File hiawatha.spec of Package hiawatha

# spec file for package hiawatha
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2013-2020 Mariusz Fik <>.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

%define webroot /srv/www
%define mbedtls_version %(rpm -q mbedtls-devel --qf "%%{VERSION}")

Name:           hiawatha
Version:        10.11
Release:        0
Summary:        A secure and advanced webserver
License:        GPL-2.0-only
Group:          Productivity/Networking/Web/Servers
Source1:        %{name}.logrotate
Source2:        %{name}.service
Source102:      %{name}.firewalld
Source103:      %{name}-ssl.firewalld
BuildRequires:  cmake >= 3.0
BuildRequires:  firewall-macros
BuildRequires:  gcc-c++
BuildRequires:  mbedtls-devel >= 2.3
BuildRequires:  pkgconfig
BuildRequires:  pkgconfig(libnghttp2)
BuildRequires:  pkgconfig(libxml-2.0)
BuildRequires:  pkgconfig(libxslt)
BuildRequires:  pkgconfig(systemd)
BuildRequires:  pkgconfig(zlib)
Requires:       logrotate
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

Hiawatha is a webserver for Unix and has been build with security in mind.

This resulted in a highly secure webserver, in both code and features.

This webserver runs on Linux, BSD, MacOS X and Windows. Although it can run any
kind of CGI / FastCGI application, it has been optimized for usage with PHP.
Most well known PHP frameworks and CMS applications have been tested with
Hiawatha and ran without a problem. Hiawatha supports many web and HTTP features
such as CGI/FastCGI, HTTP authentication, virtual host support, request
pipelining, keep alive connections, URL rewriting and many more.

%package letsencrypt
Summary:        Let's Encrypt script for the Hiawatha webserver
Group:          Productivity/Networking/Web/Servers
Requires:       %{name}
Requires:       php-cli

%description letsencrypt
This is the Let's Encrypt script for the Hiawatha webserver. It can be used to
request, renew and revoke certificated as provided by Let's Encrypt in a very
easy way. It requires the PHP command line interface and uses version 2 of the
ACME protocol to communicate with the Let's Encrypt server.

%setup -q
# Remove bundled source for mbedtls, we use system version
rm -rv mbedtls

# mbedtls 2.7.0 and its backward comaptybility...
%if "%{mbedtls_version}" >= "2.7.0"
sed -i 's/MBEDTLS_DHM_RFC5114_MODP_2048_P/MBEDTLS_DHM_RFC5114_MODP_P/' src/tls.c

# disable CHACHA2 cipher, it's not available in Leap 15.0 mbedtls
%if 0%{?suse_version} == 1500
sed '/MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c
sed '/MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c
sed '/MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c

%cmake \
    -DCONFIG_DIR="%{_sysconfdir}/hiawatha" \
    -DLOG_DIR="%{_localstatedir}/log/hiawatha" \
    -DPID_DIR="%{_localstatedir}/run" \
    -DWORK_DIR="%{_localstatedir}/lib/hiawatha" \
    -DWEBROOT_DIR="%{webroot}/%{name}/htdocs" \
    -DENABLE_IPV6=On \

install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

# run as wwwrun user
sed "s/#ServerId = www-data/ServerId = wwwrun/" -i %{buildroot}%{_sysconfdir}/hiawatha/hiawatha.conf

install -D -m 0644 %{SOURCE102} \
install -D -m 0644 %{SOURCE103} \

%service_add_pre %{name}.service

%service_add_post %{name}.service

%service_del_preun %{name}.service

%service_del_postun %{name}.service

%doc ChangeLog
%license LICENSE
%attr(0755,root,root) %verify(not mode) %{_sbindir}/cgi-wrapper
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/cgi-wrapper.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/mimetype.conf
%config(noreplace) %{_sysconfdir}/%{name}/index.xslt
%config(noreplace) %{_sysconfdir}/%{name}/error.xslt
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %{_libexecdir}/firewalld
%dir %{_libexecdir}/firewalld/services
%dir %{webroot}/%{name}
%dir %{webroot}/%{name}/htdocs
%dir %attr(-,wwwrun,www) %{_localstatedir}/lib/%{name}/
%dir %attr(750,wwwrun,www) %{_localstatedir}/log/%{name}/

%files letsencrypt
%dir %{_libdir}/%{name}