File letmein.spec of Package letmein
#
# spec file for package letmein
#
# Copyright (c) 2024-2025, Martin Hauke <mardnh@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define services letmeind.socket letmeind.service letmeinfwd.socket letmeinfwd.service
Name: letmein
Version: 10.4.0
Release: 0
Summary: Authenticating port knocker
License: MIT OR Apache-2.0
Group: Productivity/Networking/Security
URL: https://bues.ch/cms/hacking/letmein
#Git-Clone: https://git.bues.ch/git/letmein.git
Source: https://bues.ch/releases/letmein/%{name}-%{version}.tar.xz
Source1: vendor.tar.zst
Source2: %{name}.tmpfiles
Source3: %{name}.sysusers
Source98: https://bues.ch/releases/letmein/%{name}-%{version}.tar.xz.asc
Source99: %{name}.keyring
Patch1: letmein-set-nft-binary.patch
BuildRequires: cargo-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
ExclusiveArch: %{rust_tier1_arches}
%description
A simple port knocker with a simple and secure authentication mechanism.
%package server
Summary: Authenticating port knocker - server
Group: Productivity/Networking/Security
Requires: nftables
Requires: nftables-service
Requires(pre): %{name}-common = %{version}
%description server
A simple port knocker with a simple and secure authentication mechanism.
This subpackage provides the server side services 'letmeind' and 'letmeinfwd'.
%package common
Summary: System user 'letmeind'
BuildArch: noarch
%sysusers_requires
%description common
A simple port knocker with a simple and secure authentication mechanism.
This subpackage sets up the system user/group for the rest of letmein.
%prep
%autosetup -a 1 -p1
sed -i 's|/opt/letmein/bin/|/usr/bin/|g' letmeind/letmeind.service letmeinfwd/letmeinfwd.service
%build
%{cargo_build}
%sysusers_generate_pre %{SOURCE3} %{name} %{name}.conf
%install
# client
install -Dpm 0644 letmein/letmein.conf %{buildroot}/%{_sysconfdir}/letmein.conf
install -Dpm 0755 target/release/letmein %{buildroot}/%{_bindir}/letmein
# server
install -Dpm 0640 letmeind/letmeind.conf %{buildroot}/%{_sysconfdir}/letmeind.conf
install -Dpm 0755 target/release/letmeind %{buildroot}/%{_bindir}/letmeind
install -Dpm 0755 target/release/letmeinfwd %{buildroot}/%{_bindir}/letmeinfwd
# services
install -d %{buildroot}%{_unitdir}
install -m 0644 letmeind/letmeind.service %{buildroot}%{_unitdir}/letmeind.service
install -m 0644 letmeind/letmeind.socket %{buildroot}%{_unitdir}/letmeind.socket
install -m 0644 letmeinfwd/letmeinfwd.service %{buildroot}%{_unitdir}/letmeinfwd.service
install -m 0644 letmeinfwd/letmeinfwd.socket %{buildroot}%{_unitdir}/letmeinfwd.socket
# misc
install -Dm 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
install -Dm 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
%pre -n letmein-server
%service_add_pre %{services}
%post -n letmein-server
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%service_add_post %{services}
%preun -n letmein-server
%service_del_preun %{services}
%postun -n letmein-server
%service_del_postun %{services}
%files
%config(noreplace) %{_sysconfdir}/letmein.conf
%{_bindir}/letmein
%files server
%config(noreplace) %attr(0640, letmeind, letmeind) %{_sysconfdir}/letmeind.conf
%{_bindir}/letmeind
%{_bindir}/letmeinfwd
%{_tmpfilesdir}/%{name}.conf
%{_unitdir}/letmeind.socket
%{_unitdir}/letmeind.service
%{_unitdir}/letmeinfwd.socket
%{_unitdir}/letmeinfwd.service
%ghost %dir %attr(0750, letmeind, letmeind) %{_rundir}/letmeind
%ghost %dir %attr(0750, root, letmeind) %{_rundir}/letmeinfwd
%files common
%license LICENSE-APACHE LICENSE-MIT
%doc README.md SECURITY.md
%{_sysusersdir}/%{name}.conf
%changelog
