-
Notifications
You must be signed in to change notification settings - Fork 7
/
incus.spec
532 lines (426 loc) · 17.9 KB
/
incus.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
# Disable documentation due to missing dependencies
%bcond doc 1
# Swagger version to download for documentation
%global swaggerui_version 5.17.14
%global swaggerui_source_baseurl https://github.com/swagger-api/swagger-ui/raw/v%{swaggerui_version}/dist/
# Enable tests
%bcond check 1
# https://github.com/lxc/incus
%global goipath github.com/lxc/incus
Version: 6.6
%gometa
%global godocs AUTHORS CODE_OF_CONDUCT.md CONTRIBUTING.md README.md SECURITY.md
%global golicenses COPYING
Name: incus
Release: 0.1%{?dist}
Summary: Powerful system container and virtual machine manager
License: Apache-2.0
URL: https://linuxcontainers.org/incus
Source0: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.xz
# Systemd units
Source101: %{name}.socket
Source102: %{name}.service
Source103: %{name}-startup.service
Source104: %{name}-user.socket
Source105: %{name}-user.service
# Ensure Incus groups exist
Source106: %{name}-sysusers.conf
# Ensure state directories (/var/lib/incus, /var/cache/incus, /var/log/incus) exist
Source107: %{name}-tmpfiles.conf
# Ensure system dnsmasq ignores Incus network bridge
Source108: %{name}-dnsmasq.conf
# Raise number of inotify user instances
Source109: %{name}-sysctl.conf
# Helper script for incusd shutdown
Source110: shutdown
# SELinux file labels
Source111: %{name}.fc
# Web scripts shipped with API documentation
Source201: %{swaggerui_source_baseurl}/swagger-ui-bundle.js#/swagger-ui-%{swaggerui_version}-bundle.js
Source202: %{swaggerui_source_baseurl}/swagger-ui-standalone-preset.js#/swagger-ui-%{swaggerui_version}-standalone-preset.js
Source203: %{swaggerui_source_baseurl}/swagger-ui.css#/swagger-ui-%{swaggerui_version}.css
# Patches upstream or proposed upstream
## https://github.com/lxc/incus/pull/1284
Patch0001: incus-6.6-Correct-macvlan-mode-names.patch
# Downstream only patches
## Allow offline builds
Patch1001: incus-0.2-doc-Remove-downloads-from-sphinx-build.patch
%global bashcompletiondir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null || :)
%global selinuxtype targeted
BuildRequires: gettext
BuildRequires: help2man
BuildRequires: pkgconfig(bash-completion)
BuildRequires: pkgconfig(cowsql)
BuildRequires: pkgconfig(libacl)
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(libudev)
BuildRequires: pkgconfig(lxc)
BuildRequires: pkgconfig(raft)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: systemd-rpm-macros
%{?sysusers_requires_compat}
Requires: %{name}-client = %{version}-%{release}
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
Requires: attr
Requires: dnsmasq
Requires: iptables, ebtables
Requires: (nftables if iptables-nft)
Requires: lxcfs
Requires: rsync
Requires: shadow-utils
Requires: squashfs-tools
Requires: tar
Requires: xdelta
Requires: xz
%{?systemd_requires}
%if %{with check}
BuildRequires: btrfs-progs
BuildRequires: dnsmasq
BuildRequires: nftables
%endif
Recommends: %{name}-agent = %{version}-%{release}
Suggests: %{name}-doc
%description
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the Incus daemon.
%pre
%sysusers_create_package %{name} %{SOURCE106}
%tmpfiles_create_package %{name} %{SOURCE107}
%post
%sysctl_apply 10-incus-inotify.conf
%systemd_post %{name}.socket
%systemd_post %{name}.service
%systemd_post %{name}-startup.service
%systemd_post %{name}-user.socket
%systemd_post %{name}-user.service
%preun
%systemd_preun %{name}.socket
%systemd_preun %{name}.service
%systemd_preun %{name}-startup.service
%systemd_preun %{name}-user.socket
%systemd_preun %{name}-user.service
%postun
%systemd_postun_with_restart %{name}.socket
%systemd_postun_with_restart %{name}.service
%systemd_postun_with_restart %{name}-user.socket
%systemd_postun_with_restart %{name}-user.service
%files
%license %{golicenses}
%config(noreplace) %{_sysconfdir}/dnsmasq.d/%{name}.conf
%{_sysctldir}/10-incus-inotify.conf
%{_unitdir}/%{name}.socket
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-startup.service
%{_unitdir}/%{name}-user.socket
%{_unitdir}/%{name}-user.service
%{_libexecdir}/%{name}/
%{_sysusersdir}/%{name}.conf
%{_tmpfilesdir}/%{name}.conf
%{_mandir}/man1/incusd*.1.*
%attr(700,root,root) %dir %{_localstatedir}/cache/%{name}
%attr(700,root,root) %dir %{_localstatedir}/log/%{name}
%attr(711,root,root) %dir %{_localstatedir}/lib/%{name}
%dnl ----------------------------------------------------------------------------
%package selinux
Summary: Container hypervisor based on LXC - SELinux policy
BuildArch: noarch
Requires: container-selinux
Requires(post): container-selinux
BuildRequires: selinux-policy-devel
%{?selinux_requires}
%description selinux
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the SELinux policy.
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%selinux_relabel_post -s %{selinuxtype}
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{name}
%selinux_relabel_post -s %{selinuxtype}
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%dnl ----------------------------------------------------------------------------
%package client
Summary: Container hypervisor based on LXC - Client
License: Apache-2.0
Requires: gettext
%description client
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the command line client.
%files client -f incus.lang
%license %{golicenses}
%{_bindir}/%{name}
%dir %{bashcompletiondir}
%{bashcompletiondir}/%{name}
%dir %{fish_completions_dir}
%{fish_completions_dir}/%{name}.fish
%dir %{zsh_completions_dir}
%{zsh_completions_dir}/_%{name}
%{_mandir}/man1/%{name}*.1.*
%exclude %{_mandir}/man1/incusd*.1.*
%exclude %{_mandir}/man1/incus-agent.1.*
%exclude %{_mandir}/man1/incus-benchmark.1.*
%exclude %{_mandir}/man1/incus-migrate.1.*
%exclude %{_mandir}/man1/lxc-to-incus.1.*
%exclude %{_mandir}/man1/lxd-to-incus.1.*
%dnl ----------------------------------------------------------------------------
%package tools
Summary: Container hypervisor based on LXC - Extra Tools
License: Apache-2.0
Requires: incus%{?_isa} = %{version}-%{release}
# fuidshift is also shipped with lxd
Conflicts: lxd-tools
%description tools
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains extra tools provided with Incus.
- fuidshift - A tool to map/unmap filesystem uids/gids
- lxc-to-incus - A tool to migrate LXC containers to Incus
- lxd-to-incus - A tool to migrate an existing LXD environment to Incus
- incus-benchmark - A Incus benchmark utility
- incus-migrate - A physical to container migration tool
%files tools
%license %{golicenses}
%{_bindir}/fuidshift
%{_bindir}/incus-benchmark
%{_bindir}/incus-migrate
%{_bindir}/lxc-to-incus
%{_bindir}/lxd-to-incus
%{_mandir}/man1/fuidshift.1.*
%{_mandir}/man1/incus-benchmark.1.*
%{_mandir}/man1/incus-migrate.1.*
%{_mandir}/man1/lxc-to-incus.1.*
%{_mandir}/man1/lxd-to-incus.1.*
%dnl ----------------------------------------------------------------------------
%package agent
Summary: Incus guest agent
License: Apache-2.0
Requires: incus%{?_isa} = %{version}-%{release}
# Virtual machine support requires additional packages
Recommends: edk2-ovmf
Recommends: xorriso
Recommends: qemu-char-spice
Recommends: qemu-device-display-virtio-vga
Recommends: qemu-device-display-virtio-gpu
Recommends: qemu-device-usb-redirect
Recommends: qemu-img
Recommends: qemu-kvm-core
%description agent
This packages provides an agent to run inside Incus virtual machine guests.
It has to be installed on the Incus host if you want to allow agent
injection capability when creating a virtual machine.
%files agent
%license %{golicenses}
%{_bindir}/incus-agent
%{_mandir}/man1/incus-agent.1.*
%dnl ----------------------------------------------------------------------------
%if %{with doc}
%package doc
Summary: Container hypervisor based on LXC - Documentation
# This project is Apache-2.0. Other files bundled with the documentation have the
# following licenses:
# - _static/basic.css: BSD-2-Clause
# - _static/clipboard.min.js: MIT
# - _static/copy*: MIT
# - _static/doctools.js: BSD-2-Clause
# - _static/*/furo*: MIT
# - _static/jquery*.js: MIT
# - _static/language_data.js: BSD-2-Clause
# - _static/pygments.css: BSD-2-Clause
# - _static/searchtools.js: BSD-2-Clause
# - _static/swagger-ui/*: Apache-2.0
# - _static/underscore*.js: MIT
License: Apache-2.0 AND BSD-2-Clause AND MIT
BuildArch: noarch
BuildRequires: python3-furo
BuildRequires: python3-linkify-it-py
BuildRequires: python3-lxd-sphinx-extensions
BuildRequires: python3-myst-parser
BuildRequires: python3-sphinx
BuildRequires: python3-sphinx-copybutton
BuildRequires: python3-sphinx-design
BuildRequires: python3-sphinx-notfound-page
BuildRequires: python3-sphinx-remove-toctrees
BuildRequires: python3-sphinx-reredirects
BuildRequires: python3-sphinx-tabs
BuildRequires: python3-sphinxcontrib-devhelp
BuildRequires: python3-sphinxext-opengraph
%description doc
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains user documentation.
%files doc
%license %{golicenses}
%doc doc/html
%endif
%dnl ----------------------------------------------------------------------------
%prep
%goprep -k
%autopatch -v -p1
%build
export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
for cmd in incusd incus-user; do
BUILDTAGS="libsqlite3" %gobuild -o %{gobuilddir}/lib/$cmd %{goipath}/cmd/$cmd
done
for cmd in incus fuidshift incus-benchmark lxc-to-incus lxd-to-incus; do
BUILDTAGS="libsqlite3" %gobuild -o %{gobuilddir}/bin/$cmd %{goipath}/cmd/$cmd
done
# upstream %gobuildflags contain '-linkmode=external' which conflicts with CGO_ENABLED=0
%global gobuildflags -tags="${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x
export CGO_ENABLED=0
BUILDTAGS="netgo" %gobuild -o %{gobuilddir}/bin/incus-migrate %{goipath}/cmd/incus-migrate
BUILDTAGS="agent netgo" %gobuild -o %{gobuilddir}/bin/incus-agent %{goipath}/cmd/incus-agent
unset CGO_ENABLED
# build shell completions
mkdir %{gobuilddir}/completions
%{gobuilddir}/bin/%{name} completion bash > %{gobuilddir}/completions/%{name}.bash
%{gobuilddir}/bin/%{name} completion fish > %{gobuilddir}/completions/%{name}.fish
%{gobuilddir}/bin/%{name} completion zsh > %{gobuilddir}/completions/%{name}.zsh
%if %{with docs}
# build documentation
mkdir -p doc/.sphinx/_static/swagger-ui
install -pm 0644 %{SOURCE201} doc/.sphinx/_static/swagger-ui/swagger-ui-bundle.js
install -pm 0644 %{SOURCE202} doc/.sphinx/_static/swagger-ui/swagger-ui-standalone-preset.js
install -pm 0644 %{SOURCE203} doc/.sphinx/_static/swagger-ui//swagger-ui.css
sed -i 's|^path.*$|path = "%{gobuilddir}"|' doc/conf.py
sphinx-build -c doc/ -b dirhtml doc/ doc/html/
rm -vrf doc/html/{.buildinfo,.doctrees}
# remove duplicate files
rm -vrf doc/html/{_sources,_sphinx_design_static}
%endif
# build translations
rm -f po/zh_Hans.po po/zh_Hant.po # remove invalid locales
make %{?_smp_mflags} build-mo
# generate man-pages
mkdir %{gobuilddir}/man
%{gobuilddir}/bin/incus manpage %{gobuilddir}/man/
%{gobuilddir}/lib/incusd manpage %{gobuilddir}/man/
help2man %{gobuilddir}/bin/fuidshift -n "uid/gid shifter" --no-info --no-discard-stderr > %{gobuilddir}/man/fuidshift.1
help2man %{gobuilddir}/bin/incus-benchmark -n "The container lightervisor - benchmark" --no-info --no-discard-stderr > %{gobuilddir}/man/incus-benchmark.1
help2man %{gobuilddir}/bin/incus-migrate -n "Physical to container migration tool" --no-info --no-discard-stderr > %{gobuilddir}/man/incus-migrate.1
help2man %{gobuilddir}/bin/lxc-to-incus -n "Convert LXC containers to Incus" --no-info --no-discard-stderr > %{gobuilddir}/man/lxc-to-incus.1
help2man %{gobuilddir}/bin/lxd-to-incus -n "LXD to Incus migration tool" --no-info --no-discard-stderr > %{gobuilddir}/man/lxd-to-incus.1
help2man %{gobuilddir}/bin/incus-agent -n "Incus virtual machine guest agent" --no-info --no-discard-stderr > %{gobuilddir}/man/incus-agent.1
# SELinux policy
mkdir selinux
cp -p %{SOURCE111} selinux/
pushd selinux
# generate the type enforcement file as it has no other content
echo 'policy_module(%{name},1.0)' >%{name}.te
%{__make} NAME=%{selinuxtype} -f %{_datadir}/selinux/devel/Makefile %{name}.pp
bzip2 -9 %{name}.pp
popd
%install
# install binaries
install -d %{buildroot}%{_bindir}
install -m0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
# install systemd units
install -d %{buildroot}%{_unitdir}
install -m0644 -vp %{SOURCE101} %{buildroot}%{_unitdir}/
install -m0644 -vp %{SOURCE102} %{buildroot}%{_unitdir}/
install -m0644 -vp %{SOURCE103} %{buildroot}%{_unitdir}/
install -m0644 -vp %{SOURCE104} %{buildroot}%{_unitdir}/
install -m0644 -vp %{SOURCE105} %{buildroot}%{_unitdir}/
install -D -m0644 -vp %{SOURCE106} %{buildroot}%{_sysusersdir}/%{name}.conf
install -D -m0644 -vp %{SOURCE107} %{buildroot}%{_tmpfilesdir}/%{name}.conf
# extra configs
install -D -m0644 -vp %{SOURCE108} %{buildroot}%{_sysconfdir}/dnsmasq.d/%{name}.conf
install -D -m0644 -vp %{SOURCE109} %{buildroot}%{_sysctldir}/10-incus-inotify.conf
# selinux policy
install -D -m0644 -vp selinux/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
# install helper libs
install -d %{buildroot}%{_libexecdir}/%{name}
install -m0755 -vp %{SOURCE110} %{buildroot}%{_libexecdir}/%{name}/
install -m0755 -vp %{gobuilddir}/lib/* %{buildroot}%{_libexecdir}/%{name}/
# install manpages
install -d %{buildroot}%{_mandir}/man1
cp -p %{gobuilddir}/man/*.1 %{buildroot}%{_mandir}/man1/
# install shell completions
install -D -m0644 -vp %{gobuilddir}/completions/%{name}.bash %{buildroot}%{bashcompletiondir}/%{name}
install -D -m0644 -vp %{gobuilddir}/completions/%{name}.fish %{buildroot}%{fish_completions_dir}/%{name}.fish
install -D -m0644 -vp %{gobuilddir}/completions/%{name}.zsh %{buildroot}%{zsh_completions_dir}/_%{name}
# cache and log directories
install -d -m0700 %{buildroot}%{_localstatedir}/cache/%{name}
install -d -m0700 %{buildroot}%{_localstatedir}/log/%{name}
install -d -m0711 %{buildroot}%{_localstatedir}/lib/%{name}
# language files
for mofile in po/*.mo ; do
install -D -m0644 -vp ${mofile} %{buildroot}%{_datadir}/locale/$(basename ${mofile%%.mo})/LC_MESSAGES/%{name}.mo
done
%find_lang incus
%if %{with check}
%check
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
# Add libsqlite3 tag to go test
%define gotestflags -buildmode pie -compiler gc -v -tags libsqlite3
%gocheck -v -t %{goipath}/test \
-d %{goipath}/cmd/lxc-to-incus # lxc-to-incus test fails, see ganto/copr-lxc4#23
%endif
%changelog
* Sat Oct 05 2024 Reto Gantenbein <[email protected]> 6.6-0.1
- Update to 6.6
* Mon Sep 23 2024 Reto Gantenbein <[email protected]> 6.5-0.1
- Update to 6.5
* Fri Aug 09 2024 Reto Gantenbein <[email protected]> 6.4-0.1
- Update to 6.4
* Sat Jul 20 2024 Reto Gantenbein <[email protected]> 6.3-0.3
- Revert socket dir to /var/lib/incus
- Fix permission for incus rundir
* Mon Jul 15 2024 Reto Gantenbein <[email protected]> 6.3-0.2
- Fix /usr/libexec/incus and /run/incus path references
* Sun Jul 14 2024 Reto Gantenbein <[email protected]> 6.3-0.1
- Update to 6.3
* Wed Jun 05 2024 Reto Gantenbein <[email protected]> 6.2-0.1
- Update to 6.2
- Update swagger-ui to v5.17.14
* Sun May 05 2024 Reto Gantenbein <[email protected]> 6.1-0.1
- Update to 6.1
- Update swagger-ui to v5.17.3
* Tue Apr 09 2024 Reto Gantenbein <[email protected]> 6.0.0-0.1
- Update to 6.0.0
- Update swagger-ui to v5.14.0
* Fri Mar 29 2024 Reto Gantenbein <[email protected]> 0.7-0.1
- Update to 0.7
- Update swagger-ui to v5.12.3
* Thu Feb 29 2024 Reto Gantenbein <[email protected]> 0.6-0.1
- Update to 0.6
- Update swagger-ui to v5.11.8
* Thu Feb 08 2024 Reto Gantenbein <[email protected]> 0.5.1-0.1
- Update to 0.5.1
- Update swagger-ui to v5.11.3
* Sat Jan 27 2024 Reto Gantenbein <[email protected]> 0.5-0.1
- Update to 0.5
- Update swagger-ui to v5.11.1
* Wed Jan 10 2024 Reto Gantenbein <[email protected]> 0.4-0.4
- Add incus-selinux sub package
* Thu Dec 28 2023 Reto Gantenbein <[email protected]> 0.4-0.3
- Fix typo in tmpfiles config
* Wed Dec 27 2023 Reto Gantenbein <[email protected]> 0.4-0.2
- Use systemd sysusers/tmpfiles
- Update dependencies to use 'Recommends'
- Remove unneeded incus-agent script and systemd unit
* Thu Dec 21 2023 Reto Gantenbein <[email protected]> 0.4-0.1
- Update to 0.4
- Update swagger-ui to v5.10.5
* Fri Nov 10 2023 Reto Gantenbein <[email protected]> 0.2-0.2
- Fix envvar for OVMF and documentation
* Mon Oct 30 2023 Reto Gantenbein <[email protected]> 0.2-0.1
- Update to 0.2
- Update swagger-ui to v5.9.1
* Sun Oct 15 2023 Reto Gantenbein <[email protected]> 0.1-0.2
- Fix libdir path
* Sun Oct 15 2023 Reto Gantenbein <[email protected]> 0.1-0.1
- Initial package