Browse Source

All files related to my RPM spec file project in one commit

0.13
Alice Wonder 9 years ago
parent
commit
146746bbaf
  1. 185
      contrib/rpm/README.md
  2. 24
      contrib/rpm/bitcoin-0.12.0-libressl.patch
  3. 8
      contrib/rpm/bitcoin.fc
  4. 157
      contrib/rpm/bitcoin.if
  5. 444
      contrib/rpm/bitcoin.spec
  6. 81
      contrib/rpm/bitcoin.te

185
contrib/rpm/README.md

@ -0,0 +1,185 @@
RPM Spec File Notes
-------------------
The RPM spec file provided here is for Bitcoin-Core 0.12.0 and builds on CentOS
7 with either the CentOS provided OpenSSL library or with LibreSSL as packaged
at [LibreLAMP.com](https://librelamp.com/). It should hopefully not be too
difficult to port the RPM spec file to most RPM based Linux distributions.
When porting the spec file to build for a particular distribution, there are
some important notes.
## Sources
It is considered good form for all sources to reference a URL where the source
can be downloaded.
Sources 0-9 should be reserved for source code tarballs. `Source0` should
reference the release tarball available from https://bitcoin.org/bin/ and
`Source1` should reference the BerkeleyDB source.
Sources 10-99 are for source files that are maintained in the
[Bitcoin git repository](https://github.com/bitcoin/bitcoin) but are not part of
the release tarball. Most of these will reside in the `contrib` sub-directory.
Sources 10-19 should be reserved for miscellaneous configuration files.
Currently only `Source10` is used, for the example `bitcoin.conf` file.
Sources 20-29 should be reserved for man pages. Currently only `Source20`
through `Source23` are used.
Sources 30-39 should be reserved for SELinux related files. Currently only
`Source30` through `Source32` are used. Until those files are in a tagged
release, the full URL specified in the RPM spec file will not work. You can get
them from the git ropository where you retrieved this file.
Sources 100+ are for files that are not source tarballs and are not maintained
in the bitcoin git repository. At present only an SVG version of the Bitcoin
icon is used.
## Patches
In general, patches should be avoided. When a packager feels a patch is
necessary, the packager should bring the problem to the attention of the bitcoin
developers so that an official fix to the issue can make it into the next
release.
### Patch0 bitcoin-0.12.0-libressl.patch
This patch is only needed if building against LibreSSL. LibreSSL is not the
standard TLS library on most Linux distributions. The patch will likely not be
needed when 0.12.1 is released, a proper fix is already in the Bitcoin git
master branch.
## BuildRequires
The packages specified in the `BuildRequires` are specified according to the
package naming convention currently used in CentOS 7 and EPEL for CentOS 7. You
may need to change some of the package names for other distributions. This is
most likely to be the case with the Qt packages.
## BerkeleyDB
The `build-unix.md` file recommends building against BerkeleyDB 4.8.30. Even if
that is the version your Linux distribution ships with, it probably is a good
idea to build Bitcoin Core against a static version of that library compiled
according to the instructions in the `build-unix.md` file so that any changes
the distribution may make in the future will not result in a problem for users.
The problem that can exist, clients built against different versions of
BerkeleyDB may not be able read each other's `wallet.dat` file which can make it
difficult for a user to recover from backup in the event of a system failure.
## Graphical User Interface and Qt Version
The RPM spec file will by default build the GUI client linked against the Qt5
libraries. If you wish instead to link against the Qt4 libraries you need to
pass the switch `-D '_use_qt4 1'` at build time to the `rpmbuild` or `mock`
command used to build the packages.
If you would prefer not to build the GUI at all, you can pass the switch
`-D '_no_gui 1'` to the `rpmbuild` or `mock` build command.
## Desktop and KDE Files
The desktop and KDE meta files are created in the spec file itself with the
`cat` command. This is done to allow easy distribution specific changes without
needing to use any patches. A specific time stamp is given to the files so that
it does not they do not appear to have been updated every time the package is
built. If you do make changes to them, you probably should update time stamp
assigned to them in the `touch` command that specifies the time stamp.
## SVG, PNG, and XPM Icons
The `bitcoin.svg` file is from the source listed as `Source100`. It is used as
the source for the PNG and XPM files. The generated PNG and XPM files are given
the same time stamp as the source SVG file as a means of indicating they are
derived from it.
## Systemd
This spec file assumes the target distribution uses systemd. That really only
matters for the `bitcoin-server` package. At this point, most RPM based
distributions that still receive vendor updates do in fact use systemd.
The files to control the service are created in the RPM spec file itself using
the `cat` command. This is done to make it easy to modify for other
distributions that may implement things differently without needing to patch
source. A specific time stamp is given to the files so that they do not appear
to have been updated every time the package is built. If you do make changes to
them, you probably should update the time stamp assigned to them in the `touch`
command that specifies the time stamp.
## SELinux
The `bitcoin-server` package should have SELinux support. How to properly do
that *may* vary by distribution and version of distribution.
The SELinux stuff in this RPM spec file *should* be correct for CentOS, RHEL,
and Fedora but it would be a good idea to review it before building the package
on other distributions.
## Tests
The `%check` section takes a very long time to run. If your build system has a
time limit for package build, you may need to make an exception for this
package. On CentOS 7 the `%check` section completes successfully with both
OpenSSL and LibreSSL, a failure really does mean something is wrong.
## LibreSSL Build Notes
To build against LibreSSL you will need to pass the switch
`-D '_use_libressl 1'` to the `rpmbuild` or `mock` command or the spec file will
want the OpenSSL development files.
### LibreSSL and Boost
LibreSSL (and some newer builds of OpenSSL) do not have support for SSLv3. This
can cause issues with the Boost package if the Boost package has not been
patched accordingly. On those distributions, you will either need to build
Bitcoin-Core against OpenSSL or use a patched version of Boost in the build
system.
As SSLv3 is no longer safe, distributions that have not patched Boost to work
with TLS libraries that do not support SSLv3 should have bug reports filed
against the Boost package. This bug report has already been filed for RHEL 7 but
it may need to be filed for other distributions.
A patch for Boost: https://github.com/boostorg/asio/pull/23/files
## ZeroMQ
At this time, this RPM spec file does not support the ZeroMQ build options. A
suitable version of ZeroMQ is not available for the platform this spec file was
developed on (CentOS 7).
## Legacy Credit
This RPM spec file is largely based upon the work of Michael Hampton at
[Ringing Liberty](https://www.ringingliberty.com/bitcoin/). He has been
packaging Bitcoin for Fedora at least since 2012.
Most of the differences between his packaging and this package are stylistic in
nature. The major differences:
1. He builds from a github tagged release rather than a release tarball. This
should not result in different source code.
2. He does not build BerkeleyDB but instead uses the BerkeleyDB provided by the
Linux distribution. For the distributions he packages for, they currently all
use the same version of BerkeleyDB so that difference is *probably* just
academic.
3. As of his 10.11.2 package he did not allow for building against LibreSSL,
specifying a build without the Qt GUI, or specifying which version of the Qt
libraries to use.
4. I renamed the `bitcoin` package that contains the Qt GUI to `bitcoin-core` as
that appears to be how the general population refers to it, in contrast to
`bitcoin-xt` or `bitcoin-classic`. I wanted to make sure the general population
knows what they are getting when installing the GUI package.
As far as minor differences, I generally prefer to assign the file permissions
in the `%files` portion of an RPM spec file rather than specifying the
permissions of a file during `%install` and other minor things like that that
are largely just cosmetic.

24
contrib/rpm/bitcoin-0.12.0-libressl.patch

@ -0,0 +1,24 @@
diff -ur bitcoin-0.12.0.orig/src/init.cpp bitcoin-0.12.0/src/init.cpp
--- bitcoin-0.12.0.orig/src/init.cpp 2015-12-31 16:00:00.000000000 -0800
+++ bitcoin-0.12.0/src/init.cpp 2016-02-23 06:03:47.133227757 -0800
@@ -1075,7 +1075,7 @@
if (fPrintToDebugLog)
OpenDebugLog();
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
LogPrintf("Using OpenSSL version %s\n", SSLeay_version(SSLEAY_VERSION));
#else
LogPrintf("Using OpenSSL version %s\n", OpenSSL_version(OPENSSL_VERSION));
diff -ur bitcoin-0.12.0.orig/src/qt/rpcconsole.cpp bitcoin-0.12.0/src/qt/rpcconsole.cpp
--- bitcoin-0.12.0.orig/src/qt/rpcconsole.cpp 2015-12-31 16:00:00.000000000 -0800
+++ bitcoin-0.12.0/src/qt/rpcconsole.cpp 2016-02-23 15:09:42.881126841 -0800
@@ -264,7 +264,7 @@
// set library version labels
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
ui->openSSLVersion->setText(SSLeay_version(SSLEAY_VERSION));
#else
ui->openSSLVersion->setText(OpenSSL_version(OPENSSL_VERSION));

8
contrib/rpm/bitcoin.fc

@ -0,0 +1,8 @@
/usr/bin/bitcoin-cli -- gen_context(system_u:object_r:bitcoin_exec_t,s0)
/usr/sbin/bitcoind -- gen_context(system_u:object_r:bitcoin_exec_t,s0)
/usr/lib(64)?/bitcoin/bitcoind -- gen_context(system_u:object_r:bitcoin_exec_t,s0)
/etc/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_conf_t,s0)
/var/lib/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_var_lib_t,s0)
(/var)?/run/bitcoind(/.*)? gen_context(system_u:object_r:bitcoin_var_run_t,s0)

157
contrib/rpm/bitcoin.if

@ -0,0 +1,157 @@
## <summary>policy for bitcoin</summary>
########################################
## <summary>
## Transition to bitcoin.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`bitcoin_domtrans',`
gen_require(`
type bitcoin_t, bitcoin_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, bitcoin_exec_t, bitcoin_t)
')
########################################
## <summary>
## Execute bitcoin server in the bitcoin domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_initrc_domtrans',`
gen_require(`
type bitcoin_initrc_exec_t;
')
init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
')
########################################
## <summary>
## Search bitcoin lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_search_lib',`
gen_require(`
type bitcoin_var_lib_t;
')
allow $1 bitcoin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read bitcoin lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_read_lib_files',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## Manage bitcoin lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_manage_lib_files',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## Manage bitcoin lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_manage_lib_dirs',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## All of the rules required to administrate
## an bitcoin environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`bitcoin_admin',`
gen_require(`
type bitcoin_t;
type bitcoin_initrc_exec_t;
type bitcoin_var_lib_t;
')
allow $1 bitcoin_t:process { ptrace signal_perms };
ps_process_pattern($1, bitcoin_t)
bitcoin_initrc_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 bitcoin_initrc_exec_t system_r;
allow $2 system_r;
files_search_var_lib($1)
admin_pattern($1, bitcoin_var_lib_t)
')

444
contrib/rpm/bitcoin.spec

@ -0,0 +1,444 @@
%define bdbv 4.8.30
%global selinux_variants mls strict targeted
%if 0%{?_no_gui:1}
%define _buildqt 0
%define buildargs --with-gui=no
%else
%define _buildqt 1
%if 0%{?_use_qt4}
%define buildargs --with-qrencode --with-gui=qt4
%else
%define buildargs --with-qrencode --with-gui=qt5
%endif
%endif
Name: bitcoin
Version: 0.12.0
Release: 2%{?dist}
Summary: Peer to Peer Cryptographic Currency
Group: Applications/System
License: MIT
URL: https://bitcoin.org/
Source0: https://bitcoin.org/bin/bitcoin-core-%{version}/bitcoin-%{version}.tar.gz
Source1: http://download.oracle.com/berkeley-db/db-%{bdbv}.NC.tar.gz
Source10: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/examples/bitcoin.conf
#man pages
Source20: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoind.1
Source21: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin-cli.1
Source22: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin-qt.1
Source23: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin.conf.5
#selinux
Source30: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.te
# Source31 - what about bitcoin-tx and bench_bitcoin ???
Source31: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.fc
Source32: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.if
Source100: https://upload.wikimedia.org/wikipedia/commons/4/46/Bitcoin.svg
%if 0%{?_use_libressl:1}
BuildRequires: libressl-devel
%else
BuildRequires: openssl-devel
%endif
BuildRequires: boost-devel
BuildRequires: miniupnpc-devel
BuildRequires: autoconf automake libtool
BuildRequires: libevent-devel
Patch0: bitcoin-0.12.0-libressl.patch
%description
Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to
operate with no central authority or banks; managing transactions and the
issuing of bitcoins is carried out collectively by the network.
%if %{_buildqt}
%package core
Summary: Peer to Peer Cryptographic Currency
Group: Applications/System
Obsoletes: %{name} < %{version}-%{release}
Provides: %{name} = %{version}-%{release}
%if 0%{?_use_qt4}
BuildRequires: qt-devel
%else
BuildRequires: qt5-qtbase-devel
# for /usr/bin/lrelease-qt5
BuildRequires: qt5-linguist
%endif
BuildRequires: protobuf-devel
BuildRequires: qrencode-devel
BuildRequires: %{_bindir}/desktop-file-validate
# for icon generation from SVG
BuildRequires: %{_bindir}/inkscape
BuildRequires: %{_bindir}/convert
%description core
Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to
operate with no central authority or banks; managing transactions and the
issuing of bitcoins is carried out collectively by the network.
This package contains the Qt based graphical client and node. If you are looking
to run a Bitcoin wallet, this is probably the package you want.
%endif
%package libs
Summary: Bitcoin shared libraries
Group: System Environment/Libraries
%description libs
This package provides the bitcoinconsensus shared libraries. These libraries
may be used by third party software to provide consensus verification
functionality.
Unless you know need this package, you probably do not.
%package devel
Summary: Development files for bitcoin
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}
%description devel
This package contains the header files and static library for the
bitcoinconsensus shared library. If you are developing or compiling software
that wants to link against that library, then you need this package installed.
Most people do not need this package installed.
%package server
Summary: The bitcoin daemon
Group: System Environment/Daemons
Requires: bitcoin-utils = %{version}-%{release}
Requires: selinux-policy policycoreutils-python
Requires(pre): shadow-utils
Requires(post): %{_sbindir}/semodule %{_sbindir}/restorecon %{_sbindir}/fixfiles %{_sbindir}/sestatus
Requires(postun): %{_sbindir}/semodule %{_sbindir}/restorecon %{_sbindir}/fixfiles %{_sbindir}/sestatus
BuildRequires: systemd
BuildRequires: checkpolicy
BuildRequires: %{_datadir}/selinux/devel/Makefile
%description server
This package provides a stand-alone bitcoin-core daemon. For most users, this
package is only needed if they need a full-node without the graphical client.
Some third party wallet software will want this package to provide the actual
bitcoin-core node they use to connect to the network.
If you use the graphical bitcoin-core client then you almost certainly do not
need this package.
%package utils
Summary: Bitcoin utilities
Group: Applications/System
%description utils
This package provides several command line utilities for interacting with a
bitcoin-core daemon.
The bitcoin-cli utility allows you to communicate and control a bitcoin daemon
over RPC, the bitcoin-tx utility allows you to create a custom transaction, and
the bench_bitcoin utility can be used to perform some benchmarks.
This package contains utilities needed by the bitcoin-server package.
%prep
%setup -q
%patch0 -p1 -b .libressl
cp -p %{SOURCE10} ./bitcoin.conf.example
tar -zxf %{SOURCE1}
cp -p db-%{bdbv}.NC/LICENSE ./db-%{bdbv}.NC-LICENSE
mkdir db4 SELinux
cp -p %{SOURCE30} %{SOURCE31} %{SOURCE32} SELinux/
%build
CWD=`pwd`
cd db-%{bdbv}.NC/build_unix/
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${CWD}/db4
make install
cd ../..
./autogen.sh
%configure LDFLAGS="-L${CWD}/db4/lib/" CPPFLAGS="-I${CWD}/db4/include/" --with-miniupnpc --enable-glibc-back-compat %{buildargs}
make %{?_smp_mflags}
pushd SELinux
for selinuxvariant in %{selinux_variants}; do
make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile
mv bitcoin.pp bitcoin.pp.${selinuxvariant}
make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean
done
popd
%install
make install DESTDIR=%{buildroot}
mkdir -p -m755 %{buildroot}%{_sbindir}
mv %{buildroot}%{_bindir}/bitcoind %{buildroot}%{_sbindir}/bitcoind
# systemd stuff
mkdir -p %{buildroot}%{_tmpfilesdir}
cat <<EOF > %{buildroot}%{_tmpfilesdir}/bitcoin.conf
d /run/bitcoind 0750 bitcoin bitcoin -
EOF
touch -a -m -t 201504280000 %{buildroot}%{_tmpfilesdir}/bitcoin.conf
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
cat <<EOF > %{buildroot}%{_sysconfdir}/sysconfig/bitcoin
# Provide options to the bitcoin daemon here, for example
# OPTIONS="-testnet -disable-wallet"
OPTIONS=""
# System service defaults.
# Don't change these unless you know what you're doing.
CONFIG_FILE="%{_sysconfdir}/bitcoin/bitcoin.conf"
DATA_DIR="%{_localstatedir}/lib/bitcoin"
PID_FILE="/run/bitcoind/bitcoind.pid"
EOF
touch -a -m -t 201504280000 %{buildroot}%{_sysconfdir}/sysconfig/bitcoin
mkdir -p %{buildroot}%{_unitdir}
cat <<EOF > %{buildroot}%{_unitdir}/bitcoin.service
[Unit]
Description=Bitcoin daemon
After=syslog.target network.target
[Service]
Type=forking
ExecStart=%{_sbindir}/bitcoind -daemon -conf=\${CONFIG_FILE} -datadir=\${DATA_DIR} -pid=\${PID_FILE} \$OPTIONS
EnvironmentFile=%{_sysconfdir}/sysconfig/bitcoin
User=bitcoin
Group=bitcoin
Restart=on-failure
PrivateTmp=true
TimeoutStopSec=120
TimeoutStartSec=60
StartLimitInterval=240
StartLimitBurst=5
[Install]
WantedBy=multi-user.target
EOF
touch -a -m -t 201504280000 %{buildroot}%{_unitdir}/bitcoin.service
#end systemd stuff
mkdir %{buildroot}%{_sysconfdir}/bitcoin
mkdir -p %{buildroot}%{_localstatedir}/lib/bitcoin
#SELinux
for selinuxvariant in %{selinux_variants}; do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 SELinux/bitcoin.pp.${selinuxvariant} %{buildroot}%{_datadir}/selinux/${selinuxvariant}/bitcoin.pp
done
%if %{_buildqt}
# qt icons
install -D -p share/pixmaps/bitcoin.ico %{buildroot}%{_datadir}/pixmaps/bitcoin.ico
install -p share/pixmaps/nsis-header.bmp %{buildroot}%{_datadir}/pixmaps/
install -p share/pixmaps/nsis-wizard.bmp %{buildroot}%{_datadir}/pixmaps/
install -p %{SOURCE100} %{buildroot}%{_datadir}/pixmaps/bitcoin.svg
%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin16.png -w16 -h16
%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin32.png -w32 -h32
%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin64.png -w64 -h64
%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin128.png -w128 -h128
%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin256.png -w256 -h256
%{_bindir}/convert -resize 16x16 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin16.xpm
%{_bindir}/convert -resize 32x32 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin32.xpm
%{_bindir}/convert -resize 64x64 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin64.xpm
%{_bindir}/convert -resize 128x128 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin128.xpm
%{_bindir}/convert %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin256.xpm
touch %{buildroot}%{_datadir}/pixmaps/*.png -r %{SOURCE100}
touch %{buildroot}%{_datadir}/pixmaps/*.xpm -r %{SOURCE100}
# Desktop File - change the touch timestamp if modifying
mkdir -p %{buildroot}%{_datadir}/applications
cat <<EOF > %{buildroot}%{_datadir}/applications/bitcoin-core.desktop
[Desktop Entry]
Encoding=UTF-8
Name=Bitcoin
Comment=Bitcoin P2P Cryptocurrency
Comment[fr]=Bitcoin, monnaie virtuelle cryptographique pair à pair
Comment[tr]=Bitcoin, eşten eşe kriptografik sanal para birimi
Exec=bitcoin-qt %u
Terminal=false
Type=Application
Icon=bitcoin128
MimeType=x-scheme-handler/bitcoin;
Categories=Office;Finance;
EOF
# change touch date when modifying desktop
touch -a -m -t 201511100546 %{buildroot}%{_datadir}/applications/bitcoin-core.desktop
%{_bindir}/desktop-file-validate %{buildroot}%{_datadir}/applications/bitcoin-core.desktop
# KDE protocol - change the touch timestamp if modifying
mkdir -p %{buildroot}%{_datadir}/kde4/services
cat <<EOF > %{buildroot}%{_datadir}/kde4/services/bitcoin-core.protocol
[Protocol]
exec=bitcoin-qt '%u'
protocol=bitcoin
input=none
output=none
helper=true
listing=
reading=false
writing=false
makedir=false
deleting=false
EOF
# change touch date when modifying protocol
touch -a -m -t 201511100546 %{buildroot}%{_datadir}/kde4/services/bitcoin-core.protocol
%endif
# man pages
install -D -p %{SOURCE20} %{buildroot}%{_mandir}/man1/bitcoind.1
install -p %{SOURCE21} %{buildroot}%{_mandir}/man1/bitcoin-cli.1
%if %{_buildqt}
install -p %{SOURCE22} %{buildroot}%{_mandir}/man1/bitcoin-qt.1
%endif
install -D -p %{SOURCE23} %{buildroot}%{_mandir}/man5/bitcoin.conf.5
# nuke these, we do extensive testing of binaries in %%check before packaging
rm -f %{buildroot}%{_bindir}/test_*
%check
make check
pushd src
srcdir=. test/bitcoin-util-test.py
popd
qa/pull-tester/rpc-tests.py -extended
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%pre server
getent group bitcoin >/dev/null || groupadd -r bitcoin
getent passwd bitcoin >/dev/null ||
useradd -r -g bitcoin -d /var/lib/bitcoin -s /sbin/nologin \
-c "Bitcoin wallet server" bitcoin
exit 0
%post server
%systemd_post bitcoin.service
# SELinux
if [ `%{_sbindir}/sestatus |grep -c "disabled"` -eq 0 ]; then
for selinuxvariant in %{selinux_variants}; do
%{_sbindir}/semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/bitcoin.pp &> /dev/null || :
done
%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 8332
%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 8333
%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 18332
%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 18333
%{_sbindir}/fixfiles -R bitcoin-server restore &> /dev/null || :
%{_sbindir}/restorecon -R %{_localstatedir}/lib/bitcoin || :
fi
%posttrans server
%{_bindir}/systemd-tmpfiles --create
%preun server
%systemd_preun bitcoin.service
%postun server
%systemd_postun bitcoin.service
# SELinux
if [ $1 -eq 0 ]; then
if [ `%{_sbindir}/sestatus |grep -c "disabled"` -eq 0 ]; then
%{_sbindir}/semanage port -d -p tcp 8332
%{_sbindir}/semanage port -d -p tcp 8333
%{_sbindir}/semanage port -d -p tcp 18332
%{_sbindir}/semanage port -d -p tcp 18333
for selinuxvariant in %{selinux_variants}; do
%{_sbindir}/semodule -s ${selinuxvariant} -r bitcoin &> /dev/null || :
done
%{_sbindir}/fixfiles -R bitcoin-server restore &> /dev/null || :
[ -d %{_localstatedir}/lib/bitcoin ] && \
%{_sbindir}/restorecon -R %{_localstatedir}/lib/bitcoin &> /dev/null || :
fi
fi
%clean
rm -rf %{buildroot}
%if %{_buildqt}
%files core
%defattr(-,root,root,-)
%license COPYING db-%{bdbv}.NC-LICENSE
%doc COPYING bitcoin.conf.example doc/README.md doc/bips.md doc/files.md doc/multiwallet-qt.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md
%attr(0755,root,root) %{_bindir}/bitcoin-qt
%attr(0644,root,root) %{_datadir}/applications/bitcoin-core.desktop
%attr(0644,root,root) %{_datadir}/kde4/services/bitcoin-core.protocol
%attr(0644,root,root) %{_datadir}/pixmaps/*.ico
%attr(0644,root,root) %{_datadir}/pixmaps/*.bmp
%attr(0644,root,root) %{_datadir}/pixmaps/*.svg
%attr(0644,root,root) %{_datadir}/pixmaps/*.png
%attr(0644,root,root) %{_datadir}/pixmaps/*.xpm
%attr(0644,root,root) %{_mandir}/man1/bitcoin-qt.1*
%endif
%files libs
%defattr(-,root,root,-)
%license COPYING
%doc COPYING doc/README.md doc/shared-libraries.md
%{_libdir}/lib*.so.*
%files devel
%defattr(-,root,root,-)
%license COPYING
%doc COPYING doc/README.md doc/developer-notes.md doc/shared-libraries.md
%attr(0644,root,root) %{_includedir}/*.h
%{_libdir}/*.so
%{_libdir}/*.a
%{_libdir}/*.la
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
%files server
%defattr(-,root,root,-)
%license COPYING db-%{bdbv}.NC-LICENSE
%doc COPYING bitcoin.conf.example doc/README.md doc/REST-interface.md doc/bips.md doc/dnsseed-policy.md doc/files.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md
%attr(0755,root,root) %{_sbindir}/bitcoind
%attr(0644,root,root) %{_tmpfilesdir}/bitcoin.conf
%attr(0644,root,root) %{_unitdir}/bitcoin.service
%dir %attr(0750,bitcoin,bitcoin) %{_sysconfdir}/bitcoin
%dir %attr(0750,bitcoin,bitcoin) %{_localstatedir}/lib/bitcoin
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/bitcoin
%attr(0644,root,root) %{_datadir}/selinux/*/*.pp
%attr(0644,root,root) %{_mandir}/man1/bitcoind.1*
%attr(0644,root,root) %{_mandir}/man5/bitcoin.conf.5*
%files utils
%defattr(-,root,root,-)
%license COPYING
%doc COPYING bitcoin.conf.example doc/README.md
%attr(0755,root,root) %{_bindir}/bitcoin-cli
%attr(0755,root,root) %{_bindir}/bitcoin-tx
%attr(0755,root,root) %{_bindir}/bench_bitcoin
%attr(0644,root,root) %{_mandir}/man1/bitcoin-cli.1*
%attr(0644,root,root) %{_mandir}/man5/bitcoin.conf.5*
%changelog
* Fri Feb 26 2016 Alice Wonder <buildmaster@librelamp.com> - 0.12.0-2
- Rename Qt package from bitcoin to bitcoin-core
- Make building of the Qt package optional
- When building the Qt package, default to Qt5 but allow building
- against Qt4
- Only run SELinux stuff in post scripts if it is not set to disabled
* Wed Feb 24 2016 Alice Wonder <buildmaster@librelamp.com> - 0.12.0-1
- Initial spec file for 0.12.0 release
# This spec file is written from scratch but a lot of the packaging decisions are directly
# based upon the 0.11.2 package spec file from https://www.ringingliberty.com/bitcoin/

81
contrib/rpm/bitcoin.te

@ -0,0 +1,81 @@
policy_module(bitcoin, 1.100.1)
########################################
#
# Declarations
#
type bitcoin_t;
type bitcoin_exec_t;
init_daemon_domain(bitcoin_t, bitcoin_exec_t)
permissive bitcoin_t;
type bitcoin_initrc_exec_t;
init_script_file(bitcoin_initrc_exec_t)
type bitcoin_conf_t;
files_type(bitcoin_conf_t)
type bitcoin_var_lib_t;
files_type(bitcoin_var_lib_t)
type bitcoin_var_run_t;
files_type(bitcoin_var_run_t)
type bitcoin_port_t;
corenet_port(bitcoin_port_t)
########################################
#
# bitcoin local policy
#
allow bitcoin_t self:process { fork };
allow bitcoin_t self:fifo_file rw_fifo_file_perms;
allow bitcoin_t self:unix_stream_socket create_stream_socket_perms;
manage_dirs_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t)
manage_files_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t)
manage_dirs_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t)
manage_files_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t)
files_var_lib_filetrans(bitcoin_t, bitcoin_var_lib_t, { dir file })
manage_dirs_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t)
manage_files_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t)
sysnet_dns_name_resolve(bitcoin_t)
corenet_all_recvfrom_unlabeled(bitcoin_t)
allow bitcoin_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(bitcoin_t)
corenet_tcp_sendrecv_generic_node(bitcoin_t)
corenet_tcp_sendrecv_all_ports(bitcoin_t)
corenet_tcp_bind_generic_node(bitcoin_t)
gen_require(`
type bitcoin_port_t;
')
allow bitcoin_t bitcoin_port_t:tcp_socket name_bind;
gen_require(`
type bitcoin_port_t;
')
allow bitcoin_t bitcoin_port_t:tcp_socket name_connect;
domain_use_interactive_fds(bitcoin_t)
files_read_etc_files(bitcoin_t)
miscfiles_read_localization(bitcoin_t)
sysnet_dns_name_resolve(bitcoin_t)
allow bitcoin_t bitcoin_exec_t:file execute_no_trans;
allow bitcoin_t self:process setsched;
corecmd_exec_ls(bitcoin_t)
corenet_tcp_connect_http_port(bitcoin_t)
dev_read_urand(bitcoin_t)
fs_getattr_xattr_fs(bitcoin_t)
kernel_read_system_state(bitcoin_t)
Loading…
Cancel
Save