# GOLANG # https://docs.fedoraproject.org/en-US/packaging-guidelines/Golang/ # https://docs.fedoraproject.org/en-US/quick-docs/publish-rpm-on-copr # http://ftp.rpm.org/max-rpm/s1-rpm-inside-scripts.html # https://rpm-software-management.github.io/rpm/manual/macros.html # https://rpm-packaging-guide.github.io/ %global _owner pgnd %global _build_timestamp %( date +%%Y%%m%%d_%%H%%M%%S --utc ) %global _dist .%{_build_timestamp}.%{_owner}.fc%{fedora} %global _bao_builddate %( date +%%Y-%%m-%%dT%%H:%%M:%%SZ --utc ) # https://stackoverflow.com/questions/47838041/rpmbuild-how-to-disable-check-buildroot # https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # %%global __spec_install_pre /bin/true # %%global __arch_install_post %%{nil} %global __os_install_post %{nil} %global _disable_source_fetch 0 %global debug_package %{nil} # %%undefine _auto_set_build_flags %global _hardened_build 1 %global __brp_mangle_shebangs %{nil} %global __brp_strip %{nil} # %%global __requires_exclude ^.*/xxx/bin/python.*$ # %%global __requires_exclude_from ^.*/xxx/bin/python.*$ # RHEL8 rpmbuild and /usr/lib/.build-id # https://access.redhat.com/discussions/5045161 %global _build_id_links none # %%bcond_with XXX : opt build with XXX; default, without # %%bcond_without XXX : opt build without XXX; default, with # OPENBAO # https://openbao.org/ # https://github.com/openbao/openbao # https://openbao.org/docs/install/#compiling-from-source # https://github.com/opensciencegrid/vault-rpm/blob/master/vault.spec # Packaging guide # https://openbao.org/docs/contributing/packaging/ %global _bao_name openbao %global _bao_pkgnm openbao %global _bao_unitnm openbao %global _bao_comment OpenBao identity-based secrets and encryption management system %global _bao_descrip %{expand: %{_bao_comment}.} # https://spdx.org/licenses/MPL-2.0.html %global _bao_license MPL-2.0 %global _bao_usr openbao %global _bao_grp openbao %global _bao_conf_dir /usr/local/etc/openbao %global _hsm_conf_dir /usr/local/etc/softhsm2 %global _bao_data_dir /data/db/openbao %global _bao_install_dir /usr/local/openbao-pgnd %global _bao_log_dir /var/log/openbao %global _bao_pid_file %{_bao_pkgnm}.pid %global _bao_run_dir /run/openbao %global _bao_unit_dir /etc/systemd/system %global _hsm_data_dir /data/db/softhsm2 # https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ %global _bao_scm_repo openbao/openbao %global _bao_full_version HEAD %global _bao_scm_branch main # %%global _bao_scm_branch release/2.1.x %global _bao_scm_repo_esc %( echo %{_bao_scm_repo} | sed 's|_|-|g' | sed 's|/|%2F|g') %global _bao_scm_repo_norm %( echo %{_bao_scm_repo} | sed 's|_|-|g' | sed 's|/|-|g' ) %global _bao_scm_branch_norm %( echo %{_bao_scm_branch} | sed 's|_|-|g' | sed 's|/|-|g' ) %global _bao_scm_host https://github.com %global _bao_scm_host_api https://api.github.com/repos %global _bao_scm_url %{_bao_scm_host}/%{_bao_scm_repo} %global _bao_scm_tarball %{_bao_scm_host_api}/%{_bao_scm_repo}/tarball/%{commit0} # !!NOTE!! GH API tarball extracts to: %global _bao_scm_extract_dir %{_bao_scm_repo_norm}-%{shortcommit0} %global forgeurl0 %{_bao_scm_url} %global commit0 %( git ls-remote %{forgeurl0} | grep /%{_bao_scm_branch}$ | cut -f1 ) %global shortcommit0 %( c=%{commit0}; echo ${c} | head -c 7 ) %global forgesource0 %{_bao_scm_tarball} %global extractdir0 %{_bao_scm_extract_dir} %global forgesetupargs0 -T -D -b 0 -n %{extractdir0} %global goipath github.com/%{_bao_scm_repo} # %%global goaltipaths github %forgemeta -i -a %global dist %{_dist} # Vendor Pinning Vendor: %{_owner} # NEVRA (n-e:v-r.a) Name: %{_bao_pkgnm} Epoch: 3 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/ Version: %{scm0}_%( echo %{_bao_scm_branch} | sed 's|[/-]|_|g' ) Release: 0%{?dist} # https://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ %global _same_evr %{epoch}:%{version}-%{release} Summary: %{_bao_comment} License: %{_bao_license} URL: %{forgeurl0} Source0: %{forgesource0} Source100: %{_bao_unitnm}.service Source101: %{_bao_unitnm}.target Source110: %{_bao_name}.hcl.EXAMPLE Source200: %{_bao_name}.rsyslog Source210: %{_bao_name}.logrotate # https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets # https://docs.pagure.org/packaging-guidelines/Packaging:Scriptlets.html BuildRequires: bash BuildRequires: golang BuildRequires: nodejs-npm BuildRequires: opensc BuildRequires: pkgconf BuildRequires: pkgconfig(openssl) #BuildRequires: softhsm softhsm-devel BuildRequires: softhsm2 BuildRequires: yarnpkg # https://bugzilla.redhat.com/show_bug.cgi?id=2297642 %if 0%{?fedora} >= 41 # BuildRequires: openssl-devel-engine %endif BuildRequires: systemd BuildRequires: systemd-rpm-macros %{?systemd_requires} Requires(pre): user(%{_bao_usr}) Requires(pre): group(%{_bao_grp}) Requires: logrotate Requires: opensc Requires: openssl Requires: rsyslog Requires: softhsm2 #Requires: softhsm Provides: openbao = %{_same_evr} Obsoletes: openbao < %{_same_evr} %description %{_bao_descrip} %prep echo '##### STARTING PREP #####' %forgesetup -a %build echo '##### STARTING BUILD #####' cd %{_builddir}/%{extractdir0} export GOPATH=%{_builddir}/GOPATH export GOBUILDDIR=%{_builddir}/GOBUILDDIR mkdir -p %{buildroot}%{_bindir} mkdir -p ${GOPATH}/src mkdir -p ${GOPATH}/bin mkdir -p ${GOBUILDDIR}/bin export PATH=${GOPATH}/bin:$PATH export GOPROXY=https://proxy.golang.org,direct export GOSUMDB=sum.golang.org export CGO_ENABLED=1 # no git info in rpm scm; prevent using git to determine version ln -s /bin/true ${GOPATH}/bin/git # GO TOOLCHAINs # https://go.dev/dl/ # https://go.dev/doc/devel/release # @ OPENBAO # Bump to Go 1.23.6 # https://github.com/openbao/openbao/pull/975 # %%global _go_toolchain_ver 1.23.6 _go_toolchain_ver=$( cat .go-version ) go env -w GOTOOLCHAIN=go${_go_toolchain_ver}+auto go mod tidy # OpenBao UI # https://openbao.org/docs/configuration/ui/ # https://openbao.org/docs/contributing/packaging/#ui-release # ERROR: http/assets.go:16:12: pattern web_ui/*: no matching files found pushd ui yarn npm rebuild node-sass yarn run build popd # go mod vendor # go build -mod=vendor -o %%{gobuilddir}/bin/openbao . _BUILD_TAGS="" _BUILD_TAGS+=" hsm" _BUILD_TAGS+=" ui" go build \ -o ${GOBUILDDIR}/bin/openbao \ -tags "${_BUILD_TAGS}" \ -ldflags "\ -X 'github.com/openbao/openbao/version.fullVersion=%{_bao_full_version}' \ -X 'github.com/openbao/openbao/version.VersionMetadata=r%{_same_evr}' \ -X 'github.com/openbao/openbao/version.GitCommit=%{commit0}' \ -X 'github.com/openbao/openbao/version.BuildDate=%{_bao_builddate}' \ " . %install echo '##### STARTING INSTALL #####' cd %{_builddir}/%{extractdir0} find %{_builddir} -iwholename "*/bin/openbao" -exec ls -al "{}" \; export GOBUILDDIR=%{_builddir}/GOBUILDDIR mkdir -p ${RPM_BUILD_ROOT}/%{_bao_conf_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_bao_install_dir}/bin mkdir -p ${RPM_BUILD_ROOT}/%{_bao_unit_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/rsyslog.d mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d sed -i \ -e 's|__BAO_USR__|%{_bao_usr}|g' \ -e 's|__BAO_GRP__|%{_bao_grp}|g' \ -e 's|__BAO_CONF_DIR__|%{_bao_conf_dir}|g' \ -e 's|__BAO_DATA_DIR__|%{_bao_data_dir}|g' \ -e 's|__BAO_LOG_DIR__|%{_bao_log_dir}|g' \ -e 's|__BAO_PID_FILE__|%{_bao_pid_file}|g' \ -e 's|__BAO_RUN_DIR__|%{_bao_run_dir}|g' \ -e 's|__BAO_UNIT_DIR__|%{_bao_unit_dir}|g' \ -e 's|__HSM_CONF_DIR__|%{_hsm_conf_dir}|g' \ -e 's|__HSM_DATA_DIR__|%{_hsm_data_dir}|g' \ %{SOURCE100} %{SOURCE200} %{SOURCE210} # systemd unit files install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE100} \ ${RPM_BUILD_ROOT}/%{_bao_unit_dir}/%{_bao_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE101} \ ${RPM_BUILD_ROOT}/%{_bao_unit_dir}/%{_bao_unitnm}.target # conf files install -D -p -m 664 \ %{SOURCE110} \ ${RPM_BUILD_ROOT}/%{_bao_conf_dir}/%{_bao_name}.hcl.EXAMPLE # rsyslog files install -D -p -m 664 \ %{SOURCE200} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/rsyslog.d/%{_bao_name}.conf # logrotate files install -D -p -m 644 \ %{SOURCE210} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d/%{_bao_name} mkdir -p ${RPM_BUILD_ROOT}/%{_bindir} # install -m 0755 -v ${GOBUILDDIR}/bin/openbao ${RPM_BUILD_ROOT}/%%{_bindir}/ # ln -sf %%{_bindir}/openbao ${RPM_BUILD_ROOT}/%%{_bindir}/bao install -m 0755 -v ${GOBUILDDIR}/bin/openbao ${RPM_BUILD_ROOT}/%{_bao_install_dir}/bin/ ln -sf %{_bao_install_dir}/bin/openbao ${RPM_BUILD_ROOT}/%{_bindir}/bao # mkdir -p ${RPM_BUILD_ROOT}/%%{_datadir}/openbao/vendor # cp -r vendor ${RPM_BUILD_ROOT}/%%{_datadir}/openbao/vendor/ %pre %post -e # %%systemd_post %%{_bao_unitnm}.service systemctl daemon-reload systemctl --no-reload enable my-servers.timer systemctl restart --quiet %{_bao_unitnm}.service %preun # %%systemd_preun %%{_bao_unitnm}.service systemctl --no-reload stop --no-warn %{_bao_unitnm}.service %postun systemctl daemon-reload %systemd_postun_with_restart %{_bao_unitnm}.service %files # %%doc CHANGELOG.md README.md scripts/changelog.sh # %%license LICENSE %dir %{_bao_install_dir} %{_bao_install_dir}/* %{_bindir}/bao # %%{_datadir}/openbao/vendor %attr(0644,root,root) %{_bao_unit_dir}/%{_bao_unitnm}.service %attr(0644,root,root) %{_bao_unit_dir}/%{_bao_unitnm}.target %{_bao_conf_dir}/%{_bao_name}.hcl.EXAMPLE %{_sysconfdir}/rsyslog.d/%{_bao_name}.conf %{_sysconfdir}/logrotate.d/%{_bao_name} %changelog * Sun Mar 2 2025 pgnd _ - bump 1740969073