forked from openshift/ansible-service-broker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ansible-service-broker.spec
354 lines (300 loc) · 12.3 KB
/
ansible-service-broker.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
%if 0%{?fedora} || 0%{?rhel} >= 6
%global with_devel 1
# TODO: package new deps
%global with_bundled 0
%global with_debug 0
%global with_check 0
%global with_unit_test 0
%else
%global with_devel 0
%global with_bundled 0
%global with_debug 0
%global with_check 0
%global with_unit_test 0
%endif
%if 0%{?with_debug}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package %{nil}
%endif
%global provider github
%global provider_tld com
%global project openshift
%global repo ansible-service-broker
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
%if 0%{?copr}
%define build_timestamp .%(date +"%Y%m%d%H%M%%S")
%else
%define build_timestamp %{nil}
%endif
%define selinux_variants targeted
%define moduletype apps
%define modulename ansible-service-broker
Name: %{repo}
Version: 1.0.0
Release: 1%{build_timestamp}%{?dist}
Summary: Ansible Service Broker
License: ASL 2.0
URL: https://%{provider_prefix}
Source0: %{name}-%{version}.tar.gz
# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 %{arm}}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le %{mips} s390x
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
Requires(pre): shadow-utils
Requires: %{name}-selinux
BuildRequires: device-mapper-devel
BuildRequires: btrfs-progs-devel
%if ! 0%{?with_bundled}
%endif
%description
%{summary}
%package container-scripts
Summary: scripts required for running ansible-service-broker in a container
BuildArch: noarch
%description container-scripts
containers scripts for ansible-service-broker
%package selinux
Summary: selinux policy module for %{name}
BuildRequires: checkpolicy, selinux-policy-devel, hardlink, policycoreutils
BuildRequires: /usr/bin/pod2man
Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/sbin/setsebool, /usr/sbin/selinuxenabled, /usr/sbin/semanage
Requires(post): policycoreutils-python
Requires(post): selinux-policy-targeted
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
BuildArch: noarch
%description selinux
selinux policy module for %{name}
%post selinux
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp.bz2 > /dev/null
done
%postun selinux
if [ $1 -eq 0 ] ; then
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -r %{modulename} > /dev/null
done
fi
%pre
getent group ansibleservicebroker || groupadd -r ansibleservicebroker
getent passwd ansibleservicebroker || \
useradd -r -g ansibleservicebroker -d /var/lib/ansibleservicebroker -s /sbin/nologin \
ansibleservicebroker
exit 0
%post
%systemd_post %{name}.service
%postun
%systemd_postun
%if 0%{?with_devel}
%package devel
Summary: %{summary}
BuildArch: noarch
Requires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
Requires: device-mapper-devel
Requires: btrfs-progs-devel
%description devel
devel for %{name}
%{import_path} prefix.
%endif
%if 0%{?with_unit_test} && 0%{?with_devel}
%package unit-test
Summary: Unit tests for %{name} package
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
%if 0%{?with_check}
#Here comes all BuildRequires: PACKAGE the unit tests
#in %%check section need for running
%endif
# test subpackage tests code from devel subpackage
Requires: %{name}-devel = %{version}-%{release}
%description unit-test
unit-test for %{name}
%endif
%prep
%setup -q -n %{repo}-%{version}
ln -sf vendor src
mkdir -p src/github.com/openshift/ansible-service-broker
cp -r pkg src/github.com/openshift/ansible-service-broker
%build
export GOPATH=$(pwd):%{gopath}
export LDFLAGS='-s -w'
BUILDTAGS="seccomp selinux"
%if ! 0%{?gobuild:1}
%define gobuild() go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{**};
%endif
%gobuild -tags "$BUILDTAGS" ./cmd/broker
#Build selinux modules
# create selinux-friendly version from VR and replace it inplace
perl -i -pe 'BEGIN { $VER = join ".", grep /^\d+$/, split /\./, "%{version}.%{release}"; } s!\@\@VERSION\@\@!$VER!g;' extras/%{modulename}.te
%if 0%{?rhel} >= 6
distver=rhel%{rhel}
%endif
%if 0%{?fedora} >= 18
distver=fedora%{fedora}
%endif
for selinuxvariant in %{selinux_variants}
do
pushd extras
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile DISTRO=${distver}
bzip2 -9 %{modulename}.pp
mv %{modulename}.pp.bz2 %{modulename}.ppbz2.${selinuxvariant}
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean DISTRO=${distver}
popd
done
rm -rf src
%install
install -d -p %{buildroot}%{_bindir}
install -p -m 755 broker %{buildroot}%{_bindir}/asbd
install -p -m 755 build/entrypoint.sh %{buildroot}%{_bindir}/entrypoint.sh
install -d -p %{buildroot}%{_sysconfdir}/%{name}
install -p -m 644 etc/example-config.yaml %{buildroot}%{_sysconfdir}/%{name}/config.yaml
install -d -p %{buildroot}%{_libexecdir}/%{name}
cp -r scripts/* %{buildroot}%{_libexecdir}/%{name}
install -d -p %{buildroot}%{_unitdir}
install -p extras/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -d -p %{buildroot}%{_var}/log/%{name}
touch %{buildroot}%{_var}/log/%{name}/asb.log
# install selinux policy modules
for selinuxvariant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 extras/%{modulename}.ppbz2.${selinuxvariant} \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp.bz2
done
# install interfaces
install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
install -p -m 644 extras/%{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
# hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
# source codes for building projects
%if 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
# find all *.go but no *_test.go files and generate devel.file-list
for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
done
for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
done
%endif
# testing files for this project
%if 0%{?with_unit_test} && 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
# find all *_test.go files and generate unit-test.file-list
for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list
done
%endif
%if 0%{?with_devel}
sort -u -o devel.file-list devel.file-list
%endif
%check
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
%if ! 0%{?with_bundled}
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
%else
export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
%endif
%if ! 0%{?gotest:1}
%global gotest go test
%endif
# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted
#%%gotest %%{import_path}/libcontainer
%gotest %{import_path}/libcontainer/cgroups
# --- FAIL: TestInvalidCgroupPath (0.00s)
# apply_raw_test.go:16: couldn't get cgroup root: mountpoint for cgroup not found
# apply_raw_test.go:25: couldn't get cgroup data: mountpoint for cgroup not found
#%%gotest %%{import_path}/libcontainer/cgroups/fs
%gotest %{import_path}/libcontainer/configs
%gotest %{import_path}/libcontainer/devices
# undefined reference to `nsexec'
#%%gotest %%{import_path}/libcontainer/integration
%gotest %{import_path}/libcontainer/label
# Unable to create tstEth link: operation not permitted
#%%gotest %%{import_path}/libcontainer/netlink
# undefined reference to `nsexec'
#%%gotest %%{import_path}/libcontainer/nsenter
%gotest %{import_path}/libcontainer/selinux
%gotest %{import_path}/libcontainer/stacktrace
#constant 2147483648 overflows int
#%%gotest %%{import_path}/libcontainer/user
#%%gotest %%{import_path}/libcontainer/utils
#%%gotest %%{import_path}/libcontainer/xattr
%endif
#define license tag if not already defined
%{!?_licensedir:%global license %doc}
%files
%license LICENSE
%{_bindir}/asbd
%attr(750, ansibleservicebroker, ansibleservicebroker) %dir %{_sysconfdir}/%{name}
%attr(640, ansibleservicebroker, ansibleservicebroker) %config %{_sysconfdir}/%{name}/config.yaml
%{_unitdir}/%{name}.service
%{_libexecdir}/%{name}
%attr(750, ansibleservicebroker, ansibleservicebroker) %dir %{_var}/log/%{name}
%attr(640, ansibleservicebroker, ansibleservicebroker) %{_var}/log/%{name}/asb.log
%files container-scripts
%{_bindir}/entrypoint.sh
%files selinux
%attr(0600,root,root) %{_datadir}/selinux/*/%{modulename}.pp.bz2
%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
%if 0%{?with_devel}
%files devel -f devel.file-list
%license LICENSE
%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
%dir %{gopath}/src/%{import_path}
%endif
%if 0%{?with_unit_test} && 0%{?with_devel}
%files unit-test -f unit-test.file-list
%license LICENSE
%endif
%changelog
* Thu Jun 22 2017 jesus m. rodriguez <jesusr@redhat.com> 0.9.4-1
- 1463798 - Fix stale APBs present in ASB after bootstrap (#221) (Shawn.Hurley21@gmail.com)
- use the correct source name in the rpm spec (#220) (jmontleo@redhat.com)
* Thu Jun 22 2017 jesus m. rodriguez <jesusr@redhat.com> 0.9.3-1
- Fixing builds and standardize on a config file name (#218) (Shawn.Hurley21@gmail.com)
- strip makefile whitespace (#210) (ernelson@redhat.com)
* Wed Jun 21 2017 jesus m. rodriguez <jesusr@redhat.com> 0.9.2-1
- use a different source url for copr (#216) (jmrodri@gmail.com)
- Expect a config file to be mounted (#211) (fabianvf@users.noreply.github.com)
* Wed Jun 21 2017 jesus m. rodriguez <jesusr@redhat.com> 0.9.1-1
- new package built with tito (jesusr@redhat.com)
- bump version (jesusr@redhat.com)
- add version template to keep in sync with tito (#212) (jmrodri@gmail.com)
- Prepare repo for use with tito (#204) (jmrodri@gmail.com)
- Starting point for running broker local to simulate InCluster (#192) (jwmatthews@gmail.com)
- Check for empty spec dir when querying for catalog. (#195) (cfc@chasenc.com)
- Packaging fix for #171 (#191) (jmontleo@redhat.com)
- Recover jobs when broker restarted (#131) (jmrodri@gmail.com)
- implement deprovision (#172) (fabianvf@users.noreply.github.com)
- Run as arbitrary user (#146) (fabianvf@users.noreply.github.com)
- add selinux policy and update rpm spec to build the sub package (#160) (jmontleo@redhat.com)
- Updated to create/use service account for broker (#165) (jwmatthews@gmail.com)
- Add namespace parameter from service context. (#161) (cfc@chasenc.com)
- Add parameter schema support (#156) (jmrodri@gmail.com)
- Fix the APB repo url. (#163) (warmchang@outlook.com)
- Deprovison spec compliance (#117) (Shawn.Hurley21@gmail.com)
- log in with serviceaccount certs and token (#154) (fabianvf@users.noreply.github.com)
- Add Endpoint for ABP Tool to push Specs (#152) (Shawn.Hurley21@gmail.com)
- fixing bug where we attempt to deference nil parameters. (#149) (Shawn.Hurley21@gmail.com)
- Get all images (#132) (Shawn.Hurley21@gmail.com)
- better facilitate automate copr and manual brew builds (#145) (jmontleo@redhat.com)
- Added new registry adapter for RHCC (#135) (dymurray@redhat.com)
- Remove jq since PR#121 merged (#141) (rhallise@redhat.com)
- Rename fusor to openshift (#133) (jmrodri@gmail.com)
- Replace get_images_from_org (#121) (rhallise@redhat.com)
- Kubernetes client object (#115) (rhallise@redhat.com)