# If tests have to be skipped while building, specify the '--without check'
# option. For example:
# rpmbuild -bb --without check rhel/openvswitch-fedora.spec
# This defines the base package name's version.
%define pkgname openvswitch3.5
%global commit 8b7f1eb8db1aa99ccf7b542662129450caff65e0
%if 0%{?commit:1}
%global shortcommit %(c=%{commit}; echo ${c:0:7})
# Enable PIE, bz#955181
%global _hardened_build 1
# RHEL-7 doesn't define _rundir macro yet
# Fedora 15 onwards uses /run as _rundir
%if 0%{!?_rundir:1}
%define _rundir /run
# FIXME Test "STP - flush the fdb and mdb when topology changed" fails on s390x
# FIXME 2 tests fails on ppc64le. They will be hopefully fixed before official 2.11
%ifarch %{ix86} x86_64 aarch64
%bcond_without check
%bcond_with check
# option to run kernel datapath tests, requires building as root!
%bcond_with check_datapath_kernel
# option to build with libcap-ng, needed for running OVS as regular user
%bcond_without libcapng
# option to build with ipsec support
%bcond_without ipsec
# Build python2 (that provides python) and python3 subpackages on Fedora
# Build only python3 (that provides python) subpackage on RHEL8
# Build only python subpackage on RHEL7
%if 0%{?rhel} > 7 || 0%{?fedora}
# On RHEL8 Sphinx is included in buildroot
%global external_sphinx 1
# Don't use external sphinx (RHV doesn't have optional repositories enabled)
%global external_sphinx 0
Name: %{pkgname}
Summary: Open vSwitch
Group: System Environment/Daemons daemon/database/utilities
URL: http://www.openvswitch.org/
Version: 3.5.0
Release: 0.23%{?dist}
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
# datapath/ is GPLv2 (although not built into any of the binary packages)
License: ASL 2.0 and LGPLv2+ and SISSL
%define dpdkver 24.11
%define dpdkdir dpdk
%define dpdksver %(echo %{dpdkver} | cut -d. -f-2)
# NOTE: DPDK does not currently build for s390x
# DPDK on aarch64 is not stable enough to be enabled in FDP
%if 0%{?rhel} > 7 || 0%{?fedora}
%define dpdkarches x86_64 ppc64le
%define dpdkarches
%if 0%{?commit:1}
Source: https://github.com/openvswitch/ovs/archive/%{commit}.tar.gz#/openvswitch-%{commit}.tar.gz
Source: https://github.com/openvswitch/ovs/archive/v%{version}.tar.gz#/openvswitch-%{version}.tar.gz
Source2: openvswitch.sysusers
Source3: openvswitch-hugetlbfs.sysusers
Source10: https://fast.dpdk.org/rel/dpdk-%{dpdkver}.tar.xz
%define docutilsver 0.12
%define pygmentsver 1.4
%define sphinxver 1.2.3
%define pyelftoolsver 0.27
Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz
Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz
Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz
Source103: https://pypi.io/packages/source/p/pyelftools/pyelftools-%{pyelftoolsver}.tar.gz
Patch0: openvswitch-%{version}.patch
# The DPDK is designed to optimize througput of network traffic using, among
# other techniques, carefully crafted assembly instructions. As such it
# needs extensive work to port it to other architectures.
ExclusiveArch: x86_64 aarch64 ppc64le s390x
# Do not enable this otherwise YUM will break on any upgrade.
# Provides: openvswitch
Conflicts: openvswitch < 3.5
Conflicts: openvswitch-dpdk < 3.5
Conflicts: openvswitch2.10
Conflicts: openvswitch2.11
Conflicts: openvswitch2.12
Conflicts: openvswitch2.13
Conflicts: openvswitch2.14
Conflicts: openvswitch2.15
Conflicts: openvswitch2.16
Conflicts: openvswitch2.17
Conflicts: openvswitch3.0
Conflicts: openvswitch3.1
Conflicts: openvswitch3.2
Conflicts: openvswitch3.3
Conflicts: openvswitch3.4
# FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's
# in the -optional repository and so we can't require it directly since RHV
# doesn't have the -optional repository enabled and so TPS fails
%if %{external_sphinx}
BuildRequires: python3-sphinx
# Sphinx dependencies
BuildRequires: python-devel
BuildRequires: python-setuptools
#BuildRequires: python2-docutils
BuildRequires: python-jinja2
BuildRequires: python-nose
#BuildRequires: python2-pygments
# docutils dependencies
BuildRequires: python-imaging
# pygments dependencies
BuildRequires: python-nose
BuildRequires: gcc gcc-c++ make
BuildRequires: autoconf automake libtool
BuildRequires: systemd-units systemd-rpm-macros openssl openssl-devel
BuildRequires: python3-devel python3-setuptools
BuildRequires: desktop-file-utils
BuildRequires: groff-base graphviz
BuildRequires: unbound-devel
BuildRequires: systemtap-sdt-devel
# make check dependencies
BuildRequires: procps-ng
%if %{with check_datapath_kernel}
BuildRequires: nmap-ncat
# would be useful but not available in RHEL or EPEL
#BuildRequires: pyftpdlib
%if %{with libcapng}
BuildRequires: libcap-ng libcap-ng-devel
%ifarch %{dpdkarches}
BuildRequires: meson
%if 0%{?rhel} > 8 || 0%{?fedora}
BuildRequires: python3-pyelftools
# DPDK driver dependencies
BuildRequires: zlib-devel numactl-devel libarchive-devel
# libarchive static dependencies
BuildRequires: bzip2-devel libacl-devel libxml2-devel libzstd-devel lz4-devel xz-devel
%ifarch x86_64
BuildRequires: rdma-core-devel >= 15 libmnl-devel
# Required by packaging policy for the bundled DPDK
Provides: bundled(dpdk) = %{dpdkver}
Requires: openssl iproute module-init-tools
#Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
#Requires: kernel >= 3.15.0-0
Requires: openvswitch-selinux-extra-policy
Requires(post): /bin/sed
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Obsoletes: openvswitch-controller <= 0:2.1.0-1
%if 0%{?rhel}
# sortedcontainers are not packaged on RHEL yet, but ovs includes it
%global __requires_exclude ^python%{python3_version}dist\\(sortedcontainers\\)$
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
%package -n python3-%{pkgname}
Summary: Open vSwitch python3 bindings
License: ASL 2.0
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Provides: python-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%description -n python3-%{pkgname}
Python bindings for the Open vSwitch database
%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: tcpdump
%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.
%package devel
Summary: Open vSwitch OpenFlow development package (library, headers)
License: ASL 2.0
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%description devel
This provides shared library, libopenswitch.so and the openvswitch header
files needed to build an external application.
%if 0%{?rhel} == 8 || 0%{?fedora} > 28
%package -n network-scripts-%{name}
Summary: Open vSwitch legacy network service support
License: ASL 2.0
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
%if %{with ipsec}
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: ASL 2.0
Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: libreswan
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%if 0%{?commit:1}
%setup -q -n ovs-%{commit} -a 10
%setup -q -n ovs-%{version} -a 10
%if ! %{external_sphinx}
%if 0%{?commit:1}
%setup -n ovs-%{commit} -q -D -T -a 100 -a 101 -a 102
%setup -n ovs-%{version} -q -D -T -a 100 -a 101 -a 102
%if 0%{?rhel} && 0%{?rhel} < 9
%if 0%{?commit:1}
%setup -n ovs-%{commit} -q -D -T -a 103
%setup -n ovs-%{version} -q -D -T -a 103
mv dpdk-*/ %{dpdkdir}/
%if 0%{?PATCH0:1}%{!?PATCH0:0}
%patch -P0 -p1
%if 0%{?rhel} && 0%{?rhel} < 9
export PYTHONPATH="${PWD}/pyelftools-%{pyelftoolsver}"
# Build Sphinx on RHEL
%if ! %{external_sphinx}
export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}%{_builddir}/pytmp/lib/python"
for x in docutils-%{docutilsver} Pygments-%{pygmentsver} Sphinx-%{sphinxver}; do
pushd "$x"
python2 setup.py install --home %{_builddir}/pytmp
export PATH="$PATH:%{_builddir}/pytmp/bin"
%ifarch %{dpdkarches}
# Lets build DPDK first
cd %{dpdkdir}
%ifarch x86_64
%ifarch aarch64 x86_64
for driver in "${ENABLED_DRIVERS[@]}"; do
# If doing any updates, this must be aligned with:
# https://access.redhat.com/articles/3538141
for lib in "${ENABLED_LIBS[@]}"; do
%__meson --prefix=%{_builddir}/dpdk-build \
--buildtype=plain \
-Denable_libs="$enable_libs" \
-Ddisable_apps="*" \
-Denable_drivers="$enable_drivers" \
-Dplatform=generic \
-Dmax_ethports=1024 \
-Dmax_numa_nodes=8 \
-Dtests=false \
%__meson install -C %{_vpath_builddir} --no-rebuild
# FIXME currently with LTO enabled OVS tries to link with both static and shared libraries
rm -v %{_builddir}/dpdk-build/%{_lib}/*.so*
# Generate a list of supported drivers, its hard to tell otherwise.
DPDK drivers included in this package:
for f in %{_builddir}/dpdk-build/%{_lib}/librte_net_*.a; do
basename ${f} | cut -c12- | cut -d. -f1 | tr [:lower:] [:upper:]
For further information about the drivers, see
cd -
# And now for OVS...
mkdir build-shared build-static
pushd build-shared
ln -s ../configure
%configure \
%if %{with libcapng}
--enable-libcapng \
--disable-libcapng \
--disable-static \
--enable-shared \
--enable-ssl \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
--enable-usdt-probes \
--disable-afxdp \
make %{?_smp_mflags}
pushd build-static
ln -s ../configure
%ifarch %{dpdkarches}
PKG_CONFIG_PATH=%{_builddir}/dpdk-build/%{_lib}/pkgconfig \
%configure \
%if %{with libcapng}
--enable-libcapng \
--disable-libcapng \
--enable-ssl \
%ifarch %{dpdkarches}
--with-dpdk=static \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
--enable-usdt-probes \
--disable-afxdp \
make %{?_smp_mflags}
/usr/bin/python3 build-aux/dpdkstrip.py \
--dpdk \
< rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
> rhel/usr_lib_systemd_system_ovs-vswitchd.service
make -C build-shared install sbin_PROGRAMS=ovsdb/ovsdb-server DESTDIR=$RPM_BUILD_ROOT
make -C build-static install bin_PROGRAMS= sbin_PROGRAMS=vswitchd/ovs-vswitchd DESTDIR=$RPM_BUILD_ROOT
install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
install -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/openvswitch.conf
%ifarch %{dpdkarches}
install -p -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysusersdir}/openvswitch-hugetlbfs.conf
install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
install -p -D -m 0644 \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
for service in openvswitch ovsdb-server ovs-vswitchd \
ovs-delete-transient-ports; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
%if %{with ipsec}
install -p -D -m 0644 rhel/usr_lib_systemd_system_openvswitch-ipsec.service \
install -m 0755 rhel/etc_init.d_openvswitch \
install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
install -m 0644 vswitchd/vswitch.ovsschema \
%if 0%{?rhel} < 9
install -d -m 0755 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \
# Build the JSON C extension for the Python lib (#1417738)
pushd python
export CPPFLAGS="-I ../include -I ../build-shared/include"
export LDFLAGS="%{__global_ldflags} -L $RPM_BUILD_ROOT%{_libdir}"
[ -f "$RPM_BUILD_ROOT/%{python3_sitearch}/ovs/_json$(python3-config --extension-suffix)" ]
rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -p -D -m 0755 \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
# The db needs special permission as IPsec Pre-shared keys are stored in it.
chmod 0640 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/%{_bindir}/ovs-benchmark \
$RPM_BUILD_ROOT/%{_bindir}/ovs-docker \
$RPM_BUILD_ROOT/%{_bindir}/ovs-parse-backtrace \
$RPM_BUILD_ROOT/%{_bindir}/ovs-testcontroller \
$RPM_BUILD_ROOT/%{_sbindir}/ovs-vlan-bug-workaround \
$RPM_BUILD_ROOT/%{_mandir}/man1/ovs-benchmark.1* \
$RPM_BUILD_ROOT/%{_mandir}/man8/ovs-testcontroller.* \
%if ! %{with ipsec}
rm -f $RPM_BUILD_ROOT/%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
# remove ovn unpackages files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovn*
rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*
%if %{with check}
pushd build-static
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
if make check TESTSUITEFLAGS='%{_smp_mflags}' ||
make check TESTSUITEFLAGS='--recheck'; then :;
cat tests/testsuite.log
exit 1
%if %{with check_datapath_kernel}
pushd build-static
if make check-kernel RECHECK=yes; then :;
cat tests/system-kmod-testsuite.log
exit 1
%if 0%{?systemd_preun:1}
%systemd_preun openvswitch.service
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable openvswitch.service >/dev/null 2>&1 || :
/bin/systemctl stop openvswitch.service >/dev/null 2>&1 || :
%sysusers_create_compat %{SOURCE2}
%ifarch %{dpdkarches}
%sysusers_create_compat %{SOURCE3}
if [ $1 -eq 1 ]; then
sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
%ifarch %{dpdkarches}
sed -i \
chown -R openvswitch:openvswitch /etc/openvswitch
%if 0%{?systemd_post:1}
%systemd_post openvswitch.service
# Package install, not upgrade
if [ $1 -eq 1 ]; then
/bin/systemctl daemon-reload >dev/null || :
%if 0%{?systemd_postun:1}
%systemd_postun openvswitch.service
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%triggerun -- openvswitch < 2.5.0-22.git20160727%{?dist}
# old rpm versions restart the service in postun, but
# due to systemd some preparation is needed.
if systemctl is-active openvswitch >/dev/null 2>&1 ; then
/usr/share/openvswitch/scripts/ovs-ctl stop >/dev/null 2>&1 || :
systemctl daemon-reload >/dev/null 2>&1 || :
systemctl stop openvswitch ovsdb-server ovs-vswitchd >/dev/null 2>&1 || :
systemctl start openvswitch >/dev/null 2>&1 || :
exit 0
%files -n python3-%{pkgname}
%files test
%files devel
%exclude %{_libdir}/*.a
%exclude %{_libdir}/*.la
%if 0%{?rhel} == 8 || 0%{?fedora} > 28
%files -n network-scripts-%{name}
%dir %{_sysconfdir}/openvswitch
%config %ghost %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/conf.db
%ghost %attr(0600,-,-) %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/openvswitch
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%config %{_datadir}/openvswitch/local-config.ovsschema
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%ifarch %{dpdkarches}
%doc %{dpdkdir}/README.DPDK-PMDS
%attr(750,openvswitch,hugetlbfs) %verify(not owner group) /var/log/openvswitch
%attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch
%ghost %attr(755,root,root) %verify(not owner group) %{_rundir}/openvswitch
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} < 29)
%ifarch %{dpdkarches}
%if %{with ipsec}
%files ipsec
