Fix FIPS build with RPM 4.20

The FIPS build runs *_install_post commands early during %install so that
the binaries will not be modified after running fipshmac, since those
commands are supposed to be no-op if re-run.  However, __debug_install_post
is only run if __debug_package is defined, which is triggered by the
automatic creation of the debuginfo subpackage where appropriate.

Previously, a hack in redhat-rpm-config caused this to be enabled by
%install, but with RPM 4.20 this is no longer needed, and the hack was
removed from redhat-rpm-config for F41.  On Fedora builds,
%mingw_debug_package triggers this and therefore it still builds, but ELN
is build without mingw and therefore there now is nothing to trigger the
debuginfo generation during %install.  As a result, the binaries would just
be stripped without any debuginfo generation during the first run, leaving
nothing to detect in the second run, and the build would fail for lack of
debug symbols/sources.

https://github.com/rpm-software-management/rpm/issues/2204
7a1571ee80

Related: RHEL-50011
This commit is contained in:
Yaakov Selkowitz 2024-07-19 15:55:26 -04:00 committed by Daiki Ueno
parent 7a0d2e97dd
commit e7ce6b1ef5

View File

@ -380,6 +380,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
%if %{with fips} %if %{with fips}
# doing it twice should be a no-op the second time, # doing it twice should be a no-op the second time,
# and this way we avoid redefining it and missing a future change # and this way we avoid redefining it and missing a future change
%global __debug_package 1
%{__spec_install_post} %{__spec_install_post}
fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*` fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*`
./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac" ./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"