import redhat-rpm-config-129-1.el8

This commit is contained in:
CentOS Sources 2022-05-10 03:06:01 -04:00 committed by Stepan Oksanichenko
parent a95bffd78c
commit 4b5db1da17
4 changed files with 126 additions and 34 deletions

View File

@ -93,7 +93,14 @@ while IFS= read -r line; do
fi
read shebang_line < "$f"
if ! read shebang_line < "$f"; then
echo >&2 "*** WARNING: Cannot read the first line from $f, removing executable bit"
ts=$(stat -c %y "$f")
chmod -x "$f"
touch -d "$ts" "$f"
continue
fi
orig_shebang="${shebang_line#\#!}"
if [ "$orig_shebang" = "$shebang_line" ]; then
echo >&2 "*** WARNING: $f is executable but has no shebang, removing executable bit"

View File

@ -13,6 +13,8 @@ this:
This will invoke the `./configure` with arguments (such as
`--prefix=/usr`) to adjust the paths to the packaging defaults.
Prior to that, some common problems in autotools scripts are
automatically patched across the source tree.
As a side effect, this will set the environment variables `CFLAGS`,
`CXXFLAGS`, `FFLAGS`, `FCFLAGS`, and `LDFLAGS`, so they can be used by
@ -25,7 +27,8 @@ environment variables using
%set_build_flags
early in the `%build` section. (Again, existing environment variables
are not overwritten.)
are not overwritten.) `%set_build_flags` does not perform autotools
script rewriting, unlike `%configure`.
Individual build flags are also available through RPM macros:
@ -66,11 +69,24 @@ For other considerations involving shared objects, see:
* [Fedora Packaging Guidelines: Shared Libraries](https://fedoraproject.org/wiki/Packaging:Guidelines#Shared_Libraries)
# Customizing compiler flags
# Customizing compiler and other build flags
It is possible to set RPM macros to change some aspects of the
compiler flags. Changing these flags should be used as a last
recourse if other workarunds are not available.
recourse if other workarounds are not available.
### Disable autotools compatibility patching
By default, the invocation of the `%configure` macro replaces
`config.guess` files in the source tree with the system version. To
disable that, define this macro:
%global _configure_gnuconfig_hack 0
`%configure` also patches `ltmain.sh` scripts, so that linker flags
are set as well during libtool-. This can be switched off using:
%global _configure_libtool_hardening_hack 0
### Lazy binding
@ -145,6 +161,63 @@ to the RPM spec file to disable these strict checks. Alternatively,
you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc
command line). The latter needs binutils 2.29.1-12.fc28 or later.
### Post-build ELF object processing
By default, DWARF debugging information is separated from installed
ELF objects and put into `-debuginfo` subpackages. To disable most
debuginfo processing (and thus the generation of these subpackages),
define `_enable_debug_packages` as `0`.
Processing of debugging information is controlled using the
`find-debuginfo` tool from the `debugedit` package. Several aspects
of its operation can be controlled at the RPM level.
* Creation of `-debuginfo` subpackages is enabled by default.
To disable, undefine `_debuginfo_subpackages`.
* Likewise, `-debugsource` subpackages are automatically created.
To disable, undefine `_debugsource_subpackages`.
See [Separate Subpackage and Source Debuginfo](https://fedoraproject.org/wiki/Changes/SubpackageAndSourceDebuginfo)
for background information.
* `_build_id_links`, `_unique_build_ids`, `_unique_debug_names`,
`_unique_debug_srcs` control how debugging information and
corresponding source files are represented on disk.
See `/usr/lib/rpm/macros` for details. The defaults
enable parallel installation of `-debuginfo` packages for
different package versions, as described in
[Parallel Installable Debuginfo](https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo).
* By default, a compressed symbol table is preserved in the
`.gnu_debugdata` section. To disable that, undefine
`_include_minidebuginfo`.
* To speed up debuggers, a `.gdb_index` section is created. It can be
disabled by undefining `_include_gdb_index`.
* Missing build IDs result in a build failure. To ignore such
problems, undefine `_missing_build_ids_terminate_build`.
* During processing, build IDs are recomputed to match the binary
content. To skip this step, define `_no_recompute_build_ids` as `1`.
* By default, the options in `_find_debuginfo_dwz_opts` turn on `dwz`
(DWARF compression) processing. Undefine this macro to disable this
step.
* Additional options can be passed by defining the
`_find_debuginfo_opts` macro.
After separation of debugging information, additional transformations
are applied, most of them also related to debugging information.
These steps can be skipped by undefining the corresponding macros:
* `__brp_strip`: Removal of leftover debugging information. The tool
specified by the `__strip` macro is invoked with the `-g` option on
ELF object (`.o`) files.
* `__brp_strip_static_archive`: This is similar to `__brp_strip`, but
processes static `.a` archives instead.
* `__brp_strip_comment_note`: This step removes unallocated `.note`
sections, and `.comment` sections from ELF files.
* `__brp_ldconfig`: For each shared object on the library search path
whose soname does not match its file name, a symbolic link from the
soname to the file name is created. This way, these shared objects
are loadable immediately after installation, even if they are not yet
listed in the `/etc/ld.so.cache` file (because `ldconfig` has not been
invoked yet).
# Individual compiler flags
Compiler flags end up in the environment variables `CFLAGS`,
@ -202,6 +275,11 @@ The general (architecture-independent) build flags are:
variables. (If the address of a variable is never taken, it is not
possible that a buffer overflow is caused by incorrect pointer
arithmetic involving a pointer to that variable.)
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead.
* `-grecord-gcc-switches`: Include select GCC command line switches in
the DWARF debugging information. This is useful for detecting the
presence of certain build flags and general hardening coverage.
@ -240,13 +318,6 @@ added by default. This can be switched off by undefining the
These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture:
* `-fstack-clash-protection`: Turn on instrumentation to avoid
skipping the guard page in large stack frames. (Without this flag,
vulnerabilities can result where the stack overlaps with the heap,
or thread stacks spill into other regions of memory.) This flag is
fully ABI-compatible and has adds very little run-time overhead, but
is only available on certain architectures (currently aarch64, i386,
ppc64, ppc64le, s390x, x86_64).
* `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
@ -260,24 +331,18 @@ not), but their selection depends on the architecture:
useful because unwind information is available without having to
install (and load) debugging ienformation.
Asynchronous unwind tables are enabled for aarch64, i686, s390x,
and x86_64. They are not needed on armhfp, ppc64 and ppc64le due
and x86_64. They are not needed on ppc64le due
to architectural differences in stack management. On these
architectures, `-fexceptions` (see above) still enables regular
unwind tables (or they are enabled by default even without this
option).
* `-funwind-tables`: A subset of the unwind information restricted
to actual call sites. Used on ppc64, ppc64le. Also implied by
to actual call sites. Used on ppc64le. Also implied by
`-fexceptions`.
In addition, `redhat-rpm-config` re-selects the built-in default
tuning in the `gcc` package. These settings are:
* **armhfp**: `-march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard`
selects an Arm subarchitecture based on the ARMv7-A architecture
with 16 64-bit floating point registers. `-mtune=cortex-8a` selects
tuning for the Cortex-A8 implementation (while preserving compatibility
with other ARMv7-A implementations). `-mabi=aapcs-linux` switches to
the AAPCS ABI for GNU/Linux.
* **i686**: `-march=x86-64` is used to select a minimum supported
CPU level matching the baseline for the x86_64 architecture.
`-mtune=generic` activates tuning for a current blend of CPUs.
@ -296,7 +361,7 @@ tuning in the `gcc` package. These settings are:
(z14).
* **x86_64**: `-mtune=generic` selects tuning which is expected to
beneficial for a broad range of current CPUs.
* **ppc64** and **aarch64** do not have any architecture-specific tuning.
* **aarch64** does not have any architecture-specific tuning.
# Individual linker flags

View File

@ -1,4 +1,4 @@
#! /bin/sh
#! /bin/bash -efu
# heavily based upon find-suggests.ksyms by Andreas Gruenbacher <agruen@suse.de>.
# with modifications by Michael Brown <Michael_E_Brown@dell.com>
@ -14,7 +14,8 @@ IFS=$'\n'
# completeness, so that we can determine when drivers are folded into
# mainline kernel.
#
case "$1" in
is_kernel_package=""
case "${1:-}" in
kernel-module-*) ;; # Fedora kernel module package names start with
# kernel-module.
kernel*) is_kernel_package=1 ;;
@ -25,6 +26,11 @@ if ! [ -z "$is_kernel_package" ]; then
exit 0
fi
# Check for presence of the commands used
which /sbin/modinfo >/dev/null || exit 0
which sed >/dev/null || exit 0
which sort >/dev/null || exit 0
print_modaliases() {
declare class=$1 variants=$2 pos=$3
if [ -n "$variants" ]; then
@ -35,7 +41,7 @@ print_modaliases() {
}
combine_modaliases() {
declare tag class variants pos n
declare tag class variants="" pos="" n
read class
while read tag; do
for ((n=0; n<${#class}; n++)); do
@ -58,19 +64,15 @@ combine_modaliases() {
print_modaliases "$class" "$variants" "$pos"
}
for module in $(grep -E '/lib/modules/.+\.ko$') $*; do
for module in $(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$') "$@"; do
# | head -n1 because some modules have *two* version tags. *cough*b44*cough*
modver=$(/sbin/modinfo -F version "$module"| head -n1)
modver=${modver// /_}
modver=${modver//[^0-9a-zA-Z._]/_}
# only add version tag if it has a version
if [ -n "$modver" ]; then
/sbin/modinfo -F alias "$module" \
| sed -nre "s,(.+),modalias(\\1) = $modver,p"
else
/sbin/modinfo -F alias "$module" \
| sed -nre "s,(.+),modalias(\\1),p"
fi
[ -z "$modver" ] || modver=" = $modver"
/sbin/modinfo -F alias "$module" \
| sed -nre "s,[^][0-9a-zA-Z._:*?/-],_,g; s,(.+),modalias(\\1)$modver,p"
done \
| sort -u \
| combine_modaliases

View File

@ -6,7 +6,7 @@
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 125
Version: 129
Release: 1%{?dist}
# No version specified.
License: GPL+
@ -113,6 +113,11 @@ Requires: %{_bindir}/grep
Requires: %{_bindir}/sed
Requires: %{_bindir}/xargs
# iconv modules have been split out of glibc into a separate package (#1971664)
# so let's ensure packages that require them at build time but haven't yet
# added an explicit BuildRequires will continue to work (#2013328)
Requires: glibc-gconv-extra
# -fstack-clash-protection and -fcf-protection require GCC 8.
Conflicts: gcc < 8
@ -205,6 +210,19 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.kmp
%changelog
* Wed Mar 23 2022 Michal Domonkos <mdomonko@redhat.com> - 129-1
- Fix handling of files without newlines in brp-mangle-shebang (#2063036)
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 128-1
- modalias.prov: handle compressed kmods, sanitise alias/version strings
(#1976000)
* Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 127-1
- Add Requires: glibc-gconv-extras to cover for the split (#2013328)
* Mon Nov 29 2021 Florian Weimer <fweimer@redhat.com> - 126-1
- buildflags.md: Documentation updates (#2005079)
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
- Add missing macros.fedora-misc file (#1874576)