source: trunk/server/fedora/Makefile @ 1452

Last change on this file since 1452 was 1433, checked in by mitchb, 15 years ago
Scriptsify gzip to patch for CVE-2009-2624 and CVE-2010-0001
File size: 8.4 KB
Line 
1# Makefile for building scripts.mit.edu Fedora packages
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
3#                and  Joe Presbrey <presbrey@mit.edu>
4#
5# This program is free software; you can redistribute it and/or
6# modify it under the terms of the GNU General Public License
7# as published by the Free Software Foundation; either version 2
8# of the License, or (at your option) any later version.
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program; if not, write to the Free Software
17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
18#
19# See /COPYRIGHT in this repository for more information.
20
21upstream_yum    = krb5 krb5.i586 httpd openssh gzip
22upstream        = openafs $(upstream_yum) moira
23oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr athrun php_scripts scripts-base
24allsrc          = $(upstream) $(oursrc)
25oursrcdir       = ${PWD}/../common/oursrc
26patches         = ${PWD}/../common/patches
27specs           = ${PWD}/specs
28
29topdir          = ${HOME}/rpmbuild
30tmp_build       = $(topdir)/BUILD
31tmp_specs       = $(topdir)/SPECS
32tmp_src         = $(topdir)/SOURCES
33out_rpms        = $(topdir)/RPMS
34out_srpms       = $(topdir)/SRPMS
35out_sbin        = $(topdir)/sbin
36
37dload           = ${PWD}/.dload
38server_url      = "http://web.mit.edu/scripts/src"
39server_arch     = "fedora.stable"
40openafs_url     = "http://dl.openafs.org/dl/openafs/1.4.11/openafs-1.4.11-1.1.1.src.rpm"
41
42PKG             = $(patsubst %.i586,%,$@)
43
44.PHONY: minimal-clean
45
46info:
47        @echo "The following packages are available:"; \
48        echo "$(allsrc)"; \
49        echo "Run 'make all' to build all packages."
50
51minimal-clean:
52        rm -rf $(topdir) $(dload)
53
54clean: minimal-clean
55        rm -rf $(out_rpms) $(out_srpms) $(out_sbin)
56
57mkdir-tree:
58        @rpmdev-setuptree
59        mkdir -p $(out_sbin)
60        ln -sTf $(topdir) rpmbuild
61
62download: download_stamp
63download_stamp: | SRPMS/mit-zephyr-2.1-6.src.rpm
64        @mkdir -p $(dload); \
65        #wget -qO- -nv $(server_url)/$(server_arch) | xargs make
66        cd $(dload) && yumdownloader --source $(upstream_yum)
67        wget -P $(dload) $(openafs_url)
68        cd $(tmp_src) && wget -nd -r -l1 -np -A.orig.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-moira/
69        touch download_stamp
70
71%.src.rpm:
72        wget -q -nv -N -B $(server_url) -nd -nH -P $(dload) $(server_url)/$*.src.rpm
73
74copy-patches: mkdir-tree
75        @cp $(patches)/*.patch $(tmp_src); \
76        cd $(tmp_src);
77
78install-srpms: mkdir-tree download
79        rpm $(rpm_args) -i $(dload)/*.src.rpm 2>/dev/null;
80
81copy-specs: mkdir-tree
82        cp ${specs}/*.spec $(tmp_specs)
83
84patch-specs: install-srpms
85        @cd ${tmp_specs}; \
86        list=`ls ${specs}/*.spec.patch`; \
87        for i in $$list; do \
88                patch < $$i; \
89        done; \
90        list2=`svn ls ${oursrcdir}`; \
91        for i in $$list2; do \
92                base=`basename $$i`; \
93                version=`svnversion ${oursrcdir}/$$i`; \
94                version=$${version//:/_}; \
95                echo "$$i version $$version"; \
96                sed --in-place \
97                        -e "s/SVNVERSION_TO_UPDATE/$${version}/" \
98                ${tmp_specs}/$$base.spec; \
99        done;
100
101# 1. use the package's Makefile to delete leftover files and run autoconf
102# 2. create a tarball (we want it to contain the autoconf output)
103tarballs: mkdir-tree
104        @cd ${oursrcdir}; \
105        list=`find -mindepth 1 -maxdepth 1 -type d | grep -v ".svn"`; \
106        for i in $$list; do \
107                pushd $$i; \
108                if [ -x ./mrproper ]; then \
109                        ./mrproper; \
110                        autoconf; \
111                fi; \
112                popd; \
113                tar -czf $(tmp_src)/$$i.tar.gz $$i; \
114        done;
115
116#setup: install-srpms copy-patches copy-specs patch-specs tarballs
117setup: copy-patches copy-specs patch-specs tarballs
118
119oursrc:
120        make $(oursrc)
121
122upstream: mkdir-tree download
123        make $(upstream)
124
125all:
126        make $(allsrc)
127
128$(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_')'
129
130$(filter %.i586,$(oursrc)): %.i586: setup
131        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
132        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
133        /usr/bin/mock -r scripts-fc11-i386 --arch=i586 ${rpmbuild_args} --define="_lib lib" -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
134
135$(filter-out %.i586,$(oursrc)): %: setup
136        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
137        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
138        /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
139
140$(upstream) openafs-kernel: rpmbuild_args += --define 'scriptsversion $(shell svnversion ${patches} | tr ':' '_')'
141
142$(filter %.i586,$(upstream)): %.i586: setup patch-specs
143        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
144        /usr/bin/mock -r scripts-fc11-i386 --arch=i586 ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
145
146$(filter-out %.i586,$(upstream)): %: setup patch-specs
147        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
148        /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
149
150openafs-kernel: setup
151        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
152        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/openafs*.spec
153        /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/openafs*.src.rpm | head -1`
154
155#sort -n sorts "2.6.25-1" later than "2.6.25.1-1", so it's Wrong
156#kernvers = $(shell rpm -q --qf "%{Version}-%{Release}\n" --whatprovides kernel | sort -n | tail -n1)
157kernvers = $(shell uname -r | sed "s/\(.*\)[.].*/\1/")
158kvariants = ''
159openafs_rpmbuild_args = --define "fedorakmod 1" --define "kvariants $(kvariants)" --define "kernvers $(kernvers)"
160openafs: rpmbuild_args += $(openafs_rpmbuild_args)
161openafs-kernel: rpmbuild_args += $(openafs_rpmbuild_args) --define "build_userspace 0" --define "build_modules 1"
162
163suexec: #install-srpms
164        @rm -rf ${tmp_src}/httpd-2*/; \
165        tar zxvf ${tmp_src}/httpd-2*.tar.gz; \
166        cd httpd-2*; \
167        patch -p1 < ${patches}/httpd-suexec-scripts.patch; \
168        autoreconf; \
169        ./configure --prefix=/etc/httpd --with-suexec-userdir=web_scripts --with-suexec-caller=apache --with-suexec-uidmin=50 --with-suexec-gidmin=50 --with-suexec-docroot=/ --with-suexec-trusteddir=/usr/libexec/scripts-trusted; \
170        pushd support; \
171        mkdir -p ${out_sbin}; make suexec && cp suexec ${out_sbin}; \
172        popd; \
173        rm -rf httpd-2*; \
174        echo; \
175        echo "suexec binary written to ${out_sbin}."; \
176        echo "Run 'make install-suexec' as root to install it.";
177
178install-suexec:
179        install -m 4510 -o 0 -g apache ${out_sbin}/suexec /usr/sbin/;
180
181frob-openafs:
182        @if [ ! -d "/etc/openafs/" ]; then \
183        echo "/etc/openafs does not exist"; \
184        exit 1; \
185        else \
186        ln -nfs /etc/openafs/* /usr/vice/etc/; \
187        fi
188
189# The following packages are needed for our packages
190basic-deps      = kernel-devel rpm-build rpmdevtools mock gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586
191oursrc-deps     = hesinfo openldap-clients openldap-devel.i586 php-devel
192httpdmods-deps  = httpd-devel
193httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
194krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex
195openafs-deps    = pam-devel automake
196mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i586 hesiod.i586 libXt.i586 #compat-readline43
197openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth pango-devel cairo-devel libedit-devel nss-devel fipscheck-devel
198php-deps        = bzip2-devel curl-devel gmp-devel libstdc++-devel sqlite-devel gcc-c++ libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel libXpm-devel libjpeg-devel t1lib-devel libmcrypt-devel mhash-devel libtidy-devel freetds-devel aspell-devel recode-devel
199install-deps:
200        yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) $(php-deps)
201        rpm -ivh http://kojipkgs.fedoraproject.org/packages/compat-readline43/4.3/3/i386/compat-readline43-4.3-3.i386.rpm
202#       rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm
203
204fedora:
205        make install-deps
206        make upstream
207        rpm -ivh $(out_rpms)/`uname -m`/openafs-devel*.rpm
208        make oursrc
Note: See TracBrowser for help on using the repository browser.