RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/redhat-rpm-config#68541612591bce70d6ea46de1f747e6259d71636
This commit is contained in:
parent
6af5644ec0
commit
3cb3054de7
4
.gitignore
vendored
4
.gitignore
vendored
@ -0,0 +1,4 @@
|
|||||||
|
*.noarch.rpm
|
||||||
|
*.src.rpm
|
||||||
|
results_redhat-rpm-config/
|
||||||
|
.build-*.log
|
30
STAGE2-redhat-rpm-config
Normal file
30
STAGE2-redhat-rpm-config
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
#requires libtool
|
||||||
|
|
||||||
|
cd $SRC/redhat-rpm-config-*
|
||||||
|
|
||||||
|
# makefile has been removed :/
|
||||||
|
# make install
|
||||||
|
|
||||||
|
RCCDIR=/usr/lib/rpm/redhat
|
||||||
|
RPMCFGDIR=/usr/lib/rpm
|
||||||
|
RPMFATTR=/usr/lib/rpm/fileattrs
|
||||||
|
|
||||||
|
mkdir -p /usr/lib/rpm/redhat
|
||||||
|
install -p -m 644 -t $RCCDIR macros rpmrc
|
||||||
|
install -p -m 444 -t $RCCDIR redhat-hardened-*
|
||||||
|
install -p -m 755 -t $RCCDIR config.*
|
||||||
|
install -p -m 755 -t $RCCDIR dist.sh rpmsort symset-table kmodtool
|
||||||
|
install -p -m 755 -t $RCCDIR brp-*
|
||||||
|
|
||||||
|
install -p -m 755 -t $RCCDIR find-*
|
||||||
|
mkdir -p $RCCDIR/find-provides.d
|
||||||
|
install -p -m 644 -t $RCCDIR/find-provides.d firmware.prov modalias.prov
|
||||||
|
|
||||||
|
mkdir -p $RPMCFGDIR/macros.d
|
||||||
|
install -p -m 644 -t $RPMCFGDIR/macros.d macros.*
|
||||||
|
|
||||||
|
mkdir -p $RPMFATTR
|
||||||
|
install -p -m 644 -t $RPMFATTR *.attr
|
||||||
|
install -p -m 755 -t $RPMCFGDIR kmod.prov
|
||||||
|
|
||||||
|
cp -p /usr/share/libtool/config/config.{guess,sub} $RCCDIR/
|
18
brp-fix-pyc-reproducibility
Normal file
18
brp-fix-pyc-reproducibility
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Defined as %py_reproducible_pyc_path macro and passed here as
|
||||||
|
# the first command-line argument
|
||||||
|
path_to_fix=$1
|
||||||
|
|
||||||
|
# First, check that the parser is available:
|
||||||
|
if [ ! -x /usr/bin/marshalparser ]; then
|
||||||
|
echo "ERROR: If %py_reproducible_pyc_path is defined, you have to also BuildRequire: /usr/bin/marshalparser !"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
find "$path_to_fix" -type f -name "*.pyc" | xargs /usr/bin/marshalparser --fix --overwrite
|
34
brp-implant-ident-static
Executable file
34
brp-implant-ident-static
Executable file
@ -0,0 +1,34 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
tempdir=`mktemp -d /tmp/implant-ident-XXXXXX`
|
||||||
|
if test -z "$tempdir" ; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
rm -f $tempdir/*
|
||||||
|
rmdir $tempdir
|
||||||
|
}
|
||||||
|
trap cleanup 0 1 2 3 4 5 6 7 8 9 11 13 14 15
|
||||||
|
|
||||||
|
for library in `find $RPM_BUILD_ROOT -type f -exec file \{\} \; | grep 'current ar archive' | sed 's,:.*,,g' ` ; do
|
||||||
|
pushd $tempdir > /dev/null
|
||||||
|
if test -n "$RPM_BUILD_ROOT" ; then
|
||||||
|
cleanedlibrary=`echo "$library" | sed s,"$RPM_BUILD_ROOT",,g`
|
||||||
|
else
|
||||||
|
cleanedlibrary="$library"
|
||||||
|
fi
|
||||||
|
ar x "$library"
|
||||||
|
for object in *.o ; do
|
||||||
|
echo '$RPM: '${RPM_PACKAGE_NAME:-UNKNOWN_NAME}-${RPM_PACKAGE_VERSION:-UNKNOWN_VERSION}-${RPM_PACKAGE_RELEASE:-UNKNOWN_RELEASE}:"$cleanedlibrary":"$object"' $' > __x_rpm_ident_string.txt
|
||||||
|
objcopy --add-section .rodata=__x_rpm_ident_string.txt "$object"
|
||||||
|
ar r "$library" "$object"
|
||||||
|
done
|
||||||
|
rm -f *.o
|
||||||
|
popd > /dev/null
|
||||||
|
done
|
105
brp-java-repack-jars
Executable file
105
brp-java-repack-jars
Executable file
@ -0,0 +1,105 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If zip is not installed, we can't repack the jars.
|
||||||
|
if [ ! -x /usr/bin/zip ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ ! -x /usr/bin/unzip ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
JARS=`find $RPM_BUILD_ROOT -type f -name \*.jar -not -size 0`
|
||||||
|
if [ ! -z "$JARS" ]; then
|
||||||
|
|
||||||
|
# make $RPM_BUILD_ROOT/tmp if it doesn't exist
|
||||||
|
rmtmp=0
|
||||||
|
if [ ! -x "$RPM_BUILD_ROOT/tmp" ]; then
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/tmp
|
||||||
|
rmtmp=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# unpack every jar, set the date of the files and directories and
|
||||||
|
# repack the jar
|
||||||
|
OLD_IFS="$IFS"
|
||||||
|
IFS=$(printf '\n\t')
|
||||||
|
for j in $JARS ; do
|
||||||
|
JARNAME=`basename "$j"`
|
||||||
|
JTMPDIR=`mktemp -d -p $RPM_BUILD_ROOT/tmp "$JARNAME.tmpdir.XXXXXXXXXX"` || exit 1
|
||||||
|
JARDIR=`mktemp -d -p $RPM_BUILD_ROOT/tmp "$JARNAME.jardir.XXXXXXXXXX"` || exit 1
|
||||||
|
TIMEREF=`mktemp -p $RPM_BUILD_ROOT/tmp "$JARNAME.timeref.XXXXXXXXXX"` || exit 1
|
||||||
|
|
||||||
|
pushd "$JTMPDIR" > /dev/null
|
||||||
|
/usr/bin/unzip -qq -o "$j"
|
||||||
|
find -type d -exec chmod a+rx,u+w {} \;
|
||||||
|
find -type f -exec chmod a+r,u+w {} \;
|
||||||
|
rm -f "$j"
|
||||||
|
|
||||||
|
# Create the directories first.
|
||||||
|
find -type d | LC_ALL=C sort | while read d; do
|
||||||
|
mkdir -p "$JARDIR/$d"
|
||||||
|
done
|
||||||
|
|
||||||
|
# Get the modtime from the newest ChangeLog. If the project
|
||||||
|
# doesn't have a ChangeLog, Jan 1, 1970 will be used.
|
||||||
|
DATE="1970-01-01 UTC"
|
||||||
|
|
||||||
|
if [ -z $_PACKAGE_BUILD_DIR ]; then
|
||||||
|
_PACKAGE_BUILD_DIR=$RPM_BUILD_DIR/$RPM_PACKAGE_NAME-$RPM_PACKAGE_VERSION
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d $_PACKAGE_BUILD_DIR ]; then
|
||||||
|
CHANGELOGS=`find $_PACKAGE_BUILD_DIR -type f -name ChangeLog`
|
||||||
|
if [ ! -z "$CHANGELOGS" ]; then
|
||||||
|
for c in $CHANGELOGS; do
|
||||||
|
TMPDATE=`stat -c %y $c | cut -d " " -f 1-2`
|
||||||
|
if [ `date --date="$TMPDATE" +%s` -gt `date --date="$DATE" +%s` ]; then
|
||||||
|
DATE="$TMPDATE"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# move the contents over to the a new directory in order and set
|
||||||
|
# the times.
|
||||||
|
find -type f | LC_ALL=C sort | while read f; do
|
||||||
|
cp "$f" "$JARDIR/$f"
|
||||||
|
touch --date="$DATE" "$JARDIR/$f"
|
||||||
|
done
|
||||||
|
popd > /dev/null
|
||||||
|
|
||||||
|
# Set the times of the directories.
|
||||||
|
find "$JARDIR" -type d | while read d; do
|
||||||
|
touch --date="$DATE" "$d"
|
||||||
|
done
|
||||||
|
|
||||||
|
# make the jar
|
||||||
|
pushd "$JARDIR" > /dev/null
|
||||||
|
|
||||||
|
if [ -n "`find -not -name '.'`" ]; then
|
||||||
|
if [ -e META-INF/MANIFEST.MF ]; then
|
||||||
|
/usr/bin/zip -q -X -9 "$j" META-INF/MANIFEST.MF
|
||||||
|
fi
|
||||||
|
find * -not -name '.' | LC_ALL=C sort | /usr/bin/zip -u -q -X -9 "$j" -@
|
||||||
|
else
|
||||||
|
# Put the empty jar back
|
||||||
|
touch "$j"
|
||||||
|
fi
|
||||||
|
popd > /dev/null
|
||||||
|
|
||||||
|
# Cleanup.
|
||||||
|
rm -rf "$JTMPDIR"
|
||||||
|
rm -rf "$JARDIR"
|
||||||
|
rm -f "$TIMEREF"
|
||||||
|
done
|
||||||
|
IFS="$OLD_IFS"
|
||||||
|
|
||||||
|
# remove $RPM_BUILD_ROOT/tmp if we created it
|
||||||
|
if [ $rmtmp -eq 1 ]; then
|
||||||
|
rm -rf $RPM_BUILD_ROOT/tmp
|
||||||
|
fi
|
||||||
|
fi
|
13
brp-ldconfig
Executable file
13
brp-ldconfig
Executable file
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/sh -efu
|
||||||
|
# Force creating of DSO symlinks.
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create an empty config file for ldconfig to shut up a warning
|
||||||
|
config=$(mktemp -p "$RPM_BUILD_ROOT")
|
||||||
|
/sbin/ldconfig -f $(basename "$config") -N -r "$RPM_BUILD_ROOT"
|
||||||
|
rm -f "$config"
|
||||||
|
# TODO: warn if it created new symlinks and guide people.
|
158
brp-mangle-shebangs
Executable file
158
brp-mangle-shebangs
Executable file
@ -0,0 +1,158 @@
|
|||||||
|
#!/bin/bash -eu
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
exclude_files=""
|
||||||
|
exclude_files_from=""
|
||||||
|
exclude_shebangs=""
|
||||||
|
exclude_shebangs_from=""
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
local verbose=$1 && shift
|
||||||
|
local outfile=$1 && shift
|
||||||
|
local status=$1 && shift
|
||||||
|
|
||||||
|
(
|
||||||
|
echo 'usage: brp-mangle-shebangs [--files <regexp>] [--files-from <file>] [--shebangs <regexp>] [--shebangs-from <file>]'
|
||||||
|
if [ "${verbose}" == "yes" ]; then
|
||||||
|
echo ' --files: extended regexp of files to ignore'
|
||||||
|
echo ' --files-from: file containing a list of extended regexps of files to ignore'
|
||||||
|
echo ' --shebangs: extended regexp of shebangs to ignore'
|
||||||
|
echo ' --shebangs-from: file containing a list of extended regexps of shebangs to ignore'
|
||||||
|
fi
|
||||||
|
) >>${outfile}
|
||||||
|
exit ${status}
|
||||||
|
}
|
||||||
|
|
||||||
|
while [ $# -gt 0 ] ; do
|
||||||
|
case "$1" in
|
||||||
|
--files)
|
||||||
|
exclude_files="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--files=*)
|
||||||
|
exclude_files="${1##--files=}"
|
||||||
|
;;
|
||||||
|
--files-from)
|
||||||
|
exclude_files_from="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--files-from=*)
|
||||||
|
exclude_files_from="${1##--files-from=}"
|
||||||
|
;;
|
||||||
|
--shebangs)
|
||||||
|
exclude_shebangs="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--shebangs=*)
|
||||||
|
exclude_shebangs="${1##--shebangs=}"
|
||||||
|
;;
|
||||||
|
--shebangs-from)
|
||||||
|
exclude_shebangs_from="${2}"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--shebangs-from=*)
|
||||||
|
exclude_shebangs_from="${1##--shebangs-from=}"
|
||||||
|
;;
|
||||||
|
--help|--usage|"-?"|-h)
|
||||||
|
usage yes /dev/stdout 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown option \"${1}\"" 1>&2
|
||||||
|
usage no /dev/stderr 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
cd "$RPM_BUILD_ROOT"
|
||||||
|
|
||||||
|
# Large packages such as kernel can have thousands of executable files.
|
||||||
|
# We take care to not fork/exec thousands of "file"s and "grep"s,
|
||||||
|
# but run just two of them.
|
||||||
|
# (Take care to exclude filenames which would mangle "file" output).
|
||||||
|
find -executable -type f ! -path '*:*' ! -path $'*\n*' \
|
||||||
|
| file -N --mime-type -f - \
|
||||||
|
| grep -P ".+(?=: text/)" \
|
||||||
|
| {
|
||||||
|
fail=0
|
||||||
|
while IFS= read -r line; do
|
||||||
|
f=${line%%:*}
|
||||||
|
|
||||||
|
# Remove the dot
|
||||||
|
path="${f#.}"
|
||||||
|
|
||||||
|
if [ -n "$exclude_files" ]; then
|
||||||
|
echo "$path" | grep -q -E "$exclude_files" && continue
|
||||||
|
fi
|
||||||
|
if [ -n "$exclude_files_from" ]; then
|
||||||
|
echo "$path" | grep -q -E -f "$exclude_files_from" && continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
read shebang_line < "$f"
|
||||||
|
orig_shebang="${shebang_line#\#!}"
|
||||||
|
if [ "$orig_shebang" = "$shebang_line" ]; then
|
||||||
|
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
chmod -x "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Trim spaces
|
||||||
|
while shebang="${orig_shebang// / }"; [ "$shebang" != "$orig_shebang" ]; do
|
||||||
|
orig_shebang="$shebang"
|
||||||
|
done
|
||||||
|
# Treat "#! /path/to " as "#!/path/to"
|
||||||
|
orig_shebang="${orig_shebang# }"
|
||||||
|
|
||||||
|
shebang="$orig_shebang"
|
||||||
|
|
||||||
|
if [ -z "$shebang" ]; then
|
||||||
|
echo >&2 "*** WARNING: $f is executable but has empty shebang, removing executable bit"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
chmod -x "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
if [ -n "${shebang##/*}" ]; then
|
||||||
|
echo >&2 "*** ERROR: $f has shebang which doesn't start with '/' ($shebang)"
|
||||||
|
fail=1
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! { echo "$shebang" | grep -q -P "^/(?:usr/)?(?:bin|sbin)/"; }; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Replace "special" env shebang:
|
||||||
|
# /whatsoever/env /whatever/foo → /whatever/foo
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^(.+)/env /(.+)$@/\2@')
|
||||||
|
# /whatsoever/env foo → /whatsoever/foo
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^(.+/)env (.+)$@\1\2@')
|
||||||
|
|
||||||
|
# If the shebang now starts with /bin, change it to /usr/bin
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1581757
|
||||||
|
shebang=$(echo "$shebang" | sed -r -e 's@^/bin/@/usr/bin/@')
|
||||||
|
|
||||||
|
# Replace ambiguous python with python2
|
||||||
|
py_shebang=$(echo "$shebang" | sed -r -e 's@/usr/bin/python(\s|$)@/usr/bin/python2\1@')
|
||||||
|
|
||||||
|
if [ "$shebang" != "$py_shebang" ]; then
|
||||||
|
echo >&2 "*** ERROR: ambiguous python shebang in $path: #!$orig_shebang. Change it to python3 (or python2) explicitly."
|
||||||
|
fail=1
|
||||||
|
elif [ "#!$shebang" != "#!$orig_shebang" ]; then
|
||||||
|
echo "mangling shebang in $path from $orig_shebang to #!$shebang"
|
||||||
|
ts=$(stat -c %y "$f")
|
||||||
|
sed -i -e "1c #!$shebang" "$f"
|
||||||
|
touch -d "$ts" "$f"
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $fail
|
||||||
|
}
|
141
brp-python-bytecompile
Executable file
141
brp-python-bytecompile
Executable file
@ -0,0 +1,141 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
errors_terminate=$2
|
||||||
|
|
||||||
|
# Usage of %_python_bytecompile_extra is not allowed anymore
|
||||||
|
# See: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3
|
||||||
|
# Therefore $1 ($default_python) is not needed and is invoked with "" by default.
|
||||||
|
# $default_python stays in the arguments for backward compatibility and $extra for the following check:
|
||||||
|
extra=$3
|
||||||
|
if [ 0$extra -eq 1 ]; then
|
||||||
|
echo -e "%_python_bytecompile_extra is discontinued, use %py_byte_compile instead.\nSee: https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_3" >/dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Figure out how deep we need to descend. We could pick an insanely high
|
||||||
|
# number and hope it's enough, but somewhere, somebody's sure to run into it.
|
||||||
|
depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \
|
||||||
|
xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c`
|
||||||
|
if [ -z "$depth" -o "$depth" -le "1" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This function now implements Python byte-compilation in three different ways:
|
||||||
|
# Python >= 3.4 and < 3.9 uses a new module compileall2 - https://github.com/fedora-python/compileall2
|
||||||
|
# Python < 3.4 (inc. Python 2) uses compileall module from stdlib with some hacks
|
||||||
|
# When we drop support for Python 2, we'd be able to use all compileall2 features like:
|
||||||
|
# - -s and -p options to manipulate with a path baked into pyc files instead of $real_libdir
|
||||||
|
# - -o 0 -o 1 to produce multiple files in one run - each with a different optimization level - instead of $options
|
||||||
|
# - removed useless $depth - both compileall and compileall2 are limited by sys.getrecursionlimit()
|
||||||
|
# These changes will make this script much simpler
|
||||||
|
# In Python >= 3.9, compileall2 was merged back to standard library (compileall) so we can use it directly again.
|
||||||
|
function python_bytecompile()
|
||||||
|
{
|
||||||
|
local options=$1
|
||||||
|
local python_binary=$2
|
||||||
|
local exclude=$3
|
||||||
|
local python_libdir=$4
|
||||||
|
local depth=$5 # Not used for Python >= 3.4
|
||||||
|
local real_libdir=$6 # Not used for Python >= 3.4
|
||||||
|
|
||||||
|
python_version=$($python_binary -c "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))")
|
||||||
|
|
||||||
|
#
|
||||||
|
# Python 3.9 and higher
|
||||||
|
#
|
||||||
|
if [ "$python_version" -ge 39 ]; then
|
||||||
|
|
||||||
|
[ ! -z $exclude ] && exclude="-x '$exclude'"
|
||||||
|
# -q disables verbose output
|
||||||
|
# -f forces the process to overwrite existing compiled files
|
||||||
|
# -x excludes paths defined by regex
|
||||||
|
# -e excludes symbolic links pointing outside the build root
|
||||||
|
# -x and -e together implements the same functionality as the Filter class below
|
||||||
|
# -s strips $RPM_BUILD_ROOT from the path
|
||||||
|
# -p prepends the leading slash to the path to make it absolute
|
||||||
|
$python_binary -B $options -m compileall -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
|
||||||
|
|
||||||
|
#
|
||||||
|
# Python 3.4 and higher
|
||||||
|
#
|
||||||
|
elif [ "$python_version" -ge 34 ]; then
|
||||||
|
|
||||||
|
[ ! -z $exclude ] && exclude="-x '$exclude'"
|
||||||
|
# /usr/lib/rpm/redhat/ contains compileall2 Python module
|
||||||
|
# -q disables verbose output
|
||||||
|
# -f forces the process to overwrite existing compiled files
|
||||||
|
# -x excludes paths defined by regex
|
||||||
|
# -e excludes symbolic links pointing outside the build root
|
||||||
|
# -x and -e together implements the same functionality as the Filter class below
|
||||||
|
# -s strips $RPM_BUILD_ROOT from the path
|
||||||
|
# -p prepends the leading slash to the path to make it absolute
|
||||||
|
PYTHONPATH=/usr/lib/rpm/redhat/ $python_binary -B $options -m compileall2 -q -f $exclude -s $RPM_BUILD_ROOT -p / -e $RPM_BUILD_ROOT $python_libdir
|
||||||
|
else
|
||||||
|
#
|
||||||
|
# Python 3.3 and lower (incl. Python 2)
|
||||||
|
#
|
||||||
|
|
||||||
|
cat << EOF | $python_binary $options
|
||||||
|
import compileall, sys, os, re
|
||||||
|
|
||||||
|
python_libdir = "$python_libdir"
|
||||||
|
depth = $depth
|
||||||
|
real_libdir = "$real_libdir"
|
||||||
|
build_root = "$RPM_BUILD_ROOT"
|
||||||
|
exclude = r"$exclude"
|
||||||
|
|
||||||
|
class Filter:
|
||||||
|
def search(self, path):
|
||||||
|
ret = not os.path.realpath(path).startswith(build_root)
|
||||||
|
if exclude:
|
||||||
|
ret = ret or re.search(exclude, path)
|
||||||
|
return ret
|
||||||
|
|
||||||
|
sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1))
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python
|
||||||
|
# bytecode that they are for.
|
||||||
|
#
|
||||||
|
# The files below RPM_BUILD_ROOT could be targeting multiple versions of
|
||||||
|
# python (e.g. a single build that emits several subpackages e.g. a
|
||||||
|
# python26-foo subpackage, a python31-foo subpackage etc)
|
||||||
|
#
|
||||||
|
# Support this by assuming that below each /usr/lib/python$VERSION/, all
|
||||||
|
# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION.
|
||||||
|
#
|
||||||
|
# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6
|
||||||
|
# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
|
||||||
|
|
||||||
|
# Disable Python hash seed randomization
|
||||||
|
# This should help with byte-compilation reproducibility: https://bugzilla.redhat.com/show_bug.cgi?id=1686078
|
||||||
|
export PYTHONHASHSEED=0
|
||||||
|
|
||||||
|
shopt -s nullglob
|
||||||
|
for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]+$"`;
|
||||||
|
do
|
||||||
|
python_binary=/usr/bin/$(basename $python_libdir)
|
||||||
|
real_libdir=${python_libdir/$RPM_BUILD_ROOT/}
|
||||||
|
echo "Bytecompiling .py files below $python_libdir using $python_binary"
|
||||||
|
|
||||||
|
# Generate normal (.pyc) byte-compiled files.
|
||||||
|
python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
|
||||||
|
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||||
|
# One or more of the files had a syntax error
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate optimized (.pyo) byte-compiled files.
|
||||||
|
python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir"
|
||||||
|
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||||
|
# One or more of the files had a syntax error
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
17
brp-strip-lto
Executable file
17
brp-strip-lto
Executable file
@ -0,0 +1,17 @@
|
|||||||
|
#!/usr/bin/sh
|
||||||
|
# If using normal root, avoid changing anything.
|
||||||
|
if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
STRIP=${1:-strip}
|
||||||
|
NCPUS=${RPM_BUILD_NCPUS:-1}
|
||||||
|
|
||||||
|
case `uname -a` in
|
||||||
|
Darwin*) exit 0 ;;
|
||||||
|
*) ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Strip ELF binaries
|
||||||
|
find "$RPM_BUILD_ROOT" -type f -name '*.[ao]' \! -regex "$RPM_BUILD_ROOT/*usr/lib/debug.*" -print0 | \
|
||||||
|
eu-elfclassify --not-program --not-library --not-linux-kernel-module --stdin0 --print0 | xargs -0 -r -P$NCPUS -n32 sh -c "$STRIP -p -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 \"\$@\"" ARG0
|
390
buildflags.md
Normal file
390
buildflags.md
Normal file
@ -0,0 +1,390 @@
|
|||||||
|
This document contains documentation of the individual compiler flags
|
||||||
|
and how to use them.
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
|
# Using RPM build flags
|
||||||
|
|
||||||
|
For packages which use autoconf to set up the build environment, use
|
||||||
|
the `%configure` macro to obtain the full complement of flags, like
|
||||||
|
this:
|
||||||
|
|
||||||
|
%configure
|
||||||
|
|
||||||
|
This will invoke the `./configure` with arguments (such as
|
||||||
|
`--prefix=/usr`) to adjust the paths to the packaging defaults.
|
||||||
|
|
||||||
|
As a side effect, this will set the environment variables `CFLAGS`,
|
||||||
|
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, `LDFLAGS` and `LT_SYS_LIBRARY_PATH`,
|
||||||
|
so they can be used by makefiles and other build tools. (However,
|
||||||
|
existing values for these variables are not overwritten.)
|
||||||
|
|
||||||
|
If your package does not use autoconf, you can still set the same
|
||||||
|
environment variables using
|
||||||
|
|
||||||
|
%set_build_flags
|
||||||
|
|
||||||
|
early in the `%build` section. (Again, existing environment variables
|
||||||
|
are not overwritten.)
|
||||||
|
|
||||||
|
Individual build flags are also available through RPM macros:
|
||||||
|
|
||||||
|
* `%{build_cflags}` for the C compiler flags (also known as the
|
||||||
|
`CFLAGS` variable). Also historically available as `%{optflags}`.
|
||||||
|
Furthermore, at the start of the `%build` section, the environment
|
||||||
|
variable `RPM_OPT_FLAGS` is set to this value.
|
||||||
|
* `%{build_cxxflags}` for the C++ compiler flags (usually assigned to
|
||||||
|
the `CXXFLAGS` shell variable).
|
||||||
|
* `%{build_fflags} for `FFLAGS` (the Fortran compiler flags, also
|
||||||
|
known as the `FCFLAGS` variable).
|
||||||
|
* `%{build_ldflags}` for the link editor (ld) flags, usually known as
|
||||||
|
`LDFLAGS`. Note that the contents quotes linker arguments using
|
||||||
|
`-Wl`, so this variable is intended for use with the `gcc` compiler
|
||||||
|
driver. At the start of the `%build` section, the environment
|
||||||
|
variable `RPM_LD_FLAGS` is set to this value.
|
||||||
|
|
||||||
|
The variable `LT_SYS_LIBRARY_PATH` is defined here to prevent the `libtool`
|
||||||
|
script (v2.4.6+) from hardcoding %_libdir into the binaries' RPATH.
|
||||||
|
|
||||||
|
These RPM macros do not alter shell environment variables.
|
||||||
|
|
||||||
|
For some other build tools separate mechanisms exist:
|
||||||
|
|
||||||
|
* CMake builds use the the `%cmake` macro from the `cmake-rpm-macros`
|
||||||
|
package.
|
||||||
|
|
||||||
|
Care must be taking not to compile the current selection of compiler
|
||||||
|
flags into any RPM package besides `redhat-rpm-config`, so that flag
|
||||||
|
changes are picked up automatically once `redhat-rpm-config` is
|
||||||
|
updated.
|
||||||
|
|
||||||
|
# Flag selection for the build type
|
||||||
|
|
||||||
|
The default flags are suitable for building applications.
|
||||||
|
|
||||||
|
For building shared objects, you must compile with `-fPIC` in
|
||||||
|
(`CFLAGS` or `CXXFLAGS`) and link with `-shared` (in `LDFLAGS`).
|
||||||
|
|
||||||
|
For other considerations involving shared objects, see:
|
||||||
|
|
||||||
|
* [Fedora Packaging Guidelines: Shared Libraries](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_shared_libraries)
|
||||||
|
|
||||||
|
# Customizing compiler flags
|
||||||
|
|
||||||
|
It is possible to set RPM macros to change some aspects of the
|
||||||
|
compiler flags. Changing these flags should be used as a last
|
||||||
|
recourse if other workarounds are not available.
|
||||||
|
|
||||||
|
### Lazy binding
|
||||||
|
|
||||||
|
If your package depends on the semantics of lazy binding (e.g., it has
|
||||||
|
plugins which load additional plugins to complete their dependencies,
|
||||||
|
before which some referenced functions are undefined), you should put
|
||||||
|
`-Wl,-z,lazy` at the end of the `LDFLAGS` setting when linking objects
|
||||||
|
which have such requirements. Under these circumstances, it is
|
||||||
|
unnecessary to disable hardened builds (and thus lose full ASLR for
|
||||||
|
executables), or link everything without `-Wl,z,now` (non-lazy
|
||||||
|
binding).
|
||||||
|
|
||||||
|
### Hardened builds
|
||||||
|
|
||||||
|
By default, the build flags enable fully hardened builds. To change
|
||||||
|
this, include this in the RPM spec file:
|
||||||
|
|
||||||
|
%undefine _hardened_build
|
||||||
|
|
||||||
|
This turns off certain hardening features, as described in detail
|
||||||
|
below. The main difference is that executables will be
|
||||||
|
position-dependent (no full ASLR) and use lazy binding.
|
||||||
|
|
||||||
|
### Annotated builds/watermarking
|
||||||
|
|
||||||
|
By default, the build flags cause a special output section to be
|
||||||
|
included in ELF files which describes certain aspects of the build.
|
||||||
|
To change this for all compiler invocations, include this in the RPM
|
||||||
|
spec file:
|
||||||
|
|
||||||
|
%undefine _annotated_build
|
||||||
|
|
||||||
|
Be warned that this turns off watermarking, making it impossible to do
|
||||||
|
full hardening coverage analysis for any binaries produced.
|
||||||
|
|
||||||
|
It is possible to disable annotations for individual compiler
|
||||||
|
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
|
||||||
|
the annobin plugin must still be loaded for this flag to be
|
||||||
|
recognized, so it has to come after the hardening flags on the command
|
||||||
|
line (it has to be added at the end of `CFLAGS`, or specified after
|
||||||
|
the `CFLAGS` variable contents).
|
||||||
|
|
||||||
|
### Strict symbol checks in the link editor (ld)
|
||||||
|
|
||||||
|
Optionally, the link editor will refuse to link shared objects which
|
||||||
|
contain undefined symbols. Such symbols lack symbol versioning
|
||||||
|
information and can be bound to the wrong (compatibility) symbol
|
||||||
|
version at run time, and not the actual (default) symbol version which
|
||||||
|
would have been used if the symbol definition had been available at
|
||||||
|
static link time. Furthermore, at run time, the dynamic linker will
|
||||||
|
not have complete dependency information (in the form of DT_NEEDED
|
||||||
|
entries), which can lead to errors (crashes) if IFUNC resolvers are
|
||||||
|
executed before the shared object containing them is fully relocated.
|
||||||
|
|
||||||
|
To switch on these checks, define this macro in the RPM spec file:
|
||||||
|
|
||||||
|
%define _strict_symbol_defs_build 1
|
||||||
|
|
||||||
|
If this RPM spec option is active, link failures will occur if the
|
||||||
|
linker command line does not list all shared objects which are needed.
|
||||||
|
In this case, you need to add the missing DSOs (with linker arguments
|
||||||
|
such as `-lm`). As a result, the link editor will also generated the
|
||||||
|
necessary DT_NEEDED entries.
|
||||||
|
|
||||||
|
In some cases (such as when a DSO is loaded as a plugin and is
|
||||||
|
expected to bind to symbols in the main executable), undefined symbols
|
||||||
|
are expected. In this case, you can add
|
||||||
|
|
||||||
|
%undefine _strict_symbol_defs_build
|
||||||
|
|
||||||
|
to the RPM spec file to disable these strict checks. Alternatively,
|
||||||
|
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
|
||||||
|
command line). The latter needs binutils 2.29.1-12.fc28 or later.
|
||||||
|
|
||||||
|
### Legacy -fcommon
|
||||||
|
|
||||||
|
Since version 10, [gcc defaults to `-fno-common`](https://gcc.gnu.org/gcc-10/porting_to.html#common).
|
||||||
|
Builds may fail with `multiple definition of ...` errors.
|
||||||
|
|
||||||
|
As a short term workaround for such failure,
|
||||||
|
it is possible to add `-fcommon` to the flags by defining `%_legacy_common_support`.
|
||||||
|
|
||||||
|
%define _legacy_common_support 1
|
||||||
|
|
||||||
|
Properly fixing the failure is always preferred!
|
||||||
|
|
||||||
|
# Individual compiler flags
|
||||||
|
|
||||||
|
Compiler flags end up in the environment variables `CFLAGS`,
|
||||||
|
`CXXFLAGS`, `FFLAGS`, and `FCFLAGS`.
|
||||||
|
|
||||||
|
The general (architecture-independent) build flags are:
|
||||||
|
|
||||||
|
* `-O2`: Turn on various GCC optimizations. See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-O2).
|
||||||
|
Optimization improves performance, the accuracy of warnings, and the
|
||||||
|
reach of toolchain-based hardening, but it makes debugging harder.
|
||||||
|
* `-g`: Generate debugging information (DWARF). In Fedora, this data
|
||||||
|
is separated into `-debuginfo` RPM packages whose installation is
|
||||||
|
optional, so debuging information does not increase the size of
|
||||||
|
installed binaries by default.
|
||||||
|
* `-pipe`: Run compiler and assembler in parallel and do not use a
|
||||||
|
temporary file for the assembler input. This can improve
|
||||||
|
compilation performance. (This does not affect code generation.)
|
||||||
|
* `-Wall`: Turn on various GCC warnings.
|
||||||
|
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wall).
|
||||||
|
* `-Werror=format-security`: Turn on format string warnings and treat
|
||||||
|
them as errors.
|
||||||
|
See the [GCC manual](https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-security).
|
||||||
|
This can occasionally result in compilation errors. In this case,
|
||||||
|
the best option is to rewrite the source code so that only constant
|
||||||
|
format strings (string literals) are used.
|
||||||
|
* `-Wp,-D_FORTIFY_SOURCE=2`: Source fortification activates various
|
||||||
|
hardening features in glibc:
|
||||||
|
* String functions such as `memcpy` attempt to detect buffer lengths
|
||||||
|
and terminate the process if a buffer overflow is detected.
|
||||||
|
* `printf` format strings may only contain the `%n` format specifier
|
||||||
|
if the format string resides in read-only memory.
|
||||||
|
* `open` and `openat` flags are checked for consistency with the
|
||||||
|
presence of a *mode* argument.
|
||||||
|
* Plus other minor hardening changes.
|
||||||
|
(These changes can occasionally break valid programs.)
|
||||||
|
* `-fexceptions`: Provide exception unwinding support for C programs.
|
||||||
|
See the [`-fexceptions` option in the GCC
|
||||||
|
manual](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions)
|
||||||
|
and the [`cleanup` variable
|
||||||
|
attribute](https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-cleanup-variable-attribute).
|
||||||
|
This also hardens cancellation handling in C programs because
|
||||||
|
it is not required to use an on-stack jump buffer to install
|
||||||
|
a cancellation handler with `pthread_cleanup_push`. It also makes
|
||||||
|
it possible to unwind the stack (using C++ `throw` or Rust panics)
|
||||||
|
from C callback functions if a C library supports non-local exits
|
||||||
|
from them (e.g., via `longjmp`).
|
||||||
|
* `-Wp,-D_GLIBCXX_ASSERTIONS`: Enable lightweight assertions in the
|
||||||
|
C++ standard library, such as bounds checking for the subscription
|
||||||
|
operator on vectors. (This flag is added to both `CFLAGS` and
|
||||||
|
`CXXFLAGS`; C compilations will simply ignore it.)
|
||||||
|
* `-fstack-protector-strong`: Instrument functions to detect
|
||||||
|
stack-based buffer overflows before jumping to the return address on
|
||||||
|
the stack. The *strong* variant only performs the instrumentation
|
||||||
|
for functions whose stack frame contains addressable local
|
||||||
|
variables. (If the address of a variable is never taken, it is not
|
||||||
|
possible that a buffer overflow is caused by incorrect pointer
|
||||||
|
arithmetic involving a pointer to that variable.)
|
||||||
|
* `-grecord-gcc-switches`: Include select GCC command line switches in
|
||||||
|
the DWARF debugging information. This is useful for detecting the
|
||||||
|
presence of certain build flags and general hardening coverage.
|
||||||
|
|
||||||
|
For hardened builds (which are enabled by default, see above for how
|
||||||
|
to disable them), the flag
|
||||||
|
`-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1` is added to the
|
||||||
|
command line. It adds the following flag to the command line:
|
||||||
|
|
||||||
|
* `-fPIE`: Compile for a position-independent executable (PIE),
|
||||||
|
enabling full address space layout randomization (ASLR). This is
|
||||||
|
similar to `-fPIC`, but avoids run-time indirections on certain
|
||||||
|
architectures, resulting in improved performance and slightly
|
||||||
|
smaller executables. However, compared to position-dependent code
|
||||||
|
(the default generated by GCC), there is still a measurable
|
||||||
|
performance impact.
|
||||||
|
|
||||||
|
If the command line also contains `-r` (producing a relocatable
|
||||||
|
object file), `-fpic` or `-fPIC`, this flag is automatically
|
||||||
|
dropped. (`-fPIE` can only be used for code which is linked into
|
||||||
|
the main program.) Code which goes into static libraries should be
|
||||||
|
compiled with `-fPIE`, except when this code is expected to be
|
||||||
|
linked into DSOs, when `-fPIC` must be used.
|
||||||
|
|
||||||
|
To be effective, `-fPIE` must be used with the `-pie` linker flag
|
||||||
|
when producing an executable, see below.
|
||||||
|
|
||||||
|
To support [binary watermarks for ELF
|
||||||
|
objects](https://fedoraproject.org/wiki/Toolchain/Watermark) using
|
||||||
|
annobin, the `-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1` flag is
|
||||||
|
added by default. This can be switched off by undefining the
|
||||||
|
`%_annotated_build` RPM macro (see above).
|
||||||
|
|
||||||
|
### Architecture-specific compiler flags
|
||||||
|
|
||||||
|
These compiler flags are enabled for all builds (hardened/annotated or
|
||||||
|
not), but their selection depends on the architecture:
|
||||||
|
|
||||||
|
* `-fstack-clash-protection`: Turn on instrumentation to avoid
|
||||||
|
skipping the guard page in large stack frames. (Without this flag,
|
||||||
|
vulnerabilities can result where the stack overlaps with the heap,
|
||||||
|
or thread stacks spill into other regions of memory.) This flag is
|
||||||
|
fully ABI-compatible and has adds very little run-time overhead, but
|
||||||
|
is only available on certain architectures (currently aarch64, i386,
|
||||||
|
ppc64, ppc64le, s390x, x86_64).
|
||||||
|
* `-fcf-protection`: Instrument binaries to guard against
|
||||||
|
ROP/JOP attacks. Used on i686 and x86_64.
|
||||||
|
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||||
|
the same compilation. For such architectures, the RPM build process
|
||||||
|
explicitly selects the architecture variant by passing this compiler
|
||||||
|
flag.
|
||||||
|
* `-fasynchronous-unwind-tables`: Generate full unwind information
|
||||||
|
covering all program points. This is required for support of
|
||||||
|
asynchronous cancellation and proper unwinding from signal
|
||||||
|
handlers. It also makes performance and debugging tools more
|
||||||
|
useful because unwind information is available without having to
|
||||||
|
install (and load) debugging ienformation.
|
||||||
|
Asynchronous unwind tables are enabled for aarch64, i686, ppc64,
|
||||||
|
ppc64le, s390x, and x86_64. They are not needed on armhfp due to
|
||||||
|
architectural differences in stack management. On these
|
||||||
|
architectures, `-fexceptions` (see above) still enables regular
|
||||||
|
unwind tables (or they are enabled by default even without this
|
||||||
|
option).
|
||||||
|
|
||||||
|
In addition, `redhat-rpm-config` re-selects the built-in default
|
||||||
|
tuning in the `gcc` package. These settings are:
|
||||||
|
|
||||||
|
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
|
||||||
|
selects an Arm subarchitecture based on the ARMv7-A architecture
|
||||||
|
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
|
||||||
|
tuning for the Cortex-A8 implementation (while preserving compatibility
|
||||||
|
with other ARMv7-A implementations). `-mabi=aapcs-linux` switches to
|
||||||
|
the AAPCS ABI for GNU/Linux.
|
||||||
|
* **i686**: `-march=i686` is used to select a minmum support CPU level
|
||||||
|
of i686 (corresponding to the Pentium Pro). SSE2 support is
|
||||||
|
enabled with `-msse2` (so only CPUs with SSE2 support can run the
|
||||||
|
compiled code; SSE2 was introduced first with the Pentium 4).
|
||||||
|
`-mtune=generic` activates tuning for a current blend of CPUs
|
||||||
|
(under the assumption that most users of i686 packages obtain them
|
||||||
|
through an x86_64 installation on current hardware).
|
||||||
|
`-mfpmath=sse` instructs GCC to use the SSE2 unit for floating
|
||||||
|
point math to avoid excess precision issues. `-mstackrealign`
|
||||||
|
avoids relying on the stack alignment guaranteed by the current
|
||||||
|
version of the i386 ABI.
|
||||||
|
* **ppc64le**: `-mcpu=power8 -mtune=power8` selects a minimum supported
|
||||||
|
CPU level of POWER8 (the first CPU with ppc64le support) and tunes
|
||||||
|
for POWER8.
|
||||||
|
* **s390x**: `-march=zEC12 -mtune=z13` specifies a minimum supported CPU
|
||||||
|
level of zEC12, while optimizing for a subsequent CPU generation
|
||||||
|
(z13).
|
||||||
|
* **x86_64**: `-mtune=generic` selects tuning which is expected to
|
||||||
|
beneficial for a broad range of current CPUs.
|
||||||
|
* **ppc64** and **aarch64** do not have any architecture-specific tuning.
|
||||||
|
|
||||||
|
# Individual linker flags
|
||||||
|
|
||||||
|
Linker flags end up in the environment variable `LDFLAGS`.
|
||||||
|
|
||||||
|
The linker flags listed below are injected. Note that they are
|
||||||
|
prefixed with `-Wl` because it is expected that these flags are passed
|
||||||
|
to the compiler driver `gcc`, and not directly to the link editor
|
||||||
|
`ld`.
|
||||||
|
|
||||||
|
* `-z relro`: Activate the *read-only after relocation* feature.
|
||||||
|
Constant data and relocations are placed on separate pages, and the
|
||||||
|
dynamic linker is instructed to revoke write permissions after
|
||||||
|
dynamic linking. Full protection of relocation data requires the
|
||||||
|
`-z now` flag (see below).
|
||||||
|
* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
|
||||||
|
(optional, see above).
|
||||||
|
|
||||||
|
For hardened builds, the
|
||||||
|
`-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
|
||||||
|
compiler driver command line. (This can be disabled by undefining the
|
||||||
|
`%_hardened_build` macro; see above) This activates the following
|
||||||
|
linker flags:
|
||||||
|
|
||||||
|
* `-pie`: Produce a PIE binary. This is only activated for the main
|
||||||
|
executable, and only if it is dynamically linked. This requires
|
||||||
|
that all objects which are linked in the main executable have been
|
||||||
|
compiled with `-fPIE` or `-fPIC` (or `-fpie` or `-fpic`; see above).
|
||||||
|
By itself, `-pie` has only a slight performance impact because it
|
||||||
|
disables some link editor optimization, however the `-fPIE` compiler
|
||||||
|
flag has some overhead.
|
||||||
|
* `-z now`: Disable lazy binding and turn on the `BIND_NOW` dynamic
|
||||||
|
linker feature. Lazy binding involves an array of function pointers
|
||||||
|
which is writable at run time (which could be overwritten as part of
|
||||||
|
security exploits, redirecting execution). Therefore, it is
|
||||||
|
preferable to turn of lazy binding, although it increases startup
|
||||||
|
time.
|
||||||
|
|
||||||
|
# Support for extension builders
|
||||||
|
|
||||||
|
Some packages include extension builders that allow users to build
|
||||||
|
extension modules (which are usually written in C and C++) under the
|
||||||
|
control of a special-purpose build system. This is a common
|
||||||
|
functionality provided by scripting languages such as Python and Perl.
|
||||||
|
Traditionally, such extension builders captured the Fedora build flags
|
||||||
|
when these extension were built. However, these compiler flags are
|
||||||
|
adjusted for a specific Fedora release and toolchain version and
|
||||||
|
therefore do not work with a custom toolchain (e.g., different C/C++
|
||||||
|
compilers), and users might want to build their own extension modules
|
||||||
|
with such toolchains.
|
||||||
|
|
||||||
|
The macros `%{extension_cflags}`, `%{extension_cxxflags}`,
|
||||||
|
`%{extension_fflags}`, `%{extension_ldflags}` contain a subset of
|
||||||
|
flags that have been adjusted for compatibility with alternative
|
||||||
|
toolchains, while still preserving some of the compile-time security
|
||||||
|
hardening that the standard Fedora build flags provide.
|
||||||
|
|
||||||
|
The current set of differences are:
|
||||||
|
|
||||||
|
* No GCC plugins (such as annobin) are activated.
|
||||||
|
* No GCC spec files (`-specs=` arguments) are used.
|
||||||
|
|
||||||
|
Additional flags may be removed in the future if they prove to be
|
||||||
|
incompatible with alternative toolchains.
|
||||||
|
|
||||||
|
Extension builders should detect whether they are performing a regular
|
||||||
|
RPM build (e.g., by looking for an `RPM_OPT_FLAGS` variable). In this
|
||||||
|
case, they should use the *current* set of Fedora build flags (that
|
||||||
|
is, the output from `rpm --eval '%{build_cflags}'` and related
|
||||||
|
commands). Otherwise, when not performing an RPM build, they can
|
||||||
|
either use hard-coded extension builder flags (thus avoiding a
|
||||||
|
run-time dependency on `redhat-rpm-config`), or use the current
|
||||||
|
extension builder flags (with a run-time dependency on
|
||||||
|
`redhat-rpm-config`).
|
||||||
|
|
||||||
|
As a result, extension modules built for Fedora will use the official
|
||||||
|
Fedora build flags, while users will still be able to build their own
|
||||||
|
extension modules with custom toolchains.
|
294
common.lua
Normal file
294
common.lua
Normal file
@ -0,0 +1,294 @@
|
|||||||
|
-- Convenience Lua functions that can be used within rpm macros
|
||||||
|
|
||||||
|
-- Reads an rpm variable. Unlike a basic rpm.expand("{?foo}"), returns nil if
|
||||||
|
-- the variable is unset, which is convenient in lua tests and enables
|
||||||
|
-- differentiating unset variables from variables set to ""
|
||||||
|
local function read(rpmvar)
|
||||||
|
if not rpmvar or
|
||||||
|
(rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
|
||||||
|
return nil
|
||||||
|
else
|
||||||
|
return rpm.expand("%{?" .. rpmvar .. "}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Returns true if the macro that called this function had flag set
|
||||||
|
-- – for example, hasflag("z") would give the following results:
|
||||||
|
-- %foo -z bar → true
|
||||||
|
-- %foo -z → true
|
||||||
|
-- %foo → false
|
||||||
|
local function hasflag(flag)
|
||||||
|
return (rpm.expand("%{-" .. flag .. "}") ~= "")
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Returns the argument passed to flag in the macro that called this function
|
||||||
|
-- – for example, readflag("z") would give the following results:
|
||||||
|
-- %foo -z bar → bar
|
||||||
|
-- %foo → nil
|
||||||
|
-- %foo -z "" → empty string
|
||||||
|
-- %foo -z '' → empty string
|
||||||
|
local function readflag(flag)
|
||||||
|
if not hasflag(flag) then
|
||||||
|
return nil
|
||||||
|
else
|
||||||
|
local a = rpm.expand("%{-" .. flag .. "*}")
|
||||||
|
-- Handle "" and '' as empty strings
|
||||||
|
if (a == '""') or (a == "''") then
|
||||||
|
a = ''
|
||||||
|
end
|
||||||
|
return a
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Sets a spec variable; echoes the result if verbose
|
||||||
|
local function explicitset(rpmvar, value, verbose)
|
||||||
|
local value = value
|
||||||
|
if (value == nil) or (value == "") then
|
||||||
|
value = "%{nil}"
|
||||||
|
end
|
||||||
|
rpm.define(rpmvar .. " " .. value)
|
||||||
|
if verbose then
|
||||||
|
rpm.expand("%{warn:Setting %%{" .. rpmvar .. "} = " .. value .. "}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Unsets a spec variable if it is defined; echoes the result if verbose
|
||||||
|
local function explicitunset(rpmvar, verbose)
|
||||||
|
if (rpm.expand("%{" .. rpmvar .. "}") ~= "%{" .. rpmvar .. "}") then
|
||||||
|
rpm.define(rpmvar .. " %{nil}")
|
||||||
|
if verbose then
|
||||||
|
rpm.expand("%{warn:Unsetting %%{" .. rpmvar .. "}}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Sets a spec variable, if not already set; echoes the result if verbose
|
||||||
|
local function safeset(rpmvar, value, verbose)
|
||||||
|
if (rpm.expand("%{" .. rpmvar .. "}") == "%{" .. rpmvar .. "}") then
|
||||||
|
explicitset(rpmvar,value,verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Aliases a list of rpm variables to the same variables suffixed with 0 (and
|
||||||
|
-- vice versa); echoes the result if verbose
|
||||||
|
local function zalias(rpmvars, verbose)
|
||||||
|
for _, sfx in ipairs({{"","0"},{"0",""}}) do
|
||||||
|
for _, rpmvar in ipairs(rpmvars) do
|
||||||
|
local toalias = "%{?" .. rpmvar .. sfx[1] .. "}"
|
||||||
|
if (rpm.expand(toalias) ~= "") then
|
||||||
|
safeset(rpmvar .. sfx[2], toalias, verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Takes a list of rpm variable roots and a suffix and alias current<root> to
|
||||||
|
-- <root><suffix> if it resolves to something not empty
|
||||||
|
local function setcurrent(rpmvars, suffix, verbose)
|
||||||
|
for _, rpmvar in ipairs(rpmvars) do
|
||||||
|
if (rpm.expand("%{?" .. rpmvar .. suffix .. "}") ~= "") then
|
||||||
|
explicitset( "current" .. rpmvar, "%{" .. rpmvar .. suffix .. "}", verbose)
|
||||||
|
else
|
||||||
|
explicitunset("current" .. rpmvar, verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Echo the list of rpm variables, with suffix, if set
|
||||||
|
local function echovars(rpmvars, suffix)
|
||||||
|
for _, rpmvar in ipairs(rpmvars) do
|
||||||
|
rpmvar = rpmvar .. suffix
|
||||||
|
local header = string.sub(" " .. rpmvar .. ": ",1,21)
|
||||||
|
rpm.expand("%{?" .. rpmvar .. ":%{echo:" .. header .. "%{?" .. rpmvar .. "}}}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Returns an array, indexed by suffix, containing the non-empy values of
|
||||||
|
-- <rpmvar><suffix>, with suffix an integer string or the empty string
|
||||||
|
local function getsuffixed(rpmvar)
|
||||||
|
local suffixes = {}
|
||||||
|
zalias({rpmvar})
|
||||||
|
for suffix=0,9999 do
|
||||||
|
local value = rpm.expand("%{?" .. rpmvar .. suffix .. "}")
|
||||||
|
if (value ~= "") then
|
||||||
|
suffixes[tostring(suffix)] = value
|
||||||
|
end
|
||||||
|
end
|
||||||
|
-- rpm convention is to alias no suffix to zero suffix
|
||||||
|
-- only add no suffix if zero suffix is different
|
||||||
|
local value = rpm.expand("%{?" .. rpmvar .. "}")
|
||||||
|
if (value ~= "") and (value ~= suffixes["0"]) then
|
||||||
|
suffixes[""] = value
|
||||||
|
end
|
||||||
|
return suffixes
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Returns the list of suffixes, including the empty string, for which
|
||||||
|
-- <rpmvar><suffix> is set to a non empty value
|
||||||
|
local function getsuffixes(rpmvar)
|
||||||
|
suffixes = {}
|
||||||
|
for suffix in pairs(getsuffixed(rpmvar)) do
|
||||||
|
table.insert(suffixes,suffix)
|
||||||
|
end
|
||||||
|
table.sort(suffixes,
|
||||||
|
function(a,b) return (tonumber(a) or 0) < (tonumber(b) or 0) end)
|
||||||
|
return suffixes
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Returns the suffix for which <rpmvar><suffix> has a non-empty value that
|
||||||
|
-- matches best the beginning of the value string
|
||||||
|
local function getbestsuffix(rpmvar, value)
|
||||||
|
local best = nil
|
||||||
|
local currentmatch = ""
|
||||||
|
for suffix, setvalue in pairs(getsuffixed(rpmvar)) do
|
||||||
|
if (string.len(setvalue) > string.len(currentmatch)) and
|
||||||
|
(string.find(value, "^" .. setvalue)) then
|
||||||
|
currentmatch = setvalue
|
||||||
|
best = suffix
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return best
|
||||||
|
end
|
||||||
|
|
||||||
|
-- %writevars core
|
||||||
|
local function writevars(macrofile, rpmvars)
|
||||||
|
for _, rpmvar in ipairs(rpmvars) do
|
||||||
|
print("sed -i 's\029" .. string.upper("@@" .. rpmvar .. "@@") ..
|
||||||
|
"\029" .. rpm.expand( "%{" .. rpmvar .. "}" ) ..
|
||||||
|
"\029g' " .. macrofile .. "\n")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- https://github.com/rpm-software-management/rpm/issues/566
|
||||||
|
-- Reformat a text intended to be used used in a package description, removing
|
||||||
|
-- rpm macro generation artefacts.
|
||||||
|
-- – remove leading and ending empty lines
|
||||||
|
-- – trim intermediary empty lines to a single line
|
||||||
|
-- – fold on spaces
|
||||||
|
-- Should really be a %%{wordwrap:…} verb
|
||||||
|
local function wordwrap(text)
|
||||||
|
text = rpm.expand(text .. "\n")
|
||||||
|
text = string.gsub(text, "\t", " ")
|
||||||
|
text = string.gsub(text, "\r", "\n")
|
||||||
|
text = string.gsub(text, " +\n", "\n")
|
||||||
|
text = string.gsub(text, "\n+\n", "\n\n")
|
||||||
|
text = string.gsub(text, "^\n", "")
|
||||||
|
text = string.gsub(text, "\n( *)[-*—][ ]+", "\n%1– ")
|
||||||
|
output = ""
|
||||||
|
for line in string.gmatch(text, "[^\n]*\n") do
|
||||||
|
local pos = 0
|
||||||
|
local advance = ""
|
||||||
|
for word in string.gmatch(line, "%s*[^%s]*\n?") do
|
||||||
|
local wl, bad = utf8.len(word)
|
||||||
|
if not wl then
|
||||||
|
print("%{warn:Invalid UTF-8 sequence detected in:}" ..
|
||||||
|
"%{warn:" .. word .. "}" ..
|
||||||
|
"%{warn:It may produce unexpected results.}")
|
||||||
|
wl = bad
|
||||||
|
end
|
||||||
|
if (pos == 0) then
|
||||||
|
advance, n = string.gsub(word, "^(%s*– ).*", "%1")
|
||||||
|
if (n == 0) then
|
||||||
|
advance = string.gsub(word, "^(%s*).*", "%1")
|
||||||
|
end
|
||||||
|
advance = string.gsub(advance, "– ", " ")
|
||||||
|
pos = pos + wl
|
||||||
|
elseif (pos + wl < 81) or
|
||||||
|
((pos + wl == 81) and string.match(word, "\n$")) then
|
||||||
|
pos = pos + wl
|
||||||
|
else
|
||||||
|
word = advance .. string.gsub(word, "^%s*", "")
|
||||||
|
output = output .. "\n"
|
||||||
|
pos = utf8.len(word)
|
||||||
|
end
|
||||||
|
output = output .. word
|
||||||
|
if pos > 80 then
|
||||||
|
pos = 0
|
||||||
|
if not string.match(word, "\n$") then
|
||||||
|
output = output .. "\n"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
output = string.gsub(output, "\n*$", "\n")
|
||||||
|
return output
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Because rpmbuild will fail if a subpackage is declared before the source
|
||||||
|
-- package itself, provide a source package declaration shell as fallback.
|
||||||
|
local function srcpkg(verbose)
|
||||||
|
if verbose then
|
||||||
|
rpm.expand([[
|
||||||
|
%{echo:Creating a header for the SRPM from %%{source_name}, %%{source_summary} and}
|
||||||
|
%{echo:%%{source_description}. If that is not the intended result, please declare the}
|
||||||
|
%{echo:SRPM header and set %%{source_name} in your spec file before calling a macro}
|
||||||
|
%{echo:that creates other package headers.}
|
||||||
|
]])
|
||||||
|
end
|
||||||
|
print(rpm.expand([[
|
||||||
|
Name: %{source_name}
|
||||||
|
Summary: %{source_summary}
|
||||||
|
%description
|
||||||
|
%wordwrap -v source_description
|
||||||
|
]]))
|
||||||
|
explicitset("currentname", "%{source_name}", verbose)
|
||||||
|
end
|
||||||
|
|
||||||
|
-- %new_package core
|
||||||
|
local function new_package(source_name, pkg_name, name_suffix, first, verbose)
|
||||||
|
-- Safety net when the wrapper is used in conjunction with traditional syntax
|
||||||
|
if (not first) and (not source_name) then
|
||||||
|
rpm.expand([[
|
||||||
|
%{warn:Something already set a package name. However, %%{source_name} is not set.}
|
||||||
|
%{warn:Please set %%{source_name} to the SRPM name to ensure reliable processing.}
|
||||||
|
]])
|
||||||
|
if name_suffix then
|
||||||
|
print(rpm.expand("%package " .. name_suffix))
|
||||||
|
else
|
||||||
|
print(rpm.expand("%package -n " .. pkg_name))
|
||||||
|
end
|
||||||
|
return
|
||||||
|
end
|
||||||
|
-- New processing
|
||||||
|
if not (pkg_name or name_suffix or source_name) then
|
||||||
|
rpm.expand([[
|
||||||
|
%{error:You need to set %%{source_name} or provide explicit package naming!}
|
||||||
|
]])
|
||||||
|
end
|
||||||
|
if name_suffix then
|
||||||
|
print(rpm.expand("%package " .. name_suffix))
|
||||||
|
explicitset("currentname", "%{source_name}-" .. name_suffix, verbose)
|
||||||
|
else
|
||||||
|
if not source_name then
|
||||||
|
source_name = pkg_name
|
||||||
|
end
|
||||||
|
if (pkg_name == source_name) then
|
||||||
|
safeset("source_name", source_name, verbose)
|
||||||
|
print(rpm.expand("Name: %{source_name}"))
|
||||||
|
else
|
||||||
|
if source_name and first then
|
||||||
|
srcpkg(verbose)
|
||||||
|
end
|
||||||
|
print(rpm.expand("%package -n " .. pkg_name))
|
||||||
|
end
|
||||||
|
explicitset("currentname", pkg_name, verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return {
|
||||||
|
read = read,
|
||||||
|
hasflag = hasflag,
|
||||||
|
readflag = readflag,
|
||||||
|
explicitset = explicitset,
|
||||||
|
explicitunset = explicitunset,
|
||||||
|
safeset = safeset,
|
||||||
|
zalias = zalias,
|
||||||
|
setcurrent = setcurrent,
|
||||||
|
echovars = echovars,
|
||||||
|
getsuffixed = getsuffixed,
|
||||||
|
getsuffixes = getsuffixes,
|
||||||
|
getbestsuffix = getbestsuffix,
|
||||||
|
writevars = writevars,
|
||||||
|
wordwrap = wordwrap,
|
||||||
|
new_package = new_package,
|
||||||
|
}
|
1462
config.guess
vendored
Normal file
1462
config.guess
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1823
config.sub
vendored
Normal file
1823
config.sub
vendored
Normal file
File diff suppressed because it is too large
Load Diff
66
dist.sh
Executable file
66
dist.sh
Executable file
@ -0,0 +1,66 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# dist.sh
|
||||||
|
# Author: Tom "spot" Callaway <tcallawa@redhat.com>
|
||||||
|
# License: GPL
|
||||||
|
# This is a script to output the value for the %{dist}
|
||||||
|
# tag. The dist tag takes the following format: .$type$num
|
||||||
|
# Where $type is one of: el, fc, rh
|
||||||
|
# (for RHEL, Fedora Core, and RHL, respectively)
|
||||||
|
# And $num is the version number of the distribution.
|
||||||
|
# NOTE: We can't detect Rawhide or Fedora Test builds properly.
|
||||||
|
# If we successfully detect the version number, we output the
|
||||||
|
# dist tag. Otherwise, we exit with no output.
|
||||||
|
|
||||||
|
RELEASEFILE=/etc/redhat-release
|
||||||
|
|
||||||
|
function check_num {
|
||||||
|
MAINVER=`cut -d "(" -f 1 < $RELEASEFILE | \
|
||||||
|
sed -e "s/[^0-9.]//g" -e "s/$//g" | cut -d "." -f 1`
|
||||||
|
|
||||||
|
echo $MAINVER | grep -q '[0-9]' && echo $MAINVER
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_rhl {
|
||||||
|
grep -q "Red Hat Linux" $RELEASEFILE && ! grep -q "Advanced" $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_rhel {
|
||||||
|
egrep -q "(Enterprise|Advanced|CentOS)" $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_fedora {
|
||||||
|
grep -q Fedora $RELEASEFILE && echo $DISTNUM
|
||||||
|
}
|
||||||
|
|
||||||
|
DISTNUM=`check_num`
|
||||||
|
DISTFC=`check_fedora`
|
||||||
|
DISTRHL=`check_rhl`
|
||||||
|
DISTRHEL=`check_rhel`
|
||||||
|
if [ -n "$DISTNUM" ]; then
|
||||||
|
if [ -n "$DISTFC" ]; then
|
||||||
|
DISTTYPE=fc
|
||||||
|
elif [ -n "$DISTRHEL" ]; then
|
||||||
|
DISTTYPE=el
|
||||||
|
elif [ -n "$DISTRHL" ]; then
|
||||||
|
DISTTYPE=rhl
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
[ -n "$DISTTYPE" -a -n "$DISTNUM" ] && DISTTAG=".${DISTTYPE}${DISTNUM}"
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
--el) echo -n "$DISTRHEL" ;;
|
||||||
|
--fc) echo -n "$DISTFC" ;;
|
||||||
|
--rhl) echo -n "$DISTRHL" ;;
|
||||||
|
--distnum) echo -n "$DISTNUM" ;;
|
||||||
|
--disttype) echo -n "$DISTTYPE" ;;
|
||||||
|
--help)
|
||||||
|
printf "Usage: $0 [OPTIONS]\n"
|
||||||
|
printf " Default mode is --dist. Possible options:\n"
|
||||||
|
printf " --el\t\tfor RHEL version (if RHEL)\n"
|
||||||
|
printf " --fc\t\tfor Fedora version (if Fedora)\n"
|
||||||
|
printf " --rhl\t\tfor RHL version (if RHL)\n"
|
||||||
|
printf " --dist\t\tfor distribution tag\n"
|
||||||
|
printf " --distnum\tfor distribution number (major)\n"
|
||||||
|
printf " --disttype\tfor distribution type\n" ;;
|
||||||
|
*) echo -n "$DISTTAG" ;;
|
||||||
|
esac
|
50
find-provides
Executable file
50
find-provides
Executable file
@ -0,0 +1,50 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script reads filenames from STDIN and outputs any relevant provides
|
||||||
|
# information that needs to be included in the package.
|
||||||
|
|
||||||
|
if [ "$1" ]
|
||||||
|
then
|
||||||
|
package_name="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
filelist=`sed "s/['\"]/\\\&/g"`
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] &&
|
||||||
|
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --provides
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- any other extra find-provides scripts
|
||||||
|
for i in /usr/lib/rpm/redhat/find-provides.d/*.prov
|
||||||
|
do
|
||||||
|
[ -x $i ] &&
|
||||||
|
(echo $filelist | tr '[:blank:]' \\n | $i | sort -u)
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- Kernel module imported symbols
|
||||||
|
#
|
||||||
|
# Since we don't (yet) get passed the name of the package being built, we
|
||||||
|
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||||
|
#
|
||||||
|
|
||||||
|
is_kmod=1
|
||||||
|
for f in $filelist; do
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
|
||||||
|
then
|
||||||
|
is_kernel=1;
|
||||||
|
fi
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||||
|
then
|
||||||
|
unset is_kmod;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ ! "$is_kernel" ] || [ "$package_name" == "kernel" ]
|
||||||
|
then
|
||||||
|
unset is_kmod
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/redhat/find-provides.ksyms ] && [ "$is_kmod" ] &&
|
||||||
|
printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-provides.ksyms
|
||||||
|
|
||||||
|
exit 0
|
24
find-provides.ksyms
Executable file
24
find-provides.ksyms
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
|
||||||
|
for module in $(grep -E '/lib/modules/.+\.ko$'); do
|
||||||
|
if [[ -n $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||||
|
nm $module \
|
||||||
|
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||||
|
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08x\n", $2, $1)}' \
|
||||||
|
| LC_ALL=C sort -u
|
||||||
|
else
|
||||||
|
ELFRODATA=$(readelf -R .rodata $module | awk '/0x/{printf $2$3$4$5}')
|
||||||
|
if [[ -n $(readelf -h $module | grep "little endian") ]]; then
|
||||||
|
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||||
|
else
|
||||||
|
RODATA=$ELFRODATA
|
||||||
|
fi
|
||||||
|
for sym in $(nm $module | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||||
|
echo $sym $RODATA
|
||||||
|
done \
|
||||||
|
| awk --non-decimal-data '{printf("ksym(%s) = 0x%08s\n", $2, substr($3,($1*2)+1,8))}' \
|
||||||
|
| LC_ALL=C sort -u
|
||||||
|
fi
|
||||||
|
done
|
39
find-requires
Executable file
39
find-requires
Executable file
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Auto-generate requirements for executables (both ELF and a.out) and library
|
||||||
|
# sonames, script interpreters, and perl modules.
|
||||||
|
#
|
||||||
|
|
||||||
|
ulimit -c 0
|
||||||
|
|
||||||
|
filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"`
|
||||||
|
|
||||||
|
[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \
|
||||||
|
echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires
|
||||||
|
|
||||||
|
#
|
||||||
|
# --- Kernel module imported symbols
|
||||||
|
#
|
||||||
|
# Since we don't (yet) get passed the name of the package being built, we
|
||||||
|
# cheat a little here by looking first for a kernel, then for a kmod.
|
||||||
|
#
|
||||||
|
|
||||||
|
unset is_kmod
|
||||||
|
|
||||||
|
for f in $filelist; do
|
||||||
|
if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*).ko$:\2:p') ]
|
||||||
|
then
|
||||||
|
is_kmod=1;
|
||||||
|
elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ]
|
||||||
|
then
|
||||||
|
unset is_kmod;
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Disabling for now while the Fedora kernel doesn't produce kABI deps.
|
||||||
|
#[ -x /usr/lib/rpm/redhat/find-requires.ksyms ] && [ "$is_kmod" ] &&
|
||||||
|
# printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/redhat/find-requires.ksyms
|
||||||
|
|
||||||
|
exit 0
|
74
find-requires.ksyms
Executable file
74
find-requires.ksyms
Executable file
@ -0,0 +1,74 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
|
||||||
|
# Extract all of the symbols provided by this module.
|
||||||
|
all_provides() {
|
||||||
|
if [[ -n $(nm "$@" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then
|
||||||
|
nm "$@" \
|
||||||
|
| sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \
|
||||||
|
| awk --non-decimal-data '{printf("0x%08x\t%s\n", $1, $2)}' \
|
||||||
|
| LC_ALL=C sort -k2,2 -u
|
||||||
|
else
|
||||||
|
ELFRODATA=$(readelf -R .rodata "$@" | awk '/0x/{printf $2$3$4$5}')
|
||||||
|
if [[ -n $(readelf -h "$@" | grep "little endian") ]]; then
|
||||||
|
RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g')
|
||||||
|
else
|
||||||
|
RODATA=$ELFRODATA
|
||||||
|
fi
|
||||||
|
for sym in $(nm "$@" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do
|
||||||
|
echo $sym $RODATA
|
||||||
|
done \
|
||||||
|
| awk --non-decimal-data '{printf("0x%08s\t%s\n", substr($3,($1*2)+1,8), $2)}' \
|
||||||
|
| LC_ALL=C sort -k2,2 -u
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract all of the requirements of this module.
|
||||||
|
all_requires() {
|
||||||
|
for module in "$@"; do
|
||||||
|
set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q)
|
||||||
|
/sbin/modprobe --dump-modversions "$module" \
|
||||||
|
| awk --non-decimal-data '
|
||||||
|
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||||
|
{printf("0x%08x\t%s\n", $1, $2)}' \
|
||||||
|
| sed -r -e 's:$:\t'"$1"':'
|
||||||
|
done \
|
||||||
|
| LC_ALL=C sort -k2,2 -u
|
||||||
|
}
|
||||||
|
|
||||||
|
# Filter out requirements fulfilled by the module itself.
|
||||||
|
mod_requires() {
|
||||||
|
LC_ALL=C join -t $'\t' -j 2 -v 1 \
|
||||||
|
<(all_requires "$@") \
|
||||||
|
<(all_provides "$@") \
|
||||||
|
| LC_ALL=C sort -k1,1 -u
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then
|
||||||
|
cat > /dev/null
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
modules=($(grep -E '/lib/modules/.+\.ko$'))
|
||||||
|
if [ ${#modules[@]} -gt 0 ]; then
|
||||||
|
kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q)
|
||||||
|
|
||||||
|
# get all that kernel provides
|
||||||
|
symvers=$(mktemp -t ${0##*/}.XXXXX)
|
||||||
|
|
||||||
|
cat /usr/src/kernels/$kernel/Module.symvers | awk '
|
||||||
|
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||||
|
{ print $2 "\t" $1 }
|
||||||
|
' \
|
||||||
|
| sed -r -e 's:$:\t'"$kernel"':' \
|
||||||
|
| LC_ALL=C sort -k1,1 -u > $symvers
|
||||||
|
|
||||||
|
# Symbols matching with the kernel get a "kernel" dependency
|
||||||
|
LC_ALL=C join -t $'\t' -j 1 $symvers <(mod_requires "${modules[@]}") | LC_ALL=C sort -u \
|
||||||
|
| awk '{ FS = "\t" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }'
|
||||||
|
|
||||||
|
# Symbols from elsewhere get a "ksym" dependency
|
||||||
|
LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers <(mod_requires "${modules[@]}") | LC_ALL=C sort -u \
|
||||||
|
| awk '{ FS = "\t" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }'
|
||||||
|
fi
|
14
firmware.prov
Normal file
14
firmware.prov
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# firmware.prov - Automatically extract any and all firmware dependencies from
|
||||||
|
# kernel object (.ko) files and add to RPM deps.
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
|
||||||
|
for module in $(grep -E '/lib/modules/.+\.ko$') $*;
|
||||||
|
do
|
||||||
|
for firmware in `/sbin/modinfo -F firmware $module`;
|
||||||
|
do
|
||||||
|
echo "firmware($firmware)"
|
||||||
|
done
|
||||||
|
done
|
312
forge.lua
Normal file
312
forge.lua
Normal file
@ -0,0 +1,312 @@
|
|||||||
|
-- Lua code used by macros.forge and derivatives
|
||||||
|
|
||||||
|
-- Computes the suffix of a version string, removing vprefix if it matches
|
||||||
|
-- For example with vprefix 1.2.3: 1.2.3.rc2 → .rc2 but 1.2.30 → 1.2.30 not 0
|
||||||
|
local function getversionsuffix(vstring,vprefix)
|
||||||
|
if (string.sub(vstring, 1, #vprefix) == vprefix) and
|
||||||
|
(not string.match(string.sub(vstring, #vprefix + 1), "^%.?%d")) then
|
||||||
|
return string.sub(vstring, #vprefix + 1)
|
||||||
|
else
|
||||||
|
return vstring
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Check if an identified url is sane
|
||||||
|
local function checkforgeurl(url, id, silent)
|
||||||
|
local checkedurl = nil
|
||||||
|
local checkedid = nil
|
||||||
|
local urlpatterns = {
|
||||||
|
gitlab = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://(…[-.])gitlab[-.]…/owner/repo'},
|
||||||
|
pagure = {
|
||||||
|
pattern = 'https://[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/repo'},
|
||||||
|
pagure_ns = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/namespace/repo'},
|
||||||
|
pagure_fork = {
|
||||||
|
pattern = 'https://[^/]+/fork/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/fork/owner/repo'},
|
||||||
|
pagure_ns_fork = {
|
||||||
|
pattern = 'https://[^/]+/fork/[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://pagure.io/fork/owner/namespace/repo'},
|
||||||
|
["gitea.com"] = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://gitea.com/owner/repo'},
|
||||||
|
github = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://(…[-.])github[-.]…/owner/repo'},
|
||||||
|
["code.googlesource.com"] = {
|
||||||
|
pattern = 'https://code.googlesource.com/[^#?]*[^/#?]+',
|
||||||
|
description = 'https://code.googlesource.com/…/repo'},
|
||||||
|
["bitbucket.org"] = {
|
||||||
|
pattern = 'https://[^/]+/[^/]+/[^/#?]+',
|
||||||
|
description = 'https://bitbucket.org/owner/repo'}}
|
||||||
|
if (urlpatterns[id] ~= nil) then
|
||||||
|
checkedurl = string.match(url,urlpatterns[id]["pattern"])
|
||||||
|
if (checkedurl == nil) then
|
||||||
|
if not silent then
|
||||||
|
rpm.expand("%{error:" .. id .. " URLs must match " .. urlpatterns[id]["description"] .. " !}")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
checkedid = id
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return checkedurl, checkedid
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Check if an url matches a known forge
|
||||||
|
local function idforge(url, silent)
|
||||||
|
local forgeurl = nil
|
||||||
|
local forge = nil
|
||||||
|
if (url ~= "") then
|
||||||
|
forge = string.match(url, "^[^:]+://([^/]+)/")
|
||||||
|
if (forge == nil) then
|
||||||
|
if not silent then
|
||||||
|
rpm.expand("%{error:URLs must include a protocol such as https:// and a path starting with / !}")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
if (forge == "pagure.io") then
|
||||||
|
if string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_ns_fork"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/fork/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_fork"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/[^/]+/[^/]+") then
|
||||||
|
forge = "pagure_ns"
|
||||||
|
elseif string.match(url, "[^:]+://pagure.io/[^/]+") then
|
||||||
|
forge = "pagure"
|
||||||
|
end
|
||||||
|
elseif (string.match(forge, "^gitlab[%.-]") or string.match(forge, "[%.-]gitlab[%.]")) then
|
||||||
|
forge = "gitlab"
|
||||||
|
elseif (string.match(forge, "^github[%.-]") or string.match(forge, "[%.-]github[%.]")) then
|
||||||
|
forge = "github"
|
||||||
|
end
|
||||||
|
forgeurl, forge = checkforgeurl(url, forge, silent)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return forgeurl, forge
|
||||||
|
end
|
||||||
|
|
||||||
|
-- The forgemeta macro main processing function
|
||||||
|
-- See the documentation in the macros.forge file for argument description
|
||||||
|
-- Also called directly by gometa
|
||||||
|
local function meta(suffix, verbose, informative, silent)
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local ismain = (suffix == "") or (suffix == "0")
|
||||||
|
if ismain then
|
||||||
|
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "tag", "commit", "shortcommit", "branch", "version",
|
||||||
|
"date", "distprefix"}, verbose)
|
||||||
|
end
|
||||||
|
local variables = {
|
||||||
|
default = {
|
||||||
|
scm = "git",
|
||||||
|
archiveext = "tar.bz2",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
topdir = "%{archivename" .. suffix .. "}" },
|
||||||
|
gitlab = {
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/-/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_ns = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/]+)/[^/?#]+"))}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_fork = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/?#]+"))}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
pagure_ns_fork = {
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/([^/]+)/[^/]+/[^/?#]+"))}',
|
||||||
|
namespace = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/([^/]+)/[^/?#]+")}',
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "https://[^/]+/fork/[^/]+/[^/]+/([^/?#]+)")}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{namespace" .. suffix .. "}-%{repo" .. suffix .. "}-%{ref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
["gitea.com"] = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
archivename = "%{fileref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
|
||||||
|
topdir = "%{repo}" },
|
||||||
|
github = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
archivename = "%{repo" .. suffix .. "}-%{fileref" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/archive/%{ref" .. suffix .. "}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}" },
|
||||||
|
["code.googlesource.com"] = {
|
||||||
|
archiveext = "tar.gz",
|
||||||
|
repo = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://.+/([^/?#]+)"))}',
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/+archive/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}",
|
||||||
|
topdir = "" },
|
||||||
|
["bitbucket.org"] = {
|
||||||
|
shortcommit = '%{lua:print(string.sub(rpm.expand("%{commit' .. suffix .. '}"), 1, 12))}',
|
||||||
|
owner = '%{lua:print(string.match(rpm.expand("%{forgeurl' .. suffix .. '}"), "^[^:]+://[^/]+/([^/?#]+)"))}',
|
||||||
|
archivename = "%{owner" .. suffix .. "}-%{repo" .. suffix .. "}-%{shortcommit" .. suffix .. "}",
|
||||||
|
archiveurl = "%{forgeurl" .. suffix .. "}/get/%{ref" .. suffix .. "}.%{archiveext" .. suffix .. "}" } }
|
||||||
|
-- Packaging a moving branch is quite a bad idea, but since at least Gitlab
|
||||||
|
-- will treat branches and tags the same way better support branches explicitly
|
||||||
|
-- than have packagers hijack %{tag} to download branch states
|
||||||
|
local spec = {}
|
||||||
|
for _, v in ipairs({'forgeurl','tag','commit','branch','version'}) do
|
||||||
|
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
|
||||||
|
end
|
||||||
|
-- Compute the reference of the object to fetch
|
||||||
|
local isrelease = false
|
||||||
|
if (spec["tag"] ~= "") then ref = "%{?tag" .. suffix .. "}"
|
||||||
|
elseif (spec["commit"] ~= "") then ref = "%{?commit" .. suffix .. "}"
|
||||||
|
elseif (spec["branch"] ~= "") then ref = "%{?branch" .. suffix .. "}"
|
||||||
|
else ref = "%{?version" .. suffix .. "}"
|
||||||
|
isrelease = true
|
||||||
|
end
|
||||||
|
if (rpm.expand(ref) == "") then
|
||||||
|
if (suffix == "") then
|
||||||
|
rpm.expand("%{error:You need to define Version:, %{commit} or %{tag} before the macro invocation !}")
|
||||||
|
else
|
||||||
|
rpm.expand("%{error:You need to define %{version" .. suffix .. "}, %{commit" .. suffix .. "} or %{tag" .. suffix .. "} before the macro invocation !}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
local forgeurl = spec["forgeurl"]
|
||||||
|
-- For backwards compatibility only
|
||||||
|
local expliciturl = rpm.expand("%{?-u*}")
|
||||||
|
if (expliciturl ~= "") then
|
||||||
|
rpm.expand("%{warn:-u use in %%forgemeta is deprecated, use -z instead to select a separate set of rpm variables!}")
|
||||||
|
forgeurl = expliciturl
|
||||||
|
end
|
||||||
|
local forge
|
||||||
|
forgeurl, forge = idforge(forgeurl, silent)
|
||||||
|
if (forge ~= nil) then
|
||||||
|
fedora.explicitset("forgeurl" .. suffix, forgeurl, verbose)
|
||||||
|
-- Custom processing of quirky forges that can not be handled with simple variables
|
||||||
|
if (forge == "github") then
|
||||||
|
-- Workaround the way GitHub injects "v"s before some version strings (but not all!)
|
||||||
|
-- To package one of the minority of sane GitHub projects that do not munge their version
|
||||||
|
-- strings set tag to %{version} in your spec
|
||||||
|
local fileref = ref
|
||||||
|
if (ref == "%{?version" .. suffix .. "}") then
|
||||||
|
ref = "v" .. ref
|
||||||
|
elseif (fileref ~= "%{?commit" .. suffix .. "}") and
|
||||||
|
string.match(rpm.expand(fileref), "^v[%d]") then
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "^v", "")
|
||||||
|
elseif (string.match(rpm.expand(fileref), "/")) then
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "/", "-")
|
||||||
|
end
|
||||||
|
fedora.safeset("fileref" .. suffix, fileref, verbose)
|
||||||
|
elseif (forge == "gitea.com") then
|
||||||
|
-- Workaround the way gitea mangles /s in ref names
|
||||||
|
local fileref = ref
|
||||||
|
fileref = string.gsub(rpm.expand(fileref), "/", "-")
|
||||||
|
fedora.safeset("fileref" .. suffix, fileref, verbose)
|
||||||
|
elseif (forge == "code.googlesource.com") then
|
||||||
|
if (ref == "%{?version" .. suffix .. "}") then
|
||||||
|
ref = "v" .. ref
|
||||||
|
end
|
||||||
|
elseif (forge == "bitbucket.org") then
|
||||||
|
if (spec["commit"] == "") then
|
||||||
|
rpm.expand("%{error:All BitBucket URLs require commit value knowledge: you need to define %{commit}!}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
fedora.safeset("ref" .. suffix, ref, verbose)
|
||||||
|
-- Mass setting of the remaining variables
|
||||||
|
for k,v in pairs(variables[forge]) do
|
||||||
|
fedora.safeset(k .. suffix, variables[forge][k], verbose)
|
||||||
|
end
|
||||||
|
for k,v in pairs(variables["default"]) do
|
||||||
|
if (variables[forge][k] == nil) then
|
||||||
|
fedora.safeset(k .. suffix, variables["default"][k], verbose)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
-- Generic rules
|
||||||
|
for _, v in ipairs({'archiveurl','archivename','archiveext','topdir'}) do
|
||||||
|
spec[v] = rpm.expand("%{?" .. v .. suffix .. "}")
|
||||||
|
end
|
||||||
|
-- Source URL processing (computing the forgesource spec variable)
|
||||||
|
local forgesource = "%{archiveurl" .. suffix .. "}"
|
||||||
|
if (string.match(spec["archiveurl"], "/([^/]+)$") ~= spec["archivename"] .. "." .. spec["archiveext"]) then
|
||||||
|
forgesource = "%{?archiveurl" .. suffix .. "}#/%{?archivename" .. suffix .. "}.%{archiveext" .. suffix .. "}"
|
||||||
|
end
|
||||||
|
fedora.safeset("forgesource" .. suffix, forgesource, verbose)
|
||||||
|
-- Setup processing (computing the forgesetup and extractdir variables)
|
||||||
|
local forgesetupargs = "-n %{extractdir" .. suffix .. "}"
|
||||||
|
local extractdir = "%{topdir" .. suffix .. "}"
|
||||||
|
if (spec["topdir"] == "") then
|
||||||
|
forgesetupargs = "-c " .. forgesetupargs
|
||||||
|
extractdir = "%{archivename" .. suffix .. "}"
|
||||||
|
end
|
||||||
|
if not ismain then
|
||||||
|
if (spec["topdir"] ~= "") then
|
||||||
|
forgesetupargs = "-T -D -b " .. suffix .. " " .. forgesetupargs
|
||||||
|
else
|
||||||
|
forgesetupargs = "-T -D -a " .. suffix .. " " .. forgesetupargs
|
||||||
|
end
|
||||||
|
end
|
||||||
|
fedora.safeset("forgesetupargs" .. suffix, forgesetupargs, verbose)
|
||||||
|
fedora.safeset("extractdir" .. suffix, extractdir, verbose)
|
||||||
|
-- dist processing (computing the correct prefix for snapshots)
|
||||||
|
local distprefix = ""
|
||||||
|
if not isrelease then
|
||||||
|
distprefix = string.lower(rpm.expand(ref))
|
||||||
|
if (ref == "%{?commit" .. suffix .. "}") then
|
||||||
|
distprefix = string.sub(distprefix, 1, 7)
|
||||||
|
elseif (ref ~= "%{?branch" .. suffix .. "}") then
|
||||||
|
distprefix = string.gsub(distprefix, "[%p%s]+", ".")
|
||||||
|
distprefix = string.gsub(distprefix, "^" .. string.lower(rpm.expand("%{?repo}")) .. "%.?", "")
|
||||||
|
local v = string.gsub(rpm.expand("%{version}"), "[%p%s]+", ".")
|
||||||
|
for _, p in ipairs({'','v','v.','version','version.','tags.v', 'tags.v.'}) do
|
||||||
|
distprefix = getversionsuffix(distprefix, p .. v)
|
||||||
|
end
|
||||||
|
distprefix = string.gsub(distprefix, "^%.", "")
|
||||||
|
end
|
||||||
|
if (distprefix ~= "") then
|
||||||
|
distprefix = "%{scm" .. suffix .. "}" .. distprefix
|
||||||
|
date = rpm.expand("%{?date" .. suffix .. "}")
|
||||||
|
if (date ~= "") then
|
||||||
|
distprefix = date .. distprefix
|
||||||
|
else
|
||||||
|
distprefix = "%([ -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "} ] && date +%Y%m%d -u -r %{_sourcedir}/%{archivename" .. suffix .. "}.%{archiveext" .. suffix .. "})" .. distprefix
|
||||||
|
end
|
||||||
|
distprefix = "." .. distprefix
|
||||||
|
end
|
||||||
|
end
|
||||||
|
if (spec["version"] ~= "") and
|
||||||
|
(spec["version"] ~= "0") and
|
||||||
|
(spec["version"] ~= rpm.expand("%{?version}")) then
|
||||||
|
distprefix = ".%{version" .. suffix .. "}" .. distprefix
|
||||||
|
end
|
||||||
|
if (rpm.expand(distprefix) ~= "") then
|
||||||
|
if not ismain then
|
||||||
|
distprefix = string.gsub(distprefix, "^%.", ".s")
|
||||||
|
end
|
||||||
|
fedora.safeset ("distprefix" .. suffix, distprefix, verbose)
|
||||||
|
end
|
||||||
|
if ismain then
|
||||||
|
fedora.zalias({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "shortcommit", "distprefix"}, verbose)
|
||||||
|
end
|
||||||
|
-- Final spec variable summary if the macro was called with -i
|
||||||
|
if informative then
|
||||||
|
rpm.expand("%{echo:Packaging variables read or set by %%forgemeta}")
|
||||||
|
fedora.echovars({"forgeurl", "forgesource", "forgesetupargs",
|
||||||
|
"archivename", "archiveext", "archiveurl",
|
||||||
|
"topdir", "extractdir", "repo", "owner", "namespace",
|
||||||
|
"scm", "tag", "commit", "shortcommit", "branch", "version",
|
||||||
|
"date", "distprefix"}, suffix)
|
||||||
|
fedora.echovars({"dist"},"")
|
||||||
|
rpm.expand("%{echo: (snapshot date is either manually supplied or computed once %%{_sourcedir}/%%{archivename" .. suffix .. "}.%%{archiveext" .. suffix .. "} is available)}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return {
|
||||||
|
meta = meta,
|
||||||
|
}
|
||||||
|
|
111
gpgverify
Executable file
111
gpgverify
Executable file
@ -0,0 +1,111 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
|
||||||
|
#
|
||||||
|
# This material is provided as is, with absolutely no warranty expressed
|
||||||
|
# or implied. Any use is at your own risk.
|
||||||
|
#
|
||||||
|
# Permission is hereby granted to use or copy this shellscript
|
||||||
|
# for any purpose, provided the above notices are retained on all copies.
|
||||||
|
# Permission to modify the code and to distribute modified code is granted,
|
||||||
|
# provided the above notices are retained, and a notice that the code was
|
||||||
|
# modified is included with the above copyright notice.
|
||||||
|
|
||||||
|
|
||||||
|
function print_help {
|
||||||
|
cat <<'EOF'
|
||||||
|
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
|
||||||
|
|
||||||
|
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
|
||||||
|
verifies a file against a detached OpenPGP signature and a keyring. The keyring
|
||||||
|
shall contain all the keys that are trusted to certify the authenticity of the
|
||||||
|
file, and must not contain any untrusted keys.
|
||||||
|
|
||||||
|
The differences, compared to invoking gpgv directly, are that gpgverify accepts
|
||||||
|
the keyring in either ASCII-armored or unarmored form, and that it will not
|
||||||
|
accidentally use a default keyring in addition to the specified one.
|
||||||
|
|
||||||
|
Parameters:
|
||||||
|
--keyring=<pathname> keyring with all the trusted keys and no others
|
||||||
|
--signature=<pathname> detached signature to verify
|
||||||
|
--data=<pathname> file to verify against the signature
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fatal_error() {
|
||||||
|
message="$1" # an error message
|
||||||
|
status=$2 # a number to use as the exit code
|
||||||
|
echo "gpgverify: $message" >&2
|
||||||
|
exit $status
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
require_parameter() {
|
||||||
|
term="$1" # a term for a required parameter
|
||||||
|
value="$2" # Complain and terminate if this value is empty.
|
||||||
|
if test -z "${value}" ; then
|
||||||
|
fatal_error "No ${term} was provided." 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
check_status() {
|
||||||
|
action="$1" # a string that describes the action that was attempted
|
||||||
|
status=$2 # the exit code of the command
|
||||||
|
if test $status -ne 0 ; then
|
||||||
|
fatal_error "$action failed." $status
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Parse the command line.
|
||||||
|
keyring=
|
||||||
|
signature=
|
||||||
|
data=
|
||||||
|
for parameter in "$@" ; do
|
||||||
|
case "${parameter}" in
|
||||||
|
(--help)
|
||||||
|
print_help
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
(--keyring=*)
|
||||||
|
keyring="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--signature=*)
|
||||||
|
signature="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--data=*)
|
||||||
|
data="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
fatal_error "Unknown parameter: \"${parameter}\"" 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
require_parameter 'keyring' "${keyring}"
|
||||||
|
require_parameter 'signature' "${signature}"
|
||||||
|
require_parameter 'data file' "${data}"
|
||||||
|
|
||||||
|
# Make a temporary working directory.
|
||||||
|
workdir="$(mktemp --directory)"
|
||||||
|
check_status 'Making a temporary directory' $?
|
||||||
|
workring="${workdir}/keyring.gpg"
|
||||||
|
|
||||||
|
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
|
||||||
|
# ASCII-armored.
|
||||||
|
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
|
||||||
|
check_status 'Decoding the keyring' $?
|
||||||
|
|
||||||
|
# Verify the signature using the decoded keyring.
|
||||||
|
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
|
||||||
|
check_status 'Signature verification' $?
|
||||||
|
|
||||||
|
# (--homedir isn't actually necessary. --dearmor processes only the input file,
|
||||||
|
# and if --keyring is used and contains a slash, then gpgv2 uses only that
|
||||||
|
# keyring. Thus neither command will look for a default keyring, but --homedir
|
||||||
|
# makes extra double sure that no default keyring will be touched in case
|
||||||
|
# another version of GPG works differently.)
|
||||||
|
|
||||||
|
# Clean up. (This is not done in case of an error that may need inspection.)
|
||||||
|
rm --recursive --force ${workdir}
|
21
kmod.attr
Normal file
21
kmod.attr
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
%__kmod_path ^/lib/modules/.*/(modules.builtin|.*ko)
|
||||||
|
%__kmod_provides() %{lua:
|
||||||
|
function basename(fn)
|
||||||
|
return string.gsub(fn, "(.*/)(.*)", "%2")
|
||||||
|
end
|
||||||
|
function printdep(mod)
|
||||||
|
print("kmod("..mod..")")
|
||||||
|
end
|
||||||
|
local fn = rpm.expand("%{1}")
|
||||||
|
local bn = basename(fn)
|
||||||
|
if bn == "modules.builtin" then
|
||||||
|
for l in io.lines(fn) do
|
||||||
|
printdep(basename(l))
|
||||||
|
end
|
||||||
|
else
|
||||||
|
local mod = string.match(bn, "%g+.ko")
|
||||||
|
if mod then
|
||||||
|
printdep(mod)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
}
|
267
kmodtool
Executable file
267
kmodtool
Executable file
@ -0,0 +1,267 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# kmodtool - Helper script for building kernel module RPMs
|
||||||
|
# Copyright (c) 2003-2006 Ville Skyttä <ville.skytta@iki.fi>,
|
||||||
|
# Thorsten Leemhuis <fedora@leemhuis.info>
|
||||||
|
# Jon Masters <jcm@redhat.com>
|
||||||
|
#
|
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
# a copy of this software and associated documentation files (the
|
||||||
|
# "Software"), to deal in the Software without restriction, including
|
||||||
|
# without limitation the rights to use, copy, modify, merge, publish,
|
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to
|
||||||
|
# permit persons to whom the Software is furnished to do so, subject to
|
||||||
|
# the following conditions:
|
||||||
|
#
|
||||||
|
# The above copyright notice and this permission notice shall be
|
||||||
|
# included in all copies or substantial portions of the Software.
|
||||||
|
#
|
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
shopt -s extglob
|
||||||
|
|
||||||
|
myprog="kmodtool"
|
||||||
|
myver="0.10.10_kmp2"
|
||||||
|
knownvariants=@(BOOT|PAE|@(big|huge)mem|debug|enterprise|kdump|?(large)smp|uml|xen[0U]?(-PAE)|xen)
|
||||||
|
kmod_name=
|
||||||
|
kver=
|
||||||
|
verrel=
|
||||||
|
variant=
|
||||||
|
kmp=
|
||||||
|
|
||||||
|
get_verrel ()
|
||||||
|
{
|
||||||
|
verrel=${1:-$(uname -r)}
|
||||||
|
verrel=${verrel%%$knownvariants}
|
||||||
|
}
|
||||||
|
|
||||||
|
print_verrel ()
|
||||||
|
{
|
||||||
|
get_verrel $@
|
||||||
|
echo "${verrel}"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_variant ()
|
||||||
|
{
|
||||||
|
get_verrel $@
|
||||||
|
variant=${1:-$(uname -r)}
|
||||||
|
variant=${variant##$verrel}
|
||||||
|
variant=${variant:-'""'}
|
||||||
|
}
|
||||||
|
|
||||||
|
print_variant ()
|
||||||
|
{
|
||||||
|
get_variant $@
|
||||||
|
echo "${variant}"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_rpmtemplate ()
|
||||||
|
{
|
||||||
|
local variant="${1}"
|
||||||
|
local dashvariant="${variant:+-${variant}}"
|
||||||
|
case "$verrel" in
|
||||||
|
*.el*) kdep="kernel${dashvariant}-%{_target_cpu} = ${verrel}" ;;
|
||||||
|
*.EL*) kdep="kernel${dashvariant}-%{_target_cpu} = ${verrel}" ;;
|
||||||
|
*) kdep="kernel-%{_target_cpu} = ${verrel}${variant}" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo "%package -n kmod-${kmod_name}${dashvariant}"
|
||||||
|
|
||||||
|
if [ -z "$kmp_provides_summary" ]; then
|
||||||
|
echo "Summary: ${kmod_name} kernel module(s)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$kmp_provides_group" ]; then
|
||||||
|
echo "Group: System Environment/Kernel"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$kmp_version" ]; then
|
||||||
|
echo "Version: %{kmp_version}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$kmp_release" ]; then
|
||||||
|
echo "Release: %{kmp_release}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$kmp" ]; then
|
||||||
|
echo "%global _use_internal_dependency_generator 0"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
Provides: kernel-modules = ${verrel}${variant}
|
||||||
|
Provides: ${kmod_name}-kmod = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -z "$kmp" ]; then
|
||||||
|
echo "Requires: ${kdep}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# RHEL5 - Remove common package requirement on general kmod packages.
|
||||||
|
# Requires: ${kmod_name}-kmod-common >= %{?epoch:%{epoch}:}%{version}
|
||||||
|
#
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
Requires(post): /sbin/depmod
|
||||||
|
Requires(postun): /sbin/depmod
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ "no" != "$kmp_nobuildreqs" ]
|
||||||
|
then
|
||||||
|
echo "BuildRequires: kernel${dashvariant}-devel-%{_target_cpu} = ${verrel}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "" != "$kmp_override_preamble" ]
|
||||||
|
then
|
||||||
|
cat "$kmp_override_preamble"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
%description -n kmod-${kmod_name}${dashvariant}
|
||||||
|
This package provides the ${kmod_name} kernel modules built for the Linux
|
||||||
|
kernel ${verrel}${variant} for the %{_target_cpu} family of processors.
|
||||||
|
%post -n kmod-${kmod_name}${dashvariant}
|
||||||
|
if [ -e "/boot/System.map-${verrel}${variant}" ]; then
|
||||||
|
/sbin/depmod -aeF "/boot/System.map-${verrel}${variant}" "${verrel}${variant}" > /dev/null || :
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ ! -z "$kmp" ]; then
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
modules=( \$(find /lib/modules/${verrel}${variant}/extra/${kmod_name}) )
|
||||||
|
if [ -x "/sbin/weak-modules" ]; then
|
||||||
|
printf '%s\n' "\${modules[@]}" \
|
||||||
|
| /sbin/weak-modules --add-modules
|
||||||
|
fi
|
||||||
|
%preun -n kmod-${kmod_name}${dashvariant}
|
||||||
|
rpm -ql kmod-${kmod_name}${dashvariant} | grep '\.ko$' \
|
||||||
|
> /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
%postun -n kmod-${kmod_name}${dashvariant}
|
||||||
|
/sbin/depmod -aF /boot/System.map-${verrel}${variant} ${verrel}${variant} &> /dev/null || :
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ ! -z "$kmp" ]; then
|
||||||
|
cat <<EOF
|
||||||
|
modules=( \$(cat /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules) )
|
||||||
|
#rm /var/run/rpm-kmod-${kmod_name}${dashvariant}-modules
|
||||||
|
if [ -x "/sbin/weak-modules" ]; then
|
||||||
|
printf '%s\n' "\${modules[@]}" \
|
||||||
|
| /sbin/weak-modules --remove-modules
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "%files -n kmod-${kmod_name}${dashvariant}"
|
||||||
|
|
||||||
|
if [ "" == "$kmp_override_filelist" ];
|
||||||
|
then
|
||||||
|
echo "%defattr(644,root,root,755)"
|
||||||
|
echo "/lib/modules/${verrel}${variant}/"
|
||||||
|
echo "/lib/firmware/"
|
||||||
|
else
|
||||||
|
cat "$kmp_override_filelist"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
print_rpmtemplate ()
|
||||||
|
{
|
||||||
|
kmod_name="${1}"
|
||||||
|
shift
|
||||||
|
kver="${1}"
|
||||||
|
get_verrel "${1}"
|
||||||
|
shift
|
||||||
|
if [ -z "${kmod_name}" ] ; then
|
||||||
|
echo "Please provide the kmodule-name as first parameter." >&2
|
||||||
|
exit 2
|
||||||
|
elif [ -z "${kver}" ] ; then
|
||||||
|
echo "Please provide the kver as second parameter." >&2
|
||||||
|
exit 2
|
||||||
|
elif [ -z "${verrel}" ] ; then
|
||||||
|
echo "Couldn't find out the verrel." >&2
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
for variant in "$@" ; do
|
||||||
|
if [ "default" == "$variant" ];
|
||||||
|
then
|
||||||
|
get_rpmtemplate ""
|
||||||
|
else
|
||||||
|
get_rpmtemplate "${variant}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
usage ()
|
||||||
|
{
|
||||||
|
cat <<EOF
|
||||||
|
You called: ${invocation}
|
||||||
|
|
||||||
|
Usage: ${myprog} <command> <option>+
|
||||||
|
Commands:
|
||||||
|
verrel <uname>
|
||||||
|
- Get "base" version-release.
|
||||||
|
variant <uname>
|
||||||
|
- Get variant from uname.
|
||||||
|
rpmtemplate <mainpgkname> <uname> <variants>
|
||||||
|
- Return a template for use in a source RPM
|
||||||
|
rpmtemplate_kmp <mainpgkname> <uname> <variants>
|
||||||
|
- Return a template for use in a source RPM with KMP dependencies
|
||||||
|
version
|
||||||
|
- Output version number and exit.
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
invocation="$(basename ${0}) $@"
|
||||||
|
while [ "${1}" ] ; do
|
||||||
|
case "${1}" in
|
||||||
|
verrel)
|
||||||
|
shift
|
||||||
|
print_verrel $@
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
variant)
|
||||||
|
shift
|
||||||
|
print_variant $@
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
rpmtemplate)
|
||||||
|
shift
|
||||||
|
print_rpmtemplate "$@"
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
rpmtemplate_kmp)
|
||||||
|
shift
|
||||||
|
kmp=1
|
||||||
|
print_rpmtemplate "$@"
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
version)
|
||||||
|
echo "${myprog} ${myver}"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Error: Unknown option '${1}'." >&2
|
||||||
|
usage >&2
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Local variables:
|
||||||
|
# mode: sh
|
||||||
|
# sh-indentation: 2
|
||||||
|
# indent-tabs-mode: nil
|
||||||
|
# End:
|
||||||
|
# ex: ts=2 sw=2 et
|
5
libsymlink.attr
Normal file
5
libsymlink.attr
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# Make libfoo.so symlinks require the soname-provide of the target library
|
||||||
|
%__libsymlink_requires %{_rpmconfigdir}/elfdeps --provides --soname-only
|
||||||
|
%__libsymlink_magic ^symbolic link to .*lib.*\.so\..*$
|
||||||
|
%__libsymlink_path ^.*\.so$
|
||||||
|
%__libsymlink_flags magic_and_path
|
389
macros
Normal file
389
macros
Normal file
@ -0,0 +1,389 @@
|
|||||||
|
# Per-platform rpm configuration file.
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- per-platform macros.
|
||||||
|
#
|
||||||
|
%_vendor redhat
|
||||||
|
%_os linux
|
||||||
|
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- configure macros. note that most of these are inherited
|
||||||
|
# from the defaults.
|
||||||
|
#
|
||||||
|
%_localstatedir /var
|
||||||
|
|
||||||
|
%_pkgdocdir %{_docdir}/%{name}
|
||||||
|
%_docdir_fmt %%{NAME}
|
||||||
|
|
||||||
|
%_fmoddir %{_libdir}/gfortran/modules
|
||||||
|
|
||||||
|
%source_date_epoch_from_changelog 1
|
||||||
|
|
||||||
|
%_enable_debug_packages 1
|
||||||
|
%_include_minidebuginfo 1
|
||||||
|
%_include_gdb_index 1
|
||||||
|
%_debugsource_packages 1
|
||||||
|
%_debuginfo_subpackages 1
|
||||||
|
|
||||||
|
# GCC toolchain
|
||||||
|
%__cc_gcc gcc
|
||||||
|
%__cxx_gcc g++
|
||||||
|
%__cpp_gcc gcc -E
|
||||||
|
|
||||||
|
# Clang toolchain
|
||||||
|
%__cc_clang clang
|
||||||
|
%__cxx_clang clang++
|
||||||
|
%__cpp_clang clang-cpp
|
||||||
|
|
||||||
|
# Default to the GCC toolchain
|
||||||
|
#
|
||||||
|
# It is enough to override `toolchain` macro and all relevant macro for C/C++
|
||||||
|
# compilers will be switched. Either in the spec or in the command-line.
|
||||||
|
#
|
||||||
|
# %global toolchain clang
|
||||||
|
#
|
||||||
|
# or:
|
||||||
|
#
|
||||||
|
# rpmbuild -D "toolchain clang" …
|
||||||
|
#
|
||||||
|
# Inside a spec file it is also possible to determine which toolchain is in use
|
||||||
|
# by testing the same macro. For example:
|
||||||
|
#
|
||||||
|
# %if "%{toolchain}" == "gcc"
|
||||||
|
# BuildRequires: gcc
|
||||||
|
# %endif
|
||||||
|
#
|
||||||
|
# or:
|
||||||
|
#
|
||||||
|
# %if "%{toolchain}" == "clang"
|
||||||
|
# BuildRequires: clang compiler-rt
|
||||||
|
# %endif
|
||||||
|
#
|
||||||
|
%toolchain gcc
|
||||||
|
|
||||||
|
%__cc %{expand:%%{__cc_%{toolchain}}}
|
||||||
|
%__cxx %{expand:%%{__cxx_%{toolchain}}}
|
||||||
|
%__cpp %{expand:%%{__cpp_%{toolchain}}}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- compiler flags.
|
||||||
|
|
||||||
|
# C compiler flags. This is traditionally called CFLAGS in makefiles.
|
||||||
|
# Historically also available as %%{optflags}, and %%build sets the
|
||||||
|
# environment variable RPM_OPT_FLAGS to this value.
|
||||||
|
%build_cflags %{optflags}
|
||||||
|
|
||||||
|
# C++ compiler flags. This is traditionally called CXXFLAGS in makefiles.
|
||||||
|
%build_cxxflags %{optflags}
|
||||||
|
|
||||||
|
# Fortran compiler flags. Makefiles use both FFLAGS and FCFLAGS as
|
||||||
|
# the corresponding variable names.
|
||||||
|
%build_fflags %{optflags} -I%{_fmoddir}
|
||||||
|
|
||||||
|
# Link editor flags. This is usually called LDFLAGS in makefiles.
|
||||||
|
# (Some makefiles use LFLAGS instead.) The default value assumes that
|
||||||
|
# the flags, while intended for ld, are still passed through the gcc
|
||||||
|
# compiler driver. At the beginning of %%build, the environment
|
||||||
|
# variable RPM_LD_FLAGS to this value.
|
||||||
|
# When clang is used as a linker driver, it does not auto-detect the LTO
|
||||||
|
# bytecode and neither does bfd, so we need to explicitly pass the -flto
|
||||||
|
# flag when linking.
|
||||||
|
%build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} %[ "%{toolchain}" == "clang" ? "%{?_lto_cflags}" : "" ]
|
||||||
|
|
||||||
|
# Expands to shell code to set the compiler/linker environment
|
||||||
|
# variables CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS, LDFLAGS if they have
|
||||||
|
# not been set already. RPM_OPT_FLAGS and RPM_LD_FLAGS have already
|
||||||
|
# been set implicitly at the start of the %%build section.
|
||||||
|
# LT_SYS_LIBRARY_PATH is used by libtool script.
|
||||||
|
%set_build_flags \
|
||||||
|
CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \
|
||||||
|
CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \
|
||||||
|
FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \
|
||||||
|
FCFLAGS="${FCFLAGS:-%{build_fflags}}" ; export FCFLAGS ; \
|
||||||
|
LDFLAGS="${LDFLAGS:-%{build_ldflags}}" ; export LDFLAGS ; \
|
||||||
|
LT_SYS_LIBRARY_PATH="${LT_SYS_LIBRARY_PATH:-%_libdir:}" ; export LT_SYS_LIBRARY_PATH ; \
|
||||||
|
CC="${CC:-%{__cc}}" ; export CC ; \
|
||||||
|
CXX="${CXX:-%{__cxx}}" ; export CXX
|
||||||
|
|
||||||
|
# Internal-only. Do not use. Expand a variable and strip the flags
|
||||||
|
# not suitable to extension builders.
|
||||||
|
%__extension_strip_flags() %{lua:
|
||||||
|
local name = rpm.expand("%{1}")
|
||||||
|
local value = " " .. rpm.expand("%{build_" .. name .. "}")
|
||||||
|
local specs_pattern = "%s+-specs=[^%s]+"
|
||||||
|
local lto_flags_pattern = rpm.expand("%{?_lto_cflags}"):gsub("[%-%.]", "%%%1")
|
||||||
|
local result = value:gsub(specs_pattern, " "):gsub(lto_flags_pattern, "")
|
||||||
|
print(result)
|
||||||
|
}
|
||||||
|
|
||||||
|
# Variants of CFLAGS, CXXFLAGS, FFLAGS, LDFLAGS for use within
|
||||||
|
# extension builders.
|
||||||
|
%extension_cflags %{__extension_strip_flags cflags}
|
||||||
|
%extension_cxxflags %{__extension_strip_flags cxxflags}
|
||||||
|
%extension_fflags %{__extension_strip_flags fflags}
|
||||||
|
%extension_ldflags %{__extension_strip_flags ldflags}
|
||||||
|
|
||||||
|
# Deprecated names. For backwards compatibility only.
|
||||||
|
%__global_cflags %{build_cflags}
|
||||||
|
%__global_cxxflags %{build_cxxflags}
|
||||||
|
%__global_fflags %{build_fflags}
|
||||||
|
%__global_fcflags %{build_fflags}
|
||||||
|
%__global_ldflags %{build_ldflags}
|
||||||
|
|
||||||
|
# Architecture-specific support. Internal. Do not use directly.
|
||||||
|
|
||||||
|
# Also used for s390.
|
||||||
|
%__cflags_arch_s390x %[0%{?rhel} >= 8 ? "-march=z13 -mtune=z13" : "-march=zEC12 -mtune=z13"]
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- configure and makeinstall.
|
||||||
|
#
|
||||||
|
%_configure_gnuconfig_hack 1
|
||||||
|
%_configure_libtool_hardening_hack 1
|
||||||
|
# If defined, _configure_disable_silent_rules will cause --disable-silent-rules
|
||||||
|
# to be added to the list of options passed to the configure script.
|
||||||
|
# Eventually we'll want to turn this on by default, but this gives packagers a
|
||||||
|
# way to turn it back off.
|
||||||
|
# %_configure_disable_silent_rules 1
|
||||||
|
|
||||||
|
# This fixes various easy resolved configure tests that are compromised by LTO.
|
||||||
|
#
|
||||||
|
# We use this within the standard %configure macro, but also make it available
|
||||||
|
# for packages which don't use %configure
|
||||||
|
#
|
||||||
|
# The first three are common ways to test for the existence of a function, so
|
||||||
|
# we ensure the reference to the function is preserved
|
||||||
|
#
|
||||||
|
# The fourth are constants used to then try to generate NaNs and other key
|
||||||
|
# floating point numbers. We then use those special FP numbers to try and
|
||||||
|
# raise a SIGFPE. By declaring x & y volatile we prevent the optimizers
|
||||||
|
# from removing the computation
|
||||||
|
#
|
||||||
|
# The fifth (and worst) addresses problems with autoconf/libtool's approach
|
||||||
|
# to extracting symbols from .o files and generating C code. In an LTO world
|
||||||
|
# types matter much more closely and you can't have an object in one context
|
||||||
|
# that is a function definition and a simple scalar variable in another.
|
||||||
|
# Thankfully HP-UX has always had that restriction and is supported by
|
||||||
|
# autoconf/libtool. The insane sed script replaces the "generic" code with
|
||||||
|
# the HP-UX version.
|
||||||
|
#
|
||||||
|
# If we do not make changes, we put the original file back. This avoids
|
||||||
|
# unnecessary rebuilds of things that may have dependencies on the configure
|
||||||
|
# files.
|
||||||
|
#
|
||||||
|
%_fix_broken_configure_for_lto \
|
||||||
|
for file in $(find . -type f -name configure -print); do \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\) = /__attribute__ ((used)) char (*f) () = /g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\(\\*f\\) \\(\\);/__attribute__ ((used)) char (*f) ();/g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} -r --in-place=.backup 's/^char \\$2 \\(\\);/__attribute__ ((used)) char \\$2 ();/g' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} --in-place=.backup '1{$!N;$!N};$!N;s/int x = 1;\\nint y = 0;\\nint z;\\nint nan;/volatile int x = 1; volatile int y = 0; volatile int z, nan;/;P;D' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
%{__sed} --in-place=.backup 's#^lt_cv_sys_global_symbol_to_cdecl=.*#lt_cv_sys_global_symbol_to_cdecl="sed -n -e '"'"'s/^T .* \\\\(.*\\\\)$/extern int \\\\1();/p'"'"' -e '"'"'s/^$symcode* .* \\\\(.*\\\\)$/extern char \\\\1;/p'"'"'"#' $file; \
|
||||||
|
diff -u $file.backup $file && mv $file.backup $file \
|
||||||
|
done
|
||||||
|
|
||||||
|
%configure \
|
||||||
|
%{set_build_flags}; \
|
||||||
|
[ "%{_lto_cflags}"x != x ] && %{_fix_broken_configure_for_lto}; \
|
||||||
|
[ "%_configure_gnuconfig_hack" = 1 ] && for i in $(find $(dirname %{_configure}) -name config.guess -o -name config.sub) ; do \
|
||||||
|
[ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \
|
||||||
|
done ; \
|
||||||
|
[ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \
|
||||||
|
for i in $(find . -name ltmain.sh) ; do \
|
||||||
|
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \
|
||||||
|
done ; \
|
||||||
|
%{_configure} --build=%{_build} --host=%{_host} \\\
|
||||||
|
--program-prefix=%{?_program_prefix} \\\
|
||||||
|
--disable-dependency-tracking \\\
|
||||||
|
%{?_configure_disable_silent_rules:--disable-silent-rules} \\\
|
||||||
|
--prefix=%{_prefix} \\\
|
||||||
|
--exec-prefix=%{_exec_prefix} \\\
|
||||||
|
--bindir=%{_bindir} \\\
|
||||||
|
--sbindir=%{_sbindir} \\\
|
||||||
|
--sysconfdir=%{_sysconfdir} \\\
|
||||||
|
--datadir=%{_datadir} \\\
|
||||||
|
--includedir=%{_includedir} \\\
|
||||||
|
--libdir=%{_libdir} \\\
|
||||||
|
--libexecdir=%{_libexecdir} \\\
|
||||||
|
--localstatedir=%{_localstatedir} \\\
|
||||||
|
--sharedstatedir=%{_sharedstatedir} \\\
|
||||||
|
--mandir=%{_mandir} \\\
|
||||||
|
--infodir=%{_infodir}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- Build policy macros.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#---------------------------------------------------------------------
|
||||||
|
# Expanded at beginning of %install scriptlet.
|
||||||
|
#
|
||||||
|
|
||||||
|
%__spec_install_pre %{___build_pre}\
|
||||||
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
|
||||||
|
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
|
||||||
|
mkdir "$RPM_BUILD_ROOT"\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------
|
||||||
|
# Expanded at end of %install scriptlet.
|
||||||
|
#
|
||||||
|
|
||||||
|
%__arch_install_post /usr/lib/rpm/check-buildroot
|
||||||
|
|
||||||
|
# Build root policy macros. Standard naming:
|
||||||
|
# convert all '-' in basename to '_', add two leading underscores.
|
||||||
|
%__brp_ldconfig /usr/lib/rpm/redhat/brp-ldconfig
|
||||||
|
%__brp_compress /usr/lib/rpm/brp-compress
|
||||||
|
%__brp_strip /usr/lib/rpm/brp-strip %{__strip}
|
||||||
|
%__brp_strip_lto /usr/lib/rpm/redhat/brp-strip-lto %{__strip}
|
||||||
|
%__brp_strip_comment_note /usr/lib/rpm/brp-strip-comment-note %{__strip} %{__objdump}
|
||||||
|
%__brp_strip_static_archive /usr/lib/rpm/brp-strip-static-archive %{__strip}
|
||||||
|
%__brp_python_bytecompile /usr/lib/rpm/redhat/brp-python-bytecompile "" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}"
|
||||||
|
%__brp_fix_pyc_reproducibility /usr/lib/rpm/redhat/brp-fix-pyc-reproducibility
|
||||||
|
%__brp_python_hardlink /usr/lib/rpm/brp-python-hardlink
|
||||||
|
# __brp_mangle_shebangs_exclude - shebangs to exclude
|
||||||
|
# __brp_mangle_shebangs_exclude_file - file from which to get shebangs to exclude
|
||||||
|
# __brp_mangle_shebangs_exclude_from - files to ignore
|
||||||
|
# __brp_mangle_shebangs_exclude_from_file - file from which to get files to ignore
|
||||||
|
%__brp_mangle_shebangs /usr/lib/rpm/redhat/brp-mangle-shebangs %{?__brp_mangle_shebangs_exclude:--shebangs "%{?__brp_mangle_shebangs_exclude}"} %{?__brp_mangle_shebangs_exclude_file:--shebangs-from "%{__brp_mangle_shebangs_exclude_file}"} %{?__brp_mangle_shebangs_exclude_from:--files "%{?__brp_mangle_shebangs_exclude_from}"} %{?__brp_mangle_shebangs_exclude_from_file:--files-from "%{__brp_mangle_shebangs_exclude_from_file}"}
|
||||||
|
|
||||||
|
%__os_install_post \
|
||||||
|
%{?__brp_ldconfig} \
|
||||||
|
%{?__brp_compress} \
|
||||||
|
%{!?__debug_package:\
|
||||||
|
%{?__brp_strip} \
|
||||||
|
%{?__brp_strip_comment_note} \
|
||||||
|
} \
|
||||||
|
%{?__brp_strip_lto} \
|
||||||
|
%{?__brp_strip_static_archive} \
|
||||||
|
%{?py_auto_byte_compile:%{?__brp_python_bytecompile}} \
|
||||||
|
%{?py_reproducible_pyc_path:%{?__brp_fix_pyc_reproducibility} "%{py_reproducible_pyc_path}"} \
|
||||||
|
%{?__brp_python_hardlink} \
|
||||||
|
%{?__brp_mangle_shebangs} \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%__spec_install_post\
|
||||||
|
%{?__debug_package:%{__debug_install_post}}\
|
||||||
|
%{__arch_install_post}\
|
||||||
|
%{__os_install_post}\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%install %{?_enable_debug_packages:%{?buildsubdir:%{debug_package}}}\
|
||||||
|
%%install\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Should missing buildids terminate a build?
|
||||||
|
%_missing_build_ids_terminate_build 1
|
||||||
|
|
||||||
|
#
|
||||||
|
## Automatically compile python files
|
||||||
|
%py_auto_byte_compile 1
|
||||||
|
|
||||||
|
#
|
||||||
|
## Should python bytecompilation errors terminate a build?
|
||||||
|
%_python_bytecompile_errors_terminate_build 1
|
||||||
|
## Should python bytecompilation compile outisde python specific directories?
|
||||||
|
%_python_bytecompile_extra 0
|
||||||
|
|
||||||
|
# Use SHA-256 for FILEDIGESTS instead of default MD5
|
||||||
|
%_source_filedigest_algorithm 8
|
||||||
|
%_binary_filedigest_algorithm 8
|
||||||
|
|
||||||
|
# Use Zstandard compression for binary payloads
|
||||||
|
%_binary_payload w19.zstdio
|
||||||
|
|
||||||
|
%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
|
||||||
|
%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg
|
||||||
|
%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} -fstack-protector-strong
|
||||||
|
# we don't escape symbols '~', '"', etc. so be careful when changing this
|
||||||
|
%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ]
|
||||||
|
|
||||||
|
# Harden packages by default for Fedora 23+:
|
||||||
|
# https://fedorahosted.org/fesco/ticket/1384 (accepted on 2014-02-11)
|
||||||
|
# Use "%undefine _hardened_build" to disable.
|
||||||
|
%_hardened_build 1
|
||||||
|
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
|
||||||
|
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
|
||||||
|
|
||||||
|
# Add extra information to binary objects created by the compiler:
|
||||||
|
# https://pagure.io/fesco/issue/1780 (accepted on 2017-10-30)
|
||||||
|
# Use "%undefine _annotated_build" to disable.
|
||||||
|
%_annotated_build 1
|
||||||
|
%_annobin_gcc_plugin -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
|
||||||
|
# The annobin plugin is not built for clang yet
|
||||||
|
%_annobin_clang_plugin %dnl-fplugin=/usr/lib64/clang/`clang -dumpversion`/lib/annobin.so
|
||||||
|
%_annotation_cflags %{?_annotated_build:%{expand:%%{_annobin_%{toolchain}_plugin}}}
|
||||||
|
|
||||||
|
# Fail linking if there are undefined symbols. Required for proper
|
||||||
|
# ELF symbol versioning support. Disabled by default.
|
||||||
|
# Use "%define _ld_strict_symbol_defs 1" to enable.
|
||||||
|
#%_ld_strict_symbol_defs 1
|
||||||
|
%_ld_symbols_flags %{?_ld_strict_symbol_defs:-Wl,-z,defs}
|
||||||
|
|
||||||
|
# https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
|
||||||
|
# use "%undefine _ld_as_needed" to disable.
|
||||||
|
%_ld_as_needed 1
|
||||||
|
%_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed}
|
||||||
|
|
||||||
|
# LTO is the default in Fedora.
|
||||||
|
# "%define _lto_cflags %{nil}" to opt out
|
||||||
|
#
|
||||||
|
# We currently have -ffat-lto-objects turned on out of an abundance of
|
||||||
|
# caution. To remove it we need to do a check of the installed .o/.a files
|
||||||
|
# to verify they have real sections/symbols after LTO stripping. That
|
||||||
|
# way we can detect installing an unusable .o/.a file. This is on the TODO
|
||||||
|
# list for F34.
|
||||||
|
%_gcc_lto_cflags -flto=auto -ffat-lto-objects
|
||||||
|
%_clang_lto_cflags -flto
|
||||||
|
%_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}}
|
||||||
|
|
||||||
|
%_general_options -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
|
||||||
|
%_warning_options -Wall -Werror=format-security
|
||||||
|
%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
|
||||||
|
|
||||||
|
# Common variables are no longer generated by default by gcc and clang
|
||||||
|
# If they are needed then add "%define _legacy_common_support 1" to the spec file.
|
||||||
|
%_legacy_options %{?_legacy_common_support: -fcommon}
|
||||||
|
|
||||||
|
%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} %{_annotation_cflags} %{_legacy_options}
|
||||||
|
|
||||||
|
# Automatically trim changelog entries after 2 years
|
||||||
|
%_changelog_trimtime %{lua:print(os.time() - 2 * 365 * 86400)}
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
# ---- Generic auto req/prov filtering macros
|
||||||
|
#
|
||||||
|
# http://fedoraproject.org/wiki/PackagingDrafts/AutoProvidesAndRequiresFiltering
|
||||||
|
|
||||||
|
# prevent anything matching from being scanned for provides
|
||||||
|
%filter_provides_in(P) %{expand: \
|
||||||
|
%global __filter_prov_cmd %{?__filter_prov_cmd} %{__grep} -v %{-P} '%*' | \
|
||||||
|
}
|
||||||
|
|
||||||
|
# prevent anything matching from being scanned for requires
|
||||||
|
%filter_requires_in(P) %{expand: \
|
||||||
|
%global __filter_req_cmd %{?__filter_req_cmd} %{__grep} -v %{-P} '%*' | \
|
||||||
|
}
|
||||||
|
|
||||||
|
# filter anything matching out of the provides stream
|
||||||
|
%filter_from_provides() %{expand: \
|
||||||
|
%global __filter_from_prov %{?__filter_from_prov} | %{__sed} -e '%*' \
|
||||||
|
}
|
||||||
|
|
||||||
|
# filter anything matching out of the requires stream
|
||||||
|
%filter_from_requires() %{expand: \
|
||||||
|
%global __filter_from_req %{?__filter_from_req} | %{__sed} -e '%*' \
|
||||||
|
}
|
||||||
|
|
||||||
|
# actually set up the filtering bits
|
||||||
|
%filter_setup %{expand: \
|
||||||
|
%global _use_internal_dependency_generator 0 \
|
||||||
|
%global __deploop() while read FILE; do echo "${FILE}" | /usr/lib/rpm/rpmdeps -%{1}; done | /bin/sort -u \
|
||||||
|
%global __find_provides /bin/sh -c "%{?__filter_prov_cmd} %{__deploop P} %{?__filter_from_prov}" \
|
||||||
|
%global __find_requires /bin/sh -c "%{?__filter_req_cmd} %{__deploop R} %{?__filter_from_req}" \
|
||||||
|
}
|
39
macros.dwz
Normal file
39
macros.dwz
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# Macros for reducing debug info size using dwz(1) utility.
|
||||||
|
|
||||||
|
# The two default values below should result in dwz taking at most
|
||||||
|
# 3GB of RAM or so on 64-bit hosts and 2.5GB on 32-bit hosts
|
||||||
|
# on the largest *.debug files (in mid 2012 those are
|
||||||
|
# libreoffice-debuginfo, debuginfos containing
|
||||||
|
# libxul.so.debug and libwebkitgtk-*.so.*.debug).
|
||||||
|
# This needs to be tuned based on the amount of available RAM
|
||||||
|
# on build boxes for each architecture as well as virtual address
|
||||||
|
# space limitations if dwz is 32-bit program. While it needs less
|
||||||
|
# memory than 64-bit program because pointers are smaller, it can
|
||||||
|
# never have more than 4GB-epsilon of RAM and on some architecture
|
||||||
|
# even less than that (e.g. 2GB).
|
||||||
|
|
||||||
|
# Number of debugging information entries (DIEs) above which
|
||||||
|
# dwz will stop considering file for multifile optimizations
|
||||||
|
# and enter a low memory mode, in which it will optimize
|
||||||
|
# in about half the memory needed otherwise.
|
||||||
|
%_dwz_low_mem_die_limit 10000000
|
||||||
|
# Number of DIEs above which dwz will stop processing
|
||||||
|
# a file altogether.
|
||||||
|
%_dwz_max_die_limit 50000000
|
||||||
|
|
||||||
|
# On x86_64 increase the higher limit to make libwebkit* optimizable.
|
||||||
|
# libwebkit* in mid 2012 contains roughly 87mil DIEs, and 64-bit
|
||||||
|
# dwz is able to optimize it from ~1.1GB to ~410MB using 5.2GB of RAM.
|
||||||
|
%_dwz_max_die_limit_x86_64 110000000
|
||||||
|
|
||||||
|
# On ARM, build boxes often have only 512MB of RAM and are very slow.
|
||||||
|
# Lower both the limits.
|
||||||
|
%_dwz_low_mem_die_limit_armv5tel 4000000
|
||||||
|
%_dwz_low_mem_die_limit_armv7hl 4000000
|
||||||
|
%_dwz_max_die_limit_armv5tel 10000000
|
||||||
|
%_dwz_max_die_limit_armv7hl 10000000
|
||||||
|
|
||||||
|
%_dwz_limit() %{expand:%%{?%{1}_%{_arch}}%%{!?%{1}_%{_arch}:%%%{1}}}
|
||||||
|
%_find_debuginfo_dwz_opts --run-dwz\\\
|
||||||
|
--dwz-low-mem-die-limit %{_dwz_limit _dwz_low_mem_die_limit}\\\
|
||||||
|
--dwz-max-die-limit %{_dwz_limit _dwz_max_die_limit}
|
63
macros.fedora-misc
Normal file
63
macros.fedora-misc
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
# Fedora macros, safe to use after the SRPM build stage
|
||||||
|
|
||||||
|
# Lists files matching inclusion globs, excluding files matching exclusion
|
||||||
|
# globs
|
||||||
|
# – globs are space-separated lists of shell globs. Such lists require
|
||||||
|
# %{quote:} use when passed as rpm arguments or flags.
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# %{listfiles_include} inclusion globs
|
||||||
|
# %{listfiles_exclude} exclusion globs
|
||||||
|
# -i <globs> inclusion globs
|
||||||
|
# -x <globs> exclusion globs
|
||||||
|
# … arguments passed to the macro without flags will be
|
||||||
|
# interpreted as inclusion globs
|
||||||
|
%listfiles(i:x:) %{expand:
|
||||||
|
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
|
||||||
|
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
|
||||||
|
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
|
||||||
|
while IFS= read -r finc ; do
|
||||||
|
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
|
||||||
|
| sort -u | grep -q "${finc}" || echo "${finc}"
|
||||||
|
done <<< "${listfiles_include}"
|
||||||
|
%else
|
||||||
|
echo "${listfiles_include}"
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
}
|
||||||
|
|
||||||
|
# https://github.com/rpm-software-management/rpm/issues/581
|
||||||
|
# Writes the contents of a list of rpm variables to a macro file
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# -f <filename> the macro file to process:
|
||||||
|
# – it must contain corresponding anchors
|
||||||
|
# – for example %writevars -f myfile foo bar will replace:
|
||||||
|
# @@FOO@@ with the rpm evaluation of %{foo} and
|
||||||
|
# @@BAR@@ with the rpm evaluation of %{bar}
|
||||||
|
# in myfile
|
||||||
|
%writevars(f:) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local macrofile = rpm.expand("%{-f*}")
|
||||||
|
local rpmvars = {}
|
||||||
|
for i = 1, rpm.expand("%#") do
|
||||||
|
table.insert(rpmvars, rpm.expand("%" .. i))
|
||||||
|
end
|
||||||
|
fedora.writevars(macrofile,rpmvars)
|
||||||
|
}
|
||||||
|
|
||||||
|
# gpgverify verifies signed sources. There is documentation in the script.
|
||||||
|
%gpgverify(k:s:d:) %{lua:
|
||||||
|
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||||
|
local keyring = rpm.expand("%{-k*}")
|
||||||
|
local signature = rpm.expand("%{-s*}")
|
||||||
|
local data = rpm.expand("%{-d*}")
|
||||||
|
print(script)
|
||||||
|
if keyring ~= "" then
|
||||||
|
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||||
|
end
|
||||||
|
if signature ~= "" then
|
||||||
|
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||||
|
end
|
||||||
|
if data ~= "" then
|
||||||
|
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||||
|
end
|
||||||
|
}
|
43
macros.fedora-misc-srpm
Normal file
43
macros.fedora-misc-srpm
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# Fedora macros, safe to use at SRPM build stage
|
||||||
|
|
||||||
|
# A directory for rpm macros
|
||||||
|
%rpmmacrodir /usr/lib/rpm/macros.d
|
||||||
|
|
||||||
|
# A directory for appdata metainfo. This has changed between releases so a
|
||||||
|
# macro is useful.
|
||||||
|
%_metainfodir %{_datadir}/metainfo
|
||||||
|
|
||||||
|
# A directory for SWID tag files describing the installation
|
||||||
|
%_swidtagdir %{_prefix}/lib/swidtag/fedoraproject.org
|
||||||
|
|
||||||
|
# Applies the fedora.wordwrap filter to the content of an rpm variable, and
|
||||||
|
# prints the result.
|
||||||
|
# – putting multiple lines of UTF-8 text inside a variable is usually
|
||||||
|
# accomplished with %{expand:some_text}
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# -v <variable_name> (default value: _description)
|
||||||
|
%wordwrap(v:) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local variable = "%{?" .. rpm.expand("%{-v*}%{!-v:_description}") .. "}"
|
||||||
|
print(fedora.wordwrap(variable))
|
||||||
|
}
|
||||||
|
|
||||||
|
# A single Name: and %package substitute
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# %{source_name} the SRPM name
|
||||||
|
# %{source_summary} the SRPM summary
|
||||||
|
# %{source_description} the SRPM description
|
||||||
|
# -n <name> declare a package named <name>
|
||||||
|
# (%package-like behavior)
|
||||||
|
# -v be verbose
|
||||||
|
# %1 declare a package named %{source_name}-%{%1}
|
||||||
|
# (%package-like behavior)
|
||||||
|
%new_package(n:v) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local pkg_name = fedora.readflag("n")
|
||||||
|
local verbose = fedora.hasflag("v")
|
||||||
|
local name_suffix = fedora.read("1")
|
||||||
|
local source_name = fedora.read("source_name")
|
||||||
|
local first = not ( fedora.read("name") or fedora.read("currentname") )
|
||||||
|
fedora.new_package(source_name, pkg_name, name_suffix, first, verbose)
|
||||||
|
}
|
70
macros.forge
Normal file
70
macros.forge
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
# Computes forge-related variables for use in the rest of the spec file
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# %{forgeurl<number>} the project url on the target forge
|
||||||
|
# %{tag<number>} the packaged tag, OR
|
||||||
|
# %{commit<number>} the packaged commit, OR
|
||||||
|
# %{version<number>} the packaged version
|
||||||
|
# – %{version}/%{version0} are set via:
|
||||||
|
# Version:
|
||||||
|
# – because git is lacking a built-in version
|
||||||
|
# reference, %{version<number>} will be translated
|
||||||
|
# into %{tag<number>} using unreliable heuristics;
|
||||||
|
# set %{tag<number>} directly if those fail
|
||||||
|
# %{date<number>} the packaged timestamp
|
||||||
|
# … %forgemeta will compute a huge number of variables:
|
||||||
|
# — the packager can override it by setting some of
|
||||||
|
# those before the %forgemeta call
|
||||||
|
# – use the -i flag to list those variables
|
||||||
|
# -z <number> only process the zth block of definitions
|
||||||
|
# "" for the no-suffix block
|
||||||
|
# -i list the resulting variable values
|
||||||
|
# -s silently ignore problems in %{forgeurl<number>}
|
||||||
|
# -v be verbose
|
||||||
|
# -a process all sources in one go, instead of using
|
||||||
|
# separate -z calls
|
||||||
|
%forgemeta(z:isva) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local forge = require "fedora.srpm.forge"
|
||||||
|
local verbose = rpm.expand("%{-v}") ~= ""
|
||||||
|
local informative = rpm.expand("%{-i}") ~= ""
|
||||||
|
local silent = rpm.expand("%{-s}") ~= ""
|
||||||
|
local processall = (rpm.expand("%{-a}") ~= "") and (rpm.expand("%{-z}") == "")
|
||||||
|
if processall then
|
||||||
|
for _,s in pairs(fedora.getsuffixes("forgeurl")) do
|
||||||
|
forge.meta(s,verbose,informative,silent)
|
||||||
|
end
|
||||||
|
else
|
||||||
|
forge.meta(rpm.expand("%{-z*}"),verbose,informative,silent)
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# Unpacks sources computed by %forgemeta
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# %{forgesource<number>} the source archive that will be processed
|
||||||
|
# %{forgesetupargs<number>} %setup arguments
|
||||||
|
|
||||||
|
# -z <number> only process the zth block of definitions
|
||||||
|
# "" for the no-suffix block
|
||||||
|
# -v be verbose
|
||||||
|
# -a process all sources in one go, instead of using
|
||||||
|
# separate -z calls
|
||||||
|
%forgesetup(z:va) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
if (rpm.expand("%{-z}") == "") and (rpm.expand("%{-a}") ~= "") then
|
||||||
|
for _,s in pairs(fedora.getsuffixes("forgesetupargs")) do
|
||||||
|
print(rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. s .. "}\\n"))
|
||||||
|
end
|
||||||
|
else
|
||||||
|
print( rpm.expand("%setup %{!-v:-q} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# Calls %autosetup using %forgemeta results
|
||||||
|
# – this will probably be removed since it is unsafe in presence of multiple
|
||||||
|
# sources
|
||||||
|
# Control variables, flags and arguments:
|
||||||
|
# -z <number> process the zth block of definitions
|
||||||
|
# -v -N -S -p relayed to %autosetup
|
||||||
|
%forgeautosetup(z:vNS:p:q) %{lua:
|
||||||
|
print(rpm.expand("%autosetup %{-v} %{-N} %{?-S} %{?-p} %{?forgesetupargs" .. rpm.expand("%{-z*}") .. "}\\n"))
|
||||||
|
}
|
63
macros.kmp
Normal file
63
macros.kmp
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
# Use these macros to differentiate between RH and other KMP implementation(s).
|
||||||
|
redhat_kernel_module_package 1
|
||||||
|
kernel_module_package_release 1
|
||||||
|
|
||||||
|
%__find_provides /usr/lib/rpm/redhat/find-provides
|
||||||
|
%__find_requires /usr/lib/rpm/redhat/find-requires
|
||||||
|
|
||||||
|
#kernel_module_package [ -n name ] [ -v version ] [ -r release ] [ -s script ]
|
||||||
|
# [ -f filelist] [ -x ] [ -p preamble ] flavor flavor ...
|
||||||
|
|
||||||
|
%kernel_module_package_buildreqs %global kmodtool_generate_buildreqs 1 \
|
||||||
|
kernel-devel
|
||||||
|
|
||||||
|
%kernel_module_package(n:v:r:s:f:xp:) %{expand:%( \
|
||||||
|
%define kmodtool %{-s*}%{!-s:/usr/lib/rpm/redhat/kmodtool} \
|
||||||
|
%define kmp_version %{-v*}%{!-v:%{version}} \
|
||||||
|
%define kmp_release %{-r*}%{!-r:%{release}} \
|
||||||
|
%define latest_kernel %(rpm -q --qf '%{VERSION}-%{RELEASE}\\\\n' `rpm -q kernel-devel | /usr/lib/rpm/redhat/rpmsort -r | head -n 1` | head -n 1) \
|
||||||
|
%{!?kernel_version:%{expand:%%global kernel_version %{latest_kernel}}} \
|
||||||
|
%global kverrel %(%{kmodtool} verrel %{?kernel_version} 2>/dev/null) \
|
||||||
|
flavors="default" \
|
||||||
|
if [ "i686" == "%{_target_cpu}" ] || [ "x86_64" == "%{_target_cpu}" ] \
|
||||||
|
then \
|
||||||
|
xenver=$(rpm -q kernel-xen-devel-%{kverrel}|head -n 1)\
|
||||||
|
kdver=$(rpm -q kernel-kdump-devel-%{kverrel}|head -n 1)\
|
||||||
|
if [ "kernel-xen-devel-%{kverrel}" == "$xenver" ] \
|
||||||
|
then \
|
||||||
|
flavors="$flavors xen" \
|
||||||
|
fi \
|
||||||
|
if [ "kernel-kdump-devel-%{kverrel}" == "$kdver" ] \
|
||||||
|
then \
|
||||||
|
flavors="$flavors kdump" \
|
||||||
|
fi \
|
||||||
|
fi \
|
||||||
|
if [ -z "%*" ]; then \
|
||||||
|
flavors_to_build=$flavors \
|
||||||
|
elif [ -z "%{-x}" ]; then \
|
||||||
|
flavors_to_build="%*" \
|
||||||
|
else \
|
||||||
|
flavors_to_build=" $flavors "\
|
||||||
|
echo "[$flavors_to_build]" >/tmp/tmp.txt
|
||||||
|
for i in %* \
|
||||||
|
do \
|
||||||
|
flavors_to_build=${flavors_to_build//$i /}
|
||||||
|
done \
|
||||||
|
fi \
|
||||||
|
echo "%%global flavors_to_build ${flavors_to_build:-%%nil}" \
|
||||||
|
echo "%%global kernel_source() /usr/src/kernels/%kverrel.\\\$([ %%%%{1} = default ] || echo "%%%%{1}.")%_target_cpu" \
|
||||||
|
if [ ! -z "%{-f*}" ] \
|
||||||
|
then \
|
||||||
|
filelist="%{-f*}" \
|
||||||
|
fi \
|
||||||
|
if [ ! -z "%{-p*}" ] \
|
||||||
|
then \
|
||||||
|
preamble="%{-p*}" \
|
||||||
|
fi \
|
||||||
|
nobuildreqs="yes" \
|
||||||
|
if [ "x%{kmodtool_generate_buildreqs}" != "x1" ] \
|
||||||
|
then \
|
||||||
|
nobuildreqs="no" \
|
||||||
|
fi \
|
||||||
|
kmp_override_filelist="$filelist" kmp_override_preamble="$preamble" kmp_nobuildreqs="$nobuildreqs" %{kmodtool} rpmtemplate_kmp %{-n*}%{!-n:%name} %{kverrel} $flavors_to_build 2>/dev/null \
|
||||||
|
)}
|
2
macros.ldc-srpm
Normal file
2
macros.ldc-srpm
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# arches that ldc builds on
|
||||||
|
%ldc_arches %{ix86} x86_64 %{arm} aarch64
|
9
macros.ldconfig
Normal file
9
macros.ldconfig
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#%ldconfig /sbin/ldconfig
|
||||||
|
%ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%end}
|
||||||
|
%ldconfig_postun(n:) %{?ldconfig:%postun -p %ldconfig %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%end}
|
||||||
|
%ldconfig_scriptlets(n:) %{?ldconfig:\
|
||||||
|
%ldconfig_post %{?*} %{-n:-n %{-n*}}\
|
||||||
|
%ldconfig_postun %{?*} %{-n:-n %{-n*}}\
|
||||||
|
}
|
5
macros.mono-srpm
Normal file
5
macros.mono-srpm
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# arches that mono builds on
|
||||||
|
%mono_arches %{ix86} x86_64 sparc sparcv9 ia64 %{arm} aarch64 alpha s390x ppc ppc64 ppc64le
|
||||||
|
|
||||||
|
%_monodir %{_prefix}/lib/mono
|
||||||
|
%_monogacdir %{_monodir}/gac
|
7
macros.nodejs-srpm
Normal file
7
macros.nodejs-srpm
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# nodejs_arches lists what arches Node.js and dependent packages run on.
|
||||||
|
#
|
||||||
|
# Enabling Node.js on other arches requires porting the V8 JavaScript JIT to
|
||||||
|
# those arches. Support for POWER and aarch64 arrived in nodejs v4. Support
|
||||||
|
# for s390x arrived in nodejs v6
|
||||||
|
|
||||||
|
%nodejs_arches %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
|
3
macros.valgrind-srpm
Normal file
3
macros.valgrind-srpm
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# valgrind_arches lists what arches Valgrind works on
|
||||||
|
|
||||||
|
%valgrind_arches %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
|
7
macros.vpath
Normal file
7
macros.vpath
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# ---- VPATH default settings
|
||||||
|
|
||||||
|
# directory where CMakeLists.txt/meson.build/etc. are placed
|
||||||
|
%_vpath_srcdir .
|
||||||
|
|
||||||
|
# directory (doesn't need to exist) where all generated build files will be placed
|
||||||
|
%_vpath_builddir %_target_platform
|
76
modalias.prov
Normal file
76
modalias.prov
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
|
||||||
|
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
|
||||||
|
#
|
||||||
|
# -- added module versioning info to modalias() symbols
|
||||||
|
# -- removed code which inspects spec files.
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
|
||||||
|
#
|
||||||
|
# Initially, dont generate modalias() lines for kernel package. This needs
|
||||||
|
# additional discussion. Would like to eventually add them for
|
||||||
|
# completeness, so that we can determine when drivers are folded into
|
||||||
|
# mainline kernel.
|
||||||
|
#
|
||||||
|
case "$1" in
|
||||||
|
kernel-module-*) ;; # Fedora kernel module package names start with
|
||||||
|
# kernel-module.
|
||||||
|
kernel*) is_kernel_package=1 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if ! [ -z "$is_kernel_package" ]; then
|
||||||
|
cat > /dev/null
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
print_modaliases() {
|
||||||
|
declare class=$1 variants=$2 pos=$3
|
||||||
|
if [ -n "$variants" ]; then
|
||||||
|
echo "${class:0:pos}[$variants]${class:pos+1}"
|
||||||
|
else
|
||||||
|
[ -z "$class" ] || echo "$class"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
combine_modaliases() {
|
||||||
|
declare tag class variants pos n
|
||||||
|
read class
|
||||||
|
while read tag; do
|
||||||
|
for ((n=0; n<${#class}; n++)); do
|
||||||
|
if [ "*" != "${class:n:1}" -a \
|
||||||
|
"${class:0:n}" = "${tag:0:n}" -a \
|
||||||
|
"${class:n+1}" = "${tag:n+1}" ] &&
|
||||||
|
( [ -z "$pos" ] || [ $n = $pos ] ); then
|
||||||
|
variants="${variants:-${class:n:1}}${tag:n:1}"
|
||||||
|
pos=$n
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ $n -eq ${#class} ]; then
|
||||||
|
print_modaliases "$class" "$variants" "$pos"
|
||||||
|
variants=
|
||||||
|
pos=
|
||||||
|
class=$tag
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
print_modaliases "$class" "$variants" "$pos"
|
||||||
|
}
|
||||||
|
|
||||||
|
for module in $(grep -E '/lib/modules/.+\.ko$') $*; do
|
||||||
|
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
|
||||||
|
modver=$(/sbin/modinfo -F version "$module"| head -n1)
|
||||||
|
modver=${modver// /_}
|
||||||
|
|
||||||
|
# only add version tag if it has a version
|
||||||
|
if [ -n "$modver" ]; then
|
||||||
|
/sbin/modinfo -F alias "$module" \
|
||||||
|
| sed -nre "s,(.+),modalias(\\1) = $modver,p"
|
||||||
|
else
|
||||||
|
/sbin/modinfo -F alias "$module" \
|
||||||
|
| sed -nre "s,(.+),modalias(\\1),p"
|
||||||
|
fi
|
||||||
|
done \
|
||||||
|
| sort -u \
|
||||||
|
| combine_modaliases
|
2
redhat-annobin-cc1
Normal file
2
redhat-annobin-cc1
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}
|
2
redhat-hardened-cc1
Normal file
2
redhat-hardened-cc1
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
*cc1_options:
|
||||||
|
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
|
1
redhat-hardened-clang.cfg
Normal file
1
redhat-hardened-clang.cfg
Normal file
@ -0,0 +1 @@
|
|||||||
|
-fPIE
|
2
redhat-hardened-ld
Normal file
2
redhat-hardened-ld
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
*self_spec:
|
||||||
|
+ %{!static:%{!shared:%{!r:-pie}}}
|
1280
redhat-rpm-config.spec
Normal file
1280
redhat-rpm-config.spec
Normal file
File diff suppressed because it is too large
Load Diff
1
rpmlint.cf
Normal file
1
rpmlint.cf
Normal file
@ -0,0 +1 @@
|
|||||||
|
addFilter("no-%build-section")
|
97
rpmrc
Normal file
97
rpmrc
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
include: /usr/lib/rpm/rpmrc
|
||||||
|
|
||||||
|
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||||
|
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ia64 %{__global_compiler_flags}
|
||||||
|
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
|
||||||
|
optflags: alpha %{__global_compiler_flags} -mieee
|
||||||
|
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5
|
||||||
|
optflags: alphaev56 %{__global_compiler_flags} -mieee -mcpu=ev56
|
||||||
|
optflags: alphapca56 %{__global_compiler_flags} -mieee -mcpu=pca56
|
||||||
|
optflags: alphaev6 %{__global_compiler_flags} -mieee -mcpu=ev6
|
||||||
|
optflags: alphaev67 %{__global_compiler_flags} -mieee -mcpu=ev67
|
||||||
|
|
||||||
|
optflags: sparc %{__global_compiler_flags} -m32 -mcpu=v7 -mtune=ultrasparc
|
||||||
|
optflags: sparcv8 %{__global_compiler_flags} -m32 -mcpu=v8
|
||||||
|
optflags: sparcv9 %{__global_compiler_flags} -m32 -mcpu=ultrasparc
|
||||||
|
optflags: sparcv9v %{__global_compiler_flags} -m32 -mcpu=niagara
|
||||||
|
optflags: sparc64 %{__global_compiler_flags} -m64 -mcpu=ultrasparc
|
||||||
|
optflags: sparc64v %{__global_compiler_flags} -m64 -mcpu=niagara
|
||||||
|
|
||||||
|
optflags: m68k %{__global_compiler_flags}
|
||||||
|
|
||||||
|
optflags: ppc %{__global_compiler_flags} -m32 -fasynchronous-unwind-tables
|
||||||
|
optflags: ppciseries %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppcpseries %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppc64 %{__global_compiler_flags} -m64 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64p7 %{__global_compiler_flags} -m64 -O3 -mcpu=power7 -mtune=power7 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64le %{__global_compiler_flags} -m64 -mcpu=power8 -mtune=power8 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
optflags: ppc64iseries %{__global_compiler_flags} -m64
|
||||||
|
optflags: ppc64pseries %{__global_compiler_flags} -m64
|
||||||
|
optflags: ppc8260 %{__global_compiler_flags} -m32
|
||||||
|
optflags: ppc8560 %{__global_compiler_flags} -m32
|
||||||
|
|
||||||
|
optflags: parisc %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.1 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa1.2 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
optflags: hppa2.0 %{__global_compiler_flags} -mpa-risc-1-0
|
||||||
|
|
||||||
|
optflags: mips %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||||
|
optflags: mipsel %{__global_compiler_flags} -march=mips32r2 -mfpxx
|
||||||
|
optflags: mips64 %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||||
|
optflags: mips64el %{__global_compiler_flags} -march=mips64r2 -mabi=64
|
||||||
|
optflags: mipsr6 %{__global_compiler_flags} -march=mips32r6
|
||||||
|
optflags: mipsr6el %{__global_compiler_flags} -march=mips32r6
|
||||||
|
optflags: mips64r6 %{__global_compiler_flags} -march=mips64r6
|
||||||
|
optflags: mips64r6el %{__global_compiler_flags} -march=mips64r6
|
||||||
|
|
||||||
|
optflags: armv3l %{__global_compiler_flags} -fsigned-char -march=armv3
|
||||||
|
optflags: armv4b %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||||
|
optflags: armv4l %{__global_compiler_flags} -fsigned-char -march=armv4
|
||||||
|
optflags: armv4tl %{__global_compiler_flags} -march=armv4t
|
||||||
|
optflags: armv5tel %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||||
|
optflags: armv5tejl %{__global_compiler_flags} -march=armv5te -mfloat-abi=soft
|
||||||
|
optflags: armv6l %{__global_compiler_flags} -march=armv6 -mfloat-abi=soft
|
||||||
|
optflags: armv6hl %{__global_compiler_flags} -march=armv6 -mfpu=vfp -mfloat-abi=hard
|
||||||
|
optflags: armv6hnl %{__global_compiler_flags} -march=armv6 -mfpu=neon -mfloat-abi=hard
|
||||||
|
optflags: armv7l %{__global_compiler_flags} -march=armv7-a -mfloat-abi=soft
|
||||||
|
optflags: armv7hl %{__global_compiler_flags} -march=armv7-a -mfpu=vfpv3-d16 -mtune=generic-armv7-a -mabi=aapcs-linux -mfloat-abi=hard
|
||||||
|
optflags: armv7hnl %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mfloat-abi=hard
|
||||||
|
|
||||||
|
optflags: atarist %{__global_compiler_flags}
|
||||||
|
optflags: atariste %{__global_compiler_flags}
|
||||||
|
optflags: ataritt %{__global_compiler_flags}
|
||||||
|
optflags: falcon %{__global_compiler_flags}
|
||||||
|
optflags: atariclone %{__global_compiler_flags}
|
||||||
|
optflags: milan %{__global_compiler_flags}
|
||||||
|
optflags: hades %{__global_compiler_flags}
|
||||||
|
|
||||||
|
optflags: s390 %{__global_compiler_flags} -m31 %{__cflags_arch_s390x} -fasynchronous-unwind-tables
|
||||||
|
optflags: s390x %{__global_compiler_flags} -m64 %{__cflags_arch_s390x} -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
|
|
||||||
|
optflags: aarch64 %{__global_compiler_flags} -mbranch-protection=standard -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
|
||||||
|
|
||||||
|
optflags: riscv64 %{__global_compiler_flags} -fasynchronous-unwind-tables %[ "%{toolchain}" == "gcc" ? "-fstack-clash-protection" : "" ]
|
||||||
|
|
||||||
|
# set build arch to fedora buildarches on hardware capable of running it
|
||||||
|
# saves having to do rpmbuild --target=
|
||||||
|
buildarchtranslate: athlon: i686
|
||||||
|
buildarchtranslate: geode: i686
|
||||||
|
buildarchtranslate: pentium4: i686
|
||||||
|
buildarchtranslate: pentium3: i686
|
||||||
|
buildarchtranslate: i686: i686
|
||||||
|
buildarchtranslate: i586: i586
|
||||||
|
|
||||||
|
buildarchtranslate: sparcv9: sparcv9
|
||||||
|
buildarchtranslate: sparcv9v: sparcv9
|
||||||
|
|
||||||
|
buildarchtranslate: armv5tejl: armv5tel
|
||||||
|
buildarchtranslate: armv6l: armv5tel
|
||||||
|
buildarchtranslate: armv7l: armv5tel
|
||||||
|
buildarchtranslate: armv7hl: armv7hl
|
||||||
|
buildarchtranslate: armv7hnl: armv7hl
|
76
rpmsort
Executable file
76
rpmsort
Executable file
@ -0,0 +1,76 @@
|
|||||||
|
#! /usr/bin/perl -w
|
||||||
|
|
||||||
|
# This program is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License
|
||||||
|
# as published by the Free Software Foundation; either version 2
|
||||||
|
# of the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
|
# USA.
|
||||||
|
|
||||||
|
use Getopt::Long qw(:config gnu_getopt);
|
||||||
|
|
||||||
|
sub rpm_cmp_versions {
|
||||||
|
my ($evr1, $evr2) = @_;
|
||||||
|
|
||||||
|
sub _rpm_cmp {
|
||||||
|
my ($s1, $s2) = @_;
|
||||||
|
|
||||||
|
return defined $s1 <=> defined $s2
|
||||||
|
unless defined $s1 && defined $s2;
|
||||||
|
|
||||||
|
my ($r, $x1, $x2);
|
||||||
|
do {
|
||||||
|
$s1 =~ s/^[^a-zA-Z0-9]+//;
|
||||||
|
$s2 =~ s/^[^a-zA-Z0-9]+//;
|
||||||
|
if ($s1 =~ /^\d/ || $s2 =~ /^\d/) {
|
||||||
|
$s1 =~ s/^0*(\d*)//; $x1 = $1;
|
||||||
|
$s2 =~ s/^0*(\d*)//; $x2 = $1;
|
||||||
|
$r = length $x1 <=> length $x2 || $x1 cmp $x2;
|
||||||
|
} else {
|
||||||
|
$s1 =~ s/^([a-zA-Z]*)//; $x1 = $1;
|
||||||
|
$s2 =~ s/^([a-zA-Z]*)//; $x2 = $1;
|
||||||
|
return 0
|
||||||
|
if $x1 eq '' && $x2 eq '';
|
||||||
|
$r = $x1 cmp $x2;
|
||||||
|
}
|
||||||
|
} until $r;
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
|
||||||
|
my ($e1, $v1, $r1) = $evr1 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||||
|
my ($e2, $v2, $r2) = $evr2 =~ /^(?:(\d*):)?(.*?)(?:-([^-]*))?$/;
|
||||||
|
my $r = _rpm_cmp($e1 || 0, $e2 || 0);
|
||||||
|
$r = _rpm_cmp($v1, $v2)
|
||||||
|
unless $r;
|
||||||
|
$r = _rpm_cmp($r1, $r2)
|
||||||
|
unless $r;
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
|
||||||
|
my $reorder = sub { return @_ };
|
||||||
|
my $key = 0;
|
||||||
|
|
||||||
|
GetOptions ("r|reverse" => sub { $reorder = sub { return reverse @_ } },
|
||||||
|
"k|key=i" => \$key)
|
||||||
|
or do {
|
||||||
|
print STDERR "Usage\n";
|
||||||
|
exit 1;
|
||||||
|
};
|
||||||
|
|
||||||
|
if ($key == 0) {
|
||||||
|
# Sort by entire lines
|
||||||
|
map { print } &$reorder(sort { rpm_cmp_versions($a, $b) } <>);
|
||||||
|
} else {
|
||||||
|
# Sort by field $key
|
||||||
|
my @data = map { [(split)[$key-1], $_] } <>;
|
||||||
|
map { print } &$reorder(map { $_->[1] }
|
||||||
|
sort { rpm_cmp_versions($a->[0], $b->[0]) } @data);
|
||||||
|
}
|
40
symset-table
Executable file
40
symset-table
Executable file
@ -0,0 +1,40 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
# Create a table of all symbol sets defined in all /boot/symsets*.tar.gz
|
||||||
|
# files.
|
||||||
|
#
|
||||||
|
# Format:
|
||||||
|
# kernelrelease/modver/symbol <tab> symset <tab> symset_hash
|
||||||
|
#
|
||||||
|
# This table is needed for computing the appropriate Requires: tags for
|
||||||
|
# kernel module packages.
|
||||||
|
|
||||||
|
tmpdir=$(mktemp -t -d ${0##*/}.XXXXXX)
|
||||||
|
trap "cd / ; rm -rf $tmpdir" EXIT
|
||||||
|
cd $tmpdir
|
||||||
|
|
||||||
|
shopt -s nullglob
|
||||||
|
for symsets in /boot/symsets-*.tar.gz; do
|
||||||
|
zcat $symsets \
|
||||||
|
| tar xf -
|
||||||
|
done
|
||||||
|
|
||||||
|
for symsets in /usr/src/kernels/*/symsets-*.tar.gz; do
|
||||||
|
zcat $symsets \
|
||||||
|
| tar xf -
|
||||||
|
done
|
||||||
|
|
||||||
|
for symsets in *; do
|
||||||
|
krel=${symsets#symsets-}
|
||||||
|
for symset in $symsets/*; do
|
||||||
|
class=${symset##*/} ; class=${class%.*}
|
||||||
|
hash=${symset##*.}
|
||||||
|
awk '
|
||||||
|
BEGIN { FS = "\t" ; OFS = "\t" }
|
||||||
|
{ sub(/0x0*/, "", $1)
|
||||||
|
print krel "/" $1 "/" $2, class, hash }
|
||||||
|
' krel="$krel" class="$class" hash="$hash" $symset
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# vim:shiftwidth=4 softtabstop=4
|
Loading…
Reference in New Issue
Block a user