Blob Blame History Raw
%global srcname borgbackup

%if 0%{?fedora} || 0%{?rhel} == 8
  %global bundle_msgpack 1
%else
  %global bundle_msgpack 0
%endif

Name:           %{srcname}
Version:        1.1.18
Release:        2%{?dist}
Summary:        A deduplicating backup program with compression and authenticated encryption

%if %bundle_msgpack
License:        BSD and ASL 2.0 and zlib
%else
License:        BSD and zlib
%endif

URL:            https://borgbackup.readthedocs.org
Source0:        %pypi_source
Source1:        %pypi_source.asc
# upstream publishes only key ids:
#    https://borgbackup.readthedocs.io/en/stable/support.html#verifying-signed-releases
# gpg2 --export --export-options export-minimal "6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393" > gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg
Source2:        gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg

# we don't need the guzzley_sphinx theme for only man page generation
Patch1:         0002-disable-sphinx-man-page-build.patch
# ability not to build bundled msgpack
Patch2:         0003-ability-to-unbundle-msgpack.patch
# EPEL 7/8 only ship Sphinx 1.x so we need to revert the upstream change
# which provides Sphinx 4.x compatibility.
# https://github.com/borgbackup/borg/commit/396807e268775117e7e9ff981fdfedf80c77a5a7
Patch3:         borgbackup-sphinx-1.x-support.patch

# Upstream does not plan to release 1.1.19 officially but there is still some
# maintenance going on in the "1.1-maint" branch. All patches below are part
# of the upstream branch.
# The idea of this patch list is to basically produce a "1.1.19 (Fedora)"
# version based on the official 1.1.18 release (gpg signed) without
# cherry-picking or selecting patches based on importance.
Patch10:        %{name}-10-b3595368-secure_erase-avoid-collateral-damage.patch
Patch11:        %{name}-11-0cfb355e-hashindex_compact-fix-eval-order-check-idx-before-use.patch
Patch12:        %{name}-12-7b908b54-docs-json-progress_percent-some-values-are-optional.patch
Patch13:        %{name}-13-6655d7c7-update-archive_progress-json-description-about-finished.patch
Patch14:        %{name}-14-2bbed670-check-try-harder-to-create-the-key.patch
Patch15:        %{name}-15-d3c22a7b-list-fix-flags-WIDTH-formatting.patch
Patch16:        %{name}-16-bf0edc5e-use-a-custom-mkstemp-with-mode-support.patch
# sys.audit was added in Python 3.8 so the patch is not only for Python 3.5 as
# the upstream commit seems to indicate.
Patch17:        %{name}-17-324a1f85-mkstemp_mode-adapt-for-python36.patch
Patch18:        %{name}-18-6448b656-fallback-to-compiler-defines-when-BYTE_ORDER-is-not-available.patch
Patch19:        %{name}-19-deb7fa06-simplify-the-endianity-handling.patch
Patch20:        %{name}-20-63beb57b-additional-cleanup.patch
Patch21:        %{name}-21-04d2f7ed-fix-build-error-caused-by-ntohs-ntohl.patch
Patch22:        %{name}-22-9d5631f8-bump-msgpack-to-borg2-after-build-fix-backports.patch
Patch23:        %{name}-23-793104ff-auto-compressor-tests-dont-assume-a-specific-size.patch
Patch24:        %{name}-24-a6cd0fd2-auto-compressor-tests-do-not-assume-zlib-is-better-than-lz4.patch

# fixes for CVE-2023-36811 and TAM usability improvements
Patch30:        %{name}-30-df753c03-borg_workarounds-authenticated_no_key.patch
Patch31:        %{name}-31-d2f653e8-check-rebuild_manifest-must-verify-archive-tam.patch
Patch32:        %{name}-32-52483b26-check-rebuild_refcounts-verify-and-recreate-tam.patch
Patch33:        %{name}-33-73eae8cc-cache-sync-check-archive-tam.patch
Patch34:        %{name}-34-c58228c2-list-support-tam-placeholder.patch
Patch35:        %{name}-35-005662a8-update-archives-tam.patch
Patch36:        %{name}-36-update-allow-enable-disable-manifest-tam.patch
Patch37:        %{name}-37-2095225a-tam-msgs-be-more-specific.patch
Patch38:        %{name}-38-ead49d4a-rebuild_refcounts-keep-archive-id.patch
Patch39:        %{name}-39-44c17e3f-add-tests-for-archive-tams.patch
Patch40:        %{name}-40-5b2d4711-implement-borg_workarounds-ignore_invalid_archive_tam.patch
Patch41:        %{name}-41-e0542077-check-improve-logging-for-tam-issues.patch
Patch42:        %{name}-42-73f7e670-add-cve-2023-36811-release-notes.patch


BuildRequires:  gnupg2
# build
BuildRequires:  python%{python3_pkgversion}-devel
BuildRequires:  python%{python3_pkgversion}-packaging
BuildRequires:  python%{python3_pkgversion}-setuptools
BuildRequires:  python%{python3_pkgversion}-setuptools_scm
BuildRequires:  python%{python3_pkgversion}-Cython
BuildRequires:  python%{python3_pkgversion}-llfuse >= 1.3.4

%if %bundle_msgpack
Provides:       bundled(python%{python3_pkgversion}-msgpack) = 0.5.6
# requirements for bundled msgpack
BuildRequires:  gcc-c++
%else
BuildRequires:  python%{python3_pkgversion}-msgpack <= 0.5.6
%endif

# test
BuildRequires:  python%{python3_pkgversion}-pytest

# doc
BuildRequires:  python%{python3_pkgversion}-sphinx

# no python deps
BuildRequires:  gcc
BuildRequires:  openssl-devel >= 1.0.0
BuildRequires:  fuse-devel
BuildRequires:  libacl-devel
BuildRequires:  libb2-devel
BuildRequires:  lz4-devel >= 1.7.0
BuildRequires:  libzstd-devel >= 1.3.0
BuildRequires:  xxhash-devel >= 0.6.5

%if ! %bundle_msgpack
Requires:       python%{python3_pkgversion}-msgpack <= 0.5.6
%endif
Requires:       python%{python3_pkgversion}-setuptools
Requires:       python%{python3_pkgversion}-llfuse >= 1.3.4
Requires:       fuse

%description
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it
supports compression and authenticated encryption.

%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
rm -rf %{srcname}.egg-info

# remove copies of bundled libraries to ensure these don't end up in our
# binaries
rm -rf src/borg/algorithms/{blake2,lz4,zstd}
# remove precompiled Cython code to ensure we always built "from source"
find src/ -name '*.pyx' | sed -e 's/.pyx/.c/g' | xargs rm -f

%if %bundle_msgpack
  # bundled msgpack uses C++ for its generated sources
  find src/ -name '*.pyx' | sed -e 's/.pyx/.cpp/g' | xargs rm -f

  # better name for inclusion in %%license
  cp -a docs/3rd_party/msgpack/COPYING COPYING.msgpack
%else
  rm -rf src/borg/algorithms/msgpack

  # https://bugzilla.redhat.com/show_bug.cgi?id=1630992
  sed -i 's/msgpack-python/msgpack/' setup.py
%endif


%build
%if ! %bundle_msgpack
    export BORG_EXTERNAL_MSGPACK=True
%endif
%py3_build

# MANPAGE GENERATION
# workaround to dump sphinx_rtd_theme dependency - not needed for manpages
export READTHEDOCS=True

# workaround to include borg module for usage generation
export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.')

make -C docs SPHINXBUILD=sphinx-build-%python3_version man

%install
find . -name *.so -type f -exec chmod 0755 {} \;

%py3_install
install -D -m 0644 docs/_build/man/borg*.1* %{buildroot}%{_mandir}/man1/borg.1

# add shell completions
#%define bash_compdir %(pkg-config --variable=completionsdir bash-completion)
%define bash_compdir %{_prefix}/share/bash-completion/completions
%define zsh_compdir %{_prefix}/share/zsh/site-functions
%define fish_compdir %{_prefix}/share/fish/completions

install -d  %{buildroot}%{bash_compdir}
install -d  %{buildroot}%{zsh_compdir}
install -d  %{buildroot}%{fish_compdir}

install -D -m 0644 scripts/shell_completions/bash/* %{buildroot}%{bash_compdir}
install -D -m 0644 scripts/shell_completions/zsh/* %{buildroot}%{zsh_compdir}
install -D -m 0644 scripts/shell_completions/fish/* %{buildroot}%{fish_compdir}

%check
export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.')

# workaround to prevent test issues with ascii/utf-8 under rhel 7
%if 0%{?rhel} == 7
export LANG=en_US.UTF-8
%endif

# exclude test_fuse: there is no modprobe in mock for fuse
# test_readonly_mount: needs fuse mount
# exclude benchmark: not relevant for package build
TEST_SELECTOR="not test_fuse and not test_readonly_mount and not benchmark"
%if 0%{?rhel} == 7
# exclude test_dash_open: pytest stub has a bug and is fixed in 3.0.2 (epel7 uses 2.9.2)
TEST_SELECTOR="$TEST_SELECTOR and not test_dash_open"
%endif
#py.test-3 -v -k "$TEST_SELECTOR" $PYTHONPATH/borg/testsuite/*.py
##py.test-3 -v "$PYTHONPATH/borg/testsuite/archiver.py::ArchiverTestCase::test_compression_auto_compressible"
py.test-3 -v -k "$TEST_SELECTOR" "$PYTHONPATH/borg/testsuite/archiver.py"

%files
%license LICENSE
%if %bundle_msgpack
  %license COPYING.msgpack
%endif
%doc README.rst PKG-INFO AUTHORS
%doc docs/changes.rst
%{_mandir}/man1/*

%{python3_sitearch}/borg
%{python3_sitearch}/borgbackup-%{version}-py%{python3_version}.egg-info
# - files in %%{python3_sitearch}/borg/algorithms/msgpack are licensed under the ASL
# - %%{python3_sitearch}/borg/algorithms/checksums.*.so contains code licensed
#   under the zlib license
%{_bindir}/borg
%{_bindir}/borgfs
%{_prefix}/share/bash-completion/completions/*
%{_prefix}/share/zsh/site-functions/*
%{_prefix}/share/fish/completions/*


%changelog
* Fri Sep 08 2023 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.18-2
- add patches to fix CVE-2023-36811

* Sun Jun 05 2022 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.18-1
- update to 1.1.18

* Sun Jul 25 2021 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.17-1
- update to 1.1.17

* Tue Mar 23 2021 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.16-1
- update to 1.1.16

* Fri Dec 25 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.15-1
- update to 1.1.15

* Thu Oct 08 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.14-1
- update to 1.1.14

* Sun Jun 07 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.13-1
- update to 1.1.13

* Sun Mar 08 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.11-1
- update to 1.1.11

* Mon Oct 14 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.10-2
- bump release to trigger a new koji build

* Sun Oct 13 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 1.1.10-1
- initial packaging for EPEL8