rpms/dotnet10.0
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c10
rpms:c8
rpms:c8-bootstrap
rpms:c9-beta
rpms:imports/c10/dotnet10.0-10.0.101-1.el10_1
rpms:imports/c9/dotnet10.0-10.0.101-1.el9_7
rpms:imports/c10s/dotnet10.0-10.0.101-2.el10
rpms:imports/c8/dotnet10.0-10.0.101-1.el8_10
rpms:imports/c10/dotnet10.0-10.0.100-2.el10_1
rpms:imports/c9/dotnet10.0-10.0.100-2.el9_7
rpms:imports/c8/dotnet10.0-10.0.100-2.el8_10
rpms:imports/c10/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10_1
rpms:imports/c10s/dotnet10.0-10.0.100-2.el10
rpms:imports/c9/dotnet10.0-10.0.100_rc.2.25502.107-0.10.el9_7
rpms:imports/c10s/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.11.el10
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.9.el9
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.8.el9_bootstrap
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.10.el10
rpms:imports/c10s/dotnet10.0-10.0.100_preview.7.25380.108-0.9.el10
...
pull from: rpms:c10s
Branches Tags
rpms:c9s
rpms:c8s
rpms:c10
rpms:c10s
rpms:c8
rpms:c8-bootstrap
rpms:c9-beta
rpms:imports/c10/dotnet10.0-10.0.101-1.el10_1
rpms:imports/c9/dotnet10.0-10.0.101-1.el9_7
rpms:imports/c10s/dotnet10.0-10.0.101-2.el10
rpms:imports/c8/dotnet10.0-10.0.101-1.el8_10
rpms:imports/c10/dotnet10.0-10.0.100-2.el10_1
rpms:imports/c9/dotnet10.0-10.0.100-2.el9_7
rpms:imports/c8/dotnet10.0-10.0.100-2.el8_10
rpms:imports/c10/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10_1
rpms:imports/c10s/dotnet10.0-10.0.100-2.el10
rpms:imports/c9/dotnet10.0-10.0.100_rc.2.25502.107-0.10.el9_7
rpms:imports/c10s/dotnet10.0-10.0.100_rc.2.25502.107-0.12.el10
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.11.el10
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.9.el9
rpms:imports/c9-beta/dotnet10.0-10.0.100_rc.1.25451.107-0.8.el9_bootstrap
rpms:imports/c10s/dotnet10.0-10.0.100_rc.1.25451.107-0.10.el10
rpms:imports/c10s/dotnet10.0-10.0.100_preview.7.25380.108-0.9.el10

12 Commits
c8s ... c10s

Author SHA1 Message Date
Omair Majid
e1af750f22 Update to .NET SDK 10.0.101 and Runtime 10.0.1 
Resolves: RHEL-130939
 2025-12-09 15:06:58 -05:00
Omair Majid
4387993d51 Update to .NET SDK 10.0.100 and Runtime 10.0.0 
Resolves: RHEL-125749
 2025-11-13 22:02:17 -05:00
Omair Majid
00bf9f5cf0 Update to .NET SDK 10.0.100-rc.2.25502.107 and Runtime 10.0.0-rc.2.25502.107 
Resolves: RHEL-121558
 2025-10-17 09:12:46 -04:00
Omair Majid
fc4f99e063 Disable bootstrap 
Related: RHEL-114571
 2025-09-30 21:47:53 -04:00
Omair Majid
07ae284174 Update to .NET 10 RC 1 
Resolves: RHEL-114571
 2025-09-16 17:11:57 -04:00
Omair Majid
8652981853 Disable bootstrap 
Related: RHEL-98678
 2025-09-09 09:47:18 -04:00
Omair Majid
6b71f79f22 Drop netstandard-targeting-pack-2.1 
It's being removed by upstream in RC 1. See
https://github.com/dotnet/source-build/issues/5324.

Remove it from RHEL early, so we never provide this from dotnet10.0.
Otherwise, users will not have an upgrade path back to the supported
verison of this subpackage (provided by dotnet9.0).

Related: RHEL-98678
 2025-09-04 18:04:29 -04:00
Omair Majid
043defd243 Update to .NET 10 Preview 7 
Related: RHEL-98678
 2025-08-25 13:38:15 -04:00
Omair Majid
ea1ebd25a5 Rebuild to try and get rid of random errors 
Related: RHEL-98678
 2025-08-19 17:05:14 -04:00
Omair Majid
a553ec5a22 Initial commit on c10s 
Originally imported from:
243efe5136

Resolves: RHEL-98678
 2025-08-08 12:08:42 -04:00
Johnny Hughes
9f40f7af8b add dotnet10.0 to c10s for CS-2978 
Signed-off-by: Johnny Hughes <jhughes@redhat.com>
 2025-08-07 12:41:46 -05:00
Johnny Hughes
9c5c0fa079 Reset branch contents to only include README.md and dead.package. 2025-07-29 14:44:55 +00:00
20 changed files with 1976 additions and 0 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

78
.gitignore vendored
View File

@ -0,0 +1,78 @@
/dotnet-v3.1.101-SDK.tar.gz
/dotnet-v3.1.102-SDK.tar.gz
/dotnet-v3.1.103.2-SDK.tar.gz
/dotnet-v5.0.102-SDK-arm64-bootstrap.tar.gz
/dotnet-v5.0.102-SDK-x64-bootstrap.tar.gz
/dotnet-v5.0.102-SDK.tar.gz
/dotnet-v5.0.103-SDK.tar.gz
/dotnet-v5.0.104-SDK.tar.gz
/dotnet-v5.0.202-SDK.tar.gz
/dotnet-v5.0.203-SDK.tar.gz
/dotnet-v5.0.204-SDK.tar.gz
/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c-x64-bootstrap.tar.xz
/dotnet-arm64-prebuilts-2021-10-29.tar.gz
/dotnet-s390x-prebuilts-2021-10-29.tar.gz
/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c.tar.gz
/dotnet-v6.0.101.tar.gz
/dotnet-v6.0.102.tar.gz
/dotnet-v6.0.103.tar.gz
/dotnet-v6.0.104.tar.gz
/dotnet-v6.0.105.tar.gz
/dotnet-v7.0.100-rc.2.22477.23-x64-bootstrap.tar.xz
/dotnet-arm64-prebuilts-2022-10-12.tar.gz
/dotnet-ppc64le-prebuilts-2022-10-21.tar.gz
/dotnet-s390x-prebuilts-2022-10-12.tar.gz
/dotnet-v7.0.100.tar.gz
/dotnet-v7.0.101.tar.gz
/dotnet-v7.0.102.tar.gz
/dotnet-v8.0.0-rc.1.23419.4-x64-bootstrap.tar.xz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-arm64.tar.gz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-ppc64le.tar.gz
/dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz
/dotnet-v8.0.0-rc.2.23479.6.tar.gz
/dotnet-8.0.0.tar.gz
/dotnet-8.0.0.tar.gz.sig
/dotnet-8.0.1.tar.gz
/dotnet-8.0.1.tar.gz.sig
/dotnet-8.0.2.tar.gz
/8.0.2.tar.gz.sig
/dotnet-v9.0.0-rc.1.24431.7-x64-bootstrap.tar.gz
/dotnet-sdk-9.0.100-preview.7.24407.12-linux-arm64.tar.gz
/dotnet-prebuilts-9.0.100-preview.7.24407.1-ppc64le.tar.gz
/dotnet-prebuilts-9.0.100-preview.7.24407.1-s390x.tar.gz
/dotnet-9.0.0-rc.1.24431.7.tar.gz
/dotnet-9.0.0-rc.1.24431.7.tar.gz.sig
/dotnet-v9.0.0-rc.2.24473.5-x64-bootstrap.tar.gz
/dotnet-sdk-9.0.100-rc.1.24452.12-linux-arm64.tar.gz
/dotnet-prebuilts-9.0.100-rc.1.24452.1-ppc64le.tar.gz
/dotnet-prebuilts-9.0.100-rc.1.24452.1-s390x.tar.gz
/dotnet-9.0.0-rc.2.24473.5.tar.gz
/dotnet-9.0.0-rc.2.24473.5.tar.gz.sig
/dotnet-9.0.0.tar.gz
/dotnet-9.0.0.tar.gz.sig
/dotnet-9.0.101.tar.gz
/dotnet-9.0.101.tar.gz.sig
/dotnet-10.0.0-preview.6.25358.103.tar.gz
/dotnet-10.0.0-preview.6.25358.103.tar.gz.sig
/dotnet-prebuilts-10.0.100-preview.6.25302.104-arm64.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25302.104-x64.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25358.103-ppc64le.tar.gz
/dotnet-prebuilts-10.0.100-preview.6.25358.103-s390x.tar.gz
/dotnet-10.0.100-preview.7.25380.108.tar.gz
/dotnet-10.0.100-preview.7.25380.108.tar.gz.sig
/dotnet-prebuilts-10.0.100-preview.7.25322.101-arm64.tar.gz
/dotnet-prebuilts-10.0.100-preview.7.25322.101-x64.tar.gz
/dotnet-prebuilts-10.0.100-preview.7.25380.108-ppc64le.tar.gz
/dotnet-prebuilts-10.0.100-preview.7.25380.108-s390x.tar.gz
/dotnet-10.0.100-rc.1.25451.107.tar.gz
/dotnet-10.0.100-rc.1.25451.107.tar.gz.sig
/dotnet-prebuilts-10.0.100-rc.1.25420.111-x64.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25420.111-arm64.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25451.107-ppc64le.tar.gz
/dotnet-prebuilts-10.0.100-rc.1.25451.107-s390x.tar.gz
/dotnet-source-10.0.100-rc.2.25502.107.tar.gz
/dotnet-source-10.0.100-rc.2.25502.107.tar.gz.sig
/dotnet-10.0.100.tar.gz
/dotnet-10.0.100.tar.gz.sig
/dotnet-10.0.101.tar.gz
/dotnet-10.0.101.tar.gz.sig

27
README.md Normal file
View File

@ -0,0 +1,27 @@
# dotnet10.0
The dotnet10.0 package
This is the .NET 10.0 package for CentOS Stream/RHEL 10.
# Specification
This package follows [package naming and contents suggested by
upstream](https://docs.microsoft.com/en-us/dotnet/core/build/distribution-packaging),
with one exception. It installs dotnet to `/usr/lib64/dotnet` (aka
`%{_libdir}`).
# Contributing
Please open merge requests in dotnet10.0 repository in CentOS Stream.
# Testing
This package uses CI tests as defined in `tests/ci.fmf`. You can run them using
[tmt](https://tmt.readthedocs.io/en/stable/overview.html). Creating a
merge-request or running an official build will fire off tests and flag any
issues. We have enabled gating (via `gating.yaml`) on the tests. That prevents
a build that fails any test from being released until the failures are waived.
The tests themselves are contained in this external repository:
https://github.com/redhat-developer/dotnet-regular-tests/

123
build-dotnet-bootstrap-tarball Executable file
View File

@ -0,0 +1,123 @@
#!/bin/bash
# Usage:
# build-dotnet-bootstrap-tarball <tag-or-commit-from-dotnet>
#
# Creates a source archive suitable for bootstrapping
# https://github.com/dotnet/dotnet.
#
# Requires a tarball with the name "${dotnet}-${tag}.tar.gz" in current
# directory.
set -euo pipefail
IFS=$'\n\t'
function print_usage {
echo "Usage:"
echo "$0 <tag-from-dotnet>|<commit-sha-from-dotnet>"
echo
echo "Creates a $arch bootstrap source archive from an archive of https://github.com/dotnet/dotnet"
}
function clean_dotnet_cache {
rm -rf ~/.aspnet ~/.dotnet/ ~/.nuget/ ~/.local/share/NuGet ~/.templateengine
rm -rf /tmp/NuGet /tmp/NuGetScratch /tmp/.NETCore* /tmp/.NETStandard* /tmp/.dotnet /tmp/dotnet.* /tmp/clr-debug-pipe* /tmp/Razor-Server /tmp/CoreFxPipe* /tmp/VBCSCompiler /tmp/.NETFramework*
rm -rf ~/.npm/
}
function check_bootstrap_environment {
if rpm -qa | grep dotnet ; then
echo "error: dotnet is installed. Not a good idea for bootstrapping."
exit 1
fi
if [ -d /usr/lib/dotnet ] || [ -d /usr/lib64/dotnet ] || [ -d /usr/share/dotnet ] ; then
echo "error: one of /usr/lib/dotnet /usr/lib64/dotnet or /usr/share/dotnet/ exists. Not a good idea for bootstrapping."
exit 1
fi
if command -v dotnet ; then
echo "error: dotnet is in $PATH. Not a good idea for bootstrapping."
exit 1
fi
}
positional_args=()
while [[ "$#" -gt 0 ]]; do
arg="${1}"
case "${arg}" in
-h|--help)
print_usage
exit 0
;;
*)
positional_args+=("$1")
shift
;;
esac
done
check_bootstrap_environment
tag=${positional_args[0]:-}
if [[ -z ${tag} ]]; then
echo "error: missing tag to build"
exit 1
fi
set -x
tag_without_v=$(echo "${tag}" | sed -e 's|^v||')
tarball_name="dotnet-${tag_without_v}"
tarball_suffix=.tar.gz
if [ -f "dotnet-prebuilts-${tag}-x64${tarball_suffix}" ]; then
echo "error: dotnet-prebuilts-${tag}-x64${tarball_suffix} already exists"
exit 1
fi
if [ -f "dotnet-prebuilts-${tag}-arm64${tarball_suffix}" ]; then
echo "error: dotnet-prebuilts-${tag}-arm64${tarball_suffix} already exists"
exit 1
fi
for arch in arm64 x64; do
rm -rf "${tarball_name}"
tar xf "${tarball_name}${tarball_suffix}"
pushd "${tarball_name}"
if [[ $arch == arm64 ]]; then
./prep-source-build.sh --bootstrap-rid linux-arm64
else
./prep-source-build.sh
fi
# Remove files with funny licenses and crypto implementations and
# other not-very-useful artifacts. We MUST NOT ship any files that
# have unapproved licenses and unexpected cryptographic
# implementations.
#
# We use rm -r (no -f) to make sure the operation fails if the files
# are not at the expected locations. If the files are not at the
# expected location, we need to find the new location of the files and
# delete them, or verify that upstream has already removed the files.
# rm -r $FILE_TO_REMOVE
sdk_version=$(jq -r .tools.dotnet "global.json")
mkdir -p "../dotnet-prebuilts-${sdk_version}-${arch}"
pushd "../dotnet-prebuilts-${sdk_version}-${arch}"
mv "../${tarball_name}/prereqs/packages/archive/Private.SourceBuilt.Artifacts.Bootstrap.tar.gz" .
wget https://builds.dotnet.microsoft.com/dotnet/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz || \
wget https://ci.dot.net/public/Sdk/${sdk_version}/dotnet-sdk-${sdk_version}-linux-${arch}.tar.gz
popd
popd
tar czf "dotnet-prebuilts-${sdk_version}-${arch}${tarball_suffix}" "dotnet-prebuilts-${sdk_version}-${arch}"
rm -rf "dotnet-prebuilts-${sdk_version}-${arch}"
done
if [ -f rpm-crosscompile-all ] ; then
./rpm-crosscompile-all "${tag}"
fi

62
build-prebuilt-archive Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
# Usage:
# build-prebuilt-archive architecture vmr-directory
#
# Creates an archive containing necessary bootstrapping binaries for ppc64le or
# s390x architectures from a VMR build.
#
# You need to have cloned the VMR (https://github.com/dotnet/dotnet) and
# cross-compiled it for the target architecture already.
set -euo pipefail
IFS=$'\n\t'
set -x
function print_usage {
echo "Usage:"
echo "$0 <architecture> <vmr directory>"
echo
echo "Creates a ppc64le or s390x bootstrap archive from a VMR build."
echo
echo "You need to have cloned the VMR (https://github.com/dotnet/dotnet) and"
echo "cross-compiled it for the target architecture already."
}
positional_args=()
while [[ "$#" -gt 0 ]]; do
arg="${1}"
case "${arg}" in
-h|--help)
print_usage
exit 0
;;
*)
positional_args+=("$1")
shift
;;
esac
done
arch=${positional_args[0]} # Name of the architecture. Eg, s390x or ppc64le
dir=${positional_args[1]} # Checkout of the VMR with the cross-build for the target architecture
dir=$(readlink -f "$dir")
sdk_tarball=$(readlink -f $(find "$dir" -iname 'dotnet-sdk*'"$arch"'*tar.gz' | head -1))
# SDK is at VMR/artifacts/assets/Release/dotnet-sdk-9.0.100-preview.3.24165.1-linux-$arch.tar.gz. Extract the SDK version from the name.
sdk_version=$(echo "$(basename "${sdk_tarball}")" | sed -E -e 's/dotnet-sdk-//' -e "s/-linux-$arch.tar.gz//")
echo $sdk_version
archive_name=dotnet-prebuilts-${sdk_version}-${arch}
mkdir -p $archive_name
pushd $archive_name
cp -av $sdk_tarball .
cp $dir/artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz .
popd
tar cvzf $archive_name.tar.gz $archive_name

140
check-debug-symbols.py Executable file
View File

@ -0,0 +1,140 @@
#!/usr/bin/python3
"""
Check debug symbols are present in shared object and can identify
code.
It starts scanning from a directory and recursively scans all ELF
files found in it for various symbols to ensure all debuginfo is
present and nothing has been stripped.
Usage:
./check-debug-symbols /path/of/dir/to/scan/
Example:
./check-debug-symbols /usr/lib64
"""
# This technique was explained to me by Mark Wielaard (mjw).
import collections
import os
import re
import subprocess
import sys
ScanResult = collections.namedtuple('ScanResult',
'file_name debug_info debug_abbrev file_symbols gnu_debuglink')
file_symbol_exclude_list = [
'ilc',
]
def scan_file(file):
"Scan the provided file and return a ScanResult containing results of the scan."
# Test for .debug_* sections in the shared object. This is the main test.
# Stripped objects will not contain these.
readelf_S_result = subprocess.run(['eu-readelf', '-S', file],
stdout=subprocess.PIPE, encoding='utf-8', check=True)
has_debug_info = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_info' in line)
has_debug_abbrev = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_abbrev' in line)
# Test FILE symbols. These will most likely be removed by anyting that
# manipulates symbol tables because it's generally useless. So a nice test
# that nothing has messed with symbols.
def contains_file_symbols(line):
parts = line.split()
if len(parts) < 8:
return False
return \
parts[2] == '0' and parts[3] == 'FILE' and parts[4] == 'LOCAL' and parts[5] == 'DEFAULT' and \
parts[6] == 'ABS' and re.match(r'((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx))?', parts[7])
readelf_s_result = subprocess.run(["eu-readelf", '-s', file],
stdout=subprocess.PIPE, encoding='utf-8', check=True)
has_file_symbols = True
if not os.path.basename(file) in file_symbol_exclude_list:
has_file_symbols = any(line for line in readelf_s_result.stdout.split('\n') if contains_file_symbols(line))
# Test that there are no .gnu_debuglink sections pointing to another
# debuginfo file. There shouldn't be any debuginfo files, so the link makes
# no sense either.
has_gnu_debuglink = any(line for line in readelf_s_result.stdout.split('\n') if '] .gnu_debuglink' in line)
return ScanResult(file, has_debug_info, has_debug_abbrev, has_file_symbols, has_gnu_debuglink)
def is_elf(file):
result = subprocess.run(['file', file], stdout=subprocess.PIPE, encoding='utf-8', check=True)
return re.search(r'ELF 64-bit [LM]SB (?:pie )?(?:executable|shared object)', result.stdout)
def scan_file_if_sensible(file):
if is_elf(file):
return scan_file(file)
return None
def scan_dir(dir):
results = []
for root, _, files in os.walk(dir):
for name in files:
result = scan_file_if_sensible(os.path.join(root, name))
if result:
results.append(result)
return results
def scan(file):
file = os.path.abspath(file)
if os.path.isdir(file):
return scan_dir(file)
elif os.path.isfile(file):
return [scan_file_if_sensible(file)]
def is_bad_result(result):
return not result.debug_info or not result.debug_abbrev or not result.file_symbols or result.gnu_debuglink
def print_scan_results(results, verbose):
# print(results)
for result in results:
file_name = result.file_name
found_issue = False
if not result.debug_info:
found_issue = True
print('error: missing .debug_info section in', file_name)
if not result.debug_abbrev:
found_issue = True
print('error: missing .debug_abbrev section in', file_name)
if not result.file_symbols:
found_issue = True
print('error: missing FILE symbols in', file_name)
if result.gnu_debuglink:
found_issue = True
print('error: unexpected .gnu_debuglink section in', file_name)
if verbose and not found_issue:
print('OK: ', file_name)
def main(args):
verbose = False
files = []
for arg in args:
if arg == '--verbose' or arg == '-v':
verbose = True
else:
files.append(arg)
results = []
for file in files:
results.extend(scan(file))
print_scan_results(results, verbose)
if any(is_bad_result(result) for result in results):
return 1
return 0
if __name__ == '__main__':
sys.exit(main(sys.argv[1:]))

18
copr-build Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -euo pipefail
set -x
function fedora_release {
source /etc/os-release
echo $VERSION_ID
}
fedpkg --release f$(fedora_release) srpm 2>&1 | tee fedpkg.output
srpm_name=$(grep 'Wrote: ' fedpkg.output | cut -d' ' -f 2)
ls -alh "${srpm_name}"
copr-cli --debug build @dotnet-sig/dotnet-preview "${srpm_name}" --timeout 36000

14
dotnet.sh.in Normal file
View File

@ -0,0 +1,14 @@
# Set location for AppHost lookup
[ -z "$DOTNET_ROOT" ] && export DOTNET_ROOT=@LIBDIR@/dotnet
# Add dotnet tools directory to PATH
DOTNET_TOOLS_PATH="$HOME/.dotnet/tools"
case "$PATH" in
*"$DOTNET_TOOLS_PATH"* ) true ;;
* ) PATH="$PATH:$DOTNET_TOOLS_PATH" ;;
esac
# Extract self-contained executables under HOME
# to avoid multi-user issues from using the default '/var/tmp'.
[ -z "$DOTNET_BUNDLE_EXTRACT_BASE_DIR" ] && export DOTNET_BUNDLE_EXTRACT_BASE_DIR="${XDG_CACHE_HOME:-"$HOME"/.cache}/dotnet_bundle_extract"

957
dotnet10.0.spec Normal file
View File

@ -0,0 +1,957 @@
%bcond_with bootstrap
# LTO triggers a compilation error for a source level issue. Given that LTO should not
# change the validity of any given source and the nature of the error (undefined enum), I
# suspect a generator program is mis-behaving in some way. This needs further debugging,
# until that's done, disable LTO. This has to happen before setting the flags below.
%define _lto_cflags %{nil}
%global dotnetver 10.0
# Only the package for the latest dotnet version should provide RPMs like
# dotnet-host
%global is_latest_dotnet 1
# upstream can produce releases with a different tag than the SDK version
#%%global upstream_tag v%%{runtime_version}
%global upstream_tag v10.0.101
%global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||')
%global hostfxr_version %{runtime_version}
%global runtime_version 10.0.1
%global aspnetcore_runtime_version 10.0.1
%global sdk_version 10.0.101
%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version %{aspnetcore_runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
%global runtime_rpm_version %{runtime_version}
%global aspnetcore_runtime_rpm_version %{aspnetcore_runtime_version}
%global sdk_rpm_version %{sdk_version}
%global use_bundled_brotli 0
%global use_bundled_libunwind 1
%global use_bundled_llvm_libunwind 1
%global use_bundled_rapidjson 0
%global use_bundled_zlib 0
%global use_lttng 0
%if 0%{?rhel} > 0
%global use_bundled_rapidjson 1
%endif
%ifarch aarch64
%global runtime_arch arm64
%endif
%ifarch ppc64le
%global runtime_arch ppc64le
%endif
%ifarch s390x
%global runtime_arch s390x
%endif
%ifarch x86_64
%global runtime_arch x64
%endif
%global mono_archs ppc64le s390x
# On Fedora and RHEL > 9, ship RPM macros
%if 0%{?fedora} || 0%{?rhel} > 9
%global include_macros 1
%else
%global include_macros 0
%endif
%{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}}
# Define macros for OS backwards compat
%if %{undefined bash_completions_dir}
%global bash_completions_dir %{_datadir}/bash-completion/completions
%endif
%if %{undefined zsh_completions_dir}
%global zsh_completions_dir %{_datadir}/zsh/site-functions
%endif
Name: dotnet%{dotnetver}
Version: %{sdk_rpm_version}
Release: 2%{?dist}
Summary: .NET Runtime and SDK
License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib
URL: https://github.com/dotnet/
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz
Source1: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/dotnet-%{upstream_tag_without_v}.tar.gz.sig
Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc
Source3: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json
%if %{with bootstrap}
# The bootstrap SDK version is one listed in the global.json file of the main source archive
%global bootstrap_sdk_version 10.0.100-rc.1.25420.111
# The source is generated on a Fedora box via:
# ./build-dotnet-bootstrap-tarball %%{upstream_tag}
Source10: dotnet-prebuilts-%{bootstrap_sdk_version}-x64.tar.gz
Source11: dotnet-prebuilts-%{bootstrap_sdk_version}-arm64.tar.gz
# To generate ppc64le and s390x archives:
# 1. Build the VMR commit in cross-build mode for the architecture
# 2. Use `build-prebuilt-archive` to create the archive from the VMR
%global bootstrap_sdk_version_ppc64le_s390x 10.0.100-rc.1.25451.107
Source12: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-ppc64le.tar.gz
Source13: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-s390x.tar.gz
%endif
Source100: macros.dotnet
Source101: check-debug-symbols.py
Source102: dotnet.sh.in
# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
Patch0: runtime-re-enable-implicit-rejection.patch
# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
# digests used for the signature are not treated as fatal errors.
# https://issues.redhat.com/browse/RHEL-25254
Patch1: runtime-openssl-sha1.patch
# fix an error caused by combining Fedora's CFLAGS with how .NET builds some assembly files
Patch2: runtime-disable-fortify-on-ilasm-parser.patch
ExclusiveArch: aarch64 ppc64le s390x x86_64
%if ! %{use_bundled_brotli}
BuildRequires: brotli-devel
%endif
BuildRequires: clang
BuildRequires: cmake
BuildRequires: coreutils
%if %{without bootstrap}
BuildRequires: dotnet-sdk-%{dotnetver}
BuildRequires: dotnet-sdk-%{dotnetver}-source-built-artifacts
%endif
BuildRequires: findutils
BuildRequires: git
BuildRequires: glibc-langpack-en
BuildRequires: gnupg2
BuildRequires: hostname
BuildRequires: krb5-devel
BuildRequires: libicu-devel
%if ! %{use_bundled_libunwind}
BuildRequires: libunwind-devel
%endif
%ifnarch s390x
BuildRequires: lld
%else
# lld is not supported/available/usable on s390x
BuildRequires: binutils
%endif
# If the build ever crashes, then having lldb installed might help the
# runtime generate a backtrace for the crash
BuildRequires: lldb
BuildRequires: llvm
%if ! %{use_bundled_llvm_libunwind}
BuildRequires: llvm-libunwind-devel
%endif
%if %{use_lttng}
BuildRequires: lttng-ust-devel
%endif
BuildRequires: make
BuildRequires: openssl-devel
BuildRequires: python3
%if ! %{use_bundled_rapidjson}
BuildRequires: rapidjson-devel
%endif
BuildRequires: tar
BuildRequires: util-linux
%if ! %{use_bundled_zlib}
BuildRequires: zlib-devel
%endif
# The tracing support in CoreCLR is optional. It has a run-time
# dependency on some additional libraries like lttng-ust. The runtime
# gracefully disables tracing if the dependencies are missing.
%global __requires_exclude_from ^(%{_libdir}/dotnet/.*/libcoreclrtraceptprovider\\.so)$
# Avoid generating provides and requires for private libraries
%global privlibs libhostfxr
%global privlibs %{privlibs}|libclrgc
%global privlibs %{privlibs}|libclrjit
%global privlibs %{privlibs}|libcoreclr
%global privlibs %{privlibs}|libcoreclrtraceptprovider
%global privlibs %{privlibs}|libhostpolicy
%global privlibs %{privlibs}|libmscordaccore
%global privlibs %{privlibs}|libmscordbi
%global privlibs %{privlibs}|libnethost
%global privlibs %{privlibs}|libSystem.Globalization.Native
%global privlibs %{privlibs}|libSystem.IO.Compression.Native
%global privlibs %{privlibs}|libSystem.Native
%global privlibs %{privlibs}|libSystem.Net.Security.Native
%global privlibs %{privlibs}|libSystem.Security.Cryptography.Native.OpenSsl
%global __provides_exclude ^(%{privlibs})\\.so
%global __requires_exclude ^(%{privlibs})\\.so
%description
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
# The `dotnet` package was a bit of historical mistake. Users
# shouldn't be asked to install .NET without a version because .NET
# code (source or build) is generally version specific. We have kept
# it around in older versions of RHEL and Fedora. But no reason to
# continue this mistake.
%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
%package -n dotnet
Version: %{sdk_rpm_version}
Summary: .NET CLI tools and runtime
Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
%description -n dotnet
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
%endif
%package -n dotnet-host
Version: %{runtime_rpm_version}
Summary: .NET command line launcher
%description -n dotnet-host
The .NET host is a command line program that runs a standalone
.NET application or launches the SDK.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-hostfxr-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: .NET command line host resolver
# Theoretically any version of the host should work. But lets aim for the one
# provided by this package, or from a newer version of .NET
Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release}
%description -n dotnet-hostfxr-%{dotnetver}
The .NET host resolver contains the logic to resolve and select
the right version of the .NET SDK or runtime to use.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-runtime-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: NET %{dotnetver} runtime
Requires: dotnet-hostfxr-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
# libicu is dlopen()ed
Requires: libicu%{?_isa}
# See src/runtime/src/libraries/Native/AnyOS/brotli-version.txt
Provides: bundled(libbrotli) = 1.0.9
%if %{use_bundled_libunwind}
# See src/runtime/src/coreclr/pal/src/libunwind/libunwind-version.txt
Provides: bundled(libunwind) = 1.5.rc1.28.g9165d2a1
%endif
%description -n dotnet-runtime-%{dotnetver}
The .NET runtime contains everything needed to run .NET applications.
It includes a high performance Virtual Machine as well as the framework
libraries used by .NET applications.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-runtime-dbg-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: Managed debug symbols NET %{dotnetver} runtime
Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
%description -n dotnet-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the .NET runtime itself.
%package -n aspnetcore-runtime-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
Summary: ASP.NET Core %{dotnetver} runtime
Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
%description -n aspnetcore-runtime-%{dotnetver}
The ASP.NET Core runtime contains everything needed to run .NET
web applications. It includes a high performance Virtual Machine as
well as the framework libraries used by .NET applications.
ASP.NET Core is a fast, lightweight and modular platform for creating
cross platform web applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n aspnetcore-runtime-dbg-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
Summary: Managed debug symbols for the ASP.NET Core %{dotnetver} runtime
Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release}
%description -n aspnetcore-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the ASP.NET Core runtime itself.
%package -n dotnet-templates-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: .NET %{dotnetver} templates
# Theoretically any version of the host should work. But lets aim for the one
# provided by this package, or from a newer version of .NET
Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release}
%description -n dotnet-templates-%{dotnetver}
This package contains templates used by the .NET SDK.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-sdk-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: .NET %{dotnetver} Software Development Kit
Provides: bundled(js-jquery)
Requires: dotnet-runtime-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release}
Requires: dotnet-apphost-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: dotnet-targeting-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release}
Requires: aspnetcore-targeting-pack-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release}
Requires: dotnet-templates-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
%description -n dotnet-sdk-%{dotnetver}
The .NET SDK is a collection of command line applications to
create, build, publish and run .NET applications.
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, Mac and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-sdk-dbg-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: Managed debug symbols for the .NET %{dotnetver} Software Development Kit
Requires: dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release}
%description -n dotnet-sdk-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the .NET
Software Development Kit (SDK) itself.
%package -n dotnet-sdk-aot-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: Ahead-of-Time (AOT) support for the .NET %{dotnetver} Software Development Kit
Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release}
# When installing AOT support, also install all dependencies needed to build
# NativeAOT applications. AOT invokes `clang ... -lssl -lcrypto -lbrotlienc
# -lbrotlidec -lz ...`.
Requires: brotli-devel%{?_isa}
Requires: clang%{?_isa}
Requires: openssl-devel%{?_isa}
Requires: zlib-devel%{?_isa}
%description -n dotnet-sdk-aot-%{dotnetver}
This package provides Ahead-of-time (AOT) compilation support for the .NET SDK.
%global dotnet_targeting_pack() %{expand:
%package -n %{1}
Version: %{2}
Summary: Targeting Pack for %{3} %{4}
Requires: dotnet-host%{?_isa}
%description -n %{1}
This package provides a targeting pack for %{3} %{4}
that allows developers to compile against and target %{3} %{4}
applications using the .NET SDK.
%files -n %{1}
%dir %{_libdir}/dotnet/packs
%{_libdir}/dotnet/packs/%{5}
}
%dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id}
%dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref
%dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref
%package -n dotnet-sdk-%{dotnetver}-source-built-artifacts
Version: %{sdk_rpm_version}
Summary: Internal package for building .NET %{dotnetver} Software Development Kit
%description -n dotnet-sdk-%{dotnetver}-source-built-artifacts
The .NET source-built archive is a collection of packages needed
to build the .NET SDK itself.
These are not meant for general use.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
release_json_tag=$(grep tag %{SOURCE3} | cut -d: -f2 | sed -E 's/[," ]*//g')
if [[ ${release_json_tag} != %{upstream_tag} ]]; then
echo "error: tag in release.json doesn't match tag in spec file"
exit 1
fi
%setup -q -n dotnet-%{upstream_tag_without_v}
# Remove all prebuilts and binaries
rm -rf .dotnet/
rm -rf packages/source-built
find -type f \( \
-iname '*.bin' -or \
-iname '*.binlog' -or \
-iname '*.dat' -or \
-iname '*.db' -or \
-iname '*.dll' -or \
-iname '*.doc' -or \
-iname '*.docx' -or \
-iname '*.exe' -or \
-iname '*.mdb' -or \
-iname '*.mod' -or \
-iname '*.msi' -or \
-iname '*.netmodule' -or \
-iname '*.nupkg' -or \
-iname '*.o' -or \
-iname '*.obj' -or \
-iname '*.out' -or \
-iname '*.p7b' -or \
-iname '*.p7s' -or \
-iname '*.pdb' -or \
-iname '*.pfx' -or \
-iname '*.so' -or \
-iname '*.tar.gz' -or \
-iname '*.tgz' -or \
-iname '*.tlb' -or \
-iname '*.winmd' -or \
-iname '*.vsix' -or \
-iname '*.zip' \
\) \
-delete
# No js/nodejs code should be getting built, and no javascript prebuilts
# packages should be present on disk or used. Delete things to make the build
# break if any Javascript is compiled/used.
find -iname package.json -delete
find -iname package-lock.json -delete
rm -rf ./src/aspnetcore/src/Components/Web.JS/dist
%if %{without bootstrap}
mkdir -p prereqs/packages/archive
ln -s %{_libdir}/dotnet/source-built-artifacts/Private.SourceBuilt.Artifacts.*.tar.gz prereqs/packages/archive/
%else
%ifarch x86_64
tar -x --strip-components=1 -f %{SOURCE10} -C prereqs/packages/archive/
%endif
%ifarch aarch64
tar -x --strip-components=1 -f %{SOURCE11} -C prereqs/packages/archive/
%endif
%ifarch ppc64le
tar -x --strip-components=1 -f %{SOURCE12} -C prereqs/packages/archive/
%endif
%ifarch s390x
tar -x --strip-components=1 -f %{SOURCE13} -C prereqs/packages/archive/
%endif
rm -rf .dotnet
mkdir -p .dotnet/
tar xf prereqs/packages/archive/dotnet-sdk*%{runtime_arch}.tar.gz -C .dotnet/
rm -rf prereqs/packages/archive/dotnet-sdk*.tar.gz
%endif
%autopatch -p1 -M 999
sed -i -E 's/trap.*tempDir.*EXIT//' eng/source-build-toolset-init.sh
%if ! %{use_bundled_brotli}
rm -r src/runtime/src/native/external/brotli/
%endif
%if ! %{use_bundled_libunwind}
rm -r src/runtime/src/native/external/libunwind/
%endif
%if ! %{use_bundled_llvm_libunwind}
rm -r src/runtime/src/native/external/llvm-libunwind
%endif
%if ! %{use_bundled_rapidjson}
rm -r src/runtime/src/native/external/rapidjson
%endif
%if ! %{use_bundled_zlib}
rm -r src/runtime/src/native/external/zlib-ng
%endif
%build
cat /etc/os-release
%if %{without bootstrap}
# We need to create a copy because build scripts will mutate this
cp -a %{_libdir}/dotnet previously-built-dotnet
find previously-built-dotnet
%endif
%if 0%{?fedora} || 0%{?rhel} >= 9
# Setting this macro ensures that only clang supported options will be
# added to ldflags and cflags.
%global toolchain clang
%set_build_flags
%else
# Filter flags not supported by clang
%global dotnet_cflags %(echo %optflags | sed -re 's/-specs=[^ ]*//g')
%global dotnet_ldflags %(echo %{__global_ldflags} | sed -re 's/-specs=[^ ]*//g')
export CFLAGS="%{dotnet_cflags}"
export CXXFLAGS="%{dotnet_cflags}"
export LDFLAGS="%{dotnet_ldflags}"
%endif
# -fstack-clash-protection breaks CoreCLR
CFLAGS=$(echo $CFLAGS | sed -e 's/-fstack-clash-protection//' )
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-fstack-clash-protection//' )
%ifarch aarch64
# -mbranch-protection=standard breaks unwinding in CoreCLR through libunwind
CFLAGS=$(echo $CFLAGS | sed -e 's/-mbranch-protection=standard //')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-mbranch-protection=standard //')
%endif
%ifarch s390x
# -march=z13 -mtune=z14 makes clang crash while compiling .NET
CFLAGS=$(echo $CFLAGS | sed -e 's/ -march=z13//')
CFLAGS=$(echo $CFLAGS | sed -e 's/ -mtune=z14//')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -march=z13//')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -mtune=z14//')
%endif
%if 0%{?rhel} >= 10
# This *seems* to avoid https://github.com/dotnet/runtime/issues/119070
# FIXME: Re-test this, and/or replace with upstream fix
CFLAGS=$(echo $CFLAGS | sed -e 's/-march=x86-64-v3 //')
CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-march=x86-64-v3 //')
LDFLAGS=$(echo $LDFLAGS | sed -e 's/-march=x86-64-v3 //')
%endif
# Enabling fortify-source and "-Wall -Weverything" produces new warnings from libc. Turn them off.
CFLAGS="$CFLAGS -Wno-used-but-marked-unused"
CXXFLAGS="$CXXFLAGS -Wno-used-but-marked-unused"
%if 0%{?fedora} >= 43 || 0%{?rhel} > 10
# -Wall includes Wjump-misses-init in newer clang versions
CFLAGS="$CFLAGS -Wno-jump-misses-init"
CXXFLAGS="$CXXFLAGS -Wno-jump-misses-init"
%endif
export EXTRA_CFLAGS="$CFLAGS"
export EXTRA_CXXFLAGS="$CXXFLAGS"
export EXTRA_LDFLAGS="$LDFLAGS"
# Disable tracing, which is incompatible with certain versions of
# lttng See https://github.com/dotnet/runtime/issues/57784. The
# suggested compile-time change doesn't work, unfortunately.
export COMPlus_LTTng=0
# Replace commas in the vendor name. Commas in msbuild properties are parsed
# differently than what we want.
vendor=$(echo "%{?dist_vendor}%{!?dist_vendor:%_host_vendor}" | sed -E 's/,/ /')
system_libs=
%if ! %{use_bundled_brotli}
system_libs=$system_libs+brotli+
%endif
%if ! %{use_bundled_libunwind}
system_libs=$system_libs+libunwind+
%endif
%if ! %{use_bundled_llvm_libunwind}
system_libs=$system_libs+llvmlibunwind+
%endif
%if ! %{use_bundled_rapidjson}
system_libs=$system_libs+rapidjson+
%endif
%if ! %{use_bundled_zlib}
system_libs=$system_libs+zlib+
%endif
%if ! %{use_lttng}
system_libs=$system_libs-lttng-
%endif
%ifarch ppc64le s390x
max_attempts=3
timeout=5h
%else
max_attempts=3
timeout=120m
%endif
function retry_until_success {
local exit_code=1
local tries=$1
shift
set +e
while [[ $exit_code != 0 ]] && [[ $tries != 0 ]]; do
(( tries = tries - 1 ))
"$@"
exit_code=$?
done
set -e
return $exit_code
}
cat >dotnet-rpm-build.sh <<EOF
#!/bin/bash
set -euo pipefail
set -x
find -depth -name 'artifacts' -type d -print -exec rm -rf {} \;
./build.sh \
--source-only \
--release-manifest %{SOURCE3} \
--branding rtm \
%if %{without bootstrap}
--with-sdk previously-built-dotnet \
%endif
%ifarch %{mono_archs}
--use-mono-runtime \
%endif
-- \
/p:UseSystemLibs=${system_libs} \
/p:TargetRid=%{runtime_id} \
/p:OfficialBuilder="$vendor" \
/p:MinimalConsoleLogOutput=false \
/p:ContinueOnPrebuiltBaselineError=true \
/v:n \
/p:LogVerbosity=n
EOF
chmod +x dotnet-rpm-build.sh
VERBOSE=1 retry_until_success $max_attempts \
timeout $timeout \
./dotnet-rpm-build.sh
sed -e 's|[@]LIBDIR[@]|%{_libdir}|g' %{SOURCE102} > dotnet.sh
%install
install -dm 0755 %{buildroot}%{_libdir}/dotnet
find artifacts/assets/Release/
mkdir -p built-sdk
tar xf artifacts/assets/Release/dotnet-sdk-%{sdk_version}*-%{runtime_id}.tar.gz -C %{buildroot}%{_libdir}/dotnet/
# Delete bundled certificates: we want to use the system store only,
# except for when we have no other choice and ca-certificates doesn't
# provide it. Currently ca-ceritificates has no support for
# timestamping certificates (timestamp.ctl).
find %{buildroot}%{_libdir}/dotnet -name 'codesignctl.pem' -delete
if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]; then
find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print
echo "too many certificate bundles"
exit 2
fi
# Install managed symbols
tar xf artifacts/assets/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \
-C %{buildroot}%{_libdir}/dotnet/
find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete
# Fix executable permissions on files
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'ilc' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'singlefilehost' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.sh' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'lib*so' -exec chmod +x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.a' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.dll' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.h' -exec chmod 0644 {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.json' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.o' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pdb' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.props' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pubxml' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \;
%if %{is_latest_dotnet}
install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/
install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/
# Install dynamic completions
install -dm 0755 %{buildroot}/%{bash_completions_dir}
install src/sdk/scripts/register-completions.bash %{buildroot}/%{bash_completions_dir}/dotnet
install -dm 755 %{buildroot}/%{zsh_completions_dir}
install src/sdk/scripts/register-completions.zsh %{buildroot}/%{zsh_completions_dir}/_dotnet
install -dm 0755 %{buildroot}%{_bindir}
ln -s ../../%{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/
ln -s ../../%{_libdir}/dotnet/dnx %{buildroot}%{_bindir}/
for section in 1 7; do
install -dm 0755 %{buildroot}%{_mandir}/man${section}/
find -iname 'dotnet*'.${section} -type f -exec cp {} %{buildroot}%{_mandir}/man${section}/ \;
done
install -dm 0755 %{buildroot}%{_sysconfdir}/dotnet
echo "%{_libdir}/dotnet" >> install_location
install install_location %{buildroot}%{_sysconfdir}/dotnet/
echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch}
install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/
%endif
install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts
install -m 0644 artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/
# Quick and dirty check for https://github.com/dotnet/source-build/issues/2731
test -f %{buildroot}%{_libdir}/dotnet/sdk/%{sdk_version}*/Sdks/Microsoft.NET.Sdk/Sdk/Sdk.props
# Check debug symbols in all elf objects. This is not in %%check
# because native binaries are stripped by rpm-build after %%install.
# So we need to do this check earlier.
echo "Testing build results for debug symbols..."
%{SOURCE101} -v %{buildroot}%{_libdir}/dotnet/
%if %{include_macros}
install -dm 0755 %{buildroot}%{_rpmmacrodir}/
install -m 0644 %{SOURCE100} %{buildroot}%{_rpmmacrodir}/
%endif
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files
%if %{is_latest_dotnet} == 0
# If this is an older version, self-test now, before we delete files. After we
# delete files, we will not have everything we need to self-test in %%check.
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
# Provided by dotnet-host from another SRPM
rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt
rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt
rm %{buildroot}%{_libdir}/dotnet/dotnet
%endif
%check
%if 0%{?fedora} > 35
# lttng in Fedora > 35 is incompatible with .NET
export COMPlus_LTTng=0
%endif
%if %{is_latest_dotnet}
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
%endif
%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
%files -n dotnet
# empty package useful for dependencies
%endif
%if %{is_latest_dotnet}
%files -n dotnet-host
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/dotnet
%{_libdir}/dotnet/dnx
%dir %{_libdir}/dotnet/host
%dir %{_libdir}/dotnet/host/fxr
%{_bindir}/dotnet
%{_bindir}/dnx
%license %{_libdir}/dotnet/LICENSE.txt
%license %{_libdir}/dotnet/ThirdPartyNotices.txt
%doc %{_mandir}/man1/dotnet*.1.*
%doc %{_mandir}/man7/dotnet*.7.*
%config(noreplace) %{_sysconfdir}/profile.d/dotnet.sh
%config(noreplace) %{_sysconfdir}/dotnet
%dir %{_datadir}/bash-completion
%dir %{bash_completions_dir}
%{_datadir}/bash-completion/completions/dotnet
%dir %{_datadir}/zsh
%dir %{zsh_completions_dir}
%{_datadir}/zsh/site-functions/_dotnet
%if %{include_macros}
%{_rpmmacrodir}/macros.dotnet
%endif
%endif
%files -n dotnet-hostfxr-%{dotnetver}
%dir %{_libdir}/dotnet/host/fxr
%{_libdir}/dotnet/host/fxr/%{hostfxr_version}*
%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}*
%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files
%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}*
%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files
%files -n dotnet-templates-%{dotnetver}
%dir %{_libdir}/dotnet/templates
%{_libdir}/dotnet/templates/%{templates_version}*
%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files
%dir %{_libdir}/dotnet/sdk
%dir %{_libdir}/dotnet/sdk-manifests
%{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}*
%{_libdir}/dotnet/metadata
%ifnarch %{mono_archs}
%{_libdir}/dotnet/library-packs
%endif
%dir %{_libdir}/dotnet/packs
%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version}*
%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version}*
%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files
%ifnarch %{mono_archs}
%files -n dotnet-sdk-aot-%{dotnetver}
%dir %{_libdir}/dotnet/packs
%dir %{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/
%{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/%{runtime_version}*
%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.NativeAOT.%{runtime_id}/
%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.NativeAOT.%{runtime_id}/%{runtime_version}*
%endif
%files -n dotnet-sdk-%{dotnetver}-source-built-artifacts
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/source-built-artifacts
%changelog
* Tue Dec 09 2025 Omair Majid <omajid@redhat.com> - 10.0.101-2
- Update to .NET SDK 10.0.101 and Runtime 10.0.1
- Resolves: RHEL-130939
* Wed Nov 12 2025 Omair Majid <omajid@redhat.com> - 10.0.100-2
- Update to .NET SDK 10.0.100 and Runtime 10.0.0
- Resolves: RHEL-125749
* Wed Oct 15 2025 Omair Majid <omajid@redhat.com> - 10.0.100~rc.2.25502.107-0.12
- Update to .NET SDK 10.0.100-rc.2.25502.107 and Runtime 10.0.0-rc.2.25502.107
- Resolves: RHEL-121558
* Tue Sep 30 2025 Omair Majid <omajid@redhat.com> - 10.0.100~rc.1.25451.107-0.11
- Disable bootstrap
- Related: RHEL-114571
* Sun Sep 14 2025 Omair Majid <omajid@redhat.com> - 10.0.100~rc.1.25451.107-0.10
- Update to .NET 10 RC 1
- Resolves: RHEL-114571
* Tue Sep 09 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.7.25380.108-0.9
- Disable bootstrap
- Related: RHEL-98678
* Thu Sep 04 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.7.25380.108-0.8
- Drop netstandard-targeting-pack-2.1
- Related: RHEL-98678
* Sat Aug 23 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.7.25380.108-0.7
- Update to .NET 10 Preview 7
- Related: RHEL-98678
* Tue Aug 19 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.6
- Rebuild to try and get rid of random errors
- Related: RHEL-98678
* Fri Aug 01 2025 Omair Majid <omajid@redhat.com> - 10.0.100~preview.6.25358.103-0.5
- Initial commit on c10s
- Resolves: RHEL-98678

22
gating.yaml Normal file
View File

@ -0,0 +1,22 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

18
macros.dotnet Normal file
View File

@ -0,0 +1,18 @@
# .NET's name for the architecture
%dotnet_runtime_arch %{lua:
local target = rpm.expand("%{_target_cpu}")
local arch = "x64"
if target == "aarch64" then
arch = "arm64"
elseif target == "ppc64le" then
arch = "ppc64le"
elseif target == "s390x" then
arch = "s390x"
elseif target == "x86_64" then
arch = "x64"
end
print(arch)
}
# .NET's identifier for the OS+architecture combination
%dotnet_runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{dotnet_runtime_arch}

29
release-key-2023.asc Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BSN Pgp v1.1.0.0
mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA
vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX
zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp
pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr
EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa
b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+
Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5
4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V
xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX
fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5
9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB
tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo
BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2
feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh
w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4
W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD
+clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ
J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1
KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq
QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh
0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm
wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x
Sr+CkhS8vrktfnRgc8yBssJnvNfqXA==
=pKgS
-----END PGP PUBLIC KEY BLOCK-----

11
release.json Normal file
View File

@ -0,0 +1,11 @@
{
"release": "10.0.1",
"channel": "10.0",
"tag": "v10.0.101",
"sdkVersion": "10.0.101",
"runtimeVersion": "10.0.1",
"aspNetCoreVersion": "10.0.1",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "fad253f51b461736dfd3cd9c15977bb7493becef",
"officialBuildId": "20251119.5"
}

20
rpminspect.yaml Normal file
View File

@ -0,0 +1,20 @@
---
inspections:
# We patch upstream a lot, no need to reject patches
patches: off
badfuncs:
allowed:
# The Mono runtime (used on s390x, for example), uses inet_addr for
# debugging (such as sending the control flow graph to a remote process).
# See runtime/src/mono/mono/mini/cfgdump.c. This isn't part of any
# standard networking facility; networking APIs are implemented/used in
# libSystem*so.
/usr/lib64/dotnet/shared/Microsoft.NETCore.App/*/libcoreclr.so:
- inet_addr
/usr/lib64/dotnet/packs/Microsoft.NETCore.App.Runtime.*/*/runtimes/*/native/libcoreclr.so:
- inet_addr
runpath:
# Upstream explicitly sets $ORIGIN/netcoredeps as an RPATH
# See https://github.com/dotnet/core/blob/main/Documentation/self-contained-linux-apps.md
allowed_origin_paths:
- /netcoredeps

12
runtime-disable-fortify-on-ilasm-parser.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
index cca2c6da185..d31e6cb2070 100644
--- dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
+++ dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt
@@ -52,6 +52,7 @@ if(CLR_CMAKE_HOST_UNIX)
add_compile_options(-Wno-array-bounds)
add_compile_options(-Wno-unused-label)
set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-O0" )
+ set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=0" )
endif(CLR_CMAKE_HOST_UNIX)
if(CLR_CMAKE_HOST_LINUX OR CLR_CMAKE_HOST_FREEBSD OR CLR_CMAKE_HOST_NETBSD OR CLR_CMAKE_HOST_SUNOS OR CLR_CMAKE_HOST_HAIKU)

34
runtime-openssl-sha1.patch Normal file
View File

@ -0,0 +1,34 @@
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 28 Feb 2024 14:08:15 +0100
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
with a chain where the last certificate uses a SHA-1 signature.
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
OpenSSL behavior for certificate validation.
---
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
index 04c6ba06cd..2cd3413dae 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- if (val != 0)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
- }
-
return val;
}
--
2.43.2

142
runtime-re-enable-implicit-rejection.patch Normal file
View File

@ -0,0 +1,142 @@
From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Fri, 2 Feb 2024 15:51:23 -0500
Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)"
This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995.
To quote Clemens Lang:
> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
> attack against PKCS#1v1.5 decryption. See
> https://people.redhat.com/~hkario/marvin/ for details and
> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
> comment by the researcher who published the vulnerability and proposed the
> change in OpenSSL.
For more details, see:
https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
---
.../RSA/EncryptDecrypt.cs | 49 ++++---------------
.../opensslshim.h | 6 ---
.../pal_evp_pkey_rsa.c | 13 -----
3 files changed, 10 insertions(+), 58 deletions(-)
diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
index 39f3ebc82ec..5b97f468a42 100644
--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
Assert.Equal(TestData.HelloBytes, output);
}
- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
+ [ConditionalFact]
[SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
public void RoundtripEmptyArray()
{
+ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+ {
+ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
+ }
+ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+ {
+ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
+ }
+
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
void RoundtripEmpty(RSAEncryptionPadding paddingMode)
@@ -757,23 +746,5 @@ public static IEnumerable<object[]> OaepPaddingModes
}
}
}
-
- public static bool PlatformSupportsEmptyRSAEncryption
- {
- get
- {
- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
- {
- return false;
- }
-
- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
- {
- return false;
- }
-
- return true;
- }
- }
}
}
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
index 0748e305d5c..cf10d2f7949 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(ERR_peek_error) \
REQUIRED_FUNCTION(ERR_peek_error_line) \
REQUIRED_FUNCTION(ERR_peek_last_error) \
- REQUIRED_FUNCTION(ERR_pop_to_mark) \
FALLBACK_FUNCTION(ERR_put_error) \
REQUIRED_FUNCTION(ERR_reason_error_string) \
- REQUIRED_FUNCTION(ERR_set_mark) \
LIGHTUP_FUNCTION(ERR_set_debug) \
LIGHTUP_FUNCTION(ERR_set_error) \
REQUIRED_FUNCTION(EVP_aes_128_cbc) \
@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define ERR_peek_error_line ERR_peek_error_line_ptr
#define ERR_peek_last_error ERR_peek_last_error_ptr
#define ERR_put_error ERR_put_error_ptr
-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
#define ERR_reason_error_string ERR_reason_error_string_ptr
#define ERR_set_debug ERR_set_debug_ptr
-#define ERR_set_mark ERR_set_mark_ptr
#define ERR_set_error ERR_set_error_ptr
#define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
#define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
#define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
#define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
#define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
#define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
#define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
index 043bf9f9d1e..c9ccdf33e3a 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
{
return false;
}
-
- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
- // If the padding is invalid, the decryption operation returns random data.
- // See https://github.com/openssl/openssl/pull/13817 for background.
- // Some Linux distributions backported this change to previous versions of OpenSSL.
- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
- ERR_set_mark();
-
- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
-
- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
- // current version does not support implicit rejection.
- ERR_pop_to_mark();
}
else
{
--
2.43.0

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (dotnet-10.0.101.tar.gz) = d9dd55d5ee23f356984e2edf5b075e76424ad9d91ce33aa923b9cd94bc0f2d612dee7b562dad266ceaca263f014f02a7507cd9066d9f2444cb3157e8d2824f6f
SHA512 (dotnet-10.0.101.tar.gz.sig) = 8cd1d3b3712e54849caf0f290331f664fd378b537f6a6ee22e621ceeaa5fa5a6d87b22271c1e9ff81bc05a640e6d58db00cabe5cf054dae99af7d6a6b736a56b

43
tests/ci.fmf Normal file
View File

@ -0,0 +1,43 @@
summary: Basic smoke test
provision:
disk: 20
memory: 5120
prepare:
how: install
package:
- aspnetcore-runtime-10.0
- bash-completion
- bc
- binutils
- dotnet-runtime-10.0
- dotnet-sdk-10.0
- expect
- file
- findutils
- gcc-c++
- git
- jq
- libstdc++-devel
- lldb
- npm
- postgresql-odbc
- postgresql-server
- procps-ng
- python3
- strace
- util-linux
- wget
- which
- zlib-devel
execute:
script:
- dotnet --info
- wget --no-verbose https://github.com/redhat-developer/dotnet-bunny/releases/latest/download/turkey.tar.gz
- tar xf turkey.tar.gz
- dotnet turkey/Turkey.dll --version
- git clone "https://github.com/redhat-developer/dotnet-regular-tests.git"
- dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200
- dnf remove -yq 'dotnet*'
- set -x; if command -v dotnet ; then exit 1; fi
- set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi
- set -x; if man dotnet; then exit 1; fi

223
update-release Executable file
View File

@ -0,0 +1,223 @@
#!/bin/bash
# Usage:
# ./update-release runtime-version|latest-release|latest-commit [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]
set -euo pipefail
IFS=$'\n\t'
set -x
print_usage() {
echo " Usage:"
echo " ./update-release runtime-version|latest-release|latest-commit [--bootstrap] [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]"
echo ""
echo "The runtime-version parameter needs to match the github release name."
echo "For preview releases, runtime-version should be of the form '9.0 Preview 1'."
}
download_release_json() {
version=$1
cat > query <<EOF
[ .[] | select(.name | contains(".NET $version")) ]
| first
| { tag_name: .tag_name,
tarball: .tarball_url,
signature: .assets[].browser_download_url | select(. | endswith("tar.gz.sig")),
release_manifest: .assets[] | select(.name == "release.json") | .browser_download_url }
EOF
curl https://api.github.com/repos/dotnet/dotnet/releases \
| jq --from-file query > release.metadata.github
curl -L "$(jq -r .release_manifest release.metadata.github)" -o release.json
}
user_provided_tarball_name=""
rpm_release=1
positional_args=()
bug_ids=()
bootstrap=0
while [[ "$#" -gt 0 ]]; do
arg="$1"
case "${arg}" in
--bootstrap)
bootstrap=1
shift;
;;
--bug)
bug_ids+=("$2")
shift;
shift;
;;
-h|--help)
print_usage
exit 0
;;
--release-json)
release_json="$2"
shift;
shift;
;;
--tarball)
user_provided_tarball_name="$2"
shift;
shift;
;;
--larger-rpm-release)
rpm_release="2"
shift;
;;
*)
positional_args+=("$1")
shift
;;
esac
done
spec_files=( ./*.spec )
spec_file="${spec_files[0]}"
dotnet_major_minor_version=$spec_file
dotnet_major_minor_version=${dotnet_major_minor_version#./dotnet}
dotnet_major_minor_version=${dotnet_major_minor_version%.spec}
echo "Updating .NET $dotnet_major_minor_version"
runtime_version=${positional_args[0]:-}
sdk_version=""
tag=v${runtime_version}
created_release_json=0
if [[ ${runtime_version} == latest-release ]]; then
if [[ -n "${release_json:-}" ]]; then
cp -a "${release_json}" release.json
else
download_release_json "${dotnet_major_minor_version}"
fi
elif [[ ${runtime_version} == latest-commit ]]; then
cat > query <<EOF
[ .[] | select(.name == "main") ]
| first
EOF
curl https://api.github.com/repos/dotnet/dotnet/branches \
| jq --from-file query > release.metadata.github
commit=$(jq -r .commit.sha release.metadata.github)
jq >release.json <<EOF
{
"release": "$dotnet_major_minor_version",
"channel": "$dotnet_major_minor_version",
"tag": "$commit",
"sdkVersion": "$dotnet_major_minor_version",
"runtimeVersion": "$dotnet_major_minor_version",
"aspNetCoreVersion": "$dotnet_major_minor_version",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "$commit"
}
EOF
cat release.json
created_release_json=1
else
if [[ -n "${release_json:-}" ]]; then
cp -a "${release_json}" release.json
else
download_release_json "${runtime_version}"
fi
fi
aspnetcore_runtime_version=$(jq -r .aspNetCoreVersion release.json)
runtime_version=$(jq -r .runtimeVersion release.json)
sdk_version=$(jq -r .sdkVersion release.json)
tag=$(jq -r .tag release.json)
tag_without_v=$(echo ${tag} | sed -e 's|^v||')
echo "Updating .NET $dotnet_major_minor_version to SDK ${sdk_version} and Runtime ${runtime_version}"
if [[ $bootstrap == 0 ]]; then
sed -i -E "s|^%bcond_with.*bootstrap$|%bcond_with bootstrap|" "$spec_file"
else
sed -i -E "s|^%bcond_with.*bootstrap$|%bcond_without bootstrap|" "$spec_file"
fi
sed -i -E "s|^%global upstream_tag .*$|%global upstream_tag ${tag}|" "$spec_file"
sed -i -E "s|^%global runtime_version .*$|%global runtime_version ${runtime_version}|" "$spec_file"
sed -i -E "s|^%global aspnetcore_runtime_version .*$|%global aspnetcore_runtime_version ${aspnetcore_runtime_version}|" "$spec_file"
sed -i -E "s|^%global sdk_version .*$|%global sdk_version ${sdk_version}|" "$spec_file"
if [[ $runtime_version = *preview* ]] || [[ $runtime_version = *rc* ]]; then
# For Preview/RC releases, convert x.y.z-preview.a.b to x.y.z~preview.a.b (replace - with ~)
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
runtime_rpm_version=${runtime_version/-/\~}
aspnetcore_runtime_rpm_version=${aspnetcore_runtime_version/-/\~}
sdk_rpm_version=${sdk_version/-/\~}
sed -i -E "s|^(%global runtime_rpm_version) .*$|\1 ${runtime_rpm_version}|" "$spec_file"
sed -i -E "s|^(%global aspnetcore_runtime_rpm_version) .*$|\1 ${aspnetcore_runtime_rpm_version}|" "$spec_file"
sed -i -E "s|^(%global sdk_rpm_version) .*$|\1 ${sdk_rpm_version}|" "$spec_file"
else
# For GA releases replace rpm versions with rpm macros for the actual version
sed -i -E "s|^(%global runtime_rpm_version) .*$|\1 %{runtime_version}|" "$spec_file"
sed -i -E "s|^(%global aspnetcore_runtime_rpm_version) .*$|\1 %{aspnetcore_runtime_version}|" "$spec_file"
sed -i -E "s|^(%global sdk_rpm_version) .*$|\1 %{sdk_version}|" "$spec_file"
fi
if [[ -f "dotnet-${tag_without_v}.tar.gz" ]]; then
echo "dotnet-${tag_without_v}.tar.gz already exists, not rebuilding tarball"
elif [[ -n ${user_provided_tarball_name} ]]; then
cp -a "${user_provided_tarball_name}" "dotnet-${tag_without_v}.tar.gz"
signature_name=$(basename "${user_provided_tarball_name}.sig")
user_tarball_dir=$(dirname "${user_provided_tarball_name}" )
# intentionally unquoted, since it can be blank
# shellcheck disable=SC2116,SC2086
signature_path=$(find $user_tarball_dir -iname "${signature_name}")
cp -a "${signature_path}" "dotnet-${tag_without_v}.tar.gz.sig"
else
if [[ $created_release_json == 0 ]] then
rm -f release.json
fi
spectool -g "$spec_file"
fi
if [[ $bootstrap == 1 ]]; then
tar xf "dotnet-${tag_without_v}.tar.gz" "dotnet-${tag_without_v}/global.json"
bootstrap_sdk_version=$(jq -r .tools.dotnet "dotnet-${tag_without_v}/global.json")
sed -i -E "s|^(%global bootstrap_sdk_version) .*$|\1 ${bootstrap_sdk_version}|" "$spec_file"
./build-dotnet-bootstrap-tarball "${tag_without_v}"
if [ -f dotnet-prebuilts*ppc64le*tar.gz ]; then
file_name=$(ls -1 -t dotnet-prebuilts-*-ppc64le.tar.gz | head -1)
bootstrap_sdk_version_ppc64le_s390x=$(basename $file_name | sed -E -e 's/dotnet-prebuilts-//' -e 's/-ppc64le.tar.gz//')
sed -E -i "s|^%global bootstrap_sdk_version_ppc64le_s390x .*$|%global bootstrap_sdk_version_ppc64le_s390x $bootstrap_sdk_version_ppc64le_s390x|" "$spec_file"
fi
fi
set -x
comment="Update to .NET SDK ${sdk_version} and Runtime ${runtime_version}"
commit_message="$comment
"
for bug_id in "${bug_ids[@]}"; do
if [[ "$bug_id" =~ ^[[:digit:]]+$ ]]; then
comment="$comment
- Resolves: RHBZ#$bug_id"
commit_message="$commit_message
Resolves: RHBZ#$bug_id"
else
comment="$comment
- Resolves: $bug_id"
commit_message="$commit_message
Resolves: $bug_id"
fi
done
echo "$commit_message" > git-commit-message
rpmdev-bumpspec --comment="$comment" "$spec_file"
# Reset release in 'Release' tag
sed -i -E 's|^Release: [[:digit:]]+%|Release: '"$rpm_release"'%|' "$spec_file"
# Reset Release in changelog comment
# See https://stackoverflow.com/questions/18620153/find-matching-text-and-replace-next-line
sed -i -E '/^%changelog$/!b;n;s/-[[:digit:]]+$/-'"$rpm_release"'/' "$spec_file"
echo "Done updating sources. Commit message in ./git-commit-message"