import redhat-rpm-config-129-1.el8

2022-05-10 03:06:01 -04:00 · 2022-05-10 03:06:01 -04:00 · 4b5db1da17
parent a95bffd78c
commit 4b5db1da17
4 changed files with 126 additions and 34 deletions
--- a/SOURCES/brp-mangle-shebangs
+++ b/SOURCES/brp-mangle-shebangs
@ -93,7 +93,14 @@ while IFS= read -r line; do
  fi


-  read shebang_line < "$f"
+  if ! read shebang_line < "$f"; then
+    echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
+    ts=$(stat -c %y "$f")
+    chmod -x "$f"
+    touch -d "$ts" "$f"
+    continue
+  fi
+
  orig_shebang="${shebang_line#\#!}"
  if [ "$orig_shebang" = "$shebang_line" ]; then
    echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"
--- a/SOURCES/buildflags.md
+++ b/SOURCES/buildflags.md
@ -13,6 +13,8 @@ this:

 This will invoke the `./configure` with arguments (such as
 `--prefix=/usr`) to adjust the paths to the packaging defaults.
+Prior to that, some common problems in autotools scripts are
+automatically patched across the source tree.

 As a side effect, this will set the environment variables `CFLAGS`,
 `CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
@ -25,7 +27,8 @@ environment variables using
    %set_build_flags

 early in the `%build` section.  (Again, existing environment variables
-are not overwritten.)
+are not overwritten.)  `%set_build_flags` does not perform autotools
+script rewriting, unlike `%configure`.

 Individual build flags are also available through RPM macros:

@ -66,11 +69,24 @@ For other considerations involving shared objects, see:

 * [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)

-# Customizing compiler flags
+# Customizing compiler and other build flags

 It is possible to set RPM macros to change some aspects of the
 compiler flags.  Changing these flags should be used as a last
-recourse if other workarunds are not available.
+recourse if other workarounds are not available.
+
+### Disable autotools compatibility patching
+
+By default, the invocation of the `%configure` macro replaces
+`config.guess` files in the source tree with the system version.  To
+disable that, define this macro:
+
+    %global _configure_gnuconfig_hack 0
+
+`%configure` also patches `ltmain.sh` scripts, so that linker flags
+are set as well during libtool-.  This can be switched off using:
+
+    %global _configure_libtool_hardening_hack 0

 ### Lazy binding

@ -145,6 +161,63 @@ to the RPM spec file to disable these strict checks.  Alternatively,
 you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
 command line).  The latter needs binutils 2.29.1-12.fc28 or later.

+### Post-build ELF object processing
+
+By default, DWARF debugging information is separated from installed
+ELF objects and put into `-debuginfo` subpackages.  To disable most
+debuginfo processing (and thus the generation of these subpackages),
+define `_enable_debug_packages` as `0`.
+
+Processing of debugging information is controlled using the
+`find-debuginfo` tool from the `debugedit` package.  Several aspects
+of its operation can be controlled at the RPM level.
+
+* Creation of `-debuginfo` subpackages is enabled by default.
+  To disable, undefine `_debuginfo_subpackages`.
+* Likewise, `-debugsource` subpackages are automatically created.
+  To disable, undefine `_debugsource_subpackages`.
+  See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
+  for background information.
+* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
+  `_unique_debug_srcs` control how debugging information and
+  corresponding source files are represented on disk.
+  See `/usr/lib/rpm/macros` for details.  The defaults
+  enable parallel installation of `-debuginfo` packages for
+  different package versions, as described in
+  [Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
+* By default, a compressed symbol table is preserved in the
+  `.gnu_debugdata` section.  To disable that, undefine
+  `_include_minidebuginfo`.
+* To speed up debuggers, a `.gdb_index` section is created.  It can be
+  disabled by undefining `_include_gdb_index`.
+* Missing build IDs result in a build failure.  To ignore such
+  problems, undefine `_missing_build_ids_terminate_build`.
+* During processing, build IDs are recomputed to match the binary
+  content.  To skip this step, define `_no_recompute_build_ids` as `1`.
+* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
+  (DWARF compression) processing.  Undefine this macro to disable this
+  step.
+* Additional options can be passed by defining the
+  `_find_debuginfo_opts` macro.
+
+After separation of debugging information, additional transformations
+are applied, most of them also related to debugging information.
+These steps can be skipped by undefining the corresponding macros:
+
+* `__brp_strip`: Removal of leftover debugging information.  The tool
+  specified by the `__strip` macro is invoked with the `-g` option on
+  ELF object (`.o`) files.
+* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
+  processes static `.a` archives instead.
+* `__brp_strip_comment_note`: This step removes unallocated `.note`
+  sections, and `.comment` sections from ELF files.
+* `__brp_ldconfig`: For each shared object on the library search path
+  whose soname does not match its file name, a symbolic link from the
+  soname to the file name is created.  This way, these shared objects
+  are loadable immediately after installation, even if they are not yet
+  listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
+  invoked yet).
+
 # Individual compiler flags

 Compiler flags end up in the environment variables `CFLAGS`,
@ -202,6 +275,11 @@ The general (architecture-independent) build flags are:
  variables.  (If the address of a variable is never taken, it is not
  possible that a buffer overflow is caused by incorrect pointer
  arithmetic involving a pointer to that variable.)
+* `-fstack-clash-protection`: Turn on instrumentation to avoid
+  skipping the guard page in large stack frames.  (Without this flag,
+  vulnerabilities can result where the stack overlaps with the heap,
+  or thread stacks spill into other regions of memory.)  This flag is
+  fully ABI-compatible and has adds very little run-time overhead.
 * `-grecord-gcc-switches`: Include select GCC command line switches in
  the DWARF debugging information.  This is useful for detecting the
  presence of certain build flags and general hardening coverage.
@ -240,13 +318,6 @@ added by default.  This can be switched off by undefining the
 These compiler flags are enabled for all builds (hardened/annotated or
 not), but their selection depends on the architecture:

-*   `-fstack-clash-protection`: Turn on instrumentation to avoid
-    skipping the guard page in large stack frames.  (Without this flag,
-    vulnerabilities can result where the stack overlaps with the heap,
-    or thread stacks spill into other regions of memory.)  This flag is
-    fully ABI-compatible and has adds very little run-time overhead, but
-    is only available on certain architectures (currently aarch64, i386,
-    ppc64, ppc64le, s390x, x86_64).
 *   `-fcf-protection`: Instrument binaries to guard against
    ROP/JOP attacks.  Used on i686 and x86_64.
 *   `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
@ -260,24 +331,18 @@ not), but their selection depends on the architecture:
    useful because unwind information is available without having to
    install (and load) debugging ienformation.
    Asynchronous unwind tables are enabled for aarch64, i686, s390x,
-    and x86_64.  They are not needed on armhfp, ppc64 and ppc64le due
+    and x86_64.  They are not needed on ppc64le due
    to architectural differences in stack management.  On these
    architectures, `-fexceptions` (see above) still enables regular
    unwind tables (or they are enabled by default even without this
    option).
 *   `-funwind-tables`: A subset of the unwind information restricted
-    to actual call sites.  Used on ppc64, ppc64le.  Also implied by
+    to actual call sites.  Used on ppc64le.  Also implied by
    `-fexceptions`.

 In addition, `redhat-rpm-config` re-selects the built-in default
 tuning in the `gcc` package.  These settings are:

-*   **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard`
-    selects an Arm subarchitecture based on the ARMv7-A architecture
-    with 16 64-bit floating point registers.  `-mtune=cortex-8a` selects
-    tuning for the Cortex-A8 implementation (while preserving compatibility
-    with other ARMv7-A implementations).  `-mabi=aapcs-linux` switches to
-    the AAPCS ABI for GNU/Linux.
 *   **i686**: `-march=x86-64` is used to select a minimum supported
    CPU level matching the baseline for the x86_64 architecture.
    `-mtune=generic` activates tuning for a current blend of CPUs.
@ -296,7 +361,7 @@ tuning in the `gcc` package.  These settings are:
    (z14).
 *   **x86_64**: `-mtune=generic` selects tuning which is expected to
     beneficial for a broad range of current CPUs.
-*   **ppc64** and **aarch64** do not have any architecture-specific tuning.
+*   **aarch64** does not have any architecture-specific tuning.

 # Individual linker flags

--- a/SOURCES/modalias.prov
+++ b/SOURCES/modalias.prov
@ -1,4 +1,4 @@
-#! /bin/sh
+#! /bin/bash -efu

 # heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
 # with modifications by Michael Brown <Michael_E_Brown@dell.com>
@ -14,7 +14,8 @@ IFS=$'\n'
 # completeness, so that we can determine when drivers are folded into
 # mainline kernel.
 #
-case "$1" in
+is_kernel_package=""
+case "${1:-}" in
 kernel-module-*)    ;; # Fedora kernel module package names start with
 		       # kernel-module.
 kernel*)	   is_kernel_package=1 ;;
@ -25,6 +26,11 @@ if ! [ -z "$is_kernel_package" ]; then
    exit 0
 fi

+# Check for presence of the commands used
+which /sbin/modinfo >/dev/null || exit 0
+which sed >/dev/null || exit 0
+which sort >/dev/null || exit 0
+
 print_modaliases() {
    declare class=$1 variants=$2 pos=$3
    if [ -n "$variants" ]; then
@ -35,7 +41,7 @@ print_modaliases() {
 }

 combine_modaliases() {
-    declare tag class variants pos n
+    declare tag class variants="" pos="" n
    read class
    while read tag; do
 	for ((n=0; n<${#class}; n++)); do
@ -58,19 +64,15 @@ combine_modaliases() {
    print_modaliases "$class" "$variants" "$pos"
 }

-for module in $(grep -E '/lib/modules/.+\.ko$') $*; do
+for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
    # | head -n1 because some modules have *two* version tags. *cough*b44*cough*
    modver=$(/sbin/modinfo -F version "$module"| head -n1)
-    modver=${modver// /_}
-
+    modver=${modver//[^0-9a-zA-Z._]/_}
    # only add version tag if it has a version
-    if [ -n "$modver" ]; then
-        /sbin/modinfo -F alias "$module" \
-        | sed -nre "s,(.+),modalias(\\1) = $modver,p"
-    else
-        /sbin/modinfo -F alias "$module" \
-        | sed -nre "s,(.+),modalias(\\1),p"
-    fi
+    [ -z "$modver" ] || modver=" = $modver"
+
+    /sbin/modinfo -F alias "$module" \
+    | sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
 done \
 | sort -u \
 | combine_modaliases
--- a/SPECS/redhat-rpm-config.spec
+++ b/SPECS/redhat-rpm-config.spec
@ -6,7 +6,7 @@

 Summary: Red Hat specific rpm configuration files
 Name: redhat-rpm-config
-Version: 125
+Version: 129
 Release: 1%{?dist}
 # No version specified.
 License: GPL+
@ -113,6 +113,11 @@ Requires: %{_bindir}/grep
 Requires: %{_bindir}/sed
 Requires: %{_bindir}/xargs

+# iconv modules have been split out of glibc into a separate package (#1971664)
+# so let's ensure packages that require them at build time but haven't yet
+# added an explicit BuildRequires will continue to work (#2013328)
+Requires: glibc-gconv-extra
+
 # -fstack-clash-protection and -fcf-protection require GCC 8.
 Conflicts: gcc < 8

@ -205,6 +210,19 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
 %{_rpmconfigdir}/macros.d/macros.kmp

 %changelog
+* Wed Mar 23 2022 Michal Domonkos <mdomonko@redhat.com> - 129-1
+- Fix handling of files without newlines in brp-mangle-shebang (#2063036)
+
+* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
+- modalias.prov: handle compressed kmods, sanitise alias/version strings
+  (#1976000)
+
+* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
+- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
+
+* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
+- buildflags.md: Documentation updates (#2005079)
+
 * Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
 - Add missing macros.fedora-misc file (#1874576)