%global frrversion 7.5 %global frr_libdir /usr/lib/frr %global _hardened_build 1 Name: frr Version: 7.5 Release: 2%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz Source1: %{name}-tmpfiles.conf BuildRequires: perl-generators BuildRequires: gcc BuildRequires: net-snmp-devel BuildRequires: texinfo libcap-devel autoconf automake libtool patch groff BuildRequires: readline readline-devel ncurses ncurses-devel BuildRequires: git pam-devel c-ares-devel BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML BuildRequires: python3-devel python3-sphinx python3-pytest BuildRequires: systemd systemd-devel BuildRequires: libyang-devel >= 1.0.184 Requires: net-snmp ncurses Requires(post): systemd /sbin/install-info Requires(preun): systemd /sbin/install-info Requires(postun): systemd Requires: iproute Requires: initscripts Provides: routingdaemon = %{version}-%{release} Obsoletes: frr-sysvinit quagga frr-contrib Patch0000: 0000-remove-babeld-and-ldpd.patch Patch0001: 0001-use-python3.patch Patch0002: 0002-enable-openssl.patch Patch0003: 0003-disable-eigrp-crypto.patch Patch0004: 0004-fips-mode.patch Patch0006: 0006-CVE-2020-12831.patch %description FRRouting is free software that manages TCP/IP based routing protocols. It takes a multi-server and multi-threaded approach to resolve the current complexity of the Internet. FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. FRRouting is a fork of Quagga. %prep %autosetup -S git %build autoreconf -ivf %configure \ --sbindir=%{frr_libdir} \ --sysconfdir=%{_sysconfdir}/frr \ --libdir=%{_libdir}/frr \ --libexecdir=%{_libexecdir}/frr \ --localstatedir=%{_localstatedir}/run/frr \ --enable-snmp=agentx \ --enable-multipath=64 \ --enable-vtysh=yes \ --enable-ospfclient=no \ --enable-ospfapi=no \ --enable-user=frr \ --enable-group=frr \ --enable-vty-group=frrvty \ --enable-rtadv \ --disable-exampledir \ --enable-systemd=yes \ --enable-static=no \ --disable-ldpd \ --disable-babeld \ --with-moduledir=%{_libdir}/frr/modules \ --with-crypto=openssl \ --enable-fpm %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3} pushd doc make info popd %install mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \ %{buildroot}/var/log/frr %{buildroot}%{_infodir} \ %{buildroot}%{_unitdir} mkdir -p -m 0755 %{buildroot}%{_libdir}/frr mkdir -p %{buildroot}%{_tmpfilesdir} %make_install # Remove this file, as it is uninstalled and causes errors when building on RH9 rm -rf %{buildroot}/usr/share/info/dir install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr install -d -m 775 %{buildroot}/run/frr rm %{buildroot}%{_libdir}/frr/*.la rm %{buildroot}%{_libdir}/frr/modules/*.la #Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed rm %{buildroot}%{_libdir}/frr/*.so rm -r %{buildroot}%{_includedir}/frr/ %pre getent group fttvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || : getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || : getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \ -c "FRRouting suite" -d %{_localstatedir}/run/frr frr || : usermod -aG frrvty frr %post %systemd_post frr.service if [ -f %{_infodir}/%{name}.inf* ]; then install-info %{_infodir}/frr.info %{_infodir}/dir || : fi # Create dummy files if they don't exist so basic functions can be used. if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf chown frr:frr %{_sysconfdir}/frr/frr.conf chmod 640 %{_sysconfdir}/frr/frr.conf fi %postun %systemd_postun_with_restart frr.service #only when removing the package if [ $1 -ge 0 ]; then if [ -f %{_infodir}/%{name}.inf* ]; then install-info --delete %{_infodir}/frr.info %{_infodir}/dir || : fi fi %preun %systemd_preun frr.service %check make check PYTHON=%{__python3} %files %defattr(-,root,root) %license COPYING %doc zebra/zebra.conf.sample %doc isisd/isisd.conf.sample %doc ripd/ripd.conf.sample %doc bgpd/bgpd.conf.sample* %doc ospfd/ospfd.conf.sample %doc ospf6d/ospf6d.conf.sample %doc ripngd/ripngd.conf.sample %doc pimd/pimd.conf.sample %doc doc/mpls %dir %attr(640,frr,frr) %{_sysconfdir}/frr %dir %attr(755,frr,frr) /var/log/frr %dir %attr(755,frr,frr) /run/frr %{_infodir}/*info* %{_mandir}/man*/* %dir %{frr_libdir}/ %{frr_libdir}/* %{_bindir}/* %dir %{_libdir}/frr %{_libdir}/frr/*.so.* %dir %{_libdir}/frr/modules/ %{_libdir}/frr/modules/* %config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr %config(noreplace) %attr(644,frr,frr) /etc/frr/daemons %config(noreplace) /etc/pam.d/frr %{_unitdir}/*.service %dir /usr/share/yang /usr/share/yang/*.yang %{_tmpfilesdir}/%{name}.conf %changelog * Thu Jan 07 2021 Michal Ruprich - 7.5-2 - Related: #1889323 - Obsoleting frr-contrib * Thu Jan 07 2021 Michal Ruprich - 7.5-1 - Resolves: #1889323 - [RFE] Rebase FRR to 7.5 * Thu Aug 20 2020 Michal Ruprich - 7.0-10 - Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881 * Thu Aug 20 2020 Michal Ruprich - 7.0-9 - Resolves: #1852476 - default permission issue eases information leaks * Tue May 05 2020 Michal Ruprich - 7.0-8 - Resolves: #1819319 - frr fails to start start if the initscripts package is missing * Mon May 04 2020 Michal Ruprich - 7.0-7 - Resolves: #1758544 - IGMPv3 queries may lead to DoS * Tue Mar 10 2020 Michal Ruprich - 7.0-6 - Resolves: #1776342 - frr has missing dependency on iproute * Tue Sep 03 2019 Michal Ruprich - 7.0-5 - Resolves: #1719465 - Removal of component Frr or its crypto * Wed Jun 19 2019 Michal Ruprich - 7.0-4 - Related: #1657029 - frr-contrib is back, it is breaking the rpmdeplint test * Wed Jun 19 2019 Michal Ruprich - 7.0-3 - Related: #1657029 - more cleanup, removed frr-contrib, frrvt changed to frrvty * Wed Jun 19 2019 Michal Ruprich - 7.0-2 - Related: #1657029 - cleaning specfile, adding Requires on libyang-devel * Wed May 29 2019 Michal Ruprich - 7.0-1 - Resolves: #1657029 - Add FRR as a replacement of Quagga in RHEL 8