## START: Set by rpmautospec ## (rpmautospec version 0.8.1) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 1; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec %global extension postgresql_anonymizer %global pgversion 16 %global postgres_version %{pgversion}.8 %global pgrx_version 0.14.3 %global pg_config /tmp/pgsql%{_bindir}/pg_config # postgresql conditions for easy handling of %%configure # during the build of postgresql %{!?upgrade:%global upgrade 1} %{!?plpython3:%global plpython3 1} %{!?pltcl:%global pltcl 1} %{!?plperl:%global plperl 1} %{!?ssl:%global ssl 1} %{!?icu:%global icu 1} %{!?kerberos:%global kerberos 1} %{!?ldap:%global ldap 1} %{!?nls:%global nls 1} %{!?uuid:%global uuid 1} %{!?xml:%global xml 1} %{!?pam:%global pam 1} %{!?selinux:%global selinux 1} Name: %{extension} Version: 2.3.0 Release: %autorelease Summary: Mask or replace personally identifiable information (PII) or sensitive data # postgresql_anonymizer: PostgreSQL # Rust dependencies: # (MIT OR Apache-2.0) # NCSA # Unicode-3.0 # (0BSD OR MIT OR Apache-2.0) # (Apache-2.0 OR BSL-1.0) # (Apache-2.0 OR MIT) # (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) # Apache-2.0 WITH LLVM-exception # BSD-2-Clause # BSD-3-Clause # (CC0-1.0 OR Apache-2.0) # (MIT OR Apache-2.0 OR LGPL-2.1-or-later) # (MIT OR Apache-2.0 OR Zlib) # (MIT OR Apache-2.0) # (MIT OR Zlib OR Apache-2.0) # MIT # (Unlicense OR MIT) # (Zlib OR Apache-2.0 OR MIT) # Zlib License: %{shrink: PostgreSQL AND (MIT OR Apache-2.0) AND NCSA AND Unicode-3.0 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND Apache-2.0 WITH LLVM-exception AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (MIT OR Apache-2.0 OR LGPL-2.1-or-later) AND (MIT OR Apache-2.0 OR Zlib) AND (MIT OR Apache-2.0) AND (MIT OR Zlib OR Apache-2.0) AND MIT AND (Unlicense OR MIT) AND (Zlib OR Apache-2.0 OR MIT) AND Zlib } URL: https://gitlab.com/dalibo/%{extension} Source0: https://gitlab.com/dalibo/%{extension}/-/archive/%{version}/%{extension}-%{version}.tar.gz # Generated with script below (like https://src.fedoraproject.org/rpms/task/blob/rawhide/f/task.spec) Source1: %{extension}-%{version}-vendored.tar.xz # To create a tarball with all crates vendored (like https://src.fedoraproject.org/rpms/loupe/blob/rawhide/f/loupe.spec) Source2: create-vendored-tarball.sh # Because of how modules work, we need to build postgres locally Source3: https://ftp.postgresql.org/pub/source/v%{postgres_version}/postgresql-%{postgres_version}.tar.bz2 # Change default feature to the correct pg version and remove tests from dependencies, the lack of tests is justified below Patch: anonymizer-cargo.patch # drop i686 support # linker error because anonymizer seems to not work on ppc64 ExcludeArch: %{ix86} %{power64} BuildRequires: rustfmt BuildRequires: clang BuildRequires: bison-devel BuildRequires: readline-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: wget BuildRequires: ccache BuildRequires: cargo-rpm-macros >= 26 # BuildRequires for postgresql BuildRequires: lz4-devel BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk BuildRequires: perl(ExtUtils::Embed), perl-devel BuildRequires: perl(Opcode) BuildRequires: perl-generators BuildRequires: readline-devel zlib-devel BuildRequires: multilib-rpm-config BuildRequires: docbook-style-xsl #aditional BuildRequires for postgresql that can be #turned off using the vars above %if %plpython3 BuildRequires: python3-devel %endif %if %pltcl BuildRequires: tcl-devel %endif %if %ssl BuildRequires: openssl-devel %endif %if %kerberos BuildRequires: krb5-devel %endif %if %ldap BuildRequires: openldap-devel %endif %if %nls BuildRequires: gettext >= 0.10.35 %endif %if %uuid BuildRequires: uuid-devel %endif %if %xml BuildRequires: libxml2-devel libxslt-devel %endif %if %pam BuildRequires: pam-devel %endif %if %selinux BuildRequires: libselinux-devel %endif %if %icu BuildRequires: libicu-devel %endif Requires: postgresql-server > 16 postgresql-server < 17 # There is really no postgres code included in the binary, so it probably isn't # necessary to provide these, but a more in-depth discusison should be had as the # guidelines aren't really clear on this. Including for now because it does no harm # and enables easier discovery in case of CVEs, which can still happen probably. # muPDF also provides -devel packages justifying it as "being the safer choice": # https://src.fedoraproject.org/rpms/mupdf/blob/epel9/f/mupdf.spec Provides: bundled(postgresql-server) = %{postgres_version} %description PostgreSQL Anonymizer is an extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database. The project has a declarative approach of anonymization. This means you can declare the masking rules using the PostgreSQL Data Definition Language (DDL) and specify your anonymization policy inside the table definition itself. %prep %setup -q -a1 -a3 -n %{extension}-%{version} %patch -P0 -p1 # temporary until upstream fixes it find . -name ".DS_Store" -type f -delete %{cargo_prep -v vendor} %build # build postgres first cd postgresql-%{postgres_version} common_configure_options=' --disable-rpath %if %plperl --with-perl %endif %if %pltcl --with-tcl --with-tclconfig=/usr/%_lib %endif %if %ldap --with-ldap %endif %if %ssl --with-openssl %endif %if %pam --with-pam %endif %if %kerberos --with-gssapi %endif %if %uuid --with-ossp-uuid %endif %if %xml --with-libxml --with-libxslt %endif %if %nls --enable-nls %endif %if %selinux --with-selinux %endif --with-system-tzdata=/usr/share/zoneinfo --datadir=%_datadir/pgsql --with-lz4 %if %icu --with-icu %endif %if %plpython3 --with-python %endif ' #holds the installed files from postgresql mkdir -p /tmp/pgsql %configure $common_configure_options %make_build make install DESTDIR=/tmp/pgsql cd .. export LD_LIBRARY_PATH=/tmp/pgsql%{_libdir} mkdir -p $HOME/.cargo/bin # using normal cargo instead of the macros because `make extension` uses it too and needs to be able to find cargo pgrx # cannot build all of pgrx since pgrx-pg-sys (and anonymizer) depends on `cargo pgrx init` being called first export RUSTC_BOOTSTRAP=1 export RUSTFLAGS='%{build_rustflags}' cargo build %{?_smp_mflags} --profile rpm --manifest-path vendor/cargo-pgrx-%{pgrx_version}/Cargo.toml cp vendor/cargo-pgrx-%{pgrx_version}/target/rpm/cargo-pgrx $HOME/.cargo/bin cargo pgrx init --pg%{pgversion} %{pg_config} %make_build extension PG_CONFIG=%{pg_config} PGVER=pg%{pgversion} %cargo_license_summary %{cargo_license} > LICENSE.dependencies %cargo_vendor_manifest %install export TARGET_DIR=target/release/anon-pg%{pgversion}/ export COMMON_SHAREDIR=$(%{pg_config} --sharedir) export COMMON_PKGLIBDIR=$(%{pg_config} --pkglibdir) mkdir -p %{?buildroot}$COMMON_SHAREDIR/extension %{?buildroot}$COMMON_PKGLIBDIR # unfortunate hack around an impermissive makefile %make_install PG_CONFIG=%{pg_config} PGVER=pg%{pgversion} \ PG_SHAREDIR=%{?buildroot}$COMMON_SHAREDIR PG_PKGLIBDIR=%{?buildroot}$COMMON_PKGLIBDIR \ TARGET_SHAREDIR=$TARGET_DIR$COMMON_SHAREDIR TARGET_PKGLIBDIR=$TARGET_DIR$COMMON_PKGLIBDIR # move the installed files from /tmp/pgsql mkdir -p %{?buildroot}%{_datadir} %{?buildroot}%{_libdir} mv %{?buildroot}/tmp/pgsql%{_datadir}/* %{?buildroot}%{_datadir} mv %{?buildroot}/tmp/pgsql%{_libdir}/postgresql %{?buildroot}%{_libdir}/pgsql # integration tests (make installcheck) and pg_tests are impossible to run here since postgres hardcodes # where it looks for extensions, the pgrx_tests package also requires root access to be installed and run, # and we have not built pgtests_start and do not have postgresql_pkg_tests.sh on this system # therefore, we can only run unit tests %check cargo pgrx test -rv pg%{pgversion} ::test_ %files %{_libdir}/pgsql/anon.so %{_datadir}/pgsql/extension/anon--%{version}.sql %{_datadir}/pgsql/extension/anon.control %{_datadir}/pgsql/extension/anon %license LICENSE.md %license LICENSE.dependencies %license cargo-vendor.txt # not copying the docs/ folder since it is too large and contains no manfiles %doc AUTHORS.md CHANGELOG.md NEWS.md README.md %changelog ## START: Generated by rpmautospec * Thu Sep 04 2025 John Doe - 2.3.0-1 - Uncommitted changes ## END: Generated by rpmautospec