# remirepo spec file for php-snuffleupagus # # Copyright (c) 2018 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # %if 0%{?scl:1} %global sub_prefix %{scl_prefix} %scl_package php-snuffleupagus %else %global pkg_name %{name} %endif %global gh_commit 543173ac37675472cb5a5520cdf72f09f8d3d5c4 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner nbs-system %global gh_project snuffleupagus %global pecl_name snuffleupagus # ZTS is not supported, test suite fails # https://github.com/nbs-system/snuffleupagus/issues/123 %global with_zts 0 %global ini_name 40-%{pecl_name}.ini Summary: Security module for php7 Name: %{?sub_prefix}php-snuffleupagus Version: 0.1.0 Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} License: LGPLv3 Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz BuildRequires: %{?scl_prefix}php-devel BuildRequires: pcre-devel Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} %if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} Obsoletes: php70u-%{pecl_name} <= %{version} Obsoletes: php70w-%{pecl_name} <= %{version} %if "%{php_version}" > "7.1" Obsoletes: php71u-%{pecl_name} <= %{version} Obsoletes: php71w-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.2" Obsoletes: php72u-%{pecl_name} <= %{version} Obsoletes: php72w-%{pecl_name} <= %{version} %endif %endif %if 0%{?fedora} < 20 && 0%{?rhel} < 7 # Filter shared private %{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$} %{?filter_setup} %endif %description Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Documentation: https://snuffleupagus.readthedocs.io/ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -n %{gh_project}-%{gh_commit} mv src NTS cd NTS # needed because of sources relocation sed -e 's:src/::' -i tests/multi_config.phpt # TODO not ok for now # Sanity check, really often broken #extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) #if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then # : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. # exit 1 #fi cd .. %if %{with_zts} # duplicate for ZTS build cp -pr NTS ZTS %endif # Drop in the bit of configuration cat << 'EOF' | tee %{ini_name} ; Enable '%{pecl_name}' extension module extension = %{pecl_name}.so ; Configuration ;sp.configuration_file = '' EOF %build %{?dtsenable} cd NTS %{_bindir}/phpize %configure \ --with-php-config=%{_bindir}/php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %if %{with_zts} cd ../ZTS %{_bindir}/zts-phpize %configure \ --with-php-config=%{_bindir}/zts-php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %endif %install %{?dtsenable} # Install the NTS stuff make -C NTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} %if %{with_zts} # Install the ZTS stuff make -C ZTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif %check cd NTS : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ --modules | grep %{pecl_name} : Upstream test suite for NTS extension TEST_PHP_EXECUTABLE=%{__php} \ TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__php} -n run-tests.php --show-diff || : ignore %if %{with_zts} cd ../ZTS : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \ --modules | grep %{pecl_name} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{__ztsphp} \ TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__ztsphp} -n run-tests.php --show-diff %endif %files %{!?_licensedir:%global license %%doc} %license LICENSE %doc *.md %config(noreplace) %{php_inidir}/%{ini_name} %{php_extdir}/%{pecl_name}.so %if %{with_zts} %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %endif %changelog * Wed Jan 17 2018 Remi Collet - 0.1.0-1 - new package, version 0.1.0 - open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build - open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build