From ad36f7da0d63f23d5f7e2cfb2cab6e4bffe8c459 Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Thu, 15 Aug 2024 17:01:01 -0400 Subject: [PATCH] Update to .NET SDK 9 preview 7 and Runtime 9 preview 7 Resolves: RHEL-48619 --- .fmf/version | 1 + .gitignore | 4 + build-dotnet-bootstrap-tarball | 171 +++ build-prebuilt-archive | 63 + check-debug-symbols.py | 140 ++ dotnet.sh.in | 14 + dotnet9.0.spec | 1246 +++++++++++++++++ gating.yaml | 23 + release-key-2023.asc | 29 + release.json | 10 + roslyn-analyzers-ppc64le-apphost.patch | 12 + rpminspect.yaml | 20 + runtime-disable-fortify-on-ilasm-parser.patch | 12 + runtime-openssl-sha1.patch | 34 + runtime-re-enable-implicit-rejection.patch | 142 ++ sources | 4 + tests/ci.fmf | 45 + 17 files changed, 1970 insertions(+) create mode 100644 .fmf/version create mode 100755 build-dotnet-bootstrap-tarball create mode 100755 build-prebuilt-archive create mode 100755 check-debug-symbols.py create mode 100644 dotnet.sh.in create mode 100644 dotnet9.0.spec create mode 100644 gating.yaml create mode 100644 release-key-2023.asc create mode 100644 release.json create mode 100644 roslyn-analyzers-ppc64le-apphost.patch create mode 100644 rpminspect.yaml create mode 100644 runtime-disable-fortify-on-ilasm-parser.patch create mode 100644 runtime-openssl-sha1.patch create mode 100644 runtime-re-enable-implicit-rejection.patch create mode 100644 sources create mode 100644 tests/ci.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index e69de29..0a8e3b8 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,4 @@ +/dotnet-prebuilts-9.0.100-preview.7.24380.1-ppc64le.tar.gz +/dotnet-prebuilts-9.0.100-preview.7.24380.1-s390x.tar.gz +/dotnet-sdk-9.0.100-preview.7.24380.2-linux-arm64.tar.gz +/dotnet-v9.0.0-preview.7.24405.7-x64-bootstrap.tar.gz diff --git a/build-dotnet-bootstrap-tarball b/build-dotnet-bootstrap-tarball new file mode 100755 index 0000000..1ecc390 --- /dev/null +++ b/build-dotnet-bootstrap-tarball @@ -0,0 +1,171 @@ +#!/bin/bash + +# Usage: +# build-dotnet-bootstrap-tarball +# +# Creates a source archive suitable for bootstrapping from a tag (or commit) at +# https://github.com/dotnet/dotnet +# +# Clone dotnet/dotnet, check out the tag, and build a source-tarball. +# Can also use a full git commit identifier instead of tag (not an +# abbreviated 8 character commit identifier though). + +set -euo pipefail +IFS=$'\n\t' + +function print_usage { + echo "Usage:" + echo "$0 " + echo + echo "Creates a $arch bootstrap source archive from a tag at https://github.com/dotnet/dotnet" +} + +function clean_dotnet_cache { + rm -rf ~/.aspnet ~/.dotnet/ ~/.nuget/ ~/.local/share/NuGet ~/.templateengine + rm -rf /tmp/NuGet /tmp/NuGetScratch /tmp/.NETCore* /tmp/.NETStandard* /tmp/.dotnet /tmp/dotnet.* /tmp/clr-debug-pipe* /tmp/Razor-Server /tmp/CoreFxPipe* /tmp/VBCSCompiler /tmp/.NETFramework* + rm -rf ~/.npm/ +} + +function check_bootstrap_environment { + if rpm -qa | grep dotnet ; then + echo "error: dotnet is installed. Not a good idea for bootstrapping." + exit 1 + fi + if [ -d /usr/lib/dotnet ] || [ -d /usr/lib64/dotnet ] || [ -d /usr/share/dotnet ] ; then + echo "error: one of /usr/lib/dotnet /usr/lib64/dotnet or /usr/share/dotnet/ exists. Not a good idea for bootstrapping." + exit 1 + fi + if command -v dotnet ; then + echo "error: dotnet is in $PATH. Not a good idea for bootstrapping." + exit 1 + fi +} + +function runtime_id { + + source /etc/os-release + case "${ID}" in + # Remove the RHEL minor version + rhel) rid_version=${VERSION_ID%.*} ;; + + *) rid_version=${VERSION_ID} ;; + esac + + echo "${ID}.${rid_version}-${arch}" +} + +build_bootstrap=false + +declare -A archmap +archmap=( + ["aarch64"]="arm64" + ["amd64"]="x64" + ["armv8l"]="arm" + ["i386"]="x86" + ["i686"]="x86" + ["ppc64le"]="ppc64le" + ["s390x"]="s390x" + ["x86_64"]="x64" +) + +arch=${archmap["$(uname -m)"]} + + +positional_args=() +while [[ "$#" -gt 0 ]]; do + arg="${1}" + case "${arg}" in + -h|--help) + print_usage + exit 0 + ;; + *) + positional_args+=("$1") + shift + ;; + esac +done + +check_bootstrap_environment + +tag=${positional_args[0]:-} +if [[ -z ${tag} ]]; then + echo "error: missing tag to build" + exit 1 +fi + +set -x + +dir_name="dotnet-${tag}" +unmodified_tarball_name="${dir_name}-original" +tarball_name="${dir_name}" + +unmodified_tarball_name="${unmodified_tarball_name}-${arch}-bootstrap" +tarball_name="${tarball_name}-${arch}-bootstrap" + +tarball_suffix=.tar.gz + +if [ -f "${tarball_name}${tarball_suffix}" ]; then + echo "error: ${tarball_name}${tarball_suffix} already exists" + exit 1 +fi + + +if [ ! -f "${unmodified_tarball_name}.tar.gz" ]; then + if [[ $tag =~ ^[0-9a-fA-F]+$ ]]; then + if [ ! -f $tag.zip ]; then + wget https://github.com/dotnet/dotnet/archive/$tag.zip + fi + dir=$(mktemp -d -p $(pwd)) + pushd $dir + unzip -q ../$tag.zip + if [[ $(ls -1q | wc -l) -gt 3 ]]; then + echo "error: tarball doesn't have a single main directory" + exit 1 + fi + tar czf ../${unmodified_tarball_name}.tar.gz dotnet-$tag + popd + else + wget https://github.com/dotnet/dotnet/archive/refs/tags/${tag}.tar.gz + mv "${tag}.tar.gz" "${unmodified_tarball_name}.tar.gz" + fi +fi + +tar tf "${unmodified_tarball_name}".tar.gz > .tarball_file_list +extracted_tarball_root=$(head -1 .tarball_file_list | cut -d/ -f 1) +if [[ "$extracted_tarball_root" == "."* ]]; then + echo "error: can't find main directory in the dotnet tarball" + exit 1 +fi +if [[ $(grep -cv "^${extracted_tarball_root}/" .tarball_file_list) -gt 0 ]]; then + echo "error: tarball doesn't have a single main directory" + exit 1 +fi +rm .tarball_file_list + +rm -rf "${tarball_name}" +rm -rf "${extracted_tarball_root}" +tar xf "${unmodified_tarball_name}.tar.gz" +mv "${extracted_tarball_root}" "${tarball_name}" + +pushd "${tarball_name}" + +./prep-source-build.sh --bootstrap + +# Remove files with funny licenses and crypto implementations and +# other not-very-useful artifacts. We MUST NOT ship any files that +# have unapproved licenses and unexpected cryptographic +# implementations. +# +# We use rm -r (no -f) to make sure the operation fails if the files +# are not at the expected locations. If the files are not at the +# expected location, we need to find the new location of the files and +# delete them, or verify that upstream has already removed the files. + +# rm -r $FILE_TO_REMOVE + +popd + +echo "Bootstrap .NET SDK: $(jq .tools.dotnet "${tarball_name}"/global.json)" + +time tar -czf "${tarball_name}${tarball_suffix}" "${tarball_name}" diff --git a/build-prebuilt-archive b/build-prebuilt-archive new file mode 100755 index 0000000..7e14b0f --- /dev/null +++ b/build-prebuilt-archive @@ -0,0 +1,63 @@ +#!/bin/bash + +# Usage: +# build-prebuilt-archive architecture vmr-directory +# +# Creates an archive containing necessary bootstrapping binaries for ppc64le or +# s390x architectures from a VMR build. +# +# You need to have cloned the VMR (https://github.com/dotnet/dotnet) and +# cross-compiled it for the target architecture already. + +set -euo pipefail +IFS=$'\n\t' +set -x + +function print_usage { + echo "Usage:" + echo "$0 " + echo + echo "Creates a ppc64le or s390x bootstrap archive from a VMR build." + echo + echo "You need to have cloned the VMR (https://github.com/dotnet/dotnet) and" + echo "cross-compiled it for the target architecture already." + +} + +positional_args=() +while [[ "$#" -gt 0 ]]; do + arg="${1}" + case "${arg}" in + -h|--help) + print_usage + exit 0 + ;; + *) + positional_args+=("$1") + shift + ;; + esac +done + +arch=${positional_args[0]} # Name of the architecture. Eg, s390x or ppc64le +dir=${positional_args[1]} # Checkout of the VMR with the cross-build for the target architecture +dir=$(readlink -f "$dir") + +sdk_tarball=$(readlink -f $(find "$dir" -iname 'dotnet-sdk*'"$arch"'*tar.gz' | head -1)) + +# SDK is at VMR/artifacts/assets/Release/dotnet-sdk-9.0.100-preview.3.24165.1-linux-$arch.tar.gz. Extract the SDK version from the name. +sdk_version=$(echo "$(basename "${sdk_tarball}")" | sed -E -e 's/dotnet-sdk-//' -e "s/-linux-$arch.tar.gz//") +echo $sdk_version + +archive_name=dotnet-prebuilts-${sdk_version}-${arch} + +mkdir -p $archive_name +pushd $archive_name + +cp -av $sdk_tarball . +# Get all architecture-specific nuget packages +find $dir/artifacts/packages/Release/Shipping/ -iname "*linux-$arch*nupkg" -exec cp -avL {} . \; + +popd + +tar cvzf $archive_name.tar.gz $archive_name diff --git a/check-debug-symbols.py b/check-debug-symbols.py new file mode 100755 index 0000000..a4caa57 --- /dev/null +++ b/check-debug-symbols.py @@ -0,0 +1,140 @@ +#!/usr/bin/python3 + +""" +Check debug symbols are present in shared object and can identify +code. + +It starts scanning from a directory and recursively scans all ELF +files found in it for various symbols to ensure all debuginfo is +present and nothing has been stripped. + +Usage: + +./check-debug-symbols /path/of/dir/to/scan/ + + +Example: + +./check-debug-symbols /usr/lib64 +""" + +# This technique was explained to me by Mark Wielaard (mjw). + +import collections +import os +import re +import subprocess +import sys + +ScanResult = collections.namedtuple('ScanResult', + 'file_name debug_info debug_abbrev file_symbols gnu_debuglink') + +file_symbol_exclude_list = [ + 'ilc', +] + +def scan_file(file): + "Scan the provided file and return a ScanResult containing results of the scan." + + # Test for .debug_* sections in the shared object. This is the main test. + # Stripped objects will not contain these. + readelf_S_result = subprocess.run(['eu-readelf', '-S', file], + stdout=subprocess.PIPE, encoding='utf-8', check=True) + has_debug_info = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_info' in line) + + has_debug_abbrev = any(line for line in readelf_S_result.stdout.split('\n') if '] .debug_abbrev' in line) + + # Test FILE symbols. These will most likely be removed by anyting that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols. + def contains_file_symbols(line): + parts = line.split() + if len(parts) < 8: + return False + return \ + parts[2] == '0' and parts[3] == 'FILE' and parts[4] == 'LOCAL' and parts[5] == 'DEFAULT' and \ + parts[6] == 'ABS' and re.match(r'((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx))?', parts[7]) + + readelf_s_result = subprocess.run(["eu-readelf", '-s', file], + stdout=subprocess.PIPE, encoding='utf-8', check=True) + has_file_symbols = True + if not os.path.basename(file) in file_symbol_exclude_list: + has_file_symbols = any(line for line in readelf_s_result.stdout.split('\n') if contains_file_symbols(line)) + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either. + has_gnu_debuglink = any(line for line in readelf_s_result.stdout.split('\n') if '] .gnu_debuglink' in line) + + return ScanResult(file, has_debug_info, has_debug_abbrev, has_file_symbols, has_gnu_debuglink) + +def is_elf(file): + result = subprocess.run(['file', file], stdout=subprocess.PIPE, encoding='utf-8', check=True) + return re.search(r'ELF 64-bit [LM]SB (?:pie )?(?:executable|shared object)', result.stdout) + +def scan_file_if_sensible(file): + if is_elf(file): + return scan_file(file) + return None + +def scan_dir(dir): + results = [] + for root, _, files in os.walk(dir): + for name in files: + result = scan_file_if_sensible(os.path.join(root, name)) + if result: + results.append(result) + return results + +def scan(file): + file = os.path.abspath(file) + if os.path.isdir(file): + return scan_dir(file) + elif os.path.isfile(file): + return [scan_file_if_sensible(file)] + +def is_bad_result(result): + return not result.debug_info or not result.debug_abbrev or not result.file_symbols or result.gnu_debuglink + +def print_scan_results(results, verbose): + # print(results) + for result in results: + file_name = result.file_name + found_issue = False + if not result.debug_info: + found_issue = True + print('error: missing .debug_info section in', file_name) + if not result.debug_abbrev: + found_issue = True + print('error: missing .debug_abbrev section in', file_name) + if not result.file_symbols: + found_issue = True + print('error: missing FILE symbols in', file_name) + if result.gnu_debuglink: + found_issue = True + print('error: unexpected .gnu_debuglink section in', file_name) + if verbose and not found_issue: + print('OK: ', file_name) + +def main(args): + verbose = False + files = [] + for arg in args: + if arg == '--verbose' or arg == '-v': + verbose = True + else: + files.append(arg) + + results = [] + for file in files: + results.extend(scan(file)) + + print_scan_results(results, verbose) + + if any(is_bad_result(result) for result in results): + return 1 + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv[1:])) diff --git a/dotnet.sh.in b/dotnet.sh.in new file mode 100644 index 0000000..65b92a0 --- /dev/null +++ b/dotnet.sh.in @@ -0,0 +1,14 @@ + +# Set location for AppHost lookup +[ -z "$DOTNET_ROOT" ] && export DOTNET_ROOT=@LIBDIR@/dotnet + +# Add dotnet tools directory to PATH +DOTNET_TOOLS_PATH="$HOME/.dotnet/tools" +case "$PATH" in + *"$DOTNET_TOOLS_PATH"* ) true ;; + * ) PATH="$PATH:$DOTNET_TOOLS_PATH" ;; +esac + +# Extract self-contained executables under HOME +# to avoid multi-user issues from using the default '/var/tmp'. +[ -z "$DOTNET_BUNDLE_EXTRACT_BASE_DIR" ] && export DOTNET_BUNDLE_EXTRACT_BASE_DIR="${XDG_CACHE_HOME:-"$HOME"/.cache}/dotnet_bundle_extract" diff --git a/dotnet9.0.spec b/dotnet9.0.spec new file mode 100644 index 0000000..f0d1cad --- /dev/null +++ b/dotnet9.0.spec @@ -0,0 +1,1246 @@ +%bcond_without bootstrap + +# LTO triggers a compilation error for a source level issue. Given that LTO should not +# change the validity of any given source and the nature of the error (undefined enum), I +# suspect a generator program is mis-behaving in some way. This needs further debugging, +# until that's done, disable LTO. This has to happen before setting the flags below. +%define _lto_cflags %{nil} + +%global dotnetver 9.0 + +# upstream can produce releases with a different tag than the SDK version +#%%global upstream_tag v%%{runtime_version} +%global upstream_tag v9.0.0-preview.7.24405.7 +%global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||') + +%global hostfxr_version 9.0.0-preview.7.24405.7 +%global runtime_version 9.0.0-preview.7.24405.7 +%global aspnetcore_runtime_version 9.0.0-preview.7.24406.2 +%global sdk_version 9.0.100-preview.7.24407.1 +%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|') +%global templates_version %{aspnetcore_runtime_version} +#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') + +%global runtime_rpm_version 9.0.0~preview.7.24405.6 +%global aspnetcore_runtime_rpm_version 9.0.0~preview.7.24406.2 +%global sdk_rpm_version 9.0.100~preview.7.24407.1 + +%global use_bundled_brotli 0 +%global use_bundled_libunwind 1 +%global use_bundled_llvm_libunwind 1 +%global use_bundled_rapidjson 0 +%global use_bundled_zlib 0 + +%if 0%{?rhel} > 0 +%global use_bundled_rapidjson 1 +%endif + +%if 0%{?fedora} || 0%{?rhel} < 8 +%global use_bundled_libunwind 0 +%endif + +%ifarch aarch64 ppc64le s390x +%global use_bundled_libunwind 1 +%endif + +%ifarch aarch64 +%global runtime_arch arm64 +%endif +%ifarch ppc64le +%global runtime_arch ppc64le +%endif +%ifarch s390x +%global runtime_arch s390x +%endif +%ifarch x86_64 +%global runtime_arch x64 +%endif + +%global mono_archs ppc64le s390x + +%{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}} + +# Define macros for OS backwards compat +%if %{undefined bash_completions_dir} +%global bash_completions_dir %{_datadir}/bash-completion/completions +%endif +%if %{undefined zsh_completions_dir} +%global zsh_completions_dir %{_datadir}/zsh/site-functions +%endif + +Name: dotnet%{dotnetver} +Version: %{sdk_rpm_version} +Release: 0.1%{?dist} +Summary: .NET Runtime and SDK +License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib + +URL: https://github.com/dotnet/ + +%if %{with bootstrap} +# The source is generated on a Fedora box via: +# ./build-dotnet-bootstrap-tarball %%{upstream_tag} +Source0: dotnet-%{upstream_tag}-x64-bootstrap.tar.gz +# The bootstrap SDK version is one listed in the global.json file of the main source archive +%global bootstrap_sdk_version 9.0.100-preview.7.24380.2 +# Binaries can be at one of several different URLs: +# GA releases: +# Source1: https://dotnetcli.azureedge.net/dotnet/Sdk/%%{bootstrap_sdk_version}/dotnet-sdk-%%{bootstrap_sdk_version}-linux-arm64.tar.gz +# Preview releases: +Source1: https://dotnetbuilds.azureedge.net/public/Sdk/%{bootstrap_sdk_version}/dotnet-sdk-%{bootstrap_sdk_version}-linux-arm64.tar.gz +# To generate ppc64le and s390x archives: +# 1. Find the source commits and versions of repos, use one of: +# - https://dotnetbuilds.azureedge.net/public/Sdk/%%{bootstrap_sdk_version}/productCommit-linux-x64.txt +# - https://dotnetcli.azureedge.net/dotnet/Sdk/%%{bootstrap_sdk_version}/productCommit-linux-x64.txt +# 2. Find the VMR sync commit using `git log --grep $commit` +# 3. Build the VMR commit in cross-build mode for the architecture +# 4. Use `build-prebuilt-archive` to create the archive from the VMR +# 5. Update the version below to match the SDK that was built from the VMR +# The ppc64le/s390x SDK version is one produced +%global bootstrap_sdk_version_ppc64le_s390x 9.0.100-preview.7.24380.1 +Source2: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-ppc64le.tar.gz +Source3: dotnet-prebuilts-%{bootstrap_sdk_version_ppc64le_s390x}-s390x.tar.gz +%else +Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz +Source1: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/dotnet-%{upstream_tag_without_v}.tar.gz.sig +Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc +%endif + +Source5: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json + +Source20: check-debug-symbols.py +Source21: dotnet.sh.in + +# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314 +Patch0: runtime-re-enable-implicit-rejection.patch +# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. +# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message +# digests used for the signature are not treated as fatal errors. +# https://issues.redhat.com/browse/RHEL-25254 +Patch1: runtime-openssl-sha1.patch +# fix an error caused by combining Fedora's CFLAGS with how .NET builds some assembly files +Patch2: runtime-disable-fortify-on-ilasm-parser.patch +# Fix parsing a test project on ppc64le +Patch3: roslyn-analyzers-ppc64le-apphost.patch + + +ExclusiveArch: aarch64 ppc64le s390x x86_64 + + +%if ! %{use_bundled_brotli} +BuildRequires: brotli-devel +%endif +BuildRequires: clang +BuildRequires: cmake +BuildRequires: coreutils +%if %{without bootstrap} +BuildRequires: dotnet-sdk-%{dotnetver} +BuildRequires: dotnet-sdk-%{dotnetver}-source-built-artifacts +%endif +BuildRequires: findutils +BuildRequires: git +BuildRequires: glibc-langpack-en +BuildRequires: gnupg2 +BuildRequires: hostname +BuildRequires: krb5-devel +BuildRequires: libicu-devel +%if ! %{use_bundled_libunwind} +BuildRequires: libunwind-devel +%endif +%ifnarch s390x +BuildRequires: lld +%else +# lld is not supported/available/usable on s390x +BuildRequires: binutils +%endif +# If the build ever crashes, then having lldb installed might help the +# runtime generate a backtrace for the crash +BuildRequires: lldb +BuildRequires: llvm +%if ! %{use_bundled_llvm_libunwind} +BuildRequires: llvm-libunwind-devel +%endif +BuildRequires: lttng-ust-devel +BuildRequires: make +BuildRequires: openssl-devel +BuildRequires: python3 +%if ! %{use_bundled_rapidjson} +BuildRequires: rapidjson-devel +%endif +BuildRequires: tar +BuildRequires: util-linux +%if ! %{use_bundled_zlib} +BuildRequires: zlib-devel +%endif + + +# The tracing support in CoreCLR is optional. It has a run-time +# dependency on some additional libraries like lttng-ust. The runtime +# gracefully disables tracing if the dependencies are missing. +%global __requires_exclude_from ^(%{_libdir}/dotnet/.*/libcoreclrtraceptprovider\\.so)$ + +# Avoid generating provides and requires for private libraries +%global privlibs libhostfxr +%global privlibs %{privlibs}|libclrgc +%global privlibs %{privlibs}|libclrjit +%global privlibs %{privlibs}|libcoreclr +%global privlibs %{privlibs}|libcoreclrtraceptprovider +%global privlibs %{privlibs}|libhostpolicy +%global privlibs %{privlibs}|libmscordaccore +%global privlibs %{privlibs}|libmscordbi +%global privlibs %{privlibs}|libnethost +%global privlibs %{privlibs}|libSystem.Globalization.Native +%global privlibs %{privlibs}|libSystem.IO.Compression.Native +%global privlibs %{privlibs}|libSystem.Native +%global privlibs %{privlibs}|libSystem.Net.Security.Native +%global privlibs %{privlibs}|libSystem.Security.Cryptography.Native.OpenSsl +%global __provides_exclude ^(%{privlibs})\\.so +%global __requires_exclude ^(%{privlibs})\\.so + + +%description +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, macOS and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + +.NET contains a runtime conforming to .NET Standards a set of +framework libraries, an SDK containing compilers and a 'dotnet' +application to drive everything. + +# The `dotnet` package was a bit of historical mistake. Users +# shouldn't be asked to install .NET without a version because .NET +# code (source or build) is generally version specific. We have kept +# it around in older versions of RHEL and Fedora. But no reason to +# continue this mistake. +%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 ) + +%package -n dotnet + +Version: %{sdk_rpm_version} +Summary: .NET CLI tools and runtime + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +%description -n dotnet +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, macOS and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + +.NET contains a runtime conforming to .NET Standards a set of +framework libraries, an SDK containing compilers and a 'dotnet' +application to drive everything. + +%endif + +%package -n dotnet-host + +Version: %{runtime_rpm_version} +Summary: .NET command line launcher + +%description -n dotnet-host +The .NET host is a command line program that runs a standalone +.NET application or launches the SDK. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-hostfxr-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: .NET command line host resolver + +# Theoretically any version of the host should work. But lets aim for the one +# provided by this package, or from a newer version of .NET +Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release} + +%description -n dotnet-hostfxr-%{dotnetver} +The .NET host resolver contains the logic to resolve and select +the right version of the .NET SDK or runtime to use. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-runtime-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: NET %{dotnetver} runtime + +Requires: dotnet-hostfxr-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} + +# libicu is dlopen()ed +Requires: libicu%{?_isa} + +# See src/runtime/src/libraries/Native/AnyOS/brotli-version.txt +Provides: bundled(libbrotli) = 1.0.9 +%if %{use_bundled_libunwind} +# See src/runtime/src/coreclr/pal/src/libunwind/libunwind-version.txt +Provides: bundled(libunwind) = 1.5.rc1.28.g9165d2a1 +%endif + +%description -n dotnet-runtime-%{dotnetver} +The .NET runtime contains everything needed to run .NET applications. +It includes a high performance Virtual Machine as well as the framework +libraries used by .NET applications. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-runtime-dbg-%{dotnetver} + +Version: %{runtime_rpm_version} +Summary: Managed debug symbols NET %{dotnetver} runtime + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release} + +%description -n dotnet-runtime-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the +managed parts of the .NET runtime itself. + + +%package -n aspnetcore-runtime-%{dotnetver} + +Version: %{aspnetcore_runtime_rpm_version} +Summary: ASP.NET Core %{dotnetver} runtime + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release} + +%description -n aspnetcore-runtime-%{dotnetver} +The ASP.NET Core runtime contains everything needed to run .NET +web applications. It includes a high performance Virtual Machine as +well as the framework libraries used by .NET applications. + +ASP.NET Core is a fast, lightweight and modular platform for creating +cross platform web applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n aspnetcore-runtime-dbg-%{dotnetver} + +Version: %{aspnetcore_runtime_rpm_version} +Summary: Managed debug symbols for the ASP.NET Core %{dotnetver} runtime + +Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release} + +%description -n aspnetcore-runtime-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the +managed parts of the ASP.NET Core runtime itself. + + +%package -n dotnet-templates-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: .NET %{dotnetver} templates + +# Theoretically any version of the host should work. But lets aim for the one +# provided by this package, or from a newer version of .NET +Requires: dotnet-host%{?_isa} >= %{runtime_rpm_version}-%{release} + +%description -n dotnet-templates-%{dotnetver} +This package contains templates used by the .NET SDK. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-sdk-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: .NET %{dotnetver} Software Development Kit + +Provides: bundled(js-jquery) + +Requires: dotnet-runtime-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release} + +Requires: dotnet-apphost-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: dotnet-targeting-pack-%{dotnetver}%{?_isa} >= %{runtime_rpm_version}-%{release} +Requires: aspnetcore-targeting-pack-%{dotnetver}%{?_isa} >= %{aspnetcore_runtime_rpm_version}-%{release} +Requires: netstandard-targeting-pack-2.1%{?_isa} >= %{sdk_rpm_version}-%{release} + +Requires: dotnet-templates-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +%description -n dotnet-sdk-%{dotnetver} +The .NET SDK is a collection of command line applications to +create, build, publish and run .NET applications. + +.NET is a fast, lightweight and modular platform for creating +cross platform applications that work on Linux, Mac and Windows. + +It particularly focuses on creating console applications, web +applications and micro-services. + + +%package -n dotnet-sdk-dbg-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: Managed debug symbols for the .NET %{dotnetver} Software Development Kit + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release} + +%description -n dotnet-sdk-dbg-%{dotnetver} +This package contains the managed symbol (pdb) files useful to debug the .NET +Software Development Kit (SDK) itself. + + +%package -n dotnet-sdk-aot-%{dotnetver} + +Version: %{sdk_rpm_version} +Summary: Ahead-of-Time (AOT) support for the .NET %{dotnetver} Software Development Kit + +Requires: dotnet-sdk-%{dotnetver}%{?_isa} >= %{sdk_rpm_version}-%{release} + +#TODO +Requires: clang +Requires: zlib + +%description -n dotnet-sdk-aot-%{dotnetver} +This package provides Ahead-of-time (AOT) compilation support for the .NET SDK. + +%global dotnet_targeting_pack() %{expand: +%package -n %{1} + +Version: %{2} +Summary: Targeting Pack for %{3} %{4} + +Requires: dotnet-host%{?_isa} + +%description -n %{1} +This package provides a targeting pack for %{3} %{4} +that allows developers to compile against and target %{3} %{4} +applications using the .NET SDK. + +%files -n %{1} +%dir %{_libdir}/dotnet/packs +%{_libdir}/dotnet/packs/%{5} +} + +%dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id} +%dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref +%dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref +%dotnet_targeting_pack netstandard-targeting-pack-2.1 %{sdk_rpm_version} NETStandard.Library 2.1 NETStandard.Library.Ref + + +%package -n dotnet-sdk-%{dotnetver}-source-built-artifacts + +Version: %{sdk_rpm_version} +Summary: Internal package for building .NET %{dotnetver} Software Development Kit + +%description -n dotnet-sdk-%{dotnetver}-source-built-artifacts +The .NET source-built archive is a collection of packages needed +to build the .NET SDK itself. + +These are not meant for general use. + + + +%prep +%if %{without bootstrap} +# check gpg signatures only for non-bootstrap builds; bootstrap "sources" are hand-crafted +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%endif + +release_json_tag=$(grep tag %{SOURCE5} | cut -d: -f2 | sed -E 's/[," ]*//g') +if [[ ${release_json_tag} != %{upstream_tag} ]]; then + echo "error: tag in release.json doesn't match tag in spec file" + exit 1 +fi + +%if %{without bootstrap} +%setup -q -n dotnet-%{upstream_tag_without_v} + +# Remove all prebuilts and binaries +rm -rf .dotnet/ +rm -rf packages/source-built +rm -rf src/aspnetcore/src/submodules/Node-Externals/ +find -type f \( \ + -iname '*.bin' -or \ + -iname '*.binlog' -or \ + -iname '*.dat' -or \ + -iname '*.db' -or \ + -iname '*.dll' -or \ + -iname '*.doc' -or \ + -iname '*.docx' -or \ + -iname '*.exe' -or \ + -iname '*.mdb' -or \ + -iname '*.mod' -or \ + -iname '*.msi' -or \ + -iname '*.netmodule' -or \ + -iname '*.nupkg' -or \ + -iname '*.o' -or \ + -iname '*.obj' -or \ + -iname '*.out' -or \ + -iname '*.p7b' -or \ + -iname '*.p7s' -or \ + -iname '*.pdb' -or \ + -iname '*.pfx' -or \ + -iname '*.res' -or \ + -iname '*.so' -or \ + -iname '*.tar.gz' -or \ + -iname '*.tgz' -or \ + -iname '*.tlb' -or \ + -iname '*.winmd' -or \ + -iname '*.vsix' -or \ + -iname '*.zip' \ + \) \ + -delete + +# \( -iname '*.snk' -not \ +# \( -ipath './prereqs/*' -or -ipath './src/arcade/*' -or -ipath './src/source-build-externals/*' -or -ipath './src/deployment-tools/*' \) \ +# \) -or \ + +mkdir -p prereqs/packages/archive +ln -s %{_libdir}/dotnet/source-built-artifacts/Private.SourceBuilt.Artifacts.*.tar.gz prereqs/packages/archive/ + +%else + +%setup -q -T -b 0 -n dotnet-%{upstream_tag}-x64-bootstrap + +%ifarch aarch64 ppc64le s390x +rm -rf .dotnet +mkdir -p .dotnet/ +%endif + +%ifarch aarch64 +tar -x -f %{SOURCE1} -C .dotnet/ +%endif +%ifarch ppc64le +tar -x --strip-components=1 -f %{SOURCE2} -C prereqs/packages/prebuilt/ +%endif +%ifarch s390x +tar -x --strip-components=1 -f %{SOURCE3} -C prereqs/packages/prebuilt/ +%endif + +%ifarch ppc64le s390x +tar xf prereqs/packages/prebuilt/dotnet-sdk*.tar.gz -C .dotnet/ +rm prereqs/packages/prebuilt/dotnet-sdk*.tar.gz +boot_sdk_version=$(ls -1 .dotnet/sdk/) +sed -i -E 's|"dotnet": "[^"]+"|"dotnet" : "'$boot_sdk_version'"|' global.json +%endif + +%endif + +%autopatch -p1 -M 999 + +%if ! %{use_bundled_brotli} +rm -rf src/runtime/src/native/external/brotli/ +%endif + +%if ! %{use_bundled_libunwind} +rm -rf src/runtime/src/native/external/libunwind/ +%endif + +%if ! %{use_bundled_llvm_libunwind} +rm -rf src/runtime/src/native/external/llvm-libunwind +%endif + +%if ! %{use_bundled_rapidjson} +rm -rf src/runtime/src/native/external/rapidjson +%endif + +%if ! %{use_bundled_zlib} +rm -rf src/runtime/src/native/external/zlib +rm -rf src/runtime/src/native/external/zlib-intel +rm -rf src/runtime/src/native/external/zlib-ng +%endif + + + +%build +cat /etc/os-release + +%if %{without bootstrap} +# We need to create a copy because build scripts will mutate this +cp -a %{_libdir}/dotnet previously-built-dotnet +find previously-built-dotnet +%endif + +%if 0%{?fedora} || 0%{?rhel} >= 9 +# Setting this macro ensures that only clang supported options will be +# added to ldflags and cflags. +%global toolchain clang +%set_build_flags +%else +# Filter flags not supported by clang +%global dotnet_cflags %(echo %optflags | sed -re 's/-specs=[^ ]*//g') +%global dotnet_ldflags %(echo %{__global_ldflags} | sed -re 's/-specs=[^ ]*//g') +export CFLAGS="%{dotnet_cflags}" +export CXXFLAGS="%{dotnet_cflags}" +export LDFLAGS="%{dotnet_ldflags}" +%endif + +# -fstack-clash-protection breaks CoreCLR +CFLAGS=$(echo $CFLAGS | sed -e 's/-fstack-clash-protection//' ) +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-fstack-clash-protection//' ) + +%ifarch aarch64 +# -mbranch-protection=standard breaks unwinding in CoreCLR through libunwind +CFLAGS=$(echo $CFLAGS | sed -e 's/-mbranch-protection=standard //') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-mbranch-protection=standard //') +%endif + +%ifarch s390x +# -march=z13 -mtune=z14 makes clang crash while compiling .NET +CFLAGS=$(echo $CFLAGS | sed -e 's/ -march=z13//') +CFLAGS=$(echo $CFLAGS | sed -e 's/ -mtune=z14//') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -march=z13//') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -mtune=z14//') +%endif + +# Enabling fortify-source and "-Wall -Weverything" produces new warnings from libc. Turn them off. +CFLAGS="$CFLAGS -Wno-used-but-marked-unused" +CXXFLAGS="$CXXFLAGS -Wno-used-but-marked-unused" + +export EXTRA_CFLAGS="$CFLAGS" +export EXTRA_CXXFLAGS="$CXXFLAGS" +export EXTRA_LDFLAGS="$LDFLAGS" + +# Disable tracing, which is incompatible with certain versions of +# lttng See https://github.com/dotnet/runtime/issues/57784. The +# suggested compile-time change doesn't work, unfortunately. +export COMPlus_LTTng=0 + +# Escape commas in the vendor name +vendor=$(echo "%{?dist_vendor}%{!?dist_vendor:%_host_vendor}" | sed -E 's/,/%2c/') + +system_libs= +%if ! %{use_bundled_brotli} + system_libs=$system_libs+brotli+ +%endif +%if ! %{use_bundled_libunwind} + system_libs=$system_libs+libunwind+ +%endif +%if ! %{use_bundled_llvm_libunwind} + system_libs=$system_libs+llvmlibunwind+ +%endif +%if ! %{use_bundled_rapidjson} + system_libs=$system_libs+rapidjson+ +%endif +%if ! %{use_bundled_zlib} + system_libs=$system_libs+zlib+ +%endif + +VERBOSE=1 timeout 5h \ + ./build.sh \ + --source-only \ + --release-manifest %{SOURCE5} \ +%if %{without bootstrap} + --with-sdk previously-built-dotnet \ +%endif +%ifarch %{mono_archs} + --use-mono-runtime \ +%endif + -- \ + /p:UseSystemLibs=${system_libs} \ + /p:TargetRid=%{runtime_id} \ + /p:OfficialBuilder="$vendor" \ + /p:MinimalConsoleLogOutput=false \ + /p:ContinueOnPrebuiltBaselineError=true \ + /v:n \ + /p:LogVerbosity=n + + +sed -e 's|[@]LIBDIR[@]|%{_libdir}|g' %{SOURCE21} > dotnet.sh + + + +%install +install -dm 0755 %{buildroot}%{_libdir}/dotnet +ls artifacts/assets/Release/ +mkdir -p built-sdk +tar xf artifacts/assets/Release/dotnet-sdk-%{sdk_version}-%{runtime_id}.tar.gz -C %{buildroot}%{_libdir}/dotnet/ + +# Delete bundled certificates: we want to use the system store only, +# except for when we have no other choice and ca-certificates doesn't +# provide it. Currently ca-ceritificates has no support for +# timestamping certificates (timestamp.ctl). +find %{buildroot}%{_libdir}/dotnet -name 'codesignctl.pem' -delete +if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]; then + find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print + echo "too many certificate bundles" + exit 2 +fi + +# Install managed symbols +tar xf artifacts/assets/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \ + -C %{buildroot}%{_libdir}/dotnet/ +find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete + +# Fix executable permissions on files +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'ilc' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'singlefilehost' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name 'lib*so' -exec chmod +x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.a' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.dll' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.h' -exec chmod 0644 {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.json' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.o' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pdb' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.props' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.pubxml' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \; +find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \; + +install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/ +install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/ + + +# Install dynamic completions +install -dm 0755 %{buildroot}/%{bash_completions_dir} +install src/sdk/scripts/register-completions.bash %{buildroot}/%{bash_completions_dir}/dotnet +install -dm 755 %{buildroot}/%{zsh_completions_dir} +install src/sdk/scripts/register-completions.zsh %{buildroot}/%{zsh_completions_dir}/_dotnet + +install -dm 0755 %{buildroot}%{_bindir} +ln -s ../../%{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/ + +for section in 1 7; do + install -dm 0755 %{buildroot}%{_mandir}/man${section}/ + find -iname 'dotnet*'.${section} -type f -exec cp {} %{buildroot}%{_mandir}/man${section}/ \; +done + +install -dm 0755 %{buildroot}%{_sysconfdir}/dotnet +echo "%{_libdir}/dotnet" >> install_location +install install_location %{buildroot}%{_sysconfdir}/dotnet/ +echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch} +install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/ + +install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts +install -m 0644 artifacts/assets/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/ + + +# Quick and dirty check for https://github.com/dotnet/source-build/issues/2731 +test -f %{buildroot}%{_libdir}/dotnet/sdk/%{sdk_version}/Sdks/Microsoft.NET.Sdk/Sdk/Sdk.props + +# Check debug symbols in all elf objects. This is not in %%check +# because native binaries are stripped by rpm-build after %%install. +# So we need to do this check earlier. +echo "Testing build results for debug symbols..." +%{SOURCE20} -v %{buildroot}%{_libdir}/dotnet/ + + +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files +find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files + + + +%check +%if 0%{?fedora} > 35 +# lttng in Fedora > 35 is incompatible with .NET +export COMPlus_LTTng=0 +%endif + +%{buildroot}%{_libdir}/dotnet/dotnet --info +%{buildroot}%{_libdir}/dotnet/dotnet --version + + + +%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 ) +%files -n dotnet +# empty package useful for dependencies +%endif + +%files -n dotnet-host +%dir %{_libdir}/dotnet +%{_libdir}/dotnet/dotnet +%dir %{_libdir}/dotnet/host +%dir %{_libdir}/dotnet/host/fxr +%{_bindir}/dotnet +%license %{_libdir}/dotnet/LICENSE.txt +%license %{_libdir}/dotnet/ThirdPartyNotices.txt +%doc %{_mandir}/man1/dotnet*.1.* +%doc %{_mandir}/man7/dotnet*.7.* +%config(noreplace) %{_sysconfdir}/profile.d/dotnet.sh +%config(noreplace) %{_sysconfdir}/dotnet +%dir %{_datadir}/bash-completion +%dir %{bash_completions_dir} +%{_datadir}/bash-completion/completions/dotnet +%dir %{_datadir}/zsh +%dir %{zsh_completions_dir} +%{_datadir}/zsh/site-functions/_dotnet + +%files -n dotnet-hostfxr-%{dotnetver} +%dir %{_libdir}/dotnet/host/fxr +%{_libdir}/dotnet/host/fxr/%{hostfxr_version} + +%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files +%dir %{_libdir}/dotnet/shared +%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App +%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version} + +%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files + +%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files +%dir %{_libdir}/dotnet/shared +%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App +%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version} + +%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files + +%files -n dotnet-templates-%{dotnetver} +%dir %{_libdir}/dotnet/templates +%{_libdir}/dotnet/templates/%{templates_version} + +%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files +%dir %{_libdir}/dotnet/sdk +%dir %{_libdir}/dotnet/sdk-manifests +%{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}* +# FIXME is using a 8.0.100 version a bug in the SDK? +%{_libdir}/dotnet/sdk-manifests/8.0.100/ +%{_libdir}/dotnet/metadata +%ifnarch %{mono_archs} +%{_libdir}/dotnet/library-packs +%endif +%dir %{_libdir}/dotnet/packs +%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id} +%{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version} +%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id} +%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version} + +%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files + +%ifnarch %{mono_archs} +%files -n dotnet-sdk-aot-%{dotnetver} +%dir %{_libdir}/dotnet/packs +%dir %{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/ +%{_libdir}/dotnet/packs/runtime.%{runtime_id}.Microsoft.DotNet.ILCompiler/%{runtime_version} +%endif + +%files -n dotnet-sdk-%{dotnetver}-source-built-artifacts +%dir %{_libdir}/dotnet +%{_libdir}/dotnet/source-built-artifacts + + +%changelog +* Thu Aug 15 2024 Omair Majid - 9.0.100~preview.7.24407.1-0.1 +- Update to .NET SDK 9 preview 7 and Runtime 9 preview 7 +- Resolves: RHEL-48619 + +* Thu Jun 13 2024 Omair Majid - 9.0.100~preview.5.24307.3-0.9 +- Update to .NET SDK 9.0.100-preview.5.24307.3 and Runtime + 9.0.0-preview.5.24306.7 + +* Tue May 21 2024 Omair Majid - 9.0.100~preview.4.24267.1-0.8 +- Update to .NET SDK 9.0.100-preview.4.24267.1 and Runtime + 9.0.0-preview.4.24266.19 + +* Thu Apr 11 2024 Omair Majid - 9.0.100~preview.3.24204.13-0.6 +- Update to .NET SDK 9.0.100-preview.3.24204.13 and Runtime + 9.0.0-preview.3.24172.9 + +* Thu Mar 14 2024 Omair Majid - 9.0.100~preview.2.24157.14-0.4 +- Update to .NET SDK 9.0.100~preview.2.24158.1 and Runtime + 9.0.0-preview.2.24128.5 + +* Mon Feb 26 2024 Omair Majid - 9.0.100~preview.1.24101.1-0.3 +- Update to .NET SDK 9.0.100-preview.1.24101.1 and Runtime + 9.0.0-preview.1.24080.9 + +* Wed Feb 14 2024 Omair Majid - 8.0.102-1 +- Update to .NET SDK 8.0.102 and Runtime 8.0.2 + +* Fri Jan 26 2024 Omair Majid - 8.0.101-4 +- Rebuild to add new -dbg subpackages + +* Wed Jan 24 2024 Fedora Release Engineering - 8.0.101-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 8.0.101-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Jan 09 2024 Omair Majid - 8.0.101-1 +- Update to .NET SDK 8.0.101 and Runtime 8.0.1 + +* Tue Dec 12 2023 Omair Majid - 8.0.100-2 +- Enable gpg signature verification + +* Sat Dec 09 2023 Omair Majid - 8.0.100-1 +- Update to .NET SDK 8.0.100 and Runtime 8.0.0 + +* Fri Dec 08 2023 Omair Majid - 8.0.100~rc.2-0.1 +- Update to .NET SDK 8.0.100 RC 2 and Runtime 8.0.0 RC 2 + +* Fri Dec 08 2023 Omair Majid - 8.0.100~rc.1-0.2 +- Add various fixes from CentOS Stream 9 + +* Fri Sep 15 2023 Omair Majid - 8.0.100~rc.1-0.1 +- Update to .NET SDK 8.0.100 RC 1 and Runtime 8.0.0 RC 1 + +* Fri Aug 11 2023 Omair Majid - 8.0.100~preview.7-0.1 +- Update to .NET SDK 8.0.100 Preview 7 and Runtime 8.0.0 Preview 7 + +* Tue Jul 18 2023 Omair Majid - 8.0.100~preview.6-0.2 +- Remove lttng and other tracing-specific dependencies from the runtime package + +* Mon Jul 17 2023 Omair Majid - 8.0.100~preview.6-0.1 +- Update to .NET SDK 8.0.100 Preview 6 and Runtime 8.0.0 Preview 6 + +* Fri Jun 23 2023 Omair Majid - 8.0.100~preview.5-0.2 +- Fix release.json and sourcelink references + +* Mon Jun 19 2023 Omair Majid - 8.0.100~preview.5-0.1 +- Update to .NET SDK 8.0.100 Preview 5 and Runtime 8.0.0 Preview 5 + +* Wed Apr 12 2023 Omair Majid - 8.0.100~preview.3-0.1 +- Update to .NET SDK 8.0.100 Preview 3 and Runtime 8.0.0 Preview 3 + +* Wed Mar 15 2023 Omair Majid - 8.0.100~preview.2-0.1 +- Update to .NET SDK 8.0.100 Preview 2 and Runtime 8.0.0 Preview 2 + +* Wed Feb 22 2023 Omair Majid - 8.0.100~preview.1-0.1 +- Update to .NET SDK 8.0.100 Preview 1 and Runtime 8.0.0 Preview 1 + +* Thu Jan 12 2023 Omair Majid - 7.0.102-1 +- Update to .NET SDK 7.0.102 and Runtime 7.0.2 + +* Wed Jan 11 2023 Omair Majid - 7.0.101-1 +- Update to .NET SDK 7.0.101 and Runtime 7.0.1 + +* Tue Jan 10 2023 Omair Majid - 7.0.100-1 +- Update to .NET SDK 7.0.100 and Runtime 7.0.0 + +* Thu Nov 10 2022 Omair Majid - 7.0.100-0.1 +- Update to .NET 7 RC 2 + +* Wed May 11 2022 Omair Majid - 6.0.105-1 +- Update to .NET SDK 6.0.105 and Runtime 6.0.5 + +* Tue Apr 12 2022 Omair Majid - 6.0.104-1 +- Update to .NET SDK 6.0.104 and Runtime 6.0.4 + +* Thu Mar 10 2022 Omair Majid - 6.0.103-1 +- Update to .NET SDK 6.0.103 and Runtime 6.0.3 + +* Mon Feb 14 2022 Omair Majid - 6.0.102-1 +- Update to .NET SDK 6.0.102 and Runtime 6.0.2 + +* Fri Jan 28 2022 Omair Majid - 6.0.101-3 +- Update to .NET SDK 6.0.101 and Runtime 6.0.1 + +* Thu Jan 20 2022 Fedora Release Engineering - 6.0.100-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Dec 20 2021 Omair Majid - 6.0.100-2 +- Disable bootstrap + +* Sun Dec 19 2021 Omair Majid - 6.0.100-1 +- Update to .NET 6 + +* Fri Oct 22 2021 Omair Majid - 6.0.0-0.7.rc2 +- Update to .NET 6 RC2 + +* Fri Oct 08 2021 Omair Majid - 6.0.0-0.6.28be3e9a006d90d8c6e87d4353b77882829df718 +- Enable building on arm64 +- Related: RHBZ#1986017 + +* Sun Oct 03 2021 Omair Majid - 6.0.0-0.5.28be3e9a006d90d8c6e87d4353b77882829df718 +- Enable building on s390x +- Related: RHBZ#1986017 + +* Sun Oct 03 2021 Omair Majid - 6.0.0-0.4.28be3e9a006d90d8c6e87d4353b77882829df718 +- Clean up tarball and add initial support for s390x +- Related: RHBZ#1986017 + +* Sun Sep 26 2021 Omair Majid - 6.0.0-0.3.28be3e9a006d90d8c6e87d4353b77882829df718 +- Update to work-in-progress RC2 release + +* Wed Aug 25 2021 Omair Majid - 6.0.0-0.2.preview6 +- Updated to build the latest source-build preview + +* Fri Jul 23 2021 Omair Majid - 6.0.0-0.1.preview6 +- Initial package for .NET 6 + +* Thu Jun 10 2021 Omair Majid - 5.0.204-1 +- Update to .NET SDK 5.0.204 and Runtime 5.0.7 + +* Wed May 12 2021 Omair Majid - 5.0.203-1 +- Update to .NET SDK 5.0.203 and Runtime 5.0.6 + +* Wed Apr 14 2021 Omair Majid - 5.0.202-1 +- Update to .NET SDK 5.0.202 and Runtime 5.0.5 + +* Tue Apr 06 2021 Omair Majid - 5.0.104-2 +- Mark files under /etc/ as config(noreplace) +- Add an rpm-inspect configuration file +- Add an rpmlintrc file +- Enable gating for release branches and ELN too + +* Tue Mar 16 2021 Omair Majid - 5.0.104-1 +- Update to .NET SDK 5.0.104 and Runtime 5.0.4 +- Drop unneeded/upstreamed patches + +* Wed Feb 17 2021 Omair Majid - 5.0.103-2 +- Add Fedora 35 RIDs + +* Thu Feb 11 2021 Omair Majid - 5.0.103-1 +- Update to .NET SDK 5.0.103 and Runtime 5.0.3 + +* Fri Jan 29 2021 Omair Majid - 5.0.102-2 +- Disable bootstrap + +* Fri Dec 18 2020 Omair Majid - 5.0.100-2 +- Update to .NET Core Runtime 5.0.0 and SDK 5.0.100 commit 9c4e5de + +* Fri Dec 04 2020 Omair Majid - 5.0.100-1 +- Update to .NET Core Runtime 5.0.0 and SDK 5.0.100 + +* Thu Dec 03 2020 Omair Majid - 5.0.100-0.4.20201202git337413b +- Update to latest 5.0 pre-GA commit + +* Tue Nov 24 2020 Omair Majid - 5.0.100-0.4.20201123gitdee899c +- Update to 5.0 pre-GA commit + +* Mon Sep 14 2020 Omair Majid - 5.0.100-0.3.preview8 +- Update to Preview 8 + +* Fri Jul 10 2020 Omair Majid - 5.0.100-0.2.preview4 +- Fix building with custom CFLAGS/CXXFLAGS/LDFLAGS +- Clean up patches + +* Mon Jul 06 2020 Omair Majid - 5.0.100-0.1.preview4 +- Initial build + +* Sat Jun 27 2020 Omair Majid - 3.1.105-4 +- Disable bootstrap + +* Fri Jun 26 2020 Omair Majid - 3.1.105-3 +- Re-bootstrap aarch64 + +* Fri Jun 19 2020 Omair Majid - 3.1.105-3 +- Disable bootstrap + +* Thu Jun 18 2020 Omair Majid - 3.1.105-1 +- Bootstrap aarch64 + +* Tue Jun 16 2020 Chris Rummel - 3.1.105-1 +- Update to .NET Core Runtime 3.1.5 and SDK 3.1.105 + +* Fri Jun 05 2020 Chris Rummel - 3.1.104-1 +- Update to .NET Core Runtime 3.1.4 and SDK 3.1.104 + +* Thu Apr 09 2020 Chris Rummel - 3.1.103-1 +- Update to .NET Core Runtime 3.1.3 and SDK 3.1.103 + +* Mon Mar 16 2020 Omair Majid - 3.1.102-1 +- Update to .NET Core Runtime 3.1.2 and SDK 3.1.102 + +* Fri Feb 28 2020 Omair Majid - 3.1.101-4 +- Disable bootstrap + +* Fri Feb 28 2020 Omair Majid - 3.1.101-3 +- Enable bootstrap +- Add Fedora 33 runtime ids + +* Thu Feb 27 2020 Omair Majid - 3.1.101-2 +- Disable bootstrap + +* Tue Jan 21 2020 Omair Majid - 3.1.101-1 +- Update to .NET Core Runtime 3.1.1 and SDK 3.1.101 + +* Thu Dec 05 2019 Omair Majid - 3.1.100-1 +- Update to .NET Core Runtime 3.1.0 and SDK 3.1.100 + +* Mon Nov 18 2019 Omair Majid - 3.1.100-0.4.preview3 +- Fix apphost permissions + +* Fri Nov 15 2019 Omair Majid - 3.1.100-0.3.preview3 +- Update to .NET Core Runtime 3.1.0-preview3.19553.2 and SDK + 3.1.100-preview3-014645 + +* Wed Nov 06 2019 Omair Majid - 3.1.100-0.2 +- Update to .NET Core 3.1 Preview 2 + +* Wed Oct 30 2019 Omair Majid - 3.1.100-0.1 +- Update to .NET Core 3.1 Preview 1 + +* Thu Oct 24 2019 Omair Majid - 3.0.100-5 +- Add cgroupv2 support to .NET Core + +* Wed Oct 16 2019 Omair Majid - 3.0.100-4 +- Include fix from coreclr for building on Fedora 32 + +* Wed Oct 16 2019 Omair Majid - 3.0.100-3 +- Harden built binaries to pass annocheck + +* Fri Oct 11 2019 Omair Majid - 3.0.100-2 +- Export DOTNET_ROOT in profile to make apphost lookup work + +* Fri Sep 27 2019 Omair Majid - 3.0.100-1 +- Update to .NET Core Runtime 3.0.0 and SDK 3.0.100 + +* Wed Sep 25 2019 Omair Majid - 3.0.100-0.18.rc1 +- Update to .NET Core Runtime 3.0.0-rc1-19456-20 and SDK 3.0.100-rc1-014190 + +* Tue Sep 17 2019 Omair Majid - 3.0.100-0.16.preview9 +- Fix files duplicated between dotnet-apphost-pack-3.0 and dotnet-targeting-pack-3.0 +- Fix dependencies between .NET SDK and the targeting packs + +* Mon Sep 16 2019 Omair Majid - 3.0.100-0.15.preview9 +- Update to .NET Core Runtime 3.0.0-preview 9 and SDK 3.0.100-preview9 + +* Mon Aug 19 2019 Omair Majid - 3.0.100-0.11.preview8 +- Update to .NET Core Runtime 3.0.0-preview8-28405-07 and SDK + 3.0.100-preview8-013656 + +* Tue Jul 30 2019 Omair Majid - 3.0.100-0.9.preview7 +- Update to .NET Core Runtime 3.0.0-preview7-27912-14 and SDK + 3.0.100-preview7-012821 + +* Fri Jul 26 2019 Omair Majid - 3.0.100-0.8.preview7 +- Update to .NET Core Runtime 3.0.0-preview7-27902-19 and SDK + 3.0.100-preview7-012802 + +* Wed Jun 26 2019 Omair Majid - 3.0.0-0.7.preview6 +- Obsolete dotnet-sdk-3.0.1xx +- Add supackages for targeting packs +- Add -fcf-protection to CFLAGS + +* Wed Jun 26 2019 Omair Majid - 3.0.0-0.6.preview6 +- Update to .NET Core Runtime 3.0.0-preview6-27804-01 and SDK 3.0.100-preview6-012264 +- Set dotnet installation location in /etc/dotnet/install_location +- Update targeting packs +- Install managed symbols +- Completely conditionalize libunwind bundling + +* Tue May 07 2019 Omair Majid - 3.0.0-0.3.preview4 +- Update to .NET Core 3.0 preview 4 + +* Tue Dec 18 2018 Omair Majid - 3.0.0-0.1.preview1 +- Update to .NET Core 3.0 preview 1 + +* Fri Dec 07 2018 Omair Majid - 2.2.100 +- Update to .NET Core 2.2.0 + +* Wed Nov 07 2018 Omair Majid - 2.2.100-0.2.preview3 +- Update to .NET Core 2.2.0-preview3 + +* Fri Nov 02 2018 Omair Majid - 2.1.403-3 +- Add host-fxr-2.1 subpackage + +* Mon Oct 15 2018 Omair Majid - 2.1.403-2 +- Disable telemetry by default +- Users have to manually export DOTNET_CLI_TELEMETRY_OPTOUT=0 to enable + +* Tue Oct 02 2018 Omair Majid - 2.1.403-1 +- Update to .NET Core Runtime 2.1.5 and SDK 2.1.403 + +* Wed Sep 26 2018 Omair Majid - 2.1.402-2 +- Add ~/.dotnet/tools to $PATH to make it easier to use dotnet tools + +* Thu Sep 13 2018 Omair Majid - 2.1.402-1 +- Update to .NET Core Runtime 2.1.4 and SDK 2.1.402 + +* Wed Sep 05 2018 Omair Majid - 2.1.401-2 +- Use distro-standard flags when building .NET Core + +* Tue Aug 21 2018 Omair Majid - 2.1.401-1 +- Update to .NET Core Runtime 2.1.3 and SDK 2.1.401 + +* Mon Aug 20 2018 Omair Majid - 2.1.302-1 +- Update to .NET Core Runtime 2.1.2 and SDK 2.1.302 + +* Fri Jul 20 2018 Omair Majid - 2.1.301-1 +- Update to .NET Core 2.1 + +* Thu May 03 2018 Omair Majid - 2.0.7-1 +- Update to .NET Core 2.0.7 + +* Wed Mar 28 2018 Omair Majid - 2.0.6-2 +- Enable bash completion for dotnet +- Remove redundant buildrequires and requires + +* Wed Mar 14 2018 Omair Majid - 2.0.6-1 +- Update to .NET Core 2.0.6 + +* Fri Feb 23 2018 Omair Majid - 2.0.5-1 +- Update to .NET Core 2.0.5 + +* Wed Jan 24 2018 Omair Majid - 2.0.3-5 +- Don't apply corefx clang warnings fix on clang < 5 + +* Fri Jan 19 2018 Omair Majid - 2.0.3-4 +- Add a test script to sanity check debug and symbol info. +- Build with clang 5.0 +- Make main package real instead of using a virtual provides (see RHBZ 1519325) + +* Wed Nov 29 2017 Omair Majid - 2.0.3-3 +- Add a Provides for 'dotnet' +- Fix conditional macro + +* Tue Nov 28 2017 Omair Majid - 2.0.3-2 +- Fix build on Fedora 27 + +* Fri Nov 17 2017 Omair Majid - 2.0.3-1 +- Update to .NET Core 2.0.3 + +* Thu Oct 19 2017 Omair Majid - 2.0.0-4 +- Add a hack to let omnisharp work + +* Wed Aug 30 2017 Omair Majid - 2.0.0-3 +- Add a patch for building coreclr and core-setup correctly on Fedora >= 27 + +* Fri Aug 25 2017 Omair Majid - 2.0.0-2 +- Move libicu/libcurl/libunwind requires to runtime package +- Make sdk depend on the exact version of the runtime package + +* Thu Aug 24 2017 Omair Majid - 2.0.0-1 +- Update to 2.0.0 final release + +* Wed Jul 26 2017 Omair Majid - 2.0.0-0.3.preview2 +- Add man pages + +* Tue Jul 25 2017 Omair Majid - 2.0.0-0.2.preview2 +- Add Requires on libicu +- Split into multiple packages +- Do not repeat first-run message + +* Fri Jul 21 2017 Omair Majid - 2.0.0-0.1.preview2 +- Update to .NET Core 2.0 Preview 2 + +* Thu Mar 16 2017 Nemanja Milošević - 1.1.0-7 +- rebuilt with latest libldb +* Wed Feb 22 2017 Nemanja Milosevic - 1.1.0-6 +- compat-openssl 1.0 for F26 for now +* Sun Feb 19 2017 Nemanja Milosevic - 1.1.0-5 +- Fix wrong commit id's +* Sat Feb 18 2017 Nemanja Milosevic - 1.1.0-4 +- Use commit id's instead of branch names +* Sat Feb 18 2017 Nemanja Milosevic - 1.1.0-3 +- Improper patch5 fix +* Sat Feb 18 2017 Nemanja Milosevic - 1.1.0-2 +- SPEC cleanup +- git removal (using all tarballs for reproducible builds) +- more reasonable versioning +* Thu Feb 09 2017 Nemanja Milosevic - 1.1.0-1 +- Fixed debuginfo going to separate package (Patch1) +- Added F25/F26 RIL and fixed the version info (Patch2) +- Added F25/F26 RIL in Microsoft.NETCore.App suported runtime graph (Patch3) +- SPEC file cleanup +* Wed Jan 11 2017 Nemanja Milosevic - 1.1.0-0 +- Initial RPM for Fedora 25/26. diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..b7ab3d1 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,23 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis} +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis} +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.other-archs.functional} diff --git a/release-key-2023.asc b/release-key-2023.asc new file mode 100644 index 0000000..96844b6 --- /dev/null +++ b/release-key-2023.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BSN Pgp v1.1.0.0 + +mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA +vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX +zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp +pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr +EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa +b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+ +Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5 +4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V +xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX +fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5 +9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB +tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo +BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2 +feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh +w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4 +W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD ++clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ +J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1 +KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq +QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh +0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm +wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x +Sr+CkhS8vrktfnRgc8yBssJnvNfqXA== +=pKgS +-----END PGP PUBLIC KEY BLOCK----- diff --git a/release.json b/release.json new file mode 100644 index 0000000..78570bb --- /dev/null +++ b/release.json @@ -0,0 +1,10 @@ +{ + "release": "9.0.0-preview.7", + "channel": "9.0", + "tag": "v9.0.0-preview.7.24405.7", + "sdkVersion": "9.0.100-preview.7.24407.12", + "runtimeVersion": "9.0.0-preview.7.24405.7", + "aspNetCoreVersion": "9.0.0-preview.7.24406.2", + "sourceRepository": "https://github.com/dotnet/dotnet", + "sourceVersion": "aecea31eada5f5506de2112d72b3bd238a5317b4" +} diff --git a/roslyn-analyzers-ppc64le-apphost.patch b/roslyn-analyzers-ppc64le-apphost.patch new file mode 100644 index 0000000..4dd465c --- /dev/null +++ b/roslyn-analyzers-ppc64le-apphost.patch @@ -0,0 +1,12 @@ +diff --git a/src/roslyn-analyzers/src/PerformanceTests/Tests/PerformanceTests.csproj b/src/roslyn-analyzers/src/PerformanceTests/Tests/PerformanceTests.csproj +index 044a2aba4..b3f8f2611 100644 +--- a/src/roslyn-analyzers/src/PerformanceTests/Tests/PerformanceTests.csproj ++++ b/src/roslyn-analyzers/src/PerformanceTests/Tests/PerformanceTests.csproj +@@ -4,6 +4,7 @@ + preview + disable + Exe ++ false + + + true diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..9293249 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,20 @@ +--- +inspections: + # We patch upstream a lot, no need to reject patches + patches: off +badfuncs: + allowed: + # The Mono runtime (used on s390x, for example), uses inet_addr for + # debugging (such as sending the control flow graph to a remote process). + # See runtime/src/mono/mono/mini/cfgdump.c. This isn't part of any + # standard networking facility; networking APIs are implemented/used in + # libSystem*so. + /usr/lib64/dotnet/shared/Microsoft.NETCore.App/*/libcoreclr.so: + - inet_addr + /usr/lib64/dotnet/packs/Microsoft.NETCore.App.Runtime.*/*/runtimes/*/native/libcoreclr.so: + - inet_addr +runpath: + # Upstream explicitly sets $ORIGIN/netcoredeps as an RPATH + # See https://github.com/dotnet/core/blob/main/Documentation/self-contained-linux-apps.md + allowed_origin_paths: + - /netcoredeps diff --git a/runtime-disable-fortify-on-ilasm-parser.patch b/runtime-disable-fortify-on-ilasm-parser.patch new file mode 100644 index 0000000..a128222 --- /dev/null +++ b/runtime-disable-fortify-on-ilasm-parser.patch @@ -0,0 +1,12 @@ +diff --git dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt +index cca2c6da185..d31e6cb2070 100644 +--- dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt ++++ dotnet/src/runtime/src/coreclr/ilasm/CMakeLists.txt +@@ -52,6 +52,7 @@ if(CLR_CMAKE_HOST_UNIX) + add_compile_options(-Wno-array-bounds) + add_compile_options(-Wno-unused-label) + set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-O0" ) ++ set_source_files_properties( prebuilt/asmparse.cpp PROPERTIES COMPILE_FLAGS "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=0" ) + endif(CLR_CMAKE_HOST_UNIX) + + if(CLR_CMAKE_HOST_LINUX OR CLR_CMAKE_HOST_FREEBSD OR CLR_CMAKE_HOST_NETBSD OR CLR_CMAKE_HOST_SUNOS OR CLR_CMAKE_HOST_HAIKU) diff --git a/runtime-openssl-sha1.patch b/runtime-openssl-sha1.patch new file mode 100644 index 0000000..6e307ef --- /dev/null +++ b/runtime-openssl-sha1.patch @@ -0,0 +1,34 @@ +From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001 +From: Tom Deseyn +Date: Wed, 28 Feb 2024 14:08:15 +0100 +Subject: [PATCH] Allow certificate validation with SHA-1 signatures. + +RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate +validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag +with a chain where the last certificate uses a SHA-1 signature. + +This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default +OpenSSL behavior for certificate validation. +--- + .../libs/System.Security.Cryptography.Native/pal_x509.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +index 04c6ba06cd..2cd3413dae 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5 + + int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore); + +- if (val != 0) +- { +- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE); +- } +- + return val; + } + +-- +2.43.2 + diff --git a/runtime-re-enable-implicit-rejection.patch b/runtime-re-enable-implicit-rejection.patch new file mode 100644 index 0000000..a2e5614 --- /dev/null +++ b/runtime-re-enable-implicit-rejection.patch @@ -0,0 +1,142 @@ +From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001 +From: Omair Majid +Date: Fri, 2 Feb 2024 15:51:23 -0500 +Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)" + +This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995. + +To quote Clemens Lang: + +> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle +> attack against PKCS#1v1.5 decryption. See +> https://people.redhat.com/~hkario/marvin/ for details and +> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a +> comment by the researcher who published the vulnerability and proposed the +> change in OpenSSL. + +For more details, see: +https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314 +--- + .../RSA/EncryptDecrypt.cs | 49 ++++--------------- + .../opensslshim.h | 6 --- + .../pal_evp_pkey_rsa.c | 13 ----- + 3 files changed, 10 insertions(+), 58 deletions(-) + +diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs +index 39f3ebc82ec..5b97f468a42 100644 +--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs ++++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs +@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc + Assert.Equal(TestData.HelloBytes, output); + } + +- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))] ++ [ConditionalFact] + [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)] + public void RoundtripEmptyArray() + { ++ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6)) ++ { ++ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data."); ++ } ++ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0)) ++ { ++ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data."); ++ } ++ + using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params)) + { + void RoundtripEmpty(RSAEncryptionPadding paddingMode) +@@ -757,23 +746,5 @@ public static IEnumerable OaepPaddingModes + } + } + } +- +- public static bool PlatformSupportsEmptyRSAEncryption +- { +- get +- { +- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6)) +- { +- return false; +- } +- +- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0)) +- { +- return false; +- } +- +- return true; +- } +- } + } + } +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h +index 0748e305d5c..cf10d2f7949 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h +@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + REQUIRED_FUNCTION(ERR_peek_error) \ + REQUIRED_FUNCTION(ERR_peek_error_line) \ + REQUIRED_FUNCTION(ERR_peek_last_error) \ +- REQUIRED_FUNCTION(ERR_pop_to_mark) \ + FALLBACK_FUNCTION(ERR_put_error) \ + REQUIRED_FUNCTION(ERR_reason_error_string) \ +- REQUIRED_FUNCTION(ERR_set_mark) \ + LIGHTUP_FUNCTION(ERR_set_debug) \ + LIGHTUP_FUNCTION(ERR_set_error) \ + REQUIRED_FUNCTION(EVP_aes_128_cbc) \ +@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + REQUIRED_FUNCTION(EVP_PKCS82PKEY) \ + REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \ +- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \ + REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \ +@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS + #define ERR_peek_error_line ERR_peek_error_line_ptr + #define ERR_peek_last_error ERR_peek_last_error_ptr + #define ERR_put_error ERR_put_error_ptr +-#define ERR_pop_to_mark ERR_pop_to_mark_ptr + #define ERR_reason_error_string ERR_reason_error_string_ptr + #define ERR_set_debug ERR_set_debug_ptr +-#define ERR_set_mark ERR_set_mark_ptr + #define ERR_set_error ERR_set_error_ptr + #define EVP_aes_128_cbc EVP_aes_128_cbc_ptr + #define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr +@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS + #define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr + #define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr + #define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr +-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr + #define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr + #define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr + #define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c +index 043bf9f9d1e..c9ccdf33e3a 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c +@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const + { + return false; + } +- +- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding. +- // If the padding is invalid, the decryption operation returns random data. +- // See https://github.com/openssl/openssl/pull/13817 for background. +- // Some Linux distributions backported this change to previous versions of OpenSSL. +- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid. +- ERR_set_mark(); +- +- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0"); +- +- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the +- // current version does not support implicit rejection. +- ERR_pop_to_mark(); + } + else + { +-- +2.43.0 + diff --git a/sources b/sources new file mode 100644 index 0000000..c80be34 --- /dev/null +++ b/sources @@ -0,0 +1,4 @@ +SHA512 (dotnet-prebuilts-9.0.100-preview.7.24380.1-ppc64le.tar.gz) = 0d5609f05e6d2f18b9a9fa2d25164cc5b87b53a5f31139b23737a172aad7713352800082303257f65fb9ace57c94132a8ccf5762fd435ccf09936d6bbfbadca1 +SHA512 (dotnet-prebuilts-9.0.100-preview.7.24380.1-s390x.tar.gz) = 0442321e5a346ad1989d9c70adbe687276e2b0b4b17b15db53928536ad5ec2e974a349c532e5cc5ca920586daec6c344042da6c3515846be9f2babe78e913f31 +SHA512 (dotnet-sdk-9.0.100-preview.7.24380.2-linux-arm64.tar.gz) = 8b2e7b17b34edc985c58d0f978a7c6408d7b9de474e102333ab7a36697362bd1ac24eda2473a383e6844c3b0fb977db15c7f7a9d6441903ebe9f86b10727cf99 +SHA512 (dotnet-v9.0.0-preview.7.24405.7-x64-bootstrap.tar.gz) = 1daf2c027bcf6f24deb325a728708ff1e8fc9cad836b24cc4d2b70939677ca4895699379916e593d01ef647ca3da3581b9c1bae5ab4e9cb5f3f6d295d64847a9 diff --git a/tests/ci.fmf b/tests/ci.fmf new file mode 100644 index 0000000..a7901c4 --- /dev/null +++ b/tests/ci.fmf @@ -0,0 +1,45 @@ +summary: Basic smoke test +provision: + disk: 20 + memory: 5120 +prepare: + how: install + package: + - aspnetcore-runtime-9.0 + - babeltrace + - bash-completion + - bc + - binutils + - dotnet-runtime-9.0 + - dotnet-sdk-9.0 + - expect + - file + - findutils + - gcc-c++ + - git + - jq + - libstdc++-devel + - lldb + - lttng-tools + - npm + - postgresql-odbc + - postgresql-server + - procps-ng + - python3 + - strace + - util-linux + - wget + - which + - zlib-devel +execute: + script: + - dotnet --info + - wget --no-verbose https://github.com/redhat-developer/dotnet-bunny/releases/latest/download/turkey.tar.gz + - tar xf turkey.tar.gz + - dotnet turkey/Turkey.dll --version + - git clone "https://github.com/redhat-developer/dotnet-regular-tests.git" + - dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200 + - dnf remove -yq 'dotnet*' + - set -x; if command -v dotnet ; then exit 1; fi + - set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi + - set -x; if man dotnet; then exit 1; fi