From: Marcin Haba <marcin.haba@bacula.pl>
Date: Wed, 24 Apr 2019 16:53:50 +0000 (+0200)
Subject: baculum: Update example web server config files and spec file
X-Git-Tag: Release-9.4.3~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49dd42eb31561c30259aa06a0a711b0190c7aed3;p=thirdparty%2Fbacula.git

baculum: Update example web server config files and spec file
---

diff --git a/gui/baculum/examples/deb/baculum-api-apache.conf b/gui/baculum/examples/deb/baculum-api-apache.conf
index 252d927c4..f84e3753e 100644
--- a/gui/baculum/examples/deb/baculum-api-apache.conf
+++ b/gui/baculum/examples/deb/baculum-api-apache.conf
@@ -19,32 +19,59 @@ Listen 9096
 		RewriteCond %{REQUEST_FILENAME} !-f
 		RewriteRule ^(.+)$ index.php/$1 [L]
 		RedirectMatch ^/$ /api/?api
-		Require all granted
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Allow,Deny
+			Allow from all
+		</IfModule>
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all granted
+		</IfModule>
 	</Directory>
 	#
-	# NOTE: When you use OAuth2 then change this location section
-	# From: <Location />
+	# NOTE: When you use OAuth2 then change this Directory section
+	# From: <Directory /usr/share/baculum/htdocs>
+	#            ...section body...
+	#       </Directory>
 	# To:   <Location /api/page>
+	#            ...section body...
+	#       </Location>
 	#
-	<Location />
+	<Directory /usr/share/baculum/htdocs>
+	#<Location /api/page>
 		AuthType Basic
 		AuthName "Baculum Auth"
 		AuthUserFile /usr/share/baculum/htdocs/protected/API/Config/baculum.users
 		Require valid-user
-	</Location>
+	#</Location>
+	</Directory>
+
 	<Directory /usr/share/baculum/htdocs/protected>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
 	<Directory /usr/share/baculum/htdocs/framework>
-		Order Deny,Allow
-		Deny from all
-	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Wsat/themes>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Web/Javascripts/source>
+	<Directory /usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source>
 		<ifModule mod_gzip.c>
 			mod_gzip_on Yes
 			mod_gzip_dechunk Yes
diff --git a/gui/baculum/examples/deb/baculum-api-lighttpd.conf b/gui/baculum/examples/deb/baculum-api-lighttpd.conf
index 3ab50ee6c..a5fb34028 100644
--- a/gui/baculum/examples/deb/baculum-api-lighttpd.conf
+++ b/gui/baculum/examples/deb/baculum-api-lighttpd.conf
@@ -91,11 +91,7 @@ url.rewrite-once = (
 
 url.access-deny = (
     "^/usr/share/baculum/htdocs/protected/",
-    "^/usr/share/baculum/htdocs/framework/",
-
-    # Wsat is not used by Baculum. Added here for not storing
-    # framework Apache specific .htaccess files
-    "^/usr/share/baculum/htdocs/framework/Wsat/themes/"
+    "^/usr/share/baculum/htdocs/framework/"
 )
 
 ### Enable compressing dynamic content ###
@@ -112,6 +108,6 @@ $HTTP["url"] !~ "\.php$" {
 }
 
 # enable mod_setenv for framework source files:
-$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/Web/Javascripts/source/" {
+$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source/" {
 	setenv.add-response-header = ("Content-Encoding" => "gzip")
 }
diff --git a/gui/baculum/examples/deb/baculum-web-apache.conf b/gui/baculum/examples/deb/baculum-web-apache.conf
index eb431e05e..e53e014cb 100644
--- a/gui/baculum/examples/deb/baculum-web-apache.conf
+++ b/gui/baculum/examples/deb/baculum-web-apache.conf
@@ -20,45 +20,87 @@ Listen 9095
 		RewriteRule ^(.*)$ index.php/$1 [L]
 		RedirectMatch ^/$ /web/
 	</Directory>
-	<Location />
-		SetEnvIf Request_URI "^/web/redirect$" noauth=1
 
-		AuthType Basic
-		AuthName "Baculum Auth"
-		AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+	# Apache 2.2
+	<IfModule !mod_authz_core.c>
+		<Directory /usr/share/baculum/htdocs>
+			SetEnvIf Request_URI "^/web/redirect$" noauth=1
+
+			AuthType Basic
+			AuthName "Baculum Auth"
+			AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+
+			Order Deny,Allow
+			Satisfy Any
+			Deny from all
+			Require valid-user
+			Allow from env=noauth
+			Allow from env=REDIRECT_noauth
+		</Directory>
+	</IfModule>
+
+	# Apache 2.4
+	<IfModule mod_authz_core.c>
+		<Directory /usr/share/baculum/htdocs>
+			SetEnvIf Request_URI "^/web/redirect$" noauth=1
+			<RequireAny>
+				<RequireAll>
+					<RequireAny>
+						Require env noauth
+						Require env REDIRECT_noauth
+					</RequireAny>
+					Require all granted
+				</RequireAll>
+				<RequireAll>
+					AuthType Basic
+					AuthName "Baculum Auth"
+					AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+					Require not env noauth
+					Require not env REDIRECT_noauth
+					Require valid-user
+				</RequireAll>
+			</RequireAny>
+		</Directory>
+	</IfModule>
 
-		Order Deny,Allow
-		Satisfy Any
-		Deny from all
-		Require valid-user
-		Allow from env=noauth
-		Allow from env=REDIRECT_noauth
-	</Location>
 	<Directory /usr/share/baculum/htdocs/protected>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
+
 	<Directory /usr/share/baculum/htdocs/framework>
-		Order Deny,Allow
-		Deny from all
-	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Wsat/themes>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Web/Javascripts/source>
-		<ifModule mod_gzip.c>
+	<Directory /usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source>
+		<IfModule mod_gzip.c>
 			mod_gzip_on Yes
 			mod_gzip_dechunk Yes
 			mod_gzip_item_include file \.js$
 			mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
-		</ifModule>
-		<ifModule mod_expires.c>
+		</IfModule>
+		<IfModule mod_expires.c>
 			ExpiresActive On
 			ExpiresDefault "access plus 864000 seconds"
-		</ifModule>
-		<ifModule mod_headers.c>
+		</IfModule>
+		<IfModule mod_headers.c>
 			Header set Cache-Control "max-age=864000, private"
-		</ifModule>
+		</IfModule>
 	</Directory>
 </VirtualHost>
diff --git a/gui/baculum/examples/deb/baculum-web-lighttpd.conf b/gui/baculum/examples/deb/baculum-web-lighttpd.conf
index e233c110c..787b436f6 100644
--- a/gui/baculum/examples/deb/baculum-web-lighttpd.conf
+++ b/gui/baculum/examples/deb/baculum-web-lighttpd.conf
@@ -88,11 +88,7 @@ url.rewrite-once = (
 
 url.access-deny = (
     "^/usr/share/baculum/htdocs/protected/",
-    "^/usr/share/baculum/htdocs/framework/",
-
-    # Wsat is not used by Baculum. Added here for not storing
-    # framework Apache specific .htaccess files
-    "^/usr/share/baculum/htdocs/framework/Wsat/themes/"
+    "^/usr/share/baculum/htdocs/framework/"
 )
 
 ### Enable compressing dynamic content ###
@@ -109,6 +105,6 @@ $HTTP["url"] !~ "\.php$" {
 }
 
 # enable mod_setenv for framework source files:
-$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/Web/Javascripts/source/" {
+$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source/" {
 	setenv.add-response-header = ("Content-Encoding" => "gzip")
 }
diff --git a/gui/baculum/examples/rpm/baculum-api-apache.conf b/gui/baculum/examples/rpm/baculum-api-apache.conf
index 44b1640e3..64a13e37b 100644
--- a/gui/baculum/examples/rpm/baculum-api-apache.conf
+++ b/gui/baculum/examples/rpm/baculum-api-apache.conf
@@ -19,32 +19,59 @@ Listen 9096
 		RewriteCond %{REQUEST_FILENAME} !-f
 		RewriteRule ^(.+)$ index.php/$1 [L]
 		RedirectMatch ^/$ /api/?api
-		Require all granted
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Allow,Deny
+			Allow from all
+		</IfModule>
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all granted
+		</IfModule>
 	</Directory>
 	#
-	# NOTE: When you use OAuth2 then change this location section
-	# From: <Location />
+	# NOTE: When you use OAuth2 then change this Directory section
+	# From: <Directory /usr/share/baculum/htdocs>
+	#            ...section body...
+	#       </Directory>
 	# To:   <Location /api/page>
+	#            ...section body...
+	#       </Location>
 	#
-	<Location />
+	<Directory /usr/share/baculum/htdocs>
+	#<Location /api/page>
 		AuthType Basic
 		AuthName "Baculum Auth"
 		AuthUserFile /usr/share/baculum/htdocs/protected/API/Config/baculum.users
 		Require valid-user
-	</Location>
+	#</Location>
+	</Directory>
+
 	<Directory /usr/share/baculum/htdocs/protected>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
 	<Directory /usr/share/baculum/htdocs/framework>
-		Order Deny,Allow
-		Deny from all
-	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Wsat/themes>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Web/Javascripts/source>
+	<Directory /usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source>
 		<ifModule mod_gzip.c>
 			mod_gzip_on Yes
 			mod_gzip_dechunk Yes
diff --git a/gui/baculum/examples/rpm/baculum-api-lighttpd.conf b/gui/baculum/examples/rpm/baculum-api-lighttpd.conf
index b09afd8d9..fe19b62ab 100644
--- a/gui/baculum/examples/rpm/baculum-api-lighttpd.conf
+++ b/gui/baculum/examples/rpm/baculum-api-lighttpd.conf
@@ -91,11 +91,7 @@ url.rewrite-once = (
 
 url.access-deny = (
     "^/usr/share/baculum/htdocs/protected/",
-    "^/usr/share/baculum/htdocs/framework/",
-
-    # Wsat is not used by Baculum. Added here for not storing
-    # framework Apache specific .htaccess files
-    "^/usr/share/baculum/htdocs/framework/Wsat/themes/"
+    "^/usr/share/baculum/htdocs/framework/"
 )
 
 ### Enable compressing dynamic content ###
@@ -112,6 +108,6 @@ $HTTP["url"] !~ "\.php$" {
 }
 
 # enable mod_setenv for framework source files:
-$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/Web/Javascripts/source/" {
+$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source/" {
 	setenv.add-response-header = ("Content-Encoding" => "gzip")
 }
diff --git a/gui/baculum/examples/rpm/baculum-web-apache.conf b/gui/baculum/examples/rpm/baculum-web-apache.conf
index 71c385ba2..3783ce7ed 100644
--- a/gui/baculum/examples/rpm/baculum-web-apache.conf
+++ b/gui/baculum/examples/rpm/baculum-web-apache.conf
@@ -20,45 +20,87 @@ Listen 9095
 		RewriteRule ^(.*)$ index.php/$1 [L]
 		RedirectMatch ^/$ /web/
 	</Directory>
-	<Location />
-		SetEnvIf Request_URI "^/web/redirect$" noauth=1
 
-		AuthType Basic
-		AuthName "Baculum Auth"
-		AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+	# Apache 2.2
+	<IfModule !mod_authz_core.c>
+		<Directory /usr/share/baculum/htdocs>
+			SetEnvIf Request_URI "^/web/redirect$" noauth=1
+
+			AuthType Basic
+			AuthName "Baculum Auth"
+			AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+
+			Order Deny,Allow
+			Satisfy Any
+			Deny from all
+			Require valid-user
+			Allow from env=noauth
+			Allow from env=REDIRECT_noauth
+		</Directory>
+	</IfModule>
+
+	# Apache 2.4
+	<IfModule mod_authz_core.c>
+		<Directory /usr/share/baculum/htdocs>
+			SetEnvIf Request_URI "^/web/redirect$" noauth=1
+			<RequireAny>
+				<RequireAll>
+					<RequireAny>
+						Require env noauth
+						Require env REDIRECT_noauth
+					</RequireAny>
+					Require all granted
+				</RequireAll>
+				<RequireAll>
+					AuthType Basic
+					AuthName "Baculum Auth"
+					AuthUserFile /usr/share/baculum/htdocs/protected/Web/Config/baculum.users
+					Require not env noauth
+					Require not env REDIRECT_noauth
+					Require valid-user
+				</RequireAll>
+			</RequireAny>
+		</Directory>
+	</IfModule>
 
-		Order Deny,Allow
-		Satisfy Any
-		Deny from all
-		Require valid-user
-		Allow from env=noauth
-		Allow from env=REDIRECT_noauth
-	</Location>
 	<Directory /usr/share/baculum/htdocs/protected>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
+
 	<Directory /usr/share/baculum/htdocs/framework>
-		Order Deny,Allow
-		Deny from all
-	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Wsat/themes>
-		Order Deny,Allow
-		Deny from all
+		# Apache 2.2
+		<IfModule !mod_authz_core.c>
+			Order Deny,Allow
+			Deny from all
+		</IfModule>
+
+		# Apache 2.4
+		<IfModule mod_authz_core.c>
+			Require all denied
+		</IfModule>
 	</Directory>
-	<Directory /usr/share/baculum/htdocs/framework/Web/Javascripts/source>
-		<ifModule mod_gzip.c>
+	<Directory /usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source>
+		<IfModule mod_gzip.c>
 			mod_gzip_on Yes
 			mod_gzip_dechunk Yes
 			mod_gzip_item_include file \.js$
 			mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
-		</ifModule>
-		<ifModule mod_expires.c>
+		</IfModule>
+		<IfModule mod_expires.c>
 			ExpiresActive On
 			ExpiresDefault "access plus 864000 seconds"
-		</ifModule>
-		<ifModule mod_headers.c>
+		</IfModule>
+		<IfModule mod_headers.c>
 			Header set Cache-Control "max-age=864000, private"
-		</ifModule>
+		</IfModule>
 	</Directory>
 </VirtualHost>
diff --git a/gui/baculum/examples/rpm/baculum-web-lighttpd.conf b/gui/baculum/examples/rpm/baculum-web-lighttpd.conf
index 0dbb36c10..ee3883456 100644
--- a/gui/baculum/examples/rpm/baculum-web-lighttpd.conf
+++ b/gui/baculum/examples/rpm/baculum-web-lighttpd.conf
@@ -88,11 +88,7 @@ url.rewrite-once = (
 
 url.access-deny = (
     "^/usr/share/baculum/htdocs/protected/",
-    "^/usr/share/baculum/htdocs/framework/",
-
-    # Wsat is not used by Baculum. Added here for not storing
-    # framework Apache specific .htaccess files
-    "^/usr/share/baculum/htdocs/framework/Wsat/themes/"
+    "^/usr/share/baculum/htdocs/framework/"
 )
 
 ### Enable compressing dynamic content ###
@@ -109,6 +105,6 @@ $HTTP["url"] !~ "\.php$" {
 }
 
 # enable mod_setenv for framework source files:
-$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/Web/Javascripts/source/" {
+$HTTP["url"] =~ "^/usr/share/baculum/htdocs/framework/pradosoft/prado/framework/Web/Javascripts/source/" {
 	setenv.add-response-header = ("Content-Encoding" => "gzip")
 }
diff --git a/gui/baculum/examples/rpm/baculum.spec b/gui/baculum/examples/rpm/baculum.spec
index afe4b4d08..4c9e108c8 100644
--- a/gui/baculum/examples/rpm/baculum.spec
+++ b/gui/baculum/examples/rpm/baculum.spec
@@ -1,18 +1,18 @@
-%global langs en pl
+%global langs_api en pl pt
+%global langs_web en pl pt ja
 %global destdir build
 %global metaname baculum
 
-Summary:	API layer to Baculum WebGUI tool for Bacula Community program
+Summary:	Baculum WebGUI tool for Bacula Community program
 Name:		baculum
-Version:	7.9.0
+Version:	9.4.2
 Release:	1%{?dist}
 License:	AGPLv3
 Group:		Applications/Internet
 URL:		http://bacula.org/
-Source0:	bacula-gui-7.9.0.tar.gz
+Source0:	bacula-gui-9.4.2.tar.gz
 BuildRequires:	systemd-units
 BuildRequires:	checkpolicy
-Requires:	bacula-console
 # Lower version of PHP ( < 5.3.4) does not provide php-mysqlnd db driver
 # and from this reason the lowest is 5.3.4
 Requires:	php >= 5.3.4
@@ -43,7 +43,6 @@ This module is a part of Baculum.
 Summary:		Baculum API files
 Requires:		%name-common = %version-%release
 Group:			Applications/Internet
-Requires:		bacula-console
 # Lower version of PHP ( < 5.3.4) does not provide php-mysqlnd db driver
 # and from this reason the lowest is 5.3.4
 Requires:		php >= 5.3.4
@@ -148,8 +147,10 @@ make build DESTDIR=%{destdir}
 # Remove these cache directories, because here will be symbolic links
 rmdir %{destdir}/%{_datadir}/%{metaname}/htdocs/assets
 rmdir %{destdir}/%{_datadir}/%{metaname}/htdocs/protected/runtime
-for lang in  %{langs}; do
+for lang in  %{langs_api}; do
 	rm %{destdir}/%{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo
+done
+for lang in  %{langs_web}; do
 	rm %{destdir}/%{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo
 done
 
@@ -158,55 +159,57 @@ cp -ra build/. %{buildroot}
 %find_lang %{metaname} --all-name
 
 %post common
-# these symbolic links indicates to Baculum's cache directory
-ln -s  %{_localstatedir}/cache/%{metaname} %{_datadir}/%{metaname}/htdocs/assets
-ln -s  %{_localstatedir}/cache/%{metaname} %{_datadir}/%{metaname}/htdocs/protected/runtime
-
-%post api
-# because framework does not use system locale dir, here are linked
-# locale files to framework location
-for lang in  %{langs}; do
-	ln -s  %{_datadir}/locale/${lang}/LC_MESSAGES/%{metaname}-api.mo \
-		%{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo
-done
-
-%post web
-# because framework does not use system locale dir, here are linked
-# locale files to framework location
-for lang in  %{langs}; do
-	ln -s  %{_datadir}/locale/${lang}/LC_MESSAGES/%{metaname}-web.mo \
-		%{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo
-done
+if [ $1 -ge 1 ] ; then
+    # these symbolic links indicates to Baculum's cache directory
+    [ -e %{_datadir}/%{metaname}/htdocs/assets ] ||
+	ln -s  %{_localstatedir}/cache/%{metaname} %{_datadir}/%{metaname}/htdocs/assets
+    [ -e %{_datadir}/%{metaname}/htdocs/protected/runtime ] ||
+	ln -s %{_localstatedir}/cache/%{metaname} %{_datadir}/%{metaname}/htdocs/protected/runtime
+fi
 
 %post api-httpd
 %systemd_post httpd.service
-ln -s  %{_sysconfdir}/%{metaname}/Config-api-apache %{_datadir}/%{metaname}/htdocs/protected/API/Config
+if [ $1 -eq 1 ] ; then
+	ln -s  %{_sysconfdir}/%{metaname}/Config-api-apache %{_datadir}/%{metaname}/htdocs/protected/API/Config
+fi
 
 %post api-lighttpd
 %systemd_post baculum-api-lighttpd.service
-ln -s  %{_sysconfdir}/%{metaname}/Config-api-lighttpd %{_datadir}/%{metaname}/htdocs/protected/API/Config
+if [ $1 -eq 1 ] ; then
+	ln -s  %{_sysconfdir}/%{metaname}/Config-api-lighttpd %{_datadir}/%{metaname}/htdocs/protected/API/Config
+fi
 
 %post web-httpd
 %systemd_post httpd.service
-ln -s  %{_sysconfdir}/%{metaname}/Config-web-apache %{_datadir}/%{metaname}/htdocs/protected/Web/Config
+if [ $1 -eq 1 ] ; then
+	ln -s  %{_sysconfdir}/%{metaname}/Config-web-apache %{_datadir}/%{metaname}/htdocs/protected/Web/Config
+fi
 
 %post web-lighttpd
 %systemd_post baculum-web-lighttpd.service
-ln -s  %{_sysconfdir}/%{metaname}/Config-web-lighttpd %{_datadir}/%{metaname}/htdocs/protected/Web/Config
+if [ $1 -eq 1 ] ; then
+	ln -s  %{_sysconfdir}/%{metaname}/Config-web-lighttpd %{_datadir}/%{metaname}/htdocs/protected/Web/Config
+fi
 
 %preun common
-rm %{_datadir}/%{metaname}/htdocs/assets
-rm %{_datadir}/%{metaname}/htdocs/protected/runtime
+if [ $1 -lt 1 ] ; then
+	rm %{_datadir}/%{metaname}/htdocs/assets
+	rm %{_datadir}/%{metaname}/htdocs/protected/runtime
+fi
 
 %preun api
-for lang in  %{langs}; do
-	rm %{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo
-done
+if [ $1 -lt 1 ] ; then
+	for lang in  %{langs_api}; do
+		rm %{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo
+	done
+fi
 
 %preun web
-for lang in  %{langs}; do
-	rm %{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo
-done
+if [ $1 -lt 1 ] ; then
+	for lang in  %{langs_web}; do
+		rm %{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo
+	done
+fi
 
 %preun api-httpd
 %systemd_preun httpd.service
@@ -294,6 +297,24 @@ fi
 %postun web-lighttpd
 %systemd_postun_with_restart baculum-web-lighttpd.service
 
+%posttrans api
+# because framework does not use system locale dir, here are linked
+# locale files to framework location
+for lang in  %{langs_api}; do
+	[ -e %{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo ] ||
+		ln -s  %{_datadir}/locale/${lang}/LC_MESSAGES/%{metaname}-api.mo \
+			%{_datadir}/%{metaname}/htdocs/protected/API/Lang/${lang}/messages.mo
+done
+
+%posttrans web
+# because framework does not use system locale dir, here are linked
+# locale files to framework location
+for lang in  %{langs_web}; do
+	[ -e %{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo ] ||
+		ln -s  %{_datadir}/locale/${lang}/LC_MESSAGES/%{metaname}-web.mo \
+			%{_datadir}/%{metaname}/htdocs/protected/Web/Lang/${lang}/messages.mo
+done
+
 %files -f %{metaname}.lang common
 %defattr(-,root,root)
 %{_datadir}/%{metaname}/htdocs/protected/Common
@@ -335,7 +356,7 @@ fi
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{metaname}-api.conf
 %attr(755,apache,apache) %{_localstatedir}/cache/%{metaname}/
 %attr(700,apache,apache) %{_sysconfdir}/%{metaname}/Config-api-apache/
-%attr(600,apache,apache) %{_sysconfdir}/%{metaname}/Config-api-apache/%{metaname}.users
+%config(noreplace) %attr(600,apache,apache) %{_sysconfdir}/%{metaname}/Config-api-apache/%{metaname}.users
 %attr(755,apache,apache) %{_datadir}/%{metaname}/htdocs/protected/API/Logs
 
 %files web-httpd
@@ -347,7 +368,7 @@ fi
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{metaname}-web.conf
 %attr(755,apache,apache) %{_localstatedir}/cache/%{metaname}/
 %attr(700,apache,apache) %{_sysconfdir}/%{metaname}/Config-web-apache/
-%attr(600,apache,apache) %{_sysconfdir}/%{metaname}/Config-web-apache/%{metaname}.users
+%config(noreplace) %attr(600,apache,apache) %{_sysconfdir}/%{metaname}/Config-web-apache/%{metaname}.users
 %attr(755,apache,apache) %{_datadir}/%{metaname}/htdocs/protected/Web/Logs
 
 %files api-lighttpd
@@ -355,7 +376,7 @@ fi
 # Lighttpd logs are stored in /var/log/lighttpd
 %attr(755,lighttpd,lighttpd) %{_localstatedir}/cache/%{metaname}/
 %attr(700,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-api-lighttpd/
-%attr(600,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-api-lighttpd/%{metaname}.users
+%config(noreplace) %attr(600,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-api-lighttpd/%{metaname}.users
 %attr(755,lighttpd,lighttpd) %{_datadir}/%{metaname}/htdocs/protected/API/Logs
 %{_unitdir}/%{metaname}-api-lighttpd.service
 %config(noreplace) %{_sysconfdir}/%{metaname}/%{metaname}-api-lighttpd.conf
@@ -365,7 +386,7 @@ fi
 # Lighttpd logs are stored in /var/log/lighttpd
 %attr(755,lighttpd,lighttpd) %{_localstatedir}/cache/%{metaname}/
 %attr(700,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-web-lighttpd/
-%attr(600,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-web-lighttpd/%{metaname}.users
+%config(noreplace) %attr(600,lighttpd,lighttpd) %{_sysconfdir}/%{metaname}/Config-web-lighttpd/%{metaname}.users
 %attr(755,lighttpd,lighttpd) %{_datadir}/%{metaname}/htdocs/protected/Web/Logs
 %{_unitdir}/%{metaname}-web-lighttpd.service
 %config(noreplace) %{_sysconfdir}/%{metaname}/%{metaname}-web-lighttpd.conf