--- /dev/null
+%global gem_name occi-server
+# %%{_datadir}/%%{name}
+%global app_root /opt/%{name}
+%global semodule_name rocci_server
+%global use_bundler 1
+
+%global commit e142d83fc4214fdfd7498209e68491eb913cd1cf
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+%global date 20140830
+
+Name: rOCCI-server
+Version: 1.0.5
+Release: 1.%{date}git%{shortcommit}%{?dist}
+Summary: Ruby OCCI Server
+
+License: ASL 2.0
+URL: https://github.com/EGI-FCTF/rOCCI-server
+Source0: https://github.com/EGI-FCTF/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz
+Source1: %{semodule_name}.te
+Source2: %{semodule_name}.fc
+Source3: %{name}.logrotate
+Patch0: rocci-server-gemfile.diff
+Patch1: rocci-server-unbundle.diff
+
+BuildArch: noarch
+BuildRequires: policycoreutils-python
+BuildRequires: ruby(release) >= 1.9.3
+BuildRequires: rubygems-devel
+%if %{use_bundler}
+BuildRequires: rubygem(bundler)
+%endif
+BuildRequires: rubygem(rdoc)
+# tests (plus all runtimes)
+#BuildRequires: rubygem(rspec)
+#BuildRequires: rubygem(rspec-rails)
+Requires(pre): shadow-utils
+Requires(post): policycoreutils
+Requires(preun): policycoreutils
+Requires(postun): policycoreutils
+Requires: logrotate
+Requires: memcached
+Requires: mod_passenger
+%if %{use_bundler}
+Requires: rubygem(bundler)
+%endif
+Requires: rubygem(dalli)
+Requires: rubygem(hashie)
+Requires: rubygem(ice_nine)
+# upstream: jbuilder ~> 2.1.0
+# F20: 1.5.0
+Requires: rubygem(jbuilder)
+Requires: rubygem(kgio)
+# upstream: ~> 4.0.48
+# F20: 4.0.18
+Requires: rubygem(passenger)
+# upstream: rails ~> 4.0.8
+# F20: 4.0.0, F21: 4.1.x
+Requires: rubygem(rails) >= 4.0.0
+Requires: rubygem(rails) <= 4.1
+# upstream: rails-api ~> 0.2.0, F20: 0.1.0
+Requires: rubygem(rails-api)
+# COPR
+Requires: rubygem(logstasher)
+Requires: rubygem(occi-core) >= 4.2.16
+Requires: rubygem(occi-core) < 4.3
+Requires: rubygem(rack-cors)
+Requires: rubygem(whenever)
+# upstream: >= 1.2.3, really needed
+# F20: 1.2.0
+Requires: rubygem(warden) >= 1.2.3
+%if 0%{?fedora} && 0%{?fedora} <= 20 || 0%{?rhel} && 0%{?rhel} <= 7
+Requires: ruby(release)
+Requires: ruby(rubygems)
+Requires: rubygem(openssl_cms_2_0_0)
+Provides: rubygem(%{gem_name}) = %{version}
+%else
+Requires: rubygem(openssl_cms_2_1)
+%endif
+
+%description
+A ruby OCCI server.
+
+
+%package doc
+Summary: Documentation for %{name}
+Group: Documentation
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description doc
+Documentation for %{name}.
+
+
+%prep
+%setup -q -n %{name}-%{commit}
+
+# correct openssl_cms dependency:
+# - remove reference to git
+# - keep only one openssl_cms gem
+%if 0%{?fedora} && 0%{?fedora} <= 20
+echo 'gem "openssl_cms_2_0_0", require: false, platforms: :ruby_20' > lib/authentication_strategies/bundles/Gemfile.keystone
+%else
+echo 'gem "openssl_cms_2_1", require: false, platforms: :ruby_21' > lib/authentication_strategies/bundles/Gemfile.keystone
+%endif
+
+# tweak Gemfile
+%patch0 -p1
+# kill bundler
+%if %{use_bundler}
+%patch1 -p1
+%endif
+
+# always use the system gems
+sed -i .bundle/config -e '/.*BUNDLE_DISABLE_SHARED_GEMS.*/d'
+
+
+%build
+checkmodule -M -m -o %{semodule_name}.mod %{SOURCE1}
+semodule_package -o %{semodule_name}.pp -m %{semodule_name}.mod -f %{SOURCE2}
+
+
+%install
+mkdir -p %{buildroot}%{app_root}
+mkdir -p %{buildroot}%{_sysconfdir}
+cp -a . %{buildroot}%{app_root}
+
+# unused
+rm -f %{buildroot}%{app_root}/.gitignore
+find %{buildroot}%{app_root} -name .keep -delete
+
+# config files
+mv %{buildroot}%{app_root}/etc %{buildroot}%{_sysconfdir}/rocci-server
+ln -s %{_sysconfdir}/rocci-server %{buildroot}%{app_root}/etc
+
+# logs
+mkdir -p %{buildroot}%{_localstatedir}/log/rocci-server
+mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
+rm -rf %{buildroot}/%{app_root}/log
+ln -s %{_localstatedir}/log/rocci-server %{buildroot}/%{app_root}/log
+install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+
+# bundler:
+# - no Gemfile.lock
+# - enable shared gems
+# - disable backends dependencies for now
+mv %{buildroot}%{app_root}/Gemfile.lock %{buildroot}%{app_root}/Gemfile.lock.upstream
+touch %{buildroot}%{app_root}/Gemfile.lock
+# disable backend dependencies
+# TODO: get them to Fedora
+mv %{buildroot}%{app_root}/lib/backends/bundles/Gemfile.ec2 %{buildroot}%{app_root}/lib/backends/bundles/upstream-Gemfile.ec2
+mv %{buildroot}%{app_root}/lib/backends/bundles/Gemfile.opennebula %{buildroot}%{app_root}/lib/backends/bundles/upstream-Gemfile.opennebula
+
+rdoc --op %{buildroot}%{_pkgdocdir} lib app *.md
+chmod -x %{buildroot}%{_pkgdocdir}/images/*.png
+
+# SELinux
+mkdir -p %{buildroot}%{_datadir}/selinux/packages/%{name}
+install -m 0644 %{semodule_name}.pp %{buildroot}%{_datadir}/selinux/packages/%{name}
+rm -f %{buildroot}%{app_root}/%{semodule_name}.mod
+rm -f %{buildroot}%{app_root}/%{semodule_name}.pp
+
+# httpd configuration
+mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
+# update for apache >= 2.4
+sed -i examples/etc/apache2/sites-available/occi-ssl -e 's/Allow from all/Require all granted/i'
+install -p -m 0644 examples/etc/apache2/sites-available/occi-ssl %{buildroot}%{_sysconfdir}/httpd/conf.d/occi-ssl.conf
+echo "Listen 11443" >> %{buildroot}%{_sysconfdir}/httpd/conf.d/occi-listen.conf
+install -p -m 0644 examples/etc/apache2/conf.d/security %{buildroot}%{_sysconfdir}/httpd/conf.d/occi-security.conf
+
+
+#%%check
+#rspec -Ilib spec --require spec_helper || :
+#cat <<EOF
+#Expeced result:
+#254 examples, 29 failures, 13 pending
+#
+#Failed examples:
+#
+#rspec ./spec/routing/network_routing_spec.rb:6 # routing to network GET routes /network/:id to network#show
+#rspec ./spec/routing/network_routing_spec.rb:14 # routing to network GET routes /network/ to network#index
+#rspec ./spec/routing/network_routing_spec.rb:76 # routing to network PUT routes /network/:id to network#update
+#rspec ./spec/routing/network_routing_spec.rb:23 # routing to network POST routes /network/ to network#create
+#rspec ./spec/routing/network_routing_spec.rb:30 # routing to network POST routes /network/:id to network#update
+#rspec ./spec/routing/network_routing_spec.rb:55 # routing to network DELETE routes /network/:id to network#delete
+#rspec ./spec/routing/network_routing_spec.rb:63 # routing to network DELETE routes /network/ to network#delete
+#rspec ./spec/routing/cors_routing_spec.rb:6 # routing to cors OPTIONS routes / to cors#index
+#rspec ./spec/routing/cors_routing_spec.rb:13 # routing to cors OPTIONS routes /-/ to cors#index
+#rspec ./spec/routing/compute_routing_spec.rb:6 # routing to compute GET routes /compute/:id to compute#show
+#rspec ./spec/routing/compute_routing_spec.rb:14 # routing to compute GET routes /compute/ to compute#index
+#rspec ./spec/routing/compute_routing_spec.rb:76 # routing to compute PUT routes /compute/:id to compute#update
+#rspec ./spec/routing/compute_routing_spec.rb:23 # routing to compute POST routes /compute/ to compute#create
+#rspec ./spec/routing/compute_routing_spec.rb:30 # routing to compute POST routes /compute/:id to compute#update
+#rspec ./spec/routing/compute_routing_spec.rb:55 # routing to compute DELETE routes /compute/:id to compute#delete
+#rspec ./spec/routing/compute_routing_spec.rb:63 # routing to compute DELETE routes /compute/ to compute#delete
+#rspec ./spec/routing/occi_model_routing_spec.rb:6 # routing to model GET routes /-/ to occi_model#show
+#rspec ./spec/routing/occi_model_routing_spec.rb:13 # routing to model GET routes /.well-known/org/ogf/occi/-/ to occi_model#show
+#rspec ./spec/routing/occi_model_routing_spec.rb:22 # routing to model POST routes /-/ to occi_model#show
+#rspec ./spec/routing/occi_model_routing_spec.rb:29 # routing to model POST routes /.well-known/org/ogf/occi/-/ to occi_model#show
+#rspec ./spec/routing/occi_model_routing_spec.rb:38 # routing to model DELETE routes /-/ to occi_model#show
+#rspec ./spec/routing/occi_model_routing_spec.rb:45 # routing to model DELETE routes /.well-known/org/ogf/occi/-/ to occi_model#show
+#rspec ./spec/routing/storage_routing_spec.rb:6 # routing to storage GET routes /storage/:id to storage#show
+#rspec ./spec/routing/storage_routing_spec.rb:14 # routing to storage GET routes /storage/ to storage#index
+#rspec ./spec/routing/storage_routing_spec.rb:76 # routing to storage PUT routes /storage/:id to storage#update
+#rspec ./spec/routing/storage_routing_spec.rb:23 # routing to storage POST routes /storage/ to storage#create
+#rspec ./spec/routing/storage_routing_spec.rb:30 # routing to storage POST routes /storage/:id to storage#update
+#rspec ./spec/routing/storage_routing_spec.rb:55 # routing to storage DELETE routes /storage/:id to storage#delete
+#rspec ./spec/routing/storage_routing_spec.rb:63 # routing to storage DELETE routes /storage/ to storage#delete
+#EOF
+
+
+%pre
+getent group rocci >/dev/null || groupadd -r rocci
+getent passwd rocci >/dev/null || useradd -r -g rocci -d %{app_root} -c "rOCCI user" rocci
+
+%post
+if [ "$1" -le "1" ] ; then # First install
+ semodule -i %{_datadir}/selinux/packages/%{name}/%{semodule_name}.pp 2>/dev/null || :
+ restorecon -R %{app_root} %{_localstatedir}/log/rocci-server 2>/dev/null || :
+ semanage port -a -t http_port_t -p tcp 11443 2>/dev/null || :
+fi
+
+%preun
+if [ "$1" -lt "1" ] ; then # Final removal
+ semodule -r %{semodule_name} 2>/dev/null || :
+ semanage port -d -t http_port_t -p tcp 11443 2>/dev/null || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then # Upgrade
+ semodule -i %{_datadir}/selinux/packages/%{name}/%{semodule_name}.pp 2>/dev/null || :
+ restorecon -R %{app_root} %{_localstatedir}/log/rocci-server 2>/dev/null || :
+fi
+
+
+%files
+%doc %{app_root}/LICENSE
+%config(noreplace) %{_sysconfdir}/rocci-server/
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/occi-listen.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/occi-security.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/occi-ssl.conf
+%dir %{_datadir}/selinux/packages/%{name}/
+%{app_root}/.bundle/
+%{app_root}/app/
+%{app_root}/bin/
+%{app_root}/config/
+%{app_root}/db/
+%{app_root}/examples/
+%{app_root}/lib/
+%{app_root}/public/
+%{app_root}/vendor/
+%{app_root}/etc
+%{app_root}/log
+%{app_root}/Capfile
+%{app_root}/Gemfile
+%{app_root}/config.ru
+%attr(-,rocci,rocci) %{app_root}/Gemfile.lock
+%attr(-,rocci,rocci) %{_localstatedir}/log/rocci-server/
+%{_datadir}/selinux/packages/%{name}/%{semodule_name}.pp
+%exclude %{app_root}/.rspec
+%exclude %{app_root}/.travis.yml
+%exclude %{app_root}/Guardfile
+%exclude %{_pkgdocdir}/
+
+%files doc
+%{_pkgdocdir}/
+%{app_root}/spec/
+%{app_root}/test/
+%{app_root}/Gemfile.lock.upstream
+%{app_root}/README.md
+%{app_root}/Rakefile
+
+
+%changelog
+* Mon Sep 08 2014 František Dvořák <valtri@civ.zcu.cz> - 1.0.5-1.20140830gite142d83
+- Initial package
+- Still in /opt
--- /dev/null
+Author: František Dvořák <valtri@civ.zcu.cz>
+Date: Mon Sep 8 00:03:35 2014 +0200
+
+ Helper patch when using rOCCI server with bundler:
+ - relax dependencies for Fedora
+ - remove all development-only dependencies explicitly
+
+diff --git a/Gemfile b/Gemfile
+index fda0f03..1c8e9c8 100644
+--- a/Gemfile
++++ b/Gemfile
+@@ -1,74 +1,26 @@
+ source 'https://rubygems.org'
+
+ # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
+-gem 'rails', '~> 4.0.8'
+-gem 'rails-api', '~> 0.2.0'
++gem 'rails', '~> 4.0.0'
++gem 'rails-api', '>= 0.1.0'
+
+ # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+-gem 'jbuilder', '~> 2.1.0'
++gem 'jbuilder', '~> 1.5.0'
+
+ # Stuff for working with CORS in Rack
+ gem 'rack-cors', :require => 'rack/cors'
+
+-group :doc do
+- # bundle exec rake doc:rails generates the API under doc/api.
+- gem 'sdoc', require: false
+-end
+-
+ # Use ActiveModel has_secure_password
+ # gem 'bcrypt-ruby', '~> 3.0.0'
+
+-# Use Capistrano for deployment
+-gem 'capistrano', group: :development
+-gem 'rvm-capistrano', group: :development
+-
+-# Use debugger
+-gem 'debugger', group: [:development, :test]
+-
+ # Use whenever for scheduled jobs
+ gem 'whenever', require: false
+
+ # Use passenger for deployment (standalone or in Apache2)
+-gem 'passenger', '~> 4.0.48'
+-
+-# Use simplecov for coverage reports
+-gem 'simplecov', group: [:development, :test]
++gem 'passenger', '~> 4.0.18'
+
+ # Use RSpec for unit tests
+-gem 'rspec-rails', '~> 2.99.0', group: [:development, :test]
+-gem 'fuubar', group: [:development, :test]
+-
+-# Use Pry for debugging
+-gem 'pry-rails', group: [:development, :test]
+-gem 'pry-rescue', group: [:development, :test]
+-gem 'pry-stack_explorer', group: [:development, :test]
+-
+-# Use guard to speed-up devel process
+-gem 'guard-bundler', group: :development
+-gem 'guard-test', group: :development
+-gem 'guard-rails', group: :development
+-
+-# Use notification libs to integrate guard with pop-ups
+-gem 'rb-inotify', require: false, group: :development
+-gem 'libnotify', group: :development
+-
+-# Use YARD for documentation
+-gem 'yard', group: :development
+-gem 'redcarpet', group: :development
+-
+-# Use bond+hirb to extend irb
+-#
+-# Add the following to your ~/.irbrc:
+-#
+-# require 'bond'
+-# require 'hirb'
+-#
+-# Bond.start
+-# Hirb.enable
+-#
+-# Or type it in the current irb session.
+-gem 'bond', group: :development
+-gem 'hirb', group: :development
++gem 'rspec-rails', '>= 2.14.0', group: [:development, :test]
+
+ # Caching stuff
+ gem 'dalli'
+@@ -78,7 +30,7 @@ gem 'kgio', group: :stuff_breaking_travis_ci
+ gem 'warden', '~> 1.2.3'
+
+ # Sensible logging with LogStash support
+-gem 'logstasher', git: "git://github.com/arax/logstasher.git", branch: "master"
++gem 'logstasher'
+
+ # Use Hashie::Mash to simplify hash-related stuff
+ gem 'hashie'
--- /dev/null
+module rocci_server 1.0;
+
+require {
+ type anon_inodefs_t;
+ type home_root_t;
+ type httpd_t;
+ type hwdata_t;
+ type lib_t;
+ type locale_t;
+ type memcache_port_t;
+ type passenger_t;
+ type passenger_tmp_t;
+ type passenger_var_run_t;
+ type sysfs_t;
+ type var_log_t;
+ type man_t;
+ class capability2 block_suspend;
+ class dir { open read search };
+ class file { execute execute_no_trans getattr open read write };
+ class lnk_file read;
+ class sock_file write;
+ class tcp_socket { name_connect listen };
+ class unix_stream_socket { getattr read write };
+ class process { getsession signull };
+}
+
+#============= httpd_t ==============
+allow httpd_t passenger_tmp_t:sock_file write;
+
+#============= passenger_t ==============
+allow passenger_t anon_inodefs_t:file { write read };
+allow passenger_t home_root_t:dir search;
+allow passenger_t httpd_t:unix_stream_socket getattr;
+allow passenger_t lib_t:file execute_no_trans;
+allow passenger_t locale_t:file { read getattr open };
+allow passenger_t man_t:dir { read open };
+# there exists httpd_can_network_memcache boolean, but that's not intended for passenger
+allow passenger_t memcache_port_t:tcp_socket name_connect;
+allow passenger_t self:process { getsession signull };
+allow passenger_t self:tcp_socket listen;
+allow passenger_t var_log_t:lnk_file read;
+
+# passenger_native_support.so
+allow passenger_t passenger_var_run_t:file execute;
+
+# not audited rules :-(
+# needed for #1029132
+# fixed since selinux-policy-3.12.1-183.fc20
+allow passenger_t httpd_t:unix_stream_socket { read write };
+
+# handling exceptions
+allow passenger_t hwdata_t:dir search;
+allow passenger_t hwdata_t:file getattr;
+allow passenger_t hwdata_t:file open;
+allow passenger_t self:capability2 block_suspend;
+allow passenger_t sysfs_t:dir read;
+allow passenger_t sysfs_t:file getattr;
+allow passenger_t sysfs_t:file open;
+allow passenger_t sysfs_t:file read;
+allow passenger_t sysfs_t:lnk_file read;
git://scientific.zcu.cz / rOCCI-packaging-fedora.git / commitdiff