# Disable debug information package creation
%define debug_package %{nil}

# Define the Go Import Path
%global goipath github.com/flightctl/flightctl

# SELinux specifics
%global selinuxtype targeted
%define selinux_policyver 3.14.3-67
%define agent_relabel_files() \
    semanage fcontext -a -t flightctl_agent_exec_t "/usr/bin/flightctl-agent" ; \
    restorecon -v /usr/bin/flightctl-agent

Name:           flightctl
Version:        0.6.0~main~104~g825b199
Release:        1.20250410211704729425.pr1083.104.g825b199%{?dist}
Summary:        Flight Control service

%gometa

License:        Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT
URL:            %{gourl}

Source0:        flightctl-0.6.0~main~104~g825b199.tar.gz

BuildRequires:  golang
BuildRequires:  make
BuildRequires:  git
BuildRequires:  openssl-devel

Requires: openssl

# Skip description for the main package since it won't be created
%description
# Main package is empty and not created.

# cli sub-package
%package cli
Summary: Flight Control CLI
%description cli
flightctl is the CLI for controlling the Flight Control service.

# agent sub-package
%package agent
Summary: Flight Control management agent

Requires: flightctl-selinux = %{version}
Requires: bootc

%description agent
The flightctl-agent package provides the management agent for the Flight Control fleet management service.

# selinux sub-package
%package selinux
Summary: SELinux policies for the Flight Control management agent
BuildRequires: selinux-policy >= %{selinux_policyver}
BuildRequires: selinux-policy-devel >= %{selinux_policyver}
BuildArch: noarch
Requires: selinux-policy >= %{selinux_policyver}

%description selinux
The flightctl-selinux package provides the SELinux policy modules required by the Flight Control management agent.

# services sub-package
%package services
Summary: Flight Control services
Requires: bash
Requires: podman

%description services
The flightctl-services package provides installation and setup of files for running containerized Flight Control services

%prep
%goprep -A
%setup -q %{forgesetupargs} -n flightctl-0.6.0~main~104~g825b199

%build
    # if this is a buggy version of go we need to set GOPROXY as workaround
    # see https://github.com/golang/go/issues/61928
    GOENVFILE=$(go env GOROOT)/go.env
    if [[ ! -f "${GOENVFILE}" ]]; then
        export GOPROXY='https://proxy.golang.org,direct'
    fi

    SOURCE_GIT_TAG=$(echo %{version} | tr '~' '-') \
    SOURCE_GIT_TREE_STATE=clean \
    SOURCE_GIT_COMMIT=$(echo %{version} | awk -F'[-~]g' '{print $2}') \
    SOURCE_GIT_TAG_NO_V=%{version} \
    make build-cli build-agent

    # SELinux modules build
    make --directory packaging/selinux

%install
    mkdir -p %{buildroot}/usr/bin
    mkdir -p %{buildroot}/etc/flightctl
    cp bin/flightctl %{buildroot}/usr/bin
    mkdir -p %{buildroot}/usr/lib/systemd/system
    mkdir -p %{buildroot}/%{_sharedstatedir}/flightctl
    mkdir -p %{buildroot}/usr/lib/flightctl/hooks.d/{afterupdating,beforeupdating,afterrebooting,beforerebooting}
    mkdir -p %{buildroot}/usr/lib/greenboot/check/required.d
    install -m 0755 packaging/greenboot/flightctl-agent-running-check.sh %{buildroot}/usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh
    cp bin/flightctl-agent %{buildroot}/usr/bin
    cp packaging/must-gather/flightctl-must-gather %{buildroot}/usr/bin
    cp packaging/hooks.d/afterupdating/00-default.yaml %{buildroot}/usr/lib/flightctl/hooks.d/afterupdating
    cp packaging/systemd/flightctl-agent.service %{buildroot}/usr/lib/systemd/system
    bin/flightctl completion bash > flightctl-completion.bash
    install -Dpm 0644 flightctl-completion.bash -t %{buildroot}/%{_datadir}/bash-completion/completions
    bin/flightctl completion fish > flightctl-completion.fish
    install -Dpm 0644 flightctl-completion.fish -t %{buildroot}/%{_datadir}/fish/vendor_completions.d/
    bin/flightctl completion zsh > _flightctl-completion
    install -Dpm 0644 _flightctl-completion -t %{buildroot}/%{_datadir}/zsh/site-functions/
    install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
    install -m644 packaging/selinux/*.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}

    rm -f licenses.list

    find . -type f -name LICENSE -or -name License | while read LICENSE_FILE; do
        echo "%{_datadir}/licenses/%{NAME}/${LICENSE_FILE}" >> licenses.list
    done
    mkdir -vp "%{buildroot}%{_datadir}/licenses/%{NAME}"
    cp LICENSE "%{buildroot}%{_datadir}/licenses/%{NAME}"

    mkdir -vp "%{buildroot}%{_docdir}/%{NAME}"

    for DOC in docs examples .markdownlint-cli2.yaml README.md; do
        cp -vr "${DOC}" "%{buildroot}%{_docdir}/%{NAME}/${DOC}"
    done

    # flightctl-services sub-package steps
    # Run the install script to move the quadlet files
    CONFIG_READONLY_DIR="%{buildroot}%{_datadir}/flightctl" \
    CONFIG_WRITEABLE_DIR="%{buildroot}%{_sysconfdir}/flightctl" \
    QUADLET_FILES_OUTPUT_DIR="%{buildroot}%{_datadir}/containers/systemd" \
    SYSTEMD_UNIT_OUTPUT_DIR="%{buildroot}/usr/lib/systemd/system" \
    deploy/scripts/install.sh

    # Copy files needed for post install into the build root
    cp deploy/scripts/post_install.sh %{buildroot}%{_datadir}/flightctl/post_install.sh
    cp deploy/scripts/secrets.sh %{buildroot}%{_datadir}/flightctl/secrets.sh

%check
    %{buildroot}%{_bindir}/flightctl-agent version


%pre selinux
%selinux_relabel_pre -s %{selinuxtype}

%post selinux

%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2
%agent_relabel_files

%postun selinux

if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} flightctl_agent
fi

%posttrans selinux

%selinux_relabel_post -s %{selinuxtype}

%post services
%{_datadir}/flightctl/post_install.sh

# File listings
# No %files section for the main package, so it won't be built

%files cli -f licenses.list
    %{_bindir}/flightctl
    %license LICENSE
    %{_datadir}/bash-completion/completions/flightctl-completion.bash
    %{_datadir}/fish/vendor_completions.d/flightctl-completion.fish
    %{_datadir}/zsh/site-functions/_flightctl-completion

%files agent -f licenses.list
    %license LICENSE
    %dir /etc/flightctl
    %{_bindir}/flightctl-agent
    %{_bindir}/flightctl-must-gather
    /usr/lib/flightctl/hooks.d/afterupdating/00-default.yaml
    /usr/lib/systemd/system/flightctl-agent.service
    %{_sharedstatedir}/flightctl
    /usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh
    %{_docdir}/%{NAME}/*
    %{_docdir}/%{NAME}/.markdownlint-cli2.yaml

%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2

%files services
    %defattr(0644,root,root,-)
    # Files mounted to system config
    %dir %{_sysconfdir}/flightctl
    %dir %{_sysconfdir}/flightctl/pki
    %dir %{_sysconfdir}/flightctl/flightctl-api
    %dir %{_sysconfdir}/flightctl/flightctl-ui
    %config(noreplace) %{_sysconfdir}/flightctl/service-config.yaml

    # Files mounted to data dir
    %dir %attr(0444,root,root) %{_datadir}/flightctl
    %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-api
    %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-db
    %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-kv
    %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-ui
    %{_datadir}/flightctl/flightctl-api/config.yaml.template
    %{_datadir}/flightctl/flightctl-api/env.template
    %attr(0755,root,root) %{_datadir}/flightctl/flightctl-api/init.sh
    %attr(0755,root,root) %{_datadir}/flightctl/flightctl-db/enable-superuser.sh
    %{_datadir}/flightctl/flightctl-kv/redis.conf
    %{_datadir}/flightctl/flightctl-ui/env.template
    %attr(0755,root,root) %{_datadir}/flightctl/flightctl-ui/init.sh
    %attr(0755,root,root) %{_datadir}/flightctl/init_utils.sh
    %{_datadir}/containers/systemd/flightctl*

    # Handle permissions for scripts run as part of the rpm post install
    %attr(0755,root,root) %{_datadir}/flightctl/post_install.sh
    %attr(0755,root,root) %{_datadir}/flightctl/secrets.sh

    # Files mounted to lib dir
    /usr/lib/systemd/system/flightctl.target

%changelog

* Thu Apr 10 2025 Packit <hello@packit.dev> - 0.6.0~main~104~g825b199-1.20250410211704729425.pr1083.104.g825b199
- EDM-1370: Add comment to .target explaining what the Requires and After diretives mean wrt startup ordering (Dakota Crowder)
- EDM-1370: Remove redundant Wants from target (Dakota Crowder)
- EDM-1370: Run daemon-reload in post install (Dakota Crowder)
- EDM-1370: Improve service dependency mappings and use a .target instead of slice (Dakota Crowder)
- EDM-1333: adding coverage for more steps (Eldar Weiss)
- EDM-1374: Resource monitorType casing mismatch causes alert not being displayed (Sam Batschelet)
- NO-ISSUE: agent/os: only pull if not booted (Sam Batschelet)
- NO-ISSUE: Cleanup remnants from grpc endpoint previously surfaced at 7444 (Dakota Crowder)
- EDM-1186: Updates to quadlets config and rpm spec per feedback (Dakota Crowder)
- EDM-1186: RPM Quadlet Installer initial implementation (Dakota Crowder)
- EDM-1186: Use podman secrets to manage db and kv passwords (Dakota Crowder)
- EDM-1394: Revert "EDM-1290: Allow passing nil maps to distinguish between missing and empty labels during resource update" (#1080) (Assaf Albo)
- NO-ISSUE: Fixed minor issues with helm chart when using gateway API (Ram)
- NO-ISSUE: fix for login validation (amalykhi)
- NO-ISSUE: flightctl login validation test (amalykhi)
- EDM-1305:  Console enhancements (Ori Amizur)
- EDM-1313: agent: ensure update error condition is visible (Sam Batschelet)
- EDM-996: flightctl-agent rpm should create /etc/flightctl/ directory (#1069) (Gregory Shilin)
- EDM-1318: Bug fix removing client cert creation at startup (noga-magen)
- EDM-1320: api: improve compose spec validations (Sam Batschelet)
- NO-ISSUE: agent: improve initial sync timing (Sam Batschelet)
- EDM-889: Separate out auth provider config (Frank A. Zdarsky)
- EDM-889: Revert change in token serialization (Frank A. Zdarsky)
- EDM-889: Omit empty fields (Frank A. Zdarsky)
- NO-ISSUE: Added Note (Siddarth R)
- EDM-1320: applications: improve provider validation (Sam Batschelet)
- EDM-1049: Use Stringer to format version (Frank A. Zdarsky)
- EDM-1049: Show field names when printing JSON and YAML output (Frank A. Zdarsky)
- EDM-1049: Enable use of context global flag (Frank A. Zdarsky)
- EDM-1354: In OCP flightctl-cli-artifacts pod is in CrashLoopBackOff installing with the latest helm chart (rawagner)
- EDM-1352: Building a gitserver as a root user fails (#1058) (Gregory Shilin)
- EDM-1294: Expose CLI Downloads via route and gateway. Create ConsoleCLIDownloads CR. (rawagner)
- EDM-1293: Deploy a pod with CLI tools (#1036) (Gregory Shilin)
- EDM-1329: agent/resource: calculate CPU usage with delta-based sampling (Sam Batschelet)
- EDM-1254: Add user documentation for rollout policies (Ori Amizur)
- EDM-1346: bump x/oauth2 and x/crypto (rawagner)
- EDM-1165: Fix AuthZ middleware. Add tests (rawagner)
- EDM-851: Update DevicesSummary to prevent null return (Siddarth R)
- Revert "EDM 851: Update DevicesSummary OpenAPI spec" (Siddarth R)
- EDM-1317: EDM-1321: api: add missing inline application eval (Sam Batschelet)
- EDM-310: Refactor CA handling (Anton Ivanov)
- NO-ISSUE: Update helm charts with new UI params (rawagner)
- EDM 851: Update DevicesSummary OpenAPI spec (Siddarth R)
- NO-ISSUE: Fix status e2e test (sserafin)
- NO-ISSUE: Anchors are not currently supported for workflows (#1013) (Gregory Shilin)
- EDM-1308: Use chi middleware request IDs (Avishay Traeger)
- EDM-1211: *: implement inline application provider (Sam Batschelet)
- EDM-1211: agent/applications: refactor (Sam Batschelet)
- EDM-1211: api: add application inline provider (Sam Batschelet)
- EDM-1290: Allow passing nil maps to distinguish between missing and empty labels during resource update (#1011) (Assaf Albo)
- EDM-1309: Prevent client from setting ER status (Avishay Traeger)
- EDM-1252:Adding labels (Eldar101)
- EDM-696: Support AAP Gateway OAuth2 (rawagner)
- NO-ISSUE: Make example enrollment request valid (Celia Amador)
- EDM-1214: Perform better validation of CSR and enrollment requests (Anton Ivanov)
- EDM-1251: fix JSONB fields in CompositeSelectorResolver (#995) (Assaf Albo)
- EDM-1138: Upgrade go to RH-supported (and FIPS-compatible) version (#980) (Gregory Shilin)
- EDM-1039: Make CLI code Windows compatible (#951) (Gregory Shilin)

* Mon Mar 31 2025 Dakota Crowder <dcrowder@redhat.com> - 0.6.0-1
- Add services sub-package for installation of containerized flightctl services
* Fri Feb 7 2025 Miguel Angel Ajo <majopela@redhat.com> - 0.4.0-1
- Add selinux support for console pty access

* Mon Nov 4 2024 Miguel Angel Ajo <majopela@redhat.com> - 0.3.0-1
- Move the Release field to -1 so we avoid auto generating packages
  with -5 all the time.
* Wed Aug 21 2024 Sam Batschelet <sbatsche@redhat.com> - 0.0.1-5
- Add must-gather script to provide a simple mechanism to collect agent debug
* Wed Aug 7 2024 Sam Batschelet <sbatsche@redhat.com> - 0.0.1-4
- Add basic greenboot support for failed flightctl-agent service
* Wed Mar 13 2024 Ricardo Noriega <rnoriega@redhat.com> - 0.0.1-3
- New specfile for both CLI and agent packages