File step-ca.spec of Package step-ca
#
# spec file for package step-ca
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define configdir %{_sysconfdir}/step-ca
%define datadir %{_localstatedir}/lib/step-ca
%define user_group _step-ca
%define services %{name}.service
%define pkg_name certificates
%define pkg_version %{version}
Name: step-ca
Version: 0.28.4
Release: 0
Summary: Smallstep CA
License: BSD-3-Clause
URL: https://smallstep.com/certificates
Source: %{pkg_name}-%{pkg_version}.tar.gz
Source1: vendor.tar.xz
Source2: step-ca-init
Source3: README.SUSE
Source5: step-ca-apparmor
Source6: step-ca-has-provisioner
Source9: series
Patch1: service-file.patch
BuildRequires: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
BuildRequires: golang(API) >= 1.19
BuildRequires: golang-packaging
BuildRequires: packaging-apparmor
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libpcsclite)
BuildRequires: pkgconfig(systemd)
Requires: apparmor-abstractions
Requires: step-cli
Provides: user(%{user_group})
Provides: group(%{user_group})
%{?systemd_ordering}
%description
A private certificate authority (X.509 & SSH) & ACME server for secure
automated certificate management, so you can use TLS everywhere & SSO for SSH.
%prep
%autosetup -p1 -n %{pkg_name}-%{pkg_version} -a 1
%build
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
go build -buildmode=pie -mod=vendor -ldflags="-w -X 'main.Version=%{version}' -X 'main.BuildTime=${BUILD_DATE}'" ./cmd/...
%install
install -m 0755 -d %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
install -m 0750 -d %{buildroot}%{datadir} %{buildroot}%{configdir}
install -m 0755 -t %{buildroot}%{_sbindir} step-ca
install -m 0755 %{SOURCE2} %{buildroot}%{_sbindir}/step-ca-init
install -m 0755 %{SOURCE6} %{buildroot}%{_sbindir}/step-ca-has-provisioner
install -m 0640 /dev/null %{buildroot}%{configdir}/password.txt
install -m 0644 systemd/step-ca.service %{buildroot}%{_unitdir}/step-ca.service
cp %{SOURCE3} .
install -D -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/apparmor.d/step-ca
pushd %{buildroot}%{_sysconfdir}/apparmor.d
%{apparmor_postprocess step-ca}
popd
%python3_fix_shebang
%check
./step-ca --version | grep %{version}
%pre
%{_sbindir}/groupadd -r %{user_group} &>/dev/null || :
%{_sbindir}/useradd -g %{user_group} -s /bin/false -r -c "Smallstep CA" -d %{datadir} %{user_group} &>/dev/null || :
%service_add_pre %{services}
%post
%service_add_post %{services}
%preun
%service_del_preun %{services}
%postun
%apparmor_reload %{_sysconfdir}/apparmor.d/step-ca
%service_del_postun %{services}
%files
%config(noreplace) %attr(-,root,%{user_group}) %{configdir}
%dir %attr(-,%{user_group},%{user_group}) %{datadir}
%doc README.md README.SUSE
%license LICENSE
#caps(CAP_NET_BIND_SERVICE=pe)
%attr(750,root,%{user_group}) %{_sbindir}/%{name}
%config %{_sysconfdir}/apparmor.d/step-ca
%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/step-ca
%{_unitdir}/%{name}.service
%{_sbindir}/%{name}-init
%{_sbindir}/step-ca-has-provisioner
%changelog
