yass.spec.in

# lto is handled with cmakelists.txt internally
# with flag -DENABLE_LTO
%global _lto_cflags %nil

%if 0%{?fedora} || 0%{?rhel}
%global cmake_alias cmake3
%else
%global cmake_alias cmake
%endif

# on centos, nghttp2 sits in epel repo
%if 0%{?fedora} || 0%{?sle_version}
%global enable_system_nghttp2_opt on
%else
%global enable_system_nghttp2_opt off
%endif

# on centos, mbedtls sits in epel repo
%if 0%{?fedora} || 0%{?sle_version}
%global enable_system_mbedtls_opt on
%else
%global enable_system_mbedtls_opt off
%endif

# requires nlohman json
%if 0%{?fedora}
%global enable_system_json_opt on
%else
%global enable_system_json_opt off
%endif

# test failed in copr
%bcond_with tests_dns
%if !%{with tests_dns}
%global yass_test_opt --no_cares_tests --no_doh_tests --no_dot_tests
%else
%global yass_test_opt %nil
%endif

# requires recent version of c-ares
%if 0%{?fedora}
%global enable_system_cares_opt on
%else
%global enable_system_cares_opt off
%endif

# libc++ is only built with clang now
%bcond_with toolchain_clang
%if %{with toolchain_clang}
%global _clang_extra_ldflags %nil
%global toolchain clang
%global enable_libcxx_opt on
%else
%global toolchain gcc
%global enable_libcxx_opt off
%endif

# on centos 8, gperftools sits in epel repo
# and it is not compatible with custom libc++
%if 0%{?fedora} && !%{with toolchain_clang}
%global enable_system_gperftools_opt on
%else
%global enable_system_gperftools_opt off
%endif

# lld is forced to be enabled if you are using external toolchain and so
%bcond_with disable_lld
%if %{with disable_lld}
%global enable_lld_opt off
%else
%global enable_lld_opt on
%endif

# force use old systemd unit files
%if 0%{?rhel} == 7
%global use_old_systemd_service on
%else
%global use_old_systemd_service off
%endif

Name:    yass
Version: __VERSION__
Release: __SUBVERSION__%{?dist}
Summary: Lightweight and Secure http/socks4/socks5 Proxy

# fedora supports spdx license
# see /etc/xdg/rpmlint/fedora-spdx-licenses.toml
%if 0%{?fedora} || 0%{?sle_version}
License: GPL-2.0-only
%else
# old distributions don't
# see https://github.com/rpm-software-management/rpmlint/blob/main/configs/Fedora/licenses.toml
License: GPLv2
%endif
URL: https://github.com/Chilledheart/%{name}
Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz
%if 0%{?rhel} == 9 || 0%{?fedora} || 0%{?sle_version}
BuildRequires: gtk4-devel
%else
BuildRequires: gtk3-devel
%endif
%if 0%{?rhel} < 9 || 0%{?fedora} || 0%{?sle_version}
BuildRequires: perl
%endif
%if 0%{?rhel} >= 8 || 0%{?fedora} || 0%{?sle_version}
BuildRequires: cmake >= 3.12, pkg-config
%endif
%if 0%{?rhel} == 7
BuildRequires: cmake3 >= 3.12, pkgconfig
%endif
%if 0%{?fedora}
BuildRequires: clang, lld
BuildRequires: c-ares-devel
%endif
%if 0%{?fedora} || 0%{?sle_version}
BuildRequires: mbedtls-devel
%endif
%if 0%{?fedora} && !%{with toolchain_clang}
BuildRequires: gperftools-devel
%endif
%if 0%{?fedora}
BuildRequires: json-devel
%endif
BuildRequires: zlib-devel
%if 0%{?fedora} || 0%{?sle_version}
BuildRequires: libnghttp2-devel
%endif
BuildRequires: gcc, gcc-c++, golang >= 1.4
%if 0%{?sle_version}
BuildRequires: ninja
%else
BuildRequires: ninja-build
%endif
BuildRequires: glib2-devel
BuildRequires: curl-devel
BuildRequires: desktop-file-utils
BuildRequires: systemd
Requires:      hicolor-icon-theme
Requires:      ca-certificates

# required by opensuse
%if 0%{?sle_version}
%debug_package
%endif

%description
yass is a lightweight and secure http/socks proxy
for embedded devices and low end boxes.

%prep
%setup -q -n %{name}-%{version}

%build
mkdir build
cd build
# old c-ares doesn't contain ares_getaddrinfo api
%cmake_alias -G Ninja -DCMAKE_BUILD_TYPE=Release \
   -DBUILD_BENCHMARKS=on -DBUILD_TESTS=on -DGUI=on -DCLI=on -DSERVER=on \
   -DUSE_OLD_SYSTEMD_SERVICE="%use_old_systemd_service" \
   -DUSE_TCMALLOC=on -DUSE_SYSTEM_TCMALLOC="%enable_system_gperftools_opt" \
   -DUSE_SYSTEM_ZLIB=on \
   -DUSE_SYSTEM_NGHTTP2="%enable_system_nghttp2_opt" \
   -DUSE_SYSTEM_MBEDTLS="%enable_system_mbedtls_opt" \
   -DUSE_SYSTEM_JSON="%enable_system_json_opt" \
   -DUSE_SYSTEM_CARES="%enable_system_cares_opt" -DUSE_LIBCXX="%enable_libcxx_opt" \
   -DENABLE_LLD="%enable_lld_opt" -DUSE_BUILTIN_CA_BUNDLE_CRT=off ..
ninja
cd ..

%check
cd build
./yass_test %yass_test_opt
./yass_benchmark
cd ..

%install
echo "Toolchain is %toolchain"
cd build
%cmake_alias -DCMAKE_INSTALL_PREFIX=%{buildroot}/usr -DCMAKE_INSTALL_SYSCONFDIR=%{buildroot}/etc ..
rm -rf %{buildroot}
ninja install
rm -rf %{buildroot}/%{_datadir}/doc
cd ..
desktop-file-validate %{buildroot}%{_datadir}/applications/it.gui.yass.desktop
%find_lang %{name}

%post
update-desktop-database

%files -f %{name}.lang
%defattr(-,root,root)
%license build/LICENSE
%dir /usr/share/icons/hicolor/
%dir /usr/share/applications/
%dir /usr/share/pixmaps/
%{_bindir}/yass
%{_datadir}/applications/it.gui.yass.desktop
%{_datadir}/pixmaps/yass.png
%{_datadir}/icons/hicolor/16x16/apps/yass.png
%{_datadir}/icons/hicolor/22x22/apps/yass.png
%{_datadir}/icons/hicolor/24x24/apps/yass.png
%{_datadir}/icons/hicolor/32x32/apps/yass.png
%{_datadir}/icons/hicolor/48x48/apps/yass.png
%{_datadir}/icons/hicolor/128x128/apps/yass.png
%{_datadir}/icons/hicolor/256x256/apps/yass.png
%{_datadir}/icons/hicolor/512x512/apps/yass.png

%package server
Summary: Lightweight and Secure http/socks4/socks5 Proxy (Server Side)

%description server
yass is a lightweight and secure http/socks proxy
for embedded devices and low end boxes.

%files server
%defattr(-,root,root)
%{_bindir}/yass_server
%{_sysconfdir}/yass/server.json
%{_unitdir}/yass-server.service
%dir /usr/share/man/man1/
%{_mandir}/man1/yass_server.1*

%post server
%systemd_post yass-server.service

%preun server
%systemd_preun yass-server.service

%postun server
%systemd_postun_with_restart yass-server.service

%package client
Summary: Lightweight and Secure http/socks4/socks5 Proxy (Client Side)

%description client
yass is a lightweight and secure http/socks proxy
for embedded devices and low end boxes.

%files client
%defattr(-,root,root)
%{_bindir}/yass_cli
%{_sysconfdir}/yass/config.json
%{_sysconfdir}/yass/redir.json
%{_unitdir}/yass.service
%{_unitdir}/yass-redir.service
%dir /usr/share/man/man1/
%{_mandir}/man1/yass_cli.1*

%post client
%systemd_post yass.service
%systemd_post yass-redir.service

%preun client
%systemd_preun yass.service
%systemd_preun yass-redir.service

%postun client
%systemd_postun_with_restart yass.service
%systemd_postun_with_restart yass-redir.service

%changelog
* Sun May 26 2024 Chilledheart <keeyou-cn@outlook.com> - 1.10.3-1
  - net: support https protocol via caddy.
* Thu May 23 2024 Chilledheart <keeyou-cn@outlook.com> - 1.10.2-1
  - net: reduce memory footprint peak and cpu peak.
* Sun May 19 2024 Chilledheart <keeyou-cn@outlook.com> - 1.10.1-1
  - net: improve buffer to 16k.
  - net: improve http2 send performance.
  - net: miscs fixes.
* Wed May 15 2024 Chilledheart <keeyou-cn@outlook.com> - 1.10.0-1
  - bump to chromium 126 dependents.
  - net: support socks4/socks4a/socks5/socks5h cipher.
* Tue May 7 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.5-1
  - ui: provide an option to turn on post quantum kyber.
* Mon May 6 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.4-1
  - ui: provide an option to turn on post quantum kyber.
* Wed May 1 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.3-1
  - bump to chromium 125 dependents (clang).
  - ca-certificates: update for 20240203.3.98 release.
* Mon Apr 29 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.2-1
  - net: fix broken --certificate_chain_file flag
* Fri Apr 19 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.1-1
  - net: fix cve-2024-32475
* Tue Apr 16 2024 Chilledheart <keeyou-cn@outlook.com> - 1.9.0-1
  - bump to chromium 125 dependents.
* Mon Apr 8 2024 Chilledheart <keeyou-cn@outlook.com> - 1.8.3-1
  - net: add dot support
* Fri Apr 5 2024 Chilledheart <keeyou-cn@outlook.com> - 1.8.2-1
  - fix (nghttp2) CVE-2024-30255
* Tue Mar 26 2024 Chilledheart <keeyou-cn@outlook.com> - 1.8.1-1
  - bump to chromium 124 dependents.
  - miscellaneous fixes
* Wed Mar 20 2024 Chilledheart <keeyou-cn@outlook.com> - 1.8.0-1
  - bump to chromium 124 dependents.
* Mon Mar 18 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.5-1
  - net: add doh support
* Sun Mar 17 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.4-1
  - net: add doh support
* Thu Mar 7 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.3-1
  - c-ares: fix CVE-2024-25629
* Thu Mar 7 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.2-1
  - c-ares: fix CVE-2024-25629
* Sat Feb 24 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.1-1
  - cli: turn off redir mode by default
* Tue Feb 20 2024 Chilledheart <keeyou-cn@outlook.com> - 1.7.0-1
  - bump to chromium 123 dependents.
* Thu Feb 15 2024 Chilledheart <keeyou-cn@outlook.com> - 1.6.4-1
  - ssl: add supplementary ca bundle support.
* Sun Feb 4 2024 Chilledheart <keeyou-cn@outlook.com> - 1.6.3-1
  - bump to chromium 122 dependents.
* Wed Jan 31 2024 Chilledheart <keeyou-cn@outlook.com> - 1.6.2-1
  - bump to chromium 122 dependents.
* Wed Jan 24 2024 Chilledheart <keeyou-cn@outlook.com> - 1.6.1-1
  - bump to chromium 122 dependents.
* Fri Jan 19 2024 Chilledheart <keeyou-cn@outlook.com> - 1.6.0-1
  - bump to chromium 122 dependents.
* Thu Jan 18 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.20-1
  - ca-certificates: update for 20230311.3.95 release.
* Tue Jan 16 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.19-1
  - gtk: quote the exec entry in autostart.
* Fri Jan 12 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.18-1
  - net: code refactor.
* Thu Jan 11 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.17-1
  - c-ares: defer c-ares init.
* Wed Jan 10 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.16-1
  - c-ares: defer c-ares init.
* Wed Jan 10 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.15-1
  - gcc: fix lto build under gold.
  - rpm: handle systemd scriptlet operations.
* Mon Jan 8 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.14-1
  - ssl: enable client-side ssl session cache.
  - ssl: deduplicate all ceritificates.
* Sun Jan 7 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.13-1
  - gtk: add server sni support.
* Sun Jan 7 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.12-1
  - gtk: add server sni support.
* Sat Jan 6 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.11-1
  - gtk: add server sni support.
* Fri Jan 5 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.10-1
  - gtk: add server sni support.
* Wed Jan 3 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.9-1
  - ca-certificates: load symbolic link as cert files.
* Wed Jan 3 2024 Chilledheart <keeyou-cn@outlook.com> - 1.5.8-1
  - ca-certificates: load symbolic link as cert files.
* Wed Dec 27 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.7-1
  - ca-certificates: update for 20230311.3.93 release.
* Tue Dec 19 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.6-1
  - man: add yass_cli and yass_server man pages.
* Thu Dec 14 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.5-1
  - ssl: use builtin ca bundle if system keystore fails.
* Wed Dec 13 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.4-1
  - Fix bad F_SETFD calls.
  - gtk: update desktop database.
* Fri Dec 8 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.3-1
  - Fix linux thread name setting.
* Tue Dec 5 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.2-1
  - Bump to chromium 121 dependents (updated).
  - Fix RPM releases.
* Mon Dec 4 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.1-1
  - Bump to chromium 121 dependents.
  - Fix use cached configuration issue.
  - Fix crash in resume from previous failure.
* Mon Dec 4 2023 Chilledheart <keeyou-cn@outlook.com> - 1.5.0-1
  - New major release.
* Sat Dec 2 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.12-1
  - Fix bad F_SETFD calls.
  - gtk: update desktop database.
* Sat Dec 2 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.11-1
  - Bump Clang.
  - Fix use cached configuration issue.
  - Fix crash in resume from previous failure.
* Sat Dec 2 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.10-1
  - Bump Clang and Abseil-Cpp.
  - Use tcmalloc be default.
  - Misc fixes.
* Thu Nov 16 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.9-1
  - Fix startup failure on the first try since version 1.4.5.
* Thu Nov 16 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.8-1
  - Some trivial changes.
* Mon Nov 6 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.7-1
  - Bump to chromium 120 dependents.
* Mon Oct 23 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.6-1
  - Better handling with SIGTERM signal.
  - Bump to chromium 119 dependents.
* Thu Oct 5 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.5-1
  - Some trivial changes.
* Wed Sep 20 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.4-1
  - Add chinese translation (GTK4).
* Mon Sep 18 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.3-1
  - Add chinese translation.
* Fri Sep 15 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.2-1
  - New minor release.
* Thu Sep 14 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.1-1
  - Bump to chromium 118 dependents.
* Thu Aug 24 2023 Chilledheart <keeyou-cn@outlook.com> - 1.4.0-1
  - New major release.
* Thu Aug 24 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.15-1
  - Add support for legacy shadowsocks stream ciphers.
  - Bump to chromium 117 dependents.
* Fri Aug 11 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.14-1
  - Prepare for downstream build.
* Wed Aug 9 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.13-1
  - Prepare for downstream build.
* Wed Aug 9 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.12-1
  - Prepare for downstream build.
* Sat Aug 5 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.11-1
  - Add system proxy support.
* Sun Jul 30 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.10-1
  - New bug-fix release.
* Sat Jul 22 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.9-1
  - Bump to chromium 116 dependents.
  - server: fix crash in hostname tlsext handling.
* Sun Jul 16 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.8-1
  - CVE/http: Fix memory leak in nghttp2 codec.
* Thu Jul 13 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.7-1
  - More complete IPv6 support.
* Tue Jul 4 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.6-1
  - Improvement of performance over http2 (client).
* Sun Jul 2 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.5-1
  - New bug-fix release.
* Fri May 26 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.4-1
  - New bug-fix release.
* Fri May 26 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.3-1
  - New bug-fix release.
* Wed Apr 26 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.2-1
  - New bug-fix release.
* Sun Apr 2 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.1-1
  - New bug-fix release.
* Mon Mar 13 2023 Chilledheart <keeyou-cn@outlook.com> - 1.3.0-1
  - New HTTP TLS Implementation.
* Wed Mar 8 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.7-1
  - New bug-fix release.
* Wed Mar 1 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.6-1
  - New bug-fix release.
* Thu Feb 16 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.5-1
  - New bug-fix release.
* Sat Feb 11 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.4-1
  - New bug-fix release.
* Fri Feb 10 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.3-1
  - New bug-fix release.
* Wed Feb 8 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.2-1
  - New bug-fix release.
* Fri Feb 3 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.1-1
  - New bug-fix release.
* Sun Jan 29 2023 Chilledheart <keeyou-cn@outlook.com> - 1.2.0-1
  - New HTTP2 Tunnel Proxy Support.
* Tue Jan 10 2023 Chilledheart <keeyou-cn@outlook.com> - 1.1.0-1
  - New bug-fix release.
* Sat Jan 22 2022 Chilledheart <keeyou-cn@outlook.com> - 1.0.0-1
  - Initial release. (Closes: #4)