%define _hardened_build 1 %global _compldir %{_datadir}/bash-completion/completions %global project_name bitcoin %bcond_with extended_tests Name: bitcoin-core Version: 23.0 Release: 1%{?dist} Summary: Peer to Peer Cryptographic Currency License: MIT URL: https://bitcoincore.org/ # In .gitignore, so no chance to commit to SCM: Source0: https://bitcoincore.org/bin/bitcoin-core-%{version}/%{project_name}-%{version}.tar.gz Source1: https://bitcoincore.org/bin/bitcoin-core-%{version}/SHA256SUMS.asc Source2: https://bitcoincore.org/bin/bitcoin-core-%{version}/SHA256SUMS # Key verificaton process - why a script that generates a list of GPG keys in public ring format? # - Keys listed to sign the release are listed inside the tarball. # - Keys can be hosted on different key servers. # - A subset of the keys listed is actually used to sign. # - Keys used to sign the release might have been revoked or removed. # - One or more keys is enough to validate the release, but there is no preferred key. # - Verification needs to happen offline. # - We don't want to touch the original SHA256SUM.asc file. # - We clearly want to see in git which keys have changed across time. Source3: %{project_name}-gpg.sh Source4: %{project_name}-gpg.inc Source5: %{project_name}-tmpfiles.conf Source6: %{project_name}.sysconfig Source7: %{project_name}.service.system Source8: %{project_name}.service.user Source9: %{project_name}-qt.protocol Source10: %{project_name}-qt.desktop # Documentation Source11: %{project_name}.conf.example Source12: README.gui.redhat Source13: README.utils.redhat Source14: README.server.redhat # Berkeley DB non-strong cryptography variant (NC): Source15: https://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz Source16: db-4.8.30.NC-format-security.patch # AppStream metadata Source17: %{project_name}-qt.metainfo.xml # All valid GPG keys that have signed the release in pubring format: %include %{SOURCE4} BuildRequires: autoconf BuildRequires: automake BuildRequires: boost-devel >= 1.64.0 BuildRequires: checkpolicy BuildRequires: desktop-file-utils BuildRequires: gnupg2 BuildRequires: libappstream-glib BuildRequires: libtool BuildRequires: miniupnpc-devel BuildRequires: procps-ng BuildRequires: python3 BuildRequires: python3-zmq BuildRequires: pkgconfig(libevent) >= 2.0.21 BuildRequires: pkgconfig(libevent_pthreads) >= 2.0.21 BuildRequires: pkgconfig(libqrencode) BuildRequires: pkgconfig(libzmq) >= 4 BuildRequires: pkgconfig(sqlite3) >= 3.7.17 BuildRequires: qt5-linguist BuildRequires: qt5-qtbase-devel BuildRequires: systemd %description Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. %package desktop Summary: Peer to Peer Cryptographic Currency Conflicts: bitcoin Provides: bundled(leveldb) = 1.22.0 Provides: bundled(libdb) = 4.8.30.NC Provides: bundled(secp256k1) = 0.1 Provides: bundled(univalue) = 1.1.3 %description desktop Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. This package contains the Qt based graphical client and node. If you are looking to run a Bitcoin wallet, this is probably the package you want. %package libs Summary: Peer-to-peer digital currency Conflicts: bitcoin-libs %description libs This package provides the bitcoinconsensus shared libraries. These libraries may be used by third party software to provide consensus verification functionality. Unless you know you need this package, you probably do not. %package devel Summary: Peer-to-peer digital currency Conflicts: bitcoin-devel Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description devel This package contains the header files and static library for the bitcoinconsensus shared library. If you are developing or compiling software that wants to link against that library, then you need this package installed. Most people do not need this package installed. %package utils Summary: Peer-to-peer digital currency Conflicts: bitcoin-utils %description utils Bitcoin is an experimental new digital currency that enables instant payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. This package provides bitcoin-cli, a utility to communicate with and control a Bitcoin server via its RPC protocol, and bitcoin-tx, a utility to create custom Bitcoin transactions. %package server Summary: Peer-to-peer digital currency Conflicts: bitcoin-server Requires(pre): shadow-utils Requires: (%{name}-selinux if selinux-policy) Provides: bundled(leveldb) = 1.22.0 Provides: bundled(libdb) = 4.8.30.NC Provides: bundled(secp256k1) = 0.1 Provides: bundled(univalue) = 1.1.3 %description server This package provides a stand-alone bitcoin-core daemon. For most users, this package is only needed if they need a full-node without the graphical client. Some third party wallet software will want this package to provide the actual bitcoin-core node they use to connect to the network. If you use the graphical bitcoin-core client then you almost certainly do not need this package. %prep # Verify that each GPG key listed as source has signed the release: for filename in %{sources}; do case "${filename}" in (*/bitcoin-*-pubring.gpg) gpgv2 --keyring=${filename} %{SOURCE1} %{SOURCE2} 2>&1 | grep "Good signature" esac done # Check the hash of the tarball, not in the same folder where we are now: grep -q $(sha256sum %{SOURCE0}) %{SOURCE2} %autosetup -p1 -n %{project_name}-%{version} # No publicly available hash file, check it against what bitcoin-core expects: export $(grep ^BDB_HASH contrib/install_db4.sh | sed -e "s/'//g") echo $BDB_HASH %{SOURCE15} | sha256sum -c # Berkeley DB: mkdir db4 tar --strip-components=1 -xzf %{SOURCE15} -C db4 patch -d db4 -p1 -i ../depends/patches/bdb/clang_cxx_11.patch patch -d db4 -p1 -i %{SOURCE16} # Documentation (sources can not be directly reference with doc) cp -p %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} . %build # Build static Berkeley DB reusing all compiler flags / hardening: pushd db4/build_unix %define _configure ../dist/configure %configure \ --disable-shared \ --enable-cxx \ --disable-replication %undefine _configure %make_build make install DESTDIR=%{_builddir}/%{buildsubdir}/db4 popd export BDB_CFLAGS="-I%{_builddir}/%{buildsubdir}/db4%{_includedir}/" export BDB_LIBS="-L%{_builddir}/%{buildsubdir}/db4%{_libdir}/ -ldb_cxx-4.8" autoreconf -vif %configure \ --disable-bench \ --disable-silent-rules \ --disable-static \ --enable-reduce-exports \ --enable-threadlocal \ --with-miniupnpc \ --with-qrencode \ --with-utils \ --with-libs \ --with-daemon \ --with-gui=qt5 %make_build %install %make_install find %{buildroot} -name "*.la" -delete # TODO: Upstream puts bitcoind in the wrong directory. Need to fix the # upstream Makefiles to install it in the correct place. mkdir -p -m 755 %{buildroot}%{_sbindir} mv %{buildroot}%{_bindir}/bitcoind %{buildroot}%{_sbindir}/bitcoind # Temporary files mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/%{project_name}.conf # Install ancillary files install -D -m600 -p %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{project_name} install -D -m644 -p %{SOURCE7} %{buildroot}%{_unitdir}/%{project_name}.service install -D -m644 -p %{SOURCE8} %{buildroot}%{_userunitdir}/%{project_name}.service install -D -m644 -p %{SOURCE9} %{buildroot}%{_datadir}/kde4/services/%{project_name}-qt.protocol install -d -m750 -p %{buildroot}%{_sharedstatedir}/%{project_name} install -d -m750 -p %{buildroot}%{_sysconfdir}/%{project_name} # Desktop file desktop-file-install --dir=%{buildroot}%{_datadir}/applications %{SOURCE10} # Icons for size in 16 32 64 128 256; do install -p -D -m 644 share/pixmaps/%{project_name}${size}.png \ %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/%{project_name}.png done rm -f %{buildroot}%{_datadir}/pixmaps/%{project_name}* # Bash completion install -D -m644 -p contrib/%{project_name}-cli.bash-completion %{buildroot}%{_compldir}/%{project_name}-cli install -D -m644 -p contrib/%{project_name}-tx.bash-completion %{buildroot}%{_compldir}/%{project_name}-tx install -D -m644 -p contrib/%{project_name}d.bash-completion %{buildroot}%{_compldir}/%{project_name}d # Server log directory mkdir -p %{buildroot}%{_localstatedir}/log/%{project_name}/ # AppStream metadata install -p -m 644 -D %{SOURCE17} %{buildroot}%{_metainfodir}/%{project_name}-qt.metainfo.xml # Remove test files so that they aren't shipped. Tests have already been run. rm -f %{buildroot}%{_bindir}/test_* %check desktop-file-validate %{buildroot}%{_datadir}/applications/%{project_name}-qt.desktop appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/%{project_name}-qt.metainfo.xml make check %if %{with extended_tests} test/functional/test_runner.py --tmpdirprefix `pwd` --extended %endif %pre server getent group %{project_name} >/dev/null || groupadd -r %{project_name} getent passwd %{project_name} >/dev/null || useradd -r -g %{project_name} -d /var/lib/%{project_name} -s /sbin/nologin \ -c "Bitcoin wallet server" %{project_name} exit 0 %post server %systemd_post %{project_name}.service %preun server %systemd_preun %{project_name}.service %postun server %systemd_postun_with_restart %{project_name}.service %files desktop %license COPYING %doc %{project_name}.conf.example README.gui.redhat README.md SECURITY.md %doc doc/assets-attribution.md doc/bips.md doc/files.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md %{_bindir}/%{project_name}-qt %{_datadir}/applications/%{project_name}-qt.desktop %{_datadir}/kde4/services/%{project_name}-qt.protocol %{_datadir}/icons/hicolor/*/apps/%{project_name}.png %{_mandir}/man1/%{project_name}-qt.1* %{_metainfodir}/%{project_name}-qt.metainfo.xml %files libs %license COPYING %doc doc/README.md SECURITY.md %{_libdir}/libbitcoinconsensus.so.0 %{_libdir}/libbitcoinconsensus.so.0.0.0 %files devel %doc doc/developer-notes.md doc/shared-libraries.md %{_bindir}/%{project_name}-util %{_includedir}/bitcoinconsensus.h %{_libdir}/libbitcoinconsensus.so %{_libdir}/pkgconfig/libbitcoinconsensus.pc %{_mandir}/man1/%{project_name}-util.1* %files utils %license COPYING %doc %{project_name}.conf.example README.utils.redhat SECURITY.md %doc doc/README.md %{_bindir}/%{project_name}-cli %{_bindir}/%{project_name}-tx %{_bindir}/%{project_name}-wallet %{_compldir}/%{project_name}-cli %{_compldir}/%{project_name}-tx %{_mandir}/man1/%{project_name}-cli.1* %{_mandir}/man1/%{project_name}-tx.1* %{_mandir}/man1/%{project_name}-wallet.1* %files server %license COPYING %doc %{project_name}.conf.example README.server.redhat SECURITY.md %doc doc/README.md doc/REST-interface.md doc/bips.md doc/dnsseed-policy.md doc/files.md doc/reduce-traffic.md doc/release-notes.md doc/tor.md doc/zmq.md %dir %attr(750,%{project_name},%{project_name}) %{_sharedstatedir}/%{project_name} %dir %attr(750,%{project_name},%{project_name}) %{_sysconfdir}/%{project_name} %dir %attr(750,%{project_name},%{project_name}) %{_localstatedir}/log/%{project_name} %ghost %{_localstatedir}/log/%{project_name}/debug.log %ghost %dir %{_rundir}/%{project_name}/ %ghost %{_rundir}/%{project_name}.pid %config(noreplace) %attr(644,root,root) %{_sysconfdir}/sysconfig/%{project_name} %{_compldir}/%{project_name}d %{_mandir}/man1/%{project_name}d.1* %{_sbindir}/%{project_name}d %{_tmpfilesdir}/%{project_name}.conf %{_unitdir}/%{project_name}.service %{_userunitdir}/%{project_name}.service %changelog * Tue Apr 26 2022 Simone Caronni - 23.0-1 - Update to 23.0. * Thu Apr 07 2022 Simone Caronni - 22.0-7 - Add AppStream metadata. * Tue Apr 05 2022 Simone Caronni - 22.0-6 - Hide extended tests behind a flag. - Allow to run the full set of extended tests including network when requested, they run fine in mock with network enabled. * Sun Jan 23 2022 Simone Caronni - 22.0-5 - Update GPG verification script (thanks Björn Persson). * Sun Oct 03 2021 Simone Caronni - 22.0-4 - Switch to bundled statically linked Berkeley DB 4.8.30 (NC). * Sat Sep 25 2021 Simone Caronni - 22.0-3 - Remove obsolete scriptlets. - With RHEL/CentOS 7 no longer a target, improve systemd unit security. - Add systemd user unit to start bitcoind in your user session. - Move bitcoin-wallet to utils subpackage for offline wallet manipulation. - Update README files. * Sat Sep 25 2021 Simone Caronni - 22.0-2 - Prepare all keys with a script and verify all keys against the signature file. Add reasoning on the process in the SPEC file. * Wed Sep 22 2021 Simone Caronni - 22.0-1 - Update to 22.0, versioning convention change. - Implement signature verification with a public GPG keyring and at least one valid signature. - Also the relative selinux package has been renamed to bitcoin-core-selinux. - Add bitcoin-util to devel subpackage. - Update docs. - Add SQLite as dependency for descriptor wallets. - Drop RHEL/CentOS 7 support. * Tue Sep 21 2021 Simone Caronni - 0.21.1-2 - Rename package to bitcoin-core. - Conflicts with bitcoin. - Desktop subpackage renamed from "core" to "desktop". * Wed May 12 2021 Simone Caronni - 0.21.1-1 - Update to 0.21.1. * Wed Mar 10 2021 Simone Caronni - 0.21.0-4 - Fix build on RHEL/CentOS 8. - Adjust SELinux requirement for server subpackage. * Wed Mar 10 2021 Simone Caronni - 0.21.0-3 - Remove requirements for utils subpackage in server subpackage. - Separate SELinux package in its own subpackage and use RPM rich booleans on Fedora and RHEL/CentOS 8+ to install the SELinux package if the base policy is installed. - Update server README. * Wed Jan 20 2021 Simone Caronni - 0.21.0-2 - Update to 0.21.0. - Remove java build requirement. - Use local folder for test output. * Fri Jan 15 2021 Simone Caronni - 0.21.0-1 - Update to 0.21.0. * Thu Nov 19 2020 Simone Caronni - 0.20.1-2 - Remove openssl/protobuf from build requirements. * Wed Oct 21 2020 Simone Caronni - 0.20.1-1 - Update to 0.20.1. * Wed Jul 22 2020 Simone Caronni - 0.20.0-7 - Use libdb 5.x instead of deprecated 4.x. Fixes build on RHEL/CentOS 8. * Tue Jul 21 2020 Simone Caronni - 0.20.0-6 - Update systemd unit. - Update configuration options. - Declared bundled libraries/forks. * Tue Jul 21 2020 Simone Caronni - 0.20.0-5 - Use HTTPS for url tag. - Reorganize sources. Add cleaned files from the packaging repository directly; bash completion snippets are now supported in the main sources. - Move check section after install and include desktop file validating in there. * Sun Jul 19 2020 Simone Caronni - 0.20.0-4 - Fix tests on RHEL/CentOS 7. * Sat Jul 18 2020 Simone Caronni - 0.20.0-3 - Add signature verification. - Trim changelog. - Fix typo in the libs description. * Tue Jun 30 2020 Simone Caronni - 0.20.0-2 - Update Source0 URL. - Do not obsolete "bitcoin", just leave the provider for it. - Let the build install the man pages. - Make sure old post scriptlets run only on RHEL/CentOS 7. - Do not install static library and archive. - Be explicit with shared object versions. - Use macros for more directories. - Use GCC 9 and not 7 to build on RHEL/CentOS 7. * Fri Jun 26 2020 Simone Caronni - 0.20.0-1 - Update to 0.20.0. * Mon May 04 2020 Simone Caronni - 0.19.1-1 - Update to 0.19.1. - Fix deprecation message with Python tests. - Trim changelog. * Fri Feb 21 2020 Simone Caronni - 0.19.0.1-2 - Fix dependencies with Python SELinux interfaces. * Tue Nov 19 2019 Simone Caronni - 0.19.0.1-1 - Update to 0.19.0.1. * Sun Nov 17 2019 Simone Caronni - 0.19.0-1 - Update to 0.19.0. * Thu Sep 12 2019 Simone Caronni - 0.18.1-1 - Update to 0.18.1. * Tue May 07 2019 Simone Caronni - 0.18.0-2 - Update systemd unit. * Mon May 06 2019 Simone Caronni - 0.18.0-1 - Update to 0.18.0. - Force C.UTF-8 for tests on Fedora and disable EPEL 7 test run. * Thu Jan 24 2019 Simone Caronni - 0.17.1-1 - Update to 0.17.1.