File berghain.spec of Package berghain

#
# spec file for package berghain
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 Georg Pfuetzenreuter
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%if 0%{?suse_version} < 1600
%define apparmor_profilesdir %{_sysconfdir}/apparmor.d
%endif
Name:           berghain
Version:        0.2.0+git2.6f1de12
Release:        0
Summary:        HAProxy request bouncer
License:        Apache-2.0
Group:          Productivity/Networking/Web/Proxy
URL:            https://github.com/DropMorePackets/berghain
Source0:        %{name}-%{version}.tar.zst
Source1:        berghain.sysusers
Source2:        berghain.service
Source3:        berghain.apparmor
Source4:        vendor.tar.gz
Source5:        node_vendor.tar.zst
Source6:        berghain.tmpfiles
Source7:        berghain.haproxy.tmpfiles
Patch0:         berghain-config.patch
# openSUSE/berghain.git => `git format-patch master..openSUSE-master -- :!README.openSUSE.md`
Patch1:         0001-Customization-for-openSUSE.patch
Patch2:         0002-Add-image.patch
Patch3:         0003-Avoid-oversized-container-in-some-browsers.patch
%if 0%{?suse_version} < 1600
# would fail in HAProxy 2.8 if TCP syslog server is configured in the global section
# works in HAProxy 3.x
Patch10:        berghain-spoe-haproxy-config.patch
%endif
BuildRequires:  apparmor-rpm-macros
BuildRequires:  golang(API) >= 1.21
BuildRequires:  golang-packaging
BuildRequires:  haproxy
BuildRequires:  npm
BuildRequires:  sysuser-tools
BuildRequires:  zstd
Requires:       %{name}-spoa
Requires:       %{name}-spoe-haproxy
Requires:       %{name}-web
%systemd_ordering
%if 0%{?suse_version} > 1600
Recommends(post): openssl
%endif

%package spoa
Summary:        Berghain SPOA (SPOP handler)
Group:          Productivity/Networking/Web/Proxy

%package spoe-haproxy
Summary:        Bergchain SPOE configuration
Group:          Productivity/Networking/Web/Proxy
BuildArch:      noarch
Requires:       haproxy

%package web
Summary:        Berghain challenge website
Group:          Productivity/Networking/Web/Proxy
BuildArch:      noarch

%description
Berghain is your trusty SPOE-Agent, guarding the entrance to the backend like a seasoned bouncer. This Go and HAProxy-powered tool ensures that only the coolest and most valid browsers can access the exclusive party happening on the other side.

This main package is a meta package to install all components together:
- SPOA
- SPOE configuration
- Challenge website

The different component subpackages can alternatively be installed individually, for example if distribution across different machines is desired.

%description spoa
Berghain is your trusty SPOE-Agent, guarding the entrance to the backend like a seasoned bouncer. This Go and HAProxy-powered tool ensures that only the coolest and most valid browsers can access the exclusive party happening on the other side.

This package contains the Stream Process Offloading Agent.

%description spoe-haproxy
Berghain is your trusty SPOE-Agent, guarding the entrance to the backend like a seasoned bouncer. This Go and HAProxy-powered tool ensures that only the coolest and most valid browsers can access the exclusive party happening on the other side.

This package contains the HAProxy SPOE configuration.

%description web
Berghain is your trusty SPOE-Agent, guarding the entrance to the backend like a seasoned bouncer. This Go and HAProxy-powered tool ensures that only the coolest and most valid browsers can access the exclusive party happening on the other side.

This package contains the challenge page.

%prep
%autosetup -a4 -p1
#setup -b5 -D -T
#mv ...
tar -C web -xf %{SOURCE5}

%build
go build -buildmode=pie -mod=vendor -ldflags='-s -w' ./cmd/spop

pushd web
npm run build
popd

%sysusers_generate_pre %{SOURCE1} %{name} system-user-%{name}.conf

%install
install -dm 0755 \
  %{buildroot}%{_bindir} %{buildroot}%{_sbindir} %{buildroot}%{_sysconfdir}/haproxy \
  %{buildroot}%{_sysusersdir} %{buildroot}/%{_tmpfilesdir} %{buildroot}%{_unitdir} \
  %{buildroot}/srv/www/%{name}

install -vm 0755 spop %{buildroot}%{_bindir}/%{name}
install -vm 0640 cmd/spop/config.yaml %{buildroot}%{_sysconfdir}/%{name}.yaml

install -vm 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/system-user-%{name}.conf

install -vm 0644 %{SOURCE2} %{buildroot}%{_unitdir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

install -Dvm 0644 %{SOURCE3} %{buildroot}%{apparmor_profilesdir}/%{name}

for x in default native-crypto
do
  install -dm 0755 %{buildroot}/srv/www/%{name}/$x
  install -vm 0644 web/dist/$x/index.html %{buildroot}/srv/www/%{name}/$x 
done

install -vm 0644 examples/haproxy/berghain.cfg %{buildroot}%{_sysconfdir}/haproxy/berghain-spoe.cfg

install -vm 0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -vm 0644 %{SOURCE7} %{buildroot}%{_tmpfilesdir}/%{name}.haproxy.conf

%check
%{gotest} .

%pre -f %{name}.pre spoa
%service_add_pre %{name}.service

%post spoa
if grep -q '^secret: __REPLACE_ME__$' %{_sysconfdir}/%{name}.yaml
then
  if command -v openssl >/dev/null
  then
    echo 'Writing random secret to %{_sysconfdir}/%{name}.yaml ...'
    sed -i "s/__REPLACE_ME__/$(openssl rand -base64 32 | sed 's?/?\\/?g')/" %{_sysconfdir}/%{name}.yaml
  else
    echo 'Cannot automatically generate secret for %{_sysconfdir}/%{name}.yaml, "openssl" is not installed.'
  fi
fi

%{apparmor_reload %{apparmor_profilesdir}/%{name}}
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%service_add_post %{name}.service

%post spoe-haproxy
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf %{_tmpfilesdir}/%{name}.haproxy.conf

%preun spoa
%service_del_preun %{name}.service

%postun spoa
%service_del_postun %{name}.service

%files

%files spoa
%license LICENSE
%doc README.md
%dir %{apparmor_profilesdir}
%attr(0644,root,root) %config %{apparmor_profilesdir}/%{name}
%attr(0640,root,%{name}) %config(noreplace) %{_sysconfdir}/%{name}.yaml
%{_bindir}/%{name}
%{_sbindir}/rc%{name}
%{_sysusersdir}/system-user-%{name}.conf
%{_tmpfilesdir}/%{name}.conf
%{_unitdir}/%{name}.service

%ghost %dir /run/%{name}
%ghost /run/%{name}/spop.sock

%files spoe-haproxy
%config %{_sysconfdir}/haproxy/berghain-spoe.cfg
%{_tmpfilesdir}/%{name}.haproxy.conf

%files web
%dir /srv/www
%dir /srv/www/%{name}{,/{default,native-crypto}}
/srv/www/%{name}/{default,native-crypto}/index.html

%changelog