## START: Set by rpmautospec
## (rpmautospec version 0.3.0)
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
    release_number = 2;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec

%global with_debug 1

%if 0%{?with_debug}
%global _find_debuginfo_dwz_opts %{nil}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package   %{nil}
%endif

%global provider github
%global provider_tld com
%global project containers
%global repo oci-seccomp-bpf-hook
# https://github.com/containers/oci-seccomp-bpf-hook
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
%global git0 https://%{import_path}

%global built_tag v1.2.8
%global built_tag_strip %(b=%{built_tag}; echo ${b:1})
%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"})

# use the same arch definitions as present in the bcc package
ExclusiveArch:  x86_64 %{power64} aarch64 s390x armv7hl

Name: %{repo}
Version: %{gen_version}
License: ASL 2.0 and BSD and ISC and MIT
Release: %autorelease
Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container
URL: %{git0}
# Tarball fetched from upstream
Source0: %{url}/archive/%{built_tag}.tar.gz
BuildRequires: golang
BuildRequires: go-md2man
BuildRequires: go-rpm-macros
BuildRequires: glib2-devel
BuildRequires: glibc-devel
BuildRequires: bcc-devel
BuildRequires: git
BuildRequires: gpgme-devel
BuildRequires: libseccomp-devel
BuildRequires: make
Requires: bcc
Enhances: podman
Enhances: cri-o
# vendored libraries
# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d'
Provides: bundled(golang(github.com/iovisor/gobpf)) = v0.2.0
Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20200728170252_4d89ac9fbff6
Provides: bundled(golang(github.com/seccomp/containers_golang)) = v0.6.0
Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.9.1
Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1
Provides: bundled(golang(github.com/stretchr/testify)) = v1.4.0

%description
%{summary}
%{name} provides a library for applications looking to use
the Container Pod concept popularized by Kubernetes.

%package tests
Summary: Tests for %{name}

Requires: %{name} = %{version}-%{release}
Requires: bats
Requires: podman

%description tests
%{summary}

This package contains system tests for %{name}

%prep
%autosetup -Sgit -n %{name}-%{built_tag_strip}
sed -i 's;HOOK_BIN_DIR;%{_libexecdir}/oci/hooks.d;' %{name}.json
sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile

%build
%set_build_flags
export CGO_CFLAGS=$CFLAGS
# These extra flags present in $CFLAGS have been skipped for now as they break the build
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')

%ifarch x86_64
export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
%endif

export GO111MODULE=off
export GOPATH=$(pwd):$(pwd)/_build

mkdir _build
cd _build
mkdir -p src/%{provider}.%{provider_tld}/%{project}
ln -s ../../../../ src/%{import_path}
cd ..
ln -s vendor src

export GOPATH=$(pwd)/_build:$(pwd)
export LDFLAGS="-X main.version=%{version}"
%gobuild -o bin/%{name} %{import_path}

cd docs
go-md2man -in %{name}.md -out %{name}.1
cd ..

%install
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-nobuild
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} GOMD2MAN=go-md2man -C docs install-nobuild

install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
cp -pav test/. %{buildroot}/%{_datadir}/%{name}/test/system

%check
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
# Since we aren't packaging up the vendor directory we need to link
# back to it somehow. Hack it up so that we can add the vendor
# directory from BUILD dir as a gopath to be searched when executing
# tests from the BUILDROOT dir.
ln -s ./ ./vendor/src # ./vendor/src -> ./vendor

export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}

%if ! 0%{?gotest:1}
%global gotest go test
%endif

%gotest %{import_path}/src/%{name}
%endif

#define license tag if not already defined
%{!?_licensedir:%global license %doc}

%files
%license LICENSE
%doc README.md
%dir %{_libexecdir}/oci/hooks.d
%{_libexecdir}/oci/hooks.d/%{name}
%{_datadir}/containers/oci/hooks.d/%{name}.json
%{_mandir}/man1/%{name}.1*

%files tests
%license LICENSE
%{_datadir}/%{name}/test

%changelog
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> 1.2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Mon Oct 17 2022 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.8-1
- auto bump to v1.2.8

* Wed Oct 12 2022 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.7-1
- auto bump to v1.2.7

* Fri Oct 07 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.6-9
- Revert "auto bump to v1.2.6"

* Fri Oct 07 2022 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.6-8
- auto bump to v1.2.6

* Tue Oct 04 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.6-7
- add comment about Source0 tarball source

* Tue Oct 04 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.6-6
- adjust macros for getting correct version

* Tue Oct 04 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.6-5
- remove debbuild macros to comply with fedora guidelines

* Tue Aug 16 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.6-4
- Fix debbuild maintainer issue

* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> 1.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Tue Jul 19 2022 Maxwell G <gotmax@e.email> 1.2.6-2
- Rebuild for
  CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

* Mon Jul 11 2022 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.6-1
- auto bump to v1.2.6

* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> 1.2.5-3
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
  CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

* Fri May 27 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.5-2
- build deb packages using debbuild

* Fri Mar 25 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.5-1
- bump to v1.2.5

* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> 1.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Thu Jul 29 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.4-1
- oci-seccomp-bpf-hook-1.2.4-0.10.git7a25813
- Resolves: #1987746 - FTBFS issues

* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> 1.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Sat Jun 19 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.0.1-1
- oci-seccomp-bpf-hook-1.0.1-0.8.gitb58c502
- bump to 1.0.1
- autobuilt b58c502

* Fri Jun 11 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.4-3
- oci-seccomp-bpf-hook-1.2.4-0.7.git4f66654
- autobuilt 4f66654

* Thu May 06 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.4-2
- oci-seccomp-bpf-hook-1.2.4-0.6.git4a30d95
- autobuilt 4a30d95

* Wed Apr 28 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> 1.2.4-1
- oci-seccomp-bpf-hook-1.2.4-0.5.git1910bb0
- bump to 1.2.4
- autobuilt 1910bb0

* Thu Feb 04 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.2-6
- oci-seccomp-bpf-hook-1.2.2-0.4.git50e7112
- requires bcc

* Thu Jan 28 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.2-5
- oci-seccomp-bpf-hook-1.2.2-0.3.git50e7112
- use latest master commit to check gating tests

* Thu Jan 28 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.2-4
- temp patch to fix armv7hl build

* Thu Jan 28 2021 Ed Santiago <santiago@redhat.com> 1.2.2-3
- add gating tests

* Wed Jan 27 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.2-2
- do not build for armv7hl

* Wed Jan 27 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.2.2-1
- oci-seccomp-bpf-hook-1.2.2-0.1.git4e42394
- built latest master commit

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> 1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Fri Oct 02 2020 Jindrich Novy <jnovy@redhat.com> 1.2.0-4
- oci-seccomp-bpf-hook-1.2.0-4.fc34
- use the same arch definitions as present in the bcc package

* Fri Oct 02 2020 Jindrich Novy <jnovy@redhat.com> 1.2.0-3
- oci-seccomp-bpf-hook-1.2.0-3.fc34
- exclude also armv7hl arch as bcc is not built there

* Wed Sep 30 2020 Jindrich Novy <jnovy@redhat.com> 1.2.0-2
- oci-seccomp-bpf-hook-1.2.0-2.fc34
- fix spec file to accommodate the new upstream release

* Wed Sep 30 2020 Jindrich Novy <jnovy@redhat.com> 1.2.0-1
- oci-seccomp-bpf-hook-1.2.0-1.fc34
- update to https://github.com/containers/oci-seccomp-bpf-
  hook/releases/tag/v1.2.0

* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> 1.1.1-3
- Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> 1.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Fri Jul 17 2020 Jindrich Novy <jnovy@redhat.com> 1.1.1-1
- oci-seccomp-bpf-hook-1.1.1-1.fc33
- update to https://github.com/containers/oci-seccomp-bpf-
  hook/releases/tag/v1.1.1

* Fri Jul 17 2020 Jindrich Novy <jnovy@redhat.com> 1.1.0-2
- oci-seccomp-bpf-hook-1.1.0-2.fc33
- switch to mainline releases

* Tue May 19 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.1.0-1
- oci-seccomp-bpf-hook-1.1.0-1.1.git05a82a1
- bump version
- reuse Makefile targets

* Tue Apr 14 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> 0.0.1-7
- remove unused remote subpackage defs

* Tue Apr 14 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> 0.0.1-6
- enhances podman and cri-o

* Mon Feb 17 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> 0.0.1-5
- correct %%gobuild definition

* Mon Feb 17 2020 Lokesh Mandvekar <lsm5@fedoraproject.org>
- oci-seccomp-bpf-hook-0.0.1-0.6.gitba7bbb16
- Resolves: #1799105 - solve ftbfs and build latest upstream commit

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> 0.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Tue Nov 05 2019 Jindrich Novy <jnovy@redhat.com> 0.0.1-2
- oci-seccomp-bpf-hook-0.0.1-0.4.git3baa603a.fc32
- limit arches to only those supported by bcc so that this can be built

* Tue Nov 05 2019 Jindrich Novy <jnovy@redhat.com> 0.0.1-1
- Initial import (#1768400).