--- openqa.spec.4.3-10 2016-02-10 13:54:09.492486716 -0800 +++ openqa.spec.4.3-11 2016-02-12 09:14:31.739028550 -0800 @@ -40,11 +40,14 @@ Name: openqa Version: %{github_version} -Release: 10%{?github_date:.%{github_date}git%{shortcommit}}%{?dist} +Release: 11%{?github_date:.%{github_date}git%{shortcommit}}%{?dist} Summary: OS-level automated testing framework License: GPLv2+ Url: http://os-autoinst.github.io/openQA/ Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{github_commit}/%{github_name}-%{github_commit}.tar.gz +# script for (re-)generating packed web assets when AssetPack or Bootstrap3 +# change: see package review for discussion of this +Source1: generate-packed-assets # Backport: don't slow things down by using dbus for thumbnails # https://github.com/os-autoinst/openQA/commit/5cdcdb062d54f84efb2047a5ab22df511da4aa09 Patch0: 0001-Don-t-rely-on-IPC-for-thumbnails.patch @@ -57,13 +60,17 @@ # Backport: log to stderr (so systemd journal) by default # https://github.com/os-autoinst/openQA/pull/541 Patch3: 0001-log-to-stderr-so-journal-by-default.patch +# Backport: fix some issues with UID and GID switch in initdb script +# https://github.com/os-autoinst/openQA/pull/546 +Patch4: 0001-initdb-when-user-set-setgid-and-don-t-guess-db-owner.patch Obsoletes: openqa < 4.3-7 Requires(post): sqlite +# This is for the %triggerin script (asset generation calls 'sass' command) +Requires: rubygem(sass) # This is for tests, currently disabled #BuildRequires: os-autoinst Requires: openqa-common = %{version}-%{release} Requires: perl(URI) -BuildRequires: rubygem(sass) # needed for openid support Requires: perl(LWP::Protocol::https) Recommends: logrotate @@ -101,8 +108,8 @@ Requires(postun): systemd BuildArch: noarch -# we need to have the same sha1 as expected -%requires_eq perl-Mojolicious-Plugin-Bootstrap3 perl-Mojolicious-Plugin-AssetPack +Requires: perl-Mojolicious-Plugin-Bootstrap3 +Requires: perl-Mojolicious-Plugin-AssetPack %description openQA is a framework for operating system-level automated testing. @@ -178,22 +185,12 @@ %install %make_install +install -m 0755 %{SOURCE1} %{buildroot}%{_datadir}/openqa/script/generate-packed-assets + mkdir -p %{buildroot}%{_datadir}/openqa/etc/openqa ln -s %{_sysconfdir}/openqa/openqa.ini %{buildroot}%{_datadir}/openqa/etc/openqa/openqa.ini ln -s %{_sysconfdir}/openqa/database.ini %{buildroot}%{_datadir}/openqa/etc/openqa/database.ini -rm -rf /tmp/etc_openqa -cp -a etc/openqa /tmp/etc_openqa -export OPENQA_CONFIG=/tmp/etc_openqa -export OPENQA_LOGFILE=/tmp/logfile -rm -rf /tmp/db -mkdir -p /tmp/db -sed -i -e 's,/var/lib/openqa/db,/tmp/db,' /tmp/etc_openqa/database.ini -# strange way to precompile assets :) -./script/initdb --init_database -./script/openqa version -m production -cp -a public/packed %{buildroot}%{_datadir}/openqa/public/ - cd %{buildroot} grep -rl /usr/bin/env . | while read file; do sed -e 's,/usr/bin/env perl,/usr/bin/perl,' -i $file @@ -224,14 +221,12 @@ getent passwd geekotest >/dev/null || \ useradd -r -g geekotest -d /var/lib/openqa -s /sbin/nologin \ -c "openQA user" geekotest || : -exit 0 %pre worker getent group _openqa-worker >/dev/null || groupadd -r _openqa-worker || : getent passwd _openqa-worker >/dev/null || \ useradd -r -g _openqa-worker -G qemu -d /dev/null -s /sbin/nologin \ -c "openQA worker" _openqa-worker || : -exit 0 %post # do database @@ -253,6 +248,9 @@ %preun %systemd_preun %{openqa_services} +if [ $1 -eq 0 ]; then + rm -rf %{_datadir}/openqa/public/packed +fi %preun worker %systemd_preun %{openqa_worker_services} @@ -263,6 +261,11 @@ %postun worker %systemd_postun_with_restart %{openqa_worker_services} +# when these packages change, the 'packed' assets will be invalidated +# and need regeneration. we do not let openQA itself regenerate them +# for security reasons (reducing write privs as far as possible) +%triggerin -- perl-Mojolicious-Plugin-Bootstrap3 perl-Mojolicious-Plugin-AssetPack +%{_datadir}/openqa/script/generate-packed-assets %files %doc README.asciidoc docs/* @@ -285,6 +288,7 @@ %{_datadir}/openqa/templates %{_datadir}/openqa/public %{_datadir}/openqa/dbicdh +%dir %{_datadir}/openqa/script %{_datadir}/openqa/script/backlog %{_datadir}/openqa/script/check_dependencies %{_datadir}/openqa/script/clean_needles @@ -302,6 +306,7 @@ %{_datadir}/openqa/script/upgradedb %{_datadir}/openqa/script/migrate_images %{_datadir}/openqa/script/modify_needle +%{_datadir}/openqa/script/generate-packed-assets %dir %{_localstatedir}/lib/openqa/share %dir %{_localstatedir}/lib/openqa/share/factory %defattr(-,geekotest,root) @@ -310,10 +315,6 @@ # the server may create files in these locations %dir %{_localstatedir}/lib/openqa/images %dir %{_localstatedir}/lib/openqa/share/tests -%dir %{_localstatedir}/lib/openqa/share/factory/iso -%ghost %dir %{_localstatedir}/lib/openqa/share/factory/hdd -%ghost %dir %{_localstatedir}/lib/openqa/share/factory/other -%ghost %dir %{_localstatedir}/lib/openqa/share/factory/repo %{_localstatedir}/lib/openqa/testresults # when sqlite is used this file must be server-writable and *not* # readable by anyone but server or root, hence expected permissions @@ -322,6 +323,7 @@ %files common %license COPYING %dir %{_datadir}/openqa +%ghost %dir %{_datadir}/openqa/packed %{_datadir}/openqa/lib %dir %{_localstatedir}/lib/openqa # these are compatibility symlinks into the shared data; they go in @@ -365,6 +367,12 @@ %config %{_sysconfdir}/httpd/conf.d/openqa-ssl.conf.template %changelog +* Fri Feb 12 2016 Adam Williamson - 4.3-11 +- fix initdb UID / GID issues +- use triggers for packed asset (re-)generation (Zbigniew) +- server should own script dir as well as worker +- drop ownership / ghosting of specific asset dirs + * Wed Feb 10 2016 Adam Williamson - 4.3-10 - log to journal by default (upstream PR #541)