Bump release for rebuild

Resolves: RHEL-140528 RHEL-146085 RHEL-149258

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,12 @@
-SOURCES/yggdrasil-0.4.5.tar.xz
+/yggdrasil-ffb580f55ae91beff78156fdb6a41be8bc049117.tar.gz
+/yggdrasil-0.3.1.tar.gz
+/yggdrasil-0.3.2.tar.gz
+/yggdrasil-0.3.2.tar.xz
+/yggdrasil-0.4.1.tar.xz
+/yggdrasil-0.4.2.tar.xz
+/yggdrasil-0.4.4.tar.xz
+/yggdrasil-0.4.5.tar.xz
+/yggdrasil-0.4.6.tar.xz
+/yggdrasil-0.4.7.tar.xz
+/yggdrasil-0.4.8.tar.xz
+/yggdrasil-0.4.9.tar.xz

.yggdrasil.metadata

@@ -1 +0,0 @@
-61c8ea524a5d18abab770e35394a7a1b548a409a SOURCES/yggdrasil-0.4.5.tar.xz

README.md

@@ -0,0 +1,3 @@
+# yggdrasil
+
+The yggdrasil package

SOURCES/0001-fix-Only-root-user-can-call-use-com.redhat.Yggdrasil.patch

@@ -1,37 +0,0 @@
-From 5291b3a84b1b251d27ce0f9aebca4ac56c620dc2 Mon Sep 17 00:00:00 2001
-From: Jiri Hnidek <jhnidek@redhat.com>
-Date: Wed, 30 Apr 2025 13:33:17 +0200
-Subject: [PATCH] fix: Only root user can call use com.redhat.Yggdrasil1
-
-* Card ID: RHEL-88585
-* CVE: CVE-2025-3931
-  * Local user was able to dispatch content for any
-    yggdrasil worker using D-Bus method Dispatch().
-    If there was any worker installed and the worker
-    used root user instead some system user, then
-    it could lead to a local privilege escalation
-* Only root user should be able to call methods in
-  com.redhat.Yggdrasil1 destination
-* No local user needs to call methods in this destination
----
- data/dbus/yggd.conf.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/data/dbus/yggd.conf.in b/data/dbus/yggd.conf.in
-index 26b2d46..695da5c 100644
---- a/data/dbus/yggd.conf.in
-+++ b/data/dbus/yggd.conf.in
-@@ -15,8 +15,8 @@
-     <allow send_destination="com.redhat.Yggdrasil1.Dispatcher1" />
-   </policy>
- 
--  <policy context="default">
--    <!-- Anyone can send messages to the Yggdrasil1 destination. -->
-+  <policy user="root">
-+    <!-- Only root can send messages to the Yggdrasil1 destination. -->
-     <allow send_destination="com.redhat.Yggdrasil1" />
-   </policy>
- </busconfig>
--- 
-2.47.1
-

SPECS/yggdrasil.spec

@@ -1,235 +0,0 @@
-## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
-## RPMAUTOSPEC: autorelease, autochangelog
-%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 3;
-    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
-    print(release_number + base_release_number - 1);
-}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
-## END: Set by rpmautospec
-
-%bcond_without check
-
-# https://github.com/redhatinsights/yggdrasil
-%global goipath         github.com/redhatinsights/yggdrasil
-Version:                0.4.5
-%global tag             v%{version}
-
-%gometa -f
-
-%global common_description %{expand:
-yggdrasil is a system daemon that subscribes to topics on an MQTT broker and
-routes any data received on the topics to an appropriate child "worker" process,
-exchanging data with its worker processes through a D-Bus message broker.}
-
-%global golicenses      LICENSE
-%global godocs          CONTRIBUTING.md README.md
-
-Name:           yggdrasil
-Release:        %autorelease
-Summary:        Remote data transmission and processing client
-
-License:        GPL-3.0-only
-URL:            %{gourl}
-Source:         %{url}/releases/download/%{tag}/yggdrasil-%{version}.tar.xz
-Source1:        config.toml
-Source2:        yggdrasil.sysuser
-
-BuildRequires:  systemd-rpm-macros
-BuildRequires:  meson
-BuildRequires:  pkgconfig(dbus-1)
-BuildRequires:  pkgconfig(systemd)
-BuildRequires:  pkgconfig(bash-completion)
-%{?sysusers_requires_compat}
-
-Patch0:         0001-fix-Only-root-user-can-call-use-com.redhat.Yggdrasil.patch
-
-%description %{common_description}
-
-%package devel
-Summary:        %{name} development files
-
-%description devel
-%{common_description}
-
-Contains files needed for yggdrasil worker development.
-
-%package examples
-Summary:        %{name} example workers
-
-Requires: %{name} = %{version}-%{release}
-
-%description examples
-%{common_description}
-
-Contains example workers for %{name}.
-
-%gopkg
-
-%prep
-%goprep %{?rhel:-k}
-%autopatch -p1
-
-%if %{undefined rhel}
-%generate_buildrequires
-%go_generate_buildrequires
-%endif
-
-%build
-%undefine _auto_set_build_flags
-export %gomodulesmode
-%{?gobuilddir:export GOPATH="%{gobuilddir}:${GOPATH:+${GOPATH}:}%{?gopath}"}
-%meson -Dexamples=True -Dvendor=True -Ddefault_data_host=cert.cloud.redhat.com -Ddefault_path_prefix=redhat/insights "-Dgobuildflags=[%(echo %{expand:%gocompilerflags} | sed -e s/"^"/"'"/ -e s/" "/"', '"/g -e s/"$"/"'"/), '-tags', '"rpm_crashtraceback\ ${BUILDTAGS:-}"', '-a', '-v', '-x']" -Dgoldflags='%{?currentgoldflags} -B 0x%(head -c20 /dev/urandom|od -An -tx1|tr -d " \n") -compressdwarf=false -linkmode=external -extldflags "%{build_ldflags} %{?__golang_extldflags}"'
-%meson_build
-
-%global gosupfiles ./ipc/com.redhat.Yggdrasil1.Dispatcher1.xml ./ipc/com.redhat.Yggdrasil1.Worker1.xml
-%install
-%meson_install
-%__install -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/config.toml
-%__install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
-%__install -d -m 0755 %{buildroot}%{_localstatedir}/lib/yggdrasil
-
-%if %{with check}
-%check
-%gocheck
-%endif
-
-%pre
-%sysusers_create_compat %{SOURCE2}
-
-%post
-ln -s %{_unitdir}/yggdrasil.service %{_unitdir}/rhcd.service
-%systemd_post %{name}.service
-%systemd_user_post %{name}.service
-
-%preun
-%systemd_preun %{name}.service
-%systemd_user_preun %{name}.service
-
-%postun
-rm -f %{_unitdir}/rhcd.service
-%systemd_postun_with_restart %{name}.service
-%systemd_user_postun_with_restart %{name}.service
-
-%files
-%license LICENSE
-%if %{defined rhel}
-%license vendor/modules.txt
-%endif
-%doc CONTRIBUTING.md README.md
-%{_bindir}/yggd
-%{_bindir}/yggctl
-%config(noreplace) %{_sysconfdir}/%{name}
-%{_unitdir}/yggdrasil-bus@.service
-%{_unitdir}/yggdrasil-bus@.socket
-%{_unitdir}/yggdrasil@.service
-%{_unitdir}/yggdrasil.service
-%{_userunitdir}/yggdrasil.service
-%{_sysusersdir}/yggdrasil.conf
-%{_datadir}/bash-completion/completions/yggd
-%{_datadir}/bash-completion/completions/yggctl
-%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.xml
-%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.Worker1.xml
-%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.Dispatcher1.xml
-%{_datadir}/dbus-1/system.d/yggd.conf
-%{_datadir}/dbus-1/system-services/com.redhat.Yggdrasil1.service
-%{_datadir}/doc/%{name}/tags.toml
-%{_mandir}/man1/yggctl.1.gz
-%{_mandir}/man1/yggd.1.gz
-%attr(0755, yggdrasil, yggdrasil) %{_localstatedir}/lib/yggdrasil
-
-%files devel
-%{_libdir}/pkgconfig/yggdrasil.pc
-
-%files examples
-%{_libexecdir}/yggdrasil/echo
-%{_datadir}/dbus-1/system.d/com.redhat.Yggdrasil1.Worker1.echo.conf
-%{_datadir}/dbus-1/system-services/com.redhat.Yggdrasil1.Worker1.echo.service
-%{_unitdir}/com.redhat.Yggdrasil1.Worker1.echo.service
-
-%changelog
-## START: Generated by rpmautospec
-* Thu Jun 26 2025 Alex Burmashev <alexander.burmashev@oracle.com> - 0.4.5-3
-- Fix CVE-2025-3931
-
-* Tue Mar 11 2025 Joe VLcek <jvlcek@redhat.com> - 0.4.5-2
-- Create rhcd.service sym link to yggdrasil.service
-
-* Mon Feb 03 2025 Link Dupont <link@sub-pop.net> - 0.4.5-1
-- Update to 0.4.5 (RHEL-77619)
-
-* Mon Feb 03 2025 Link Dupont <link@sub-pop.net> - 0.4.4-8
-- Include examples subpackage
-
-* Thu Nov 07 2024 Link Dupont <link@sub-pop.net> - 0.4.4-7
-- Include local state dir (RHEL-66427)
-
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.4.4-6
-- Bump release for October 2024 mass rebuild:
-
-* Tue Oct 08 2024 Link Dupont <link@sub-pop.net> - 0.4.4-4
-- Add yggdrasil user to rhsm group (RHEL-61735)
-
-* Tue Sep 24 2024 Link Dupont <link@sub-pop.net> - 0.4.4-3
-- Use sysusers_create_compat to create users in pre
-
-* Mon Sep 16 2024 Link Dupont <link@sub-pop.net> - 0.4.4-2
-- Bump release to rebuild
-
-* Fri Sep 13 2024 Link Dupont <link@sub-pop.net> - 0.4.4-1
-- Update to version 0.4.4 (RHEL-56788)
-
-* Mon Aug 19 2024 Link Dupont <link@sub-pop.net> - 0.4.1-8
-- Bump release to rebuild package.
-
-* Tue Aug 06 2024 Link Dupont <link@sub-pop.net> - 0.4.1-7
-- Don't build gopkg subpackages
-
-* Tue Aug 06 2024 Link Dupont <link@sub-pop.net> - 0.4.1-6
-- Rebuild to mitigate CVE-2024-24791 risk (RHEL-47186)
-
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.4.1-5
-- Bump release for June 2024 mass rebuild
-
-* Fri Jun 07 2024 Link Dupont <link@sub-pop.net> - 0.4.1-4
-- add gating.yaml
-
-* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.4.1-3
-- Rebuild for golang 1.22.0
-
-* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Mon Sep 18 2023 Link Dupont <link@sub-pop.net> - 0.4.1-1
-- Update to version 0.4.1 (RHBZ#2239102)
-
-* Wed Aug 09 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 0.3.2-2
-- Use vendored dependencies in RHEL builds
-
-* Mon Jul 24 2023 Link Dupont <link@sub-pop.net> - 0.3.2-1
-- Update to version 0.3.2 (RHBZ#2225230)
-
-* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Mar 07 2023 Link Dupont <link@sub-pop.net> - 0.3.1-2
-- Include D-Bus interface files in devel package
-
-* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.98^1.ffb580f-0.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.98^1.ffb580f-0.4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 0.2.98^1.ffb580f-0.3
-- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
-  golang
-
-* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> - 0.2.98^1.ffb580f-0.2
-- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
-  CVE-2022-29526, CVE-2022-30629
-
-* Tue Aug 10 2021 Link Dupont <linkdupont@fedoraproject.org> - 0.2.98^1.ffb580f-0.1.20210728gitffb580f
-- Initial package
-
-## END: Generated by rpmautospec

changelog

@@ -0,0 +1,16 @@
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.98^1.ffb580f-0.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.98^1.ffb580f-0.4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 0.2.98^1.ffb580f-0.3
+- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
+  golang
+
+* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> - 0.2.98^1.ffb580f-0.2
+- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
+  CVE-2022-29526, CVE-2022-30629
+
+* Tue Aug 10 2021 Link Dupont <linkdupont@fedoraproject.org> - 0.2.98^1.ffb580f-0.1.20210728gitffb580f
+- Initial package

gating.yaml

@@ -0,0 +1,10 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+# Disabling until tier 0 tests are added: https://issues.redhat.com/browse/CCT-98  
+#  - !PassingTestCaseRule { test_case_name: osci.brew-build.tier0.functional }
+  - !PassingTestCaseRule {test_case_name: rhsmci.brew-build.tier1.functional}
+
+

plans/main.fmf

@@ -0,0 +1,5 @@
+summary: Basic smoke test
+discover:
+    how: fmf
+execute:
+    how: tmt

sources

@@ -0,0 +1 @@
+SHA512 (yggdrasil-0.4.9.tar.xz) = 3997b72b84eb33bab0cc650791dfb37344692874b681d31aa70323b755eb3c5d1eea29df8835a553ffb723e63ce943b1bb5a4d48013ac70152731b3d4e0272ab

tests/smoke/main.fmf

@@ -0,0 +1,3 @@
+summary: Run yggd --help
+test: /usr/bin/yggd --help
+duration: 5m

yggdrasil.spec

@@ -0,0 +1,138 @@
+%bcond_without check
+
+# https://github.com/redhatinsights/yggdrasil
+%global goipath         github.com/redhatinsights/yggdrasil
+Version:                0.4.9
+%global tag             v%{version}
+
+%gometa -f
+
+%global common_description %{expand:
+yggdrasil is a system daemon that subscribes to topics on an MQTT broker and
+routes any data received on the topics to an appropriate child "worker" process,
+exchanging data with its worker processes through a D-Bus message broker.}
+
+%global golicenses      LICENSE
+%global godocs          CONTRIBUTING.md README.md
+
+Name:           yggdrasil
+Release:        %autorelease
+Summary:        Remote data transmission and processing client
+
+License:        GPL-3.0-only
+URL:            %{gourl}
+Source:         %{url}/releases/download/%{tag}/yggdrasil-%{version}.tar.xz
+Source1:        config.toml
+Source2:        yggdrasil.sysuser
+
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  meson
+BuildRequires:  pkgconfig(dbus-1)
+BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(bash-completion)
+%{?sysusers_requires_compat}
+
+%description %{common_description}
+
+%package devel
+Summary:        %{name} development files
+
+%description devel
+%{common_description}
+
+Contains files needed for yggdrasil worker development.
+
+%package examples
+Summary:        %{name} example workers
+
+Requires: %{name} = %{version}-%{release}
+
+%description examples
+%{common_description}
+
+Contains example workers for %{name}.
+
+%gopkg
+
+%prep
+%goprep %{?rhel:-k}
+%autopatch -p1
+
+%if %{undefined rhel}
+%generate_buildrequires
+%go_generate_buildrequires
+%endif
+
+%build
+%undefine _auto_set_build_flags
+%{?gobuilddir:export GOPATH="%{gobuilddir}:${GOPATH:+${GOPATH}:}%{?gopath}"}
+%meson -Dexamples=True -Dvendor=True -Ddefault_facts_file=%{_localstatedir}/lib/yggdrasil/canonical-facts.json -Ddefault_data_host=cert.cloud.redhat.com -Ddefault_path_prefix=redhat/insights "-Dgobuildflags=[%(echo %{expand:%gocompilerflags} | sed -e s/"^"/"'"/ -e s/" "/"', '"/g -e s/"$"/"'"/), '-tags', '"rpm_crashtraceback\ ${BUILDTAGS:-}"', '-a', '-v', '-x']" -Dgoldflags='%{?currentgoldflags} -B 0x%(head -c20 /dev/urandom|od -An -tx1|tr -d " \n") -compressdwarf=false -linkmode=external -extldflags "%{build_ldflags} %{?__golang_extldflags}"'
+%meson_build
+
+%global gosupfiles ./ipc/com.redhat.Yggdrasil1.Dispatcher1.xml ./ipc/com.redhat.Yggdrasil1.Worker1.xml
+%install
+%meson_install
+%__install -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/config.toml
+%__install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
+%__install -d -m 0755 %{buildroot}%{_localstatedir}/lib/yggdrasil
+
+%if %{with check}
+%check
+%gocheck
+%endif
+
+%pre
+%sysusers_create_compat %{SOURCE2}
+
+%post
+ln -s %{_unitdir}/yggdrasil.service %{_unitdir}/rhcd.service
+%systemd_post %{name}.service
+%systemd_user_post %{name}.service
+
+%preun
+%systemd_preun %{name}.service
+%systemd_user_preun %{name}.service
+
+%postun
+rm -f %{_unitdir}/rhcd.service
+%systemd_postun_with_restart %{name}.service
+%systemd_user_postun_with_restart %{name}.service
+
+%files
+%license LICENSE
+%if %{defined rhel}
+%license vendor/modules.txt
+%endif
+%doc CONTRIBUTING.md README.md
+%{_bindir}/yggd
+%{_bindir}/yggctl
+%config(noreplace) %{_sysconfdir}/%{name}
+%{_unitdir}/yggdrasil-bus@.service
+%{_unitdir}/yggdrasil-bus@.socket
+%{_unitdir}/yggdrasil@.service
+%{_unitdir}/yggdrasil.service
+%{_userunitdir}/yggdrasil.service
+%{_sysusersdir}/yggdrasil.conf
+%{_datadir}/bash-completion/completions/yggd
+%{_datadir}/bash-completion/completions/yggctl
+%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.xml
+%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.Worker1.xml
+%{_datadir}/dbus-1/interfaces/com.redhat.Yggdrasil1.Dispatcher1.xml
+%{_datadir}/dbus-1/system.d/yggd.conf
+%{_datadir}/dbus-1/system-services/com.redhat.Yggdrasil1.service
+%{_datadir}/doc/%{name}/tags.toml
+%{_mandir}/man1/yggctl.1.gz
+%{_mandir}/man1/yggd.1.gz
+%attr(0755, yggdrasil, yggdrasil) %{_localstatedir}/lib/yggdrasil
+
+%files devel
+%{_libdir}/pkgconfig/yggdrasil.pc
+
+%files examples
+%{_libexecdir}/yggdrasil/echo
+%{_datadir}/dbus-1/system.d/com.redhat.Yggdrasil1.Worker1.echo.conf
+%{_datadir}/dbus-1/system-services/com.redhat.Yggdrasil1.Worker1.echo.service
+%{_unitdir}/com.redhat.Yggdrasil1.Worker1.echo.service
+
+%changelog
+%autochangelog