From e7ce6b1ef5e19ba77ca92896ef02d9b0b2e3d0c4 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 19 Jul 2024 15:55:26 -0400 Subject: [PATCH] Fix FIPS build with RPM 4.20 The FIPS build runs *_install_post commands early during %install so that the binaries will not be modified after running fipshmac, since those commands are supposed to be no-op if re-run. However, __debug_install_post is only run if __debug_package is defined, which is triggered by the automatic creation of the debuginfo subpackage where appropriate. Previously, a hack in redhat-rpm-config caused this to be enabled by %install, but with RPM 4.20 this is no longer needed, and the hack was removed from redhat-rpm-config for F41. On Fedora builds, %mingw_debug_package triggers this and therefore it still builds, but ELN is build without mingw and therefore there now is nothing to trigger the debuginfo generation during %install. As a result, the binaries would just be stripped without any debuginfo generation during the first run, leaving nothing to detect in the second run, and the build would fail for lack of debug symbols/sources. https://github.com/rpm-software-management/rpm/issues/2204 https://src.fedoraproject.org/rpms/redhat-rpm-config/c/7a1571ee808ba13b129eab7a7ed3869e77740c3e Related: RHEL-50011 --- gnutls.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/gnutls.spec b/gnutls.spec index 5442854..8531f42 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -380,6 +380,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc %if %{with fips} # doing it twice should be a no-op the second time, # and this way we avoid redefining it and missing a future change +%global __debug_package 1 %{__spec_install_post} fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*` ./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"