init

2025-02-23 15:22:54 +00:00 · 2022-01-30 23:46:57 +03:00 · 2022-01-30 23:46:57 +03:00 · c4ce26fa3b
commit c4ce26fa3b
4 changed files with 176 additions and 0 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -0,0 +1,3 @@
+sources:
+  nebula-1.5.2-go-mod-vendor.tar.xz: fc1cec199e2577d6f5821fc9553c432fd08dc058
+  nebula-1.5.2.tar.gz: a2727138de278015847998ff7f2a70d841131ebf
--- a/0001-HACK-Do-not-require-Windows-specific-modules.patch
+++ b/0001-HACK-Do-not-require-Windows-specific-modules.patch
@ -0,0 +1,41 @@
+From ff4922007e72abafd6f76f775548b2e5fca85a44 Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <mikhailnov@dumalogiya.ru>
+Date: Sun, 30 Jan 2022 22:03:55 +0300
+Subject: [PATCH] HACK: Do not require Windows-specific modules
+
+`go mod vendor` fails to work with them for some reasons,
+just drop them from code that we will not build on Linux.
+---
+ overlay/tun_wintun_windows.go | 1 -
+ wintun/tun.go                 | 3 ---
+ 2 files changed, 4 deletions(-)
+
+diff --git a/overlay/tun_wintun_windows.go b/overlay/tun_wintun_windows.go
+index f90ea8a..306f4cd 100644
+--- a/overlay/tun_wintun_windows.go
+++ b/overlay/tun_wintun_windows.go
+@@ -12,7 +12,6 @@ import (
+ 	"github.com/slackhq/nebula/iputil"
+ 	"github.com/slackhq/nebula/wintun"
+ 	"golang.org/x/sys/windows"
+-	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
+ )
+ 
+ const tunGUIDLabel = "Fixed Nebula Windows GUID v1"
+diff --git a/wintun/tun.go b/wintun/tun.go
+index a2dfe5e..94077fe 100644
+--- a/wintun/tun.go
+++ b/wintun/tun.go
+@@ -20,9 +20,6 @@ import (
+ 	"time"
+ 	_ "unsafe"
+ 
+-	"golang.org/x/sys/windows"
+-
+-	"golang.zx2c4.com/wintun"
+ )
+ 
+ const (
+-- 
+2.31.1
+
--- a/nebula.spec
+++ b/nebula.spec
@ -0,0 +1,77 @@
+# use bundled golang modules (from Source1)
+%global gomodulesmode GO111MODULE=on
+%global goipath github.com/slackhq/nebula
+
+# Package source code as a devel package.
+# Turn on if using not bundled go modules.
+# Offed for now because it automatically requires not packaged golang modules.
+%bcond_with devel
+
+Summary:	A p2p mesh VPN solution
+Name:		nebula
+Version:	1.5.2
+Release:	1
+License:	MIT
+Group:		Networking/Other
+Url:		https://www.defined.net/nebula/
+Source0:	https://github.com/slackhq/nebula/archive/refs/tags/v%{version}.tar.gz?/%{name}-%{version}.tar.gz
+# go mod vendor, created with ./upd.sh
+Source1:	nebula-%{version}-go-mod-vendor.tar.xz
+Source2:	upd.sh
+Patch0001:	0001-HACK-Do-not-require-Windows-specific-modules.patch
+BuildRequires:	golang
+%gometa
+
+%description
+Nebula is a scalable overlay networking tool with a focus on performance,
+simplicity and security, which allows to make p2p VPN mesh networks.
+
+%files
+%license LICENSE
+%doc README.md CHANGELOG.md AUTHORS
+# The default config is documented via comments, it may be useful for reference
+%doc examples/config.yml
+%{_sbindir}/nebula
+%{_sbindir}/nebula-cert
+%{_unitdir}/nebula.service
+%dir %attr(0700,-,-) /etc/nebula
+%config(noreplace) /etc/nebula/config.yml
+
+%post
+%systemd_post nebula.service
+
+%preun
+%systemd_preun nebula.service
+
+#------------------------------------------------------------------
+
+%if %{with devel}
+%gopkg
+%gopkgfiles
+%endif
+
+#------------------------------------------------------------------
+
+%prep
+%goprep
+%autopatch -p1
+
+%build
+( cd .. && tar -xf %{SOURCE1} )
+%gobuild -o %{gobuilddir}/sbin/nebula %{goipath}/cmd/nebula
+%gobuild -o %{gobuilddir}/sbin/nebula-cert %{goipath}/cmd/nebula-cert
+
+%install
+mkdir -p %{buildroot}%{_sbindir}
+install -m0755 %{gobuilddir}/sbin/* %{buildroot}%{_sbindir}
+
+mkdir -p %{buildroot}%{_unitdir}
+cat examples/service_scripts/nebula.service | sed -e 's,/usr/local/bin/,%{_sbindir}/,g' > %{buildroot}%{_unitdir}/nebula.service
+# this directory may store private keys
+mkdir -p -m0700 %{buildroot}/etc/nebula
+# it's ok for the config to be world-readable
+install -m0644 examples/config.yml %{buildroot}/etc/nebula/config.yml
+
+%if %{with devel}
+%gopkginstall
+%endif
--- a/upd.sh
+++ b/upd.sh
@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# Script to partly automate updating this package
+# Based on upd.sh from abf.io/import/zabbix5.0
+# sudo dnf install /usr/bin/rpmbuild /usr/bin/spectool /usr/bin/rpmspec /usr/bin/git /usr/bin/curl /usr/bin/abf /usr/bin/jq /usr/bin/sed /usr/bin/tar /usr/bin/xz
+
+set -x
+set -e
+set -f
+set -u
+
+spec="$PWD"/nebula.spec
+dir0="$PWD"
+
+old_version="$(rpmspec -q --srpm --qf '%{version}' "$spec")"
+latest_version="$(curl --silent "https://api.github.com/repos/slackhq/nebula/releases/latest" | jq '.tag_name' | sed -e 's,",,g' -e 's,^v,,')"
+[ -n "$latest_version" ]
+if [ "$old_version" = "$latest_version" ]; then
+	echo "No updates"
+	exit 0
+fi
+
+sed -E -i'' "$spec" \
+	-e "s,^Version:.+,Version:\t${latest_version}," \
+	-e "s,^Release:.+,Release:\t1," \
+	--
+
+source0="$(rpmspec --parse "$spec" | grep -i ^Source0: | awk -F '/' '{print $NF}')" 
+spectool --get-files --source 0 "$spec"
+[ -f "$source0" ]
+
+patches_ok=0
+
+tmp="$(mktemp --tmpdir=/tmp -d)"
+trap 'if [ "$patches_ok" = 1 ]; then rm -fr "$tmp"; fi' EXIT
+pushd "$tmp"
+	tar -xf "$dir0"/"$source0"
+	pushd nebula-"$latest_version"
+		patch -p1 < "$dir0"/0001-HACK-Do-not-require-Windows-specific-modules.patch
+		go mod vendor
+	popd
+	XZ_OPT="-T0 -v" tar cJf nebula-"$latest_version"-go-mod-vendor.tar.xz nebula-"$latest_version"/vendor
+	mv nebula-"$latest_version"-go-mod-vendor.tar.xz "$dir0"
+popd
+rm -f .abf.yml
+abf put -n
+# check appliability of patches
+rpmbuild --define "_sourcedir $PWD" --define "_builddir $tmp" -bp "$spec" && patches_ok=1
+
+PAGER='' git diff
+# can be copypasted for a commit message
+echo "upd: $old_version -> $latest_version"
+
+if [ "$patches_ok" = 0 ]; then
+	echo "PATCHES require attention!"
+fi