openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File incus.spec of Package incus

#
# spec file for package Incus
#
# Copyright (c) 2024 Helder Costa, srv@hcosta.io
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# -----------------------------------------------------------------------------------
# This rpm spec file has been developed with inspiration 
# from the following individuals and their respective works:
#
# - Aleksa Sarai [https://build.opensuse.org/package/show/home:cyphar:lxc/lxd]
# - Reto Gantenbein [https://github.com/ganto/copr-lxc4/blob/master/incus/incus.spec]
# - Stéphane Graber [https://github.com/zabbly/incus]
#
# This rpm spec file endeavors to adhere to the packaging guidelines and 
# recommendations as outlined in the Linux Containers documentation, 
# accessible at [https://linuxcontainers.org/incus/docs/main/packaging/]. 
# -----------------------------------------------------------------------------------

%define _buildshell /bin/bash
%define import_path github.com/lxc/incus
%define incus_datadir %{_datadir}/incus
%define incus_ovmfdir %{incus_datadir}/ovmf
%define selinux_version 1.0

Name:           incus
Version:        6.0.0
Release:        0
Summary:        Modern lightweight, system container and virtual machine manager
License:        Apache-2.0
Group:          System/Management
URL:            https://linuxcontainers.org/incus/

Source:         https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.xz
Source1:        https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.xz.asc
Source2:        %{name}.keyring

Source10:       %{name}-systemd.socket
Source11:       %{name}-systemd.service
Source12:       %{name}-systemd-startup.service
Source13:       %{name}-systemd-user.socket
Source14:       %{name}-systemd-user.service
Source15:       %{name}-systemd-lxcfs.service

Source30:       %{name}.sysusers
Source31:       %{name}.sysctl
Source32:       %{name}-dnsmasq.conf
Source33:       %{name}.default
Source34:       %{name}.logrotate

Source50:       %{name}-selinux.fc

Source100:      %{name}-example.config

BuildRequires:  acl
BuildRequires:  attr
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  bzip2
BuildRequires:  dnsmasq
BuildRequires:  fdupes
BuildRequires:  git
BuildRequires:  go >= 1.21
BuildRequires:  golang-packaging
BuildRequires:  help2man
BuildRequires:  libacl-devel
BuildRequires:  libcap-devel
BuildRequires:  liblz4-devel
BuildRequires:  libtool
BuildRequires:  make
BuildRequires:  nftables
BuildRequires:  patchelf
BuildRequires:  pkgconfig
BuildRequires:  pkgconfig(libudev)
BuildRequires:  pkgconfig(lxc) >= 4.0.0
BuildRequires:  pkgconfig(libuv) >= 1.8.0
BuildRequires:  qemu-ovmf-x86_64
BuildRequires:  rsync
BuildRequires:  sqlite3-devel >= 3.25
BuildRequires:  squashfuse-tools
BuildRequires:  sysuser-tools
BuildRequires:  tar
BuildRequires:  tcl
BuildRequires:  xz
BuildRequires:  zstd

Requires:       acl
Requires:       attr
Requires:       ca-certificates
Requires:       dnsmasq
Requires:       incus-selinux
Requires:       incus-client
Requires:       kernel-base >= 5.4
Requires:       logrotate
Requires:       lxcfs
Requires:       lxcfs-hooks-lxc
Requires:       nftables
Requires:       qemu-x86 >= 8.0
Requires:       qemu-ovmf-x86_64
Requires:       qemu-img
Requires:       qemu-hw-usb-redirect
Requires:       qemu-hw-display-virtio-vga
Requires:       qemu-hw-display-virtio-gpu
Requires:       qemu-ui-spice-app
Requires:       rsync
Requires:       squashfs
Requires:       squashfuse-tools
Requires:       tar
Requires:       xz
Requires:       xdelta3

Recommends:     criu >= 3.0
Recommends:     thin-provisioning-tools
Recommends:     incus-tools

Suggests:       btrfsprogs
Suggests:       lvm2
Suggests:       virtiofsd

%sysusers_requires

%description
Incus is a modern, secure and powerful system container and virtual machine manager.

It provides a unified experience for running and managing full Linux system
inside containers or virtual machines. Incus supports images for a large number
of Linux distributions (official Ubuntu images and images provided by the community)
and is built around a very powerful, yet pretty simple, REST API.
Incus scales from one instance on a single machine to a cluster in a full
data center rack, making it suitable for running workloads both for
development and in production.

%package bash-completion
Summary:        Modern lightweight, system container and virtual machine manager
Group:          System/Management
BuildArch:      noarch

Requires:       bash-completion
Supplements:    (%{name}-client and bash-completion)

%description bash-completion
Incus is a modern, secure and powerful system container and virtual machine manager.

This package contains the bash-completion support for %{name}.

%package selinux
Summary:        Modern lightweight, system container and virtual machine manager
Group:          System/Management
BuildArch:      noarch

BuildRequires:  container-selinux
BuildRequires:  selinux-policy
BuildRequires:  selinux-policy-devel

Requires:       %{name} = %{version}-%{release}
Requires:       container-selinux
Requires:       selinux-tools

%description selinux
Incus is a modern, secure and powerful system container and virtual machine manager.

This package contains the SELinux policy support for %{name}.

%package client
Summary:        Modern lightweight, system container and virtual machine manager
License:        Apache-2.0
Group:          System/Management

Requires:       incus-bash-completion

%description client
Incus is a modern, secure and powerful system container and virtual machine manager.

This package contains extra tools provided with %{name}.

%package tools
Summary:        Modern lightweight, system container and virtual machine manager
License:        Apache-2.0
Group:          System/Management

Requires:       %{name} = %{version}-%{release}
Conflicts:      lxd-tools

%description tools
Incus is a modern, secure and powerful system container and virtual machine manager.

This package contains extra tools provided with %{name}.

- incus-benchmark - A Incus benchmark utility
 - incus-migrate - A physical to container migration tool
 - incus-generate - Entry point for all "go:generate" directives used in source code
 - fuidshift - A tool to map/unmap filesystem uids/gids
 - lxc-to-incus - A tool to migrate LXC containers to Incus
 - lxd-to-incus - A tool to migrate an existing LXD environment to Incus

%prep
%setup -q

%build
%sysusers_generate_pre %{SOURCE30} %{name} %{name}.conf

go clean -cache

# Temporary installation paths.
export INSTALL_ROOT="$PWD/.install"
export INSTALL_INCLUDEDIR="$INSTALL_ROOT/%{_includedir}"
export INSTALL_LIBDIR="$INSTALL_ROOT/%{_libdir}/%{name}"

# Build as dylibs.
export CFLAGS="%{optflags} -fPIC -DPIC"

# Temporary install directory which contains all of the dylib deps.
export PKG_CONFIG_SYSROOT_DIR="$INSTALL_ROOT"
export PKG_CONFIG_PATH="$INSTALL_LIBDIR/pkgconfig"

# Using custom CGO_LDFLAGS_ALLOW.
export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"

mkdir -p $INSTALL_INCLUDEDIR

pushd "vendor/raft"
autoreconf -fiv
%configure \
        --libdir="%{_libdir}/%{name}" \
        --disable-static
make %{?_smp_mflags}
make DESTDIR="$INSTALL_ROOT" install
popd

pushd "vendor/cowsql"
(
autoreconf -fiv
%configure \
        --libdir="%{_libdir}/%{name}" \
        --disable-static
make clean
make %{?_smp_mflags}
make DESTDIR="$INSTALL_ROOT" install
)
popd

# Find all of the main packages using go-list.
readarray -t mainpkgs \
        <<<"$(go list -f '{{.Name}}:{{.ImportPath}}' %{import_path}/... | \
              awk -F: '$1 == "main" { print $2 }' | \
              grep -Ev '^github.com/lxc/incus/(test|shared)')"

mkdir bin
for mainpkg in "${mainpkgs[@]}"
do
        # All binaries *except*  mentioned bellow, will have an incus- prefix.
        binary="$(basename "$mainpkg")"
        if  ( echo "$binary" | grep -Eqv '^incus.*$|^lxc-to-incus.*$|^lxd-to-incus.*$|^fuidshift.*$' )
        then
                binary="incus-$binary"
        fi
        case "$binary" in
                incus-agent)
                        build_static=1
                        build_tags="agent,netgo"
                        ;;
                incus-p2c)
                        build_static=1
                        build_tags="netgo"
                        ;;
                *)
                        build_static=
                        build_tags="libsqlite3"
                        ;;
        esac
        (
                # Link against dylib deps
                export \
                        CGO_CFLAGS="-I $INSTALL_INCLUDEDIR" \
                        CGO_LDFLAGS="-L $INSTALL_LIBDIR" ||:

if [ -n "$build_static" ]
                then
                        CGO_ENABLED=0 go build -ldflags "-extldflags -static" \
                                -tags "$build_tags" -o "bin/$binary" "$mainpkg"
                else
                        go build -buildmode=pie \
                                -tags "$build_tags" -o "bin/$binary" "$mainpkg"
                fi
        )
done

# Generate manual pages.
(
        export LD_LIBRARY_PATH="$INSTALL_LIBDIR"
        mkdir man
        ./bin/incus manpage man/
        ./bin/incusd manpage man/
)

# Use absolute paths as DT_NEEDED entries -- which bypasses the need 
# for RUNPATH and allows us to set garbage sonames for the vendor/* libraries.
(
        # A simple check that incus isn't broken. We can't do this after patchelf
        # because we'd need to chroot(2) into {buildroot} which isn't permitted due
        # to user namespaces being blocked inside rpmbuild. boo#1138769
        export LD_LIBRARY_PATH="$INSTALL_LIBDIR"
        ./bin/incus version
)

for lib in "$INSTALL_LIBDIR"/lib*.so
do
        # Strip off last two version digits.
        name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')"
        # Give our libraries unrecognisable DT_SONAME entries.
        patchelf --set-soname "._INCUS_INTERNAL-$name" "$lib"
        # Make sure they're executable.
        chmod +x "$lib"
done

# Switch to absolute DT_NEEDED for all dylibs we have as well as the main Incus binary. 
for target in bin/* "$INSTALL_LIBDIR"/lib*.so
do
        case "$(basename "$target")" in
                incus-agent|incus-p2c)
                        continue
                        ;;
                *)
                        ;;
        esac

# Drop RPATH in case it got included during builds.
        patchelf --remove-rpath "$target"
        # And now replace all the possible DT_NEEDEDs to absolute paths.
        for lib in "$INSTALL_LIBDIR"/lib*.so
        do
                # Strip off last two version digits.
                name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')"
                patchelf --replace-needed {,%{_libdir}/%{name}/}"$name" "$target"
        done
done

# Final sanity-check during build.
pushd bin/
for bin in *
do
        # Ensure that all our binaries are dynamic (except for incus-p2c and
        # incus-agent, which must be static). boo#1138769
        case "$(basename $bin)" in
                incus-agent|incus-p2c)
                        file "$bin" | grep 'statically linked'
                        ;;
                *)
                        file "$bin" | grep 'dynamically linked'
                        # Check what they are linked against.
                        ldd "$bin"
                        ;;
        esac
done
popd

# SELinux policy.
mkdir selinux
cp -p %{SOURCE50} selinux/%{name}.fc
pushd selinux
echo 'policy_module(%{name},%{selinux_version})' > %{name}.te
make -f %{_datadir}/selinux/devel/Makefile %{name}.pp
bzip2 -9 %{name}.pp
popd

%install
export INSTALL_LIBDIR="$PWD/.install/%{_libdir}/%{name}"

# Install libraries.
install -d -m 0755 %{buildroot}%{_libdir}/%{name}
# We can't use install because *.so.$n are symlinks.
cp -avt %{buildroot}%{_libdir}/%{name}/ "$INSTALL_LIBDIR"/lib*.so.*

# Install binaries.
install -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 -vp bin/* %{buildroot}%{_bindir}/

# System-wide configuration.
install -D -m 0644 %{SOURCE30} %{buildroot}%{_sysusersdir}/%{name}.conf
install -D -m 0644 %{SOURCE31} %{buildroot}%{_sysctldir}/40-%{name}.conf
install -D -m 0644 %{SOURCE32} %{buildroot}%{_sysconfdir}/dnsmasq.d/40-%{name}.conf
install -D -m 0644 %{SOURCE33} %{buildroot}%{_sysconfdir}/default/%{name}
install -D -m 0644 %{SOURCE34} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m 0644 %{SOURCE100} %{buildroot}%{_sysconfdir}/%{name}/example-config.yml

# Run-time directories.
install -d -m 0711 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 0700 %{buildroot}%{_localstatedir}/log/%{name}
install -d -m 0700 %{buildroot}%{_sysconfdir}/%{name}/servercerts

# Virtual machine support, firmware/UEFI.
mkdir -p %{buildroot}%{incus_ovmfdir}
ln -s %{_datarootdir}/qemu/ovmf-x86_64-code.bin %{buildroot}%{incus_ovmfdir}/OVMF_CODE.fd
ln -s %{_datarootdir}/qemu/ovmf-x86_64-vars.bin %{buildroot}%{incus_ovmfdir}/OVMF_VARS.fd
ln -s OVMF_VARS.fd %{buildroot}%{incus_ovmfdir}/OVMF_VARS.ms.fd

# Systemd units.
install -D -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}.socket
install -D -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-startup.service
install -D -m 0644 %{SOURCE13} %{buildroot}%{_unitdir}/%{name}-user.socket
install -D -m 0644 %{SOURCE14} %{buildroot}%{_unitdir}/%{name}-user.service
install -D -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/%{name}-lxcfs.service

# Bash completion.
install -D -m 0644 scripts/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions/%{name}

# SELinux policy.
install -D -m 0644 -p selinux/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{name}.pp.bz2

# Install man pages.
pushd man/
for man in *
do
        section="${man##*.}"
        install -D -m 0644 "$man" "%{buildroot}%{_mandir}/man$section/$man"
done
popd

# Stripping executables and libraries.
find %{buildroot}%{_bindir} -type f -executable -exec strip {} \;
find %{buildroot}%{_libdir} -name "*.so.*" -exec strip --strip-unneeded {} \;

# Find and remove duplicates.
%fdupes %{buildroot}

%pre
touch /etc/subuid /etc/subgid ||:
grep -q '^root:' /etc/subuid || \
        usermod -v 400000000-900000000 root &>/dev/null || \
        echo "root:400000000:500000001" >>/etc/subuid ||:
grep -q '^root:' /etc/subgid || \
        usermod -w 400000000-900000000 root &>/dev/null || \
        echo "root:400000000:500000001" >>/etc/subgid ||:

%pre selinux
%selinux_relabel_pre

%post
%sysctl_apply 40-%{name}.conf
%systemd_post %{name}.socket
%systemd_post %{name}.service
%systemd_post %{name}-startup.service
%systemd_post %{name}-user.socket
%systemd_post %{name}.user.service
%systemd_post %{name}-lxcfs.service

%post selinux
%selinux_modules_install %{_datadir}/selinux/packages/%{name}.pp.bz2
%selinux_relabel_post

%preun
%systemd_preun %{name}.socket
%systemd_preun %{name}.service
%systemd_preun %{name}-startup.service
%systemd_preun %{name}-user.socket
%systemd_preun %{name}-user.service
%systemd_preun %{name}-lxcfs.service

%postun
%systemd_postun_with_restart %{name}.socket
%systemd_postun_with_restart %{name}.service
%systemd_postun_with_restart %{name}-user.socket
%systemd_postun_with_restart %{name}-user.service
%systemd_postun_with_restart %{name}-lxcfs.service

%postun selinux
if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall %{name}
    %selinux_relabel_post
fi

%posttrans selinux
%selinux_relabel_post

%files
%defattr(-,root,root)
%doc AUTHORS README.md
%license COPYING

%{_bindir}/%{name}d
%{_bindir}/%{name}-user
%{_bindir}/%{name}-agent
%{_mandir}/man1/%{name}d.*
%{_libdir}/%{name}
%{_unitdir}/%{name}.socket
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-startup.service
%{_unitdir}/%{name}-user.socket
%{_unitdir}/%{name}-user.service
%{_unitdir}/%{name}-lxcfs.service

%{incus_datadir}
%{_sysusersdir}/%{name}.conf
%{_sysctldir}/40-%{name}.conf
%config %{_sysconfdir}/%{name}/example-config.yml
%config(noreplace) %{_sysconfdir}/dnsmasq.d/40-%{name}.conf
%config(noreplace) %{_sysconfdir}/default/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/%{name}/servercerts
%attr(700,root,root) %dir %{_localstatedir}/lib/%{name}
%attr(711,root,root) %dir %{_localstatedir}/log/%{name}

%files bash-completion
%attr(-,root,root) %{_datadir}/bash-completion/completions/%{name}

%files selinux
%attr(0644,root,root) %{_datadir}/selinux/packages/%{name}.pp.bz2

%files client
%license COPYING
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.*

%files tools
%defattr(-,root,root)
%license COPYING
%{_bindir}/%{name}-benchmark
%{_bindir}/%{name}-migrate
%{_bindir}/%{name}-generate
%{_bindir}/fuidshift
%{_bindir}/lxc-to-%{name}
%{_bindir}/lxd-to-%{name}

%changelog

Places

File incus.spec of Package incus

Places