# Disable debug information package creation
%define debug_package %{nil}

# Define the Go Import Path
%global goipath github.com/flightctl/flightctl

# SELinux specifics
%global selinuxtype targeted
%define selinux_policyver 3.14.3-67
%define agent_relabel_files() \
    semanage fcontext -a -t flightctl_agent_exec_t "/usr/bin/flightctl-agent" ; \
    restorecon -v /usr/bin/flightctl-agent

Name:           flightctl
Version:        0.6.0~main~109~gd0c8353
Release:        1.20250403143119294475.pr1037.109.gd0c8353%{?dist}
Summary:        Flight Control service

%gometa

License:        Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT
URL:            %{gourl}

Source0:        flightctl-0.6.0~main~109~gd0c8353.tar.gz

BuildRequires:  golang
BuildRequires:  make
BuildRequires:  git
BuildRequires:  openssl-devel

Requires: openssl

# Skip description for the main package since it won't be created
%description
# Main package is empty and not created.

# cli sub-package
%package cli
Summary: Flight Control CLI
%description cli
flightctl is the CLI for controlling the Flight Control service.

# agent sub-package
%package agent
Summary: Flight Control management agent

Requires: flightctl-selinux = %{version}
Requires: bootc

%description agent
The flightctl-agent package provides the management agent for the Flight Control fleet management service.

# selinux sub-package
%package selinux
Summary: SELinux policies for the Flight Control management agent
BuildRequires: selinux-policy >= %{selinux_policyver}
BuildRequires: selinux-policy-devel >= %{selinux_policyver}
BuildArch: noarch
Requires: selinux-policy >= %{selinux_policyver}

%description selinux
The flightctl-selinux package provides the SELinux policy modules required by the Flight Control management agent.

# services sub-package
%package services
Summary: Flight Contol services
Requires: bash
Requires: podman

%description services
The flightctl-services package provides installation and setup of files for running containerized Flight Control services

%prep
%goprep -A
%setup -q %{forgesetupargs} -n flightctl-0.6.0~main~109~gd0c8353

%build
    # if this is a buggy version of go we need to set GOPROXY as workaround
    # see https://github.com/golang/go/issues/61928
    GOENVFILE=$(go env GOROOT)/go.env
    if [[ ! -f "${GOENVFILE}" ]]; then
        export GOPROXY='https://proxy.golang.org,direct'
    fi

    SOURCE_GIT_TAG=$(echo %{version} | tr '~' '-') \
    SOURCE_GIT_TREE_STATE=clean \
    SOURCE_GIT_COMMIT=$(echo %{version} | awk -F'[-~]g' '{print $2}') \
    SOURCE_GIT_TAG_NO_V=%{version} \
    make build-cli build-agent

    # SELinux modules build
    make --directory packaging/selinux

%install
    mkdir -p %{buildroot}/usr/bin
    cp bin/flightctl %{buildroot}/usr/bin
    mkdir -p %{buildroot}/usr/lib/systemd/system
    mkdir -p %{buildroot}/%{_sharedstatedir}/flightctl
    mkdir -p %{buildroot}/usr/lib/flightctl/hooks.d/{afterupdating,beforeupdating,afterrebooting,beforerebooting}
    mkdir -p %{buildroot}/usr/lib/greenboot/check/required.d
    install -m 0755 packaging/greenboot/flightctl-agent-running-check.sh %{buildroot}/usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh
    cp bin/flightctl-agent %{buildroot}/usr/bin
    cp packaging/must-gather/flightctl-must-gather %{buildroot}/usr/bin
    cp packaging/hooks.d/afterupdating/00-default.yaml %{buildroot}/usr/lib/flightctl/hooks.d/afterupdating
    cp packaging/systemd/flightctl-agent.service %{buildroot}/usr/lib/systemd/system
    bin/flightctl completion bash > flightctl-completion.bash
    install -Dpm 0644 flightctl-completion.bash -t %{buildroot}/%{_datadir}/bash-completion/completions
    bin/flightctl completion fish > flightctl-completion.fish
    install -Dpm 0644 flightctl-completion.fish -t %{buildroot}/%{_datadir}/fish/vendor_completions.d/
    bin/flightctl completion zsh > _flightctl-completion
    install -Dpm 0644 _flightctl-completion -t %{buildroot}/%{_datadir}/zsh/site-functions/
    install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
    install -m644 packaging/selinux/*.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}

    rm -f licenses.list

    find . -type f -name LICENSE -or -name License | while read LICENSE_FILE; do
        echo "%{_datadir}/licenses/%{NAME}/${LICENSE_FILE}" >> licenses.list
    done
    mkdir -vp "%{buildroot}%{_datadir}/licenses/%{NAME}"
    cp LICENSE "%{buildroot}%{_datadir}/licenses/%{NAME}"

    mkdir -vp "%{buildroot}%{_docdir}/%{NAME}"

    for DOC in docs examples .markdownlint-cli2.yaml README.md; do
        cp -vr "${DOC}" "%{buildroot}%{_docdir}/%{NAME}/${DOC}"
    done

    # flightctl-services sub-package steps
    # Create the target directory
    mkdir -p %{buildroot}%{_sysconfdir}/flightctl/

    # Run the install script to move the quadlet files
    CONFIG_OUTPUT_DIR="%{buildroot}%{_sysconfdir}/flightctl/" \
    QUADLET_FILES_OUTPUT_DIR="%{buildroot}/usr/share/containers/systemd/" \
    deploy/scripts/install.sh

    # Copy files needed for post install into the build root
    cp deploy/scripts/post_install.sh %{buildroot}%{_sysconfdir}/flightctl/post_install.sh
    cp deploy/scripts/secrets.sh %{buildroot}%{_sysconfdir}/flightctl/secrets.sh

%check
    %{buildroot}%{_bindir}/flightctl-agent version


%pre selinux
%selinux_relabel_pre -s %{selinuxtype}

%post selinux

%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2
%agent_relabel_files

%postun selinux

if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} flightctl_agent
fi

%posttrans selinux

%selinux_relabel_post -s %{selinuxtype}

%post services
%{_sysconfdir}/flightctl/post_install.sh

# File listings
# No %files section for the main package, so it won't be built

%files cli -f licenses.list
    %{_bindir}/flightctl
    %license LICENSE
    %{_datadir}/bash-completion/completions/flightctl-completion.bash
    %{_datadir}/fish/vendor_completions.d/flightctl-completion.fish
    %{_datadir}/zsh/site-functions/_flightctl-completion

%files agent -f licenses.list
    %license LICENSE
    %{_bindir}/flightctl-agent
    %{_bindir}/flightctl-must-gather
    /usr/lib/flightctl/hooks.d/afterupdating/00-default.yaml
    /usr/lib/systemd/system/flightctl-agent.service
    %{_sharedstatedir}/flightctl
    /usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh
    %{_docdir}/%{NAME}/*
    %{_docdir}/%{NAME}/.markdownlint-cli2.yaml

%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2

%files services
    %defattr(0644,root,root,-)
    /usr/share/containers/systemd
    %{_sysconfdir}/flightctl
    %attr(0755,root,root) %{_sysconfdir}/flightctl/post_install.sh
    %attr(0755,root,root) %{_sysconfdir}/flightctl/secrets.sh

%changelog

* Thu Apr 3 2025 Packit <hello@packit.dev> - 0.6.0~main~109~gd0c8353-1.20250403143119294475.pr1037.109.gd0c8353
- EDM-1186: Pass env context to podman secert create so tests work (Dakota Crowder)
- EDM-1186: Specify container files for services sub package (Dakota Crowder)
- EDM-1186: Fix file name (Dakota Crowder)
- EDM-1186: Align secrets file name (Dakota Crowder)
- EDM-1186: Pass tempalte dir when moving shared files (Dakota Crowder)
- EDM-1186: Fix spec miscommit -___- (Dakota Crowder)
- EDM-1186: Allow for outpu dirs to be set in rpm install (Dakota Crowder)
- EDM-1186: Break out scripts to better support new install flow (Dakota Crowder)
- EDM-1186: Format init files more similarly (Dakota Crowder)
- EDM-1186: Refactor and fix standalone (Dakota Crowder)
- EDM-1186: Simplify install scripting (Dakota Crowder)
- EDM-1186: Configure env file for api to allow for disabling auth (Dakota Crowder)
- EDM-1186: Configure AAP auth (Dakota Crowder)
- EDM-1186: Fix cleanup for rootful (Dakota Crowder)
- EDM-1186: Use rootful podman (Dakota Crowder)
- EDM-1186: Cleanup / share generated config (Dakota Crowder)
- EDM-1186: Configure api init container (Dakota Crowder)
- EDM-1186: Use an init container to configure ui cert volume (Dakota Crowder)
- EDM-1186: Remove agent grpc address from config (Dakota Crowder)
- EDM-1186: Share service config between api, periodic, worker (Dakota Crowder)
- EDM-1186: Consolidate flightctl-services rpm sub package into existing spec and remove quadlet-installer specific rpm (Dakota Crowder)
- EDM-1186: Set ui exposed port back to 8080 for now (Dakota Crowder)
- EDM-1186: Set ui exposed port to 443 (Dakota Crowder)
- EDM-1186: Set default BASE_DOMAIN from ip (Dakota Crowder)
- EDM-1186: Fix early return and add newline (Dakota Crowder)
- EDM-1186: Ignore/remove rpm build artifact (Dakota Crowder)
- EDM-1186: Cleanup/refactoring (Dakota Crowder)
- EDM-1186: Halt if secret create errors (Dakota Crowder)
- EDM-1186: Escape env var in psql init script (Dakota Crowder)
- EDM-1186: Export outpu dir (Dakota Crowder)
- EDM-1186: Refactor scripts to try and make state mgmt more clear (Dakota Crowder)
- EDM-1186: Split out rpm spec into different dir (Dakota Crowder)
- EDM-1186: align on flightctl default db name (Dakota Crowder)
- EDM-1186: modify unittest db name (Dakota Crowder)
- EDM-1186: Ensure both output dirs for a service are created (Dakota Crowder)
- EDM-1186: Fix spelling / move comments (Dakota Crowder)
- EDM-1186: Undo accidental .spec change (Dakota Crowder)
- EDM-1186: Hook into current rpm build (Dakota Crowder)
- EDM-1186: Some refactoring and get standalones running (Dakota Crowder)
- EDM-1186: Modify local deploy script to use installer.sh (Dakota Crowder)
- EDM-1186: Adjust output dir defaults (Dakota Crowder)
- EDM-1186: Rename env.sh to shared.sh (Dakota Crowder)
- EDM-1186: Initial spec definition (Dakota Crowder)
- EDM-1186: Get all services running, modify db to mount startup script (Dakota Crowder)
- EDM-1186: Template/move files for all services (Dakota Crowder)
- EDM-1186: Begin writing installer script with envsubst templating (Dakota Crowder)
- EDM-1186: Fix typo (Dakota Crowder)
- EDM-1186: Enclose generate_password in quotes (Dakota Crowder)
- EDM-1186: Trim /dev/urandom input to prevent gh workflow hanging (Dakota Crowder)
- EDM-1186: Refactor generation to use shared function (Dakota Crowder)
- EDM-1186: Refactor podman commands and rename calls to ensure (Dakota Crowder)
- EDM-1186: Ensure volume is created for standalone services (Dakota Crowder)
- EDM-1186: Wrap pw generation in string (Dakota Crowder)
- EDM-1186: Add show secret make cmd (Dakota Crowder)
- EDM-1186: Enable standalone deployments of db and kv using secrets (Dakota Crowder)
- EDM-1186: Add secrets generation and usage to quadlets deployment (Dakota Crowder)
- EDM-1320: applications: improve provider validation (Sam Batschelet)
- EDM-1354: In OCP flightctl-cli-artifacts pod is in CrashLoopBackOff installing with the latest helm chart (rawagner)
- EDM-1352: Building a gitserver as a root user fails (#1058) (Gregory Shilin)
- EDM-1294: Expose CLI Downloads via route and gateway. Create ConsoleCLIDownloads CR. (rawagner)
- EDM-1293: Deploy a pod with CLI tools (#1036) (Gregory Shilin)
- EDM-1329: agent/resource: calculate CPU usage with delta-based sampling (Sam Batschelet)
- EDM-1254: Add user documentation for rollout policies (Ori Amizur)
- EDM-1346: bump x/oauth2 and x/crypto (rawagner)
- EDM-1165: Fix AuthZ middleware. Add tests (rawagner)
- EDM-1317: EDM-1321: api: add missing inline application eval (Sam Batschelet)
- EDM-310: Refactor CA handling (Anton Ivanov)
- NO-ISSUE: Update helm charts with new UI params (rawagner)
- NO-ISSUE: Fix status e2e test (sserafin)
- NO-ISSUE: Anchors are not currently supported for workflows (#1013) (Gregory Shilin)
- EDM-1308: Use chi middleware request IDs (Avishay Traeger)
- EDM-1211: *: implement inline application provider (Sam Batschelet)
- EDM-1211: agent/applications: refactor (Sam Batschelet)
- EDM-1211: api: add application inline provider (Sam Batschelet)
- EDM-1290: Allow passing nil maps to distinguish between missing and empty labels during resource update (#1011) (Assaf Albo)
- EDM-1309: Prevent client from setting ER status (Avishay Traeger)
- EDM-1252:Adding labels (Eldar101)
- EDM-696: Support AAP Gateway OAuth2 (rawagner)
- NO-ISSUE: Make example enrollment request valid (Celia Amador)
- EDM-1214: Perform better validation of CSR and enrollment requests (Anton Ivanov)
- EDM-1251: fix JSONB fields in CompositeSelectorResolver (#995) (Assaf Albo)
- EDM-1138: Upgrade go to RH-supported (and FIPS-compatible) version (#980) (Gregory Shilin)
- EDM-1039: Make CLI code Windows compatible (#951) (Gregory Shilin)

* Mon Mar 31 2025 Dakota Crowder <dcrowder@redhat.com> - 0.5.0-1
- Add services sub-package for installation of containerized flightctl services
* Fri Feb 7 2025 Miguel Angel Ajo <majopela@redhat.com> - 0.4.0-1
- Add selinux support for console pty access

* Mon Nov 4 2024 Miguel Angel Ajo <majopela@redhat.com> - 0.3.0-1
- Move the Release field to -1 so we avoid auto generating packages
  with -5 all the time.
* Wed Aug 21 2024 Sam Batschelet <sbatsche@redhat.com> - 0.0.1-5
- Add must-gather script to provide a simple mechanism to collect agent debug
* Wed Aug 7 2024 Sam Batschelet <sbatsche@redhat.com> - 0.0.1-4
- Add basic greenboot support for failed flightctl-agent service
* Wed Mar 13 2024 Ricardo Noriega <rnoriega@redhat.com> - 0.0.1-3
- New specfile for both CLI and agent packages