# remirepo spec file for php-snuffleupagus # # Copyright (c) 2018 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # # we don't want -z defs linker flag %undefine _strict_symbol_defs_build %if 0%{?scl:1} %global sub_prefix %{scl_prefix} %scl_package php-snuffleupagus %else %global pkg_name %{name} %endif %global gh_commit a9ee27231e057e3b30a424d7dec8f92ac8beac11 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner nbs-system %global gh_project snuffleupagus #global gh_date 20180117 %global pecl_name snuffleupagus # ZTS is not supported, test suite fails # https://github.com/nbs-system/snuffleupagus/issues/123 %global with_zts 0 %global ini_name 40-%{pecl_name}.ini Summary: Security module for php7 Name: %{?sub_prefix}php-snuffleupagus Version: 0.2.1 %if 0%{?gh_date} Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %else Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %endif License: LGPLv3 Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz BuildRequires: %{?scl_prefix}php-devel > 7 BuildRequires: pcre-devel Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} %if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} Obsoletes: php70u-%{pecl_name} <= %{version} Obsoletes: php70w-%{pecl_name} <= %{version} %if "%{php_version}" > "7.1" Obsoletes: php71u-%{pecl_name} <= %{version} Obsoletes: php71w-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.2" Obsoletes: php72u-%{pecl_name} <= %{version} Obsoletes: php72w-%{pecl_name} <= %{version} %endif %endif %if 0%{?fedora} < 20 && 0%{?rhel} < 7 # Filter shared private %{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$} %{?filter_setup} %endif %description Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Documentation: https://snuffleupagus.readthedocs.io/ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -n %{gh_project}-%{gh_commit} cd src # Only RPM build flags sed -e '/^CFLAGS/d' -i config.m4 # TODO not ok for now # Sanity check, really often broken grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. exit 1 fi cd .. %if %{with_zts} # duplicate for ZTS build cp -pr src ZTS %endif # Drop in the bit of configuration cat << 'EOF' | tee %{ini_name} ; Enable '%{pecl_name}' extension module extension = %{pecl_name}.so ; Path to rules configuration files, glob or comma separated list sp.configuration_file = '%{php_inidir}/%{pecl_name}-*.rules' EOF cat << 'EOF' | tee %{pecl_name}-default.rules # Default rules see https://snuffleupagus.readthedocs.io/config.html EOF %build %{?dtsenable} cd src %{_bindir}/phpize %configure \ --with-php-config=%{_bindir}/php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %if %{with_zts} cd ../ZTS %{_bindir}/zts-phpize %configure \ --with-php-config=%{_bindir}/zts-php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %endif %install %{?dtsenable} # Install the NTS stuff make -C src install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} install -D -m 644 %{pecl_name}-default.rules %{buildroot}%{php_inidir}/%{pecl_name}-default.rules %if %{with_zts} # Install the ZTS stuff make -C ZTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif %check cd src : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ --modules | grep %{pecl_name} : Upstream test suite for NTS extension TEST_PHP_EXECUTABLE=%{__php} \ TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__php} -n run-tests.php --show-diff %if %{with_zts} cd ../ZTS : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \ --modules | grep %{pecl_name} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{__ztsphp} \ TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__ztsphp} -n run-tests.php --show-diff %endif %files %{!?_licensedir:%global license %%doc} %license LICENSE %doc *.md %config(noreplace) %{php_inidir}/%{ini_name} %config(noreplace) %{php_inidir}/%{pecl_name}-default.rules %{php_extdir}/%{pecl_name}.so %if %{with_zts} %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %endif %changelog * Wed Feb 7 2018 Remi Collet - 0.2.1-1 - Update to 0.2.1 * Thu Jan 18 2018 Remi Collet - 0.2.0-1 - update to 0.2.0 - open https://github.com/nbs-system/snuffleupagus/pull/128 - src in path * Wed Jan 17 2018 Remi Collet - 0.1.0-3.20180117.bd02d06 - test build for gh#124 - open https://github.com/nbs-system/snuffleupagus/pull/126 * Wed Jan 17 2018 Remi Collet - 0.1.0-2 - clean build options, fix EL build * Wed Jan 17 2018 Remi Collet - 0.1.0-1 - new package, version 0.1.0 - open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build - open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build