rpms/dotnet10.0
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c10
rpms:c8
rpms:c8-bootstrap
rpms:c9-beta
rpms:imports/c10/dotnet10.0-10.0.101-1.el10_1
rpms:imports/c9/dotnet10.0-10.0.101-1.el9_7
rpms:imports/c10s/dotnet10.0-10.0.101-2.el10
rpms:imports/c8/dotnet10.0-10.0.101-1.el8_10
rpms:imports/c10/dotnet10.0-10.0.100-2.el10_1
rpms:imports/c9/dotnet10.0-10.0.100-2.el9_7
rpms:imports/c8/dotnet10.0-10.0.100-2.el8_10
rpms:imports/c10/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10_1
rpms:imports/c10s/dotnet10.0-10.0.100-2.el10
rpms:imports/c9/dotnet10.0-10.0.100_rc.2.25502.107-0.10.el9_7
rpms:imports/c10s/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.11.el10
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.9.el9
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.8.el9_bootstrap
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.10.el10
rpms:imports/c10s/dotnet10.0-10.0.100_preview.7.25380.108-0.9.el10
...
pull from: rpms:c8s
Branches Tags
rpms:c9s
rpms:c8s
rpms:c10
rpms:c10s
rpms:c8
rpms:c8-bootstrap
rpms:c9-beta
rpms:imports/c10/dotnet10.0-10.0.101-1.el10_1
rpms:imports/c9/dotnet10.0-10.0.101-1.el9_7
rpms:imports/c10s/dotnet10.0-10.0.101-2.el10
rpms:imports/c8/dotnet10.0-10.0.101-1.el8_10
rpms:imports/c10/dotnet10.0-10.0.100-2.el10_1
rpms:imports/c9/dotnet10.0-10.0.100-2.el9_7
rpms:imports/c8/dotnet10.0-10.0.100-2.el8_10
rpms:imports/c10/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10_1
rpms:imports/c10s/dotnet10.0-10.0.100-2.el10
rpms:imports/c9/dotnet10.0-10.0.100_rc.2.25502.107-0.10.el9_7
rpms:imports/c10s/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.11.el10
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.9.el9
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.8.el9_bootstrap
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.10.el10
rpms:imports/c10s/dotnet10.0-10.0.100_preview.7.25380.108-0.9.el10

8 Commits
c10s ... c8s

Author SHA1 Message Date
Omair Majid
076e90024b Update to .NET SDK 10.0.101 and Runtime 10.0.1 
Resolves: RHEL-130937
 2025-12-12 12:11:52 -05:00
Omair Majid
8597c41715 Update to .NET SDK 10.0.100 and Runtime 10.0.0 
Resolves: RHEL-125747
 2025-11-13 22:01:52 -05:00
Omair Majid
b89a27143b Update to .NET SDK 10.0.100-rc.2.25502.107 and Runtime 10.0.0-rc.2.25502.107 
Resolves: RHEL-121301
 2025-10-20 06:54:20 -04:00
Omair Majid
003a2ba270 Disable bootstrap 
Resolves: RHEL-114568
 2025-09-15 09:48:00 -04:00
Omair Majid
29b229a63f Update to .NET 10 RC 1 
Resolves: RHEL-114568
 2025-09-14 11:20:32 -04:00
Omair Majid
6a9eaf61cf Drop netstandard-targeting-pack-2.1 
It's being removed by upstream in RC 1. See
https://github.com/dotnet/source-build/issues/5324.

Related: RHEL-98673
 2025-09-04 17:38:49 -04:00
Omair Majid
a99af161f5 Disable bootstrap 
Resolves: RHEL-98673
 2025-08-06 18:54:11 -04:00
Omair Majid
44196febdb Initial commit on c8s 
Originally imported from:
243efe5136

Resolves: RHEL-98673
 2025-08-01 18:53:00 -04:00
20 changed files with 1949 additions and 0 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

72
.gitignore vendored
View File

@ -0,0 +1,72 @@
/dotnet-v3.1.101-SDK.tar.gz
/dotnet-v3.1.102-SDK.tar.gz
/dotnet-v3.1.103.2-SDK.tar.gz
/dotnet-v5.0.102-SDK-arm64-bootstrap.tar.gz
/dotnet-v5.0.102-SDK-x64-bootstrap.tar.gz
/dotnet-v5.0.102-SDK.tar.gz
/dotnet-v5.0.103-SDK.tar.gz
/dotnet-v5.0.104-SDK.tar.gz
/dotnet-v5.0.202-SDK.tar.gz
/dotnet-v5.0.203-SDK.tar.gz
/dotnet-v5.0.204-SDK.tar.gz
/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c-x64-bootstrap.tar.xz
/dotnet-arm64-prebuilts-2021-10-29.tar.gz
/dotnet-s390x-prebuilts-2021-10-29.tar.gz
/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c.tar.gz
/dotnet-v6.0.101.tar.gz
/dotnet-v6.0.102.tar.gz
/dotnet-v6.0.103.tar.gz
/dotnet-v6.0.104.tar.gz
/dotnet-v6.0.105.tar.gz
/dotnet-v7.0.100-rc.2.22477.23-x64-bootstrap.tar.xz
/dotnet-arm64-prebuilts-2022-10-12.tar.gz
/dotnet-ppc64le-prebuilts-2022-10-21.tar.gz
/dotnet-s390x-prebuilts-2022-10-12.tar.gz
/dotnet-v7.0.100.tar.gz
/dotnet-v7.0.101.tar.gz
/dotnet-v7.0.102.tar.gz
/dotnet-v8.0.0-rc.1.23419.4-x64-bootstrap.tar.xz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-arm64.tar.gz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-ppc64le.tar.gz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz
/dotnet-v8.0.0-rc.2.23479.6.tar.gz
/dotnet-8.0.0.tar.gz
/dotnet-8.0.0.tar.gz.sig
/dotnet-8.0.1.tar.gz
/dotnet-8.0.1.tar.gz.sig
/dotnet-8.0.2.tar.gz
/8.0.2.tar.gz.sig
/dotnet-v9.0.0-rc.1.24431.7-x64-bootstrap.tar.gz
/dotnet-sdk-9.0.100-preview.7.24407.12-linux-arm64.tar.gz
/dotnet-prebuilts-9.0.100-preview.7.24407.1-ppc64le.tar.gz
/dotnet-prebuilts-9.0.100-preview.7.24407.1-s390x.tar.gz
/dotnet-9.0.0-rc.1.24431.7.tar.gz
/dotnet-9.0.0-rc.1.24431.7.tar.gz.sig
/dotnet-v9.0.0-rc.2.24473.5-x64-bootstrap.tar.gz
/dotnet-sdk-9.0.100-rc.1.24452.12-linux-arm64.tar.gz
/dotnet-prebuilts-9.0.100-rc.1.24452.1-ppc64le.tar.gz
/dotnet-prebuilts-9.0.100-rc.1.24452.1-s390x.tar.gz
/dotnet-9.0.0-rc.2.24473.5.tar.gz
/dotnet-9.0.0-rc.2.24473.5.tar.gz.sig
/dotnet-9.0.0.tar.gz
/dotnet-9.0.0.tar.gz.sig
/dotnet-9.0.101.tar.gz
/dotnet-9.0.101.tar.gz.sig
/dotnet-10.0.0-preview.6.25358.103.tar.gz
/dotnet-10.0.0-preview.6.25358.103.tar.gz.sig
/dotnet-prebuilts-10.0.100-preview.6.25302.104-arm64.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25302.104-x64.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25358.103-ppc64le.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25358.103-s390x.tar.gz
/dotnet-10.0.100-rc.1.25451.107.tar.gz
/dotnet-10.0.100-rc.1.25451.107.tar.gz.sig
/dotnet-prebuilts-10.0.100-rc.1.25420.111-x64.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25420.111-arm64.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25451.107-ppc64le.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25451.107-s390x.tar.gz
/dotnet-source-10.0.100-rc.2.25502.107.tar.gz
/dotnet-source-10.0.100-rc.2.25502.107.tar.gz.sig
/dotnet-10.0.100.tar.gz
/dotnet-10.0.100.tar.gz.sig
/dotnet-10.0.101.tar.gz
/dotnet-10.0.101.tar.gz.sig

27
README.md Normal file
View File

@ -0,0 +1,27 @@
# dotnet10.0
The dotnet10.0 package
This is the .NET 10.0 package for CentOS Stream/RHEL 8.
# Specification
This package follows [package naming and contents suggested by
upstream](https://docs.microsoft.com/en-us/dotnet/core/build/distribution-packaging),
with one exception. It installs dotnet to `/usr/lib64/dotnet` (aka
`%{_libdir}`).
# Contributing
Please open merge requests in dotnet10.0 repository in CentOS Stream.
# Testing
This package uses CI tests as defined in `tests/ci.fmf`. You can run them using
[tmt](https://tmt.readthedocs.io/en/stable/overview.html). Creating a
merge-request or running an official build will fire off tests and flag any
issues. We have enabled gating (via `gating.yaml`) on the tests. That prevents
a build that fails any test from being released until the failures are waived.
The tests themselves are contained in this external repository:
https://github.com/redhat-developer/dotnet-regular-tests/

123
build-dotnet-bootstrap-tarball Executable file
View File

@ -0,0 +1,123 @@
#!/bin/bash
# Usage:
# build-dotnet-bootstrap-tarball <tag-or-commit-from-dotnet>
#
# Creates a source archive suitable for bootstrapping
# https://github.com/dotnet/dotnet.
#
# Requires a tarball with the name "${dotnet}-${tag}.tar.gz" in current
# directory.
set -euo pipefail
IFS=$'\n\t'
function print_usage {
echo "Usage:"
echo "$0 <tag-from-dotnet>|<commit-sha-from-dotnet>"
echo
echo "Creates a $arch bootstrap source archive from an archive of https://github.com/dotnet/dotnet"
}
function clean_dotnet_cache {
rm -rf ~/.aspnet ~/.dotnet/ ~/.nuget/ ~/.local/share/NuGet ~/.templateengine
rm -rf /tmp/NuGet /tmp/NuGetScratch /tmp/.NETCore* /tmp/.NETStandard* /tmp/.dotnet /tmp/dotnet.* /tmp/clr-debug-pipe* /tmp/Razor-Server /tmp/CoreFxPipe* /tmp/VBCSCompiler /tmp/.NETFramework*
rm -rf ~/.npm/
}
function check_bootstrap_environment {
if rpm -qa | grep dotnet ; then
echo "error: dotnet is installed. Not a good idea for bootstrapping."
exit 1
fi
if [ -d /usr/lib/dotnet ] || [ -d /usr/lib64/dotnet ] || [ -d /usr/share/dotnet ] ; then
echo "error: one of /usr/lib/dotnet /usr/lib64/dotnet or /usr/share/dotnet/ exists. Not a good idea for bootstrapping."
exit 1
fi
if command -v dotnet ; then
echo "error: dotnet is in $PATH. Not a good idea for bootstrapping."
exit 1
fi
}
positional_args=()
while [[ "$#" -gt 0 ]]; do
arg="${1}"
case "${arg}" in
-h|--help)
print_usage
exit 0
;;
*)
positional_args+=("$1")
shift
;;
esac
done
check_bootstrap_environment
tag=${positional_args[0]:-}
if [[ -z ${tag} ]]; then
echo "error: missing tag to build"
exit 1
fi
set -x
tag_without_v=$(echo "${tag}" | sed -e 's|^v||')
tarball_name="dotnet-${tag_without_v}"
tarball_suffix=.tar.gz
if [ -f "dotnet-prebuilts-${tag}-x64${tarball_suffix}" ]; then
echo "error: dotnet-prebuilts-${tag}-x64${tarball_suffix} already exists"
exit 1
fi
if [ -f "dotnet-prebuilts-${tag}-arm64${tarball_suffix}" ]; then
echo "error: dotnet-prebuilts-${tag}-arm64${tarball_suffix} already exists"
exit 1
fi
for arch in arm64 x64; do
rm -rf "${tarball_name}"
tar xf "${tarball_name}${tarball_suffix}"
pushd "${tarball_name}"
if [[ $arch == arm64 ]]; then
./prep-source-build.sh --bootstrap-rid linux-arm64
else
./prep-source-build.sh
fi
# Remove files with funny licenses and crypto implementations and
# other not-very-useful artifacts. We MUST NOT ship any files that
# have unapproved licenses and unexpected cryptographic
# implementations.
#
# We use rm -r (no -f) to make sure the operation fails if the files
# are not at the expected locations. If the files are not at the
# expected location, we need to find the new location of the files and
# delete them, or verify that upstream has already removed the files.
# rm -r $FILE_TO_REMOVE
sdk_version=$(jq -r .tools.dotnet "global.json")
mkdir -p "../dotnet-prebuilts-${sdk_version}-${arch}"
pushd "../dotnet-prebuilts-${sdk_version}-${arch}"
mv "../${tarball_name}/prereqs/packages/archive/Private.SourceBuilt.Artifacts.Bootstrap.tar.gz" .
wget https://builds.dotnet.microsoft.com/dotnet/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz || \
wget https://ci.dot.net/public/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz
popd
popd
tar czf "dotnet-prebuilts-${sdk_version}-${arch}${tarball_suffix}" "dotnet-prebuilts-${sdk_version}-${arch}"
rm -rf "dotnet-prebuilts-${sdk_version}-${arch}"
done
if [ -f rpm-crosscompile-all ] ; then
./rpm-crosscompile-all "${tag}"
fi

62
build-prebuilt-archive Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
# Usage:
# build-prebuilt-archive architecture vmr-directory
#
# Creates an archive containing necessary bootstrapping binaries for ppc64le or
# s390x architectures from a VMR build.
#
# You need to have cloned the VMR (https://github.com/dotnet/dotnet) and
# cross-compiled it for the target architecture already.
set -euo pipefail
IFS=$'\n\t'
set -x
function print_usage {
echo "Usage:"
echo "$0 <architecture> <vmr directory>"
echo
echo "Creates a ppc64le or s390x bootstrap archive from a VMR build."
echo
echo "You need to have cloned the VMR (https://github.com/dotnet/dotnet) and"
echo "cross-compiled it for the target architecture already."
}
positional_args=()
while [[ "$#" -gt 0 ]]; do
arg="${1}"
case "${arg}" in
-h|--help)
print_usage
exit 0
;;
*)
positional_args+=("$1")
shift
;;
esac
done
arch=${positional_args[0]} # Name of the architecture. Eg, s390x or ppc64le
dir=${positional_args[1]} # Checkout of the VMR with the cross-build for the target architecture
dir=$(readlink -f "$dir")
sdk_tarball=$(readlink -f $(find "$dir" -iname 'dotnet-sdk*'"$arch"'*tar.gz' | head -1))
# SDK is at VMR/artifacts/assets/Release/dotnet-sdk-9.0.100-preview.3.24165.1-linux-$arch.tar.gz. Extract the SDK version from the name.
sdk_version=$(echo "$(basename "${sdk_tarball}")" | sed -E -e 's/dotnet-sdk-//' -e "s/-linux-$arch.tar.gz//")
echo $sdk_version
archive_name=dotnet-prebuilts-${sdk_version}-${arch}
mkdir -p $archive_name
pushd $archive_name
cp -av $sdk_tarball .
cp $dir/artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz .
popd
tar cvzf $archive_name.tar.gz $archive_name

140
check-debug-symbols.py Executable file
View File

@ -0,0 +1,140 @@
#!/usr/bin/python3
"""
Check debug symbols are present in shared object and can identify
code.
It starts scanning from a directory and recursively scans all ELF
files found in it for various symbols to ensure all debuginfo is
present and nothing has been stripped.
Usage:
./check-debug-symbols /path/of/dir/to/scan/
Example:
./check-debug-symbols /usr/lib64
"""
# This technique was explained to me by Mark Wielaard (mjw).
import collections
import os
import re
import subprocess
import sys
ScanResult = collections.namedtuple('ScanResult',
'file_name debug_info debug_abbrev file_symbols gnu_debuglink')
file_symbol_exclude_list = [
'ilc',
]
def scan_file(file):
"Scan the provided file and return a ScanResult containing results of the scan."
# Test for .debug_* sections in the shared object. This is the main test.
# Stripped objects will not contain these.
readelf_S_result = subprocess.run(['eu-readelf', '-S', file],
stdout=subprocess.PIPE, encoding='utf-8', check=True)
has_debug_info = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_info' in line)
has_debug_abbrev = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_abbrev' in line)
# Test FILE symbols. These will most likely be removed by anyting that
# manipulates symbol tables because it's generally useless. So a nice test
# that nothing has messed with symbols.
def contains_file_symbols(line):
parts = line.split()
if len(parts) < 8:
return False
return \
parts[2] == '0' and parts[3] == 'FILE' and parts[4] == 'LOCAL' and parts[5] == 'DEFAULT' and \
parts[6] == 'ABS' and re.match(r'((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx))?', parts[7])
readelf_s_result = subprocess.run(["eu-readelf", '-s', file],
stdout=subprocess.PIPE, encoding='utf-8', check=True)
has_file_symbols = True
if not os.path.basename(file) in file_symbol_exclude_list:
has_file_symbols = any(line for line in readelf_s_result.stdout.split('\n') if contains_file_symbols(line))
# Test that there are no .gnu_debuglink sections pointing to another
# debuginfo file. There shouldn't be any debuginfo files, so the link makes
# no sense either.
has_gnu_debuglink = any(line for line in readelf_s_result.stdout.split('\n') if '] .gnu_debuglink' in line)
return ScanResult(file, has_debug_info, has_debug_abbrev, has_file_symbols, has_gnu_debuglink)
def is_elf(file):
result = subprocess.run(['file', file], stdout=subprocess.PIPE, encoding='utf-8', check=True)
return re.search(r'ELF 64-bit [LM]SB (?:pie )?(?:executable|shared object)', result.stdout)
def scan_file_if_sensible(file):
if is_elf(file):
return scan_file(file)
return None
def scan_dir(dir):
results = []
for root, _, files in os.walk(dir):
for name in files:
result = scan_file_if_sensible(os.path.join(root, name))
if result:
results.append(result)
return results
def scan(file):
file = os.path.abspath(file)
if os.path.isdir(file):
return scan_dir(file)
elif os.path.isfile(file):
return [scan_file_if_sensible(file)]
def is_bad_result(result):
return not result.debug_info or not result.debug_abbrev or not result.file_symbols or result.gnu_debuglink
def print_scan_results(results, verbose):
# print(results)
for result in results:
file_name = result.file_name
found_issue = False
if not result.debug_info:
found_issue = True
print('error: missing .debug_info section in', file_name)
if not result.debug_abbrev:
found_issue = True
print('error: missing .debug_abbrev section in', file_name)
if not result.file_symbols:
found_issue = True
print('error: missing FILE symbols in', file_name)
if result.gnu_debuglink:
found_issue = True
print('error: unexpected .gnu_debuglink section in', file_name)
if verbose and not found_issue:
print('OK: ', file_name)
def main(args):
verbose = False
files = []
for arg in args:
if arg == '--verbose' or arg == '-v':
verbose = True
else:
files.append(arg)
results = []
for file in files:
results.extend(scan(file))
print_scan_results(results, verbose)
if any(is_bad_result(result) for result in results):
return 1
return 0
if __name__ == '__main__':
sys.exit(main(sys.argv[1:]))

18
copr-build Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -euo pipefail
set -x
function fedora_release {
source /etc/os-release
echo $VERSION_ID
}
fedpkg --release f$(fedora_release) srpm 2>&1 | tee fedpkg.output
srpm_name=$(grep 'Wrote: ' fedpkg.output | cut -d' ' -f 2)
ls -alh "${srpm_name}"
copr-cli --debug build @dotnet-sig/dotnet-preview "${srpm_name}" --timeout 36000

14
dotnet.sh.in Normal file
View File

@ -0,0 +1,14 @@
# Set location for AppHost lookup
[ -z "$DOTNET_ROOT" ] && export DOTNET_ROOT=@LIBDIR@/dotnet
# Add dotnet tools directory to PATH
DOTNET_TOOLS_PATH="$HOME/.dotnet/tools"
case "$PATH" in
*"$DOTNET_TOOLS_PATH"* ) true ;;
* ) PATH="$PATH:$DOTNET_TOOLS_PATH" ;;
esac
# Extract self-contained executables under HOME
# to avoid multi-user issues from using the default '/var/tmp'.
[ -z "$DOTNET_BUNDLE_EXTRACT_BASE_DIR" ] && export DOTNET_BUNDLE_EXTRACT_BASE_DIR="${XDG_CACHE_HOME:-"$HOME"/.cache}/dotnet_bundle_extract"

933
dotnet10.0.spec Normal file
View File

@ -0,0 +1,933 @@
%bcond_with bootstrap
# LTO triggers a compilation error for a source level issue. Given that LTO should not
# change the validity of any given source and the nature of the error (undefined enum), I
# suspect a generator program is mis-behaving in some way. This needs further debugging,
# until that's done, disable LTO. This has to happen before setting the flags below.
%define _lto_cflags %{nil}
%global dotnetver 10.0
# Only the package for the latest dotnet version should provide RPMs like
# dotnet-host
%global is_latest_dotnet 1
# upstream can produce releases with a different tag than the SDK version
#%%global upstream_tag v%%{runtime_version}
%global upstream_tag v10.0.101
%global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||')
%global hostfxr_version %{runtime_version}
%global runtime_version 10.0.1
%global aspnetcore_runtime_version 10.0.1
%global sdk_version 10.0.101
%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version %{aspnetcore_runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
%global runtime_rpm_version %{runtime_version}
%global aspnetcore_runtime_rpm_version %{aspnetcore_runtime_version}
%global sdk_rpm_version %{sdk_version}
%global use_bundled_brotli 0
%global use_bundled_libunwind 1
%global use_bundled_llvm_libunwind 1
%global use_bundled_rapidjson 0
%global use_bundled_zlib 0
%global use_lttng 0
%if 0%{?rhel} > 0
%global use_bundled_rapidjson 1
%endif
%ifarch aarch64
%global runtime_arch arm64
%endif
%ifarch ppc64le
%global runtime_arch ppc64le
%endif
%ifarch s390x
%global runtime_arch s390x
%endif
%ifarch x86_64
%global runtime_arch x64
%endif
%global mono_archs ppc64le s390x
# On Fedora and RHEL > 9, ship RPM macros
%if 0%{?fedora} || 0%{?rhel} > 9
%global include_macros 1
%else
%global include_macros 0
%endif
%{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}}
# Define macros for OS backwards compat
%if %{undefined bash_completions_dir}
%global bash_completions_dir %{_datadir}/bash-completion/completions
%endif
%if %{undefined zsh_completions_dir}
%global zsh_completions_dir %{_datadir}/zsh/site-functions
%endif
Name: dotnet%{dotnetver}
Version: %{sdk_rpm_version}
Release: 2%{?dist}
Summary: .NET Runtime and SDK
License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib
URL: https://github.com/dotnet/
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz
Source1: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/dotnet-%{upstream_tag_without_v}.tar.gz.sig
Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc
Source3: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json
%if %{with bootstrap}
# The bootstrap SDK version is one listed in the global.json file of the main source archive
%global bootstrap_sdk_version 10.0.100-rc.1.25420.111
# The source is generated on a Fedora box via:
# ./build-dotnet-bootstrap-tarball %%{upstream_tag}
Source10: dotnet-prebuilts-%{bootstrap_sdk_version}-x64.tar.gz
Source11: dotnet-prebuilts-%{bootstrap_sdk_version}-arm64.tar.gz
# To generate ppc64le and s390x archives:
# 1. Build the VMR commit in cross-build mode for the architecture
# 2. Use `build-prebuilt-archive` to create the archive from the VMR
%global bootstrap_sdk_version_ppc64le_s390x 10.0.100-rc.1.25451.107
Source12: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-ppc64le.tar.gz
Source13: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-s390x.tar.gz
%endif
Source100: macros.dotnet
Source101: check-debug-symbols.py
Source102: dotnet.sh.in
# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
Patch0: runtime-re-enable-implicit-rejection.patch
# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
# digests used for the signature are not treated as fatal errors.
# https://issues.redhat.com/browse/RHEL-25254
Patch1: runtime-openssl-sha1.patch
# fix an error caused by combining Fedora's CFLAGS with how .NET builds some assembly files
Patch2: runtime-disable-fortify-on-ilasm-parser.patch
ExclusiveArch: aarch64 ppc64le s390x x86_64
%if ! %{use_bundled_brotli}
BuildRequires: brotli-devel
%endif
BuildRequires: clang
BuildRequires: cmake
BuildRequires: coreutils
%if %{without bootstrap}
BuildRequires: dotnet-sdk-%{dotnetver}
BuildRequires: dotnet-sdk-%{dotnetver}-source-built-artifacts
%endif
BuildRequires: findutils
BuildRequires: git
BuildRequires: glibc-langpack-en
BuildRequires: gnupg2
BuildRequires: hostname
BuildRequires: krb5-devel
BuildRequires: libicu-devel
%if ! %{use_bundled_libunwind}
BuildRequires: libunwind-devel
%endif
%ifnarch s390x
BuildRequires: lld
%else
# lld is not supported/available/usable on s390x
BuildRequires: binutils
%endif
# If the build ever crashes, then having lldb installed might help the
# runtime generate a backtrace for the crash
BuildRequires: lldb
BuildRequires: llvm
%if ! %{use_bundled_llvm_libunwind}
BuildRequires: llvm-libunwind-devel
%endif
%if %{use_lttng}
BuildRequires: lttng-ust-devel
%endif
BuildRequires: make
BuildRequires: openssl-devel
BuildRequires: python3
%if ! %{use_bundled_rapidjson}
BuildRequires: rapidjson-devel
%endif
BuildRequires: tar
BuildRequires: util-linux
%if ! %{use_bundled_zlib}
BuildRequires: zlib-devel
%endif
# The tracing support in CoreCLR is optional. It has a run-time
# dependency on some additional libraries like lttng-ust. The runtime
# gracefully disables tracing if the dependencies are missing.
%global __requires_exclude_from ^(%{_libdir}/dotnet/.*/libcoreclrtraceptprovider\\.so)$
# Avoid generating provides and requires for private libraries
%global privlibs libhostfxr
%global privlibs %{privlibs}|libclrgc
%global privlibs %{privlibs}|libclrjit
%global privlibs %{privlibs}|libcoreclr
%global privlibs %{privlibs}|libcoreclrtraceptprovider
%global privlibs %{privlibs}|libhostpolicy
%global privlibs %{privlibs}|libmscordaccore
%global privlibs %{privlibs}|libmscordbi
%global privlibs %{privlibs}|libnethost
%global privlibs %{privlibs}|libSystem.Globalization.Native
%global privlibs %{privlibs}|libSystem.IO.Compression.Native
%global privlibs %{privlibs}|libSystem.Native
%global privlibs %{privlibs}|libSystem.Net.Security.Native
%global privlibs %{privlibs}|libSystem.Security.Cryptography.Native.OpenSsl
%global __provides_exclude ^(%{privlibs})\\.so
%global __requires_exclude ^(%{privlibs})\\.so
%description
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
# The `dotnet` package was a bit of historical mistake. Users
# shouldn't be asked to install .NET without a version because .NET
# code (source or build) is generally version specific. We have kept
# it around in older versions of RHEL and Fedora. But no reason to
# continue this mistake.
%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
%package -n dotnet
Version: %{sdk_rpm_version}
Summary: .NET CLI tools and runtime
Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
%description -n dotnet
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
%endif
%package -n dotnet-host
Version: %{runtime_rpm_version}
Summary: .NET command line launcher
%description -n dotnet-host
The .NET host is a command line program that runs a standalone
.NET application or launches the SDK.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-hostfxr-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: .NET command line host resolver
# Theoretically any version of the host should work. But lets aim for the one
# provided by this package, or from a newer version of .NET
Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release}
%description -n dotnet-hostfxr-%{dotnetver}
The .NET host resolver contains the logic to resolve and select
the right version of the .NET SDK or runtime to use.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-runtime-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: NET %{dotnetver} runtime
Requires: dotnet-hostfxr-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
# libicu is dlopen()ed
Requires: libicu%{?_isa}
# See src/runtime/src/libraries/Native/AnyOS/brotli-version.txt
Provides: bundled(libbrotli) = 1.0.9
%if %{use_bundled_libunwind}
# See src/runtime/src/coreclr/pal/src/libunwind/libunwind-version.txt
Provides: bundled(libunwind) = 1.5.rc1.28.g9165d2a1
%endif
%description -n dotnet-runtime-%{dotnetver}
The .NET runtime contains everything needed to run .NET applications.
It includes a high performance Virtual Machine as well as the framework
libraries used by .NET applications.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-runtime-dbg-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: Managed debug symbols NET %{dotnetver} runtime
Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
%description -n dotnet-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the .NET runtime itself.
%package -n aspnetcore-runtime-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
Summary: ASP.NET Core %{dotnetver} runtime
Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
%description -n aspnetcore-runtime-%{dotnetver}
The ASP.NET Core runtime contains everything needed to run .NET
web applications. It includes a high performance Virtual Machine as
well as the framework libraries used by .NET applications.
ASP.NET Core is a fast, lightweight and modular platform for creating
cross platform web applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n aspnetcore-runtime-dbg-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
Summary: Managed debug symbols for the ASP.NET Core %{dotnetver} runtime
Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release}
%description -n aspnetcore-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the ASP.NET Core runtime itself.
%package -n dotnet-templates-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: .NET %{dotnetver} templates
# Theoretically any version of the host should work. But lets aim for the one
# provided by this package, or from a newer version of .NET
Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release}
%description -n dotnet-templates-%{dotnetver}
This package contains templates used by the .NET SDK.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-sdk-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: .NET %{dotnetver} Software Development Kit
Provides: bundled(js-jquery)
Requires: dotnet-runtime-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release}
Requires: dotnet-apphost-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: dotnet-targeting-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: aspnetcore-targeting-pack-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release}
Requires: dotnet-templates-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
%description -n dotnet-sdk-%{dotnetver}
The .NET SDK is a collection of command line applications to
create, build, publish and run .NET applications.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-sdk-dbg-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: Managed debug symbols for the .NET %{dotnetver} Software Development Kit
Requires: dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release}
%description -n dotnet-sdk-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the .NET
Software Development Kit (SDK) itself.
%package -n dotnet-sdk-aot-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: Ahead-of-Time (AOT) support for the .NET %{dotnetver} Software Development Kit
Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
# When installing AOT support, also install all dependencies needed to build
# NativeAOT applications. AOT invokes `clang ... -lssl -lcrypto -lbrotlienc
# -lbrotlidec -lz ...`.
Requires: brotli-devel%{?_isa}
Requires: clang%{?_isa}
Requires: openssl-devel%{?_isa}
Requires: zlib-devel%{?_isa}
%description -n dotnet-sdk-aot-%{dotnetver}
This package provides Ahead-of-time (AOT) compilation support for the .NET SDK.
%global dotnet_targeting_pack() %{expand:
%package -n %{1}
Version: %{2}
Summary: Targeting Pack for %{3} %{4}
Requires: dotnet-host%{?_isa}
%description -n %{1}
This package provides a targeting pack for %{3} %{4}
that allows developers to compile against and target %{3} %{4}
applications using the .NET SDK.
%files -n %{1}
%dir %{_libdir}/dotnet/packs
%{_libdir}/dotnet/packs/%{5}
}
%dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id}
%dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App.Ref %{dotnetver} Microsoft.NETCore.App.Ref
%dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref
%package -n dotnet-sdk-%{dotnetver}-source-built-artifacts
Version: %{sdk_rpm_version}
Summary: Internal package for building .NET %{dotnetver} Software Development Kit
%description -n dotnet-sdk-%{dotnetver}-source-built-artifacts
The .NET source-built archive is a collection of packages needed
to build the .NET SDK itself.
These are not meant for general use.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
release_json_tag=$(grep tag %{SOURCE3} | cut -d: -f2 | sed -E 's/[," ]*//g')
if [[ ${release_json_tag} != %{upstream_tag} ]]; then
echo "error: tag in release.json doesn't match tag in spec file"
exit 1
fi
%setup -q -n dotnet-%{upstream_tag_without_v}
# Remove all prebuilts and binaries
rm -rf .dotnet/
rm -rf packages/source-built
find -type f \( \
-iname '*.bin' -or \
-iname '*.binlog' -or \
-iname '*.dat' -or \
-iname '*.db' -or \
-iname '*.dll' -or \
-iname '*.doc' -or \
-iname '*.docx' -or \
-iname '*.exe' -or \
-iname '*.mdb' -or \
-iname '*.mod' -or \
-iname '*.msi' -or \
-iname '*.netmodule' -or \
-iname '*.nupkg' -or \
-iname '*.o' -or \
-iname '*.obj' -or \
-iname '*.out' -or \
-iname '*.p7b' -or \
-iname '*.p7s' -or \
-iname '*.pdb' -or \
-iname '*.pfx' -or \
-iname '*.so' -or \
-iname '*.tar.gz' -or \
-iname '*.tgz' -or \
-iname '*.tlb' -or \
-iname '*.winmd' -or \
-iname '*.vsix' -or \
-iname '*.zip' \
\) \
-delete
# No js/nodejs code should be getting built, and no javascript prebuilts
# packages should be present on disk or used. Delete things to make the build
# break if any Javascript is compiled/used.
find -iname package.json -delete
find -iname package-lock.json -delete
rm -rf ./src/aspnetcore/src/Components/Web.JS/dist
%if %{without bootstrap}
mkdir -p prereqs/packages/archive
ln -s %{_libdir}/dotnet/source-built-artifacts/Private.SourceBuilt.Artifacts.*.tar.gz prereqs/packages/archive/
%else
%ifarch x86_64
tar -x --strip-components=1 -f %{SOURCE10} -C prereqs/packages/archive/
%endif
%ifarch aarch64
tar -x --strip-components=1 -f %{SOURCE11} -C prereqs/packages/archive/
%endif
%ifarch ppc64le
tar -x --strip-components=1 -f %{SOURCE12} -C prereqs/packages/archive/
%endif
%ifarch s390x
tar -x --strip-components=1 -f %{SOURCE13} -C prereqs/packages/archive/
%endif
rm -rf .dotnet
mkdir -p .dotnet/
tar xf prereqs/packages/archive/dotnet-sdk*%{runtime_arch}.tar.gz -C .dotnet/
rm -rf prereqs/packages/archive/dotnet-sdk*.tar.gz
%endif
%autopatch -p1 -M 999
sed -i -E 's/trap.*tempDir.*EXIT//' eng/source-build-toolset-init.sh
%if ! %{use_bundled_brotli}
rm -r src/runtime/src/native/external/brotli/
%endif
%if ! %{use_bundled_libunwind}
rm -r src/runtime/src/native/external/libunwind/
%endif
%if ! %{use_bundled_llvm_libunwind}
rm -r src/runtime/src/native/external/llvm-libunwind
%endif
%if ! %{use_bundled_rapidjson}
rm -r src/runtime/src/native/external/rapidjson
%endif
%if ! %{use_bundled_zlib}
rm -r src/runtime/src/native/external/zlib-ng
%endif
%build
cat /etc/os-release
%if %{without bootstrap}
# We need to create a copy because build scripts will mutate this
cp -a %{_libdir}/dotnet previously-built-dotnet
find previously-built-dotnet
%endif
%if 0%{?fedora} || 0%{?rhel} >= 9
# Setting this macro ensures that only clang supported options will be
# added to ldflags and cflags.
%global toolchain clang
%set_build_flags
%else
# Filter flags not supported by clang
%global dotnet_cflags %(echo %optflags | sed -re 's/-specs=[^ ]*//g')
%global dotnet_ldflags %(echo %{__global_ldflags} | sed -re 's/-specs=[^ ]*//g')
export CFLAGS="%{dotnet_cflags}"
export CXXFLAGS="%{dotnet_cflags}"
export LDFLAGS="%{dotnet_ldflags}"
%endif
# -fstack-clash-protection breaks CoreCLR
CFLAGS=$(echo $CFLAGS | sed -e 's/-fstack-clash-protection//' )
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-fstack-clash-protection//' )
%ifarch aarch64
# -mbranch-protection=standard breaks unwinding in CoreCLR through libunwind
CFLAGS=$(echo $CFLAGS | sed -e 's/-mbranch-protection=standard //')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-mbranch-protection=standard //')
%endif
%ifarch s390x
# -march=z13 -mtune=z14 makes clang crash while compiling .NET
CFLAGS=$(echo $CFLAGS | sed -e 's/ -march=z13//')
CFLAGS=$(echo $CFLAGS | sed -e 's/ -mtune=z14//')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -march=z13//')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -mtune=z14//')
%endif
# Enabling fortify-source and "-Wall -Weverything" produces new warnings from libc. Turn them off.
CFLAGS="$CFLAGS -Wno-used-but-marked-unused"
CXXFLAGS="$CXXFLAGS -Wno-used-but-marked-unused"
export EXTRA_CFLAGS="$CFLAGS"
export EXTRA_CXXFLAGS="$CXXFLAGS"
export EXTRA_LDFLAGS="$LDFLAGS"
# Disable tracing, which is incompatible with certain versions of
# lttng See https://github.com/dotnet/runtime/issues/57784. The
# suggested compile-time change doesn't work, unfortunately.
export COMPlus_LTTng=0
# Replace commas in the vendor name. Commas in msbuild properties are parsed
# differently than what we want.
vendor=$(echo "%{?dist_vendor}%{!?dist_vendor:%_host_vendor}" | sed -E 's/,/ /')
system_libs=
%if ! %{use_bundled_brotli}
system_libs=$system_libs+brotli+
%endif
%if ! %{use_bundled_libunwind}
system_libs=$system_libs+libunwind+
%endif
%if ! %{use_bundled_llvm_libunwind}
system_libs=$system_libs+llvmlibunwind+
%endif
%if ! %{use_bundled_rapidjson}
system_libs=$system_libs+rapidjson+
%endif
%if ! %{use_bundled_zlib}
system_libs=$system_libs+zlib+
%endif
%if ! %{use_lttng}
system_libs=$system_libs-lttng-
%endif
%ifarch ppc64le s390x
max_attempts=3
%else
max_attempts=1
%endif
function retry_until_success {
local exit_code=1
local tries=$1
shift
set +e
while [[ $exit_code != 0 ]] && [[ $tries != 0 ]]; do
(( tries = tries - 1 ))
"$@"
exit_code=$?
done
set -e
return $exit_code
}
cat >dotnet-rpm-build.sh <<EOF
#!/bin/bash
set -euo pipefail
set -x
find -depth -name 'artifacts' -type d -print -exec rm -rf {} \;
./build.sh \
--source-only \
--release-manifest %{SOURCE3} \
--branding rtm \
%if %{without bootstrap}
--with-sdk previously-built-dotnet \
%endif
%ifarch %{mono_archs}
--use-mono-runtime \
%endif
-- \
/p:UseSystemLibs=${system_libs} \
/p:TargetRid=%{runtime_id} \
/p:OfficialBuilder="$vendor" \
/p:MinimalConsoleLogOutput=false \
/p:ContinueOnPrebuiltBaselineError=true \
/v:n \
/p:LogVerbosity=n
EOF
chmod +x dotnet-rpm-build.sh
VERBOSE=1 retry_until_success $max_attempts \
timeout 5h \
./dotnet-rpm-build.sh
sed -e 's|[@]LIBDIR[@]|%{_libdir}|g' %{SOURCE102} > dotnet.sh
%install
install -dm 0755 %{buildroot}%{_libdir}/dotnet
find artifacts/assets/Release/
mkdir -p built-sdk
tar xf artifacts/assets/Release/dotnet-sdk-%{sdk_version}*-%{runtime_id}.tar.gz -C %{buildroot}%{_libdir}/dotnet/
# Delete bundled certificates: we want to use the system store only,
# except for when we have no other choice and ca-certificates doesn't
# provide it. Currently ca-ceritificates has no support for
# timestamping certificates (timestamp.ctl).
find %{buildroot}%{_libdir}/dotnet -name 'codesignctl.pem' -delete
if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]; then
find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print
echo "too many certificate bundles"
exit 2
fi
# Install managed symbols
tar xf artifacts/assets/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \
-C %{buildroot}%{_libdir}/dotnet/
find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete
# Fix executable permissions on files
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'ilc' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'singlefilehost' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.sh' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'lib*so' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.a' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.dll' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.h' -exec chmod 0644 {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.json' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.o' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pdb' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.props' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pubxml' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \;
%if %{is_latest_dotnet}
install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/
install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/
# Install dynamic completions
install -dm 0755 %{buildroot}/%{bash_completions_dir}
install src/sdk/scripts/register-completions.bash %{buildroot}/%{bash_completions_dir}/dotnet
install -dm 755 %{buildroot}/%{zsh_completions_dir}
install src/sdk/scripts/register-completions.zsh %{buildroot}/%{zsh_completions_dir}/_dotnet
install -dm 0755 %{buildroot}%{_bindir}
ln -s ../../%{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/
ln -s ../../%{_libdir}/dotnet/dnx %{buildroot}%{_bindir}/
for section in 1 7; do
install -dm 0755 %{buildroot}%{_mandir}/man${section}/
find -iname 'dotnet*'.${section} -type f -exec cp {} %{buildroot}%{_mandir}/man${section}/ \;
done
install -dm 0755 %{buildroot}%{_sysconfdir}/dotnet
echo "%{_libdir}/dotnet" >> install_location
install install_location %{buildroot}%{_sysconfdir}/dotnet/
echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch}
install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/
%endif
install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts
install -m 0644 artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/
# Quick and dirty check for https://github.com/dotnet/source-build/issues/2731
test -f %{buildroot}%{_libdir}/dotnet/sdk/%{sdk_version}*/Sdks/Microsoft.NET.Sdk/Sdk/Sdk.props
# Check debug symbols in all elf objects. This is not in %%check
# because native binaries are stripped by rpm-build after %%install.
# So we need to do this check earlier.
echo "Testing build results for debug symbols..."
%{SOURCE101} -v %{buildroot}%{_libdir}/dotnet/
%if %{include_macros}
install -dm 0755 %{buildroot}%{_rpmmacrodir}/
install -m 0644 %{SOURCE100} %{buildroot}%{_rpmmacrodir}/
%endif
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files
%if %{is_latest_dotnet} == 0
# If this is an older version, self-test now, before we delete files. After we
# delete files, we will not have everything we need to self-test in %%check.
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
# Provided by dotnet-host from another SRPM
rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt
rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt
rm %{buildroot}%{_libdir}/dotnet/dotnet
%endif
%check
%if 0%{?fedora} > 35
# lttng in Fedora > 35 is incompatible with .NET
export COMPlus_LTTng=0
%endif
%if %{is_latest_dotnet}
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
%endif
%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
%files -n dotnet
# empty package useful for dependencies
%endif
%if %{is_latest_dotnet}
%files -n dotnet-host
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/dotnet
%{_libdir}/dotnet/dnx
%dir %{_libdir}/dotnet/host
%dir %{_libdir}/dotnet/host/fxr
%{_bindir}/dotnet
%{_bindir}/dnx
%license %{_libdir}/dotnet/LICENSE.txt
%license %{_libdir}/dotnet/ThirdPartyNotices.txt
%doc %{_mandir}/man1/dotnet*.1.*
%doc %{_mandir}/man7/dotnet*.7.*
%config(noreplace) %{_sysconfdir}/profile.d/dotnet.sh
%config(noreplace) %{_sysconfdir}/dotnet
%dir %{_datadir}/bash-completion
%dir %{bash_completions_dir}
%{_datadir}/bash-completion/completions/dotnet
%dir %{_datadir}/zsh
%dir %{zsh_completions_dir}
%{_datadir}/zsh/site-functions/_dotnet
%if %{include_macros}
%{_rpmmacrodir}/macros.dotnet
%endif
%endif
%files -n dotnet-hostfxr-%{dotnetver}
%dir %{_libdir}/dotnet/host/fxr
%{_libdir}/dotnet/host/fxr/%{hostfxr_version}*
%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}*
%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files
%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}*
%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files
%files -n dotnet-templates-%{dotnetver}
%dir %{_libdir}/dotnet/templates
%{_libdir}/dotnet/templates/%{templates_version}*
%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files
%dir %{_libdir}/dotnet/sdk
%dir %{_libdir}/dotnet/sdk-manifests
%{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}*
%{_libdir}/dotnet/metadata
%ifnarch %{mono_archs}
%{_libdir}/dotnet/library-packs
%endif
%dir %{_libdir}/dotnet/packs
%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version}*
%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version}*
%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files
%ifnarch %{mono_archs}
%files -n dotnet-sdk-aot-%{dotnetver}
%dir %{_libdir}/dotnet/packs
%dir %{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/
%{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/%{runtime_version}*
%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.NativeAOT.%{runtime_id}/
%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.NativeAOT.%{runtime_id}/%{runtime_version}*
%endif
%files -n dotnet-sdk-%{dotnetver}-source-built-artifacts
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/source-built-artifacts
%changelog
* Tue Dec 09 2025 Omair Majid <omajid@redhat.com> - 10.0.101-2
- Update to .NET SDK 10.0.101 and Runtime 10.0.1
- Resolves: RHEL-130937
* Wed Nov 12 2025 Omair Majid <omajid@redhat.com> - 10.0.100-1
- Update to .NET SDK 10.0.100 and Runtime 10.0.0
- Resolves: RHEL-125747
* Fri Oct 17 2025 Omair Majid <omajid@redhat.com> - 10.0.100~rc.2.25502.107-0.10
- Update to .NET SDK 10.0.100-rc.2.25502.107 and Runtime 10.0.0-rc.2.25502.107
- Resolves: RHEL-121301
* Mon Sep 15 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.9
- Disable bootstrap
- Resolves: RHEL-114568
* Sun Sep 14 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.8
- Update to .NET 10 RC 1
- Resolves: RHEL-114568
* Thu Sep 04 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.7
- Drop netstandard-targeting-pack-2.1, it's being removed by upstream in RC 1
- Related: RHEL-98673
* Wed Aug 06 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.6
- Disable bootstrap
- Resolves: RHEL-98673
* Fri Aug 01 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.5
- Initial commit on c9s
- Resolves: RHEL-98673

22
gating.yaml Normal file
View File

@ -0,0 +1,22 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

18
macros.dotnet Normal file
View File

@ -0,0 +1,18 @@
# .NET's name for the architecture
%dotnet_runtime_arch %{lua:
local target = rpm.expand("%{_target_cpu}")
local arch = "x64"
if target == "aarch64" then
arch = "arm64"
elseif target == "ppc64le" then
arch = "ppc64le"
elseif target == "s390x" then
arch = "s390x"
elseif target == "x86_64" then
arch = "x64"
end
print(arch)
}
# .NET's identifier for the OS+architecture combination
%dotnet_runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{dotnet_runtime_arch}

29
release-key-2023.asc Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BSN Pgp v1.1.0.0
mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA
vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX
zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp
pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr
EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa
b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+
Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5
4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V
xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX
fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5
9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB
tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo
BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2
feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh
w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4
W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD
+clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ
J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1
KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq
QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh
0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm
wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x
Sr+CkhS8vrktfnRgc8yBssJnvNfqXA==
=pKgS
-----END PGP PUBLIC KEY BLOCK-----

11
release.json Normal file
View File

@ -0,0 +1,11 @@
{
"release": "10.0.1",
"channel": "10.0",
"tag": "v10.0.101",
"sdkVersion": "10.0.101",
"runtimeVersion": "10.0.1",
"aspNetCoreVersion": "10.0.1",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "fad253f51b461736dfd3cd9c15977bb7493becef",
"officialBuildId": "20251119.5"
}

20
rpminspect.yaml Normal file
View File

@ -0,0 +1,20 @@
---
inspections:
# We patch upstream a lot, no need to reject patches
patches: off
badfuncs:
allowed:
# The Mono runtime (used on s390x, for example), uses inet_addr for
# debugging (such as sending the control flow graph to a remote process).
# See runtime/src/mono/mono/mini/cfgdump.c. This isn't part of any
# standard networking facility; networking APIs are implemented/used in
# libSystem*so.
/usr/lib64/dotnet/shared/Microsoft.NETCore.App/*/libcoreclr.so:
- inet_addr
/usr/lib64/dotnet/packs/Microsoft.NETCore.App.Runtime.*/*/runtimes/*/native/libcoreclr.so:
- inet_addr
runpath:
# Upstream explicitly sets $ORIGIN/netcoredeps as an RPATH
# See https://github.com/dotnet/core/blob/main/Documentation/self-contained-linux-apps.md
allowed_origin_paths:
- /netcoredeps

12
runtime-disable-fortify-on-ilasm-parser.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
index cca2c6da185..d31e6cb2070 100644
--- dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
+++ dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
@@ -52,6 +52,7 @@ if(CLR_CMAKE_HOST_UNIX)
add_compile_options(-Wno-array-bounds)
add_compile_options(-Wno-unused-label)
set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-O0" )
+ set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=0" )
endif(CLR_CMAKE_HOST_UNIX)
if(CLR_CMAKE_HOST_LINUX OR CLR_CMAKE_HOST_FREEBSD OR CLR_CMAKE_HOST_NETBSD OR CLR_CMAKE_HOST_SUNOS OR CLR_CMAKE_HOST_HAIKU)

34
runtime-openssl-sha1.patch Normal file
View File

@ -0,0 +1,34 @@
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 28 Feb 2024 14:08:15 +0100
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
with a chain where the last certificate uses a SHA-1 signature.
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
OpenSSL behavior for certificate validation.
---
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
index 04c6ba06cd..2cd3413dae 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- if (val != 0)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
- }
-
return val;
}
--
2.43.2

142
runtime-re-enable-implicit-rejection.patch Normal file
View File

@ -0,0 +1,142 @@
From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Fri, 2 Feb 2024 15:51:23 -0500
Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)"
This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995.
To quote Clemens Lang:
> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
> attack against PKCS#1v1.5 decryption. See
> https://people.redhat.com/~hkario/marvin/ for details and
> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
> comment by the researcher who published the vulnerability and proposed the
> change in OpenSSL.
For more details, see:
https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
---
.../RSA/EncryptDecrypt.cs | 49 ++++---------------
.../opensslshim.h | 6 ---
.../pal_evp_pkey_rsa.c | 13 -----
3 files changed, 10 insertions(+), 58 deletions(-)
diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
index 39f3ebc82ec..5b97f468a42 100644
--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
Assert.Equal(TestData.HelloBytes, output);
}
- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
+ [ConditionalFact]
[SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
public void RoundtripEmptyArray()
{
+ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+ {
+ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
+ }
+ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+ {
+ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
+ }
+
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
void RoundtripEmpty(RSAEncryptionPadding paddingMode)
@@ -757,23 +746,5 @@ public static IEnumerable<object[]> OaepPaddingModes
}
}
}
-
- public static bool PlatformSupportsEmptyRSAEncryption
- {
- get
- {
- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
- {
- return false;
- }
-
- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
- {
- return false;
- }
-
- return true;
- }
- }
}
}
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
index 0748e305d5c..cf10d2f7949 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(ERR_peek_error) \
REQUIRED_FUNCTION(ERR_peek_error_line) \
REQUIRED_FUNCTION(ERR_peek_last_error) \
- REQUIRED_FUNCTION(ERR_pop_to_mark) \
FALLBACK_FUNCTION(ERR_put_error) \
REQUIRED_FUNCTION(ERR_reason_error_string) \
- REQUIRED_FUNCTION(ERR_set_mark) \
LIGHTUP_FUNCTION(ERR_set_debug) \
LIGHTUP_FUNCTION(ERR_set_error) \
REQUIRED_FUNCTION(EVP_aes_128_cbc) \
@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define ERR_peek_error_line ERR_peek_error_line_ptr
#define ERR_peek_last_error ERR_peek_last_error_ptr
#define ERR_put_error ERR_put_error_ptr
-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
#define ERR_reason_error_string ERR_reason_error_string_ptr
#define ERR_set_debug ERR_set_debug_ptr
-#define ERR_set_mark ERR_set_mark_ptr
#define ERR_set_error ERR_set_error_ptr
#define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
#define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
#define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
#define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
#define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
#define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
#define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
index 043bf9f9d1e..c9ccdf33e3a 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
{
return false;
}
-
- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
- // If the padding is invalid, the decryption operation returns random data.
- // See https://github.com/openssl/openssl/pull/13817 for background.
- // Some Linux distributions backported this change to previous versions of OpenSSL.
- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
- ERR_set_mark();
-
- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
-
- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
- // current version does not support implicit rejection.
- ERR_pop_to_mark();
}
else
{
--
2.43.0

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (dotnet-10.0.101.tar.gz) = d9dd55d5ee23f356984e2edf5b075e76424ad9d91ce33aa923b9cd94bc0f2d612dee7b562dad266ceaca263f014f02a7507cd9066d9f2444cb3157e8d2824f6f
SHA512 (dotnet-10.0.101.tar.gz.sig) = 8cd1d3b3712e54849caf0f290331f664fd378b537f6a6ee22e621ceeaa5fa5a6d87b22271c1e9ff81bc05a640e6d58db00cabe5cf054dae99af7d6a6b736a56b

46
tests/ci.fmf Normal file
View File

@ -0,0 +1,46 @@
summary: Basic smoke test
provision:
hardware:
disk:
- size: ">= 20 GiB"
memory: ">= 5120 MiB"
prepare:
how: install
package:
- aspnetcore-runtime-10.0
- babeltrace
- bash-completion
- bc
- binutils
- dotnet-runtime-10.0
- dotnet-sdk-10.0
- expect
- file
- findutils
- gcc-c++
- git
- jq
- libstdc++-devel
- lldb
- npm
- postgresql-odbc
- postgresql-server
- procps-ng
- python3
- strace
- util-linux
- wget
- which
- zlib-devel
execute:
script:
- dotnet --info
- wget --no-verbose https://github.com/redhat-developer/dotnet-bunny/releases/latest/download/turkey.tar.gz
- tar xf turkey.tar.gz
- dotnet turkey/Turkey.dll --version
- git clone "https://github.com/redhat-developer/dotnet-regular-tests.git"
- dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200
- dnf remove -yq 'dotnet*'
- set -x; if command -v dotnet ; then exit 1; fi
- set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi
- set -x; if man dotnet; then exit 1; fi

223
update-release Executable file
View File

@ -0,0 +1,223 @@
#!/bin/bash
# Usage:
# ./update-release runtime-version|latest-release|latest-commit [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]
set -euo pipefail
IFS=$'\n\t'
set -x
print_usage() {
echo " Usage:"
echo " ./update-release runtime-version|latest-release|latest-commit [--bootstrap] [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]"
echo ""
echo "The runtime-version parameter needs to match the github release name."
echo "For preview releases, runtime-version should be of the form '9.0 Preview 1'."
}
download_release_json() {
version=$1
cat > query <<EOF
[ .[] | select(.name | contains(".NET $version")) ]
| first
| { tag_name: .tag_name,
tarball: .tarball_url,
signature: .assets[].browser_download_url | select(. | endswith("tar.gz.sig")),
release_manifest: .assets[] | select(.name == "release.json") | .browser_download_url }
EOF
curl https://api.github.com/repos/dotnet/dotnet/releases \
| jq --from-file query > release.metadata.github
curl -L "$(jq -r .release_manifest release.metadata.github)" -o release.json
}
user_provided_tarball_name=""
rpm_release=1
positional_args=()
bug_ids=()
bootstrap=0
while [[ "$#" -gt 0 ]]; do
arg="$1"
case "${arg}" in
--bootstrap)
bootstrap=1
shift;
;;
--bug)
bug_ids+=("$2")
shift;
shift;
;;
-h|--help)
print_usage
exit 0
;;
--release-json)
release_json="$2"
shift;
shift;
;;
--tarball)
user_provided_tarball_name="$2"
shift;
shift;
;;
--larger-rpm-release)
rpm_release="2"
shift;
;;
*)
positional_args+=("$1")
shift
;;
esac
done
spec_files=( ./*.spec )
spec_file="${spec_files[0]}"
dotnet_major_minor_version=$spec_file
dotnet_major_minor_version=${dotnet_major_minor_version#./dotnet}
dotnet_major_minor_version=${dotnet_major_minor_version%.spec}
echo "Updating .NET $dotnet_major_minor_version"
runtime_version=${positional_args[0]:-}
sdk_version=""
tag=v${runtime_version}
created_release_json=0
if [[ ${runtime_version} == latest-release ]]; then
if [[ -n "${release_json:-}" ]]; then
cp -a "${release_json}" release.json
else
download_release_json "${dotnet_major_minor_version}"
fi
elif [[ ${runtime_version} == latest-commit ]]; then
cat > query <<EOF
[ .[] | select(.name == "main") ]
| first
EOF
curl https://api.github.com/repos/dotnet/dotnet/branches \
| jq --from-file query > release.metadata.github
commit=$(jq -r .commit.sha release.metadata.github)
jq >release.json <<EOF
{
"release": "$dotnet_major_minor_version",
"channel": "$dotnet_major_minor_version",
"tag": "$commit",
"sdkVersion": "$dotnet_major_minor_version",
"runtimeVersion": "$dotnet_major_minor_version",
"aspNetCoreVersion": "$dotnet_major_minor_version",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "$commit"
}
EOF
cat release.json
created_release_json=1
else
if [[ -n "${release_json:-}" ]]; then
cp -a "${release_json}" release.json
else
download_release_json "${runtime_version}"
fi
fi
aspnetcore_runtime_version=$(jq -r .aspNetCoreVersion release.json)
runtime_version=$(jq -r .runtimeVersion release.json)
sdk_version=$(jq -r .sdkVersion release.json)
tag=$(jq -r .tag release.json)
tag_without_v=$(echo ${tag} | sed -e 's|^v||')
echo "Updating .NET $dotnet_major_minor_version to SDK ${sdk_version} and Runtime ${runtime_version}"
if [[ $bootstrap == 0 ]]; then
sed -i -E "s|^%bcond_with.*bootstrap$|%bcond_with bootstrap|" "$spec_file"
else
sed -i -E "s|^%bcond_with.*bootstrap$|%bcond_without bootstrap|" "$spec_file"
fi
sed -i -E "s|^%global upstream_tag .*$|%global upstream_tag ${tag}|" "$spec_file"
sed -i -E "s|^%global runtime_version .*$|%global runtime_version ${runtime_version}|" "$spec_file"
sed -i -E "s|^%global aspnetcore_runtime_version .*$|%global aspnetcore_runtime_version ${aspnetcore_runtime_version}|" "$spec_file"
sed -i -E "s|^%global sdk_version .*$|%global sdk_version ${sdk_version}|" "$spec_file"
if [[ $runtime_version = *preview* ]] || [[ $runtime_version = *rc* ]]; then
# For Preview/RC releases, convert x.y.z-preview.a.b to x.y.z~preview.a.b (replace - with ~)
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
runtime_rpm_version=${runtime_version/-/\~}
aspnetcore_runtime_rpm_version=${aspnetcore_runtime_version/-/\~}
sdk_rpm_version=${sdk_version/-/\~}
sed -i -E "s|^(%global runtime_rpm_version) .*$|\1 ${runtime_rpm_version}|" "$spec_file"
sed -i -E "s|^(%global aspnetcore_runtime_rpm_version) .*$|\1 ${aspnetcore_runtime_rpm_version}|" "$spec_file"
sed -i -E "s|^(%global sdk_rpm_version) .*$|\1 ${sdk_rpm_version}|" "$spec_file"
else
# For GA releases replace rpm versions with rpm macros for the actual version
sed -i -E "s|^(%global runtime_rpm_version) .*$|\1 %{runtime_version}|" "$spec_file"
sed -i -E "s|^(%global aspnetcore_runtime_rpm_version) .*$|\1 %{aspnetcore_runtime_version}|" "$spec_file"
sed -i -E "s|^(%global sdk_rpm_version) .*$|\1 %{sdk_version}|" "$spec_file"
fi
if [[ -f "dotnet-${tag_without_v}.tar.gz" ]]; then
echo "dotnet-${tag_without_v}.tar.gz already exists, not rebuilding tarball"
elif [[ -n ${user_provided_tarball_name} ]]; then
cp -a "${user_provided_tarball_name}" "dotnet-${tag_without_v}.tar.gz"
signature_name=$(basename "${user_provided_tarball_name}.sig")
user_tarball_dir=$(dirname "${user_provided_tarball_name}" )
# intentionally unquoted, since it can be blank
# shellcheck disable=SC2116,SC2086
signature_path=$(find $user_tarball_dir -iname "${signature_name}")
cp -a "${signature_path}" "dotnet-${tag_without_v}.tar.gz.sig"
else
if [[ $created_release_json == 0 ]] then
rm -f release.json
fi
spectool -g "$spec_file"
fi
if [[ $bootstrap == 1 ]]; then
tar xf "dotnet-${tag_without_v}.tar.gz" "dotnet-${tag_without_v}/global.json"
bootstrap_sdk_version=$(jq -r .tools.dotnet "dotnet-${tag_without_v}/global.json")
sed -i -E "s|^(%global bootstrap_sdk_version) .*$|\1 ${bootstrap_sdk_version}|" "$spec_file"
./build-dotnet-bootstrap-tarball "${tag_without_v}"
if [ -f dotnet-prebuilts*ppc64le*tar.gz ]; then
file_name=$(ls -1 -t dotnet-prebuilts-*-ppc64le.tar.gz | head -1)
bootstrap_sdk_version_ppc64le_s390x=$(basename $file_name | sed -E -e 's/dotnet-prebuilts-//' -e 's/-ppc64le.tar.gz//')
sed -E -i "s|^%global bootstrap_sdk_version_ppc64le_s390x .*$|%global bootstrap_sdk_version_ppc64le_s390x $bootstrap_sdk_version_ppc64le_s390x|" "$spec_file"
fi
fi
set -x
comment="Update to .NET SDK ${sdk_version} and Runtime ${runtime_version}"
commit_message="$comment
"
for bug_id in "${bug_ids[@]}"; do
if [[ "$bug_id" =~ ^[[:digit:]]+$ ]]; then
comment="$comment
- Resolves: RHBZ#$bug_id"
commit_message="$commit_message
Resolves: RHBZ#$bug_id"
else
comment="$comment
- Resolves: $bug_id"
commit_message="$commit_message
Resolves: $bug_id"
fi
done
echo "$commit_message" > git-commit-message
rpmdev-bumpspec --comment="$comment" "$spec_file"
# Reset release in 'Release' tag
sed -i -E 's|^Release: [[:digit:]]+%|Release: '"$rpm_release"'%|' "$spec_file"
# Reset Release in changelog comment
# See https://stackoverflow.com/questions/18620153/find-matching-text-and-replace-next-line
sed -i -E '/^%changelog$/!b;n;s/-[[:digit:]]+$/-'"$rpm_release"'/' "$spec_file"
echo "Done updating sources. Commit message in ./git-commit-message"