%global srcname borgbackup
%if 0%{?fedora} || 0%{?rhel} == 8
%global bundle_msgpack 1
%else
%global bundle_msgpack 0
%endif
Name: %{srcname}
Version: 1.1.18
Release: 2%{?dist}
Summary: A deduplicating backup program with compression and authenticated encryption
%if %bundle_msgpack
License: BSD and ASL 2.0 and zlib
%else
License: BSD and zlib
%endif
URL: https://borgbackup.readthedocs.org
Source0: %pypi_source
Source1: %pypi_source.asc
# upstream publishes only key ids:
# https://borgbackup.readthedocs.io/en/stable/support.html#verifying-signed-releases
# gpg2 --export --export-options export-minimal "6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393" > gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg
Source2: gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg
# we don't need the guzzley_sphinx theme for only man page generation
Patch1: 0002-disable-sphinx-man-page-build.patch
# ability not to build bundled msgpack
Patch2: 0003-ability-to-unbundle-msgpack.patch
# EPEL 7/8 only ship Sphinx 1.x so we need to revert the upstream change
# which provides Sphinx 4.x compatibility.
# https://github.com/borgbackup/borg/commit/396807e268775117e7e9ff981fdfedf80c77a5a7
Patch3: borgbackup-sphinx-1.x-support.patch
# Upstream does not plan to release 1.1.19 officially but there is still some
# maintenance going on in the "1.1-maint" branch. All patches below are part
# of the upstream branch.
# The idea of this patch list is to basically produce a "1.1.19 (Fedora)"
# version based on the official 1.1.18 release (gpg signed) without
# cherry-picking or selecting patches based on importance.
Patch10: %{name}-10-b3595368-secure_erase-avoid-collateral-damage.patch
Patch11: %{name}-11-0cfb355e-hashindex_compact-fix-eval-order-check-idx-before-use.patch
Patch12: %{name}-12-7b908b54-docs-json-progress_percent-some-values-are-optional.patch
Patch13: %{name}-13-6655d7c7-update-archive_progress-json-description-about-finished.patch
Patch14: %{name}-14-2bbed670-check-try-harder-to-create-the-key.patch
Patch15: %{name}-15-d3c22a7b-list-fix-flags-WIDTH-formatting.patch
Patch16: %{name}-16-bf0edc5e-use-a-custom-mkstemp-with-mode-support.patch
# sys.audit was added in Python 3.8 so the patch is not only for Python 3.5 as
# the upstream commit seems to indicate.
Patch17: %{name}-17-324a1f85-mkstemp_mode-adapt-for-python36.patch
Patch18: %{name}-18-6448b656-fallback-to-compiler-defines-when-BYTE_ORDER-is-not-available.patch
Patch19: %{name}-19-deb7fa06-simplify-the-endianity-handling.patch
Patch20: %{name}-20-63beb57b-additional-cleanup.patch
Patch21: %{name}-21-04d2f7ed-fix-build-error-caused-by-ntohs-ntohl.patch
Patch22: %{name}-22-9d5631f8-bump-msgpack-to-borg2-after-build-fix-backports.patch
Patch23: %{name}-23-793104ff-auto-compressor-tests-dont-assume-a-specific-size.patch
Patch24: %{name}-24-a6cd0fd2-auto-compressor-tests-do-not-assume-zlib-is-better-than-lz4.patch
# fixes for CVE-2023-36811 and TAM usability improvements
Patch30: %{name}-30-df753c03-borg_workarounds-authenticated_no_key.patch
Patch31: %{name}-31-d2f653e8-check-rebuild_manifest-must-verify-archive-tam.patch
Patch32: %{name}-32-52483b26-check-rebuild_refcounts-verify-and-recreate-tam.patch
Patch33: %{name}-33-73eae8cc-cache-sync-check-archive-tam.patch
Patch34: %{name}-34-c58228c2-list-support-tam-placeholder.patch
Patch35: %{name}-35-005662a8-update-archives-tam.patch
Patch36: %{name}-36-update-allow-enable-disable-manifest-tam.patch
Patch37: %{name}-37-2095225a-tam-msgs-be-more-specific.patch
Patch38: %{name}-38-ead49d4a-rebuild_refcounts-keep-archive-id.patch
Patch39: %{name}-39-44c17e3f-add-tests-for-archive-tams.patch
Patch40: %{name}-40-5b2d4711-implement-borg_workarounds-ignore_invalid_archive_tam.patch
Patch41: %{name}-41-e0542077-check-improve-logging-for-tam-issues.patch
Patch42: %{name}-42-73f7e670-add-cve-2023-36811-release-notes.patch
BuildRequires: gnupg2
# build
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-packaging
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-setuptools_scm
BuildRequires: python%{python3_pkgversion}-Cython
BuildRequires: python%{python3_pkgversion}-llfuse >= 1.3.4
%if %bundle_msgpack
Provides: bundled(python%{python3_pkgversion}-msgpack) = 0.5.6
# requirements for bundled msgpack
BuildRequires: gcc-c++
%else
BuildRequires: python%{python3_pkgversion}-msgpack <= 0.5.6
%endif
# test
BuildRequires: python%{python3_pkgversion}-pytest
# doc
BuildRequires: python%{python3_pkgversion}-sphinx
# no python deps
BuildRequires: gcc
BuildRequires: openssl-devel >= 1.0.0
BuildRequires: fuse-devel
BuildRequires: libacl-devel
BuildRequires: libb2-devel
BuildRequires: lz4-devel >= 1.7.0
BuildRequires: libzstd-devel >= 1.3.0
BuildRequires: xxhash-devel >= 0.6.5
%if ! %bundle_msgpack
Requires: python%{python3_pkgversion}-msgpack <= 0.5.6
%endif
Requires: python%{python3_pkgversion}-setuptools
Requires: python%{python3_pkgversion}-llfuse >= 1.3.4
Requires: fuse
%description
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it
supports compression and authenticated encryption.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
rm -rf %{srcname}.egg-info
# remove copies of bundled libraries to ensure these don't end up in our
# binaries
rm -rf src/borg/algorithms/{blake2,lz4,zstd}
# remove precompiled Cython code to ensure we always built "from source"
find src/ -name '*.pyx' | sed -e 's/.pyx/.c/g' | xargs rm -f
%if %bundle_msgpack
# bundled msgpack uses C++ for its generated sources
find src/ -name '*.pyx' | sed -e 's/.pyx/.cpp/g' | xargs rm -f
# better name for inclusion in %%license
cp -a docs/3rd_party/msgpack/COPYING COPYING.msgpack
%else
rm -rf src/borg/algorithms/msgpack
# https://bugzilla.redhat.com/show_bug.cgi?id=1630992
sed -i 's/msgpack-python/msgpack/' setup.py
%endif
%build
%if ! %bundle_msgpack
export BORG_EXTERNAL_MSGPACK=True
%endif
%py3_build
# MANPAGE GENERATION
# workaround to dump sphinx_rtd_theme dependency - not needed for manpages
export READTHEDOCS=True
# workaround to include borg module for usage generation
export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.')
make -C docs SPHINXBUILD=sphinx-build-%python3_version man
%install
find . -name *.so -type f -exec chmod 0755 {} \;
%py3_install
install -D -m 0644 docs/_build/man/borg*.1* %{buildroot}%{_mandir}/man1/borg.1
# add shell completions
#%define bash_compdir %(pkg-config --variable=completionsdir bash-completion)
%define bash_compdir %{_prefix}/share/bash-completion/completions
%define zsh_compdir %{_prefix}/share/zsh/site-functions
%define fish_compdir %{_prefix}/share/fish/completions
install -d %{buildroot}%{bash_compdir}
install -d %{buildroot}%{zsh_compdir}
install -d %{buildroot}%{fish_compdir}
install -D -m 0644 scripts/shell_completions/bash/* %{buildroot}%{bash_compdir}
install -D -m 0644 scripts/shell_completions/zsh/* %{buildroot}%{zsh_compdir}
install -D -m 0644 scripts/shell_completions/fish/* %{buildroot}%{fish_compdir}
%check
export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.')
# workaround to prevent test issues with ascii/utf-8 under rhel 7
%if 0%{?rhel} == 7
export LANG=en_US.UTF-8
%endif
# exclude test_fuse: there is no modprobe in mock for fuse
# test_readonly_mount: needs fuse mount
# exclude benchmark: not relevant for package build
TEST_SELECTOR="not test_fuse and not test_readonly_mount and not benchmark"
%if 0%{?rhel} == 7
# exclude test_dash_open: pytest stub has a bug and is fixed in 3.0.2 (epel7 uses 2.9.2)
TEST_SELECTOR="$TEST_SELECTOR and not test_dash_open"
%endif
#py.test-3 -v -k "$TEST_SELECTOR" $PYTHONPATH/borg/testsuite/*.py
##py.test-3 -v "$PYTHONPATH/borg/testsuite/archiver.py::ArchiverTestCase::test_compression_auto_compressible"
py.test-3 -v -k "$TEST_SELECTOR" "$PYTHONPATH/borg/testsuite/archiver.py"
%files
%license LICENSE
%if %bundle_msgpack
%license COPYING.msgpack
%endif
%doc README.rst PKG-INFO AUTHORS
%doc docs/changes.rst
%{_mandir}/man1/*
%{python3_sitearch}/borg
%{python3_sitearch}/borgbackup-%{version}-py%{python3_version}.egg-info
# - files in %%{python3_sitearch}/borg/algorithms/msgpack are licensed under the ASL
# - %%{python3_sitearch}/borg/algorithms/checksums.*.so contains code licensed
# under the zlib license
%{_bindir}/borg
%{_bindir}/borgfs
%{_prefix}/share/bash-completion/completions/*
%{_prefix}/share/zsh/site-functions/*
%{_prefix}/share/fish/completions/*
%changelog
* Fri Sep 08 2023 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.18-2
- add patches to fix CVE-2023-36811
* Sun Jun 05 2022 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.18-1
- update to 1.1.18
* Sun Jul 25 2021 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.17-1
- update to 1.1.17
* Tue Mar 23 2021 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.16-1
- update to 1.1.16
* Fri Dec 25 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.15-1
- update to 1.1.15
* Thu Oct 08 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.14-1
- update to 1.1.14
* Sun Jun 07 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.13-1
- update to 1.1.13
* Sun Mar 08 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.11-1
- update to 1.1.11
* Mon Oct 14 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.10-2
- bump release to trigger a new koji build
* Sun Oct 13 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.10-1
- initial packaging for EPEL8