Decouple dependency bundling from bootstrapping

We probably should stop (ab)using the bootstrap macro for module builds
with bundled dependencies. This patch decouples one from the other;
use --with=bundled for just bundling
and --with=bootstrap for full bootstrapping.

Related: rhbz#2056969
This commit is contained in:
Jan Staněk 2022-04-04 14:40:57 +02:00
parent 9e882e7dcf
commit 9014bf6071
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D

View File

@ -1,5 +1,17 @@
# bundle dependencies that are not available as Fedora modules # The following macros control the usage of dependencies bundled from upstream.
%bcond_without bootstrap #
# When to use what:
# - Regular (presumably non-modular) build: use neither (the default in Fedora)
# - Early bootstrapping build that is not intended to be shipped:
# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
# use --with=bundled; will bundle deps, but do not add the suffix
#
# create bootstrapping build with bundled deps and extra release suffix
%bcond_with bootstrap
# bundle dependencies that are not available in CentOS
# currently hardcoded to bundle; see Fedora spec on how to make this dependent on bootstrap
%bcond_without bundled
%if 0%{?rhel} && 0%{?rhel} < 9 %if 0%{?rhel} && 0%{?rhel} < 9
%bcond_without python3_fixup %bcond_without python3_fixup
@ -18,7 +30,7 @@
# This is used by both the nodejs package and the npm subpackage that # This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec # has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end. # will bump this rather than adding .1 to the end.
%global baserelease 4 %global baserelease 5
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -177,16 +189,15 @@ BuildRequires: chrpath
BuildRequires: libatomic BuildRequires: libatomic
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
%if %{with bootstrap} %if %{with bundled}
Provides: bundled(libuv) = %{libuv_version} Provides: bundled(libuv) = %{libuv_version}
%else %else
BuildRequires: libuv-devel >= 1:%{libuv_version} BuildRequires: libuv-devel >= 1:%{libuv_version}
Requires: libuv-devel >= 1:%{libuv_version} Requires: libuv-devel >= 1:%{libuv_version}
%endif %endif
%if %{with bootstrap} || !(0%{?fedora} || 0%{?rhel} >= 9) %if %{with bundled} || !(0%{?fedora} || 0%{?rhel} >= 9)
%define nghttp2_configure %{nil} Provides: bundled(nghttp2) = %{nghttp2_version}
Provides: bundled(nghttp2) = %{nghttp2_version}
%else %else
BuildRequires: libnghttp2-devel >= %{nghttp2_version} BuildRequires: libnghttp2-devel >= %{nghttp2_version}
Requires: libnghttp2-devel >= %{nghttp2_version} Requires: libnghttp2-devel >= %{nghttp2_version}
@ -284,7 +295,7 @@ Requires: zlib-devel%{?_isa}
Requires: brotli-devel%{?_isa} Requires: brotli-devel%{?_isa}
Requires: nodejs-packaging Requires: nodejs-packaging
%if %{without bootstrap} %if %{without bundled}
Requires: libuv-devel%{?_isa} Requires: libuv-devel%{?_isa}
%endif %endif
@ -427,8 +438,8 @@ export LDFLAGS="%{build_ldflags}"
--shared-openssl \ --shared-openssl \
--shared-zlib \ --shared-zlib \
--shared-brotli \ --shared-brotli \
%{!?with_bootstrap:--shared-libuv} \ %{!?with_bundled:--shared-libuv} \
%{!?with_bootstrap:--shared-nghttp2} \ %{!?with_bundled:--shared-nghttp2} \
--with-dtrace \ --with-dtrace \
--with-intl=small-icu \ --with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \ --with-icu-default-data-dir=%{icudatadir} \
@ -684,6 +695,9 @@ end
%changelog %changelog
* Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5
- Decouple dependency bundling from bootstrapping
* Tue Apr 05 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-4 * Tue Apr 05 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-4
- Apply lock file validation fixes - Apply lock file validation fixes
Resolves: CVE-2021-43616 Resolves: CVE-2021-43616