rpms
/
redhat-rpm-config
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import redhat-rpm-config-194-1.el9

This commit is contained in:
CentOS Sources 2022-05-17 04:55:22 -04:00 committed by Stepan Oksanichenko
commit 14f5e1d6c8
37 changed files with 7329 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.gitignore vendored Normal file
View File

0
.redhat-rpm-config.metadata Normal file
View File

18
SOURCES/brp-fix-pyc-reproducibility Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash -e
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
# Defined as %py_reproducible_pyc_path macro and passed here as
# the first command-line argument
path_to_fix=$1
# First, check that the parser is available:
if [ ! -x /usr/bin/marshalparser ]; then
echo "ERROR: If %py_reproducible_pyc_path is defined, you have to also BuildRequire: /usr/bin/marshalparser !"
exit 1
fi
find "$path_to_fix" -type f -name "*.pyc" | xargs /usr/bin/marshalparser --fix --overwrite

13
SOURCES/brp-ldconfig Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh -efu
# Force creating of DSO symlinks.
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
# Create an empty config file for ldconfig to shut up a warning
config=$(mktemp -p "$RPM_BUILD_ROOT")
/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
rm -f "$config"
# TODO: warn if it created new symlinks and guide people.

165
SOURCES/brp-mangle-shebangs Executable file
View File

@ -0,0 +1,165 @@
#!/bin/bash -eu
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
exclude_files=""
exclude_files_from=""
exclude_shebangs=""
exclude_shebangs_from=""
usage() {
local verbose=$1 && shift
local outfile=$1 && shift
local status=$1 && shift
(
echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
if [ "${verbose}" == "yes" ]; then
echo ' --files: extended regexp of files to ignore'
echo ' --files-from: file containing a list of extended regexps of files to ignore'
echo ' --shebangs: extended regexp of shebangs to ignore'
echo ' --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
fi
) >>${outfile}
exit ${status}
}
while [ $# -gt 0 ] ; do
case "$1" in
--files)
exclude_files="${2}"
shift
;;
--files=*)
exclude_files="${1##--files=}"
;;
--files-from)
exclude_files_from="${2}"
shift
;;
--files-from=*)
exclude_files_from="${1##--files-from=}"
;;
--shebangs)
exclude_shebangs="${2}"
shift
;;
--shebangs=*)
exclude_shebangs="${1##--shebangs=}"
;;
--shebangs-from)
exclude_shebangs_from="${2}"
shift
;;
--shebangs-from=*)
exclude_shebangs_from="${1##--shebangs-from=}"
;;
--help|--usage|"-?"|-h)
usage yes /dev/stdout 0
;;
*)
echo "Unknown option \"${1}\"" 1>&2
usage no /dev/stderr 1
;;
esac
shift
done
cd "$RPM_BUILD_ROOT"
# Large packages such as kernel can have thousands of executable files.
# We take care to not fork/exec thousands of "file"s and "grep"s,
# but run just two of them.
# (Take care to exclude filenames which would mangle "file" output).
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
| file -N --mime-type -f - \
| grep -P ".+(?=: (text/|application/javascript))" \
| {
fail=0
while IFS= read -r line; do
f=${line%%:*}
# Remove the dot
path="${f#.}"
if [ -n "$exclude_files" ]; then
echo "$path" | grep -q -E "$exclude_files" && continue
fi
if [ -n "$exclude_files_from" ]; then
echo "$path" | grep -q -E -f "$exclude_files_from" && continue
fi
if ! read shebang_line < "$f"; then
echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
ts=$(stat -c %y "$f")
chmod -x "$f"
touch -d "$ts" "$f"
continue
fi
orig_shebang="${shebang_line#\#!}"
if [ "$orig_shebang" = "$shebang_line" ]; then
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
ts=$(stat -c %y "$f")
chmod -x "$f"
touch -d "$ts" "$f"
continue
fi
# Trim spaces
while shebang="${orig_shebang// / }"; [ "$shebang" != "$orig_shebang" ]; do
orig_shebang="$shebang"
done
# Treat "#! /path/to " as "#!/path/to"
orig_shebang="${orig_shebang# }"
shebang="$orig_shebang"
if [ -z "$shebang" ]; then
echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
ts=$(stat -c %y "$f")
chmod -x "$f"
touch -d "$ts" "$f"
continue
fi
if [ -n "${shebang##/*}" ]; then
echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
fail=1
continue
fi
if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
continue
fi
# Replace "special" env shebang:
# /whatsoever/env /whatever/foo → /whatever/foo
shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
# /whatsoever/env foo → /whatsoever/foo
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
# If the shebang now starts with /bin, change it to /usr/bin
# https://bugzilla.redhat.com/show_bug.cgi?id=1581757
shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
# Replace ambiguous python with python2
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
if [ "$shebang" != "$py_shebang" ]; then
echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
fail=1
elif [ "#!$shebang" != "#!$orig_shebang" ]; then
echo "mangling shebang in $path from $orig_shebang to #!$shebang"
ts=$(stat -c %y "$f")
sed -i -e "1c #!$shebang" "$f"
touch -d "$ts" "$f"
fi
done
exit $fail
}

141
SOURCES/brp-python-bytecompile Executable file
View File

@ -0,0 +1,141 @@
#!/bin/bash
errors_terminate=$2
# Usage of %_python_bytecompile_extra is not allowed anymore
# See: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3
# Therefore $1 ($default_python) is not needed and is invoked with "" by default.
# $default_python stays in the arguments for backward compatibility and $extra for the following check:
extra=$3
if [ 0$extra -eq 1 ]; then
echo -e "%_python_bytecompile_extra is discontinued, use %py_byte_compile instead.\nSee: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3" >/dev/stderr
exit 1
fi
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
# Figure out how deep we need to descend. We could pick an insanely high
# number and hope it's enough, but somewhere, somebody's sure to run into it.
depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \
xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c`
if [ -z "$depth" -o "$depth" -le "1" ]; then
exit 0
fi
# This function now implements Python byte-compilation in three different ways:
# Python >= 3.4 and < 3.9 uses a new module compileall2 - https://github.com/fedora-python/compileall2
# Python < 3.4 (inc. Python 2) uses compileall module from stdlib with some hacks
# When we drop support for Python 2, we'd be able to use all compileall2 features like:
# - -s and -p options to manipulate with a path baked into pyc files instead of $real_libdir
# - -o 0 -o 1 to produce multiple files in one run - each with a different optimization level - instead of $options
# - removed useless $depth - both compileall and compileall2 are limited by sys.getrecursionlimit()
# These changes will make this script much simpler
# In Python >= 3.9, compileall2 was merged back to standard library (compileall) so we can use it directly again.
function python_bytecompile()
{
local options=$1
local python_binary=$2
local exclude=$3
local python_libdir=$4
local depth=$5 # Not used for Python >= 3.4
local real_libdir=$6 # Not used for Python >= 3.4
python_version=$($python_binary -c "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))")
#
# Python 3.9 and higher
#
if [ "$python_version" -ge 39 ]; then
[ ! -z $exclude ] && exclude="-x '$exclude'"
# -q disables verbose output
# -f forces the process to overwrite existing compiled files
# -x excludes paths defined by regex
# -e excludes symbolic links pointing outside the build root
# -x and -e together implements the same functionality as the Filter class below
# -s strips $RPM_BUILD_ROOT from the path
# -p prepends the leading slash to the path to make it absolute
$python_binary -B $options -m compileall -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
#
# Python 3.4 and higher
#
elif [ "$python_version" -ge 34 ]; then
[ ! -z $exclude ] && exclude="-x '$exclude'"
# /usr/lib/rpm/redhat/ contains compileall2 Python module
# -q disables verbose output
# -f forces the process to overwrite existing compiled files
# -x excludes paths defined by regex
# -e excludes symbolic links pointing outside the build root
# -x and -e together implements the same functionality as the Filter class below
# -s strips $RPM_BUILD_ROOT from the path
# -p prepends the leading slash to the path to make it absolute
PYTHONPATH=/usr/lib/rpm/redhat/ $python_binary -B $options -m compileall2 -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
else
#
# Python 3.3 and lower (incl. Python 2)
#
cat << EOF | $python_binary $options
import compileall, sys, os, re
python_libdir = "$python_libdir"
depth = $depth
real_libdir = "$real_libdir"
build_root = "$RPM_BUILD_ROOT"
exclude = r"$exclude"
class Filter:
def search(self, path):
ret = not os.path.realpath(path).startswith(build_root)
if exclude:
ret = ret or re.search(exclude, path)
return ret
sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1))
EOF
fi
}
# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python
# bytecode that they are for.
#
# The files below RPM_BUILD_ROOT could be targeting multiple versions of
# python (e.g. a single build that emits several subpackages e.g. a
# python26-foo subpackage, a python31-foo subpackage etc)
#
# Support this by assuming that below each /usr/lib/python$VERSION/, all
# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION.
#
# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6
# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
# Disable Python hash seed randomization
# This should help with byte-compilation reproducibility: https://bugzilla.redhat.com/show_bug.cgi?id=1686078
export PYTHONHASHSEED=0
shopt -s nullglob
for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/(usr|app)/lib(64)?/python[0-9]\.[0-9]+$"`;
do
python_binary=$(basename $python_libdir)
real_libdir=${python_libdir/$RPM_BUILD_ROOT/}
echo "Bytecompiling .py files below $python_libdir using $python_binary"
# Generate normal (.pyc) byte-compiled files.
python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
# One or more of the files had a syntax error
exit 1
fi
# Generate optimized (.pyo) byte-compiled files.
python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
# One or more of the files had a syntax error
exit 1
fi
done

17
SOURCES/brp-strip-lto Executable file
View File

@ -0,0 +1,17 @@
#!/usr/bin/sh
# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
exit 0
fi
STRIP=${1:-strip}
NCPUS=${RPM_BUILD_NCPUS:-1}
case `uname -a` in
Darwin*) exit 0 ;;
*) ;;
esac
# Strip ELF binaries
find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0

532
SOURCES/buildflags.md Normal file
View File

@ -0,0 +1,532 @@
This document contains documentation of the individual compiler flags
and how to use them.
[TOC]
# Using RPM build flags
For packages which use autoconf to set up the build environment, use
the `%configure` macro to obtain the full complement of flags, like
this:
%configure
This will invoke the `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults.
Prior to that, some common problems in autotools scripts are
automatically patched across the source tree.
As a side effect, this will set the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH`,
so they can be used by makefiles and other build tools. (However,
existing values for these variables are not overwritten.)
If your package does not use autoconf, you can still set the same
environment variables using
%set_build_flags
early in the `%build` section. (Again, existing environment variables
are not overwritten.) `%set_build_flags` does not perform autotools
script rewriting, unlike `%configure`.
Individual build flags are also available through RPM macros:
* `%{build_cflags}` for the C compiler flags (also known as the
`CFLAGS` variable). Also historically available as `%{optflags}`.
Furthermore, at the start of the `%build` section, the environment
variable `RPM_OPT_FLAGS` is set to this value.
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
the `CXXFLAGS` shell variable).
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
known as the `FCFLAGS` variable).
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
`LDFLAGS`. Note that the contents quotes linker arguments using
`-Wl`, so this variable is intended for use with the `gcc` compiler
driver. At the start of the `%build` section, the environment
variable `RPM_LD_FLAGS` is set to this value.
The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
script (v2.4.6+) from hardcoding %_libdir into the binaries' RPATH.
These RPM macros do not alter shell environment variables.
For some other build tools separate mechanisms exist:
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
package.
Care must be taking not to compile the current selection of compiler
flags into any RPM package besides `redhat-rpm-config`, so that flag
changes are picked up automatically once `redhat-rpm-config` is
updated.
# Flag selection for the build type
The default flags are suitable for building applications.
For building shared objects, you must compile with `-fPIC` in
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
# Customizing compiler and other build flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarounds are not available.
### Toolchain selection
The default toolchain uses GCC, and the `%toolchain` macro is defined
as `gcc`.
It is enough to override `toolchain` macro and all relevant macro for C/C++
compilers will be switched. Either in the spec or in the command-line.
%global toolchain clang
or:
rpmbuild -D "toolchain clang" …
Inside a spec file it is also possible to determine which toolchain is in use
by testing the same macro. For example:
%if "%{toolchain}" == "gcc"
BuildRequires: gcc
%endif
or:
%if "%{toolchain}" == "clang"
BuildRequires: clang compiler-rt
%endif
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
`config.guess` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`%configure` also patches `ltmain.sh` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
Further patching happens in LTO mode, see below.
### Disabling Link-Time Optimization
By default, builds use link-time optimization. In this build mode,
object code is generated at the time of the final link, by combining
information from all available translation units, and taking into
account which symbols are exported.
To disable this optimization, include this in the spec file:
%define _lto_cflags %{nil}
If LTO is enabled, `%configure` applies some common required fixes to
`configure` scripts. To disable that, define the RPM macro
`_fix_broken_configure_for_lto` as `true` (sic; it has to be a shell
command).
### Lazy binding
If your package depends on the semantics of lazy binding (e.g., it has
plugins which load additional plugins to complete their dependencies,
before which some referenced functions are undefined), you should put
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
which have such requirements. Under these circumstances, it is
unnecessary to disable hardened builds (and thus lose full ASLR for
executables), or link everything without `-Wl,z,now` (non-lazy
binding).
### Hardened builds
By default, the build flags enable fully hardened builds. To change
this, include this in the RPM spec file:
%undefine _hardened_build
This turns off certain hardening features, as described in detail
below. The main difference is that executables will be
position-dependent (no full ASLR) and use lazy binding.
### Annotated builds/watermarking
By default, the build flags cause a special output section to be
included in ELF files which describes certain aspects of the build.
To change this for all compiler invocations, include this in the RPM
spec file:
%undefine _annotated_build
Be warned that this turns off watermarking, making it impossible to do
full hardening coverage analysis for any binaries produced.
It is possible to disable annotations for individual compiler
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
the annobin plugin must still be loaded for this flag to be
recognized, so it has to come after the hardening flags on the command
line (it has to be added at the end of `CFLAGS`, or specified after
the `CFLAGS` variable contents).
### Keeping dependencies on unused shared objects
By default, ELF shared objects which are listed on the linker command
line, but which have no referencing symbols in the preceding objects,
are not added to the output file during the final link.
In order to keep dependencies on shared objects even if none of
their symbols are used, include this in the RPM spec file:
%undefine _ld_as_needed
For example, this can be required if shared objects are used for their
side effects in ELF constructors, or for making them available to
dynamically loaded plugins.
### Strict symbol checks in the link editor (ld)
Optionally, the link editor will refuse to link shared objects which
contain undefined symbols. Such symbols lack symbol versioning
information and can be bound to the wrong (compatibility) symbol
version at run time, and not the actual (default) symbol version which
would have been used if the symbol definition had been available at
static link time. Furthermore, at run time, the dynamic linker will
not have complete dependency information (in the form of DT_NEEDED
entries), which can lead to errors (crashes) if IFUNC resolvers are
executed before the shared object containing them is fully relocated.
To switch on these checks, define this macro in the RPM spec file:
%define _strict_symbol_defs_build 1
If this RPM spec option is active, link failures will occur if the
linker command line does not list all shared objects which are needed.
In this case, you need to add the missing DSOs (with linker arguments
such as `-lm`). As a result, the link editor will also generated the
necessary DT_NEEDED entries.
In some cases (such as when a DSO is loaded as a plugin and is
expected to bind to symbols in the main executable), undefined symbols
are expected. In this case, you can add
%undefine _strict_symbol_defs_build
to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Legacy -fcommon
Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
Builds may fail with `multiple definition of ...` errors.
As a short term workaround for such failure,
it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
%define _legacy_common_support 1
Properly fixing the failure is always preferred!
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `-debuginfo` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `_enable_debug_packages` as `0`.
Processing of debugging information is controlled using the
`find-debuginfo` tool from the `debugedit` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `-debuginfo` subpackages is enabled by default.
To disable, undefine `_debuginfo_subpackages`.
* Likewise, `-debugsource` subpackages are automatically created.
To disable, undefine `_debugsource_subpackages`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
`_unique_debug_srcs` control how debugging information and
corresponding source files are represented on disk.
See `/usr/lib/rpm/macros` for details. The defaults
enable parallel installation of `-debuginfo` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`.gnu_debugdata` section. To disable that, undefine
`_include_minidebuginfo`.
* To speed up debuggers, a `.gdb_index` section is created. It can be
disabled by undefining `_include_gdb_index`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `_missing_build_ids_terminate_build`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `_no_recompute_build_ids` as `1`.
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`_find_debuginfo_opts` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `__brp_strip`: Removal of leftover debugging information. The tool
specified by the `__strip` macro is invoked with the `-g` option on
ELF object (`.o`) files.
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
processes static `.a` archives instead.
* `__brp_strip_comment_note`: This step removes unallocated `.note`
sections, and `.comment` sections from ELF files.
* `__brp_strip_lto`: This step removes GCC LTO intermediate representation
in ELF sections starting with `.gnu.lto_` and `.gnu.debuglto_`. Skipping
this step is strongly discouraged because the tight coupling of LTO
data with the GCC version. The underlying tool is again determined by the
`__strip` macro.
* `__brp_llvm_compile_lto_elf`: This step replaces LLVM bitcode files
with object files, thereby removing LLVM bitcode from the installed
files. This transformation is applied to object files in static `.a`
archives, too.
* `__brp_ldconfig`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
invoked yet).
# Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
The general (architecture-independent) build flags are:
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
Optimization improves performance, the accuracy of warnings, and the
reach of toolchain-based hardening, but it makes debugging harder.
* `-g`: Generate debugging information (DWARF). In Fedora, this data
is separated into `-debuginfo` RPM packages whose installation is
optional, so debuging information does not increase the size of
installed binaries by default.
* `-pipe`: Run compiler and assembler in parallel and do not use a
temporary file for the assembler input. This can improve
compilation performance. (This does not affect code generation.)
* `-Wall`: Turn on various GCC warnings.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
* `-Werror=format-security`: Turn on format string warnings and treat
them as errors.
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
This can occasionally result in compilation errors. In this case,
the best option is to rewrite the source code so that only constant
format strings (string literals) are used.
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
hardening features in glibc:
* String functions such as `memcpy` attempt to detect buffer lengths
and terminate the process if a buffer overflow is detected.
* `printf` format strings may only contain the `%n` format specifier
if the format string resides in read-only memory.
* `open` and `openat` flags are checked for consistency with the
presence of a *mode* argument.
* Plus other minor hardening changes.
(These changes can occasionally break valid programs.)
* `-fexceptions`: Provide exception unwinding support for C programs.
See the [`-fexceptions` option in the GCC
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
and the [`cleanup` variable
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
This also hardens cancellation handling in C programs because
it is not required to use an on-stack jump buffer to install
a cancellation handler with `pthread_cleanup_push`. It also makes
it possible to unwind the stack (using C++ `throw` or Rust panics)
from C callback functions if a C library supports non-local exits
from them (e.g., via `longjmp`).
* `-fasynchronous-unwind-tables`: Generate full unwind information
covering all program points. This is required for support of
asynchronous cancellation and proper unwinding from signal
handlers. It also makes performance and debugging tools more
useful because unwind information is available without having to
install (and load) debugging information.
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
C++ standard library, such as bounds checking for the subscription
operator on vectors. (This flag is added to both `CFLAGS` and
`CXXFLAGS`; C compilations will simply ignore it.)
* `-fstack-protector-strong`: Instrument functions to detect
stack-based buffer overflows before jumping to the return address on
the stack. The *strong* variant only performs the instrumentation
for functions whose stack frame contains addressable local
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
This flag is currently not available on aarch64 with the `clang` toolchain.
* `-flto=auto`: Enable link-time optimization (LTO), using `make` job server
integration for parallel processing. (`gcc` toolchain only)
* `-ffat-lto-objects`: Generate EFL object files which contain both
object code and LTO intermediate representation. (`gcc` toolchain only)
* `-flto`: Enable link-time optimization. (`clang` toolchain only)
* `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
* `-fcommon`: This optional flag is used to build legacy software
which relies on C tentative definitions. It is disabled by default.
For hardened builds (which are enabled by default, see above for how
to disable them), the flag
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
command line. It adds the following flag to the command line:
* `-fPIE`: Compile for a position-independent executable (PIE),
enabling full address space layout randomization (ASLR). This is
similar to `-fPIC`, but avoids run-time indirections on certain
architectures, resulting in improved performance and slightly
smaller executables. However, compared to position-dependent code
(the default generated by GCC), there is still a measurable
performance impact.
If the command line also contains `-r` (producing a relocatable
object file), `-fpic` or `-fPIC`, this flag is automatically
dropped. (`-fPIE` can only be used for code which is linked into
the main program.) Code which goes into static libraries should be
compiled with `-fPIE`, except when this code is expected to be
linked into DSOs, when `-fPIC` must be used.
To be effective, `-fPIE` must be used with the `-pie` linker flag
when producing an executable, see below.
To support [binary watermarks for ELF
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
added by default (with the `gcc` toolchain). This can be switched off
by undefining the `%_annotated_build` RPM macro (see above). Binary
watermarks are currently disabled with the `clang` toolchain.
### Architecture-specific compiler flags
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler
flag.
In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are:
* **i686**: `-march=i686` is used to select a minmum support CPU level
of i686 (corresponding to the Pentium Pro). SSE2 support is
enabled with `-msse2` (so only CPUs with SSE2 support can run the
compiled code; SSE2 was introduced first with the Pentium 4).
`-mtune=generic` activates tuning for a current blend of CPUs
(under the assumption that most users of i686 packages obtain them
through an x86_64 installation on current hardware).
`-mfpmath=sse` instructs GCC to use the SSE2 unit for floating
point math to avoid excess precision issues. `-mstackrealign`
avoids relying on the stack alignment guaranteed by the current
version of the i386 ABI.
* **ppc64le**: `-mcpu=power9 -mtune=power9` selects a minimum supported
CPU level of POWER9.
* **s390x**: `-march=z14 -mtune=z15` specifies a minimum supported CPU
level of z14, while optimizing for a subsequent CPU generation
(z15).
* **x86_64**: `-march=x86-64-v2 -mtune=generic` builds for the
[x86-64-v2 micro-architecture level](https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/low-level-sys-info.tex)
and selects tuning which is expected to beneficial for a broad range
of current CPUs.
* **aarch64** does not have any architecture-specific tuning.
# Individual linker flags
Linker flags end up in the environment variable `LDFLAGS`.
The linker flags listed below are injected. Note that they are
prefixed with `-Wl` because it is expected that these flags are passed
to the compiler driver `gcc`, and not directly to the link editor
`ld`.
* `-z relro`: Activate the *read-only after relocation* feature.
Constant data and relocations are placed on separate pages, and the
dynamic linker is instructed to revoke write permissions after
dynamic linking. Full protection of relocation data requires the
`-z now` flag (see below).
* `--as-needed`: In the final link, only generate ELF dependencies
for shared objects that actually provide symbols required by the link.
Shared objects which are not needed to fulfill symbol dependencies
are essentially ignored due to this flag.
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
(optional, see above).
For hardened builds, the
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
compiler driver command line. (This can be disabled by undefining the
`%_hardened_build` macro; see above) This activates the following
linker flags:
* `-pie`: Produce a PIE binary. This is only activated for the main
executable, and only if it is dynamically linked. This requires
that all objects which are linked in the main executable have been
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
By itself, `-pie` has only a slight performance impact because it
disables some link editor optimization, however the `-fPIE` compiler
flag has some overhead.
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
linker feature. Lazy binding involves an array of function pointers
which is writable at run time (which could be overwritten as part of
security exploits, redirecting execution). Therefore, it is
preferable to turn of lazy binding, although it increases startup
time.
# Support for extension builders
Some packages include extension builders that allow users to build
extension modules (which are usually written in C and C++) under the
control of a special-purpose build system. This is a common
functionality provided by scripting languages such as Python and Perl.
Traditionally, such extension builders captured the Fedora build flags
when these extension were built. However, these compiler flags are
adjusted for a specific Fedora release and toolchain version and
therefore do not work with a custom toolchain (e.g., different C/C++
compilers), and users might want to build their own extension modules
with such toolchains.
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
flags that have been adjusted for compatibility with alternative
toolchains, while still preserving some of the compile-time security
hardening that the standard Fedora build flags provide.
The current set of differences are:
* No GCC plugins (such as annobin) are activated.
* No GCC spec files (`-specs=` arguments) are used.
Additional flags may be removed in the future if they prove to be
incompatible with alternative toolchains.
Extension builders should detect whether they are performing a regular
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
case, they should use the *current* set of Fedora build flags (that
is, the output from `rpm --eval '%{build_cflags}'` and related
commands). Otherwise, when not performing an RPM build, they can
either use hard-coded extension builder flags (thus avoiding a
run-time dependency on `redhat-rpm-config`), or use the current
extension builder flags (with a run-time dependency on
`redhat-rpm-config`).
As a result, extension modules built for Fedora will use the official
Fedora build flags, while users will still be able to build their own
extension modules with custom toolchains.

294
SOURCES/common.lua Normal file
View File

@ -0,0 +1,294 @@
-- Convenience Lua functions that can be used within rpm macros
-- Reads an rpm variable. Unlike a basic rpm.expand("{?foo}"), returns nil if
-- the variable is unset, which is convenient in lua tests and enables
-- differentiating unset variables from variables set to ""
local function read(rpmvar)
if not rpmvar or
(rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
return nil
else
return rpm.expand("%{?" .. rpmvar .. "}")
end
end
-- Returns true if the macro that called this function had flag set
--  for example, hasflag("z") would give the following results:
-- %foo -z bar → true
-- %foo -z → true
-- %foo → false
local function hasflag(flag)
return (rpm.expand("%{-" .. flag .. "}") ~= "")
end
-- Returns the argument passed to flag in the macro that called this function
--  for example, readflag("z") would give the following results:
-- %foo -z bar → bar
-- %foo → nil
-- %foo -z "" → empty string
-- %foo -z '' → empty string
local function readflag(flag)
if not hasflag(flag) then
return nil
else
local a = rpm.expand("%{-" .. flag .. "*}")
-- Handle "" and '' as empty strings
if (a == '""') or (a == "''") then
a = ''
end
return a
end
end
-- Sets a spec variable; echoes the result if verbose
local function explicitset(rpmvar, value, verbose)
local value = value
if (value == nil) or (value == "") then
value = "%{nil}"
end
rpm.define(rpmvar .. " " .. value)
if verbose then
rpm.expand("%{warn:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
end
end
-- Unsets a spec variable if it is defined; echoes the result if verbose
local function explicitunset(rpmvar, verbose)
if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
rpm.define(rpmvar .. " %{nil}")
if verbose then
rpm.expand("%{warn:Unsetting %%{" .. rpmvar .. "}}")
end
end
end
-- Sets a spec variable, if not already set; echoes the result if verbose
local function safeset(rpmvar, value, verbose)
if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
explicitset(rpmvar,value,verbose)
end
end
-- Aliases a list of rpm variables to the same variables suffixed with 0 (and
-- vice versa); echoes the result if verbose
local function zalias(rpmvars, verbose)
for _, sfx in ipairs({{"","0"},{"0",""}}) do
for _, rpmvar in ipairs(rpmvars) do
local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
if (rpm.expand(toalias) ~= "") then
safeset(rpmvar .. sfx[2], toalias, verbose)
end
end
end
end
-- Takes a list of rpm variable roots and a suffix and alias current<root> to
-- <root><suffix> if it resolves to something not empty
local function setcurrent(rpmvars, suffix, verbose)
for _, rpmvar in ipairs(rpmvars) do
if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
explicitset( "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
else
explicitunset("current" .. rpmvar, verbose)
end
end
end
-- Echo the list of rpm variables, with suffix, if set
local function echovars(rpmvars, suffix)
for _, rpmvar in ipairs(rpmvars) do
rpmvar = rpmvar .. suffix
local header = string.sub(" " .. rpmvar .. ": ",1,21)
rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
end
end
-- Returns an array, indexed by suffix, containing the non-empy values of
-- <rpmvar><suffix>, with suffix an integer string or the empty string
local function getsuffixed(rpmvar)
local suffixes = {}
zalias({rpmvar})
for suffix=0,9999 do
local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
if (value ~= "") then
suffixes[tostring(suffix)] = value
end
end
-- rpm convention is to alias no suffix to zero suffix
-- only add no suffix if zero suffix is different
local value = rpm.expand("%{?" .. rpmvar .. "}")
if (value ~= "") and (value ~= suffixes["0"]) then
suffixes[""] = value
end
return suffixes
end
-- Returns the list of suffixes, including the empty string, for which
-- <rpmvar><suffix> is set to a non empty value
local function getsuffixes(rpmvar)
suffixes = {}
for suffix in pairs(getsuffixed(rpmvar)) do
table.insert(suffixes,suffix)
end
table.sort(suffixes,
function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
return suffixes
end
-- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
-- matches best the beginning of the value string
local function getbestsuffix(rpmvar, value)
local best = nil
local currentmatch = ""
for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
if (string.len(setvalue) > string.len(currentmatch)) and
(string.find(value, "^" .. setvalue)) then
currentmatch = setvalue
best = suffix
end
end
return best
end
-- %writevars core
local function writevars(macrofile, rpmvars)
for _, rpmvar in ipairs(rpmvars) do
print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
"\029" .. rpm.expand( "%{" .. rpmvar .. "}" ) ..
"\029g' " .. macrofile .. "\n")
end
end
-- https://github.com/rpm-software-management/rpm/issues/566
-- Reformat a text intended to be used used in a package description, removing
-- rpm macro generation artefacts.
-- remove leading and ending empty lines
-- trim intermediary empty lines to a single line
-- fold on spaces
-- Should really be a %%{wordwrap:…} verb
local function wordwrap(text)
text = rpm.expand(text .. "\n")
text = string.gsub(text, "\t", " ")
text = string.gsub(text, "\r", "\n")
text = string.gsub(text, " +\n", "\n")
text = string.gsub(text, "\n+\n", "\n\n")
text = string.gsub(text, "^\n", "")
text = string.gsub(text, "\n( *)[-*—][  ]+", "\n%1 ")
output = ""
for line in string.gmatch(text, "[^\n]*\n") do
local pos = 0
local advance = ""
for word in string.gmatch(line, "%s*[^%s]*\n?") do
local wl, bad = utf8.len(word)
if not wl then
print("%{warn:Invalid UTF-8 sequence detected in:}" ..
"%{warn:" .. word .. "}" ..
"%{warn:It may produce unexpected results.}")
wl = bad
end
if (pos == 0) then
advance, n = string.gsub(word, "^(%s* ).*", "%1")
if (n == 0) then
advance = string.gsub(word, "^(%s*).*", "%1")
end
advance = string.gsub(advance, " ", " ")
pos = pos + wl
elseif (pos + wl < 81) or
((pos + wl == 81) and string.match(word, "\n$")) then
pos = pos + wl
else
word = advance .. string.gsub(word, "^%s*", "")
output = output .. "\n"
pos = utf8.len(word)
end
output = output .. word
if pos > 80 then
pos = 0
if not string.match(word, "\n$") then
output = output .. "\n"
end
end
end
end
output = string.gsub(output, "\n*$", "\n")
return output
end
-- Because rpmbuild will fail if a subpackage is declared before the source
-- package itself, provide a source package declaration shell as fallback.
local function srcpkg(verbose)
if verbose then
rpm.expand([[
%{echo:Creating a header for the SRPM from %%{source_name}, %%{source_summary} and}
%{echo:%%{source_description}. If that is not the intended result, please declare the}
%{echo:SRPM header and set %%{source_name} in your spec file before calling a macro}
%{echo:that creates other package headers.}
]])
end
print(rpm.expand([[
Name: %{source_name}
Summary: %{source_summary}
%description
%wordwrap -v source_description
]]))
explicitset("currentname", "%{source_name}", verbose)
end
-- %new_package core
local function new_package(source_name, pkg_name, name_suffix, first, verbose)
-- Safety net when the wrapper is used in conjunction with traditional syntax
if (not first) and (not source_name) then
rpm.expand([[
%{warn:Something already set a package name. However, %%{source_name} is not set.}
%{warn:Please set %%{source_name} to the SRPM name to ensure reliable processing.}
]])
if name_suffix then
print(rpm.expand("%package " .. name_suffix))
else
print(rpm.expand("%package -n " .. pkg_name))
end
return
end
-- New processing
if not (pkg_name or name_suffix or source_name) then
rpm.expand([[
%{error:You need to set %%{source_name} or provide explicit package naming!}
]])
end
if name_suffix then
print(rpm.expand("%package " .. name_suffix))
explicitset("currentname", "%{source_name}-" .. name_suffix, verbose)
else
if not source_name then
source_name = pkg_name
end
if (pkg_name == source_name) then
safeset("source_name", source_name, verbose)
print(rpm.expand("Name: %{source_name}"))
else
if source_name and first then
srcpkg(verbose)
end
print(rpm.expand("%package -n " .. pkg_name))
end
explicitset("currentname", pkg_name, verbose)
end
end
return {
read = read,
hasflag = hasflag,
readflag = readflag,
explicitset = explicitset,
explicitunset = explicitunset,
safeset = safeset,
zalias = zalias,
setcurrent = setcurrent,
echovars = echovars,
getsuffixed = getsuffixed,
getsuffixes = getsuffixes,
getbestsuffix = getbestsuffix,
writevars = writevars,
wordwrap = wordwrap,
new_package = new_package,
}

1462
SOURCES/config.guess vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1823
SOURCES/config.sub vendored Normal file
View File

File diff suppressed because it is too large Load Diff

66
SOURCES/dist.sh Executable file
View File

@ -0,0 +1,66 @@
#!/bin/bash
# dist.sh
# Author: Tom "spot" Callaway <tcallawa@redhat.com>
# License: GPL
# This is a script to output the value for the %{dist}
# tag. The dist tag takes the following format: .$type$num
# Where $type is one of: el, fc, rh
# (for RHEL, Fedora Core, and RHL, respectively)
# And $num is the version number of the distribution.
# NOTE: We can't detect Rawhide or Fedora Test builds properly.
# If we successfully detect the version number, we output the
# dist tag. Otherwise, we exit with no output.
RELEASEFILE=/etc/redhat-release
function check_num {
MAINVER=`cut -d "(" -f 1 < $RELEASEFILE | \
sed -e "s/[^0-9.]//g" -e "s/$//g" | cut -d "." -f 1`
echo $MAINVER | grep -q '[0-9]' && echo $MAINVER
}
function check_rhl {
grep -q "Red Hat Linux" $RELEASEFILE && ! grep -q "Advanced" $RELEASEFILE && echo $DISTNUM
}
function check_rhel {
egrep -q "(Enterprise|Advanced|CentOS)" $RELEASEFILE && echo $DISTNUM
}
function check_fedora {
grep -q Fedora $RELEASEFILE && echo $DISTNUM
}
DISTNUM=`check_num`
DISTFC=`check_fedora`
DISTRHL=`check_rhl`
DISTRHEL=`check_rhel`
if [ -n "$DISTNUM" ]; then
if [ -n "$DISTFC" ]; then
DISTTYPE=fc
elif [ -n "$DISTRHEL" ]; then
DISTTYPE=el
elif [ -n "$DISTRHL" ]; then
DISTTYPE=rhl
fi
fi
[ -n "$DISTTYPE" -a -n "$DISTNUM" ] && DISTTAG=".${DISTTYPE}${DISTNUM}"
case "$1" in
--el) echo -n "$DISTRHEL" ;;
--fc) echo -n "$DISTFC" ;;
--rhl) echo -n "$DISTRHL" ;;
--distnum) echo -n "$DISTNUM" ;;
--disttype) echo -n "$DISTTYPE" ;;
--help)
printf "Usage: $0 [OPTIONS]\n"
printf " Default mode is --dist. Possible options:\n"
printf " --el\t\tfor RHEL version (if RHEL)\n"
printf " --fc\t\tfor Fedora version (if Fedora)\n"
printf " --rhl\t\tfor RHL version (if RHL)\n"
printf " --dist\t\tfor distribution tag\n"
printf " --distnum\tfor distribution number (major)\n"
printf " --disttype\tfor distribution type\n" ;;
*) echo -n "$DISTTAG" ;;
esac

50
SOURCES/find-provides Executable file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# This script reads filenames from STDIN and outputs any relevant provides
# information that needs to be included in the package.
if [ "$1" ]
then
package_name="$1"
fi
filelist=`sed "s/['\"]/\\\&/g"`
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] &&
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --provides
#
# --- any other extra find-provides scripts
for i in /usr/lib/rpm/redhat/find-provides.d/*.prov
do
[ -x $i ] &&
(echo $filelist | tr '[:blank:]' \\n | $i | sort -u)
done
#
# --- Kernel module imported symbols
#
# Since we don't (yet) get passed the name of the package being built, we
# cheat a little here by looking first for a kernel, then for a kmod.
#
is_kmod=1
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
then
is_kernel=1;
fi
if [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
then
unset is_kmod;
fi
done
if [ ! "$is_kernel" ] || [ "$package_name" == "kernel" ]
then
unset is_kmod
fi
[ -x /usr/lib/rpm/redhat/find-provides.ksyms ] && [ "$is_kmod" ] &&
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-provides.ksyms
exit 0

39
SOURCES/find-requires Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
#
# Auto-generate requirements for executables (both ELF and a.out) and library
# sonames, script interpreters, and perl modules.
#
ulimit -c 0
filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires
#
# --- Kernel module imported symbols
#
# Since we don't (yet) get passed the name of the package being built, we
# cheat a little here by looking first for a kernel, then for a kmod.
#
unset is_kmod
for f in $filelist; do
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
then
is_kmod=1;
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
then
unset is_kmod;
break;
fi
done
# Disabling for now while the Fedora kernel doesn't produce kABI deps.
#[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
# printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
exit 0

312
SOURCES/forge.lua Normal file
View File

@ -0,0 +1,312 @@
-- Lua code used by macros.forge and derivatives
-- Computes the suffix of a version string, removing vprefix if it matches
-- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0
local function getversionsuffix(vstring,vprefix)
if (string.sub(vstring, 1, #vprefix) == vprefix) and
(not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then
return string.sub(vstring, #vprefix + 1)
else
return vstring
end
end
-- Check if an identified url is sane
local function checkforgeurl(url, id, silent)
local checkedurl = nil
local checkedid = nil
local urlpatterns = {
gitlab = {
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
description = 'https://(…[-.])gitlab[-.]…/owner/repo'},
pagure = {
pattern = 'https://[^/]+/[^/#?]+',
description = 'https://pagure.io/repo'},
pagure_ns = {
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
description = 'https://pagure.io/namespace/repo'},
pagure_fork = {
pattern = 'https://[^/]+/fork/[^/]+/[^/#?]+',
description = 'https://pagure.io/fork/owner/repo'},
pagure_ns_fork = {
pattern = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+',
description = 'https://pagure.io/fork/owner/namespace/repo'},
["gitea.com"] = {
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
description = 'https://gitea.com/owner/repo'},
github = {
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
description = 'https://(…[-.])github[-.]…/owner/repo'},
["code.googlesource.com"] = {
pattern = 'https://code.googlesource.com/[^#?]*[^/#?]+',
description = 'https://code.googlesource.com/…/repo'},
["bitbucket.org"] = {
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
description = 'https://bitbucket.org/owner/repo'}}
if (urlpatterns[id] ~= nil) then
checkedurl = string.match(url,urlpatterns[id]["pattern"])
if (checkedurl == nil) then
if not silent then
rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}")
end
else
checkedid = id
end
end
return checkedurl, checkedid
end
-- Check if an url matches a known forge
local function idforge(url, silent)
local forgeurl = nil
local forge = nil
if (url ~= "") then
forge = string.match(url, "^[^:]+://([^/]+)/")
if (forge == nil) then
if not silent then
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}")
end
else
if (forge == "pagure.io") then
if string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then
forge = "pagure_ns_fork"
elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then
forge = "pagure_fork"
elseif string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then
forge = "pagure_ns"
elseif string.match(url, "[^:]+://pagure.io/[^/]+") then
forge = "pagure"
end
elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
forge = "gitlab"
elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
forge = "github"
end
forgeurl, forge = checkforgeurl(url, forge, silent)
end
end
return forgeurl, forge
end
-- The forgemeta macro main processing function
-- See the documentation in the macros.forge file for argument description
-- Also called directly by gometa
local function meta(suffix, verbose, informative, silent)
local fedora = require "fedora.common"
local ismain = (suffix == "") or (suffix == "0")
if ismain then
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
"archivename", "archiveext", "archiveurl",
"topdir", "extractdir", "repo", "owner", "namespace",
"scm", "tag", "commit", "shortcommit", "branch", "version",
"date", "distprefix"}, verbose)
end
local variables = {
default = {
scm = "git",
archiveext = "tar.bz2",
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
archivename = "%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
topdir = "%{archivename" .. suffix .. "}" },
gitlab = {
archiveurl = "%{forgeurl" .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
pagure = {
archiveext = "tar.gz",
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
pagure_ns = {
archiveext = "tar.gz",
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}',
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
archivename = "%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
pagure_fork = {
archiveext = "tar.gz",
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}',
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}',
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
pagure_ns_fork = {
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}',
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}',
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}',
archivename = "%{owner" .. suffix .. "}-%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
["gitea.com"] = {
archiveext = "tar.gz",
archivename = "%{fileref" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
topdir = "%{repo}" },
github = {
archiveext = "tar.gz",
archivename = "%{repo" .. suffix .. "}-%{fileref" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
["code.googlesource.com"] = {
archiveext = "tar.gz",
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}',
archiveurl = "%{forgeurl" .. suffix .. "}/+archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
topdir = "" },
["bitbucket.org"] = {
shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit' .. suffix .. '}"), 1, 12))}',
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{shortcommit" .. suffix .. "}",
archiveurl = "%{forgeurl" .. suffix .. "}/get/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}" } }
-- Packaging a moving branch is quite a bad idea, but since at least Gitlab
-- will treat branches and tags the same way better support branches explicitly
-- than have packagers hijack %{tag} to download branch states
local spec = {}
for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
end
-- Compute the reference of the object to fetch
local isrelease = false
if (spec["tag"] ~= "") then ref = "%{?tag" .. suffix .. "}"
elseif (spec["commit"] ~= "") then ref = "%{?commit" .. suffix .. "}"
elseif (spec["branch"] ~= "") then ref = "%{?branch" .. suffix .. "}"
else ref = "%{?version" .. suffix .. "}"
isrelease = true
end
if (rpm.expand(ref) == "") then
if (suffix == "") then
rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}")
else
rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}")
end
end
local forgeurl = spec["forgeurl"]
-- For backwards compatibility only
local expliciturl = rpm.expand("%{?-u*}")
if (expliciturl ~= "") then
rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}")
forgeurl = expliciturl
end
local forge
forgeurl, forge = idforge(forgeurl, silent)
if (forge ~= nil) then
fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose)
-- Custom processing of quirky forges that can not be handled with simple variables
if (forge == "github") then
-- Workaround the way GitHub injects "v"s before some version strings (but not all!)
-- To package one of the minority of sane GitHub projects that do not munge their version
-- strings set tag to %{version} in your spec
local fileref = ref
if (ref == "%{?version" .. suffix .. "}") then
ref = "v" .. ref
elseif (fileref ~= "%{?commit" .. suffix .. "}") and
string.match(rpm.expand(fileref), "^v[%d]") then
fileref = string.gsub(rpm.expand(fileref), "^v", "")
elseif (string.match(rpm.expand(fileref), "/")) then
fileref = string.gsub(rpm.expand(fileref), "/", "-")
end
fedora.safeset("fileref" .. suffix, fileref, verbose)
elseif (forge == "gitea.com") then
-- Workaround the way gitea mangles /s in ref names
local fileref = ref
fileref = string.gsub(rpm.expand(fileref), "/", "-")
fedora.safeset("fileref" .. suffix, fileref, verbose)
elseif (forge == "code.googlesource.com") then
if (ref == "%{?version" .. suffix .. "}") then
ref = "v" .. ref
end
elseif (forge == "bitbucket.org") then
if (spec["commit"] == "") then
rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}")
end
end
fedora.safeset("ref" .. suffix, ref, verbose)
-- Mass setting of the remaining variables
for k,v in pairs(variables[forge]) do
fedora.safeset(k .. suffix, variables[forge][k], verbose)
end
for k,v in pairs(variables["default"]) do
if (variables[forge][k] == nil) then
fedora.safeset(k .. suffix, variables["default"][k], verbose)
end
end
end
-- Generic rules
for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
end
-- Source URL processing (computing the forgesource spec variable)
local forgesource = "%{archiveurl" .. suffix .. "}"
if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then
forgesource = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}"
end
fedora.safeset("forgesource" .. suffix, forgesource, verbose)
-- Setup processing (computing the forgesetup and extractdir variables)
local forgesetupargs = "-n %{extractdir" .. suffix .. "}"
local extractdir = "%{topdir" .. suffix .. "}"
if (spec["topdir"] == "") then
forgesetupargs = "-c " .. forgesetupargs
extractdir = "%{archivename" .. suffix .. "}"
end
if not ismain then
if (spec["topdir"] ~= "") then
forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs
else
forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs
end
end
fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose)
fedora.safeset("extractdir" .. suffix, extractdir, verbose)
-- dist processing (computing the correct prefix for snapshots)
local distprefix = ""
if not isrelease then
distprefix = string.lower(rpm.expand(ref))
if (ref == "%{?commit" .. suffix .. "}") then
distprefix = string.sub(distprefix, 1, 7)
elseif (ref ~= "%{?branch" .. suffix .. "}") then
distprefix = string.gsub(distprefix, "[%p%s]+", ".")
distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "")
local v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".")
for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do
distprefix = getversionsuffix(distprefix, p .. v)
end
distprefix = string.gsub(distprefix, "^%.", "")
end
if (distprefix ~= "") then
distprefix = "%{scm" .. suffix .. "}" .. distprefix
date = rpm.expand("%{?date" .. suffix .. "}")
if (date ~= "") then
distprefix = date .. distprefix
else
distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix
end
distprefix = "." .. distprefix
end
end
if (spec["version"] ~= "") and
(spec["version"] ~= "0") and
(spec["version"] ~= rpm.expand("%{?version}")) then
distprefix = ".%{version" .. suffix .. "}" .. distprefix
end
if (rpm.expand(distprefix) ~= "") then
if not ismain then
distprefix = string.gsub(distprefix, "^%.", ".s")
end
fedora.safeset ("distprefix" .. suffix, distprefix, verbose)
end
if ismain then
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
"archivename", "archiveext", "archiveurl",
"topdir", "extractdir", "repo", "owner", "namespace",
"scm", "shortcommit", "distprefix"}, verbose)
end
-- Final spec variable summary if the macro was called with -i
if informative then
rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}")
fedora.echovars({"forgeurl", "forgesource", "forgesetupargs",
"archivename", "archiveext", "archiveurl",
"topdir", "extractdir", "repo", "owner", "namespace",
"scm", "tag", "commit", "shortcommit", "branch", "version",
"date", "distprefix"}, suffix)
fedora.echovars({"dist"},"")
rpm.expand("%{echo: (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}")
end
end
return {
meta = meta,
}

111
SOURCES/gpgverify Executable file
View File

@ -0,0 +1,111 @@
#!/bin/bash
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
#
# This material is provided as is, with absolutely no warranty expressed
# or implied. Any use is at your own risk.
#
# Permission is hereby granted to use or copy this shellscript
# for any purpose, provided the above notices are retained on all copies.
# Permission to modify the code and to distribute modified code is granted,
# provided the above notices are retained, and a notice that the code was
# modified is included with the above copyright notice.
function print_help {
cat <<'EOF'
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
verifies a file against a detached OpenPGP signature and a keyring. The keyring
shall contain all the keys that are trusted to certify the authenticity of the
file, and must not contain any untrusted keys.
The differences, compared to invoking gpgv directly, are that gpgverify accepts
the keyring in either ASCII-armored or unarmored form, and that it will not
accidentally use a default keyring in addition to the specified one.
Parameters:
--keyring=<pathname> keyring with all the trusted keys and no others
--signature=<pathname> detached signature to verify
--data=<pathname> file to verify against the signature
EOF
}
fatal_error() {
message="$1" # an error message
status=$2 # a number to use as the exit code
echo "gpgverify: $message" >&2
exit $status
}
require_parameter() {
term="$1" # a term for a required parameter
value="$2" # Complain and terminate if this value is empty.
if test -z "${value}" ; then
fatal_error "No ${term} was provided." 2
fi
}
check_status() {
action="$1" # a string that describes the action that was attempted
status=$2 # the exit code of the command
if test $status -ne 0 ; then
fatal_error "$action failed." $status
fi
}
# Parse the command line.
keyring=
signature=
data=
for parameter in "$@" ; do
case "${parameter}" in
(--help)
print_help
exit
;;
(--keyring=*)
keyring="${parameter#*=}"
;;
(--signature=*)
signature="${parameter#*=}"
;;
(--data=*)
data="${parameter#*=}"
;;
(*)
fatal_error "Unknown parameter: \"${parameter}\"" 2
;;
esac
done
require_parameter 'keyring' "${keyring}"
require_parameter 'signature' "${signature}"
require_parameter 'data file' "${data}"
# Make a temporary working directory.
workdir="$(mktemp --directory)"
check_status 'Making a temporary directory' $?
workring="${workdir}/keyring.gpg"
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
# ASCII-armored.
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
check_status 'Decoding the keyring' $?
# Verify the signature using the decoded keyring.
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
check_status 'Signature verification' $?
# (--homedir isn't actually necessary. --dearmor processes only the input file,
# and if --keyring is used and contains a slash, then gpgv2 uses only that
# keyring. Thus neither command will look for a default keyring, but --homedir
# makes extra double sure that no default keyring will be touched in case
# another version of GPG works differently.)
# Clean up. (This is not done in case of an error that may need inspection.)
rm --recursive --force ${workdir}

5
SOURCES/libsymlink.attr Normal file
View File

@ -0,0 +1,5 @@
# Make libfoo.so symlinks require the soname-provide of the target library
%__libsymlink_requires %{_rpmconfigdir}/elfdeps --provides --soname-only
%__libsymlink_magic ^symbolic link to .*lib.*\.so\..*$
%__libsymlink_path ^.*\.so$
%__libsymlink_flags magic_and_path

372
SOURCES/macros Normal file
View File

@ -0,0 +1,372 @@
# Per-platform rpm configuration file.
#==============================================================================
# ---- per-platform macros.
#
%_vendor redhat
%_os linux
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
#==============================================================================
# ---- configure macros. note that most of these are inherited
# from the defaults.
#
%_localstatedir /var
%_pkgdocdir %{_docdir}/%{name}
%_docdir_fmt %%{NAME}
%_fmoddir %{_libdir}/gfortran/modules
%source_date_epoch_from_changelog 1
%_enable_debug_packages 1
%_include_minidebuginfo 1
%_include_gdb_index 1
%_debugsource_packages 1
%_debuginfo_subpackages 1
# GCC toolchain
%__cc_gcc gcc
%__cxx_gcc g++
%__cpp_gcc gcc -E
# Clang toolchain
%__cc_clang clang
%__cxx_clang clang++
%__cpp_clang clang-cpp
# Default to the GCC toolchain
%toolchain gcc
%__cc %{expand:%%{__cc_%{toolchain}}}
%__cxx %{expand:%%{__cxx_%{toolchain}}}
%__cpp %{expand:%%{__cpp_%{toolchain}}}
#==============================================================================
# ---- compiler flags.
# C compiler flags. This is traditionally called CFLAGS in makefiles.
# Historically also available as %%{optflags}, and %%build sets the
# environment variable RPM_OPT_FLAGS to this value.
%build_cflags %{optflags}
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
%build_cxxflags %{optflags}
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
# the corresponding variable names.
%build_fflags %{optflags} -I%{_fmoddir}
# Link editor flags. This is usually called LDFLAGS in makefiles.
# (Some makefiles use LFLAGS instead.) The default value assumes that
# the flags, while intended for ld, are still passed through the gcc
# compiler driver. At the beginning of %%build, the environment
# variable RPM_LD_FLAGS to this value.
# When clang is used as a linker driver, it does not auto-detect the LTO
# bytecode and neither does bfd, so we need to explicitly pass the -flto
# flag when linking.
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %{_annotation_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_lto_cflags}" : "" ]
# Expands to shell code to set the compiler/linker environment
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
# been set implicitly at the start of the %%build section.
# LT_SYS_LIBRARY_PATH is used by libtool script.
%set_build_flags \
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
CC="${CC:-%{__cc}}" ; export CC ; \
CXX="${CXX:-%{__cxx}}" ; export CXX
# Internal-only. Do not use. Expand a variable and strip the flags
# not suitable to extension builders.
%__extension_strip_flags() %{lua:
local name = rpm.expand("%{1}")
local value = " " .. rpm.expand("%{build_" .. name .. "}")
local specs_pattern = "%s+-specs=[^%s]+"
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, "")
print(result)
}
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
# extension builders.
%extension_cflags %{__extension_strip_flags cflags}
%extension_cxxflags %{__extension_strip_flags cxxflags}
%extension_fflags %{__extension_strip_flags fflags}
%extension_ldflags %{__extension_strip_flags ldflags}
# Deprecated names. For backwards compatibility only.
%__global_cflags %{build_cflags}
%__global_cxxflags %{build_cxxflags}
%__global_fflags %{build_fflags}
%__global_fcflags %{build_fflags}
%__global_ldflags %{build_ldflags}
# Architecture-specific support. Internal. Do not use directly.
%__cflags_arch_x86_64 %[0%{?rhel} >= 9 ? "-march=x86-64-v2" : ""]
# Also used for s390.
%__cflags_arch_s390x %[0%{?rhel} >= 9 ? "-march=z14 -mtune=z15" : "-march=zEC12 -mtune=z13"]
# Also used for ppc64le.
%__cflags_arch_ppc64le %[0%{?rhel} >= 9 ? "-mcpu=power9 -mtune=power9" : "-mcpu=power8 -mtune=power8"]
#==============================================================================
# ---- configure and makeinstall.
#
%_configure_gnuconfig_hack 1
%_configure_libtool_hardening_hack 1
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
# to be added to the list of options passed to the configure script.
# Eventually we'll want to turn this on by default, but this gives packagers a
# way to turn it back off.
# %_configure_disable_silent_rules 1
# This fixes various easy resolved configure tests that are compromised by LTO.
#
# We use this within the standard %configure macro, but also make it available
# for packages which don't use %configure
#
# The first three are common ways to test for the existence of a function, so
# we ensure the reference to the function is preserved
#
# The fourth are constants used to then try to generate NaNs and other key
# floating point numbers. We then use those special FP numbers to try and
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
# from removing the computation
#
# The fifth (and worst) addresses problems with autoconf/libtool's approach
# to extracting symbols from .o files and generating C code. In an LTO world
# types matter much more closely and you can't have an object in one context
# that is a function definition and a simple scalar variable in another.
# Thankfully HP-UX has always had that restriction and is supported by
# autoconf/libtool. The insane sed script replaces the "generic" code with
# the HP-UX version.
#
# If we do not make changes, we put the original file back. This avoids
# unnecessary rebuilds of things that may have dependencies on the configure
# files.
#
%_fix_broken_configure_for_lto \
for file in $(find . -type f -name configure -print); do \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
diff -u $file.backup $file && mv $file.backup $file \
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
diff -u $file.backup $file && mv $file.backup $file \
done
%configure \
%{set_build_flags}; \
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
done ; \
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
for i in $(find . -name ltmain.sh) ; do \
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
done ; \
%{_configure} --build=%{_build} --host=%{_host} \\\
--program-prefix=%{?_program_prefix} \\\
--disable-dependency-tracking \\\
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
#==============================================================================
# ---- Build policy macros.
#
#
#---------------------------------------------------------------------
# Expanded at beginning of %install scriptlet.
#
%__spec_install_pre %{___build_pre}\
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
mkdir "$RPM_BUILD_ROOT"\
%{nil}
#---------------------------------------------------------------------
# Expanded at end of %install scriptlet.
#
%__arch_install_post /usr/lib/rpm/check-buildroot
# Build root policy macros. Standard naming:
# convert all '-' in basename to '_', add two leading underscores.
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
%__brp_compress /usr/lib/rpm/brp-compress
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
%__brp_python_bytecompile /usr/lib/rpm/redhat/brp-python-bytecompile "" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
%__brp_fix_pyc_reproducibility /usr/lib/rpm/redhat/brp-fix-pyc-reproducibility
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
# __brp_mangle_shebangs_exclude - shebangs to exclude
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
# __brp_mangle_shebangs_exclude_from - files to ignore
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
%__os_install_post \
%{?__brp_ldconfig} \
%{?__brp_compress} \
%{!?__debug_package:\
%{?__brp_strip} \
%{?__brp_strip_comment_note} \
} \
%{?__brp_strip_lto} \
%{?__brp_strip_static_archive} \
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
%{?py_reproducible_pyc_path:%{?__brp_fix_pyc_reproducibility} "%{py_reproducible_pyc_path}"} \
%{?__brp_python_hardlink} \
%{?__brp_mangle_shebangs} \
%{nil}
%__spec_install_post\
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{nil}
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
%%install\
%{nil}
#
# Should missing buildids terminate a build?
%_missing_build_ids_terminate_build 1
#
## Automatically compile python files
%py_auto_byte_compile 1
#
## Should python bytecompilation errors terminate a build?
%_python_bytecompile_errors_terminate_build 1
## Should python bytecompilation compile outisde python specific directories?
%_python_bytecompile_extra 0
# Use SHA-256 for FILEDIGESTS instead of default MD5
%_source_filedigest_algorithm 8
%_binary_filedigest_algorithm 8
# Use Zstandard compression for binary payloads
%_binary_payload w19.zstdio
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
# Harden packages by default for Fedora 23+:
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
# Use "%undefine _hardened_build" to disable.
%_hardened_build 1
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
# Add extra information to binary objects created by the compiler:
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
# Use "%undefine _annotated_build" to disable.
%_annotated_build 1
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
# The annobin plugin is not built for clang yet
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
%_annotation_cflags %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
%_annotation_ldflags %{?_lto_cflags:%{_annotation_cflags}}
# Fail linking if there are undefined symbols. Required for proper
# ELF symbol versioning support. Disabled by default.
# Use "%define _ld_strict_symbol_defs 1" to enable.
#%_ld_strict_symbol_defs 1
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
# use "%undefine _ld_as_needed" to disable.
%_ld_as_needed 1
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
# LTO is the default in Fedora.
# "%define _lto_cflags %{nil}" to opt out
#
# We currently have -ffat-lto-objects turned on out of an abundance of
# caution. To remove it we need to do a check of the installed .o/.a files
# to verify they have real sections/symbols after LTO stripping. That
# way we can detect installing an unusable .o/.a file. This is on the TODO
# list for F34.
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
%_clang_lto_cflags -flto
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
%_warning_options -Wall -Werror=format-security
%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
# Common variables are no longer generated by default by gcc and clang
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
%_legacy_options %{?_legacy_common_support: -fcommon}
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
# Automatically trim changelog entries after 2 years
%_changelog_trimtime %{lua:print(os.time() - 2 * 365 * 86400)}
#==============================================================================
# ---- Generic auto req/prov filtering macros
#
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
# prevent anything matching from being scanned for provides
%filter_provides_in(P) %{expand: \
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
}
# prevent anything matching from being scanned for requires
%filter_requires_in(P) %{expand: \
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
}
# filter anything matching out of the provides stream
%filter_from_provides() %{expand: \
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
}
# filter anything matching out of the requires stream
%filter_from_requires() %{expand: \
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
}
# actually set up the filtering bits
%filter_setup %{expand: \
%global _use_internal_dependency_generator 0 \
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
}

39
SOURCES/macros.dwz Normal file
View File

@ -0,0 +1,39 @@
# Macros for reducing debug info size using dwz(1) utility.
# The two default values below should result in dwz taking at most
# 3GB of RAM or so on 64-bit hosts and 2.5GB on 32-bit hosts
# on the largest *.debug files (in mid 2012 those are
# libreoffice-debuginfo, debuginfos containing
# libxul.so.debug and libwebkitgtk-*.so.*.debug).
# This needs to be tuned based on the amount of available RAM
# on build boxes for each architecture as well as virtual address
# space limitations if dwz is 32-bit program. While it needs less
# memory than 64-bit program because pointers are smaller, it can
# never have more than 4GB-epsilon of RAM and on some architecture
# even less than that (e.g. 2GB).
# Number of debugging information entries (DIEs) above which
# dwz will stop considering file for multifile optimizations
# and enter a low memory mode, in which it will optimize
# in about half the memory needed otherwise.
%_dwz_low_mem_die_limit 10000000
# Number of DIEs above which dwz will stop processing
# a file altogether.
%_dwz_max_die_limit 50000000
# On x86_64 increase the higher limit to make libwebkit* optimizable.
# libwebkit* in mid 2012 contains roughly 87mil DIEs, and 64-bit
# dwz is able to optimize it from ~1.1GB to ~410MB using 5.2GB of RAM.
%_dwz_max_die_limit_x86_64 110000000
# On ARM, build boxes often have only 512MB of RAM and are very slow.
# Lower both the limits.
%_dwz_low_mem_die_limit_armv5tel 4000000
%_dwz_low_mem_die_limit_armv7hl 4000000
%_dwz_max_die_limit_armv5tel 10000000
%_dwz_max_die_limit_armv7hl 10000000
%_dwz_limit() %{expand:%%{?%{1}_%{_arch}}%%{!?%{1}_%{_arch}:%%%{1}}}
%_find_debuginfo_dwz_opts --run-dwz\\\
--dwz-low-mem-die-limit %{_dwz_limit _dwz_low_mem_die_limit}\\\
--dwz-max-die-limit %{_dwz_limit _dwz_max_die_limit}

63
SOURCES/macros.fedora-misc Normal file
View File

@ -0,0 +1,63 @@
# Fedora macros, safe to use after the SRPM build stage
# Lists files matching inclusion globs, excluding files matching exclusion
# globs
#  globs are space-separated lists of shell globs. Such lists require
# %{quote:} use when passed as rpm arguments or flags.
# Control variables, flags and arguments:
# %{listfiles_include} inclusion globs
# %{listfiles_exclude} exclusion globs
# -i <globs> inclusion globs
# -x <globs> exclusion globs
# … arguments passed to the macro without flags will be
# interpreted as inclusion globs
%listfiles(i:x:) %{expand:
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
while IFS= read -r finc ; do
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
| sort -u | grep -q "${finc}" || echo "${finc}"
done <<< "${listfiles_include}"
%else
echo "${listfiles_include}"
%endif
%endif
}
# https://github.com/rpm-software-management/rpm/issues/581
# Writes the contents of a list of rpm variables to a macro file
# Control variables, flags and arguments:
# -f <filename> the macro file to process:
#  it must contain corresponding anchors
# for example %writevars -f myfile foo bar will replace:
# @@FOO@@ with the rpm evaluation of %{foo} and
# @@BAR@@ with the rpm evaluation of %{bar}
# in myfile
%writevars(f:) %{lua:
local fedora = require "fedora.common"
local macrofile = rpm.expand("%{-f*}")
local rpmvars = {}
for i = 1, rpm.expand("%#") do
table.insert(rpmvars, rpm.expand("%" .. i))
end
fedora.writevars(macrofile,rpmvars)
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}

43
SOURCES/macros.fedora-misc-srpm Normal file
View File

@ -0,0 +1,43 @@
# Fedora macros, safe to use at SRPM build stage
# A directory for rpm macros
%rpmmacrodir /usr/lib/rpm/macros.d
# A directory for appdata metainfo. This has changed between releases so a
# macro is useful.
%_metainfodir %{_datadir}/metainfo
# A directory for SWID tag files describing the installation
%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
# Applies the fedora.wordwrap filter to the content of an rpm variable, and
# prints the result.
#  putting multiple lines of UTF-8 text inside a variable is usually
# accomplished with %{expand:some_text}
# Control variables, flags and arguments:
# -v <variable_name> (default value: _description)
%wordwrap(v:) %{lua:
local fedora = require "fedora.common"
local variable = "%{?" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
print(fedora.wordwrap(variable))
}
# A single Name: and %package substitute
# Control variables, flags and arguments:
# %{source_name} the SRPM name
# %{source_summary} the SRPM summary
# %{source_description} the SRPM description
# -n <name> declare a package named <name>
# (%package-like behavior)
# -v be verbose
# %1 declare a package named %{source_name}-%{%1}
# (%package-like behavior)
%new_package(n:v) %{lua:
local fedora = require "fedora.common"
local pkg_name = fedora.readflag("n")
local verbose = fedora.hasflag("v")
local name_suffix = fedora.read("1")
local source_name = fedora.read("source_name")
local first = not ( fedora.read("name") or fedora.read("currentname") )
fedora.new_package(source_name, pkg_name, name_suffix, first, verbose)
}

70
SOURCES/macros.forge Normal file
View File

@ -0,0 +1,70 @@
# Computes forge-related variables for use in the rest of the spec file
# Control variables, flags and arguments:
# %{forgeurl<number>} the project url on the target forge
# %{tag<number>} the packaged tag, OR
# %{commit<number>} the packaged commit, OR
# %{version<number>} the packaged version
# %{version}/%{version0} are set via:
# Version:
# because git is lacking a built-in version
# reference, %{version<number>} will be translated
# into %{tag<number>} using unreliable heuristics;
# set %{tag<number>} directly if those fail
# %{date<number>} the packaged timestamp
# … %forgemeta will compute a huge number of variables:
# — the packager can override it by setting some of
# those before the %forgemeta call
# use the -i flag to list those variables
# -z <number> only process the zth block of definitions
# "" for the no-suffix block
# -i list the resulting variable values
# -s silently ignore problems in %{forgeurl<number>}
# -v be verbose
# -a process all sources in one go, instead of using
# separate -z calls
%forgemeta(z:isva) %{lua:
local fedora = require "fedora.common"
local forge = require "fedora.srpm.forge"
local verbose = rpm.expand("%{-v}") ~= ""
local informative = rpm.expand("%{-i}") ~= ""
local silent = rpm.expand("%{-s}") ~= ""
local processall = (rpm.expand("%{-a}") ~= "") and (rpm.expand("%{-z}") == "")
if processall then
for _,s in pairs(fedora.getsuffixes("forgeurl")) do
forge.meta(s,verbose,informative,silent)
end
else
forge.meta(rpm.expand("%{-z*}"),verbose,informative,silent)
end
}
# Unpacks sources computed by %forgemeta
# Control variables, flags and arguments:
# %{forgesource<number>} the source archive that will be processed
# %{forgesetupargs<number>} %setup arguments
# -z <number> only process the zth block of definitions
# "" for the no-suffix block
# -v be verbose
# -a process all sources in one go, instead of using
# separate -z calls
%forgesetup(z:va) %{lua:
local fedora = require "fedora.common"
if (rpm.expand("%{-z}") == "") and (rpm.expand("%{-a}") ~= "") then
for _,s in pairs(fedora.getsuffixes("forgesetupargs")) do
print(rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. s .. "}\\n"))
end
else
print( rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
end
}
# Calls %autosetup using %forgemeta results
# this will probably be removed since it is unsafe in presence of multiple
# sources
# Control variables, flags and arguments:
# -z <number> process the zth block of definitions
# -v -N -S -p relayed to %autosetup
%forgeautosetup(z:vNS:p:q) %{lua:
print(rpm.expand("%autosetup %{-v} %{-N} %{?-S} %{?-p} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
}

2
SOURCES/macros.ldc-srpm Normal file
View File

@ -0,0 +1,2 @@
# arches that ldc builds on
%ldc_arches %{ix86} x86_64 %{arm} aarch64

9
SOURCES/macros.ldconfig Normal file
View File

@ -0,0 +1,9 @@
#%ldconfig /sbin/ldconfig
%ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
%end}
%ldconfig_postun(n:) %{?ldconfig:%postun -p %ldconfig %{?*} %{-n:-n %{-n*}}\
%end}
%ldconfig_scriptlets(n:) %{?ldconfig:\
%ldconfig_post %{?*} %{-n:-n %{-n*}}\
%ldconfig_postun %{?*} %{-n:-n %{-n*}}\
}

5
SOURCES/macros.mono-srpm Normal file
View File

@ -0,0 +1,5 @@
# arches that mono builds on
%mono_arches %{ix86} x86_64 sparc sparcv9 ia64 %{arm} aarch64 alpha s390x ppc ppc64 ppc64le
%_monodir %{_prefix}/lib/mono
%_monogacdir %{_monodir}/gac

7
SOURCES/macros.nodejs-srpm Normal file
View File

@ -0,0 +1,7 @@
# nodejs_arches lists what arches Node.js and dependent packages run on.
#
# Enabling Node.js on other arches requires porting the V8 JavaScript JIT to
# those arches. Support for POWER and aarch64 arrived in nodejs v4. Support
# for s390x arrived in nodejs v6
%nodejs_arches %{ix86} x86_64 %{arm} aarch64 %{power64} s390x

3
SOURCES/macros.valgrind-srpm Normal file
View File

@ -0,0 +1,3 @@
# valgrind_arches lists what arches Valgrind works on
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64

7
SOURCES/macros.vpath Normal file
View File

@ -0,0 +1,7 @@
# ---- VPATH default settings
# directory where CMakeLists.txt/meson.build/etc. are placed
%_vpath_srcdir .
# directory (doesn't need to exist) where all generated build files will be placed
%_vpath_builddir %{_vendor}-%{_target_os}-build

2
SOURCES/redhat-annobin-cc1 Normal file
View File

@ -0,0 +1,2 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

199
SOURCES/redhat-annobin-plugin-select.sh Normal file
View File

@ -0,0 +1,199 @@
#!/usr/bin/sh
# This is a script to select which GCC spec file fragment
# should be the destination of the redhat-annobin-cc1 symlink.
# Author: Nick Clifton <nickc@redhat.com>
# Copyright (c) 2021-2022 Red Hat.
#
# This is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published
# by the Free Software Foundation; either version 2, or (at your
# option) any later version.
# It is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Usage:
# redhat-annobin-plugin-select [script-dir]
#
# If script-dir is not provided then /usr/lib/rpm/redhat is used
# as the location where all of the annobin plugin selection files
# can be found.
if test "x$1" = "x" ;
then
rrcdir=/usr/lib/rpm/redhat
else
rrcdir=$1
fi
# Set this variable to non-zero to enable the generation of debugging
# messages.
debug=0
# Decide which version of the annobin plugin for gcc should be used.
# There are two possible versions, one created by the annobin package and one
# created by the gcc package. The logic selects the gcc version unless both
# have been built by the same version of the compiler. In that case the
# annobin version is selected instead.
#
# The point of all this is that the annobin plugin is very sensitive to
# mismatches with the version of gcc that built it. If the plugin is built
# by version A of gcc, but then run on version B of gcc, it is possible for
# the plugin to misbehave, which then causes problems if gating tests examine
# the plugin's output. (This has happened more than once in RHEL...).
#
# So the plugin is built both by gcc and by the annobin package. This means
# that whenever gcc is updated a fresh plugin is built, and the logic below
# will select that version. But in order to allow annobin development to
# proceed independtently of gcc, the annobin package can also update its
# version of the plugin, and the logic will select this new version.
# This is where the annobin package stores the information on the version
# of gcc that built the annobin plugin.
aver=`gcc --print-file-name=plugin`/annobin-plugin-version-info
# This is where the gcc package stores its version information.
gver=`gcc --print-file-name=rpmver`
aplugin=`gcc --print-file-name=plugin`/annobin.so.0.0.0
gplugin=`gcc --print-file-name=plugin`/gcc-annobin.so.0.0.0
# This is the file that needs to be updated when either of those version
# files changes.
rac1=redhat-annobin-cc1
# This is the GCC spec file fragment that selects the gcc-built version of
# the annobin plugin
select_gcc=redhat-annobin-select-gcc-built-plugin
# This is the GCC spec file fragment that selects the annobin-built version
# of the annobin plugin
select_annobin=redhat-annobin-select-annobin-built-plugin
install_annobin_version=0
install_gcc_version=0
if [ -f $aplugin ]
then
if [ -f $gplugin ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Both plugins exist, checking version information"
fi
if [ -f $gver ]
then
if [ -f $aver ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Both plugin version files exist - comparing..."
fi
# Get the first line from the version info files. This is just in
# vase there are extra lines in the files.
avers=`head --lines=1 $aver`
gvers=`head --lines=1 $gver`
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Annobin plugin built by gcc $avers"
echo " redhat-rpm-config: GCC plugin built by gcc $gvers"
fi
# If both plugins were built by the same version of gcc then select
# the one from the annobin package (in case it is built from newer
# sources). If the plugin builder versions differ, select the gcc
# built version instead. This assumes that the gcc built version
# always matches the installed gcc, which should be true.
if [ $avers = $gvers ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Both plugins built by the same compiler - using annobin-built plugin"
fi
install_annobin_version=1
else
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Versions differ - using gcc-built plugin"
fi
install_gcc_version=1
fi
else
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Annobin version file does not exist, using gcc-built plugin"
fi
install_gcc_version=1
fi
else
if [ -f $aver ]
then
# FIXME: This is suspicious. If the installed GCC does not supports plugins
# then enabling the annobin plugin will not work.
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: GCC plugin version file does not exist, using annobin-built plugin"
fi
install_annobin_version=1
else
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Neither version file exists - playing safe and using gcc-built plugin"
echo " redhat-rpm-config: Note: expected to find $aver and/or $gver"
fi
install_gcc_version=1
fi
fi
else
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Only the annobin plugin exists - using that"
fi
install_annobin_version=1
fi
else
if [ -f $gplugin ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Only the gcc plugin exists - using that"
fi
else
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Neither plugin exists - playing safe and using gcc-built plugin"
echo " redhat-rpm-config: Note: expected to find $aplugin and/or $gplugin"
fi
fi
install_gcc_version=1
fi
if [ $install_annobin_version -eq 1 ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Installing annobin version of $rac1"
fi
pushd $rrcdir > /dev/null
rm -f $rac1
ln -s $select_annobin "$rac1"
popd > /dev/null
else if [ $install_gcc_version -eq 1 ]
then
if [ $debug -eq 1 ]
then
echo " redhat-rpm-config: Installing gcc version of $rac1"
fi
pushd $rrcdir > /dev/null
rm -f $rac1
ln -s $select_gcc $rac1
popd > /dev/null
fi
fi

2
SOURCES/redhat-annobin-select-annobin-built-plugin Normal file
View File

@ -0,0 +1,2 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

2
SOURCES/redhat-annobin-select-gcc-built-plugin Normal file
View File

@ -0,0 +1,2 @@
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=gcc-annobin}

2
SOURCES/redhat-hardened-cc1 Normal file
View File

@ -0,0 +1,2 @@
*cc1_options:
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}

1
SOURCES/redhat-hardened-clang.cfg Normal file
View File

@ -0,0 +1 @@
-fPIE

2
SOURCES/redhat-hardened-ld Normal file
View File

@ -0,0 +1,2 @@
*self_spec:
+ %{!static:%{!shared:%{!r:-pie}}}

97
SOURCES/rpmrc Normal file
View File

@ -0,0 +1,97 @@
include: /usr/lib/rpm/rpmrc
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ia64 %{__global_compiler_flags}
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
optflags: alpha %{__global_compiler_flags} -mieee
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
optflags: m68k %{__global_compiler_flags}
optflags: ppc %{__global_compiler_flags} -m32 -fasynchronous-unwind-tables
optflags: ppciseries %{__global_compiler_flags} -m32
optflags: ppcpseries %{__global_compiler_flags} -m32
optflags: ppc64 %{__global_compiler_flags} -m64 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ppc64le %{__global_compiler_flags} -m64 %{__cflags_arch_ppc64le} -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ppc64iseries %{__global_compiler_flags} -m64
optflags: ppc64pseries %{__global_compiler_flags} -m64
optflags: ppc8260 %{__global_compiler_flags} -m32
optflags: ppc8560 %{__global_compiler_flags} -m32
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
optflags: atarist %{__global_compiler_flags}
optflags: atariste %{__global_compiler_flags}
optflags: ataritt %{__global_compiler_flags}
optflags: falcon %{__global_compiler_flags}
optflags: atariclone %{__global_compiler_flags}
optflags: milan %{__global_compiler_flags}
optflags: hades %{__global_compiler_flags}
optflags: s390 %{__global_compiler_flags} -m31 %{__cflags_arch_s390x} -fasynchronous-unwind-tables
optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchronous-unwind-tables -fstack-clash-protection
optflags: aarch64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
# set build arch to fedora buildarches on hardware capable of running it
# saves having to do rpmbuild --target=
buildarchtranslate: athlon: i686
buildarchtranslate: geode: i686
buildarchtranslate: pentium4: i686
buildarchtranslate: pentium3: i686
buildarchtranslate: i686: i686
buildarchtranslate: i586: i586
buildarchtranslate: sparcv9: sparcv9
buildarchtranslate: sparcv9v: sparcv9
buildarchtranslate: armv5tejl: armv5tel
buildarchtranslate: armv6l: armv5tel
buildarchtranslate: armv7l: armv5tel
buildarchtranslate: armv7hl: armv7hl
buildarchtranslate: armv7hnl: armv7hl

1354
SPECS/redhat-rpm-config.spec Normal file
View File

File diff suppressed because it is too large Load Diff