This series introduces a rewrite of the doc/demo.sh script for passt and pasta, which was entirely outdated, some changes to make packaging easier, and a number of fixes to the Fedora spec file template. Most issues addressed here were reported by Fedora package reviewers at: https://bugzilla.redhat.com/show_bug.cgi?id=2106611 Stefano Brivio (12): doc: Rewrite demo script README: Add link to Copr repositories Makefile: Ugly hack to get a "plain" Markdown version of README Makefile: Install demo.sh too, uninstall stuff under /usr/share fedora: Install "plain" README, instead of web version, and demo script fedora: Introduce own rpkg macro for changelog fedora: Start Release tag from 1, not 0 fedora: Drop VCS tag from spec file fedora: Change source URL to HEAD link with explicit commit SHA fedora: Build SELinux subpackage as noarch fedora: Don't hardcode CFLAGS setting, use %set_build_flags macro instead fedora: Fix man pages wildcards in spec file Makefile | 34 +++- README.md | 37 ++-- contrib/fedora/passt.spec | 26 +-- contrib/fedora/rpkg.macros | 38 +++++ doc/demo.sh | 340 +++++++++++++++++++++++++------------ 5 files changed, 334 insertions(+), 141 deletions(-) -- 2.35.1
The original demo script was written when pasta wasn't a thing yet, so it needed to run as root, set up a veth pair, and configure addresses and routes by itself. Now pasta can do all that for us, and become part of the demo as well. Further, extend it to start qemu, optionally preparing a basic demo image with mbuto (https://mbuto.sh), and execute one logical step at a time, for clarity. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- README.md | 29 ++--- doc/demo.sh | 340 +++++++++++++++++++++++++++++++++++----------------- 2 files changed, 244 insertions(+), 125 deletions(-) diff --git a/README.md b/README.md index 628b9bb..2cd40c7 100644 --- a/README.md +++ b/README.md @@ -541,25 +541,11 @@ See also the [test logs](/builds/latest/test/). man ./passt.1 -* run the demo script, that creates a network namespace called `passt`, sets up - sets up a _veth_ pair and and addresses, together with NAT for IPv4 and NDP - proxying for IPv6, then starts _passt_ in the network namespace: +* run the demo script, that detaches user and network namespaces, configures the + new network namespace using `pasta`, starts `passt` and, optionally, `qemu`: doc/demo.sh -* from the same network namespace, start qemu. At the moment, qemu doesn't - support UNIX domain sockets for the `socket` back-end. Two alternatives: - - * use the _qrap_ wrapper, which maps a tap socket descriptor to _passt_'s - UNIX domain socket, for example: - - ip netns exec passt ./qrap 5 qemu-system-x86_64 ... -net socket,fd=5 -net nic,model=virtio ... - - * or patch qemu with [this patch](/passt/tree/qemu/0001-net-Allow-also-UNIX-domain-sockets-to-be-used-as-net.patch) - and start it like this: - - qemu-system-x86_64 ... -net socket,connect=/tmp/passt.socket -net nic,model=virtio - * alternatively, you can use libvirt, with [this patch](/passt/tree/libvirt/0001-conf-Introduce-support-for-UNIX-domain-socket-as-qem.patch), to start qemu (with the patch mentioned above), with this kind of network interface configuration: @@ -613,6 +599,17 @@ See also the [test logs](/builds/latest/test/). dhclient -6 + * alternatively, start pasta as: + + ./pasta --config-net + + to let pasta configure networking in the namespace by itself, using + `netlink` + + * ...or run the demo script: + + doc/demo.sh + * and that's it, you should now have TCP connections, UDP, and ICMP/ICMPv6 echo working from/to the namespace for IPv4 and IPv6 diff --git a/doc/demo.sh b/doc/demo.sh index f49110a..d39a10e 100755 --- a/doc/demo.sh +++ b/doc/demo.sh @@ -4,122 +4,244 @@ # # PASST - Plug A Simple Socket Transport # -# demo.sh - Set up namespaces, addresses and routes to show PASST functionality +# demo.sh - Set up namespace with pasta, start qemu and passt, step by step # -# Copyright (c) 2020-2021 Red Hat GmbH +# Copyright (c) 2020-2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio(a)redhat.com> -get_token() { - IFS=' ' - __next=0 - for __token in ${@}; do - [ ${__next} -eq 2 ] && echo "${__token}" && return - [ "${__token}" = "${1}" ] && __next=$((__next + 1)) - done - unset IFS +# mbuto_profile() - Profile for https://mbuto.sh/, sourced, return after setting +mbuto_profile() { + PROGS="${PROGS:-ash,dash,bash ip mount ls ln chmod insmod mkdir sleep + lsmod modprobe find grep mknod mv rm umount iperf3 dhclient cat + hostname chown socat dd strace ping killall sysctl wget,curl}" + + KMODS="${KMODS:- virtio_net virtio_pci}" + + LINKS="${LINKS:- + ash,dash,bash /init + ash,dash,bash /bin/sh}" + + DIRS="${DIRS} /tmp /sbin /var/log /var/run /var/lib" + + # shellcheck disable=SC2016 + FIXUP="${FIXUP}"' + cat > /sbin/dhclient-script << EOF +#!/bin/sh + +[ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu} + +[ -n "\${new_ip_address}" ] && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface} +[ -n "\${new_routers}" ] && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done +[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done +[ -n "\${new_domain_name}" ] && echo "search \${new_domain_name}" >> /etc/resolf.conf +[ -n "\${new_domain_search}" ] && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf +[ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface} +[ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done +[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf +[ -n "\${new_host_name}" ] && hostname "\${new_host_name}" +exit 0 +EOF + + chmod 755 /sbin/dhclient-script + + mkdir -p /etc/dhcp + echo "timeout 3;" > /etc/dhcp/dhclient.conf + + ln -s /sbin /usr/sbin + :> /etc/fstab + + echo + echo "The guest is up and running. Networking is not configured yet:" + echo + echo "$ ip address show" + echo + ip address show + echo + echo "...the next step will take care of that." + read x + + echo "$ ip link set dev eth0 up" + ip link set dev eth0 up + sleep 3 + echo "$ /sbin/dhclient -4 -1" + /sbin/dhclient -4 -1 + sleep 2 + echo "$ /sbin/dhclient -6 -1" + /sbin/dhclient -6 -1 + sleep 2 + echo + echo "$ ip address show" + ip address show + echo + echo "$ ip route show" + ip route show + echo + echo "...done." + read x + + echo "Checking connectivity..." + echo + echo "$ wget --no-check-certificate https://passt.top/ || curl -k https://passt.top/" + wget --no-check-certificate https://passt.top/ || curl -k https://passt.top/ + echo "...done." + read x + + echo "An interactive shell will start now. When you are done," + echo "use ^C to terminate the guest and exit the demo." + echo + + sh +m +' } -ipv6_dev() { get_token "dev" $(ip -o -6 route show default | grep via); } -ipv6_devaddr() { get_token "inet6" $(ip -o -6 addr show dev "${1}" scope global); } -ipv6_ll_addr() { get_token "inet6" $(ip -o -6 addr show dev "${1}" scope link); } -ipv6_mask() { echo ${1#*/}; } -ipv6_mangle() { - IFS=':' - __c=0 - for __16b in ${1%%/*}; do - if [ ${__c} -lt 7 ]; then - printf "${__16b}:" - else - printf "%04x\n" $((0xabc0 + ${2})) && break - fi - __c=$((__c + 1)) - done - unset IFS +[ "${0##*/}" = "mbuto" ] && mbuto_profile && return 0 + +# cmd() - Show command being executed, then run it +# $@: Command and arguments +cmd() { + echo "$" "$@" + "$@" +} + +# next() - Go to next step once a key is pressed, sets $KEY +next() { + KEY="$(dd ibs=1 count=1 2>/dev/null)" + echo } -ndp_setup() { - sysctl -w net.ipv6.conf.all.proxy_ndp=1 - ip -6 neigh add proxy "${1}" dev "$(ipv6_dev)" +# cleanup() - Terminate pasta and passt, clean up, restore TTY settings +cleanup() { + [ -f "${DEMO_DIR}/pasta.pid" ] && kill "$(cat "${DEMO_DIR}/pasta.pid")" + [ -f "${DEMO_DIR}/passt.pid" ] && kill "$(cat "${DEMO_DIR}/passt.pid")" + rm -rf "${DEMO_DIR}" 2>/dev/null + [ -n "${STTY_BACKUP}" ] && stty "${STTY_BACKUP}" +} + +# start_pasta_delayed() - Start pasta once $DEMO_DIR/pasta.wait is gone +start_pasta_delayed() { + trap '' EXIT + while [ -d "${DEMO_DIR}/pasta.wait" ]; do sleep 1; done + cmd pasta --config-net -P "${DEMO_DIR}/pasta.pid" \ + "$(cat "${DEMO_DIR}/shell.pid")" + echo + echo "...pasta is running." + exit 0 +} - for i in `seq 1 63`; do - __neigh="$(ipv6_mangle ${1} ${i})" - if [ "${__neigh}" != "${1}" ]; then - ip -6 neigh add proxy "${__neigh}" dev "${2}" - fi - done +# into_ns() - Entry point and demo script to run inside new namespace +into_ns() { + echo "We're in the new namespace now." + next + + echo "Networking is not configured yet:" + echo + cmd ip link show + echo + cmd ip address show + next + + echo "Let's run pasta(1) to configure networking and connect this" + echo "namespace. Note that we'll run pasta(1) from outside this" + echo "namespace, because it needs to implement the connection between" + echo "this namespace and the initial (\"outer\") one." + next + + echo "$$" > "${DEMO_DIR}/shell.pid" + rmdir "${DEMO_DIR}/pasta.wait" + next + + echo "Back to the new namespace, networking is configured:" + echo + cmd ip link show + echo + cmd ip address show + next + + echo "and we can now start passt(1), to connect this namespace to a" + echo "virtual machine. If you want to start a shell in this namespace," + echo "press 's' now. Exiting the shell will resume the script." + next + [ "${KEY}" = "s" ] && ${SHELL} + + cmd passt -P "${DEMO_DIR}/passt.pid" + echo + echo "...passt is running." + next + + __arch="$(uname -m)" + case ${__arch} in + x86_64) + __arch_supported=1 + __qemu_arch="qemu-system-x86_64 -M pc,accel=kvm:tcg" + ;; + *) + __arch_supported=0 + ;; + esac + + if [ "${__arch_supported}" -eq 1 ]; then + echo "We're ready to start a virtual machine now. This script" + echo "can download and use mbuto (https://mbuto.sh/) to build a" + echo "basic initramfs image. Otherwise, press 's' to skip this" + echo "step, and start an existing virtual machine yourself." + echo "You'll need to use the qrap(1) wrapper, with qemu options" + echo "as reported above." + + next + else + echo "This script doesn't know, yet, how to run a virtual" + echo "machine on your architecture (${__arch}). Please start an" + echo "existing virtual machine yourself, using the qrap(1)" + echo "wrapper, with qemu options as reported above." + echo + fi + + if [ "${__arch_supported}" -eq 0 ] || [ "${KEY}" = "s" ]; then + echo "Start a virtual machine now. Pressing any key here will" + echo "terminate passt and pasta, and clean up." + next + + exit 0 + fi + + cmd git -C "${DEMO_DIR}" clone git://mbuto.sh/mbuto + echo + cmd "${DEMO_DIR}/mbuto/mbuto" \ + -p "$(realpath "${0}")" -f "${DEMO_DIR}/demo.img" + echo + echo "The guest image is ready. The next step will start the guest." + echo "Use ^C to terminate it." + next + + cmd qrap 5 qemu-system-x86_64 -M pc,accel=kvm:tcg \ + -smp "$(nproc)" -m 1024 \ + -nographic -serial stdio -nodefaults -no-reboot -vga none \ + -initrd "${DEMO_DIR}/demo.img" \ + -kernel "/boot/vmlinuz-$(uname -r)" -append "console=ttyS0" \ + -net socket,fd=5 -net nic,model=virtio || : } -ns_idx=0 -for i in `seq 1 63`; do - ns="passt_${i}" - ns_idx=${i} - - busy=0 - for p in $(pidof passt); do - [ "$(ip netns identify ${p})" = "${ns}" ] && busy=1 && break - done - [ ${busy} -eq 0 ] && break -done - -[ ${busy} -ne 0 ] && echo "Couldn't create namespace" && exit 1 - -ip netns del "${ns}" 2>/dev/null || : -ip netns add "${ns}" -ip link del "veth_${ns}" 2>/dev/null || : -ip link add "veth_${ns}" up netns "${ns}" type veth peer name "veth_${ns}" -ip link set dev "veth_${ns}" up -ip link set dev "veth_${ns}" mtu 65535 -ip -n "${ns}" link set dev "veth_${ns}" mtu 65535 -ip -n "${ns}" link set dev lo up - -ipv4_main="192.0.2.$(((ns_idx - 1) * 4 + 1))" -ipv4_ns="192.0.2.$(((ns_idx - 1) * 4 + 2))" - -ip -n "${ns}" addr add "${ipv4_ns}/30" dev "veth_${ns}" -ip addr add "${ipv4_main}/30" dev "veth_${ns}" -ip -n "${ns}" route add default via "${ipv4_main}" - -sysctl -w net.ipv4.ip_forward=1 -nft delete table "${ns}_nat" 2>/dev/null || : -nft add table "${ns}_nat" -nft add chain "${ns}_nat" postrouting '{ type nat hook postrouting priority -100 ; }' -nft add rule "${ns}_nat" postrouting ip saddr "${ipv4_ns}" masquerade - -ipv6_addr="$(ipv6_devaddr "$(ipv6_dev)")" -if [ -n "${ipv6_addr}" ]; then - ipv6_passt="$(ipv6_mangle "${ipv6_addr}" ${ns_idx})" - ndp_setup "${ipv6_passt}" "veth_${ns}" - ip -n "${ns}" addr add "${ipv6_passt}/$(ipv6_mask "${ipv6_addr}")" dev "veth_${ns}" - ip addr add "${ipv6_addr}" dev "veth_${ns}" - ip route add "${ipv6_passt}" dev "veth_${ns}" - passt_ll="$(ipv6_ll_addr "veth_${ns}")" - main_ll="$(get_token "link/ether" $(ip -o link show "veth_${ns}"))" - ip neigh add "${passt_ll%%/*}" dev "veth_${ns}" lladdr "${main_ll}" - ip -n "${ns}" route add default via "${passt_ll%%/*}" dev "veth_${ns}" - - sysctl -w net.ipv6.conf.all.forwarding=1 -else - ipv6_passt= -fi - -ethtool -K "veth_${ns}" tx off -ip netns exec "${ns}" ethtool -K "veth_${ns}" tx off -ip netns exec "${ns}" sysctl -w net.ipv4.ping_group_range="0 2147483647" - - -sysctl -w net.core.rmem_max=16777216 -sysctl -w net.core.wmem_max=16777216 -sysctl -w net.core.rmem_default=16777216 -sysctl -w net.core.wmem_default=16777216 -sysctl -w net.ipv4.tcp_rmem="16777216 131072 16777216" -sysctl -w net.ipv4.tcp_wmem="16777216 131072 16777216" - -echo -echo "Namespace ${ns} set up, addresses:" -echo " ${ipv4_ns}" -echo " ${ipv6_passt}" -echo -echo "Starting passt..." -echo - -ip netns exec "${ns}" ./passt -f -e -t all -u all +STTY_BACKUP="$(stty -g)" +stty -icanon + +trap cleanup EXIT INT +[ "${1}" = "into_ns" ] && into_ns && exit 0 + +DEMO_DIR="$(mktemp -d)" +mkdir "${DEMO_DIR}/pasta.wait" + +echo "This script sets up a network and user namespace using pasta(1), then" +echo "starts a virtual machine in it, connected via passt(1), pausing at every" +echo "step. Press any key to go to the next step." +next + +echo "Let's create the network and user namespace, first. This could be done" +echo "with pasta(1) itself (just issue \`pasta\`), but for the sake of this" +echo "script we'll create it first with unshare(1), and run the next steps" +echo "of this script from there." +next + +start_pasta_delayed & +DEMO_DIR="${DEMO_DIR}" cmd unshare -rUn "${0}" into_ns + +exit 0 -- 2.35.1
These have packages covering all recent versions of CentOS Stream, EPEL, Fedora, Mageia and OpenSUSE Tumbleweed. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 2cd40c7..2d7ae3c 100644 --- a/README.md +++ b/README.md @@ -537,6 +537,10 @@ See also the [test logs](/builds/latest/test/). make pkgs + * or use one of the unofficial + [repositories](https://copr.fedorainfracloud.org/coprs/sbrivio/passt/) for + CentOS Stream, EPEL, Fedora, Mageia and OpenSUSE Tumbleweed + * have a look at the _man_ page for synopsis and options: man ./passt.1 @@ -581,6 +585,10 @@ See also the [test logs](/builds/latest/test/). make pkgs + * or use one of the unofficial + [repositories](https://copr.fedorainfracloud.org/coprs/sbrivio/passt/) for + CentOS Stream, EPEL, Fedora, Mageia and OpenSUSE Tumbleweed + * have a look at the _man_ page for synopsis and options: man ./pasta.1 -- 2.35.1
Distribution packages reasonably expect to have a human-readable Markdown version of the README under /usr/share/doc/, but all we have right now is a heavily web-oriented version. Introduce a ugly hack to strip web-oriented parts from the current README and install it. It should probably work the other way around: a human-readable README could be used as a source for the web page. But cgit needs a file that's in the tree, not something that can be built, and https://passt.top/ is based on cgit. It should eventually be doable to work around this in cgit, instead. Reported-by: Benson Muite <benson_muite(a)emailplus.org> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- Makefile | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 0de872e..f03d117 100644 --- a/Makefile +++ b/Makefile @@ -90,7 +90,7 @@ else BIN := passt pasta qrap endif -all: $(BIN) $(MANPAGES) +all: $(BIN) $(MANPAGES) docs static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS static: clean all @@ -123,12 +123,14 @@ valgrind: all clean: $(RM) $(BIN) *.o seccomp.h pasta.1 \ passt.tar passt.tar.gz *.deb *.rpm \ - passt.pid + passt.pid README.plain.md -install: $(BIN) $(MANPAGES) +install: $(BIN) $(MANPAGES) docs mkdir -p $(DESTDIR)$(prefix)/bin $(DESTDIR)$(prefix)/share/man/man1 cp -d $(BIN) $(DESTDIR)$(prefix)/bin cp -d $(MANPAGES) $(DESTDIR)$(prefix)/share/man/man1 + mkdir -p $(DESTDIR)$(prefix)/share/doc/passt + cp -d README.plain.md $(DESTDIR)$(prefix)/share/doc/passt/README.md uninstall: $(RM) $(BIN:%=$(DESTDIR)$(prefix)/bin/%) @@ -147,6 +149,28 @@ pkgs: static --description="User-mode networking for VMs and namespaces" \ -k --version=g$(shell git rev-parse --short HEAD) passt.tar.gz +# TODO: This hack makes a "plain" Markdown version of README.md that can be +# reasonably shipped as documentation file, while the current README.md is +# definitely intended for web browser consumption. It should probably work the +# other way around: the web version should be obtained by adding HTML and +# JavaScript portions to a plain Markdown, instead. However, cgit needs to use +# a file in the git tree. Find a better way around this. +docs: README.md + @( \ + skip=0; \ + while read l; do \ + case $$l in \ + "## Demo") exit 0 ;; \ + "<!"*) ;; \ + "</"*) skip=1 ;; \ + "<"*) skip=2 ;; \ + esac; \ + \ + [ $$skip -eq 0 ] && echo "$$l"; \ + [ $$skip -eq 1 ] && skip=0; \ + done < README.md; \ + ) > README.plain.md + # Checkers currently disabled for clang-tidy: # - llvmlibc-restrict-system-libc-headers # TODO: this is Linux-only for the moment, nice to fix eventually -- 2.35.1
Suggested-by: Benson Muite <benson_muite(a)emailplus.org> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index f03d117..81b997e 100644 --- a/Makefile +++ b/Makefile @@ -131,10 +131,14 @@ install: $(BIN) $(MANPAGES) docs cp -d $(MANPAGES) $(DESTDIR)$(prefix)/share/man/man1 mkdir -p $(DESTDIR)$(prefix)/share/doc/passt cp -d README.plain.md $(DESTDIR)$(prefix)/share/doc/passt/README.md + cp -d doc/demo.sh $(DESTDIR)$(prefix)/share/doc/passt uninstall: $(RM) $(BIN:%=$(DESTDIR)$(prefix)/bin/%) $(RM) $(MANPAGES:%=$(DESTDIR)$(prefix)/share/man/man1/%) + $(RM) $(DESTDIR)$(prefix)/share/doc/passt/README.md + $(RM) $(DESTDIR)$(prefix)/share/doc/passt/demo.sh + -rmdir $(DESTDIR)$(prefix)/share/doc/passt pkgs: static tar cf passt.tar -P --xform 's//\/usr\/bin\//' $(BIN) -- 2.35.1
Suggested-by: Benson Muite <benson_muite(a)emailplus.org> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index ed5c4f6..8ae104a 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -73,7 +73,8 @@ semodule -r pasta 2>/dev/null || : %files %license LICENSES/{AGPL-3.0-or-later.txt,BSD-3-Clause.txt} -%doc README.md +%doc %{_docdir}/passt/README.md +%doc %{_docdir}/passt/demo.sh %{_bindir}/passt %{_bindir}/pasta %{_bindir}/qrap @@ -88,7 +89,6 @@ semodule -r pasta 2>/dev/null || : %endif %files selinux -%doc README.md %{_datadir}/selinux/packages/%{name}/passt.pp %{_datadir}/selinux/packages/%{name}/pasta.pp -- 2.35.1
git_dir_changelog is useful in theory, but it requires pairs of annotated tags, which should be generated by rpkg itself to make any sense, implying a relatively heavyweight interaction whenever I want to push a new package version. Also, the default content of the changelog entries include the full list of changes, but the Fedora Packaging Guidelines specifically mention that: [t]hey must never simply contain an entire copy of the source CHANGELOG entries. We don't have a CHANGELOG file, but the full git history is conceptually equivalent for this purpose, I guess. Introduce our own passt_git_changelog() rpkg macro, building changelog entries, using tags in the form DATE-SHA, where DATE is an ISO 8601 date representation, and SHA is a short (7-digits) form of the head commit at a given moment (git push). These changelog entries mention, specifically, changes to the packaging information itself (entries under contrib/fedora), and simply report a link to cgit for the ranges between tags. Reported-by: Benson Muite <benson_muite(a)emailplus.org> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 2 +- contrib/fedora/rpkg.macros | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index 8ae104a..41e4e3a 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -93,4 +93,4 @@ semodule -r pasta 2>/dev/null || : %{_datadir}/selinux/packages/%{name}/pasta.pp %changelog -{{{ git_dir_changelog }}} +{{{ passt_git_changelog }}} diff --git a/contrib/fedora/rpkg.macros b/contrib/fedora/rpkg.macros index 9e0cd78..c9ba03d 100644 --- a/contrib/fedora/rpkg.macros +++ b/contrib/fedora/rpkg.macros @@ -14,3 +14,37 @@ function git_version { printf "0.git.%s.%s" "$(date -u -I | tr - _)" "$(git rev-parse --short HEAD)" } + +function passt_git_changelog_entry { + __from="${2}" + __to="${1}" + + [ -z "${__from}" ] && __from="$(git rev-list --max-parents=0 HEAD)" + + __date="$(git log --pretty="format:%cI" "${__to}" -1)" + __author="$(git log -1 --pretty="format:%an <%ae>" ${__to} -- contrib/fedora)" + + printf "* %s %s - %s\n" "$(date "+%a %b %e %Y" -d "${__date}")" "${__author}" "0.git.${1}-0" + + IFS=' +' + for l in $(git log ${__from}..${__to} --pretty=format:"- %s" -- contrib/fedora); do + printf "%s%s\n" '-' "${l#*:}" + done + unset IFS + + printf "%s Upstream changes: https://passt.top/passt/log/?qt=range&q=%s..%s\n\n" '-' "${__from}" "${__to}" +} + +function passt_git_changelog_pairs { + while [ -n "${2}" ]; do + passt_git_changelog_entry "${1}" "${2}" + shift 2 + done + + passt_git_changelog_entry "${1}" "" +} + +function passt_git_changelog { + passt_git_changelog_pairs $((git tag --sort="-v:refname"|tail -n+2; git tag --sort="-v:refname") | sort -r) +} -- 2.35.1
...as specified by the Fedora Packaging Guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_simp… Reported-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index 41e4e3a..d4efb70 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -13,7 +13,7 @@ Name: passt Version: {{{ git_version }}} -Release: 0%{?dist} +Release: 1%{?dist} Summary: User-mode networking daemons for virtual machines and namespaces License: AGPLv3+ and BSD Group: System Environment/Daemons -- 2.35.1
It seems to be exposed by Koji (https://pagure.io/koji/issue/2541), but it's not actually in use, so we have to drop that. The website the URL tag points to reports all the needed information anyway. Reported-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index d4efb70..ee8f6a4 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -18,7 +18,6 @@ Summary: User-mode networking daemons for virtual machines and namespaces License: AGPLv3+ and BSD Group: System Environment/Daemons URL: https://passt.top/ -VCS: git://passt.top/passt Source: https://passt.top/passt/snapshot/passt-HEAD.tar.xz BuildRequires: gcc, make, checkpolicy, selinux-policy-devel -- 2.35.1
This is required as Fedora doesn't accept a temporary pointer to a source URL. Reported-by: Ralf Corsepius <rc040203(a)freenet.de> Reported-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 4 ++-- contrib/fedora/rpkg.macros | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index ee8f6a4..fcd5ba9 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -18,7 +18,7 @@ Summary: User-mode networking daemons for virtual machines and namespaces License: AGPLv3+ and BSD Group: System Environment/Daemons URL: https://passt.top/ -Source: https://passt.top/passt/snapshot/passt-HEAD.tar.xz +Source: https://passt.top/passt/snapshot/passt-{{{ git_head }}}.tar.xz BuildRequires: gcc, make, checkpolicy, selinux-policy-devel @@ -43,7 +43,7 @@ Requires(preun): policycoreutils, %{name} This package adds SELinux enforcement to passt(1) and pasta(1). %prep -%setup -q -n passt-HEAD +%setup -q -n passt-{{{ git_head }}} %build export CFLAGS="%{optflags}" diff --git a/contrib/fedora/rpkg.macros b/contrib/fedora/rpkg.macros index c9ba03d..2032034 100644 --- a/contrib/fedora/rpkg.macros +++ b/contrib/fedora/rpkg.macros @@ -15,6 +15,10 @@ function git_version { printf "0.git.%s.%s" "$(date -u -I | tr - _)" "$(git rev-parse --short HEAD)" } +function git_head { + git rev-parse HEAD +} + function passt_git_changelog_entry { __from="${2}" __to="${1}" -- 2.35.1
Otherwise, passt-selinux will be built separately for each supported architecture. Suggested-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index fcd5ba9..d4f83cb 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -34,6 +34,7 @@ namespace, without the need to create further interfaces on the host, hence not requiring any capabilities or privileges. %package selinux +BuildArch: noarch Summary: SELinux support for passt and pasta Requires: %{name} = %{version} Requires(post): policycoreutils, %{name} -- 2.35.1
This will also set any distribution-specific LDFLAGS. It's not needed anymore starting from Fedora 36, but the package might be built on other versions and distributions too (including e.g. CentOS Stream 8). Reported-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index d4f83cb..0c3dec7 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -47,7 +47,7 @@ This package adds SELinux enforcement to passt(1) and pasta(1). %setup -q -n passt-{{{ git_head }}} %build -export CFLAGS="%{optflags}" +%set_build_flags %make_build %install -- 2.35.1
If the man pages are not compressed, the current wildcards wouldn't match them. Drop the trailing '.' from them. Reported-by: Artur Frenszek-Iwicki <fedora(a)svgames.pl> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- contrib/fedora/passt.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec index 0c3dec7..8bbe0d0 100644 --- a/contrib/fedora/passt.spec +++ b/contrib/fedora/passt.spec @@ -78,14 +78,14 @@ semodule -r pasta 2>/dev/null || : %{_bindir}/passt %{_bindir}/pasta %{_bindir}/qrap -%{_mandir}/man1/passt.1.* -%{_mandir}/man1/pasta.1.* -%{_mandir}/man1/qrap.1.* +%{_mandir}/man1/passt.1* +%{_mandir}/man1/pasta.1* +%{_mandir}/man1/qrap.1* %ifarch x86_64 %{_bindir}/passt.avx2 -%{_mandir}/man1/passt.avx2.1.* +%{_mandir}/man1/passt.avx2.1* %{_bindir}/pasta.avx2 -%{_mandir}/man1/pasta.avx2.1.* +%{_mandir}/man1/pasta.avx2.1* %endif %files selinux -- 2.35.1