input/cni.spec

%define network_required 0

%bcond_with tests

%ifarch x86_64
%global goarch amd64
%endif

%ifarch aarch64
%global goarch arm64
%endif

%ifnarch x86_64 aarch64
%{error: Unsupported architecture %{_target_cpu}}
%endif

%global cni_plugins_dir /opt/cni/bin
%global debug_package %{nil}
%global __strip /bin/true

Name:           cni
Version:        1.9.1
Release:        2%{?dist}
Summary:        Container Network Interface (CNI) - a specification and libraries for writing plugins to configure network interfaces in Linux containers
Summary(ru):    Container Network Interface (CNI) — спецификация и библиотеки для разработки плагинов настройки сетевых интерфейсов в Linux-контейнерах
License:        Apache-2.0
URL:            https://github.com/containernetworking/plugins

Packager:       NICE SOFT GROUP LLC (ООО "НАЙС СОФТ ГРУПП") 5024245440 <niceos@ncsgp.ru>
Vendor:         NiceSOFT
Distribution:   NiceOS.Core
BugURL:         https://bugs.niceos.ru/
VCS:            https://specs.niceos.ru/rmps/%{name}

Source0:        https://github.com/containernetworking/plugins/archive/refs/tags/v%{version}.tar.gz

BuildRequires:  bash
BuildRequires:  coreutils
BuildRequires:  findutils
BuildRequires:  go >= 1.24
BuildRequires:  grep
BuildRequires:  make
BuildRequires:  sed
BuildRequires:  tar

Requires:       iproute2
Requires:       iptables

# Compatibility names used by Kubernetes packages in different distributions.
Provides:       kubernetes-cni = %{version}-%{release}
Provides:       kubernetes-cni%{?_isa} = %{version}-%{release}
Provides:       cni = %{version}-%{release}
Provides:       cni%{?_isa} = %{version}-%{release}

%global _default_cni_plugins_dir /opt/cni/bin

%description
CNI (Container Network Interface) is a set of specifications and libraries for configuring networking
in Linux containers. It provides a standardized way to manage network interfaces and their setup,
making it easier to integrate different networking plugins in container environments.

%description -l ru
CNI (Container Network Interface) — набор спецификаций и библиотек для настройки сетевых соединений
в Linux-контейнерах. Он обеспечивает стандартизированный способ управления сетевыми интерфейсами и их
конфигурацией, упрощая интеграцию различных сетевых плагинов в контейнерных средах.

%prep
%autosetup -p1 -n plugins-%{version}
# Upstream release tarball contains vendored Go modules.
# NiceOS builds this package without network access.
test -d vendor
test -f vendor/modules.txt

%build
export GOTOOLCHAIN=local
export GOPROXY=off
export GOSUMDB=off
export GONOSUMDB=*
export GOPRIVATE=*
export GO111MODULE=on
export GOOS=linux
export GOARCH=%{goarch}
export CGO_ENABLED=0
export GOFLAGS="-mod=vendor -trimpath"

# build_linux.sh builds the Linux CNI plugin set into ./bin.
sh ./build_linux.sh

%install
install -d -m 0755 %{buildroot}%{cni_plugins_dir}
install -d -m 0755 %{buildroot}%{_sysconfdir}/cni/net.d

install -p -m 0755 bin/* %{buildroot}%{cni_plugins_dir}/

%if 0%{?with_check}
%check
test -x %{buildroot}%{cni_plugins_dir}/loopback
test -x %{buildroot}%{cni_plugins_dir}/bridge
test -x %{buildroot}%{cni_plugins_dir}/host-local
test -x %{buildroot}%{cni_plugins_dir}/portmap
test -x %{buildroot}%{cni_plugins_dir}/bandwidth
test -x %{buildroot}%{cni_plugins_dir}/firewall
test -x %{buildroot}%{cni_plugins_dir}/tuning
%endif

%files
%defattr(-,root,root)
%license LICENSE
%doc README.md
%dir /opt/cni
%dir %{cni_plugins_dir}
%{cni_plugins_dir}/*
%dir %{_sysconfdir}/cni
%dir %{_sysconfdir}/cni/net.d

%changelog
* Sun May 10 2026 NiceOS Team <support@niceos.ru> - 1.9.1-2
- Added compatibility Provides: kubernetes-cni and cni-plugins.
- Fixed CNI plugin directory macro usage.
- Added /etc/cni/net.d ownership.
- Fixed VCS URL typo.
- Kept CNI binaries under /opt/cni/bin.

* Sat May 02 2026 NiceOS Team <support@niceos.ru> - 1.9.1-1
- EN: - Update cni from 1.7.1 to 1.9.1
- Security update for CVE-2025-52881 via selinux dependency bump to 1.13.0
- Backport upstream fixes for nil bandwidth handling in CHECK, vrf route filtering, and bridge AddrAdd error details
- RU: - Обновление cni с 1.7.1 до 1.9.1
- Исправление безопасности для CVE-2025-52881 через обновление зависимости selinux до 1.13.0
- Включены upstream-исправления для обработки nil bandwidth в CHECK, фильтрации маршрутов vrf и текста ошибки bridge AddrAdd


* Sun Jan 11 2026 NiceOS Team <niceos@ncsgp.ru> - 1.7.1-1
- Initial build for NiceOS (Первая сборка для НАЙС.ОС)