Bump version for ST

Replacing crypto of all routing daemons with openssl
Disabling EIGRP crypto because it is broken
Disabling crypto in FIPS mode

.fmf/version

@@ -1 +0,0 @@
-1

.gitattributes

@@ -1 +0,0 @@
-*.tar.gz filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -2,18 +2,3 @@
 /frr-7.2.tar.gz
 /frr-7.3.tar.gz
 /remove-babeld-ldpd.sh
-/frr-7.3.1.tar.gz
-/frr-7.4.tar.gz
-/frr-7.5.tar.gz
-/frr-7.5.1.tar.gz
-/frr-8.0.tar.gz
-/frr-8.0.1.tar.gz
-/frr-8.2.tar.gz
-/frr-8.2.2.tar.gz
-/frr-8.3.1.tar.gz
-/frr-8.4.tar.gz
-/frr-8.4.1.tar.gz
-/frr-8.4.2.tar.gz
-/frr-8.5.tar.gz
-/frr-8.5.1.tar.gz
-/frr-8.5.2.tar.gz

0000-remove-babeld-and-ldpd.patch

@@ -0,0 +1,29 @@
+diff --git a/Makefile.am b/Makefile.am
+index 5be3264..33abc1d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -130,8 +130,6 @@ include ospf6d/subdir.am
+ include ospfclient/subdir.am
+ include isisd/subdir.am
+ include nhrpd/subdir.am
+-include ldpd/subdir.am
+-include babeld/subdir.am
+ include eigrpd/subdir.am
+ include sharpd/subdir.am
+ include pimd/subdir.am
+@@ -182,7 +180,6 @@ EXTRA_DIST += \
+ 	snapcraft/defaults \
+ 	snapcraft/helpers \
+ 	snapcraft/snap \
+-	babeld/Makefile \
+ 	bgpd/Makefile \
+ 	bgpd/rfp-example/librfp/Makefile \
+ 	bgpd/rfp-example/rfptest/Makefile \
+@@ -193,7 +190,6 @@ EXTRA_DIST += \
+ 	fpm/Makefile \
+ 	grpc/Makefile \
+ 	isisd/Makefile \
+-	ldpd/Makefile \
+ 	lib/Makefile \
+ 	nhrpd/Makefile \
+ 	ospf6d/Makefile \

0001-nhrp-Configure-vici-socket-path-using-configure-with.patch

@@ -0,0 +1,68 @@
+From 1280a299c696ed925d02ad93d1af9af9dcf43621 Mon Sep 17 00:00:00 2001
+From: root <root@dm4.st.test2.hr>
+Date: Sat, 25 Jan 2020 19:38:39 +0100
+Subject: [PATCH] nhrp: Configure vici socket path using configure
+ --with-vici-socket=/var/run/charon.vici (default)
+
+---
+ configure.ac       | 8 ++++++++
+ nhrpd/README.nhrpd | 3 ++-
+ nhrpd/vici.c       | 2 +-
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c8371f304..2ef1c3fea 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m
+ ])
+ AC_SUBST([yangmodelsdir])
+ 
++AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=DIR], [vici-socket (/var/run/charon.vici)])], [
++	vici_socket="$withval"
++], [
++	vici_socket="/var/run/charon.vici"
++])
++AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici interface])
++
+ AC_ARG_ENABLE(tcmalloc,
+ 	AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
+ [case "${enableval}" in
+@@ -2410,6 +2417,7 @@ group for vty sockets   : ${enable_vty_group}
+ config file mask        : ${enable_configfile_mask}
+ log file mask           : ${enable_logfile_mask}
+ zebra protobuf enabled  : ${enable_protobuf:-no}
++vici socket path        : ${vici_socket}
+ 
+ The above user and group must have read/write access to the state file
+ directory and to the config files in the config file directory."
+diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd
+index 569b3f446..8bb5f69be 100644
+--- a/nhrpd/README.nhrpd
++++ b/nhrpd/README.nhrpd
+@@ -126,7 +126,8 @@ Integration with strongSwan
+ 
+ Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
+ Currently strongSwan is supported using the VICI protocol. strongSwan
+-is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
++is connected using UNIX socket (default /var/run/charon.vici use configure
++argument --with-vici-socket= to change).
+ Thus nhrpd needs to be run as user that can open that file.
+ 
+ Currently, you will need patched strongSwan. The working tree is at:
+diff --git a/nhrpd/vici.c b/nhrpd/vici.c
+index d6105b71d..86023e1f8 100644
+--- a/nhrpd/vici.c
++++ b/nhrpd/vici.c
+@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t)
+ 	if (vici->fd >= 0)
+ 		return 0;
+ 
+-	fd = sock_open_unix("/var/run/charon.vici");
++	fd = sock_open_unix(VICI_SOCKET);
+ 	if (fd < 0) {
+ 		debugf(NHRP_DEBUG_VICI,
+ 		       "%s: failure connecting VICI socket: %s",
+-- 
+2.24.1
+

0001-remove-babeld-and-ldpd.patch

@@ -1,68 +0,0 @@
-From 1adef7e973aeab4de3409ab77295bf218fc0c56c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zoran.pericic@infomaas.com>
-Date: Sun, 8 Oct 2023 11:22:51 +0200
-Subject: [PATCH 1/5] remove babeld and ldpd
-
----
- Makefile.am           | 4 ----
- tools/etc/frr/daemons | 4 ----
- 2 files changed, 8 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index f56e1b8e0b..a42811d940 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -196,8 +196,6 @@ include ospf6d/subdir.am
- include ospfclient/subdir.am
- include isisd/subdir.am
- include nhrpd/subdir.am
--include ldpd/subdir.am
--include babeld/subdir.am
- include eigrpd/subdir.am
- include sharpd/subdir.am
- include pimd/subdir.am
-@@ -261,7 +259,6 @@ EXTRA_DIST += \
- 	snapcraft/defaults \
- 	snapcraft/helpers \
- 	snapcraft/snap \
--	babeld/Makefile \
- 	mgmtd/Makefile \
- 	bgpd/Makefile \
- 	bgpd/rfp-example/librfp/Makefile \
-@@ -274,7 +271,6 @@ EXTRA_DIST += \
- 	fpm/Makefile \
- 	grpc/Makefile \
- 	isisd/Makefile \
--	ldpd/Makefile \
- 	lib/Makefile \
- 	nhrpd/Makefile \
- 	ospf6d/Makefile \
-diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
-index c487e7e5f2..2e602901d3 100644
---- a/tools/etc/frr/daemons
-+++ b/tools/etc/frr/daemons
-@@ -22,10 +22,8 @@ ripngd=no
- isisd=no
- pimd=no
- pim6d=no
--ldpd=no
- nhrpd=no
- eigrpd=no
--babeld=no
- sharpd=no
- pbrd=no
- bfdd=no
-@@ -49,10 +47,8 @@ ripngd_options=" -A ::1"
- isisd_options="  -A 127.0.0.1"
- pimd_options="   -A 127.0.0.1"
- pim6d_options="  -A ::1"
--ldpd_options="   -A 127.0.0.1"
- nhrpd_options="  -A 127.0.0.1"
- eigrpd_options=" -A 127.0.0.1"
--babeld_options=" -A 127.0.0.1"
- sharpd_options=" -A 127.0.0.1"
- pbrd_options="   -A 127.0.0.1"
- staticd_options="-A 127.0.0.1"
--- 
-2.41.0
-

0001-use-python3.patch

@@ -0,0 +1,20 @@
+diff --git a/tools/frr-reload.py b/tools/frr-reload.py
+index 208fb11..0692adc 100755
+--- a/tools/frr-reload.py
++++ b/tools/frr-reload.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ # Frr Reloader
+ # Copyright (C) 2014 Cumulus Networks, Inc.
+ #
+diff --git a/tools/generate_support_bundle.py b/tools/generate_support_bundle.py
+index 540b7a1..0876ebb 100755
+--- a/tools/generate_support_bundle.py
++++ b/tools/generate_support_bundle.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ 
+ ########################################################
+ ### Python Script to generate the FRR support bundle ###

0002-enable-openssl.patch

@@ -1,20 +1,44 @@
-From f2afebcbbd27c834b5d5727b561e588348503c15 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zoran.pericic@infomaas.com>
-Date: Sun, 8 Oct 2023 11:19:44 +0200
-Subject: [PATCH 2/5] enable openssl
-
----
- isisd/isis_lsp.c | 2 ++
- isisd/isis_pdu.c | 2 ++
- isisd/isis_te.c  | 2 ++
- lib/subdir.am    | 4 ----
- 4 files changed, 6 insertions(+), 4 deletions(-)
-
+diff --git a/lib/subdir.am b/lib/subdir.am
+index 0b7af18..0533e24 100644
+--- a/lib/subdir.am
++++ b/lib/subdir.am
+@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/linklist.c \
+ 	lib/log.c \
+ 	lib/log_vty.c \
+-	lib/md5.c \
+ 	lib/memory.c \
+ 	lib/mlag.c \
+ 	lib/module.c \
+@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/routemap.c \
+ 	lib/sbuf.c \
+ 	lib/seqlock.c \
+-	lib/sha256.c \
+ 	lib/sigevent.c \
+ 	lib/skiplist.c \
+ 	lib/sockopt.c \
+@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
+ 	lib/linklist.h \
+ 	lib/log.h \
+ 	lib/log_vty.h \
+-	lib/md5.h \
+ 	lib/memory.h \
+ 	lib/module.h \
+ 	lib/monotime.h \
+@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
+ 	lib/routemap.h \
+ 	lib/sbuf.h \
+ 	lib/seqlock.h \
+-	lib/sha256.h \
+ 	lib/sigevent.h \
+ 	lib/skiplist.h \
+ 	lib/smux.h \
 diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
-index 77573cdfac..df8508fa17 100644
+index 1991666..2e4fe55 100644
 --- a/isisd/isis_lsp.c
 +++ b/isisd/isis_lsp.c
-@@ -22,7 +22,9 @@
+@@ -35,7 +35,9 @@
  #include "hash.h"
  #include "if.h"
  #include "checksum.h"
@@ -25,10 +49,10 @@ index 77573cdfac..df8508fa17 100644
  #include "srcdest_table.h"
  #include "lib_errors.h"
 diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
-index 0cd43a7abc..b2e114d734 100644
+index 9c63311..7cf594c 100644
 --- a/isisd/isis_pdu.c
 +++ b/isisd/isis_pdu.c
-@@ -20,7 +20,9 @@
+@@ -33,7 +33,9 @@
  #include "prefix.h"
  #include "if.h"
  #include "checksum.h"
@@ -39,10 +63,10 @@ index 0cd43a7abc..b2e114d734 100644
  
  #include "isisd/isis_constants.h"
 diff --git a/isisd/isis_te.c b/isisd/isis_te.c
-index 90b53c540e..9d98c16e78 100644
+index 4ea6c2c..72ff0d2 100644
 --- a/isisd/isis_te.c
 +++ b/isisd/isis_te.c
-@@ -24,7 +24,9 @@
+@@ -38,7 +38,9 @@
  #include "if.h"
  #include "vrf.h"
  #include "checksum.h"
@@ -52,42 +76,3 @@ index 90b53c540e..9d98c16e78 100644
  #include "sockunion.h"
  #include "network.h"
  #include "sbuf.h"
-diff --git a/lib/subdir.am b/lib/subdir.am
-index d7b28ffbd5..b2ee32168b 100644
---- a/lib/subdir.am
-+++ b/lib/subdir.am
-@@ -63,7 +63,6 @@ lib_libfrr_la_SOURCES = \
- 	lib/log.c \
- 	lib/log_filter.c \
- 	lib/log_vty.c \
--	lib/md5.c \
- 	lib/memory.c \
- 	lib/mgmt_be_client.c \
- 	lib/mgmt_fe_client.c \
-@@ -95,7 +94,6 @@ lib_libfrr_la_SOURCES = \
- 	lib/routemap_northbound.c \
- 	lib/sbuf.c \
- 	lib/seqlock.c \
--	lib/sha256.c \
- 	lib/sigevent.c \
- 	lib/skiplist.c \
- 	lib/sockopt.c \
-@@ -248,7 +246,6 @@ pkginclude_HEADERS += \
- 	lib/link_state.h \
- 	lib/log.h \
- 	lib/log_vty.h \
--	lib/md5.h \
- 	lib/memory.h \
- 	lib/mgmt.pb-c.h \
- 	lib/mgmt_be_client.h \
-@@ -283,7 +280,6 @@ pkginclude_HEADERS += \
- 	lib/route_opaque.h \
- 	lib/sbuf.h \
- 	lib/seqlock.h \
--	lib/sha256.h \
- 	lib/sigevent.h \
- 	lib/skiplist.h \
- 	lib/smux.h \
--- 
-2.41.0
-

0003-disable-eigrp-crypto.patch

@@ -1,26 +1,227 @@
-From 138dff00b047a92b0616d53742b83b13cca8981c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zoran.pericic@infomaas.com>
-Date: Sun, 8 Oct 2023 11:23:48 +0200
-Subject: [PATCH 3/5] disable eigrp crypto
-
----
- eigrpd/eigrp_cli.c      | 15 +++++++++++++++
- eigrpd/eigrp_filter.c   |  2 ++
- eigrpd/eigrp_hello.c    |  2 ++
- eigrpd/eigrp_packet.c   | 27 +++++++++++++++++++++++++--
- eigrpd/eigrp_query.c    |  2 ++
- eigrpd/eigrp_reply.c    |  2 ++
- eigrpd/eigrp_siaquery.c |  2 ++
- eigrpd/eigrp_siareply.c |  2 ++
- eigrpd/eigrp_snmp.c     |  2 ++
- eigrpd/eigrp_update.c   |  2 ++
- 10 files changed, 56 insertions(+), 2 deletions(-)
-
+diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
+index bedaf15..8dc09bf 100644
+--- a/eigrpd/eigrp_packet.c
++++ b/eigrpd/eigrp_packet.c
+@@ -40,8 +40,10 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
+ #include "sha256.h"
++#endif
+ #include "lib_errors.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+@@ -95,8 +97,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	struct key *key = NULL;
+ 	struct keychain *keychain;
+ 
++
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	uint8_t *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_MD5_Authentication_Type *auth_TLV;
+@@ -119,6 +125,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 		return EIGRP_AUTH_TYPE_NONE;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++//TBD when this is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -146,7 +155,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
+-
++#endif
+ 	/* Append md5 digest to the end of the stream. */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
+ 
+@@ -162,7 +171,10 @@ int eigrp_check_md5_digest(struct stream *s,
+ 			   struct TLV_MD5_Authentication_Type *authTLV,
+ 			   struct eigrp_neighbor *nbr, uint8_t flags)
+ {
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	struct key *key = NULL;
+@@ -203,6 +215,9 @@ int eigrp_check_md5_digest(struct stream *s,
+ 		return 0;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -230,6 +245,7 @@ int eigrp_check_md5_digest(struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
++#endif
+ 
+ 	/* compare the two */
+ 	if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
+@@ -254,7 +270,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 	unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
+ 	unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	HMAC_SHA256_CTX ctx;
++#endif
+ 	void *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_SHA256_Authentication_Type *auth_TLV;
+@@ -283,6 +303,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 
+ 	inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	buffer[0] = '\n';
+ 	memcpy(buffer + 1, key, strlen(key->string));
+@@ -291,7 +314,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 			  1 + strlen(key->string) + strlen(source_ip));
+ 	HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
+ 	HMAC__SHA256_Final(digest, &ctx);
+-
++#endif
+ 
+ 	/* Put hmac-sha256 digest to it's place */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
+diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
+index 93eed94..f1c7347 100644
+--- a/eigrpd/eigrp_filter.c
++++ b/eigrpd/eigrp_filter.c
+@@ -47,7 +47,9 @@
+ #include "if_rmap.h"
+ #include "plist.h"
+ #include "distribute.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "privs.h"
+ #include "vrf.h"
+diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
+index dacd5ca..b232cc5 100644
+--- a/eigrpd/eigrp_hello.c
++++ b/eigrpd/eigrp_hello.c
+@@ -43,7 +43,9 @@
+ #include "sockopt.h"
+ #include "checksum.h"
+ #include "vty.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ 
+ #include "eigrpd/eigrp_structs.h"
+ #include "eigrpd/eigrpd.h"
+diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
+index 84dcf5e..a2575e3 100644
+--- a/eigrpd/eigrp_query.c
++++ b/eigrpd/eigrp_query.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
+index ccf0496..2902365 100644
+--- a/eigrpd/eigrp_reply.c
++++ b/eigrpd/eigrp_reply.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "keychain.h"
+ #include "plist.h"
+diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
+index ff38325..09b9369 100644
+--- a/eigrpd/eigrp_siaquery.c
++++ b/eigrpd/eigrp_siaquery.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
+index d3dd123..f6a2bd6 100644
+--- a/eigrpd/eigrp_siareply.c
++++ b/eigrpd/eigrp_siareply.c
+@@ -37,7 +37,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
+index 21c9238..cfb8890 100644
+--- a/eigrpd/eigrp_snmp.c
++++ b/eigrpd/eigrp_snmp.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "smux.h"
+ 
+diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
+index 8db4903..2a4f0bb 100644
+--- a/eigrpd/eigrp_update.c
++++ b/eigrpd/eigrp_update.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "plist.h"
+ #include "plist_int.h"
 diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c
-index 213834afc8..73647937db 100644
+index a93d4c8..b01e121 100644
 --- a/eigrpd/eigrp_cli.c
 +++ b/eigrpd/eigrp_cli.c
-@@ -11,6 +11,7 @@
+@@ -25,6 +25,7 @@
  #include "lib/command.h"
  #include "lib/log.h"
  #include "lib/northbound_cli.h"
@@ -28,7 +229,7 @@ index 213834afc8..73647937db 100644
  
  #include "eigrp_structs.h"
  #include "eigrpd.h"
-@@ -716,6 +717,20 @@ DEFPY_YANG(
+@@ -726,6 +726,20 @@ DEFPY(
  	"Keyed message digest\n"
  	"HMAC SHA256 algorithm \n")
  {
@@ -49,225 +250,3 @@ index 213834afc8..73647937db 100644
  	char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64];
  
  	snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']",
-diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
-index eceef6b8a7..1d194be143 100644
---- a/eigrpd/eigrp_filter.c
-+++ b/eigrpd/eigrp_filter.c
-@@ -32,7 +32,9 @@
- #include "if_rmap.h"
- #include "plist.h"
- #include "distribute.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "keychain.h"
- #include "privs.h"
- #include "vrf.h"
-diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
-index ee0e2451a2..d3b8414b81 100644
---- a/eigrpd/eigrp_hello.c
-+++ b/eigrpd/eigrp_hello.c
-@@ -28,7 +28,9 @@
- #include "sockopt.h"
- #include "checksum.h"
- #include "vty.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- 
- #include "eigrpd/eigrp_structs.h"
- #include "eigrpd/eigrpd.h"
-diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
-index 963d229bc1..587eb422ea 100644
---- a/eigrpd/eigrp_packet.c
-+++ b/eigrpd/eigrp_packet.c
-@@ -25,8 +25,10 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
- #include "sha256.h"
-+#endif
- #include "lib_errors.h"
- 
- #include "eigrpd/eigrp_structs.h"
-@@ -88,8 +90,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
- 	struct key *key = NULL;
- 	struct keychain *keychain;
- 
-+
- 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
-+#ifdef CRYPTO_OPENSSL
-+#elif CRYPTO_INTERNAL
- 	MD5_CTX ctx;
-+#endif
- 	uint8_t *ibuf;
- 	size_t backup_get, backup_end;
- 	struct TLV_MD5_Authentication_Type *auth_TLV;
-@@ -112,6 +118,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
- 		return EIGRP_AUTH_TYPE_NONE;
- 	}
- 
-+#ifdef CRYPTO_OPENSSL
-+//TBD when this is fixed in upstream
-+#elif CRYPTO_INTERNAL
- 	memset(&ctx, 0, sizeof(ctx));
- 	MD5Init(&ctx);
- 
-@@ -139,7 +148,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
- 	}
- 
- 	MD5Final(digest, &ctx);
--
-+#endif
- 	/* Append md5 digest to the end of the stream. */
- 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
- 
-@@ -155,7 +164,10 @@ int eigrp_check_md5_digest(struct stream *s,
- 			   struct TLV_MD5_Authentication_Type *authTLV,
- 			   struct eigrp_neighbor *nbr, uint8_t flags)
- {
-+#ifdef CRYPTO_OPENSSL
-+#elif CRYPTO_INTERNAL
- 	MD5_CTX ctx;
-+#endif
- 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
- 	unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
- 	struct key *key = NULL;
-@@ -196,6 +208,9 @@ int eigrp_check_md5_digest(struct stream *s,
- 		return 0;
- 	}
- 
-+#ifdef CRYPTO_OPENSSL
-+	//TBD when eigrpd crypto is fixed in upstream
-+#elif CRYPTO_INTERNAL
- 	memset(&ctx, 0, sizeof(ctx));
- 	MD5Init(&ctx);
- 
-@@ -223,6 +238,7 @@ int eigrp_check_md5_digest(struct stream *s,
- 	}
- 
- 	MD5Final(digest, &ctx);
-+#endif
- 
- 	/* compare the two */
- 	if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
-@@ -247,7 +263,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
- 	unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
- 	unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
- 
-+#ifdef CRYPTO_OPENSSL
-+	//TBD when eigrpd crypto is fixed in upstream
-+#elif CRYPTO_INTERNAL
- 	HMAC_SHA256_CTX ctx;
-+#endif
- 	void *ibuf;
- 	size_t backup_get, backup_end;
- 	struct TLV_SHA256_Authentication_Type *auth_TLV;
-@@ -276,6 +296,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
- 
- 	inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
- 
-+#ifdef CRYPTO_OPENSSL
-+	//TBD when eigrpd crypto is fixed in upstream
-+#elif CRYPTO_INTERNAL
- 	memset(&ctx, 0, sizeof(ctx));
- 	buffer[0] = '\n';
- 	memcpy(buffer + 1, key, strlen(key->string));
-@@ -284,7 +307,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
- 			  1 + strlen(key->string) + strlen(source_ip));
- 	HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
- 	HMAC__SHA256_Final(digest, &ctx);
--
-+#endif
- 
- 	/* Put hmac-sha256 digest to it's place */
- 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
-diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
-index 0e206cded6..4b3f4e0821 100644
---- a/eigrpd/eigrp_query.c
-+++ b/eigrpd/eigrp_query.c
-@@ -23,7 +23,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "vty.h"
- 
- #include "eigrpd/eigrp_structs.h"
-diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
-index aae89e832b..1fb1f404d2 100644
---- a/eigrpd/eigrp_reply.c
-+++ b/eigrpd/eigrp_reply.c
-@@ -27,7 +27,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "vty.h"
- #include "keychain.h"
- #include "plist.h"
-diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
-index 71486a1f6f..430e8ce719 100644
---- a/eigrpd/eigrp_siaquery.c
-+++ b/eigrpd/eigrp_siaquery.c
-@@ -23,7 +23,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "vty.h"
- 
- #include "eigrpd/eigrp_structs.h"
-diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
-index 6c8c1ef58d..b16e0fcfc8 100644
---- a/eigrpd/eigrp_siareply.c
-+++ b/eigrpd/eigrp_siareply.c
-@@ -22,7 +22,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "vty.h"
- 
- #include "eigrpd/eigrp_structs.h"
-diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
-index 492ef3e713..5618c3f2b5 100644
---- a/eigrpd/eigrp_snmp.c
-+++ b/eigrpd/eigrp_snmp.c
-@@ -27,7 +27,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "keychain.h"
- #include "smux.h"
- 
-diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
-index 74f573d9d8..39f4dcfc39 100644
---- a/eigrpd/eigrp_update.c
-+++ b/eigrpd/eigrp_update.c
-@@ -27,7 +27,9 @@
- #include "log.h"
- #include "sockopt.h"
- #include "checksum.h"
-+#ifdef CRYPTO_INTERNAL
- #include "md5.h"
-+#endif
- #include "vty.h"
- #include "plist.h"
- #include "plist_int.h"
--- 
-2.41.0
-

0004-fips-mode.patch

@@ -1,65 +1,10 @@
-From 90d09b061feae5e39a88c0ae51f880e82d82bb18 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zoran.pericic@infomaas.com>
-Date: Sun, 8 Oct 2023 11:24:43 +0200
-Subject: [PATCH 4/5] fips mode
-
----
- isisd/isis_circuit.c |  4 ++++
- isisd/isisd.c        |  4 ++++
- lib/zebra.h          |  1 +
- ospfd/ospf_vty.c     | 24 ++++++++++++++++++++++++
- ripd/rip_cli.c       |  6 ++++++
- 5 files changed, 39 insertions(+)
-
-diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
-index ffa6ad3e40..8c28b17eb2 100644
---- a/isisd/isis_circuit.c
-+++ b/isisd/isis_circuit.c
-@@ -1543,6 +1543,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit,
- 		return ferr_code_bug(
- 			"circuit password too long (max 254 chars)");
- 
-+	//When in FIPS mode, the password never gets set in MD5
-+	if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
-+		return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
-+
- 	circuit->passwd.len = len;
- 	strlcpy((char *)circuit->passwd.passwd, passwd,
- 		sizeof(circuit->passwd.passwd));
-diff --git a/isisd/isisd.c b/isisd/isisd.c
-index b1064d8941..fbcd097f72 100644
---- a/isisd/isisd.c
-+++ b/isisd/isisd.c
-@@ -3040,6 +3040,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
- 		if (len > 254)
- 			return -1;
- 
-+		//When in FIPS mode, the password never get set in MD5
-+		if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
-+			return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
-+
- 		modified.len = len;
- 		strlcpy((char *)modified.passwd, passwd,
- 			sizeof(modified.passwd));
-diff --git a/lib/zebra.h b/lib/zebra.h
-index ecc87f58f1..5cb7167598 100644
---- a/lib/zebra.h
-+++ b/lib/zebra.h
-@@ -90,6 +90,7 @@
- #ifdef CRYPTO_OPENSSL
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#include <openssl/fips.h>
- #endif
- 
- #include "openbsd-tree.h"
 diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
-index 740ecb518b..d094b205b3 100644
+index 631465f..e084ff3 100644
 --- a/ospfd/ospf_vty.c
 +++ b/ospfd/ospf_vty.c
-@@ -1085,6 +1085,11 @@ DEFUN (ospf_area_vlink,
- 		vl_config.keychain = argv[idx+1]->arg;
- 	} else if (argv_find(argv, argc, "message-digest", &idx)) {
+@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
+ 
+ 	if (argv_find(argv, argc, "message-digest", &idx)) {
  		/* authentication message-digest */
 +		if(FIPS_mode())
 +		{
@@ -69,7 +14,7 @@ index 740ecb518b..d094b205b3 100644
  		vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
  	} else if (argv_find(argv, argc, "null", &idx)) {
  		/* "authentication null" */
-@@ -1997,6 +2002,15 @@ DEFUN (ospf_area_authentication_message_digest,
+@@ -1993,6 +1998,15 @@ DEFUN (ospf_area_authentication_message_digest,
  				  ? OSPF_AUTH_NULL
  				  : OSPF_AUTH_CRYPTOGRAPHIC;
  
@@ -85,7 +30,7 @@ index 740ecb518b..d094b205b3 100644
  	return CMD_SUCCESS;
  }
  
-@@ -7621,6 +7635,11 @@ DEFUN (ip_ospf_authentication_args,
+@@ -6665,6 +6679,11 @@ DEFUN (ip_ospf_authentication_args,
  
  	/* Handle message-digest authentication */
  	if (argv[idx_encryption]->arg[0] == 'm') {
@@ -96,8 +41,8 @@ index 740ecb518b..d094b205b3 100644
 +		}
  		SET_IF_PARAM(params, auth_type);
  		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
- 		UNSET_IF_PARAM(params, keychain_name);
-@@ -7949,6 +7968,11 @@ DEFUN (ip_ospf_message_digest_key,
+ 		return CMD_SUCCESS;
+@@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
         "The OSPF password (key)\n"
         "Address of interface\n")
  {
@@ -109,11 +54,41 @@ index 740ecb518b..d094b205b3 100644
  	VTY_DECLVAR_CONTEXT(interface, ifp);
  	struct crypt_key *ck;
  	uint8_t key_id;
+diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
+index 81b4b39..cce33d9 100644
+--- a/isisd/isis_circuit.c
++++ b/isisd/isis_circuit.c
+@@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
+ 		return ferr_code_bug(
+ 			"circuit password too long (max 254 chars)");
+ 
++	//When in FIPS mode, the password never gets set in MD5
++	if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
++		return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 	circuit->passwd.len = len;
+ 	strlcpy((char *)circuit->passwd.passwd, passwd,
+ 		sizeof(circuit->passwd.passwd));
+diff --git a/isisd/isisd.c b/isisd/isisd.c
+index 419127c..a6c36af 100644
+--- a/isisd/isisd.c
++++ b/isisd/isisd.c
+@@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
+ 		if (len > 254)
+ 			return -1;
+ 
++		//When in FIPS mode, the password never get set in MD5
++		if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
++			return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 		modified.len = len;
+ 		strlcpy((char *)modified.passwd, passwd,
+ 			sizeof(modified.passwd));
 diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
-index 097c708ab1..854a16e4e0 100644
+index 5bb81ef..02a09ef 100644
 --- a/ripd/rip_cli.c
 +++ b/ripd/rip_cli.c
-@@ -876,6 +876,12 @@ DEFPY_YANG (ip_rip_authentication_mode,
+@@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
  			value = "20";
  	}
  
@@ -126,6 +101,3 @@ index 097c708ab1..854a16e4e0 100644
  	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
  			      strmatch(mode, "md5") ? "md5" : "plain-text");
  	if (strmatch(mode, "md5"))
--- 
-2.41.0
-

0005-remove-grpc-test.patch

@@ -1,34 +0,0 @@
-From e89eb677ad94cd39379e254215e3ec91e571da73 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zoran.pericic@infomaas.com>
-Date: Sun, 8 Oct 2023 11:26:25 +0200
-Subject: [PATCH 5/5] remove grpc test
-
----
- tests/lib/subdir.am | 11 -----------
- 1 file changed, 11 deletions(-)
-
-diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am
-index 6c1be50201..2ac3d508e9 100644
---- a/tests/lib/subdir.am
-+++ b/tests/lib/subdir.am
-@@ -24,17 +24,6 @@ copy_script: tests/lib/script1.lua
- 	test -e tests/lib/script1.lua || \
- 	$(INSTALL_SCRIPT) $< tests/lib/script1.lua
- 
--##############################################################################
--GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
--
--if GRPC
--check_PROGRAMS += tests/lib/test_grpc
--endif
--tests_lib_test_grpc_CXXFLAGS = $(WERROR) $(TESTS_CXXFLAGS)
--tests_lib_test_grpc_CPPFLAGS = $(TESTS_CPPFLAGS)
--tests_lib_test_grpc_LDADD = $(GRPC_TESTS_LDADD)
--tests_lib_test_grpc_SOURCES = tests/lib/test_grpc.cpp
--
- 
- ##############################################################################
- if ZEROMQ
--- 
-2.41.0
-

frr-sysusers.conf

@@ -1,4 +0,0 @@
-#Type Name   ID     GECOS                        Home directory  Shell
-g     frrvty -
-u     frr    -      "FRRouting routing suite"    /var/run/frr    /sbin/nologin
-m     frr    frrvty

frr-tmpfiles.conf

@@ -1 +0,0 @@
-d /run/frr 0755 frr frr -

frr.fc

@@ -1,29 +0,0 @@
-/usr/libexec/frr/(.*)?              gen_context(system_u:object_r:frr_exec_t,s0)
-
-/usr/lib/systemd/system/frr.*   gen_context(system_u:object_r:frr_unit_file_t,s0)
-
-/etc/frr(/.*)?                  gen_context(system_u:object_r:frr_conf_t,s0)
-
-/var/log/frr(/.*)?              gen_context(system_u:object_r:frr_log_t,s0)
-/var/tmp/frr(/.*)?              gen_context(system_u:object_r:frr_tmp_t,s0)
-
-/var/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-
-/var/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
-
-/usr/bin/vtysh              --  gen_context(system_u:object_r:frr_exec_t,s0)

frr.if

@@ -1,215 +0,0 @@
-## <summary>policy for frr</summary>
-
-########################################
-## <summary>
-##	Execute frr_exec_t in the frr domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`frr_domtrans',`
-	gen_require(`
-		type frr_t, frr_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, frr_exec_t, frr_t)
-')
-
-######################################
-## <summary>
-##	Execute frr in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`frr_exec',`
-	gen_require(`
-		type frr_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, frr_exec_t)
-')
-
-########################################
-## <summary>
-##	Read frr's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`frr_read_log',`
-	gen_require(`
-		type frr_log_t;
-	')
-
-	read_files_pattern($1, frr_log_t, frr_log_t)
-	optional_policy(`
-		logging_search_logs($1)
-	')
-')
-
-########################################
-## <summary>
-##	Append to frr log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`frr_append_log',`
-	gen_require(`
-		type frr_log_t;
-	')
-
-	append_files_pattern($1, frr_log_t, frr_log_t)
-	optional_policy(`
-		logging_search_logs($1)
-	')
-')
-
-########################################
-## <summary>
-##	Manage frr log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`frr_manage_log',`
-	gen_require(`
-		type frr_log_t;
-	')
-
-	manage_dirs_pattern($1, frr_log_t, frr_log_t)
-	manage_files_pattern($1, frr_log_t, frr_log_t)
-	manage_lnk_files_pattern($1, frr_log_t, frr_log_t)
-	optional_policy(`
-		logging_search_logs($1)
-	')
-')
-
-########################################
-## <summary>
-##	Read frr PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`frr_read_pid_files',`
-	gen_require(`
-		type frr_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, frr_var_run_t, frr_var_run_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an frr environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`frr_admin',`
-	gen_require(`
-		type frr_t;
-		type frr_log_t;
-		type frr_var_run_t;
-	')
-
-	allow $1 frr_t:process { signal_perms };
-	ps_process_pattern($1, frr_t)
-
-	tunable_policy(`deny_ptrace',`',`
-		allow $1 frr_t:process ptrace;
-	')
-
-	admin_pattern($1, frr_log_t)
-
-	files_search_pids($1)
-	admin_pattern($1, frr_var_run_t)
-	optional_policy(`
-		logging_search_logs($1)
-	')
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
-')
-
-########################################
-#
-# Interface compatibility blocks
-#
-# The following definitions ensure compatibility with distribution policy
-# versions that do not contain given interfaces (epel, or older Fedora
-# releases).
-# Each block tests for existence of given interface and defines it if needed.
-#
-
-######################################
-## <summary>
-##	Watch ifconfig_var_run_t directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_watch_ifconfig_run',`
-	interface(`sysnet_watch_ifconfig_run',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')
-
-########################################
-## <summary>
-##	Read ifconfig_var_run_t files and link files
-## </summary>
-## <param name="domain">
-##	<summary>
-##      Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_read_ifconfig_run',`
-	interface(`sysnet_read_ifconfig_run',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')
-

frr.spec

@@ -1,81 +1,42 @@
-%global dist .ims.1%{?dist}
-
-%global frr_libdir %{_libexecdir}/frr
+%global frrversion	7.3
+%global frr_libdir /usr/lib/frr
+%global checkout .st.1
 
 %global _hardened_build 1
-%global selinuxtype targeted
 %define _legacy_common_support 1
-%bcond grpc %{undefined rhel}
-%bcond selinux 1
 
-Name:           frr
-Version:        9.1.0
-Release:        1%{?dist}
-Summary:        Routing daemon
-License:        GPLv2+
-URL:            http://www.frrouting.org
-Source0:        https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
-Source1:        %{name}-tmpfiles.conf
-Source2:        %{name}-sysusers.conf
-#Decentralized SELinux policy
-Source3:        frr.fc
-Source4:        frr.te
-Source5:        frr.if
-
-Patch0000:      0001-remove-babeld-and-ldpd.patch
-Patch0002:      0002-enable-openssl.patch
-Patch0003:      0003-disable-eigrp-crypto.patch
-Patch0004:      0004-fips-mode.patch
-Patch0005:      0005-remove-grpc-test.patch
-
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  bison >= 2.7
-BuildRequires:  c-ares-devel
-BuildRequires:  flex
-BuildRequires:  gcc
-BuildRequires:  gcc-c++
-BuildRequires:  git-core
-BuildRequires:  groff
-%if %{with grpc}
-BuildRequires:  grpc-devel
-BuildRequires:  grpc-plugins
-%endif
-BuildRequires:  json-c-devel
-BuildRequires:  libcap-devel
-BuildRequires:  libtool
-BuildRequires:  libyang-devel >= 2.0.0
-BuildRequires:  make
-BuildRequires:  ncurses
-BuildRequires:  ncurses-devel
-BuildRequires:  net-snmp-devel
-BuildRequires:  pam-devel
-BuildRequires:  patch
-BuildRequires:  perl-XML-LibXML
-BuildRequires:  perl-generators
-BuildRequires:  python3-devel
-BuildRequires:  python3-pytest
-BuildRequires:  python3-sphinx
-BuildRequires:  readline-devel
-BuildRequires:  systemd-devel
-BuildRequires:  systemd-rpm-macros
-BuildRequires:  texinfo
-BuildRequires:  protobuf-c-devel
-
-Requires:       ncurses
-Requires:       net-snmp
-Requires(post): hostname
-%{?sysusers_requires_compat}
-Requires(post): systemd
+Name: frr
+Version: 7.3
+Release: 1%{?checkout}%{?dist}
+Summary: Routing daemon
+License: GPLv2+
+URL: http://www.frrouting.org
+Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
+BuildRequires: perl-generators
+BuildRequires: systemd
+BuildRequires: gcc
+BuildRequires: net-snmp-devel
+BuildRequires: texinfo libcap-devel texi2html autoconf automake libtool patch groff
+BuildRequires: readline readline-devel ncurses ncurses-devel
+BuildRequires: git pam-devel c-ares-devel
+BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
+BuildRequires: python3-devel python3-sphinx python3-pytest
+BuildRequires: systemd systemd-devel
+BuildRequires: libyang-devel >= 0.16.74
+Requires: net-snmp ncurses
+Requires(post): systemd /sbin/install-info
+Requires(preun): systemd /sbin/install-info
 Requires(postun): systemd
-Requires(preun): systemd
+Provides: routingdaemon = %{version}-%{release}
+Conflicts: quagga
 
-%if 0%{?with_selinux}
-Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
-%endif
+Patch0000: 0000-remove-babeld-and-ldpd.patch
+Patch0001: 0001-use-python3.patch
+Patch0002: 0002-enable-openssl.patch
+Patch0003: 0003-disable-eigrp-crypto.patch
+Patch0004: 0004-fips-mode.patch
 
-Obsoletes:      quagga < 1.2.4-17
-Provides:       routingdaemon = %{version}-%{release}
+Patch0006: 0001-nhrp-Configure-vici-socket-path-using-configure-with.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -86,27 +47,8 @@ FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP
 
 FRRouting is a fork of Quagga.
 
-%if 0%{?with_selinux}
-%package selinux
-Summary:	Selinux policy for FRR
-BuildArch:	noarch
-Requires:	selinux-policy-%{selinuxtype}
-Requires(post):	selinux-policy-%{selinuxtype}
-BuildRequires:	selinux-policy-devel
-%{?selinux_requires}
-
-%description selinux
-SELinux policy modules for FRR package
-
-%endif
-
 %prep
 %autosetup -S git
-#Selinux
-mkdir selinux
-cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
-# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17:
-sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
 
 %build
 autoreconf -ivf
@@ -116,7 +58,7 @@ autoreconf -ivf
     --sysconfdir=%{_sysconfdir}/frr \
     --libdir=%{_libdir}/frr \
     --libexecdir=%{_libexecdir}/frr \
-    --localstatedir=/run/frr \
+    --localstatedir=%{_localstatedir}/run/frr \
     --enable-multipath=64 \
     --enable-vtysh=yes \
     --disable-ospfclient \
@@ -134,65 +76,57 @@ autoreconf -ivf
     --with-moduledir=%{_libdir}/frr/modules \
     --with-crypto=openssl \
     --with-vici-socket=/run/strongswan/charon.vici \
-    --enable-fpm \
-    %{?with_grpc:--enable-grpc}
+    --enable-fpm
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
 
-# Build info documentation
-%make_build -C doc info
-
-#SELinux policy
-%if 0%{?with_selinux}
-make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
-bzip2 -9 selinux/%{name}.pp
-%endif
+pushd doc
+make info
+popd
 
 %install
-mkdir -p %{buildroot}%{_sysconfdir}/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
-         %{buildroot}%{_localstatedir}/log/frr %{buildroot}%{_infodir} \
+mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
+         %{buildroot}/var/log/frr %{buildroot}%{_infodir} \
          %{buildroot}%{_unitdir}
 
 mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
-mkdir -p %{buildroot}%{_tmpfilesdir}
-mkdir -p %{buildroot}%{_sysusersdir}
 
 %make_install
 
 # Remove this file, as it is uninstalled and causes errors when building on RH9
-rm -rf %{buildroot}%{_infodir}/dir
+rm -rf %{buildroot}/usr/share/info/dir
 
-install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-install -p -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
-install -p -m 644 tools/etc/frr/daemons %{buildroot}%{_sysconfdir}/frr/daemons
-install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service
-install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
-install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
-install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
 
-install -p -m 644 redhat/frr.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/frr
-install -p -m 644 redhat/frr.pam %{buildroot}%{_sysconfdir}/pam.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
 install -d -m 775 %{buildroot}/run/frr
 
-%if 0%{?with_selinux}
-install -D -m 644 selinux/%{name}.pp.bz2 \
-	%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
-install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
-%endif
-
-# Delete libtool archives
-find %{buildroot} -type f -name "*.la" -delete -print
+rm %{buildroot}%{_libdir}/frr/*.la
+rm %{buildroot}%{_libdir}/frr/modules/*.la
 
 #Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
 rm %{buildroot}%{_libdir}/frr/*.so
 rm -r %{buildroot}%{_includedir}/frr/
 
 %pre
-%sysusers_create_compat %{SOURCE2}
+getent group frrvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || :
+getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || :
+getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
+ -c "FRRouting routing suite" -d %{_localstatedir}/run/frr frr || :
+usermod -aG frrvty frr
 
 %post
 %systemd_post frr.service
 
+if [ -f %{_infodir}/%{name}.inf* ]; then
+    install-info %{_infodir}/frr.info %{_infodir}/dir || :
+fi
+
 # Create dummy files if they don't exist so basic functions can be used.
 if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
     echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf
@@ -200,285 +134,58 @@ if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
     chmod 640 %{_sysconfdir}/frr/frr.conf
 fi
 
-#still used by vtysh, this way no error is produced when using vtysh
-if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
-    touch %{_sysconfdir}/frr/vtysh.conf
-    chmod 640 %{_sysconfdir}/frr/vtysh.conf
-    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
-fi
-
 %postun
 %systemd_postun_with_restart frr.service
 
 %preun
 %systemd_preun frr.service
 
-#SELinux
-%if 0%{?with_selinux}
-%pre selinux
-%selinux_relabel_pre -s %{selinuxtype}
-
-%post selinux
-%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
-%selinux_relabel_post -s %{selinuxtype}
-#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
-if [ $1 == 2 ]; then
-    %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
-    %{_sbindir}/restorecon -R /var/run/frr &> /dev/null
-fi
-
-%postun selinux
+#only when removing frr
 if [ $1 -eq 0 ]; then
-    %selinux_modules_uninstall -s %{selinuxtype} %{name}
-    %selinux_relabel_post -s %{selinuxtype}
+	if [ -f %{_infodir}/%{name}.inf* ]; then
+    	install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
+	fi
 fi
 
-%endif
-
 %check
-#this should be temporary, the grpc test is just badly designed
-rm tests/lib/*grpc*
-%make_build check PYTHON=%{__python3}
+make check PYTHON=%{__python3}
 
 %files
+%defattr(-,root,root)
 %license COPYING
+%doc zebra/zebra.conf.sample
+%doc isisd/isisd.conf.sample
+%doc ripd/ripd.conf.sample
+%doc bgpd/bgpd.conf.sample*
+%doc ospfd/ospfd.conf.sample
+%doc ospf6d/ospf6d.conf.sample
+%doc ripngd/ripngd.conf.sample
+%doc pimd/pimd.conf.sample
 %doc doc/mpls
-%dir %attr(750,frr,frr) %{_sysconfdir}/frr
-%dir %attr(755,frr,frr) %{_localstatedir}/log/frr
+%dir %attr(755,frr,frr) %{_sysconfdir}/frr
+%dir %attr(755,frr,frr) /var/log/frr
 %dir %attr(755,frr,frr) /run/frr
 %{_infodir}/*info*
-%{_mandir}/man1/frr.1*
-%{_mandir}/man1/vtysh.1*
-%{_mandir}/man8/frr-*.8*
-%{_mandir}/man8/mtracebis.8*
-%dir %{frr_libdir}/
+%{_mandir}/man*/*
 %{frr_libdir}/*
-%{_bindir}/mtracebis
-%{_bindir}/vtysh
+%{_bindir}/*
 %dir %{_libdir}/frr
 %{_libdir}/frr/*.so.*
-%dir %{_libdir}/frr/modules
 %{_libdir}/frr/modules/*
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/frr
-%config(noreplace) %attr(644,frr,frr) %{_sysconfdir}/frr/daemons
-%config(noreplace) %{_sysconfdir}/pam.d/frr
+%config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
+%config(noreplace) /etc/frr/daemons
+%config(noreplace) /etc/pam.d/frr
 %{_unitdir}/*.service
-%dir %{_datadir}/yang
-%{_datadir}/yang/*.yang
-%{_tmpfilesdir}/%{name}.conf
-%{_sysusersdir}/%{name}.conf
-
-%if 0%{?with_selinux}
-%files selinux
-%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
-%{_datadir}/selinux/devel/include/distributed/%{name}.if
-%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
-%endif
+/usr/share/yang/*.yang
+#%%{_libdir}/frr/frr/libyang_plugins/*
 
 %changelog
-* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1
-- New version 8.5.2
-- Fixing a couple of SELinux issues
-
-* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1
-- New version 8.5.1
-
-* Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1
-- New version 8.5
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Thu Jan 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-1
-- New version 8.4.2
-
-* Fri Nov 25 2022 Michal Ruprich <mruprich@redhat.com> - 8.4.1-1
-- New version 8.4.1
-- Fix for rhbz #2140705
-
-* Thu Nov 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.4-1
-- New version 8.4
-
-* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
-- Adding SELinux rule to enable zebra to write to sysctl_net_t
-- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
-
-* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
-- Fixing an error in post scriptlet
-
-* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
-- Resolves: #2124254 - frr can no longer update routes
-
-* Wed Sep 07 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
-- Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr
-- Better handling FRR files during upgrade
-
-* Tue Sep 06 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
-- New version 8.3.1
-
-* Mon Aug 22 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-10
-- Rebuilding for new abseil-cpp and grpc updates
-
-* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-9
-- Adding vrrpd and pathd as daemons to the policy
-
-* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-8
-- Finalizing SELinux policy
-
-* Tue Aug 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-7
-- Fixing wrong path for vtysh in frr.fc
-
-* Fri Jul 29 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.2.2-6
-- Rebuild with abseil-cpp-20211102.0-4.fc37 (RHBZ#2108658)
-
-* Wed Jul 27 2022 Michal Ruprich - 8.2.2-5
-- Packaging SELinux policy for FRR
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.2.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Tue May 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-3
-- Rebuild for grpc-1.46.1
-
-* Mon Apr 11 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-2
-- Fix for CVE-2022-16126
-
-* Tue Mar 15 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-1
-- New version 8.2.2
-
-* Thu Mar 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-2
-- Rebuild for abseil-cpp 20211102.0
-
-* Wed Mar 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-1
-- New version 8.2 (rhbz#2020439)
-- Resolves: #2011868 - systemctl frr reload does not stop daemons that are not enabled in /etc/frr/daemons
-
-* Tue Feb 01 2022 Michal Ruprich <mruprich@redhat.com> - 8.0.1-11
-- Rebuilding for FTBFS in Rawhide(rhbz#2045399)
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 8.0.1-9
-- Rebuilt for libre2.so.9
-
-* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-8
-- Rebuilt for protobuf 3.19.0
-
-* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-7
-- Rebuilt for protobuf 3.18.1
-
-* Fri Oct 15 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-6
-- Obsoleting quagga so that it may be retired
-
-* Thu Oct 07 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-5
-- Rebuilding for grpc 1.41
-
-* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-4
-- Rebuild for new version of libyang
-
-* Sat Sep 18 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.1-3
-- Rebuild for grpc 1.40
-
-* Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 8.0.1-2
-- Rebuilt with OpenSSL 3.0.0
-
-* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-1
-- New version 8.0.1
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.0-2
-- Rebuilt with OpenSSL 3.0.0
-
-* Wed Aug 11 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1
-- New version 8.0
-
-* Wed Aug 04 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-9
-- Rebuild for grpc 1.39
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
-- Resolves: #1983278 - ospfd crashes in route_node_delete with assertion fail
-
-* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> - 7.5.1-6
-- Rebuild for versioned symbols in json-c
-
-* Wed Jul 07 2021 Neal Gompa <ngompa@datto.com> - 7.5.1-5
-- Clean up the spec file for legibility and modern spec standards
-- Remove unneeded info scriptlets
-- Use systemd-sysusers for frr user and frrvty group
-- Use git-core instead of git for applying patches
-- Drop redundant build dependencies
-
-* Wed Jul 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
-- Rebuild for newer abseil-cpp
-
-* Tue May 11 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-3
-- Rebuild for grpc 1.37
-
-* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
-- Fixing permissions on config files in /etc/frr
-- Enabling integrated configuration option for frr
-
-* Fri Mar 12 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
-- New version 7.5.1
-- Enabling grpc, adding hostname for post scriptlet
-- Moving files to libexec due to selinux issues
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.5-4
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
-- Fixing FTBS - icc options are confusing the new gcc
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
-- New version 7.5
-
-* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
-- New version 7.4
-
-* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
-- Rebuilt for new net-snmp release
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
-- New version 7.3.1
-- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
-
-* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
-- Removing texi2html, it is not available in Rawhide anymore
-
-* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
-- Rebuild for new version of libyang
-
-* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
-- Rebuild (json-c)
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
-- Update json-c-0.14 patch with a solution from upstream
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
-- Add support for upcoming json-c 0.14.0
-
 * Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
 - New version 7.3
 
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+* Wed Jan 08 2020 Michal Ruprich <mruprich@redhat.com> - 7.2-1
 - New version 7.2
 
-* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
-- Rebuilding for new version of libyang
-
 * Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
 - Adding noreplace to the /etc/frr/daemons file
 
@@ -496,3 +203,4 @@ rm tests/lib/*grpc*
 
 * Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
 - Initial build
+

frr.te

@@ -1,122 +0,0 @@
-policy_module(frr, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type frr_t;
-type frr_exec_t;
-init_daemon_domain(frr_t, frr_exec_t)
-
-type frr_log_t;
-logging_log_file(frr_log_t)
-
-type frr_tmp_t;
-files_tmp_file(frr_tmp_t)
-
-type frr_lock_t;
-files_lock_file(frr_lock_t)
-
-type frr_conf_t;
-files_config_file(frr_conf_t)
-
-type frr_unit_file_t;
-systemd_unit_file(frr_unit_file_t)
-
-type frr_var_run_t;
-files_pid_file(frr_var_run_t)
-
-########################################
-#
-# frr local policy
-#
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
-allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
-allow frr_t self:packet_socket { create setopt };
-allow frr_t self:process { setcap setpgid };
-allow frr_t self:rawip_socket create_socket_perms;
-allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
-allow frr_t self:udp_socket create_socket_perms;
-allow frr_t self:unix_stream_socket connectto;
-
-allow frr_t frr_conf_t:dir list_dir_perms;
-manage_files_pattern(frr_t, frr_conf_t, frr_conf_t)
-read_lnk_files_pattern(frr_t, frr_conf_t, frr_conf_t)
-
-manage_dirs_pattern(frr_t, frr_log_t, frr_log_t)
-manage_files_pattern(frr_t, frr_log_t, frr_log_t)
-manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
-logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
-
-allow frr_t frr_tmp_t:file map;
-manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
-manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
-files_tmp_filetrans(frr_t, frr_tmp_t, { file dir })
-
-manage_files_pattern(frr_t, frr_lock_t, frr_lock_t)
-manage_lnk_files_pattern(frr_t, frr_lock_t, frr_lock_t)
-files_lock_filetrans(frr_t, frr_lock_t, { file lnk_file })
-
-manage_dirs_pattern(frr_t, frr_var_run_t, frr_var_run_t)
-manage_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
-manage_lnk_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
-manage_sock_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
-files_pid_filetrans(frr_t, frr_var_run_t, { dir file lnk_file })
-
-allow frr_t frr_exec_t:dir search_dir_perms;
-can_exec(frr_t, frr_exec_t)
-
-kernel_read_network_state(frr_t)
-kernel_rw_net_sysctls(frr_t)
-kernel_read_system_state(frr_t)
-
-auth_use_nsswitch(frr_t)
-
-corecmd_exec_bin(frr_t)
-
-corenet_tcp_bind_appswitch_emp_port(frr_t)
-corenet_udp_bind_bfd_control_port(frr_t)
-corenet_udp_bind_bfd_echo_port(frr_t)
-corenet_udp_bind_bfd_multi_port(frr_t)
-corenet_tcp_bind_bgp_port(frr_t)
-corenet_tcp_connect_bgp_port(frr_t)
-corenet_tcp_bind_cmadmin_port(frr_t)
-corenet_udp_bind_cmadmin_port(frr_t)
-corenet_tcp_bind_firepower_port(frr_t)
-corenet_tcp_bind_generic_port(frr_t)
-corenet_tcp_bind_priority_e_com_port(frr_t)
-corenet_udp_bind_router_port(frr_t)
-corenet_tcp_bind_qpasa_agent_port(frr_t)
-corenet_tcp_bind_smntubootstrap_port(frr_t)
-corenet_tcp_bind_versa_tek_port(frr_t)
-corenet_tcp_bind_zebra_port(frr_t)
-
-domain_use_interactive_fds(frr_t)
-
-fs_read_nsfs_files(frr_t)
-
-sysnet_exec_ifconfig(frr_t)
-sysnet_read_ifconfig_run(frr_t)
-sysnet_watch_ifconfig_run(frr_t)
-
-userdom_read_admin_home_files(frr_t)
-
-optional_policy(`
-	logging_send_syslog_msg(frr_t)
-')
-
-optional_policy(`
-	modutils_exec_kmod(frr_t)
-	modutils_getattr_module_deps(frr_t)
-	modutils_read_module_config(frr_t)
-	modutils_read_module_deps_files(frr_t)
-')
-
-optional_policy(`
-	networkmanager_read_state(frr_t)
-')
-
-optional_policy(`
-	userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
-')

gating.yaml

@@ -1,16 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_contexts: [bodhi_update_push_testing]
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
- 
-#gating rawhide
---- !Policy
-product_versions:
-  - fedora-*
-decision_contexts: [bodhi_update_push_stable]
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

plans/all.fmf

@@ -1,6 +0,0 @@
-summary: Test plan with all Fedora tests
-discover:
-       how: fmf
-       url: https://src.fedoraproject.org/tests/frr.git
-execute:
-       how: tmt

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-8.5.2.tar.gz) = a5eadd8c88966b58ebc0e7b92311bda16b391abe727861eed772ded678f5a84d84421fbfd4b23c4a2b18ab3d2dcd5b2c9099491dab6958b63c39a9c67c4508d2
-SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d
+SHA512 (frr-7.3.tar.gz) = 51d41ea00c91a98ef4152c1650238fa0a6bdc45151917ed7a90f9441ddad8af2d206579b0c8693abcbe890379ec7d8eca47930f9a795e96d8e1cdc513e293237
+SHA512 (remove-babeld-ldpd.sh) = 9cf3040bfac3620d97c323cc64e35ce2afaf943f6398d0b4187af7756897f2a4e68afedf5dc495f735132e577479aa1c142e6c111575ea6cd931295a7f6f1557