#debuginfo not supported with Go %global debug_package %{nil} # modifying the Go binaries breaks the DWARF debugging %global __os_install_post %{_rpmconfigdir}/brp-compress %global gopath %{_datadir}/gocode %global import_path github.com/openshift/oc %global golang_version 1.13 %{!?version: %global version 0.0.1} %{!?release: %global release 1} %{!?commit: # DO NOT MODIFY: the value on the line below is sed-like replaced by openshift/doozer %global commit 1b0bf0849072a4d9ef2e79c1ed80a60b4b4c1bba } %if ! 0%{?os_git_vars:1} # DO NOT MODIFY: the value on the line below is sed-like replaced by openshift/doozer %global os_git_vars OS_GIT_VERSION=4.17.0-202502051534.p0.g1b0bf08.assembly.stream-1b0bf08 OS_GIT_MAJOR=4 OS_GIT_MINOR=17 OS_GIT_PATCH=0 OS_GIT_COMMIT=1b0bf0849072a4d9ef2e79c1ed80a60b4b4c1bba OS_GIT_TREE_STATE=clean %endif %if "%{os_git_vars}" == "ignore" %global make make %else %global make %{os_git_vars} && make SOURCE_GIT_TAG:="${OS_GIT_VERSION}" SOURCE_GIT_COMMIT:="${OS_GIT_COMMIT}" SOURCE_GIT_MAJOR:="${OS_GIT_MAJOR}" SOURCE_GIT_MINOR:="${OS_GIT_MINOR}" SOURCE_GIT_TREE_STATE:="${OS_GIT_TREE_STATE}" %endif Name: openshift-clients Version: 4.17.0 Release: 202502051534.p0.g1b0bf08.assembly.stream%{?dist} Summary: OpenShift client binaries License: ASL 2.0 URL: https://%{import_path} %if ! 0%{?local_build:1} Source0: openshift-clients-4.17.0-202502051534.p0.g1b0bf08.assembly.stream.tar.gz %endif # If go_arches not defined fall through to implicit golang archs %if 0%{?go_arches:1} ExclusiveArch: %{go_arches} %else ExclusiveArch: x86_64 aarch64 ppc64le s390x %endif BuildRequires: golang >= %{golang_version} BuildRequires: krb5-devel BuildRequires: rsync BuildRequires: git %if 0%{?rhel} >= 8 BuildRequires: go-toolset %endif Provides: atomic-openshift-clients = %{version} Obsoletes: atomic-openshift-clients <= %{version} Requires: bash-completion %description [Maintainer] project: OCPBUGS, component: oc %{summary} %package redistributable Summary: OpenShift Client binaries for Linux, Mac OSX, and Windows Provides: atomic-openshift-clients-redistributable = %{version} Obsoletes: atomic-openshift-clients-redistributable <= %{version} %description redistributable [Maintainer] project: OCPBUGS, component: oc %{summary} %prep %if ! 0%{?local_build:1} %setup -q -n openshift-clients-4.17.0 go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@latest %endif %build export REAL_GO_PATH=$(which go || true) if [[ -n "$REAL_GO_PATH" ]]; then GOSHIM_DIR=/tmp/goshim mkdir -p $GOSHIM_DIR ln -s $REAL_GO_PATH $GOSHIM_DIR/go.real export PATH=$GOSHIM_DIR:$PATH # Use single quotes 'EOF' to avoid variable expansion. cat > $GOSHIM_DIR/go << 'EOF' #!/bin/sh export GOEXPERIMENT=strictfipsruntime export GOTOOLCHAIN=local LOG_PREFIX="Go compliance shim [${__doozer_group}][${__doozer_key}]:" echoerr() { echo -n "${LOG_PREFIX} " 1>&2 cat <<< "$@" 1>&2 } set -o xtrace echo 1>&2 echo 1>&2 echo -n "${LOG_PREFIX} incoming command line arguments: " 1>&2 for arg in "$@"; do echo -n "\"${arg}\" " 1>&2 done echo 1>&2 echo 1>&2 echoerr "----" echoerr "incoming environment: " echoerr "---------------------" env 1>&2 echoerr "---------------------" echo 1>&2 if [[ "${CGO_ENABLED}" == "0" ]]; then echoerr "non-compliant RPM attempted to use CGO_ENABLED=${CGO_ENABLED}" fi if [[ "${GOOS}" == darwin || "${GOOS}" == windows ]]; then echoerr "permitting CGO_ENABLED=${CGO_ENABLED} because of GOOS=${GOOS}" else export CGO_ENABLED="1" fi echoerr "GOOS is $GOOS, CGO_ENABLED is ${CGO_ENABLED}" HAS_TAGS=0 if cat <<< "$@" | grep "\-tags" > /dev/null; then HAS_TAGS="1" fi FORCE_FOD_MODE=1 FORCE_OPENSSL=1 FORCE_DYNAMIC=1 IN_RUN=0 IN_TAGS=0 ARGS=() # We need to rebuild the argument list. # Compilation with -extldflags "-static" is problematic with # CGO_ENABLED=1 because compilation tries to link against # static libraries which don't exist. Remove -static flag # when detected. This is tricky because extldflags can be simple # or something like -ldflags '-X $(REPO_PATH)/pkg/version.Raw=$(VERSION) -extldflags "-lm -lstdc++ -static"' ARGS=() # We need to rebuild the argument list. for arg in "$@"; do if [[ "${arg}" == "run" ]]; then IN_RUN="1" fi # prior to detecting 'IN_RUN', grafana failed because it ran # 'go run build.go build' which caused the script to exec 'go run build.go build -tags strictfipsruntime' if [[ "${arg}" == "build" && "${IN_RUN}" == "0" ]]; then # -tags apparently cannot come after a build path # e.g. "build ./cmd/cluster-openshift-apiserver-operator -tags strictfipsruntime" is invalid. # So, if we see "build" and no "-tags" ahead, then go ahead and force FOD tag. ARGS+=("${arg}") # Add "build" if [[ "${FORCE_FOD_MODE}" == "1" && "${HAS_TAGS}" == "0" ]]; then ARGS+=("-tags") ARGS+=("strictfipsruntime") fi continue # We've already added 'build', so don't reach the bottom of the loop where it would be added again. fi if [[ ( "${arg}" == "-tags="* || "${arg}" == "--tags="* ) && "${FORCE_FOD_MODE}" == "1" ]]; then echoerr "adding strictfipsruntime tag to \"${arg}\"" arg=$(echo "${arg}" | tr -d "'" | tr -d "\"") # Delete any quotes which get passed in literally. grafana managed this. if [[ "${arg}" == *" "* ]]; then # If the tags parameter is space delimited arg="${arg} strictfipsruntime" else # Assume comma delimited arg="${arg},strictfipsruntime" fi fi if [[ "${IN_TAGS}" == "1" ]]; then if [[ "${FORCE_FOD_MODE}" == "1" ]]; then echoerr "adding strictfipsruntime tag to ${arg} (IN_TAGS=${IN_TAGS})" arg=$(echo "${arg}" | tr -d "'" | tr -d "\"") # Delete any quotes which get passed in literally. prom-label-proxy managed this. if [[ "${arg}" == *" "* ]]; then # If the tags parameter is space delimited arg="${arg} strictfipsruntime" else # Assume comma delimited arg="${arg},strictfipsruntime" fi fi if [[ "${FORCE_OPENSSL}" == "1" ]]; then pre_arg="${arg}" arg=$(echo "${arg}" | sed 's/no_openssl/shim_prevented_no_openssl/g') if [[ "${pre_arg}" != "${arg}" ]]; then echoerr "non-compliant: eliminated no_openssl" fi fi IN_TAGS=0 fi if [[ "${arg}" == "-tags" || "${arg}" == "--tags" ]]; then IN_TAGS=1 fi # Compilation with -extldflags "-static" is problematic with # CGO_ENABLED=1 because compilation tries to link against # static libraries which don't exist. Remove -static flag # when detected. This is tricky because extldflags can be simple # or something like -ldflags '-X $(REPO_PATH)/pkg/version.Raw=$(VERSION) -extldflags "-lm -lstdc++ -static"' # Note that extldflags is a flag embedded within the value of the # -ldflags argument. From our script's perspective, it will be part of a single # argument, but this argument might look like '-X $(REPO_PATH)/pkg/version.Raw=$(VERSION) -extldflags "-lm -lstdc++ -static"'. if [[ "${arg}" == *"-extldflags"* && "${FORCE_DYNAMIC}" == "1" ]]; then # We replace -static with -lc because '-lc' implies to link against stdlib. This is a default # and should therefore be benign for virtually any compilation (unless -nostdlib or -nodefaultlibs # is specified -- and we don't account for this). # Why replace instead of remove? Consider the complex possible scenarios: # -ldflags '-extldflags "-static"' # Removing -extldflags would mean we also need to remove ldflags. # -ldflags '-X $(REPO_PATH)/pkg/version.Raw=$(VERSION) -extldflags "-static"' # Would remove extldflags but keep ldflags # -ldflags '-X $(REPO_PATH)/pkg/version.Raw=$(VERSION) -extldflags "-static -lm"' # Would need to remove -static but keep extldflags # In any scenario, replacing "-static" with something benign should work without the need for complex logic. pre_arg="${arg}" arg=$(echo "${arg}" | sed "s/-static/-lc/g") if [[ "${pre_arg}" != "${arg}" ]]; then echoerr "non-compliant: eliminated static" fi fi ARGS+=("${arg}") done echo 1>&2 echo 1>&2 echo -n "${LOG_PREFIX} final command line arguments: " 1>&2 for arg in "${ARGS[@]}"; do echo -n "\"${arg}\" " 1>&2 done echo 1>&2 echo 1>&2 echoerr "Invoking actual go binary" SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Get the directory in which this script is executing echo -n "$LOG_PREFIX} go environment variable" 1>&2 { "${SCRIPT_DIR}/go.real" env | grep -e CGO_ENABLED -e GOEXPERIMENT -e GOOS -e GOARCH -e GOAMD64; } 1>&2 echoerr "FORCE_FOD_MODE=$FORCE_FOD_MODE" echoerr "FORCE_OPENSSL=$FORCE_OPENSSL" echoerr "FORCE_DYNAMIC=$FORCE_DYNAMIC" ${SCRIPT_DIR}/go.real "${ARGS[@]}" EOF chmod +x $GOSHIM_DIR/go fi %if ! 0%{?local_build:1} mkdir -p "$(dirname __gopath/src/%{import_path})" mkdir -p "$(dirname __gopath/src/%{import_path})" ln -s "$(pwd)" "__gopath/src/%{import_path}" export GOPATH=$(pwd)/__gopath:%{gopath} cd "__gopath/src/%{import_path}" %endif %ifarch %{ix86} GOOS=linux GOARCH=386 %endif %ifarch ppc64le GOOS=linux GOARCH=ppc64le %endif %ifarch %{arm} aarch64 GOOS=linux GOARCH=arm64 %endif %ifarch s390x GOOS=linux GOARCH=s390x %endif export PATH=$PATH:/builddir/go/bin %{make} build GO_BUILD_PACKAGES:='./cmd/oc ./tools/genman' %ifarch x86_64 # Create Binaries for all supported arches %{make} cross-build-darwin-amd64 cross-build-windows-amd64 GO_BUILD_PACKAGES:='./cmd/oc' %endif %install install -d %{buildroot}%{_bindir} # Install for the local platform install -p -m 755 ./oc %{buildroot}%{_bindir}/oc ln -s ./oc %{buildroot}%{_bindir}/kubectl [[ -e %{buildroot}%{_bindir}/kubectl ]] %ifarch x86_64 # Install client executable for windows and mac install -d %{buildroot}%{_datadir}/%{name}/{linux,macosx,windows} install -p -m 755 ./oc %{buildroot}%{_datadir}/%{name}/linux/oc ln -s ./oc %{buildroot}%{_datadir}/%{name}/linux/kubectl [[ -e %{buildroot}%{_datadir}/%{name}/linux/kubectl ]] install -p -m 755 ./_output/bin/darwin_amd64/oc %{buildroot}/%{_datadir}/%{name}/macosx/oc ln -s ./oc %{buildroot}/%{_datadir}/%{name}/macosx/kubectl [[ -e %{buildroot}/%{_datadir}/%{name}/macosx/kubectl ]] install -p -m 755 ./_output/bin/windows_amd64/oc.exe %{buildroot}/%{_datadir}/%{name}/windows/oc.exe ln -s ./oc.exe %{buildroot}/%{_datadir}/%{name}/windows/kubectl.exe [[ -e %{buildroot}/%{_datadir}/%{name}/windows/kubectl.exe ]] %endif # Install man1 man pages install -d -m 0755 %{buildroot}%{_mandir}/man1 ./genman %{buildroot}%{_mandir}/man1 oc # Install bash completions install -d -m 755 %{buildroot}%{_sysconfdir}/bash_completion.d/ for bin in oc kubectl do echo "+++ INSTALLING BASH COMPLETIONS FOR ${bin} " %{buildroot}%{_bindir}/${bin} completion bash > %{buildroot}%{_sysconfdir}/bash_completion.d/${bin} chmod 644 %{buildroot}%{_sysconfdir}/bash_completion.d/${bin} done %files %license LICENSE %{_bindir}/oc %{_bindir}/kubectl %{_sysconfdir}/bash_completion.d/oc %{_sysconfdir}/bash_completion.d/kubectl %dir %{_mandir}/man1/ %{_mandir}/man1/oc* %ifarch x86_64 %files redistributable %license LICENSE %dir %{_datadir}/%{name}/linux/ %dir %{_datadir}/%{name}/macosx/ %dir %{_datadir}/%{name}/windows/ %{_datadir}/%{name}/linux/oc %{_datadir}/%{name}/linux/kubectl %{_datadir}/%{name}/macosx/oc %{_datadir}/%{name}/macosx/kubectl %{_datadir}/%{name}/windows/oc.exe %{_datadir}/%{name}/windows/kubectl.exe %endif %changelog * Wed Feb 05 2025 AOS Automation Release Team - 4.17.0-202502051534.p0.g1b0bf08.assembly.stream - Update to source commit https://github.com/openshift/oc/commit/1b0bf0849072a4d9ef2e79c1ed80a60b4b4c1bba