253 lines
8.5 KiB
RPMSpec
253 lines
8.5 KiB
RPMSpec
%global frrversion 7.5
|
|
%global frr_libdir /usr/lib/frr
|
|
|
|
%global _hardened_build 1
|
|
|
|
Name: frr
|
|
Version: 7.5
|
|
Release: 7%{?checkout}%{?dist}
|
|
Summary: Routing daemon
|
|
License: GPLv2+
|
|
URL: http://www.frrouting.org
|
|
Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
|
|
Source1: %{name}-tmpfiles.conf
|
|
BuildRequires: perl-generators
|
|
BuildRequires: gcc
|
|
BuildRequires: net-snmp-devel
|
|
BuildRequires: texinfo libcap-devel autoconf automake libtool patch groff
|
|
BuildRequires: readline readline-devel ncurses ncurses-devel
|
|
BuildRequires: git pam-devel c-ares-devel
|
|
BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
|
|
BuildRequires: python3-devel python3-sphinx python3-pytest
|
|
BuildRequires: systemd systemd-devel
|
|
BuildRequires: libyang-devel >= 1.0.184
|
|
Requires: net-snmp ncurses
|
|
Requires(post): systemd /sbin/install-info
|
|
Requires(preun): systemd /sbin/install-info
|
|
Requires(postun): systemd
|
|
Requires: iproute
|
|
Requires: initscripts
|
|
Provides: routingdaemon = %{version}-%{release}
|
|
Obsoletes: frr-sysvinit quagga frr-contrib
|
|
|
|
Patch0000: 0000-remove-babeld-and-ldpd.patch
|
|
Patch0001: 0001-use-python3.patch
|
|
Patch0002: 0002-enable-openssl.patch
|
|
Patch0003: 0003-disable-eigrp-crypto.patch
|
|
Patch0004: 0004-fips-mode.patch
|
|
Patch0006: 0006-CVE-2020-12831.patch
|
|
Patch0007: 0007-frrinit.patch
|
|
Patch0008: 0008-ospf-multi-instance.patch
|
|
Patch0009: 0009-bgp-ttl-security.patch
|
|
|
|
%description
|
|
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
|
a multi-server and multi-threaded approach to resolve the current complexity
|
|
of the Internet.
|
|
|
|
FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
|
|
|
|
FRRouting is a fork of Quagga.
|
|
|
|
%prep
|
|
%autosetup -S git
|
|
|
|
%build
|
|
autoreconf -ivf
|
|
|
|
%configure \
|
|
--sbindir=%{frr_libdir} \
|
|
--sysconfdir=%{_sysconfdir}/frr \
|
|
--libdir=%{_libdir}/frr \
|
|
--libexecdir=%{_libexecdir}/frr \
|
|
--localstatedir=%{_localstatedir}/run/frr \
|
|
--enable-snmp=agentx \
|
|
--enable-multipath=64 \
|
|
--enable-vtysh=yes \
|
|
--enable-ospfclient=no \
|
|
--enable-ospfapi=no \
|
|
--enable-user=frr \
|
|
--enable-group=frr \
|
|
--enable-vty-group=frrvty \
|
|
--enable-rtadv \
|
|
--disable-exampledir \
|
|
--enable-systemd=yes \
|
|
--enable-static=no \
|
|
--disable-ldpd \
|
|
--disable-babeld \
|
|
--with-moduledir=%{_libdir}/frr/modules \
|
|
--with-crypto=openssl \
|
|
--enable-fpm
|
|
|
|
%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
|
|
|
|
pushd doc
|
|
make info
|
|
popd
|
|
|
|
%install
|
|
mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
|
|
%{buildroot}/var/log/frr %{buildroot}%{_infodir} \
|
|
%{buildroot}%{_unitdir}
|
|
|
|
mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
|
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
|
%make_install
|
|
|
|
# Remove this file, as it is uninstalled and causes errors when building on RH9
|
|
rm -rf %{buildroot}/usr/share/info/dir
|
|
|
|
install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
|
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
|
|
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
|
|
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
|
|
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
|
|
install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
|
|
|
|
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
|
|
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
|
|
install -d -m 775 %{buildroot}/run/frr
|
|
|
|
rm %{buildroot}%{_libdir}/frr/*.la
|
|
rm %{buildroot}%{_libdir}/frr/modules/*.la
|
|
|
|
#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
|
|
rm %{buildroot}%{_libdir}/frr/*.so
|
|
rm -r %{buildroot}%{_includedir}/frr/
|
|
|
|
%pre
|
|
getent group fttvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || :
|
|
getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || :
|
|
getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
|
|
-c "FRRouting suite" -d %{_localstatedir}/run/frr frr || :
|
|
usermod -aG frrvty frr
|
|
|
|
%post
|
|
%systemd_post frr.service
|
|
|
|
if [ -f %{_infodir}/%{name}.inf* ]; then
|
|
install-info %{_infodir}/frr.info %{_infodir}/dir || :
|
|
fi
|
|
|
|
# Create dummy files if they don't exist so basic functions can be used.
|
|
if [ ! -e %{_sysconfdir}/frr/zebra.conf ]; then
|
|
echo "hostname `hostname`" > %{_sysconfdir}/frr/zebra.conf
|
|
chown frr:frr %{_sysconfdir}/frr/zebra.conf
|
|
chmod 640 %{_sysconfdir}/frr/zebra.conf
|
|
fi
|
|
|
|
if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
|
|
echo 'no service integrated-vtysh-config' > %{_sysconfdir}/frr/vtysh.conf
|
|
chmod 640 %{_sysconfdir}/frr/vtysh.conf
|
|
chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
|
|
fi
|
|
|
|
#Making sure that the old format of config file still works
|
|
#Checking whether .rpmnew conf file is present - in that case I want to change the old config
|
|
if [ -e %{_sysconfdir}/frr/daemons.rpmnew ]; then
|
|
sed -i s'/watchfrr_/#watchfrr_/g' %{_sysconfdir}/frr/daemons
|
|
sed -i s'/zebra=/#zebra=/g' %{_sysconfdir}/frr/daemons
|
|
fi
|
|
|
|
%postun
|
|
%systemd_postun_with_restart frr.service
|
|
|
|
#only when removing the package
|
|
if [ $1 -ge 0 ]; then
|
|
if [ -f %{_infodir}/%{name}.inf* ]; then
|
|
install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
|
|
fi
|
|
fi
|
|
|
|
%preun
|
|
%systemd_preun frr.service
|
|
|
|
%check
|
|
make check PYTHON=%{__python3}
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%license COPYING
|
|
%doc zebra/zebra.conf.sample
|
|
%doc isisd/isisd.conf.sample
|
|
%doc ripd/ripd.conf.sample
|
|
%doc bgpd/bgpd.conf.sample*
|
|
%doc ospfd/ospfd.conf.sample
|
|
%doc ospf6d/ospf6d.conf.sample
|
|
%doc ripngd/ripngd.conf.sample
|
|
%doc pimd/pimd.conf.sample
|
|
%doc doc/mpls
|
|
%dir %attr(740,frr,frr) %{_sysconfdir}/frr
|
|
%dir %attr(755,frr,frr) /var/log/frr
|
|
%dir %attr(755,frr,frr) /run/frr
|
|
%{_infodir}/*info*
|
|
%{_mandir}/man*/*
|
|
%dir %{frr_libdir}/
|
|
%{frr_libdir}/*
|
|
%{_bindir}/*
|
|
%dir %{_libdir}/frr
|
|
%{_libdir}/frr/*.so.*
|
|
%dir %{_libdir}/frr/modules/
|
|
%{_libdir}/frr/modules/*
|
|
%config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
|
|
%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
|
|
%config(noreplace) /etc/pam.d/frr
|
|
%{_unitdir}/*.service
|
|
%dir /usr/share/yang
|
|
/usr/share/yang/*.yang
|
|
%{_tmpfilesdir}/%{name}.conf
|
|
|
|
%changelog
|
|
* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-7
|
|
- Related: #1917269 - Wrong value in gating file
|
|
|
|
* Fri Sep 17 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-6
|
|
- Related: #1917269 - Incomplete patch, adding gating rules
|
|
|
|
* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-5
|
|
- Resolves: #1979426 - Unable to configure OSPF in multi-instance mode
|
|
- Resolves: #1917269 - vtysh running-config output not showing bgp ttl-security hops option
|
|
|
|
* Tue Jan 12 2021 root - 7.5-4
|
|
- Related: #1889323 - Fixing start-up with old config file
|
|
|
|
* Mon Jan 11 2021 root - 7.5-3
|
|
- Related: #1889323 - Reverting to non-integrated cofiguration
|
|
|
|
* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-2
|
|
- Related: #1889323 - Obsoleting frr-contrib
|
|
|
|
* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
|
|
- Resolves: #1889323 - [RFE] Rebase FRR to 7.5
|
|
|
|
* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-10
|
|
- Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881
|
|
|
|
* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-9
|
|
- Resolves: #1852476 - default permission issue eases information leaks
|
|
|
|
* Tue May 05 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-8
|
|
- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
|
|
|
|
* Mon May 04 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-7
|
|
- Resolves: #1758544 - IGMPv3 queries may lead to DoS
|
|
|
|
* Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6
|
|
- Resolves: #1776342 - frr has missing dependency on iproute
|
|
|
|
* Tue Sep 03 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-5
|
|
- Resolves: #1719465 - Removal of component Frr or its crypto
|
|
|
|
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-4
|
|
- Related: #1657029 - frr-contrib is back, it is breaking the rpmdeplint test
|
|
|
|
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-3
|
|
- Related: #1657029 - more cleanup, removed frr-contrib, frrvt changed to frrvty
|
|
|
|
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
|
|
- Related: #1657029 - cleaning specfile, adding Requires on libyang-devel
|
|
|
|
* Wed May 29 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-1
|
|
- Resolves: #1657029 - Add FRR as a replacement of Quagga in RHEL 8
|