summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore8
-rw-r--r--Makefile4
-rw-r--r--php-snuffleupagus.spec189
3 files changed, 201 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..fc9aa8c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+clog
+package-*.xml
+*.tgz
+*.tar.gz
+*.tar.xz
+*.tar.xz.asc
+*.src.rpm
+*/*rpm
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..91b0fd5
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../../common/Makefile
+
diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec
new file mode 100644
index 0000000..4b5bdf4
--- /dev/null
+++ b/php-snuffleupagus.spec
@@ -0,0 +1,189 @@
+# remirepo spec file for php-snuffleupagus
+#
+# Copyright (c) 2018 Remi Collet
+# License: CC-BY-SA
+# http://creativecommons.org/licenses/by-sa/4.0/
+#
+# Please, preserve the changelog entries
+#
+%if 0%{?scl:1}
+%global sub_prefix %{scl_prefix}
+%scl_package php-snuffleupagus
+%else
+%global pkg_name %{name}
+%endif
+
+%global gh_commit 543173ac37675472cb5a5520cdf72f09f8d3d5c4
+%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
+%global gh_owner nbs-system
+%global gh_project snuffleupagus
+%global pecl_name snuffleupagus
+# ZTS is not supported, test suite fails
+# https://github.com/nbs-system/snuffleupagus/issues/123
+%global with_zts 0
+%global ini_name 40-%{pecl_name}.ini
+
+Summary: Security module for php7
+Name: %{?sub_prefix}php-snuffleupagus
+Version: 0.1.0
+Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
+License: LGPLv3
+Group: Development/Languages
+URL: https://github.com/%{gh_owner}/%{gh_project}
+Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
+
+BuildRequires: %{?scl_prefix}php-devel
+BuildRequires: pcre-devel
+
+Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api}
+Requires: %{?scl_prefix}php(api) = %{php_core_api}
+%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}
+
+%if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel}
+Obsoletes: php70u-%{pecl_name} <= %{version}
+Obsoletes: php70w-%{pecl_name} <= %{version}
+%if "%{php_version}" > "7.1"
+Obsoletes: php71u-%{pecl_name} <= %{version}
+Obsoletes: php71w-%{pecl_name} <= %{version}
+%endif
+%if "%{php_version}" > "7.2"
+Obsoletes: php72u-%{pecl_name} <= %{version}
+Obsoletes: php72w-%{pecl_name} <= %{version}
+%endif
+%endif
+
+%if 0%{?fedora} < 20 && 0%{?rhel} < 7
+# Filter shared private
+%{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$}
+%{?filter_setup}
+%endif
+
+
+%description
+Snuffleupagus is a PHP7+ module designed to drastically raise the cost of
+attacks against websites. This is achieved by killing entire bug classes
+and providing a powerful virtual-patching system, allowing the administrator
+to fix specific vulnerabilities without having to touch the PHP code.
+
+Documentation: https://snuffleupagus.readthedocs.io/
+
+Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}.
+
+
+%prep
+%setup -q -n %{gh_project}-%{gh_commit}
+mv src NTS
+
+cd NTS
+# needed because of sources relocation
+sed -e 's:src/::' -i tests/multi_config.phpt
+
+# TODO not ok for now
+# Sanity check, really often broken
+#extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h)
+#if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then
+# : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}.
+# exit 1
+#fi
+cd ..
+
+%if %{with_zts}
+# duplicate for ZTS build
+cp -pr NTS ZTS
+%endif
+
+# Drop in the bit of configuration
+cat << 'EOF' | tee %{ini_name}
+; Enable '%{pecl_name}' extension module
+extension = %{pecl_name}.so
+
+; Configuration
+;sp.configuration_file = ''
+EOF
+
+
+%build
+%{?dtsenable}
+
+cd NTS
+%{_bindir}/phpize
+%configure \
+ --with-php-config=%{_bindir}/php-config \
+ --with-libdir=%{_lib} \
+ --enable-snuffleupagus
+make %{?_smp_mflags}
+
+%if %{with_zts}
+cd ../ZTS
+%{_bindir}/zts-phpize
+%configure \
+ --with-php-config=%{_bindir}/zts-php-config \
+ --with-libdir=%{_lib} \
+ --enable-snuffleupagus
+make %{?_smp_mflags}
+%endif
+
+
+%install
+%{?dtsenable}
+
+# Install the NTS stuff
+make -C NTS install INSTALL_ROOT=%{buildroot}
+install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name}
+
+%if %{with_zts}
+# Install the ZTS stuff
+make -C ZTS install INSTALL_ROOT=%{buildroot}
+install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name}
+%endif
+
+
+
+%check
+cd NTS
+: Minimal load test for NTS extension
+%{__php} --no-php-ini \
+ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \
+ --modules | grep %{pecl_name}
+
+: Upstream test suite for NTS extension
+TEST_PHP_EXECUTABLE=%{__php} \
+TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \
+NO_INTERACTION=1 \
+REPORT_EXIT_STATUS=1 \
+%{__php} -n run-tests.php --show-diff || : ignore
+
+%if %{with_zts}
+cd ../ZTS
+: Minimal load test for ZTS extension
+%{__ztsphp} --no-php-ini \
+ --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \
+ --modules | grep %{pecl_name}
+
+: Upstream test suite for ZTS extension
+TEST_PHP_EXECUTABLE=%{__ztsphp} \
+TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \
+NO_INTERACTION=1 \
+REPORT_EXIT_STATUS=1 \
+%{__ztsphp} -n run-tests.php --show-diff
+%endif
+
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license LICENSE
+%doc *.md
+
+%config(noreplace) %{php_inidir}/%{ini_name}
+%{php_extdir}/%{pecl_name}.so
+
+%if %{with_zts}
+%config(noreplace) %{php_ztsinidir}/%{ini_name}
+%{php_ztsextdir}/%{pecl_name}.so
+%endif
+
+
+%changelog
+* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-1
+- new package, version 0.1.0
+- open https://github.com/nbs-system/snuffleupagus/issues/123