File openbao.spec of Package openbao

%define realname openbao
%define realver  2.4.3
%define srcext   tar.gz

%define baoconfdir   %{_sysconfdir}/%{name}
%define baoplugindir %{_libexecdir}/%{name}
%define baodatadir   %{_localstatedir}/lib/%{name}

# Common info
Name:          %{realname}
Version:       %{realver}
Release:       wiz%{?extraver:0.}1%{?dist}
License:       MPL-2.0
Group:         Productivity/Security
URL:           https://openbao.org/
Summary:       Software solution to manage, store, and distribute sensitive data

# Build-time parameters
# See .go-version
BuildRequires: go >= 1.24.9
Source0:       https://codeload.github.com/openbao/openbao/%{srcext}/refs/tags/v%{realver}#/%{realname}-%{realver}%{?extraver}.%{srcext}
# cd openbao; go mod vendor -v && tar -Jcvf ../vendor.tar.xz vendor && rm -rf vendor; cd ..
Source1:       vendor.tar.xz
# cd openbao/ui; yarn; npm rebuild node-sass; yarn run build; cd ..; tar -Jcvf ../http-web_ui.tar.xz http/web_ui; rm -rf http/web_ui; cd ..
Source2:       http-web_ui.tar.xz
Source98:      openbao.sysuser
Source99:      openbao.service

%description
OpenBao exists to provide a software solution to manage, store, and distribute
sensitive data including secrets, certificates, and keys. The OpenBao community
intends to provide this software under an OSI-approved open-source license, led
by a community run under open governance principles.

# Preparation step (unpackung and patching if necessary)
%prep
%setup -q -n %{realname}-%{realver}%{?extraver} -a1 -a2

# Build step (compile/build binaries, documentation, etc)
%build
export GOPATH=$(pwd -P)/.gomodules
export GOCACHE=$(pwd -P)/.gocache
export GOTRACEBACK=crash
export CGO_ENABLED=1
export CGO_CFLAGS='%{optflags} %{?gcc_lto}'
export CGO_LDFLAGS='-Wl,--as-needed -Wl,--strip-all -Wl,--no-undefined -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro %{?gcc_lto}'
INTERNAL_PKG=github.com/openbao/openbao/version
# Build the dynamically generated source files.
go generate $(go list ./... | grep -v /vendor/)
go generate $(go list github.com/openbao/openbao/api/v2/... | grep -v /vendor/)
go generate $(go list github.com/openbao/openbao/sdk/v2/... | grep -v /vendor/)
# Build binary
go build \
    -a -v -mod=vendor -buildmode=pie -trimpath \
    -gcflags=all="-c=$(nproc) -dwarf=false" \
    -ldflags=all="-s -w -X $INTERNAL_PKG.GitCommit=refs/tags/v%{version} -X $INTERNAL_PKG.BuildDate=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
    -tags="openbao ui" \
    -o bin/bao \
    .

# Install built stuff
%install
%{__install} -d %{buildroot}%{_bindir}
%{__install} -d %{buildroot}%{baoconfdir}
%{__install} -d %{buildroot}%{baoplugindir}
%{__install} -d %{buildroot}%{baodatadir}
%{__install} -m 0755 bin/bao %{buildroot}%{_bindir}
cat > %{buildroot}%{baoconfdir}/bao.hcl <<EOF
plugin_directory = "%{baoplugindir}"
storage "file" {
  path = "%{baodatadir}"
}
EOF
%{__install} -D -m0644 %{S:98} %{buildroot}%{_sysusersdir}/%{name}.conf
%{__install} -D -m0644 %{S:99} %{buildroot}%{_unitdir}/%{name}.service

# Files list
%files
%defattr(-,root,root)
%license LICENSE
%doc CHANGELOG.md MAINTAINERS.md README.md
%{_bindir}/bao
%dir %{baoconfdir}
%config(noreplace) %{baoconfdir}/bao.hcl
%dir %{baoplugindir}
%dir %attr(0750,openbao,openbao) %{baodatadir}
%{_sysusersdir}/%{name}.conf
%{_unitdir}/%{name}.service

%pre
%if "%{expand:%_vendor}" == "suse"
%{service_add_pre %{name}.service}
%endif

%post
%sysusers_create %{_sysusersdir}/%{name}.conf
%{__chown} -R openbao:openbao %{baodatadir}
%if "%{expand:%_vendor}" == "suse"
%{fillup_only}
%{service_add_post %{name}.service}
%endif
%if "%{expand:%_vendor}" == "redhat"
%{systemd_post %{name}.service}
%endif

%preun
%if "%{expand:%_vendor}" == "suse"
%{service_del_preun %{name}.service}
%endif
%if "%{expand:%_vendor}" == "redhat"
%{systemd_preun %{name}.service}
%endif

%postun
%if "%{expand:%_vendor}" == "suse"
%{service_del_postun %{name}.service}
%endif
%if "%{expand:%_vendor}" == "redhat"
%{systemd_postun %{name}.service}
%endif

%changelog