folkslinux
/
VMware-Photon-OS
mirror of https://github.com/vmware/photon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

protobuf: upgrade to v3.23.3 

abseil-cpp: new addition.

Change-Id: I9e729c215e5c778393da770f0af019871950f000
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/21041
Reviewed-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
Tested-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
This commit is contained in:
Shreenidhi Shedi 2023-06-18 23:02:50 +05:30 committed by Shreenidhi Shedi
parent b497f04785
commit ff8756bd34
19 changed files with 579 additions and 350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
SPECS/abseil-cpp/abseil-cpp.spec Normal file
View File

@ -0,0 +1,79 @@
Summary: C++ Common Libraries
Name: abseil-cpp
Version: 20230125.3
Release: 1%{?dist}
License: Apache-2.0 AND LicenseRef-Fedora-Public-Domain
Group: Development/Libraries
Vendor: VMware, Inc.
Distribution: Photon
URL: https://abseil.io
Source0: https://github.com/abseil/abseil-cpp/archive/%{version}/%{name}-%{version}.tar.gz
%define sha512 %{name}=50509acfc4128fd31435631f71ac8cd0350acd9e290f78502723149016e7f07c9d84182ba99e0938b1873fecda09393d3fd7af8dabfb0d89cdcdd8a69a917e70
BuildRequires: ninja-build
BuildRequires: build-essential
BuildRequires: gmock-devel
BuildRequires: gtest-devel
BuildRequires: cmake
%description
Abseil is an open-source collection of C++ library code designed to augment
the C++ standard library. The Abseil library code is collected from
Google's own C++ code base, has been extensively tested and used in
production, and is the same code we depend on in our daily coding lives.
In some cases, Abseil provides pieces missing from the C++ standard; in
others, Abseil provides alternatives to the standard for special needs we've
found through usage in the Google code base. We denote those cases clearly
within the library code we provide you.
Abseil is not meant to be a competitor to the standard library; we've just
found that many of these utilities serve a purpose within our code base,
and we now want to provide those resources to the C++ community as a whole.
%package devel
Summary: Development files for %{name}
Requires: %{name} = %{version}-%{release}
%description devel
Development headers for %{name}
%prep
%autosetup -p1
%build
%{cmake} \
-GNinja \
-DABSL_USE_EXTERNAL_GOOGLETEST:BOOL=ON \
-DABSL_FIND_GOOGLETEST:BOOL=ON \
-DABSL_ENABLE_INSTALL:BOOL=ON \
%if 0%{?with_check}
-DABSL_BUILD_TESTING:BOOL=ON \
-DABSL_BUILD_TEST_HELPERS:BOOL=ON \
%endif
-DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \
-DCMAKE_INSTALL_LIBDIR:PATH=%{_libdir}
%{cmake_build}
%install
%{cmake_install}
%clean
rm -rf %{buildroot}/*
%files
%defattr(-,root,root)
%{_libdir}/*.so.*
%files devel
%defattr(-,root,root)
%{_includedir}/*
%{_libdir}/cmake/absl
%{_libdir}/*.so
%{_libdir}/pkgconfig/absl_*.pc
%changelog
* Wed Jun 07 2023 Shreenidhi Shedi <sshedi@vmware.com> 20230125.3-1
- Initial version, needed by protobuf.

41
SPECS/bazel/bazel.spec
View File

@ -4,26 +4,26 @@
Summary: Build software of any size, quickly and reliably, just as engineers do at Google.
Name: bazel
Version: 5.3.2
Release: 4%{?dist}
Release: 5%{?dist}
License: Apache License 2.0
Group: Development/Tools
Vendor: VMware, Inc.
Distribution: Photon
URL: http://bazel.build/
URL: http://bazel.build
Source0: https://github.com/bazelbuild/bazel/releases/download/%{version}/%{name}-%{version}-dist.zip
%define sha512 %{name}=a63895c224d51619cf83e6e55872aa6d55d17c7dcea59eaf467069d2c95259f5964fbf8fa5994df0e3c030234a7adf70a2715edb4edbbe2bf69d21dd698c0833
BuildRequires: openjdk11
BuildRequires: zlib-devel
BuildRequires: which
BuildRequires: findutils
BuildRequires: tar
BuildRequires: gzip
BuildRequires: zip
BuildRequires: unzip
BuildRequires: gcc
BuildRequires: python3
BuildRequires: openjdk11
BuildRequires: which
BuildRequires: findutils
BuildRequires: tar
BuildRequires: gzip
BuildRequires: zip
BuildRequires: unzip
BuildRequires: gcc
BuildRequires: python3-devel
BuildRequires: zlib-devel
Requires: (openjdk11 or openjdk17)
@ -34,29 +34,32 @@ applications for both Android and iOS platforms. It also provides an extensible
framework that you can use to develop your own build rules.
%prep
%autosetup -p1 -c -n %{name}-%{version}
%autosetup -p1 -c
%build
export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*)
mkdir -p %{_usr}/tmp
export TMPDIR=%{_usr}/tmp
mkdir $TMPDIR
./compile.sh
pushd output
./bazel
./%{name}
popd
%install
mkdir -p %{buildroot}%{_bindir}
cp output/bazel %{buildroot}%{_bindir}
cp output/%{name} %{buildroot}%{_bindir}
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%attr(755,root,root) %{_bindir}/bazel
%attr(755,root,root) %{_bindir}/%{name}
%changelog
* Fri Dec 01 2023 Shreenidhi Shedi <sshedi@vmware.com> 5.3.2-5
- Fix spec shoes
* Sat Aug 26 2023 Shreenidhi Shedi <sshedi@vmware.com> 5.3.2-4
- Require jdk11 or jdk17
* Sat Jun 17 2023 Shreenidhi Shedi <sshedi@vmware.com> 5.3.2-3

78
SPECS/falco/0001-build-plugins-locally.patch
View File

@ -1,33 +1,35 @@
From c688a93e323f232dcea52240a35d7e2096a82741 Mon Sep 17 00:00:00 2001
From 33138ed814dd021926bb086ff06fa02d114f9840 Mon Sep 17 00:00:00 2001
From: Brennan Lamoreaux <blamoreaux@vmware.com>
Date: Wed, 5 Jul 2023 21:38:28 +0000
Subject: [PATCH] build plugins locally
Date: Wed, 6 Dec 2023 19:24:38 +0530
Subject: [PATCH 1/2] build plugins locally
Build plugins locally with the updated Photon OS toolchain,
instead of downloading precompiled binaries compiled with
outdated Go versions.
Signed-off-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
---
cmake/modules/plugins.cmake | 42 ++++++++++++++++---------------------
1 file changed, 18 insertions(+), 24 deletions(-)
diff --git a/cmake/modules/plugins.cmake b/cmake/modules/plugins.cmake
index 8a4a1d28..e564f20a 100644
index a39eeb0..10e26c3 100644
--- a/cmake/modules/plugins.cmake
+++ b/cmake/modules/plugins.cmake
@@ -20,21 +20,19 @@ if(NOT DEFINED PLUGINS_COMPONENT_NAME)
endif()
set(PLUGIN_K8S_AUDIT_VERSION "0.3.0")
@@ -25,21 +25,19 @@ endif()
# k8saudit
set(PLUGIN_K8S_AUDIT_VERSION "0.6.1")
-if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
- set(PLUGIN_K8S_AUDIT_HASH "214915fc2a61d147d64aaf4cb29c3fc6a513eda621dad1dfe77f2fd7099b31e1")
- set(PLUGIN_K8S_AUDIT_HASH "e2908ebf2c03feecd26307ceab55aec9cae1cbc63d6aa05e147d8786e7670fb0")
-else() # aarch64
- set(PLUGIN_K8S_AUDIT_HASH "d9b4610714df581043db76ecb4caf3a41aae5494cf61ab8740a3749bfac8457e")
- set(PLUGIN_K8S_AUDIT_HASH "8987a995fa09518aebc488ba549448166d605596c2d6478c10415a9d9f5f05dd")
-endif()
+set(PLUGIN_K8S_AUDIT_HASH "09a594f0a6471e39151b1908fccb855a52c6296a2593bd9f064313205e09b495")
+set(PLUGIN_K8S_AUDIT_HASH "7d4284113455c80cd3ca856aafbb7b3413a9544175a66a7472fa1f23a38a9c82")
ExternalProject_Add(
k8saudit-plugin
- URL "https://download.falco.org/plugins/stable/k8saudit-${PLUGIN_K8S_AUDIT_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
- URL "https://download.falco.org/plugins/${PLUGINS_DOWNLOAD_BUCKET}/k8saudit-${PLUGIN_K8S_AUDIT_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
+ URL "https://github.com/falcosecurity/plugins/archive/refs/tags/k8saudit-${PLUGIN_K8S_AUDIT_VERSION}.tar.gz"
URL_HASH "SHA256=${PLUGIN_K8S_AUDIT_HASH}"
CONFIGURE_COMMAND ""
@ -36,26 +38,26 @@ index 8a4a1d28..e564f20a 100644
+ BINARY_DIR "plugins-k8saudit-${PLUGIN_K8S_AUDIT_VERSION}/plugins/k8saudit"
+ BUILD_COMMAND "make"
INSTALL_COMMAND "")
-install(FILES "${PROJECT_BINARY_DIR}/k8saudit-plugin-prefix/src/k8saudit-plugin/libk8saudit.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
+install(FILES "${PROJECT_BINARY_DIR}/plugins-k8saudit-${PLUGIN_K8S_AUDIT_VERSION}/plugins/k8saudit/libk8saudit.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
ExternalProject_Add(
k8saudit-rules
@@ -47,21 +45,19 @@ ExternalProject_Add(
install(FILES "${PROJECT_BINARY_DIR}/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
set(PLUGIN_CLOUDTRAIL_VERSION "0.5.0")
@@ -53,21 +51,19 @@ install(FILES "${PROJECT_BINARY_DIR}/k8saudit-rules-prefix/src/k8saudit-rules/k8
# cloudtrail
set(PLUGIN_CLOUDTRAIL_VERSION "0.9.0")
-if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
- set(PLUGIN_CLOUDTRAIL_HASH "ca6c0d087b37090145ef0c92f10d1dd32bb2a08c7bae83cc6fb7a1ba712f3182")
- set(PLUGIN_CLOUDTRAIL_HASH "c8dc8ea5337aa9475042e6441320a5188bbf76977e3a69dd34a49a6251f8e9ad")
-else() # aarch64
- set(PLUGIN_CLOUDTRAIL_HASH "f6e12d3bd16ae0f504ed2bb56d13531d15b7d55beb1b63932cbe603cff941372")
- set(PLUGIN_CLOUDTRAIL_HASH "bea12e81409c3df5698f7ab6a740ee9698b9dd1275b5985810daf70ac505c810")
-endif()
+set(PLUGIN_CLOUDTRAIL_HASH "6a3af4c3da0ab1ea9029247319866dc2054f2c0fb23e06116a4e96584122e750")
+set(PLUGIN_CLOUDTRAIL_HASH "34081fc6776ea93b7dc5c5ac5382c3da88f16ad1a3dc243e3208efc9dd4cb0f6")
ExternalProject_Add(
cloudtrail-plugin
- URL "https://download.falco.org/plugins/stable/cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
- URL "https://download.falco.org/plugins/${PLUGINS_DOWNLOAD_BUCKET}/cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
+ URL "https://github.com/falcosecurity/plugins/archive/refs/tags/cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}.tar.gz"
URL_HASH "SHA256=${PLUGIN_CLOUDTRAIL_HASH}"
CONFIGURE_COMMAND ""
@ -64,26 +66,26 @@ index 8a4a1d28..e564f20a 100644
+ BINARY_DIR "plugins-cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}/plugins/cloudtrail"
+ BUILD_COMMAND "make"
INSTALL_COMMAND "")
-install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-plugin-prefix/src/cloudtrail-plugin/libcloudtrail.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
+install(FILES "${PROJECT_BINARY_DIR}/plugins-cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}/plugins/cloudtrail/libcloudtrail.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
ExternalProject_Add(
cloudtrail-rules
@@ -74,18 +70,16 @@ ExternalProject_Add(
install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-rules-prefix/src/cloudtrail-rules/aws_cloudtrail_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
set(PLUGIN_JSON_VERSION "0.5.0")
@@ -81,18 +77,16 @@ install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-rules-prefix/src/cloudtrail-rule
# json
set(PLUGIN_JSON_VERSION "0.7.1")
-if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
- set(PLUGIN_JSON_HASH "b422c4f08bb54ccd384a87c5922e120d5731028c87742ef657cacf936447c202")
- set(PLUGIN_JSON_HASH "3177fd667b384df2ffd2ae3260bda867c407c09d3fbcae841af204b82c1341c1")
-else() # aarch64
- set(PLUGIN_JSON_HASH "8358f04325d8a9e9675f38fae8d13a250fb132dcf6741fd0f9830e8c39f48aed")
- set(PLUGIN_JSON_HASH "3b5d0a9190bfd08e21915f997f88ca314f2027564a022eb88eef80ff4e2c77fa")
-endif()
+set(PLUGIN_JSON_HASH "14f216cfcfec4cf50ab4ac208c5008ac206178253b9e2470cc60589569956bd0")
+set(PLUGIN_JSON_HASH "d7ef1d7db511b1d616a2efa2ee509f0b65cfd3b04486b515d3f607004fa11a83")
ExternalProject_Add(
json-plugin
- URL "https://download.falco.org/plugins/stable/json-${PLUGIN_JSON_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
- URL "https://download.falco.org/plugins/${PLUGINS_DOWNLOAD_BUCKET}/json-${PLUGIN_JSON_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
+ URL "https://github.com/falcosecurity/plugins/archive/refs/tags/json-${PLUGIN_JSON_VERSION}.tar.gz"
URL_HASH "SHA256=${PLUGIN_JSON_HASH}"
CONFIGURE_COMMAND ""
@ -92,9 +94,9 @@ index 8a4a1d28..e564f20a 100644
+ BINARY_DIR "plugins-json-${PLUGIN_JSON_VERSION}/plugins/json"
+ BUILD_COMMAND "make"
INSTALL_COMMAND "")
-install(FILES "${PROJECT_BINARY_DIR}/json-plugin-prefix/src/json-plugin/libjson.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
+install(FILES "${PROJECT_BINARY_DIR}/plugins-json-${PLUGIN_JSON_VERSION}/plugins/json/libjson.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")
--
2.39.0
--
2.43.0

90
SPECS/falco/falco.spec
View File

@ -1,11 +1,13 @@
%global security_hardening none
%define uname_r %{KERNEL_VERSION}-%{KERNEL_RELEASE}
%define uname_r %{KERNEL_VERSION}-%{KERNEL_RELEASE}
%define _modulesdir /lib/modules/%{uname_r}
Summary: The Behavioral Activity Monitor With Container Support
Name: falco
Version: 0.32.2
Release: 11%{?kernelsubrelease}%{?dist}
Version: 0.36.2
Release: 1%{?kernelsubrelease}%{?dist}
License: GPLv2
URL: https://falco.org
Group: Applications/System
@ -13,46 +15,48 @@ Vendor: VMware, Inc.
Distribution: Photon
Source0: https://github.com/falcosecurity/falco/archive/refs/tags/%{name}-%{version}.tar.gz
%define sha512 %{name}=88a98e32285746c2c04bd640495c12a1114a511ef6a9ee276ddaf60ad441effffe8da4879442c82a7fbab76cbecb157bd2cddc01eaa17d3876eb1860e6ec6260
%define sha512 %{name}=a3fef235ab4f3121bd0400827712652530ec417498c44ada8b6bf565f7631d035673b53dad94ea6ae9c854d45202ed71b2771f19e0c92eea3fc3503e5b75b02e
Patch0: build-Distinguish-yamlcpp-in-USE_BUNDLED-macro.patch
Patch1: 0001-build-plugins-locally.patch
BuildArch: x86_64
BuildArch: x86_64
BuildRequires: cmake
BuildRequires: openssl-devel
BuildRequires: curl-devel
BuildRequires: zlib-devel
BuildRequires: ncurses-devel
BuildRequires: linux-devel = %{uname_r}
BuildRequires: jq-devel
BuildRequires: git
BuildRequires: lua-devel
BuildRequires: libyaml-devel
BuildRequires: linux-api-headers
BuildRequires: wget
BuildRequires: which
BuildRequires: grpc-devel
BuildRequires: c-ares-devel
BuildRequires: protobuf-devel
BuildRequires: go
BuildRequires: re2-devel
BuildRequires: cmake
BuildRequires: openssl-devel
BuildRequires: curl-devel
BuildRequires: zlib-devel
BuildRequires: ncurses-devel
BuildRequires: linux-devel = %{uname_r}
BuildRequires: jq-devel
BuildRequires: git
BuildRequires: lua-devel
BuildRequires: libyaml-devel
BuildRequires: linux-api-headers
BuildRequires: wget
BuildRequires: which
BuildRequires: grpc-devel
BuildRequires: c-ares-devel
BuildRequires: protobuf-devel
BuildRequires: go
BuildRequires: re2-devel
BuildRequires: yaml-cpp-devel
Requires: linux = %{uname_r}
Requires: zlib
Requires: ncurses
Requires: openssl
Requires: curl
Requires: libyaml
Requires: lua
Requires: sysdig
Requires: dkms
Requires: grpc
Requires: jq
Requires: protobuf
Requires: c-ares
Requires: re2
Requires: linux = %{uname_r}
Requires: zlib
Requires: ncurses
Requires: openssl
Requires: curl
Requires: libyaml
Requires: lua
Requires: sysdig
Requires: dkms
Requires: grpc
Requires: jq
Requires: protobuf
Requires: c-ares
Requires: re2
Requires: yaml-cpp
%package devel
Summary: falco
@ -75,9 +79,11 @@ Falco lets you continuously monitor and detect container, application, host, and
-DUSE_BUNDLED_DEPS:BOOL=OFF \
-DUSE_BUNDLED_OPENSSL:BOOL=OFF \
-DUSE_BUNDLED_JQ:BOOL=OFF \
-DUSE_BUNDLED_YAMLCPP:BOOL=ON \
-DUSE_BUNDLED_YAMLCPP:BOOL=OFF \
-DBUILD_SHARED_LIBS:BOOL=OFF \
-DCMAKE_INSTALL_LIBDIR=%{_libdir} \
-DUSE_BUNDLED_LIBELF=OFF \
-DLIBELF_LIB=%{_libdir}/libelf.so \
-DCMAKE_INSTALL_LIBDIR=%{_lib} \
-DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir}
export KERNELDIR="%{_modulesdir}/build"
@ -101,17 +107,21 @@ rm -rf %{buildroot}/*
%files
%defattr(-,root,root)
%{_bindir}/*
%exclude %{_usrsrc}
%{_usrsrc}/*
%{_sysconfdir}/%{name}
%{_datadir}/%{name}
%{_modulesdir}/extra/%{name}.ko
%{_sysconfdir}/falcoctl/falcoctl.yaml
%files devel
%defattr(-,root,root)
%{_libdir}/pkgconfig/*.pc
%{_libdir}/falcosecurity/*
%{_includedir}/falcosecurity/*
%changelog
* Thu Nov 30 2023 Shreenidhi Shedi <sshedi@vmware.com> 0.36.2-1
- Upgrade to v0.36.2
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 0.32.2-11
- Bump version as a part of openssl upgrade
* Wed Oct 11 2023 Piyush Gupta <gpiyush@vmware.com> 0.32.2-10

55
SPECS/frr/0000-remove-babeld-and-ldpd.patch Normal file
View File

@ -0,0 +1,55 @@
diff --git a/Makefile.am b/Makefile.am
index 5be3264..33abc1d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -130,8 +130,6 @@ include ospf6d/subdir.am
include ospfclient/subdir.am
include isisd/subdir.am
include nhrpd/subdir.am
-include ldpd/subdir.am
-include babeld/subdir.am
include eigrpd/subdir.am
include sharpd/subdir.am
include pimd/subdir.am
@@ -182,7 +180,6 @@ EXTRA_DIST += \
snapcraft/defaults \
snapcraft/helpers \
snapcraft/snap \
- babeld/Makefile \
mgmtd/Makefile \
bgpd/Makefile \
bgpd/rfp-example/librfp/Makefile \
@@ -193,7 +190,6 @@ EXTRA_DIST += \
fpm/Makefile \
grpc/Makefile \
isisd/Makefile \
- ldpd/Makefile \
lib/Makefile \
nhrpd/Makefile \
ospf6d/Makefile \
diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
index 8aa0887..c92dcca 100644
--- a/tools/etc/frr/daemons
+++ b/tools/etc/frr/daemons
@@ -22,10 +22,8 @@ ripngd=no
isisd=no
pimd=no
pim6d=no
-ldpd=no
nhrpd=no
eigrpd=no
-babeld=no
sharpd=no
pbrd=no
bfdd=no
@@ -48,10 +46,8 @@ ripngd_options=" -A ::1"
isisd_options=" -A 127.0.0.1"
pimd_options=" -A 127.0.0.1"
pim6d_options=" -A ::1"
-ldpd_options=" -A 127.0.0.1"
nhrpd_options=" -A 127.0.0.1"
eigrpd_options=" -A 127.0.0.1"
-babeld_options=" -A 127.0.0.1"
sharpd_options=" -A 127.0.0.1"
pbrd_options=" -A 127.0.0.1"
staticd_options="-A 127.0.0.1"

25
SPECS/frr/0001-directly-link-libabsl_synchronization-for-grpc-test.patch
View File

@ -1,25 +0,0 @@
From 6a068c4c66411b0584c44fe4696dab2d2c036984 Mon Sep 17 00:00:00 2001
From: Brennan Lamoreaux <blamoreaux@vmware.com>
Date: Thu, 13 Apr 2023 22:38:21 +0000
Subject: [PATCH] directly link libabsl_synchronization for grpc test
---
tests/lib/subdir.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am
index 62b1944..8f63a77 100644
--- a/tests/lib/subdir.am
+++ b/tests/lib/subdir.am
@@ -19,7 +19,7 @@ EXTRA_DIST += tests/lib/test_frrscript.py
##############################################################################
-GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
+GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf -labsl_synchronization $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
if GRPC
check_PROGRAMS += tests/lib/test_grpc
--
2.39.0

8
SPECS/frr/enable-openssl.patch → SPECS/frr/0002-enable-openssl.patch
View File

@ -8,8 +8,8 @@ index 0b7af18..0533e24 100644
lib/log_vty.c \
- lib/md5.c \
lib/memory.c \
lib/mlag.c \
lib/module.c \
lib/mgmt_be_client.c \
lib/mgmt_fe_client.c \
@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
lib/routemap_northbound.c \
lib/sbuf.c \
@ -24,8 +24,8 @@ index 0b7af18..0533e24 100644
lib/log_vty.h \
- lib/md5.h \
lib/memory.h \
lib/module.h \
lib/monotime.h \
lib/mgmt.pb-c.h \
lib/mgmt_be_client.h \
@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
lib/route_opaque.h \
lib/sbuf.h \

0
SPECS/frr/disable-eigrp-crypto.patch → SPECS/frr/0003-disable-eigrp-crypto.patch
View File

137
SPECS/frr/fips-mode.patch → SPECS/frr/0004-fips-mode.patch
View File

@ -1,86 +1,69 @@
diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
index 1b04472..f244f16 100644
index ffa6ad3..8c28b17 100644
--- a/isisd/isis_circuit.c
+++ b/isisd/isis_circuit.c
@@ -26,6 +26,9 @@
#include <netinet/if_ether.h>
#endif
+#include <openssl/provider.h>
+#include <openssl/evp.h>
+
#include "log.h"
#include "memory.h"
#include "vrf.h"
@@ -1372,6 +1375,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit,
@@ -1543,6 +1543,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit,
return ferr_code_bug(
"circuit password too long (max 254 chars)");
+ //When in FIPS mode, the password never gets set in MD5
+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && EVP_default_properties_is_fips_enabled(NULL))
+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
+
circuit->passwd.len = len;
strlcpy((char *)circuit->passwd.passwd, passwd,
sizeof(circuit->passwd.passwd));
diff --git a/isisd/isisd.c b/isisd/isisd.c
index 3fa2b7c..db4485c 100644
index b1064d8..fbcd097 100644
--- a/isisd/isisd.c
+++ b/isisd/isisd.c
@@ -22,6 +22,9 @@
#include <zebra.h>
+#include <openssl/provider.h>
+#include <openssl/evp.h>
+
#include "thread.h"
#include "vty.h"
#include "command.h"
@@ -2529,6 +2532,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
@@ -3040,6 +3040,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
if (len > 254)
return -1;
+ //When in FIPS mode, the password never get set in MD5
+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (EVP_default_properties_is_fips_enabled(NULL)))
+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
+
modified.len = len;
strlcpy((char *)modified.passwd, passwd,
sizeof(modified.passwd));
diff --git a/isisd/isisd.h b/isisd/isisd.h
index f5042e4..2c05ca5 100644
--- a/isisd/isisd.h
+++ b/isisd/isisd.h
@@ -29,6 +29,8 @@
DECLARE_MGROUP(ISISD);
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
#ifdef FABRICD
static const bool fabricd = true;
#define PROTO_TYPE ZEBRA_ROUTE_OPENFABRIC
diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
index 1adf42d..38be930 100644
index 355742a..0ede0da 100644
--- a/ospfd/ospf_vty.c
+++ b/ospfd/ospf_vty.c
@@ -22,6 +22,9 @@
#include <zebra.h>
#include <string.h>
+#include <openssl/provider.h>
+#include <openssl/evp.h>
+
#include "printfrr.h"
#include "monotime.h"
#include "memory.h"
@@ -1069,6 +1072,11 @@ DEFUN (ospf_area_vlink,
if (argv_find(argv, argc, "message-digest", &idx)) {
@@ -1085,6 +1085,11 @@ DEFUN (ospf_area_vlink,
vl_config.keychain = argv[idx+1]->arg;
} else if (argv_find(argv, argc, "message-digest", &idx)) {
/* authentication message-digest */
+ if(EVP_default_properties_is_fips_enabled(NULL))
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
} else if (argv_find(argv, argc, "null", &idx)) {
/* "authentication null" */
@@ -1982,6 +1990,15 @@ DEFUN (ospf_area_authentication_message_digest,
@@ -1997,6 +2002,15 @@ DEFUN (ospf_area_authentication_message_digest,
? OSPF_AUTH_NULL
: OSPF_AUTH_CRYPTOGRAPHIC;
+ if(area->auth_type == OSPF_AUTH_CRYPTOGRAPHIC)
+ {
+ if(EVP_default_properties_is_fips_enabled(NULL))
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
@ -90,23 +73,23 @@ index 1adf42d..38be930 100644
return CMD_SUCCESS;
}
@@ -7445,6 +7462,11 @@ DEFUN (ip_ospf_authentication_args,
@@ -7621,6 +7635,11 @@ DEFUN (ip_ospf_authentication_args,
/* Handle message-digest authentication */
if (argv[idx_encryption]->arg[0] == 'm') {
+ if(EVP_default_properties_is_fips_enabled(NULL))
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
SET_IF_PARAM(params, auth_type);
params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
return CMD_SUCCESS;
@@ -7751,6 +7773,11 @@ DEFUN (ip_ospf_message_digest_key,
UNSET_IF_PARAM(params, keychain_name);
@@ -7949,6 +7968,11 @@ DEFUN (ip_ospf_message_digest_key,
"The OSPF password (key)\n"
"Address of interface\n")
{
+ if(EVP_default_properties_is_fips_enabled(NULL))
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
@ -114,25 +97,28 @@ index 1adf42d..38be930 100644
VTY_DECLVAR_CONTEXT(interface, ifp);
struct crypt_key *ck;
uint8_t key_id;
diff --git a/ospfd/ospfd.h b/ospfd/ospfd.h
index 2ab7db1..04d1ff4 100644
--- a/ospfd/ospfd.h
+++ b/ospfd/ospfd.h
@@ -20,6 +20,8 @@
#include "ospf_memory.h"
#include "ospf_dump_api.h"
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
#define OSPF_VERSION 2
/* VTY port number. */
diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
index 58c28e5..0d37669 100644
index 097c708..854a16e 100644
--- a/ripd/rip_cli.c
+++ b/ripd/rip_cli.c
@@ -20,6 +20,9 @@
#include <zebra.h>
+#include <openssl/provider.h>
+#include <openssl/evp.h>
+
#include "if.h"
#include "vrf.h"
#include "log.h"
@@ -832,6 +835,12 @@ DEFPY_YANG (ip_rip_authentication_mode,
@@ -876,6 +876,12 @@ DEFPY_YANG (ip_rip_authentication_mode,
value = "20";
}
+ if(strmatch(mode, "md5") && EVP_default_properties_is_fips_enabled(NULL))
+ if(strmatch(mode, "md5") && FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication id disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
@ -141,3 +127,16 @@ index 58c28e5..0d37669 100644
nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
strmatch(mode, "md5") ? "md5" : "plain-text");
if (strmatch(mode, "md5"))
diff --git a/ripd/ripd.h b/ripd/ripd.h
index ac4a51f..4a68993 100644
--- a/ripd/ripd.h
+++ b/ripd/ripd.h
@@ -6,6 +6,8 @@
#ifndef _ZEBRA_RIP_H
#define _ZEBRA_RIP_H
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
#include "hook.h"
#include "nexthop.h"
#include "distribute.h"

23
SPECS/frr/0005-remove-grpc-test.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am
index 7b5eaa4..5c82f69 100644
--- a/tests/lib/subdir.am
+++ b/tests/lib/subdir.am
@@ -18,18 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
test -e tests/lib/script1.lua || \
$(INSTALL_SCRIPT) $< tests/lib/script1.lua
-##############################################################################
-GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
-
-if GRPC
-check_PROGRAMS += tests/lib/test_grpc
-endif
-tests_lib_test_grpc_CXXFLAGS = $(WERROR) $(TESTS_CXXFLAGS)
-tests_lib_test_grpc_CPPFLAGS = $(TESTS_CPPFLAGS)
-tests_lib_test_grpc_LDADD = $(GRPC_TESTS_LDADD)
-tests_lib_test_grpc_SOURCES = tests/lib/test_grpc.cpp
-
-
##############################################################################
if ZEROMQ
check_PROGRAMS += tests/lib/test_zmq

39
SPECS/frr/frr.spec
View File

@ -2,8 +2,8 @@
Summary: Internet Routing Protocol
Name: frr
Version: 8.5.2
Release: 3%{?dist}
Version: 9.1
Release: 1%{?dist}
License: GPLv2+
URL: https://frrouting.org
Group: System Environment/Daemons
@ -11,18 +11,18 @@ Vendor: VMware, Inc.
Distribution: Photon
Source0: https://github.com/FRRouting/frr/archive/refs/tags/%{name}-%{version}.tar.gz
%define sha512 %{name}=1afa6ca1a41096aa47dc2fc39ab87290b3cbf634a1632e7910a5b69d2816998fbccbca616f261a410aa146a21dd26d12b7e6812da4ec08545b1500f8b546b972
%define sha512 %{name}=77b278a3ea87da9dfd7b87e4f9ae67f08ed0f24809f6dd228d2ab2e2c29e2b3191d59d50fc474e53e159ac6c79c302481b462125d0657889516f07b8e05e8562
Source1: %{name}-tmpfiles.conf
Source2: %{name}-sysusers.conf
Patch0: enable-openssl.patch
Patch1: disable-eigrp-crypto.patch
Patch2: fips-mode.patch
Patch0: 0000-remove-babeld-and-ldpd.patch
Patch1: 0002-enable-openssl.patch
Patch2: 0003-disable-eigrp-crypto.patch
Patch3: 0004-fips-mode.patch
%if 0%{?with_check}
Patch4: remove-grpc-test.patch
Patch5: 0001-directly-link-libabsl_synchronization-for-grpc-test.patch
Patch4: 0005-remove-grpc-test.patch
%endif
BuildRequires: build-essential
@ -40,10 +40,10 @@ BuildRequires: libyang-devel
BuildRequires: elfutils-devel
BuildRequires: pcre2-devel
BuildRequires: openssl-devel
BuildRequires: grpc-devel
BuildRequires: net-snmp-devel
BuildRequires: which
buildRequires: protobuf-devel
BuildRequires: protobuf-devel
BuildRequires: protobuf-c-devel
%if 0%{?with_check}
BuildRequires: python3-pytest
@ -66,6 +66,7 @@ Requires: openssl
Requires: glibc
Requires: python3
Requires: protobuf
Requires: protobuf-c
Requires(pre): shadow
Requires(postun): shadow
@ -115,11 +116,10 @@ sh ./configure --host=%{_host} --build=%{_build} \
--disable-babeld \
--with-moduledir=%{_libdir}/%{name}/modules \
--with-crypto=openssl \
--enable-fpm \
--enable-grpc
--enable-fpm
%build
%make_build PYTHON=%{__python3}
%make_build PYTHON=%{python3}
%install
mkdir -p %{buildroot}%{_sysconfdir}/{%{name},rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
@ -143,16 +143,15 @@ install -p -m 644 redhat/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.
install -p -m 644 redhat/%{name}.pam %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -d -m 775 %{buildroot}/run/%{name}
# Delete libtool archives
find %{buildroot} -type f -name "*.la" -delete -print
# Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
rm -rf %{buildroot}%{_libdir}/%{name}/*.so \
%{buildroot}%{_includedir}/%{name}/ \
%{buildroot}%{_infodir}/dir
%if 0%{?with_check}
%check
%make_build check
%make_build check %{?_smp_mflags}
%endif
%pre
%sysusers_create_compat %{SOURCE2}
@ -186,6 +185,10 @@ if [ $1 -ne 0 ]; then
%systemd_postun_with_restart %{name}.service
fi
if [ $1 -eq 0 ]; then
%systemd_postun %{name}.service
fi
%files
%defattr(-,root,root)
%license COPYING
@ -214,6 +217,8 @@ fi
%{frr_libdir}/*.py
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 9.1-1
- Upgrade to v9.1
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.5.2-3
- Bump version as a part of openssl upgrade
* Tue Sep 26 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.5.2-2

42
SPECS/frr/remove-grpc-test.patch
View File

@ -1,42 +0,0 @@
From b2e33852cea4c26e774c43f49678bf0b25ce0aad Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@nvidia.com>
Date: Tue, 29 Mar 2022 16:16:35 -0400
Subject: [PATCH] tests: skip grpc test if frr not installed
it wants yang models installed which will only be there if frr has been
installed before, causing `make check` to fail when run on a system on
which frr has not been installed when GRPC is enabled (--enable-grpc)
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
[ Changed check from /usr/share/yang existence - which is created by libyang
already - to check specifically if any frr yang files exist. ]
Signed-off-by: Brennan Lamoreaux <blamoreaux@vmware.com>
---
tests/lib/test_grpc.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/lib/test_grpc.py b/tests/lib/test_grpc.py
index 7f722de..f3d9351 100644
--- a/tests/lib/test_grpc.py
+++ b/tests/lib/test_grpc.py
@@ -1,7 +1,7 @@
import inspect
import os
import subprocess
-
+import glob
import frrtest
import pytest
@@ -14,7 +14,7 @@ class TestGRPC(object):
reason="GRPC not enabled",
)
@pytest.mark.skipif(
- not os.path.isdir("/usr/share/yang"),
+ not glob.glob("/usr/share/yang/frr*.yang"),
reason="YANG models aren't installed in /usr/share/yang",
)
def test_exits_cleanly(self):
--
2.39.0

44
SPECS/grpc/grpc.spec
View File

@ -6,31 +6,28 @@
Summary: Google RPC
Name: grpc
Version: 1.54.2
Release: 2%{?dist}
Version: 1.59.3
Release: 1%{?dist}
License: Apache License, Version 2.0
URL: https://grpc.io
Group: Development/Libraries
Vendor: VMware, Inc.
Distribution: Photon
Source0: https://github.com/grpc/grpc/archive/%{name}-%{version}.tar.gz
%define sha512 %{name}=4e0527b3968b0b19991477037ef519a62961025d4f7823e32faaec517049feca96da3fd678d1fca69c1d81538f493e60a9a686643e11963bffe589460b9ef755
Source0: https://github.com/grpc/grpc/archive/%{name}-%{version}.tar.gz
%define sha512 %{name}=54344a124a16e979b30c8141a44be3a98e18d457a1b7d6c6eed3ee70b70cc2a5dbeab5d227d49de4480aa921fc947643252a5c80e9052138fc45c5f86ed18d5c
Source1: https://github.com/abseil/abseil-cpp/archive/abseil-cpp-%{abseil_ver}.tar.gz
%define sha512 abseil=ab4fccd9a2bfa0c5ad4b56c8e8f8b7ec7a8eca8b6cc6959802acadd1da785e1feb078c6ac621808cd699c82717a9e637dc426d94b70a8db7f2a807059d41cbc2
Source1: https://github.com/envoyproxy/data-plane-api/archive/%{envoy_api_commit}/data-plane-api-%{envoy_api_commit}.tar.gz
%define sha512 data-plane-api=9b1ceff5d018e70b36e02aa1b583f5495b0eb92506055bf6913d2e7ef401d3602cba8723efbc178ee31fdef9aba510fc2284612ebe22a24b5b4a703f07099897
Source2: https://github.com/envoyproxy/data-plane-api/archive/%{envoy_api_commit}/data-plane-api-%{envoy_api_commit}.tar.gz
%define sha512 data-plane-api=9b1ceff5d018e70b36e02aa1b583f5495b0eb92506055bf6913d2e7ef401d3602cba8723efbc178ee31fdef9aba510fc2284612ebe22a24b5b4a703f07099897
Source2: https://github.com/googleapis/googleapis/archive/%{googleapis_commit}/googleapis-%{googleapis_commit}.tar.gz
%define sha512 googleapis=cdeefae807df7097174b4bb28c0900b06a68d424c00ebba4ff5add260c9c651351d5e429bfc5de42f95ebb75dadec313f7bd3991c2fa476c9104f9ea656acad4
Source3: https://github.com/googleapis/googleapis/archive/%{googleapis_commit}/googleapis-%{googleapis_commit}.tar.gz
%define sha512 googleapis=cdeefae807df7097174b4bb28c0900b06a68d424c00ebba4ff5add260c9c651351d5e429bfc5de42f95ebb75dadec313f7bd3991c2fa476c9104f9ea656acad4
Source3: https://github.com/census-instrumentation/opencensus-proto/archive/v%{opencensus_proto_version}/opencensus-proto-%{opencensus_proto_version}.tar.gz
%define sha512 opencensus-proto=39231a495dfdccfc8267d1e6af2ac624feea611a8691c10ec570de2194b352e4a9c3b0ce1606414fb98e5d77c66873bed4a9e56512efa12b267b8a91e0c5851e
Source4: https://github.com/census-instrumentation/opencensus-proto/archive/v%{opencensus_proto_version}/opencensus-proto-%{opencensus_proto_version}.tar.gz
%define sha512 opencensus-proto=39231a495dfdccfc8267d1e6af2ac624feea611a8691c10ec570de2194b352e4a9c3b0ce1606414fb98e5d77c66873bed4a9e56512efa12b267b8a91e0c5851e
Source5: https://github.com/cncf/xds/archive/%{xds_commit}/xds-%{xds_commit}.tar.gz
%define sha512 xds=eb5878764503872c18b8750b20e2c2e2224e73d9601197752cea7e1e4171899474ad4f39aacc80d6c1b57a50b2161d39f219df64ffb250d045af482dae01ea79
Source4: https://github.com/cncf/xds/archive/%{xds_commit}/xds-%{xds_commit}.tar.gz
%define sha512 xds=eb5878764503872c18b8750b20e2c2e2224e73d9601197752cea7e1e4171899474ad4f39aacc80d6c1b57a50b2161d39f219df64ffb250d045af482dae01ea79
BuildRequires: build-essential
BuildRequires: which
@ -38,8 +35,9 @@ BuildRequires: c-ares-devel
BuildRequires: zlib-devel
BuildRequires: cmake
BuildRequires: gperftools-devel
BuildRequires: protobuf-devel >= 3.6.0
BuildRequires: protobuf-devel
BuildRequires: re2-devel
BuildRequires: abseil-cpp-devel
Requires: protobuf >= 3.6.0
Requires: protobuf-c
@ -47,6 +45,7 @@ Requires: c-ares-devel
Requires: zlib-devel
Requires: openssl-devel
Requires: re2
Requires: abseil-cpp
%description
Remote Procedure Calls (RPCs) provide a useful abstraction for building
@ -61,6 +60,8 @@ Group: Development/Libraries
Requires: grpc = %{version}-%{release}
Requires: protobuf-devel >= 3.6.0
Requires: re2-devel
Requires: abseil-cpp-devel
%description devel
The grpc-devel package contains libraries and header files for
developing applications that use grpc.
@ -68,7 +69,7 @@ developing applications that use grpc.
%prep
%autosetup -p1
# Using autosetup is not feasible
%setup -q -T -D -b 1 -b 2 -b 3 -b 4 -b 5
%setup -q -T -D -b 1 -b 2 -b 3 -b 4
# Overwrite third party sources
rm -r %{_builddir}/%{name}-%{version}/third_party/{envoy-api,googleapis,opencensus-proto,xds}
mv %{_builddir}/data-plane-api-%{envoy_api_commit} %{_builddir}/%{name}-%{version}/third_party/envoy-api
@ -77,7 +78,7 @@ mv %{_builddir}/opencensus-proto-%{opencensus_proto_version} %{_builddir}/%{name
mv %{_builddir}/xds-%{xds_commit} %{_builddir}/%{name}-%{version}/third_party/xds
%build
%cmake \
%{cmake} \
-DBUILD_SHARED_LIBS=ON \
-DABSL_PROPAGATE_CXX_STD=ON \
-DgRPC_BUILD_TESTS=OFF \
@ -85,15 +86,14 @@ mv %{_builddir}/xds-%{xds_commit} %{_builddir}/%{name}-%{version}/third_party/xd
-DgRPC_SSL_PROVIDER=package \
-DgRPC_PROTOBUF_PROVIDER=package \
-DgRPC_CARES_PROVIDER=package \
-DABSL_ROOT_DIR=%{_builddir}/abseil-cpp-%{abseil_ver} \
-DgRPC_RE2_PROVIDER=package \
-DCMAKE_INSTALL_LIBDIR=%{_libdir} \
-DCMAKE_BUILD_TYPE=Debug
%cmake_build
%{cmake_build}
%install
%cmake_install
%{cmake_install}
# remove libre2 duplicates.
rm -rf %{buildroot}%{_lib64dir}
@ -114,6 +114,8 @@ rm -rf %{buildroot}%{_lib64dir}
%{_libdir}/*.so
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.59.3-1
- Upgrade to v1.59.3
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.54.2-2
- Bump version as a part of openssl upgrade
* Wed Aug 09 2023 Mukul Sikka <msikka@vmware.com> 1.54.2-1

14
SPECS/mysql/mysql.spec
View File

@ -1,7 +1,7 @@
Summary: MySQL.
Name: mysql
Version: 8.0.35
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2
Group: Applications/Databases
Vendor: VMware, Inc.
@ -21,7 +21,7 @@ BuildRequires: libevent-devel
BuildRequires: curl-devel
BuildRequires: zstd-devel
BuildRequires: lz4-devel
BuildRequires: protobuf-devel
#BuildRequires: protobuf-devel
BuildRequires: openssl-devel
BuildRequires: libtirpc-devel
BuildRequires: ncurses-devel
@ -36,13 +36,14 @@ Requires: libevent
Requires: curl-libs
Requires: zstd-libs
Requires: lz4
Requires: protobuf
#Requires: protobuf
Requires: openssl
Requires: libtirpc
Requires: perl
Requires: ncurses-libs
Requires: libnuma
Requires: libfido2
Requires: libaio
%description
MySQL is a free, widely used SQL engine.
@ -87,7 +88,8 @@ This package contains ICU data files needed by MySQL regular expressions.
-DNICE_PROJECT_NAME="MySQL" \
-DWITH_SYSTEMD=1 \
-DSYSTEMD_SERVICE_NAME="mysqld" \
-DSYSTEMD_PID_DIR="/run/mysqld"
-DSYSTEMD_PID_DIR="/run/mysqld" \
-DWITH_PROTOBUF=bundled
%{cmake_build}
@ -159,6 +161,8 @@ fi
%{_bindir}/*
%{_sbindir}/*
%{_libdir}/*.so.*
%dir %{_lib64dir}/%{name}/private
%attr(755,root,root) %{_lib64dir}/%{name}/private/libprotobuf*.so.*
%{_libdir}/plugin/*
%{_datadir}/*
%{_unitdir}/*.service
@ -175,6 +179,8 @@ fi
%defattr(-,root,root)
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.0.35-3
- Use bundled protobuf, build breaks with latest protobuf provided by system
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.0.35-2
- Bump version as a part of openssl upgrade
* Wed Nov 08 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.0.35-1

13
SPECS/protobuf-c/protobuf-c.spec
View File

@ -1,6 +1,6 @@
Summary: Google's data interchange format - C implementation
Name: protobuf-c
Version: 1.4.1
Version: 1.5.0
Release: 1%{?dist}
License: BSD-3-Clause
Group: Development/Libraries
@ -8,8 +8,8 @@ Vendor: VMware, Inc.
Distribution: Photon
URL: https://github.com/protobuf-c/protobuf-c
Source0: https://github.com/protobuf-c/protobuf-c/releases/download/v1.3.3/%{name}-%{version}.tar.gz
%define sha512 %{name}=57f858118a89befc80e111ad9a57eadbcf2317d60e085b6d99e10f6604ee8c08473fe6ab1fdfb0a3196821a6e68e743943338321d23d15a1229987f140341181
Source0: https://github.com/protobuf-c/protobuf-c/releases/download/v1.4.1/%{name}-%{version}.tar.gz
%define sha512 %{name}=175c9fc901cab88308730eea982dd62b1e0decdceb80aa53be163f17a440b4acecb834a784beab5cd71186413a322a323f4539758a8727ca51801cf92f9bd3da
BuildRequires: protobuf-devel
BuildRequires: autoconf
@ -20,7 +20,7 @@ BuildRequires: curl
BuildRequires: make
BuildRequires: unzip
Requires: protobuf >= 3.21.12
Requires: protobuf
%description
Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site. This is the C implementation.
@ -46,7 +46,6 @@ The %{name}-static package contains static %{name} libraries.
%autosetup -p1
%build
autoreconf -fvi
%configure \
--disable-silent-rules \
--disable-static
@ -56,7 +55,7 @@ autoreconf -fvi
%install
%make_install %{?_smp_mflags}
%post -p /sbin/ldconfig
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%clean
@ -78,6 +77,8 @@ rm -rf %{buildroot}
%defattr(-,root,root)
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.5.0-1
- Upgrade to v1.5.0
* Sat Jun 10 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.4.1-1
- Upgrade to v1.4.1
* Tue Sep 27 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.3.3-3

69
SPECS/protobuf/protobuf.spec
View File

@ -2,8 +2,8 @@
Summary: Google's data interchange format
Name: protobuf
Version: 3.21.12
Release: 3%{?dist}
Version: 3.23.3
Release: 1%{?dist}
License: BSD-3-Clause
Group: Development/Libraries
Vendor: VMware, Inc.
@ -11,17 +11,27 @@ Distribution: Photon
URL: https://github.com/google/protobuf
Source0: https://github.com/protocolbuffers/protobuf/archive/refs/tags/%{name}-%{version}.tar.gz
%define sha512 %{name}=152f8441c325e808b942153c15e82fdb533d5273b50c25c28916ec568ada880f79242bb61ee332ac5fb0d20f21239ed6f8de02ef6256cc574b1fc354d002c6b0
%define sha512 %{name}=d6f360c3d0a205b012c2db6d5c32fc7cde075941e12dd7cb9da8c03ab1f6cb81044acac34b39bb699dde5bea4558159a5e47beafd87e47d6b91d06b37ea6e886
BuildRequires: build-essential
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: libstdc++
BuildRequires: curl
BuildRequires: make
BuildRequires: unzip
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-xml
BuildRequires: chkconfig
BuildRequires: openjdk11
BuildRequires: apache-maven >= %{java_min_ver_needed}
BuildRequires: apache-maven
BuildRequires: cmake
BuildRequires: gtest-devel
BuildRequires: gmock-devel
BuildRequires: abseil-cpp-devel
Requires: abseil-cpp
%description
Protocol Buffers (a.k.a., %{name}) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data.
@ -31,6 +41,7 @@ You can find %{name}'s documentation on the Google Developers site.
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: abseil-cpp-devel
%description devel
The %{name}-devel package contains libraries and header files for
@ -66,48 +77,58 @@ This contains %{name} java package.
# This test is incredibly slow
# https://github.com/google/protobuf/issues/2389
rm -f java/core/src/test/java/com/google/%{name}/IsValidUtf8Test.java \
java/core/src/test/java/com/google/%{name}/DecodeUtf8Test.java
rm java/core/src/test/java/com/google/%{name}/IsValidUtf8Test.java \
java/core/src/test/java/com/google/%{name}/DecodeUtf8Test.java
%build
autoreconf -fvi
%{cmake} \
-Dprotobuf_BUILD_TESTS=OFF \
-Dprotobuf_ABSL_PROVIDER=package \
-Dprotobuf_BUILD_SHARED_LIBS=ON \
-DCMAKE_INSTALL_LIBDIR=%{_libdir}
%configure \
--disable-silent-rules \
--disable-static
%{cmake_build}
%make_build
export PROTOC="${PWD}/%{__cmake_builddir}/protoc"
pushd python
%{py3_build}
popd
pushd java
mvn package
ln -sfrv ${PROTOC} ../
mvn -e -B package \
-Dhttps.protocols=TLSv1.2 \
-Dmaven.test.skip=true
popd
%install
%make_install %{?_smp_mflags}
%{cmake_install}
export PROTOC="%{_builddir}/%{name}-%{version}/%{__cmake_builddir}/protoc"
pushd python
%{py3_install}
popd
pushd java
mvn install
install -vdm755 %{buildroot}%{_libdir}/java/%{name}
install -vm644 core/target/%{name}-java-%{version}.jar %{buildroot}%{_libdir}/java/%{name}
install -vm644 util/target/%{name}-java-util-%{version}.jar %{buildroot}%{_libdir}/java/%{name}
popd
mvn -e -B install \
-Dhttps.protocols=TLSv1.2 \
-Dmaven.test.skip=true
%clean
rm -rf %{buildroot}/*
install -vdm755 %{buildroot}%{_libdir}/java/%{name}
for fn in $(find . -name "*.jar"); do
install -vm644 ${fn} %{buildroot}%{_libdir}/java/%{name}
done
popd
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%{_bindir}/protoc
%{_bindir}/protoc*
%{_libdir}/*.so.*
%files devel
@ -115,6 +136,8 @@ rm -rf %{buildroot}/*
%{_includedir}/*
%{_libdir}/pkgconfig/*
%{_libdir}/*.so
%{_libdir}/*.a
%{_libdir}/cmake/*
%files static
%defattr(-,root,root)
@ -128,6 +151,8 @@ rm -rf %{buildroot}/*
%{_libdir}/java/protobuf/*.jar
%changelog
* Tue Nov 28 2023 Shreenidhi Shedi <sshedi@vmware.com> 3.23.3-1
- Upgrade to v3.23.3
* Sun Aug 27 2023 Shreenidhi Shedi <sshedi@vmware.com> 3.21.12-3
- Require jdk11 or jdk17
* Sat Jun 17 2023 Shreenidhi Shedi <sshedi@vmware.com> 3.21.12-2

90
SPECS/sysdig/sysdig.spec
View File

@ -4,12 +4,12 @@
# check the release bundle & use the right version, example:
# https://github.com/draios/sysdig/blob/0.30.2/cmake/modules/falcosecurity-libs.cmake#L35
%define falcosecurity_libs_ver 0.9.1
%define falcosecurity_libs_ver 0.13.4
Summary: Sysdig is a universal system visibility tool with native support for containers.
Name: sysdig
Version: 0.30.2
Release: 7%{?kernelsubrelease}%{?dist}
Version: 0.34.1
Release: 1%{?kernelsubrelease}%{?dist}
License: GPLv2
URL: http://www.sysdig.org
Group: Applications/System
@ -17,10 +17,10 @@ Vendor: VMware, Inc.
Distribution: Photon
Source0: https://github.com/draios/sysdig/archive/%{name}-%{version}.tar.gz
%define sha512 %{name}=08e5c4f6e393838fca0b8b72f152fde9873af2095fe28084463f22238c65ad45f699c724b21f2d25051eae803f253f41a319fb38b405977de382809a74a4f625
%define sha512 %{name}=2d7c6369eb6ae85cb7fca50da049470830eb8a88002414f257e5ccf1eb438fe36890d51107ffd782b2cd3b7358094de0795641a1cb6b086a4e29b9a5b6edad4f
Source1: https://github.com/falcosecurity/libs/archive/falconsecurity-libs-0.9.1.tar.gz
%define sha512 falconsecurity-libs=06d894e6ea8cd66c80682dcce64e38667f6d7315c1c552898b3944fa16cf57ae49932bd283e2b5d09e2e0462f438df217c722f98e437aa0989fdef69aefd79a2
Source1: https://github.com/falcosecurity/libs/archive/falconsecurity-libs-%{falcosecurity_libs_ver}.tar.gz
%define sha512 falconsecurity-libs=e4c9ab4cd8bbe544f13403573df7751b21c977ecefe4ea7c0b71c576a77c308d2f64f5a3d933a2493f23aacbc63148f24be0e897ca779a73879a48c63cbbad33
Patch0: get-googletest-sources-from-photonstage.patch
Patch1: falcosecurity-libs-nodownload.patch
@ -28,34 +28,39 @@ Patch2: bashcomp-location.patch
BuildArch: x86_64
BuildRequires: cmake
BuildRequires: linux-devel = %{uname_r}
BuildRequires: openssl-devel
BuildRequires: curl-devel
BuildRequires: zlib-devel
BuildRequires: ncurses-devel
BuildRequires: wget
BuildRequires: which
BuildRequires: grpc-devel
BuildRequires: jq-devel
BuildRequires: c-ares-devel
BuildRequires: protobuf-devel
BuildRequires: git
BuildRequires: net-tools
BuildRequires: jsoncpp-devel
BuildRequires: re2-devel
BuildRequires: cmake
BuildRequires: linux-devel = %{uname_r}
BuildRequires: openssl-devel
BuildRequires: curl-devel
BuildRequires: zlib-devel
BuildRequires: ncurses-devel
BuildRequires: wget
BuildRequires: which
BuildRequires: grpc-devel
BuildRequires: jq-devel
BuildRequires: c-ares-devel
BuildRequires: protobuf-devel
BuildRequires: git
BuildRequires: net-tools
BuildRequires: jsoncpp-devel
BuildRequires: re2-devel
BuildRequires: tinydir-devel
BuildRequires: elfutils-devel
BuildRequires: abseil-cpp-devel
Requires: linux = %{uname_r}
Requires: zlib
Requires: ncurses
Requires: openssl
Requires: curl
Requires: grpc
Requires: jq
Requires: c-ares
Requires: protobuf
Requires: jsoncpp
Requires: re2
Requires: linux = %{uname_r}
Requires: zlib
Requires: ncurses
Requires: openssl
Requires: curl
Requires: grpc
Requires: jq
Requires: c-ares
Requires: protobuf
Requires: jsoncpp
Requires: re2
Requires: elfutils-libelf
Requires: abseil-cpp
%description
Sysdig is open source, system-level exploration, capture system state and activity from a running Linux instance.
@ -67,10 +72,11 @@ that runs in your terminal
%autosetup -p1 -a0 -a1
%build
export CFLAGS="-Wno-error=misleading-indentation"
export CFLAGS="-Wno-error=misleading-indentation -Wno-dev"
%{cmake} \
-DUSE_BUNDLED_OPENSSL=OFF \
-DCMAKE_CXX_STANDARD=17 \
-DUSE_BUNDLED_CURL=OFF \
-DUSE_BUNDLED_ZLIB=OFF \
-DUSE_BUNDLED_CARES=OFF \
@ -80,6 +86,8 @@ export CFLAGS="-Wno-error=misleading-indentation"
-DUSE_BUNDLED_JSONCPP=OFF \
-DUSE_BUNDLED_NJSON=OFF \
-DUSE_BUNDLED_NCURSES=OFF \
-DUSE_BUNDLED_LIBELF=OFF \
-DLIBELF_LIB=%{_libdir}/libelf.so \
-DBUILD_DRIVER=ON \
-DBUILD_LIBSCAP_EXAMPLES=OFF \
-DBUILD_LIBSINSP_EXAMPLES=OFF \
@ -87,9 +95,9 @@ export CFLAGS="-Wno-error=misleading-indentation"
-DFALCOSECURITY_LIBS_VERSION=%{falcosecurity_libs_ver} \
-DCMAKE_INSTALL_BINDIR:PATH=%{_bindir} \
-DCMAKE_INSTALL_SBINDIR:PATH=%{_sbindir} \
-DCMAKE_INSTALL_LIBDIR:PATH=%{_libdir} \
-DCMAKE_INSTALL_LIBDIR:PATH=%{_lib} \
-DCMAKE_INSTALL_LIBEXECDIR:PATH=%{_libexecdir} \
-DCMAKE_INSTALL_LOCALSTATEDIR:PATH=%{_localstatedir} \
-DCMAKE_INSTALL_LOCALSTATEDIR:PATH=%{_var} \
-DCMAKE_INSTALL_SHAREDSTATEDIR:PATH=%{_sharedstatedir} \
-DCMAKE_INSTALL_INCLUDEDIR:PATH=%{_includedir} \
-DCMAKE_INSTALL_INFODIR:PATH=%{_infodir} \
@ -104,7 +112,9 @@ export KERNELDIR="%{_modulesdir}/build"
export KERNELDIR="%{_modulesdir}/build"
%{cmake_install}
rm -rf %{buildroot}%{_datadir}/zsh/
rm -rf %{buildroot}%{_datadir}/zsh/ \
%{buildroot}{%{_includedir},%{_libdir}}
mkdir -p %{buildroot}%{_modulesdir}/extra
mv %{__cmake_builddir}/driver/scap.ko %{buildroot}%{_modulesdir}/extra
@ -120,15 +130,15 @@ rm -rf %{buildroot}/*
%files
%defattr(-,root,root)
%{_bindir}/*
%{_includedir}/%{name}
%{_libdir}/%{name}
%exclude %{_usrsrc}
%{_usrsrc}/*
%{_datadir}/%{name}/*
%{_datadir}/bash-completion/*
%{_mandir}/*
%{_modulesdir}/extra/scap.ko
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 0.34.1-1
- Upgrade to v0.34.1
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 0.30.2-7
- Bump version as a part of openssl upgrade
* Wed Aug 09 2023 Mukul Sikka <msikka@vmware.com> 0.30.2-6

74
SPECS/tinydir/tinydir.spec Normal file
View File

@ -0,0 +1,74 @@
%global debug_package %{nil}
Name: tinydir
Version: 1.2.5
Release: 1%{?dist}
Summary: Portable and easy to integrate C directory and file reader
License: BSD
URL: https://github.com/cxong/%{name}
Vendor: VMware, Inc.
Group: Development/Tools
Distribution: Photon
Source0: %{url}/archive/refs/tags/%{name}-%{version}.tar.gz
%define sha512 %{name}=d86a8709b92c9b6847bd85b4b307a411edf30156a06557641a051f74a7c19898451616772ee53ad2d8fc6c2ea2285c4c4edf2197f36cf48ede6d539d24ebb2cf
BuildRequires: cmake
%description
Lightweight, portable and easy to integrate C directory and file reader.
TinyDir wraps dirent for POSIX and FindFirstFile for Windows.
%package devel
Summary: Header & devel files of %{name}
Provides: %{name} = %{version}-%{release}
BuildArch: noarch
%description devel
%{summary}
%prep
%autosetup -p1
%build
%install
mkdir -p %{buildroot}%{_includedir}
cp %{name}.h %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_datadir}/pkgconfig/
# Install pkg-config file.
cat << EOF > %{buildroot}%{_datadir}/pkgconfig/%{name}.pc
prefix=%{_prefix}
exec_prefix=\${prefix}
includedir=%{_includedir}
Name: %{name}
Version: %{version}
Description: Portable and easy to integrate C directory and file reader
EOF
# Clean-up for including samples in %%doc.
rm -f samples/{.gitignore,CMakeLists.txt}
%check
export CTEST_OUTPUT_ON_FAILURE=1
pushd tests
cmake -DCMAKE_VERBOSE_MAKEFILE=ON .
%make_build
ctest
popd
%files devel
%defattr(-,root,root)
%license COPYING
%doc samples/ package.json README.md
%{_includedir}/%{name}.h
%{_datadir}/pkgconfig/%{name}.pc
%changelog
* Wed Nov 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.2.5-1
- Initial version. Needed by sysdig.

8
SPECS/zstd/zstd.spec
View File

@ -1,7 +1,7 @@
Summary: Fast lossless compression algorithm
Name: zstd
Version: 1.5.5
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD and GPLv2
URL: https://github.com/facebook/zstd
Group: Applications/System
@ -41,13 +41,13 @@ library, libzstd.
%autosetup -p1
%build
%make_build
%make_build PREFIX=%{_prefix} LIBDIR=%{_libdir}
%install
%make_install PREFIX=%{_prefix} LIBDIR=%{_libdir} %{?_smp_mflags}
%check
make check %{?_smp_mflags}
%make_build check
%post -n zstd-libs -p /sbin/ldconfig
%postun -n zstd-libs -p /sbin/ldconfig
@ -80,6 +80,8 @@ make check %{?_smp_mflags}
%exclude %{_libdir}/libzstd.a
%changelog
* Fri Dec 01 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.5.5-2
- Generate pc file properly
* Fri Apr 14 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.5.5-1
- Upgrade to v1.5.5
* Tue Oct 04 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.5.2-1