commit 18cce7dd8fa5890d00db9869f58fe7b369d63beb Author: MSVSphere Packaging Team Date: Tue Nov 26 17:39:09 2024 +0300 import oci-seccomp-bpf-hook-1.2.10-6.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7d6519e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v1.2.10.tar.gz diff --git a/.oci-seccomp-bpf-hook.metadata b/.oci-seccomp-bpf-hook.metadata new file mode 100644 index 0000000..77e3b34 --- /dev/null +++ b/.oci-seccomp-bpf-hook.metadata @@ -0,0 +1 @@ +7a40b7d0aec6ad490473ec0827913dc00295f26a SOURCES/v1.2.10.tar.gz diff --git a/SPECS/oci-seccomp-bpf-hook.spec b/SPECS/oci-seccomp-bpf-hook.spec new file mode 100644 index 0000000..a9e8cdc --- /dev/null +++ b/SPECS/oci-seccomp-bpf-hook.spec @@ -0,0 +1,348 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.1) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 6; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +%global with_debug 1 + +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%global provider github +%global provider_tld com +%global project containers +%global repo oci-seccomp-bpf-hook +# https://github.com/containers/oci-seccomp-bpf-hook +%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} +%global git0 https://%{import_path} + +%global built_tag v1.2.10 +%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) +%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) + +# use the same arch definitions as present in the bcc package +ExclusiveArch: x86_64 %{power64} aarch64 s390x armv7hl + +Name: %{repo} +Version: %{gen_version} +License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT +Release: %autorelease +ExclusiveArch: %{golang_arches_future} +Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container +URL: %{git0} +# Tarball fetched from upstream +Source0: %{url}/archive/%{built_tag}.tar.gz +BuildRequires: golang +BuildRequires: go-md2man +BuildRequires: go-rpm-macros +BuildRequires: glib2-devel +BuildRequires: glibc-devel +BuildRequires: bcc-devel +BuildRequires: git +BuildRequires: gpgme-devel +BuildRequires: libseccomp-devel +BuildRequires: make +Requires: bcc +Enhances: podman +Enhances: cri-o +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d' +Provides: bundled(golang(github.com/iovisor/gobpf)) = v0.2.0 +Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20200728170252_4d89ac9fbff6 +Provides: bundled(golang(github.com/seccomp/containers_golang)) = v0.6.0 +Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.9.1 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1 +Provides: bundled(golang(github.com/stretchr/testify)) = v1.4.0 + +%description +%{summary} +%{name} provides a library for applications looking to use +the Container Pod concept popularized by Kubernetes. + +%package tests +Summary: Tests for %{name} + +Requires: %{name} = %{version}-%{release} +Requires: bats +Requires: podman + +%description tests +%{summary} + +This package contains system tests for %{name} + +%prep +%autosetup -Sgit -n %{name}-%{built_tag_strip} +sed -i 's;HOOK_BIN_DIR;%{_libexecdir}/oci/hooks.d;' %{name}.json +sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile + +%build +%set_build_flags +export CGO_CFLAGS=$CFLAGS +# These extra flags present in $CFLAGS have been skipped for now as they break the build +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') + +%ifarch x86_64 +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" +%endif + +export GO111MODULE=off +export GOPATH=$(pwd):$(pwd)/_build + +mkdir _build +cd _build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s ../../../../ src/%{import_path} +cd .. +ln -s vendor src + +export GOPATH=$(pwd)/_build:$(pwd) +export LDFLAGS="-X main.version=%{version}" +%gobuild -o bin/%{name} %{import_path} + +cd docs +go-md2man -in %{name}.md -out %{name}.1 +cd .. + +%install +%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-nobuild +%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} GOMD2MAN=go-md2man -C docs install-nobuild + +install -d -p %{buildroot}/%{_datadir}/%{name}/test/system +cp -pav test/. %{buildroot}/%{_datadir}/%{name}/test/system + +%check +%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} +# Since we aren't packaging up the vendor directory we need to link +# back to it somehow. Hack it up so that we can add the vendor +# directory from BUILD dir as a gopath to be searched when executing +# tests from the BUILDROOT dir. +ln -s ./ ./vendor/src # ./vendor/src -> ./vendor + +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} + +%if ! 0%{?gotest:1} +%global gotest go test +%endif + +%gotest %{import_path}/src/%{name} +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md +%dir %{_libexecdir}/oci/hooks.d +%{_libexecdir}/oci/hooks.d/%{name} +%{_datadir}/containers/oci/hooks.d/%{name}.json +%{_mandir}/man1/%{name}.1* + +%files tests +%license LICENSE +%{_datadir}/%{name}/test + +%changelog +## START: Generated by rpmautospec +* Mon Jun 24 2024 Troy Dawson - 1.2.10-6 +- Bump release for June 2024 mass rebuild + +* Wed May 01 2024 Jindrich Novy - 1.2.10-5 +- update gating.yaml to RHEL-10 Related: RHELMISC-3908 + +* Sun Feb 11 2024 Maxwell G - 1.2.10-4 +- Rebuild for golang 1.22.0 + +* Thu Jan 25 2024 Fedora Release Engineering - 1.2.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.2.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Oct 20 2023 Lokesh Mandvekar - 1.2.10-1 +- bump to v1.2.10 + +* Thu Jul 20 2023 Fedora Release Engineering - 1.2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Apr 18 2023 RH Container Bot - 1.2.9-1 +- auto bump to v1.2.9 + +* Mon Mar 06 2023 Lokesh Mandvekar - 1.2.8-4 +- migrated to SPDX license + +* Wed Feb 08 2023 Lokesh Mandvekar - 1.2.8-3 +- ExclusiveArch: golang_arches_future + +* Thu Jan 19 2023 Fedora Release Engineering - 1.2.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Oct 17 2022 RH Container Bot - 1.2.8-1 +- auto bump to v1.2.8 + +* Wed Oct 12 2022 RH Container Bot - 1.2.7-1 +- auto bump to v1.2.7 + +* Fri Oct 07 2022 Lokesh Mandvekar - 1.2.6-9 +- Revert "auto bump to v1.2.6" + +* Fri Oct 07 2022 RH Container Bot - 1.2.6-8 +- auto bump to v1.2.6 + +* Tue Oct 04 2022 Lokesh Mandvekar - 1.2.6-7 +- add comment about Source0 tarball source + +* Tue Oct 04 2022 Lokesh Mandvekar - 1.2.6-6 +- adjust macros for getting correct version + +* Tue Oct 04 2022 Lokesh Mandvekar - 1.2.6-5 +- remove debbuild macros to comply with fedora guidelines + +* Tue Aug 16 2022 Lokesh Mandvekar - 1.2.6-4 +- Fix debbuild maintainer issue + +* Fri Jul 22 2022 Fedora Release Engineering - 1.2.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 19 2022 Maxwell G - 1.2.6-2 +- Rebuild for + CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang + +* Mon Jul 11 2022 RH Container Bot - 1.2.6-1 +- auto bump to v1.2.6 + +* Sat Jun 18 2022 Robert-André Mauchin - 1.2.5-3 +- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, + CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 + +* Fri May 27 2022 Lokesh Mandvekar - 1.2.5-2 +- build deb packages using debbuild + +* Fri Mar 25 2022 Lokesh Mandvekar - 1.2.5-1 +- bump to v1.2.5 + +* Thu Jan 20 2022 Fedora Release Engineering - 1.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 29 2021 Lokesh Mandvekar - 1.2.4-1 +- oci-seccomp-bpf-hook-1.2.4-0.10.git7a25813 +- Resolves: #1987746 - FTBFS issues + +* Thu Jul 22 2021 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jun 19 2021 RH Container Bot - 1.0.1-1 +- oci-seccomp-bpf-hook-1.0.1-0.8.gitb58c502 +- bump to 1.0.1 +- autobuilt b58c502 + +* Fri Jun 11 2021 RH Container Bot - 1.2.4-3 +- oci-seccomp-bpf-hook-1.2.4-0.7.git4f66654 +- autobuilt 4f66654 + +* Thu May 06 2021 RH Container Bot - 1.2.4-2 +- oci-seccomp-bpf-hook-1.2.4-0.6.git4a30d95 +- autobuilt 4a30d95 + +* Wed Apr 28 2021 RH Container Bot - 1.2.4-1 +- oci-seccomp-bpf-hook-1.2.4-0.5.git1910bb0 +- bump to 1.2.4 +- autobuilt 1910bb0 + +* Thu Feb 04 2021 Lokesh Mandvekar - 1.2.2-6 +- oci-seccomp-bpf-hook-1.2.2-0.4.git50e7112 +- requires bcc + +* Thu Jan 28 2021 Lokesh Mandvekar - 1.2.2-5 +- oci-seccomp-bpf-hook-1.2.2-0.3.git50e7112 +- use latest master commit to check gating tests + +* Thu Jan 28 2021 Lokesh Mandvekar - 1.2.2-4 +- temp patch to fix armv7hl build + +* Thu Jan 28 2021 Ed Santiago - 1.2.2-3 +- add gating tests + +* Wed Jan 27 2021 Lokesh Mandvekar - 1.2.2-2 +- do not build for armv7hl + +* Wed Jan 27 2021 Lokesh Mandvekar - 1.2.2-1 +- oci-seccomp-bpf-hook-1.2.2-0.1.git4e42394 +- built latest master commit + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Oct 02 2020 Jindrich Novy - 1.2.0-4 +- oci-seccomp-bpf-hook-1.2.0-4.fc34 +- use the same arch definitions as present in the bcc package + +* Fri Oct 02 2020 Jindrich Novy - 1.2.0-3 +- oci-seccomp-bpf-hook-1.2.0-3.fc34 +- exclude also armv7hl arch as bcc is not built there + +* Wed Sep 30 2020 Jindrich Novy - 1.2.0-2 +- oci-seccomp-bpf-hook-1.2.0-2.fc34 +- fix spec file to accommodate the new upstream release + +* Wed Sep 30 2020 Jindrich Novy - 1.2.0-1 +- oci-seccomp-bpf-hook-1.2.0-1.fc34 +- update to https://github.com/containers/oci-seccomp-bpf- + hook/releases/tag/v1.2.0 + +* Sat Aug 01 2020 Fedora Release Engineering - 1.1.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 17 2020 Jindrich Novy - 1.1.1-1 +- oci-seccomp-bpf-hook-1.1.1-1.fc33 +- update to https://github.com/containers/oci-seccomp-bpf- + hook/releases/tag/v1.1.1 + +* Fri Jul 17 2020 Jindrich Novy - 1.1.0-2 +- oci-seccomp-bpf-hook-1.1.0-2.fc33 +- switch to mainline releases + +* Tue May 19 2020 Lokesh Mandvekar - 1.1.0-1 +- oci-seccomp-bpf-hook-1.1.0-1.1.git05a82a1 +- bump version +- reuse Makefile targets + +* Tue Apr 14 2020 Lokesh Mandvekar - 0.0.1-7 +- remove unused remote subpackage defs + +* Tue Apr 14 2020 Lokesh Mandvekar - 0.0.1-6 +- enhances podman and cri-o + +* Mon Feb 17 2020 Lokesh Mandvekar - 0.0.1-5 +- correct %%gobuild definition + +* Mon Feb 17 2020 Lokesh Mandvekar +- oci-seccomp-bpf-hook-0.0.1-0.6.gitba7bbb16 +- Resolves: #1799105 - solve ftbfs and build latest upstream commit + +* Wed Jan 29 2020 Fedora Release Engineering - 0.0.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 05 2019 Jindrich Novy - 0.0.1-2 +- oci-seccomp-bpf-hook-0.0.1-0.4.git3baa603a.fc32 +- limit arches to only those supported by bcc so that this can be built + +* Tue Nov 05 2019 Jindrich Novy - 0.0.1-1 +- Initial import (#1768400). +## END: Generated by rpmautospec