diff --git a/oci-seccomp-bpf-hook.spec b/oci-seccomp-bpf-hook.spec index ac1df60..8ec4de8 100644 --- a/oci-seccomp-bpf-hook.spec +++ b/oci-seccomp-bpf-hook.spec @@ -25,20 +25,28 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl %global project containers %global repo oci-seccomp-bpf-hook # https://github.com/containers/oci-seccomp-bpf-hook -%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} -%global import_path %{provider_prefix} +%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo} +# To build a random user's fork/commit, comment out above line, +# uncomment below line and replace the placeholders and commit0 below with the right info +#%%global git0 https://github.com/$GITHUB_USER/$GITHUB_USER_REPO +%global commit0 4e42394b75ecb2185d18dd3a7872df1dec5d3bcb +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) + +# Used for comparing with latest upstream tag +# to decide whether to autobuild (non-rawhide only) +%define built_tag v1.2.1 # use the same arch definitions as present in the bcc package ExclusiveArch: x86_64 %{power64} aarch64 s390x armv7hl Name: oci-seccomp-bpf-hook -Version: 1.2.0 -Release: 5%{?dist} +Version: 1.2.2 +Release: 0.1.git%{shortcommit0}%{?dist} Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container License: ASL 2.0 URL: %{git0} -Source0: %{git0}/archive/v%{version}.tar.gz +Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildRequires: golang BuildRequires: go-md2man BuildRequires: glib2-devel @@ -57,7 +65,7 @@ Enhances: cri-o the Container Pod concept popularized by Kubernetes. %prep -%autosetup -Sgit +%autosetup -Sgit -n %{name}-%{commit0} sed -i '/$(MAKE) -C docs install/d' Makefile sed -i 's/HOOK_BIN_DIR/\%{_usr}\/libexec\/oci\/hooks.d/' %{name}.json sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile @@ -65,7 +73,21 @@ sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile %build export GO111MODULE=off export GOPATH=$(pwd):$(pwd)/_build -export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall \ + -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 \ + -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 \ + -ffat-lto-objects -fexceptions \ + -fasynchronous-unwind-tables -fstack-protector-strong \ + -fstack-clash-protection -D_GNU_SOURCE \ + -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +%ifarch x86_64 +export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic" +%if 0%{?fedora} || 0%{?centos} >= 8 +export CGO_CFLAGS="$CGO_CFLAGS -fcf-protection" +%endif +%endif +# These extra flags present in %%{optflags} have been skipped for now as they break the build +#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" mkdir _build pushd _build @@ -115,6 +137,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_mandir}/man1/%{name}.1* %changelog +* Wed Jan 27 2021 Lokesh Mandvekar - 1.2.2-0.1.git4e42394 +- built latest master commit + * Tue Jan 26 2021 Fedora Release Engineering - 1.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index 4632587..9aeb6a5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.2.0.tar.gz) = 9d686380bd250278b038660fa13085801396493bcfd71754d943840ad9af47f6206c33515b4a876460c67e8e2092fe22493d1c64acafff9d24585cb713c0b888 +SHA512 (oci-seccomp-bpf-hook-4e42394.tar.gz) = b4754eea37a448c1cefb5f67af797c5f1b7e675282afed891a102b54a61b45732f87a8a348b9b653616288765689fb49bf8179e867eb4b4aa1c80030e9edba3b