8.1-3

Enabling integrated configuration option for frr

.gitignore

@@ -1 +1,8 @@
 /frr-7.1.tar.gz
+/frr-7.2.tar.gz
+/frr-7.3.tar.gz
+/remove-babeld-ldpd.sh
+/frr-7.3.1.tar.gz
+/frr-7.4.tar.gz
+/frr-7.5.tar.gz
+/frr-7.5.1.tar.gz

0000-remove-babeld-and-ldpd.patch

@@ -1,8 +1,8 @@
 diff --git a/Makefile.am b/Makefile.am
-index 5be3264..33abc1d 100644
+index ce0f70a1a..209f4cbcc 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -130,8 +130,6 @@ include ospf6d/subdir.am
+@@ -180,8 +180,6 @@ include ospf6d/subdir.am
  include ospfclient/subdir.am
  include isisd/subdir.am
  include nhrpd/subdir.am
@@ -11,15 +11,15 @@ index 5be3264..33abc1d 100644
  include eigrpd/subdir.am
  include sharpd/subdir.am
  include pimd/subdir.am
-@@ -182,7 +180,6 @@ EXTRA_DIST += \
+@@ -243,7 +241,6 @@ EXTRA_DIST += \
+ 	snapcraft/defaults \
  	snapcraft/helpers \
  	snapcraft/snap \
- 	\
 -	babeld/Makefile \
  	bgpd/Makefile \
  	bgpd/rfp-example/librfp/Makefile \
  	bgpd/rfp-example/rfptest/Makefile \
-@@ -193,7 +190,6 @@ EXTRA_DIST += \
+@@ -255,7 +252,6 @@ EXTRA_DIST += \
  	fpm/Makefile \
  	grpc/Makefile \
  	isisd/Makefile \

0001-use-python3.patch

@@ -1,10 +0,0 @@
-diff --git a/tools/frr-reload.py b/tools/frr-reload.py
-index 208fb11..0692adc 100755
---- a/tools/frr-reload.py
-+++ b/tools/frr-reload.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- # Frr Reloader
- # Copyright (C) 2014 Cumulus Networks, Inc.
- #

0002-enable-openssl.patch

@@ -0,0 +1,78 @@
+diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
+index e3de6f08c..378f6960d 100644
+--- a/isisd/isis_lsp.c
++++ b/isisd/isis_lsp.c
+@@ -35,7 +35,9 @@
+ #include "hash.h"
+ #include "if.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "table.h"
+ #include "srcdest_table.h"
+ #include "lib_errors.h"
+diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
+index 7256fcbbc..43e123b03 100644
+--- a/isisd/isis_pdu.c
++++ b/isisd/isis_pdu.c
+@@ -33,7 +33,9 @@
+ #include "prefix.h"
+ #include "if.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "lib_errors.h"
+ 
+ #include "isisd/isis_constants.h"
+diff --git a/isisd/isis_te.c b/isisd/isis_te.c
+index 8daa2b36b..fdb2bb92a 100644
+--- a/isisd/isis_te.c
++++ b/isisd/isis_te.c
+@@ -39,7 +39,9 @@
+ #include "if.h"
+ #include "vrf.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "sockunion.h"
+ #include "network.h"
+ #include "sbuf.h"
+diff --git a/lib/subdir.am b/lib/subdir.am
+index dab5fb9e8..924b7eccf 100644
+--- a/lib/subdir.am
++++ b/lib/subdir.am
+@@ -53,7 +53,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/log.c \
+ 	lib/log_filter.c \
+ 	lib/log_vty.c \
+-	lib/md5.c \
+ 	lib/memory.c \
+ 	lib/mlag.c \
+ 	lib/module.c \
+@@ -82,7 +81,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/routemap_northbound.c \
+ 	lib/sbuf.c \
+ 	lib/seqlock.c \
+-	lib/sha256.c \
+ 	lib/sigevent.c \
+ 	lib/skiplist.c \
+ 	lib/sockopt.c \
+@@ -220,7 +218,6 @@ pkginclude_HEADERS += \
+ 	lib/link_state.h \
+ 	lib/log.h \
+ 	lib/log_vty.h \
+-	lib/md5.h \
+ 	lib/memory.h \
+ 	lib/module.h \
+ 	lib/monotime.h \
+@@ -250,7 +247,6 @@ pkginclude_HEADERS += \
+ 	lib/route_opaque.h \
+ 	lib/sbuf.h \
+ 	lib/seqlock.h \
+-	lib/sha256.h \
+ 	lib/sigevent.h \
+ 	lib/skiplist.h \
+ 	lib/smux.h \

0003-disable-eigrp-crypto.patch

@@ -0,0 +1,252 @@
+diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c
+index 533d7de2c..bef214cb0 100644
+--- a/eigrpd/eigrp_cli.c
++++ b/eigrpd/eigrp_cli.c
+@@ -25,6 +25,7 @@
+ #include "lib/command.h"
+ #include "lib/log.h"
+ #include "lib/northbound_cli.h"
++#include "lib/libfrr.h"
+ 
+ #include "eigrp_structs.h"
+ #include "eigrpd.h"
+@@ -728,6 +729,20 @@ DEFPY_YANG(
+ 	"Keyed message digest\n"
+ 	"HMAC SHA256 algorithm \n")
+ {
++	//EIGRP authentication is currently broken in FRR
++	switch (frr_get_cli_mode()) {
++	case FRR_CLI_CLASSIC:
++		vty_out(vty, "%% Eigrp Authentication is disabled\n\n");
++		break;
++	case FRR_CLI_TRANSACTIONAL:
++		vty_out(vty,
++			"%% Failed to edit candidate configuration - "
++			"Eigrp Authentication is disabled.\n\n");
++		break;
++	}
++
++	return CMD_WARNING_CONFIG_FAILED;
++
+ 	char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64];
+ 
+ 	snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']",
+diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
+index 8f80b78d2..6aeeff78e 100644
+--- a/eigrpd/eigrp_filter.c
++++ b/eigrpd/eigrp_filter.c
+@@ -47,7 +47,9 @@
+ #include "if_rmap.h"
+ #include "plist.h"
+ #include "distribute.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "privs.h"
+ #include "vrf.h"
+diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
+index e3680b31a..56ea9d0e9 100644
+--- a/eigrpd/eigrp_hello.c
++++ b/eigrpd/eigrp_hello.c
+@@ -43,7 +43,9 @@
+ #include "sockopt.h"
+ #include "checksum.h"
+ #include "vty.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ 
+ #include "eigrpd/eigrp_structs.h"
+ #include "eigrpd/eigrpd.h"
+diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
+index 39e384c12..972e6320a 100644
+--- a/eigrpd/eigrp_packet.c
++++ b/eigrpd/eigrp_packet.c
+@@ -40,8 +40,10 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
+ #include "sha256.h"
++#endif
+ #include "lib_errors.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+@@ -103,8 +105,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	struct key *key = NULL;
+ 	struct keychain *keychain;
+ 
++
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	uint8_t *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_MD5_Authentication_Type *auth_TLV;
+@@ -127,6 +133,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 		return EIGRP_AUTH_TYPE_NONE;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++//TBD when this is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -154,7 +163,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
+-
++#endif
+ 	/* Append md5 digest to the end of the stream. */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
+ 
+@@ -170,7 +179,10 @@ int eigrp_check_md5_digest(struct stream *s,
+ 			   struct TLV_MD5_Authentication_Type *authTLV,
+ 			   struct eigrp_neighbor *nbr, uint8_t flags)
+ {
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	struct key *key = NULL;
+@@ -211,6 +223,9 @@ int eigrp_check_md5_digest(struct stream *s,
+ 		return 0;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -238,6 +253,7 @@ int eigrp_check_md5_digest(struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
++#endif
+ 
+ 	/* compare the two */
+ 	if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
+@@ -262,7 +278,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 	unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
+ 	unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	HMAC_SHA256_CTX ctx;
++#endif
+ 	void *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_SHA256_Authentication_Type *auth_TLV;
+@@ -291,6 +311,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 
+ 	inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	buffer[0] = '\n';
+ 	memcpy(buffer + 1, key, strlen(key->string));
+@@ -299,7 +322,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 			  1 + strlen(key->string) + strlen(source_ip));
+ 	HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
+ 	HMAC__SHA256_Final(digest, &ctx);
+-
++#endif
+ 
+ 	/* Put hmac-sha256 digest to it's place */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
+diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
+index c8769fb11..cd31fa839 100644
+--- a/eigrpd/eigrp_query.c
++++ b/eigrpd/eigrp_query.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
+index 015daa768..ebf33e04e 100644
+--- a/eigrpd/eigrp_reply.c
++++ b/eigrpd/eigrp_reply.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "keychain.h"
+ #include "plist.h"
+diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
+index 9c2a8c9d8..d1d50a617 100644
+--- a/eigrpd/eigrp_siaquery.c
++++ b/eigrpd/eigrp_siaquery.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
+index 2d298c20b..556fb3f3e 100644
+--- a/eigrpd/eigrp_siareply.c
++++ b/eigrpd/eigrp_siareply.c
+@@ -37,7 +37,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
+index 9ada292fe..1d0637019 100644
+--- a/eigrpd/eigrp_snmp.c
++++ b/eigrpd/eigrp_snmp.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "smux.h"
+ 
+diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
+index 0dc509706..cbabe3a3c 100644
+--- a/eigrpd/eigrp_update.c
++++ b/eigrpd/eigrp_update.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "plist.h"
+ #include "plist_int.h"

0004-fips-mode.patch

@@ -0,0 +1,103 @@
+diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
+index 6f4a91be6..59b4826c8 100644
+--- a/isisd/isis_circuit.c
++++ b/isisd/isis_circuit.c
+@@ -1409,6 +1409,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit,
+ 		return ferr_code_bug(
+ 			"circuit password too long (max 254 chars)");
+ 
++	//When in FIPS mode, the password never gets set in MD5
++	if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
++		return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 	circuit->passwd.len = len;
+ 	strlcpy((char *)circuit->passwd.passwd, passwd,
+ 		sizeof(circuit->passwd.passwd));
+diff --git a/isisd/isisd.c b/isisd/isisd.c
+index 65764654e..65ed945b8 100644
+--- a/isisd/isisd.c
++++ b/isisd/isisd.c
+@@ -2493,6 +2493,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
+ 		if (len > 254)
+ 			return -1;
+ 
++		//When in FIPS mode, the password never get set in MD5
++		if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
++			return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 		modified.len = len;
+ 		strlcpy((char *)modified.passwd, passwd,
+ 			sizeof(modified.passwd));
+diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
+index f998f2e5f..58f831ea1 100644
+--- a/ospfd/ospf_vty.c
++++ b/ospfd/ospf_vty.c
+@@ -1106,6 +1106,11 @@ DEFUN (ospf_area_vlink,
+ 
+ 	if (argv_find(argv, argc, "message-digest", &idx)) {
+ 		/* authentication message-digest */
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
+ 		vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
+ 	} else if (argv_find(argv, argc, "null", &idx)) {
+ 		/* "authentication null" */
+@@ -2019,6 +2024,15 @@ DEFUN (ospf_area_authentication_message_digest,
+ 				  ? OSPF_AUTH_NULL
+ 				  : OSPF_AUTH_CRYPTOGRAPHIC;
+ 
++	if(area->auth_type == OSPF_AUTH_CRYPTOGRAPHIC)
++	{
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
++	}
++
+ 	return CMD_SUCCESS;
+ }
+ 
+@@ -7553,6 +7567,11 @@ DEFUN (ip_ospf_authentication_args,
+ 
+ 	/* Handle message-digest authentication */
+ 	if (argv[idx_encryption]->arg[0] == 'm') {
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
+ 		SET_IF_PARAM(params, auth_type);
+ 		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
+ 		return CMD_SUCCESS;
+@@ -7859,6 +7878,11 @@ DEFUN (ip_ospf_message_digest_key,
+        "The OSPF password (key)\n"
+        "Address of interface\n")
+ {
++	if(FIPS_mode())
++	{
++		vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++		return CMD_WARNING_CONFIG_FAILED;
++	}
+ 	VTY_DECLVAR_CONTEXT(interface, ifp);
+ 	struct crypt_key *ck;
+ 	uint8_t key_id;
+diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
+index 8a3ce24f5..04cc0968a 100644
+--- a/ripd/rip_cli.c
++++ b/ripd/rip_cli.c
+@@ -827,6 +827,12 @@ DEFPY_YANG (ip_rip_authentication_mode,
+ 			value = "20";
+ 	}
+ 
++	if(strmatch(mode, "md5") && FIPS_mode())
++	{
++		vty_out(vty, "FIPS mode is enabled, md5 authentication id disabled\n");
++		return CMD_WARNING_CONFIG_FAILED;
++	}
++
+ 	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
+ 			      strmatch(mode, "md5") ? "md5" : "plain-text");
+ 	if (strmatch(mode, "md5"))

0006-move-to-libexec.patch

@@ -0,0 +1,17 @@
+diff --git a/tools/frr.service b/tools/frr.service
+index aa45f42..402def8 100644
+--- a/tools/frr.service
++++ b/tools/frr.service
+@@ -17,9 +17,9 @@ WatchdogSec=60s
+ RestartSec=5
+ Restart=on-abnormal
+ LimitNOFILE=1024
+-ExecStart=/usr/lib/frr/frrinit.sh start
+-ExecStop=/usr/lib/frr/frrinit.sh stop
+-ExecReload=/usr/lib/frr/frrinit.sh reload
++ExecStart=/usr/libexec/frr/frrinit.sh start
++ExecStop=/usr/libexec/frr/frrinit.sh stop
++ExecReload=/usr/libexec/frr/frrinit.sh reload
+ 
+ [Install]
+ WantedBy=multi-user.target

frr-tmpfiles.conf

@@ -0,0 +1 @@
+d /run/frr 0755 frr frr -

frr.spec

@@ -1,35 +1,62 @@
-%global frrversion	7.1
+%global imsversion .ims.1
-%global frr_libdir /usr/lib/frr
+%global frrversion	8.1
+%global frr_libdir /usr/libexec/frr
+# % global checkout dev
 
 %global _hardened_build 1
+%define _legacy_common_support 1
 
 Name: frr
-Version: 7.1
+Version: 8.1.0
-Release: 2%{?checkout}%{?dist}
+Release: 3%{?imsversion}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
-Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
+Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}%{?checkout:-%{checkout}}.tar.xz
+Source1: %{name}-tmpfiles.conf
 BuildRequires: perl-generators
-BuildRequires: systemd
 BuildRequires: gcc
+BuildRequires: gcc-c++
 BuildRequires: net-snmp-devel
-BuildRequires: texinfo libcap-devel texi2html autoconf automake libtool patch groff
+BuildRequires: texinfo 
-BuildRequires: readline readline-devel ncurses ncurses-devel
+BuildRequires: libcap-devel
-BuildRequires: git pam-devel c-ares-devel
+BuildRequires: autoconf
-BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
+BuildRequires: automake
-BuildRequires: python3-devel python3-sphinx python3-pytest
+BuildRequires: libtool
-BuildRequires: systemd systemd-devel
+BuildRequires: patch
-BuildRequires: libyang-devel >= 0.16.74
+BuildRequires: groff
+BuildRequires: readline-devel
+BuildRequires: ncurses
+BuildRequires: ncurses-devel
+BuildRequires: pam-devel
+BuildRequires: c-ares-devel
+BuildRequires: bison >= 2.7
+BuildRequires: flex
+BuildRequires: perl-XML-LibXML
+BuildRequires: python3-devel
+BuildRequires: python3-sphinx
+BuildRequires: python3-pytest
+BuildRequires: systemd-devel
+BuildRequires: grpc-plugins
+BuildRequires: grpc-devel
+BuildRequires: readline
+BuildRequires: git-core
+BuildRequires: json-c-devel
+BuildRequires: systemd
+BuildRequires: libyang2-devel >= 2.0.0
+BuildRequires: make
 Requires: net-snmp ncurses
-Requires(post): systemd /sbin/install-info
+Requires(post): systemd /sbin/install-info hostname
 Requires(preun): systemd /sbin/install-info
 Requires(postun): systemd
 Provides: routingdaemon = %{version}-%{release}
 Conflicts: quagga
 
 Patch0000: 0000-remove-babeld-and-ldpd.patch
-Patch0001: 0001-use-python3.patch
+Patch0002: 0002-enable-openssl.patch
+Patch0003: 0003-disable-eigrp-crypto.patch
+Patch0004: 0004-fips-mode.patch
+# Patch0006: 0006-move-to-libexec.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -41,7 +68,7 @@ FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP
 FRRouting is a fork of Quagga.
 
 %prep
-%autosetup -S git
+%autosetup -S git -n %{name}-%{frrversion}%{?checkout:-%{checkout}}
 
 %build
 autoreconf -ivf
@@ -67,7 +94,10 @@ autoreconf -ivf
     --disable-ldpd \
     --disable-babeld \
     --with-moduledir=%{_libdir}/frr/modules \
-    --enable-fpm
+    --with-crypto=openssl \
+    --with-vici-socket=/run/strongswan/charon.vici \
+    --enable-fpm \
+    --enable-grpc
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
 
@@ -81,20 +111,23 @@ mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default}
          %{buildroot}%{_unitdir}
 
 mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
+mkdir -p %{buildroot}%{_tmpfilesdir}
 
 %make_install
 
 # Remove this file, as it is uninstalled and causes errors when building on RH9
 rm -rf %{buildroot}/usr/share/info/dir
 
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
+install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/frr@.service %{buildroot}%{_unitdir}/frr@.service
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/tools/etc/frr/daemons %{buildroot}%{_sysconfdir}/frr/daemons
 
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}%{?checkout:-%{checkout}}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
 install -d -m 775 %{buildroot}/run/frr
 
 rm %{buildroot}%{_libdir}/frr/*.la
@@ -113,6 +146,7 @@ usermod -aG frrvty frr
 
 %post
 %systemd_post frr.service
+%systemd_post frr@.service
 
 if [ -f %{_infodir}/%{name}.inf* ]; then
     install-info %{_infodir}/frr.info %{_infodir}/dir || :
@@ -125,11 +159,21 @@ if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
     chmod 640 %{_sysconfdir}/frr/frr.conf
 fi
 
+#still used by vtysh, this way no error is produced when using vtysh
+if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
+    touch %{_sysconfdir}/frr/vtysh.conf
+    chmod 640 %{_sysconfdir}/frr/vtysh.conf
+    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
+fi
+
+
 %postun
 %systemd_postun_with_restart frr.service
+%systemd_postun_with_restart frr@.service
 
 %preun
 %systemd_preun frr.service
+%systemd_preun frr@.service
 
 #only when removing frr
 if [ $1 -eq 0 ]; then
@@ -144,33 +188,98 @@ make check PYTHON=%{__python3}
 %files
 %defattr(-,root,root)
 %license COPYING
-%doc zebra/zebra.conf.sample
-%doc isisd/isisd.conf.sample
-%doc ripd/ripd.conf.sample
-%doc bgpd/bgpd.conf.sample*
-%doc ospfd/ospfd.conf.sample
-%doc ospf6d/ospf6d.conf.sample
-%doc ripngd/ripngd.conf.sample
-%doc pimd/pimd.conf.sample
 %doc doc/mpls
-%dir %attr(755,frr,frr) %{_sysconfdir}/frr
+%dir %attr(750,frr,frr) %{_sysconfdir}/frr
 %dir %attr(755,frr,frr) /var/log/frr
 %dir %attr(755,frr,frr) /run/frr
 %{_infodir}/*info*
 %{_mandir}/man*/*
+%dir %{frr_libdir}/
 %{frr_libdir}/*
 %{_bindir}/*
 %dir %{_libdir}/frr
 %{_libdir}/frr/*.so.*
+%dir %{_libdir}/frr/modules
 %{_libdir}/frr/modules/*
 %config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
-/etc/frr/daemons
+%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
 %config(noreplace) /etc/pam.d/frr
 %{_unitdir}/*.service
+%dir /usr/share/yang
 /usr/share/yang/*.yang
-#%%{_libdir}/frr/frr/libyang_plugins/*
+%{_tmpfilesdir}/%{name}.conf
 
 %changelog
+* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
+- Resolves: #1983278 - ospfd crashes in route_node_delete with assertion fail
+
+* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
+- Fixing permissions on config files in /etc/frr
+- Enabling integrated configuration option for frr
+
+* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
+- New version 7.5.1
+- Enabling grpc, adding hostname for post scriptlet
+- Moving files to libexec due to selinux issues
+
+* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
+- Fixing FTBS - icc options are confusing the new gcc
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
+- New version 7.5
+
+* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
+- New version 7.4
+
+* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
+- Rebuilt for new net-snmp release
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
+- New version 7.3.1
+- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
+
+* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
+- Removing texi2html, it is not available in Rawhide anymore
+
+* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
+- Rebuild for new version of libyang
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
+- Rebuild (json-c)
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
+- Update json-c-0.14 patch with a solution from upstream
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
+- Add support for upcoming json-c 0.14.0
+
+* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
+- New version 7.3
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+- New version 7.2
+
+* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
+- Rebuilding for new version of libyang
+
+* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
+- Adding noreplace to the /etc/frr/daemons file
+
+* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3
+- New way of finding python version during build
+- Replacing crypto of all routing daemons with openssl
+- Disabling EIGRP crypto because it is broken
+- Disabling crypto in FIPS mode
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

sources

@@ -1 +1,2 @@
-SHA512 (frr-7.1.tar.gz) = ee0be872a96737e45dd841b936f66c394db2bcd857c28437dfeeeabf70cf420e69212b4b744569cc1c9f6038e7ca66211c6294ec2e94855ed8131833985e32b0
+SHA512 (frr-7.5.1.tar.gz) = 1c27420594e52647090da3556e5c62d6f916903c4fa86e5110f1e86152f07d3ce4252bc859d36c9d218dc96a80b245c8b9eee97f370d818cb39be187b6c3546e
+SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d