blob: 845299f9dc577bd0e5fc4955e3e781a8d149775b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
# remirepo spec file for php-snuffleupagus
#
# Copyright (c) 2018 Remi Collet
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
%if 0%{?scl:1}
%global sub_prefix %{scl_prefix}
%scl_package php-snuffleupagus
%else
%global pkg_name %{name}
%endif
%global gh_commit 543173ac37675472cb5a5520cdf72f09f8d3d5c4
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_owner nbs-system
%global gh_project snuffleupagus
%global pecl_name snuffleupagus
# ZTS is not supported, test suite fails
# https://github.com/nbs-system/snuffleupagus/issues/123
%global with_zts 0
%global ini_name 40-%{pecl_name}.ini
Summary: Security module for php7
Name: %{?sub_prefix}php-snuffleupagus
Version: 0.1.0
Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
License: LGPLv3
Group: Development/Languages
URL: https://github.com/%{gh_owner}/%{gh_project}
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
BuildRequires: %{?scl_prefix}php-devel
BuildRequires: pcre-devel
Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api}
Requires: %{?scl_prefix}php(api) = %{php_core_api}
%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}
%if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel}
Obsoletes: php70u-%{pecl_name} <= %{version}
Obsoletes: php70w-%{pecl_name} <= %{version}
%if "%{php_version}" > "7.1"
Obsoletes: php71u-%{pecl_name} <= %{version}
Obsoletes: php71w-%{pecl_name} <= %{version}
%endif
%if "%{php_version}" > "7.2"
Obsoletes: php72u-%{pecl_name} <= %{version}
Obsoletes: php72w-%{pecl_name} <= %{version}
%endif
%endif
%if 0%{?fedora} < 20 && 0%{?rhel} < 7
# Filter shared private
%{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$}
%{?filter_setup}
%endif
%description
Snuffleupagus is a PHP7+ module designed to drastically raise the cost of
attacks against websites. This is achieved by killing entire bug classes
and providing a powerful virtual-patching system, allowing the administrator
to fix specific vulnerabilities without having to touch the PHP code.
Documentation: https://snuffleupagus.readthedocs.io/
Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}.
%prep
%setup -q -n %{gh_project}-%{gh_commit}
mv src NTS
cd NTS
# needed because of sources relocation
sed -e 's:src/::' -i tests/multi_config.phpt
# TODO not ok for now
# Sanity check, really often broken
#extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h)
#if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then
# : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}.
# exit 1
#fi
cd ..
%if %{with_zts}
# duplicate for ZTS build
cp -pr NTS ZTS
%endif
# Drop in the bit of configuration
cat << 'EOF' | tee %{ini_name}
; Enable '%{pecl_name}' extension module
extension = %{pecl_name}.so
; Configuration
;sp.configuration_file = ''
EOF
%build
%{?dtsenable}
cd NTS
%{_bindir}/phpize
%configure \
--with-php-config=%{_bindir}/php-config \
--with-libdir=%{_lib} \
--enable-snuffleupagus
make %{?_smp_mflags}
%if %{with_zts}
cd ../ZTS
%{_bindir}/zts-phpize
%configure \
--with-php-config=%{_bindir}/zts-php-config \
--with-libdir=%{_lib} \
--enable-snuffleupagus
make %{?_smp_mflags}
%endif
%install
%{?dtsenable}
# Install the NTS stuff
make -C NTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name}
%if %{with_zts}
# Install the ZTS stuff
make -C ZTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name}
%endif
%check
cd NTS
: Minimal load test for NTS extension
%{__php} --no-php-ini \
--define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \
--modules | grep %{pecl_name}
: Upstream test suite for NTS extension
TEST_PHP_EXECUTABLE=%{__php} \
TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \
NO_INTERACTION=1 \
REPORT_EXIT_STATUS=1 \
%{__php} -n run-tests.php --show-diff || : ignore
%if %{with_zts}
cd ../ZTS
: Minimal load test for ZTS extension
%{__ztsphp} --no-php-ini \
--define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \
--modules | grep %{pecl_name}
: Upstream test suite for ZTS extension
TEST_PHP_EXECUTABLE=%{__ztsphp} \
TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \
NO_INTERACTION=1 \
REPORT_EXIT_STATUS=1 \
%{__ztsphp} -n run-tests.php --show-diff
%endif
%files
%{!?_licensedir:%global license %%doc}
%license LICENSE
%doc *.md
%config(noreplace) %{php_inidir}/%{ini_name}
%{php_extdir}/%{pecl_name}.so
%if %{with_zts}
%config(noreplace) %{php_ztsinidir}/%{ini_name}
%{php_ztsextdir}/%{pecl_name}.so
%endif
%changelog
* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-1
- new package, version 0.1.0
- open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build
- open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build
|
