packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to openvswitch-2.17.5, and support build with dpdk

Browse Source
This commit is contained in:
wanglimin 2023-01-03 19:16:35 +08:00
parent e7468e102d
commit a26b56c088
8 changed files with 367 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
0000-openvswitch-add-stack-protector-strong.patch
View File

@ -1,5 +1,5 @@
diff --git a/Makefile.am b/Makefile.am
index ff1f94b..cca6cf0 100644
index cb8076433..9807d6345 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,7 +30,7 @@ AM_CPPFLAGS += -I $(top_builddir)/lib

20
0002-Remove-unsupported-permission-names.patch
View File

@ -1,15 +1,15 @@
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index 2adaf23..b2c63ab 100644
index beb0ab0d6..9f51f604e 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -78,8 +78,8 @@ domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t, openvswitch_load
#============= openvswitch_t ==============
allow openvswitch_t self:capability { dac_override audit_write net_broadcast net_raw };
-allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write };
-allow openvswitch_t self:netlink_netfilter_socket { create nlmsg_relay audit_write read write };
+allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay read write };
+allow openvswitch_t self:netlink_netfilter_socket { create read write };
@@ -49,8 +49,8 @@ require {
class fifo_file { getattr read write append ioctl lock open };
class filesystem getattr;
class lnk_file { read open };
- class netlink_audit_socket { create nlmsg_relay audit_write read write };
- class netlink_netfilter_socket { create nlmsg_relay audit_write read write };
+ class netlink_audit_socket { create nlmsg_relay read write };
+ class netlink_netfilter_socket { create read write };
@begin_dpdk@
allow openvswitch_t self:netlink_rdma_socket { setopt bind create };
class netlink_rdma_socket { setopt bind create };
@end_dpdk@

41
0003-Fallback-to-read-proc-net-dev-on-linux.patch
View File

@ -1,41 +0,0 @@
diff --git a/utilities/ovs-tcpdump.in b/utilities/ovs-tcpdump.in
index 11624c5..cdba1d5 100755
--- a/utilities/ovs-tcpdump.in
+++ b/utilities/ovs-tcpdump.in
@@ -24,7 +24,21 @@ import subprocess
import sys
import time
-import netifaces
+try:
+ from netifaces import interfaces
+except ImportError:
+ if sys.platform in ['linux', 'linux2']:
+ def interfaces():
+ devices = []
+ with open("/proc/net/dev", "r") as f_netdev:
+ for line in f_netdev:
+ if ":" not in line:
+ continue
+ devices.append(line.split(":")[0].strip())
+ return devices
+ else:
+ print("ERROR: Please install netifaces Python library.")
+ sys.exit(1)
try:
from ovs.db import idl
@@ -438,11 +452,11 @@ def main():
mirror_interface = _make_mirror_name[sys.platform](interface)
if sys.platform in _make_taps and \
- mirror_interface not in netifaces.interfaces():
+ mirror_interface not in interfaces():
_make_taps[sys.platform](mirror_interface,
ovsdb.interface_mtu(interface))
- if mirror_interface not in netifaces.interfaces():
+ if mirror_interface not in interfaces():
print("ERROR: Please create an interface called `%s`" %
mirror_interface)
print("See your OS guide for how to do this.")

80
backport-CVE-2022-4338.patch
View File

@ -1,80 +0,0 @@
From 7490f281f09a8455c48e19b0cf1b99ab758ee4f4 Mon Sep 17 00:00:00 2001
From: Qian Chen <cq674350529@163.com>
Date: Tue, 20 Dec 2022 09:36:08 -0500
Subject: [PATCH] lldp: Fix bugs when parsing malformed AutoAttach.
The OVS LLDP implementation includes support for AutoAttach standard, which
the 'upstream' lldpd project does not include. As part of adding this
support, the message parsing for these TLVs did not include proper length
checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
without a proper boundary will cause an overread of memory, and lead to
undefined results, including crashes or other unidentified behavior.
The fix is to introduce proper bounds checking for these elements. Introduce
a unit test to ensure that we have some proper rejection in this code
base in the future.
Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Qian Chen <cq674350529@163.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/lldp/lldp.c | 2 ++
tests/ofproto-dpif.at | 19 +++++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
index 18afbab..f668dc7 100644
--- a/lib/lldp/lldp.c
+++ b/lib/lldp/lldp.c
@@ -581,6 +581,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
switch(tlv_subtype) {
case LLDP_TLV_AA_ELEMENT_SUBTYPE:
+ CHECK_TLV_SIZE(50, "ELEMENT");
PEEK_BYTES(&msg_auth_digest, sizeof msg_auth_digest);
aa_element_dword = PEEK_UINT32;
@@ -627,6 +628,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
break;
case LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE:
+ CHECK_TLV_SIZE(36, "ISID_VLAN_ASGNS");
PEEK_BYTES(&msg_auth_digest, sizeof msg_auth_digest);
/* Subtract off tlv type and length (2Bytes) + OUI (3B) +
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index f9ffc9f..d4f27ed 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -29,6 +29,25 @@ AT_CHECK([ovs-appctl revalidator/wait])
OVS_VSWITCHD_STOP
AT_CLEANUP
+AT_SETUP([ofproto-dpif - malformed lldp autoattach tlv])
+OVS_VSWITCHD_START()
+add_of_ports br0 1
+
+dnl Enable lldp
+AT_CHECK([ovs-vsctl set interface p1 lldp:enable=true])
+
+dnl Send a malformed lldp packet
+packet="0180c200000ef6b426aa5f0088cc020704f6b426aa5f000403057632060200780c"dnl
+"5044454144424545464445414442454546444541444245454644454144424545464445414"dnl
+"4424545464445414442454546444541444245454644454144424545464445414442454546"dnl
+"4445414442454546fe0500040d0c010000"
+AT_CHECK([ovs-appctl netdev-dummy/receive p1 "$packet"], [0], [stdout])
+
+OVS_WAIT_UNTIL([grep -q "ISID_VLAN_ASGNS TLV too short" ovs-vswitchd.log])
+
+OVS_VSWITCHD_STOP(["/|WARN|ISID_VLAN_ASGNS TLV too short received on/d"])
+AT_CLEANUP
+
AT_SETUP([ofproto-dpif - active-backup bonding])
# Create br0 with interfaces p1, p2 and p7, creating bond0 with p1 and p2
# and br1 with interfaces p3, p4 and p8.
--
2.33.0

29
fix-selinux-err.patch
View File

@ -1,29 +1,16 @@
From 3b35964c7da2a4000486c57e2c347c8cc67ac393 Mon Sep 17 00:00:00 2001
Date: Wed, 1 Sep 2021 16:54:34 +0800
Subject: [PATCH] openvswitch-2
---
selinux/openvswitch-custom.te.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index b2c63ab..8f76c14 100644
index 9f51f604e..77b0bd98f 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -15,10 +15,12 @@ require {
@@ -15,6 +15,7 @@ require {
type ifconfig_exec_t;
type init_t;
type init_var_run_t;
+ type initrc_t;
+ type initrc_t;
type insmod_exec_t;
type kernel_t;
type hostname_exec_t;
type modules_conf_t;
+ type modules_dep_t;
type modules_object_t;
type passwd_file_t;
type plymouth_exec_t;
@@ -117,10 +119,12 @@ allow openvswitch_t openvswitch_load_module_t:process transition;
@@ -118,6 +119,7 @@ allow openvswitch_t openvswitch_load_module_t:process transition;
allow openvswitch_load_module_t bin_t:file { execute execute_no_trans map };
allow openvswitch_load_module_t init_t:unix_stream_socket { getattr ioctl read write };
allow openvswitch_load_module_t init_var_run_t:dir { getattr read open search };
@ -31,11 +18,3 @@ index b2c63ab..8f76c14 100644
allow openvswitch_load_module_t insmod_exec_t:file { execute execute_no_trans getattr map open read };
allow openvswitch_load_module_t kernel_t:system module_request;
allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
+allow openvswitch_load_module_t modules_dep_t:file { getattr map open read };
allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };
--
2.27.0

BIN
openvswitch-2.12.4.tar.gz → openvswitch-2.17.5.tar.gz
View File

Binary file not shown.

532
openvswitch.spec
View File

@ -1,152 +1,233 @@
# This is enabled by default for versions of the distribution that
# have Python 3 by default.
%bcond_with dpdk
%ifarch x86_64
%bcond_without check
%else
%bcond_with check
%endif
%bcond_with check_datapath_kernel
%bcond_without libcapng
Name: openvswitch
Summary: Open vSwitch daemon/database/utilities
URL: https://www.openvswitch.org/
Version: 2.17.5
Release: 1
License: ASL 2.0 and LGPLv2+ and SISSL
Source0: https://www.openvswitch.org/releases/%{name}-%{version}.tar.gz
Source1: openvswitch.sysusers
Name: openvswitch
Summary: Production Quality, Multilayer Open Virtual Switch
URL: http://www.openvswitch.org/
Version: 2.12.4
License: ASL 2.0 and ISC
Release: 2
Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
Buildroot: /tmp/openvswitch-rpm
Patch0000: 0000-openvswitch-add-stack-protector-strong.patch
Patch0002: 0002-Remove-unsupported-permission-names.patch
Patch0003: 0003-Fallback-to-read-proc-net-dev-on-linux.patch
Patch0004: backport-CVE-2022-4338.patch
Patch0003: fix-selinux-err.patch
Patch9000: fix-selinux-err.patch
BuildRequires: gcc gcc-c++ make
BuildRequires: autoconf automake libtool
BuildRequires: openssl openssl-devel
BuildRequires: python3-devel python3-six python3-setuptools
BuildRequires: python3-sphinx
BuildRequires: desktop-file-utils
BuildRequires: groff-base graphviz
BuildRequires: unbound-devel
# make check dependencies
BuildRequires: procps-ng
Requires: logrotate hostname python >= 3.8 python3-six selinux-policy-targeted
BuildRequires: python3-six, openssl-devel checkpolicy selinux-policy-devel autoconf automake libtool python-sphinx unbound-devel
BuildRequires: python3-devel
Provides: openvswitch-selinux-policy = %{version}-%{release}
Obsoletes: openvswitch-selinux-policy < %{version}-%{release}
%if %{with check_datapath_kernel}
BuildRequires: nmap-ncat
%endif
%if %{with libcapng}
BuildRequires: libcap-ng libcap-ng-devel
%endif
%if %{with dpdk}
BuildRequires: dpdk-devel libpcap-devel numactl-devel
%endif
%bcond_without check
%bcond_with check_datapath_kernel
Requires: openssl iproute module-init-tools
%{?systemd_requires}
%{?sysusers_requires_compat}
Requires(post): /bin/sed
Requires(post): %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
Obsoletes: openvswitch-controller <= 0:2.1.0-1
%description
Open vSwitch is a production quality, multilayer virtual switch licensed under
the open source Apache 2.0 license.
%package devel
Summary: Development tools for Open vSwitch
%description devel
Libraries, header files, and other development tools for Open vSwitch.
%package help
Summary: Helpful information for Open vSwitch
%description help
Documents and helpful information for Open vSwitch.
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
traffic.
%package -n python3-openvswitch
Summary: Open vSwitch python3 bindings
Provides: python3-ovs
License: ASL 2.0
BuildArch: noarch
Requires: python3
Requires: python3-six
%{?python_provide:%python_provide python3-openvswitch = %{version}-%{release}}
Requires: python3 python3-six
Obsoletes: python-openvswitch < 2.10.0-6
Provides: python-openvswitch = %{version}-%{release}
%description -n python3-openvswitch
Python bindings for the Open vSwitch database
%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
Requires: python3-openvswitch = %{version}-%{release}
%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.
%package testcontroller
Summary: Simple controller for testing OpenFlow setups
License: ASL 2.0
Requires: openvswitch = %{version}-%{release}
%description testcontroller
This controller enables OpenFlow switches that connect to it to act as
MAC-learning Ethernet switches.
It can be used for initial testing of OpenFlow networks.
It is not a necessary or desirable part of a production OpenFlow deployment.
%package devel
Summary: Open vSwitch OpenFlow development package (library, headers)
License: ASL 2.0
%description devel
This provides shared library, libopenswitch.so and the openvswitch header
files needed to build an external application.
%package -n network-scripts-%{name}
Summary: Open vSwitch legacy network service support
License: ASL 2.0
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
service.
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: ASL 2.0
Requires: openvswitch libreswan
Requires: python3-openvswitch = %{version}-%{release}
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%if %{with dpdk}
%package dpdk
Summary: Open vSwitch OpenFlow development package (switch, linked with DPDK)
License: ASL 2.0
Supplements: %{name}
%description dpdk
This provides ovs-vswitchd linked with DPDK library.
%endif
%prep
%autosetup -p1
%autosetup -p 1
export PKG_CONFIG_PATH=/usr/lib64/pkgconfig
%build
rm -f python/ovs/dirs.py
autoreconf
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=%{_localstatedir} \
--libdir=%{_libdir} \
--enable-ssl \
./boot.sh
mkdir build build-dpdk
pushd build
ln -s ../configure
%configure \
--disable-libcapng \
--disable-static \
--enable-shared \
--enable-ssl \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki
make %{?_smp_mflags}
popd
%if %{with dpdk}
pushd build-dpdk
ln -s ../configure
%configure \
--disable-libcapng \
--disable-static \
--enable-shared \
--enable-ssl \
--with-dpdk=shared \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
PYTHON=%{__python3}
sed -i '1s/python/python3/g' build-aux/dpdkstrip.py
build-aux/dpdkstrip.py \
--nodpdk \
--libdir=%{_libdir}/openvswitch-dpdk \
--program-suffix=.dpdk
make %{?_smp_mflags}
popd
%endif
/usr/bin/python3 build-aux/dpdkstrip.py \
--dpdk \
< rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
> rhel/usr_lib_systemd_system_ovs-vswitchd.service
%make_build
make selinux-policy
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%if %{with dpdk}
make -C build-dpdk install-exec DESTDIR=$RPM_BUILD_ROOT
# We only need ovs-vswitchd-dpdk and some libraries for dpdk subpackage
rm -rf $RPM_BUILD_ROOT%{_bindir}
find $RPM_BUILD_ROOT%{_sbindir} -mindepth 1 -maxdepth 1 -not -name ovs-vswitchd.dpdk -delete
find $RPM_BUILD_ROOT%{_libdir}/openvswitch-dpdk -mindepth 1 -maxdepth 1 -not -name "libofproto*.so.*" -not -name "libopenvswitch*.so.*" -delete
%endif
make -C build install DESTDIR=$RPM_BUILD_ROOT
mv $RPM_BUILD_ROOT%{_sbindir}/ovs-vswitchd $RPM_BUILD_ROOT%{_sbindir}/ovs-vswitchd.nodpdk
touch $RPM_BUILD_ROOT%{_sbindir}/ovs-vswitchd
install -d -m 0755 $RPM_BUILD_ROOT/run/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
install -p -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysusersdir}/openvswitch.conf
install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
$RPM_BUILD_ROOT%{_udevrulesdir}/91-vfio.rules
install -p -D -m 0644 \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/openvswitch
for service in openvswitch ovsdb-server ovs-vswitchd; do
for service in openvswitch ovsdb-server ovs-vswitchd ovs-delete-transient-ports \
openvswitch-ipsec; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
$RPM_BUILD_ROOT%{_unitdir}/${service}.service
done
install -m 0755 rhel/etc_init.d_openvswitch $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/openvswitch.init
install -D -m 0644 rhel/etc_logrotate.d_openvswitch $RPM_BUILD_ROOT/etc/logrotate.d/openvswitch
install -D -m 0644 rhel/etc_openvswitch_default.conf $RPM_BUILD_ROOT/%{_sysconfdir}/openvswitch/default.conf
install -D -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs $RPM_BUILD_ROOT/etc/sysconfig/network-scripts/ifup-ovs
install -D -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs $RPM_BUILD_ROOT/etc/sysconfig/network-scripts/ifdown-ovs
install -D -m 0644 rhel/usr_share_openvswitch_scripts_sysconfig.template $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/sysconfig.template
install -m 0755 rhel/etc_init.d_openvswitch \
$RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init
install -p -m 644 -D selinux/openvswitch-custom.pp \
$RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
$RPM_BUILD_ROOT/%{_sysconfdir}/openvswitch/default.conf
rm \
$RPM_BUILD_ROOT/usr/bin/ovs-testcontroller \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-testcontroller.8 \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-test.8 \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-l3ping.8 \
$RPM_BUILD_ROOT/usr/sbin/ovs-vlan-bug-workaround \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-vlan-bug-workaround.8 \
$RPM_BUILD_ROOT/usr/bin/ovn-* \
$RPM_BUILD_ROOT/usr/share/man/man?/ovn-* \
$RPM_BUILD_ROOT/usr/share/openvswitch/ovn-* \
$RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovn*
(cd "$RPM_BUILD_ROOT" && rm -rf usr/%{_lib}/*.la)
(cd "$RPM_BUILD_ROOT" && rm -rf usr/include)
install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
$RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT/var/lib/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/openflow
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/arpa
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/netinet
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/sys
install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/openvswitch/lib
install -m 0644 include/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch
install -m 0644 include/openflow/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/openflow
install -m 0644 include/openvswitch/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/openvswitch
install -m 0644 include/sparse/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse
install -m 0644 include/sparse/arpa/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/arpa
install -m 0644 include/sparse/netinet/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/netinet
install -m 0644 include/sparse/sys/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/sparse/sys
install -m 0644 lib/*.h $RPM_BUILD_ROOT/%{_includedir}/openvswitch/lib
install -D -m 0644 lib/.libs/libopenvswitch.a \
$RPM_BUILD_ROOT/%{_libdir}/libopenvswitch.a
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
install -m 0644 vswitchd/vswitch.ovsschema \
$RPM_BUILD_ROOT/%{_datadir}/openvswitch/vswitch.ovsschema
install -d -m 0755 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/* \
$RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \
$RPM_BUILD_ROOT%{python3_sitelib}
# Build the JSON C extension for the Python lib (#1417738)
pushd python
(
export CPPFLAGS="-I ../include"
@ -159,36 +240,87 @@ popd
rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/.conf.db.~lock~
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
install -d $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -p -D -m 0755 \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
$RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovs-systemd-reload
$RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovs-systemd-reload
%clean
rm -rf $RPM_BUILD_ROOT
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
%pre
%selinux_relabel_pre -s targeted
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/%{_bindir}/ovs-benchmark \
$RPM_BUILD_ROOT/%{_bindir}/ovs-docker \
$RPM_BUILD_ROOT/%{_bindir}/ovs-parse-backtrace \
$RPM_BUILD_ROOT/%{_sbindir}/ovs-vlan-bug-workaround
rm -rf $RPM_BUILD_ROOT/%{_mandir}/*
# remove ovn unpackages files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovn*
rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*
%check
for dir in build \
%if %{with dpdk}
%ifarch %{dpdkarches}
build-dpdk \
%endif
%endif
; do
pushd $dir
%if %{with check}
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
if make check TESTSUITEFLAGS='%{_smp_mflags}' ||
make check TESTSUITEFLAGS='--recheck' ||
make check TESTSUITEFLAGS='--recheck'; then :;
else
cat tests/testsuite.log
exit 1
fi
%endif
%if %{with check_datapath_kernel}
if make check-kernel RECHECK=yes; then :;
else
cat tests/system-kmod-testsuite.log
exit 1
fi
%endif
popd
done
%preun
%if 0%{?systemd_preun:1}
%systemd_preun %{name}.service
%else
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
# Package removal, not upgrade
/bin/systemctl --no-reload disable %{name}.service >/dev/null 2>&1 || :
/bin/systemctl stop %{name}.service >/dev/null 2>&1 || :
fi
%endif
%pre
%post
%{_sbindir}/update-alternatives --install %{_sbindir}/ovs-vswitchd \
ovs-vswitchd %{_sbindir}/ovs-vswitchd.nodpdk 10
if [ $1 -eq 1 ]; then
sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
sed -i \
's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
/etc/sysconfig/openvswitch
fi
chown -R openvswitch:openvswitch /etc/openvswitch
%if 0%{?systemd_post:1}
# This may not enable openvswitch service or do daemon-reload.
%systemd_post %{name}.service
%else
# Package install, not upgrade
@ -197,94 +329,128 @@ rm -rf $RPM_BUILD_ROOT
fi
%endif
%selinux_modules_install -s targeted /usr/share/selinux/packages/%{name}/openvswitch-custom.pp
%postun
if [ $1 -eq 0 ] ; then
%{_sbindir}/update-alternatives --remove ovs-vswitchd %{_sbindir}/ovs-vswitchd.nodpdk
fi
%if 0%{?systemd_postun:1}
%systemd_postun %{name}.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%endif
if [ $1 -eq 0 ] ; then
%selinux_modules_uninstall -s targeted openvswitch-custom
%if %{with dpdk}
%post dpdk
if fgrep -qw sse4_1 /proc/cpuinfo; then
priority=20
else
echo "Warning: the CPU doesn't support SSE 4.1, dpdk support is not enabled." >&2
priority=5
fi
exit 0
%{_sbindir}/update-alternatives --install %{_sbindir}/ovs-vswitchd \
ovs-vswitchd %{_sbindir}/ovs-vswitchd.dpdk $priority
%posttrans
%selinux_relabel_post -s targeted
%postun dpdk
if [ $1 -eq 0 ] ; then
%{_sbindir}/update-alternatives --remove ovs-vswitchd %{_sbindir}/ovs-vswitchd.dpdk
fi
%endif
%files -n python3-openvswitch
%{python3_sitearch}/ovs
%{python3_sitearch}/ovs-*.egg-info
%{_datadir}/openvswitch/bugtool-plugins/
%{_datadir}/openvswitch/scripts/ovs-bugtool-*
%{_datadir}/openvswitch/scripts/ovs-check-dead-ifs
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_bindir}/ovs-dpctl-top
%{_sbindir}/ovs-bugtool
%doc LICENSE
%files test
%{_bindir}/ovs-pcap
%{_bindir}/ovs-tcpdump
%{_bindir}/ovs-tcpundump
%{_bindir}/ovs-test
%{_bindir}/ovs-vlan-test
%{_bindir}/ovs-l3ping
%{python3_sitelib}/ovstest
%files testcontroller
%{_bindir}/ovs-testcontroller
%files devel
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/openvswitch/*
%{_includedir}/openflow/*
%exclude %{_libdir}/*.a
%exclude %{_libdir}/*.la
%files -n network-scripts-%{name}
%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
%files ipsec
%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
%{_unitdir}/openvswitch-ipsec.service
%if %{with dpdk}
%files dpdk
%{_libdir}/openvswitch-dpdk/
%ghost %{_sbindir}/ovs-vswitchd
%{_sbindir}/ovs-vswitchd.dpdk
%endif
%files
%defattr(-,root,root)
%dir /etc/openvswitch
/etc/bash_completion.d/ovs-appctl-bashcomp.bash
/etc/bash_completion.d/ovs-vsctl-bashcomp.bash
%config(noreplace) /etc/logrotate.d/openvswitch
/etc/sysconfig/network-scripts/ifup-ovs
/etc/sysconfig/network-scripts/ifdown-ovs
/usr/bin/ovs-appctl
/usr/bin/ovs-dpctl
/usr/bin/ovs-docker
/usr/bin/ovs-ofctl
/usr/bin/ovs-pcap
/usr/bin/ovs-pki
/usr/bin/ovs-tcpdump
/usr/bin/ovs-tcpundump
/usr/bin/ovs-vsctl
/usr/bin/ovsdb-client
/usr/bin/ovsdb-tool
/usr/bin/vtep-ctl
%{_libdir}/lib*.so.*
/usr/sbin/ovs-vswitchd
/usr/sbin/ovsdb-server
%{python3_sitelib}/ovs
%{python3_sitelib}/ovstest
%{python3_sitearch}/ovs
/usr/share/openvswitch/scripts/ovs-check-dead-ifs
/usr/share/openvswitch/scripts/ovs-ctl
/usr/share/openvswitch/scripts/ovs-kmod-ctl
/usr/share/openvswitch/scripts/ovs-lib
/usr/share/openvswitch/scripts/ovs-save
/usr/share/openvswitch/scripts/ovs-vtep
/usr/share/openvswitch/scripts/sysconfig.template
/usr/share/openvswitch/scripts/ovs-monitor-ipsec
%defattr(-,openvswitch,openvswitch)
%dir %{_sysconfdir}/openvswitch
%{_sysconfdir}/openvswitch/default.conf
%config %ghost %{_sysconfdir}/openvswitch/conf.db
%ghost %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/conf.db
%ghost %attr(0600,-,-) %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%config(noreplace) %{_sysconfdir}/sysconfig/openvswitch
%defattr(-,root,root)
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/openvswitch
%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%{_unitdir}/openvswitch.service
%{_unitdir}/ovsdb-server.service
%{_unitdir}/ovs-vswitchd.service
/usr/share/openvswitch/scripts/openvswitch.init
/usr/share/openvswitch/scripts/ovs-systemd-reload
/usr/share/openvswitch/vswitch.ovsschema
/usr/share/openvswitch/vtep.ovsschema
%doc NOTICE
%{_unitdir}/ovs-delete-transient-ports.service
%{_datadir}/openvswitch/scripts/openvswitch.init
%{_datadir}/openvswitch/scripts/ovs-lib
%{_datadir}/openvswitch/scripts/ovs-save
%{_datadir}/openvswitch/scripts/ovs-ctl
%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
%{_datadir}/openvswitch/scripts/ovs-systemd-reload
%config %{_datadir}/openvswitch/local-config.ovsschema
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%{_bindir}/ovs-appctl
%{_bindir}/ovs-dpctl
%{_bindir}/ovs-ofctl
%{_bindir}/ovs-vsctl
%{_bindir}/ovsdb-client
%{_bindir}/ovsdb-tool
%{_bindir}/ovs-pki
%{_bindir}/vtep-ctl
%{_libdir}/*.so.*
%ghost %{_sbindir}/ovs-vswitchd
%{_sbindir}/ovs-vswitchd.nodpdk
%{_sbindir}/ovsdb-server
%{_udevrulesdir}/91-vfio.rules
%doc LICENSE NOTICE README.rst NEWS rhel/README.RHEL.rst
/var/lib/openvswitch
/var/log/openvswitch
%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%files -n python3-openvswitch
%{python3_sitelib}/ovs
%{python3_sitearch}/ovs-*.egg-info
%doc LICENSE
%files devel
%{_libdir}/lib*.so
%{_libdir}/lib*.a
%{_libdir}/pkgconfig
%{_includedir}/openvswitch/*
%files help
/usr/share/man/man1/*
/usr/share/man/man5/*
/usr/share/man/man7/*
/usr/share/man/man8/*
%doc README.rst NEWS rhel/README.RHEL.rst
%attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch
%ghost %attr(755,root,root) %verify(not owner group) /run/openvswitch
%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
%{_sysusersdir}/openvswitch.conf
%changelog
* Tue Jan 03 2023 wanglimin <wanglimin@xfusion.com> - 2.17.5-1
- upgrade to 2.17.5-1
* Thu Dec 29 2022 zhouwenpei <zhouwenpei1@h-pattners.com> - 2.12.4-2
- fix CVE-2022-4338

3
openvswitch.sysusers Normal file
View File

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
u openvswitch - "Open vSwitch Daemons" / /sbin/nologin
m openvswitch hugetlbfs