From 97e3fb9f2ed9ce8079eadd2922d6eb3677a7949b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 24 Jul 2023 09:19:01 -0400 Subject: [PATCH] Packit: switch to rpm/gvisor-tap-vsock.spec gvproxy doesn't currently build on rawhide because of go1.21. It can be included as a standalone package on copr. It is currently open for review on bugzilla until which fedora releases can't include it. Official rawhide should be able to fetch the last active build of gvproxy, the min version requirement has been removed to allow it. WIP Fedora Package Review: https://bugzilla.redhat.com/show_bug.cgi?id=2224434 Signed-off-by: Lokesh Mandvekar --- .packit.yaml | 48 ++++++++-------- gvisor-tap-vsock.spec.rpkg | 100 -------------------------------- rpm/gvisor-tap-vsock.spec | 113 +++++++++++++++++++++++++++++++++++++ 3 files changed, 139 insertions(+), 122 deletions(-) delete mode 100644 gvisor-tap-vsock.spec.rpkg create mode 100644 rpm/gvisor-tap-vsock.spec diff --git a/.packit.yaml b/.packit.yaml index 41bdceea..c6c07326 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -6,7 +6,8 @@ # On PR: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/ # On commit: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/ -specfile_path: gvisor-tap-vsock.spec +specfile_path: rpm/gvisor-tap-vsock.spec +upstream_tag_template: v{version} jobs: - &copr @@ -17,7 +18,6 @@ jobs: enable_net: true srpm_build_deps: - make - - rpkg targets: - fedora-rawhide-aarch64 - fedora-rawhide-x86_64 @@ -29,25 +29,29 @@ jobs: - centos-stream-9-x86_64 - centos-stream-8-aarch64 - centos-stream-8-x86_64 - actions: - post-upstream-clone: - - "rpkg spec --outdir ./" - fix-spec-file: - - "bash .packit.sh" - #- <<: *copr + - <<: *copr # Run on commit to main branch - #trigger: commit - #branch: main - #project: podman-next - #targets: - # - fedora-rawhide-aarch64 - # - fedora-rawhide-x86_64 - # - fedora-eln-aarch64 - # - fedora-eln-x86_64 - # - fedora-38-aarch64 - # - fedora-38-x86_64 - # - centos-stream-9-aarch64 - # - centos-stream-9-x86_64 - # - centos-stream-8-aarch64 - # - centos-stream-8-x86_64 + trigger: commit + branch: main + project: podman-next + targets: + - fedora-rawhide-aarch64 + - fedora-rawhide-ppc64le + - fedora-rawhide-s390x + - fedora-rawhide-x86_64 + - fedora-eln-aarch64 + - fedora-eln-ppc64le + - fedora-eln-s390x + - fedora-eln-x86_64 + - fedora-38-aarch64 + - fedora-38-ppc64le + - fedora-38-s390x + - fedora-38-x86_64 + - centos-stream+epel-next-9-aarch64 + - centos-stream+epel-next-9-ppc64le + - centos-stream+epel-next-9-s390x + - centos-stream+epel-next-9-x86_64 + - centos-stream+epel-next-8-aarch64 + - centos-stream+epel-next-8-ppc64le + - centos-stream+epel-next-8-x86_64 diff --git a/gvisor-tap-vsock.spec.rpkg b/gvisor-tap-vsock.spec.rpkg deleted file mode 100644 index d9d9efcd..00000000 --- a/gvisor-tap-vsock.spec.rpkg +++ /dev/null @@ -1,100 +0,0 @@ -# For automatic rebuilds in COPR - -# The following tag is to get correct syntax highlighting for this file in vim text editor -# vim: syntax=spec - -%global with_debug 1 - -%if 0%{?with_debug} -%global _find_debuginfo_dwz_opts %{nil} -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif - -# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we -# set it separately here and do not depend on RHEL 8's go-srpm-macros package. -%if !0%{?fedora} && 0%{?rhel} <= 8 -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; -%endif - -Name: {{{ git_dir_name }}} -Epoch: 101 -Version: {{{ git_dir_version }}} -Release: 1%{?dist} -Summary: Go replacement for libslirp and VPNKit -License: Apache-2.0 -URL: https://github.com/containers/gvisor-tap-vsock -VCS: {{{ git_dir_vcs }}} -Source: {{{ git_dir_pack }}} -BuildRequires: gcc -BuildRequires: golang >= 1.16.6 -BuildRequires: git-core -BuildRequires: systemd-rpm-macros -%if 0%{?fedora} || 0%{?rhel} >= 9 -BuildRequires: go-rpm-macros -%endif -Provides: podman-gvproxy = %{epoch}:%{version}-%{release} -# Obsolete everything <= Epoch 101 -Obsoletes: podman-gvproxy <= 100:4.5.0-1 - -%description -%{summary} - -%{name} is based on the network stack of gVisor. Compared to libslirp, -gvisor-tap-vsock brings a configurable DNS server and -dynamic port forwarding. - -%prep -{{{ git_dir_setup_macro }}} - -%build -%set_build_flags -%global gomodulesmode GO111MODULE=on -export CGO_CFLAGS=$CFLAGS -# These extra flags present in $CFLAGS have been skipped for now as they break the build -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') - -%ifarch x86_64 -export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" -%endif - -export LDFLAGS='' - -mkdir _build -cd _build -mkdir -p src/%{provider}.%{provider_tld}/%{project} -ln -s ../../../../ src/%{import_path} -cd .. -ln -s vendor src - -export GOPATH=$(pwd)/_build:$(pwd) -%gobuild -o bin/gvproxy ./cmd/gvproxy -%gobuild -o bin/gvforwarder ./cmd/vm - -%install -install -dp %{buildroot}%{_libexecdir}/podman -install -p -m0755 bin/gvproxy %{buildroot}%{_libexecdir}/podman -install -p -m0755 bin/gvforwarder %{buildroot}%{_libexecdir}/podman -install -dp %{buildroot}%{_unitdir} -install -p -m0644 contrib/systemd/gv-user-network@.service %{buildroot}%{_unitdir} - -%post -%systemd_post gv-user-network@.service - -%preun -%systemd_preun gv-user-network@.service - -%postun -%systemd_postun_with_restart gv-user-network@.service - -%files -%dir %{_libexecdir}/podman -%{_libexecdir}/podman/gvproxy -%{_libexecdir}/podman/gvforwarder -%{_unitdir}/gv-user-network@.service - -%changelog -{{{ git_dir_changelog }}} diff --git a/rpm/gvisor-tap-vsock.spec b/rpm/gvisor-tap-vsock.spec new file mode 100644 index 00000000..b6d6b03b --- /dev/null +++ b/rpm/gvisor-tap-vsock.spec @@ -0,0 +1,113 @@ +%global with_debug 1 + +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we +# set it separately here and do not depend on RHEL 8's go-srpm-macros package. +%if %{defined rhel} && 0%{?rhel} == 8 +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%define rhel8py3 1 +%endif + +%global gomodulesmode GO111MODULE=on + +Name: gvisor-tap-vsock +%if %{defined copr_username} +Epoch: 103 +%else +Epoch: 6 +%endif +# DO NOT TOUCH the Version string! +# The TRUE source of this specfile is: +# https://github.com/containers/podman/blob/main/rpm/podman.spec +# If that's what you're reading, Version must be 0, and will be updated by Packit for +# copr and koji builds. +# If you're reading this on dist-git, the version is automatically filled in by Packit. +Version: 0 +License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and MIT +%if %{defined autorelease} +Release: %autorelease +%else +Release: 1 +%endif +%if %{defined golang_arches_future} +ExclusiveArch: %{golang_arches_future} +%else +ExclusiveArch: aarch64 ppc64le s390x x86_64 +%endif +Summary: Go replacement for libslirp and VPNKit +URL: https://github.com/containers/%{name} +# All SourceN files fetched from upstream +Source0: %{url}/archive/refs/tags/v%{version}.tar.gz +BuildRequires: gcc +BuildRequires: glib2-devel +BuildRequires: glibc-devel +BuildRequires: glibc-static +BuildRequires: golang +BuildRequires: git-core +BuildRequires: go-rpm-macros +BuildRequires: make +%if %{defined copr_username} +Obsoletes: podman-gvproxy <= 102:4.6.0-1 +%else +Obsoletes: podman-gvproxy <= 5:4.6.0-1 +%endif +Provides: podman-gvproxy = %{epoch}:%{version}-%{release} + +%description +A replacement for libslirp and VPNKit, written in pure Go. +It is based on the network stack of gVisor. Compared to libslirp, +gvisor-tap-vsock brings a configurable DNS server and +dynamic port forwarding. + +%prep +%autosetup -Sgit -n %{name}-%{version} + +%build +%set_build_flags +export CGO_CFLAGS=$CFLAGS + +# These extra flags present in $CFLAGS have been skipped for now as they break the build +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') + +%ifarch x86_64 +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" +%endif + +# reset LDFLAGS for plugins and gvisor binaries +LDFLAGS='' + +# build gvisor-tap-vsock binaries +%gobuild -o bin/gvproxy ./cmd/gvproxy +%gobuild -o bin/gvforwarder ./cmd/vm + +%install +# install gvproxy +install -dp %{buildroot}%{_libexecdir}/%{name} +install -p -m0755 bin/gvproxy %{buildroot}%{_libexecdir}/%{name} +install -p -m0755 bin/gvforwarder %{buildroot}%{_libexecdir}/%{name} + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md +%dir %{_libexecdir}/%{name} +%{_libexecdir}/%{name}/gvproxy +%{_libexecdir}/%{name}/gvforwarder + +%changelog +%if %{defined autochangelog} +%autochangelog +%else +* Mon Jul 24 2023 RH Container Bot +- Placeholder changelog for envs that are not autochangelog-ready +%endif