Name:           postfix-tlspol
Version:        1.9.1
Release:        0%{?dist}
Summary:        Lightweight MTA-STS + DANE/TLSA resolver and TLS policy server for Postfix, prioritizing DANE

License:        MIT and GPLv3+

%global common_description %{expand:
Lightweight MTA-STS + DANE/TLSA resolver and TLS policy server for Postfix,
prioritizing DANE.}

%global debug_package %{nil}
%define _unpackaged_files_terminate_build 0
%global goipath         github.com/Zuplu/postfix-tlspol
%if 0%{?rhel} == 8
%gometa
%else
%gometa -L -f
%endif
URL:		%{gourl}

# Comment to build directly from git source along with lines in %prep section
Source0:        %{archivename}.tar.gz

BuildRequires:  git golang go-srpm-macros systemd-rpm-macros
%if 0%{?rhel} >= 9
BuildRequires:	go-rpm-macros
%endif

%description %{common_description}

%prep
# Uncomment the following to build directly from git source 
#cd %{_builddir}
#git clone %{URL}
#mv %{_builddir}/postfix-tlspol %{_builddir}/%{archivename}
#
# Comment out the line below and Source0 above to build directly from git source 
%setup

%build
# To include CPU detection and optimization and other features, paste script from the ./scripts/build.sh example here.
# Allow golang upgrade to match toolchain version specified in ./go.mod (set GOTOOLCHAIN=local to disable, or auto to enable).
export GOTOOLCHAIN=auto
# Use pure golang. Don't use any gcc libraries.
export CGO_ENABLED=0

%ifarch aarch64
export GOARCH=arm64
%endif
%ifarch x86_64
export GOARCH=amd64
%endif


printf "Version: %version\n"
cd %{_builddir}/%{archivename}
mkdir -p build
if go build -buildmode=exe -trimpath -tags netgo -ldflags="-d -extldflags='-static' -s -X 'main.Version=%version'" -o build/postfix-tlspol .; then
    printf "Build succeeded!\n"
  else
    printf "Build failed!\n"
    exit 1
fi


%install
install -m 0755 -vd                     %{buildroot}%{_bindir}
%__install -Dm 755 "%{_builddir}/%{archivename}/build/postfix-tlspol" "%{buildroot}%{_bindir}/"
%__install -Dm 644 "%{_builddir}/%{archivename}/configs/config.default.yaml" "%{buildroot}%{_sysconfdir}/postfix-tlspol/config.yaml"
%__install -Dm 644 "%{_builddir}/%{archivename}/README.md" "%{buildroot}%{_pkgdocdir}/README.md"
%__install -Dm 644 "%{_builddir}/%{archivename}/SECURITY.md" "%{buildroot}%{_pkgdocdir}/SECURITY.md"
%__install -Dm 644 "%{_builddir}/%{archivename}/CHANGELOG.md" "%{buildroot}%{_pkgdocdir}/CHANGELOG.md"
%__install -Dm 644 "%{_builddir}/%{archivename}/.github/FUNDING.yaml" "%{buildroot}%{_pkgdocdir}/FUNDING.yaml"

##### As of v1.9.1 drop "test.sh" since it does not work in an rpm context
#%__install -Dm 755 "%{_builddir}/%{archivename}/scripts/test.sh" "%{buildroot}/usr/local/bin/postfix-tlspol/test.sh"
##### As of v1.9.1 socket unit file added and systemd method changed from a service to a socket
%__install -Dm 644 "%{_builddir}/%{archivename}/init/postfix-tlspol.socket" "%{buildroot}%{_unitdir}/postfix-tlspol.socket"
%__install -Dm 644 "%{_builddir}/%{archivename}/init/postfix-tlspol.service" "%{buildroot}%{_unitdir}/postfix-tlspol.service"
%__install -Dm 644 "%{_builddir}/%{archivename}/LICENSE" "%{buildroot}/usr/share/licenses/postfix-tlspol/LICENSE"
##### As of v1.9.1 integrated metrics available via grafana
%__install -Dm 644 "%{_builddir}/%{archivename}/assets/README.md" "%{buildroot}%{_sysconfdir}/postfix-tlspol/metrics/README.md"
%__install -Dm 644 "%{_builddir}/%{archivename}/assets/grafana-postfix-tlspol-dashboard.json" "%{buildroot}%{_sysconfdir}/postfix-tlspol/metrics/grafana-postfix-tlspol-dashboard.json"


# Change default DNS Server IP Address to 127.0.0.1:53
sed -i 's/53\:53/1\:53/g' %{buildroot}%{_sysconfdir}/postfix-tlspol/config.yaml
##### As of v1.9.1 OOMPolicy=continue added to service unit file, but it only works for EL >= 9
%if 0%{?rhel} < 9
sed -i '/OOMPolicy=continue/s/^/#/' %{buildroot}%{_unitdir}/postfix-tlspol.service
%endif
##### As of v1.9.1 "query.sh" was removed from the package, now commented out below
#%__install -Dm 755 "%{_builddir}/%{archivename}/scripts/query.sh" "%{buildroot}/usr/local/bin/postfix-tlspol/query.sh"

#####
##### As of v1.9.1 socket unit file added and systemd method changed from a service to a socket
##### socket now runs instead of service. %post, %preun, %postun changed to make unit behaviour match
#####

%post
%systemd_post postfix-tlspol.socket
%systemd_post postfix-tlspol.service

##### This part only runs during upgrades ($1 == 2) Added at v1.9.1
#
# In v1.9.1 the systemd method changed from a service to a socket
# For upgrades from package version still using a service that was enabled at the the time of upgrade,
# This macro enables and starts the socket automatically to replace the service as part of the upgrade
# but only if the service it replaces was already running.
if [ $1 -eq 2 ]; then
    if /usr/bin/systemctl is-active --quiet postfix-tlspol.service; then
        # STOP the service first and WAIT for it to exit
        /usr/bin/systemctl stop postfix-tlspol.service >/dev/null 2>&1 || :
        
        # DISABLE it so it doesn't come back on reboot
        /usr/bin/systemctl disable postfix-tlspol.service >/dev/null 2>&1 || :

        # Only NOW start the socket
        /usr/bin/systemctl enable --now postfix-tlspol.socket >/dev/null 2>&1 || :
    fi
fi

#### Anticipating users will not easily find how to manually enable and start the socket
#### so doing this automatically for new installs. The default config files supports this approach.
#### Comment out if not preferred.
if [ $1 -eq 1 ]; then
    /usr/bin/systemctl enable --now postfix-tlspol.socket >/dev/null 2>&1 || :
fi

%preun
%systemd_preun postfix-tlspol.service
%systemd_preun postfix-tlspol.socket

%postun
%systemd_postun_with_restart postfix-tlspol.socket

%posttrans
##### As of v1.9.1 /usr/local/bin/postfix-tlspol can be removed if empty
if [ -d /usr/local/bin/postfix-tlspol ]; then
    rmdir /usr/local/bin/postfix-tlspol 2>/dev/null || :
fi

%files
%{_bindir}/postfix-tlspol
%{_defaultlicensedir}/postfix-tlspol/LICENSE
%config(noreplace) %{_sysconfdir}/postfix-tlspol/config.yaml
%{_pkgdocdir}/*
###### As of v1.9.1 preserve systemd unit config
%config(noreplace) %{_unitdir}/postfix-tlspol.service
%config(noreplace) %{_unitdir}/postfix-tlspol.socket
###### As of v1.9.1 copy Grafana metrics example
%{_sysconfdir}/postfix-tlspol/metrics/*
###### As of v1.9.1 deprecated
#/usr/local/bin/postfix-tlspol/*.sh


%changelog

* Tue Apr 21 2026 Michael Webb <gf101@integrilog.com> 1.9.1-0
- Upstream release update. Transition to systemd socket.
- Incorporate OOMPolicy and Grafana metrics example.
- Clean up deprecated script files and folders.
- Preserve customizations to systemd unit files.  

* Fri Mar 13 2026 Michael Webb <gf101@integrilog.com> 1.8.27-0
- Upstream release update

* Mon Aug 25 2025 Michael Webb <gf101@integrilog.com> 1.8.14-1
- Upstream release update

* Wed Aug 20 2025 Michael Webb <gf101@integrilog.com> - 1.8.13-1
- Upstream release update

* Wed Jul 30 2025 Peter Ajamian <pj@ghettoforge.net> - 1.8.12-3
- Remove version from the spec file name.
- Force local go toochain.
- Don't use the -L or -f flags for EL8

* Tue Jul 29 2025 Michael Webb <gf101@integrilog.com> - 1.8.12-2
- Preference to reuse same source tarball for rebuild consistency instead of git
  refresh
- Preference to match toolchain specified in go.mod

* Mon Jul 28 2025 Michael Webb <gf101@integrilog.com> - 1.8.12-1
- Initial build For EL 9