" \
    USE_PCRE=1 \
    %if %{with pcre_jit}
    USE_PCRE_JIT=1 \
    %endif
    USE_LIBCRYPT=1 \
    USE_OPENSSL=1 \
    USE_ZLIB=1 \
    USE_NETFILTER=1 \
    %ifarch %ix86
    USE_REGPARM=1 \
    %endif
    USE_TPROXY=1 \
    USE_LINUX_TPROXY=1 \
    USE_LINUX_SPLICE=1 \
    USE_ACCEPT4=1 \
    USE_CPU_AFFINITY=1 \
    USE_GETADDRINFO=1 \
    USE_GETSOCKNAME=1 \
    USE_PIE=1 \
    USE_STACKPROTECTOR=1 \
    USE_RELRO_NOW=1 \
%if %{with tcp_fast_open}
    USE_TFO=1 \
%endif
    LIB="%{_lib}" \
    PREFIX="%{_prefix}" \
    DEBUG_CFLAGS="%{optflags}"
make -C contrib/systemd  PREFIX="%{_prefix}"
make -C contrib/halog    PREFIX="%{_prefix}" \
    DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"

%install
%{__install} -D -m 0755 %{pkg_name}              %{buildroot}%{_sbindir}/%{pkg_name}
%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg

%{__install} -D -m 0755 contrib/halog/halog       %{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
%{__install} -D -m 0755 haproxy-systemd-wrapper  %{buildroot}%{_sbindir}/haproxy-systemd-wrapper
%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
%else
%{__install} -D -m 0755 %{S:1}                   %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name}   %{buildroot}%{_sbindir}/rc%{pkg_name}
%endif

%{__install} -d -m 0755                          %{buildroot}%{pkg_home}
%{__install} -D -m 0644 %{S:2}                   %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
%{__install} -D -m 0644 doc/%{pkg_name}.1        %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
%{__install} -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
%{__install} -D -m 0644 %{S:4}                   %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
%endif

%{__rm} examples/haproxy.spec

%if 0%{?suse_version} < 1230
%clean
%{?buildroot:%{__rm} -rf %{buildroot}}
%endif

%pre
/usr/sbin/groupadd -r %{pkg_name} &>/dev/null ||:
/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} &>/dev/null ||:

%if %{with systemd}
%service_add_pre %{pkg_name}.service

%post
%service_add_post %{pkg_name}.service

%preun
%service_del_preun %{pkg_name}.service

%postun
%service_del_postun %{pkg_name}.service

%else

%post
%fillup_and_insserv %{pkg_name}

%preun
%stop_on_removal %{pkg_name}

%postun
%restart_on_update %{pkg_name}
%{insserv_cleanup}

%endif

%files
%defattr(-,root,root,-)
%doc CHANGELOG README LICENSE
%doc ROADMAP doc/* examples/
%doc contrib/netsnmp-perl/ contrib/selinux/
%dir %{_sysconfdir}/%{pkg_name}
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
%{_sbindir}/haproxy-systemd-wrapper

%else

%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}

%endif

%{_sbindir}/haproxy
%{_sbindir}/haproxy-halog
%{_sbindir}/rchaproxy
%{pkg_home}
%{_mandir}/man1/%{pkg_name}.1.gz
%{vim_data_dir}/syntax/%{pkg_name}.vim
%if %{with apparmor}
%dir /etc/apparmor.d/
%dir /etc/apparmor.d/local/
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
%config(noreplace) /etc/apparmor.d/local/usr.sbin.haproxy
%endif

%changelog
openSUSE Build Service is sponsored by