File intelmq.spec of Package intelmq
#
# spec file for package intelmq
#
# Copyright (c) 2023 Institute for Common Good Technology <packaging@commongoodtechnology.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://github.com/certtools/intelmq/issues and the intelmq-mailinglists
Name: intelmq
Version: 3.4.1~alpha1
Release: 0
Summary: Solution for IT security teams for collecting and processing security feeds
License: AGPL-3.0-only
URL: https://docs.intelmq.org/
Source: intelmq_%{version}.orig.tar.gz
Source1: intelmq_%{version}-1.debian.tar.gz
Source2: intelmq-rpmlintrc
Source3: state.json
Patch0: https://github.com/certtools/intelmq/pull/2520.patch#/fix-yaml-loader.patch
BuildRequires: fdupes
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel_version}
Requires(pre): shadow-utils
Requires: cronie
%else
Requires(pre): /usr/sbin/useradd,/usr/sbin/groupadd
Requires: cron
%endif
Requires(post): sudo
Requires(pre): systemd
BuildRequires: python3-dnspython
BuildRequires: python3-requests
BuildRequires: python3-setuptools
%if 0%{?is_opensuse}
BuildRequires: systemd-rpm-macros
Requires(pre): permissions
Requires(post): permissions
%endif
BuildRequires: python3-python-dateutil >= 2.5
BuildRequires: python3
BuildRequires: python3-psutil
BuildRequires: python3-redis
BuildRequires: python3-ruamel.yaml
BuildRequires: python3-termstyle
# SECTION tests
BuildRequires: python3-Cerberus
BuildRequires: python3-requests-mock
BuildRequires: python3-pytest
BuildRequires: rsync
# /SECTION
Requires: logrotate
Requires: python3-intelmq == %version
Requires: valkey
%{?systemd_requires}
Recommends: intelmq-contrib
Provides: user(intelmq)
Provides: group(intelmq)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%package -n python3-intelmq
Summary: IntelMQ Python Library
Group: Development/Languages/Python
Requires: python3-psutil
Requires: python3-redis
Requires: python3-ruamel.yaml
Requires: python3-termstyle
Requires: bash-completion
Requires: jq
Requires: python3-requests >= 2.2.0
Requires: python3-python-dateutil >= 2.5
Requires: python3-dnspython
Requires: which
%if 0%{?centos_version} == 700 || 0%{?rhel_version} == 700
Requires: python3-psycopg2 >= 2.5.5
%else
Recommends: python3-pyasn >= 1.5.0b7
Recommends: python3-beautifulsoup4
Recommends: python3-certstream
Recommends: python3-geoip2 >= 2.2.0
Recommends: python3-imbox >= 0.8.5
Recommends: python3-pika
Recommends: python3-psycopg2 >= 2.5.5
Recommends: python3-rt >= 1.0.9
Recommends: python3-shodan >= 1.7.2
Recommends: python3-stomp.py >= 4.1.8
%endif
%package contrib
Summary: Contributed scripts for IntelMQ
Group: Development/Languages/Python
Requires: intelmq
%description
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
%description -n python3-intelmq
This package contains the python library for intelmq.
%description contrib
Extensions, scripts, additional programs and examples
%pre
getent group intelmq >/dev/null || groupadd -r intelmq
getent passwd intelmq >/dev/null || useradd -r -d %{_localstatedir}/lib/intelmq/ -c "user running intelmq" -g intelmq -s /bin/bash intelmq
%post
%tmpfiles_create %{_tmpfilesdir}/intelmq.conf
if [ "$1" -eq 2 ] ; then # only upgrade
sudo -u intelmq %{_bindir}/intelmqctl upgrade-config
sudo -u intelmq %{_bindir}/intelmqctl -q check --no-connections
fi
%preun
if [ "$1" -eq 0 ] ; then # only uninstall
%{_bindir}/systemd-tmpfiles --remove /usr/lib/tmpfiles.d/intelmq.conf
fi
%postun
if [ "$1" -eq 0 ] ; then # only uninstall
getent passwd intelmq >/dev/null && userdel intelmq
getent group intelmq >/dev/null && groupdel intelmq
fi
%prep
%setup -q -n intelmq
%setup -D -T -b 1 -q -n intelmq
%if 0%{?suse_version} > 1600
# Tumbleweed
%patch -p1 0
%endif
patch -p1 < ../debian/patches/fix-logrotate-path.patch
patch -p1 < ../debian/patches/fix-intelmq-paths.patch
sed -i -e '/#!\/usr\/bin\//d' intelmq/bin/*.py
sed -i '1!b;s@/usr/bin/env python@/usr/bin/python@' contrib/check_mk/cronjob_intelmq_queues.py contrib/check_mk/cronjob_intelmq_statistics.py contrib/elasticsearch/elasticmapper contrib/malware_name_mapping/download_mapping.py contrib/systemd/systemd.py
# Tumbleweed
%if 0%{?suse_version} > 1320 || 0%{?centos_version} || 0%{?rhel_version} || 0%{?fedora}
sed -i 's/python-termstyle/termstyle/' setup.py
%endif
%if 0%{?fedora} && 0%{?fedora} <= 25
sed -i 's/dnspython/dnspython3/' setup.py
%endif
# remove need for pytest-cov
sed -i 's/--cov[^ ]*//g' pytest.ini
%build
sed -i -f ../debian/sedfile intelmq/etc/* setup.py contrib/logrotate/intelmq
%{python_build}
%install
%{python_install}
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ %{buildroot}%{_sysconfdir}/cron.d/
install -m 644 contrib/logrotate/intelmq %{buildroot}%{_sysconfdir}/logrotate.d/
# cron scripts should not have executable bit set, refused by newer versions of cron
install -m 644 ../debian/cron.d/intelmq-update-database %{buildroot}%{_sysconfdir}/cron.d/
install -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/ %{buildroot}%{_localstatedir}/lib/intelmq/bots/file-output %{buildroot}%{_localstatedir}/log/intelmq %{buildroot}%{_datadir}/intelmq/contrib/
install -D -m 644 contrib/tmpfiles.d/intelmq.conf %{buildroot}%{_tmpfilesdir}/intelmq.conf
%if 0%{?is_opensuse}
install -D -m 644 contrib/bash-completion/intelmqctl %{buildroot}%{_datadir}/bash-completion/completions/intelmqctl
install -D -m 644 contrib/bash-completion/intelmqdump %{buildroot}%{_datadir}/bash-completion/completions/intelmqdump
%else
install -D -m 644 contrib/bash-completion/intelmqctl %{buildroot}%{_datadir}/bash_completion/completions/intelmqctl
install -D -m 644 contrib/bash-completion/intelmqdump %{buildroot}%{_datadir}/bash_completion/completions/intelmqdump
%endif
# remove program not needed for packages
rm %{buildroot}/%{_bindir}/intelmqsetup
# create directory layout and empty state file
ROOT_DIR=%{buildroot} PYTHONPATH=. python3 intelmq/bin/intelmqsetup.py --skip-ownership --state-file %{buildroot}%{_localstatedir}/lib/intelmq/state.json --skip-api
# add pre-built state file
install -m 644 %{SOURCE3} %{buildroot}%{_localstatedir}/lib/intelmq/state.json
# install default config
install -D -m 0644 intelmq/bots/experts/modify/examples/default.conf %{buildroot}%{_localstatedir}/lib/intelmq/bots/modify/modify.conf
# contrib scripts
cp -r contrib/eventdb/ contrib/example-extension-package/ contrib/feeds-config-generator/ contrib/logcheck contrib/malware_name_mapping/ contrib/prettyprint/ contrib/systemd/ %{buildroot}%{_datadir}/intelmq/contrib/
%fdupes %{buildroot}
%check
INTELMQ_SKIP_REDIS=1 INTELMQ_SKIP_INTERNET=1 PYTHONPATH=${PYTHONPATH:+$PYTHONPATH:}%BUILDROOT%{python3_sitelib}/intelmq/ PYTHONDONTWRITEBYTECODE=1 pytest -v intelmq/tests/
%files
%config(noreplace) %{_sysconfdir}/cron.d/intelmq-update-database
%config %{_sysconfdir}/logrotate.d/intelmq
%{_tmpfilesdir}
%if 0%{?is_opensuse}
%{_datadir}/bash-completion/completions/intelmqctl
%{_datadir}/bash-completion/completions/intelmqdump
%else
%{_datadir}/bash_completion/completions/intelmqctl
%{_datadir}/bash_completion/completions/intelmqdump
%endif
%doc README.md AUTHORS COPYRIGHT CHANGELOG.md NEWS.md SECURITY.md
%doc intelmq/bots/experts/modify/examples
%license LICENSE
%if 0%{?is_opensuse}
%dir %{_sysconfdir}/cron.d/
%dir %{_sysconfdir}/logrotate.d/
%dir %{_datadir}/bash-completion/
%dir %{_datadir}/bash-completion/completions/
%endif
%defattr(-,intelmq,intelmq,-)
%attr(0775,-,-) %dir %{_sysconfdir}/intelmq/
%attr(0664,-,-) %config(noreplace) %{_sysconfdir}/intelmq/*.conf
%attr(0664,-,-) %config(noreplace) %{_sysconfdir}/intelmq/runtime.yaml
%dir %{_localstatedir}/lib/intelmq/
%dir %{_localstatedir}/lib/intelmq/bots/
%dir %{_localstatedir}/lib/intelmq/bots/modify/
%dir %{_localstatedir}/lib/intelmq/bots/file-output/
%verify(not md5 size mtime) %config(noreplace) %{_localstatedir}/lib/intelmq/state.json
%{_localstatedir}/lib/intelmq/bots/modify/modify.conf
%dir %{_localstatedir}/log/intelmq/
%ghost %dir /run/intelmq
%files -n python3-intelmq
%{python3_sitelib}/*
%{_bindir}/*
%files contrib
%dir %{_datadir}/intelmq/
%{_datadir}/intelmq/contrib/
%changelog
