import redhat-rpm-config-116-1.el8

This commit is contained in:
CentOS Sources 2019-05-07 09:05:19 -04:00 committed by Andrew Lukoshko
commit 0ede6a1689
40 changed files with 6669 additions and 0 deletions

0
.gitignore vendored Normal file
View File

View File

20
SOURCES/brp-kmod-restore-perms Executable file
View File

@ -0,0 +1,20 @@
#! /bin/bash -efu
## A counterpart of brp-kmod-set-exec-bits that restores original kmod
## file permissions
# If using normal root, avoid changing anything.
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
# Checking for required programs
which chmod >/dev/null || exit 0
[ -r "$RPM_BUILD_ROOT/kmod-permissions.list" ] || exit 0
while read perm path; do
[ -n "$perm" ] || continue
chmod "$perm" "$RPM_BUILD_ROOT/$path"
done < "$RPM_BUILD_ROOT/kmod-permissions.list"
rm -f "$RPM_BUILD_ROOT/kmod-permissions.list"

14
SOURCES/brp-kmod-set-exec-bit Executable file
View File

@ -0,0 +1,14 @@
#! /bin/bash -efux
## A hack for making brp-strip taking into account kmod files
# If using normal root, avoid changing anything.
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/" ] || exit 0
# Checking for required programs
which find chmod >/dev/null || exit 0
find "$RPM_BUILD_ROOT" \
-name '*.ko' \
-printf '%#m %P\n' \
-exec chmod u+x '{}' \; > "$RPM_BUILD_ROOT/kmod-permissions.list"

10
SOURCES/brp-ldconfig Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh -efu
# Force creating of DSO symlinks.
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
/sbin/ldconfig -N -r "$RPM_BUILD_ROOT"
# TODO: warn if it created new symlinks and guide people.

144
SOURCES/brp-mangle-shebangs Executable file
View File

@ -0,0 +1,144 @@
#!/bin/bash -eu
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
exclude_files=""
exclude_files_from=""
exclude_shebangs=""
exclude_shebangs_from=""
usage() {
local verbose=$1 && shift
local outfile=$1 && shift
local status=$1 && shift
(
echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
if [ "${verbose}" == "yes" ]; then
echo ' --files: extended regexp of files to ignore'
echo ' --files-from: file containing a list of extended regexps of files to ignore'
echo ' --shebangs: extended regexp of shebangs to ignore'
echo ' --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
fi
) >>${outfile}
exit ${status}
}
while [ $# -gt 0 ] ; do
case "$1" in
--files)
exclude_files="${2}"
shift
;;
--files=*)
exclude_files="${1##--files=}"
;;
--files-from)
exclude_files_from="${2}"
shift
;;
--files-from=*)
exclude_files_from="${1##--files-from=}"
;;
--shebangs)
exclude_shebangs="${2}"
shift
;;
--shebangs=*)
exclude_shebangs="${1##--shebangs=}"
;;
--shebangs-from)
exclude_shebangs_from="${2}"
shift
;;
--shebangs-from=*)
exclude_shebangs_from="${1##--shebangs-from=}"
;;
--help|--usage|"-?"|-h)
usage yes /dev/stdout 0
;;
*)
echo "Unknown option \"${1}\"" 1>&2
usage no /dev/stderr 1
;;
esac
shift
done
cd "$RPM_BUILD_ROOT"
trim() {
printf '%s' "$*"
}
fail=0
while IFS= read -r -d $'\0' f; do
file -N --mime-type "$f" | grep -q -P ".+(?=: text/)" || continue
# Remove the dot
path="${f#.}"
if [ -n "$exclude_files" ]; then
echo "$path" | grep -q -E "$exclude_files" && continue
fi
if [ -n "$exclude_files_from" ]; then
echo "$path" | grep -q -E -f "$exclude_files_from" && continue
fi
ts=$(stat -c %y "$f")
read shebang_line < "$f" || :
orig_shebang=$(trim $(echo "$shebang_line" | grep -Po "#!\K.*" || echo))
shebang="$orig_shebang"
if [ -n "$exclude_shebangs" ]; then
echo "$shebang" | grep -q -E "$exclude_shebangs" && continue
fi
if [ -n "$exclude_shebangs_from" ]; then
echo "$shebang" | grep -q -E -f "$exclude_shebangs_from" && continue
fi
if [ -z "$shebang" ]; then
echo >&2 "*** WARNING: $f is executable but has empty or no shebang, removing executable bit"
chmod -x "$f"
touch -d "$ts" "$f"
continue
elif [ -n "${shebang##/*}" ]; then
echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
fail=1
continue
fi
if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
continue
fi
# Replace "special" env shebang:
# /whatsoever/env /whatever/foo → /whatever/foo
shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
# /whatsoever/env foo → /whatsoever/foo
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
# Replace python3 with the desired Python 3 shebang,
# if passed as an non-empty environment variable PYTHON3
if [ -n "${PYTHON3:+x}" ]; then
shebang=$(echo "$shebang" | sed -r -e "s@/usr/bin/python3(\s|$)@${PYTHON3}\1@")
fi
# Replace ambiguous python with python2
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
if [ "$shebang" != "$py_shebang" ]; then
echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
fail=1
elif [ "#!$shebang" != "#!$orig_shebang" ]; then
sed -i -e "1c #!$shebang" "$f"
echo "mangling shebang in $path from $orig_shebang to #!$shebang"
fi
touch -d "$ts" "$f"
done < <(find -executable -type f -print0)
exit $fail

336
SOURCES/buildflags.md Normal file
View File

@ -0,0 +1,336 @@
This document contains documentation of the individual compiler flags
and how to use them.
[TOC]
# Using RPM build flags
For packages which use autoconf to set up the build environment, use
the `%configure` macro to obtain the full complement of flags, like
this:
%configure
This will invoke the `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults.
As a side effect, this will set the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
makefiles and other build tools. (However, existing values for this
variables are not overwritten.)
If your package does not use autoconf, you can still set the same
environment variables using
%set_build_flags
early in the `%build` section. (Again, existing environment variables
are not overwritten.)
Individual build flags are also available through RPM macros:
* `%{build_cflags}` for the C compiler flags (also known as the
`CFLAGS` variable). Also historically available as `%{optflags}`.
Furthermore, at the start of the `%build` section, the environment
variable `RPM_OPT_FLAGS` is set to this value.
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
the `CXXFLAGS` shell variable).
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
known as the `FCFLAGS` variable).
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
`LDFLAGS`. Note that the contents quotes linker arguments using
`-Wl`, so this variable is intended for use with the `gcc` compiler
driver. At the start of the `%build` section, the environment
variable `RPM_LD_FLAGS` is set to this value.
These RPM macros do not alter shell environment variables.
For some other build tools separate mechanisms exist:
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
package.
Care must be taking not to compile the current selection of compiler
flags into any RPM package besides `redhat-rpm-config`, so that flag
changes are picked up automatically once `redhat-rpm-config` is
updated.
# Flag selection for the build type
The default flags are suitable for building applications.
For building shared objects, you must compile with `-fPIC` in
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
# Customizing compiler flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarunds are not available.
### Lazy binding
If your package depends on the semantics of lazy binding (e.g., it has
plugins which load additional plugins to complete their dependencies,
before which some referenced functions are undefined), you should put
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
which have such requirements. Under these circumstances, it is
unnecessary to disable hardened builds (and thus lose full ASLR for
executables), or link everything without `-Wl,z,now` (non-lazy
binding).
### Hardened builds
By default, the build flags enable fully hardened builds. To change
this, include this in the RPM spec file:
%undefine _hardened_build
This turns off certain hardening features, as described in detail
below. The main difference is that executables will be
position-dependent (no full ASLR) and use lazy binding.
### Annotated builds/watermarking
By default, the build flags cause a special output section to be
included in ELF files which describes certain aspects of the build.
To change this for all compiler invocations, include this in the RPM
spec file:
%undefine _annotated_build
Be warned that this turns off watermarking, making it impossible to do
full hardening coverage analysis for any binaries produced.
It is possible to disable annotations for individual compiler
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
the annobin plugin must still be loaded for this flag to be
recognized, so it has to come after the hardening flags on the command
line (it has to be added at the end of `CFLAGS`, or specified after
the `CFLAGS` variable contents).
### Strict symbol checks in the link editor (ld)
Optionally, the link editor will refuse to link shared objects which
contain undefined symbols. Such symbols lack symbol versioning
information and can be bound to the wrong (compatibility) symbol
version at run time, and not the actual (default) symbol version which
would have been used if the symbol definition had been available at
static link time. Furthermore, at run time, the dynamic linker will
not have complete dependency information (in the form of DT_NEEDED
entries), which can lead to errors (crashes) if IFUNC resolvers are
executed before the shared object containing them is fully relocated.
To switch on these checks, define this macro in the RPM spec file:
%define _strict_symbol_defs_build 1
If this RPM spec option is active, link failures will occur if the
linker command line does not list all shared objects which are needed.
In this case, you need to add the missing DSOs (with linker arguments
such as `-lm`). As a result, the link editor will also generated the
necessary DT_NEEDED entries.
In some cases (such as when a DSO is loaded as a plugin and is
expected to bind to symbols in the main executable), undefined symbols
are expected. In this case, you can add
%undefine _strict_symbol_defs_build
to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
# Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
The general (architecture-independent) build flags are:
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
Optimization improves performance, the accuracy of warnings, and the
reach of toolchain-based hardening, but it makes debugging harder.
* `-g`: Generate debugging information (DWARF). In Fedora, this data
is separated into `-debuginfo` RPM packages whose installation is
optional, so debuging information does not increase the size of
installed binaries by default.
* `-pipe`: Run compiler and assembler in parallel and do not use a
temporary file for the assembler input. This can improve
compilation performance. (This does not affect code generation.)
* `-Wall`: Turn on various GCC warnings.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
* `-Werror=format-security`: Turn on format string warnings and treat
them as errors.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
This can occasionally result in compilation errors. In this case,
the best option is to rewrite the source code so that only constant
format strings (string literals) are used.
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
hardening features in glibc:
* String functions such as `memcpy` attempt to detect buffer lengths
and terminate the process if a buffer overflow is detected.
* `printf` format strings may only contain the `%n` format specifier
if the format string resides in read-only memory.
* `open` and `openat` flags are checked for consistency with the
presence of a *mode* argument.
* Plus other minor hardening changes.
(These changes can occasionally break valid programs.)
* `-fexceptions`: Provide exception unwinding support for C programs.
See the [`-fexceptions` option in the GCC
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
and the [`cleanup` variable
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
This also hardens cancellation handling in C programs because
it is not required to use an on-stack jump buffer to install
a cancellation handler with `pthread_cleanup_push`. It also makes
it possible to unwind the stack (using C++ `throw` or Rust panics)
from C callback functions if a C library supports non-local exits
from them (e.g., via `longjmp`).
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
C++ standard library, such as bounds checking for the subscription
operator on vectors. (This flag is added to both `CFLAGS` and
`CXXFLAGS`; C compilations will simply ignore it.)
* `-fstack-protector-strong`: Instrument functions to detect
stack-based buffer overflows before jumping to the return address on
the stack. The *strong* variant only performs the instrumentation
for functions whose stack frame contains addressable local
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
For hardened builds (which are enabled by default, see above for how
to disable them), the flag
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
command line. It adds the following flag to the command line:
* `-fPIE`: Compile for a position-independent executable (PIE),
enabling full address space layout randomization (ASLR). This is
similar to `-fPIC`, but avoids run-time indirections on certain
architectures, resulting in improved performance and slightly
smaller executables. However, compared to position-dependent code
(the default generated by GCC), there is still a measurable
performance impact.
If the command line also contains `-r` (producing a relocatable
object file), `-fpic` or `-fPIC`, this flag is automatically
dropped. (`-fPIE` can only be used for code which is linked into
the main program.) Code which goes into static libraries should be
compiled with `-fPIE`, except when this code is expected to be
linked into DSOs, when `-fPIC` must be used.
To be effective, `-fPIE` must be used with the `-pie` linker flag
when producing an executable, see below.
To support [binary watermarks for ELF
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
added by default. This can be switched off by undefining the
`%_annotated_build` RPM macro (see above).
### Architecture-specific compiler flags
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead, but
is only available on certain architectures (currently aarch64, i386,
ppc64, ppc64le, s390x, x86_64).
* `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler
flag.
* `-fasynchronous-unwind-tables`: Generate full unwind information
covering all program points. This is required for support of
asynchronous cancellation and proper unwinding from signal
handlers. It also makes performance and debugging tools more
useful because unwind information is available without having to
install (and load) debugging ienformation.
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
and x86_64. They are not needed on armhfp, ppc64 and ppc64le due
to architectural differences in stack management. On these
architectures, `-fexceptions` (see above) still enables regular
unwind tables (or they are enabled by default even without this
option).
* `-funwind-tables`: A subset of the unwind information restricted
to actual call sites. Used on ppc64, ppc64le. Also implied by
`-fexceptions`.
In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are:
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
selects an Arm subarchitecture based on the ARMv7-A architecture
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
tuning for the Cortex-A8 implementation (while preserving compatibility
with other ARMv7-A implementations). `-mabi=aapcs-linux` switches to
the AAPCS ABI for GNU/Linux.
* **i686**: `-march=x86-64` is used to select a minimum supported
CPU level matching the baseline for the x86_64 architecture.
`-mtune=generic` activates tuning for a current blend of CPUs.
`-mfpmath=sse` uses the SSE2 unit for floating point math,
instead of the legacy i387 FPU, avoiding issues related to excess
precision. `-mstackrealign` ensures that the generated code
does not assume 16-byte stack alignment (as required by the current
i386 ABI), but stays compatible with application code compiled
before the introduction of 16-byte stack alignment along with SSE2
support.
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
CPU level of POWER8 (the first CPU with ppc64le support) and tunes
for POWER8.
* **s390x**: `-march=z13 -mtune=z14` specifies a minimum supported CPU
level of z13, while optimizing for a subsequent CPU generation
(z14).
* **x86_64**: `-mtune=generic` selects tuning which is expected to
beneficial for a broad range of current CPUs.
* **ppc64** and **aarch64** do not have any architecture-specific tuning.
# Individual linker flags
Linker flags end up in the environment variable `LDFLAGS`.
The linker flags listed below are injected. Note that they are
prefixed with `-Wl` because it is expected that these flags are passed
to the compiler driver `gcc`, and not directly to the link editor
`ld`.
* `-z relro`: Activate the *read-only after relocation* feature.
Constant data and relocations are placed on separate pages, and the
dynamic linker is instructed to revoke write permissions after
dynamic linking. Full protection of relocation data requires the
`-z now` flag (see below).
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
(optional, see above).
For hardened builds, the
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
compiler driver command line. (This can be disabled by undefining the
`%_hardened_build` macro; see above) This activates the following
linker flags:
* `-pie`: Produce a PIE binary. This is only activated for the main
executable, and only if it is dynamically linked. This requires
that all objects which are linked in the main executable have been
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
By itself, `-pie` has only a slight performance impact because it
disables some link editor optimization, however the `-fPIE` compiler
flag has some overhead.
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
linker feature. Lazy binding involves an array of function pointers
which is writable at run time (which could be overwritten as part of
security exploits, redirecting execution). Therefore, it is
preferable to turn of lazy binding, although it increases startup
time.

1462
SOURCES/config.guess vendored Normal file

File diff suppressed because it is too large Load Diff

1823
SOURCES/config.sub vendored Normal file

File diff suppressed because it is too large Load Diff

66
SOURCES/dist.sh Executable file
View File

@ -0,0 +1,66 @@
#!/bin/bash
# dist.sh
# Author: Tom "spot" Callaway <tcallawa@redhat.com>
# License: GPL
# This is a script to output the value for the %{dist}
# tag. The dist tag takes the following format: .$type$num
# Where $type is one of: el, fc, rh
# (for RHEL, Fedora Core, and RHL, respectively)
# And $num is the version number of the distribution.
# NOTE: We can't detect Rawhide or Fedora Test builds properly.
# If we successfully detect the version number, we output the
# dist tag. Otherwise, we exit with no output.
RELEASEFILE=/etc/redhat-release
function check_num {
MAINVER=`cut -d "(" -f 1 < $RELEASEFILE | \
sed -e "s/[^0-9.]//g" -e "s/$//g" | cut -d "." -f 1`
echo $MAINVER | grep -q '[0-9]' && echo $MAINVER
}
function check_rhl {
grep -q "Red Hat Linux" $RELEASEFILE && ! grep -q "Advanced" $RELEASEFILE && echo $DISTNUM
}
function check_rhel {
egrep -q "(Enterprise|Advanced)" $RELEASEFILE && echo $DISTNUM
}
function check_fedora {
grep -q Fedora $RELEASEFILE && echo $DISTNUM
}
DISTNUM=`check_num`
DISTFC=`check_fedora`
DISTRHL=`check_rhl`
DISTRHEL=`check_rhel`
if [ -n "$DISTNUM" ]; then
if [ -n "$DISTFC" ]; then
DISTTYPE=fc
elif [ -n "$DISTRHEL" ]; then
DISTTYPE=el
elif [ -n "$DISTRHL" ]; then
DISTTYPE=rhl
fi
fi
[ -n "$DISTTYPE" -a -n "$DISTNUM" ] && DISTTAG=".${DISTTYPE}${DISTNUM}"
case "$1" in
--el) echo -n "$DISTRHEL" ;;
--fc) echo -n "$DISTFC" ;;
--rhl) echo -n "$DISTRHL" ;;
--distnum) echo -n "$DISTNUM" ;;
--disttype) echo -n "$DISTTYPE" ;;
--help)
printf "Usage: $0 [OPTIONS]\n"
printf " Default mode is --dist. Possible options:\n"
printf " --el\t\tfor RHEL version (if RHEL)\n"
printf " --fc\t\tfor Fedora version (if Fedora)\n"
printf " --rhl\t\tfor RHL version (if RHL)\n"
printf " --dist\t\tfor distribution tag\n"
printf " --distnum\tfor distribution number (major)\n"
printf " --disttype\tfor distribution type\n" ;;
*) echo -n "$DISTTAG" ;;
esac

50
SOURCES/find-provides Executable file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# This script reads filenames from STDIN and outputs any relevant provides
# information that needs to be included in the package.
if [ "$1" ]
then
package_name="$1"
fi
filelist=`sed "s/['\"]/\\\&/g"`
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] &&
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --provides
#
# --- any other extra find-provides scripts
for i in /usr/lib/rpm/redhat/find-provides.d/*.prov
do
[ -x $i ] &&
(echo $filelist | tr '[:blank:]' \\n | $i | sort -u)
done
#
# --- Kernel module imported symbols
#
# Since we don't (yet) get passed the name of the package being built, we
# cheat a little here by looking first for a kernel, then for a kmod.
#
is_kmod=1
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
then
is_kernel=1;
fi
if [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
then
unset is_kmod;
fi
done
if [ ! "$is_kernel" ] || [ "$package_name" == "kernel" ]
then
unset is_kmod
fi
[ -x /usr/lib/rpm/redhat/find-provides.ksyms ] && [ "$is_kmod" ] &&
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-provides.ksyms
exit 0

48
SOURCES/find-provides.ksyms Executable file
View File

@ -0,0 +1,48 @@
#! /bin/bash
IFS=$'\n'
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'); do
tmpfile=""
if [ "x${module%.ko}" = "x${module}" ]; then
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
proc_bin=
case "${module##*.}" in
xz)
proc_bin=xz
;;
bz2)
proc_bin=bzip2
;;
gz)
proc_bin=gzip
;;
esac
[ -n "$proc_bin" ] || continue
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
module="$tmpfile"
fi
if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
nm $module \
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
| LC_ALL=C sort -u
else
ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
if [[ -n $(readelf -h $module | grep "little endian") ]]; then
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
else
RODATA=$ELFRODATA
fi
for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
echo $sym $RODATA
done \
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
| LC_ALL=C sort -u
fi
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
done

38
SOURCES/find-requires Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
#
# Auto-generate requirements for executables (both ELF and a.out) and library
# sonames, script interpreters, and perl modules.
#
ulimit -c 0
filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires
#
# --- Kernel module imported symbols
#
# Since we don't (yet) get passed the name of the package being built, we
# cheat a little here by looking first for a kernel, then for a kmod.
#
unset is_kmod
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ]
then
is_kmod=1;
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
then
unset is_kmod;
break;
fi
done
[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
exit 0

155
SOURCES/find-requires.ksyms Executable file
View File

@ -0,0 +1,155 @@
#! /bin/bash
#
# This script is called during external module building to create dependencies
# both upon the RHEL kernel, and on additional external modules. Symbols that
# cannot be reconciled against those provided by the kernel are assumed to be
# provided by an external module and "ksym" replaces th regular "kernel" dep.
IFS=$'\n'
# Extract all of the symbols provided by this module.
all_provides() {
for module in "$@"; do
tmpfile=""
if [ "x${module%.ko}" = "x${module}" ]; then
tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko)
proc_bin=
case "${module##*.}" in
xz)
proc_bin=xz
;;
bz2)
proc_bin=bzip2
;;
gz)
proc_bin=gzip
;;
esac
[ -n "$proc_bin" ] || continue
"$proc_bin" -d -c - < "$module" > "$tmpfile" || continue
module="$tmpfile"
fi
if [[ -n $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
nm "$module" \
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
| awk --non-decimal-data '{printf("%s:0x%08x\n", $2, $1)}'
else
ELFRODATA=$(readelf -R .rodata "$module" | awk '/0x/{printf $2$3$4$5}')
if [[ -n $(readelf -h "$module" | grep "little endian") ]]; then
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
else
RODATA=$ELFRODATA
fi
for sym in $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
echo $sym $RODATA
done \
| awk --non-decimal-data '{printf("%s:0x%08s\n", $2, substr($3,($1*2)+1,8))}'
fi
[ -z "$tmpfile" ] || rm -f -- "$tmpfile"
done \
| LC_ALL=C sort -k1,1 -u
}
# Extract all of the requirements of this module.
all_requires() {
for module in "$@"; do
set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
/sbin/modprobe --dump-modversions "$module" \
| awk --non-decimal-data '
BEGIN { FS = "\t" ; OFS = "\t" }
{printf("%s:0x%08x\n", $2, $1)}' \
| sed -r -e 's:$:\t'"$1"':'
done \
| LC_ALL=C sort -k1,1 -u
}
# Filter out requirements fulfilled by the module itself.
mod_requires() {
LC_ALL=C join -t $'\t' -j 1 -v 1 \
<(all_requires "$@") \
<(all_provides "$@") \
| LC_ALL=C sort -k1,1 -u
}
if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
cat > /dev/null
exit 0
fi
check_kabi() {
arch=$(uname -m)
kabi_file="/lib/modules/kabi-current/kabi_whitelist_$arch"
# If not installed, output a warning and return (continue)
if [ ! -f "$kabi_file" ]; then
echo "" >&2
echo "********************************************************************************" >&2
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
echo "********************************************************************************" >&2
echo "The kernel ABI reference files (provided by "kabi-whitelists") were not found." >&2
echo "No compatibility check was performed. Please install the kABI reference files" >&2
echo "and rebuild if you would like to verify compatibility with kernel ABI." >&2
echo "" >&2
return
fi
unset non_kabi
for symbol in "$@"; do
if ! egrep "^[[:space:]]$symbol\$" $kabi_file >/dev/null; then
non_kabi=("${non_kabi[@]}" "$symbol")
fi
done
if [ ${#non_kabi[@]} -gt 0 ]; then
echo "" >&2
echo "********************************************************************************" >&2
echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2
echo "********************************************************************************" >&2
echo "The following kernel symbols are not guaranteed to remain compatible with" >&2
echo "future kernel updates to this RHEL release:" >&2
echo "" >&2
for symbol in "${non_kabi[@]}"; do
printf "\t$symbol\n" >&2
done
echo "" >&2
echo "Red Hat recommends that you consider using only official kernel ABI symbols" >&2
echo "where possible. Requests for additions to the kernel ABI can be filed with" >&2
echo "your partner or customer representative (component: driver-update-program)." >&2
echo "" >&2
fi
}
modules=($(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$'))
if [ ${#modules[@]} -gt 0 ]; then
kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
# get all that kernel provides
symvers=$(mktemp -t ${0##*/}.XXXXX)
cat /usr/src/kernels/$kernel/Module.symvers | awk '
BEGIN { FS = "\t" ; OFS = "\t" }
{ print $2 ":" $1 }
' \
| sed -r -e 's:$:\t'"$kernel"':' \
| LC_ALL=C sort -k1,1 -u > $symvers
# Symbols matching with the kernel get a "kernel" dependency
mod_req=$(mktemp -t mod_req.XXXXX)
mod_requires "${modules[@]}" > "$mod_req"
LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
# Symbols from elsewhere get a "ksym" dependency
LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
# Check kABI if the kabi-whitelists package is installed
# Do this last so we can try to output this error at the end
kabi_check_symbols=($(LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \
| awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print $1 }'))
check_kabi "${kabi_check_symbols[@]}"
fi

14
SOURCES/firmware.prov Normal file
View File

@ -0,0 +1,14 @@
#!/bin/sh
#
# firmware.prov - Automatically extract any and all firmware dependencies from
# kernel object (.ko) files and add to RPM deps.
IFS=$'\n'
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') $*;
do
for firmware in `/sbin/modinfo -F firmware $module`;
do
echo "firmware($firmware)"
done
done

2
SOURCES/kabi.attr Normal file
View File

@ -0,0 +1,2 @@
%__kabi_provides %{_rpmconfigdir}/kabi.sh
%__kabi_path ^(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz$

13
SOURCES/kabi.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash +x
#
# kabi.sh - Automatically extract any kernel symbol checksum from the
# symvers file and add to RPM deps. This is used to move the
# checksum checking from modprobe to rpm install for 3rd party
# modules (so they can fail during install and not at load).
IFS=$'\n'
for symvers in $(grep -E '(/boot/symvers-.*|/lib/modules/[1-9].*/symvers)\.gz') "$@";
do
zcat $symvers | awk ' {print "kernel(" $2 ") = " $1 }'
done

2
SOURCES/kmod.attr Normal file
View File

@ -0,0 +1,2 @@
%__kmod_provides %{_rpmconfigdir}/kmod.prov
%__kmod_path ^/lib/modules/.*$

17
SOURCES/kmod.prov Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh +x
IFS=$'\n'
for i in $(grep -E '(/lib/modules/.*\.ko|/lib/modules/.*/modules.builtin)');
do
kmod=$(basename $i | sed -e 's/.[xg]z//');
if [ $kmod == "modules.builtin" ]; then
for j in $(cat $i); do
j=$(basename $j);
echo "kmod($j)"
done
else
echo "kmod($kmod)"
fi
done

349
SOURCES/kmodtool Executable file
View File

@ -0,0 +1,349 @@
#!/bin/bash
# kmodtool - Helper script for building kernel module RPMs
# An original version appeared in Fedora. This version is
# generally called only by the %kernel_module_package RPM macro
# during the process of building Driver Update Packages (which
# are also known as "kmods" in the Fedora community).
#
# Copyright (c) 2003-2010 Ville Skyttä <ville.skytta@iki.fi>,
# Thorsten Leemhuis <fedora@leemhuis.info>
# Jon Masters <jcm@redhat.com>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Changelog:
#
# 2010/07/28 - Add fixes for filelists in line with LF standard
# - Remove now defunct "framepointer" kernel variant
# - Change version to "rhel6-rh2" as a consequence.
#
# 2010/01/10 - Simplified for RHEL6. We are working on upstream
# moving to a newer format and in any case do not
# need to retain support for really old systems.
shopt -s extglob
myprog="kmodtool"
myver="0.10.10_rhel8"
knownvariants=@(debug|kdump|zfcpdump)
kmod_name=
kver=
verrel=
variant=
get_verrel ()
{
verrel=${1:-$(uname -r)}
verrel=${verrel/%[.+]$knownvariants/}
}
print_verrel ()
{
get_verrel "$@"
echo "${verrel}"
}
get_variant ()
{
get_verrel "$@"
variant=${1:-$(uname -r)}
variant=${variant/#$verrel?(.+)/}
variant=${variant:-'""'}
}
print_variant ()
{
get_variant $@
echo "${variant}"
}
# Detect flavor separator character. We have to do that due to
# a systemd-tailored patch for kernel spec[1][2] introduced in Fedora and then
# imported in RHEL 8 that broke all OOT kmod infrastructure for the flavored
# kernels.
#
# [1] https://lists.fedoraproject.org/pipermail/kernel/2013-June/004262.html
# [2] https://src.fedoraproject.org/rpms/kernel/c/faf25207dc86666a611c45ae3ffaf385c170bd2a
#
# $1 - kver
# $2 - variant
get_variant_char ()
{
variant="$2"
[ "$variant" != "default" ] || variant=""
get_verrel "$1"
variant_char=""
[ -n "$variant" ] || return 0
# We expect that the flavored kernel is already installed in the buildroot
variant_char="+"
[ -e "/usr/src/kernels/${verrel}+${variant}" ] && return 0
variant_char="."
}
print_variant_char ()
{
get_variant_char "$@"
echo "${variant_char}"
}
print_kernel_source ()
{
get_variant_char "$@"
echo "/usr/src/kernels/${verrel}${variant_char}${variant}"
}
get_filelist() {
local IFS=$'\n'
filelist=($(cat))
if [ ${#filelist[@]} -gt 0 ];
then
for ((n = 0; n < ${#filelist[@]}; n++));
do
line="${filelist[n]}"
line=$(echo "$line" \
| sed -e "s/%verrel/$verrel/g" \
| sed -e "s/%variant/$variant/g" \
| sed -e "s/%dashvariant/$dashvariant/g" \
| sed -e "s/%dotvariant/$dotvariant/g" \
| sed -e "s/\+%1/$dotvariant/g" \
| sed -e "s/\.%1/$dotvariant/g" \
| sed -e "s/\-%1/$dotvariant/g" \
| sed -e "s/%2/$verrel/g")
echo "$line"
done
else
echo "%defattr(644,root,root,755)"
echo "/lib/modules/${verrel}${dotvariant}"
fi
}
get_rpmtemplate ()
{
local variant="${1}"
get_variant_char "${verrel}" "${variant}"
local dashvariant="${variant:+-${variant}}"
local dotvariant="${variant:+${variant_char}${variant}}"
echo "%package -n kmod-${kmod_name}${dashvariant}"
if [ -z "$kmod_provides_summary" ]; then
echo "Summary: ${kmod_name} kernel module(s)"
fi
if [ -z "$kmod_provides_group" ]; then
echo "Group: System Environment/Kernel"
fi
if [ ! -z "$kmod_version" ]; then
echo "Version: %{kmod_version}"
fi
if [ ! -z "$kmod_release" ]; then
echo "Release: %{kmod_release}"
fi
# Turn of the internal dep generator so we will use the kmod scripts.
echo "%global _use_internal_dependency_generator 0"
cat <<EOF
Provides: kernel-modules >= ${verrel}${dotvariant}
Provides: kernel${dashvariant}-modules >= ${verrel}
Provides: ${kmod_name}-kmod = %{?epoch:%{epoch}:}%{version}-%{release}
Requires(post): /usr/sbin/depmod
Requires(postun): /usr/sbin/depmod
Requires(post): /usr/sbin/weak-modules
Requires(postun): /usr/sbin/weak-modules
EOF
if [ "yes" != "$nobuildreqs" ]
then
cat <<EOF
BuildRequires: kernel${dashvariant}-devel
BuildRequires: kernel-abi-whitelists
BuildRequires: redhat-rpm-config kernel-rpm-macros
BuildRequires: elfutils-libelf-devel kmod
EOF
fi
if [ "" != "$override_preamble" ]
then
cat "$override_preamble"
fi
cat <<EOF
%description -n kmod-${kmod_name}${dashvariant}
This package provides the ${kmod_name} kernel modules built for
the Linux kernel ${verrel}${dotvariant} for the %{_target_cpu}
family of processors.
EOF
##############################################################################
## The following are not part of this script directly, they are scripts ##
## that will be executed by RPM during various stages of package processing ##
##############################################################################
cat <<EOF
%post -n kmod-${kmod_name}${dashvariant}
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
fi
modules=( \$(find /lib/modules/${verrel}${dotvariant}/extra/${kmod_name} | grep '\.ko$') )
if [ -x "/usr/sbin/weak-modules" ]; then
printf '%s\n' "\${modules[@]}" \
| /usr/sbin/weak-modules --add-modules
fi
EOF
cat <<EOF
%preun -n kmod-${kmod_name}${dashvariant}
rpm -ql kmod-${kmod_name}${dashvariant}-%{kmod_version}-%{kmod_release}.$(arch) | grep '\.ko$' > /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
EOF
cat <<EOF
%postun -n kmod-${kmod_name}${dashvariant}
if [ -e "/boot/System.map-${verrel}${dotvariant}" ]; then
/usr/sbin/depmod -aeF "/boot/System.map-${verrel}${dotvariant}" "${verrel}${dotvariant}" > /dev/null || :
fi
modules=( \$(cat /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules) )
rm /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
if [ -x "/usr/sbin/weak-modules" ]; then
printf '%s\n' "\${modules[@]}" \
| /usr/sbin/weak-modules --remove-modules
fi
EOF
echo "%files -n kmod-${kmod_name}${dashvariant}"
if [ "" == "$override_filelist" ];
then
echo "%defattr(644,root,root,755)"
echo "/lib/modules/${verrel}${dotvariant}"
else
cat "$override_filelist" | get_filelist
fi
}
print_rpmtemplate ()
{
kmod_name="${1}"
shift
kver="${1}"
get_verrel "${1}"
shift
if [ -z "${kmod_name}" ] ; then
echo "Please provide the kmodule-name as first parameter." >&2
exit 2
elif [ -z "${kver}" ] ; then
echo "Please provide the kver as second parameter." >&2
exit 2
elif [ -z "${verrel}" ] ; then
echo "Couldn't find out the verrel." >&2
exit 2
fi
for variant in "$@" ; do
if [ "default" == "$variant" ];
then
get_rpmtemplate ""
else
get_rpmtemplate "${variant}"
fi
done
}
usage ()
{
cat <<EOF
You called: ${invocation}
Usage: ${myprog} <command> <option>+
Commands:
verrel <uname>
- Get "base" version-release.
variant <uname>
- Get variant from uname.
variant_char <uname> <variant>
- Get kernel variant separator character.
kernel_source <uname> <variant>
- Get path to kernel source directory.
rpmtemplate <mainpgkname> <uname> <variants>
- Return a template for use in a source RPM
version
- Output version number and exit.
EOF
}
invocation="$(basename ${0}) $@"
while [ "${1}" ] ; do
case "${1}" in
verrel)
shift
print_verrel "$@"
exit $?
;;
variant)
shift
print_variant "$@"
exit $?
;;
variant_char)
shift
print_variant_char "$@"
exit $?
;;
kernel_source)
shift
print_kernel_source "$@"
exit $?
;;
rpmtemplate)
shift
print_rpmtemplate "$@"
exit $?
;;
version)
echo "${myprog} ${myver}"
exit 0
;;
*)
echo "Error: Unknown option '${1}'." >&2
usage >&2
exit 2
;;
esac
done
# Local variables:
# mode: sh
# sh-indentation: 2
# indent-tabs-mode: nil
# End:
# ex: ts=2 sw=2 et

5
SOURCES/libsymlink.attr Normal file
View File

@ -0,0 +1,5 @@
# Make libfoo.so symlinks require the soname-provide of the target library
%__libsymlink_requires %{_rpmconfigdir}/elfdeps --provides --soname-only
%__libsymlink_magic ^symbolic link to .*lib.*\.so\..*$
%__libsymlink_path ^.*\.so$
%__libsymlink_flags magic_and_path

252
SOURCES/macros Normal file
View File

@ -0,0 +1,252 @@
# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{optflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{optflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{optflags} -I%{_fmoddir}
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
%build_ldflags -Wl,-z,relro %{_ld_symbols_flags} %{_hardened_ldflags}
# Expands to shell code to seot the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
%configure \
%{set_build_flags}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
# Maximum number of CPU's to use when building, 0 for unlimited.
#
# This was for some time capped at 16. Please see
# https://bugzilla.redhat.com/show_bug.cgi?id=669638 and
# https://bugzilla.redhat.com/show_bug.cgi?id=1384938 for the situation
# surrounding this.
#%_smp_ncpus_max 0
%_smp_mflags %([ -z "$RPM_BUILD_NCPUS" ] \\\
&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
ncpus_max=%{?_smp_ncpus_max}; \\\
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
if [ "$RPM_BUILD_NCPUS" -gt 1 ]; then echo "-j$RPM_BUILD_NCPUS"; fi)
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
mkdir "$RPM_BUILD_ROOT"\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_python_bytecompile /usr/lib/rpm/brp-python-bytecompile %{?_python_bytecompile_errors_terminate_build}
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs PYTHON3="%{__python3}" /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_static_archive} \
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
%{?__brp_python_hardlink} \
%{?__brp_mangle_shebangs} \
%{nil}
%__spec_install_post\
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
#
## Automatically compile python files
%py_auto_byte_compile 1
#
## Should python bytecompilation errors terminate a build?
%_python_bytecompile_errors_terminate_build 1
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use XZ compression for binary payloads
%_binary_payload w2.xzdio
%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
# Harden packages by default for Fedora 23:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
%_annobin_cflags -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# Add extra information to binary objects created by gcc for Fedora 28:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annotated_cflags %{?_annotated_build:%{_annobin_cflags}}
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _strict_symbol_defs_build 1" to enable.
#%_strict_symbol_defs_build 1
%_ld_symbols_flags %{?_strict_symbol_defs_build:-Wl,-z,defs}
%__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}

39
SOURCES/macros.dwz Normal file
View File

@ -0,0 +1,39 @@
# Macros for reducing debug info size using dwz(1) utility.
# The two default values below should result in dwz taking at most
# 3GB of RAM or so on 64-bit hosts and 2.5GB on 32-bit hosts
# on the largest *.debug files (in mid 2012 those are
# libreoffice-debuginfo, debuginfos containing
# libxul.so.debug and libwebkitgtk-*.so.*.debug).
# This needs to be tuned based on the amount of available RAM
# on build boxes for each architecture as well as virtual address
# space limitations if dwz is 32-bit program. While it needs less
# memory than 64-bit program because pointers are smaller, it can
# never have more than 4GB-epsilon of RAM and on some architecture
# even less than that (e.g. 2GB).
# Number of debugging information entries (DIEs) above which
# dwz will stop considering file for multifile optimizations
# and enter a low memory mode, in which it will optimize
# in about half the memory needed otherwise.
%_dwz_low_mem_die_limit 10000000
# Number of DIEs above which dwz will stop processing
# a file altogether.
%_dwz_max_die_limit 50000000
# On x86_64 increase the higher limit to make libwebkit* optimizable.
# libwebkit* in mid 2012 contains roughly 87mil DIEs, and 64-bit
# dwz is able to optimize it from ~1.1GB to ~410MB using 5.2GB of RAM.
%_dwz_max_die_limit_x86_64 110000000
# On ARM, build boxes often have only 512MB of RAM and are very slow.
# Lower both the limits.
%_dwz_low_mem_die_limit_armv5tel 4000000
%_dwz_low_mem_die_limit_armv7hl 4000000
%_dwz_max_die_limit_armv5tel 10000000
%_dwz_max_die_limit_armv7hl 10000000
%_dwz_limit() %{expand:%%{?%{1}_%{_arch}}%%{!?%{1}_%{_arch}:%%%{1}}}
%_find_debuginfo_dwz_opts --run-dwz\\\
--dwz-low-mem-die-limit %{_dwz_limit _dwz_low_mem_die_limit}\\\
--dwz-max-die-limit %{_dwz_limit _dwz_max_die_limit}

View File

@ -0,0 +1,8 @@
# Some miscellaneous Fedora-related macros
# A directory for rpm macros
%rpmmacrodir /usr/lib/rpm/macros.d
# A directory for appdata metainfo. This has changed between releases so a
# macro is useful.
%_metainfodir %{_datadir}/metainfo

282
SOURCES/macros.forge Normal file
View File

@ -0,0 +1,282 @@
# Map forge information to rpm metadata. This macro will compute default spec
# variable values.
#
# The following spec variables SHOULD be set before calling the macro:
#
# forgeurl the project url on the forge, strongly recommended;
# alternatively, use -u <url>
# Version if applicable, set it with Version: <version>
# tag if applicable
# commit if applicable
#
# The macro will attempt to compute and set the following variables if they are
# not already set by the packager:
#
# forgesource an URL that can be used as SourceX: value
# forgesetupargs the correct arguments to pass to %setup for this source
# used by %forgesetup and %forgeautosetup
# archivename the source archive filename, without extentions
# archiveext the source archive filename extensions, without leading dot
# archiveurl the url that can be used to download the source archive,
# without renaming
# scm the scm type, when packaging code snapshots: commits or tags
#
# If the macro is unable to parse your forgeurl value set at least archivename
# and archiveurl before calling it.
#
# Most of the computed variables are both overridable and optional. However,
# the macro WILL REDEFINE %{dist} when packaging a snapshot (commit or tag).
# The previous %{dist} value will be lost. Dont call the macro if you dont
# wish %{dist} to be changed.
#
# Optional parameters:
# -u <url> Ignore forgeurl even if it exists and use <url> instead. Note
# that the macro will still end up setting <url> as the forgeurl
# spec variable if it manages to parse it.
# -s Silently ignore problems in forgeurl, use it if it can be parsed,
# ignore it otherwise.
# -p Restore problem handling, override -s.
# -v Be verbose and print every spec variable the macro sets.
# -i Print some info about the state of spec variables the macro may use or
# set at the end of the processing.
%forgemeta(u:spvi) %{lua:
local forgeurl = rpm.expand("%{?-u*}")
if (forgeurl == "") then
forgeurl = rpm.expand("%{?forgeurl}")
end
local silent = false
local verbose = false
local informative = false
if (rpm.expand("%{?-s}") ~= "") then
silent = true
end
if (rpm.expand("%{?-p}") ~= "") then
silent = false
end
if (rpm.expand("%{?-v}") ~= "") then
verbose = true
end
if (rpm.expand("%{?-i}") ~= "") then
informative = true
end
local tag = rpm.expand("%{?tag}")
local commit = rpm.expand("%{?commit}")
-- Be explicit about the spec variables were setting
local function explicitset(rpmvariable,value)
rpm.define(rpmvariable .. " " .. value)
if verbose then
rpm.expand("%{echo:Setting %%{" .. rpmvariable .. "} = " .. value .. "\\n}")
end
end
-- Never ever stomp on a spec variable the packager already set
local function safeset(rpmvariable,value)
if (rpm.expand("%{?" .. rpmvariable .. "}") == "") then
explicitset(rpmvariable,value)
end
end
-- Set spec variable values for each known software publishing service
if (forgeurl ~= "") then
local forge = string.match(forgeurl, "^[^:]+://([^/]+)/")
if (forge == nil) then
if not silent then
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !\\n}")
end
else
if (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")
if (forgeurl == nil) then
if not silent then
rpm.expand("%{error:Gitlab URLs must match https://(…[-.])gitlab[-.]…/owner/repo !\\n}")
end
else
explicitset("forgeurl", forgeurl)
if (commit == "") then
rpm.expand("%{error:All Gitlab URLs require commit value knowledge: you need to define %{commit}!\\nPlease vote on https://gitlab.com/gitlab-org/gitlab-ce/issues/38830\\n}")
end
safeset("archiveext", "tar.bz2")
safeset("forgesetupargs", "-n %{archivename}")
if (commit ~= "") or (tag ~= "") then
safeset("scm", "git")
end
local owner = string.match(forgeurl, "^[^:]+://[^/]+/([^/]+)")
local repo = string.match(forgeurl, "^[^:]+://[^/]+/[^/]+/([^/]+)")
local version = rpm.expand("%{?version}")
if (version ~= "") and (version ~= "0") and (tag == "") then
-- GitLab does not have strong versionning semantics
-- Some projects use "version" as release tag, others "v" + "version"
-- Tag value needs to be explicitly declared before calling the macro
-- in the second case
tag = version
safeset("tag", tag)
end
if (tag ~= "") then
safeset("archivename", repo .. "-%{tag}-%{commit}")
safeset("archiveurl", "%{forgeurl}/repository/%{tag}/archive.%{archiveext}")
else
safeset("archivename", repo .. "-%{commit}")
safeset("archiveurl", "%{forgeurl}/repository/%{commit}/archive.%{archiveext}")
end
end
end
if (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
forgeurl = string.match(forgeurl, "https://[^/]+/[^/]+/[^/#?]+")