%global srcname borgbackup %if 0%{?fedora} || 0%{?rhel} == 8 %global bundle_msgpack 1 %else %global bundle_msgpack 0 %endif Name: %{srcname} Version: 1.1.18 Release: 2%{?dist} Summary: A deduplicating backup program with compression and authenticated encryption %if %bundle_msgpack License: BSD and ASL 2.0 and zlib %else License: BSD and zlib %endif URL: https://borgbackup.readthedocs.org Source0: %pypi_source Source1: %pypi_source.asc # upstream publishes only key ids: # https://borgbackup.readthedocs.io/en/stable/support.html#verifying-signed-releases # gpg2 --export --export-options export-minimal "6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393" > gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg Source2: gpgkey-6D5B_EF9A_DD20_7580_5747_B70F_9F88_FB52_FAF7_B393.gpg # we don't need the guzzley_sphinx theme for only man page generation Patch1: 0002-disable-sphinx-man-page-build.patch # ability not to build bundled msgpack Patch2: 0003-ability-to-unbundle-msgpack.patch # EPEL 7/8 only ship Sphinx 1.x so we need to revert the upstream change # which provides Sphinx 4.x compatibility. # https://github.com/borgbackup/borg/commit/396807e268775117e7e9ff981fdfedf80c77a5a7 Patch3: borgbackup-sphinx-1.x-support.patch # Upstream does not plan to release 1.1.19 officially but there is still some # maintenance going on in the "1.1-maint" branch. All patches below are part # of the upstream branch. # The idea of this patch list is to basically produce a "1.1.19 (Fedora)" # version based on the official 1.1.18 release (gpg signed) without # cherry-picking or selecting patches based on importance. Patch10: %{name}-10-b3595368-secure_erase-avoid-collateral-damage.patch Patch11: %{name}-11-0cfb355e-hashindex_compact-fix-eval-order-check-idx-before-use.patch Patch12: %{name}-12-7b908b54-docs-json-progress_percent-some-values-are-optional.patch Patch13: %{name}-13-6655d7c7-update-archive_progress-json-description-about-finished.patch Patch14: %{name}-14-2bbed670-check-try-harder-to-create-the-key.patch Patch15: %{name}-15-d3c22a7b-list-fix-flags-WIDTH-formatting.patch Patch16: %{name}-16-bf0edc5e-use-a-custom-mkstemp-with-mode-support.patch # sys.audit was added in Python 3.8 so the patch is not only for Python 3.5 as # the upstream commit seems to indicate. Patch17: %{name}-17-324a1f85-mkstemp_mode-adapt-for-python36.patch Patch18: %{name}-18-6448b656-fallback-to-compiler-defines-when-BYTE_ORDER-is-not-available.patch Patch19: %{name}-19-deb7fa06-simplify-the-endianity-handling.patch Patch20: %{name}-20-63beb57b-additional-cleanup.patch Patch21: %{name}-21-04d2f7ed-fix-build-error-caused-by-ntohs-ntohl.patch Patch22: %{name}-22-9d5631f8-bump-msgpack-to-borg2-after-build-fix-backports.patch Patch23: %{name}-23-793104ff-auto-compressor-tests-dont-assume-a-specific-size.patch Patch24: %{name}-24-a6cd0fd2-auto-compressor-tests-do-not-assume-zlib-is-better-than-lz4.patch # fixes for CVE-2023-36811 and TAM usability improvements Patch30: %{name}-30-df753c03-borg_workarounds-authenticated_no_key.patch Patch31: %{name}-31-d2f653e8-check-rebuild_manifest-must-verify-archive-tam.patch Patch32: %{name}-32-52483b26-check-rebuild_refcounts-verify-and-recreate-tam.patch Patch33: %{name}-33-73eae8cc-cache-sync-check-archive-tam.patch Patch34: %{name}-34-c58228c2-list-support-tam-placeholder.patch Patch35: %{name}-35-005662a8-update-archives-tam.patch Patch36: %{name}-36-update-allow-enable-disable-manifest-tam.patch Patch37: %{name}-37-2095225a-tam-msgs-be-more-specific.patch Patch38: %{name}-38-ead49d4a-rebuild_refcounts-keep-archive-id.patch Patch39: %{name}-39-44c17e3f-add-tests-for-archive-tams.patch Patch40: %{name}-40-5b2d4711-implement-borg_workarounds-ignore_invalid_archive_tam.patch Patch41: %{name}-41-e0542077-check-improve-logging-for-tam-issues.patch Patch42: %{name}-42-73f7e670-add-cve-2023-36811-release-notes.patch BuildRequires: gnupg2 # build BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-packaging BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-setuptools_scm BuildRequires: python%{python3_pkgversion}-Cython BuildRequires: python%{python3_pkgversion}-llfuse >= 1.3.4 %if %bundle_msgpack Provides: bundled(python%{python3_pkgversion}-msgpack) = 0.5.6 # requirements for bundled msgpack BuildRequires: gcc-c++ %else BuildRequires: python%{python3_pkgversion}-msgpack <= 0.5.6 %endif # test BuildRequires: python%{python3_pkgversion}-pytest # doc BuildRequires: python%{python3_pkgversion}-sphinx # no python deps BuildRequires: gcc BuildRequires: openssl-devel >= 1.0.0 BuildRequires: fuse-devel BuildRequires: libacl-devel BuildRequires: libb2-devel BuildRequires: lz4-devel >= 1.7.0 BuildRequires: libzstd-devel >= 1.3.0 BuildRequires: xxhash-devel >= 0.6.5 %if ! %bundle_msgpack Requires: python%{python3_pkgversion}-msgpack <= 0.5.6 %endif Requires: python%{python3_pkgversion}-setuptools Requires: python%{python3_pkgversion}-llfuse >= 1.3.4 Requires: fuse %description BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 rm -rf %{srcname}.egg-info # remove copies of bundled libraries to ensure these don't end up in our # binaries rm -rf src/borg/algorithms/{blake2,lz4,zstd} # remove precompiled Cython code to ensure we always built "from source" find src/ -name '*.pyx' | sed -e 's/.pyx/.c/g' | xargs rm -f %if %bundle_msgpack # bundled msgpack uses C++ for its generated sources find src/ -name '*.pyx' | sed -e 's/.pyx/.cpp/g' | xargs rm -f # better name for inclusion in %%license cp -a docs/3rd_party/msgpack/COPYING COPYING.msgpack %else rm -rf src/borg/algorithms/msgpack # https://bugzilla.redhat.com/show_bug.cgi?id=1630992 sed -i 's/msgpack-python/msgpack/' setup.py %endif %build %if ! %bundle_msgpack export BORG_EXTERNAL_MSGPACK=True %endif %py3_build # MANPAGE GENERATION # workaround to dump sphinx_rtd_theme dependency - not needed for manpages export READTHEDOCS=True # workaround to include borg module for usage generation export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.') make -C docs SPHINXBUILD=sphinx-build-%python3_version man %install find . -name *.so -type f -exec chmod 0755 {} \; %py3_install install -D -m 0644 docs/_build/man/borg*.1* %{buildroot}%{_mandir}/man1/borg.1 # add shell completions #%define bash_compdir %(pkg-config --variable=completionsdir bash-completion) %define bash_compdir %{_prefix}/share/bash-completion/completions %define zsh_compdir %{_prefix}/share/zsh/site-functions %define fish_compdir %{_prefix}/share/fish/completions install -d %{buildroot}%{bash_compdir} install -d %{buildroot}%{zsh_compdir} install -d %{buildroot}%{fish_compdir} install -D -m 0644 scripts/shell_completions/bash/* %{buildroot}%{bash_compdir} install -D -m 0644 scripts/shell_completions/zsh/* %{buildroot}%{zsh_compdir} install -D -m 0644 scripts/shell_completions/fish/* %{buildroot}%{fish_compdir} %check export PYTHONPATH=$(pwd)/build/$(ls build/ | grep 'lib.') # workaround to prevent test issues with ascii/utf-8 under rhel 7 %if 0%{?rhel} == 7 export LANG=en_US.UTF-8 %endif # exclude test_fuse: there is no modprobe in mock for fuse # test_readonly_mount: needs fuse mount # exclude benchmark: not relevant for package build TEST_SELECTOR="not test_fuse and not test_readonly_mount and not benchmark" %if 0%{?rhel} == 7 # exclude test_dash_open: pytest stub has a bug and is fixed in 3.0.2 (epel7 uses 2.9.2) TEST_SELECTOR="$TEST_SELECTOR and not test_dash_open" %endif #py.test-3 -v -k "$TEST_SELECTOR" $PYTHONPATH/borg/testsuite/*.py ##py.test-3 -v "$PYTHONPATH/borg/testsuite/archiver.py::ArchiverTestCase::test_compression_auto_compressible" py.test-3 -v -k "$TEST_SELECTOR" "$PYTHONPATH/borg/testsuite/archiver.py" %files %license LICENSE %if %bundle_msgpack %license COPYING.msgpack %endif %doc README.rst PKG-INFO AUTHORS %doc docs/changes.rst %{_mandir}/man1/* %{python3_sitearch}/borg %{python3_sitearch}/borgbackup-%{version}-py%{python3_version}.egg-info # - files in %%{python3_sitearch}/borg/algorithms/msgpack are licensed under the ASL # - %%{python3_sitearch}/borg/algorithms/checksums.*.so contains code licensed # under the zlib license %{_bindir}/borg %{_bindir}/borgfs %{_prefix}/share/bash-completion/completions/* %{_prefix}/share/zsh/site-functions/* %{_prefix}/share/fish/completions/* %changelog * Fri Sep 08 2023 Felix Schwarz - 1.1.18-2 - add patches to fix CVE-2023-36811 * Sun Jun 05 2022 Felix Schwarz - 1.1.18-1 - update to 1.1.18 * Sun Jul 25 2021 Felix Schwarz - 1.1.17-1 - update to 1.1.17 * Tue Mar 23 2021 Felix Schwarz - 1.1.16-1 - update to 1.1.16 * Fri Dec 25 2020 Felix Schwarz - 1.1.15-1 - update to 1.1.15 * Thu Oct 08 2020 Felix Schwarz - 1.1.14-1 - update to 1.1.14 * Sun Jun 07 2020 Felix Schwarz - 1.1.13-1 - update to 1.1.13 * Sun Mar 08 2020 Felix Schwarz - 1.1.11-1 - update to 1.1.11 * Mon Oct 14 2019 Felix Schwarz - 1.1.10-2 - bump release to trigger a new koji build * Sun Oct 13 2019 Felix Schwarz - 1.1.10-1 - initial packaging for EPEL8