## START: Set by rpmautospec ## (rpmautospec version 0.8.1) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 1; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec %global extension postgresql_anonymizer %global pgversion 16 %global postgres_version %{pgversion}.10 %global pgrx_version 0.14.3 %global pg_config /tmp/pgsql%{_bindir}/pg_config # postgresql conditions for easy handling of %%configure # during the build of postgresql %{!?upgrade:%global upgrade 1} %{!?plpython3:%global plpython3 1} %{!?pltcl:%global pltcl 1} %{!?plperl:%global plperl 1} %{!?ssl:%global ssl 1} %{!?icu:%global icu 1} %{!?kerberos:%global kerberos 1} %{!?ldap:%global ldap 1} %{!?nls:%global nls 1} %{!?uuid:%global uuid 1} %{!?xml:%global xml 1} %{!?pam:%global pam 1} %{!?selinux:%global selinux 1} Name: %{extension} Version: 2.3.0 Release: %autorelease Summary: Mask or replace personally identifiable information (PII) or sensitive data # postgresql_anonymizer: PostgreSQL # Rust dependencies: # (MIT OR Apache-2.0) # NCSA # Unicode-3.0 # (0BSD OR MIT OR Apache-2.0) # (Apache-2.0 OR BSL-1.0) # (Apache-2.0 OR MIT) # (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) # Apache-2.0 WITH LLVM-exception # BSD-2-Clause # BSD-3-Clause # (CC0-1.0 OR Apache-2.0) # (MIT OR Apache-2.0 OR LGPL-2.1-or-later) # (MIT OR Apache-2.0 OR Zlib) # (MIT OR Apache-2.0) # (MIT OR Zlib OR Apache-2.0) # MIT # (Unlicense OR MIT) # (Zlib OR Apache-2.0 OR MIT) # Zlib License: %{shrink: PostgreSQL AND (MIT OR Apache-2.0) AND NCSA AND Unicode-3.0 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND Apache-2.0 WITH LLVM-exception AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (MIT OR Apache-2.0 OR LGPL-2.1-or-later) AND (MIT OR Apache-2.0 OR Zlib) AND (MIT OR Apache-2.0) AND (MIT OR Zlib OR Apache-2.0) AND MIT AND (Unlicense OR MIT) AND (Zlib OR Apache-2.0 OR MIT) AND Zlib } URL: https://gitlab.com/dalibo/%{extension} Source0: https://gitlab.com/dalibo/%{extension}/-/archive/%{version}/%{extension}-%{version}.tar.gz # Generated with script below (like https://src.fedoraproject.org/rpms/task/blob/rawhide/f/task.spec) Source1: %{extension}-%{version}-vendored.tar.xz # To create a tarball with all crates vendored (like https://src.fedoraproject.org/rpms/loupe/blob/rawhide/f/loupe.spec) Source2: create-vendored-tarball.sh # Because of how modules work, we need to build postgres locally Source3: https://ftp.postgresql.org/pub/source/v%{postgres_version}/postgresql-%{postgres_version}.tar.bz2 # Change default feature to the correct pg version and remove tests from dependencies, the lack of tests is justified below Patch: anonymizer-cargo.patch # drop i686 support # linker error because anonymizer seems to not work on ppc64 ExcludeArch: %{ix86} %{power64} BuildRequires: rustfmt BuildRequires: clang BuildRequires: bison-devel BuildRequires: readline-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: wget BuildRequires: ccache BuildRequires: cargo-rpm-macros >= 26 #aditional BuildRequires for postgresql that can be #turned off using the vars above %if %plpython3 BuildRequires: python3-devel %endif %if %pltcl BuildRequires: tcl-devel %endif %if %ssl BuildRequires: openssl-devel %endif %if %kerberos BuildRequires: krb5-devel %endif %if %ldap BuildRequires: openldap-devel %endif %if %nls BuildRequires: gettext >= 0.10.35 %endif %if %uuid BuildRequires: uuid-devel %endif %if %xml BuildRequires: libxml2-devel libxslt-devel %endif %if %pam BuildRequires: pam-devel %endif %if %selinux BuildRequires: libselinux-devel %endif %if %icu BuildRequires: libicu-devel %endif Requires: postgresql-server > 15 postgresql-server < 17 %description PostgreSQL Anonymizer is an extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database. The project has a declarative approach of anonymization. This means you can declare the masking rules using the PostgreSQL Data Definition Language (DDL) and specify your anonymization policy inside the table definition itself. %prep %setup -a1 -a2 -n %{extension}-%{version} %patch -P0 -p1 # temporary until upstream fixes it find . -name ".DS_Store" -type f -delete %{cargo_prep -v vendor} %build # build postgres first cd postgresql-%{postgres_version} common_configure_options=' --disable-rpath %if %plperl --with-perl %endif %if %pltcl --with-tcl --with-tclconfig=/usr/%_lib %endif %if %ldap --with-ldap %endif %if %ssl --with-openssl %endif %if %pam --with-pam %endif %if %kerberos --with-gssapi %endif %if %uuid --with-ossp-uuid %endif %if %xml --with-libxml --with-libxslt %endif %if %nls --enable-nls %endif %if %selinux --with-selinux %endif --with-system-tzdata=/usr/share/zoneinfo --datadir=%_datadir/pgsql --with-lz4 %if %icu --with-icu %endif %if %plpython3 --with-python %endif ' #holds the installed files from postgresql mkdir /tmp/pgsql %configure $common_configure_options %make_build make install DESTDIR=/tmp/pgsql cd .. mkdir -p $HOME/.cargo/bin # using normal cargo instead of the macros because `make extension` uses it too and needs to be able to find cargo pgrx # cannot build all of pgrx since pgrx-pg-sys (and anonymizer) depends on `cargo pgrx init` being called first cargo build %{?_smp_mflags} --profile rpm --manifest-path vendor/cargo-pgrx-%{pgrx_version}/Cargo.toml cp vendor/cargo-pgrx-%{pgrx_version}/target/rpm/cargo-pgrx $HOME/.cargo/bin cargo pgrx init --pg%{pgversion} %{pg_config} %make_build extension PG_CONFIG=%{pg_config} PGVER=pg%{pgversion} %cargo_license_summary %{cargo_license} > LICENSE.dependencies %cargo_vendor_manifest %install export TARGET_DIR=target/release/anon-pg%{pgversion}/ export COMMON_SHAREDIR=$(%{pg_config} --sharedir) export COMMON_PKGLIBDIR=$(%{pg_config} --pkglibdir) mkdir -p %{?buildroot}$COMMON_SHAREDIR/extension %{?buildroot}$COMMON_PKGLIBDIR # unfortunate hack around an impermissive makefile %make_install PG_CONFIG=%{pg_config} PGVER=pg%{pgversion} \ PG_SHAREDIR=%{?buildroot}$COMMON_SHAREDIR PG_PKGLIBDIR=%{?buildroot}$COMMON_PKGLIBDIR \ TARGET_SHAREDIR=$TARGET_DIR$COMMON_SHAREDIR TARGET_PKGLIBDIR=$TARGET_DIR$COMMON_PKGLIBDIR # integration tests (make installcheck) and pg_tests are impossible to run here since postgres hardcodes # where it looks for extensions, and the pgrx_tests package also requires root access to be installed and run # therefore, tests have to be turned off %files %{_libdir}/pgsql/anon.so %{_datadir}/pgsql/extension/anon--%{version}.sql %{_datadir}/pgsql/extension/anon.control %{_datadir}/pgsql/extension/anon %license LICENSE.md %license LICENSE.dependencies %license cargo-vendor.txt # not copying the docs/ folder since it is too large and contains no manfiles %doc AUTHORS.md CHANGELOG.md NEWS.md README.md %changelog ## START: Generated by rpmautospec * Tue Sep 02 2025 John Doe - 2.3.0-1 - Uncommitted changes ## END: Generated by rpmautospec