# remirepo spec file for php-snuffleupagus # # Copyright (c) 2018 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # # we don't want -z defs linker flag %undefine _strict_symbol_defs_build %if 0%{?scl:1} %global sub_prefix %{scl_prefix} %scl_package php-snuffleupagus %else %global _root_bindir %{_bindir} %global pkg_name %{name} %endif %global gh_commit 721adb907fa4636693695024d3ed7ca8602db261 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner nbs-system %global gh_project snuffleupagus #global gh_date 20180117 %global pecl_name snuffleupagus # ZTS is not supported, test suite fails # https://github.com/nbs-system/snuffleupagus/issues/123 %global with_zts 0 %global ini_name 40-%{pecl_name}.ini Summary: Security module for php7 Name: %{?sub_prefix}php-snuffleupagus Version: 0.4.0 %if 0%{?gh_date} Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %else Release: 3%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %endif License: LGPLv3 Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz Patch0: https://patch-diff.githubusercontent.com/raw/nbs-system/snuffleupagus/pull/242.patch BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?scl_prefix}php-devel > 7 BuildRequires: pcre-devel # For tests/upload_validation_real.phpt %if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 %global python %{_root_bindir}/python3 %else %global python %{_root_bindir}/python %endif BuildRequires: %{python} BuildRequires: %{?scl_prefix}php-vld #BuildRequires: gdb #BuildRequires: php-debuginfo Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} %if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} Obsoletes: php70u-%{pecl_name} <= %{version} Obsoletes: php70w-%{pecl_name} <= %{version} %if "%{php_version}" > "7.1" Obsoletes: php71u-%{pecl_name} <= %{version} Obsoletes: php71w-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.2" Obsoletes: php72u-%{pecl_name} <= %{version} Obsoletes: php72w-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.3" Obsoletes: php73u-%{pecl_name} <= %{version} Obsoletes: php73w-%{pecl_name} <= %{version} %endif %endif %if 0%{?fedora} < 20 && 0%{?rhel} < 7 # Filter shared private %{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$} %{?filter_setup} %endif %description Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Documentation: https://snuffleupagus.readthedocs.io/ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -n %{gh_project}-%{gh_commit} %patch0 -p1 -b .pr242 cd src # Sanity check, really often broken grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. exit 1 fi cd .. %if %{with_zts} # duplicate for ZTS build cp -pr src ZTS %endif # Drop in the bit of configuration cat << 'EOF' | tee %{ini_name} ; Enable '%{pecl_name}' extension module extension = %{pecl_name}.so ; Path to rules configuration files, glob or comma separated list sp.configuration_file = '%{php_inidir}/%{pecl_name}-*.rules' ;sp.allow_broken_configuration = 0 EOF cat << 'EOF' | tee %{pecl_name}-default.rules # Default rules see https://snuffleupagus.readthedocs.io/config.html EOF %build %{?dtsenable} cd src %{_bindir}/phpize %configure \ --with-php-config=%{_bindir}/php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %if %{with_zts} cd ../ZTS %{_bindir}/zts-phpize %configure \ --with-php-config=%{_bindir}/zts-php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %endif %install %{?dtsenable} # Install the NTS stuff make -C src install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} install -D -m 644 %{pecl_name}-default.rules %{buildroot}%{php_inidir}/%{pecl_name}-default.rules %if %{with_zts} # Install the ZTS stuff make -C ZTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif %check %if 0%{?rhel} == 6 # TODO : need investigation rm src/tests/stream_wrapper.phpt %endif sed -e 's:#!/usr/bin/python:#!%{python}:' -i scripts/upload_validation.py cd src : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} : Upstream test suite for NTS extension TEST_PHP_EXECUTABLE=%{__php} \ TEST_PHP_ARGS="-n -d extension=$PWD/modules/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__php} -n run-tests.php --show-diff %if %{with_zts} cd ../ZTS : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=$PWD/modules/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{__ztsphp} \ TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__ztsphp} -n run-tests.php --show-diff %endif %files %{!?_licensedir:%global license %%doc} %license LICENSE %doc *.md %config(noreplace) %{php_inidir}/%{ini_name} %config(noreplace) %{php_inidir}/%{pecl_name}-default.rules %{php_extdir}/%{pecl_name}.so %if %{with_zts} %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %endif %changelog * Tue Dec 4 2018 Remi Collet - 0.4.0-3 - EL-8 build * Mon Sep 3 2018 Remi Collet - 0.4.0-2 - add patch for PHP 7.3 on 32-bit from https://github.com/nbs-system/snuffleupagus/pull/242 * Sat Sep 1 2018 Remi Collet - 0.4.0-1 - update to 0.4.0 - open https://github.com/nbs-system/snuffleupagus/issues/236 Could not start (invalid configuration) * Thu Aug 16 2018 Remi Collet - 0.2.1-4 - rebuild for 7.3.0beta2 new ABI * Wed Jul 18 2018 Remi Collet - 0.2.1-3 - rebuild for 7.3.0alpha4 new ABI * Fri Jun 29 2018 Remi Collet - 0.2.1-2 - add patch for test suite with PHP 7.3 from https://github.com/nbs-system/snuffleupagus/pull/185 * Wed Feb 7 2018 Remi Collet - 0.2.1-1 - Update to 0.2.1 * Thu Jan 18 2018 Remi Collet - 0.2.0-1 - update to 0.2.0 - open https://github.com/nbs-system/snuffleupagus/pull/128 - src in path * Wed Jan 17 2018 Remi Collet - 0.1.0-3.20180117.bd02d06 - test build for gh#124 - open https://github.com/nbs-system/snuffleupagus/pull/126 * Wed Jan 17 2018 Remi Collet - 0.1.0-2 - clean build options, fix EL build * Wed Jan 17 2018 Remi Collet - 0.1.0-1 - new package, version 0.1.0 - open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build - open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build