commit c4ce26fa3b61d8eed5e6d5ace2966c27f482a03f Author: Mikhail Novosyolov Date: Sun Jan 30 23:46:57 2022 +0300 init diff --git a/.abf.yml b/.abf.yml new file mode 100644 index 0000000..dfdd0c0 --- /dev/null +++ b/.abf.yml @@ -0,0 +1,3 @@ +sources: + nebula-1.5.2-go-mod-vendor.tar.xz: fc1cec199e2577d6f5821fc9553c432fd08dc058 + nebula-1.5.2.tar.gz: a2727138de278015847998ff7f2a70d841131ebf diff --git a/0001-HACK-Do-not-require-Windows-specific-modules.patch b/0001-HACK-Do-not-require-Windows-specific-modules.patch new file mode 100644 index 0000000..068536f --- /dev/null +++ b/0001-HACK-Do-not-require-Windows-specific-modules.patch @@ -0,0 +1,41 @@ +From ff4922007e72abafd6f76f775548b2e5fca85a44 Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Sun, 30 Jan 2022 22:03:55 +0300 +Subject: [PATCH] HACK: Do not require Windows-specific modules + +`go mod vendor` fails to work with them for some reasons, +just drop them from code that we will not build on Linux. +--- + overlay/tun_wintun_windows.go | 1 - + wintun/tun.go | 3 --- + 2 files changed, 4 deletions(-) + +diff --git a/overlay/tun_wintun_windows.go b/overlay/tun_wintun_windows.go +index f90ea8a..306f4cd 100644 +--- a/overlay/tun_wintun_windows.go ++++ b/overlay/tun_wintun_windows.go +@@ -12,7 +12,6 @@ import ( + "github.com/slackhq/nebula/iputil" + "github.com/slackhq/nebula/wintun" + "golang.org/x/sys/windows" +- "golang.zx2c4.com/wireguard/windows/tunnel/winipcfg" + ) + + const tunGUIDLabel = "Fixed Nebula Windows GUID v1" +diff --git a/wintun/tun.go b/wintun/tun.go +index a2dfe5e..94077fe 100644 +--- a/wintun/tun.go ++++ b/wintun/tun.go +@@ -20,9 +20,6 @@ import ( + "time" + _ "unsafe" + +- "golang.org/x/sys/windows" +- +- "golang.zx2c4.com/wintun" + ) + + const ( +-- +2.31.1 + diff --git a/nebula.spec b/nebula.spec new file mode 100644 index 0000000..19e484f --- /dev/null +++ b/nebula.spec @@ -0,0 +1,77 @@ +# use bundled golang modules (from Source1) +%global gomodulesmode GO111MODULE=on +%global goipath github.com/slackhq/nebula + +# Package source code as a devel package. +# Turn on if using not bundled go modules. +# Offed for now because it automatically requires not packaged golang modules. +%bcond_with devel + +Summary: A p2p mesh VPN solution +Name: nebula +Version: 1.5.2 +Release: 1 +License: MIT +Group: Networking/Other +Url: https://www.defined.net/nebula/ +Source0: https://github.com/slackhq/nebula/archive/refs/tags/v%{version}.tar.gz?/%{name}-%{version}.tar.gz +# go mod vendor, created with ./upd.sh +Source1: nebula-%{version}-go-mod-vendor.tar.xz +Source2: upd.sh +Patch0001: 0001-HACK-Do-not-require-Windows-specific-modules.patch +BuildRequires: golang +%gometa + +%description +Nebula is a scalable overlay networking tool with a focus on performance, +simplicity and security, which allows to make p2p VPN mesh networks. + +%files +%license LICENSE +%doc README.md CHANGELOG.md AUTHORS +# The default config is documented via comments, it may be useful for reference +%doc examples/config.yml +%{_sbindir}/nebula +%{_sbindir}/nebula-cert +%{_unitdir}/nebula.service +%dir %attr(0700,-,-) /etc/nebula +%config(noreplace) /etc/nebula/config.yml + +%post +%systemd_post nebula.service + +%preun +%systemd_preun nebula.service + +#------------------------------------------------------------------ + +%if %{with devel} +%gopkg +%gopkgfiles +%endif + +#------------------------------------------------------------------ + +%prep +%goprep +%autopatch -p1 + +%build +( cd .. && tar -xf %{SOURCE1} ) +%gobuild -o %{gobuilddir}/sbin/nebula %{goipath}/cmd/nebula +%gobuild -o %{gobuilddir}/sbin/nebula-cert %{goipath}/cmd/nebula-cert + +%install +mkdir -p %{buildroot}%{_sbindir} +install -m0755 %{gobuilddir}/sbin/* %{buildroot}%{_sbindir} + +mkdir -p %{buildroot}%{_unitdir} +cat examples/service_scripts/nebula.service | sed -e 's,/usr/local/bin/,%{_sbindir}/,g' > %{buildroot}%{_unitdir}/nebula.service +# this directory may store private keys +mkdir -p -m0700 %{buildroot}/etc/nebula +# it's ok for the config to be world-readable +install -m0644 examples/config.yml %{buildroot}/etc/nebula/config.yml + +%if %{with devel} +%gopkginstall +%endif diff --git a/upd.sh b/upd.sh new file mode 100755 index 0000000..32ce1d9 --- /dev/null +++ b/upd.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# Script to partly automate updating this package +# Based on upd.sh from abf.io/import/zabbix5.0 +# sudo dnf install /usr/bin/rpmbuild /usr/bin/spectool /usr/bin/rpmspec /usr/bin/git /usr/bin/curl /usr/bin/abf /usr/bin/jq /usr/bin/sed /usr/bin/tar /usr/bin/xz + +set -x +set -e +set -f +set -u + +spec="$PWD"/nebula.spec +dir0="$PWD" + +old_version="$(rpmspec -q --srpm --qf '%{version}' "$spec")" +latest_version="$(curl --silent "https://api.github.com/repos/slackhq/nebula/releases/latest" | jq '.tag_name' | sed -e 's,",,g' -e 's,^v,,')" +[ -n "$latest_version" ] +if [ "$old_version" = "$latest_version" ]; then + echo "No updates" + exit 0 +fi + +sed -E -i'' "$spec" \ + -e "s,^Version:.+,Version:\t${latest_version}," \ + -e "s,^Release:.+,Release:\t1," \ + -- + +source0="$(rpmspec --parse "$spec" | grep -i ^Source0: | awk -F '/' '{print $NF}')" +spectool --get-files --source 0 "$spec" +[ -f "$source0" ] + +patches_ok=0 + +tmp="$(mktemp --tmpdir=/tmp -d)" +trap 'if [ "$patches_ok" = 1 ]; then rm -fr "$tmp"; fi' EXIT +pushd "$tmp" + tar -xf "$dir0"/"$source0" + pushd nebula-"$latest_version" + patch -p1 < "$dir0"/0001-HACK-Do-not-require-Windows-specific-modules.patch + go mod vendor + popd + XZ_OPT="-T0 -v" tar cJf nebula-"$latest_version"-go-mod-vendor.tar.xz nebula-"$latest_version"/vendor + mv nebula-"$latest_version"-go-mod-vendor.tar.xz "$dir0" +popd +rm -f .abf.yml +abf put -n +# check appliability of patches +rpmbuild --define "_sourcedir $PWD" --define "_builddir $tmp" -bp "$spec" && patches_ok=1 + +PAGER='' git diff +# can be copypasted for a commit message +echo "upd: $old_version -> $latest_version" + +if [ "$patches_ok" = 0 ]; then + echo "PATCHES require attention!" +fi