
467 строки
15 KiB

# Copyright (C) 2009, 2010, 2013, 2014, 2015, 2016 Nicira Networks, Inc.
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without warranty of any kind.
Summary: Open vSwitch daemon/database/utilities
Name: openvswitch
Version: 2.17.5
Release: 3%{?dist}
License: ASL 2.0 AND LGPLv2+ AND SISSL
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Daemons
URL: https://www.openvswitch.org/
Source0: http://openvswitch.org/releases/%{name}-%{version}.tar.gz
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: checkpolicy
BuildRequires: dpdk-devel
BuildRequires: gcc >= 4.0.0
BuildRequires: graphviz
BuildRequires: groff
BuildRequires: libcap-ng
BuildRequires: libcap-ng-devel
BuildRequires: libpcap-devel
BuildRequires: libtool
BuildRequires: make
BuildRequires: numactl-devel
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: procps-ng
BuildRequires: python3
BuildRequires: python3-devel
BuildRequires: python3-libs
BuildRequires: python3-six
BuildRequires: python3-sphinx
BuildRequires: selinux-policy-devel
BuildRequires: systemd
BuildRequires: unbound
BuildRequires: unbound-devel
Requires: hostname
Requires: iproute
Requires: module-init-tools
Requires: openssl
Requires: unbound
Requires(pre): shadow-utils
Requires(post): /bin/sed
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Patch0: CVE-2023-1668.patch
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
%package selinux-policy
Summary: Open vSwitch SELinux policy
License: ASL 2.0
Requires: selinux-policy
BuildArch: noarch
%description selinux-policy
Open vSwitch SELinux policy
%package -n python3-openvswitch
Summary: Python3 bindings for Open vSwitch
License: ASL 2.0
Requires: python3
Requires: python3-libs
BuildArch: noarch
%description -n python3-openvswitch
Python binding for Open vSwitch database
%package devel
Summary: Header and development files for openvswitch
License: ASL 2.0
Requires: %{name} = %{version}
%description devel
openvswitch-devel package contains header files and libs.
%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.
%package doc
Summary: Documentation for openvswitch
License: ASL 2.0
Requires: %{name} = %{version}-%{release}
%description doc
It contains the documentation and manpages for openvswitch.
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: ASL 2.0
Requires: openvswitch
Requires: python3-openvswitch
Requires: strongswan
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%autosetup -p1
%configure \
--enable-ssl \
--enable-shared \
--disable-static \
--with-dpdk=shared \
--enable-libcapng \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
build-aux/dpdkstrip.py \
--dpdk \
< rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
> rhel/usr_lib_systemd_system_ovs-vswitchd.service
make %{_smp_mflags}
make selinux-policy
install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
copy_headers() {
install -d -m 0755 $dst
install -m 0644 $src/*.h $dst
copy_headers include %{_includedir}/openvswitch
copy_headers include/openflow %{_includedir}/openvswitch/openflow
copy_headers include/openvswitch %{_includedir}/openvswitch/openvswitch
copy_headers include/sparse %{_includedir}/openvswitch/sparse
copy_headers include/sparse/arpa %{_includedir}/openvswitch/sparse/arpa
copy_headers include/sparse/netinet %{_includedir}/openvswitch/sparse/netinet
copy_headers include/sparse/sys %{_includedir}/openvswitch/sparse/sys
copy_headers lib %{_includedir}/openvswitch/lib
install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
install -p -D -m 0644 \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
for service in openvswitch ovsdb-server ovs-vswitchd ovs-delete-transient-ports openvswitch-ipsec; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
install -m 0755 rhel/etc_init.d_openvswitch \
install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
install -m 0644 vswitchd/vswitch.ovsschema \
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/* \
rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/.conf.db.~lock~
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
install -p -m 644 -D selinux/openvswitch-custom.pp \
install -d $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -p -D -m 0755 \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
# remove unpackaged files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
make -k check TESTSUITEFLAGS='%{_smp_mflags}' RECHECK=yes |& tee %{_specdir}/%{name}-check-log || %{nocheck}
%pre selinux-policy
%selinux_relabel_pre -s targeted
%systemd_preun %{name}.service
getent group openvswitch >/dev/null || groupadd -r openvswitch
getent passwd openvswitch >/dev/null || \
useradd -r -g openvswitch -d / -s /sbin/nologin \
-c "Open vSwitch Daemons" openvswitch
getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs
usermod -a -G hugetlbfs openvswitch
exit 0
if [ $1 -eq 1 ]; then
%define gname hugetlbfs
sed -i \
sed -i 's:\(.*su\).*:\1 openvswitch %{gname}:' %{_sysconfdir}/logrotate.d/openvswitch
# In the case of upgrade, this is not needed
chown -R openvswitch:openvswitch %{_sysconfdir}/openvswitch
chown -R openvswitch:%{gname} %{_localstatedir}/log/openvswitch
# This may not enable openvswitch service or do daemon-reload.
%systemd_post %{name}.service
%post selinux-policy
%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%systemd_postun %{name}.service
%postun selinux-policy
if [ $1 -eq 0 ] ; then
%selinux_modules_uninstall -s targeted openvswitch-custom
%posttrans selinux-policy
%selinux_relabel_post -s targeted
%files selinux-policy
%files -n python3-openvswitch
%files test
%files devel
%exclude %{_libdir}/*.la
%exclude %{_libdir}/*.a
%files doc
%dir %{_sysconfdir}/openvswitch
%config %ghost %{_sysconfdir}/openvswitch/conf.db
%ghost %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%config(noreplace) %{_sysconfdir}/sysconfig/openvswitch
%license LICENSE
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%config %{_datadir}/openvswitch/local-config.ovsschema
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%attr(750,root,root) /var/log/openvswitch
%ghost %attr(755,root,root) %{_rundir}/openvswitch
%ghost %attr(644,root,root) %{_rundir}/openvswitch.useropts
%files ipsec
* Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.17.5-3
- Recompile with stack-protection fixed gcc version (CVE-2023-4039)
* Tue May 02 2023 Rakshaa Viswanathan <rviswanathan@microsoft.com> - 2.17.5-2
- Add patch to fix CVE-2023-1668
* Tue Jan 17 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.5-1
- Auto-upgrade to 2.17.5 - to fix CVE-2022-4337, CVE-2022-4338
* Wed Mar 23 2022 Jon Slobodzian <joslobo@microsoft.com> - 2.17.0-1
- Upgrade to latest version of openvswitch. Remove python2 support
- Portions of this SPEC file were imported from OpenVswitch.org's autogenerated openvswitch-fedora spec.
* Mon Apr 19 2021 Nicolas Ontiveros <niontive@microsoft.com> - 2.12.3-2
- Don't include static libraries in openvswitch package
* Thu Apr 01 2021 Nicolas Ontiveros <niontive@microsoft.com> - 2.12.3-1
- Upgrade to version 2.12.3, which fixes CVE-2020-27827
* Mon Feb 22 2021 Emre Girgin <mrgirgin@microsoft.com> - 2.12.0-3
- Fix CVE-2020-35498.
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 2.12.0-2
- Added %%license line automatically
* Tue Mar 31 2020 Henry Beberman <henry.beberman@microsoft.com> 2.12.0-1
- Update to 2.12.0. License verified.
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.8.2-4
- Initial CBL-Mariner import from Photon (license: Apache2).
* Tue Nov 13 2018 Anish Swaminathan <anishs@vmware.com> 2.8.2-3
- Replace with configure macro
* Wed Feb 28 2018 Vinay Kulkarni <kulkarniv@vmware.com> 2.8.2-2
- Setup the default conf file for local ovsdb server.
* Tue Feb 27 2018 Vinay Kulkarni <kulkarniv@vmware.com> 2.8.2-1
- Update to OVS 2.8.2
* Tue Oct 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-9
- Fix CVE-2017-14970
* Wed Oct 04 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-8
- Fix CVE-2017-9263
* Tue Sep 19 2017 Anish Swaminathan <anishs@vmware.com> 2.7.0-7
- Add gawk to Requires
* Tue Aug 29 2017 Sarah Choi <sarahc@vmware.com> 2.7.0-6
- Add python2/python-six/python-xml to Requires
* Thu Jul 13 2017 Nishant Nelogal <nnelogal@vmware.com> 2.7.0-5
- Created OVN packages and systemd service scripts
* Fri Jun 16 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.7.0-4
- Fix CVE-2017-9214, CVE-2017-9265
* Mon Jun 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.7.0-3
- Fix CVE-2017-9264
* Tue May 23 2017 Xiaolin Li <xiaolinl@vmware.com> 2.7.0-2
- Added python and python3 subpackage.
* Sat Apr 15 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.7.0-1
- Update to 2.7.0
* Fri Feb 10 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.1-2
- Build ovs shared library
* Wed Nov 16 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.1-1
- Update to openvswitch 2.6.1
* Sat Sep 24 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.5.0-1
- Update to openvswitch 2.5.0
* Fri Sep 09 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.1-1
- Update to openvswitch 2.4.1
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.4.0-3
- GA - Bump release of all rpms
* Sat Oct 31 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.0-2
- OVS requires libatomic.so.1 provided by gcc.
* Mon Oct 12 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.0-1
- Update to OVS v2.4.0
* Fri May 29 2015 Kumar Kaushik <kaushikk@vmware.com> 2.3.1-1
- Initial build. First version