File openssl-1_1-livepatches.spec of Package openssl-1_1-livepatches.31520

#
# spec file for package openssl-1_1-livepatches
#
# Copyright (c) 2021-2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%define target_library libcrypto.so.1.1
%define lib_version 1.1.1l
%define bname openssl-1_1-livepatches

Name:           %{bname}
Version:        0.2
Release:        0
Summary:        Livepatches for OpenSSL
License:        OpenSSL
Group:          Productivity/Networking/Security

URL:            https://www.suse.com/products/live-patching
Source:         %{bname}-%{version}.tar.xz

BuildRequires:  libopenssl1_1
BuildRequires:  libpulp-tools
BuildRequires:  libpulp0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

# Only available for these architectures.
ExclusiveArch:  x86_64

# install if openssl, libpulp-tools and coretils are installed
%if 0%{?sle_version} == 150400
Requires: libopenssl1_1 > 1.1.1l-150400.7.57.1
%endif
%if 0%{?sle_version} == 150500
Requires:  libopenssl1_1 > 1.1.1l-150500.17.15.1
%endif

Requires: libpulp-tools >= 0.3.0
Requires: coreutils

# Only available for these architectures.
ExclusiveArch:  x86_64

%description
Live patching enables userland processes to be fixed without a restart cycle.
This package provides live patches for the libraries provided by openssl.
Applying a live patch requires libpulp-tools.

%prep
tar -xvf %{_sourcedir}/%{name}-%{version}.tar.xz

%build
make %{?_smp_mflags}

# Some patches do not have a test program.
# make check

%install
%make_install

%post
verlte() {
  [  "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
}
ulp_ver=$(ulp --version | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")

# Previous version of ulp_post_hook script are broken.
verlte "$ulp_ver" "0.2.6" || code=$?
if [ $code -eq 0 ]; then

  if test -e /.buildenv; then
    echo "Skipping userspace live patches in buildroot"
    return 0
  fi

  # Check if we are running a transactional update. If yes, set the root
  # accordingly. This is only supported in ulp 0.2.6
  verlte "0.2.6" "$ulp_ver" || code=$?
  if [ $code -eq 0 ] && [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
    ROOT="-R $TRANSACTIONAL_UPDATE_ROOT"
  fi

  ulp trigger $ROOT -r 100 --timeout 200 --revert-all="$target_library" \
    "/usr/lib64/%{bname}/%{version}/*.so"
else
  # Call the ulp post hook, which will trigger the update.
  %{ulp_post_hook %{bname} %{version} %{target_library}}
fi

%files
/usr/lib64/%{bname}/