openpkg-packages/opa/opa.spec

##
##  opa.spec -- OpenPKG RPM Package Specification
##  Copyright (c) 2000-2020 OpenPKG Project <http://openpkg.org/>
##
##  Permission to use, copy, modify, and distribute this software for
##  any purpose with or without fee is hereby granted, provided that
##  the above copyright notice and this permission notice appear in all
##  copies.
##
##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
##  SUCH DAMAGE.
##

#   package version
%define       V_opa_base 0.16.0
%define       V_opa_snap 20191219

#   package information
Name:         opa
Summary:      Open Policy Agent
URL:          https://www.openpolicyagent.org/
Vendor:       Tim Hinrichs, Torin Sandall
Packager:     OpenPKG Project
Distribution: OpenPKG Community
Class:        EVAL
Group:        Networking
License:      Apache
Version:      %{V_opa_base}.%{V_opa_snap}
Release:      20191219

#   list of sources
Source0:      http://download.openpkg.org/components/versioned/opa/opa-%{V_opa_snap}.tar.xz
Source1:      rc.opa
Source2:      opa-tls.sh
Source3:      opa.txt
Patch0:       opa.patch

#   build information
BuildPreReq:  OpenPKG, openpkg >= 20160101, go
PreReq:       OpenPKG, openpkg >= 20160101, cfssl

%description
    The Open Policy Agent (OPA) is an open source, general-purpose
    policy engine that enables unified, context-aware policy enforcement
    across the entire stack. OPA provides greater flexibility
    and expressiveness than hard-coded service logic or ad-hoc
    domain-specific languages and comes with powerful tooling to help
    anyone get started.

%track
    prog opa:release = {
        version   = %{V_opa_base}
        url       = https://github.com/open-policy-agent/opa/releases
        regex     = v(\d+\.\d+\.\d+)\.tar\.gz
    }
    prog opa:snapshot = {
        version   = %{V_opa_snap}
        url       = http://download.openpkg.org/components/versioned/opa/
        regex     = opa-(\d+)\.tar\.xz
    }

%prep
    %setup -q -n opa
    %patch -p0

%build
    #   build program
    export GOPATH=`pwd`
    PATH=$GOPATH/bin:$PATH
    cd src/github.com/open-policy-agent/opa
    %{l_make} %{l_mflags} build

%install
    #   create directory hierarchy
    %{l_shtool} mkdir -f -p -m 755 \
        $RPM_BUILD_ROOT%{l_prefix}/sbin \
        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
        $RPM_BUILD_ROOT%{l_prefix}/etc/opa/conf.d \
        $RPM_BUILD_ROOT%{l_prefix}/var/opa/log \
        $RPM_BUILD_ROOT%{l_prefix}/var/opa/run

    #   install program
    %{l_shtool} install -c -s -m 755 \
        src/github.com/open-policy-agent/opa/opa* \
        $RPM_BUILD_ROOT%{l_prefix}/sbin/opa

    #   install utility
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        -e 's;@l_bash@;%{l_bash};g' \
        %{SOURCE opa-tls.sh} $RPM_BUILD_ROOT%{l_prefix}/sbin/opa-tls

    #   install run-command script
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE rc.opa} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/

    #   install default configuration
    for name in `grep "^<file" %{SOURCE opa.txt} | sed -e 's;^.*name=";;' -e 's;".*$;;'`; do
        name_escaped=`echo "$name" | sed -e 's;/;\\\\/;g'`
        (echo ""; cat %{SOURCE opa.txt}; echo "") |\
            sed -e "1,/^<file name=\"$name_escaped\">/d" -e "/<\/file>/,\$d" >tmp.txt
        %{l_shtool} install -c -m 644 %{l_value -s -a} \
            tmp.txt $RPM_BUILD_ROOT%{l_prefix}/etc/opa/conf.d/$name
    done

    #   determine installation files
    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
        %{l_files_std} \
        '%config %{l_prefix}/etc/opa/conf.d/*' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/opa/*'

%files -f files

%clean

%post
    if [ $1 -eq 1 ]; then
        #   on initial installation, generate TLS certificate/key pair
        echo "Generating TLS Certificates/Keys" | %{l_rpmtool} msg -b -t notice
        $RPM_INSTALL_PREFIX/sbin/opa-tls localhost 127.0.0.1
        ( echo "OPA was configured with a standard TLS certificate/key pair."
          echo "for \"localhost\" and \"127.0.0.1\". For production use, you usually let"
          echo "OPA listen on an external IP address. For this the TLS"
          echo "certificate/key pair has to be regenerated with for instance:"
          echo "    \$ $RPM_INSTALL_PREFIX/sbin/opa-tls www.example.com 192.168.0.1"
        ) | %{l_rpmtool} msg -b -t notice
    elif [ $1 -eq 2 ]; then
        #   after upgrade, restart service
        eval `%{l_rc} opa status 2>/dev/null`
        [ ".$opa_active" = .yes ] && %{l_rc} opa restart
    fi
    exit 0

%preun
    if [ $1 -eq 0 ]; then
        #   before erase, stop service and remove log files
        %{l_rc} opa stop 2>/dev/null
        rm -f  $RPM_INSTALL_PREFIX/etc/opa/ca.*     >/dev/null 2>&1 || true
        rm -f  $RPM_INSTALL_PREFIX/etc/opa/server.* >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/opa/log/*    >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/opa/run/*    >/dev/null 2>&1 || true
    fi
    exit 0
new package 8 years ago			`##`
			`## opa.spec -- OpenPKG RPM Package Specification`
bump year in all copyright messages 6 years ago			`## Copyright (c) 2000-2020 OpenPKG Project <http://openpkg.org/>`
new package 8 years ago			`##`
			`## Permission to use, copy, modify, and distribute this software for`
			`## any purpose with or without fee is hereby granted, provided that`
			`## the above copyright notice and this permission notice appear in all`
			`## copies.`
			`##`
			## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
			`## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF`
			`## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR`
			`## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT`
			`## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF`
			`## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND`
			`## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
			`## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT`
			`## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`## SUCH DAMAGE.`
			`##`

			`# package version`
upgrading package: opa 0.15.1.20191118 -> 0.16.0.20191219 6 years ago			`%define V_opa_base 0.16.0`
			`%define V_opa_snap 20191219`
new package 8 years ago
			`# package information`
			`Name: opa`
			`Summary: Open Policy Agent`
			`URL: https://www.openpolicyagent.org/`
			`Vendor: Tim Hinrichs, Torin Sandall`
			`Packager: OpenPKG Project`
			`Distribution: OpenPKG Community`
			`Class: EVAL`
			`Group: Networking`
			`License: Apache`
			`Version: %{V_opa_base}.%{V_opa_snap}`
upgrading package: opa 0.15.1.20191118 -> 0.16.0.20191219 6 years ago			`Release: 20191219`
new package 8 years ago
			`# list of sources`
			`Source0: http://download.openpkg.org/components/versioned/opa/opa-%{V_opa_snap}.tar.xz`
			`Source1: rc.opa`
			`Source2: opa-tls.sh`
			`Source3: opa.txt`
			`Patch0: opa.patch`

			`# build information`
			`BuildPreReq: OpenPKG, openpkg >= 20160101, go`
fix dependencies 7 years ago			`PreReq: OpenPKG, openpkg >= 20160101, cfssl`
new package 8 years ago
			`%description`
			`The Open Policy Agent (OPA) is an open source, general-purpose`
			`policy engine that enables unified, context-aware policy enforcement`
			`across the entire stack. OPA provides greater flexibility`
			`and expressiveness than hard-coded service logic or ad-hoc`
			`domain-specific languages and comes with powerful tooling to help`
			`anyone get started.`

			`%track`
			`prog opa:release = {`
			`version = %{V_opa_base}`
			`url = https://github.com/open-policy-agent/opa/releases`
			`regex = v(\d+\.\d+\.\d+)\.tar\.gz`
			`}`
			`prog opa:snapshot = {`
			`version = %{V_opa_snap}`
			`url = http://download.openpkg.org/components/versioned/opa/`
			`regex = opa-(\d+)\.tar\.xz`
			`}`

			`%prep`
			`%setup -q -n opa`
			`%patch -p0`

			`%build`
			`# build program`
			export GOPATH=`pwd`
			`PATH=$GOPATH/bin:$PATH`
			`cd src/github.com/open-policy-agent/opa`
upgrading package: opa 0.14.1.20190920 -> 0.14.2.20191005 6 years ago			`%{l_make} %{l_mflags} build`
new package 8 years ago
			`%install`
			`# create directory hierarchy`
			`%{l_shtool} mkdir -f -p -m 755 \`
			`$RPM_BUILD_ROOT%{l_prefix}/sbin \`
			`$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \`
			`$RPM_BUILD_ROOT%{l_prefix}/etc/opa/conf.d \`
			`$RPM_BUILD_ROOT%{l_prefix}/var/opa/log \`
			`$RPM_BUILD_ROOT%{l_prefix}/var/opa/run`

			`# install program`
			`%{l_shtool} install -c -s -m 755 \`
			`src/github.com/open-policy-agent/opa/opa* \`
			`$RPM_BUILD_ROOT%{l_prefix}/sbin/opa`

			`# install utility`
			`%{l_shtool} install -c -m 755 %{l_value -s -a} \`
			`-e 's;@l_bash@;%{l_bash};g' \`
			`%{SOURCE opa-tls.sh} $RPM_BUILD_ROOT%{l_prefix}/sbin/opa-tls`

			`# install run-command script`
			`%{l_shtool} install -c -m 755 %{l_value -s -a} \`
			`%{SOURCE rc.opa} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/`

			`# install default configuration`
			for name in `grep "^<file" %{SOURCE opa.txt} \| sed -e 's;^.name=";;' -e 's;".$;;'`; do
			name_escaped=`echo "$name" \| sed -e 's;/;\\\\/;g'`
			`(echo ""; cat %{SOURCE opa.txt}; echo "") \|\`
			`sed -e "1,/^<file name=\"$name_escaped\">/d" -e "/<\/file>/,\$d" >tmp.txt`
			`%{l_shtool} install -c -m 644 %{l_value -s -a} \`
			`tmp.txt $RPM_BUILD_ROOT%{l_prefix}/etc/opa/conf.d/$name`
			`done`

			`# determine installation files`
			`%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \`
			`%{l_files_std} \`
			`'%config %{l_prefix}/etc/opa/conf.d/*' \`
			`'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/opa/*'`

			`%files -f files`

			`%clean`

			`%post`
			`if [ $1 -eq 1 ]; then`
			`# on initial installation, generate TLS certificate/key pair`
			`echo "Generating TLS Certificates/Keys" \| %{l_rpmtool} msg -b -t notice`
			`$RPM_INSTALL_PREFIX/sbin/opa-tls localhost 127.0.0.1`
			`( echo "OPA was configured with a standard TLS certificate/key pair."`
			`echo "for \"localhost\" and \"127.0.0.1\". For production use, you usually let"`
			`echo "OPA listen on an external IP address. For this the TLS"`
			`echo "certificate/key pair has to be regenerated with for instance:"`
			`echo " \$ $RPM_INSTALL_PREFIX/sbin/opa-tls www.example.com 192.168.0.1"`
			`) \| %{l_rpmtool} msg -b -t notice`
			`elif [ $1 -eq 2 ]; then`
			`# after upgrade, restart service`
			eval `%{l_rc} opa status 2>/dev/null`
			`[ ".$opa_active" = .yes ] && %{l_rc} opa restart`
			`fi`
			`exit 0`

			`%preun`
			`if [ $1 -eq 0 ]; then`
			`# before erase, stop service and remove log files`
			`%{l_rc} opa stop 2>/dev/null`
			`rm -f $RPM_INSTALL_PREFIX/etc/opa/ca.* >/dev/null 2>&1 \|\| true`
			`rm -f $RPM_INSTALL_PREFIX/etc/opa/server.* >/dev/null 2>&1 \|\| true`
			`rm -rf $RPM_INSTALL_PREFIX/var/opa/log/* >/dev/null 2>&1 \|\| true`
			`rm -rf $RPM_INSTALL_PREFIX/var/opa/run/* >/dev/null 2>&1 \|\| true`
			`fi`
			`exit 0`