%global debug_package %{nil}

Name:          step-ca
Version:       0.28.4
Release:       1
Summary:       Smallstep CA
License:       Apache-2.0
URL:           https://smallstep.com/certificates
Source0:       certificates-%{version}.tar.gz
Source1:       step-ca.sysusers
Source2:       step-ca-has-provisioner
BuildRequires: golang >= 1.24
BuildRequires: git-core
BuildRequires: make
BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libpcsclite)
BuildRequires: systemd-rpm-macros
#Requires:       step-cli
%{?systemd_requires}

%description
step-ca is an online certificate authority for secure, automated
certificate management for DevOps.

%prep
%autosetup -p1 -n certificates-%{version}

# fix step-ca.service
sed -i -e's|^ConditionalFileNotEmpty.*ca.json$|ConditionFileNotEmpty=/var/lib/step-ca/.step/config/ca.json|' systemd/step-ca.service
sed -i -e's|step$|step-ca|g' systemd/step-ca.service
sed -i -e's|^Environment.*$|Environment=STEPPATH=/var/lib/step-ca/.step/|' systemd/step-ca.service
sed -i -e's|^WorkingDirectory.*$|WorkingDirectory/var/lib/step-ca/|' systemd/step-ca.service
sed -i -e's|^ExecStart.*$|ExecStart=/usr/sbin/step-ca .step/config/ca.json --password-file /etc/step-ca/password.txt|' systemd/step-ca.service
sed -i -e's|^ReadWriteDirectories.*$|ReadWriteDirectories=/var/lib/step-ca/|' systemd/step-ca.service

%build
#make bootstrap
#make build GO_ENVS="CGO_ENABLED=1"
BUILD_DATE="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" '+%Y-%m-%d %H:%M UTC')"
GO_ENVS="CGO_ENABLED=1" go build \
  -trimpath \
  -buildmode=pie \
  -mod=readonly \
  -modcacherw \
  -ldflags "-linkmode external -extldflags \"${LDFLAGS}\" -X \"main.Version=${version}\" -X \"main.BuildTime=${BUILD_DATE}\"" \
  -o bin/step-ca ./cmd/...
#

%install
install -m 0755 -d %{buildroot}%{_bindir}
install -m 0750 -d %{buildroot}%{_sysconfdir}/step-ca/config
install -m 0750 -d %{buildroot}%{_sharedstatedir}/step-ca
install -m 0755 -d %{buildroot}%{_unitdir}

install -Dm0755 "bin/step-ca" "%{buildroot}%{_bindir}/step-ca"
install -Dm0644 "systemd/step-ca.service" "%{buildroot}%{_unitdir}/step-ca.service"
install -m0640 /dev/null %{buildroot}%{_sysconfdir}/step-ca/password.txt
install -m0755 %{SOURCE2} %{buildroot}%{_bindir}/step-ca-has-provisioner


%check
go test -v ./...
./bin/step-ca --version

%post
%systemd_post step-ca.service

%preun
%systemd_preun step-ca.service

%postun
%systemd_postun_with_restart step-ca.service

%files
%license LICENSE
%doc README.md
# apps
%attr(0750,root,step-ca) %{_bindir}/step-ca
%attr(0750,root,step-ca) %{_bindir}/step-ca-has-provisioner
# config
%attr(-,root,step-ca) %config(noreplace) %{_sysconfdir}/step-ca
# home
%attr(-,step-ca,step-ca) %dir %{_sharedstatedir}/step-ca
# service
%{_unitdir}/%{name}.service

%changelog
* Wed Oct 08 2025 PatrickLaimbock <patrick@laimbock.com> - 0.28.4-1
- initial release for Fedora 42