File puppet.spec of Package puppet.579

#
# spec file for package puppet
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services

Name:           puppet
Version:        2.6.16
Release:        4.<RELEASE13>
Url:            http://reductivelabs.com/projects/puppet/
Source:         %{name}-%{version}.tar.bz2
Source1:        puppetmaster.fw
Source2:        puppet.fw
Source3:        puppet.sysconfig
Source4:        puppetmasterd.sysconfig
Source5:        puppetlabs-cve20113872-0.0.5.tar.gz
Source6:        CVE-2011-3872.msg
Patch:          %{name}-%{version}-yumconf.diff
Patch1:         %{name}-%{version}-init.diff
# PATCH-FIX-UPSTREAM bnc#721139 CVE-2011-3848
#Patch2:         puppet-2.6-CVE-2011-3848.patch
# PATCH-FIX-UPSTREAM bnc#727025 CVE-2011-3870
#Patch3:         2.6.x-9791-TOCTOU-in-ssh-auth-keys-type.patch
# PATCH-FIX-UPSTREAM CVE-2011-3871
#Patch4:         2.6.x-9792-Predictable-temporary-filename-in-ralsh.patch
# PATCH-FIX-UPSTREAM File indirector injection
#Patch5:         2.6.x-9793-secure-indirector-file-backed-terminus-base-cla.patch
# PATCH-FIX-UPSTREAM bnc#727024 CVE-CVE-2011-3869
#Patch6:         2.6.x-9794-k5login-can-overwrite-arbitrary-files-as-root.patch
# PATCH-FIX-UPSTREAM bnc#726372 CVE-CVE-2011-3872
#Patch7:         CVE-2011-3872.patch
#Patch8:         puppet-CVEs-2012-1906-2012-1986-to-2012-1989.patch

Requires:       ruby >= 1.8.1 
Requires:       facter >= 1.1.4
PreReq:         pwdutils %insserv_prereq %fillup_prereq 
BuildRequires:  facter >= 1.1.4
BuildRequires:  ruby >= 1.8.1
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Summary:        A network tool for managing many disparate systems
License:        GPL-2.0+
Group:          Productivity/Networking/System

%description
Puppet lets you centrally manage every important aspect of your system
using a cross-platform specification language that manages all the
separate elements normally aggregated in different files, like users,
cron jobs, and hosts, along with obviously discrete elements like
packages, services, and files.



%package server

PreReq:         puppet = %{version}-%{release} %insserv_prereq %fillup_prereq
Summary:        A network tool for managing many disparate systems
Group:          Productivity/Networking/System

%description server
Puppet lets you centrally manage every important aspect of your system
using a cross-platform specification language that manages all the
separate elements normally aggregated in different files, like users,
cron jobs, and hosts, along with obviously discrete elements like
packages, services, and files.



%prep
%setup -q
%patch
%patch1
#%patch2 -p1
#%patch3 -p1
#%patch4 -p1
#%patch5 -p1
#%patch6 -p1
#%patch7 -p1
#%patch8 -p1
tar xf %{S:5}
sed -i 's#/usr/local/bin/ruby#/usr/bin/ruby#' lib/puppet/external/nagios.rb

%build

%install
DESTDIR=$RPM_BUILD_ROOT ruby -rvendor-specific install.rb install --prefix=%{buildroot}
install -d -m 755 $RPM_BUILD_ROOT/var/lib/puppet
mkdir -p $RPM_BUILD_ROOT/etc/puppet
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/sbin
install -d -m0755 %{buildroot}%{_localstatedir}/lib/puppet
install -d -m0755 %{buildroot}%{_localstatedir}/run/puppet
install -d -m0750 %{buildroot}%{_localstatedir}/log/puppet
mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir}
install -m0644 conf/redhat/puppet.conf $RPM_BUILD_ROOT/etc/puppet/puppet.conf
install -m0644 conf/auth.conf $RPM_BUILD_ROOT/etc/puppet/auth.conf
install -m0755 conf/suse/client.init $RPM_BUILD_ROOT/etc/init.d/puppet
install -m0755 conf/suse/server.init $RPM_BUILD_ROOT/etc/init.d/puppetmasterd
ln -sf ../../etc/init.d/puppet $RPM_BUILD_ROOT/%{_sbindir}/rcpuppet
ln -sf ../../etc/init.d/puppetmasterd $RPM_BUILD_ROOT/%{_sbindir}/rcpuppetmasterd
install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_fwdefdir}/puppetmasterd
install -m 644 %SOURCE2 $RPM_BUILD_ROOT/%{_fwdefdir}/puppet
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
cp %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.puppet
cp %{S:4} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.puppetmasterd
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/external/nagios.rb
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/network/http_server/mongrel.rb
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/relationship.rb
mkdir -p $RPM_BUILD_ROOT/%{_docdir}/%{name}
# avoid rpm warnings
find puppetlabs-cve20113872-0.0.5 -name webrick -prune -o -type f -exec chmod -x \{\} \;
cp -R puppetlabs-cve20113872-0.0.5 $RPM_BUILD_ROOT/%{_docdir}/%{name}
%suse_install_update_message %{S:6}

%clean
rm -rf $RPM_BUILD_ROOT

%pre
getent group puppet >/dev/null || /usr/sbin/groupadd -o -r puppet 
getent passwd puppet >/dev/null || /usr/sbin/useradd -r -g puppet -d /var/lib/puppet -s /bin/false -c "Puppet daemon" puppet 

%preun
%stop_on_removal puppet 

%postun
%restart_on_update puppet 
%insserv_cleanup

%post
%fillup_and_insserv

%preun server
%stop_on_removal puppetmasterd

%post server
%fillup_and_insserv -f

%postun server
%restart_on_update puppetmasterd
%insserv_cleanup

%files
%defattr(-,root,root,-)
%doc CHANGELOG COPYING LICENSE 
%doc puppetlabs-cve20113872-0.0.5
%{_bindir}/pi
%{_bindir}/filebucket
%{_bindir}/puppet
%{_bindir}/ralsh
%{_bindir}/puppetdoc
%{_sbindir}/puppetca
%dir %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet
%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/*
%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet.rb
%dir /etc/puppet
%config /etc/puppet/puppet.conf
%config /etc/puppet/auth.conf
%{_mandir}/man?/*
/etc/init.d/puppet
%{_sbindir}/rcpuppet
%{_sbindir}/puppetd
%config %{_fwdefdir}/puppet
/var/adm/fillup-templates/sysconfig.puppet
/var/adm/update-messages/%{name}-%{version}-%{release}-CVE-2011-3872.msg.txt
%dir %attr(-, puppet, puppet) %{_localstatedir}/log/puppet
%dir %attr(-, puppet, puppet) %{_localstatedir}/lib/puppet
%ghost %dir %attr(-, puppet, puppet) %{_localstatedir}/run/puppet

%files server
%defattr(-, root, root, 0755)
%{_sbindir}/puppetmasterd
%{_sbindir}/puppetrun
/etc/init.d/puppetmasterd
%config %{_fwdefdir}/puppetmasterd
%{_sbindir}/rcpuppetmasterd
%{_sbindir}/puppetqd
/var/adm/fillup-templates/sysconfig.puppetmasterd

%changelog