File haproxy.spec of Package haproxy.748

# spec file for package haproxy
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

# Please submit bugfixes or comments via
%if 0%{?suse_version} >= 1230
%bcond_without tcp_fast_open
%bcond_with tcp_fast_open

%if 0%{?suse_version} >= 1310
%bcond_without systemd
%bcond_with systemd

%if 0%{?suse_version} > 1140
%bcond_without pcre_jit
%bcond_with pcre_jit
%bcond_without  apparmor

Name:           haproxy
Version:        1.5.4
Release:        0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  libgcrypt-devel
BuildRequires:  openssl-devel
BuildRequires:  pcre-devel
BuildRequires:  pkg-config
BuildRequires:  udev
BuildRequires:  zlib-devel
%if %{with systemd}
BuildRequires:  pkgconfig(systemd)
BuildRequires:  vim
%define pkg_name haproxy
%define pkg_home /var/lib/%{pkg_name}
Source1:        %{pkg_name}.init
Source3:        usr.sbin.haproxy.apparmor
Source4:        local.usr.sbin.haproxy.apparmor
Patch1:         haproxy-1.2.16_config_haproxy_user.patch
Patch2:         haproxy-makefile_lib.patch
Patch3:         sec-options.patch
Patch4:         haproxy-1.5_check_config_before_start.patch

# PATCH-FIX-UPSTREAM: MEDIUM: ssl: replace standards DH groups with custom ones (bsc#937202)
Patch5:         0001-MINOR-ssl-add-fetchs-ssl_c_der-and-ssl_f_der-to-retu.patch
Patch6:         0002-MINOR-ssl-add-statement-to-force-some-ssl-options-in.patch
Patch7:         0003-BUG-MINOR-ssl-correctly-initialize-ssl-ctx-for-inval.patch
Patch8:         0004-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
Patch9:         0005-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
Patch10:        0006-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
Patch11:        0007-MINOR-ssl-load-certificates-in-alphabetical-order.patch
Patch12:        0008-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
Patch13:        0009-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
Patch14:        0010-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
Patch15:        0011-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
Patch16:        0012-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
# PATCH-FIX-UPSTREAM: BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data (bsc#937042) (CVE-2015-3281)
Patch17:        0013-BUG-MAJOR-buffers-make-the-buffer_slow_realign-funct.patch

Source99:       haproxy-rpmlintrc
Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
License:        GPL-2.0+ and LGPL-2.1+
Group:          Productivity/Networking/Web/Proxy
Provides:       %{name}-doc = %{version}
Obsoletes:      %{name}-doc < %{version}
Provides:       haproxy-1.5 = %{version}
Obsoletes:      haproxy-1.5 < %{version}
# this requires is not strictly needed. we only need it for the ownership of the vim data dir
Requires:       vim
%if %{with systemd}
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}

HAProxy implements an event-driven, mono-process model which enables support
for very high number of simultaneous connections at very high speeds.
Multi-process or multi-threaded models can rarely cope with thousands of
connections because of memory limits, system scheduler limits, and lock
contention everywhere. Event-driven models do not have these problems because
implementing all the tasks in user-space allows a finer resource and time
management. The down side is that those programs generally don't scale well on
multi-processor systems. That's the reason why they must be optimized to get
the most work done from every CPU cycle.

%setup -q
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1

%{__make} \
    TARGET=linux26 \
    CPU="%{_target_cpu}" \
    USE_PCRE=1 \
    %if %{with pcre_jit}
    USE_PCRE_JIT=1 \
    USE_ZLIB=1 \
    %ifarch %ix86
    USE_TPROXY=1 \
    USE_ACCEPT4=1 \
    USE_PIE=1 \
%if %{with tcp_fast_open}
    USE_TFO=1 \
    LIB="%{_lib}" \
    PREFIX="%{_prefix}" \
make -C contrib/systemd  PREFIX="%{_prefix}"
make -C contrib/halog    PREFIX="%{_prefix}" \
    DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"

%{__install} -D -m 0755 %{pkg_name}              %{buildroot}%{_sbindir}/%{pkg_name}
%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg

%{__install} -D -m 0755 contrib/halog/halog       %{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
%{__install} -D -m 0755 haproxy-systemd-wrapper  %{buildroot}%{_sbindir}/haproxy-systemd-wrapper
%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
%{__install} -D -m 0755 %{S:1}                   %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name}   %{buildroot}%{_sbindir}/rc%{pkg_name}

%{__install} -d -m 0755                          %{buildroot}%{pkg_home}
%{__install} -D -m 0644 %{S:2}                   %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
%{__install} -D -m 0644 doc/%{pkg_name}.1        %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
%{__install} -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
%{__install} -D -m 0644 %{S:4}                   %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy

%{__rm} examples/haproxy.spec

%if 0%{?suse_version} < 1230
%{?buildroot:%{__rm} -rf %{buildroot}}

/usr/sbin/groupadd -r %{pkg_name} &>/dev/null ||:
/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} &>/dev/null ||:

%if %{with systemd}
%service_add_pre %{pkg_name}.service

%service_add_post %{pkg_name}.service

%service_del_preun %{pkg_name}.service

%service_del_postun %{pkg_name}.service


%fillup_and_insserv %{pkg_name}

%stop_on_removal %{pkg_name}

%restart_on_update %{pkg_name}


%doc ROADMAP doc/* examples/
%doc contrib/netsnmp-perl/ contrib/selinux/
%dir %{_sysconfdir}/%{pkg_name}
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%if %{with systemd}


%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}


%if %{with apparmor}
%dir /etc/apparmor.d/
%dir /etc/apparmor.d/local/
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
%config(noreplace) /etc/apparmor.d/local/usr.sbin.haproxy

openSUSE Build Service is sponsored by