frr/SPECS/frr.spec

407 lines
15 KiB
RPMSpec
Raw Permalink Normal View History

2022-11-08 06:47:34 +00:00
%global frrversion 7.5.1
%global frr_libdir /usr/libexec/frr
2019-11-05 19:43:51 +00:00
%global _hardened_build 1
2022-11-08 06:47:34 +00:00
%global selinuxtype targeted
%bcond_without selinux
2019-11-05 19:43:51 +00:00
Name: frr
2022-11-08 06:47:34 +00:00
Version: 7.5.1
Release: 13%{?checkout}%{?dist}.4.alma.1
2019-11-05 19:43:51 +00:00
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
2021-05-18 06:57:28 +00:00
Source1: %{name}-tmpfiles.conf
2022-11-08 06:47:34 +00:00
Source2: frr.fc
Source3: frr.te
Source4: frr.if
2019-11-05 19:43:51 +00:00
BuildRequires: perl-generators
BuildRequires: gcc
BuildRequires: net-snmp-devel
2021-05-18 06:57:28 +00:00
BuildRequires: texinfo libcap-devel autoconf automake libtool patch groff
2019-11-05 19:43:51 +00:00
BuildRequires: readline readline-devel ncurses ncurses-devel
BuildRequires: git pam-devel c-ares-devel
BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
BuildRequires: python3-devel python3-sphinx python3-pytest
BuildRequires: systemd systemd-devel
2021-05-18 06:57:28 +00:00
BuildRequires: libyang-devel >= 1.0.184
2019-11-05 19:43:51 +00:00
Requires: net-snmp ncurses
Requires(post): systemd /sbin/install-info
Requires(preun): systemd /sbin/install-info
Requires(postun): systemd
2020-11-03 11:51:58 +00:00
Requires: iproute
Requires: initscripts
2022-11-08 06:47:34 +00:00
%if 0%{?with_selinux}
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
%endif
2019-11-05 19:43:51 +00:00
Provides: routingdaemon = %{version}-%{release}
2021-05-18 06:57:28 +00:00
Obsoletes: frr-sysvinit quagga frr-contrib
2019-11-05 19:43:51 +00:00
Patch0000: 0000-remove-babeld-and-ldpd.patch
Patch0001: 0001-use-python3.patch
Patch0002: 0002-enable-openssl.patch
Patch0003: 0003-disable-eigrp-crypto.patch
Patch0004: 0004-fips-mode.patch
2020-11-03 11:51:58 +00:00
Patch0006: 0006-CVE-2020-12831.patch
2021-05-18 06:57:28 +00:00
Patch0007: 0007-frrinit.patch
2022-11-08 06:47:34 +00:00
Patch0008: 0008-designated-router.patch
Patch0009: 0009-routemap.patch
Patch0010: 0010-moving-executables.patch
Patch0011: 0011-reload-bfd-profile.patch
2023-05-16 06:06:07 +00:00
Patch0012: 0012-graceful-restart.patch
Patch0013: 0013-CVE-2022-37032.patch
Patch0014: 0014-bfd-profile-crash.patch
# https://git.almalinux.org/rpms/frr/raw/commit/7599d0ae96d0c1d1f42ae62e1f885ee58ed5b0cd/SOURCES/0010-CVE-2023-38802.patch
Patch0015: 0015-CVE-2023-38802.patch
# # https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0015-max-ttl-reload.patch
Patch0016: 0016-max-ttl-reload.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0017-fix-crash-in-plist-update.patch
Patch0017: 0017-fix-crash-in-plist-update.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0018-CVE-2023-38406.patch
Patch0018: 0018-CVE-2023-38406.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0019-CVE-2023-38407.patch
Patch0019: 0019-CVE-2023-38407.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0020-CVE-2023-47234.patch
Patch0020: 0020-CVE-2023-47234.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/blob/2dfcf2f37454302c56d8713db9d9d16e7d4d36d3/0021-CVE-2023-47235.patch
Patch0021: 0021-CVE-2023-47235.patch
# https://gitlab.com/redhat/centos-stream/rpms/frr/-/commit/45e41b61fde135e3f5efd5e6d6bb434a1230a45d
Patch0022: 0022-dynamic-netlink-buffer.patch
2019-11-05 19:43:51 +00:00
%description
FRRouting is free software that manages TCP/IP based routing protocols. It takes
a multi-server and multi-threaded approach to resolve the current complexity
of the Internet.
FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
FRRouting is a fork of Quagga.
2022-11-08 06:47:34 +00:00
%if 0%{?with_selinux}
%package selinux
Summary: Selinux policy for FRR
BuildArch: noarch
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
%{?selinux_requires}
%description selinux
SELinux policy modules for FRR package
%endif
2019-11-05 19:43:51 +00:00
%prep
%autosetup -S git
2022-11-08 06:47:34 +00:00
#SELinux
mkdir selinux
cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux
2019-11-05 19:43:51 +00:00
%build
autoreconf -ivf
%configure \
--sbindir=%{frr_libdir} \
--sysconfdir=%{_sysconfdir}/frr \
--libdir=%{_libdir}/frr \
--libexecdir=%{_libexecdir}/frr \
--localstatedir=%{_localstatedir}/run/frr \
--enable-snmp=agentx \
--enable-multipath=64 \
--enable-vtysh=yes \
--enable-ospfclient=no \
--enable-ospfapi=no \
--enable-user=frr \
--enable-group=frr \
2021-05-18 06:57:28 +00:00
--enable-vty-group=frrvty \
2019-11-05 19:43:51 +00:00
--enable-rtadv \
--disable-exampledir \
--enable-systemd=yes \
--enable-static=no \
--disable-ldpd \
--disable-babeld \
--with-moduledir=%{_libdir}/frr/modules \
--with-crypto=openssl \
--enable-fpm
%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
pushd doc
make info
popd
2022-11-08 06:47:34 +00:00
#SELinux policy
%if 0%{?with_selinux}
make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
bzip2 -9 selinux/%{name}.pp
%endif
2019-11-05 19:43:51 +00:00
%install
mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
%{buildroot}/var/log/frr %{buildroot}%{_infodir} \
%{buildroot}%{_unitdir}
mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
2021-05-18 06:57:28 +00:00
mkdir -p %{buildroot}%{_tmpfilesdir}
2019-11-05 19:43:51 +00:00
%make_install
# Remove this file, as it is uninstalled and causes errors when building on RH9
rm -rf %{buildroot}/usr/share/info/dir
2021-05-18 06:57:28 +00:00
install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
2019-11-05 19:43:51 +00:00
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
install -d -m 775 %{buildroot}/run/frr
2022-11-08 06:47:34 +00:00
%if 0%{?with_selinux}
install -D -m 644 selinux/%{name}.pp.bz2 \
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
%endif
2019-11-05 19:43:51 +00:00
rm %{buildroot}%{_libdir}/frr/*.la
rm %{buildroot}%{_libdir}/frr/modules/*.la
2021-05-18 06:57:28 +00:00
#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
rm %{buildroot}%{_libdir}/frr/*.so
rm -r %{buildroot}%{_includedir}/frr/
2019-11-05 19:43:51 +00:00
%pre
2021-05-18 06:57:28 +00:00
getent group fttvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || :
getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || :
getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
2019-11-05 19:43:51 +00:00
-c "FRRouting suite" -d %{_localstatedir}/run/frr frr || :
2021-05-18 06:57:28 +00:00
usermod -aG frrvty frr
2019-11-05 19:43:51 +00:00
%post
2022-11-08 06:47:34 +00:00
#Because we move files to /usr/libexec, we need to reload .service files as well
/usr/bin/systemctl daemon-reload
2019-11-05 19:43:51 +00:00
%systemd_post frr.service
if [ -f %{_infodir}/%{name}.inf* ]; then
install-info %{_infodir}/frr.info %{_infodir}/dir || :
fi
# Create dummy files if they don't exist so basic functions can be used.
if [ ! -e %{_sysconfdir}/frr/zebra.conf ]; then
echo "hostname `hostname`" > %{_sysconfdir}/frr/zebra.conf
chown frr:frr %{_sysconfdir}/frr/zebra.conf
chmod 640 %{_sysconfdir}/frr/zebra.conf
fi
if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
2021-05-18 06:57:28 +00:00
echo 'no service integrated-vtysh-config' > %{_sysconfdir}/frr/vtysh.conf
2019-11-05 19:43:51 +00:00
chmod 640 %{_sysconfdir}/frr/vtysh.conf
2021-05-18 06:57:28 +00:00
chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
fi
#Making sure that the old format of config file still works
#Checking whether .rpmnew conf file is present - in that case I want to change the old config
if [ -e %{_sysconfdir}/frr/daemons.rpmnew ]; then
sed -i s'/watchfrr_/#watchfrr_/g' %{_sysconfdir}/frr/daemons
sed -i s'/zebra=/#zebra=/g' %{_sysconfdir}/frr/daemons
2019-11-05 19:43:51 +00:00
fi
%postun
%systemd_postun_with_restart frr.service
#only when removing the package
if [ $1 -ge 0 ]; then
if [ -f %{_infodir}/%{name}.inf* ]; then
install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
fi
fi
%preun
%systemd_preun frr.service
2022-11-08 06:47:34 +00:00
#SELinux
%if 0%{?with_selinux}
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%selinux_relabel_post -s %{selinuxtype}
#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
2023-05-16 06:06:07 +00:00
if [ $1 == 2 ]; then
%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
fi
2022-11-08 06:47:34 +00:00
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{name}
%selinux_relabel_post -s %{selinuxtype}
fi
%endif
2019-11-05 19:43:51 +00:00
%check
make check PYTHON=%{__python3}
%files
%defattr(-,root,root)
%license COPYING
%doc zebra/zebra.conf.sample
%doc isisd/isisd.conf.sample
%doc ripd/ripd.conf.sample
%doc bgpd/bgpd.conf.sample*
%doc ospfd/ospfd.conf.sample
%doc ospf6d/ospf6d.conf.sample
%doc ripngd/ripngd.conf.sample
%doc pimd/pimd.conf.sample
%doc doc/mpls
2021-05-18 06:57:28 +00:00
%dir %attr(740,frr,frr) %{_sysconfdir}/frr
2019-11-05 19:43:51 +00:00
%dir %attr(755,frr,frr) /var/log/frr
%dir %attr(755,frr,frr) /run/frr
%{_infodir}/*info*
%{_mandir}/man*/*
2021-05-18 06:57:28 +00:00
%dir %{frr_libdir}/
2019-11-05 19:43:51 +00:00
%{frr_libdir}/*
%{_bindir}/*
%dir %{_libdir}/frr
%{_libdir}/frr/*.so.*
2021-05-18 06:57:28 +00:00
%dir %{_libdir}/frr/modules/
2019-11-05 19:43:51 +00:00
%{_libdir}/frr/modules/*
%config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
2021-05-18 06:57:28 +00:00
%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
2019-11-05 19:43:51 +00:00
%config(noreplace) /etc/pam.d/frr
%{_unitdir}/*.service
2021-05-18 06:57:28 +00:00
%dir /usr/share/yang
2019-11-05 19:43:51 +00:00
/usr/share/yang/*.yang
2021-05-18 06:57:28 +00:00
%{_tmpfilesdir}/%{name}.conf
2019-11-05 19:43:51 +00:00
2022-11-08 06:47:34 +00:00
%if 0%{?with_selinux}
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
%{_datadir}/selinux/devel/include/distributed/%{name}.if
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%endif
2019-11-05 19:43:51 +00:00
%changelog
* Wed Feb 21 2024 Eduard Abdullin <eabdullin@almalinux.org> - 7.5.1-13.4.alma.1
- zebra: Make netlink buffer reads resizeable when needed
* Fri Jan 12 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 7.5.1-13.3.alma.1
- Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c
- Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c
- Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
- Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message
- Resolves: RHEL-12039 - crash in plist update
2024-01-12 13:40:50 +00:00
* Tue Oct 10 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-13
- Resolves: RHEL-2263 - eBGP multihop peer flapping due to delta miscalculation of new configuration
* Wed Aug 23 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-12
- Resolves: #2216911 - Adding missing sys_admin SELinux call
* Mon Aug 21 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-11
- Related: #2216911 - Adding unconfined_t type to access namespaces
* Thu Aug 17 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-10
- Related: #2226803 - Adding patch
* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-9
- Resolves: #2226803 - BFD crash in FRR running in MetalLB
* Fri Aug 11 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-8
- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
2023-05-16 06:06:07 +00:00
* Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
- Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
* Tue Nov 29 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
- Resolves: #1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context
* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-5
- Resolves: #2127140 - Frr is unable to push routes to the system routing table
* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
- Resolves: #1948422 - BGP incorrectly withdraws routes on graceful restart capable routers
2022-11-08 06:47:34 +00:00
* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
- Resolves: #2054160 - FRR reloader does not disable BFD when unsetting BFD profile
* Wed Aug 24 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
- Resolves: #1941765 - AVCs while running frr tests on RHEL 8.4.0 Beta-1.2
- Resolves: #1714984 - SELinux policy (daemons) changes required for package
* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
- Resolves: #2018451 - Rebase of frr to version 7.5.1
- Resolves: #1975361 - the dynamic routing setup does not work any more
2022-05-10 07:00:03 +00:00
* Wed Jan 05 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-11
- Resolves: #2034328 - Bfdd crash in metallb CI
2022-02-01 20:11:33 +00:00
2022-05-10 07:00:03 +00:00
* Tue Jan 04 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-10
- Resolves: #2020878 - frr ospfd show ip ospf interface does not show designated router info
* Fri Dec 10 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-9
- Resolves: #2029958 - FRR reloader generating invalid BFD configurations, exits with error
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-8
- Resolves: #2021819 - Rebuilding for the new json-c
* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-7
- Related: #1917269 - Wrong value in gating file
* Fri Sep 17 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-6
- Related: #1917269 - Incomplete patch, adding gating rules
* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-5
- Resolves: #1979426 - Unable to configure OSPF in multi-instance mode
- Resolves: #1917269 - vtysh running-config output not showing bgp ttl-security hops option
2022-02-01 20:11:33 +00:00
2021-05-18 06:57:28 +00:00
* Tue Jan 12 2021 root - 7.5-4
- Related: #1889323 - Fixing start-up with old config file
* Mon Jan 11 2021 root - 7.5-3
- Related: #1889323 - Reverting to non-integrated cofiguration
* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-2
- Related: #1889323 - Obsoleting frr-contrib
* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
- Resolves: #1889323 - [RFE] Rebase FRR to 7.5
2020-11-03 11:51:58 +00:00
* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-10
- Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881
* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-9
- Resolves: #1852476 - default permission issue eases information leaks
* Tue May 05 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-8
- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
* Mon May 04 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-7
- Resolves: #1758544 - IGMPv3 queries may lead to DoS
* Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6
- Resolves: #1776342 - frr has missing dependency on iproute
2019-11-05 19:43:51 +00:00
* Tue Sep 03 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-5
- Resolves: #1719465 - Removal of component Frr or its crypto
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-4
- Related: #1657029 - frr-contrib is back, it is breaking the rpmdeplint test
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-3
- Related: #1657029 - more cleanup, removed frr-contrib, frrvt changed to frrvty
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
- Related: #1657029 - cleaning specfile, adding Requires on libyang-devel
* Wed May 29 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-1
- Resolves: #1657029 - Add FRR as a replacement of Quagga in RHEL 8