CBL-Mariner/SPECS/openvswitch/openvswitch.spec

467 строки
15 KiB
Plaintext

# Copyright (C) 2009, 2010, 2013, 2014, 2015, 2016 Nicira Networks, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without warranty of any kind.
Summary: Open vSwitch daemon/database/utilities
Name: openvswitch
Version: 2.17.5
Release: 3%{?dist}
License: ASL 2.0 AND LGPLv2+ AND SISSL
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Daemons
URL: https://www.openvswitch.org/
Source0: http://openvswitch.org/releases/%{name}-%{version}.tar.gz
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: checkpolicy
BuildRequires: dpdk-devel
BuildRequires: gcc >= 4.0.0
BuildRequires: graphviz
BuildRequires: groff
BuildRequires: libcap-ng
BuildRequires: libcap-ng-devel
BuildRequires: libpcap-devel
BuildRequires: libtool
BuildRequires: make
BuildRequires: numactl-devel
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: procps-ng
BuildRequires: python3
BuildRequires: python3-devel
BuildRequires: python3-libs
BuildRequires: python3-six
BuildRequires: python3-sphinx
BuildRequires: selinux-policy-devel
BuildRequires: systemd
BuildRequires: unbound
BuildRequires: unbound-devel
Requires: hostname
Requires: iproute
Requires: module-init-tools
Requires: openssl
Requires: unbound
Requires(pre): shadow-utils
Requires(post): /bin/sed
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Patch0: CVE-2023-1668.patch
%description
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
traffic.
%package selinux-policy
Summary: Open vSwitch SELinux policy
License: ASL 2.0
Requires: selinux-policy
BuildArch: noarch
%description selinux-policy
Open vSwitch SELinux policy
%package -n python3-openvswitch
Summary: Python3 bindings for Open vSwitch
License: ASL 2.0
Requires: python3
Requires: python3-libs
BuildArch: noarch
%description -n python3-openvswitch
Python binding for Open vSwitch database
%package devel
Summary: Header and development files for openvswitch
License: ASL 2.0
Requires: %{name} = %{version}
%description devel
openvswitch-devel package contains header files and libs.
%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.
%package doc
Summary: Documentation for openvswitch
License: ASL 2.0
Requires: %{name} = %{version}-%{release}
%description doc
It contains the documentation and manpages for openvswitch.
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: ASL 2.0
Requires: openvswitch
Requires: python3-openvswitch
Requires: strongswan
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%prep
%autosetup -p1
%build
%configure \
--enable-ssl \
--enable-shared \
--disable-static \
--with-dpdk=shared \
--enable-libcapng \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
PYTHON3=%{__python3}
build-aux/dpdkstrip.py \
--dpdk \
< rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
> rhel/usr_lib_systemd_system_ovs-vswitchd.service
make %{_smp_mflags}
make selinux-policy
%install
make install DESTDIR=$RPM_BUILD_ROOT
install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
copy_headers() {
src=$1
dst=$RPM_BUILD_ROOT/$2
install -d -m 0755 $dst
install -m 0644 $src/*.h $dst
}
copy_headers include %{_includedir}/openvswitch
copy_headers include/openflow %{_includedir}/openvswitch/openflow
copy_headers include/openvswitch %{_includedir}/openvswitch/openvswitch
copy_headers include/sparse %{_includedir}/openvswitch/sparse
copy_headers include/sparse/arpa %{_includedir}/openvswitch/sparse/arpa
copy_headers include/sparse/netinet %{_includedir}/openvswitch/sparse/netinet
copy_headers include/sparse/sys %{_includedir}/openvswitch/sparse/sys
copy_headers lib %{_includedir}/openvswitch/lib
install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
$RPM_BUILD_ROOT%{_prefix}/lib/udev/rules.d/91-vfio.rules
install -p -D -m 0644 \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/openvswitch
for service in openvswitch ovsdb-server ovs-vswitchd ovs-delete-transient-ports openvswitch-ipsec; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
$RPM_BUILD_ROOT%{_unitdir}/${service}.service
done
install -m 0755 rhel/etc_init.d_openvswitch \
$RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init
install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
$RPM_BUILD_ROOT/%{_sysconfdir}/openvswitch/default.conf
install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
$RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/openvswitch
install -m 0644 vswitchd/vswitch.ovsschema \
$RPM_BUILD_ROOT/%{_datadir}/openvswitch/vswitch.ovsschema
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/* \
$RPM_BUILD_ROOT%{python3_sitelib}
rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/.conf.db.~lock~
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
install -p -m 644 -D selinux/openvswitch-custom.pp \
$RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
install -d $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -p -D -m 0755 \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
$RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovs-systemd-reload
# remove unpackaged files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace
%check
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
make -k check TESTSUITEFLAGS='%{_smp_mflags}' RECHECK=yes |& tee %{_specdir}/%{name}-check-log || %{nocheck}
%pre selinux-policy
%selinux_relabel_pre -s targeted
%preun
%systemd_preun %{name}.service
%pre
getent group openvswitch >/dev/null || groupadd -r openvswitch
getent passwd openvswitch >/dev/null || \
useradd -r -g openvswitch -d / -s /sbin/nologin \
-c "Open vSwitch Daemons" openvswitch
getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs
usermod -a -G hugetlbfs openvswitch
exit 0
%post
if [ $1 -eq 1 ]; then
%define gname hugetlbfs
sed -i \
's@^#OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:%{gname}"@'\
%{_sysconfdir}/sysconfig/openvswitch
sed -i 's:\(.*su\).*:\1 openvswitch %{gname}:' %{_sysconfdir}/logrotate.d/openvswitch
# In the case of upgrade, this is not needed
chown -R openvswitch:openvswitch %{_sysconfdir}/openvswitch
chown -R openvswitch:%{gname} %{_localstatedir}/log/openvswitch
fi
# This may not enable openvswitch service or do daemon-reload.
%systemd_post %{name}.service
%post selinux-policy
%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%postun
%systemd_postun %{name}.service
%postun selinux-policy
if [ $1 -eq 0 ] ; then
%selinux_modules_uninstall -s targeted openvswitch-custom
fi
%posttrans selinux-policy
%selinux_relabel_post -s targeted
%files selinux-policy
%defattr(-,root,root)
%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%files -n python3-openvswitch
%{python3_sitelib}/ovs
%files test
%{_bindir}/ovs-test
%{_bindir}/ovs-vlan-test
%{_bindir}/ovs-l3ping
%{_bindir}/ovs-pcap
%{_bindir}/ovs-tcpdump
%{_bindir}/ovs-tcpundump
%{_mandir}/man8/ovs-test.8*
%{_mandir}/man8/ovs-vlan-test.8*
%{_mandir}/man8/ovs-l3ping.8*
%{_mandir}/man1/ovs-pcap.1*
%{_mandir}/man8/ovs-tcpdump.8*
%{_mandir}/man1/ovs-tcpundump.1*
%{python3_sitelib}/ovstest
%files devel
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/openvswitch/*
%{_includedir}/openflow/*
%exclude %{_libdir}/*.la
%exclude %{_libdir}/*.a
%files doc
%{_mandir}/man1/ovsdb-client.1*
%{_mandir}/man1/ovsdb-server.1*
%{_mandir}/man1/ovsdb-tool.1*
%{_mandir}/man5/ovsdb-server.5*
%{_mandir}/man5/ovsdb.local-config.5*
%{_mandir}/man5/ovs-vswitchd.conf.db.5*
%{_mandir}/man5/ovsdb.5*
%{_mandir}/man5/vtep.5*
%{_mandir}/man7/ovs-actions.7*
%{_mandir}/man7/ovs-fields.7*
%{_mandir}/man7/ovsdb.7*
%{_mandir}/man7/ovsdb-server.7*
%{_mandir}/man8/vtep-ctl.8*
%{_mandir}/man8/ovs-appctl.8*
%{_mandir}/man8/ovs-bugtool.8*
%{_mandir}/man8/ovs-ctl.8*
%{_mandir}/man8/ovs-dpctl.8*
%{_mandir}/man8/ovs-dpctl-top.8*
%{_mandir}/man8/ovs-kmod-ctl.8*
%{_mandir}/man8/ovs-ofctl.8*
%{_mandir}/man8/ovs-pki.8*
%{_mandir}/man8/ovs-vsctl.8*
%{_mandir}/man8/ovs-vswitchd.8*
%{_mandir}/man8/ovs-parse-backtrace.8*
%{_mandir}/man8/ovs-testcontroller.8*
%files
%defattr(-,openvswitch,openvswitch)
%dir %{_sysconfdir}/openvswitch
%{_sysconfdir}/openvswitch/default.conf
%config %ghost %{_sysconfdir}/openvswitch/conf.db
%ghost %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%config(noreplace) %{_sysconfdir}/sysconfig/openvswitch
%defattr(-,root,root)
%license LICENSE
%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%{_unitdir}/openvswitch.service
%{_unitdir}/ovsdb-server.service
%{_unitdir}/ovs-vswitchd.service
%{_unitdir}/ovs-delete-transient-ports.service
%{_datadir}/openvswitch/scripts/openvswitch.init
%{_datadir}/openvswitch/bugtool-plugins/
%{_datadir}/openvswitch/scripts/ovs-bugtool-*
%{_datadir}/openvswitch/scripts/ovs-check-dead-ifs
%{_datadir}/openvswitch/scripts/ovs-lib
%{_datadir}/openvswitch/scripts/ovs-save
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_datadir}/openvswitch/scripts/ovs-ctl
%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
%{_datadir}/openvswitch/scripts/ovs-systemd-reload
%config %{_datadir}/openvswitch/local-config.ovsschema
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%{_bindir}/ovs-appctl
%{_bindir}/ovs-docker
%{_bindir}/ovs-dpctl
%{_bindir}/ovs-dpctl-top
%{_bindir}/ovs-ofctl
%{_bindir}/ovs-vsctl
%{_bindir}/ovsdb-client
%{_bindir}/ovsdb-tool
%{_bindir}/ovs-testcontroller
%{_bindir}/ovs-pki
%{_bindir}/vtep-ctl
%{_libdir}/lib*.so.*
%{_sbindir}/ovs-bugtool
%{_sbindir}/ovs-vswitchd
%{_sbindir}/ovsdb-server
%{_prefix}/lib/udev/rules.d/91-vfio.rules
%doc NOTICE README.rst NEWS rhel/README.RHEL.rst
/var/lib/openvswitch
%attr(750,root,root) /var/log/openvswitch
%ghost %attr(755,root,root) %{_rundir}/openvswitch
%ghost %attr(644,root,root) %{_rundir}/openvswitch.useropts
%files ipsec
%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
%{_unitdir}/openvswitch-ipsec.service
%changelog
* Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.17.5-3
- Recompile with stack-protection fixed gcc version (CVE-2023-4039)
* Tue May 02 2023 Rakshaa Viswanathan <rviswanathan@microsoft.com> - 2.17.5-2
- Add patch to fix CVE-2023-1668
* Tue Jan 17 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.5-1
- Auto-upgrade to 2.17.5 - to fix CVE-2022-4337, CVE-2022-4338
* Wed Mar 23 2022 Jon Slobodzian <joslobo@microsoft.com> - 2.17.0-1
- Upgrade to latest version of openvswitch. Remove python2 support
- Portions of this SPEC file were imported from OpenVswitch.org's autogenerated openvswitch-fedora spec.
* Mon Apr 19 2021 Nicolas Ontiveros <niontive@microsoft.com> - 2.12.3-2
- Don't include static libraries in openvswitch package
* Thu Apr 01 2021 Nicolas Ontiveros <niontive@microsoft.com> - 2.12.3-1
- Upgrade to version 2.12.3, which fixes CVE-2020-27827
* Mon Feb 22 2021 Emre Girgin <mrgirgin@microsoft.com> - 2.12.0-3
- Fix CVE-2020-35498.
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 2.12.0-2
- Added %%license line automatically
* Tue Mar 31 2020 Henry Beberman <henry.beberman@microsoft.com> 2.12.0-1
- Update to 2.12.0. License verified.
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.8.2-4
- Initial CBL-Mariner import from Photon (license: Apache2).
* Tue Nov 13 2018 Anish Swaminathan <anishs@vmware.com> 2.8.2-3
- Replace with configure macro
* Wed Feb 28 2018 Vinay Kulkarni <kulkarniv@vmware.com> 2.8.2-2
- Setup the default conf file for local ovsdb server.
* Tue Feb 27 2018 Vinay Kulkarni <kulkarniv@vmware.com> 2.8.2-1
- Update to OVS 2.8.2
* Tue Oct 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-9
- Fix CVE-2017-14970
* Wed Oct 04 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-8
- Fix CVE-2017-9263
* Tue Sep 19 2017 Anish Swaminathan <anishs@vmware.com> 2.7.0-7
- Add gawk to Requires
* Tue Aug 29 2017 Sarah Choi <sarahc@vmware.com> 2.7.0-6
- Add python2/python-six/python-xml to Requires
* Thu Jul 13 2017 Nishant Nelogal <nnelogal@vmware.com> 2.7.0-5
- Created OVN packages and systemd service scripts
* Fri Jun 16 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.7.0-4
- Fix CVE-2017-9214, CVE-2017-9265
* Mon Jun 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.7.0-3
- Fix CVE-2017-9264
* Tue May 23 2017 Xiaolin Li <xiaolinl@vmware.com> 2.7.0-2
- Added python and python3 subpackage.
* Sat Apr 15 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.7.0-1
- Update to 2.7.0
* Fri Feb 10 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.1-2
- Build ovs shared library
* Wed Nov 16 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.1-1
- Update to openvswitch 2.6.1
* Sat Sep 24 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.5.0-1
- Update to openvswitch 2.5.0
* Fri Sep 09 2016 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.1-1
- Update to openvswitch 2.4.1
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.4.0-3
- GA - Bump release of all rpms
* Sat Oct 31 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.0-2
- OVS requires libatomic.so.1 provided by gcc.
* Mon Oct 12 2015 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.0-1
- Update to OVS v2.4.0
* Fri May 29 2015 Kumar Kaushik <kaushikk@vmware.com> 2.3.1-1
- Initial build. First version