%bcond_without vendor %if %{without vendor} %bcond_without check %endif # https://github.com/caddyserver/caddy %global goipath github.com/caddyserver/caddy %global basever 2.5.2 #global prerel rc #global prerelnum 3 Version: %{basever}%{?prerel:~%{prerel}%{prerelnum}} %gometa %global common_description %{expand: Caddy is the web server with automatic HTTPS.} Name: caddy Release: 1%{?dist} Summary: Web server with automatic HTTPS # See LICENSE.dependencies for a full licensing breakdown License: Apache-2.0 AND BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause AND MIT AND MPL-2.0 URL: https://caddyserver.com Source0: %{gosource} # see create-vendor-tarball.sh in this distgit repo Source101: caddy-%{version}-vendor.tar.gz # based on reference files upstream # https://github.com/caddyserver/dist Source1: Caddyfile Source2: caddy.service Source3: caddy-api.service Source4: poweredby-white.png Source5: poweredby-black.png Source6: bash-completion Source7: zsh-completion Source100: LICENSE.dependencies # downstream only patch to disable commands that can alter the binary Patch: 0001-Disable-commands-that-can-alter-the-binary.patch # https://github.com/caddyserver/caddy/commit/b4f1a713978f44b6f26721bd4eaa355164e3e6f4 BuildRequires: golang >= 1.17 BuildRequires: systemd-rpm-macros %{?systemd_requires} Requires: system-logos-httpd Provides: webserver %description %{common_description} %if %{without vendor} %gopkg %endif %prep %autosetup -p1 %{?with_vendor:-a 101} %goprep -e %{?with_vendor:-k} cp %{S:100} . sed -e '/mod.Version/ s/unknown/%{version}-%{release}/' -i caddy.go %if %{without vendor} %generate_buildrequires %go_generate_buildrequires %endif %build %gobuild -o %{gobuilddir}/bin/caddy %{goipath}/cmd/caddy %install %if %{without vendor} %gopkginstall %endif # command install -D -p -m 0755 %{gobuilddir}/bin/caddy %{buildroot}%{_bindir}/caddy # config install -D -p -m 0644 %{S:1} %{buildroot}%{_sysconfdir}/caddy/Caddyfile install -d -m 0755 %{buildroot}%{_sysconfdir}/caddy/Caddyfile.d # systemd units install -D -p -m 0644 %{S:2} %{buildroot}%{_unitdir}/caddy.service install -D -p -m 0644 %{S:3} %{buildroot}%{_unitdir}/caddy-api.service # data directory install -d -m 0750 %{buildroot}%{_sharedstatedir}/caddy # welcome page %if %{defined fedora} install -D -p -m 0644 %{S:4} %{buildroot}%{_datadir}/caddy/poweredby.png %else install -D -p -m 0644 %{S:5} %{buildroot}%{_datadir}/caddy/poweredby.png %endif ln -s ../testpage/index.html %{buildroot}%{_datadir}/caddy/index.html install -d -m 0755 %{buildroot}%{_datadir}/caddy/icons ln -s ../../pixmaps/poweredby.png %{buildroot}%{_datadir}/caddy/icons/poweredby.png # shell completion install -D -p -m 0644 %{S:6} %{buildroot}%{_datadir}/bash-completion/completions/caddy install -D -p -m 0644 %{S:7} %{buildroot}%{_datadir}/zsh/site-functions/_caddy # Licenses install -d -p %{buildroot}%{_defaultlicensedir}/caddy for file in $(find vendor | grep -E '\/(LICENSE|COPYING|COPYRIGHT|NOTICE|PATENTS)'); do cp -p --parents "${file}" "%{buildroot}%{_defaultlicensedir}/caddy" done %if %{with check} %check %gocheck %endif %pre getent group caddy &> /dev/null || \ groupadd -r caddy &> /dev/null getent passwd caddy &> /dev/null || \ useradd -r -g caddy -d %{_sharedstatedir}/caddy -s /sbin/nologin -c 'Caddy web server' caddy &> /dev/null exit 0 %post %systemd_post caddy.service if [ -x /usr/sbin/getsebool ]; then # connect to ACME endpoint to request certificates setsebool -P httpd_can_network_connect on fi if [ -x /usr/sbin/semanage -a -x /usr/sbin/restorecon ]; then # file contexts semanage fcontext --add --type httpd_exec_t '%{_bindir}/caddy' 2> /dev/null || : semanage fcontext --add --type httpd_sys_content_t '%{_datadir}/caddy(/.*)?' 2> /dev/null || : semanage fcontext --add --type httpd_config_t '%{_sysconfdir}/caddy(/.*)?' 2> /dev/null || : semanage fcontext --add --type httpd_var_lib_t '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || : restorecon -r %{_bindir}/caddy %{_datadir}/caddy %{_sysconfdir}/caddy %{_sharedstatedir}/caddy || : fi if [ -x /usr/sbin/semanage ]; then # QUIC semanage port --add --type http_port_t --proto udp 80 2> /dev/null || : semanage port --add --type http_port_t --proto udp 443 2> /dev/null || : # admin endpoint semanage port --add --type http_port_t --proto tcp 2019 2> /dev/null || : fi %preun %systemd_preun caddy.service %postun %systemd_postun_with_restart caddy.service if [ $1 -eq 0 ]; then if [ -x /usr/sbin/getsebool ]; then # connect to ACME endpoint to request certificates setsebool -P httpd_can_network_connect off fi if [ -x /usr/sbin/semanage ]; then # file contexts semanage fcontext --delete --type httpd_exec_t '%{_bindir}/caddy' 2> /dev/null || : semanage fcontext --delete --type httpd_sys_content_t '%{_datadir}/caddy(/.*)?' 2> /dev/null || : semanage fcontext --delete --type httpd_config_t '%{_sysconfdir}/caddy(/.*)?' 2> /dev/null || : semanage fcontext --delete --type httpd_var_lib_t '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || : # QUIC semanage port --delete --type http_port_t --proto udp 80 2> /dev/null || : semanage port --delete --type http_port_t --proto udp 443 2> /dev/null || : # admin endpoint semanage port --delete --type http_port_t --proto tcp 2019 2> /dev/null || : fi fi %files %license LICENSE LICENSE.dependencies %if %{with vendor} %license %{_defaultlicensedir}/caddy/vendor %endif %doc README.md AUTHORS %{_bindir}/caddy %{_datadir}/caddy %{_unitdir}/caddy.service %{_unitdir}/caddy-api.service %dir %{_sysconfdir}/caddy %config(noreplace) %{_sysconfdir}/caddy/Caddyfile %dir %{_sysconfdir}/caddy/Caddyfile.d %attr(0750,caddy,caddy) %dir %{_sharedstatedir}/caddy # filesystem owns all the parent directories here %{_datadir}/bash-completion/completions/caddy # own parent directories in case zsh is not installed %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_caddy %if %{without vendor} %gopkgfiles %endif %changelog * Tue Aug 09 2022 Carl George - 2.5.2-1 - Latest upstream, resolves rhbz#2062499 rhbz#2113136 * Wed Jul 20 2022 Fedora Release Engineering - 2.4.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Maxwell G - 2.4.6-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Fri Jun 17 2022 Robert-André Mauchin - 2.4.6-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 * Fri Feb 25 2022 Carl George - 2.4.6-2 - Update welcome page symlink and image to work on both Fedora and EPEL * Wed Feb 16 2022 Carl George - 2.4.6-1 - Latest upstream rhbz#1984163 * Wed Jan 19 2022 Fedora Release Engineering - 2.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jul 21 2021 Fedora Release Engineering - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Mar 03 2021 Carl George - 2.3.0-1 - Latest upstream - Fix vendored license handling - Switch to white logo rhbz#1934864 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.2.1-3 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Tue Jan 26 2021 Fedora Release Engineering - 2.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Oct 30 2020 Carl George - 2.2.1-1 - Latest upstream * Sat Sep 26 2020 Carl George - 2.2.0-1 - Latest upstream * Sat Sep 19 2020 Carl George - 2.2.0~rc3-1 - Latest upstream * Fri Aug 14 2020 Carl George - 2.1.1-2 - Add bash and zsh completion support * Sun Aug 09 2020 Carl George - 2.1.1-1 - Update to Caddy v2 - Remove all v1 plugins - Use vendored dependencies - Remove devel subpackage - Rename config file per upstream request - Use webserver test page from system-logos-httpd * Sat Aug 01 2020 Fedora Release Engineering - 1.0.4-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering - 1.0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 07 20:56:10 CEST 2020 Robert-André Mauchin - 1.0.4-1 - Update to 1.0.4 (#1803691) * Mon Feb 17 2020 Elliott Sales de Andrade - 1.0.3-3 - Rebuilt for GHSA-jf24-p9p9-4rjh * Tue Jan 28 2020 Fedora Release Engineering - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Sep 07 2019 Carl George - 1.0.3-1 - Latest upstream - Remove bundled lego and plugins - Remove dyn, gandi, namecheap, and rfc2136 dns providers - Add patch0 to fix `-version` flag - Add patch1 to adjust blackfriday import path - Add devel subpackages - Run test suite * Wed Jul 24 2019 Fedora Release Engineering - 0.11.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu May 09 2019 Carl George - 0.11.4-2 - Switch unit file from ProtectSystem strict to full rhbz#1706651 * Wed Mar 06 2019 Carl George - 0.11.4-1 - Latest upstream - Update bundled dnsproviders to 0.1.3 - Update bundled lego to 2.2.0 - Enable googlecloud, route53, and azure dns providers on epel7 - Allow custom http port with default config file rhbz#1685446 * Thu Jan 31 2019 Fedora Release Engineering - 0.11.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Nov 14 2018 Carl George - 0.11.1-2 - Buildrequires at least golang 1.10 * Tue Nov 13 2018 Carl George - 0.11.1-1 - Latest upstream - Update bundled geoip * Fri Oct 19 2018 Carl George - 0.11.0-3 - Enable httpd_can_network_connect selinux boolean to connect to ACME endpoint rhbz#1641158 - Define UDP 80/443 as selinux http_port_t for QUIC rhbz#1608548 - Define TCP 5033 as selinux http_port_t for HTTP challenge rhbz#1641160 * Thu Jul 12 2018 Fedora Release Engineering - 0.11.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sat May 12 2018 Carl George - 0.11.0-1 - Latest upstream * Sat Apr 21 2018 Carl George - 0.10.14-1 - Latest upstream - Overhaul %%prep to extract everything with %%setup - Edit lego providers to require acmev2 instead of acme - Add provides for specific providers from %%import_path_dnsproviders and %%import_path_lego - Add azure dns provider on f28+ * Fri Apr 20 2018 Carl George - 0.10.11-6 - Enable geoip plugin on EL7 - Only provide bundled geoip/realip/dnsproviders/lego when the respective plugin is enabled * Wed Apr 18 2018 Carl George - 0.10.11-5 - Add geoip plugin * Tue Apr 17 2018 Carl George - 0.10.11-4 - Correct ExclusiveArch fallback * Mon Apr 16 2018 Carl George - 0.10.11-3 - Enable s390x - Disable googlecloud and route53 dns providers on EL7 due to dependency issues * Fri Mar 30 2018 Carl George - 0.10.11-2 - Add googlecloud dns provider - Add route53 dns provider - Set minimum golang version to 1.9 - Set selinux labels in scriptlets * Sat Feb 24 2018 Carl George - 0.10.11-1 - Latest upstream * Sat Feb 24 2018 Carl George - 0.10.10-4 - Change ProtectSystem from strict to full in unit file on RHEL * Wed Feb 07 2018 Fedora Release Engineering - 0.10.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jan 11 2018 Carl George - 0.10.10-2 - Add powerdns provider * Mon Oct 09 2017 Carl George - 0.10.10-1 - Latest upstream * Mon Oct 02 2017 Carl George - 0.10.9-6 - Add provides for bundled libraries * Mon Oct 02 2017 Carl George - 0.10.9-5 - Enable rfc2136 dns provider - List plugins in description * Mon Sep 18 2017 Carl George - 0.10.9-4 - Exclude s390x * Sun Sep 17 2017 Carl George - 0.10.9-3 - Add realip plugin - Add conditionals for plugins * Sat Sep 16 2017 Carl George - 0.10.9-2 - Add sources for caddyserver/dnsproviders and xenolf/lego - Disable all dns providers that require additional libraries (dnsimple, dnspod, googlecloud, linode, ovh, route53, vultr) - Rewrite default index.html * Tue Sep 12 2017 Carl George - 0.10.9-1 - Latest upstream - Add config validation to unit file - Disable exoscale dns provider https://github.com/xenolf/lego/issues/429 * Fri Sep 08 2017 Carl George - 0.10.8-1 - Latest upstream - Build with %%gobuild macro - Move config subdirectory from /etc/caddy/caddy.conf.d to /etc/caddy/conf.d * Tue Aug 29 2017 Carl George - 0.10.7-1 - Latest upstream * Fri Aug 25 2017 Carl George - 0.10.6-2 - Use SIQQUIT to stop service - Increase the process limit from 64 to 512 - Only `go get` in caddy/caddymain * Fri Aug 11 2017 Carl George - 0.10.6-1 - Latest upstream - Add webserver virtual provides - Drop tmpfiles and just own /var/lib/caddy directly - Remove PrivateDevices setting from unit file, it prevents selinux process transitions - Disable rfc2136 dns provider https://github.com/caddyserver/dnsproviders/issues/11 * Sat Jun 03 2017 Carl George - 0.10.3-2 - Rename Envfile to envfile - Rename Caddyfile to caddy.conf - Include additional configs from caddy.conf.d directory * Fri May 19 2017 Carl George - 0.10.3-1 - Latest upstream * Mon May 15 2017 Carl George - 0.10.2-1 - Initial package