619f87
%global with_check 0
619f87
619f87
%global _find_debuginfo_dwz_opts %{nil}
619f87
%global _dwz_low_mem_die_limit 0
619f87
619f87
%if 0%{?rhel} > 7 && ! 0%{?fedora}
619f87
%define gobuild(o:) \
619f87
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
619f87
%else
619f87
%if ! 0%{?gobuild:1}
619f87
%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
619f87
%endif
619f87
%endif
619f87
619f87
%global provider github
619f87
%global provider_tld com
619f87
%global project containers
619f87
%global repo oci-seccomp-bpf-hook
619f87
# https://github.com/containers/oci-seccomp-bpf-hook
619f87
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
619f87
%global import_path %{provider_prefix}
619f87
%global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo}
619f87
619f87
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
619f87
ExclusiveArch: %{go_arches}
619f87
619f87
Name: oci-seccomp-bpf-hook
619f87
Version: 1.2.0
e71e43
Release: 3%{?dist}
619f87
Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container
619f87
License: ASL 2.0
619f87
URL: %{git0}
619f87
Source0: %{git0}/archive/v%{version}.tar.gz
e71e43
Patch0: build-fix.patch
619f87
BuildRequires: golang
619f87
BuildRequires: go-md2man
619f87
BuildRequires: glib2-devel
619f87
BuildRequires: glibc-devel
619f87
BuildRequires: bcc-devel
619f87
BuildRequires: git
619f87
BuildRequires: gpgme-devel
619f87
BuildRequires: libseccomp-devel
619f87
BuildRequires: make
619f87
Requires: crun >= 0.17
619f87
Enhances: podman
619f87
Enhances: cri-o
619f87
619f87
%description
619f87
%{summary}
619f87
%{repo} provides a library for applications looking to use
619f87
the Container Pod concept popularized by Kubernetes.
619f87
619f87
%prep
619f87
%autosetup -Sgit
619f87
sed -i '/$(MAKE) -C docs install/d' Makefile
619f87
sed -i 's/HOOK_BIN_DIR/\%{_usr}\/libexec\/oci\/hooks.d/' %{name}.json
619f87
sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile
619f87
619f87
%build
619f87
export GO111MODULE=off
619f87
export GOPATH=$(pwd):$(pwd)/_build
619f87
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
619f87
619f87
mkdir _build
619f87
pushd _build
619f87
mkdir -p src/%{provider}.%{provider_tld}/%{project}
619f87
ln -s ../../../../ src/%{import_path}
619f87
popd
619f87
ln -s vendor src
619f87
619f87
export GOPATH=$(pwd)/_build:$(pwd)
619f87
export LDFLAGS="-X main.version=%{version}"
619f87
%gobuild -o bin/%{name} %{import_path}
619f87
619f87
pushd docs
619f87
go-md2man -in %{name}.md -out %{name}.1
619f87
popd
619f87
619f87
%install
619f87
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-nobuild
619f87
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} GOMD2MAN=go-md2man -C docs install-nobuild
619f87
619f87
%check
619f87
%if 0%{?with_check}
619f87
# Since we aren't packaging up the vendor directory we need to link
619f87
# back to it somehow. Hack it up so that we can add the vendor
619f87
# directory from BUILD dir as a gopath to be searched when executing
619f87
# tests from the BUILDROOT dir.
619f87
ln -s ./ ./vendor/src # ./vendor/src -> ./vendor
619f87
619f87
export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
619f87
619f87
%if ! 0%{?gotest:1}
619f87
%global gotest go test
619f87
%endif
619f87
619f87
%gotest %{import_path}/src/%{name}
619f87
%endif
619f87
619f87
#define license tag if not already defined
619f87
%{!?_licensedir:%global license %doc}
619f87
619f87
%files
619f87
%license LICENSE
619f87
%doc README.md
619f87
%dir %{_libexecdir}/oci/hooks.d
619f87
%{_libexecdir}/oci/hooks.d/%{name}
619f87
%{_datadir}/containers/oci/hooks.d/%{name}.json
619f87
%{_mandir}/man1/%{name}.1*
619f87
619f87
%changelog
e71e43
* Fri May 21 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-3
e71e43
- actually apply the build fix patch
e71e43
- Related: #1934415
e71e43
e71e43
* Fri May 21 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-2
e71e43
- resolve build issue
e71e43
- Related: #1934415
e71e43
619f87
* Mon Feb 22 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-1
619f87
- revert back to 1.2.0 - build issues
619f87
- Related: #1883490
619f87
619f87
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.1-1
619f87
- update to
619f87
  https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
619f87
- require crun >= 0.17
619f87
- Related: #1883490
619f87
619f87
* Thu Jan 28 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-1
619f87
- revert back to 1.2.0 due to build issues
619f87
- Related: #1883490
619f87
619f87
* Thu Jan 28 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.1-1
619f87
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
619f87
- Related: #1883490
619f87
619f87
* Tue Dec 08 2020 Jindrich Novy <jnovy@redhat.com> - 1.2.0-2
619f87
- sync with RHEL8 devel branch
619f87
- Related: #1883490
619f87
619f87
* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 1.2.0-1
619f87
- synchronize with stream-container-tools-rhel8
619f87
- Related: #1883490
619f87
619f87
* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.2-3
619f87
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
619f87
- Related: #1821193
619f87
619f87
* Thu Jul 23 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.1.2-2
619f87
- Resolves: #1857606
619f87
619f87
* Fri Jul 17 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.2-1
619f87
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.1.2
619f87
- Related: #1821193
619f87
619f87
* Thu Jun 18 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.1-1
619f87
- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.1.1
619f87
- Related: #1821193
619f87
619f87
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.0-2
619f87
- exclude i686 arch as bcc, the build dependency is not built
619f87
  for it
619f87
- Related: #1821193
619f87
619f87
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.0-1
619f87
- initial build for container-tools-rhel8
619f87
- Related: #1821193