## START: Set by rpmautospec ## (rpmautospec version 0.3.0) %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 2; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec %global with_debug 1 %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 %else %global debug_package %{nil} %endif %global provider github %global provider_tld com %global project containers %global repo oci-seccomp-bpf-hook # https://github.com/containers/oci-seccomp-bpf-hook %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} %global built_tag v1.2.8 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) # use the same arch definitions as present in the bcc package ExclusiveArch: x86_64 %{power64} aarch64 s390x armv7hl Name: %{repo} Version: %{gen_version} License: ASL 2.0 and BSD and ISC and MIT Release: %autorelease Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container URL: %{git0} # Tarball fetched from upstream Source0: %{url}/archive/%{built_tag}.tar.gz BuildRequires: golang BuildRequires: go-md2man BuildRequires: go-rpm-macros BuildRequires: glib2-devel BuildRequires: glibc-devel BuildRequires: bcc-devel BuildRequires: git BuildRequires: gpgme-devel BuildRequires: libseccomp-devel BuildRequires: make Requires: bcc Enhances: podman Enhances: cri-o # vendored libraries # awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d' Provides: bundled(golang(github.com/iovisor/gobpf)) = v0.2.0 Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20200728170252_4d89ac9fbff6 Provides: bundled(golang(github.com/seccomp/containers_golang)) = v0.6.0 Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.9.1 Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1 Provides: bundled(golang(github.com/stretchr/testify)) = v1.4.0 %description %{summary} %{name} provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. %package tests Summary: Tests for %{name} Requires: %{name} = %{version}-%{release} Requires: bats Requires: podman %description tests %{summary} This package contains system tests for %{name} %prep %autosetup -Sgit -n %{name}-%{built_tag_strip} sed -i 's;HOOK_BIN_DIR;%{_libexecdir}/oci/hooks.d;' %{name}.json sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile %build %set_build_flags export CGO_CFLAGS=$CFLAGS # These extra flags present in $CFLAGS have been skipped for now as they break the build CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') %ifarch x86_64 export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" %endif export GO111MODULE=off export GOPATH=$(pwd):$(pwd)/_build mkdir _build cd _build mkdir -p src/%{provider}.%{provider_tld}/%{project} ln -s ../../../../ src/%{import_path} cd .. ln -s vendor src export GOPATH=$(pwd)/_build:$(pwd) export LDFLAGS="-X main.version=%{version}" %gobuild -o bin/%{name} %{import_path} cd docs go-md2man -in %{name}.md -out %{name}.1 cd .. %install %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-nobuild %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} GOMD2MAN=go-md2man -C docs install-nobuild install -d -p %{buildroot}/%{_datadir}/%{name}/test/system cp -pav test/. %{buildroot}/%{_datadir}/%{name}/test/system %check %if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} # Since we aren't packaging up the vendor directory we need to link # back to it somehow. Hack it up so that we can add the vendor # directory from BUILD dir as a gopath to be searched when executing # tests from the BUILDROOT dir. ln -s ./ ./vendor/src # ./vendor/src -> ./vendor export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %if ! 0%{?gotest:1} %global gotest go test %endif %gotest %{import_path}/src/%{name} %endif #define license tag if not already defined %{!?_licensedir:%global license %doc} %files %license LICENSE %doc README.md %dir %{_libexecdir}/oci/hooks.d %{_libexecdir}/oci/hooks.d/%{name} %{_datadir}/containers/oci/hooks.d/%{name}.json %{_mandir}/man1/%{name}.1* %files tests %license LICENSE %{_datadir}/%{name}/test %changelog * Thu Jan 19 2023 Fedora Release Engineering 1.2.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Oct 17 2022 RH Container Bot 1.2.8-1 - auto bump to v1.2.8 * Wed Oct 12 2022 RH Container Bot 1.2.7-1 - auto bump to v1.2.7 * Fri Oct 07 2022 Lokesh Mandvekar 1.2.6-9 - Revert "auto bump to v1.2.6" * Fri Oct 07 2022 RH Container Bot 1.2.6-8 - auto bump to v1.2.6 * Tue Oct 04 2022 Lokesh Mandvekar 1.2.6-7 - add comment about Source0 tarball source * Tue Oct 04 2022 Lokesh Mandvekar 1.2.6-6 - adjust macros for getting correct version * Tue Oct 04 2022 Lokesh Mandvekar 1.2.6-5 - remove debbuild macros to comply with fedora guidelines * Tue Aug 16 2022 Lokesh Mandvekar 1.2.6-4 - Fix debbuild maintainer issue * Fri Jul 22 2022 Fedora Release Engineering 1.2.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Maxwell G 1.2.6-2 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Mon Jul 11 2022 RH Container Bot 1.2.6-1 - auto bump to v1.2.6 * Sat Jun 18 2022 Robert-André Mauchin 1.2.5-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 * Fri May 27 2022 Lokesh Mandvekar 1.2.5-2 - build deb packages using debbuild * Fri Mar 25 2022 Lokesh Mandvekar 1.2.5-1 - bump to v1.2.5 * Thu Jan 20 2022 Fedora Release Engineering 1.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 29 2021 Lokesh Mandvekar 1.2.4-1 - oci-seccomp-bpf-hook-1.2.4-0.10.git7a25813 - Resolves: #1987746 - FTBFS issues * Thu Jul 22 2021 Fedora Release Engineering 1.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sat Jun 19 2021 RH Container Bot 1.0.1-1 - oci-seccomp-bpf-hook-1.0.1-0.8.gitb58c502 - bump to 1.0.1 - autobuilt b58c502 * Fri Jun 11 2021 RH Container Bot 1.2.4-3 - oci-seccomp-bpf-hook-1.2.4-0.7.git4f66654 - autobuilt 4f66654 * Thu May 06 2021 RH Container Bot 1.2.4-2 - oci-seccomp-bpf-hook-1.2.4-0.6.git4a30d95 - autobuilt 4a30d95 * Wed Apr 28 2021 RH Container Bot 1.2.4-1 - oci-seccomp-bpf-hook-1.2.4-0.5.git1910bb0 - bump to 1.2.4 - autobuilt 1910bb0 * Thu Feb 04 2021 Lokesh Mandvekar 1.2.2-6 - oci-seccomp-bpf-hook-1.2.2-0.4.git50e7112 - requires bcc * Thu Jan 28 2021 Lokesh Mandvekar 1.2.2-5 - oci-seccomp-bpf-hook-1.2.2-0.3.git50e7112 - use latest master commit to check gating tests * Thu Jan 28 2021 Lokesh Mandvekar 1.2.2-4 - temp patch to fix armv7hl build * Thu Jan 28 2021 Ed Santiago 1.2.2-3 - add gating tests * Wed Jan 27 2021 Lokesh Mandvekar 1.2.2-2 - do not build for armv7hl * Wed Jan 27 2021 Lokesh Mandvekar 1.2.2-1 - oci-seccomp-bpf-hook-1.2.2-0.1.git4e42394 - built latest master commit * Tue Jan 26 2021 Fedora Release Engineering 1.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Oct 02 2020 Jindrich Novy 1.2.0-4 - oci-seccomp-bpf-hook-1.2.0-4.fc34 - use the same arch definitions as present in the bcc package * Fri Oct 02 2020 Jindrich Novy 1.2.0-3 - oci-seccomp-bpf-hook-1.2.0-3.fc34 - exclude also armv7hl arch as bcc is not built there * Wed Sep 30 2020 Jindrich Novy 1.2.0-2 - oci-seccomp-bpf-hook-1.2.0-2.fc34 - fix spec file to accommodate the new upstream release * Wed Sep 30 2020 Jindrich Novy 1.2.0-1 - oci-seccomp-bpf-hook-1.2.0-1.fc34 - update to https://github.com/containers/oci-seccomp-bpf- hook/releases/tag/v1.2.0 * Sat Aug 01 2020 Fedora Release Engineering 1.1.1-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering 1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jul 17 2020 Jindrich Novy 1.1.1-1 - oci-seccomp-bpf-hook-1.1.1-1.fc33 - update to https://github.com/containers/oci-seccomp-bpf- hook/releases/tag/v1.1.1 * Fri Jul 17 2020 Jindrich Novy 1.1.0-2 - oci-seccomp-bpf-hook-1.1.0-2.fc33 - switch to mainline releases * Tue May 19 2020 Lokesh Mandvekar 1.1.0-1 - oci-seccomp-bpf-hook-1.1.0-1.1.git05a82a1 - bump version - reuse Makefile targets * Tue Apr 14 2020 Lokesh Mandvekar 0.0.1-7 - remove unused remote subpackage defs * Tue Apr 14 2020 Lokesh Mandvekar 0.0.1-6 - enhances podman and cri-o * Mon Feb 17 2020 Lokesh Mandvekar 0.0.1-5 - correct %%gobuild definition * Mon Feb 17 2020 Lokesh Mandvekar - oci-seccomp-bpf-hook-0.0.1-0.6.gitba7bbb16 - Resolves: #1799105 - solve ftbfs and build latest upstream commit * Wed Jan 29 2020 Fedora Release Engineering 0.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Nov 05 2019 Jindrich Novy 0.0.1-2 - oci-seccomp-bpf-hook-0.0.1-0.4.git3baa603a.fc32 - limit arches to only those supported by bcc so that this can be built * Tue Nov 05 2019 Jindrich Novy 0.0.1-1 - Initial import (#1768400).