Packit: switch to rpm/gvisor-tap-vsock.spec

gvproxy doesn't currently build on rawhide because of go1.21.
It  can be included as a standalone package on copr.
It is currently open for review on bugzilla until which fedora releases can't
include it. Official rawhide should be able to fetch the last active build of
gvproxy, the min version requirement has been removed to allow it.

WIP Fedora Package Review:
https://bugzilla.redhat.com/show_bug.cgi?id=2224434

Signed-off-by: Lokesh Mandvekar <[email protected]>

.packit.yaml

@@ -6,7 +6,8 @@
 # On PR: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
 # On commit: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
 
-specfile_path: gvisor-tap-vsock.spec
+specfile_path: rpm/gvisor-tap-vsock.spec
+upstream_tag_template: v{version}
 
 jobs:
   - &copr
@@ -17,7 +18,6 @@ jobs:
     enable_net: true
     srpm_build_deps:
       - make
-      - rpkg
     targets:
       - fedora-rawhide-aarch64
       - fedora-rawhide-x86_64
@@ -29,25 +29,29 @@ jobs:
       - centos-stream-9-x86_64
       - centos-stream-8-aarch64
       - centos-stream-8-x86_64
-    actions:
-      post-upstream-clone:
-        - "rpkg spec --outdir ./"
-      fix-spec-file:
-        - "bash .packit.sh"
 
-    #- <<: *copr
+  - <<: *copr
     # Run on commit to main branch
-    #trigger: commit
-    #branch: main
-    #project: podman-next
-    #targets:
-    #  - fedora-rawhide-aarch64
-    #  - fedora-rawhide-x86_64
-    #  - fedora-eln-aarch64
-    #  - fedora-eln-x86_64
-    #  - fedora-38-aarch64
-    #  - fedora-38-x86_64
-    #  - centos-stream-9-aarch64
-    #  - centos-stream-9-x86_64
-    #  - centos-stream-8-aarch64
-    #  - centos-stream-8-x86_64
+    trigger: commit
+    branch: main
+    project: podman-next
+    targets:
+      - fedora-rawhide-aarch64
+      - fedora-rawhide-ppc64le
+      - fedora-rawhide-s390x
+      - fedora-rawhide-x86_64
+      - fedora-eln-aarch64
+      - fedora-eln-ppc64le
+      - fedora-eln-s390x
+      - fedora-eln-x86_64
+      - fedora-38-aarch64
+      - fedora-38-ppc64le
+      - fedora-38-s390x
+      - fedora-38-x86_64
+      - centos-stream+epel-next-9-aarch64
+      - centos-stream+epel-next-9-ppc64le
+      - centos-stream+epel-next-9-s390x
+      - centos-stream+epel-next-9-x86_64
+      - centos-stream+epel-next-8-aarch64
+      - centos-stream+epel-next-8-ppc64le
+      - centos-stream+epel-next-8-x86_64

rpm/gvisor-tap-vsock.spec

@@ -0,0 +1,114 @@
+%global with_debug 1
+
+%if 0%{?with_debug}
+%global _find_debuginfo_dwz_opts %{nil}
+%global _dwz_low_mem_die_limit 0
+%else
+%global debug_package %{nil}
+%endif
+
+# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
+# set it separately here and do not depend on RHEL 8's go-srpm-macros package.
+%if %{defined rhel} && 0%{?rhel} == 8
+%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%endif
+
+%global gomodulesmode GO111MODULE=on
+
+Name: gvisor-tap-vsock
+%if %{defined copr_username}
+Epoch: 103
+%else
+Epoch: 6
+%endif
+# DO NOT TOUCH the Version string!
+# The TRUE source of this specfile is:
+# https://github.com/containers/podman/blob/main/rpm/podman.spec
+# If that's what you're reading, Version must be 0, and will be updated by Packit for
+# copr and koji builds.
+# If you're reading this on dist-git, the version is automatically filled in by Packit.
+Version: 0
+License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and MIT
+%if %{defined autorelease}
+Release: %autorelease
+%else
+Release: 1
+%endif
+%if %{defined golang_arches_future}
+ExclusiveArch: %{golang_arches_future}
+%else
+ExclusiveArch: aarch64 ppc64le s390x x86_64
+%endif
+Summary: Go replacement for libslirp and VPNKit
+URL: https://github.com/containers/%{name}
+# All SourceN files fetched from upstream
+Source0: %{url}/archive/refs/tags/v%{version}.tar.gz
+BuildRequires: gcc
+BuildRequires: glib2-devel
+BuildRequires: glibc-devel
+BuildRequires: glibc-static
+BuildRequires: golang
+BuildRequires: git-core
+%if !%{defined gobuild}
+BuildRequires: go-rpm-macros
+%endif
+BuildRequires: make
+%if %{defined copr_username}
+Obsoletes: podman-gvproxy <= 102:4.6.0-1
+%else
+Obsoletes: podman-gvproxy <= 5:4.6.0-1
+%endif
+Provides: podman-gvproxy = %{epoch}:%{version}-%{release}
+
+%description
+A replacement for libslirp and VPNKit, written in pure Go.
+It is based on the network stack of gVisor. Compared to libslirp,
+gvisor-tap-vsock brings a configurable DNS server and
+dynamic port forwarding.
+
+%prep
+%autosetup -Sgit -n %{name}-%{version}
+
+%build
+%set_build_flags
+export CGO_CFLAGS=$CFLAGS
+
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
+
+# reset LDFLAGS for plugins and gvisor binaries
+LDFLAGS=''
+
+# build gvisor-tap-vsock binaries
+%gobuild -o bin/gvproxy ./cmd/gvproxy
+%gobuild -o bin/gvforwarder ./cmd/vm
+
+%install
+# install gvproxy
+install -dp %{buildroot}%{_libexecdir}/%{name}
+install -p -m0755 bin/gvproxy %{buildroot}%{_libexecdir}/%{name}
+install -p -m0755 bin/gvforwarder %{buildroot}%{_libexecdir}/%{name}
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files
+%license LICENSE
+%doc README.md
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/gvproxy
+%{_libexecdir}/%{name}/gvforwarder
+
+%changelog
+%if %{defined autochangelog}
+%autochangelog
+%else
+* Mon Jul 24 2023 RH Container Bot <[email protected]>
+- Placeholder changelog for envs that are not autochangelog-ready
+%endif