Spec file update

Replace it at build time instead so it's easier to change

root/etc/e-smith/templates/etc/e-smith/sql/init/tt-rss/80tt-rss

@@ -11,7 +11,7 @@ if [ \! -d /var/lib/mysql/$db ]; then
     /usr/bin/mysqladmin create $db
     /usr/bin/mysql $db < $schema
 else
-    su -s /bin/bash - www -c "cd /usr/share/tt-rss && echo 'yes' | /usr/bin/php ./update.php --update-schema"
+    su -s /bin/bash - www -c "cd /usr/share/tt-rss && echo 'yes' | /usr/bin/php__PHP_VERSION__ ./update.php --update-schema"
 fi
 
 /usr/bin/mysql <<EOF

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig10ttrss

@@ -0,0 +1,9 @@
+{
+if ($fastcgi_mod eq 'mod_fastcgi'){
+  $OUT .=<<_EOF;
+Action phptt-rss-fastcgi /php-cgi-bin/phptt-rss-wrapper
+Alias /php-cgi-bin/phptt-rss-wrapper /var/www/php-cgi-bin/phptt-rss-wrapper
+FastCgiExternalServer /var/www/php-cgi-bin/phptt-rss-wrapper -socket /var/run/php-fpm/php__PHP_VERSION__-tt-rss.sock -pass-header Authorization -idle-timeout 120
+_EOF
+}
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90tt-rss

@@ -6,18 +6,36 @@ if ((${'tt-rss'}{'status'} || 'enabled') eq 'enabled'){
     my $allow = ((${'tt-rss'}{'access'} || 'private') eq 'public') ? 'all':"$localAccess $externalSSLAccess";
     my $auth = ((${'tt-rss'}{'Authentication'} || 'http') eq 'http') ? "AuthName \"Tiny Tiny RSS\"\n" .
                     "    AuthType Basic\n" .
+                    "    AuthBasicProvider external\n" .
                     "    AuthExternal pwauth\n" .
                     "    Require valid-user\n" : '';
 
-    $OUT .=<<"HERE";
-
-$alias
-
-<Directory /usr/share/tt-rss>
+  my $php =<<'_EOF';
     AddType application/x-httpd-php .php
     php_admin_value open_basedir /usr/share/tt-rss:/var/lock/tt-rss:/var/cache/tt-rss:/tmp
     php_admin_value memory_limit 80M
     php_admin_flag allow_url_fopen on
+_EOF
+
+  if ($fastcgi_mod eq 'mod_fastcgi'){
+    $php =<<'_EOF';
+    AddHandler phptt-rss-fastcgi .php
+_EOF
+  }
+  elsif ($fastcgi_mod eq 'mod_proxy_fcgi'){
+    $php =<<'_EOF';
+     <FilesMatch \.php$>
+         SetHandler "proxy:unix:/var/run/php-fpm/php__PHP_VERSION__-tt-rss.sock|fcgi://localhost"
+     </FilesMatch>
+_EOF
+  }
+
+    $OUT .=<<"_EOF";
+
+$alias
+
+<Directory /usr/share/tt-rss>
+$php
     SSLRequireSSL on
     Order deny,allow
     Deny from all
@@ -27,7 +45,7 @@ $alias
 <Directory /usr/share/tt-rss/schema>
     deny from all
 </Directory>
-HERE
+_EOF
 }
 else{
     $OUT .= "    # TT-RSS is disabled\n";

root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20tt-rss

@@ -0,0 +1,49 @@
+{
+if ($PHP_VERSION eq '__PHP_VERSION__'){
+  if ((${'tt-rss'}{status} || 'disabled') eq 'enabled'){
+    my $id = 'tt-rss';
+    $OUT .=<<_EOF;
+
+[php$PHP_VERSION-$id]
+user = www
+group = www
+listen.owner = root
+listen.group = www
+listen.mode = 0660
+listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 4
+pm.max_requests = 1000
+request_terminate_timeout = 30
+php_admin_value[session.save_path] = /var/lib/php/$id/session
+php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
+php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
+php_admin_value[error_log] = /var/log/php/$id/error.log
+slowlog = /var/log/php/$id/slow.log
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 128M
+php_admin_value[max_execution_time] = 30
+php_admin_value[post_max_size] = 2M
+php_admin_value[upload_max_filesize] = 1M
+php_admin_value[max_input_time] = 60
+php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = /usr/share/tt-rss:/var/lock/tt-rss:/var/cache/tt-rss:/var/lib/php/tt-rss
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_upload] = off
+php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[allow_url_include] = off
+php_admin_value[session.save_handler] = files
+
+_EOF
+  }
+  else{
+    $OUT .= '; Tiny Tiny RSS is disabled';
+  }
+}
+}

root/etc/e-smith/templates/usr/share/tt-rss/config.php/15directories

@@ -1,4 +1,4 @@
-        define('SELF_URL_PATH', '');
+        define('SELF_URL_PATH', '{ ${'tt-rss'}{'Uri'} || 'https://' . $SystemName . '.' . $DomainName . '/tt-rss' }');
         // Full URL of your tt-rss installation. This should be set to the
         // location of tt-rss directory, e.g. http://yourserver/tt-rss/
         // You need to set this option correctly otherwise several features
@@ -13,10 +13,10 @@
         // Unless you really know what you're doing, please keep those relative
         // to tt-rss main directory.
 
-        define('TMP_DIRECTORY', '/tmp');
+        define('TMP_DIRECTORY', '/var/lib/php/tt-rss/tmp');
         // Directory for temporary files
 
-        define('PHP_EXECUTABLE', '/usr/bin/php');
+        define('PHP_EXECUTABLE', '/usr/bin/php__PHP_VERSION__');
         // Path to PHP executable
 
         define('LOCK_DIRECTORY', '/var/lock/tt-rss');

root/etc/e-smith/templates/usr/share/tt-rss/config.php/25auth

@@ -35,13 +35,6 @@ HERE
         // configurations. Doesn't seem to work for everyone, so enable with caution.
         // tt-rss uses default PHP session storing mechanism if disabled.
 
-        define('SESSION_CHECK_ADDRESS', 1);
-        // Check client IP address when validating session:
-        // 0 - disable checking
-        // 1 - check first 3 octets of an address (recommended)
-        // 2 - check first 2 octets of an address
-        // 3 - check entire address
-
         define('SESSION_COOKIE_LIFETIME', 0);
         // Default lifetime of a session (e.g. login) cookie. In seconds, 
         // 0 means cookie will be deleted when browser closes.

root/var/service/tt-rss/run

@@ -1,25 +1,8 @@
 #!/bin/sh
 
 #----------------------------------------------------------------------
-# copyright (C) 2010-2011 Firewall-Services
+# copyright (C) 2010-2017 Firewall-Services
 # daniel@firewall-services.com
-# 
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
-# 
-# Technical support for this program is available from Mitel Networks 
-# Please visit our web site www.mitel.com/sme/ for details.
 #----------------------------------------------------------------------
 
 
@@ -29,5 +12,5 @@ cd /usr/share/tt-rss
 
 exec \
     /usr/local/bin/setuidgid www \
-    /usr/bin/php ./update.php --daemon
+    /usr/bin/php__PHP_VERSION__ ./update.php --daemon
 

smeserver-tt-rss.spec

@@ -2,11 +2,13 @@
 # Name: Daniel Berteaud
 
 %define name smeserver-tt-rss
-%define version 0.2.8
+%define version 0.3.0
 %define release 1
+%define phpversion 71
 Summary: sme server integration of tt-rss
 Name: %{name}
 Version: %{version}
+Epoch: 9
 Release: %{release}%{?dist}
 License: GNU GPL version 2
 URL: http://www.zabbix.com/
@@ -17,8 +19,9 @@ BuildArchitectures: noarch
 BuildRequires: e-smith-devtools
 BuildRoot: /var/tmp/%{name}-%{version}
 Requires: e-smith-release
-Requires: tt-rss >= 1.7.9
+Requires: tt-rss >= 20170713
 Requires: smeserver-webapps-common
+Requires: smeserver-php-fpm
 AutoReqProv: no
 
 %description
@@ -26,6 +29,22 @@ smserver integration of TIny Tiny RSS
 Tiny Tiny RSS is a feature rich, web based feed reader
 
 %changelog
+* Thu Jul 13 2017 Daniel Berteaud <daniel@firewall-services.com> 0.3.0-1.sme
+- Switch to php fpm, using PHP 7.1
+- Support tt-rss 20170713
+
+* Tue Feb 16 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1.sme
+- Remove SESSION_CHECK_ADDRESS
+
+* Mon Jun 29 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
+- Adapt templates for 20150629
+
+* Mon Jun 29 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
+- Adapt conf templates for 20150629
+
+* Tue Apr 22 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
+- Fix basic auth on SME9
+
 * Thu Feb 6 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
 - Fix database upgrades
 
@@ -86,13 +105,22 @@ Tiny Tiny RSS is a feature rich, web based feed reader
 %setup
 %build
 perl ./createlinks
+find root/ -type f | xargs grep -l __PHP_VERSION__ | xargs sed -i -e "s/__PHP_VERSION__/%{phpversion}/g"
 %{__mkdir_p} root/var/log/tt-rss
+%{__mkdir_p} root/var/log/php/tt-rss
+%{__mkdir_p} root/var/lib/php/tt-rss/{tmp,wsdlcache,opcache,session}
 
 %install
 rm -rf $RPM_BUILD_ROOT
 (cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
 rm -f %{name}-%{version}-filelist
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+  --dir /var/log/php/tt-rss 'attr(0770,root,www)' \
+  --dir /var/lib/php/tt-rss 'attr(0770,root,www)' \
+  --dir /var/lib/php/tt-rss/tmp 'attr(0770,root,www)' \
+  --dir /var/lib/php/tt-rss/session 'attr(0770,root,www)' \
+  --dir /var/lib/php/tt-rss/wsdlcache 'attr(0770,root,www)' \
+  --dir /var/lib/php/tt-rss/opcache 'attr(0770,root,www)' \
   --file /var/service/tt-rss/run 'attr(0755,root,root)' \
   --file /var/service/tt-rss/log/run 'attr(0755,root,root)' \
   --dir /var/log/tt-rss 'attr(0770,root,smelog)' \