File libest.spec of Package libest

#
# spec file for package libest
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

Name:		libest
Version:	3.2.0
Release:	0
Summary:	EST stack written in C
Group:		Development/Libraries/C and C++

# TODO: Identify the right one.
License:	SUSE-Freeware

URL:		https://github.com/cisco/libest
Source:		%{name}-%{version}.tar.xz

Source1:	systemd.service
Source2:	firewalld.xml

Source100:	libest.pc
Source101:	libest-static.pc

Source200:	ca-user.sh
Source201:	estd.sh

Patch0:		5999427a728f5f87ccd3e7957a1e347a1ac6ace3.patch
Patch1:		fix_configure_ac.patch
Patch2:		setup-cadir.patch 

%if 0%{?suse_version} < 1600
Patch100:	fips_not_available.patch 
%endif

BuildRequires:	autoconf >= 2.61
BuildRequires:	automake
BuildRequires:	fdupes
BuildRequires:	gcc-c++
BuildRequires:	libtool
BuildRequires:	m4
BuildRequires:	pkgconfig
BuildRequires:	xz
BuildRequires:	pkgconfig(libssl)
BuildRequires:	pkgconfig(libcrypto)
BuildRequires:	pkgconfig(liburiparser)
#BuildRequires:	pkgconfig(libsafec)

%define MAJOR_VERSION %(echo %{version} | cut -d. -f1)
%define MINOR_VERSION %(echo %{version} | cut -d. -f2)
%define RELEASE_VERSION %(echo %{version} | cut -d. -f3 | cut -d+ -f1)
%define _libvrs %{MAJOR_VERSION}_%{MINOR_VERSION}

%define MAJOR_VERSION %(echo %{version} | cut -d. -f1)
%define MINOR_VERSION %(echo %{version} | cut -d. -f2 | cut -d+ -f1)

%if 0%{?suse_version} < 1600
%define _libname %{name}-%{MAJOR_VERSION}_%{MINOR_VERSION}_%{RELEASE_VERSION}p
%else
%define _libname %{name}%{MAJOR_VERSION}
%endif

Requires:	%{_libname} = %{version}

%if 0%{?centos_version}
# CENTOS Requires gdb for debuginfo
BuildRequires:	gdb
%endif

%description
EST is used for secure certificate enrollment and is compatible with Suite B certs (as well as RSA and DSA certificates). EST is a suitable replacement for SCEP.

%package tools
Summary:	EST Stack library
Group:		Development/Libraries/C and C++
Provides:	est-tools = %{version}

%description tools
EST is used for secure certificate enrollment and is compatible with Suite B certs (as well as RSA and DSA certificates). EST is a suitable replacement for SCEP.

%package server
Summary:		Sample EST server application
Group:			Development/Libraries/C and C++
Provides:		est-server = %{version}
Requires(post):	openssl
%{?systemd_requires}

%description server
A sample EST server application.  It utilizes Mongoose for the
web server, OpenSSL for the SSL stack to be used with Mongoose,
libest for the EST stack, and OpenSSL for basic CA
services.

%package -n %{_libname}
Summary:	EST Stack library
Group:		Development/Libraries/C and C++

%description -n %{_libname}
EST is used for secure certificate enrollment and is compatible with Suite B certs (as well as RSA and DSA certificates). EST is a suitable replacement for SCEP.

%package devel
Summary:	EST Stack library development files
Requires:	%{_libname} = %{version}
Provides:	est-devel
Group:		Development/Libraries/C and C++

%description devel
Header files for the EST stack library.

%prep
%setup -q
%patch -P 0 -p 1
%patch -P 1 -p 1
%patch -P 2 -p 1

%if 0%{?suse_version} < 1600
%patch -P100 -p 1
%endif

NOCONFIGURE=1 ./autogen.sh
%configure \
  CFLAGS="%optflags -ffat-lto-objects" \
  --disable-safec \
  --enable-static \
  --with-uriparser-dir=/usr/include/uriparser 

%build
make all %{?_smp_mflags}

%install
%make_install

mkdir -p %{buildroot}/%{_libdir}/pkgconfig

install --mode=644 %{S:100} %{buildroot}/%{_libdir}/pkgconfig
install --mode=644 %{S:101} %{buildroot}/%{_libdir}/pkgconfig

# Stub for libsafec
install --mode=755 ./safe_c_stub/lib/libsafe_lib.a %{buildroot}/%{_libdir}/libestsafec.a

mkdir -p %{buildroot}/%{_unitdir}
install --mode=644 %{S:1} %{buildroot}/%{_unitdir}/estd.service

mkdir -p %{buildroot}/usr/lib/firewalld/services/
install --mode=644 %{S:2} %{buildroot}/usr/lib/firewalld/services/estd.xml

mkdir -p %{buildroot}/etc/est/server
mkdir -p %{buildroot}/etc/est/server/CA
mkdir -p %{buildroot}/etc/est/server/private
mkdir -p %{buildroot}/etc/est/server/CA
mkdir -p %{buildroot}/etc/est/server/CA/private
mkdir -p %{buildroot}/etc/est/server/CA/newcerts

mkdir -p %{buildroot}/%{_sbindir}
install --mode=700 example/server/ESTcommon.sh %{buildroot}/%{_sbindir}
install --mode=700 example/server/createCA.sh %{buildroot}/%{_sbindir}
install --mode=755 %{S:200} %{buildroot}/%{_bindir}/ca-user
install --mode=755 %{S:201} %{buildroot}/%{_bindir}/estd

sed -e "s@./estCA@/etc/est/server@g" example/server/estExampleCA.cnf > %{buildroot}/etc/est/server/CA.cnf
chmod 600 %{buildroot}/etc/est/server/CA.cnf

install --mode=700 example/server/ext.cnf %{buildroot}/etc/est/server

touch %{buildroot}/etc/est/server/passwd.srpv

%fdupes %{buildroot}

%files tools
%defattr(-,root,root)
%doc AUTHORS README
%license LICENSE

%{_bindir}/estclient
%exclude %{_bindir}/estclient_brski
%{_bindir}/estclient_simple

%{_bindir}/estproxy

%files server
%defattr(-,root,root)
%doc AUTHORS README
%license LICENSE

%{_unitdir}/estd.service

%dir /usr/lib/firewalld
%dir /usr/lib/firewalld/services/
/usr/lib/firewalld/services/estd.xml

%dir %attr(755,root,root) /etc/est
%dir %attr(755,root,root) /etc/est/server
%dir %attr(755,root,root) /etc/est/server/CA
%dir %attr(700,root,root) /etc/est/server/private
%dir %attr(700,root,root) /etc/est/server/CA/private
%dir %attr(700,root,root) /etc/est/server/CA/newcerts

%{_bindir}/estserver
%{_bindir}/ca-user
%{_bindir}/estd

%attr(700,root,root) %{_sbindir}/ESTcommon.sh
%attr(700,root,root) %{_sbindir}/createCA.sh

%ghost %config(noreplace) %attr(644,root,root) /etc/est/server/trustedcerts.crt
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/private/cakey.pem
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/private/ca.key

%ghost %config(noreplace) %attr(644,root,root) /etc/est/server/CA/cacert.crt
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/CA/private/cakey.pem
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/CA/private/estserver.pem
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/CA/private/estservercertandkey.pem
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/CA/estserver.req
%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/CA/estserver.crt

%ghost %config(noreplace) %attr(600,root,root) /etc/est/server/passwd.srpv

%config(noreplace) %attr(600,root,root) /etc/est/server/*.cnf

%files -n %{_libname}
%defattr(-,root,root)
%doc AUTHORS README
%license LICENSE
%{_libdir}/libest-*.so

%files devel
%defattr(-,root,root)
%doc AUTHORS README
%license LICENSE
%{_libdir}/libest.so
%{_libdir}/*.a
%{_libdir}/libest.la
%dir %{_includedir}/est
%{_includedir}/est/*.h
%{_libdir}/pkgconfig/*.pc

%post -n %{_libname} -p /sbin/ldconfig
%postun -n %{_libname} -p /sbin/ldconfig

%post server

if [ ! -e /etc/est/server/private/cakey.pem ]; then
	openssl genrsa -out /etc/est/server/private/ca.key 1024
	openssl rsa -in /etc/est/server/private/ca.key -out /etc/est/server/private/cakey.pem
	chmod 700 /etc/est/server/private/*
fi

if [ ! -e /etc/est/server/passwd.srpv ]; then
	touch /etc/est/server/passwd.srpv
fi


%changelog