From 22f4b752f9580c55e4f01dc82bf45d129b62b5cf Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Fri, 1 Aug 2025 10:50:21 -0400 Subject: [PATCH] Initial commit on c9s Originally imported from: https://pagure.io/dotnet-sig/dotnet10.0/c/243efe5136bd4b17c534c1302d24956bdec0c443?branch=main Resolves: RHEL-98674 --- .fmf/version | 1 + .gitignore | 60 ++ README.md | 27 + build-dotnet-bootstrap-tarball | 123 +++ build-prebuilt-archive | 62 ++ check-debug-symbols.py | 140 +++ copr-build | 18 + dotnet.sh.in | 14 + dotnet10.0.spec | 908 ++++++++++++++++++ gating.yaml | 23 + macros.dotnet | 18 + release-key-2023.asc | 29 + release.json | 11 + rpminspect.yaml | 20 + runtime-disable-fortify-on-ilasm-parser.patch | 12 + runtime-openssl-sha1.patch | 34 + runtime-re-enable-implicit-rejection.patch | 142 +++ sources | 6 + tests/ci.fmf | 44 + update-release | 216 +++++ 20 files changed, 1908 insertions(+) create mode 100644 .fmf/version create mode 100644 README.md create mode 100755 build-dotnet-bootstrap-tarball create mode 100755 build-prebuilt-archive create mode 100755 check-debug-symbols.py create mode 100755 copr-build create mode 100644 dotnet.sh.in create mode 100644 dotnet10.0.spec create mode 100644 gating.yaml create mode 100644 macros.dotnet create mode 100644 release-key-2023.asc create mode 100644 release.json create mode 100644 rpminspect.yaml create mode 100644 runtime-disable-fortify-on-ilasm-parser.patch create mode 100644 runtime-openssl-sha1.patch create mode 100644 runtime-re-enable-implicit-rejection.patch create mode 100644 sources create mode 100644 tests/ci.fmf create mode 100755 update-release diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index e69de29..d81c3f1 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,60 @@ +/dotnet-v3.1.101-SDK.tar.gz +/dotnet-v3.1.102-SDK.tar.gz +/dotnet-v3.1.103.2-SDK.tar.gz +/dotnet-v5.0.102-SDK-arm64-bootstrap.tar.gz +/dotnet-v5.0.102-SDK-x64-bootstrap.tar.gz +/dotnet-v5.0.102-SDK.tar.gz +/dotnet-v5.0.103-SDK.tar.gz +/dotnet-v5.0.104-SDK.tar.gz +/dotnet-v5.0.202-SDK.tar.gz +/dotnet-v5.0.203-SDK.tar.gz +/dotnet-v5.0.204-SDK.tar.gz +/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c-x64-bootstrap.tar.xz +/dotnet-arm64-prebuilts-2021-10-29.tar.gz +/dotnet-s390x-prebuilts-2021-10-29.tar.gz +/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c.tar.gz +/dotnet-v6.0.101.tar.gz +/dotnet-v6.0.102.tar.gz +/dotnet-v6.0.103.tar.gz +/dotnet-v6.0.104.tar.gz +/dotnet-v6.0.105.tar.gz +/dotnet-v7.0.100-rc.2.22477.23-x64-bootstrap.tar.xz +/dotnet-arm64-prebuilts-2022-10-12.tar.gz +/dotnet-ppc64le-prebuilts-2022-10-21.tar.gz +/dotnet-s390x-prebuilts-2022-10-12.tar.gz +/dotnet-v7.0.100.tar.gz +/dotnet-v7.0.101.tar.gz +/dotnet-v7.0.102.tar.gz +/dotnet-v8.0.0-rc.1.23419.4-x64-bootstrap.tar.xz +/dotnet-prebuilts-8.0.100-rc.1.23410.12-arm64.tar.gz +/dotnet-prebuilts-8.0.100-rc.1.23410.12-ppc64le.tar.gz +/dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz +/dotnet-v8.0.0-rc.2.23479.6.tar.gz +/dotnet-8.0.0.tar.gz +/dotnet-8.0.0.tar.gz.sig +/dotnet-8.0.1.tar.gz +/dotnet-8.0.1.tar.gz.sig +/dotnet-8.0.2.tar.gz +/8.0.2.tar.gz.sig +/dotnet-v9.0.0-rc.1.24431.7-x64-bootstrap.tar.gz +/dotnet-sdk-9.0.100-preview.7.24407.12-linux-arm64.tar.gz +/dotnet-prebuilts-9.0.100-preview.7.24407.1-ppc64le.tar.gz +/dotnet-prebuilts-9.0.100-preview.7.24407.1-s390x.tar.gz +/dotnet-9.0.0-rc.1.24431.7.tar.gz +/dotnet-9.0.0-rc.1.24431.7.tar.gz.sig +/dotnet-v9.0.0-rc.2.24473.5-x64-bootstrap.tar.gz +/dotnet-sdk-9.0.100-rc.1.24452.12-linux-arm64.tar.gz +/dotnet-prebuilts-9.0.100-rc.1.24452.1-ppc64le.tar.gz +/dotnet-prebuilts-9.0.100-rc.1.24452.1-s390x.tar.gz +/dotnet-9.0.0-rc.2.24473.5.tar.gz +/dotnet-9.0.0-rc.2.24473.5.tar.gz.sig +/dotnet-9.0.0.tar.gz +/dotnet-9.0.0.tar.gz.sig +/dotnet-9.0.101.tar.gz +/dotnet-9.0.101.tar.gz.sig +/dotnet-10.0.0-preview.6.25358.103.tar.gz +/dotnet-10.0.0-preview.6.25358.103.tar.gz.sig +/dotnet-prebuilts-10.0.100-preview.6.25302.104-arm64.tar.gz +/dotnet-prebuilts-10.0.100-preview.6.25302.104-x64.tar.gz +/dotnet-prebuilts-10.0.100-preview.6.25358.103-ppc64le.tar.gz +/dotnet-prebuilts-10.0.100-preview.6.25358.103-s390x.tar.gz diff --git a/README.md b/README.md new file mode 100644 index 0000000..0a820de --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# dotnet10.0 + +The dotnet10.0 package + +This is the .NET 10.0 package for CentOS Stream/RHEL 9. + +# Specification + +This package follows [package naming and contents suggested by +upstream](https://docs.microsoft.com/en-us/dotnet/core/build/distribution-packaging), +with one exception. It installs dotnet to `/usr/lib64/dotnet` (aka +`%{_libdir}`). + +# Contributing + +Please open merge requests in dotnet10.0 repository in CentOS Stream. + +# Testing + +This package uses CI tests as defined in `tests/ci.fmf`. You can run them using +[tmt](https://tmt.readthedocs.io/en/stable/overview.html). Creating a +merge-request or running an official build will fire off tests and flag any +issues. We have enabled gating (via `gating.yaml`) on the tests. That prevents +a build that fails any test from being released until the failures are waived. + +The tests themselves are contained in this external repository: +https://github.com/redhat-developer/dotnet-regular-tests/ diff --git a/build-dotnet-bootstrap-tarball b/build-dotnet-bootstrap-tarball new file mode 100755 index 0000000..96b37a7 --- /dev/null +++ b/build-dotnet-bootstrap-tarball @@ -0,0 +1,123 @@ +#!/bin/bash + +# Usage: +# build-dotnet-bootstrap-tarball +# +# Creates a source archive suitable for bootstrapping +# https://github.com/dotnet/dotnet. +# +# Requires a tarball with the name "${dotnet}-${tag}.tar.gz" in current +# directory. + +set -euo pipefail +IFS=$'\n\t' + +function print_usage { + echo "Usage:" + echo "$0 |" + echo + echo "Creates a $arch bootstrap source archive from an archive of https://github.com/dotnet/dotnet" +} + +function clean_dotnet_cache { + rm -rf ~/.aspnet ~/.dotnet/ ~/.nuget/ ~/.local/share/NuGet ~/.templateengine + rm -rf /tmp/NuGet /tmp/NuGetScratch /tmp/.NETCore* /tmp/.NETStandard* /tmp/.dotnet /tmp/dotnet.* /tmp/clr-debug-pipe* /tmp/Razor-Server /tmp/CoreFxPipe* /tmp/VBCSCompiler /tmp/.NETFramework* + rm -rf ~/.npm/ +} + +function check_bootstrap_environment { + if rpm -qa | grep dotnet ; then + echo "error: dotnet is installed. Not a good idea for bootstrapping." + exit 1 + fi + if [ -d /usr/lib/dotnet ] || [ -d /usr/lib64/dotnet ] || [ -d /usr/share/dotnet ] ; then + echo "error: one of /usr/lib/dotnet /usr/lib64/dotnet or /usr/share/dotnet/ exists. Not a good idea for bootstrapping." + exit 1 + fi + if command -v dotnet ; then + echo "error: dotnet is in $PATH. Not a good idea for bootstrapping." + exit 1 + fi +} + +positional_args=() +while [[ "$#" -gt 0 ]]; do + arg="${1}" + case "${arg}" in + -h|--help) + print_usage + exit 0 + ;; + *) + positional_args+=("$1") + shift + ;; + esac +done + +check_bootstrap_environment + +tag=${positional_args[0]:-} +if [[ -z ${tag} ]]; then + echo "error: missing tag to build" + exit 1 +fi + +set -x + +tag_without_v=$(echo "${tag}" | sed -e 's|^v||') +tarball_name="dotnet-${tag_without_v}" +tarball_suffix=.tar.gz + +if [ -f "dotnet-prebuilts-${tag}-x64${tarball_suffix}" ]; then + echo "error: dotnet-prebuilts-${tag}-x64${tarball_suffix} already exists" + exit 1 +fi +if [ -f "dotnet-prebuilts-${tag}-arm64${tarball_suffix}" ]; then + echo "error: dotnet-prebuilts-${tag}-arm64${tarball_suffix} already exists" + exit 1 +fi + +for arch in arm64 x64; do + rm -rf "${tarball_name}" + tar xf "${tarball_name}${tarball_suffix}" + + pushd "${tarball_name}" + + if [[ $arch == arm64 ]]; then + ./prep-source-build.sh --bootstrap-rid linux-arm64 + else + ./prep-source-build.sh + fi + + # Remove files with funny licenses and crypto implementations and + # other not-very-useful artifacts. We MUST NOT ship any files that + # have unapproved licenses and unexpected cryptographic + # implementations. + # + # We use rm -r (no -f) to make sure the operation fails if the files + # are not at the expected locations. If the files are not at the + # expected location, we need to find the new location of the files and + # delete them, or verify that upstream has already removed the files. + + # rm -r $FILE_TO_REMOVE + + sdk_version=$(jq -r .tools.dotnet "global.json") + + mkdir -p "../dotnet-prebuilts-${sdk_version}-${arch}" + pushd "../dotnet-prebuilts-${sdk_version}-${arch}" + mv "../${tarball_name}/prereqs/packages/archive/Private.SourceBuilt.Artifacts.Bootstrap.tar.gz" . + wget https://builds.dotnet.microsoft.com/dotnet/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz || \ + wget https://ci.dot.net/public/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz + popd + + popd + + tar czf "dotnet-prebuilts-${sdk_version}-${arch}${tarball_suffix}" "dotnet-prebuilts-${sdk_version}-${arch}" + rm -rf "dotnet-prebuilts-${sdk_version}-${arch}" +done + +if [ -f rpm-crosscompile-all ] ; then + ./rpm-crosscompile-all "${tag}" +fi + diff --git a/build-prebuilt-archive b/build-prebuilt-archive new file mode 100755 index 0000000..9c9e2cf --- /dev/null +++ b/build-prebuilt-archive @@ -0,0 +1,62 @@ +#!/bin/bash + +# Usage: +# build-prebuilt-archive architecture vmr-directory +# +# Creates an archive containing necessary bootstrapping binaries for ppc64le or +# s390x architectures from a VMR build. +# +# You need to have cloned the VMR (https://github.com/dotnet/dotnet) and +# cross-compiled it for the target architecture already. + +set -euo pipefail +IFS=$'\n\t' +set -x + +function print_usage { + echo "Usage:" + echo "$0 " + echo + echo "Creates a ppc64le or s390x bootstrap archive from a VMR build." + echo + echo "You need to have cloned the VMR (https://github.com/dotnet/dotnet) and" + echo "cross-compiled it for the target architecture already." + +} + +positional_args=() +while [[ "$#" -gt 0 ]]; do + arg="${1}" + case "${arg}" in + -h|--help) + print_usage + exit 0 + ;; + *) + positional_args+=("$1") + shift + ;; + esac +done + +arch=${positional_args[0]} # Name of the architecture. Eg, s390x or ppc64le +dir=${positional_args[1]} # Checkout of the VMR with the cross-build for the target architecture +dir=$(readlink -f "$dir") + +sdk_tarball=$(readlink -f $(find "$dir" -iname 'dotnet-sdk*'"$arch"'*tar.gz' | head -1)) + +# SDK is at VMR/artifacts/assets/Release/dotnet-sdk-9.0.100-preview.3.24165.1-linux-$arch.tar.gz. Extract the SDK version from the name. +sdk_version=$(echo "$(basename "${sdk_tarball}")" | sed -E -e 's/dotnet-sdk-//' -e "s/-linux-$arch.tar.gz//") +echo $sdk_version + +archive_name=dotnet-prebuilts-${sdk_version}-${arch} + +mkdir -p $archive_name +pushd $archive_name + +cp -av $sdk_tarball . +cp $dir/artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz . + +popd + +tar cvzf $archive_name.tar.gz $archive_name diff --git a/check-debug-symbols.py b/check-debug-symbols.py new file mode 100755 index 0000000..a4caa57 --- /dev/null +++ b/check-debug-symbols.py @@ -0,0 +1,140 @@ +#!/usr/bin/python3 + +""" +Check debug symbols are present in shared object and can identify +code. + +It starts scanning from a directory and recursively scans all ELF +files found in it for various symbols to ensure all debuginfo is +present and nothing has been stripped. + +Usage: + +./check-debug-symbols /path/of/dir/to/scan/ + + +Example: + +./check-debug-symbols /usr/lib64 +""" + +# This technique was explained to me by Mark Wielaard (mjw). + +import collections +import os +import re +import subprocess +import sys + +ScanResult = collections.namedtuple('ScanResult', + 'file_name debug_info debug_abbrev file_symbols gnu_debuglink') + +file_symbol_exclude_list = [ + 'ilc', +] + +def scan_file(file): + "Scan the provided file and return a ScanResult containing results of the scan." + + # Test for .debug_* sections in the shared object. This is the main test. + # Stripped objects will not contain these. + readelf_S_result = subprocess.run(['eu-readelf', '-S', file], + stdout=subprocess.PIPE, encoding='utf-8', check=True) + has_debug_info = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_info' in line) + + has_debug_abbrev = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_abbrev' in line) + + # Test FILE symbols. These will most likely be removed by anyting that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols. + def contains_file_symbols(line): + parts = line.split() + if len(parts) < 8: + return False + return \ + parts[2] == '0' and parts[3] == 'FILE' and parts[4] == 'LOCAL' and parts[5] == 'DEFAULT' and \ + parts[6] == 'ABS' and re.match(r'((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx))?', parts[7]) + + readelf_s_result = subprocess.run(["eu-readelf", '-s', file], + stdout=subprocess.PIPE, encoding='utf-8', check=True) + has_file_symbols = True + if not os.path.basename(file) in file_symbol_exclude_list: + has_file_symbols = any(line for line in readelf_s_result.stdout.split('\n') if contains_file_symbols(line)) + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either. + has_gnu_debuglink = any(line for line in readelf_s_result.stdout.split('\n') if '] .gnu_debuglink' in line) + + return ScanResult(file, has_debug_info, has_debug_abbrev, has_file_symbols, has_gnu_debuglink) + +def is_elf(file): + result = subprocess.run(['file', file], stdout=subprocess.PIPE, encoding='utf-8', check=True) + return re.search(r'ELF 64-bit [LM]SB (?:pie )?(?:executable|shared object)', result.stdout) + +def scan_file_if_sensible(file): + if is_elf(file): + return scan_file(file) + return None + +def scan_dir(dir): + results = [] + for root, _, files in os.walk(dir): + for name in files: + result = scan_file_if_sensible(os.path.join(root, name)) + if result: + results.append(result) + return results + +def scan(file): + file = os.path.abspath(file) + if os.path.isdir(file): + return scan_dir(file) + elif os.path.isfile(file): + return [scan_file_if_sensible(file)] + +def is_bad_result(result): + return not result.debug_info or not result.debug_abbrev or not result.file_symbols or result.gnu_debuglink + +def print_scan_results(results, verbose): + # print(results) + for result in results: + file_name = result.file_name + found_issue = False + if not result.debug_info: + found_issue = True + print('error: missing .debug_info section in', file_name) + if not result.debug_abbrev: + found_issue = True + print('error: missing .debug_abbrev section in', file_name) + if not result.file_symbols: + found_issue = True + print('error: missing FILE symbols in', file_name) + if result.gnu_debuglink: + found_issue = True + print('error: unexpected .gnu_debuglink section in', file_name) + if verbose and not found_issue: + print('OK: ', file_name) + +def main(args): + verbose = False + files = [] + for arg in args: + if arg == '--verbose' or arg == '-v': + verbose = True + else: + files.append(arg) + + results = [] + for file in files: + results.extend(scan(file)) + + print_scan_results(results, verbose) + + if any(is_bad_result(result) for result in results): + return 1 + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv[1:])) diff --git a/copr-build b/copr-build new file mode 100755 index 0000000..bfd259e --- /dev/null +++ b/copr-build @@ -0,0 +1,18 @@ +#!/bin/bash + +set -euo pipefail + +set -x + +function fedora_release { + source /etc/os-release + echo $VERSION_ID +} + +fedpkg --release f$(fedora_release) srpm 2>&1 | tee fedpkg.output + +srpm_name=$(grep 'Wrote: ' fedpkg.output | cut -d' ' -f 2) + +ls -alh "${srpm_name}" + +copr-cli --debug build @dotnet-sig/dotnet-preview "${srpm_name}" --timeout 36000 diff --git a/dotnet.sh.in b/dotnet.sh.in new file mode 100644 index 0000000..65b92a0 --- /dev/null +++ b/dotnet.sh.in @@ -0,0 +1,14 @@ + +# Set location for AppHost lookup +[ -z "$DOTNET_ROOT" ] && export DOTNET_ROOT=@LIBDIR@/dotnet + +# Add dotnet tools directory to PATH +DOTNET_TOOLS_PATH="$HOME/.dotnet/tools" +case "$PATH" in + *"$DOTNET_TOOLS_PATH"* ) true ;; + * ) PATH="$PATH:$DOTNET_TOOLS_PATH" ;; +esac + +# Extract self-contained executables under HOME +# to avoid multi-user issues from using the default '/var/tmp'. +[ -z "$DOTNET_BUNDLE_EXTRACT_BASE_DIR" ] && export DOTNET_BUNDLE_EXTRACT_BASE_DIR="${XDG_CACHE_HOME:-"$HOME"/.cache}/dotnet_bundle_extract" diff --git a/dotnet10.0.spec b/dotnet10.0.spec new file mode 100644 index 0000000..fc8979c --- /dev/null +++ b/dotnet10.0.spec @@ -0,0 +1,908 @@ +%bcond_without bootstrap + +# LTO triggers a compilation error for a source level issue. Given that LTO should not +# change the validity of any given source and the nature of the error (undefined enum), I +# suspect a generator program is mis-behaving in some way. This needs further debugging, +# until that's done, disable LTO. This has to happen before setting the flags below. +%define _lto_cflags %{nil} + +%global dotnetver 10.0 + +# Only the package for the latest dotnet version should provide RPMs like +# dotnet-host and netstandard-targeting-pack-2.1 +%global is_latest_dotnet 1 + +# upstream can produce releases with a different tag than the SDK version +#%%global upstream_tag v%%{runtime_version} +%global upstream_tag v10.0.0-preview.6.25358.103 +%global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||') + +%global hostfxr_version %{runtime_version} +%global runtime_version 10.0.0-preview.6.25358.103 +%global aspnetcore_runtime_version 10.0.0-preview.6.25358.103 +%global sdk_version 10.0.100-preview.6.25358.103 +%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|') +%global templates_version %{aspnetcore_runtime_version} +#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') + +%global runtime_rpm_version 10.0.0~preview.6.25358.103 +%global aspnetcore_runtime_rpm_version 10.0.0~preview.6.25358.103 +%global sdk_rpm_version 10.0.100~preview.6.25358.103 + +%global use_bundled_brotli 0 +%global use_bundled_libunwind 1 +%global use_bundled_llvm_libunwind 1 +%global use_bundled_rapidjson 0 +%global use_bundled_zlib 0 + +%global use_lttng 0 + +%if 0%{?rhel} > 0 +%global use_bundled_rapidjson 1 +%endif + +%ifarch aarch64 +%global runtime_arch arm64 +%endif +%ifarch ppc64le +%global runtime_arch ppc64le +%endif +%ifarch s390x +%global runtime_arch s390x +%endif +%ifarch x86_64 +%global runtime_arch x64 +%endif + +%global mono_archs ppc64le s390x + +# On Fedora and RHEL > 9, ship RPM macros +%if 0%{?fedora} || 0%{?rhel} > 9 +%global include_macros 1 +%else +%global include_macros 0 +%endif + +%{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}} + +# Define macros for OS backwards compat +%if %{undefined bash_completions_dir} +%global bash_completions_dir %{_datadir}/bash-completion/completions +%endif +%if %{undefined zsh_completions_dir} +%global zsh_completions_dir %{_datadir}/zsh/site-functions +%endif + + + +Name: dotnet%{dotnetver} +Version: %{sdk_rpm_version} +Release: 0.5%{?dist} +Summary: .NET Runtime and SDK +License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib + +URL: https://github.com/dotnet/ + +Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz +Source1: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/dotnet-%{upstream_tag_without_v}.tar.gz.sig +Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc +Source3: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json +%if %{with bootstrap} +# The bootstrap SDK version is one listed in the global.json file of the main source archive +%global bootstrap_sdk_version 10.0.100-preview.6.25302.104 +# The source is generated on a Fedora box via: +# ./build-dotnet-bootstrap-tarball %%{upstream_tag} +Source10: dotnet-prebuilts-%{bootstrap_sdk_version}-x64.tar.gz +Source11: dotnet-prebuilts-%{bootstrap_sdk_version}-arm64.tar.gz +# To generate ppc64le and s390x archives: +# 1. Build the VMR commit in cross-build mode for the architecture +# 2. Use `build-prebuilt-archive` to create the archive from the VMR +%global bootstrap_sdk_version_ppc64le_s390x 10.0.100-preview.6.25358.103 +Source12: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-ppc64le.tar.gz +Source13: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-s390x.tar.gz +%endif + +Source100: macros.dotnet +Source101: check-debug-symbols.py +Source102: dotnet.sh.in + +# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314 +Patch0: runtime-re-enable-implicit-rejection.patch +# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. +# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message +# digests used for the signature are not treated as fatal errors. +# https://issues.redhat.com/browse/RHEL-25254 +Patch1: runtime-openssl-sha1.patch +# fix an error caused by combining Fedora's CFLAGS with how .NET builds some assembly files +Patch2: runtime-disable-fortify-on-ilasm-parser.patch + + +ExclusiveArch: aarch64 ppc64le s390x x86_64 + + +%if ! %{use_bundled_brotli} +BuildRequires: brotli-devel +%endif +BuildRequires: clang +BuildRequires: cmake +BuildRequires: coreutils +%if %{without bootstrap} +BuildRequires: dotnet-sdk-%{dotnetver} +BuildRequires: dotnet-sdk-%{dotnetver}-source-built-artifacts +%endif +BuildRequires: findutils +BuildRequires: git +BuildRequires: glibc-langpack-en +BuildRequires: gnupg2 +BuildRequires: hostname +BuildRequires: krb5-devel +BuildRequires: libicu-devel +%if ! %{use_bundled_libunwind} +BuildRequires: libunwind-devel +%endif +%ifnarch s390x +BuildRequires: lld +%else +# lld is not supported/available/usable on s390x +BuildRequires: binutils +%endif +# If the build ever crashes, then having lldb installed might help the +# runtime generate a backtrace for the crash +BuildRequires: lldb +BuildRequires: llvm +%if ! %{use_bundled_llvm_libunwind} +BuildRequires: llvm-libunwind-devel +%endif +%if %{use_lttng} +BuildRequires: lttng-ust-devel +%endif +BuildRequires: make +BuildRequires: openssl-devel +BuildRequires: python3 +%if ! %{use_bundled_rapidjson} +BuildRequires: rapidjson-devel +%endif +BuildRequires: tar +BuildRequires: util-linux +%if ! %{use_bundled_zlib} +BuildRequires: zlib-devel +%endif + + +# The tracing support in CoreCLR is optional. It has a run-time +# dependency on some additional libraries like lttng-ust. The runtime +# gracefully disables tracing if the dependencies are missing. +%global __requires_exclude_from ^(%{_libdir}/dotnet/.*/libcoreclrtraceptprovider\\.so)$ + +# Avoid generating provides and requires for private libraries +%global privlibs libhostfxr +%global privlibs %{privlibs}|libclrgc +%global privlibs %{privlibs}|libclrjit +%global privlibs %{privlibs}|libcoreclr +%global privlibs %{privlibs}|libcoreclrtraceptprovider +%global privlibs %{privlibs}|libhostpolicy +%global privlibs %{privlibs}|libmscordaccore +%global privlibs %{privlibs}|libmscordbi +%global privlibs %{privlibs}|libnethost +%global privlibs %{privlibs}|libSystem.Globalization.Native +%global privlibs %{privlibs}|libSystem.IO.Compression.Native +%global privlibs %{privlibs}|libSystem.Native +%global privlibs %{privlibs}|libSystem.Net.Security.Native +%global privlibs %{privlibs}|libSystem.Security.Cryptography.Native.OpenSsl +%global __provides_exclude ^(%{privlibs})\\.so +%global __requires_exclude ^(%{privlibs})\\.so + + +%description +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, macOS and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + +.NET contains a runtime conforming to .NET Standards a set of +framework libraries, an SDK containing compilers and a 'dotnet' +application to drive everything. + +# The `dotnet` package was a bit of historical mistake. Users +# shouldn't be asked to install .NET without a version because .NET +# code (source or build) is generally version specific. We have kept +# it around in older versions of RHEL and Fedora. But no reason to +# continue this mistake. +%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 ) + +%package -n dotnet + +Version: %{sdk_rpm_version} +Summary: .NET CLI tools and runtime + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +%description -n dotnet +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, macOS and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + +.NET contains a runtime conforming to .NET Standards a set of +framework libraries, an SDK containing compilers and a 'dotnet' +application to drive everything. + +%endif + + +%package -n dotnet-host + +Version: %{runtime_rpm_version} +Summary: .NET command line launcher + +%description -n dotnet-host +The .NET host is a command line program that runs a standalone +.NET application or launches the SDK. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-hostfxr-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: .NET command line host resolver + +# Theoretically any version of the host should work. But lets aim for the one +# provided by this package, or from a newer version of .NET +Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release} + +%description -n dotnet-hostfxr-%{dotnetver} +The .NET host resolver contains the logic to resolve and select +the right version of the .NET SDK or runtime to use. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-runtime-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: NET %{dotnetver} runtime + +Requires: dotnet-hostfxr-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} + +# libicu is dlopen()ed +Requires: libicu%{?_isa} + +# See src/runtime/src/libraries/Native/AnyOS/brotli-version.txt +Provides: bundled(libbrotli) = 1.0.9 +%if %{use_bundled_libunwind} +# See src/runtime/src/coreclr/pal/src/libunwind/libunwind-version.txt +Provides: bundled(libunwind) = 1.5.rc1.28.g9165d2a1 +%endif + +%description -n dotnet-runtime-%{dotnetver} +The .NET runtime contains everything needed to run .NET applications. +It includes a high performance Virtual Machine as well as the framework +libraries used by .NET applications. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-runtime-dbg-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: Managed debug symbols NET %{dotnetver} runtime + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release} + +%description -n dotnet-runtime-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the +managed parts of the .NET runtime itself. + + +%package -n aspnetcore-runtime-%{dotnetver} + +Version: %{aspnetcore_runtime_rpm_version} +Summary: ASP.NET Core %{dotnetver} runtime + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release} + +%description -n aspnetcore-runtime-%{dotnetver} +The ASP.NET Core runtime contains everything needed to run .NET +web applications. It includes a high performance Virtual Machine as +well as the framework libraries used by .NET applications. + +ASP.NET Core is a fast, lightweight and modular platform for creating +cross platform web applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n aspnetcore-runtime-dbg-%{dotnetver} + +Version: %{aspnetcore_runtime_rpm_version} +Summary: Managed debug symbols for the ASP.NET Core %{dotnetver} runtime + +Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release} + +%description -n aspnetcore-runtime-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the +managed parts of the ASP.NET Core runtime itself. + + +%package -n dotnet-templates-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: .NET %{dotnetver} templates + +# Theoretically any version of the host should work. But lets aim for the one +# provided by this package, or from a newer version of .NET +Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release} + +%description -n dotnet-templates-%{dotnetver} +This package contains templates used by the .NET SDK. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-sdk-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: .NET %{dotnetver} Software Development Kit + +Provides: bundled(js-jquery) + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release} + +Requires: dotnet-apphost-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: dotnet-targeting-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: aspnetcore-targeting-pack-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release} +Requires: netstandard-targeting-pack-2.1%{?_isa} >= %{sdk_rpm_version}-%{release} + +Requires: dotnet-templates-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +%description -n dotnet-sdk-%{dotnetver} +The .NET SDK is a collection of command line applications to +create, build, publish and run .NET applications. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-sdk-dbg-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: Managed debug symbols for the .NET %{dotnetver} Software Development Kit + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release} + +%description -n dotnet-sdk-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the .NET +Software Development Kit (SDK) itself. + + +%package -n dotnet-sdk-aot-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: Ahead-of-Time (AOT) support for the .NET %{dotnetver} Software Development Kit + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +# When installing AOT support, also install all dependencies needed to build +# NativeAOT applications. AOT invokes `clang ... -lssl -lcrypto -lbrotlienc +# -lbrotlidec -lz ...`. +Requires: brotli-devel%{?_isa} +Requires: clang%{?_isa} +Requires: openssl-devel%{?_isa} +Requires: zlib-devel%{?_isa} + +%description -n dotnet-sdk-aot-%{dotnetver} +This package provides Ahead-of-time (AOT) compilation support for the .NET SDK. + + +%global dotnet_targeting_pack() %{expand: +%package -n %{1} + +Version: %{2} +Summary: Targeting Pack for %{3} %{4} + +Requires: dotnet-host%{?_isa} + +%description -n %{1} +This package provides a targeting pack for %{3} %{4} +that allows developers to compile against and target %{3} %{4} +applications using the .NET SDK. + +%files -n %{1} +%dir %{_libdir}/dotnet/packs +%{_libdir}/dotnet/packs/%{5} +} + +%dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id} +%dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref +%dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref +%if %{is_latest_dotnet} +%dotnet_targeting_pack netstandard-targeting-pack-2.1 %{sdk_rpm_version} NETStandard.Library 2.1 NETStandard.Library.Ref +%endif + + +%package -n dotnet-sdk-%{dotnetver}-source-built-artifacts + +Version: %{sdk_rpm_version} +Summary: Internal package for building .NET %{dotnetver} Software Development Kit + +%description -n dotnet-sdk-%{dotnetver}-source-built-artifacts +The .NET source-built archive is a collection of packages needed +to build the .NET SDK itself. + +These are not meant for general use. + + + +%prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' + +release_json_tag=$(grep tag %{SOURCE3} | cut -d: -f2 | sed -E 's/[," ]*//g') +if [[ ${release_json_tag} != %{upstream_tag} ]]; then + echo "error: tag in release.json doesn't match tag in spec file" + exit 1 +fi + +%setup -q -n dotnet-%{upstream_tag_without_v} + +# Remove all prebuilts and binaries +rm -rf .dotnet/ +rm -rf packages/source-built +find -type f \( \ + -iname '*.bin' -or \ + -iname '*.binlog' -or \ + -iname '*.dat' -or \ + -iname '*.db' -or \ + -iname '*.dll' -or \ + -iname '*.doc' -or \ + -iname '*.docx' -or \ + -iname '*.exe' -or \ + -iname '*.mdb' -or \ + -iname '*.mod' -or \ + -iname '*.msi' -or \ + -iname '*.netmodule' -or \ + -iname '*.nupkg' -or \ + -iname '*.o' -or \ + -iname '*.obj' -or \ + -iname '*.out' -or \ + -iname '*.p7b' -or \ + -iname '*.p7s' -or \ + -iname '*.pdb' -or \ + -iname '*.pfx' -or \ + -iname '*.so' -or \ + -iname '*.tar.gz' -or \ + -iname '*.tgz' -or \ + -iname '*.tlb' -or \ + -iname '*.winmd' -or \ + -iname '*.vsix' -or \ + -iname '*.zip' \ + \) \ + -delete + +# No js/nodejs code should be getting built, and no javascript prebuilts +# packages should be present on disk or used. Delete things to make the build +# break if any Javascript is compiled/used. +find -iname package.json -delete +find -iname package-lock.json -delete +rm -rf ./src/aspnetcore/src/Components/Web.JS/dist + +%if %{without bootstrap} + +mkdir -p prereqs/packages/archive +ln -s %{_libdir}/dotnet/source-built-artifacts/Private.SourceBuilt.Artifacts.*.tar.gz prereqs/packages/archive/ + +%else + +%ifarch x86_64 +tar -x --strip-components=1 -f %{SOURCE10} -C prereqs/packages/archive/ +%endif +%ifarch aarch64 +tar -x --strip-components=1 -f %{SOURCE11} -C prereqs/packages/archive/ +%endif +%ifarch ppc64le +tar -x --strip-components=1 -f %{SOURCE12} -C prereqs/packages/archive/ +%endif +%ifarch s390x +tar -x --strip-components=1 -f %{SOURCE13} -C prereqs/packages/archive/ +%endif + +rm -rf .dotnet +mkdir -p .dotnet/ +tar xf prereqs/packages/archive/dotnet-sdk*%{runtime_arch}.tar.gz -C .dotnet/ +rm -rf prereqs/packages/archive/dotnet-sdk*.tar.gz + +%endif + +%autopatch -p1 -M 999 + +%if ! %{use_bundled_brotli} +rm -r src/runtime/src/native/external/brotli/ +%endif + +%if ! %{use_bundled_libunwind} +rm -r src/runtime/src/native/external/libunwind/ +%endif + +%if ! %{use_bundled_llvm_libunwind} +rm -r src/runtime/src/native/external/llvm-libunwind +%endif + +%if ! %{use_bundled_rapidjson} +rm -r src/runtime/src/native/external/rapidjson +%endif + +%if ! %{use_bundled_zlib} +rm -r src/runtime/src/native/external/zlib-ng +%endif + + + +%build +cat /etc/os-release + +%if %{without bootstrap} +# We need to create a copy because build scripts will mutate this +cp -a %{_libdir}/dotnet previously-built-dotnet +find previously-built-dotnet +%endif + +%if 0%{?fedora} || 0%{?rhel} >= 9 +# Setting this macro ensures that only clang supported options will be +# added to ldflags and cflags. +%global toolchain clang +%set_build_flags +%else +# Filter flags not supported by clang +%global dotnet_cflags %(echo %optflags | sed -re 's/-specs=[^ ]*//g') +%global dotnet_ldflags %(echo %{__global_ldflags} | sed -re 's/-specs=[^ ]*//g') +export CFLAGS="%{dotnet_cflags}" +export CXXFLAGS="%{dotnet_cflags}" +export LDFLAGS="%{dotnet_ldflags}" +%endif + +# -fstack-clash-protection breaks CoreCLR +CFLAGS=$(echo $CFLAGS | sed -e 's/-fstack-clash-protection//' ) +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-fstack-clash-protection//' ) + +%ifarch aarch64 +# -mbranch-protection=standard breaks unwinding in CoreCLR through libunwind +CFLAGS=$(echo $CFLAGS | sed -e 's/-mbranch-protection=standard //') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-mbranch-protection=standard //') +%endif + +%ifarch s390x +# -march=z13 -mtune=z14 makes clang crash while compiling .NET +CFLAGS=$(echo $CFLAGS | sed -e 's/ -march=z13//') +CFLAGS=$(echo $CFLAGS | sed -e 's/ -mtune=z14//') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -march=z13//') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -mtune=z14//') +%endif + +# Enabling fortify-source and "-Wall -Weverything" produces new warnings from libc. Turn them off. +CFLAGS="$CFLAGS -Wno-used-but-marked-unused" +CXXFLAGS="$CXXFLAGS -Wno-used-but-marked-unused" + +export EXTRA_CFLAGS="$CFLAGS" +export EXTRA_CXXFLAGS="$CXXFLAGS" +export EXTRA_LDFLAGS="$LDFLAGS" + +# Disable tracing, which is incompatible with certain versions of +# lttng See https://github.com/dotnet/runtime/issues/57784. The +# suggested compile-time change doesn't work, unfortunately. +export COMPlus_LTTng=0 + +# Replace commas in the vendor name. Commas in msbuild properties are parsed +# differently than what we want. +vendor=$(echo "%{?dist_vendor}%{!?dist_vendor:%_host_vendor}" | sed -E 's/,/ /') + +system_libs= +%if ! %{use_bundled_brotli} + system_libs=$system_libs+brotli+ +%endif +%if ! %{use_bundled_libunwind} + system_libs=$system_libs+libunwind+ +%endif +%if ! %{use_bundled_llvm_libunwind} + system_libs=$system_libs+llvmlibunwind+ +%endif +%if ! %{use_bundled_rapidjson} + system_libs=$system_libs+rapidjson+ +%endif +%if ! %{use_bundled_zlib} + system_libs=$system_libs+zlib+ +%endif +%if ! %{use_lttng} + system_libs=$system_libs-lttng- +%endif + +%ifarch ppc64le s390x +max_attempts=3 +%else +max_attempts=1 +%endif + +function retry_until_success { + local exit_code=1 + local tries=$1 + shift + set +e + while [[ $exit_code != 0 ]] && [[ $tries != 0 ]]; do + (( tries = tries - 1 )) + "$@" + exit_code=$? + done + set -e + return $exit_code +} + + +cat >dotnet-rpm-build.sh < dotnet.sh + + + +%install +install -dm 0755 %{buildroot}%{_libdir}/dotnet +ls artifacts/assets/Release/ +mkdir -p built-sdk +tar xf artifacts/assets/Release/Sdk/%{sdk_version}/dotnet-sdk-%{sdk_version}*-%{runtime_id}.tar.gz -C %{buildroot}%{_libdir}/dotnet/ + +# Delete bundled certificates: we want to use the system store only, +# except for when we have no other choice and ca-certificates doesn't +# provide it. Currently ca-ceritificates has no support for +# timestamping certificates (timestamp.ctl). +find %{buildroot}%{_libdir}/dotnet -name 'codesignctl.pem' -delete +if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]; then + find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print + echo "too many certificate bundles" + exit 2 +fi + +# Install managed symbols +tar xf artifacts/assets/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \ + -C %{buildroot}%{_libdir}/dotnet/ +find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete + +# Fix executable permissions on files +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'ilc' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'singlefilehost' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.sh' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'lib*so' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.a' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.dll' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.h' -exec chmod 0644 {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.json' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.o' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pdb' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.props' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pubxml' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \; + +%if %{is_latest_dotnet} +install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/ +install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/ + +# Install dynamic completions +install -dm 0755 %{buildroot}/%{bash_completions_dir} +install src/sdk/scripts/register-completions.bash %{buildroot}/%{bash_completions_dir}/dotnet +install -dm 755 %{buildroot}/%{zsh_completions_dir} +install src/sdk/scripts/register-completions.zsh %{buildroot}/%{zsh_completions_dir}/_dotnet + +install -dm 0755 %{buildroot}%{_bindir} +ln -s ../../%{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/ +ln -s ../../%{_libdir}/dotnet/dnx %{buildroot}%{_bindir}/ + +for section in 1 7; do + install -dm 0755 %{buildroot}%{_mandir}/man${section}/ + find -iname 'dotnet*'.${section} -type f -exec cp {} %{buildroot}%{_mandir}/man${section}/ \; +done + +install -dm 0755 %{buildroot}%{_sysconfdir}/dotnet +echo "%{_libdir}/dotnet" >> install_location +install install_location %{buildroot}%{_sysconfdir}/dotnet/ +echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch} +install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/ +%endif + +install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts +install -m 0644 artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/ + + +# Quick and dirty check for https://github.com/dotnet/source-build/issues/2731 +test -f %{buildroot}%{_libdir}/dotnet/sdk/%{sdk_version}*/Sdks/Microsoft.NET.Sdk/Sdk/Sdk.props + +# Check debug symbols in all elf objects. This is not in %%check +# because native binaries are stripped by rpm-build after %%install. +# So we need to do this check earlier. +echo "Testing build results for debug symbols..." +%{SOURCE101} -v %{buildroot}%{_libdir}/dotnet/ + +%if %{include_macros} +install -dm 0755 %{buildroot}%{_rpmmacrodir}/ +install -m 0644 %{SOURCE100} %{buildroot}%{_rpmmacrodir}/ +%endif + +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files + +%if %{is_latest_dotnet} == 0 +# If this is an older version, self-test now, before we delete files. After we +# delete files, we will not have everything we need to self-test in %%check. +%{buildroot}%{_libdir}/dotnet/dotnet --info +%{buildroot}%{_libdir}/dotnet/dotnet --version + +# Provided by dotnet-host from another SRPM +rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt +rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt +rm %{buildroot}%{_libdir}/dotnet/dotnet +# Provided by netstandard-targeting-pack-2.1 from another SRPM +rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0 +%endif + + + +%check +%if 0%{?fedora} > 35 +# lttng in Fedora > 35 is incompatible with .NET +export COMPlus_LTTng=0 +%endif + +%if %{is_latest_dotnet} +%{buildroot}%{_libdir}/dotnet/dotnet --info +%{buildroot}%{_libdir}/dotnet/dotnet --version +%endif + + + +%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 ) +%files -n dotnet +# empty package useful for dependencies +%endif + +%if %{is_latest_dotnet} +%files -n dotnet-host +%dir %{_libdir}/dotnet +%{_libdir}/dotnet/dotnet +%{_libdir}/dotnet/dnx +%dir %{_libdir}/dotnet/host +%dir %{_libdir}/dotnet/host/fxr +%{_bindir}/dotnet +%{_bindir}/dnx +%license %{_libdir}/dotnet/LICENSE.txt +%license %{_libdir}/dotnet/ThirdPartyNotices.txt +%doc %{_mandir}/man1/dotnet*.1.* +%doc %{_mandir}/man7/dotnet*.7.* +%config(noreplace) %{_sysconfdir}/profile.d/dotnet.sh +%config(noreplace) %{_sysconfdir}/dotnet +%dir %{_datadir}/bash-completion +%dir %{bash_completions_dir} +%{_datadir}/bash-completion/completions/dotnet +%dir %{_datadir}/zsh +%dir %{zsh_completions_dir} +%{_datadir}/zsh/site-functions/_dotnet +%if %{include_macros} +%{_rpmmacrodir}/macros.dotnet +%endif +%endif + +%files -n dotnet-hostfxr-%{dotnetver} +%dir %{_libdir}/dotnet/host/fxr +%{_libdir}/dotnet/host/fxr/%{hostfxr_version}* + +%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files +%dir %{_libdir}/dotnet/shared +%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App +%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}* + +%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files + +%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files +%dir %{_libdir}/dotnet/shared +%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App +%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}* + +%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files + +%files -n dotnet-templates-%{dotnetver} +%dir %{_libdir}/dotnet/templates +%{_libdir}/dotnet/templates/%{templates_version}* + +%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files +%dir %{_libdir}/dotnet/sdk +%dir %{_libdir}/dotnet/sdk-manifests +%{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}* +# FIXME is using a 8.0.100 version a bug in the SDK? +%{_libdir}/dotnet/sdk-manifests/8.0.100/ +%{_libdir}/dotnet/metadata +%ifnarch %{mono_archs} +%{_libdir}/dotnet/library-packs +%endif +%dir %{_libdir}/dotnet/packs +%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id} +%{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version}* +%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id} +%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version}* + +%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files + +%ifnarch %{mono_archs} +%files -n dotnet-sdk-aot-%{dotnetver} +%dir %{_libdir}/dotnet/packs +%dir %{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/ +%{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/%{runtime_version}* +%endif + +%files -n dotnet-sdk-%{dotnetver}-source-built-artifacts +%dir %{_libdir}/dotnet +%{_libdir}/dotnet/source-built-artifacts + + + +%changelog +* Fri Aug 01 2025 Omair Majid - 10.0.100~preview.6.25358.103-0.5 +- Initial commit on c9s +- Resolves: RHEL-98674 diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..b7ab3d1 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,23 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis} +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis} +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.other-archs.functional} diff --git a/macros.dotnet b/macros.dotnet new file mode 100644 index 0000000..307078e --- /dev/null +++ b/macros.dotnet @@ -0,0 +1,18 @@ +# .NET's name for the architecture +%dotnet_runtime_arch %{lua: +local target = rpm.expand("%{_target_cpu}") +local arch = "x64" +if target == "aarch64" then + arch = "arm64" +elseif target == "ppc64le" then + arch = "ppc64le" +elseif target == "s390x" then + arch = "s390x" +elseif target == "x86_64" then + arch = "x64" +end +print(arch) +} + +# .NET's identifier for the OS+architecture combination +%dotnet_runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{dotnet_runtime_arch} diff --git a/release-key-2023.asc b/release-key-2023.asc new file mode 100644 index 0000000..96844b6 --- /dev/null +++ b/release-key-2023.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BSN Pgp v1.1.0.0 + +mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA +vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX +zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp +pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr +EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa +b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+ +Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5 +4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V +xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX +fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5 +9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB +tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo +BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2 +feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh +w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4 +W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD ++clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ +J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1 +KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq +QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh +0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm +wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x +Sr+CkhS8vrktfnRgc8yBssJnvNfqXA== +=pKgS +-----END PGP PUBLIC KEY BLOCK----- diff --git a/release.json b/release.json new file mode 100644 index 0000000..7e368bb --- /dev/null +++ b/release.json @@ -0,0 +1,11 @@ +{ + "release": "10.0.0-preview.6", + "channel": "10.0", + "tag": "v10.0.0-preview.6.25358.103", + "sdkVersion": "10.0.100-preview.6.25358.103", + "runtimeVersion": "10.0.0-preview.6.25358.103", + "aspNetCoreVersion": "10.0.0-preview.6.25358.103", + "sourceRepository": "https://github.com/dotnet/dotnet", + "sourceVersion": "75972a5ba730bdaf7cf3a34f528ab0f5c7f05183", + "officialBuildId": "20250708.3" +} diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..9293249 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,20 @@ +--- +inspections: + # We patch upstream a lot, no need to reject patches + patches: off +badfuncs: + allowed: + # The Mono runtime (used on s390x, for example), uses inet_addr for + # debugging (such as sending the control flow graph to a remote process). + # See runtime/src/mono/mono/mini/cfgdump.c. This isn't part of any + # standard networking facility; networking APIs are implemented/used in + # libSystem*so. + /usr/lib64/dotnet/shared/Microsoft.NETCore.App/*/libcoreclr.so: + - inet_addr + /usr/lib64/dotnet/packs/Microsoft.NETCore.App.Runtime.*/*/runtimes/*/native/libcoreclr.so: + - inet_addr +runpath: + # Upstream explicitly sets $ORIGIN/netcoredeps as an RPATH + # See https://github.com/dotnet/core/blob/main/Documentation/self-contained-linux-apps.md + allowed_origin_paths: + - /netcoredeps diff --git a/runtime-disable-fortify-on-ilasm-parser.patch b/runtime-disable-fortify-on-ilasm-parser.patch new file mode 100644 index 0000000..a128222 --- /dev/null +++ b/runtime-disable-fortify-on-ilasm-parser.patch @@ -0,0 +1,12 @@ +diff --git dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt +index cca2c6da185..d31e6cb2070 100644 +--- dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt ++++ dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt +@@ -52,6 +52,7 @@ if(CLR_CMAKE_HOST_UNIX) + add_compile_options(-Wno-array-bounds) + add_compile_options(-Wno-unused-label) + set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-O0" ) ++ set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=0" ) + endif(CLR_CMAKE_HOST_UNIX) + + if(CLR_CMAKE_HOST_LINUX OR CLR_CMAKE_HOST_FREEBSD OR CLR_CMAKE_HOST_NETBSD OR CLR_CMAKE_HOST_SUNOS OR CLR_CMAKE_HOST_HAIKU) diff --git a/runtime-openssl-sha1.patch b/runtime-openssl-sha1.patch new file mode 100644 index 0000000..6e307ef --- /dev/null +++ b/runtime-openssl-sha1.patch @@ -0,0 +1,34 @@ +From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001 +From: Tom Deseyn +Date: Wed, 28 Feb 2024 14:08:15 +0100 +Subject: [PATCH] Allow certificate validation with SHA-1 signatures. + +RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate +validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag +with a chain where the last certificate uses a SHA-1 signature. + +This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default +OpenSSL behavior for certificate validation. +--- + .../libs/System.Security.Cryptography.Native/pal_x509.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +index 04c6ba06cd..2cd3413dae 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5 + + int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore); + +- if (val != 0) +- { +- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE); +- } +- + return val; + } + +-- +2.43.2 + diff --git a/runtime-re-enable-implicit-rejection.patch b/runtime-re-enable-implicit-rejection.patch new file mode 100644 index 0000000..a2e5614 --- /dev/null +++ b/runtime-re-enable-implicit-rejection.patch @@ -0,0 +1,142 @@ +From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001 +From: Omair Majid +Date: Fri, 2 Feb 2024 15:51:23 -0500 +Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)" + +This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995. + +To quote Clemens Lang: + +> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle +> attack against PKCS#1v1.5 decryption. See +> https://people.redhat.com/~hkario/marvin/ for details and +> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a +> comment by the researcher who published the vulnerability and proposed the +> change in OpenSSL. + +For more details, see: +https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314 +--- + .../RSA/EncryptDecrypt.cs | 49 ++++--------------- + .../opensslshim.h | 6 --- + .../pal_evp_pkey_rsa.c | 13 ----- + 3 files changed, 10 insertions(+), 58 deletions(-) + +diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs +index 39f3ebc82ec..5b97f468a42 100644 +--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs ++++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs +@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc + Assert.Equal(TestData.HelloBytes, output); + } + +- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))] ++ [ConditionalFact] + [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)] + public void RoundtripEmptyArray() + { ++ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6)) ++ { ++ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data."); ++ } ++ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0)) ++ { ++ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data."); ++ } ++ + using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params)) + { + void RoundtripEmpty(RSAEncryptionPadding paddingMode) +@@ -757,23 +746,5 @@ public static IEnumerable OaepPaddingModes + } + } + } +- +- public static bool PlatformSupportsEmptyRSAEncryption +- { +- get +- { +- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6)) +- { +- return false; +- } +- +- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0)) +- { +- return false; +- } +- +- return true; +- } +- } + } + } +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h +index 0748e305d5c..cf10d2f7949 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h +@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + REQUIRED_FUNCTION(ERR_peek_error) \ + REQUIRED_FUNCTION(ERR_peek_error_line) \ + REQUIRED_FUNCTION(ERR_peek_last_error) \ +- REQUIRED_FUNCTION(ERR_pop_to_mark) \ + FALLBACK_FUNCTION(ERR_put_error) \ + REQUIRED_FUNCTION(ERR_reason_error_string) \ +- REQUIRED_FUNCTION(ERR_set_mark) \ + LIGHTUP_FUNCTION(ERR_set_debug) \ + LIGHTUP_FUNCTION(ERR_set_error) \ + REQUIRED_FUNCTION(EVP_aes_128_cbc) \ +@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + REQUIRED_FUNCTION(EVP_PKCS82PKEY) \ + REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \ +- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \ +@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS + #define ERR_peek_error_line ERR_peek_error_line_ptr + #define ERR_peek_last_error ERR_peek_last_error_ptr + #define ERR_put_error ERR_put_error_ptr +-#define ERR_pop_to_mark ERR_pop_to_mark_ptr + #define ERR_reason_error_string ERR_reason_error_string_ptr + #define ERR_set_debug ERR_set_debug_ptr +-#define ERR_set_mark ERR_set_mark_ptr + #define ERR_set_error ERR_set_error_ptr + #define EVP_aes_128_cbc EVP_aes_128_cbc_ptr + #define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr +@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS + #define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr + #define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr + #define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr +-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr + #define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr + #define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr + #define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c +index 043bf9f9d1e..c9ccdf33e3a 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c +@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const + { + return false; + } +- +- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding. +- // If the padding is invalid, the decryption operation returns random data. +- // See https://github.com/openssl/openssl/pull/13817 for background. +- // Some Linux distributions backported this change to previous versions of OpenSSL. +- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid. +- ERR_set_mark(); +- +- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0"); +- +- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the +- // current version does not support implicit rejection. +- ERR_pop_to_mark(); + } + else + { +-- +2.43.0 + diff --git a/sources b/sources new file mode 100644 index 0000000..7f6f0ab --- /dev/null +++ b/sources @@ -0,0 +1,6 @@ +SHA512 (dotnet-10.0.0-preview.6.25358.103.tar.gz) = 46285769f9f11455fae027d2c92fd2ee2754b05b19d174eac319cdee7ff2463dbc0539d42be926cd9cb0852b98dc5d1a42d1193d777edc6b33c480937ef778b7 +SHA512 (dotnet-10.0.0-preview.6.25358.103.tar.gz.sig) = 2d60152c308d39cc5e0dc08b5da4264583d6677bb856473aaa2d6649597a120953c8725525b98e4b11cba4712c61cf8cdaa610518e000dfb97162dc6823597c7 +SHA512 (dotnet-prebuilts-10.0.100-preview.6.25302.104-arm64.tar.gz) = 55a35072d357c9f1136272f49eca3e0cecc2cfaba4dac22c4e2888e2217ca0897fd80b93e991f926e1355d99273b34696ff708114333506a187809562499f03d +SHA512 (dotnet-prebuilts-10.0.100-preview.6.25302.104-x64.tar.gz) = 2dda7fad60a8485064e65369106eb7d148382f6dcfa53fc8a3640ac4f11367aafb902bff50c7b1fff1ca229519f0f4213428a4abc5389b9b2828b20f148723a3 +SHA512 (dotnet-prebuilts-10.0.100-preview.6.25358.103-ppc64le.tar.gz) = bada3d53d554ebaeef569618106e674201ff363c1ed1bd5162fae99ba29e1fbc5ba9f5bcd66d47f74db2f66e629c8d610f3ba00174bf2b7f052c62c698fb1a90 +SHA512 (dotnet-prebuilts-10.0.100-preview.6.25358.103-s390x.tar.gz) = 7da45dd6f9d786ee0adcb3e0904d11da89ed46fc6ed19802076326c432def3495837b3aa25ed6b90b9711330f32816b4b5cd21586e4c9a26c933497196098d15 diff --git a/tests/ci.fmf b/tests/ci.fmf new file mode 100644 index 0000000..ed70370 --- /dev/null +++ b/tests/ci.fmf @@ -0,0 +1,44 @@ +summary: Basic smoke test +provision: + disk: 20 + memory: 5120 +prepare: + how: install + package: + - aspnetcore-runtime-10.0 + - babeltrace + - bash-completion + - bc + - binutils + - dotnet-runtime-10.0 + - dotnet-sdk-10.0 + - expect + - file + - findutils + - gcc-c++ + - git + - jq + - libstdc++-devel + - lldb + - npm + - postgresql-odbc + - postgresql-server + - procps-ng + - python3 + - strace + - util-linux + - wget + - which + - zlib-devel +execute: + script: + - dotnet --info + - wget --no-verbose https://github.com/redhat-developer/dotnet-bunny/releases/latest/download/turkey.tar.gz + - tar xf turkey.tar.gz + - dotnet turkey/Turkey.dll --version + - git clone "https://github.com/redhat-developer/dotnet-regular-tests.git" + - dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200 + - dnf remove -yq 'dotnet*' + - set -x; if command -v dotnet ; then exit 1; fi + - set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi + - set -x; if man dotnet; then exit 1; fi diff --git a/update-release b/update-release new file mode 100755 index 0000000..7484e08 --- /dev/null +++ b/update-release @@ -0,0 +1,216 @@ +#!/bin/bash + +# Usage: +# ./update-release runtime-version|latest-release|latest-commit [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release] + +set -euo pipefail +IFS=$'\n\t' +set -x + +print_usage() { + echo " Usage:" + echo " ./update-release runtime-version|latest-release|latest-commit [--bootstrap] [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]" + echo "" + echo "The runtime-version parameter needs to match the github release name." + echo "For preview releases, runtime-version should be of the form '9.0 Preview 1'." +} + +download_release_json() { + version=$1 + cat > query < release.metadata.github + curl -L "$(jq -r .release_manifest release.metadata.github)" -o release.json +} + +user_provided_tarball_name="" + +rpm_release=1 +positional_args=() +bug_ids=() +bootstrap=0 +while [[ "$#" -gt 0 ]]; do + arg="$1" + case "${arg}" in + --bootstrap) + bootstrap=1 + shift; + ;; + --bug) + bug_ids+=("$2") + shift; + shift; + ;; + -h|--help) + print_usage + exit 0 + ;; + --release-json) + release_json="$2" + shift; + shift; + ;; + --tarball) + user_provided_tarball_name="$2" + shift; + shift; + ;; + --larger-rpm-release) + rpm_release="2" + shift; + ;; + *) + positional_args+=("$1") + shift + ;; + esac +done + +spec_files=( ./*.spec ) +spec_file="${spec_files[0]}" + +dotnet_major_minor_version=$spec_file +dotnet_major_minor_version=${dotnet_major_minor_version#./dotnet} +dotnet_major_minor_version=${dotnet_major_minor_version%.spec} + +echo "Updating .NET $dotnet_major_minor_version" + +runtime_version=${positional_args[0]:-} +sdk_version="" +tag=v${runtime_version} +created_release_json=0 + +if [[ ${runtime_version} == latest-release ]]; then + if [[ -n "${release_json:-}" ]]; then + cp -a "${release_json}" release.json + else + download_release_json "${dotnet_major_minor_version}" + fi +elif [[ ${runtime_version} == latest-commit ]]; then + cat > query < release.metadata.github + commit=$(jq -r .commit.sha release.metadata.github) + jq >release.json < git-commit-message + +rpmdev-bumpspec --comment="$comment" "$spec_file" + +# Reset release in 'Release' tag +sed -i -E 's|^Release: [[:digit:]]+%|Release: '"$rpm_release"'%|' "$spec_file" +# Reset Release in changelog comment +# See https://stackoverflow.com/questions/18620153/find-matching-text-and-replace-next-line +sed -i -E '/^%changelog$/!b;n;s/-[[:digit:]]+$/-'"$rpm_release"'/' "$spec_file"