From 146746bbafe5dfea7b2019231c2d37fe57a4c3bb Mon Sep 17 00:00:00 2001 From: Alice Wonder Date: Fri, 26 Feb 2016 09:30:11 -0800 Subject: [PATCH] All files related to my RPM spec file project in one commit --- contrib/rpm/README.md | 185 +++++++++ contrib/rpm/bitcoin-0.12.0-libressl.patch | 24 ++ contrib/rpm/bitcoin.fc | 8 + contrib/rpm/bitcoin.if | 157 ++++++++ contrib/rpm/bitcoin.spec | 444 ++++++++++++++++++++++ contrib/rpm/bitcoin.te | 81 ++++ 6 files changed, 899 insertions(+) create mode 100644 contrib/rpm/README.md create mode 100644 contrib/rpm/bitcoin-0.12.0-libressl.patch create mode 100644 contrib/rpm/bitcoin.fc create mode 100644 contrib/rpm/bitcoin.if create mode 100644 contrib/rpm/bitcoin.spec create mode 100644 contrib/rpm/bitcoin.te diff --git a/contrib/rpm/README.md b/contrib/rpm/README.md new file mode 100644 index 000000000..aecb3ba84 --- /dev/null +++ b/contrib/rpm/README.md @@ -0,0 +1,185 @@ +RPM Spec File Notes +------------------- + +The RPM spec file provided here is for Bitcoin-Core 0.12.0 and builds on CentOS +7 with either the CentOS provided OpenSSL library or with LibreSSL as packaged +at [LibreLAMP.com](https://librelamp.com/). It should hopefully not be too +difficult to port the RPM spec file to most RPM based Linux distributions. + +When porting the spec file to build for a particular distribution, there are +some important notes. + +## Sources + +It is considered good form for all sources to reference a URL where the source +can be downloaded. + +Sources 0-9 should be reserved for source code tarballs. `Source0` should +reference the release tarball available from https://bitcoin.org/bin/ and +`Source1` should reference the BerkeleyDB source. + +Sources 10-99 are for source files that are maintained in the +[Bitcoin git repository](https://github.com/bitcoin/bitcoin) but are not part of +the release tarball. Most of these will reside in the `contrib` sub-directory. + +Sources 10-19 should be reserved for miscellaneous configuration files. +Currently only `Source10` is used, for the example `bitcoin.conf` file. + +Sources 20-29 should be reserved for man pages. Currently only `Source20` +through `Source23` are used. + +Sources 30-39 should be reserved for SELinux related files. Currently only +`Source30` through `Source32` are used. Until those files are in a tagged +release, the full URL specified in the RPM spec file will not work. You can get +them from the git ropository where you retrieved this file. + +Sources 100+ are for files that are not source tarballs and are not maintained +in the bitcoin git repository. At present only an SVG version of the Bitcoin +icon is used. + +## Patches + +In general, patches should be avoided. When a packager feels a patch is +necessary, the packager should bring the problem to the attention of the bitcoin +developers so that an official fix to the issue can make it into the next +release. + +### Patch0 bitcoin-0.12.0-libressl.patch + +This patch is only needed if building against LibreSSL. LibreSSL is not the +standard TLS library on most Linux distributions. The patch will likely not be +needed when 0.12.1 is released, a proper fix is already in the Bitcoin git +master branch. + +## BuildRequires + +The packages specified in the `BuildRequires` are specified according to the +package naming convention currently used in CentOS 7 and EPEL for CentOS 7. You +may need to change some of the package names for other distributions. This is +most likely to be the case with the Qt packages. + +## BerkeleyDB + +The `build-unix.md` file recommends building against BerkeleyDB 4.8.30. Even if +that is the version your Linux distribution ships with, it probably is a good +idea to build Bitcoin Core against a static version of that library compiled +according to the instructions in the `build-unix.md` file so that any changes +the distribution may make in the future will not result in a problem for users. + +The problem that can exist, clients built against different versions of +BerkeleyDB may not be able read each other's `wallet.dat` file which can make it +difficult for a user to recover from backup in the event of a system failure. + +## Graphical User Interface and Qt Version + +The RPM spec file will by default build the GUI client linked against the Qt5 +libraries. If you wish instead to link against the Qt4 libraries you need to +pass the switch `-D '_use_qt4 1'` at build time to the `rpmbuild` or `mock` +command used to build the packages. + +If you would prefer not to build the GUI at all, you can pass the switch +`-D '_no_gui 1'` to the `rpmbuild` or `mock` build command. + +## Desktop and KDE Files + +The desktop and KDE meta files are created in the spec file itself with the +`cat` command. This is done to allow easy distribution specific changes without +needing to use any patches. A specific time stamp is given to the files so that +it does not they do not appear to have been updated every time the package is +built. If you do make changes to them, you probably should update time stamp +assigned to them in the `touch` command that specifies the time stamp. + +## SVG, PNG, and XPM Icons + +The `bitcoin.svg` file is from the source listed as `Source100`. It is used as +the source for the PNG and XPM files. The generated PNG and XPM files are given +the same time stamp as the source SVG file as a means of indicating they are +derived from it. + +## Systemd + +This spec file assumes the target distribution uses systemd. That really only +matters for the `bitcoin-server` package. At this point, most RPM based +distributions that still receive vendor updates do in fact use systemd. + +The files to control the service are created in the RPM spec file itself using +the `cat` command. This is done to make it easy to modify for other +distributions that may implement things differently without needing to patch +source. A specific time stamp is given to the files so that they do not appear +to have been updated every time the package is built. If you do make changes to +them, you probably should update the time stamp assigned to them in the `touch` +command that specifies the time stamp. + +## SELinux + +The `bitcoin-server` package should have SELinux support. How to properly do +that *may* vary by distribution and version of distribution. + +The SELinux stuff in this RPM spec file *should* be correct for CentOS, RHEL, +and Fedora but it would be a good idea to review it before building the package +on other distributions. + +## Tests + +The `%check` section takes a very long time to run. If your build system has a +time limit for package build, you may need to make an exception for this +package. On CentOS 7 the `%check` section completes successfully with both +OpenSSL and LibreSSL, a failure really does mean something is wrong. + +## LibreSSL Build Notes + +To build against LibreSSL you will need to pass the switch +`-D '_use_libressl 1'` to the `rpmbuild` or `mock` command or the spec file will +want the OpenSSL development files. + +### LibreSSL and Boost + +LibreSSL (and some newer builds of OpenSSL) do not have support for SSLv3. This +can cause issues with the Boost package if the Boost package has not been +patched accordingly. On those distributions, you will either need to build +Bitcoin-Core against OpenSSL or use a patched version of Boost in the build +system. + +As SSLv3 is no longer safe, distributions that have not patched Boost to work +with TLS libraries that do not support SSLv3 should have bug reports filed +against the Boost package. This bug report has already been filed for RHEL 7 but +it may need to be filed for other distributions. + +A patch for Boost: https://github.com/boostorg/asio/pull/23/files + +## ZeroMQ + +At this time, this RPM spec file does not support the ZeroMQ build options. A +suitable version of ZeroMQ is not available for the platform this spec file was +developed on (CentOS 7). + +## Legacy Credit + +This RPM spec file is largely based upon the work of Michael Hampton at +[Ringing Liberty](https://www.ringingliberty.com/bitcoin/). He has been +packaging Bitcoin for Fedora at least since 2012. + +Most of the differences between his packaging and this package are stylistic in +nature. The major differences: + +1. He builds from a github tagged release rather than a release tarball. This +should not result in different source code. + +2. He does not build BerkeleyDB but instead uses the BerkeleyDB provided by the +Linux distribution. For the distributions he packages for, they currently all +use the same version of BerkeleyDB so that difference is *probably* just +academic. + +3. As of his 10.11.2 package he did not allow for building against LibreSSL, +specifying a build without the Qt GUI, or specifying which version of the Qt +libraries to use. + +4. I renamed the `bitcoin` package that contains the Qt GUI to `bitcoin-core` as +that appears to be how the general population refers to it, in contrast to +`bitcoin-xt` or `bitcoin-classic`. I wanted to make sure the general population +knows what they are getting when installing the GUI package. + +As far as minor differences, I generally prefer to assign the file permissions +in the `%files` portion of an RPM spec file rather than specifying the +permissions of a file during `%install` and other minor things like that that +are largely just cosmetic. diff --git a/contrib/rpm/bitcoin-0.12.0-libressl.patch b/contrib/rpm/bitcoin-0.12.0-libressl.patch new file mode 100644 index 000000000..555614a06 --- /dev/null +++ b/contrib/rpm/bitcoin-0.12.0-libressl.patch @@ -0,0 +1,24 @@ +diff -ur bitcoin-0.12.0.orig/src/init.cpp bitcoin-0.12.0/src/init.cpp +--- bitcoin-0.12.0.orig/src/init.cpp 2015-12-31 16:00:00.000000000 -0800 ++++ bitcoin-0.12.0/src/init.cpp 2016-02-23 06:03:47.133227757 -0800 +@@ -1075,7 +1075,7 @@ + if (fPrintToDebugLog) + OpenDebugLog(); + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) + LogPrintf("Using OpenSSL version %s\n", SSLeay_version(SSLEAY_VERSION)); + #else + LogPrintf("Using OpenSSL version %s\n", OpenSSL_version(OPENSSL_VERSION)); +diff -ur bitcoin-0.12.0.orig/src/qt/rpcconsole.cpp bitcoin-0.12.0/src/qt/rpcconsole.cpp +--- bitcoin-0.12.0.orig/src/qt/rpcconsole.cpp 2015-12-31 16:00:00.000000000 -0800 ++++ bitcoin-0.12.0/src/qt/rpcconsole.cpp 2016-02-23 15:09:42.881126841 -0800 +@@ -264,7 +264,7 @@ + + // set library version labels + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) + ui->openSSLVersion->setText(SSLeay_version(SSLEAY_VERSION)); + #else + ui->openSSLVersion->setText(OpenSSL_version(OPENSSL_VERSION)); diff --git a/contrib/rpm/bitcoin.fc b/contrib/rpm/bitcoin.fc new file mode 100644 index 000000000..6f5eef637 --- /dev/null +++ b/contrib/rpm/bitcoin.fc @@ -0,0 +1,8 @@ +/usr/bin/bitcoin-cli -- gen_context(system_u:object_r:bitcoin_exec_t,s0) +/usr/sbin/bitcoind -- gen_context(system_u:object_r:bitcoin_exec_t,s0) +/usr/lib(64)?/bitcoin/bitcoind -- gen_context(system_u:object_r:bitcoin_exec_t,s0) + +/etc/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_conf_t,s0) +/var/lib/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_var_lib_t,s0) + +(/var)?/run/bitcoind(/.*)? gen_context(system_u:object_r:bitcoin_var_run_t,s0) diff --git a/contrib/rpm/bitcoin.if b/contrib/rpm/bitcoin.if new file mode 100644 index 000000000..2b096c24d --- /dev/null +++ b/contrib/rpm/bitcoin.if @@ -0,0 +1,157 @@ + +## policy for bitcoin + + +######################################## +## +## Transition to bitcoin. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`bitcoin_domtrans',` + gen_require(` + type bitcoin_t, bitcoin_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, bitcoin_exec_t, bitcoin_t) +') + + +######################################## +## +## Execute bitcoin server in the bitcoin domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`bitcoin_initrc_domtrans',` + gen_require(` + type bitcoin_initrc_exec_t; + ') + + init_labeled_script_domtrans($1, bitcoin_initrc_exec_t) +') + + +######################################## +## +## Search bitcoin lib directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`bitcoin_search_lib',` + gen_require(` + type bitcoin_var_lib_t; + ') + + allow $1 bitcoin_var_lib_t:dir search_dir_perms; + files_search_var_lib($1) +') + +######################################## +## +## Read bitcoin lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`bitcoin_read_lib_files',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + +######################################## +## +## Manage bitcoin lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`bitcoin_manage_lib_files',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + manage_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + +######################################## +## +## Manage bitcoin lib directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`bitcoin_manage_lib_dirs',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + manage_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + + +######################################## +## +## All of the rules required to administrate +## an bitcoin environment +## +## +## +## Domain allowed access. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`bitcoin_admin',` + gen_require(` + type bitcoin_t; + type bitcoin_initrc_exec_t; + type bitcoin_var_lib_t; + ') + + allow $1 bitcoin_t:process { ptrace signal_perms }; + ps_process_pattern($1, bitcoin_t) + + bitcoin_initrc_domtrans($1) + domain_system_change_exemption($1) + role_transition $2 bitcoin_initrc_exec_t system_r; + allow $2 system_r; + + files_search_var_lib($1) + admin_pattern($1, bitcoin_var_lib_t) + +') + diff --git a/contrib/rpm/bitcoin.spec b/contrib/rpm/bitcoin.spec new file mode 100644 index 000000000..38ae03818 --- /dev/null +++ b/contrib/rpm/bitcoin.spec @@ -0,0 +1,444 @@ +%define bdbv 4.8.30 +%global selinux_variants mls strict targeted + +%if 0%{?_no_gui:1} +%define _buildqt 0 +%define buildargs --with-gui=no +%else +%define _buildqt 1 +%if 0%{?_use_qt4} +%define buildargs --with-qrencode --with-gui=qt4 +%else +%define buildargs --with-qrencode --with-gui=qt5 +%endif +%endif + +Name: bitcoin +Version: 0.12.0 +Release: 2%{?dist} +Summary: Peer to Peer Cryptographic Currency + +Group: Applications/System +License: MIT +URL: https://bitcoin.org/ +Source0: https://bitcoin.org/bin/bitcoin-core-%{version}/bitcoin-%{version}.tar.gz +Source1: http://download.oracle.com/berkeley-db/db-%{bdbv}.NC.tar.gz + +Source10: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/examples/bitcoin.conf + +#man pages +Source20: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoind.1 +Source21: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin-cli.1 +Source22: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin-qt.1 +Source23: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/debian/manpages/bitcoin.conf.5 + +#selinux +Source30: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.te +# Source31 - what about bitcoin-tx and bench_bitcoin ??? +Source31: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.fc +Source32: https://raw.githubusercontent.com/bitcoin/bitcoin/v%{version}/contrib/rpm/bitcoin.if + +Source100: https://upload.wikimedia.org/wikipedia/commons/4/46/Bitcoin.svg + +%if 0%{?_use_libressl:1} +BuildRequires: libressl-devel +%else +BuildRequires: openssl-devel +%endif +BuildRequires: boost-devel +BuildRequires: miniupnpc-devel +BuildRequires: autoconf automake libtool +BuildRequires: libevent-devel + + +Patch0: bitcoin-0.12.0-libressl.patch + + +%description +Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to +operate with no central authority or banks; managing transactions and the +issuing of bitcoins is carried out collectively by the network. + +%if %{_buildqt} +%package core +Summary: Peer to Peer Cryptographic Currency +Group: Applications/System +Obsoletes: %{name} < %{version}-%{release} +Provides: %{name} = %{version}-%{release} +%if 0%{?_use_qt4} +BuildRequires: qt-devel +%else +BuildRequires: qt5-qtbase-devel +# for /usr/bin/lrelease-qt5 +BuildRequires: qt5-linguist +%endif +BuildRequires: protobuf-devel +BuildRequires: qrencode-devel +BuildRequires: %{_bindir}/desktop-file-validate +# for icon generation from SVG +BuildRequires: %{_bindir}/inkscape +BuildRequires: %{_bindir}/convert + +%description core +Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to +operate with no central authority or banks; managing transactions and the +issuing of bitcoins is carried out collectively by the network. + +This package contains the Qt based graphical client and node. If you are looking +to run a Bitcoin wallet, this is probably the package you want. +%endif + + +%package libs +Summary: Bitcoin shared libraries +Group: System Environment/Libraries + +%description libs +This package provides the bitcoinconsensus shared libraries. These libraries +may be used by third party software to provide consensus verification +functionality. + +Unless you know need this package, you probably do not. + +%package devel +Summary: Development files for bitcoin +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} + +%description devel +This package contains the header files and static library for the +bitcoinconsensus shared library. If you are developing or compiling software +that wants to link against that library, then you need this package installed. + +Most people do not need this package installed. + +%package server +Summary: The bitcoin daemon +Group: System Environment/Daemons +Requires: bitcoin-utils = %{version}-%{release} +Requires: selinux-policy policycoreutils-python +Requires(pre): shadow-utils +Requires(post): %{_sbindir}/semodule %{_sbindir}/restorecon %{_sbindir}/fixfiles %{_sbindir}/sestatus +Requires(postun): %{_sbindir}/semodule %{_sbindir}/restorecon %{_sbindir}/fixfiles %{_sbindir}/sestatus +BuildRequires: systemd +BuildRequires: checkpolicy +BuildRequires: %{_datadir}/selinux/devel/Makefile + +%description server +This package provides a stand-alone bitcoin-core daemon. For most users, this +package is only needed if they need a full-node without the graphical client. + +Some third party wallet software will want this package to provide the actual +bitcoin-core node they use to connect to the network. + +If you use the graphical bitcoin-core client then you almost certainly do not +need this package. + +%package utils +Summary: Bitcoin utilities +Group: Applications/System + +%description utils +This package provides several command line utilities for interacting with a +bitcoin-core daemon. + +The bitcoin-cli utility allows you to communicate and control a bitcoin daemon +over RPC, the bitcoin-tx utility allows you to create a custom transaction, and +the bench_bitcoin utility can be used to perform some benchmarks. + +This package contains utilities needed by the bitcoin-server package. + + +%prep +%setup -q +%patch0 -p1 -b .libressl +cp -p %{SOURCE10} ./bitcoin.conf.example +tar -zxf %{SOURCE1} +cp -p db-%{bdbv}.NC/LICENSE ./db-%{bdbv}.NC-LICENSE +mkdir db4 SELinux +cp -p %{SOURCE30} %{SOURCE31} %{SOURCE32} SELinux/ + + +%build +CWD=`pwd` +cd db-%{bdbv}.NC/build_unix/ +../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${CWD}/db4 +make install +cd ../.. + +./autogen.sh +%configure LDFLAGS="-L${CWD}/db4/lib/" CPPFLAGS="-I${CWD}/db4/include/" --with-miniupnpc --enable-glibc-back-compat %{buildargs} +make %{?_smp_mflags} + +pushd SELinux +for selinuxvariant in %{selinux_variants}; do + make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile + mv bitcoin.pp bitcoin.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean +done +popd + + +%install +make install DESTDIR=%{buildroot} + +mkdir -p -m755 %{buildroot}%{_sbindir} +mv %{buildroot}%{_bindir}/bitcoind %{buildroot}%{_sbindir}/bitcoind + +# systemd stuff +mkdir -p %{buildroot}%{_tmpfilesdir} +cat < %{buildroot}%{_tmpfilesdir}/bitcoin.conf +d /run/bitcoind 0750 bitcoin bitcoin - +EOF +touch -a -m -t 201504280000 %{buildroot}%{_tmpfilesdir}/bitcoin.conf + +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +cat < %{buildroot}%{_sysconfdir}/sysconfig/bitcoin +# Provide options to the bitcoin daemon here, for example +# OPTIONS="-testnet -disable-wallet" + +OPTIONS="" + +# System service defaults. +# Don't change these unless you know what you're doing. +CONFIG_FILE="%{_sysconfdir}/bitcoin/bitcoin.conf" +DATA_DIR="%{_localstatedir}/lib/bitcoin" +PID_FILE="/run/bitcoind/bitcoind.pid" +EOF +touch -a -m -t 201504280000 %{buildroot}%{_sysconfdir}/sysconfig/bitcoin + +mkdir -p %{buildroot}%{_unitdir} +cat < %{buildroot}%{_unitdir}/bitcoin.service +[Unit] +Description=Bitcoin daemon +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=%{_sbindir}/bitcoind -daemon -conf=\${CONFIG_FILE} -datadir=\${DATA_DIR} -pid=\${PID_FILE} \$OPTIONS +EnvironmentFile=%{_sysconfdir}/sysconfig/bitcoin +User=bitcoin +Group=bitcoin + +Restart=on-failure +PrivateTmp=true +TimeoutStopSec=120 +TimeoutStartSec=60 +StartLimitInterval=240 +StartLimitBurst=5 + +[Install] +WantedBy=multi-user.target +EOF +touch -a -m -t 201504280000 %{buildroot}%{_unitdir}/bitcoin.service +#end systemd stuff + +mkdir %{buildroot}%{_sysconfdir}/bitcoin +mkdir -p %{buildroot}%{_localstatedir}/lib/bitcoin + +#SELinux +for selinuxvariant in %{selinux_variants}; do + install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 SELinux/bitcoin.pp.${selinuxvariant} %{buildroot}%{_datadir}/selinux/${selinuxvariant}/bitcoin.pp +done + +%if %{_buildqt} +# qt icons +install -D -p share/pixmaps/bitcoin.ico %{buildroot}%{_datadir}/pixmaps/bitcoin.ico +install -p share/pixmaps/nsis-header.bmp %{buildroot}%{_datadir}/pixmaps/ +install -p share/pixmaps/nsis-wizard.bmp %{buildroot}%{_datadir}/pixmaps/ +install -p %{SOURCE100} %{buildroot}%{_datadir}/pixmaps/bitcoin.svg +%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin16.png -w16 -h16 +%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin32.png -w32 -h32 +%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin64.png -w64 -h64 +%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin128.png -w128 -h128 +%{_bindir}/inkscape %{SOURCE100} --export-png=%{buildroot}%{_datadir}/pixmaps/bitcoin256.png -w256 -h256 +%{_bindir}/convert -resize 16x16 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin16.xpm +%{_bindir}/convert -resize 32x32 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin32.xpm +%{_bindir}/convert -resize 64x64 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin64.xpm +%{_bindir}/convert -resize 128x128 %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin128.xpm +%{_bindir}/convert %{buildroot}%{_datadir}/pixmaps/bitcoin256.png %{buildroot}%{_datadir}/pixmaps/bitcoin256.xpm +touch %{buildroot}%{_datadir}/pixmaps/*.png -r %{SOURCE100} +touch %{buildroot}%{_datadir}/pixmaps/*.xpm -r %{SOURCE100} + +# Desktop File - change the touch timestamp if modifying +mkdir -p %{buildroot}%{_datadir}/applications +cat < %{buildroot}%{_datadir}/applications/bitcoin-core.desktop +[Desktop Entry] +Encoding=UTF-8 +Name=Bitcoin +Comment=Bitcoin P2P Cryptocurrency +Comment[fr]=Bitcoin, monnaie virtuelle cryptographique pair à pair +Comment[tr]=Bitcoin, eşten eşe kriptografik sanal para birimi +Exec=bitcoin-qt %u +Terminal=false +Type=Application +Icon=bitcoin128 +MimeType=x-scheme-handler/bitcoin; +Categories=Office;Finance; +EOF +# change touch date when modifying desktop +touch -a -m -t 201511100546 %{buildroot}%{_datadir}/applications/bitcoin-core.desktop +%{_bindir}/desktop-file-validate %{buildroot}%{_datadir}/applications/bitcoin-core.desktop + +# KDE protocol - change the touch timestamp if modifying +mkdir -p %{buildroot}%{_datadir}/kde4/services +cat < %{buildroot}%{_datadir}/kde4/services/bitcoin-core.protocol +[Protocol] +exec=bitcoin-qt '%u' +protocol=bitcoin +input=none +output=none +helper=true +listing= +reading=false +writing=false +makedir=false +deleting=false +EOF +# change touch date when modifying protocol +touch -a -m -t 201511100546 %{buildroot}%{_datadir}/kde4/services/bitcoin-core.protocol +%endif + +# man pages +install -D -p %{SOURCE20} %{buildroot}%{_mandir}/man1/bitcoind.1 +install -p %{SOURCE21} %{buildroot}%{_mandir}/man1/bitcoin-cli.1 +%if %{_buildqt} +install -p %{SOURCE22} %{buildroot}%{_mandir}/man1/bitcoin-qt.1 +%endif +install -D -p %{SOURCE23} %{buildroot}%{_mandir}/man5/bitcoin.conf.5 + +# nuke these, we do extensive testing of binaries in %%check before packaging +rm -f %{buildroot}%{_bindir}/test_* + +%check +make check +pushd src +srcdir=. test/bitcoin-util-test.py +popd +qa/pull-tester/rpc-tests.py -extended + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%pre server +getent group bitcoin >/dev/null || groupadd -r bitcoin +getent passwd bitcoin >/dev/null || + useradd -r -g bitcoin -d /var/lib/bitcoin -s /sbin/nologin \ + -c "Bitcoin wallet server" bitcoin +exit 0 + +%post server +%systemd_post bitcoin.service +# SELinux +if [ `%{_sbindir}/sestatus |grep -c "disabled"` -eq 0 ]; then +for selinuxvariant in %{selinux_variants}; do + %{_sbindir}/semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/bitcoin.pp &> /dev/null || : +done +%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 8332 +%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 8333 +%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 18332 +%{_sbindir}/semanage port -a -t bitcoin_port_t -p tcp 18333 +%{_sbindir}/fixfiles -R bitcoin-server restore &> /dev/null || : +%{_sbindir}/restorecon -R %{_localstatedir}/lib/bitcoin || : +fi + +%posttrans server +%{_bindir}/systemd-tmpfiles --create + +%preun server +%systemd_preun bitcoin.service + +%postun server +%systemd_postun bitcoin.service +# SELinux +if [ $1 -eq 0 ]; then + if [ `%{_sbindir}/sestatus |grep -c "disabled"` -eq 0 ]; then + %{_sbindir}/semanage port -d -p tcp 8332 + %{_sbindir}/semanage port -d -p tcp 8333 + %{_sbindir}/semanage port -d -p tcp 18332 + %{_sbindir}/semanage port -d -p tcp 18333 + for selinuxvariant in %{selinux_variants}; do + %{_sbindir}/semodule -s ${selinuxvariant} -r bitcoin &> /dev/null || : + done + %{_sbindir}/fixfiles -R bitcoin-server restore &> /dev/null || : + [ -d %{_localstatedir}/lib/bitcoin ] && \ + %{_sbindir}/restorecon -R %{_localstatedir}/lib/bitcoin &> /dev/null || : + fi +fi + +%clean +rm -rf %{buildroot} + +%if %{_buildqt} +%files core +%defattr(-,root,root,-) +%license COPYING db-%{bdbv}.NC-LICENSE +%doc COPYING bitcoin.conf.example doc/README.md doc/bips.md doc/files.md doc/multiwallet-qt.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md +%attr(0755,root,root) %{_bindir}/bitcoin-qt +%attr(0644,root,root) %{_datadir}/applications/bitcoin-core.desktop +%attr(0644,root,root) %{_datadir}/kde4/services/bitcoin-core.protocol +%attr(0644,root,root) %{_datadir}/pixmaps/*.ico +%attr(0644,root,root) %{_datadir}/pixmaps/*.bmp +%attr(0644,root,root) %{_datadir}/pixmaps/*.svg +%attr(0644,root,root) %{_datadir}/pixmaps/*.png +%attr(0644,root,root) %{_datadir}/pixmaps/*.xpm +%attr(0644,root,root) %{_mandir}/man1/bitcoin-qt.1* +%endif + +%files libs +%defattr(-,root,root,-) +%license COPYING +%doc COPYING doc/README.md doc/shared-libraries.md +%{_libdir}/lib*.so.* + +%files devel +%defattr(-,root,root,-) +%license COPYING +%doc COPYING doc/README.md doc/developer-notes.md doc/shared-libraries.md +%attr(0644,root,root) %{_includedir}/*.h +%{_libdir}/*.so +%{_libdir}/*.a +%{_libdir}/*.la +%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc + +%files server +%defattr(-,root,root,-) +%license COPYING db-%{bdbv}.NC-LICENSE +%doc COPYING bitcoin.conf.example doc/README.md doc/REST-interface.md doc/bips.md doc/dnsseed-policy.md doc/files.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md +%attr(0755,root,root) %{_sbindir}/bitcoind +%attr(0644,root,root) %{_tmpfilesdir}/bitcoin.conf +%attr(0644,root,root) %{_unitdir}/bitcoin.service +%dir %attr(0750,bitcoin,bitcoin) %{_sysconfdir}/bitcoin +%dir %attr(0750,bitcoin,bitcoin) %{_localstatedir}/lib/bitcoin +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/bitcoin +%attr(0644,root,root) %{_datadir}/selinux/*/*.pp +%attr(0644,root,root) %{_mandir}/man1/bitcoind.1* +%attr(0644,root,root) %{_mandir}/man5/bitcoin.conf.5* + +%files utils +%defattr(-,root,root,-) +%license COPYING +%doc COPYING bitcoin.conf.example doc/README.md +%attr(0755,root,root) %{_bindir}/bitcoin-cli +%attr(0755,root,root) %{_bindir}/bitcoin-tx +%attr(0755,root,root) %{_bindir}/bench_bitcoin +%attr(0644,root,root) %{_mandir}/man1/bitcoin-cli.1* +%attr(0644,root,root) %{_mandir}/man5/bitcoin.conf.5* + + + +%changelog +* Fri Feb 26 2016 Alice Wonder - 0.12.0-2 +- Rename Qt package from bitcoin to bitcoin-core +- Make building of the Qt package optional +- When building the Qt package, default to Qt5 but allow building +- against Qt4 +- Only run SELinux stuff in post scripts if it is not set to disabled + +* Wed Feb 24 2016 Alice Wonder - 0.12.0-1 +- Initial spec file for 0.12.0 release + +# This spec file is written from scratch but a lot of the packaging decisions are directly +# based upon the 0.11.2 package spec file from https://www.ringingliberty.com/bitcoin/ diff --git a/contrib/rpm/bitcoin.te b/contrib/rpm/bitcoin.te new file mode 100644 index 000000000..d6231c591 --- /dev/null +++ b/contrib/rpm/bitcoin.te @@ -0,0 +1,81 @@ +policy_module(bitcoin, 1.100.1) + +######################################## +# +# Declarations +# + +type bitcoin_t; +type bitcoin_exec_t; +init_daemon_domain(bitcoin_t, bitcoin_exec_t) + +permissive bitcoin_t; + +type bitcoin_initrc_exec_t; +init_script_file(bitcoin_initrc_exec_t) + +type bitcoin_conf_t; +files_type(bitcoin_conf_t) + +type bitcoin_var_lib_t; +files_type(bitcoin_var_lib_t) + +type bitcoin_var_run_t; +files_type(bitcoin_var_run_t) + +type bitcoin_port_t; +corenet_port(bitcoin_port_t) + +######################################## +# +# bitcoin local policy +# +allow bitcoin_t self:process { fork }; + +allow bitcoin_t self:fifo_file rw_fifo_file_perms; +allow bitcoin_t self:unix_stream_socket create_stream_socket_perms; + +manage_dirs_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) +manage_files_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +manage_files_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +files_var_lib_filetrans(bitcoin_t, bitcoin_var_lib_t, { dir file }) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) +manage_files_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) + +sysnet_dns_name_resolve(bitcoin_t) +corenet_all_recvfrom_unlabeled(bitcoin_t) + +allow bitcoin_t self:tcp_socket create_stream_socket_perms; +corenet_tcp_sendrecv_generic_if(bitcoin_t) +corenet_tcp_sendrecv_generic_node(bitcoin_t) +corenet_tcp_sendrecv_all_ports(bitcoin_t) +corenet_tcp_bind_generic_node(bitcoin_t) + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_bind; + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_connect; + +domain_use_interactive_fds(bitcoin_t) + +files_read_etc_files(bitcoin_t) + +miscfiles_read_localization(bitcoin_t) + +sysnet_dns_name_resolve(bitcoin_t) + +allow bitcoin_t bitcoin_exec_t:file execute_no_trans; +allow bitcoin_t self:process setsched; +corecmd_exec_ls(bitcoin_t) +corenet_tcp_connect_http_port(bitcoin_t) +dev_read_urand(bitcoin_t) +fs_getattr_xattr_fs(bitcoin_t) +kernel_read_system_state(bitcoin_t)