Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
OBS:Server:2.10:Staging
obs-signd
obs-signd.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File obs-signd.spec of Package obs-signd
# # spec file for package obs-signd # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: obs-signd Summary: The sign daemon License: GPL-2.0-only Group: Productivity/Networking/Web/Utilities Version: 2.8.4 Release: 0 URL: http://en.opensuse.org/Build_Service Source: obs-sign-%version.tar.xz Source1: obs-signd-rpmlintrc Source2: obs-signd.tmpfiles.d Source3: %{name}.sysusers Source4: README.runas-user Source5: runas-user-systemd-override.conf Requires: user(obsrun) %if 0%{?suse_version} PreReq: %fillup_prereq PreReq: permissions %endif %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif BuildRequires: systemd-rpm-macros BuildRequires: sysuser-shadow BuildRequires: sysuser-tools # the following build requires are needed for the testsuite %if 0%{?suse_version} BuildRequires: gpg2 %else BuildRequires: gpg %endif BuildRequires: make BuildRequires: openssl %description The openSUSE Build Service sign client and daemon. This daemon can be used to sign anything via gpg, but it speaks with a remote server to avoid the need to host the private key on the same server. %package runas-user Summary: Run signd as user obs-signd:obs-signd instead of root:obs-run Requires: %{name} = %{version} %{?sysusers_requires} %description runas-user The openSUSE Build Service sign client and daemon. This daemon can be used to sign anything via gpg, but it speaks with a remote server to avoid the need to host the private key on the same server. This package provides an obs-signd:obs-signd user and directories. %prep %setup -n obs-sign-%version cp %{SOURCE4} . %build make CFLAGS="$RPM_OPT_FLAGS -fpie -D_FILE_OFFSET_BITS=64" LDFLAGS="-pie" %sysusers_generate_pre %{SOURCE3} %{name} %{name}.conf %check make test %install # run level script mkdir -p %{buildroot}%{_unitdir} install -D -m 0644 dist/signd.service %{buildroot}%{_unitdir}/obssignd.service install -d -m 0755 %{buildroot}%{_sbindir} ln -sf /usr/sbin/service %{buildroot}%{_sbindir}/rcobssignd # man pages install -d -m 0755 %{buildroot}%{_mandir}/man{5,8} install -d -m 0755 %{buildroot}/usr/bin for j in `ls sig*.{5,8}`; do gzip -9 ${j} done for k in 5 8; do install -m 0644 sig*.${k}.gz %{buildroot}%{_mandir}/man${k}/ done # binaries and configuration install -d -m 0755 %{buildroot}/etc/permissions.d install -m 0755 signd %{buildroot}/usr/sbin/ install -m 0750 sign %{buildroot}/usr/bin/ install -m 0644 sign.conf %{buildroot}/etc/ install -m 0644 dist/sign.permission %{buildroot}/etc/permissions.d/sign # install fillups FILLUP_DIR=%{buildroot}%{_fillupdir} install -d -m 755 $FILLUP_DIR install -m 0644 dist/sysconfig.signd $FILLUP_DIR/ ## runas-user stuff # systemd integration and user install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/obssignd.service.d/runas-user.conf # data dir install -D -m 0750 -d %{buildroot}/srv/obs-signd install -D -m 0750 -d %{buildroot}/srv/obs-signd/keycache install -D -m 0750 -d \ %{buildroot}/srv/obs-signd/{default,privileged,restricted,system}/ \ %{buildroot}/srv/obs-signd/{default,privileged,restricted}/aliases install -D -m 0700 -d \ %{buildroot}/srv/obs-signd/{default,privileged,restricted,system}/gnupg \ %{buildroot}/srv/obs-signd/{default,privileged,restricted,system}/gnupg/openpgp-revocs.d \ %{buildroot}/srv/obs-signd/{default,privileged,restricted,system}/gnupg/private-keys-v1.d \ %{buildroot}/srv/obs-signd/{default,privileged,restricted}/phrases \ %{buildroot}/srv/obs-signd/default/enckeys # home dir install -D -m 0750 -d %{buildroot}/var/lib/obs-signd ## /runas-user stuff %pre %service_add_pre obssignd.service %preun %service_del_preun obssignd.service %post %service_add_post obssignd.service %if 0%{?suse_version} > 1220 %set_permissions /etc/permissions.d/sign %else %run_permissions %endif %fillup_only -n signd %postun %service_del_postun obssignd.service %pre runas-user -f %{name}.pre %post runas-user %tmpfiles_create %{_tmpfilesdir}/%{name}.conf %postun runas-user %service_del_postun obssignd.service %files %config(noreplace) /etc/sign.conf %verify(not mode) %attr(4750,root,obsrun) /usr/bin/sign %attr(0755,root,root) /usr/sbin/signd %attr(0755,root,root) /usr/sbin/rcobssignd %attr(0644,root,root) %{_unitdir}/obssignd.service %{_fillupdir}/sysconfig.signd /etc/permissions.d/sign %doc %{_mandir}/man*/* %files runas-user %doc README.runas-user %{_sysusersdir}/%{name}.conf %{_tmpfilesdir}/%{name}.conf %dir %{_unitdir}/obssignd.service.d/ %{_unitdir}/obssignd.service.d/runas-user.conf %ghost %dir %attr(0750,obs-signd,obs-signd) /run/signd %dir %attr(0750,obs-signd,obs-signd) /srv/obs-signd %dir %attr(0750,obs-signd,obs-signd) /srv/obs-signd/{default,privileged,restricted,system}/ %dir %attr(0700,obs-signd,obs-signd) /srv/obs-signd/{default,privileged,restricted,system}/gnupg %dir %attr(0700,obs-signd,obs-signd) /srv/obs-signd/{default,privileged,restricted,system}/gnupg/openpgp-revocs.d %dir %attr(0700,obs-signd,obs-signd) /srv/obs-signd/{default,privileged,restricted,system}/gnupg/private-keys-v1.d %dir %attr(0750,obs-signd,obs-signd) /srv/obs-signd/{default,restricted}/aliases %dir %attr(0700,obs-signd,obs-signd) /srv/obs-signd/{default,restricted}/phrases %dir %attr(0700,obs-signd,obs-signd) /srv/obs-signd/default/enckeys %dir %attr(0750,obs-signd,obs-signd) /srv/obs-signd/keycache %dir %attr(0750,obs-signd,obs-signd) /var/lib/obs-signd %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor