diff options
-rw-r--r-- | .gitignore | 8 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | php-snuffleupagus.spec | 189 |
3 files changed, 201 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fc9aa8c --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +clog +package-*.xml +*.tgz +*.tar.gz +*.tar.xz +*.tar.xz.asc +*.src.rpm +*/*rpm diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..91b0fd5 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +SRCDIR := $(shell pwd) +NAME := $(shell basename $(SRCDIR)) +include ../../common/Makefile + diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec new file mode 100644 index 0000000..4b5bdf4 --- /dev/null +++ b/php-snuffleupagus.spec @@ -0,0 +1,189 @@ +# remirepo spec file for php-snuffleupagus +# +# Copyright (c) 2018 Remi Collet +# License: CC-BY-SA +# http://creativecommons.org/licenses/by-sa/4.0/ +# +# Please, preserve the changelog entries +# +%if 0%{?scl:1} +%global sub_prefix %{scl_prefix} +%scl_package php-snuffleupagus +%else +%global pkg_name %{name} +%endif + +%global gh_commit 543173ac37675472cb5a5520cdf72f09f8d3d5c4 +%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) +%global gh_owner nbs-system +%global gh_project snuffleupagus +%global pecl_name snuffleupagus +# ZTS is not supported, test suite fails +# https://github.com/nbs-system/snuffleupagus/issues/123 +%global with_zts 0 +%global ini_name 40-%{pecl_name}.ini + +Summary: Security module for php7 +Name: %{?sub_prefix}php-snuffleupagus +Version: 0.1.0 +Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} +License: LGPLv3 +Group: Development/Languages +URL: https://github.com/%{gh_owner}/%{gh_project} +Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz + +BuildRequires: %{?scl_prefix}php-devel +BuildRequires: pcre-devel + +Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} +Requires: %{?scl_prefix}php(api) = %{php_core_api} +%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} + +%if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} +Obsoletes: php70u-%{pecl_name} <= %{version} +Obsoletes: php70w-%{pecl_name} <= %{version} +%if "%{php_version}" > "7.1" +Obsoletes: php71u-%{pecl_name} <= %{version} +Obsoletes: php71w-%{pecl_name} <= %{version} +%endif +%if "%{php_version}" > "7.2" +Obsoletes: php72u-%{pecl_name} <= %{version} +Obsoletes: php72w-%{pecl_name} <= %{version} +%endif +%endif + +%if 0%{?fedora} < 20 && 0%{?rhel} < 7 +# Filter shared private +%{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$} +%{?filter_setup} +%endif + + +%description +Snuffleupagus is a PHP7+ module designed to drastically raise the cost of +attacks against websites. This is achieved by killing entire bug classes +and providing a powerful virtual-patching system, allowing the administrator +to fix specific vulnerabilities without having to touch the PHP code. + +Documentation: https://snuffleupagus.readthedocs.io/ + +Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. + + +%prep +%setup -q -n %{gh_project}-%{gh_commit} +mv src NTS + +cd NTS +# needed because of sources relocation +sed -e 's:src/::' -i tests/multi_config.phpt + +# TODO not ok for now +# Sanity check, really often broken +#extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) +#if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then +# : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. +# exit 1 +#fi +cd .. + +%if %{with_zts} +# duplicate for ZTS build +cp -pr NTS ZTS +%endif + +# Drop in the bit of configuration +cat << 'EOF' | tee %{ini_name} +; Enable '%{pecl_name}' extension module +extension = %{pecl_name}.so + +; Configuration +;sp.configuration_file = '' +EOF + + +%build +%{?dtsenable} + +cd NTS +%{_bindir}/phpize +%configure \ + --with-php-config=%{_bindir}/php-config \ + --with-libdir=%{_lib} \ + --enable-snuffleupagus +make %{?_smp_mflags} + +%if %{with_zts} +cd ../ZTS +%{_bindir}/zts-phpize +%configure \ + --with-php-config=%{_bindir}/zts-php-config \ + --with-libdir=%{_lib} \ + --enable-snuffleupagus +make %{?_smp_mflags} +%endif + + +%install +%{?dtsenable} + +# Install the NTS stuff +make -C NTS install INSTALL_ROOT=%{buildroot} +install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} + +%if %{with_zts} +# Install the ZTS stuff +make -C ZTS install INSTALL_ROOT=%{buildroot} +install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} +%endif + + + +%check +cd NTS +: Minimal load test for NTS extension +%{__php} --no-php-ini \ + --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ + --modules | grep %{pecl_name} + +: Upstream test suite for NTS extension +TEST_PHP_EXECUTABLE=%{__php} \ +TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \ +NO_INTERACTION=1 \ +REPORT_EXIT_STATUS=1 \ +%{__php} -n run-tests.php --show-diff || : ignore + +%if %{with_zts} +cd ../ZTS +: Minimal load test for ZTS extension +%{__ztsphp} --no-php-ini \ + --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \ + --modules | grep %{pecl_name} + +: Upstream test suite for ZTS extension +TEST_PHP_EXECUTABLE=%{__ztsphp} \ +TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ +NO_INTERACTION=1 \ +REPORT_EXIT_STATUS=1 \ +%{__ztsphp} -n run-tests.php --show-diff +%endif + + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE +%doc *.md + +%config(noreplace) %{php_inidir}/%{ini_name} +%{php_extdir}/%{pecl_name}.so + +%if %{with_zts} +%config(noreplace) %{php_ztsinidir}/%{ini_name} +%{php_ztsextdir}/%{pecl_name}.so +%endif + + +%changelog +* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-1 +- new package, version 0.1.0 +- open https://github.com/nbs-system/snuffleupagus/issues/123 |