bacula/bacula.spec

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
parent 142
c960abd3fd97
child 220
a6cd892638c1
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

michael@20 1 ##
michael@20 2 ## bacula.spec -- OpenPKG RPM Package Specification
michael@20 3 ## Copyright (c) 2000-2008 OpenPKG Foundation e.V. <http://openpkg.net/>
michael@20 4 ##
michael@20 5 ## Permission to use, copy, modify, and distribute this software for
michael@20 6 ## any purpose with or without fee is hereby granted, provided that
michael@20 7 ## the above copyright notice and this permission notice appear in all
michael@20 8 ## copies.
michael@20 9 ##
michael@20 10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
michael@20 11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
michael@20 12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
michael@20 13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
michael@20 14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
michael@20 15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
michael@20 16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
michael@20 17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
michael@20 18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
michael@20 19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
michael@20 20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
michael@20 21 ## SUCH DAMAGE.
michael@20 22 ##
michael@20 23
michael@20 24 # package information
michael@20 25 Name: bacula
michael@20 26 Summary: Network Backup Tool
michael@20 27 URL: http://www.bacula.org/
michael@20 28 Vendor: Kern Sibbald
michael@20 29 Packager: OpenPKG Foundation e.V.
michael@20 30 Distribution: OpenPKG Community
michael@20 31 Class: PLUS
michael@20 32 Group: System
michael@20 33 License: GPL
michael@142 34 Version: 2.4.4
michael@142 35 Release: 20090405
michael@20 36
michael@20 37 # package options
michael@20 38 %option with_server yes
michael@20 39 %option with_ssl yes
michael@20 40 %option with_wrap no
michael@20 41 %option with_dvd no
michael@20 42 %option with_mtx no
michael@20 43 %option with_python no
michael@20 44 %option with_db_sqlite no
michael@20 45 %option with_db_pgsql no
michael@20 46 %option with_db_mysql no
michael@20 47
michael@20 48 # package option sanity check
michael@20 49 %if "%{with_db_sqlite}" == "no" && "%{with_db_mysql}" == "no" && "%{with_db_pgsql}" == "no"
michael@20 50 %undefine with_db_sqlite
michael@20 51 %define with_db_sqlite yes
michael@20 52 %endif
michael@20 53
michael@20 54 # list of sources
michael@20 55 Source0: http://switch.dl.sourceforge.net/bacula/bacula-%{version}.tar.gz
michael@20 56 Source1: rc.bacula
michael@20 57 Source2: bexec.sh
michael@20 58 Patch0: bacula.patch
michael@20 59
michael@20 60 # build information
michael@20 61 Prefix: %{l_prefix}
michael@20 62 BuildRoot: %{l_buildroot}
michael@20 63 BuildPreReq: OpenPKG, openpkg >= 20060823, make, gcc, gcc::with_cxx = yes
michael@20 64 PreReq: OpenPKG, openpkg >= 20060823
michael@21 65 BuildPreReq: ncurses, readline, zlib
michael@21 66 PreReq: ncurses, readline, zlib
michael@20 67 %if "%{with_ssl}" == "yes"
michael@20 68 BuildPreReq: openssl >= 0.9.8
michael@20 69 PreReq: openssl >= 0.9.8
michael@20 70 %endif
michael@20 71 %if "%{with_wrap}" == "yes"
michael@20 72 BuildPreReq: tcpwrappers
michael@20 73 PreReq: tcpwrappers
michael@20 74 %endif
michael@20 75 %if "%{with_db_sqlite}" == "yes"
michael@20 76 BuildPreReq: sqlite
michael@20 77 PreReq: sqlite
michael@20 78 %endif
michael@20 79 %if "%{with_db_mysql}" == "yes"
michael@20 80 BuildPreReq: mysql
michael@20 81 PreReq: mysql
michael@20 82 %endif
michael@20 83 %if "%{with_db_pgsql}" == "yes"
michael@20 84 BuildPreReq: postgresql
michael@20 85 PreReq: postgresql
michael@20 86 %endif
michael@20 87 %if "%{with_dvd}" == "yes"
michael@20 88 BuildPreReq: dvdrw-tools
michael@20 89 PreReq: dvdrw-tools
michael@20 90 %endif
michael@20 91 %if "%{with_mtx}" == "yes"
michael@20 92 BuildPreReq: mtx
michael@20 93 PreReq: mtx
michael@20 94 %endif
michael@20 95 %if "%{with_python}" == "yes" || "%{with_dvd}" == "yes"
michael@20 96 BuildPreReq: python
michael@20 97 PreReq: python
michael@20 98 %endif
michael@20 99 AutoReq: no
michael@20 100 AutoReqProv: no
michael@20 101
michael@20 102 %description
michael@20 103 Bacula is a set of computer programs that permit you (or the system
michael@20 104 administrator) to manage backup, recovery, and verification of
michael@20 105 computer data across a network of computers of different kinds. In
michael@20 106 technical terms, it is a network client/server based backup program.
michael@20 107 Bacula is relatively easy to use and efficient, while offering many
michael@20 108 advanced storage management features that make it easy to find and
michael@20 109 recover lost or damaged files.
michael@20 110
michael@20 111 %track
michael@20 112 prog bacula = {
michael@20 113 version = %{version}
michael@20 114 url = http://prdownloads.sourceforge.net/bacula/
michael@20 115 regex = bacula-(\d+\.\d*[02468]\.\d+)\.tar\.gz
michael@20 116 }
michael@20 117
michael@20 118 %prep
michael@20 119 %setup -q
michael@20 120 %patch -p0
michael@20 121 rm -f src/lib/tcpd.h
michael@20 122
michael@20 123 %build
michael@20 124 # generate a random director password
michael@20 125 password="`openssl rand -base64 33`"
michael@20 126
michael@20 127 # for the same reason remove version informations from config files
michael@20 128 %{l_shtool} subst \
michael@20 129 -e "s;For Bacula release @VERSION@ .*;;" \
michael@20 130 `find . -name "*.conf.in"`
michael@20 131
michael@21 132 # help specific platforms find fdatasync(3)
michael@21 133 libs=""
michael@21 134 case "%{l_platform -t}" in
michael@21 135 *-sunos* ) libs="-lrt" ;;
michael@21 136 esac
michael@21 137
michael@20 138 # use localhost as default host
michael@20 139 %{l_shtool} subst \
michael@20 140 -e 's;hostname=.*;hostname=localhost;g' \
michael@21 141 -e 's;\(CONS_LIBS="-lreadline.*\)-ltermcap;\1-lncurses;g' \
michael@20 142 configure
michael@20 143
michael@20 144 # configure
michael@20 145 LIBS=
michael@20 146 case "%{l_platform -t}" in
michael@20 147 *-linux*) LIBS="-L/usr/lib/termcap";;
michael@20 148 esac
michael@20 149 CC="%{l_cc}" \
michael@20 150 CFLAGS="%{l_cflags -O}" \
michael@21 151 CPPFLAGS="%{l_cppflags ncurses}" \
michael@20 152 LDFLAGS="%{l_ldflags} $LIBS" \
michael@21 153 LIBS="$libs" \
michael@143 154 GREP="grep" \
michael@20 155 ./configure \
michael@20 156 --prefix=%{l_prefix} \
michael@20 157 --with-dir-user=%{l_rusr} \
michael@20 158 --with-dir-group=%{l_rgrp} \
michael@20 159 --with-sd-user=%{l_rusr} \
michael@20 160 --with-sd-group=%{l_rgrp} \
michael@20 161 --with-fd-user=%{l_susr} \
michael@20 162 --with-fd-group=%{l_sgrp} \
michael@20 163 --with-dir-password="$password" \
michael@20 164 --with-fd-password="$password" \
michael@20 165 --with-sd-password="$password" \
michael@20 166 --with-mon-dir-password="$password" \
michael@20 167 --with-mon-fd-password="$password" \
michael@20 168 --with-mon-sd-password="$password" \
michael@20 169 --disable-conio \
michael@20 170 --enable-readline \
michael@20 171 --with-readline=%{l_prefix} \
michael@20 172 %if "%{with_server}" != "yes"
michael@20 173 --enable-client-only \
michael@20 174 %endif
michael@20 175 %if "%{with_ssl}" == "yes"
michael@20 176 --with-openssl=%{l_prefix} \
michael@20 177 %endif
michael@20 178 %if "%{with_wrap}" == "yes"
michael@20 179 --with-tcp-wrappers=yes \
michael@20 180 %endif
michael@20 181 %if "%{with_db_sqlite}" == "yes"
michael@20 182 --with-sqlite3=%{l_prefix} \
michael@20 183 %endif
michael@20 184 %if "%{with_db_mysql}" == "yes"
michael@20 185 --with-mysql=%{l_prefix} \
michael@20 186 %endif
michael@20 187 %if "%{with_db_pgsql}" == "yes"
michael@20 188 --with-postgresql=%{l_prefix} \
michael@20 189 %endif
michael@20 190 %if "%{with_python}" == "yes" || "%{with_dvd}" == "yes"
michael@20 191 --with-python=%{l_prefix} \
michael@20 192 %endif
michael@20 193 --enable-wx-console=no \
michael@20 194 --sysconfdir=%{l_prefix}/etc/bacula \
michael@21 195 --libexecdir=%{l_prefix}/libexec/bacula \
michael@20 196 --mandir=%{l_prefix}/man \
michael@20 197 --with-scriptdir=%{l_prefix}/libexec/bacula \
michael@20 198 --with-working-dir=%{l_prefix}/var/bacula \
michael@20 199 --with-pid-dir=%{l_prefix}/var/bacula/run \
michael@20 200 --with-subsys-dir=%{l_prefix}/var/bacula/run/subsys \
michael@21 201 --with-archivedir=/tmp \
michael@21 202 --with-sbin-perm=0755 \
michael@20 203 --disable-nls
michael@20 204
michael@20 205 # build
michael@20 206 %{l_make} %{l_mflags -O}
michael@20 207
michael@20 208 %install
michael@20 209 rm -rf $RPM_BUILD_ROOT
michael@20 210
michael@20 211 # create installation hierarchy
michael@20 212 %{l_shtool} mkdir -f -p -m 755 \
michael@20 213 $RPM_BUILD_ROOT%{l_prefix}/bin \
michael@20 214 $RPM_BUILD_ROOT%{l_prefix}/sbin \
michael@20 215 $RPM_BUILD_ROOT%{l_prefix}/libexec/bacula \
michael@20 216 $RPM_BUILD_ROOT%{l_prefix}/etc/bacula \
michael@20 217 $RPM_BUILD_ROOT%{l_prefix}/etc/bacula/clients \
michael@20 218 $RPM_BUILD_ROOT%{l_prefix}/etc/bacula/scripts \
michael@20 219 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
michael@20 220 $RPM_BUILD_ROOT%{l_prefix}/var/bacula \
michael@20 221 $RPM_BUILD_ROOT%{l_prefix}/var/bacula/run \
michael@20 222 $RPM_BUILD_ROOT%{l_prefix}/var/bacula/run/subsys \
michael@20 223 $RPM_BUILD_ROOT%{l_prefix}/man/man1 \
michael@20 224 $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
michael@20 225 $RPM_BUILD_ROOT%{l_prefix}/share/bacula/examples \
michael@20 226 $RPM_BUILD_ROOT%{l_prefix}/share/bacula/examples/default-config
michael@20 227
michael@20 228 # install
michael@20 229 %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
michael@20 230
michael@20 231 # strip down installation
michael@21 232 strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* 2>/dev/null || true
michael@20 233 ( cd $RPM_BUILD_ROOT%{l_prefix}/libexec/bacula &&
michael@21 234 for unwanted in startmysql stopmysql; do
michael@20 235 rm -f $unwanted
michael@20 236 done
michael@20 237 ) || exit $?
michael@20 238
michael@20 239 # install additional files
michael@20 240 %{l_shtool} install -c -m 754 %{l_value -s -a} \
michael@20 241 %{SOURCE bexec.sh} $RPM_BUILD_ROOT%{l_prefix}/libexec/bacula/bexec
michael@21 242 %{l_shtool} install -c -m 640 \
michael@21 243 src/console/bconsole.conf $RPM_BUILD_ROOT%{l_prefix}/etc/bacula/
michael@20 244
michael@21 245 ## wrap binaries to avoid to specify "-c" for each run
michael@21 246 #( cd $RPM_BUILD_ROOT%{l_prefix}/sbin
michael@21 247 # for bin in bacula-dir bacula-fd bacula-sd \
michael@21 248 # bconsole bcopy bextract bls bscan dbcheck \
michael@21 249 # tray-monitor wx-console; do
michael@21 250 # if [ -x $bin ]; then
michael@21 251 # mv $bin $RPM_BUILD_ROOT%{l_prefix}/libexec/bacula
michael@21 252 # ln $RPM_BUILD_ROOT%{l_prefix}/libexec/bacula/bexec ./$bin
michael@21 253 # fi
michael@21 254 # done
michael@21 255 #) || exit $?
michael@20 256
michael@142 257 # install runcommand script
michael@20 258 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@20 259 -e 's,@with_server@,%{with_server},g' \
michael@20 260 %{SOURCE rc.bacula} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
michael@20 261
michael@20 262 # determine installation files
michael@20 263 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
michael@20 264 %{l_files_std} \
michael@142 265 '%config(noreplace) %{l_prefix}/etc/bacula/*.conf' \
michael@142 266 %if "%{with_server}" == "yes"
michael@142 267 '%attr(-,%{l_musr},%{l_rgrp}) %config(noreplace) %{l_prefix}/etc/bacula/bacula-dir.conf' \
michael@142 268 '%attr(-,%{l_musr},%{l_rgrp}) %config(noreplace) %{l_prefix}/etc/bacula/bacula-sd.conf' \
michael@142 269 '%attr(-,%{l_musr},%{l_rgrp}) %{l_prefix}/libexec/bacula/delete_catalog_backup' \
michael@142 270 '%attr(-,%{l_musr},%{l_rgrp}) %{l_prefix}/libexec/bacula/make_catalog_backup' \
michael@142 271 %endif
michael@20 272 '%attr(-,%{l_musr},%{l_rgrp}) %{l_prefix}/libexec/bacula/dvd-handler' \
michael@20 273 '%attr(-,%{l_musr},%{l_rgrp}) %{l_prefix}/libexec/bacula/mtx-changer' \
michael@142 274 '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula/run/subsys' \
michael@142 275 '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula/run' \
michael@142 276 '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula'
michael@20 277
michael@20 278 %files -f files
michael@20 279
michael@20 280 %clean
michael@20 281 rm -rf $RPM_BUILD_ROOT
michael@20 282
michael@20 283 %post
michael@20 284 # create initial database
michael@20 285 if [ ! -f $RPM_INSTALL_PREFIX/var/bacula/bacula.db ]; then
michael@20 286 $RPM_INSTALL_PREFIX/libexec/bacula/make_bacula_tables
michael@20 287 chmod 600 $RPM_INSTALL_PREFIX/var/bacula/bacula.db
michael@20 288 chown %{l_rusr}:%{l_rgrp} $RPM_INSTALL_PREFIX/var/bacula/bacula.db
michael@20 289 fi
michael@20 290
michael@20 291 # after upgrade, restart service
michael@20 292 [ $1 -eq 2 ] || exit 0
michael@20 293 eval `%{l_rc} bacula status 2>/dev/null`
michael@20 294 [ ".$bacula_active" = .yes ] && %{l_rc} bacula restart
michael@20 295 exit 0
michael@20 296
michael@20 297 %preun
michael@20 298 # before erase, stop service and remove working files
michael@20 299 [ $1 -eq 0 ] || exit 0
michael@20 300 %{l_rc} bacula stop 2>/dev/null
michael@20 301 rm -rf $RPM_INSTALL_PREFIX/var/bacula/*
michael@20 302 exit 0
michael@20 303

mercurial