From 7f02793d85b0cb3830772562741e67a0b01ff7f0 Mon Sep 17 00:00:00 2001
From: David Trudgian <david.trudgian@sylabs.io>
Date: Mon, 28 Nov 2022 11:38:39 +0000
Subject: [PATCH] pkg: Update / tidy rpm spec file

Tidy up the rpm spec file.

* Remove the manual handling of build root, GOPATH etc. Not needed as
  we are using go modules now.
* Remove redundant explicit deps.
* Fix crun -> runc dep for EL7.
* Use rpm make_xxx macros instead of direct make calls.
* Ensure all directories created are owned by package.

Fixes sylabs/singularity#1142
Fixes sylabs/singularity#1141

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
---
 INSTALL.md                   |  4 +++-
 dist/rpm/apptainer.rpmlintrc |  7 +++++++
 dist/rpm/apptainer.spec.in   | 28 +++++++++++++++++++++++-----
 3 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 dist/rpm/apptainer.rpmlintrc

diff --git a/INSTALL.md b/INSTALL.md
index 362bca63cf..a1e971ddc4 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -51,6 +51,8 @@ sudo yum install -y \
     crun
 ```
 
+_Note - use `runc` instead of `crun` on On CentOS/RHEL 7._
+
 On SLE/openSUSE
 
 ```sh
@@ -64,7 +66,7 @@ sudo zypper install -y \
   crun
 ```
 
-_Note - `crun` can be ommitted if you will not use the `apptainer oci`
+_Note - `crun` / `runc` can be ommitted if you will not use the `apptainer oci`
 commands, or the `--oci` execution mode._
 
 ## Install Go
diff --git a/dist/rpm/apptainer.rpmlintrc b/dist/rpm/apptainer.rpmlintrc
new file mode 100644
index 0000000000..bac4de24ba
--- /dev/null
+++ b/dist/rpm/apptainer.rpmlintrc
@@ -0,0 +1,7 @@
+addFilter(r'setuid-binary /usr/libexec/apptainer/bin/starter-suid')
+addFilter(r'non-standard-executable-perm /usr/libexec/apptainer/bin/starter-suid')
+addFilter(r'zero-length /etc/apptainer/capability.json')
+addFilter(r'zero-length /etc/apptainer/global-pgp-public')
+addFilter(r'readelf-failed /usr/bin/apptainer 'utf-8' codec can't decode byte 0xc2')
+addFilter(r'readelf-failed /usr/libexec/apptainer/bin/starter 'utf-8' codec can't decode byte 0xc2')
+addFilter(r'readelf-failed /usr/libexec/apptainer/bin/starter-suid 'utf-8' codec can't decode byte 0xc2')
diff --git a/dist/rpm/apptainer.spec.in b/dist/rpm/apptainer.spec.in
index 888835c4d2..9d26d29cbd 100644
--- a/dist/rpm/apptainer.spec.in
+++ b/dist/rpm/apptainer.spec.in
@@ -36,15 +36,17 @@
 # Uncomment this to include a multithreaded version of squashfuse_ll
 # %%global squashfuse_version 0.1.105
 
-Summary: Application and environment virtualization
 Name: apptainer
 Version: @PACKAGE_RPM_VERSION@
 Release: @PACKAGE_RELEASE@%{?dist}
+Summary: Application and environment virtualization
+
 # See LICENSE.md for first party code (BSD-3-Clause and LBNL BSD)
 # See LICENSE_THIRD_PARTY.md for incorporated code (ASL 2.0)
 # See LICENSE_DEPENDENCIES.md for dependencies
 # License identifiers taken from: https://fedoraproject.org/wiki/Licensing
 License: BSD and LBNL BSD and ASL 2.0
+
 URL: https://apptainer.org
 Source: https://github.com/%{name}/%{name}/releases/download/v%{package_version}/%{name}-%{package_version}.tar.gz
 @PACKAGE_GOLANG_SOURCE@
@@ -69,17 +71,30 @@ Obsoletes: singularity-runtime < 3.0
 BuildRequires: binutils-gold
 %endif
 BuildRequires: golang
-BuildRequires: git
 BuildRequires: gcc
 BuildRequires: make
+# Paths to runtime dependencies detected by mconfig, so must be present at build time.
+BuildRequires: cryptsetup
+%if "%{_target_vendor}" == "suse"
+Requires: squashfs
+%else
+Requires: squashfs-tools
+%endif
+# Required for building bundled conmon
 BuildRequires: libseccomp-devel
+# crun requirement not satisfied on EL7 or SLES default repos - use runc there.
+%if "%{_target_vendor}" == "suse" || 0%{?rhel} > 7
+Requires: crun
+%else
+Requires: runc
+%endif
 %if "%{_target_vendor}" == "suse"
 Requires: squashfs
 %else
 Requires: shadow-utils
 Requires: squashfs-tools
 %endif
-BuildRequires: cryptsetup
+Requires: cryptsetup
 %if "%{?squashfuse_version}" != ""
 BuildRequires: autoconf
 BuildRequires: automake
@@ -88,7 +103,6 @@ BuildRequires: pkgconfig
 BuildRequires: fuse3-devel
 BuildRequires: zlib-devel
 %endif
-Requires: crun
 Requires: squashfuse
 Requires: fakeroot
 Requires: fuse-overlayfs
@@ -200,6 +214,7 @@ rmdir %{_sysconfdir}/singularity/* %{_sysconfdir}/singularity 2>/dev/null || tru
 %dir %{_libexecdir}/%{name}
 %dir %{_libexecdir}/%{name}/bin
 %{_libexecdir}/%{name}/bin/starter
+%dir %{_libexecdir}/%{name}/cni
 %if "%{?squashfuse_version}" != ""
 %{_libexecdir}/%{name}/bin/squashfuse_ll
 %endif
@@ -207,6 +222,9 @@ rmdir %{_sysconfdir}/singularity/* %{_sysconfdir}/singularity 2>/dev/null || tru
 %{_libexecdir}/%{name}/lib
 %dir %{_sysconfdir}/%{name}
 %config(noreplace) %{_sysconfdir}/%{name}/*
+%dir %{_sysconfdir}/%{name}/cgroups
+%dir %{_sysconfdir}/%{name}/network
+%dir %{_sysconfdir}/%{name}/seccomp-profiles
 %{_datadir}/bash-completion/completions/*
 %dir %{_localstatedir}/%{name}
 %dir %{_localstatedir}/%{name}/mnt
@@ -218,9 +236,9 @@ rmdir %{_sysconfdir}/singularity/* %{_sysconfdir}/singularity 2>/dev/null || tru
 %license LICENSE_DEPENDENCIES.md
 %doc README.md
 %doc CHANGELOG.md
+%doc CONTRIBUTING.md
 
 %files suid
 %attr(4755, root, root) %{_libexecdir}/%{name}/bin/starter-suid
 
 %changelog
-