Revision fab676e8
Added by Dominic Cleal about 10 years ago
foreman.spec | ||
---|---|---|
%{_sbindir}/%{name}-tail
|
||
%{_mandir}/man8
|
||
%config(noreplace) %{_sysconfdir}/%{name}
|
||
%ghost %attr(0640,root,%{name}) %config(noreplace) %{_sysconfdir}/%{name}/encryption_key.rb
|
||
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
||
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
|
||
%config %{_sysconfdir}/cron.d/%{name}
|
||
... | ... | |
%attr(-,%{name},%{name}) %{_localstatedir}/run/%{name}
|
||
%attr(-,%{name},root) %{_datadir}/%{name}/config.ru
|
||
%attr(-,%{name},root) %{_datadir}/%{name}/config/environment.rb
|
||
%ghost %attr(0640,root,%{name}) %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
# Symlink to /etc, EL6 needs attrs for ghost files, Fedora doesn't
|
||
%if 0%{?rhel} == 6
|
||
%ghost %attr(0777,root,root) %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
%else
|
||
%ghost %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
%endif
|
||
%ghost %attr(0640,root,%{name}) %config(noreplace) %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
# Only need tmpfiles on systemd (F17 and up)
|
||
%if 0%{?rhel} > 6 || 0%{?fedora} > 16
|
||
%{_prefix}/lib/tmpfiles.d/%{name}.conf
|
||
... | ... | |
exit 0
|
||
|
||
%post
|
||
# secret token used for cookie signing etc.
|
||
if [ ! -f %{_datadir}/%{name}/config/initializers/local_secret_token.rb ]; then
|
||
touch %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
chmod 0640 %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
chmod 0660 %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
chgrp foreman %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
%{scl_rake} -f %{_datadir}/%{name}/Rakefile security:generate_token >/dev/null 2>&1 || :
|
||
%{foreman_rake} security:generate_token >/dev/null 2>&1 || :
|
||
chmod 0640 %{_datadir}/%{name}/config/initializers/local_secret_token.rb
|
||
fi
|
||
|
||
# encryption key used to encrypt DB contents
|
||
# move the generated key file to /etc/foreman/ so users back it up, symlink to it from ~foreman
|
||
if [ ! -e %{_datadir}/%{name}/config/initializers/encryption_key.rb -a \
|
||
! -e %{_sysconfdir}/%{name}/encryption_key.rb ]; then
|
||
touch %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
chmod 0660 %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
chgrp foreman %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
%{foreman_rake} security:generate_encryption_key >/dev/null 2>&1 || :
|
||
chmod 0640 %{_datadir}/%{name}/config/initializers/encryption_key.rb
|
||
mv %{_datadir}/%{name}/config/initializers/encryption_key.rb %{_sysconfdir}/%{name}/
|
||
fi
|
||
if [ ! -e %{_datadir}/%{name}/config/initializers/encryption_key.rb -a \
|
||
-e %{_sysconfdir}/%{name}/encryption_key.rb ]; then
|
||
ln -s %{_sysconfdir}/%{name}/encryption_key.rb %{_datadir}/%{name}/config/initializers/
|
||
fi
|
||
|
||
/sbin/chkconfig --add %{name} || :
|
||
(/sbin/service foreman status && /sbin/service foreman restart) >/dev/null 2>&1
|
||
exit 0
|
||
(/sbin/service foreman status && /sbin/service foreman restart) >/dev/null 2>&1
|
||
exit 0
|
||
|
||
%posttrans
|
||
# We need to run the db:migrate after the install transaction
|
||
%{foreman_rake} db:migrate >> %{_localstatedir}/log/%{name}/db_migrate.log 2>&1 || :
|
||
# always attempt to reencrypt after update in case new fields can be encrypted
|
||
%{foreman_rake} db:migrate db:compute_resources:encrypt >> %{_localstatedir}/log/%{name}/db_migrate.log 2>&1 || :
|
||
%{foreman_rake} db:seed >> %{_localstatedir}/log/%{name}/db_seed.log 2>&1 || :
|
||
%{foreman_rake} apipie:cache >> %{_localstatedir}/log/%{name}/apipie_cache.log 2>&1 || :
|
||
(/sbin/service foreman status && /sbin/service foreman restart) >/dev/null 2>&1
|
||
... | ... | |
* Thu Jan 16 2014 Dominic Cleal <dcleal@redhat.com> - 1.5.0-0.develop
|
||
- Bump version to 1.5-develop
|
||
- Remove rails3_before_render dependency
|
||
- generate encryption key and encrypt data in postinstall (#2929)
|
||
|
||
* Thu Nov 21 2013 Dominic Cleal <dcleal@redhat.com> - 1.4.0-0.develop
|
||
- Bump and change versioning scheme, don't overwrite VERSION (#3712)
|
Also available in: Unified diff
fixes #2929 - generate encryption key and encrypt data in postinstall