From: Eric Bollengier <eric@baculasystems.com>
Date: Thu, 7 Sep 2023 13:20:53 +0000 (+0200)
Subject: rpms: Update spec
X-Git-Tag: Beta-15.0.0~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d304c368b410bdcdf9c43ef6c8687494dc4df15;p=thirdparty%2Fbacula.git

rpms: Update spec

 - Add new packages for key-manager and totp
 - Put client only in bacula-client package
 - Put console in a specific package
---

diff --git a/bacula/platforms/rpms/redhat/bacula.spec.in b/bacula/platforms/rpms/redhat/bacula.spec.in
index 648fcc0ab..cb660630c 100644
--- a/bacula/platforms/rpms/redhat/bacula.spec.in
+++ b/bacula/platforms/rpms/redhat/bacula.spec.in
@@ -326,8 +326,9 @@ BuildRequires: openldap-devel
 # should we enable tcp wrappers support
 %{?build_tcpwrappers:%define tcpwrappers 1}
 
-%if 0%{rhel8}
+%if 0%{rhel8} || 0%{rhel9}
 BuildRequires: libzstd-devel
+BuildRequires: lzo-devel
 %endif
 
 # should we enable tcp wrappers support
@@ -420,12 +421,13 @@ BuildRequires: %{postgres_devel_package} >= %{postgres_version}
 
 Summary: Bacula - The Network Backup Solution
 Group: System Environment/Daemons
-Provides: bacula-dir, bacula-sd, bacula-fd, bacula-server
+Provides: bacula-dir, bacula-sd, bacula-server
 Provides: libbaccats-%{version}.so()(64bit)
 Conflicts: bacula-client
 
 Requires: ncurses, libstdc++, zlib, openssl
 Requires: glibc, readline, %{name}-libs
+Requires: mt-st, mtx, bzip2, lsscsi
 
 %if %{suse}
 Conflicts: bacula
@@ -436,7 +438,7 @@ Requires: mysql
 %endif
 
 %if %{postgresql}
-Requires: postgresql >= 7
+Requires: postgresql >= 7, postgresql-contrib
 %endif
 
 %if %{mysql}
@@ -472,7 +474,42 @@ This build incorporates sqlite3 as the catalog database, statically compiled.
 This build includes tcp-wrappers support.
 %endif
 
+%package storage-key-manager
+Summary: Bacula - The Network Backup Solution
+Group: System Environment/Daemons
+Provides: key-manager.py
+Requires: gnupg2, python3
+
+%description storage-key-manager
+%{blurb}
+
+%{blurb2}
+%{blurb3}
+%{blurb4}
+%{blurb5}
+%{blurb6}
+%{blurb7}
+
+This is the storage-key-manager package. It includes the Bacula Storage Daemon key manager command line program.
+The Python3 module gnupg is required to run the key manager. It can be installed via yum or pip.
+
+%package console
+Summary: Bacula - The Network Backup Solution
+Group: System Environment/Daemons
+Provides: bconsole
+Requires: %{name}-libs = %{_version}
+
+%description console
+%{blurb}
+
+%{blurb2}
+%{blurb3}
+%{blurb4}
+%{blurb5}
+%{blurb6}
+%{blurb7}
 
+This is the bconsole package. It includes the bconsole command line program.
 
 #
 # ===========================================================
@@ -483,14 +520,6 @@ This build includes tcp-wrappers support.
 Summary: Bacula - The Network Backup Solution
 Group: System Environment/Daemons
 Provides: bacula-fd
-Conflicts: bacula-mysql
-Conflicts: bacula-sqlite
-Conflicts: bacula-postgresql
-
-%if %{suse}
-Provides: %{product}
-Provides: %{product}-libs
-%endif
 
 Requires: libstdc++, zlib, openssl, bzip2-libs
 Requires: glibc, readline, %{name}-libs
@@ -538,6 +567,40 @@ This package installs scripts for updating older versions of the bacula
 database.
 %endif
 
+%package totp-dir-plugin
+
+Summary: Bacula - The Network Backup Solution
+Group: System Environment/Daemons
+
+%description totp-dir-plugin
+%{blurb}
+
+%{blurb2}
+%{blurb3}
+%{blurb4}
+%{blurb5}
+%{blurb6}
+%{blurb7}
+
+This package installs the TOTP Director Authentication plugin.
+
+%package antivirus-plugin
+
+Summary: Bacula - The Network Backup Solution
+Group: System Environment/Daemons
+
+%description antivirus-plugin
+%{blurb}
+
+%{blurb2}
+%{blurb3}
+%{blurb4}
+%{blurb5}
+%{blurb6}
+%{blurb7}
+
+This package installs the Antivirus FD plugin.
+
 #
 # ===========================================================
 # Generate libs rpm
@@ -656,14 +719,18 @@ export BACULA="Bacula"
 %endif
         --disable-bat \
 %if %{client_only}
-        --enable-client-only \
+        --enable-client-only --disable-build-dird --disable-build-stored \
 %endif
-%if %{rh7} || %{rh8} || %{rh9}
-        --disable-batch-insert \
+%if %{rhel7} || %{rhel6}
+        --with-zstd=${cwd}/%{depkgs} \
 %endif
 %if %{usesystemd}
         --with-systemd=%{systemd_dir} \
 %endif
+%if !%{client_only}
+        --enable-totp-bpam  \
+%endif
+        --enable-antivirus-plugin \
 %if %{tcpwrappers}
         --with-tcp-wrappers  \
 %endif
@@ -776,6 +843,8 @@ rm -f $RPM_BUILD_ROOT%{script_dir}/manual_prune.pl
 rm -f $RPM_BUILD_ROOT%{systemd_dir}/bacula-dir.service
 rm -f $RPM_BUILD_ROOT%{systemd_dir}/bacula-sd.service
 rm -f $RPM_BUILD_ROOT%{plugin_dir}/ldap-dir.so
+rm -f $RPM_BUILD_ROOT%{plugin_dir}/totp-dir.so
+rm -f $RPM_BUILD_ROOT%{_sbindir}/btotp
 %endif
 
 rm -f $RPM_BUILD_ROOT%{_sbindir}/ldaptest
@@ -794,7 +863,8 @@ cp -p scripts/logrotate $RPM_BUILD_ROOT/etc/logrotate.d/bacula
 
 # install the updatedb scripts
 cp -p updatedb/* $RPM_BUILD_ROOT%{script_dir}/updatedb/
-
+sed -i 's:%{script_dir}:%{script_dir}/updatedb:' src/cats/update_bacula_tables
+rm -f $RPM_BUILD_ROOT%{script_dir}/updatedb/*.in
 # install specific scripts
 
 %if ! %{client_only}
@@ -835,6 +905,8 @@ rm -f $RPM_BUILD_ROOT%{script_dir}/bacula_config
 rm -f $RPM_BUILD_ROOT%{script_dir}/bacula-ctl-dir
 rm -f $RPM_BUILD_ROOT%{script_dir}/bacula-ctl-sd
 rm -f $RPM_BUILD_ROOT%{script_dir}/disk-changer
+rm -f $RPM_BUILD_ROOT%{script_dir}/key-manager.py
+rm -f $RPM_BUILD_ROOT%{script_dir}/install-key-manager.sh
 rm -f $RPM_BUILD_ROOT%{script_dir}/dvd-handler
 rm -f $RPM_BUILD_ROOT%{script_dir}/mtx-changer
 rm -f $RPM_BUILD_ROOT%{script_dir}/startmysql
@@ -889,50 +961,39 @@ rm -f $RPM_BUILD_DIR/Release_Notes-%{version}-%{release}.txt
 %attr(-, root, %{daemon_group}) %dir %{sysconf_dir}
 %attr(-, root, %{daemon_group}) %{script_dir}/bacula
 %attr(-, root, %{daemon_group}) %{script_dir}/bacula_config
-%attr(-, root, %{daemon_group}) %{script_dir}/bconsole
 %attr(755, root, %{daemon_group}) %{script_dir}/create_bacula_database
 %attr(755, root, %{daemon_group}) %{script_dir}/drop_bacula_database
 %attr(755, root, %{daemon_group}) %{script_dir}/grant_bacula_privileges
 %attr(755, root, %{daemon_group}) %{script_dir}/make_bacula_tables
 %attr(755, root, %{daemon_group}) %{script_dir}/drop_bacula_tables
 %attr(755, root, %{daemon_group}) %{script_dir}/update_bacula_tables
+%attr(755, root, %{daemon_group}) %{_sbindir}/get_malware_abuse.ch
+%attr(755, root, %{daemon_group}) %{_sbindir}/md5tobase64.py
 %attr(-, root, %{daemon_group}) %{script_dir}/make_catalog_backup
 %attr(-, root, %{daemon_group}) %{script_dir}/make_catalog_backup.pl
 %attr(-, root, %{daemon_group}) %{script_dir}/delete_catalog_backup
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.dbx
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.gdb
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.mdb
 %attr(-, root, %{daemon_group}) %{script_dir}/disk-changer
 %attr(-, root, %{daemon_group}) %{script_dir}/bacula-ctl-dir
-%attr(-, root, %{daemon_group}) %{script_dir}/bacula-ctl-fd
 %attr(-, root, %{daemon_group}) %{script_dir}/bacula-ctl-sd
 %attr(-, root, %{daemon_group}) %{script_dir}/tapealert
 %attr(-, root, %{daemon_group}) %{script_dir}/baculabackupreport
-
-%attr(-, root, %{daemon_group}) %{plugin_dir}/bpipe-fd.so
 %attr(-, root, %{daemon_group}) %{_sbindir}/dbcheck
-%attr(-, root, %{storage_daemon_group}) %{script_dir}/mtx-changer
 %attr(-, root, %{storage_daemon_group}) %config(noreplace) %{script_dir}/mtx-changer.conf
 %attr(-, root, %{daemon_group}) %{plugin_dir}/ldap-dir.so
 
 %if %{usesystemd}
 %attr(-, root, %{daemon_group}) %{systemd_dir}/bacula-dir.service
-%attr(-, root, %{daemon_group}) %{systemd_dir}/bacula-fd.service
 %attr(-, root, %{daemon_group}) %{systemd_dir}/bacula-sd.service
 %else
 %attr(-, root, %{daemon_group}) /etc/init.d/bacula-dir
-%attr(-, root, %{daemon_group}) /etc/init.d/bacula-fd
 %attr(-, root, %{storage_daemon_group}) /etc/init.d/bacula-sd
 %endif
 
-%attr(644, root, root) /etc/logrotate.d/bacula
-
+%attr(644, root, root) %config(noreplace) /etc/logrotate.d/bacula
 %{logwatch_dir}/scripts/services/bacula
 %{logwatch_dir}/scripts/shared/applybaculadate
 %attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bacula-dir.conf
-%attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bacula-fd.conf
 %attr(-, root, %{storage_daemon_group}) %config(noreplace) %{sysconf_dir}/bacula-sd.conf
-%attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bconsole.conf
 %attr(-, root, %{daemon_group}) %config(noreplace) %{logwatch_dir}/conf/logfiles/bacula.conf
 %attr(-, root, %{daemon_group}) %config(noreplace) %{logwatch_dir}/conf/services/bacula.conf
 %attr(-, root, %{daemon_group}) %{script_dir}/sample-query.sql
@@ -943,29 +1004,21 @@ rm -f $RPM_BUILD_DIR/Release_Notes-%{version}-%{release}.txt
 %attr(-, root, %{daemon_group}) %{_sbindir}/bacula-dir
 %attr(-, root, %{daemon_group}) %{_sbindir}/bacula-sd
 %attr(-, root, %{daemon_group}) %{_sbindir}/btraceback
-%attr(-, root, %{daemon_group}) %{_sbindir}/bconsole
-%attr(-, root, %{daemon_group}) %{_sbindir}/bbconsjson
 %attr(-, root, %{daemon_group}) %{_sbindir}/bsmtp
 %attr(-, root, %{daemon_group}) %{_sbindir}/bscan
 %attr(-, root, %{daemon_group}) %{_sbindir}/btape
 %attr(-, root, %{daemon_group}) %{_sbindir}/bdirjson
 %attr(-, root, %{daemon_group}) %{_sbindir}/bsdjson
 
-%attr(755, root, root) %{_sbindir}/bsnapshot
-%attr(755, root, root) %{_sbindir}/bfdjson
-
-%{_sbindir}/bacula-fd
-%{_sbindir}/bacula
-%{_sbindir}/bcopy
-%{_sbindir}/bextract
-%{_sbindir}/bls
-%{_sbindir}/bregex
-%{_sbindir}/bwild
-%{_mandir}/man8/bacula-fd.8.%{manpage_ext}
+%attr(-, root, %{daemon_group}) %{_sbindir}/bacula
+%attr(-, root, %{daemon_group}) %{_sbindir}/bcopy
+%attr(-, root, %{daemon_group}) %{_sbindir}/bextract
+%attr(-, root, %{daemon_group}) %{_sbindir}/bls
+%attr(755, root, %{daemon_group}) %{_sbindir}/bregex
+%attr(755, root, %{daemon_group}) %{_sbindir}/bwild
 %{_mandir}/man8/bacula-dir.8.%{manpage_ext}
 %{_mandir}/man8/bacula-sd.8.%{manpage_ext}
 %{_mandir}/man8/bacula.8.%{manpage_ext}
-%{_mandir}/man8/bconsole.8.%{manpage_ext}
 %{_mandir}/man8/bcopy.8.%{manpage_ext}
 %{_mandir}/man8/bextract.8.%{manpage_ext}
 %{_mandir}/man8/bls.8.%{manpage_ext}
@@ -985,6 +1038,15 @@ rm -f $RPM_BUILD_DIR/Release_Notes-%{version}-%{release}.txt
 
 %endif
 
+%pre libs
+# Create bacula group for all daemons (if it doesn't exist)
+HAVE_BACULA=`grep %{daemon_group} %{group_file} 2>/dev/null`
+if [ -z "$HAVE_BACULA" ]; then
+        %{groupadd} -r %{daemon_group} > /dev/null 2>&1
+        echo "The group %{daemon_group} has been added to %{group_file}."
+        echo "See the manual chapter \"Running Bacula\" for details."
+fi
+
 %if %{mysql}
 %pre mysql
 # test for bacula database older than version 13
@@ -1048,20 +1110,6 @@ if [ -s %{sysconf_dir}/console.conf ];then
     cp -p %{sysconf_dir}/console.conf %{sysconf_dir}/bconsole.conf
 fi
 
-# create the daemon users and groups
-# first create the groups if they don't exist
-HAVE_BACULA=`grep %{daemon_group} %{group_file} 2>/dev/null`
-if [ -z "$HAVE_BACULA" ]; then
-        %{groupadd} -r %{daemon_group} > /dev/null 2>&1
-        echo "The group %{daemon_group} has been added to %{group_file}."
-        echo "See the manual chapter \"Running Bacula\" for details."
-fi
-HAVE_BACULA=`grep %{storage_daemon_group} %{group_file} 2>/dev/null`
-if [ -z "$HAVE_BACULA" ]; then
-        %{groupadd} -r %{storage_daemon_group} > /dev/null 2>&1
-        echo "The group %{storage_daemon_group} has been added to %{group_file}."
-        echo "See the manual chapter \"Running Bacula\" for details."
-fi
 # now create the users if they do not exist
 # we do not use the -g option allowing the primary group to be set to system default
 # this will be a unique group on redhat type systems or the group users on some systems
@@ -1119,7 +1167,6 @@ if [ "$1" -ge 1 ] ; then
   %{service_enable} postgresql
 %endif
   %{service_enable} bacula-dir
-  %{service_enable} bacula-fd
   %{service_enable} bacula-sd
 fi
 %endif
@@ -1167,7 +1214,7 @@ if mysql 2>/dev/null bacula -e 'select * from Version;' ; then
       echo "Creating bacula tables..."
       %{script_dir}/make_mysql_tables
 
-  elif [ "$DB_VER" -ge "12" -a "$DB_VER" -lt "1024" ]; then
+  elif [ "$DB_VER" -ge "12" -a "$DB_VER" -lt "1026" ]; then
       echo "This release requires an upgrade to your bacula database."
       echo "Backing up your current database..."
       mysqldump -f --opt bacula | bzip2 > %{working_dir}/bacula_backup.sql.bz2
@@ -1221,7 +1268,7 @@ if echo 'select * from Version;' | su - postgres -c 'psql bacula' 2>/dev/null; t
       echo "Granting privileges for PostgreSQL user bacula..."
       su - postgres -c %{script_dir}/grant_postgresql_privileges
 
-  elif [ "$DB_VER" -ge "12" -a "$DB_VER" -lt "1024" ]; then
+  elif [ "$DB_VER" -ge "12" -a "$DB_VER" -lt "1026" ]; then
       echo "This release requires an upgrade to your bacula database."
       echo "Backing up your current database..."
       su - postgres -c 'pg_dump bacula' | bzip2 > %{working_dir}/bacula_backup.sql.bz2
@@ -1275,18 +1322,35 @@ fi
 # delete our links
 if [ $1 = 0 ]; then
   %{service_disable} bacula-dir
-  %{service_disable} bacula-fd
   %{service_disable} bacula-sd
 fi
 %endif
 
+%preun client
+if [ $1 = 0 ]; then
+    %{service_disable} bacula-fd
+fi
+
+%files totp-dir-plugin
+%attr(-, root, %{daemon_group}) %{_sbindir}/btotp
+%attr(-, root, %{daemon_group}) %{plugin_dir}/totp-dir.so
+
+%files storage-key-manager
+%attr(-, root, %{daemon_group}) %{script_dir}/key-manager.py
+%attr(-, root, %{daemon_group}) %{script_dir}/install-key-manager.sh
+
+%files console
+%attr(-, root, %{daemon_group}) %{_sbindir}/bconsole
+%attr(-, root, %{daemon_group}) %{_sbindir}/bbconsjson
+%attr(-, root, %{daemon_group}) %{script_dir}/bconsole
+%attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bconsole.conf+%attr(-, root, %{daemon_group}) %{_mandir}/man8/bconsole.8.%{manpage_ext}
+
 %files client
 %defattr(-,root,root)
 %attr(-, root, %{daemon_group}) %dir %{script_dir}
 %attr(-, root, %{daemon_group}) %dir %{plugin_dir}
 %attr(-, root, %{daemon_group}) %dir %{sysconf_dir}
 
-# SD/DIR might write here
 %attr(-, %{storage_daemon_user}, %{daemon_group}) %dir %{log_dir}
 
 %if %{usesystemd}
@@ -1299,21 +1363,12 @@ fi
 %attr(644, root, root) /etc/logrotate.d/bacula
 
 %attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bacula-fd.conf
-%attr(-, root, %{daemon_group}) %config(noreplace) %{sysconf_dir}/bconsole.conf
 %attr(-, root, %{daemon_group}) %dir %{working_dir}
 
 %{_sbindir}/bacula-fd
-%{_sbindir}/btraceback
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.gdb
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.dbx
-%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.mdb
 %attr(-, root, %{daemon_group}) %{plugin_dir}/bpipe-fd.so
 %{_sbindir}/bconsole
 %{_mandir}/man8/bacula-fd.8.%{manpage_ext}
-%{_mandir}/man8/bacula.8.%{manpage_ext}
-%{_mandir}/man8/bconsole.8.%{manpage_ext}
-%{_mandir}/man8/btraceback.8.%{manpage_ext}
-%{_mandir}/man1/bat.1.%{manpage_ext}
 %_prefix/share/doc/*
 
 %pre client
@@ -1379,11 +1434,9 @@ if [ -d %{sysconf_dir} ]; then
    done
 fi
 
-%preun client
-# delete our link
-if [ $1 = 0 ]; then
-   %{service_disable} bacula-fd
-fi
+%files antivirus-plugin
+%defattr(-,root,root)
+%{plugin_dir}/antivirus-fd.so
 
 %files libs
 %defattr(-,root,root)
@@ -1391,6 +1444,56 @@ fi
 %{lib_dir}/libbac.*
 %{lib_dir}/libbaccfg*
 %{lib_dir}/libbacfind*
+%attr(-, root, %{daemon_group}) %{_sbindir}/btraceback
+%attr(-, root, %{daemon_group}) %{_mandir}/man8/btraceback.8.%{manpage_ext}
+%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.gdb
+%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.dbx
+%attr(-, root, %{daemon_group}) %{script_dir}/btraceback.mdb
+%attr(-, root, root) %{_mandir}/man1/bsmtp.1.%{manpage_ext}
+%attr(-, root, %{daemon_group}) %{_sbindir}/bsmtp
+
+
+%post storage-key-manager
+
+if [ ! -d  %{sysconf_dir}/gnupg ]; then
+    sudo -u bacula %{script_dir}/install-key-manager.sh check
+    sudo -u bacula %{script_dir}/install-key-manager.sh install
+fi
+
+%post console
+
+if [ -d %{sysconf_dir} ]; then
+   cd %{sysconf_dir}
+   if [ ! -f .rpm.sed ]; then
+       (umask 0177
+        echo "# This file is used to ensure that all passwords will" > .rpm.sed
+        echo "# match between configuration files"                  >> .rpm.sed
+       )
+       for string in XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX; do
+           pass=`openssl rand -base64 33`
+           echo "s@${string}@${pass}@g" >> .rpm.sed
+       done
+   fi
+   host=`hostname -s`
+   if [ "$host" = "" ]; then
+       host=localhost
+   fi
+   for file in *.conf; do
+      sed -f .rpm.sed "$file" > "$file.new"
+      sed "s@XXX_HOSTNAME_XXX@${host}@g" "$file.new" > "$file"
+      rm -f "$file.new"
+   done
+fi
+
+if [ %{_sbindir} != /usr/bin -a ! -x /usr/bin/bconsole ]; then
+    ln -s %{_sbindir}/bconsole /usr/bin/bconsole
+fi
+
+%postun console
+dest=`readlink /usr/bin/bconsole 2>/dev/null`
+if [ "$dest" = "%{_sbindir}/bconsole" ]; then
+    rm -f /usr/bin/bconsole
+fi
 
 %post libs
 /sbin/ldconfig