## START: Set by rpmautospec
## (rpmautospec version 0.8.4)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
    release_number = 2;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec

# Generated by rust2rpm 25
%bcond_without check

Name:           bpfman
Version:        0.6.0
Release:        %autorelease
Summary:        EBPF Program Manager

# License tag must be an "AND" connected list of all licenses for statically linked components

License:        %{shrink:
    Apache-2.0
    AND BSD-3-Clause
    AND ISC
    AND MIT
    AND MPL-2.0
    AND OpenSSL
    AND Unicode-DFS-2016
    AND Zlib
    AND (0BSD OR MIT OR Apache-2.0)
    AND (Apache-2.0 OR BSL-1.0)
    AND (Apache-2.0 OR ISC OR MIT)
    AND (Apache-2.0 OR MIT)
    AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT)
    AND (BSD-2-Clause OR Apache-2.0 OR MIT)
    AND (MIT AND BSD-3-Clause)
    AND (MIT OR Apache-2.0 OR BSD-1-Clause)
    AND (MIT OR Apache-2.0 OR Zlib)
    AND (Unlicense OR MIT)
    AND GPL-2.0-only
    AND (GPL-2.0-only OR BSD-2-Clause)
    AND (LGPL-2.1-only OR BSD-2-Clause)
    }
# License breakdown for specific files:
#
# The following files are listed as being GPL-2.0-only:
# - bpf/xdp_dispatcher_v1.bpf.c
# - bpf/xdp_dispatcher_v2.bpf.c
# - examples/go-xdp-counter/bpf/xdp_counter.c
#
# The following files are listed as being GPL-2.0-only OR BSD-2-Clause:
# - bpf/tc_dispatcher.bpf.c
# - examples/**/bpf/*.c
# - tests/**/*.bpf.c
#
# The following files are listed as being (LGPL-2.1-only OR BSD-2-Clause):
# - libbpf BPF-side headers (bpf_helpers.h, bpf_endian.h) compiled into
#   the embedded dispatcher bytecode
#
# LICENSE.dependencies contains a full license breakdown

URL:            https://bpfman.io
Source0:        https://github.com/bpfman/bpfman/archive/refs/tags/v%{version}.tar.gz
# In order to generate the vendored file run "cargo vendor --versioned dirs"
# remove "fiat-crypto-0.2.9/src/p434_64.rs" and references to it in lib.rs
# (p434 curve code related to broken SIKE is not allowed in Fedora)
# compress with "tar -Jcvf"
Source1:        bpfman-%{version}-vendor.tar.xz

# CVE-2026-31812: bump quinn-proto 0.11.10 -> 0.11.14
Patch0:         0001-bump-quinn-proto-to-0.11.14-CVE-2026-31812.patch
# CVE-2026-33056: bump tar 0.4.44 -> 0.4.45
Patch1:         0002-bump-tar-to-0.4.45-CVE-2026-33056.patch
# CVE-2026-25727: bump time 0.3.40 -> 0.3.47
Patch2:         0003-bump-time-to-0.3.47-CVE-2026-25727.patch
# CVE-2026-21895: bump rsa 0.9.8 -> 0.9.10
Patch3:         0004-bump-rsa-to-0.9.10-CVE-2026-21895.patch

# aya-obj doesn't compile in x86
ExcludeArch: %{ix86}

BuildRequires:  cargo-rpm-macros >= 25
BuildRequires:  systemd-rpm-macros
# dependency for the bundled openssl-sys crate
BuildRequires:  openssl-devel
# dependency for the bundled libz-sys crate
BuildRequires:  pkgconfig(zlib)
# dependency for the bundled cc crate
BuildRequires:  gcc
# dependency needed by aws-lc-sys crate build
BuildRequires:  cmake
BuildRequires:  clang-devel
# dependency for BPF dispatcher bytecode compilation
BuildRequires:  pkgconfig(libbpf)

%global _description %{expand:
bpfman operates as an eBPF manager, focusing on simplifying the deployment and
administration of eBPF programs.}

%description %{_description}

%prep
%autosetup -n bpfman-%{version} -p1 -a1

# License patches on the vendored directory upsets cargo when it tries to verify checksums in those files.
# If we just truncate that file list, cargo won't have anything to complain about.
find vendor -name .cargo-checksum.json \
  -exec sed -i.uncheck -e 's/"files":{[^}]*}/"files":{ }/' '{}' '+'

# Sometimes Rust sources start with #![...] attributes, and "smart" editors think
# it's a shebang and make them executable. Then brp-mangle-shebangs gets upset...
find -name '*.rs' -type f -perm /111 -exec chmod -v -x '{}' '+'

# Fix ppc64le architecture detection in BPF Makefile
# rustc target_arch is "powerpc64", not "powerpc64le"
sed -i 's/powerpc64le/powerpc64/' bpfman/bpf/Makefile

# Patch bpfman service file to be compliant with https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin
sed -i 's|/usr/sbin/bpfman-rpc|/usr/bin/bpfman-rpc|' ./scripts/bpfman.service

%cargo_prep -v vendor

%build
# Workaround for aws-lc-sys build failures on ppc64le with GCC -Werror
# https://github.com/aws/aws-lc-rs/issues/574
export AWS_LC_SYS_CFLAGS="-Wno-error=discarded-qualifiers"
%cargo_build
%{cargo_license_summary}
%{cargo_license} > LICENSE.dependencies
%{cargo_vendor_manifest}

%install
install -Dpm 0755 \
    -t %{buildroot}%{_bindir} \
    ./target/release/bpfman
install -Dpm 0755 \
    -t %{buildroot}%{_bindir} \
    ./target/release/bpfman-ns
install -Dpm 0755 \
    -t %{buildroot}%{_bindir} \
    ./target/release/bpfman-rpc
install -Dpm 644 \
    -t %{buildroot}%{_unitdir} \
    ./scripts/bpfman.socket
install -Dpm 644 \
    -t %{buildroot}%{_unitdir} \
    ./scripts/bpfman.service

%post
%systemd_post bpfman.service

%preun
%systemd_preun bpfman.service

%postun
%systemd_postun_with_restart bpfman.service

%files
%license LICENSE-APACHE
%license LICENSE-GPL2
%license LICENSE-BSD2
%license LICENSE.dependencies
%license cargo-vendor.txt
%doc README.md
%{_bindir}/bpfman
%{_bindir}/bpfman-ns
%{_bindir}/bpfman-rpc
%{_unitdir}/bpfman.socket
%{_unitdir}/bpfman.service

%if %{with check}
%check
export AWS_LC_SYS_CFLAGS="-Wno-error=discarded-qualifiers"
# Skip image_pull_* tests as require Internet to pull images from a registry
%cargo_test -- -- --skip image_pull_
%endif

%changelog
## START: Generated by rpmautospec
* Wed Apr 08 2026 Daniel Mellado <dmellado@fedoraproject.org> - 0.6.0-2
- Uncommitted changes

* Wed Apr 08 2026 Daniel Mellado <dmellado@fedoraproject.org> - 0.6.0-1
- Test v0.6.0 build

* Wed Mar 11 2026 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-6
- Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359

* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

* Fri Oct 31 2025 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-3
- Fix CVE-2025-0977: Update openssl to 0.10.70 - closes rhbz2344554

* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

* Mon Jun 23 2025 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-1
- Add patch for Cargo.lock - closes rhbz2370581

* Sat Jun 07 2025 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.6-1
- Update to version 0.5.6

* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

* Wed Dec 18 2024 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-4
- Correct sources vendor file

* Wed Dec 18 2024 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-3
- Remove forbidden RTLO characters in vendor/idna-5.0 tests

* Thu Dec 12 2024 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-2
- Disable x86 builds

* Thu Dec 12 2024 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-1
- Initial package - Closes rhbz#2269411
## END: Generated by rpmautospec