File hiawatha.spec of Package hiawatha
#
# spec file for package hiawatha
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2013-2019 Mariusz Fik <fisiu@opensuse.org>.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define webroot /srv/www
%define mbedtls_version %(rpm -q mbedtls-devel --qf "%%{VERSION}")
%if 0%{?suse_version} >= 1500
%define use_firewalld 1
%else
%define use_firewalld 0
%endif
Name: hiawatha
Version: 10.9
Release: 0
Summary: A secure and advanced webserver
License: GPL-2.0-only
Group: Productivity/Networking/Web/Servers
Url: http://www.hiawatha-webserver.org
Source0: http://www.hiawatha-webserver.org/files/%{name}-%{version}.tar.gz
Source1: %{name}.logrotate
Source2: %{name}.service
Source100: %{name}.firewall
Source101: %{name}-ssl.firewall
%if %{use_firewalld}
Source102: %{name}.firewalld
Source103: %{name}-ssl.firewalld
%endif
BuildRequires: cmake >= 3.0
BuildRequires: gcc-c++
BuildRequires: mbedtls-devel >= 2.3
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libnghttp2)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(zlib)
%if %{use_firewalld}
BuildRequires: firewall-macros
%endif
Requires: logrotate
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
%description
Hiawatha is a webserver for Unix and has been build with security in mind.
This resulted in a highly secure webserver, in both code and features.
This webserver runs on Linux, BSD, MacOS X and Windows. Although it can run any
kind of CGI / FastCGI application, it has been optimized for usage with PHP.
Most well known PHP frameworks and CMS applications have been tested with
Hiawatha and ran without a problem. Hiawatha supports many web and HTTP features
such as CGI/FastCGI, HTTP authentication, virtual host support, request
pipelining, keep alive connections, URL rewriting and many more.
%package letsencrypt
Summary: Let's Encrypt script for the Hiawatha webserver
Group: Productivity/Networking/Web/Servers
Requires: %{name}
Requires: php-cli
%description letsencrypt
This is the Let's Encrypt script for the Hiawatha webserver. It can be used to
request, renew and revoke certificated as provided by Let's Encrypt in a very
easy way. It requires the PHP command line interface and uses version 2 of the
ACME protocol to communicate with the Let's Encrypt server.
%prep
%setup -q
# Remove bundled source for mbedtls, we use system version
rm -rv mbedtls
# mbedtls 2.7.0 and its backward comaptybility...
%if "%{mbedtls_version}" >= "2.7.0"
sed -i 's/MBEDTLS_DHM_RFC5114_MODP_2048_P/MBEDTLS_DHM_RFC5114_MODP_P/' src/tls.c
%endif
# disable CHACHA2 cipher, it's not available in Leap 15.0 mbedtls
%if 0%{?suse_version} == 1500
sed '/MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c
sed '/MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c
sed '/MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256/d' -i src/tls.c
%endif
%build
%cmake \
-DCONFIG_DIR="%{_sysconfdir}/hiawatha" \
-DLOG_DIR="%{_localstatedir}/log/hiawatha" \
-DPID_DIR="%{_localstatedir}/run" \
-DWORK_DIR="%{_localstatedir}/lib/hiawatha" \
-DWEBROOT_DIR="%{webroot}/%{name}/htdocs" \
-DENABLE_CACHE=On \
-DENABLE_HTTP2=On \
-DENABLE_IPV6=On \
-DENABLE_MONITOR=On \
-DENABLE_RPROXY=On \
-DENABLE_TLS=On \
-DENABLE_TOMAHAWK=On \
-DENABLE_TOOLKIT=On \
-DENABLE_XSLT=On \
-DUSE_SYSTEM_MBEDTLS=On \
-DUSE_SYSTEM_NGHTTP2=On
%make_jobs
%install
%cmake_install
install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
# run as wwwrun user
sed "s/#ServerId = www-data/ServerId = wwwrun/" -i %{buildroot}%{_sysconfdir}/hiawatha/hiawatha.conf
# susefirewall config files
install -D -m 0644 %{SOURCE100} \
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
install -D -m 0644 %{SOURCE101} \
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
# firewalld config files
%if %{use_firewalld}
install -D -m 0644 %{SOURCE102} \
%{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
install -D -m 0644 %{SOURCE103} \
%{buildroot}%{_libexecdir}/firewalld/services/%{name}-ssl.xml
%endif
%pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%files
%defattr(-,root,root)
%doc ChangeLog LICENSE README.md
%{_bindir}/ssi-cgi
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
%{_sbindir}/wigwam
%attr(0755,root,root) %verify(not mode) %{_sbindir}/cgi-wrapper
%{_unitdir}/%{name}.service
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/cgi-wrapper.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/mimetype.conf
%config(noreplace) %{_sysconfdir}/%{name}/index.xslt
%config(noreplace) %{_sysconfdir}/%{name}/error.xslt
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
%if %{use_firewalld}
%dir %{_libexecdir}/firewalld
%dir %{_libexecdir}/firewalld/services
%{_libexecdir}/firewalld/services/%{name}.xml
%{_libexecdir}/firewalld/services/%{name}-ssl.xml
%endif
%{_mandir}/man1/{cgi-wrapper,hiawatha,ssi-cgi,wigwam}.1%{ext_man}
%dir %{webroot}/%{name}
%dir %{webroot}/%{name}/htdocs
%{webroot}/%{name}/htdocs/index.html
%dir %attr(-,wwwrun,www) %{_localstatedir}/lib/%{name}/
%dir %attr(750,wwwrun,www) %{_localstatedir}/log/%{name}/
%files letsencrypt
%defattr(-,root,root)
%{_sbindir}/lefh
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/letsencrypt
%{_mandir}/man1/lefh.1%{ext_man}
%changelog
