From d4b0f4bb37733cc1453b7dac4d29a4f831ab4650 Mon Sep 17 00:00:00 2001
From: Marcin Haba <marcin.haba@bacula.pl>
Date: Tue, 14 Jul 2015 20:02:47 +0200
Subject: [PATCH] baculum: Add sample files to build rpm packages

---
 gui/baculum/Makefile                          |  48 ++++++
 gui/baculum/examples/rpm/baculum-apache.conf  |  15 ++
 ...um.lighttpd.conf => baculum-lighttpd.conf} |   2 +-
 ...culum.service => baculum-lighttpd.service} |   2 +-
 gui/baculum/examples/rpm/baculum.spec         | 163 ++++++++++++------
 gui/baculum/examples/rpm/baculum.users        |   2 +-
 gui/baculum/examples/sudo/baculum-httpd       |   2 +
 gui/baculum/examples/sudo/baculum-lighttpd    |   2 +
 8 files changed, 184 insertions(+), 52 deletions(-)
 create mode 100644 gui/baculum/Makefile
 create mode 100644 gui/baculum/examples/rpm/baculum-apache.conf
 rename gui/baculum/examples/rpm/{baculum.lighttpd.conf => baculum-lighttpd.conf} (97%)
 rename gui/baculum/examples/rpm/{baculum.service => baculum-lighttpd.service} (71%)
 create mode 100644 gui/baculum/examples/sudo/baculum-httpd
 create mode 100644 gui/baculum/examples/sudo/baculum-lighttpd

diff --git a/gui/baculum/Makefile b/gui/baculum/Makefile
new file mode 100644
index 0000000000..5ce11debbe
--- /dev/null
+++ b/gui/baculum/Makefile
@@ -0,0 +1,48 @@
+
+prefix = .
+builddir = $(prefix)/build
+datadir = protected
+frameworkdir = framework
+themesdir = themes
+
+datadirsrc = $(datadir)/Class \
+    $(datadir)/Data \
+    $(datadir)/JavaScript \
+    $(datadir)/Lang \
+    $(datadir)/Layouts \
+    $(datadir)/Pages \
+    $(datadir)/Portlets
+
+datafilesrc = $(datadir)/.htaccess \
+    $(datadir)/application.xml
+
+miscfilesrc = .htaccess \
+    index.php \
+    AUTHORS \
+    INSTALL \
+    LICENSE \
+    README
+
+all: build
+
+build: prepare_build prepare_data prepare_externals prepare_themes
+
+
+prepare_build:
+	[ -d $(builddir) ] || mkdir -p $(builddir)
+
+prepare_data: prepare_build
+	[ -d "$(builddir)/$(datadir)" ] || mkdir -p $(builddir)/$(datadir)
+	cp -ra $(datadirsrc) $(builddir)/$(datadir)
+	cp -a $(datafilesrc) $(builddir)/$(datadir)
+	cp -a $(miscfilesrc) $(builddir)
+
+prepare_externals: prepare_build
+	cp -ra $(frameworkdir) $(builddir)
+
+prepare_themes: prepare_build
+	cp -ra $(themesdir) $(builddir)
+
+install: build
+	[ -d $(INSTALL_ROOT) ] || mkdir -p $(INSTALL_ROOT)
+	cp -ra $(builddir) $(INSTALL_ROOT)/
diff --git a/gui/baculum/examples/rpm/baculum-apache.conf b/gui/baculum/examples/rpm/baculum-apache.conf
new file mode 100644
index 0000000000..24a0b25b64
--- /dev/null
+++ b/gui/baculum/examples/rpm/baculum-apache.conf
@@ -0,0 +1,15 @@
+Listen 9095
+
+<VirtualHost *:9095>
+	DocumentRoot /usr/share/baculum/htdocs
+	ServerName localhost
+	CustomLog /var/log/httpd/baculum-access.log combined
+	ErrorLog /var/log/httpd/baculum-error.log
+	<Directory /usr/share/baculum/htdocs>
+		AllowOverride All
+		AuthType Basic
+		AuthName "Baculum Auth"
+		AuthUserFile /usr/share/baculum/htdocs/protected/Data/baculum.users
+		Require valid-user
+	</Directory>
+</VirtualHost>
\ No newline at end of file
diff --git a/gui/baculum/examples/rpm/baculum.lighttpd.conf b/gui/baculum/examples/rpm/baculum-lighttpd.conf
similarity index 97%
rename from gui/baculum/examples/rpm/baculum.lighttpd.conf
rename to gui/baculum/examples/rpm/baculum-lighttpd.conf
index 3f3c4b4598..1129347e6b 100644
--- a/gui/baculum/examples/rpm/baculum.lighttpd.conf
+++ b/gui/baculum/examples/rpm/baculum-lighttpd.conf
@@ -19,7 +19,7 @@ server.modules = (
         "mod_accesslog"
 )
 
-auth.backend          = "plain" 
+auth.backend          = "htpasswd"
 auth.backend.plain.userfile = "/usr/share/baculum/htdocs/protected/Data/baculum.users"
 auth.require = ( "/" => (
         "method" => "basic",
diff --git a/gui/baculum/examples/rpm/baculum.service b/gui/baculum/examples/rpm/baculum-lighttpd.service
similarity index 71%
rename from gui/baculum/examples/rpm/baculum.service
rename to gui/baculum/examples/rpm/baculum-lighttpd.service
index 401f860429..6d07142730 100644
--- a/gui/baculum/examples/rpm/baculum.service
+++ b/gui/baculum/examples/rpm/baculum-lighttpd.service
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 PIDFile=/var/run/baculum.pid
-ExecStart=/usr/sbin/lighttpd -f /etc/baculum/baculum.lighttpd.conf
+ExecStart=/usr/sbin/lighttpd -f /etc/baculum/baculum-lighttpd.conf
 
 [Install]
 WantedBy=multi-user.target
diff --git a/gui/baculum/examples/rpm/baculum.spec b/gui/baculum/examples/rpm/baculum.spec
index 3c9dfd126d..69eae062ab 100644
--- a/gui/baculum/examples/rpm/baculum.spec
+++ b/gui/baculum/examples/rpm/baculum.spec
@@ -1,17 +1,22 @@
 Summary:	WebGUI tool for Bacula Community program
 Name:		baculum
 Version:	7.0.6
-Release:	0.1.b%{?dist}
+Release:	0.3.b%{?dist}
 License:	AGPLv3
 Group:		Applications/Internet
 URL:		http://bacula.org/
-Source:		%{name}-%{version}b.tar.gz
+Source0:	http://bacula.org/downloads/baculum/baculum-7.0.6b.tar.gz
+Source1:	baculum.users
+Source2:	baculum-apache.conf
+Source3:	baculum-lighttpd.conf
+Source4:	baculum-lighttpd.service
 BuildRequires:	systemd-units
 BuildRequires:	selinux-policy
+BuildRequires:	selinux-policy-devel
 BuildRequires:	checkpolicy
-Requires:	lighttpd
-Requires:	lighttpd-fastcgi
 Requires:	bacula-console
+# Lower version of PHP ( < 5.3.4) does not provide php-mysqlnd db driver
+# and from this reason the lowest is 5.3.4
 Requires:	php >= 5.3.4
 Requires:	php-bcmath
 Requires:	php-common
@@ -20,13 +25,11 @@ Requires:	php-mysqlnd
 Requires:	php-pdo
 Requires:	php-pgsql
 Requires:	php-xml
-Requires(post):	/sbin/chkconfig, policycoreutils-python
-Requires(preun):/sbin/service, /sbin/chkconfig, policycoreutils-python
-BuildArch: noarch
+BuildArch:	noarch
 
 %description
-The Baculum program allows the user to administrate and manage Bacula work.
-By using Baculum is possible to execute backup/restore operations, monitor
+The Baculum program allows the user to administer and manage Bacula jobs.
+By using Baculum it is possible to execute backup/restore operations, monitor
 current Bacula jobs, media management and others. Baculum has integrated web
 console that communicates with Bacula bconsole program.
 
@@ -42,85 +45,147 @@ This package provides an SELinux module for Baculum WebGUI tool.
 You should install this package if you are using SELinux, that Baculum
 can be run in enforcing mode.
 
+%package httpd
+Summary:		Apache configuration for Baculum WebGUI tool
+Requires:		%name = %version-%release
+Group:			Applications/Internet
+Requires:		httpd
+# This conflict field is required because Lighttpd and Apache
+# cannot listen on the same port at the same time. Even using diffeernt
+# ports cause problems like shared framework cache and
+# web server specific directories permissions (for lighttpd and apache
+# users).
+Conflicts:		%{name}-lighttpd
+
+%description httpd
+This package provides the Apache configuration for Baculum WebGUI tool.
+By using this module it is possible to run Baculum in Apache environment.
+
+%package lighttpd
+Summary:		Lighttpd configuration for Baculum WebGUI tool
+Requires:		%name = %version-%release
+Group:			Applications/Internet
+Requires:		lighttpd
+Requires:		lighttpd-fastcgi
+# This conflict field is required because Lighttpd and Apache
+# cannot listen on the same port at the same time. Even using diffeernt
+# ports cause problems like shared framework cache and
+# web server specific directories permissions (for lighttpd and apache
+# users).
+Conflicts:		%{name}-httpd
+
+%description lighttpd
+This package provides the Lighttpd configuration for Baculum WebGUI tool.
+By using this module it is possible to run Baculum in Lighttpd environment.
+
 %prep
 %autosetup
 
 %build
-
-%files
-%defattr(-,lighttpd,lighttpd)
-%attr(-,lighttpd,lighttpd) %{_localstatedir}/cache/%{name}/
-%attr(750,lighttpd,lighttpd) %{_var}/log/%{name}/
-%{_unitdir}/baculum.service
-%{_datadir}/%{name}/
-%config %{_sysconfdir}/%{name}/%{name}.lighttpd.conf
-%config(noreplace) %{_sysconfdir}/%{name}/%{name}.users
-%license LICENSE
-%doc AUTHORS INSTALL README
-
-%files selinux
-%defattr(-,lighttpd,lighttpd)
-%{_datadir}/selinux/packages/%{name}/%{name}.pp
+# Execute files preparation in build directory by Makefile
+make build
+# Compilation SELinuxu policies before loading them
+make -C examples/selinux/ -f %{_datadir}/selinux/devel/Makefile %{name}.pp
 
 %install
-mkdir -p %{buildroot}%{_datadir}/%{name}/htdocs
+mkdir -p %{buildroot}%{_datadir}/%{name}/htdocs/protected
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}
+mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
 mkdir -p %{buildroot}%{_unitdir}
 mkdir -p %{buildroot}%{_localstatedir}/cache/%{name}
 mkdir -p %{buildroot}%{_var}/log/%{name}
 mkdir -p %{buildroot}%{_datadir}/selinux/packages/%{name}
 
-cp -ra framework protected themes index.php AUTHORS INSTALL LICENSE README %{buildroot}%{_datadir}/%{name}/htdocs
+cp -ra build/. %{buildroot}%{_datadir}/%{name}/htdocs
+install -m 640 %{SOURCE2} %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf
+install -m 640 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/
+install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/
+install -m 600 %{SOURCE1} %{buildroot}%{_datadir}/%{name}/htdocs/protected/Data/%{name}.users
+install -m 644 examples/selinux/%{name}.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp
+# these symbolic links indicates to Baculum's cache directory
 ln -s  %{_localstatedir}/cache/%{name} %{buildroot}%{_datadir}/%{name}/htdocs/assets
 ln -s  %{_localstatedir}/cache/%{name} %{buildroot}%{_datadir}/%{name}/htdocs/protected/runtime
-install -m 640 examples/rpm/baculum.lighttpd.conf %{buildroot}%{_sysconfdir}/%{name}/
-install -m 600 examples/rpm/baculum.users %{buildroot}%{_sysconfdir}/%{name}/%{name}.users
-install -m 644 examples/rpm/baculum.service %{buildroot}%{_unitdir}/
-install -m 644 examples/selinux/%{name}.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp
-
-%post
-[ -e %{_datadir}/baculum/htdocs/protected/Data/baculum.users ] ||
-    ln -s %{_sysconfdir}/baculum/baculum.users %{_datadir}/%{name}/htdocs/protected/Data/baculum.users
-[ -e %{_datadir}/baculum/htdocs/assets ] ||
-    ln -s %{_localstatedir}/cache/%{name} %{_datadir}/%{name}/htdocs/assets
-[ -e %{_datadir}/baculum/htdocs/protected/runtime ] ||
-    ln -s %{_localstatedir}/cache/%{name} %{_datadir}/%{name}/htdocs/protected/runtime
 
+%post lighttpd
 %systemd_post baculum.service
 
 %post selinux
 if [ $1 -le 1 ] ; then
+    # Write access is possible for web servers user only to two directories
+    # -  Data/ directory stores settings and web server HTTP Basic credentials
+    # - /var/cache/baculum - cache used by framework in specific locations (assets/ and protected/runtime/)
+    #   by symbolic links to cache directory
     semanage fcontext -a -t httpd_sys_rw_content_t '%{_datadir}/%{name}/htdocs/protected/Data(/.*)?' 2>/dev/null || :
-    restorecon '%{_datadir}/%{name}/htdocs/protected/Data' || :
-    semanage fcontext -a -t httpd_sys_rw_content_t '%{_sysconfdir}/%{name}/baculum.users' 2>/dev/null || :
-    restorecon '%{_sysconfdir}/%{name}/baculum.users' || :
+    restorecon -i -R '%{_datadir}/%{name}/htdocs/protected/Data' || :
     semanage fcontext -a -t httpd_cache_t '%{_localstatedir}/cache/%{name}(/.*)?' 2>/dev/null || :
-    restorecon -R %{_localstatedir}/cache/%{name} || :
+    restorecon -i -R %{_localstatedir}/cache/%{name} || :
     semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp 2>/dev/null || :
 fi
 
 %preun
-%systemd_preun baculum.service
 if [ $1 -lt 1 ] ; then
-    [ ! -e %{_datadir}/%{name}/htdocs/protected/Data/baculum.users ] ||
-	rm %{_datadir}/%{name}/htdocs/protected/Data/baculum.users
+    # remove settings and logs if exist
     [ ! -e %{_datadir}/%{name}/htdocs/protected/Data/settings.conf ] ||
 	rm %{_datadir}/%{name}/htdocs/protected/Data/settings.conf
     [ ! -e %{_datadir}/%{name}/htdocs/protected/Data/baculum.log ] ||
 	rm %{_datadir}/%{name}/htdocs/protected/Data/baculum*.log
 fi
 
-%postun
-%systemd_postun_with_restart baculum.service
+%preun lighttpd
+%systemd_preun baculum-lighttpd.service
+
+%postun lighttpd
+%systemd_postun_with_restart baculum-lighttpd.service
 
 %postun selinux
 if [ $1 -eq 0 ] ; then
     semanage fcontext -d -t httpd_sys_rw_content_t '%{_datadir}/%{name}/htdocs/protected/Data(/.*)?' 2>/dev/null || :
-    semanage fcontext -d -t httpd_sys_rw_content_t '%{_sysconfdir}/%{name}/baculum.users' 2>/dev/null || :
     semanage fcontext -d -t httpd_cache_t '%{_localstatedir}/cache/%{name}(/.*)?' 2>/dev/null || :
     semodule -r %{name} 2>/dev/null || :
 fi
 
+%files
+%defattr(-,root,root)
+# directory excluded here, because it needs to be provided
+# with selected web server privileges (lighttpd or apache)
+%exclude %{_datadir}/%{name}/htdocs/protected/Data/
+%{_datadir}/%{name}
+%license LICENSE
+%doc AUTHORS INSTALL README
+
+%files selinux
+%defattr(-,root,root)
+%{_datadir}/selinux/packages/%{name}/%{name}.pp
+
+%files httpd
+%defattr(644,root,root)
+# Apache logs are stored in /var/log/httpd/
+%config %{_sysconfdir}/httpd/conf.d/%{name}.conf
+%attr(700,apache,apache) %{_localstatedir}/cache/%{name}/
+%attr(700,apache,apache) %{_datadir}/%{name}/htdocs/protected/Data/
+
+%files lighttpd
+%defattr(-,root,root)
+# Lighttpd logs are stored in /var/log/baculum
+%attr(750,lighttpd,lighttpd) %{_var}/log/%{name}/
+%attr(700,lighttpd,lighttpd) %{_localstatedir}/cache/%{name}/
+%attr(700,lighttpd,lighttpd) %{_datadir}/%{name}/htdocs/protected/Data/
+%{_unitdir}/%{name}-lighttpd.service
+%config %{_sysconfdir}/%{name}/%{name}-lighttpd.conf
+
 %changelog
+ * Tue Jul 14 2015 Marcin Haba <marcin.haba@bacula.pl> - 7.0.6-0.3.b
+ - Separate to subpackage Lighttpd support
+ - Add Apache subpackage
+ - Use upstream Makefile to prepare build files
+ - Cache symlbolic links only in install section
+ - Add comments to Spec
+ - Compile SELinux policies instead of install pre-compiled
+ - Add source files: baculum.users, baculum-apache.conf
+   baculum-lighttpd.conf and baculum-lighttpd.service
+ * Mon Jul 13 2015 Marcin Haba <marcin.haba@bacula.pl> - 7.0.6-0.2.b
+ - Remove chkconfig and service dependencies from Spec
+ - Change Spec sections order
+ - Correct package description typos and errors
  * Mon Jul 06 2015 Marcin Haba <marcin.haba@bacula.pl> - 7.0.6-0.1.b
- - Spec create
\ No newline at end of file
+ - Spec create
diff --git a/gui/baculum/examples/rpm/baculum.users b/gui/baculum/examples/rpm/baculum.users
index 3663ae8502..1375f69da5 100644
--- a/gui/baculum/examples/rpm/baculum.users
+++ b/gui/baculum/examples/rpm/baculum.users
@@ -1 +1 @@
-admin:admin
\ No newline at end of file
+admin:YWG41BPzVAkN6
\ No newline at end of file
diff --git a/gui/baculum/examples/sudo/baculum-httpd b/gui/baculum/examples/sudo/baculum-httpd
new file mode 100644
index 0000000000..5a7a9c1243
--- /dev/null
+++ b/gui/baculum/examples/sudo/baculum-httpd
@@ -0,0 +1,2 @@
+Defaults:apache !requiretty
+apache  ALL= NOPASSWD:  /usr/sbin/bconsole
diff --git a/gui/baculum/examples/sudo/baculum-lighttpd b/gui/baculum/examples/sudo/baculum-lighttpd
new file mode 100644
index 0000000000..b06a7e8b31
--- /dev/null
+++ b/gui/baculum/examples/sudo/baculum-lighttpd
@@ -0,0 +1,2 @@
+Defaults:lighttpd !requiretty
+lighttpd  ALL= NOPASSWD:  /usr/sbin/bconsole
-- 
2.39.5